obsidian-mcp: 初次落地 Obsidian Vault MCP Server (.NET 10, read+write)

把 Obsidian vault 通过 MCP 暴露给 Claude.ai，OAuth 走 nas-auth。
设计文档见 vault Coding/obsidian-mcp/obsidian-mcp 设计.md。
代码层落地参考 vault Coding/obsidian-mcp/MCP 实现指南.md。

V1+V2 同时实现（用户要求跳过分阶段直接全部）：

读 Tools（需 scope=read:obsidian）：
- list_vault_tree（一次性 vault 地图，限制深度）
- list_files / read_file（含 offset/limit 大文件分页）
- search（子串匹配 + glob 过滤，最多 50 hits）
- get_metadata（size / modified_at / has_frontmatter）

写 Tools（需 scope=write:obsidian）：
- write_file / append_file
- 多重门禁：scope 校验 + 路径黑名单 + 写入白名单 + 永禁文件
  - 永禁写：任意目录的 AGENTS.md / PROFILE.md / README.md / CLAUDE.md / 01-Secret/**
  - 白名单：02-ShengquGames/logs/ + Coding/ + NAS/NAS 待办清单.md
- 写入审计日志按天 rotate（JSON line）

安全：
- VaultPathResolver chroot：path traversal + symlink 双拒绝
- JwtBearer (HS256, Current+Previous fallback, MapInboundClaims=false)
- aud=obsidian, iss=https://auth.zhengchentao.win
- 黑名单：01-Secret / .obsidian / .trash / .git

技术栈：
- .NET 10 + ModelContextProtocol SDK 1.0
- Streamable HTTP transport (POST /mcp)
- JwtBearer 10.0 + IdentityModel.Tokens 8.x

部署：
- Dockerfile multi-stage，runtime 装 ripgrep（V3 备用），non-root user
- .gitea/workflows/build-image.yml：build + deploy 双 job，buildkit v0.13.2
- 容器内 :8080，宿主端口 9090
- 子域名 obs.zhengchentao.win
- vault 挂载 /volume1/docker/webdav/data/Zhengchen:/vault:rw（V2 写入需要 rw）

测试：35/35 单测过（VaultPathResolver path traversal/blacklist/symlink + VaultWriteGuard whitelist/forbidden）

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Tools/WriteFileTool.cs

@@ -0,0 +1,69 @@
+using System.ComponentModel;
+using Microsoft.AspNetCore.Authorization;
+using ModelContextProtocol.Server;
+using ObsidianMcp.Auth;
+using ObsidianMcp.Services;
+
+namespace ObsidianMcp.Tools;
+
+[McpServerToolType]
+public class WriteFileTool(
+    VaultWriteGuard guard,
+    AuditLogger audit,
+    IHttpContextAccessor http)
+{
+    [McpServerTool]
+    [Description(
+        "Overwrite a vault file with new content (requires write:obsidian scope). " +
+        "Completely replaces the existing content. " +
+        "Only whitelisted paths are allowed: " +
+        "  - 02-ShengquGames/logs/ (monthly work logs), " +
+        "  - Coding/ (personal infra notes), " +
+        "  - NAS/NAS 待办清单.md (NAS todo list). " +
+        "Vault entry files (AGENTS.md, PROFILE.md, README.md, CLAUDE.md) and 01-Secret/ are always forbidden. " +
+        "Use append_file to add content without overwriting.")]
+    public async Task<WriteResult> WriteFile(
+        [Description("Vault-relative path (must be in writable whitelist). " +
+                     "e.g. '02-ShengquGames/logs/2026-05.md'")] string path,
+        [Description("Full file content to write (UTF-8). Replaces existing content entirely.")] string content)
+    {
+        // scope 校验
+        EnsureScope(ScopePolicies.WriteObsidian);
+
+        var user = GetUser();
+        var clientId = GetClientId();
+        string? absPath = null;
+
+        try
+        {
+            absPath = guard.EnsureWritable(path);
+
+            // 确保父目录存在
+            var dir = Path.GetDirectoryName(absPath)!;
+            Directory.CreateDirectory(dir);
+
+            await File.WriteAllTextAsync(absPath, content, System.Text.Encoding.UTF8);
+            var written = System.Text.Encoding.UTF8.GetByteCount(content);
+
+            audit.LogWrite(user, clientId, "write_file", path, written, ok: true);
+            return new WriteResult { Ok = true, WrittenBytes = written };
+        }
+        catch (Exception ex)
+        {
+            audit.LogWrite(user, clientId, "write_file", path, 0, ok: false, error: ex.Message);
+            throw;
+        }
+    }
+
+    private void EnsureScope(string requiredScope)
+    {
+        // OAuth 2.0 (RFC 6749) 规定 scope 大小写敏感，按 Ordinal 比对。
+        ToolScopeGuard.EnsureScope(http, requiredScope);
+    }
+
+    private string GetUser() =>
+        http.HttpContext?.User?.FindFirst("sub")?.Value ?? "unknown";
+
+    private string GetClientId() =>
+        http.HttpContext?.User?.FindFirst("client_id")?.Value ?? "unknown";
+}