Docs your agents can execute.
Every hub Atloria publishes is a hosted MCP server. Agents search it, read it — and call your API through it, with credentials injected server-side that the agent never sees. Read-only by default. Writes are opt-in.
The MCP endpoint below is our own docs. It’s live — point a client at it right now.
# the agent reads the API, then acts → call_operation { method: "GET", path: "/public/projects" } ← 200 OK auth injected server-side · returned real data → call_operation { method: "POST", path: "/projects" } ← 403 "Writes are disabled for this API target." → asks for the API key… ← never returned. not in the tool, the transcript, or the response.
Read — table stakes, done properly
Every published hub serves llms.txt, llms-full.txt, per-page .md twins, a search index, and a hosted MCP server with six tools:
full-text search across every generated page
return any page as clean markdown
walk the documentation tree
a code entity with relationships + source location
query the parsed code graph by name or type
enumerate the documented API operations
Act — call_operation
One bounded execution tool. The agent finds an operation with list_endpoints, then drives your real API through the docs.
Your API reference stops being context and becomes a set of tool definitions. Nobody else in the docs category ships this as a hosted, credential-safe capability.
Auth that never leaks
Most MCP setups bury the same step in the tutorial: “paste your API key into the agent’s config file.” That file is plaintext, long-lived, and readable by every tool the agent loads. We don’t do that.
The usual way
- ✕ Key pasted into the agent’s config file — in plaintext.
- ✕ Long-lived; you rotate it by hand, if you remember.
- ✕ Every tool the agent loads can read it.
Atloria
- ✓ Configured once, by the owner, on our server.
- ✓ Injected at execution time — never in the tool, transcript, or response.
- ✓ Read-only by default; writes opt-in; every call SSRF-guarded.
We tested this end-to-end rather than asserting it — the transcript in the hero is a real run against the MCP endpoint published below.
See who’s reading
Atloria classifies the AI crawlers and agents that fetch your docs and attributes their reads — so you can measure agent traffic, not guess at it.
Scope, honestly stated: read-analytics and crawler attribution today. Per-call execution logs are on the roadmap — Theneo’s Elva is ahead of us on that specific dashboard, and we say so below.
How this compares
verified 2026-07-11 · facts from competitors’ live docs| MCP capability | Atloria | ReadMe | Fern | GitBook | Theneo |
|---|---|---|---|---|---|
| Read docs over MCP | Yes — 6 tools | Yes | Yes | Yes | Yes |
| Execute API operations | Yes — call_operation | Yes (execute mode) | No — query docs only | No | Yes (hosted) |
| Where the credential lives | Server-side, injected per call — never surfaced | End-dev pastes a token into the agent config | — | — | Built-in on their platform |
| Writes | Opt-in per project · 403 by default | Proxied with the user's token | — | — | Platform-managed |
| Per-call observability | Reads + crawler attribution (per-call logs: roadmap) | Usage tracking | — | — | Per-call dashboard — ahead of us |
Connect your client
This is our own documentation, served as an MCP endpoint. Copy the snippet for your client and connect — it works right now.
Run in your terminal.
claude mcp add --transport http atloria-docs https://atloria.dev/p/atloria-self-dogfood-BDFvUbEgc3/mcpTools: search_docs, read_page, list_pages, get_entity, search_entities, list_endpoints.
Questions
- Is it safe to let an agent call my API?
- By default the agent can only read: every request is gated read-only and writes return a 403 until you explicitly opt in per project. Outbound calls pass an SSRF-guarded executor (its own test suite) that blocks private/loopback hosts, and you configure an allow-list of what the agent may touch.
- Does the agent ever see my API key?
- No. You configure the credential once, as the owner. Atloria injects it on our server at execution time. It never appears in the tool definition the agent loads, the conversation transcript, or the response body — we verified that end-to-end (above).
- What APIs work?
- Any HTTP API your docs describe. call_operation reads method + path from your generated OpenAPI, so the agent drives exactly the operations your reference documents — nothing more.
- How do writes get enabled?
- A per-project toggle by an owner. Until then, any non-GET operation returns a 403-shaped result the agent can reason about, so a misfire is a polite refusal, not a side effect.
Give your agents docs they can act on.
Point Atloria at a repo and get a hosted, agent-executable docs hub in about a minute.