brain-mcp
Stores and retrieves the brain's markdown files via the GitHub Contents API, using a private repository as persistent storage.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@brain-mcpadd to inbox: meeting notes from today"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
brain-mcp
Your second brain as a private git repo, wired into claude.ai.
A remote MCP server + web cockpit for a personal "second brain" made of plain markdown files in a private GitHub repo. Every new Claude chat can read your context (who you are, what you're working on, what you decided) and write back to it — through guarded, intent-shaped tools. A single-page web app renders the same brain as a live knowledge graph.
Runs entirely on the Cloudflare Workers free plan. No database, no vector store, no server to babysit: GitHub is the storage, git history is the backup, markdown is the format you'll still be able to read in 30 years.
What you get
MCP connector for claude.ai — Streamable HTTP at
/mcp, OAuth 2.1 + PKCE handshake handled by@cloudflare/workers-oauth-provider, GitHub login restricted to a single allowed account (yours).Read tools (tiered, token-efficient):
list_brain(file map + one-line summaries),get_brain_file,search_brain,get_graph,brain_health.Write tools (intent-shaped — no raw "write anywhere"):
add_to_inbox(filename, content)— stage intoinbox/, never overwrites.append_decision(text)— append a dated entry todecisions/YYYY-MM.md(append-only).update_now(content)— replacenow.md, bump theupdated:date.upsert_project(name, content)— create/updateprojects/<slug>.md.upsert_file(path, content)— general fallback, restricted to known folders.delete_inbox_item(filename)— the only delete, restricted toinbox/.
Guards on every write: refuses content that looks like an API key, token or private key; refuses paths outside the brain's folders;
decisions/is append-only; deletes are restricted toinbox/.Web cockpit at the Worker root (GitHub-gated session): force-directed knowledge graph (canvas + d3-force), file reader with wiki-links and backlinks, inline editor, inbox triage, health report (broken links, stale files, orphans), decision log, and a temporal replay of the brain's growth from git history. The UI language is currently French.
Two themes, one anatomy — a dark "observatory" mode (pure black, uniform grey nodes, white re-ink, faint coordinate grid) and a light "Swiss grid" mode (white paper, nodes colored by file type and sized by degree, Swiss red). A segmented switch (light | auto | dark) lives on the graph page and in the sidebar footer; auto follows the actual sunset/sunrise for your location (NOAA formula, no API). All deltas live in CSS tokens and
GRAPH_SKINS— seedesign/guidelines.md. Set your coordinates inapp/src/theme.tsand in the inline script ofapp/index.html(default: Paris).PWA share target — share a link/text from your phone straight into
inbox/.
Related MCP server: alaya
Architecture
claude.ai ──(OAuth 2.1 + PKCE)──► Worker (its own OAuth server)
│ GitHub login = identity gate (ALLOWED_LOGIN)
▼
/mcp Durable Object (MCP tools)
Browser ──(cookie session)──► /api + static SPA (Vite + React)
│
▼
GitHub contents API — your private brain repo
(fine-grained PAT, server-side only)Two credentials, two jobs, never mixed:
The GitHub OAuth App only proves who you are. Its token is never used to touch the repo.
A fine-grained PAT (
GITHUB_BRAIN_TOKEN, scoped to the brain repo only, Contents read/write) does all repo access, server-side. claude.ai never sees it.
The brain repo
Create a separate, private repo (e.g. my-brain) holding plain markdown.
The layout the tools expect:
README.md # how your brain works (also read by Claude)
identity.md # who you are — stable base context
preferences.md # how you like to work
now.md # current focus + deadlines (updated often)
context/ # long-lived context (company, school, protocols…)
people/ # one file per person
projects/ # one file per project
domains/ # knowledge areas
decisions/YYYY-MM.md # append-only decision log
personal/ # whatever is yours
inbox/ # raw captures, triaged laterFiles carry a small YAML frontmatter the graph and health report understand (all fields optional):
---
id: my-project
type: project
tags: [dev]
status: active
summary_l0: "One-line summary shown in list_brain."
updated: 2026-07-07
---
# My project
Links to other files as [[people/jane-doe]] wiki-links → graph edges.Setup
Prereqs: Node 18+, a Cloudflare account (free), a GitHub account.
1. Install
npm install
npm --prefix app install2. Configure your identity
Edit the vars block in wrangler.jsonc:
Var | What it is |
| GitHub login that owns the brain repo |
| Brain repo name (e.g. |
| Branch to read/write ( |
| The only GitHub login allowed to authenticate |
| IANA timezone for date stamps (e.g. |
| Optional: the graph's central "me" node (e.g. |
3. Create a GitHub OAuth App (login / identity)
GitHub → Settings → Developer settings → OAuth Apps → New OAuth App.
Homepage URL: your future worker URL, e.g.
https://brain-mcp.<your-subdomain>.workers.devAuthorization callback URL: the Worker's own callback —
https://brain-mcp.<your-subdomain>.workers.dev/callback
Architecture note: the Worker is its own OAuth 2.1 server for claude.ai; GitHub is only the upstream login. So GitHub redirects back to the Worker's
/callback, and that is the only callback GitHub needs. claude.ai registers its own redirect URIs with the Worker automatically via dynamic client registration (/register). You won't know the exact workers.dev subdomain until the first deploy — deploy once with a placeholder, then come back and set the real URL.
Copy the Client ID and generate a Client secret.
4. Create the fine-grained PAT (repo read/write)
GitHub → Settings → Developer settings → Fine-grained tokens → Generate new token.
Repository access: Only select repositories → your brain repo
Permissions:
Contents= Read and write (Metadata= Read is added automatically)
5. Cloudflare: KV + secrets
npx wrangler login
npx wrangler kv namespace create OAUTH_KV
# paste the printed id into wrangler.jsonc (REPLACE_WITH_KV_ID)
npx wrangler secret put GITHUB_CLIENT_ID
npx wrangler secret put GITHUB_CLIENT_SECRET
npx wrangler secret put GITHUB_BRAIN_TOKEN6. Build the app & deploy
npm --prefix app run build
npx wrangler deployYour MCP endpoint is the printed URL + /mcp. If your OAuth App used a
placeholder host, update its Homepage/callback URLs to the real one now.
The template ships without branding: add your own
favicon.svg,icon-192.pngandicon-512.pngtoapp/public/, then restore the<link rel="icon">tags inapp/index.htmland theiconsarray inapp/public/manifest.webmanifest(icons are required for the PWA install / share-target experience on mobile).
7. Connect
claude.ai → Settings → Connectors → Add custom connector → paste the
/mcpURL → Connect → log in with GitHub. Anyone who isn'tALLOWED_LOGINgets a 403.Browser cockpit → open the worker URL → "Se connecter avec GitHub".
8. Smoke test
In a new chat: "list my brain" → file map with summaries.
"read my now.md" → file content.
"add a test decision: validated the MCP write path" → appends to
decisions/YYYY-MM.md; confirm the commit on GitHub.
Local development
cp .dev.vars.example .dev.vars # fill in the three secrets
npx wrangler devUI-only work doesn't need any of that: npm --prefix app run dev then open
/mock.html — the API is stubbed with plausible fake data (app/src/dev-mock.ts).
Security model
See SECURITY.md for the full threat model. Short version: the
worker URL is public but serves nothing without a valid GitHub-verified
session; a single ALLOWED_LOGIN gate covers both surfaces (MCP + browser);
the repo PAT lives only in Worker secrets; every write goes through secret
detection and folder guards; rendered markdown is sanitized against stored XSS.
Disaster recovery (lost Cloudflare account, etc.) is covered in
RECOVERY.md — worst case degrades to a folder of readable
markdown, never to nothing.
License
MIT.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/albertvalleeduval/brain-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server