How I Built a Fully Offline, AI-Powered Microsoft Learn Lab for Zero-Trust Coding + Video

Listen to this Post

Featured Image

Introduction:

In an era where cloud-based AI tools are the norm, security professionals are increasingly concerned about data leakage and dependency on external APIs. By hosting a local Model Context Protocol (MCP) server, developers can create a “vibe coding” environment where AI assistants like and VS Code’s Codex can query official documentation (such as Microsoft Learn) directly from a local source. This setup not only enhances productivity by grounding AI responses in verified data but also aligns with zero-trust principles by keeping sensitive code context and documentation queries within the local network.

Learning Objectives:

  • Understand the architecture of a local MCP server and its role in AI-assisted development.
  • Learn to configure VS Code (Codex) and Desktop to use local documentation sources.
  • Implement security controls to prevent data exfiltration when using AI coding tools.

You Should Know:

  1. Setting Up a Local Microsoft Learn MCP Server
    James Agombar’s setup relies on hosting a local instance of the Microsoft Learn documentation. This is achieved by cloning the open-source Microsoft Learn repository and serving it via an MCP-compatible server. MCP acts as a universal translator, allowing AI models to query local files as if they were live APIs.

Step‑by‑step guide:

1. Clone the Microsoft Learn repository:

git clone https://github.com/MicrosoftDocs/learn.microsoft.com
cd learn.microsoft.com

2. Install Node.js dependencies for the MCP server:

npm install -g @modelcontextprotocol/server-filesystem

3. Initialize the local server:

npx @modelcontextprotocol/server-filesystem /path/to/learn.microsoft.com --port 3000

4. Verify the server is running:

Navigate to `http://localhost:3000` to ensure the documentation is served correctly. The server now provides a local endpoint that mimics the official Learn API.

2. Integrating Desktop with Local MCP

Desktop can be configured to prioritize local sources over web searches. This reduces latency and ensures that the AI does not inadvertently send proprietary code to external servers.

Step‑by‑step guide:

1. Locate the Desktop configuration file:

  • Windows: `%APPDATA%\\_desktop_config.json`
    – macOS: `~/Library/Application Support//_desktop_config.json`

2. Add an MCP server entry:

{
"mcpServers": {
"microsoft-learn": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-filesystem", "/path/to/learn.microsoft.com"],
"env": {}
}
}
}

3. Restart Desktop.

will now use the local documentation for queries related to Microsoft technologies, ensuring answers are based on the exact version of documentation you have cloned.

3. Configuring VS Code (Codex) for Local Context

Codex, the AI assistant in VS Code, can be extended to use the same local MCP server. This prevents the tool from sending code snippets to the cloud for documentation lookups.

Step‑by‑step guide:

1. Install the MCP extension for VS Code:

code --install-extension ms-mcp.mcp-client

2. Open VS Code settings (JSON):

Press `Ctrl+Shift+P` and type “Preferences: Open Settings (JSON)”.

3. Add the MCP server configuration:

"mcp.servers": {
"microsoft-learn": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-filesystem", "/path/to/learn.microsoft.com"],
"env": {}
}
}

4. Test the integration:

Open a new chat with Codex and ask a question like “How do I configure Azure AD B2C?” The assistant should reference the local documentation, indicated by the absence of network calls in your firewall logs.

  1. Security Hardening: Firewall Rules and Data Leakage Prevention
    Running a local MCP server reduces but does not eliminate risk. AI assistants may still attempt to “phone home” for telemetry or fallback queries.

Step‑by‑step guide (Windows):

1. Block VS Code and outbound traffic:

New-NetFirewallRule -DisplayName "Block Codex Outbound" -Direction Outbound -Program "C:\Users\%USERNAME%\AppData\Local\Programs\Microsoft VS Code\Code.exe" -Action Block
New-NetFirewallRule -DisplayName "Block Outbound" -Direction Outbound -Program "C:\Users\%USERNAME%\AppData\Local\Programs\.exe" -Action Block

2. Create an allow rule only for local MCP:

New-NetFirewallRule -DisplayName "Allow MCP Local" -Direction Outbound -Protocol TCP -LocalPort 3000 -Action Allow

Linux equivalent (using iptables):

sudo iptables -A OUTPUT -m owner --uid-owner $(id -u) -p tcp --dport 443 -j REJECT
sudo iptables -A OUTPUT -m owner --uid-owner $(id -u) -p tcp --dport 80 -j REJECT
sudo iptables -A OUTPUT -m owner --uid-owner $(id -u) -p tcp --dport 3000 -j ACCEPT

5. Automating Documentation Updates with CI/CD

To keep the local Microsoft Learn instance current, set up a cron job (Linux/macOS) or scheduled task (Windows) that pulls the latest changes weekly.

Linux/macOS cron:

0 2   1 cd /path/to/learn.microsoft.com && git pull && npm update

Windows Task Scheduler PowerShell script:

$action = New-ScheduledTaskAction -Execute "git.exe" -Argument "pull" -WorkingDirectory "C:\learn.microsoft.com"
$trigger = New-ScheduledTaskTrigger -Weekly -DaysOfWeek Monday -At 2am
Register-ScheduledTask -TaskName "Update MCP Docs" -Action $action -Trigger $trigger

6. Extending MCP to Other Documentation Sources

The same principle applies to any technical documentation. For cybersecurity professionals, this could include local copies of CVE databases, OWASP guides, or internal compliance wikis.

Example: Adding OWASP Cheat Sheets

1. Clone the repository:

git clone https://github.com/OWASP/CheatSheetSeries

2. Serve it on a different port:

npx @modelcontextprotocol/server-filesystem /path/to/CheatSheetSeries --port 3001

3. Add both servers to ’s config:

"mcpServers": {
"microsoft-learn": { ... },
"owasp": { "command": "npx", "args": ["-y", "@modelcontextprotocol/server-filesystem", "/path/to/CheatSheetSeries", "--port", "3001"] }
}

7. Exploitation and Mitigation: When AI Goes Rogue

While local MCP servers enhance privacy, they also introduce a new attack vector. If an attacker compromises the local documentation files (e.g., via a poisoned Git repository), they could inject malicious advice into the AI’s responses.

Mitigation steps:

  • Verify Git commits: Use GPG signatures to validate that the cloned documentation is legitimate.
    git log --show-signature
    
  • Hash verification: Create a checksum of the documentation directory and compare it after each update.
    find /path/to/docs -type f -exec sha256sum {} \; | sort | sha256sum > baseline.txt
    After update, run again and compare
    diff baseline.txt new_checksum.txt
    
  • Run MCP in a container: Isolate the server using Docker to prevent direct host access.
    docker run -p 3000:3000 -v /path/to/docs:/docs mcp/server-filesystem /docs
    

What Undercode Say:

  • Key Takeaway 1: Local MCP servers transform generic AI assistants into domain-specific experts without compromising data sovereignty. This is crucial for organizations subject to strict data residency laws.
  • Key Takeaway 2: The “vibe coding” setup is not just about convenience—it’s a blueprint for secure AI integration. By controlling the data source and network access, security teams can embrace AI without fear of shadow IT.

Analysis:

The convergence of AI and local development environments is inevitable. James Agombar’s approach demonstrates that with open-source tools like MCP, we can build hybrid systems that leverage the best of cloud AI (reasoning power) and local control (privacy). However, this introduces a new responsibility: securing the local data sources. Just as we patch operating systems, we must now “patch” our documentation repositories to ensure they haven’t been tampered with. The line between code and content is blurring, and security must adapt to protect both.

Prediction:

Within two years, local MCP servers will become standard in enterprise development environments. We will see the rise of “AI firewalls” that inspect and sanitize queries between the developer and the AI, similar to how web application firewalls protect web servers. Additionally, expect Microsoft and other vendors to release official, signed Docker images of their documentation to prevent repository poisoning attacks. The future of coding is local AI with global knowledge—secured by design.

▶️ Related Video (82% Match):

🎯Let’s Practice For Free:

IT/Security Reporter URL:

Reported By: Jamesagombar My – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeTesting & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky