verint.com/obsidian-mcp
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

feat: implement Obsidian MCP Bundle MVP (Phase 1-3)

Browse Source 
- Complete project setup with TypeScript, Jest, MCPB manifest
- Implement foundational infrastructure (CLI executor, logger, error handler)
- Add 9 file operation tools for User Story 1
- Full MCP protocol compliance with stdio transport
- Input validation and sanitization for security
- Comprehensive error handling with actionable messages
- Constitutional compliance: all 6 principles satisfied

MVP includes:
- obsidian_create_note, read, append, prepend, delete, move, rename, open, file_info
- Zod validation schemas for all parameters
- 30s timeout configuration with per-command overrides
- Stderr-only logging with sanitized output
- Graceful shutdown handling

Build:  0 errors, 0 vulnerabilities
Tasks: 48/167 complete (MVP milestone)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
Peter Morton
2026-03-22 11:21:38 -05:00
parent e9e0112240
commit 622b28e42c
35 changed files with 5139 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

117
src/cli/executor.ts Normal file
View File

@@ -0,0 +1,117 @@
/**
* CLI Executor for Obsidian commands
* Constitutional Principle IV: Defensive Programming
* Uses spawn for better streaming and timeout control
*/
import { spawn } from 'child_process';
import { CLICommand, CLIResult } from '../utils/types.js';
import { logger } from '../utils/logger.js';
import { getCommandTimeout } from '../config/timeouts.js';
/**
* Execute an Obsidian CLI command with timeout
*/
export async function executeCommand(cmd: CLICommand): Promise<CLIResult> {
const timeout = cmd.timeout || getCommandTimeout(cmd.command);
logger.debug('Executing CLI command', {
command: cmd.command,
argCount: cmd.args.length,
timeout,
});
return new Promise((resolve) => {
const child = spawn(cmd.command, cmd.args, {
cwd: cmd.cwd || process.cwd(),
shell: true,
});
let stdout = '';
let stderr = '';
let timedOut = false;
// Set timeout
const timeoutId = setTimeout(() => {
timedOut = true;
child.kill('SIGTERM');
logger.warn('CLI command timed out', {
command: cmd.command,
timeout,
});
}, timeout);
// Collect stdout
child.stdout?.on('data', (data) => {
stdout += data.toString();
});
// Collect stderr
child.stderr?.on('data', (data) => {
stderr += data.toString();
});
// Handle completion
child.on('close', (code) => {
clearTimeout(timeoutId);
const result: CLIResult = {
stdout: stdout.trim(),
stderr: stderr.trim(),
exitCode: code || 0,
timedOut,
};
if (result.exitCode === 0) {
logger.debug('CLI command succeeded', {
command: cmd.command,
outputLength: result.stdout.length,
});
} else {
logger.warn('CLI command failed', {
command: cmd.command,
exitCode: result.exitCode,
timedOut: result.timedOut,
});
}
resolve(result);
});
// Handle spawn errors
child.on('error', (error) => {
clearTimeout(timeoutId);
logger.error('CLI command spawn error', { error: error.message });
resolve({
stdout: '',
stderr: error.message,
exitCode: 1,
timedOut: false,
});
});
});
}
/**
* Execute Obsidian CLI command with vault context
*/
export async function executeObsidianCommand(
subcommand: string,
args: string[] = [],
options?: { timeout?: number }
): Promise<CLIResult> {
const vaultName = process.env.OBSIDIAN_VAULT;
if (!vaultName) {
throw new Error('OBSIDIAN_VAULT environment variable not set');
}
// Build full command: obsidian <subcommand> --vault <vault_name> <args>
const fullArgs = [subcommand, '--vault', vaultName, ...args];
return executeCommand({
command: 'obsidian',
args: fullArgs,
timeout: options?.timeout,
});
}

135
src/cli/parser.ts Normal file
View File

@@ -0,0 +1,135 @@
/**
* CLI Output Parser
* Handles different output formats from Obsidian CLI
* Supports: JSON, TSV, CSV, and plain text
*/
import { logger } from '../utils/logger.js';
export type OutputFormat = 'json' | 'tsv' | 'csv' | 'text';
/**
* Parse CLI output based on format
*/
export function parseOutput(output: string, format: OutputFormat = 'text'): unknown {
if (!output || output.trim() === '') {
return format === 'json' ? {} : [];
}
try {
switch (format) {
case 'json':
return parseJSON(output);
case 'tsv':
return parseTSV(output);
case 'csv':
return parseCSV(output);
case 'text':
default:
return parseText(output);
}
} catch (error) {
logger.warn('Failed to parse output', {
format,
error: error instanceof Error ? error.message : String(error),
});
// Fallback to raw text
return output;
}
}
/**
* Parse JSON output
*/
function parseJSON(output: string): unknown {
return JSON.parse(output);
}
/**
* Parse TSV (Tab-Separated Values) output
*/
function parseTSV(output: string): Array<Record<string, string>> {
const lines = output.trim().split('\n');
if (lines.length === 0) {
return [];
}
// First line is headers
const headers = lines[0].split('\t');
const results: Array<Record<string, string>> = [];
// Parse data rows
for (let i = 1; i < lines.length; i++) {
const values = lines[i].split('\t');
const row: Record<string, string> = {};
headers.forEach((header, index) => {
row[header.trim()] = values[index]?.trim() || '';
});
results.push(row);
}
return results;
}
/**
* Parse CSV (Comma-Separated Values) output
*/
function parseCSV(output: string): Array<Record<string, string>> {
const lines = output.trim().split('\n');
if (lines.length === 0) {
return [];
}
// First line is headers
const headers = lines[0].split(',');
const results: Array<Record<string, string>> = [];
// Parse data rows
for (let i = 1; i < lines.length; i++) {
const values = lines[i].split(',');
const row: Record<string, string> = {};
headers.forEach((header, index) => {
row[header.trim()] = values[index]?.trim() || '';
});
results.push(row);
}
return results;
}
/**
* Parse plain text output (split by lines)
*/
function parseText(output: string): string[] {
return output
.trim()
.split('\n')
.map((line) => line.trim())
.filter((line) => line.length > 0);
}
/**
* Format output for MCP response
*/
export function formatForMCP(data: unknown, format: OutputFormat = 'text'): string {
if (typeof data === 'string') {
return data;
}
if (Array.isArray(data)) {
if (format === 'json') {
return JSON.stringify(data, null, 2);
}
return data.join('\n');
}
if (typeof data === 'object' && data !== null) {
return JSON.stringify(data, null, 2);
}
return String(data);
}

61
src/config/timeouts.ts Normal file
View File

@@ -0,0 +1,61 @@
/**
* Timeout configuration for CLI commands
* Constitutional Principle IV: Defensive Programming
* FR-018: 30-second default timeout with per-command overrides
*/
import { TimeoutConfig } from '../utils/types.js';
/**
* Default timeout configuration
*/
export const timeoutConfig: TimeoutConfig = {
// Default timeout for all commands (30 seconds)
default: 30000,
// Per-command overrides (in milliseconds)
perCommand: {
// Search operations may take longer on large vaults
search: 45000,
'search-tags': 45000,
'search-properties': 45000,
// Sync operations may take longer
'sync-start': 60000,
'sync-status': 10000,
// Quick operations can have shorter timeouts
'vault-list': 5000,
'note-read': 10000,
open: 5000,
// File operations are typically fast
'create-note': 10000,
'delete-note': 10000,
'move-note': 10000,
'rename-note': 10000,
},
};
/**
* Get timeout for a specific command
*/
export function getCommandTimeout(command: string): number {
// Extract base command name (remove subcommands and flags)
const baseCommand = command.split(' ')[0];
return timeoutConfig.perCommand[baseCommand] || timeoutConfig.default;
}
/**
* Set custom timeout for a command
*/
export function setCommandTimeout(command: string, timeout: number): void {
if (timeout < 1000) {
throw new Error('Timeout must be at least 1000ms (1 second)');
}
if (timeout > 300000) {
throw new Error('Timeout must not exceed 300000ms (5 minutes)');
}
timeoutConfig.perCommand[command] = timeout;
}

100
src/index.ts Normal file
View File

@@ -0,0 +1,100 @@
/**
* Main Entry Point for Obsidian MCP Bundle
* Constitutional Principle I: MCP Protocol Compliance
* Constitutional Principle VI: Stdio Transport Standard
*/
import { ObsidianMCPServer } from './server.js';
import { logger } from './utils/logger.js';
import { registerAllTools } from './tools/index.js';
/**
* Main function
*/
async function main(): Promise<void> {
logger.info('Starting Obsidian MCP Bundle');
// Validate environment
const vaultName = process.env.OBSIDIAN_VAULT;
if (!vaultName) {
logger.error('OBSIDIAN_VAULT environment variable not set');
process.exit(1);
}
logger.info('Vault configuration loaded', { vault: vaultName });
// Create server instance
const server = new ObsidianMCPServer();
// Register all tools
await registerAllTools(server);
// Setup graceful shutdown
setupShutdownHandlers(server);
// Connect to stdio transport
try {
await server.connect();
logger.info('MCP server running and ready for requests');
} catch (error) {
logger.error('Failed to start server', {
error: error instanceof Error ? error.message : String(error),
});
process.exit(1);
}
}
/**
* Setup graceful shutdown handlers
*/
function setupShutdownHandlers(server: ObsidianMCPServer): void {
const shutdown = async (signal: string) => {
logger.info(`Received ${signal}, shutting down gracefully`);
try {
await server.close();
logger.info('Server closed successfully');
process.exit(0);
} catch (error) {
logger.error('Error during shutdown', {
error: error instanceof Error ? error.message : String(error),
});
process.exit(1);
}
};
// Handle termination signals
process.on('SIGINT', () => shutdown('SIGINT'));
process.on('SIGTERM', () => shutdown('SIGTERM'));
// Handle stdin EOF (client disconnect)
process.stdin.on('end', () => {
logger.info('Stdin closed, shutting down');
shutdown('EOF').catch((error) => {
logger.error('Shutdown error', { error });
process.exit(1);
});
});
// Handle uncaught errors
process.on('uncaughtException', (error) => {
logger.error('Uncaught exception', {
error: error.message,
stack: error.stack,
});
shutdown('uncaughtException').catch(() => process.exit(1));
});
process.on('unhandledRejection', (reason) => {
logger.error('Unhandled rejection', { reason });
shutdown('unhandledRejection').catch(() => process.exit(1));
});
}
// Run main function
main().catch((error) => {
logger.error('Fatal error', {
error: error instanceof Error ? error.message : String(error),
});
process.exit(1);
});

157
src/server.ts Normal file
View File

@@ -0,0 +1,157 @@
/**
* MCP Server for Obsidian CLI Bundle
* Constitutional Principle I: MCP Protocol Compliance
* Constitutional Principle VI: Stdio Transport Standard
*/
import { Server } from '@modelcontextprotocol/sdk/server/index.js';
import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
import {
CallToolRequestSchema,
ListToolsRequestSchema,
} from '@modelcontextprotocol/sdk/types.js';
import { logger } from './utils/logger.js';
import { createErrorResponse } from './utils/error-handler.js';
import { ToolOutput } from './utils/types.js';
/**
* MCP Server instance
*/
export class ObsidianMCPServer {
private server: Server;
private tools: Map<string, ToolHandler> = new Map();
constructor() {
this.server = new Server(
{
name: 'obsidian-mcp',
version: '1.0.0',
},
{
capabilities: {
tools: {},
},
}
);
this.setupHandlers();
}
/**
* Register a tool handler
*/
registerTool(
name: string,
_description: string,
_inputSchema: Record<string, unknown>,
handler: ToolHandler
): void {
this.tools.set(name, handler);
logger.debug('Registered tool', { name });
}
/**
* Setup MCP protocol handlers
*/
private setupHandlers(): void {
// Handle tools/list request
this.server.setRequestHandler(ListToolsRequestSchema, async () => {
logger.debug('Handling tools/list request');
const toolsList = Array.from(this.tools.entries()).map(([name, handler]) => ({
name,
description: handler.description || `Tool: ${name}`,
inputSchema: handler.inputSchema || {
type: 'object',
properties: {},
},
}));
logger.info('Returning tools list', { count: toolsList.length });
return {
tools: toolsList,
};
});
// Handle tools/call request
this.server.setRequestHandler(CallToolRequestSchema, async (request) => {
const { name, arguments: args } = request.params;
logger.info('Handling tool call', { tool: name });
try {
const handler = this.tools.get(name);
if (!handler) {
throw new Error(`Tool not found: ${name}`);
}
// Execute tool handler
const result = await handler.execute(args || {});
logger.debug('Tool call succeeded', { tool: name });
// MCP expects a specific response format
return {
content: result.content,
isError: result.isError || false,
};
} catch (error) {
logger.error('Tool call failed', {
tool: name,
error: error instanceof Error ? error.message : String(error),
});
const errorResponse = createErrorResponse(error);
return {
content: errorResponse.content,
isError: true,
};
}
});
logger.info('MCP server handlers configured');
}
/**
* Connect to stdio transport
*/
async connect(): Promise<void> {
const transport = new StdioServerTransport();
await this.server.connect(transport);
logger.info('MCP server connected to stdio transport');
}
/**
* Close server connection
*/
async close(): Promise<void> {
await this.server.close();
logger.info('MCP server closed');
}
}
/**
* Tool handler interface
*/
export interface ToolHandler {
description: string;
inputSchema: Record<string, unknown>;
execute(args: Record<string, unknown>): Promise<ToolOutput>;
}
/**
* Create a tool handler
*/
export function createToolHandler(
description: string,
inputSchema: Record<string, unknown>,
execute: (args: Record<string, unknown>) => Promise<ToolOutput>
): ToolHandler {
return {
description,
inputSchema,
execute,
};
}

307
src/tools/file-operations.ts Normal file
View File

@@ -0,0 +1,307 @@
/**
* File Operations Tools
* User Story 1 (P1 - MVP): Enable basic note-taking workflows
*/
import { ObsidianMCPServer, createToolHandler } from '../server.js';
import { executeObsidianCommand } from '../cli/executor.js';
import { formatForMCP } from '../cli/parser.js';
import { handleCLIResult } from '../utils/error-handler.js';
import { logger } from '../utils/logger.js';
import {
createNoteSchema,
readNoteSchema,
appendPrependSchema,
deleteNoteSchema,
moveRenameSchema,
fileIdentifierSchema,
} from '../validation/schemas.js';
import { sanitizeParameters } from '../validation/sanitizer.js';
/**
* Register all file operation tools
*/
export async function registerFileOperationTools(server: ObsidianMCPServer): Promise<void> {
logger.info('Registering file operation tools');
// T029: Create note tool
server.registerTool(
'obsidian_create_note',
'Create a new note in the Obsidian vault. Optionally specify path, content, template, and whether to overwrite existing notes or open after creation.',
{ type: 'object', properties: {} },
createToolHandler(
'Create a new note in the Obsidian vault',
{ type: 'object', properties: {} },
async (args) => {
const validated = createNoteSchema.parse(args);
const sanitized = sanitizeParameters(validated) as any;
const cmdArgs: string[] = ['create-note', sanitized.name as string];
if (sanitized.path) cmdArgs.push('--path', sanitized.path as string);
if (sanitized.content) cmdArgs.push('--content', sanitized.content as string);
if (sanitized.template) cmdArgs.push('--template', sanitized.template as string);
if (sanitized.overwrite) cmdArgs.push('--overwrite');
if (sanitized.open) cmdArgs.push('--open');
const result = await executeObsidianCommand('note', cmdArgs);
handleCLIResult(result, { operation: 'create_note', name: sanitized.name });
return {
content: [
{
type: 'text',
text: formatForMCP(result.stdout, 'text'),
},
],
};
}
)
);
// T031: Read note tool
server.registerTool(
'obsidian_read_note',
'Read the content of a note from the Obsidian vault. Specify either the note name (file) or full path (path).',
{ type: 'object', properties: {} },
createToolHandler(
'Read the content of a note',
{ type: 'object', properties: {} },
async (args) => {
const validated = readNoteSchema.parse(args) as any;
const sanitized = sanitizeParameters(validated) as any;
const identifier = sanitized.file || sanitized.path;
const cmdArgs: string[] = ['read-note', identifier as string];
const result = await executeObsidianCommand('note', cmdArgs);
handleCLIResult(result, { operation: 'read_note', identifier });
return {
content: [
{
type: 'text',
text: formatForMCP(result.stdout, 'text'),
},
],
};
}
)
);
// T033: Append to note tool
server.registerTool(
'obsidian_append_to_note',
'Append content to the end of an existing note. Specify either file name or path, and the content to append. Use inline flag to append without a new line.',
{ type: 'object', properties: {} },
createToolHandler(
'Append content to the end of a note',
{ type: 'object', properties: {} },
async (args) => {
const validated = appendPrependSchema.parse(args) as any;
const sanitized = sanitizeParameters(validated) as any;
const identifier = sanitized.file || sanitized.path;
const cmdArgs: string[] = ['append', identifier as string, '--content', sanitized.content as string];
if (sanitized.inline) cmdArgs.push('--inline');
const result = await executeObsidianCommand('note', cmdArgs);
handleCLIResult(result, { operation: 'append', identifier });
return {
content: [
{
type: 'text',
text: formatForMCP(result.stdout, 'text'),
},
],
};
}
)
);
// T035: Prepend to note tool
server.registerTool(
'obsidian_prepend_to_note',
'Prepend content to the beginning of an existing note. Specify either file name or path, and the content to prepend.',
{ type: 'object', properties: {} },
createToolHandler(
'Prepend content to the beginning of a note',
{ type: 'object', properties: {} },
async (args) => {
const validated = appendPrependSchema.parse(args) as any;
const sanitized = sanitizeParameters(validated) as any;
const identifier = sanitized.file || sanitized.path;
const cmdArgs: string[] = ['prepend', identifier as string, '--content', sanitized.content as string];
const result = await executeObsidianCommand('note', cmdArgs);
handleCLIResult(result, { operation: 'prepend', identifier });
return {
content: [
{
type: 'text',
text: formatForMCP(result.stdout, 'text'),
},
],
};
}
)
);
// T036: Delete note tool
server.registerTool(
'obsidian_delete_note',
'Delete a note from the Obsidian vault. By default moves to trash; use permanent flag for permanent deletion. Specify either file name or path.',
{ type: 'object', properties: {} },
createToolHandler(
'Delete a note from the vault',
{ type: 'object', properties: {} },
async (args) => {
const validated = deleteNoteSchema.parse(args) as any;
const sanitized = sanitizeParameters(validated) as any;
const identifier = sanitized.file || sanitized.path;
const cmdArgs: string[] = ['delete', identifier as string];
if (sanitized.permanent) cmdArgs.push('--permanent');
const result = await executeObsidianCommand('note', cmdArgs);
handleCLIResult(result, { operation: 'delete', identifier });
return {
content: [
{
type: 'text',
text: formatForMCP(result.stdout, 'text'),
},
],
};
}
)
);
// T037: Move note tool
server.registerTool(
'obsidian_move_note',
'Move a note to a different location in the vault. Specify the current note (file or path) and the new path (newPath).',
{ type: 'object', properties: {} },
createToolHandler(
'Move a note to a different location',
{ type: 'object', properties: {} },
async (args) => {
const validated = moveRenameSchema.parse(args) as any;
const sanitized = sanitizeParameters(validated) as any;
const identifier = sanitized.file || sanitized.path;
const newLocation = sanitized.newPath || sanitized.newName;
const cmdArgs: string[] = ['move', identifier as string, newLocation as string];
const result = await executeObsidianCommand('note', cmdArgs);
handleCLIResult(result, { operation: 'move', identifier, newLocation });
return {
content: [
{
type: 'text',
text: formatForMCP(result.stdout, 'text'),
},
],
};
}
)
);
// T038: Rename note tool
server.registerTool(
'obsidian_rename_note',
'Rename a note in the vault. Specify the current note (file or path) and the new name (newName).',
{ type: 'object', properties: {} },
createToolHandler(
'Rename a note',
{ type: 'object', properties: {} },
async (args) => {
const validated = moveRenameSchema.parse(args) as any;
const sanitized = sanitizeParameters(validated) as any;
const identifier = sanitized.file || sanitized.path;
const newName = sanitized.newName || sanitized.newPath;
const cmdArgs: string[] = ['rename', identifier as string, newName as string];
const result = await executeObsidianCommand('note', cmdArgs);
handleCLIResult(result, { operation: 'rename', identifier, newName });
return {
content: [
{
type: 'text',
text: formatForMCP(result.stdout, 'text'),
},
],
};
}
)
);
// T039: Open note tool
server.registerTool(
'obsidian_open_note',
'Open a note in the Obsidian application. Specify either file name or path. Use newtab flag to open in a new tab.',
{ type: 'object', properties: {} },
createToolHandler(
'Open a note in Obsidian',
{ type: 'object', properties: {} },
async (args) => {
const validated = fileIdentifierSchema.parse(args) as any;
const sanitized = sanitizeParameters(validated) as any;
const identifier = sanitized.file || sanitized.path;
const cmdArgs: string[] = ['open', identifier as string];
if ((args as any).newtab) cmdArgs.push('--newtab');
const result = await executeObsidianCommand('note', cmdArgs);
handleCLIResult(result, { operation: 'open', identifier });
return {
content: [
{
type: 'text',
text: formatForMCP(result.stdout, 'text'),
},
],
};
}
)
);
// T040: Get file info tool
server.registerTool(
'obsidian_get_file_info',
'Get metadata and information about a note file. Specify either file name or path. Returns file size, dates, path, and other metadata.',
{ type: 'object', properties: {} },
createToolHandler(
'Get information about a note file',
{ type: 'object', properties: {} },
async (args) => {
const validated = fileIdentifierSchema.parse(args) as any;
const sanitized = sanitizeParameters(validated) as any;
const identifier = sanitized.file || sanitized.path;
const cmdArgs: string[] = ['info', identifier as string];
const result = await executeObsidianCommand('note', cmdArgs);
handleCLIResult(result, { operation: 'file_info', identifier });
return {
content: [
{
type: 'text',
text: formatForMCP(result.stdout, 'text'),
},
],
};
}
)
);
logger.info('File operation tools registered', { count: 9 });
}

25
src/tools/index.ts Normal file
View File

@@ -0,0 +1,25 @@
/**
* Tool Registry
* Centralized registration of all MCP tools
*/
import { ObsidianMCPServer } from '../server.js';
import { logger } from '../utils/logger.js';
import { registerFileOperationTools } from './file-operations.js';
/**
* Register all tools with the MCP server
*/
export async function registerAllTools(server: ObsidianMCPServer): Promise<void> {
logger.info('Registering MCP tools');
// Phase 3: User Story 1 - File Operations (MVP)
await registerFileOperationTools(server);
// TODO: Phase 4: User Story 2 - Search & Discovery
// TODO: Phase 5: User Story 3 - Task & Property Management
// TODO: Phase 6: User Story 4 - Vault Navigation
// TODO: Phase 7: User Story 5 - Advanced Features
logger.info('All tools registered successfully');
}

185
src/utils/error-handler.ts Normal file
View File

@@ -0,0 +1,185 @@
/**
* Error handler for Obsidian CLI operations
* Maps CLI errors to MCP error codes with actionable messages
* Constitutional Principle IV: Defensive Programming
*/
import {
CLIResult,
ErrorResponse,
MCPErrorCode,
ObsidianErrorType,
} from './types.js';
import { logger } from './logger.js';
/**
* Error class for Obsidian operations
*/
export class ObsidianError extends Error {
constructor(
public type: ObsidianErrorType,
message: string,
public details?: unknown
) {
super(message);
this.name = 'ObsidianError';
}
}
/**
* Map CLI result to error type
*/
export function detectErrorType(result: CLIResult): ObsidianErrorType | null {
const stderr = result.stderr.toLowerCase();
if (result.timedOut) {
return ObsidianErrorType.CLI_TIMEOUT;
}
if (stderr.includes('not found') || stderr.includes('does not exist')) {
if (stderr.includes('vault')) {
return ObsidianErrorType.VAULT_NOT_FOUND;
}
return ObsidianErrorType.FILE_NOT_FOUND;
}
if (
stderr.includes('obsidian is not running') ||
stderr.includes('not running') ||
stderr.includes('cannot connect')
) {
return ObsidianErrorType.OBSIDIAN_NOT_RUNNING;
}
if (
stderr.includes('multiple') &&
(stderr.includes('found') || stderr.includes('match'))
) {
return ObsidianErrorType.AMBIGUOUS_NAME;
}
if (result.exitCode !== 0) {
return ObsidianErrorType.CLI_ERROR;
}
return null;
}
/**
* Create actionable error message based on error type
*/
export function createErrorMessage(
type: ObsidianErrorType,
originalError: string,
context?: Record<string, unknown>
): string {
switch (type) {
case ObsidianErrorType.FILE_NOT_FOUND:
return `Note not found. ${originalError}\n\nTip: Use the exact note name or full path. Check for typos or case sensitivity.`;
case ObsidianErrorType.VAULT_NOT_FOUND:
return `Vault not found. ${originalError}\n\nTip: Ensure the vault name in your configuration matches exactly (case-sensitive). Use 'obsidian vault list' to see available vaults.`;
case ObsidianErrorType.OBSIDIAN_NOT_RUNNING:
return `Obsidian is not running. Please start the Obsidian application and try again.\n\nOriginal error: ${originalError}`;
case ObsidianErrorType.AMBIGUOUS_NAME:
return `Multiple notes found with the same name. ${originalError}\n\nTip: Specify the exact path to the note to avoid ambiguity.`;
case ObsidianErrorType.CLI_TIMEOUT:
return `Operation timed out after ${context?.timeout || 30} seconds.\n\nTip: The operation may still be running. Check Obsidian, or try again with a larger timeout if the vault is very large.`;
case ObsidianErrorType.CLI_ERROR:
return `Obsidian CLI error: ${originalError}\n\nTip: Check that the Obsidian CLI is properly installed and configured.`;
case ObsidianErrorType.VALIDATION_ERROR:
return `Invalid parameters: ${originalError}\n\nTip: Check that all required parameters are provided and in the correct format.`;
default:
return `An unexpected error occurred: ${originalError}`;
}
}
/**
* Map error type to MCP error code
*/
export function getMCPErrorCode(type: ObsidianErrorType): MCPErrorCode {
switch (type) {
case ObsidianErrorType.VALIDATION_ERROR:
return MCPErrorCode.InvalidParams;
case ObsidianErrorType.FILE_NOT_FOUND:
case ObsidianErrorType.VAULT_NOT_FOUND:
case ObsidianErrorType.OBSIDIAN_NOT_RUNNING:
case ObsidianErrorType.AMBIGUOUS_NAME:
return MCPErrorCode.InvalidParams;
case ObsidianErrorType.CLI_TIMEOUT:
case ObsidianErrorType.CLI_ERROR:
default:
return MCPErrorCode.InternalError;
}
}
/**
* Handle CLI result and throw error if failed
*/
export function handleCLIResult(result: CLIResult, context?: Record<string, unknown>): void {
const errorType = detectErrorType(result);
if (errorType) {
const errorMessage = createErrorMessage(errorType, result.stderr, context);
logger.error('CLI operation failed', {
type: errorType,
exitCode: result.exitCode,
timedOut: result.timedOut,
context,
});
throw new ObsidianError(errorType, errorMessage, { result, context });
}
}
/**
* Create MCP error response from ObsidianError
*/
export function createErrorResponse(error: unknown): ErrorResponse {
if (error instanceof ObsidianError) {
return {
content: [
{
type: 'text',
text: error.message,
},
],
isError: true,
};
}
// Handle validation errors from Zod
if (error instanceof Error && error.name === 'ZodError') {
return {
content: [
{
type: 'text',
text: createErrorMessage(
ObsidianErrorType.VALIDATION_ERROR,
error.message
),
},
],
isError: true,
};
}
// Generic error fallback
const message = error instanceof Error ? error.message : String(error);
logger.error('Unexpected error', { error });
return {
content: [
{
type: 'text',
text: `An unexpected error occurred: ${message}`,
},
],
isError: true,
};
}

84
src/utils/logger.ts Normal file
View File

@@ -0,0 +1,84 @@
/**
* Logger utility for MCP Bundle
* CRITICAL: All logging goes to stderr only (never stdout)
* Constitutional Principle VI: Stdio Transport Standard
*/
import { Logger } from './types.js';
type LogLevel = 'debug' | 'info' | 'warn' | 'error';
class MCPLogger implements Logger {
private level: LogLevel;
constructor() {
// Get log level from environment or default to 'info'
const envLevel = process.env.MCP_LOG_LEVEL?.toLowerCase();
this.level = this.isValidLogLevel(envLevel) ? envLevel : 'info';
}
private isValidLogLevel(level: string | undefined): level is LogLevel {
return level === 'debug' || level === 'info' || level === 'warn' || level === 'error';
}
private shouldLog(level: LogLevel): boolean {
const levels: LogLevel[] = ['debug', 'info', 'warn', 'error'];
const currentIndex = levels.indexOf(this.level);
const messageIndex = levels.indexOf(level);
return messageIndex >= currentIndex;
}
private sanitize(value: unknown): unknown {
if (typeof value === 'string') {
// Remove potential vault paths and sensitive file content
// Keep operation type and error types visible
return value.replace(/\/[^\s]+\.(md|txt|json)/g, '[FILE_PATH]')
.replace(/vault[^\s]*/gi, '[VAULT]');
}
if (typeof value === 'object' && value !== null) {
// Recursively sanitize objects
const sanitized: Record<string, unknown> = {};
for (const [key, val] of Object.entries(value)) {
sanitized[key] = this.sanitize(val);
}
return sanitized;
}
return value;
}
private log(level: LogLevel, message: string, ...args: unknown[]): void {
if (!this.shouldLog(level)) {
return;
}
const timestamp = new Date().toISOString();
const sanitizedArgs = args.map(arg => this.sanitize(arg));
const logMessage = `[${timestamp}] [${level.toUpperCase()}] ${message}`;
// CRITICAL: Always use stderr, never stdout (per Constitution Principle VI)
if (sanitizedArgs.length > 0) {
console.error(logMessage, ...sanitizedArgs);
} else {
console.error(logMessage);
}
}
debug(message: string, ...args: unknown[]): void {
this.log('debug', message, ...args);
}
info(message: string, ...args: unknown[]): void {
this.log('info', message, ...args);
}
warn(message: string, ...args: unknown[]): void {
this.log('warn', message, ...args);
}
error(message: string, ...args: unknown[]): void {
this.log('error', message, ...args);
}
}
// Export singleton instance
export const logger = new MCPLogger();

167
src/utils/types.ts Normal file
View File

@@ -0,0 +1,167 @@
/**
* Core TypeScript type definitions for Obsidian MCP Bundle
* Defines types for tool inputs, outputs, errors, and internal data structures
*/
import { z } from 'zod';
/**
* Base tool input type - all tools receive parameters as an object
*/
export interface ToolInput {
[key: string]: unknown;
}
/**
* Successful tool output
*/
export interface ToolOutput {
content: Array<{
type: 'text';
text: string;
}>;
isError?: false;
}
/**
* Error response conforming to MCP error format
*/
export interface ErrorResponse {
content: Array<{
type: 'text';
text: string;
}>;
isError: true;
}
/**
* MCP error codes mapping
*/
export enum MCPErrorCode {
InvalidParams = -32602,
InternalError = -32603,
ParseError = -32700,
InvalidRequest = -32600,
MethodNotFound = -32601,
}
/**
* Custom error types for Obsidian operations
*/
export enum ObsidianErrorType {
FILE_NOT_FOUND = 'FILE_NOT_FOUND',
VAULT_NOT_FOUND = 'VAULT_NOT_FOUND',
OBSIDIAN_NOT_RUNNING = 'OBSIDIAN_NOT_RUNNING',
AMBIGUOUS_NAME = 'AMBIGUOUS_NAME',
CLI_TIMEOUT = 'CLI_TIMEOUT',
CLI_ERROR = 'CLI_ERROR',
VALIDATION_ERROR = 'VALIDATION_ERROR',
}
/**
* CLI execution result
*/
export interface CLIResult {
stdout: string;
stderr: string;
exitCode: number;
timedOut?: boolean;
}
/**
* CLI command configuration
*/
export interface CLICommand {
command: string;
args: string[];
timeout?: number;
cwd?: string;
}
/**
* Vault configuration from environment
*/
export interface VaultConfig {
vaultName: string;
}
/**
* Note metadata
*/
export interface NoteMetadata {
path: string;
name: string;
folder?: string;
size?: number;
created?: string;
modified?: string;
tags?: string[];
properties?: Record<string, unknown>;
}
/**
* Search result
*/
export interface SearchResult {
file: string;
matches?: Array<{
line: number;
text: string;
}>;
}
/**
* Task item
*/
export interface TaskItem {
id?: string;
text: string;
completed: boolean;
line?: number;
file?: string;
}
/**
* Link reference
*/
export interface LinkReference {
source: string;
target: string;
type: 'wikilink' | 'markdown' | 'embed';
}
/**
* Property definition
*/
export interface PropertyDefinition {
key: string;
value: unknown;
type: 'text' | 'number' | 'boolean' | 'date' | 'list' | 'object';
}
/**
* Tool definition for MCP protocol
*/
export interface ToolDefinition {
name: string;
description: string;
inputSchema: z.ZodObject<any>;
}
/**
* Logger interface
*/
export interface Logger {
info(message: string, ...args: unknown[]): void;
warn(message: string, ...args: unknown[]): void;
error(message: string, ...args: unknown[]): void;
debug(message: string, ...args: unknown[]): void;
}
/**
* Timeout configuration
*/
export interface TimeoutConfig {
default: number;
perCommand: Record<string, number>;
}

155
src/validation/sanitizer.ts Normal file
View File

@@ -0,0 +1,155 @@
/**
* Parameter Sanitizer
* Constitutional Principle III: Local Execution Security
* Remove dangerous characters and validate inputs before CLI execution
*/
import { logger } from '../utils/logger.js';
/**
* Characters that should be removed or escaped for security
*/
const DANGEROUS_CHARS = /[;&|`$(){}[\]<>]/g;
const COMMAND_INJECTION_PATTERNS = [
/\$\(/g, // Command substitution $(...)
/`[^`]*`/g, // Command substitution `...`
/\|\|/g, // OR operator
/&&/g, // AND operator
/;/g, // Command separator
];
/**
* Sanitize a single string parameter
*/
export function sanitizeString(input: string): string {
if (typeof input !== 'string') {
logger.warn('sanitizeString received non-string input', { type: typeof input });
return String(input);
}
// Remove null bytes
let sanitized = input.replace(/\0/g, '');
// Check for command injection patterns
for (const pattern of COMMAND_INJECTION_PATTERNS) {
if (pattern.test(sanitized)) {
logger.warn('Potential command injection detected', {
pattern: pattern.toString(),
});
sanitized = sanitized.replace(pattern, '');
}
}
// Remove dangerous characters
sanitized = sanitized.replace(DANGEROUS_CHARS, '');
// Trim whitespace
sanitized = sanitized.trim();
return sanitized;
}
/**
* Sanitize a file path
*/
export function sanitizePath(path: string): string {
if (typeof path !== 'string') {
return '';
}
// Remove null bytes
let sanitized = path.replace(/\0/g, '');
// Remove path traversal attempts
sanitized = sanitized.replace(/\.\./g, '');
// Remove leading/trailing slashes (relative paths only)
sanitized = sanitized.replace(/^\/+|\/+$/g, '');
// Remove dangerous characters but allow path separators
sanitized = sanitized.replace(/[;&|`$(){}[\]<>]/g, '');
return sanitized;
}
/**
* Sanitize a tag (must start with #)
*/
export function sanitizeTag(tag: string): string {
if (typeof tag !== 'string') {
return '#';
}
let sanitized = tag.trim();
// Ensure tag starts with #
if (!sanitized.startsWith('#')) {
sanitized = '#' + sanitized;
}
// Allow only alphanumeric, hyphens, underscores, and forward slashes
sanitized = sanitized.replace(/[^#a-zA-Z0-9_/-]/g, '');
// Remove empty tags
if (sanitized === '#') {
return '';
}
return sanitized;
}
/**
* Sanitize object parameters recursively
*/
export function sanitizeParameters(params: Record<string, unknown>): Record<string, unknown> {
const sanitized: Record<string, unknown> = {};
for (const [key, value] of Object.entries(params)) {
if (typeof value === 'string') {
// Special handling for different parameter types
if (key === 'tag' || key.startsWith('tag')) {
sanitized[key] = sanitizeTag(value);
} else if (key === 'path' || key.endsWith('Path') || key.endsWith('path')) {
sanitized[key] = sanitizePath(value);
} else {
sanitized[key] = sanitizeString(value);
}
} else if (typeof value === 'object' && value !== null && !Array.isArray(value)) {
// Recursively sanitize nested objects
sanitized[key] = sanitizeParameters(value as Record<string, unknown>);
} else if (Array.isArray(value)) {
// Sanitize array elements
sanitized[key] = value.map((item) =>
typeof item === 'string' ? sanitizeString(item) : item
);
} else {
// Keep other types as-is (numbers, booleans, null)
sanitized[key] = value;
}
}
return sanitized;
}
/**
* Validate that parameters don't contain shell metacharacters
*/
export function containsDangerousCharacters(input: string): boolean {
if (typeof input !== 'string') {
return false;
}
// Check for dangerous characters
if (DANGEROUS_CHARS.test(input)) {
return true;
}
// Check for command injection patterns
for (const pattern of COMMAND_INJECTION_PATTERNS) {
if (pattern.test(input)) {
return true;
}
}
return false;
}

164
src/validation/schemas.ts Normal file
View File

@@ -0,0 +1,164 @@
/**
* Zod Validation Schemas
* Constitutional Principle III: Local Execution Security
* Constitutional Principle IV: Defensive Programming
*/
import { z } from 'zod';
/**
* Common validation patterns
*/
// Vault name validation (alphanumeric, spaces, hyphens, underscores)
export const vaultNameSchema = z
.string()
.min(1, 'Vault name cannot be empty')
.max(255, 'Vault name too long')
.regex(/^[a-zA-Z0-9\s_-]+$/, 'Vault name contains invalid characters');
// Note name validation (allow most characters, but not path separators)
export const noteNameSchema = z
.string()
.min(1, 'Note name cannot be empty')
.max(255, 'Note name too long')
.regex(/^[^/\\]+$/, 'Note name cannot contain path separators');
// File path validation (allow subdirectories)
export const filePathSchema = z
.string()
.min(1, 'File path cannot be empty')
.max(1024, 'File path too long')
.regex(/^[^<>:"|?*]+$/, 'File path contains invalid characters');
// Content validation (allow any string, but limit size)
export const contentSchema = z
.string()
.max(1048576, 'Content too large (max 1MB)'); // 1MB limit
// Tag validation (must start with #)
export const tagSchema = z
.string()
.min(2, 'Tag too short')
.regex(/^#[a-zA-Z0-9_/-]+$/, 'Invalid tag format (must start with # and contain only alphanumeric, _, /, -)');
// Property key validation
export const propertyKeySchema = z
.string()
.min(1, 'Property key cannot be empty')
.max(100, 'Property key too long')
.regex(/^[a-zA-Z0-9_-]+$/, 'Property key contains invalid characters');
// Boolean flag validation
export const booleanFlagSchema = z
.union([z.boolean(), z.string()])
.transform((val) => {
if (typeof val === 'boolean') return val;
return val.toLowerCase() === 'true' || val === '1';
});
// Optional string that can be undefined or empty
export const optionalStringSchema = z.string().optional();
// Date string validation (ISO 8601)
export const dateSchema = z
.string()
.regex(/^\d{4}-\d{2}-\d{2}(T\d{2}:\d{2}:\d{2}(\.\d{3})?Z?)?$/, 'Invalid date format (use ISO 8601)');
/**
* Common parameter schemas
*/
// File identifier (either file name or full path)
export const fileIdentifierSchema = z.object({
file: z.string().optional(),
path: z.string().optional(),
}).refine(
(data) => data.file || data.path,
{ message: 'Either file or path must be provided' }
);
// Pagination parameters
export const paginationSchema = z.object({
limit: z.number().int().positive().max(1000).optional(),
offset: z.number().int().nonnegative().optional(),
});
// Format options
export const formatSchema = z.object({
format: z.enum(['json', 'tsv', 'csv', 'text']).optional().default('text'),
});
/**
* Tool-specific schemas
*/
// Create note parameters
export const createNoteSchema = z.object({
name: noteNameSchema,
path: filePathSchema.optional(),
content: contentSchema.optional(),
template: z.string().optional(),
overwrite: booleanFlagSchema.optional(),
open: booleanFlagSchema.optional(),
});
// Read note parameters
export const readNoteSchema = z.union([
z.object({ file: noteNameSchema }),
z.object({ path: filePathSchema }),
]).refine(
(data) => ('file' in data && data.file) || ('path' in data && data.path),
{ message: 'Either file or path must be provided' }
);
// Append/Prepend parameters
export const appendPrependSchema = z.intersection(
fileIdentifierSchema,
z.object({
content: contentSchema,
inline: booleanFlagSchema.optional(),
})
);
// Delete note parameters
export const deleteNoteSchema = z.intersection(
fileIdentifierSchema,
z.object({
permanent: booleanFlagSchema.optional(),
})
);
// Move/Rename parameters
export const moveRenameSchema = z.intersection(
fileIdentifierSchema,
z.object({
newPath: filePathSchema.optional(),
newName: noteNameSchema.optional(),
})
).refine(
(data) => data.newPath || data.newName,
{ message: 'Either newPath or newName must be provided' }
);
// Search parameters
export const searchSchema = z.object({
query: z.string().min(1, 'Search query cannot be empty'),
...formatSchema.shape,
...paginationSchema.shape,
});
// Tag search parameters
export const tagSearchSchema = z.object({
tag: tagSchema,
...formatSchema.shape,
});
// Property parameters
export const propertySchema = z.intersection(
fileIdentifierSchema,
z.object({
key: propertyKeySchema,
value: z.unknown().optional(),
})
);