slohmaier/mcp-home
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e7212505520ab20259d4863a331c12dcc2c04783
mcp-home/CLAUDE.md
T
Stefan Lohmaier fb642e47c8 Initial commit: 5 MCP servers for Mail, Calendar, Contacts, Files, Notes 
Self-hosted MCP servers with OAuth client_credentials auth.
Each server connects to a different backend:
- Mail: reads Maildir IMAP backups
- Calendar/Tasks: CalDAV against Radicale
- Contacts: CardDAV against Radicale
- Files: WebDAV against oCIS
- Notes: Joplin REST API

Credentials externalized to config.json (not in repo).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-06-12 06:22:42 +02:00

70 lines
3.0 KiB
Markdown
Raw Blame History

# mcp-home
Self-hosted MCP (Model Context Protocol) servers for Claude. Provides access to personal data services via remote HTTP endpoints with OAuth client_credentials auth.
## Architecture
5 independent MCP servers, each on its own port, behind nginx reverse proxy at `mcp.home.slohmaier.de`:
- **Mail** (Port 5100) — searches IMAP backup Maildirs
- **Calendar** (Port 5101) — CalDAV against Radicale (events + tasks/reminders)
- **Contacts** (Port 5102) — CardDAV against Radicale
- **Files** (Port 5103) — WebDAV against oCIS
- **Notes** (Port 5104) — Joplin REST API
All servers share `common.py` for OAuth token handling and user resolution.
## Auth Flow
OAuth `client_credentials` grant — no browser redirect needed:
1. Client POSTs to `/<service>/token` with `client_id` + `client_secret`
2. Server returns `access_token` (valid 24h)
3. Client sends `Authorization: Bearer <token>` with MCP requests
4. User is identified by `client_id` (matches `tokens.json`)
OAuth metadata at `/<service>/.well-known/oauth-authorization-server`.
## User Separation
`tokens.json` (not in git, chmod 600) maps client_id → user. Each user only sees their own data. Shared CalDAV calendars are visible to both users.
## Files
- `common.py` — OAuth endpoints, Bearer middleware, user resolution via contextvars
- `tokens.json` — client_id/secret per user (generate with `python3 -c "import secrets; print(secrets.token_urlsafe(48))"`)
- `mail/server.py` — Maildir reader, search across subject/from/to/body
- `calendar/server.py` — CalDAV REPORT queries, event/task CRUD, vobject serialization
- `contacts/server.py` — CardDAV addressbook-query, vCard parsing, contact CRUD
- `files/server.py` — WebDAV PROPFIND/GET, recursive search, text file reading
- `notes/server.py` — Joplin REST API wrapper (needs per-user API token in code)
## Dependencies
```
pip install mcp[cli] httpx vobject python-dateutil
```
Python 3.12+, venv at `./venv/`.
## Deployment
Each server runs as systemd unit (`mcp-<name>.service`), managed by uvicorn. nginx at `mcp.home.slohmaier.de` proxies `/<service>/` to the right port. TLS via Certbot.
## Adding a New Service
1. Create `<name>/server.py` with `FastMCP` instance + `create_app()` using the same pattern
2. Import `get_current_user`, `OAUTH_ROUTES`, `BearerAuthMiddleware` from `common.py`
3. Add nginx location block for `/<name>/`
4. Create systemd unit `mcp-<name>.service`
5. Update `tokens.json` if the new service needs different user mapping
## Tool Design Guidelines
- Every tool docstring is the first thing Claude sees — make it actionable ("Call this first", "Use the UID from search results")
- Use `Annotated[str, Field(description="...")]` with example values for every parameter
- Indicate which parameters are optional ("Leave empty for all")
- Reference other tools in descriptions ("Use get_contact with the UID for full details")
- Return structured text, not JSON — Claude parses text faster
- Include UIDs/keys in output so Claude can chain to detail tools without asking the user
Reference in New Issue View Git Blame Copy Permalink