DEV Community

Cover image for Role-aware MCP: letting AI agents read private docs without leaking them
Max Bantsevich for dev.family

Posted on

Role-aware MCP: letting AI agents read private docs without leaking them

This is the part of the project I find most interesting, and the one I haven't seen done well anywhere else. It's also the core of why we built Miradorly (miradorly.com) instead of using something off the shelf.

Once your docs live in a portal, the next obvious want is: let an AI agent answer questions from them. Point Claude Code, Cursor, or Claude Desktop at the docs and ask "what's our auth flow?" instead of grepping.

The problem is that the existing options do one of two unacceptable things for client work:

Mintlify's MCP only works on public docs. Useless for private client documentation.
Notion's MCP blocks guest users entirely (it's an open, much-upvoted issue on their MCP server). So a freelancer or an agency's client — exactly the people you'd want to give an agent to — get nothing.

For private, multi-client documentation, both are dealbreakers. If a client's agent connects, it must see exactly what that client's account can see — no more.

So the MCP server inherits the exact same permission model as the portal:

Auth is OAuth 2.1 + PKCE. Each MCP connection is tied to a real account.
Every query inherits that account's permissions. A commenter's agent searches only the documents that commenter can read — same rules as the browser, enforced server-side.
.docignore is never indexed. Files excluded from the portal are excluded from the MCP index too — the agent can't surface what it was never given.
Read-only by design. Agents read; they can't overwrite your docs.

So you can hand a client a portal and an MCP endpoint from the same repo, and trust that neither path leaks an internal file — because both run through one permission model, not two. As far as I know, no other doc platform's MCP does this on private docs with role-based access.

That's the whole system: your editor doesn't change, your client never touches a repo, and your AI agents query the same docs while respecting every permission. We built it because we needed it on our own client projects, and we've been running on it daily for months.

If you keep docs in Git and have ever copy-pasted Markdown into a Google Doc for a client, it's free to try on your own repo for 30 days, no card: miradorly.com. I'd genuinely like to hear how it breaks on your setup.

Top comments (0)