Answer
What is .docignore? Keeping internal files out of shared docs
A .docignore file tells your documentation portal and MCP server which files to never render, index, or return — like .gitignore, but for docs you share. Here's what it is and how to use it.
The short answer
A .docignore is a file (same syntax as .gitignore) that lists documentation files which should never be rendered, indexed, or returned over an MCP server — so internal files like CLAUDE.md, secrets, and drafts stay out of anything you share. In Miradorly, files matched by .docignore are genuinely absent from the portal, full-text search, and MCP results for every user and role — not just hidden in the UI. It's how you safely share a repo's docs with clients without leaking the internal ones.
When your documentation and your internal notes live in the same repo, sharing gets dangerous: how do you show a client the project docs without also exposing CLAUDE.md, secrets, or half-finished drafts sitting in the same folders? That's what a .docignore is for.
The definition
A **.docignore is a file that lists documentation paths to exclude from rendering, search, and MCP**. It uses the same glob syntax as .gitignore. Anything it matches is never shown in the portal, never appears in full-text search, and is never returned over the MCP server — for every user, regardless of role.
.docignore vs .gitignore
They look identical and serve parallel purposes for different systems:
.gitignore | .docignore | |
|---|---|---|
| Controls | What git tracks | What your docs portal/MCP expose |
| Effect | File not committed | File committed but not shared |
| Lives in | Repo root / folders | Repo root / folders |
| Syntax | Globs | Globs (same) |
The key insight: a file can be tracked by git (you want it versioned) but excluded from sharing via .docignore. Your internal docs stay in the repo with everything else and simply never leave the team.
What it looks like
# .docignore — never rendered, never indexed, never returned over MCP
# Agent/config files
CLAUDE.md
.cursorrules
# Secrets and credentials
**/secrets/**
*.env
*.key
# Work in progress
drafts/
*.internal.mdWhy "never indexed" matters
There's a meaningful difference between hidden in the UI and never indexed. If a file is merely hidden, it can still leak through search or an AI agent's tool call. With Miradorly, .docignore-matched files are genuinely absent from the index — so they can't surface in portal search or in MCP results, no matter who asks or what role they have. The internal file effectively doesn't exist for any shared surface.
How it works across the three surfaces
In Miradorly, one .docignore governs all three places docs are exposed:
- Portal — matched files aren't rendered.
- Search — matched files aren't in the search index.
- MCP — matched files are never returned to an AI agent (role-aware MCP).
One rule, every surface — so there's no gap where an internal file slips through one channel but not another.
Practical tips
- Put a
.docignoreat the repo root and add folder-level ones if needed. - Exclude agent/config files (
CLAUDE.md,.cursorrules) by default — clients don't need them and they can reveal internal process. - Exclude
drafts/so work-in-progress never shows up as if it were finished. - Review it when you add a new internal doc type.
Bottom line
.docignore is the small file that makes it safe to keep internal and client-facing docs in the same repo: it tells your portal and MCP what to never render, index, or return. Like .gitignore for the docs you share — and the reason you can connect a client (or their AI agent) to your documentation without leaking the parts that should stay internal.
Frequently asked questions
What is a .docignore file?
It's a list of documentation files to exclude from rendering, search, and MCP — using the same glob syntax as .gitignore. Anything it matches is never shown in the portal or returned to an AI agent, for any user.
How is .docignore different from .gitignore?
.gitignore controls what git tracks; .docignore controls what your documentation portal and MCP expose. A file can be committed to the repo (tracked by git) but excluded from sharing via .docignore — exactly what you want for internal docs that live in the same repo.
What should go in a .docignore?
Internal-only files: CLAUDE.md and agent config, secrets and credentials, drafts, and any *.internal.md notes. Anything a client or a client's AI agent should never see.
Does .docignore affect the MCP server too?
Yes — that's the point. In Miradorly, .docignore-matched files are never indexed, so they can't appear in portal search or in MCP results, regardless of who connects or their role.