obsidian-mcp: 初次落地 Obsidian Vault MCP Server (.NET 10, read+write)

把 Obsidian vault 通过 MCP 暴露给 Claude.ai，OAuth 走 nas-auth。设计文档见 vault Coding/obsidian-mcp/obsidian-mcp 设计.md。代码层落地参考 vault Coding/obsidian-mcp/MCP 实现指南.md。 V1+V2 同时实现（用户要求跳过分阶段直接全部）：读 Tools（需 scope=read:obsidian）： - list_vault_tree（一次性 vault 地图，限制深度） - list_files / read_file（含 offset/limit 大文件分页） - search（子串匹配 + glob 过滤，最多 50 hits） - get_metadata（size / modified_at / has_frontmatter）写 Tools（需 scope=write:obsidian）： - write_file / append_file - 多重门禁：scope 校验 + 路径黑名单 + 写入白名单 + 永禁文件 - 永禁写：任意目录的 AGENTS.md / PROFILE.md / README.md / CLAUDE.md / 01-Secret/** - 白名单：02-ShengquGames/logs/ + Coding/ + NAS/NAS 待办清单.md - 写入审计日志按天 rotate（JSON line）安全： - VaultPathResolver chroot：path traversal + symlink 双拒绝 - JwtBearer (HS256, Current+Previous fallback, MapInboundClaims=false) - aud=obsidian, iss=https://auth.zhengchentao.win - 黑名单：01-Secret / .obsidian / .trash / .git 技术栈： - .NET 10 + ModelContextProtocol SDK 1.0 - Streamable HTTP transport (POST /mcp) - JwtBearer 10.0 + IdentityModel.Tokens 8.x 部署： - Dockerfile multi-stage，runtime 装 ripgrep（V3 备用），non-root user - .gitea/workflows/build-image.yml：build + deploy 双 job，buildkit v0.13.2 - 容器内 :8080，宿主端口 9090 - 子域名 obs.zhengchentao.win - vault 挂载 /volume1/docker/webdav/data/Zhengchen:/vault:rw（V2 写入需要 rw）测试：35/35 单测过（VaultPathResolver path traversal/blacklist/symlink + VaultWriteGuard whitelist/forbidden） Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-06 01:32:11 +08:00
commit 28f9a54ba9
28 changed files with 1625 additions and 0 deletions
@@ -0,0 +1,100 @@
+# obsidian-mcp
+
+Read and write an Obsidian vault via MCP (Model Context Protocol), with OAuth authentication via nas-auth.
+
+## Architecture
+
+```
+Claude.ai / MCP client
+    │
+    │ ① GET /.well-known/oauth-authorization-server
+    │ ② OAuth Authorization Code + PKCE (via nas-auth)
+    │ ③ Bearer JWT (aud=obsidian, scope=read:obsidian | write:obsidian)
+    │
+    ▼
+obs.zhengchentao.win/mcp  (this service, port 9090 → 8080)
+    │  JWT verify (HS256, shared key with nas-auth)
+    │  VaultPathResolver — chroot + blacklist
+    │  VaultWriteGuard   — whitelist for writes
+    │
+    ▼
+/vault  (Docker volume, backed by WebDAV share synced via Remotely Save)
+```
+
+## MCP Tools
+
+| Tool | Auth required | Description |
+|---|---|---|
+| `list_vault_tree` | read:obsidian | Depth-limited directory tree of the vault |
+| `list_files` | read:obsidian | Files and subdirs in a directory |
+| `read_file` | read:obsidian | Read file content (UTF-8), with optional byte-range params |
+| `search` | read:obsidian | Literal substring search, glob-filterable |
+| `get_metadata` | read:obsidian | Size, modified_at, has_frontmatter |
+| `write_file` | write:obsidian | Overwrite a whitelisted file |
+| `append_file` | write:obsidian | Append to a whitelisted file |
+
+## Configuration (environment variables)
+
+| Variable | Default | Description |
+|---|---|---|
+| `Vault__Root` | `./test-vault` | Vault root directory inside the container |
+| `Vault__Blacklist__0` | — | Extra blacklist path segments (01-Secret, .obsidian, .trash, .git are hardcoded) |
+| `Vault__WriteWhitelist__0` | — | Extra writable path prefixes |
+| `Jwt__Issuer` | `https://auth.zhengchentao.win` | Expected `iss` claim |
+| `Jwt__Audience` | `obsidian` | Expected `aud` claim |
+| `Jwt__SigningKey__Current` | **required** | HS256 signing key (share with nas-auth) |
+| `Jwt__SigningKey__Previous` | — | Previous key during rotation |
+| `Mcp__OAuthDiscovery__Issuer` | `https://auth.zhengchentao.win` | `/.well-known` issuer field |
+| `AuditLog__Directory` | `/app/logs` | Directory for audit log files |
+| `ASPNETCORE_ENVIRONMENT` | `Production` | Set to `Development` for verbose logs |
+
+## Local development
+
+```bash
+# 1. Create a test vault
+mkdir -p test-vault/NAS test-vault/Coding
+echo "# Test" > test-vault/NAS/test.md
+
+# 2. Set a dev signing key
+export Jwt__SigningKey__Current=dev-secret-key-at-least-32-chars-long
+
+# 3. Run
+dotnet run
+
+# 4. Generate a test JWT (requires dotnet user-jwts)
+dotnet user-jwts create \
+    --issuer https://auth.zhengchentao.win \
+    --audience obsidian \
+    --name tao \
+    --claim sub=tao \
+    --claim scope="read:obsidian write:obsidian"
+
+# 5. Test with MCP Inspector
+npx @modelcontextprotocol/inspector
+# Transport: Streamable HTTP
+# URL: http://localhost:5000/mcp
+# Bearer Token: <paste JWT from step 4>
+```
+
+## Write whitelist
+
+Write tools only accept paths matching (hardcoded, extendable via env):
+
+- Prefix `02-ShengquGames/logs/`
+- Prefix `Coding/`
+- Exact `NAS/NAS 待办清单.md`
+
+Always forbidden (any directory): `AGENTS.md`, `PROFILE.md`, `README.md`, `CLAUDE.md`, `01-Secret/`
+
+## Running tests
+
+```bash
+cd obsidian-mcp.Tests
+dotnet test
+```
+
+## Related docs
+
+- [obsidian-mcp 设计](../Obsidian%20Vault/Zhengchen/Coding/obsidian-mcp/obsidian-mcp%20设计.md)
+- [MCP 实现指南](../Obsidian%20Vault/Zhengchen/Coding/obsidian-mcp/MCP%20实现指南.md)
+- [nas-auth 设计](../Obsidian%20Vault/Zhengchen/Coding/nas-auth/nas-auth%20设计.md)