Docs MCP Security
The documentation MCP server is read-only.
Exposed Content
- Markdown documentation.
- Approved YAML design and contract data.
- Approved JSON status files.
Denied Content
- Source code under
apps/,packages/, orsrc/. .git,node_modules,dist,build,coverage..env, secrets, credentials, tokens, private keys.- Raw playtest session data.
Authentication
/mcp requires:
Authorization: Bearer <DOCS_MCP_AUTH_TOKEN>
Tokens must never be committed.