jarvis-mcp-server
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@jarvis-mcp-serverfind notes about project alpha"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
jarvis-mcp-server
A personal MCP server for your Obsidian vault, SQLite database, and filesystem — accessible from any Claude client, anywhere.
What it does
Runs on your home server and exposes a set of tools to Claude via the Model Context Protocol. Claude on any device — mobile, web, desktop — can read and write your Obsidian vault, query a local SQLite database, and manage files, all authenticated via OAuth 2.1 over Tailscale.
It also bundles a small web dashboard (a real React app, no build step needed
beyond npm run build) for glancing at your own data in a browser: a home hub, a
study-progress tracker, and a Claude usage tracker.
Related MCP server: Obsidian MCP Server
Architecture
Claude (any device) Your browser
│ │
│ HTTPS + OAuth 2.1 │ HTTPS, no auth
▼ ▼
Tailscale Funnel/Serve ──► jarvis-mcp-server :3701
│
┌────────────┼────────────┐
▼ ▼ ▼
Obsidian REST SQLite DB Filesystem
:27123 data/jarvis (allowlist)Note: the dashboard branch is unauthenticated by design (see Dashboard below) — what that means for exposure depends on whether you use Funnel or Serve. See Tailscale setup.
Tools
📓 Obsidian Vault
Tool | Description |
| Read a note's full content |
| Create or overwrite a note |
| Append content to an existing note |
| List files in a vault folder |
| Full-text search across the vault |
🤖 Jarvis Workflows
Tool | Description |
| Save a conversation distillation to the vault |
| Parse homework markdown checkboxes in the vault and sync completion data into SQLite |
🗄️ SQLite Database
Tool | Description |
| Run a SELECT query |
| Run INSERT / UPDATE / DELETE |
| List all tables |
| Show columns and types for a table |
📁 Filesystem
Tool | Description |
| Read a file (with optional line limit) |
| Write / overwrite a file |
| Append to a file |
| List directory contents (optionally recursive) |
| Move or rename a file/folder |
| Delete a file or folder (requires |
Security: All filesystem operations are restricted to directories listed in
FS_ALLOWED_PATHSinsrc/constants.ts. Paths outside this allowlist are rejected before any I/O runs — and.env/.gitare denied even inside an allowed directory (seesrc/utils/pathSafety.ts).
Dashboard
A bundled React app, served as plain HTML/JS — no Claude or OAuth needed, just open it in a browser:
Page | Shows |
| Home hub — a grid of blocks linking to the pages below, plus placeholders for future tools |
| Psychometric homework progress: completion % by section/lesson/topic |
| Claude Analytics — a multi-page app (Overview, Projects, Sessions, Costs) covering both Claude Code and Cowork usage: token/cost trends, model breakdown, activity heatmap, self-calibrating rate-limit bars, per-session conversation/token detail |
⚠️ These routes are not behind the OAuth layer. They're mounted before the auth middleware in
src/index.ts, so anyone who can reach the server over the network can view them — no login required. That's fine on a private network or behindtailscale serve(tailnet-only). If you expose the server viatailscale funnel, your dashboard — including real progress data and Claude session titles/costs — becomes viewable by anyone on the public internet who has the URL. See Tailscale setup for how to avoid that.
Requirements
Node.js ≥ 18
Obsidian with the Local REST API plugin installed
Tailscale — see Tailscale setup for the Serve-vs-Funnel choice and how to avoid exposing personal data
A machine that stays on (home server, mini PC, etc.)
Setup
1. Install
git clone https://github.com/your-username/jarvis-mcp-server.git
cd jarvis-mcp-server
npm install
cp .env.example .envnpm install also wires up a pre-commit hook (via core.hooksPath) that blocks
accidentally committing .env, *.db files, or anything else that shouldn't leave
your machine — see Privacy & data separation.
2. Configure .env
Variable | Where to get it |
| Obsidian → Settings → Local REST API → copy key |
| Your Tailscale machine URL — see Tailscale setup. Never commit this anywhere public. |
| Generate: |
| Generate: |
3. Configure constants
Edit src/constants.ts:
FS_ALLOWED_PATHS— directories you want Claude's filesystem tools to accessCLAUDE_USAGE_DIR— where the dashboard's Cowork usage JSONL logs live (Claude Code's own logs are read directly from~/.claude/projects/)CLAUDE_LIMITS/COWORK_LIMITS— floors for the dashboard's rate-limit bars. Anthropic doesn't publish exact Claude Code token quotas, so these are only a starting point — the dashboard raises the effective limit automatically once it has enough usage history (seesrc/services/claudeData/overview.ts)
4. Create the database
npm run migrateCreates the SQLite schema with an empty table. To put something in it, either:
npm run seed:dev— fake data, safe to run anytime, no real data involvednpm run db:restore-real— your own real data, if you have adata/real-backup/jarvis.dbsnapshot from another machine (copied over by hand — it never goes through git)
5. Build
npm run build6. Tailscale setup
This is the part that decides whether anything here is reachable from outside your own network — read this before exposing anything.
Install Tailscale on the machine running this server and sign in
(tailscale.com/download; free tier covers personal use).
Every device on your tailnet gets a private name like
<machine-name>.<your-tailnet-name>.ts.net and a stable private IP. None of this is public
by default.
Then pick one:
|
| |
Reachable from | Only devices already on your tailnet | Anyone on the public internet who has the URL |
Use when | Every device you'll run Claude from (phone, laptop) can join your tailnet | You need access from a device that can't join your tailnet |
Dashboard exposure | None — stays private | Public, since dashboard routes aren't authenticated (see Dashboard) |
If you can, prefer Serve — it keeps this server, including the dashboard, entirely off the public internet:
tailscale serve --bg 3701Otherwise, Funnel:
tailscale funnel --bg 3701Get your URL with tailscale status or the
admin console — it'll look like
https://<your-machine-name>.<your-tailnet-name>.ts.net. This is specific to your account.
Don't paste it into a public README, issue, or commit — it only belongs in your own
.env as PUBLIC_BASE_URL (already gitignored).
Optional, recommended: in the admin console → Settings → Device management, enable "Require approval for new devices", so nothing joins your tailnet without you explicitly approving it.
7. Run (production)
This repo includes pm2-start.bat — a one-time setup script. Run it once, and again any
time you've reinstalled or uninstalled PM2:
:: installation run once / run after uninstalling.
npm install -g pm2
cd C:\jarvis-mcp-server
pm2 start dist/index.js --name jarvis-mcp
pm2 savePM2 is a process manager for Node.js. It keeps your server
running in the background without a terminal window open, automatically restarts it if it
crashes, and lets you check its status at any time with pm2 status. The final pm2 save
step matters more than it looks — it's what lets pm2 resurrect (below) restore the process
after a reboot. Without it, resurrect has nothing to restore.
Why not just
npm start? Runningnpm startdirectly ties the server to your terminal session — close the window and the server dies. PM2 runs it as a background daemon that survives terminal closures.
⚙️ Auto-start on Windows boot
By default PM2 itself doesn't survive a reboot on Windows. This repo includes a second,
separate one-line script for that — pm2-resurrect.bat:
pm2 resurrectTo make the server start automatically every time you log into Windows:
Press
Win + R, typeshell:startup, press Enter — this opens your Startup folderCreate a shortcut to
pm2-resurrect.batinside that folder (right-click the file → Create shortcut, then move the shortcut into the Startup folder)
Now the server comes back online automatically every time you log in — no manual
intervention needed, as long as the pm2 save from step 7 is up to date.
Why two separate scripts?
pm2-start.batdoes a fullpm2 start+pm2 save— you only run it once, or after PM2 itself has been reinstalled/removed.pm2-resurrect.batjust restores whatever was already saved — it's meant to run unattended, every boot, via the shortcut above.
Note:
shell:startuponly fires on an interactive login, not on a fully unattended reboot (e.g. an overnight Windows Update restart where nobody logs in). A Windows-Service approach like pm2-installer can cover that gap, but trades this simplicity for its own gotchas (service-account file permissions on this project's folders, a less reliable built-in auto-resurrect in practice, and npm global config that's easy to leave half-reverted if you ever switch back). For a machine you log into regularly,shell:startup+pm2-resurrect.batis the simpler, more predictable choice.
8. Connect Claude
Settings → Connectors → Add connector → enter your Tailscale URL + /mcp
Use OAUTH_CLIENT_ID and OAUTH_CLIENT_SECRET from your .env when prompted.
Connector icon: Claude uses Google's favicon service to display connector icons. Since this server runs on a Tailscale domain (
*.ts.net) that Google can't reach, the connector will show a generic placeholder icon. This is cosmetic only — everything works normally. A custom icon would require pointing a public domain at your server.
Updating
This repo includes restart-server.ps1 — a small PowerShell script that rebuilds and
restarts the server in one step:
cd C:\jarvis-mcp-server
npm run build
pm2 restart jarvis-mcp
pm2 saveFull routine flow for deploying a code change:
cd C:\jarvis-mcp-server
git pull
npm install # only strictly needed if package.json changed
.\restart-server.ps1 # build + restart + save, in one step
pm2 list # confirm status: online, fresh uptimePowerShell execution policy: if double-clicking
restart-server.ps1opens it in a text editor instead of running it, or you get a "running scripts is disabled" error, either right-click → Run with PowerShell, or set the policy once:Set-ExecutionPolicy -Scope CurrentUser RemoteSigned.
Neither pm2-start.bat nor pm2-resurrect.bat need to change for a routine update — they
handle first-time install and boot-time resurrect respectively, not deploying new code.
restart-server.ps1 deliberately doesn't do git pull/npm install — those are only
needed sometimes (pulling remote changes, or after adding a dependency) — run them first
when relevant, then let the script handle the build/restart/save every time.
Always let pm2 save run after pm2 restart (the script does this for you). PM2 does
not persist the running process list on its own — if the machine reboots after a restart
but before a save, pm2 resurrect restores the last saved version, which may not include
your update, or in the worst case nothing at all.
⚠️ Required last step: reconnect Claude
OAuth clients and tokens in this server are held in memory by design (see the comment at the top of
src/services/oauthProvider.ts), not persisted to disk — so every restart, including a routine update viarestart-server.ps1, invalidates Claude's existing connection. After running the script (or anypm2 restart), always:
Confirm the server actually came back:
pm2 listshowsjarvis-mcponline.In Claude → Settings → Connectors, reconnect this connector.
Verify with a quick tool call (e.g.
fs_list_dirorjarvis_search_vault) before considering the update done.Persisting the OAuth store to disk would remove this step entirely; as of this writing it hasn't been built yet — see Development if you want to tackle it.
See Run (production) above for the one-time install, and Auto-start on Windows boot for what happens after a reboot.
Privacy & data separation
Full details in docs/privacy.md. Summary:
Git never sees real data.
.env,*.db/*.db-shm/*.db-wal, anddata/real-backup/are gitignored, confirmed clean across the entire git history (not just the working tree), and enforced going forward by a pre-commit hook that blocks staging them even withgit add -f.Fresh clones start empty or fake, never with your data —
npm run migratecreates an empty schema,npm run seed:devoptionally fills it with fake rows.Your real data lives only on your machine, snapshotted on demand with
npm run db:backup-real/ restored withnpm run db:restore-real, both going through SQLite directly (not raw file copies, which can corrupt a database that's open elsewhere).Only your Obsidian vault syncs across devices (via SyncThing or similar) — this server and its database do not; they live permanently on whichever machine you deploy to.
Filesystem tools deny
.env/.gitexplicitly (src/utils/pathSafety.ts), even though the project root is itself inFS_ALLOWED_PATHS— without that,fs_read_filecould read every secret in.envin one call.
Development
npm run dev # watch mode — recompiles the server on save
npm run dev:dashboard # watch mode — rebuilds dashboard bundles on save (run alongside npm run dev)
npm run build # production build (server + dashboard)
npm run clean # remove dist/Adding tools
Each domain has its own file:
src/
├── schemas/ ← Zod input schemas (entrance guards)
├── services/ ← Workers (ObsidianClient, SQLite connection)
├── tools/ ← Tool registrations (vault, sqlite, filesystem, jarvis, study)
└── utils/ ← Shared helpers (path safety)To add a new tool: define its schema in schemas/, implement it in tools/,
register it in buildServer() in index.ts.
Adding dashboard pages
See docs/adding-features-quick.md for the exact steps
(new page bundle, route, esbuild entry, .gitignore entry).
Version history
Version | Notes |
1.8.1 | Filled in version history from 1.3.1 through 1.8.0 (this table) |
1.8.0 | Hardened |
1.7.0 | Replaced Obsidian REST API vault access with a local file index; added Discord notification tool; task form control/searchbar styling fixes |
1.6.2 | Added Tasks CRUD backend with dashboard routes split by domain; split |
1.5.0 | Added a Tasks dashboard page and Obsidian skill tools |
1.4.0 | Split the MCP and dashboard into separate servers; fixed web CORS; added |
1.3.2 | Refactored the |
1.3.1 | Wired up the study sync indicator and capped background polling |
1.3.0 | Rebuilt |
1.2.0 | Claude usage dashboard ( |
1.1.0 | Rebuilt the dashboard as a bundled React app with an OS-hub home page and a study-progress tracker |
1.0.0 | Initial release — Obsidian vault, SQLite, filesystem, OAuth 2.1 over Tailscale |
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Gallucky/jarvis-mcp-server'
If you have feedback or need assistance with the MCP directory API, please join our Discord server