What are the requirements for Basalt MCP?

Basalt MCP requires a compatible MCP client such as Claude Desktop, Claude Code, or Cursor. No additional environment variables are needed for basic setup.

Is Basalt MCP free to use?

Yes, Basalt MCP is open source and free to use. You can find the source code on GitHub.

What MCP clients support Basalt MCP?

Basalt MCP works with any MCP-compatible client including Claude Desktop (Anthropic's official desktop app), Claude Code (CLI tool), Cursor, and other editors with MCP support.

How do I configure Basalt MCP?

Configure Basalt MCP by adding it to your MCP client's config file. For Claude Desktop, edit claude_desktop_config.json and add the server configuration. See the Configuration section above for a ready-to-use example.

Basalt MCP Server

Q: What tools does Basalt MCP provide?

getAllFilenames: List all vault files, sorted by most recently modified. readMultipleFiles: Read files by exact, case-insensitive, or partial name match. getOpenTodos: Find all unchecked todo items across markdown files. updateFileContent: Create or update files with validation. searchVault: Search vault files by content with context snippets. appendToFile: Append content to an existing file. listFiles: List vault files filtered by folder and/or extension. gitStatus: Working tree status. gitLog: Commit history with configurable depth. gitDiff: Diff output for working tree, staged, or refs. gitBlame: Per-line blame for a file.

Q: How do I install Basalt MCP?

Install Basalt MCP by running: npm install && npm run build

Local setup required. This server has to be cloned and prepared on your machine before you register it in Claude Code.

Set the server up locally

Run this once to clone and prepare the server before adding it to Claude Code.

Run in terminal

npm install
npm run build

Register it in Claude Code

After the local setup is done, run this command to point Claude Code at the built server.

Run in terminal

claude mcp add basalt-mcp -- node "<FULL_PATH_TO_BASALT_MCP>/dist/index.js" --vault /path/to/your/vault --repo /path/to/your/repo

Replace <FULL_PATH_TO_BASALT_MCP>/dist/index.js with the actual folder you prepared in step 1.

README.md

A security-hardened MCP server for Obsidian vaults and git repositories.

Basalt MCP

A security-hardened Model Context Protocol server with two independent tool modules: Obsidian vault tools for managing a knowledge base, and git tools for LLM-assisted code review. Built for adversarial environments where the connected AI cannot be trusted.

Tools

Obsidian Vault Tools (`--vault`)

Tool	Description
`getAllFilenames`	List all vault files, sorted by most recently modified
`readMultipleFiles`	Read files by exact, case-insensitive, or partial name match
`getOpenTodos`	Find all unchecked todo items (`- [ ]`) across markdown files
`updateFileContent`	Create or update files (9-step write validation chain)
`searchVault`	Search vault files by content (plain text or regex) with context snippets
`appendToFile`	Append content to an existing file (no file creation)
`listFiles`	List vault files filtered by folder and/or extension

Git Tools (`--repo`)

Tool	Description
`gitStatus`	Working tree status (staged, unstaged, untracked)
`gitLog`	Commit history with configurable depth
`gitDiff`	Diff output (working tree, staged, or against a ref)
`gitBlame`	Per-line blame for a file

All git tools are read-only. No mutations (no commit, push, reset, checkout).

Quick Start

npm install
npm run build

Usage

# Both modules — vault for context, repo for code review
node dist/index.js --vault /path/to/vault --repo /path/to/repo

# Vault only
node dist/index.js --vault /path/to/vault

# Repo only
node dist/index.js --repo /path/to/repo

At least one of --vault or --repo is required. The vault and repo are independent directories — the vault is a knowledge base (Obsidian), the repo is a code repository (git).

Claude Desktop

Add to ~/Library/Application Support/Claude/claude_desktop_config.json:

{
  "mcpServers": {
    "basalt": {
      "command": "node",
      "args": [
        "/absolute/path/to/basalt-mcp/dist/index.js",
        "--vault", "/path/to/your/vault",
        "--repo", "/path/to/your/repo"
      ]
    }
  }
}

Cursor

Add to .cursor/mcp.json in your project:

{
  "mcpServers": {
    "basalt": {
      "command": "node",
      "args": [
        "/absolute/path/to/basalt-mcp/dist/index.js",
        "--vault", "/path/to/your/vault",
        "--repo", "/path/to/your/repo"
      ]
    }
  }
}

The server communicates over stdio using the MCP JSON-RPC protocol.

Security

The server treats every tool call as potentially hostile.

Vault tools — all filesystem access is sandboxed to the vault directory through multiple independent layers:

9-step write validation chain — null bytes, dot-paths, extension allowlist, path limits, vault containment, symlinked parent walk, atomic O_NOFOLLOW write
Extension allowlist — only .md and .canvas (native Obsidian formats)
3-layer symlink defense — glob-level exclusion, parent directory walk, kernel-level O_NOFOLLOW
Error sanitization — never leaks system paths or OS details
Untrusted-content metadata — filenames, file content, todos, search results, and git output are marked untrusted for MCP clients
Resource limits — 10 MB read cap, 1 MB write cap, 50 filenames per request, 5 partial match results, 20 search match cap

Git tools — all git execution is sandboxed to the repo directory:

execFileSync only — no shell, no command injection possible
Ref name allowlist — rejects shell metacharacters, backticks, $(), pipes, semicolons
Path validation — blame file paths go through null byte check, repo containment, and symlink walk
Output sanitization — repo path stripped from all output, 100KB output cap, 10s timeout

See SECURITY.md for the full threat model, design rationale, and all 118 tested attack vectors.

Development

npm test            # run all 341 tests
npm run test:watch  # watch mode
npm run lint        # type-check without emitting
npm run dev         # watch mode compilation

Project Structure

src/
├── index.ts                    Server entrypoint (--vault/--repo flags, stdio transport)
├── core/                       Shared security framework
│   ├── validation.ts           Assertion functions (7)
│   ├── vault.ts                Immutable vault path management
│   ├── repo.ts                 Immutable repo path management + git validation
│   ├── contentBoundary.ts      Boundary markers for untrusted content (spotlighting)
│   └── errors.ts               Error sanitization
└── tools/
    ├── obsidian/               Obsidian vault tool module
    │   ├── getAllFilenames.ts
    │   ├── readMultipleFiles.ts
    │   ├── getOpenTodos.ts
    │   ├── updateFileContent.ts
    │   ├── searchVault.ts
    │   ├── appendToFile.ts
    │   └── listFiles.ts
    └── git/                    Git tool m

Tools (11)

getAllFilenamesList all vault files, sorted by most recently modified

readMultipleFilesRead files by exact, case-insensitive, or partial name match

getOpenTodosFind all unchecked todo items across markdown files

updateFileContentCreate or update files with validation

searchVaultSearch vault files by content with context snippets

appendToFileAppend content to an existing file

listFilesList vault files filtered by folder and/or extension

gitStatusWorking tree status

gitLogCommit history with configurable depth

gitDiffDiff output for working tree, staged, or refs

gitBlamePer-line blame for a file

Configuration

claude_desktop_config.json

{"mcpServers": {"basalt": {"command": "node", "args": ["/absolute/path/to/basalt-mcp/dist/index.js", "--vault", "/path/to/your/vault", "--repo", "/path/to/your/repo"]}}}

Try it

→Find all unchecked todo items in my Obsidian vault.

→Search my vault for notes containing 'project roadmap' and summarize them.

→Show me the git status of the current repository.

→Read the content of my daily note from yesterday.

→Show the commit history for the last 5 changes in this repository.

Frequently Asked Questions

What are the key features of Basalt MCP?

Security-hardened sandboxing for filesystem and git operations. 9-step write validation chain for Obsidian vault files. Read-only git tools with shell injection protection. Resource limits on file reads, writes, and search results. Independent modules for knowledge base management and code review.

What can I use Basalt MCP for?

Managing Obsidian knowledge bases with AI assistance in untrusted environments. Performing LLM-assisted code reviews on local git repositories. Tracking and updating project tasks stored in markdown files. Searching through large personal knowledge bases using natural language.

How do I install Basalt MCP?

Install Basalt MCP by running: npm install && npm run build

What MCP clients work with Basalt MCP?

Basalt MCP works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep Basalt MCP docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.

Open Conare

View all file-management servers →