MCPTutorial6 min

Build a data-only MCP app for private knowledge

A guide for exposing private knowledge safely to ChatGPT through narrow MCP tools.

Real example

Example: private policy search for an operations team

An operations team wants ChatGPT to answer internal policy questions, but only from documents the current user is allowed to access.

Expose an MCP search_policy tool that accepts a query and optional department filter. The server resolves the user, checks document permissions, and returns safe excerpts with source ids.

ChatGPT can help employees navigate private knowledge without turning the entire knowledge base into an unscoped dump.

Tutorial path

How to implement it

Step 01

Choose one knowledge task, such as search policies, fetch customer context, or list open issues.

Step 02

Define inputs that constrain scope by user, organization, project, and query.

Step 03

Authenticate requests and enforce authorization before fetching any private data.

Step 04

Return concise structured results with source IDs, titles, and safe excerpts.

Step 05

Log access at the tool boundary for audit and debugging.

Checklist

Ready when these are true

Tool scope is narrow

Authorization before data access

Results are minimized

Source identifiers included

Audit logging enabled

Field notes

What matters in practice

MCP tools should expose actions and resources at the right business level.

Private knowledge access needs authentication, authorization, and careful result shaping.

The best data-only app returns useful slices of knowledge, not entire databases.

Avoid these mistakes

Common failure modes

Do not return full private documents when excerpts are enough.

Do not let the model provide the user id or permission level.

Do not skip access logs for private knowledge retrieval.

Practical tip

For private MCP tools, the main product is permissioned retrieval, not the chat interface.

Apply this to a build