MCP server for agent-safe Obsidian vault access with lint validation

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for codeafix from gravatar.com codeafix

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Tags ai , claude , guard , knowledge-management , llm , markdown , mcp , model-context-protocol , obsidian , write-protection
  • Requires: Python >=3.10
Classifiers
Report project as malware

Project description

obsidian-mcp-guard

PyPI version Python 3.11+ License: MIT Tests

An MCP server for agent-safe Obsidian vault access. Provides read/write file tools with lint validation to prevent agents from writing malformed Obsidian markdown.

Why this exists

Most Obsidian MCP servers give agents direct write access with no markdown validation. Those that route through the Obsidian REST API gain some input sanitisation, but none validate content against Obsidian's markdown rendering rules before writing. obsidian-mcp-guard fills this gap: all writes are validated against Obsidian's markdown rules before they touch the vault, and if the content would render incorrectly, the write is rejected with a structured error explaining exactly which rule was violated. Writes can also be constrained to a single configurable vault path, giving agents a designated space to create and manage content on behalf of the user while preventing accidental or runaway writes to other vaults on the same filesystem. Directory traversal attacks are blocked at the path resolution layer, so a misconfigured, misbehaving, or prompt-injected agent cannot escape the write vault by constructing paths like Claude/../OtherVault/note.md

Features

  • Read/list/create/update/delete notes via HOST_VAULT_PATH on the host filesystem
  • Lint validation on all writes using mdlint-obsidian — blocks writes that violate Obsidian markdown rules (unclosed wikilinks, raw HTML, standard-markdown links, etc.)
  • Write-vault isolation — writes are constrained to a single configurable vault; directory-traversal attacks are blocked on both read and write paths
  • Composablecreate_vault_server() returns a FastMCP instance that can be mounted into a larger server via import_server()
  • Pre-validation toollint_note lets agents check content before committing a write

Installation

pip install obsidian-mcp-guard

For Claude Desktop users who don't want a manual install, uvx runs it directly with no setup:

uvx obsidian-mcp-guard

For local development:

python -m venv .venv
source .venv/bin/activate
pip install -e .

Configuration

Environment variable Default Description
HOST_VAULT_PATH (required) Absolute path to the directory containing your vaults as subdirectories
WRITE_VAULT Claude Name of the only vault where write operations are permitted

Example layout expected under HOST_VAULT_PATH:

/path/to/your/vaults/
    Claude/      ← write operations land here
    Work/        ← readable but not writable
    Personal/    ← readable but not writable

Usage

As a standalone stdio server

# via the installed CLI entry point
HOST_VAULT_PATH=/path/to/your/vaults obsidian-mcp-guard

# or via python -m
HOST_VAULT_PATH=/path/to/your/vaults python -m obsidian_mcp_guard

Claude Desktop / Cursor config

{
  "mcpServers": {
    "obsidian": {
      "command": "uvx",
      "args": ["obsidian-mcp-guard"],
      "env": {
        "HOST_VAULT_PATH": "/path/to/your/vaults",
        "WRITE_VAULT": "Claude"
      }
    }
  }
}

Claude Code

claude mcp add obsidian -- uvx obsidian-mcp-guard

Pass environment variables with -e:

claude mcp add obsidian -e HOST_VAULT_PATH=/path/to/your/vaults -e WRITE_VAULT=Claude -- uvx obsidian-mcp-guard

Mounted into another FastMCP server

from contextlib import asynccontextmanager
from fastmcp import FastMCP
from obsidian_mcp_guard import create_vault_server

@asynccontextmanager
async def lifespan(app):
    await app.import_server(create_vault_server(
        vault_path="/path/to/your/vaults",
        write_vault="Claude"
    ))
    yield

mcp = FastMCP("my-agent", lifespan=lifespan)

@mcp.tool()
def search_notes(...):
    ...

Tools

Tool Description
read_note(source) Return full content of a note in vault/path.md format
list_notes(vault, folder?, recursive?) List note paths within a vault or subfolder
create_note(source, content, overwrite?) Create a note; blocked by lint errors
update_note(source, content, mode?) Overwrite or append to a note; blocked by lint errors
delete_note(source) Move a note to .trash/ (recoverable)
lint_note(content) Pre-validate content without writing; returns {valid, errors, warnings}

Development

pip install -e .
pip install pytest pytest-cov
pytest tests/ --cov=obsidian_mcp_guard

See CONTRIBUTING.md for full guidelines.

Related projects

  • mdlint-obsidian — the lint engine used to validate markdown against Obsidian's rendering rules

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for codeafix from gravatar.com codeafix

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Tags ai , claude , guard , knowledge-management , llm , markdown , mcp , model-context-protocol , obsidian , write-protection
  • Requires: Python >=3.10
Classifiers

Release history Release notifications | RSS feed

0.1.8

This version

0.1.7

0.1.6

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

obsidian_mcp_guard-0.1.7.tar.gz (12.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

obsidian_mcp_guard-0.1.7-py3-none-any.whl (9.0 kB view details)

Uploaded Python 3

File details

Details for the file obsidian_mcp_guard-0.1.7.tar.gz.

File metadata

  • Download URL: obsidian_mcp_guard-0.1.7.tar.gz
  • Upload date:
  • Size: 12.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for obsidian_mcp_guard-0.1.7.tar.gz
Algorithm Hash digest
SHA256 35d3ba3615f42c7ddf49abaafcdc5906067849dd29960f41de387b2ce4848870
MD5 3c29510fbb578a94b3f3a403414084dc
BLAKE2b-256 b3c6628a6e4c2a7637497e51b9326d8123fb287a66096a316899dc9c9a8b15d8

See more details on using hashes here.

Provenance

The following attestation bundles were made for obsidian_mcp_guard-0.1.7.tar.gz:

Publisher: python-publish.yml on codeafix/obsidian-mcp-guard

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file obsidian_mcp_guard-0.1.7-py3-none-any.whl.

File metadata

File hashes

Hashes for obsidian_mcp_guard-0.1.7-py3-none-any.whl
Algorithm Hash digest
SHA256 bf91d41f16e028fddfc832b551131deef54d926052a408514f5232ae016f9dd8
MD5 3aad6a4353ae4b22b6cc55719752ba87
BLAKE2b-256 560bbb0af721a33a48c3cbd5bcc59465aab49acbe170189f635d2a914a7bd70e

See more details on using hashes here.

Provenance

The following attestation bundles were made for obsidian_mcp_guard-0.1.7-py3-none-any.whl:

Publisher: python-publish.yml on codeafix/obsidian-mcp-guard

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page