Release v1.0.0 - Initial Release
🎉 Initial release of Obsidian MCP Server plugin
Core Features:
- MCP server implementation with HTTP transport
- JSON-RPC 2.0 message handling
- Protocol version 2024-11-05 support
MCP Tools:
- read_note, create_note, update_note, delete_note
- search_notes, list_notes, get_vault_info
Server Features:
- Configurable HTTP server (default port: 3000)
- Health check and MCP endpoints
- Auto-start option
Security:
- Origin header validation (DNS rebinding protection)
- Optional Bearer token authentication
- CORS configuration
UI:
- Settings panel with full configuration
- Status bar indicator and ribbon icon
- Start/Stop/Restart commands
Documentation:
- Comprehensive README with examples
- Quick Start Guide and Implementation Summary
- Test client script
This commit is contained in:
27
.windsurf/rules/security-privacy.md
Normal file
27
.windsurf/rules/security-privacy.md
Normal file
@@ -0,0 +1,27 @@
|
||||
---
|
||||
trigger: always_on
|
||||
description: Security, privacy, and compliance requirements
|
||||
---
|
||||
|
||||
# Security, Privacy, and Compliance
|
||||
|
||||
Follow Obsidian's **Developer Policies** and **Plugin Guidelines**.
|
||||
|
||||
## Network & External Services
|
||||
|
||||
- **Default to local/offline operation** - Only make network requests when essential to the feature
|
||||
- **No hidden telemetry** - If you collect optional analytics or call third-party services, require explicit opt-in and document clearly in `README.md` and in settings
|
||||
- **Never execute remote code** - Don't fetch and eval scripts, or auto-update plugin code outside of normal releases
|
||||
- **Clearly disclose external services** - Document any external services used, data sent, and risks
|
||||
|
||||
## Data Access & Privacy
|
||||
|
||||
- **Minimize scope** - Read/write only what's necessary inside the vault
|
||||
- **Do not access files outside the vault**
|
||||
- **Respect user privacy** - Do not collect vault contents, filenames, or personal information unless absolutely necessary and explicitly consented
|
||||
- **No deceptive patterns** - Avoid ads or spammy notifications
|
||||
|
||||
## Resource Management
|
||||
|
||||
- **Register and clean up all resources** - Use the provided `register*` helpers so the plugin unloads safely
|
||||
- Clean up DOM, app, and interval listeners properly
|
||||
Reference in New Issue
Block a user