Connect
Optimize
Secure
GitBook MCP Server
for AI Agents
Production-ready GitBook MCP server with 48 extensible actions — plus built-in authentication, security, and optimized execution.
GitBook MCP Server
Built by 
StackOne
StackOne 
Coverage
48 Agent Actions
Create, read, update, and delete across GitBook — and extend your agent's capabilities with custom actions.
Authentication
Agent Tool Authentication
Per-user OAuth in one call. Your GitBook MCP server gets session-scoped tokens with zero credentials stored on your infra.
Agent Auth →
Security
Agent Protection
Every GitBook tool response scanned for prompt injection in milliseconds — 88.7% accuracy, all running on CPU.
Prompt Injection Defense →
Performance
Max Agent Context. Min Cost.
Free up to 96% of your agent's context window to enhance reasoning and reduce cost, on every GitBook call.
Tools Discovery →What is the GitBook MCP Server?
A GitBook MCP server lets AI agents read and write GitBook data through the Model Context Protocol — Anthropic's open standard for connecting LLMs to external tools. StackOne's GitBook MCP server ships with 48 pre-built actions, fully extensible via the Connector Builder — plus managed authentication, prompt injection defense, and optimized agent context. Connect it from MCP clients like Claude Desktop, Cursor, and VS Code, or from agent frameworks like OpenAI Agents SDK, LangChain, and Vercel AI SDK.
All GitBook MCP Tools and Actions
Every action from GitBook's API, ready for your agent. Create, read, update, and delete — scoped to exactly what you need.
A Collections
- Update A Collection
Update properties of an existing collection
- Delete A Collection
Delete a collection
Space User Permissions
- List Space User Permissions
List users who have been added to a space
- Update Space User Permissions
Update user permission level in a space
A Spaces
- Update A Space
Update properties of an existing space
- Delete A Space
Delete a space and move it to trash
A Teams
- Get A Team
Retrieve detailed information about a specific team
- Update A Team
Update properties of an existing team
- Delete A Team
Delete a team from an organization
Other (39)
- Create A New Change Request
Create a new change request in a space
- Create A New Collection
Create a new collection in an organization
- Import A Git Repository
Trigger a Git Sync import operation
- Create A New Organization Invite
Create a new invite link for the organization
- Create A New Space
Create a new documentation space in an organization
- Create A New Team
Create a new team in an organization
- Add A Member To A Team
Add a user to a team
- List All Change Requests In A Space
Get all change requests in a space
- Get A Change Request By Its ID
Retrieve detailed information about a specific change request
- Get All Change Request Reviewers
List requested reviewers for a change request
- List All Collections
Get all collections in an organization
- Get A Collection By Its ID
Retrieve detailed information about a specific collection
- List Collection User Permissions
List users who have been added to a collection
- Get Space Git Info
Get Git Sync configuration and status for a space
- List Organization Invites
List all invite links in an organization
- Get An Organization Invite Link
Retrieve details of a specific invite link
- Get The List Of Organizations For The Currently Authenticated User
List all organizations accessible to the authenticated user
- Get An Organization By Its ID
Retrieve detailed information about a specific organization
- List All Organization Members
Get all members of an organization
- Get An Organization Member By Its ID
Retrieve detailed information about a specific organization member
- List All Space Users Permissions
List all users who can access a space with aggregated permissions
- List All Spaces
Get all spaces in an organization
- Get A Space By Its ID
Retrieve detailed information about a specific space
- Get A URL Of The Content Of A Space As PDF
Generate and retrieve a temporary URL to export space content as PDF
- List All Teams
Get all teams in an organization
- List All Team Members
Get all members of a team with their roles
- Get Profile Of Authenticated User
Get details about the authenticated user
- Get A User By Its ID
Get publicly available information about a GitBook user
- Update A Change Request
Update properties of an existing change request
- Update A Collection User Permission
Update user permission level in a collection
- Update An Organization
Update properties of an existing organization
- Remove A Reviewer From A Change Request
Remove a requested reviewer from a change request
- Remove A User From A Collection
Remove a user's access to a collection
- Delete An Organization Member
Remove a member from an organization
- Remove A Space User
Remove a user's access to a space
- Delete A Team Member
Remove a member from a team
- Merge A Change Request
Merge a change request into the main content
- Invite Users To Organization
Invite users to organization by email
- Deletes An Organization Invite
Deletes an organization invite link
Set Up Your GitBook MCP Server in Minutes
One endpoint. Any framework. Your agent is talking to GitBook in under 10 lines of code.
MCP Clients
Agent Frameworks
JSON{
"mcpServers": {
"stackone": {
"command": "npx",
"args": [
"-y",
"mcp-remote@latest",
"https://api.stackone.com/mcp?x-account-id=<account_id>",
"--header",
"Authorization: Basic <YOUR_BASE64_TOKEN>"
]
}
}
}GitBook MCP Server Resources
MCP Code Mode: Keeping Tool Responses Out of Agent Context
Anthropic's code_execution processes data already in context. Custom MCP code mode keeps raw tool responses in a sandbox. 14K tokens vs 500.
11 min
Comparing BM25, TF-IDF, and Hybrid Search for MCP Tool Discovery
Benchmarking BM25, TF-IDF, and hybrid search for MCP tool discovery across 916 tools. The 80/20 TF-IDF/BM25 hybrid hits 21% Top-1 accuracy in under 1ms.
10 min
Indirect Prompt Injection Defense for MCP Tools: A Technical Guide
MCP tools that read emails, CRM records, and tickets are indirect prompt injection vectors. Here's how we built a two-tier defense that scans tool results in ~11ms.
12 min
GitBook MCP Server FAQ
GitBook MCP server vs direct API integration — what's the difference?
A GitBook MCP server and direct API integration serve different use cases. Direct API integration is for software-to-software — backend code calling GitBook. A GitBook MCP server is for AI agents — MCP clients like Claude and Cursor, plus framework agents built with OpenAI, LangChain, or Vercel AI — discovering and calling GitBook at runtime. StackOne provides both.
How does GitBook authentication work for AI agents?
GitBook authentication for AI agents works through a StackOne Connect Session. Create one via the dashboard or the SDK — you get an auth link and ready-to-paste config for Claude Desktop, Cursor, and other MCP clients. Your user authenticates their own GitBook account; StackOne handles token exchange, storage, and refresh. Credentials never reach the LLM, and each user is isolated via
origin_owner_id.Are GitBook MCP tools vulnerable to prompt injection?
Yes — GitBook MCP tools can be vulnerable to indirect prompt injection. Any tool that reads user-written content — documents, messages, tickets, records, or free-text fields — is a potential vector. StackOne Defender scans every tool response before it enters the agent's context — regex patterns in ~1ms, then a MiniLM classifier in ~4ms. 88.7% accuracy, CPU-only.
What is the context bloat of a GitBook agent and how do I avoid it?
Context bloat happens when GitBook tool schemas and API responses eat your GitBook agent's memory, preventing it from reasoning effectively. A single GitBook query can return a massive JSON response, and connecting multiple tools compounds the problem. Tools Discovery and Code Mode reduce context bloat — loading only relevant tools per query and keeping raw responses out of the agent's context.
Can I limit which actions my GitBook agent can access?
Yes — you can limit which actions your GitBook agent can access directly from the StackOne dashboard. Toggle actions on or off, or restrict them to specific accounts, with no code changes to your agent. Session tokens can be scoped to exact actions so if one leaks, exposure stays contained.
Can I create custom agent actions for my GitBook MCP server?
Yes — you can create custom agent actions for your GitBook MCP server using Connector Builder. It's an integration agent your coding assistant (Claude Code, Cursor, or Copilot) can invoke to research GitBook's API, generate production-ready connector YAML, test against the live API, and validate before you ship.
When should I NOT use a GitBook MCP server?
Skip a GitBook MCP server if your integration is purely software-to-software — direct GitBook API integration is simpler when no AI agent is involved. For deterministic, compliance-critical operations (financial transactions, regulatory reporting), direct API gives you predictable behavior without agent-driven decision-making. MCP shines when AI agents need to dynamically discover and call GitBook actions at runtime.
What AI frameworks and AI clients does the StackOne GitBook MCP server support?
The StackOne GitBook MCP server supports both. MCP clients (paste-and-go apps): Claude Desktop, Claude Code, Cursor, VS Code, Goose. Agent frameworks (code SDKs you build with): OpenAI Agents SDK, Anthropic, Vercel AI, Google ADK, CrewAI, Pydantic AI, LangChain, LangGraph, Azure AI Foundry.
Put your AI agents to work
All the tools you need to build and scale AI agent integrations, with best-in-class connectivity, execution, and security.