MCP Spotlight: Brilliant Directories — The First Membership-Platform MCP With 100 Tools, OpenAPI 3.1 & Permission Gating

Server: brilliant-directories-mcp by Brilliant Directories Tools: 100 · License: MIT · OpenAPI: 3.1 spec shipped in the repo · Transport: Hosted (Easy) or stdio (Advanced) MCP Tracker: glama.ai/mcp/servers/brilliantdirectories/brilliant-directories-mcp Docs / GitHub: github.com/brilliantdirectories/brilliant-directories-mcp

Brilliant Directories powers 50,000+ membership and directory sites. Each one has members, posts, leads, reviews, forms, pages, email templates, redirects, smart lists, widgets, menus, tags, and membership plans — and the people running those sites are not engineers. They're founders, coaches, association managers, niche publishers. The platform that wins their AI integration wins the next decade of "small SaaS becomes AI-native."

Brilliant Directories MCP is the first membership-platform integration that takes that bet seriously. 100 tools covering every resource the REST API exposes, an OpenAPI 3.1 spec bundled in the repo, two install paths (hosted Easy / local Advanced), and — this is the part that matters most — granular permission gating in the BD Admin that lets you turn destructive operations off without code.

What You Can Do

The full resource surface BD exposes via REST is now reachable from any MCP client:

Resource	Examples
Members	Read, create, update, delete, search, filter, export
Posts	Single-image, multi-image, categories, tags, scheduling, drafts
Leads	Capture, qualify, assign, convert to member
Reviews	Per-post, per-member, ratings, moderation
Categories	Top and sub, hierarchical, with images and descriptions
Email templates	Templates, variables, send-test, broadcast
Pages	Homepage, landing pages, content blocks, drafts
301 redirects	Bulk import, regex patterns, status codes
Smart lists	Filter-based dynamic member groups
Widgets	Site widgets, sidebars, custom HTML
Menus	Header, footer, sidebar navigation
Forms	Lead forms, contact forms, custom fields
Tags	Member tags, post tags, taxonomy
Membership plans	Pricing, features, billing cadence

That's the entire BD admin panel, exposed as tools. The agent can do anything the human can do — but with the agent's reasoning, the natural-language interface, and Facio's audit trail.

The Architecture: Two Install Paths

The Brilliant Directories MCP is the first I've seen that ships two install paths for the same server, designed for two audiences:

🚀 Easy Config Block (recommended for non-engineers)

{
  "mcpServers": {
    "brilliant-directories": {
      "url": "https://brilliantmcp.com",
      "headers": {
        "X-Api-Key": "your_bd_api_key",
        "X-BD-Site-URL": "https://www.your-site.com"
      }
    }
  }
}

Pointed at a hosted MCP endpoint. No Node.js, no install, no terminal. Works in Cursor, Windsurf, Cline, Codex, n8n, Make.com, Zapier, Abacus.AI, and any HTTP-transport MCP client. 30-second install, designed for site owners who don't want to touch a package manager.

🛠️ Advanced Config Block (for engineers who want it on their hardware)

{
  "mcpServers": {
    "brilliant-directories": {
      "command": "npx",
      "args": [
        "-y",
        "--prefer-online",
        "brilliant-directories-mcp@latest",
        "--api-key", "your_bd_api_key",
        "--url", "https://www.your-site.com"
      ]
    }
  }
}

The MCP runs as a npx child process on your machine. --prefer-online @latest forces npm to revalidate against the registry on every launch — you always pull the newest version, no stale cache errors. Required for Claude Desktop (which only accepts stdio, not the HTTP url form).

Both paths give the full 100-tool surface, same instructions, same lean shapers, same safety guards. The choice is about who controls the process, not what the process can do.

The Permission Gating: The Most Important Section

This is the part that deserves a paragraph in every MCP integration playbook. Brilliant Directories ships with least-privilege API keys by default:

New BD API keys ship locked down — only member read/write is enabled by default.

Every other resource (web pages, forms, menus, tags, email templates, reviews, leads, categories, post types, widgets, etc.) lives behind an "Advanced Endpoints" toggle and returns 403 API Key does not have permission to access this endpoint until you flip it on.

The setup guide says it bluntly: "This catches almost every first-time user." The pattern is exactly the same one Stripe uses for restricted keys, or AWS uses for IAM — default to nothing, opt up to capabilities.

The killer feature: the BD Admin lets you uncheck every delete* action while keeping create/update/read on:

"Want to stop the AI from deleting anything? Uncheck every delete action under Advanced Endpoints. The AI will still be able to read, create, and update — but any delete* tool call will return 403 instead of wiping data. Good baseline for production sites where the AI shouldn't be trusted with destructive operations."

This is the safety pattern every write-capable MCP server should ship with. The Brilliant Directories team is explicit about why they default to locked-down: a leaked API key with baseline-only permissions can only read/write members — it can't rewrite your whole directory.

For HITL workflows, this is the right architecture: the platform gates the destructive operations, the human approves the rest, and the audit trail shows both.

The OpenAPI 3.1 Spec in the Repo

The repository includes a complete OpenAPI 3.1 spec for the BD API. This is significant because it means:

1. Any tool generator can rebuild the MCP — Codegen, Speakeasy, Stainless, Mintlify all consume OpenAPI
2. The agent can introspect the schema if it needs parameter details not surfaced in the tool description
3. Custom MCP variants are forkable — if you want to add custom logic (rate limiting, custom field mapping), the spec is the source

The OpenAPI spec is a maintenance pattern: when the BD API changes, the spec updates, the MCP server regenerates, and downstream clients don't break. This is how production APIs should be documented.

Facio Integration

{
  "mcpServers": {
    "brilliant-directories": {
      "url": "https://brilliantmcp.com",
      "headers": {
        "X-Api-Key": "${credentials.BD_API_KEY}",
        "X-BD-Site-URL": "${credentials.BD_SITE_URL}"
      }
    }
  }
}

Facio's audit trail captures every BD tool call with the API key identity, the site, the resource, the operation, the parameters, and the result. Combined with the BD Admin's permission gating, this creates a complete safety chain:

1. API key scope — only the resources you enabled in BD Admin
2. Tool annotations — read vs. write vs. destructive
3. HITL gating — Facio's review surface on destructive operations
4. Audit trail — every call logged with context
5. Rollback — BD Admin shows the change history of every resource

For agencies and consultancies managing multiple BD sites, this is the workflow: one Facio workspace, one API key per site, scoped permissions per workspace. The agent can manage 50 client sites from a single conversational surface, with full per-site isolation in the audit trail.

Quickstart

# 1. Generate an API key in BD Admin
#    BD Admin → Developer Hub → Generate API Key
#    Optional: flip Advanced Endpoints to ON, uncheck delete actions

# 2. Pick your install path

# Easy (no Node.js needed):
{
  "mcpServers": {
    "brilliant-directories": {
      "url": "https://brilliantmcp.com",
      "headers": {
        "X-Api-Key": "your_key",
        "X-BD-Site-URL": "https://www.your-site.com"
      }
    }
  }
}

# Advanced (Node.js, runs locally):
{
  "mcpServers": {
    "brilliant-directories": {
      "command": "npx",
      "args": ["-y", "--prefer-online", "brilliant-directories-mcp@latest",
               "--api-key", "your_key",
               "--url", "https://www.your-site.com"]
    }
  }
}

# 3. Fully quit and reopen your AI app
#    (MCP servers load at launch, not on hot-reload)

# 4. First prompts
# "How many members do I have? Break down by membership plan."
# "Add 50 new leads from this CSV — assign them to my 'Newsletter' smart list."
# "Create a landing page for our summer campaign with a signup form."
# "Update all members on the 'Annual' plan to 'Premium Annual' — but don't delete anything."
# "Pull all 5-star reviews from the last 30 days and email them to our marketing list."

Use Cases

Member onboarding automation: "Take this list of 200 new signups, create member accounts for each, send them the welcome email template, and add them to the 'New Members' smart list." Agent chains 4-5 tool calls, BD executes, audit trail captures every step.

Content publishing: "Schedule this blog post for next Tuesday, add it to the 'Industry Insights' top category, set the meta description, and create a 301 redirect from the old URL." Agent handles the multi-step workflow that normally takes 20 minutes of admin clicking.

Lead qualification: "Pull all leads from last week, score them by engagement (form submissions, page views), and assign the top 20 to my sales team with a follow-up email draft." Agent runs filters, sorts, drafts emails — human approves the send.

Form and page building: "Create a contact form with name, email, and message fields. Add it to the contact page. Set up a thank-you email for submissions. Create a 301 redirect from /old-contact to /contact." Multi-resource workflow in one prompt.

Membership plan management: "List all active membership plans with their pricing and member counts. Find plans with fewer than 10 members. Suggest which to retire." Agent uses the API to surface business intelligence, then proposes actions for human approval.

Site migration: "Export all members from this site, create corresponding accounts on the new site, copy their posts, and update the 301 redirect map." Cross-site workflow that would normally take days of manual work.

Bottom Line

Brilliant Directories MCP is the first membership-platform integration that gives an AI agent full access to every resource the platform exposes — 100 tools, OpenAPI 3.1, two install paths, and granular permission gating that lets you turn off destructive operations in the BD Admin. For the 50,000+ sites running on BD, this is the missing layer that turns "site owner" into "site manager with an AI operator."

The two install paths (hosted Easy for non-engineers, local Advanced for engineers) and the default-locked API key with the explicit delete* toggle are patterns every platform MCP server should copy. The OpenAPI 3.1 spec in the repo is the maintenance pattern. The site URL validation (canonical form, exact host, no trailing slash) is the kind of detail that prevents real production failures.

For agencies, coaches, and niche publishers running on BD, the answer to "how do I manage my site with AI" is now: install the MCP, turn on the resources you want, uncheck the deletes you don't.

---

MCP Spotlight is a series covering servers that give AI agents real capabilities. Every server is evaluated for tool breadth, safety design, and integration fit with Facio's HITL-first agent runtime.