Noqta
writing/blog/2026/05
BlogMay 12, 2026·6 min read

MCP Business Assistant: Ask Your ERP, CRM and Docs in Arabic — Without a Vendor Rebuild

The honest playbook for putting an Arabic-speaking AI assistant on top of Odoo, Zoho, HubSpot, SAP and Google Workspace using Model Context Protocol — with row-level security, audit logs, and an architecture your auditor will not refuse.

Noqta Team
·EN · FR · AR

Every executive we meet in Riyadh, Tunis or Dubai wants the same thing: "can I just ask my data a question in Arabic and get a real answer?"

The current answer is almost always no. Not because the data does not exist, but because the path from a spoken question — "what is the open AR balance for our top ten Gulf customers, by aging bucket?" — to a trustworthy answer crosses three vendor APIs, two languages, and one row-level security model that nobody wants to leak.

The vendor-shaped answer is a $40K AI add-on locked to one ERP, with English-only fine-tuning and no audit trail your CFO will sign off on. There is a better path. It is called Model Context Protocol (MCP), and in 2026 it is the closest thing the industry has to a universal API for AI agents.

This is the playbook we use when MENA businesses ask us to build an Arabic-speaking assistant on top of their existing stack.

The "Ask Your Data" Problem — Why It Keeps Failing

Three failure modes kill most "AI on top of our business data" projects in MENA:

  1. Vendor lock-in disguised as integration. Each ERP vendor — Odoo, SAP, Zoho, Microsoft Dynamics — wants to sell you their AI module, tuned to their schema. You end up with five disconnected copilots, each blind to the other four. The C-suite question "give me a unified P&L view by region" still routes through a junior analyst with Excel.
  2. Hallucinations on numeric data. An LLM that "almost" knows the right margin is worse than no answer. Asking GPT-4 or Claude directly about your invoices, without a structured data path, produces confident wrong numbers. We have seen it cause a real pricing meeting to be paused for forty minutes while someone verified what the chatbot said.
  3. Row-level security is a nightmare. Your sales head should see Gulf accounts, not Maghreb. Your auditor needs a read-only view of journal entries. Your operations manager wants Tunisia inventory, not KSA. Building this in five separate copilots is a six-month security project. Building it once at the data layer is one weekend.

This is why we stopped recommending vendor-bundled AI modules in 2025 and went all-in on MCP.

What MCP Actually Is (and What It Is Not)

Model Context Protocol is an open spec from Anthropic, now broadly supported, that defines how an AI agent talks to tools and data sources. Think of it as the HTTP of AI integrations: a single protocol that any compliant agent (Claude, GPT, Gemini) can use to call any compliant server (Odoo, Postgres, Google Drive, your internal API).

It is not a product. It is not a SaaS you sign up for. It is a contract — and that is exactly why it scales: every MCP server you write or install today works with every MCP-aware agent tomorrow.

If you have read our earlier deep-dives on MCP servers for business and WebMCP for the browser, this article is the operational layer on top: how to actually wire it into Odoo, Zoho, HubSpot, SAP and Google Workspace, with Arabic on the front and row-level security on the back.

The Reference Architecture

Five components, in this order:

[Arabic question]
      ↓
[Agent: Claude Sonnet 4.6 or equivalent]
      ↓ via MCP
[MCP routing layer — your servers + permissions]
      ↓
[ERP / CRM / Docs / SQL — Odoo, Zoho, HubSpot, SAP, Postgres, Google Drive]
      ↓
[Read-only structured response]
      ↓
[Agent renders answer in Arabic with provenance]

Each layer is replaceable. None of them is a vendor SaaS that traps you.

1. The Agent (the Arabic-speaking face)

Use a frontier model with strong Arabic — Claude Sonnet 4.6 and Claude Opus 4.7 both score well on MSA and tolerate Tunisian and Gulf darija for input understanding (output should stay in MSA for executive reports). GPT-4o and Gemini 2.0 Pro work too. The model is the most replaceable component — pick on price and Arabic quality, not vendor relationship.

The agent's job is to interpret the question, select the right MCP tool, parameterize it correctly, and render the structured response in business language. It is not the data source.

2. MCP Servers (the integration layer)

This is where the real engineering lives. You need one MCP server per data source. For most MENA SMBs we audit, this list looks like:

  • Odoo / SAP / Dynamics — the ERP, accessed via existing read APIs or a Postgres read replica.
  • Zoho CRM / HubSpot / Pipedrive — the customer system.
  • Google Workspace (Drive, Sheets, Calendar) — the contracts and the meeting context.
  • Postgres / MySQL — the application database for any in-house systems.
  • Internal documentation — Notion, Confluence, or a markdown vault.

For each one, you can either:

  • Install an open-source MCP server from the growing ecosystem (the Postgres, GitHub, Google Drive and Slack servers are production-grade).
  • Write a thin one — for proprietary APIs, an MCP server is typically 200-400 lines of TypeScript or Python.
  • Use a managed MCP gateway for compliance-heavy cases (we recommend this for ZATCA-regulated KSA companies, AML-regulated banks, and HIPAA-equivalent health data).

Our default deployment is hybrid: open-source servers for commodity sources (Postgres, Drive), in-house servers for proprietary integration points, managed gateway when the audit story matters.

3. The Permissions Layer (where most projects die)

This is the layer everyone wants to skip. Don't.

Every MCP server you expose must enforce row-level security at the source, not in the agent. The pattern:

  • A Postgres MCP server connects via a named read-only role per user category — agent_sales_gulf, agent_ops_tunisia, agent_finance_readonly.
  • Postgres row-security policies filter what each role can see. An Arabic question that asks for "Maghreb sales" returns 0 rows if the calling role does not have access — no leak, no message, no agent-side filter to forget to update.
  • For SaaS sources (Zoho, HubSpot), use OAuth scopes tied to the underlying user; the agent never sees data the user could not see in the UI.

Concrete example. A sales manager in Riyadh asks: "أعطني المبيعات هذا الشهر للعملاء الذهبيين في الخليج" ("give me this month's sales for gold-tier Gulf customers"). The agent translates into an MCP call to the Postgres server. The server applies the manager's agent_sales_gulf role. The result row set contains only Gulf accounts. The agent renders the answer in MSA Arabic, with the customer list and amounts. If the same manager asks about Tunisia accounts, the result set is empty — and the agent says so honestly.

4. The Audit Log (the part your CFO will ask about)

Every MCP call should write a structured audit record:

  • Who asked (user ID, role, time, language of the question).
  • What was asked (the original question text and the structured MCP call generated from it).
  • What data was returned (count of rows, not the rows themselves, unless the data class allows it).
  • What the user saw (the rendered answer).

We persist these to a dedicated agent_audit schema in Postgres, with retention rules per data class (90 days for operational queries, 7 years for financial). For ZATCA-regulated KSA clients this is non-negotiable; for everyone else it is the difference between a tool that survives an audit and a shadow-IT project that gets killed.

5. The Renderer (Arabic-first, by design)

The agent should render answers in the language of the question. We standardize on:

  • MSA Arabic for written reports — predictable, professional, indexable.
  • Tunisian / Gulf darija accepted for input — users speak naturally, output stays formal.
  • English fallback for technical terms with no Arabic equivalent (e.g., MCP, SKU) — written as-is with no transliteration gymnastics.
  • Bilingual tables when the data is multilingual (customer names often are).

For PDF or PowerPoint output (donor reports, board decks), the renderer should ship to a templated generator (we use templated SVG → PDF via headless Chromium, mirrored RTL for Arabic). The agent never generates layout; it generates content for templated layout.

What the Implementation Actually Looks Like

A real two-week sprint for a 200-person KSA distributor looked like this:

  • Day 1-2: deployed the open-source Postgres MCP server on the replica. Set up four roles (sales-gulf, sales-maghreb, ops, finance-ro).
  • Day 3-5: wrote a thin Zoho CRM MCP server (350 lines TypeScript). Tested against staging.
  • Day 6-7: wired Google Drive MCP server (open-source) with OAuth scoped to each user.
  • Day 8-9: stood up Claude Sonnet 4.6 as the agent, with a system prompt locked to "render answers in MSA Arabic; never invent numbers; cite the MCP source for every figure."
  • Day 10: audit logging schema, retention policies, ZATCA-compatible export.
  • Day 11-14: pilot with three users (CFO, head of sales, head of ops), Arabic-only sessions, daily debrief.

End state: an internal endpoint at assistant.client-domain.sa where the three pilots ask questions in Arabic and get answers with provenance. Total cost: $28K including 14 days of senior engineering. Compared to the vendor proposal ($140K + $35K/year licensing for an English-only "AI module" tied to one ERP), the math is not close.

The Cost Honesty Section

We disqualify ourselves first. MCP for business is not for everyone. Skip this if:

  • You have fewer than 50 employees and one data source. A direct Zapier-style integration is cheaper and faster. MCP shines when you have 3+ data sources that must be unified.
  • Your data is mostly in spreadsheets. Fix the data architecture first; an AI assistant on top of inconsistent spreadsheets will hallucinate confidently.
  • You cannot expose a read replica. If your IT policy forbids read replicas, you have a bigger problem than AI — but pragmatically, you'll need to wait until that policy changes.
  • Your CFO will not sign off on AI-generated narratives for any decision. Then you don't have a tool problem; you have an adoption problem. Solve that first.

For everyone else — the Saudi distributor with Odoo+Zoho+Drive, the Tunisian SME with three ERPs from acquisitions, the Gulf holding company with five subsidiaries on different stacks — MCP is the highest-leverage AI investment you can make in 2026.

What We Build For Clients

When you book an MCP-for-business audit with us, you get:

  • A 90-minute discovery call (your stack, your data classes, your audit constraints).
  • A written architecture proposal with role matrix, MCP server list, and 3-tier cost model (DIY / co-build / managed).
  • A 2-week pilot scope with one data source, one user role, and one Arabic-language use case — fixed price, no surprises.
  • Optional 90-day rollout to full production with audit logs, RBAC, and SOC2-style controls.

The proposal is in your language of choice (Arabic, French, English). The architecture is yours to keep — no lock-in, no proprietary protocols, no white-label SaaS.

Frequently Asked Questions

Is MCP production-ready in 2026? Yes. The spec is at v1.0, Anthropic and the broader ecosystem ship updates monthly, and we have running deployments in three MENA verticals (distribution, healthcare, NGO). It is more mature than most vendor AI modules we have audited.

Does MCP work with Arabic out of the box? MCP itself is language-neutral — it just moves structured data. The Arabic quality comes from the agent layer (Claude, GPT, Gemini). All three frontier models handle MSA well; pick on speed and price.

What about hallucinations? MCP doesn't eliminate them, but it constrains them. When the agent must call an MCP tool to get a number, it cannot invent that number. The remaining hallucination risk is in interpretation (did the agent ask the right question?), not fabrication. Mitigate by surfacing the MCP call alongside the answer.

Can MCP replace our ERP? No. MCP sits on top of your ERP, CRM and docs. It does not replace any system; it makes them queryable through a single agent.

Is this GDPR / PDPL compliant? The architecture is compliant by design — data stays in your existing systems, no cross-border copying, audit logs per access. We help clients map MCP deployments to PDPL (KSA), GDPR (EU operations), and Tunisia's Loi 63-2004.

Ready to ask your business data a question in Arabic?

Book a 30-minute MCP-for-business call — we will sketch your architecture live and tell you honestly whether MCP is the right move for your stack.

Or read the protocol-level primer and the enterprise integration deep-dive first.