obsidian-mcp by benwilkes9 - MCP Server

obsidian-mcp

MCP Server for context engineering with local Obsidian vaults.

Prerequisites

Node.js 18 or newer
npm (comes with Node.js)

Setup

Clone the repository and install dependencies:

git clone https://github.com/benwilkes9/obsidian-mcp.git
cd obsidian-mcp
npm install

Building

Build the TypeScript source to JavaScript:

npm run build

For development with automatic rebuilding:

npm run watch

Running the app

After building, run the server:

node dist/cli.js

Or use MCP Inspector

npx @modelcontextprotocol/inspector node dist/cli.js

Managing dependencies

Add a runtime dependency:
```
npm install <package-name>
```
Add a development-only dependency:
```
npm install --save-dev <package-name>
```
Update dependencies:
```
npm update
```

Testing and quality

This project uses prettier for formatting, eslint for linting, TypeScript for type checking, and jest for testing. GitHub Actions enforces these checks.

Formatting

Format code with prettier:

npm run format

Check formatting without making changes:

npm run format:check

Linting

Check for linting issues:

npm run lint

Type checking

Run type checks with TypeScript:

npm run typecheck

Testing

Run tests with jest:

npm test                    # Run all tests
npm test -- --watch         # Run tests in watch mode
npm run test:coverage       # Run tests with coverage report
npm run test:coverage:watch # Run tests with coverage in watch mode

Coverage reports are generated in the coverage/ directory with HTML reports viewable at coverage/index.html.

Continuous Integration

GitHub Actions runs multiple checks in parallel on every push and pull request:

Security scans:

GitGuardian - Detects hardcoded secrets and credentials
Semgrep - Finds security vulnerabilities and bug patterns

Code quality:

SonarCloud - Code quality, bugs, and test coverage analysis
Prettier - Formatting check
ESLint - Linting
TypeScript - Type checking
Jest - Tests with coverage
Build - Compilation check

See for details.

Secret Scanning

This project uses GitGuardian to prevent secrets from being committed. Local setup (optional but recommended):

See https://github.com/GitGuardian/ggshield

If ggshield is not installed, the pre-commit hook will skip secret scanning locally but will still run in CI.

Static Analysis with Semgrep

Semgrep automatically scans for security vulnerabilities and bug patterns in CI. It's configured with:

Auto-detection: Uses community rules for TypeScript/Node.js
Custom rules for MCP servers (see ):

Local scanning (optional):

# Run scan
semgrep scan --config auto

# Or use custom rules only
semgrep scan --config .semgrep.yml

Findings appear in GitHub's Security tab under "Code scanning alerts" when running in CI.

Code Quality with SonarCloud

SonarCloud analyzes code quality, detects bugs, and tracks test coverage automatically in CI.

What it analyzes:

Code quality: Code smells, technical debt, maintainability
Reliability: Bugs and potential runtime errors
Security: Vulnerabilities and security hotspots
Coverage: Test coverage tracking and trends
Duplications: Code duplication detection

View results:

Dashboard: Quality gate status, metrics, and trends
Pull requests: Inline comments for new issues
Security tab: Vulnerability findings

Pre-commit Hooks

Husky runs the following checks before each commit:

ggshield secret scan: Scans for API keys, tokens, and other secrets
lint-staged: Auto-formats and lints staged files
typecheck: TypeScript type checking on all files
test:coverage: Runs all tests with coverage to ensure code quality

If any check fails, the commit will be blocked until issues are resolved.

Project layout

src/cli.ts – CLI entry point for the MCP server
src/server.ts – main server class (can be imported as a library)
src/__tests__/ – test files
package.json – project metadata and dependency declarations
tsconfig.json – TypeScript compiler configuration
.prettierrc – code formatting configuration
eslint.config.js – linting configuration
jest.config.js – testing configuration