- Persist context, plans, or reflections across sessions.
- Coordinate with other agents around a single knowledge store.
- Read structured human-curated notes (instructions, personas, capability docs) at runtime.
- Maintain a queryable graph of tasks, tags, and frontmatter metadata.
How it fits
Prerequisites
- Node.js 18+ (or Docker) on the host running the MCP server.
- Obsidian with the Local REST API community plugin installed and enabled.
- An API key generated from the Local REST API plugin settings.
- A second secret (
MCP_API_KEY) that agents present when calling this server.
Configuration
The server reads configuration from environment variables (typically a.env file or the environment: block in docker-compose.yml).
The server exits on startup if
MCP_API_KEY, OBSIDIAN_BASE_URL, or OBSIDIAN_API_KEY is missing.OBSIDIAN_BASE_URL by environment
Replace
27124 with the port shown in your Local REST API plugin settings.
Deployment
Docker (recommended)
Use the bundleddocker-compose.yml to build and run the server:
http://localhost:3000 and forwards requests to your vault at OBSIDIAN_BASE_URL.
Local Node.js
Health check
The server exposes an unauthenticated health endpoint:Authentication
Every/api/* request must include the bearer token:
403 Forbidden. Combine this with Trust-Based Access Control on the client side so agent-level trust scores gate which operations are even attempted.
API endpoints
All endpoints arePOST, accept application/json, and live under /api. Responses use a consistent envelope:
Example: read a note
Example: append agent context
Example: tag a note
Calling the server from Python
Most Artemis agents talk to the memory layer through the PythonMemoryClient, which wraps these endpoints and adds trust enforcement:
Security considerations
- Treat both keys as secrets.
MCP_API_KEYgrants full vault access via this server;OBSIDIAN_API_KEYgrants direct vault access via the plugin. - Default binding is
localhost. If you expose the server to a wider network, put it behind a firewall, reverse proxy, or mTLS. - Self-signed certificates. The server is configured to accept the plugin’s self-signed HTTPS cert (
rejectUnauthorized: false). For production, terminate TLS at a trusted proxy. - Validate agent inputs. The server performs minimal validation. Sanitize paths and content on the client side, and combine with trust scoring before issuing write or delete operations.
Troubleshooting
On Linux hosts running the MCP server in Docker,
host.docker.internal does not resolve by default — use the host’s bridge IP (often 172.17.0.1) or set network_mode: host in compose.