happyz
/
memos
mirror of https://github.com/usememos/memos.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
memos/server/router/mcp
History
Steven 26d10212c6 refactor: consolidate duplicated auth logic into auth package 
Add ApplyToContext and AuthenticateToUser helpers to the auth package,
then remove the duplicated auth code spread across the MCP middleware,
file server, Connect interceptor, and gRPC-Gateway middleware.

- auth.ApplyToContext: single place to set claims/user into context after Authenticate()
- auth.AuthenticateToUser: resolves any credential (bearer token or refresh cookie) to a *store.User
- MCP middleware: replaced manual PAT DB lookup + expiry check with Authenticator.AuthenticateByPAT
- File server: replaced authenticateByBearerToken/authenticateByRefreshToken with AuthenticateToUser
- Connect interceptor + Gateway middleware: replaced duplicated context-setting block with ApplyToContext
- MCPService now accepts secret to construct its own Authenticator
 		2026-02-24 23:08:16 +08:00
..
README.md feat: add MCP server with PAT authentication 2026-02-24 22:54:51 +08:00
auth_middleware.go refactor: consolidate duplicated auth logic into auth package 2026-02-24 23:08:16 +08:00
mcp.go refactor: consolidate duplicated auth logic into auth package 2026-02-24 23:08:16 +08:00
tools_memo.go feat: add MCP server with PAT authentication 2026-02-24 22:54:51 +08:00

README.md

MCP Server

This package implements a Model Context Protocol (MCP) server embedded in the Memos HTTP process. It exposes memo operations as MCP tools, making Memos accessible to any MCP-compatible AI client (Claude Desktop, Cursor, Zed, etc.).

Endpoint

POST /mcp   (tool calls, initialize)
GET  /mcp   (optional SSE stream for server-to-client messages)

Transport: Streamable HTTP (single endpoint, MCP spec 2025-03-26).

Authentication

Every request must include a Personal Access Token (PAT):

Authorization: Bearer <your-PAT>

PATs are long-lived tokens created in Settings → My Account → Access Tokens. Short-lived JWT session tokens are not accepted. Requests without a valid PAT receive HTTP 401.

Tools

All tools are scoped to the authenticated user's memos.

Tool Description Required params Optional params
list_memos List memos page_size (int, max 100), filter (CEL expression)
get_memo Get a single memo name
search_memos Full-text search query
create_memo Create a memo content visibility
update_memo Update content or visibility name content, visibility
delete_memo Delete a memo name

name is the memo resource name, e.g. memos/abc123.

visibility accepts PRIVATE (default), PROTECTED, or PUBLIC.

filter accepts CEL expressions supported by the memo filter engine, e.g.:

  • content.contains("keyword")
  • visibility == "PUBLIC"
  • has_task_list

Connecting Claude Code

claude mcp add --transport http memos http://localhost:5230/mcp \
  --header "Authorization: Bearer <your-PAT>"

Use --scope user to make it available across all projects:

claude mcp add --scope user --transport http memos http://localhost:5230/mcp \
  --header "Authorization: Bearer <your-PAT>"

Package Structure

File Responsibility
mcp.go MCPService struct, constructor, route registration
auth_middleware.go Echo middleware — validates Bearer token, sets user ID in context
tools_memo.go Tool registration and six memo tool handlers