Skip to main content
The Artemis Agentic Memory Layer is a Model Context Protocol (MCP) server that exposes an Obsidian vault to agents over a small, authenticated REST API. It lets agents read, write, search, tag, and reorganize notes as a shared, versioned source of truth — the long-term memory bus for Artemis City. Use this integration when you want agents to:
  • Persist context, plans, or reflections across sessions.
  • Coordinate with other agents around a single knowledge store.
  • Read structured human-curated notes (instructions, personas, capability docs) at runtime.
  • Maintain a queryable graph of tasks, tags, and frontmatter metadata.
The Python-side client and trust-aware wrapper that calls this server are documented in Memory Integration. This page documents the MCP server itself: how to deploy it, how to configure it, and the endpoints it exposes.

How it fits

The MCP server is a thin translation layer. It accepts MCP-style tool invocations over HTTP, authenticates them against a shared key, and forwards them to the Obsidian Local REST API plugin running on the host vault.

Prerequisites

  • Node.js 18+ (or Docker) on the host running the MCP server.
  • Obsidian with the Local REST API community plugin installed and enabled.
  • An API key generated from the Local REST API plugin settings.
  • A second secret (MCP_API_KEY) that agents present when calling this server.

Configuration

The server reads configuration from environment variables (typically a .env file or the environment: block in docker-compose.yml).
The server exits on startup if MCP_API_KEY, OBSIDIAN_BASE_URL, or OBSIDIAN_API_KEY is missing.

OBSIDIAN_BASE_URL by environment

Replace 27124 with the port shown in your Local REST API plugin settings.

Deployment

Use the bundled docker-compose.yml to build and run the server:
The server is then reachable at http://localhost:3000 and forwards requests to your vault at OBSIDIAN_BASE_URL.

Local Node.js

Health check

The server exposes an unauthenticated health endpoint:

Authentication

Every /api/* request must include the bearer token:
Missing or mismatched tokens return 403 Forbidden. Combine this with Trust-Based Access Control on the client side so agent-level trust scores gate which operations are even attempted.

API endpoints

All endpoints are POST, accept application/json, and live under /api. Responses use a consistent envelope:
or, on failure:

Example: read a note

Example: append agent context

Example: tag a note

Calling the server from Python

Most Artemis agents talk to the memory layer through the Python MemoryClient, which wraps these endpoints and adds trust enforcement:
See Memory Integration for the full client surface, trust levels, and context-loading helpers.

Security considerations

  • Treat both keys as secrets. MCP_API_KEY grants full vault access via this server; OBSIDIAN_API_KEY grants direct vault access via the plugin.
  • Default binding is localhost. If you expose the server to a wider network, put it behind a firewall, reverse proxy, or mTLS.
  • Self-signed certificates. The server is configured to accept the plugin’s self-signed HTTPS cert (rejectUnauthorized: false). For production, terminate TLS at a trusted proxy.
  • Validate agent inputs. The server performs minimal validation. Sanitize paths and content on the client side, and combine with trust scoring before issuing write or delete operations.

Troubleshooting

On Linux hosts running the MCP server in Docker, host.docker.internal does not resolve by default — use the host’s bridge IP (often 172.17.0.1) or set network_mode: host in compose.
Last modified on July 16, 2026