https://github.com/istefox/istefox-dt-mcp
Open-source DEVONthink 4 MCP server. 0.3.0 added safer undo; 0.4.0 makes the server reachable from Claude.ai Web, mobile, or anything that speaks streamable HTTP — not only Claude Desktop on the same Mac.
**What's new**
- Streamable-HTTP transport via uvicorn. Run `istefox-dt-mcp serve --transport http` and front it with Cloudflare Tunnel for TLS at the edge.
- OAuth 2.1 + PKCE flow with a minimal HTML consent page. Three scopes (`dt:read`, `dt:write`, `dt:admin`); database-scoping is persisted server-side, so newly-created DBs trigger an explicit re-consent instead of leaking through.
- Bearer JWT (HS256, 1h TTL) validated by FastMCP middleware. Stdio path unchanged — Claude Desktop still works without auth.
- ConsentStore SQLite + AuthCodeStore (one-shot codes, 10-min TTL).
**Why it matters**
Same DEVONthink data, now reachable from Claude.ai Web on the iPad without local install. Privacy stays on-device: tokens are local, no telemetry, no third-party identity provider — your DEVONthink data never leaves the Mac running the server.
294 unit + contract tests, 11 integration tests, smoke E2E 7/7, mypy clean.
**Roadmap**: token refresh + key rotation, RAG benchmark cross-corpus, `create_smart_rule` (still blocked on a DT4 SDK gap).
Feedback welcome.
2 Likes