obsidian-cli-mcp
Provides tools to interact with an Obsidian vault via the Obsidian CLI, supporting note operations (read, create, edit, delete, move, rename), property management, search, backlinks, file info, diff, and governed workflows with template and promotion capabilities.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@obsidian-cli-mcpsearch my vault for notes on AI"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
obsidian-cli-mcp
MCP server for the Obsidian CLI with explicit runtime profiles for governed and personal use. The default profile is governed-readonly; governed-mutation adds bounded template and promotion workflows on top of the read surface, and the broad legacy surface remains available only through an explicit personal-unrestricted profile.
Requirements
Obsidian desktop app running (macOS, Linux, Windows)
Obsidian CLI installed:
macOS / Linux (via Homebrew):
brew install obsidianmd/tap/obsidianWindows: see Obsidian CLI releases
Node.js 22+
Platform notes: Fully tested on macOS. Linux is supported via the same Homebrew tap (Linuxbrew). Windows support is untested — env var injection (
HOME/TMPDIR) may behave differently; contributions welcome.
Related MCP server: mcp-obsidian-ek
Installation
No installation required — run directly with npx:
npx -y @joemugen/obsidian-cli-mcpOr install globally:
npm install -g @joemugen/obsidian-cli-mcpConfiguration
Variable | Description | Default |
| Path to the Obsidian CLI binary |
|
| Default pinned vault name | required in governed profiles; optional in |
| Canonical filesystem root of the pinned vault | required in governed profiles |
| JSON vault policy file | required in governed profiles |
|
|
|
|
|
|
| HTTP port (when |
|
| HTTP bind host (when |
|
| Shared bearer token for HTTP auth | required for governed HTTP and any remote HTTP bind |
| Explicit remote bind opt-in ( | disabled by default |
Important (macOS): always point
OBSIDIAN_BINto the Homebrew binary ($(brew --prefix)/bin/obsidian). The Homebrew binary flushes stdout to the pipe correctly; a plain app bundle symlink does not.
Profiles
governed-readonlySafe default.
Registers exact-path note/property reads plus policy-filtered governed discovery (
obsidian_search,obsidian_search_context, filtered links, filtered backlinks).Requires
OBSIDIAN_VAULT,OBSIDIAN_VAULT_ROOT, andOBSIDIAN_POLICY_FILE.Disables per-call vault overrides.
governed-mutationAdds the exact-path mutation surface plus governed template and promotion helpers on top of
governed-readonly.Allows exact-path note/property edits and the governed workflow tools:
obsidian_create_note_from_template,obsidian_create_review_note,obsidian_create_promotion_candidate,obsidian_create_curated_note, andobsidian_log_promotion.Blocks rename, move, delete, task toggle, template insertion into the active note, daily mutation, plugin/theme/snippet mutation, runtime-state mutation, and execute/eval surfaces.
Requires the same pinned-vault and policy inputs as
governed-readonly.
personal-unrestrictedCompatibility profile for the full legacy surface, including mutating and developer-oriented tools.
Not the default.
Intended for controlled personal use, not governed deployment.
Governed vault policy
Governed profiles enforce a real path policy before the Obsidian CLI is invoked:
exact-path note/property operations only
bounded discovery only inside configured
discoveryAllowlistrootsapproved template reads only inside configured
templateAllowlistrootsworkflow routing for review notes, promotion candidates, curated destinations, and promotion logs
default deny for writes outside the configured write allowlist
explicit denylist support
hidden path and
.obsidian/**denial by defaultcanonical path normalization against the pinned
OBSIDIAN_VAULT_ROOToptional symlink traversal denial
See examples/governed-vault-policy.example.json for a conservative second-brain example.
Client Setup
Claude Desktop
Edit the config file for your OS:
OS | Path |
macOS |
|
Linux |
|
Windows |
|
{
"mcpServers": {
"obsidian-cli": {
"command": "npx",
"args": ["-y", "@joemugen/obsidian-cli-mcp"],
"env": {
"MCP_PROFILE": "governed-readonly",
"OBSIDIAN_BIN": "/opt/homebrew/bin/obsidian",
"OBSIDIAN_VAULT": "MyVault",
"OBSIDIAN_VAULT_ROOT": "/path/to/MyVault",
"OBSIDIAN_POLICY_FILE": "/path/to/governed-vault-policy.json"
}
}
}
}Restart Claude Desktop after saving.
Claude Code
Add to your project's .mcp.json (or ~/.claude/mcp.json for global):
{
"mcpServers": {
"obsidian-cli": {
"command": "npx",
"args": ["-y", "@joemugen/obsidian-cli-mcp"],
"env": {
"MCP_PROFILE": "governed-readonly",
"OBSIDIAN_BIN": "/opt/homebrew/bin/obsidian",
"OBSIDIAN_VAULT": "MyVault",
"OBSIDIAN_VAULT_ROOT": "/path/to/MyVault",
"OBSIDIAN_POLICY_FILE": "/path/to/governed-vault-policy.json"
}
}
}
}Or add it directly from the CLI:
claude mcp add obsidian-cli --transport stdio \
-e MCP_PROFILE=governed-readonly \
-e OBSIDIAN_BIN=/opt/homebrew/bin/obsidian \
-e OBSIDIAN_VAULT=MyVault \
-e OBSIDIAN_VAULT_ROOT=/path/to/MyVault \
-e OBSIDIAN_POLICY_FILE=/path/to/governed-vault-policy.json \
-- npx -y @joemugen/obsidian-cli-mcpCursor
Edit ~/.cursor/mcp.json:
{
"mcpServers": {
"obsidian-cli": {
"command": "npx",
"args": ["-y", "@joemugen/obsidian-cli-mcp"],
"env": {
"MCP_PROFILE": "governed-readonly",
"OBSIDIAN_BIN": "/opt/homebrew/bin/obsidian",
"OBSIDIAN_VAULT": "MyVault",
"OBSIDIAN_VAULT_ROOT": "/path/to/MyVault",
"OBSIDIAN_POLICY_FILE": "/path/to/governed-vault-policy.json"
}
}
}
}Zed
Edit ~/.config/zed/settings.json:
{
"context_servers": {
"obsidian-cli": {
"command": {
"path": "npx",
"args": ["-y", "@joemugen/obsidian-cli-mcp"],
"env": {
"MCP_PROFILE": "governed-readonly",
"OBSIDIAN_BIN": "/opt/homebrew/bin/obsidian",
"OBSIDIAN_VAULT": "MyVault",
"OBSIDIAN_VAULT_ROOT": "/path/to/MyVault",
"OBSIDIAN_POLICY_FILE": "/path/to/governed-vault-policy.json"
}
}
}
}
}HTTP transport (network / multi-client)
MCP_PROFILE=governed-readonly MCP_TRANSPORT=http MCP_PORT=3000 \
MCP_HTTP_HOST=127.0.0.1 \
MCP_HTTP_AUTH_TOKEN=change-me \
OBSIDIAN_BIN=/opt/homebrew/bin/obsidian \
OBSIDIAN_VAULT=MyVault \
OBSIDIAN_VAULT_ROOT=/path/to/MyVault \
OBSIDIAN_POLICY_FILE=/path/to/governed-vault-policy.json \
node dist/index.jsThe server exposes a Streamable HTTP endpoint at http://localhost:3000/mcp.
HTTP transport remains opt-in and is not the default deployment path. Phase 2 hardening is deliberately limited:
loopback (
127.0.0.1) remains the default bindgoverned HTTP requires
MCP_HTTP_AUTH_TOKENnon-loopback bind requires
MCP_HTTP_ALLOW_REMOTE_BIND=trueremote bind without explicit opt-in fails closed
this is controlled governed use, not an internet-safe deployment model
Tools
The default governed-readonly profile registers only the bounded governed read and discovery surface. governed-mutation adds the exact-path note/property mutation tools plus the governed workflow tools listed below. The full legacy tool catalog remains available only when MCP_PROFILE=personal-unrestricted is set explicitly.
Governed workflow tools
Tool | Description |
| Search only within policy-approved discovery roots with server-side result filtering |
| Search with bounded context inside policy-approved discovery roots |
| List outgoing links from an allowed note, filtering blocked targets server-side |
| List backlinks to an allowed note, filtering blocked sources server-side |
| Create a note from an approved governed template type into an approved destination |
| Create a provenance-preserving review note for an approved source note |
| Create a provenance-preserving promotion-candidate note for an approved source note |
| Create a curated note from an approved template type into an approved curated zone |
| Create a promotion log note linking the source and curated notes |
Notes
Tool | Description |
| Read a note by name or path |
| Create a new note |
| Delete a note |
| Move a note to another folder |
| Rename a note (updates all backlinks) |
| Append content to a note |
| Prepend content to a note |
| Get the heading outline of a note |
| Get word and character count |
| Get file metadata (path, size, dates…) |
| Compare two versions of a note |
| Execute JavaScript in the Obsidian context |
Vault
Tool | Description |
| Show vault name, path and file count |
| List files, optionally filtered by folder or extension |
| List all folders |
| List all Obsidian vaults |
| Get Obsidian and CLI version |
| List recently opened files |
| Read a random note from the vault or a folder |
| List all note aliases defined in frontmatter |
Search
Tool | Description |
| Full-text search across all notes |
| Search with surrounding context |
Frontmatter
Tool | Description |
| List all frontmatter properties in a note |
| Get a specific property value |
| Set a property value |
| Remove a property |
Tags
Tool | Description |
| List all tags in the vault or in a note |
| Get notes that use a specific tag |
Links
Tool | Description |
| List outgoing links from a note |
| List incoming links to a note |
| List notes with no incoming links |
| List notes with outgoing links only |
| List broken wikilinks |
Daily Notes
Tool | Description |
| Read today's daily note |
| Append content to today's daily note |
| Prepend content to today's daily note |
Tasks
Tool | Description |
| List tasks in a note or vault-wide |
| Toggle a task checkbox |
Templates
Tool | Description |
| List available templates |
| Read a template, optionally resolving variables |
| Insert a template into the active note |
Bookmarks
Tool | Description |
| List all bookmarks (notes, folders, searches, URLs) |
| Add a bookmark |
Plugins
Tool | Description |
| List all installed plugins |
| List only enabled plugins |
| Get info about a plugin |
| Enable a plugin |
| Disable a plugin |
| Install a community plugin |
| Uninstall a plugin |
History (requires File Recovery plugin)
Tool | Description |
| List all tracked versions |
| Read a specific version of a note |
| Restore a note to a previous version |
Sync (requires Obsidian Sync)
Tool | Description |
| Get current sync status |
| List sync versions for a file |
| Read a specific sync version |
| Restore a file to a sync version |
| List files deleted from sync history |
Workspace
Tool | Description |
| Get the current workspace layout and open panes |
| List all currently open tabs |
| Get the file path for today's daily note |
Commands & Hotkeys
Tool | Description |
| List all available commands (command palette) |
| Execute an Obsidian command by ID |
| List all configured keyboard shortcuts |
| Get the hotkey for a specific command |
Themes
Tool | Description |
| List all installed themes |
| Get information about a specific theme |
| Activate a theme (or reset to default) |
| Install a community theme |
| Uninstall a theme |
Snippets
Tool | Description |
| List all installed CSS snippets |
| List only enabled CSS snippets |
| Enable a CSS snippet |
| Disable a CSS snippet |
Bases (requires Obsidian Bases plugin)
Tool | Description |
| List all Base files |
| Query items from a Base |
| List views in a Base |
| Create an item in a Base |
Contributing
See CONTRIBUTING.md for architecture overview, design decisions, and how to add new tools.
License
See LICENSE.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/amalikn/obsidian-cli-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server