che-ical-mcp
Provides native EventKit integration for managing Apple Calendar events and Reminders, including support for task tagging, conflict detection, and batch operations.
Enables direct interaction with macOS system calendars and reminder lists to manage schedules, track tasks, and perform multi-keyword searches.
che-ical-mcp
Give Claude native control of macOS Calendar and Reminders. A Swift MCP server built directly on EventKit — 29 tools for events, reminders, tags, batch operations, conflict detection, and undo/redo. Not just calendar events: it drives Reminders and tasks too.
Install
Claude Code — register this repo as a marketplace, then install the plugin. The plugin bundles the /today, /week, /quick-event, /remind slash commands and a PreToolUse hook that verifies day-of-week on every event write:
claude plugin marketplace add PsychQuant/che-ical-mcp
claude plugin install che-ical-mcp@che-ical-mcpClaude Desktop — download the latest .mcpb from Releases and double-click to install.
Standalone MCP — the 29-tool server on its own, no plugin extras:
mkdir -p ~/bin
curl -L https://github.com/PsychQuant/che-ical-mcp/releases/latest/download/CheICalMCP -o ~/bin/CheICalMCP && chmod +x ~/bin/CheICalMCP
claude mcp add --scope user --transport stdio che-ical-mcp -- ~/bin/CheICalMCPOn first use, macOS prompts for Calendar and Reminders access — click Allow. Building from source, upgrading in place, or running under SSH / launchd / VS Code? See Installation for the full guide.
Related MCP server: AirMCP
Why che-ical-mcp?
Feature | Other Calendar MCPs | che-ical-mcp |
Calendar Events | Yes | Yes |
Reminders/Tasks | No | Yes |
Reminder #Tags | No | Yes (MCP-level) |
Multi-keyword Search | No | Yes |
Duplicate Detection | No | Yes |
Conflict Detection | No | Yes |
Batch Operations | No | Yes |
Local Timezone | No | Yes |
Source Disambiguation | No | Yes |
Create Calendar | Some | Yes |
Delete Calendar | Some | Yes |
Event Reminders | Some | Yes |
Location & URL | Some | Yes |
Language | Python | Swift (Native) |
All 29 Tools
Tool | Description |
| List all calendars and reminder lists (includes source_type) |
| Create a new calendar |
| Delete a calendar |
| Rename a calendar or change its color (v0.9.0) |
Tool | Description |
| List events with filter/sort/limit (v1.0.0) |
| Create an event (with reminders, location, URL, per-event timezone) |
| Update an event (including timezone, recurrence, span for recurring) |
| Delete an event (with occurrence support for recurring) |
Tool | Description |
| List reminders with filter/sort/limit, tags extraction (v1.0.0) |
| Create a reminder with due date, tags (v1.3.0) |
| Update a reminder (including tags, |
| Mark as completed/incomplete |
| Delete a reminder |
| Search reminders by keyword(s) or tag (v1.3.0) |
| List all unique tags with usage counts (v1.3.0) |
| Delete all completed reminders in one call, dry_run preview by default (v1.7.2) |
Tool | Description |
| Search events by keyword(s) with AND/OR matching |
| Quick shortcuts: |
| Create multiple events at once (with per-event timezone) |
| Check for overlapping events in a time range |
| Copy an event to another calendar (with optional move) |
| Move multiple events to another calendar |
| Delete events by IDs or date range, with dry-run preview (v1.0.0) |
| Find duplicate events across calendars (v0.5.0) |
| Create multiple reminders at once (v0.9.0) |
| Delete multiple reminders at once (v0.9.0) |
Tool | Description |
| Undo the most recent calendar/reminder operation |
| Redo the last undone operation |
| List undoable operations with timestamps |
Installation
The quick paths live at the top of this README. This is the full reference — manual config, source builds, permission edge cases, in-place upgrades, and CLI mode.
Requirements
macOS 14.0+ (Sonoma or later — required since v1.11.0 for the full TCC permission API)
Xcode Command Line Tools (only if building from source)
Claude Desktop
One-click (recommended): download the latest che-ical-mcp-<version>.mcpb from Releases, double-click, and restart Claude Desktop.
Manual config: download the binary, then point claude_desktop_config.json at it.
curl -L https://github.com/PsychQuant/che-ical-mcp/releases/latest/download/CheICalMCP -o /usr/local/bin/che-ical-mcp
chmod +x /usr/local/bin/che-ical-mcpEdit ~/Library/Application Support/Claude/claude_desktop_config.json, then restart Claude Desktop:
{
"mcpServers": {
"che-ical-mcp": {
"command": "/usr/local/bin/che-ical-mcp"
}
}
}Claude Code — plugin (recommended)
claude plugin marketplace add PsychQuant/che-ical-mcp
claude plugin install che-ical-mcp@che-ical-mcpInside Claude Code, the slash equivalents
/plugin marketplace add PsychQuant/che-ical-mcpand/plugin install che-ical-mcp@che-ical-mcpwork the same way.Add the marketplace through its Git repo (
owner/repo), not a rawmarketplace.jsonURL — the pluginsourceis a same-repo relative path (./plugin) that only resolves when added via Git.Also bundled in the
psychquant-claude-pluginsaggregator (claude plugin install che-ical-mcp@psychquant-claude-plugins); both serve the same versioned binary.The wrapper auto-downloads the binary to
~/bin/CheICalMCPon first use if it isn't already there.
Claude Code — standalone MCP
mkdir -p ~/bin
# If upgrading, remove the old binary first. On macOS 26 the kernel can kill a
# fresh binary that inherits a stale code-signature cache from the old inode —
# one a running MCP process may still be holding open.
rm -f ~/bin/CheICalMCP
curl -L https://github.com/PsychQuant/che-ical-mcp/releases/latest/download/CheICalMCP -o ~/bin/CheICalMCP
chmod +x ~/bin/CheICalMCP
# --scope user: available in all projects · --transport stdio: local stdin/stdout
claude mcp add --scope user --transport stdio che-ical-mcp -- ~/bin/CheICalMCP💡 Tip: Keep the binary in a local directory like
~/bin/. Cloud-synced folders (Dropbox, iCloud, OneDrive) can trigger MCP connection timeouts when sync touches the file.
Build from Source (optional)
git clone https://github.com/PsychQuant/che-ical-mcp.git
cd che-ical-mcp
make release && make install
claude mcp add --scope user --transport stdio che-ical-mcp -- ~/bin/CheICalMCP⚠️ Swift 6 / Xcode 18 users: Don't run
swift builddirectly — the upstream MCP SDK has a concurrency error (swift-sdk#214). The Makefile auto-detects this and falls back to Swift 5 language mode.
Grant Permissions
On first use, macOS will prompt for Calendar and Reminders access. Click Allow for both.
⚠️ macOS Sequoia (15.x) Note: The permission dialog is attributed to the parent application that launched the MCP server, not the binary itself. This means:
Environment
Permission Attributed To
Claude Desktop
Claude Desktop.app ✅ (works automatically)
Claude Code in Terminal.app
Terminal.app ✅ (works automatically)
Claude Code in VS Code
VS Code ❌ (may not show dialog)
Claude Code in iTerm2
iTerm2 ✅ (works automatically)
If the permission dialog doesn't appear (common with VS Code), you need to add
NSCalendarsFullAccessUsageDescriptionto VS Code's Info.plist:# Add calendar usage description to VS Code /usr/libexec/PlistBuddy -c "Add :NSCalendarsFullAccessUsageDescription string 'VS Code needs calendar access for MCP extensions.'" \ "/Applications/Visual Studio Code.app/Contents/Info.plist" /usr/libexec/PlistBuddy -c "Add :NSRemindersFullAccessUsageDescription string 'VS Code needs reminders access for MCP extensions.'" \ "/Applications/Visual Studio Code.app/Contents/Info.plist" # Re-sign VS Code (required after Info.plist modification) codesign -s - -f --deep "/Applications/Visual Studio Code.app" # Restart VS Code, then the permission dialog will appearNote: This modification will be overwritten when VS Code updates. You'll need to re-apply it after each VS Code update.
Upgrading an existing install
The plugin wrapper auto-downloads on fresh installs but does not replace an existing binary. To upgrade in place:
~/bin/CheICalMCP --self-updateThis queries GitHub Releases for the latest tag, downloads the new binary, and atomically replaces the current one. If it is running as an MCP server, restart your MCP host (Claude Desktop / Claude Code) afterward to pick up the new version. Manual fallback: rm -f ~/bin/CheICalMCP && curl -L https://github.com/PsychQuant/che-ical-mcp/releases/latest/download/CheICalMCP -o ~/bin/CheICalMCP && chmod +x ~/bin/CheICalMCP.
CLI Mode (no MCP server)
All 29 tools can be invoked directly from the command line, no MCP server required:
# Flag-based: --key value pairs
CheICalMCP --cli list_events --start_date 2026-03-29 --end_date 2026-03-30
# JSON via stdin
echo '{"tool":"list_calendars","arguments":{}}' | CheICalMCP --cli
# From Claude Code via shell
claude -p "Run: ~/bin/CheICalMCP --cli list_events_quick --range today"Handy for launchd jobs, shell scripts, CI pipelines, and agents that prefer a subprocess over the MCP protocol. TCC permissions still apply — run CheICalMCP --setup first if needed.
v1.0.0 Features
Flexible Date Parsing
All date parameters now accept 4 formats:
Format | Example | Interpretation |
Full ISO8601 |
| Exact date and time (offset preserved) |
Without timezone |
| Uses event |
Date only |
| Midnight in event |
Time only |
| Today at that time |
Per-Event Timezone (v1.5.0)
Set the display timezone for individual events — essential for multi-timezone travel itineraries.
"Create a flight departure at 09:14 Berlin time"
→ create_event(title: "Flight LH123", start_time: "2026-04-08T09:14:00", timezone: "Europe/Berlin", ...)
"Update the hotel check-in to Dubai time"
→ update_event(event_id: "...", timezone: "Asia/Dubai")
"Remove the custom timezone from an event"
→ update_event(event_id: "...", clear_timezone: true)timezoneparameter accepts IANA identifiers (e.g.,Europe/Berlin,America/New_York,Asia/Taipei)When
timezoneis provided, naive datetimes (without offset) are interpreted in that timezoneEvent output includes the event's own timezone in
timezonefield and formatsstart_date_local/end_date_localaccordinglyAvailable on
create_event,update_event, andcreate_events_batchUndo/redo preserves per-event timezone
Attendees & Organizer (Read-Only)
Event responses include participant information when available. These fields are read-only due to EventKit limitations — they cannot be set or modified through the MCP.
Available in: list_events, search_events, list_events_quick, check_conflicts
attendees (array, optional) — Present when the event has participants. Each attendee object contains:
Field | Type | Description |
| string or null | Display name, null if not in Address Book |
| string | Email address extracted from participant URL |
| string | One of: |
| string | One of: |
| string | One of: |
| boolean | Whether this participant is the current user |
organizer (object, optional) — Present when the event has an organizer. Contains:
Field | Type | Description |
| string or null | Display name |
| string | Email address |
| boolean | Whether the organizer is the current user |
Note: Both fields are omitted when the event has no participants or organizer (e.g., local calendar events created without invitees).
Fuzzy Calendar Matching
Calendar names are now matched case-insensitively. If not found, the error message lists all available calendars.
Enhanced list/delete Tools
list_events:filter(all/past/future/all_day),sort(asc/desc),limitlist_reminders:filter(all/incomplete/completed/overdue),sort(due_date/creation_date/priority/title),limitdelete_events_batch: date range mode (before_date/after_date) +dry_runpreview
Breaking Change:
list_eventsandlist_remindersnow return{events/reminders: [...], metadata: {...}}instead of a plain array.
Usage Examples
Calendar Management
"List all my calendars"
"What's on my schedule next week?"
"Create a meeting tomorrow at 2 PM titled 'Team Sync'"
"Add a dentist appointment on Friday at 10 AM with location '123 Main St'"
"Delete the meeting called 'Cancelled Meeting'"Reminder Management
"List my incomplete reminders"
"Show all reminders in my Shopping list"
"Add a reminder: Buy milk"
"Create a reminder to call mom tomorrow at 5 PM"
"Mark 'Buy milk' as completed"
"Delete the reminder about groceries"Reminder Management (v1.5.0)
"Remove the due date from 'Buy groceries'"
→ update_reminder(reminder_id: "...", clear_due_date: true)Advanced Features (v0.3.0+)
"Search for events containing 'meeting'"
"Search for events with both 'project' AND 'review'"
"What do I have today?"
"Show me this week's schedule"
"Are there any conflicts if I schedule a meeting from 2-3 PM?"
"Create 3 weekly team meetings for the next 3 weeks"
"Copy the dentist appointment to my Work calendar"
"Move all events from 'Old Calendar' to 'New Calendar'"
"Delete all the cancelled events"
"Find duplicate events between 'IDOL' and 'Idol' calendars"DX Improvements (v1.0.0)
"Show my next 5 upcoming events"
→ list_events(start_date: "2026-02-06", end_date: "2026-12-31", filter: "future", sort: "asc", limit: 5)
"Show my overdue reminders"
→ list_reminders(filter: "overdue")
"Preview which events would be deleted from 'Old Calendar' before 2025"
→ delete_events_batch(calendar_name: "Old Calendar", before_date: "2025-01-01", dry_run: true)
"Create an event at 2 PM" (no need for full ISO8601!)
→ create_event(start_time: "14:00", end_time: "15:00", ...)Supported Calendar Sources
Works with any calendar synced to macOS Calendar app:
iCloud Calendar
Google Calendar
Microsoft Outlook/Exchange
CalDAV calendars
Local calendars
Same-Name Calendar Disambiguation (v0.6.0+)
If you have calendars with the same name from different sources (e.g., "Work" in both iCloud and Google), use the calendar_source parameter:
"Create an event in my iCloud Work calendar"
→ create_event(calendar_name: "Work", calendar_source: "iCloud", ...)
"Show events from my Google Work calendar"
→ list_events(calendar_name: "Work", calendar_source: "Google", ...)If ambiguity is detected, the error message will list all available sources.
Troubleshooting
Problem | Solution |
Server disconnected | Rebuild with |
Permission denied | Grant Calendar/Reminders access in System Settings > Privacy & Security |
Permission dialog never appears | See Grant Permissions for macOS Sequoia workaround |
Permission denied over SSH | See SSH Access below |
Permission denied under launchd | See launchd / Automation below |
One service denied while every diagnostic reports green | See Silent permanent denial after upgrade below |
Calendar/Reminders break again after every Claude Code update | |
Calendar not found | Ensure the calendar is visible in macOS Calendar app |
Reminders not syncing | Check iCloud sync in System Settings |
Silent permanent denial after upgrade (#154)
If one service (typically Calendar) returns access denied while the other works, and --print-tcc-path and System Settings report the permission as granted, you are likely hitting the #154 signature: a TCC row created by a pre-v1.7.1 (ad-hoc-signed) build is pinned to that old build's code hashes. The upgraded Developer ID binary can never match it, and on macOS 26.5+ the OS only allows the healing re-prompt when the binary carries the matching com.apple.security.personal-information.* entitlement.
As of v1.14.0+ the startup banner surfaces this directly — a [drift] TCC.db <service> entry pins a code requirement this binary no longer satisfies line (#155) — when the Security-framework check can confirm the csreq mismatch. Before that, every status-API diagnostic (including the banner) reported green, which is exactly what made this class silent. If you hit the denial through Claude Desktop's .mcpb install, the denial message itself now names the real blocker and the working paths instead of the dead-end --setup (#158).
Fix: upgrade to v1.11.0 or later (the binary now ships both entitlements), restart the host app (full Cmd+Q for Claude Desktop), and approve the permission dialog that appears on the first Calendar/Reminders access. Approving rewrites the TCC row keyed to the Developer ID requirement, so it survives all future upgrades. If you accidentally deny the dialog, re-enable the corresponding toggle in System Settings → Privacy & Security → Calendars or Reminders.
⚠️ Erratum for the #108-era workaround:
tccutil reset Calendar com.checheng.CheICalMCPdoes not work for a bare (non-bundled) binary — it fails withOSStatus error -10814because the binary has no LaunchServices registration. And do not run a baretccutil reset Calendar(without a bundle ID): it wipes Calendar grants for every app on the machine and, on a pre-entitlements binary, leaves CheICalMCP permanently unable to re-prompt.
Claude Code updates rotate the host-side grant (#170)
Under a Claude Code native install, the real executable lives at a versioned path (~/.local/share/claude/versions/<version>; ~/.local/bin/claude is just a symlink), and macOS TCC keys the host-side Calendar/Reminders grant to that path. Every Claude Code auto-update rotates the path and silently invalidates the grant — the classic symptom is "worked yesterday, broken right after an update", with System Settings accumulating stale bare-version-number entries (2.1.202, 2.1.203, …).
Fix: trigger any calendar tool call from Claude Code so macOS re-prompts (or re-creates the entry), then toggle the newest version-number entry ON in System Settings → Privacy & Security → Calendars / Reminders. Full checklist: the troubleshoot-tcc skill (/che-ical-mcp:check-tcc). Root cause is upstream (tracked in #170 — Claude Code would need a stable TCC identity); this repo can only detect and document it.
SSH Access
macOS TCC (Transparency, Consent, and Control) grants privacy permissions per-application. SSH sessions run under sshd, which is a different security context — so permissions granted to Terminal or Claude Code locally do not carry over to SSH.
Workaround A — Run locally first (recommended):
Run
CheICalMCPonce on the target Mac locally (not over SSH)Grant Calendar and Reminders access when the TCC dialog appears
SSH sessions should then inherit the grant for the
CheICalMCPbinary
Workaround B — Grant Full Disk Access to sshd:
Open System Settings → Privacy & Security → Full Disk Access
Click +, press ⌘⇧G, type
/usr/sbin/sshd, and add itRestart the SSH session
⚠️ Workaround B grants
sshdbroad file access — only use this on machines you fully control.
launchd / Automation
When running CheICalMCP from launchd, cron, or other non-interactive automation, macOS TCC cannot show permission dialogs. Use --setup to pre-grant permissions:
# Step 1: Run once from Terminal (triggers TCC permission dialog)
CheICalMCP --setup
# Step 2: Grant Calendar & Reminders access in the dialog that appears
# Step 3: The binary now has permission — launchd jobs can use itDetection: CheICalMCP automatically detects non-interactive sessions (missing
TERMenv var or direct launchd child) and provides targeted error messages with--setupinstructions. This works even for indirect launch chains (launchd → Claude Code → CheICalMCP).
--setupin non-interactive sessions (#143): if you run--setupitself from a non-interactive session (noTERM/ direct launchd child) and permission is still undetermined,--setupnow skips the request and exits non-zero instead of hanging — a TCC dialog can't appear there, so it prints manual-grant instructions rather than blocking. Run--setupfrom a real Terminal to trigger the dialog. (An already-granted binary still reports success even when re-run non-interactively.)Note: If
--setupgrants permission but the MCP still fails under launchd, TCC may have associated the permission with the parent process. In that case, manually add CheICalMCP in System Settings → Privacy & Security → Calendar/Reminders.
Technical Details
Current Version: v1.15.0
Framework: MCP Swift SDK v0.12.0
Calendar API: EventKit (native macOS framework)
Transport: stdio
Platform: macOS 14.0+ (Sonoma and later — bumped from 13.0 in the post-1.10 cluster per #119)
Tools: 29 tools for calendars, events, reminders, tags, undo/redo, cleanup, and advanced operations
Version History
Version | Changes |
v1.15.0 |
|
v1.14.2 | Docs/skill-layer release — two-layer TCC authorization model (#168): |
v1.14.1 | Metadata correction — tool-count consistency. |
v1.14.0 | Claude Desktop tool-injection drop fixed (#166): a literal |
v1.13.0 | SwiftUI SetupWindow (#164): interactive |
v1.12.0 | Foreground |
v1.11.1 |
|
v1.11.0 | TCC healing re-prompt unblocked (#154): |
v1.10.0 | TCC drift detector + startup banner (#122): single-shot stderr banner at MCP-server startup with version/path/PID + drift signals (TCC.db path mismatch per-service, stale processes); opt-out via |
v1.9.0 | TCC access gate refactor (#108 Phase 2, closes #109): removed the process-lifetime |
v1.8.1 | Docs: |
v1.8.0 | Wire-format consistency wave + response-shape parameters (#101 cluster — 5 issues closed in 3 days, all |
v1.7.2 | Hardening + features wave (30+ commits over v1.7.1, all |
v1.7.1 | Security hardening (#20 #26): input validation (length limits + URL scheme allowlist) at all event/reminder entry points, prompt-injection wrapper on MCP read responses, parse-boundary validation for |
v1.7.0 | Attendee & organizer info (#17): read-only |
v1.6.0 |
|
v1.5.0 | Per-event timezone (#12): |
v1.4.0 | LLM reliability: Fix default search range (±2yr instead of distantPast/Future), |
v1.3.1 | Docs fix: Clarified that tags are MCP-level (not native Reminders.app tags); Apple provides no public API for native tags |
v1.3.0 | Reminder tags (MCP-level): |
v1.2.0 | Idempotent writes: |
v1.1.0 | Recurrence + Location: recurring events/reminders (daily/weekly/monthly/yearly), structured locations with coordinates, location-based reminder triggers (geofence enter/leave), rich recurrence output |
v1.0.0 | DX improvements: flexible date parsing (4 formats), fuzzy calendar matching, |
v0.9.0 | 4 new tools (20→24): |
v0.8.2 | i18n week support: |
v0.8.1 | Fix: |
v0.8.0 | BREAKING: |
v0.7.0 | Tool annotations for Anthropic Connectors Directory, auto-refresh mechanism, improved batch tool descriptions |
v0.6.0 | Source disambiguation: |
v0.5.0 | Batch delete, duplicate detection, multi-keyword search, improved permission errors, PRIVACY.md |
v0.4.0 | Copy/move events: |
v0.3.0 | Advanced features: search, quick range, batch create, conflict check, timezone display |
v0.2.0 | Swift rewrite with full Reminders support |
v0.1.x | Python version (deprecated) |
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
Release Process (for maintainers)
Version numbers live in three places with different semantics:
File | Role | When to bump |
| Source of truth; appears in | Every release |
| macOS bundle version | Every release; must match |
| Claude Desktop bundle manifest shipped inside | Every release; must match |
| MCP Registry submission snapshot | Only when re-submitting a new |
scripts/build-mcpb.sh enforces the first three match; it will fail the build if any drifts. server.json is intentionally decoupled because bumping it requires a rebuilt .mcpb, a fresh SHA256, and a re-submission — steps that don't happen every source release.
Signing & Notarization (required for macOS 26+)
Starting v1.7.1, release binaries are signed with a Developer ID Application certificate and notarized via Apple's notarytool. This is required on macOS 26 — ad-hoc signed binaries cannot trigger Calendar / Reminders TCC permission dialogs there.
Prerequisites (one-time setup):
Apple Developer Program enrollment.
Developer ID Application certificate installed in login keychain.
Verify with:
security find-identity -p codesigning -v(must showDeveloper ID Application: <Your Name> (<TeamID>)).Your Team ID is your own — find it at https://developer.apple.com/account → Membership Details. (The maintainer's
6W377FS7BSshown anywhere in this repo is for reference only.)
notarytoolkeychain profile (any name;che-ical-mcpis the default the build script looks for).Create interactively (recommended — keeps password out of shell history):
xcrun notarytool store-credentials che-ical-mcp --apple-id <your-apple-id> --team-id <your-team-id> # notarytool will prompt for the app-specific passwordApp-specific password: generate at https://account.apple.com → Sign-In and Security → App-Specific Passwords. Use a single-purpose password (e.g. named
che-ical-mcp); revoke + regenerate if leaked. Never pass it via--passwordon the command line — it lands in~/.zsh_history.
Export your identity for the build script:
export DEVELOPER_ID='Developer ID Application: <Your Name> (<TeamID>)' export NOTARY_PROFILE='che-ical-mcp' # match what you set up in step 3Persist these in
~/.zshrcor a project-local.envrc(gitignored). The script intentionally has no defaults for these, so a fresh fork doesn't fail with errors referring to the maintainer's identity.
Per-release flow:
make release-signed # builds universal binary → signs + notarizes → packages .mcpb
gh release create vX.Y.Z mcpb/server/CheICalMCP mcpb/server/CheICalMCP.sha256 mcpb/che-ical-mcp-X.Y.Z.mcpb mcpb/che-ical-mcp-X.Y.Z.mcpb.sha256 --notes "..."make release-signed runs scripts/build-mcpb.sh, which after creating the universal binary calls scripts/sign-and-notarize.sh. The signing script does pre-flight checks (cert + notarytool profile) and fails fast with friendly messages if anything's missing. Notarization typically takes 1–15 minutes (notarytool submit --wait blocks until Apple finishes).
Verification after build (run all three to confirm end-to-end):
# 1. Signature properties (cert + hardened runtime + team ID)
codesign -dv --verbose=2 mcpb/server/CheICalMCP
# Expected:
# Authority=Developer ID Application: <Your Name> (<TeamID>)
# TeamIdentifier=<TeamID>
# flags=0x10000(runtime)
# Signature size in the few thousand bytes range (varies by cert chain)
# 2. Signature integrity
codesign --verify --deep --strict --verbose=2 mcpb/server/CheICalMCP
# Expected: exit 0, no warnings
# 3. Notarization end-to-end (this is the real "Gatekeeper would accept" gate)
spctl -a -vvv -t install mcpb/server/CheICalMCP
# Expected: <binary>: accepted; source=Notarized Developer ID
#
# Note on flag choice (verified empirically on macOS 26.4.1, 2026-05-04):
# -t execute → rejected "code is valid but does not seem to be an app"
# (Apple's "execute" type expects a .app bundle structure,
# not raw Mach-O CLI binaries)
# -t install → accepted; source=Notarized Developer ID ← use this
# -t open → rejected "Insufficient Context"
#
# Apple's Code Signing Guide describes -t execute as the assessment type for
# "applications and tools", but on macOS 26 raw Mach-O binaries fall through
# the .app bundle check. -t install is the documented assessment type for
# software being installed (which describes how a CLI binary lands in ~/bin),
# and is the type that returns the actual notarization verdict in practice.
# Re-test if Apple changes this behavior in a future macOS update.Local dev iteration without signing latency:
SKIP_CODESIGN=1 ./scripts/build-mcpb.sh # ad-hoc signed; do NOT ship the result
make install # installs ad-hoc to ~/bin (dev only)The build-mcpb.sh script also auto-skips signing when DEVELOPER_ID is unset OR the cert isn't in your keychain — so contributors / CI / forks can build a working unsigned .mcpb for testing without manually setting SKIP_CODESIGN. (You'll see a clear "Skipping codesign" warning when this happens.)
Signing identity environment:
Env var | Default | Required for |
| (unset — auto-skip signing) | Signed release |
| (unset — fail-fast in | Signed release |
|
| Custom entitlements file |
| (unset) | Force-skip signing even with cert present (set to |
| (unset) | Fail-fast if signing prerequisites missing (set to |
Known limitation — no stapling: stapler staple does not support raw Mach-O binaries (only .app / .pkg / .dmg bundles). After notarization, Gatekeeper will online-check the binary on first launch instead of reading a stapled ticket. End users behind air-gapped networks may see "cannot verify developer" warnings; one launch with network resolves it (Apple caches the verdict). Mitigation: xcrun stapler staple on a future .pkg wrapper if needed.
Troubleshooting:
Notarization rejected?
xcrun notarytool log <submission-id> --keychain-profile $NOTARY_PROFILEshows Apple's reason. The signing script prints the submission ID on every run.codesigncomplains about missing identity?security find-identity -p codesigning -vto confirm cert is present + valid;xcrun notarytool history --keychain-profile $NOTARY_PROFILEto confirm the profile works.Cert expired? Re-issue at https://developer.apple.com/account/resources/certificates, install, re-export
DEVELOPER_ID.Security warning: don't unlock signing keychain on shared / untrusted machines. The cert + private key signing artifact is supply-chain critical.
License
MIT License - see LICENSE for details.
Author
Created by Che Cheng (@kiki830621)
If you find this useful, please consider giving it a star!
This server cannot be installed
Maintenance
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/PsychQuant/che-ical-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server