branch β commit β diff β merge β checkpoint β audit β deploy
340 tests. 87 MCP tools. 26 engines. Zero mocks. Real MongoDB only.
Quick Start Β· Why Β· Features Β· MCP Server Β· CLI Β· Architecture
AI agents write to databases. They hallucinate. They retry. They run in parallel. And when they break your data, you have no undo button.
β Without MongoBranch β
With MongoBranch
βββββββββββββββββββββββββ βββββββββββββββββββββββββ
Hope the agent doesn't break anything Agent works on isolated branch copy
Manually snapshot before every op Commits are automatic + content-addressed
Lock the entire database Parallel agents, zero interference
"Who changed that?" β nobody knows blame β agent-b, commit abc123, 14:32
"Roll it back" β to when, exactly? time-travel β any commit or timestamp
"Did the merge break anything?" three-way merge + conflict detection
"Ship it to prod" β YOLO deploy request β review β approve β merge
MongoBranch gives MongoDB the full git experience: branches, commits, diffs, three-way merges, cherry-picks, reverts, tags, blame, stash, reflog, and time travel. Every operation tracked. Every change reversible. Every agent sandboxed.
Neon raised $100M+ and their branches can never merge back. MongoBranch does three-way merge with per-field conflict resolution. On MongoDB.
| Feature | MongoBranch | Neon (Postgres) | Dolt (MySQL) |
|---|---|---|---|
| Branch isolation | β DB-per-branch | β CoW fork | β Working copy |
| Merge back to parent | β Three-way | β Impossible | β Three-way |
| Content-addressed commits | β SHA-256 | β WAL-based | β Prolly tree |
| Cherry-pick & revert | β | β | β |
| Field-level blame | β | β | β Row-level |
| Time travel queries | β Commit + timestamp | β LSN-based | β AS OF |
| Tags & refs | β | β | β |
| Deploy requests (data PRs) | β | β | β |
| Branch protection + globs | β | β | β |
| Pre/post hooks (14 events) | β | β | β |
| Stash / pop | β | β | β |
| Reflog (survives deletion) | β | β | β |
| Operation log + undo | β | β | β |
| N-way branch comparison | β | β | β |
| PII anonymization | β hash/mask/null/redact | β | β |
| Agent scopes + quotas | β Collection-level ACLs | β | β |
| Multi-agent isolation | β Per-agent sandboxes | β | β |
| Merge queue (FIFO atomic) | β | β Can't merge | β |
| MCP Server for AI agents | β 87 tools | β ~10 tools | β |
| CLI | β 62 commands | β | β |
| Atlas Search index branching | β | N/A | N/A |
| Branch TTL (auto-expire) | β | β | β |
| Tamper-evident audit chain | β SHA-256 hash-chain | β | β |
| Checkpoints (instant save/restore) | β Zero-ceremony | β Snapshots API | β |
| Idempotent execution guard | β requestId dedup | β | β |
| Branch-from-branch (nested) | β Depth-tracked | β | β |
| Webhooks (HMAC-signed) | β Pre/post + HMAC-SHA256 | β | β |
| Real-time change streams | β Branch watchers | β | β |
MongoBranch: 28/28. Neon: 8/28. Dolt: 11/28.
The only tool that gives MongoDB full
gitsemantics and is purpose-built for AI agents.
# 0. Prerequisite: Bun 1.0+ must be installed on your machine
# MongoBranch ships Bun-based CLI and MCP entrypoints.
# 1. Install globally
npm install -g mongobranch
# 2. Bootstrap a fresh app workspace with auth-enabled Atlas Local preview
mkdir my-agent-app && cd my-agent-app
mb init --db myapp --start-local
# 3. Prove the environment before touching data
mb doctor
mb access status
# 4. Branch β Work β Commit β Merge
mb branch create experiment --description "testing new schema"
# ... make your changes ...
mb commit experiment -m "restructured user fields"
mb diff experiment
mb merge experiment # apply to main
# Or tag a known-good state and time-travel later
mb tag create v1.0 experiment
mb branch delete experiment # done β branch is disposableScoped approval rule:
- Use
mb init --start-localfor new external workspaces. - Treat
mb doctor+mb access statusas the install-to-ready gate. - The current strongest proof is an auth-enabled Atlas Local preview consumer app that passed 22/22 install-to-restore dogfood checks.
- For an agent-friendly zero-guess setup path, see For AI.
MongoBranch connects to the same MongoDB deployment your app uses.
- It does not patch your app automatically.
- It controls a
sourceDatabaseplus one or more branch databases. - The safest workflow is: let the app keep using
main, and let the agent use MongoBranch tools to branch, diff, merge, and review data. - If you want the app itself to run against a branch, point the app's DB name to the branch database after you create the branch.
Example for an existing app workspace:
cd /path/to/your-app
mb init --db your_real_db_name --uri "mongodb://localhost:27017/?directConnection=true"
mb doctor
mb access status
mb branch create feature-xThen either:
- use MongoBranch tools directly against
feature-x, or - repoint the app's DB name to the generated branch DB for isolated end-to-end testing
MongoBranch ships a Model Context Protocol server with 87 tools. Drop into Claude Desktop, Cursor, Windsurf, or any MCP client:
Bun must be available on the host machine because
mongobranch-mcpis shipped as a Bun entrypoint.
{
"mcpServers": {
"mongobranch": {
"command": "npx",
"args": ["mongobranch-mcp"],
"env": {
"MONGOBRANCH_URI": "mongodb://localhost:27017",
"MONGOBRANCH_DB": "myapp"
}
}
}
}1. start_task(agentId: "claude", task: "fix-user-emails")
β Creates isolated branch with full DB copy. Agent works freely.
2. complete_task(agentId: "claude", task: "fix-user-emails", autoMerge: true)
β Diffs every collection β three-way merges β main updated atomically.
Main is never touched until merge. If the agent fails, delete the branch. Zero damage.
| Category | Tools | What They Do |
|---|---|---|
| Workflow | start_task, complete_task |
One-call branch + one-call merge |
| Branch | create_branch, list_branches, delete_branch, rollback_branch, gc, system_status |
Full lifecycle + garbage collection |
| Diff & Merge | diff_branch, merge_branch, merge_three_way |
Field-level diff, conflict strategies |
| Commits | commit, get_commit, commit_log |
SHA-256, parent chains, merge commits |
| Tags | create_tag, list_tags, delete_tag |
Immutable named refs |
| Cherry-Pick | cherry_pick, revert_commit |
Surgical apply/undo |
| Time Travel | time_travel_query, blame |
Any commit or timestamp |
| Deploy | open/approve/reject/execute/list_deploy_request |
PR-like workflow for data |
| Access Control | access_control_status, provision_branch_access, provision_deployer_access, revoke_access_identity, list_access_profiles |
Least-privilege MongoDB users + live enforcement probe |
| Protection | protect_branch, list_protections, remove_protection |
Glob patterns, merge-only |
| Hooks | list_hooks, remove_hook, register_webhook |
14 events + HTTP webhooks |
| TTL | set_branch_ttl, reset_from_parent |
Auto-expire + re-copy from source |
| Stash | stash, stash_pop, stash_list |
Save/resume work |
| Reflog | reflog |
Branch pointer history |
| Scope | set_agent_scope, check_agent_permission, get_agent_violations |
Per-agent collection ACLs |
| Compare | compare_branches |
N-way branch comparison matrix |
| Anonymize | create_anonymized_branch |
hash/mask/null/redact PII |
| Search Index | list/copy/diff/merge_search_indexes |
Atlas Search on branches |
| CRUD Proxy | branch_insert/update/delete/find, branch_aggregate, branch_count, branch_update_many, branch_list_collections, branch_schema |
Full database ops on any branch |
| Agent | register_agent, create_agent_branch, agent_status |
Per-agent sandboxes |
| History | branch_log, record_snapshot, export_audit_log |
Full audit trail (JSON/CSV) |
| Queue | enqueue_merge, process_merge_queue, merge_queue_status |
FIFO atomic merges |
| Ops | branch_oplog, branch_undo, materialization_status |
Oplog, undo, CoW status |
| Audit Chain | verify_audit_chain, export_audit_chain_certified, get_audit_chain |
Tamper-evident hash chain (EU AI Act) |
| Checkpoints | create_checkpoint, restore_checkpoint, list_checkpoints |
Lightweight save/restore points |
| Execution Guard | guarded_execute |
Idempotent ops β dedup via requestId |
| Watcher | watch_branch, stop_watch, get_watch_events |
Real-time change stream events |
# System
mb status # Active branches, storage, recent activity
mb doctor # Live environment probe for Atlas Local capabilities
mb access status # Verify whether MongoDB access control is actually enforced
# Branch lifecycle
mb branch create <name> # Isolated DB copy β indexes, data, validators
mb branch list # All branches with metadata + TTL
mb branch switch <name> # Switch active branch context
mb branch delete <name> # Drop branch database
# Version control
mb commit <branch> -m "message" # SHA-256 content-addressed commit
mb commits <branch> # Walk the commit graph
mb tag create <name> <branch> # Immutable ref: "v1.0", "pre-migration"
mb tag list # All tags with commit hashes
mb tag delete <name> # Remove tag (commit preserved)
mb cherry-pick <target> <hash> # Apply one commit to another branch
mb revert <branch> <hash> # Undo a commit, history preserved
# Diff & merge
mb diff <source> [target] # Colored field-level diff
mb merge <source> --into main # Three-way merge with conflict detection
mb merge <source> --dry-run # Preview without applying
# Time travel & forensics
mb query <branch> <collection> # Query data at any commit/timestamp
mb blame <branch> <collection> <docId> # Who changed what field, when
# Deploy & safety
mb deploy create # Create deploy request (data PR)
mb deploy list # List all deploy requests
mb deploy approve <id> # Approve for production
mb deploy reject <id> # Reject with reason
mb deploy execute <id> # Ship it
mb stash save <branch> # Save work-in-progress
mb stash pop <branch> # Restore it
mb stash list <branch> # View stash stack
mb drift capture <branch> # Review fence using MongoDB operationTime
mb drift check --branch <name> # Detect post-review raw writes
mb access provision-branch <name> # Least-privilege branch-scoped MongoDB user
mb access provision-deployer # Protected-target deploy identity
mb access revoke <username> # Drop provisioned user/role
# Agent coordination
mb anonymize <branch> --strategy mask # PII redaction
mb compare <branch1> <branch2> <branch3> # N-way comparison matrix
mb reflog <branch> # Branch pointer history
# Atlas Search indexes on branches
mb search-index list <branch> # List indexes on branch
mb search-index copy <src> <tgt> # Copy indexes between branches
mb search-index diff <src> <tgt> # Compare index definitions
mb search-index merge <src> <tgt> # Merge index definitions
# Operations
mb gc # Clean stale branches
mb log [branch] # History log with filtering
# Agent Safety (Wave 9)
mb checkpoint create <branch> --label "before-migration"
mb checkpoint restore <branch> <id>
mb checkpoint list <branch>
mb audit verify # Verify tamper-evident hash chain
mb audit export --format json # Export for compliance auditors
mb audit log --branch <name> # View audit trailββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Your App / AI Agent β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β CLI (62 cmds) Β· MCP Server (87 tools) Β· SDK β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β BranchManager CommitEngine DiffEngine MergeEngine β
β TimeTravelEngine DeployManager BranchProxy ScopeManager β
β ProtectionManager HookManager AgentManager MergeQueue β
β OperationLog HistoryManager StashManager ReflogManager β
β BranchComparator AnonymizeEngine SearchIndexManager β
β AuditChainMgr CheckpointMgr ExecutionGuard BranchWatcher β
β AccessControlManager β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β MongoDB Driver β
ββββββββββββββββββ¬βββββββββββββββββββ¬βββββββββββββββββββββββββββββββ€
β main (myapp) β __mb_feature-x β __mb_claude--fix-users β
β ββββββββββββ β ββββββββββββββ β ββββββββββββββββββββββββββ β
β users β users (copy) β users (modified) β
β products β products β products β
β orders β orders β orders (new docs) β
ββββββββββββββββββ΄βββββββββββββββββββ΄βββββββββββββββββββββββββββββββ€
β __mongobranch (metadata) β
β βββ branches commits tags commit_data β
β βββ protections hooks deploy_requests agents β
β βββ oplog history reflog scopes β
β βββ stashes violations merge_queue search_indexes β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Each branch = a separate MongoDB database. Full isolation. Real indexes. Real data. Zero mocks.
| Decision | Why |
|---|---|
| DB-per-branch | Complete isolation β branches can't leak into each other |
| Content-addressed commits | SHA-256 hashes ensure integrity, parent chains enable graph traversal |
| Three-way merge | BFS common ancestor, per-field conflict detection β no silent data loss |
| Lazy copy-on-write | lazy: true β instant branch, data copied only on first write |
| Deploy requests | PR-like review: open β approve β execute (not YOLO merge) |
| Pre/post hooks | Pre-hooks reject synchronously, post-hooks fire-and-forget |
| Merge queue | FIFO ordering for concurrent agent merges β no race conditions |
| Batched cursor iteration | Large collections copied in 1000-doc batches β no memory blowup |
| Agent scopes | Collection-level ACLs + quotas β agents can't touch what they shouldn't |
| Access control probe | Restricted-user live check proves whether MongoDB is enforcing least privilege |
- Documents β added, removed, modified (field-level via jsondiffpatch)
- Indexes β structural changes between branches
- Validation rules β JSON Schema differences
- Atlas Search indexes β search index definitions branched and diffed
- Vector embeddings β 512-dim Voyage AI embeddings survive branchβdiffβmerge intact
Production-hardened features for AI agents operating on real data.
// Agent creates a save point before risky work
const cp = await checkpointManager.create("feature-branch", { label: "before-migration" });
// Agent does aggressive operations...
await proxy.insertOne("feature-branch", "products", bulkData);
await proxy.updateMany("feature-branch", "users", {}, { $set: { role: "pending" } });
// Something went wrong? Instantly restore to the save point
await checkpointManager.restore("feature-branch", cp.id);
// Data is exactly as it was before β every collection, every document// Every operation is hash-chained (SHA-256). Tampering breaks the chain.
const verification = await auditChain.verify();
// { valid: true, totalEntries: 847, firstEntry: genesis, lastEntry: ... }
// Export for compliance auditors (EU AI Act Article 12)
const report = await auditChain.exportChain("json");
// Includes cryptographic verification header + full hash chain// LLM retries the same tool call? No duplicate side effects.
const result = await guard.execute(
"req-abc-123", // Deterministic request ID
"branch_insert", "my-branch", args,
async () => proxy.insertOne("my-branch", "orders", newOrder),
);
// result.cached === true on retry β same result, zero duplicate writesmb branch create feature # depth 0 (from main)
mb branch create experiment --from feature # depth 1
mb branch create sub-test --from experiment # depth 2
# Max depth enforced (default 5) β prevents runaway nesting// Pre-merge webhook β blocks merge if policy violated
await hookManager.registerWebhook("policy-check", "pre-merge",
"https://api.example.com/hooks/review",
{ secret: "my-signing-key", timeout: 3000 }
);
// POST with X-MongoBranch-Signature: <HMAC-SHA256> headerQuery your data at any point in history. Like Dolt's AS OF or Neon's Time Travel β but for MongoDB.
// "What did the users collection look like at commit abc123?"
const users = await timeTravelEngine.findAt({
branchName: "main",
collection: "users",
commitHash: "abc123",
});
// "What did it look like yesterday at 3pm?"
const snapshot = await timeTravelEngine.findAt({
branchName: "main",
collection: "users",
timestamp: new Date("2026-03-30T15:00:00Z"),
});
// "Who changed the email field on user 42?"
const blame = await timeTravelEngine.blame("main", "users", "user-42");
// β { fields: { email: { commitHash: "abc123", author: "agent-b", message: "fix emails" } } }Every commit snapshots the full document state. No WAL parsing. No reconstruction. Instant lookup.
Don't YOLO merge to production. Open a deploy request, review the diff, approve, then execute.
Inspired by PlanetScale's deploy requests β but for document data, not just schema.
1. open_deploy_request(source: "feature-x", target: "main", description: "Add premium users")
β DR #a1b2c3d4 opened. Diff computed automatically.
2. approve_deploy_request(id: "a1b2c3d4", reviewedBy: "alice")
β Approved. Ready to execute.
3. execute_deploy_request(id: "a1b2c3d4")
β Merged! feature-x β main. 3 added, 0 removed, 1 modified.
Duplicate protection, rejection with reasons, status filtering. The full PR workflow.
MongoBranch now provisions least-privilege MongoDB users for branch and deploy workflows, but it does not blindly assume that createUser means the server is enforcing RBAC.
mb access status
# Shows authenticated user context and runs a restricted-user probeIf MongoDB accepts a forbidden write from that restricted probe user, MongoBranch reports the environment as not enforced.
mb access provision-branch feature-x \
--username agent_feature_x \
--password secret123 \
--collections users,orders \
--by codexThis produces:
- a MongoDB role scoped to the branch database
- a MongoDB user assigned to that role
- a connection string agents can use for that branch
- metadata in MongoBranch so the identity can be listed and revoked later
// Nobody writes to main directly. Period.
await protectionManager.protectBranch("main", { requireMergeOnly: true, preventDelete: true });
await protectionManager.protectBranch("prod-*", { requireMergeOnly: true }); // glob patterns
// Hooks fire on 14 different events
await hookManager.addHook({
name: "validate-before-merge",
event: "pre-merge",
callback: async (ctx) => {
if (ctx.targetBranch === "main" && !ctx.approved) {
throw new Error("Merge to main requires deploy request approval");
}
},
});
// Pre-hooks reject synchronously. Post-hooks fire-and-forget. (lakeFS pattern)pre-create, post-create, pre-delete, post-delete, pre-merge, post-merge,
pre-commit, post-commit, pre-reset, post-reset, pre-cherry-pick, post-cherry-pick,
pre-revert, post-revert
Agent A: start_task(agentId: "agent-a", task: "update-users")
Agent B: start_task(agentId: "agent-b", task: "update-products")
# Completely isolated databases:
# __mb_agent-a--update-users (Agent A's sandbox)
# __mb_agent-b--update-products (Agent B's sandbox)
# Both work in parallel β zero interference
Agent A: complete_task(agentId: "agent-a", task: "update-users", autoMerge: true)
Agent B: complete_task(agentId: "agent-b", task: "update-products", autoMerge: true)
# Three-way merge handles conflicts automatically
# Merge queue ensures sequential ordering β no race conditions
React to branch changes in real time via MongoDB Change Streams β with resume token support for crash recovery.
const watcher = new BranchWatcher(client, config);
// Watch a branch for live changes
await watcher.watch("feature-x", async (event) => {
console.log(`${event.operationType} on ${event.collection}: ${event.documentId}`);
// β "insert on products: 507f1f77bcf86cd799439011"
}, {
fullDocument: true, // Include the full document in events
fullDocumentBeforeChange: true, // Include pre-image (what it looked like before)
});
// Resume after disconnect β no missed events
const token = watcher.getResumeToken("feature-x");
await watcher.watch("feature-x", handler, { resumeAfter: token });
await watcher.stop("feature-x");Use cases: CI triggers on branch data changes, agent coordination signals, audit stream forwarding.
Every test runs against real MongoDB (Atlas Local Docker). No mocking. No faking. If it passes here, it works in production.
bun run test # Full suite β 340 tests, 32 files
bun test tests/core/commit.test.ts # Commits, tags, cherry-pick, revert
bun test tests/core/three-way-merge.test.ts # Three-way merge + conflict resolution
bun test tests/core/timetravel.test.ts # Time travel queries + blame
bun test tests/core/deploy.test.ts # Deploy request workflow
bun test tests/core/scope.test.ts # Agent permissions + ACLs
bun test tests/core/access-control.test.ts # MongoDB users, roles, RBAC enforcement probe
bun test tests/core/stress-ai.test.ts # Real Voyage AI 512-dim embeddingsCurrent verification highlights:
- branch + nested-branch lifecycle against real MongoDB
- three-way merge, deploy drift gates, and time travel semantics
- access control provisioning plus live restricted-user enforcement probe
- Atlas Search / Vector Search capability checks on Atlas Local preview
- MCP tool handlers and end-to-end consumer-app dogfooding
- fresh external auth-enabled Atlas Local consumer app passed 22/22 install, branch, deploy, drift, backup/restore, and CLI/MCP/library checks
MONGOBRANCH_URI=mongodb://localhost:27017 # MongoDB connection string
MONGOBRANCH_DB=myapp # Source database name# .mongobranch.yaml
uri: mongodb://localhost:27017/?directConnection=true
sourceDatabase: myapp
metaDatabase: __mongobranch
branchPrefix: __mb_bun install # Install dependencies
docker compose up -d # Atlas Local on port 27017 (repo contributors)
bun run test # 340 tests, ~220 seconds
bun src/mcp/server.ts # Start MCP server
bun src/cli.ts branch create my-feature # CLIsrc/core/
βββ access-control.ts AccessControlManager β branch/deployer users, roles, RBAC enforcement probe
βββ branch.ts BranchManager β create, list, switch, delete, TTL, nested branches, CoW, gc
βββ commit.ts CommitEngine β SHA-256 commits, parent chains, tags, cherry-pick, revert
βββ diff.ts DiffEngine β documents + indexes + validation rules + three-way
βββ merge.ts MergeEngine β two-way, three-way, branch-to-branch, dry-run, strategies
βββ doctor.ts EnvironmentDoctor β live Atlas Local capability probes
βββ drift.ts DriftManager β operationTime review fences + stale-state detection
βββ timetravel.ts TimeTravelEngine β findAt (commit/timestamp), listCollectionsAt, blame
βββ deploy.ts DeployRequestManager β open, approve, reject, execute, list, get
βββ protection.ts ProtectionManager β branch protection rules, glob patterns
βββ hooks.ts HookManager β 14 event types, pre/post hooks, HTTP webhooks (HMAC-SHA256)
βββ scope.ts ScopeManager β agent permissions, collection ACLs, quota enforcement
βββ compare.ts BranchComparator β N-way branch comparison, presence matrix
βββ stash.ts StashManager β stash/pop/list/drop, ordered stash stack
βββ anonymize.ts AnonymizeEngine β hash/mask/null/redact PII strategies
βββ reflog.ts ReflogManager β branch pointer tracking, survives deletion
βββ search-index.ts SearchIndexManager β Atlas Search index branching
βββ audit-chain.ts AuditChainManager β SHA-256 hash-chained tamper-evident log (EU AI Act)
βββ checkpoint.ts CheckpointManager β lightweight save points, instant restore, TTL prune
βββ execution-guard.ts ExecutionGuard β idempotent agent ops, requestId dedup, exactly-once
βββ watcher.ts BranchWatcher β real-time change stream monitoring per branch
βββ proxy.ts BranchProxy β CRUD, aggregate, count, schema with lazy auto-materialization
βββ oplog.ts OperationLog β every write tracked, undo support
βββ queue.ts MergeQueue β FIFO concurrent merge ordering
βββ agent.ts AgentManager β per-agent namespaced branches
βββ history.ts HistoryManager β snapshots, branch log, audit export (JSON/CSV)
βββ types.ts TypeScript interfaces, config, constants
- ADR-001: Storage Strategy β Why DB-per-branch (not collections)
- ADR-002: Diff Algorithm β Operation log + snapshot diff
| Wave | What | Status |
|---|---|---|
| 1-3 | Branch, diff, merge, agent, proxy, oplog, CoW, queue | β Shipped |
| 4 | Commits (SHA-256), tags, three-way merge, cherry-pick, revert | β Shipped |
| 5 | Branch TTL, reset from parent, protection rules, hooks (14 events) | β Shipped |
| 6 | Time travel, blame, deploy requests | β Shipped |
| 7 | Agent scopes, branch compare, stash, anonymize, reflog | β Shipped |
| 8 | Atlas Search index branching, MCP server, CLI, CI | β Shipped |
| 9 | Audit chain (EU AI Act), checkpoints, execution guard, nested branches, webhooks, watchers | β Shipped |
| 10 | Ship It β npm publish, release workflow, .npmignore, v1.0.0 | β Shipped |
All 10 waves shipped. π 87 MCP tools Β· 62 CLI commands Β· 26 engines Β· 340 tests
MIT
Built for the age of AI agents writing to databases.
Stop hoping. Start branching.
340 tests Β· 87 MCP tools Β· 62 CLI commands Β· 26 engines Β· 0 mocks Β· real MongoDB only