Bill/obsidian-mcp-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Files
08cc6e9ea60389c6b0340c7045eb1d29c81fffe2
obsidian-mcp-server/.windsurf/rules/security-privacy.md
Bill 08cc6e9ea6 Release v1.0.0 - Initial Release 
🎉 Initial release of Obsidian MCP Server plugin

Core Features:
- MCP server implementation with HTTP transport
- JSON-RPC 2.0 message handling
- Protocol version 2024-11-05 support

MCP Tools:
- read_note, create_note, update_note, delete_note
- search_notes, list_notes, get_vault_info

Server Features:
- Configurable HTTP server (default port: 3000)
- Health check and MCP endpoints
- Auto-start option

Security:
- Origin header validation (DNS rebinding protection)
- Optional Bearer token authentication
- CORS configuration

UI:
- Settings panel with full configuration
- Status bar indicator and ribbon icon
- Start/Stop/Restart commands

Documentation:
- Comprehensive README with examples
- Quick Start Guide and Implementation Summary
- Test client script
2025-10-16 20:52:52 -04:00

27 lines
1.2 KiB
Markdown
Raw Blame History

---
trigger: always_on
description: Security, privacy, and compliance requirements
---
# Security, Privacy, and Compliance
Follow Obsidian's **Developer Policies** and **Plugin Guidelines**.
## Network & External Services
- **Default to local/offline operation** - Only make network requests when essential to the feature
- **No hidden telemetry** - If you collect optional analytics or call third-party services, require explicit opt-in and document clearly in `README.md` and in settings
- **Never execute remote code** - Don't fetch and eval scripts, or auto-update plugin code outside of normal releases
- **Clearly disclose external services** - Document any external services used, data sent, and risks
## Data Access & Privacy
- **Minimize scope** - Read/write only what's necessary inside the vault
- **Do not access files outside the vault**
- **Respect user privacy** - Do not collect vault contents, filenames, or personal information unless absolutely necessary and explicitly consented
- **No deceptive patterns** - Avoid ads or spammy notifications
## Resource Management
- **Register and clean up all resources** - Use the provided `register*` helpers so the plugin unloads safely
- Clean up DOM, app, and interval listeners properly
Reference in New Issue View Git Blame Copy Permalink