UNPKG

obsidian-mcp-server

Version:

MCP server for Obsidian vaults — read, write, search, and surgically edit notes, tags, and frontmatter via the Local REST API plugin. STDIO or Streamable HTTP.

github.com/cyanheads/obsidian-mcp-server

cyanheads/obsidian-mcp-server

18 lines (13 loc) 2.01 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
--- summary: Bump @cyanheads/mcp-ts-core ^0.8.15 → ^0.8.18 and document the auth requirement for HTTP deployments beyond loopback. breaking: false --- # 3.1.5 — 2026-05-06 Maintenance release: framework dep refresh, paired skill sync, and a documentation clarification around HTTP transport posture. No source-code changes in this server. ## Changed - **`@cyanheads/mcp-ts-core` `^0.8.15 → ^0.8.18`.** Three upstream patch releases roll up: - `0.8.16` — fixes an HTTP SSE per-request retention leak. `closePerRequestInstances` now binds to the request `AbortSignal` so ungraceful client disconnects close the per-request `McpServer` / transport pair. Affects this server when run under HTTP transport; pure framework fix, no consumer code change needed. - `0.8.17` — surfaces `ctx.sessionId` on `Context` for HTTP handlers (defined in `stateful` / `auto` mode; opt-in via `createApp({ context: { exposeStatelessSessionId: true } })` under stateless). This server doesn't currently key on it. - `0.8.18` — fixes `ctx.auth.token` being silently stripped in `toAuthContext`, and types `token?: string` on the public `AuthContext`. Doesn't apply here — this server forwards its own `OBSIDIAN_API_KEY` upstream, not the caller's bearer. - **`skills/api-context` `1.2 → 1.3`.** Picks up the upstream skill update covering `ctx.sessionId` — defined-when matrix across transport / session / auth modes, the stateless opt-in, capability-token coherence note, and strict / lax state-keying recipes. - **README + Dockerfile clarify auth requirement for non-loopback HTTP deployments.** The Docker image binds `MCP_HTTP_HOST=0.0.0.0` (required so the host's `-p` port mapping can reach the listener inside the container), and `MCP_AUTH_MODE` defaults to `none`. The README's Docker section and a new comment in the Dockerfile both now call this out and recommend `MCP_AUTH_MODE=jwt` or `oauth` for any deployment reachable beyond the operator's machine. Thanks to Ryan for surfacing the gap.