Local MCP server for Vaultbeat — AI Health Sync: your AI agent reads your end-to-end-encrypted Apple Health data (sleep, cycle, weight, water), decrypted only on your machine
Project description
Vaultbeat MCP Server
Let your own AI agent read your health data — without the cloud ever seeing it.
This is the official local MCP server for Vaultbeat — AI Health Sync (formerly named Tether), the iOS app that syncs Apple Health data (sleep, heart rate, menstrual cycle, weight, water, symptoms) between partners and to your own AI — end-to-end encrypted.
Vaultbeat embeds no AI and runs no model on your phone. Intelligence lives where you control it: Claude Code, Claude Desktop, or any MCP-capable agent running on your own machine. This server is the bridge — it holds a private key that never leaves your computer, pulls ciphertext from the cloud, and decrypts only locally.
iPhone (Apple Health) ──E2EE──▶ cloud (ciphertext only) ──E2EE──▶ this server (your machine) ──▶ your AI agent
Requirements
- Vaultbeat — AI Health Sync on iOS, with a Pro subscription (the AI-agent interface is the Pro tier)
- Python 3.11+ on the machine where your agent runs (macOS / Linux / Windows)
Quick start
1. Install
With uv (recommended — no clone needed):
uvx vaultbeat-mcp status
Or with pip:
pip install 'vaultbeat-mcp[qr]'
Upgrading from the old
tether-mcppackage? Same code, new name — your existing binding and config carry over unchanged. Just swap the package name in your install command and MCP client config.
2. Bind your phone
vaultbeat-mcp bind
This generates a keypair on your machine and prints a QR code. In the Vaultbeat iOS app, open Settings → Data & AI → MCP Server and scan it (or import a QR screenshot from Photos). The app authorizes this machine and starts sealing your health envelopes to its public key. The private key stays in ~/.tether/mcp-local/ (owner-only 0600 permissions, OS keychain where available) — it is never uploaded anywhere. (The directory keeps its original pre-rename path so existing bindings survive upgrades.)
3. Connect your agent
Claude Code (one line):
claude mcp add vaultbeat-health -- uvx vaultbeat-mcp serve --transport stdio
Claude Desktop (claude_desktop_config.json):
{
"mcpServers": {
"vaultbeat-health": {
"command": "uvx",
"args": ["vaultbeat-mcp", "serve", "--transport", "stdio"]
}
}
}
Any other MCP client: run vaultbeat-mcp serve --transport stdio, or serve --transport http for a loopback streamable-HTTP endpoint with bearer-token auth.
Claude Desktop note: it does not inherit your shell
PATH. Ifuvxisn't found, use the absolute path (which uvx) ascommand.
Debugging: npx @modelcontextprotocol/inspector uvx vaultbeat-mcp serve --transport stdio
Then just ask your agent: “How did we sleep last night?”
MCP tools (16)
| Tool | Returns |
|---|---|
vaultbeat_status |
Local binding state (never exposes keys or tokens) |
vaultbeat_start_binding |
A fresh QR binding payload for the iOS app to scan |
vaultbeat_poll_binding |
One poll for the iOS authorization to complete binding |
vaultbeat_sync_sleep |
Recent sleep sessions incl. heart-rate samples, per-day primary-session selection matching the iOS app |
get_sleep_detail |
Per-night heart-rate + respiratory-rate + sleep-stage timeline |
get_water_intake |
Daily water intake + computed daily average |
get_weight_trend |
Daily weights + latest/avg/min/max + weekly trend rate |
get_menstrual_cycle |
Cycle samples + next-period prediction (sensitive — explicit iOS opt-in required) |
get_symptoms |
HealthKit symptom days grouped by data owner (sensitive) |
get_notes |
Free-text day annotations with their writer (sensitive) |
get_activity |
Daily activity rings: steps / energy / exercise minutes / stand hours / distance |
get_resting_hr |
Resting heart-rate records + window mean |
get_workouts |
Workout records: type / duration / calories / distance |
get_mindfulness |
Mindful sessions and minutes per day |
get_hrv |
Heart-rate variability (SDNN) records + window mean |
get_wrist_temp |
Sleeping wrist-temperature baseline deviation |
Every data tool accepts owner (a user-ID prefix) to filter to one person — the server may hold both your and your partner's shared records, and omitting owner mixes them into one pool, so per-person questions should always pass it. (Earlier releases named some tools get_partner_* / tether_*; they were renamed in the 16-tool and Vaultbeat releases.)
Reads are cache-first: decrypted records are cached locally (owner-only files, 600 s TTL, VAULTBEAT_MCP_CACHE_TTL to override — the pre-rename TETHER_MCP_* spellings still work) so repeat queries answer in ~0.2 s with zero network; pass fresh=true to force a cloud round trip. The same service layer backs a full CLI (vaultbeat-mcp sleep / water / weight / … — every data subcommand takes --owner too) if you prefer scripts over MCP.
Privacy & security model
- End-to-end encryption: Curve25519 ECDH + HKDF-SHA256 + AES-GCM. Every health record is sealed on-device to each authorized recipient's public key (your partner, and this server once bound).
- The cloud only ever holds ciphertext. Vaultbeat's backend cannot read your health data — architecturally, not just by policy.
- Decryption happens here, on hardware you own. The private key and server token are never exposed through any tool result.
- Sensitive kinds (menstrual cycle, symptoms, notes) reach this server only if explicitly opted in inside the iOS app, and are never re-exported by the server.
- HTTP transport binds to loopback by default and requires a bearer token; binding a non-loopback address fails closed unless explicitly allowed — front it with TLS if you must expose it.
You can audit all of the above in this repository — that is why it is open source.
Development
pip install -e '.[dev,qr]'
pytest
License
MIT. The Vaultbeat iOS app and cloud service are separate proprietary components; this repository covers the local MCP server only.
Website: tetherme.app · App Store: Vaultbeat — AI Health Sync · Bugs & feedback: vaultbeat-community
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file vaultbeat_mcp-0.1.2.tar.gz.
File metadata
- Download URL: vaultbeat_mcp-0.1.2.tar.gz
- Upload date:
- Size: 57.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.10.2 {"installer":{"name":"uv","version":"0.10.2","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9d7de7b6b6a1e8166573d83ba5d1284ceca0c0f57138eff8f41f5e5489c485b4
|
|
| MD5 |
af59320629944b86ffe5c461d6f8fda3
|
|
| BLAKE2b-256 |
e233edf61f9798f34aec0aeabeaddc500a0b1d46eea3243a8bd765d8473047cf
|
File details
Details for the file vaultbeat_mcp-0.1.2-py3-none-any.whl.
File metadata
- Download URL: vaultbeat_mcp-0.1.2-py3-none-any.whl
- Upload date:
- Size: 44.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.10.2 {"installer":{"name":"uv","version":"0.10.2","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
43e47be4d3f402e208b05f94d3629b73f47f83cab04e54994b3f213c3ba16252
|
|
| MD5 |
1c1ecbe0b47f91e12741e4fb328e6adc
|
|
| BLAKE2b-256 |
5d5f63140349352f8522df93cca337f7b862bd242b62aea6ce61d200573bde97
|