PlatformFor RIAsIntegrationsSecurity

DEVELOPERS

Model Context Protocol server

Use Claude Desktop, Claude Code, or any MCP host to query your DocumentBoost data with the AI of your choice. You stay in control: every call is scoped to your tokens, every ask runs through your organization's consent gate, and every tool invocation is audited.

Setup

  1. Sign in and visit /app/settings/mcp-tokens (or /portal/settings/mcp-tokens if you're a client).
  2. Click Create token, name the host (e.g. “Claude Desktop”), and copy the plaintext token. It is shown only once.
  3. Open your MCP host's config. For Claude Desktop, this is ~/.config/claude/claude_desktop_config.json (macOS / Linux) or %APPDATA%\Claude\claude_desktop_config.json (Windows).
  4. Paste the config block below, substituting your deployment host and the token. Save the file and restart your MCP host.
  5. Try list_households to confirm the connection.

Config

{
  "mcpServers": {
    "documentboost": {
      "url": "https://{your-deployment-host}/api/mcp",
      "headers": {
        "Authorization": "Bearer {your-token}"
      }
    }
  }
}

Transport: HTTP (this is a hosted server — there is no stdio binary to install). Protocol version: 2024-11-05.

Tools

list_householdsscope: read:household

Every household the caller can see. Advisors see firm-wide; clients see only paired households.

get_householdscope: read:household

Overview of one household — member counts, document counts, recent uploads.

list_documentsscope: read:document

Document metadata only (filenames, types, page counts). No chunk text leaves through this tool.

get_attributescope: read:household

Latest value of a household attribute by key, plus the source documents that produced it.

list_templatesscope: read:document

Document-type templates for the caller's firm. Clients without an org membership see an empty list.

askscope: ask

Natural-language question grounded in the caller's documents. Returns the answer plus citations. Subject to per-org consent gating.

Security boundary

  • Token storage. Plaintext is shown to you once and is never recoverable. We persist a SHA-256 hash and revoke non-destructively.
  • Scopes. v1 ships read-only scopes (read:household, read:document, ask). No write tools.
  • Consent gate. Every ask call goes through your organization's third-party AI consent posture (Settings → Security & Data Disclosure). Denied calls return a JSON-RPC error with data.reason set to external_ai_disabled or zdr_not_acknowledged.
  • Audit. Every tool invocation creates an mcp.tool_called audit row with the tool name and structural parameters — never the question text, never extracted field values.
  • Rate limit. 600 requests / hour / token. Stub a higher cap by minting a second token if you have a legitimate high-volume workload.
  • Revocation. Revoke at /app/settings/mcp-tokens. The revoked token fails-closed on the next call, no propagation delay.

Sample response shape

High confidence · 4 sources

A typical ask reply returns a synthesized answer plus inline citations and confidence signals you can render in your agent UI. Was this docs example useful?

What we're not shipping in v1

No write tools (no upload, no template extraction trigger, no attribute mutation). No prompt resources. No sampling proxy. If you have a workflow that needs one of these, tell us — the surface is designed to grow.