caldav-mcp-wrapper
Provides read and write tools for managing iCloud calendars via CalDAV, including listing calendars, events, and creating, updating, deleting events.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@caldav-mcp-wrapperlist my events for tomorrow"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
caldav-mcp-wrapper
A minimal, self-hosted MCP server that exposes read and write tools for a CalDAV calendar — designed for Apple iCloud (via an app-specific password), and compatible with any CalDAV server.
It is a CalDAV counterpart to smtp-mcp-wrapper and follows the same deployment and security model.
Tools
Read:
Tool | Purpose |
| List the calendars in the account (respecting the allowlist). |
| List events in a calendar within a start/end window. |
| Fetch a single event by UID. |
Write (disabled when READ_ONLY=true):
Tool | Purpose |
| Create an event (timed or all-day). |
| Update fields of an existing event by UID. |
| Delete an event by UID. |
Times are ISO 8601. Use YYYY-MM-DD with all_day: true for whole-day events.
Related MCP server: Google Calendar MCP Server
Security architecture — read this first
This server implements no authentication of its own, by design. It MUST be gated by an authorization service. Do not expose it directly to the internet.
The intended topology keeps the server on an internal network only, with every external request flowing through an identity-aware proxy:
edge tunnel → reverse proxy (TLS) → Pomerium (SSO + allowlist to a single identity) → caldav-mcp-wrapperAny equivalent identity-aware proxy works (Cloudflare Access, oauth2-proxy, etc.).
docker-compose.yml deliberately publishes no host ports: the container is
reachable only over the internal proxy network by container name.
Defense-in-depth beyond the proxy:
Calendar allowlist —
ALLOWED_CALENDARShard-limits which calendars any tool can touch, so even a misused tool cannot reach other calendars.Read-only mode —
READ_ONLY=truedisables all write tools.Optional Pomerium identity verification — set
REQUIRE_POMERIUM_IDENTITY=trueto cryptographically verify Pomerium's identity assertion (signature + expiry + audience) on every/mcprequest against Pomerium's JWKS. This blocks anything on the shared Docker network from bypassing Pomerium and reaching the app directly. When enabled, setpass_identity_headers: trueon the Pomerium route and providePOMERIUM_JWKS_URLandPOMERIUM_AUDIENCE.
iCloud setup
Sign in to account.apple.com → Sign-In and Security → App-Specific Passwords → generate one for this server.
Set
CALDAV_USERNAMEto your Apple ID email andCALDAV_PASSWORDto that app-specific password.Leave
CALDAV_URLat the defaulthttps://caldav.icloud.com/; the client discovers your calendars from there.
App-specific passwords require two-factor authentication on your Apple ID.
Configuration
All configuration is via environment variables — see .env.example
for the full annotated list. Secrets are injected at runtime and never baked into
the image. Key variables:
Variable | Default | Notes |
|
| CalDAV entry point. |
| — (required) | Apple ID / CalDAV username. |
| — (required) | App-specific password. |
| — | Calendar used when |
| — | Comma-separated allowlist; empty = all. |
|
| Disable write tools when |
|
| Connect and list calendars at startup to verify config. |
Run
cp .env.example .env # fill in CALDAV_USERNAME / CALDAV_PASSWORD etc.
docker compose up -dThe image is built and published to GHCR by CI
(ghcr.io/jb09/caldav-mcp-wrapper:latest).
Maintenance
Dependabot opens weekly PRs for the Python deps, the Docker base image, and the GitHub Actions used in CI.
CI (
buildworkflow) builds the image on every push/PR, pushes to GHCR onmain, and does a weekly no-cache rebuild so OS/Python security patches land even without code changes.Auto-merge (
dependabot-automergeworkflow) enables auto-merge for patch/minor Dependabot bumps once required checks pass; major bumps are left for manual review.Watchtower (opt-in label in compose) pulls refreshed images automatically.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/JB09/caldav-mcp-wrapper'
If you have feedback or need assistance with the MCP directory API, please join our Discord server