Trilium MCP
AI Skill Hub 推荐使用:Trilium MCP 是一款优质的MCP工具。AI 综合评分 7.5 分,在同类工具中表现稳健。如果你正在寻找可靠的MCP工具解决方案,这是一个值得深入了解的选择。
📚 深度解析
通过安装 Trilium MCP,你的 AI 助手将获得额外的工具调用能力,可以用自然语言直接操控该工具的功能,无需学习复杂的命令行语法。MCP 工具的核心价值在于"一次配置,永久增强"——配置完成后,每次与 AI 对话时都可以无缝调用这些工具。
在技术实现上,MCP 工具通过标准的 JSON-RPC 协议与 AI 客户端通信,工具的功能以"工具列表"的形式暴露给 AI 模型,AI 可以按需调用。Trilium MCP 提供了结构化的工具调用接口,使 AI 模型能够精确地理解和使用每个功能点,显著降低 AI 在工具使用上的错误率。
与传统的 API 集成相比,MCP 工具的优势在于无需编写代码——用户只需在配置文件中添加几行 JSON,即可让 AI 获得全新能力。AI Skill Hub 将 Trilium MCP 评为 AI 评分 7.5 分,属于同类工具中的优质选择。
📋 工具概览
Trilium MCP 是一款遵循 MCP(Model Context Protocol)标准协议的 AI 工具扩展。通过 MCP 协议,它可以让 Claude、Cursor 等主流 AI 客户端直接访问和操作外部工具、数据源和服务,实现 AI 能力的无缝扩展。无论是文件操作、数据库查询还是 API 调用,都可以通过自然语言在 AI 对话中直接触发,极大提升生产效率。
📖 中文文档
Trilium MCP 是一款遵循 MCP(Model Context Protocol)标准协议的 AI 工具扩展。通过 MCP 协议,它可以让 Claude、Cursor 等主流 AI 客户端直接访问和操作外部工具、数据源和服务,实现 AI 能力的无缝扩展。无论是文件操作、数据库查询还是 API 调用,都可以通过自然语言在 AI 对话中直接触发,极大提升生产效率。
- 通过标准 MCP 协议与 Claude、Cursor 等主流 AI 客户端深度集成
- 提供结构化工具调用接口,显著降低 AI 集成复杂度
- 支持 Claude Desktop 和 Claude Code 无缝接入,开箱即用
- 可与其他 MCP 工具组合叠加,构建完整 AI 工作站
- 轻量无侵入设计,不影响现有系统架构
- 在 Claude Desktop 对话中直接调用本地工具,实现 AI 与系统的深度联动
- 通过自然语言驱动复杂的多步骤自动化任务,代替繁琐手动操作
- 将多个 MCP 工具组合使用,构建个人专属 AI 工作站
# 方式一:通过 Claude Code CLI 一键安装
claude skill install https://github.com/perfectra1n/triliumnext-mcp
# 方式二:手动配置 claude_desktop_config.json
{
"mcpServers": {
"trilium-mcp": {
"command": "npx",
"args": ["-y", "triliumnext-mcp"]
}
}
}
# 配置文件位置
# macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
# Windows: %APPDATA%/Claude/claude_desktop_config.json
- 确认已安装 Node.js(v18 或以上版本)
- 打开 Claude Desktop 或 Claude Code 的 MCP 配置文件
- 按「交给 Agent 安装 → Claude Desktop」标签中的 JSON 配置填入 mcpServers 字段
- 保存配置文件并重启 Claude 客户端
- 重启后,在对话中即可使用本工具
# 安装后在 Claude 对话中直接使用 # 示例: 用户: 请帮我用 Trilium MCP 执行以下任务... Claude: [自动调用 Trilium MCP MCP 工具处理请求] # 查看可用工具列表 # 在 Claude 中输入:"列出所有可用的 MCP 工具"
// claude_desktop_config.json 配置示例
{
"mcpServers": {
"trilium_mcp": {
"command": "npx",
"args": ["-y", "triliumnext-mcp"],
"env": {
// "API_KEY": "your-api-key-here"
}
}
}
}
// 保存后重启 Claude Desktop 生效
TriliumNext MCP Server
A Model Context Protocol (MCP) server for interacting with TriliumNext via its ETAPI. Enables LLMs to create, read, update, and organize notes — including embedding images and files directly into note content.
Features
- 19 tools across 8 categories for full note management, search, organization, attachments, revisions, and system operations (consolidated from 35 in v1 — see Migrating from v1)
- MCP tool annotations (
readOnlyHint,destructiveHint,idempotentHint,title) on every tool for better approval-dialog UX in clients that surface them - Inline image and file embedding — attach images and files when creating or updating notes in a single tool call
- Data URL support — pass image/file data as raw base64 or
data:URLs - Four content modes on
write_note— metadata, replace, append, and edit (search/replace or unified diff) - Markdown support — write in markdown, stored as HTML automatically
- Image-aware content retrieval —
get_notereturns embedded images as MCP image blocks alongside the note body - Support for STDIO, HTTP/SSE, and StreamableHTTP transports, including multi-tenant mode where each client brings its own Trilium URL + ETAPI token
- Pluggable gateway auth — none, shared-secret bearer, or JWT/OIDC (HS256 secrets + JWKS for RS256/ES256/EdDSA)
- CORS for browser-based MCP clients, in-process rate limiting per IP + per gateway token, and Prometheus metrics with optional per-principal labels
- Flexible configuration via CLI, environment variables, or config file
- TypeScript with full type safety
What's never logged
- ETAPI tokens, gateway bearer tokens, or any value of a field matching
/token|password|secret|authorization|api[_-]?key/i - Note bodies, attachment bytes, search results, or any field named
content,text,body,data,attachment,blob,html,markdown— replaced with<string len=N>/<array len=N>/<object>shape descriptors atdebug, omitted entirely atinfo - Full Trilium URLs (which can theoretically embed credentials) — only the hostname is logged
Cardinality and what's intentionally NOT a label
- No
sessionlabel. SSE session ids are unbounded and per-connection. Use logs (which carrysession=…) for per-session investigation; use metrics for fleet-level rollups. - No tenant / Trilium-host label. Same reason — and avoids putting tenant identifiers into a scrape surface that may have different access controls than the logs.
- No raw
pathfor unknown routes. Random scanners / typo'd URLs collapse tounknown, so a probe storm can't blow up cardinality.
Prerequisites
- Node.js 20+
- npm
- Docker (for integration tests)
Installation
git clone https://github.com/perfectra1n/triliumnext-mcp
cd triliumnext-mcp
npm install
npm run buildDeploying with Docker / Compose
Add to docker-compose.multi-tenant.yml (already templated as commented-out entries in that file):
services:
mcp-server:
environment:
- TRILIUM_METRICS=true
# Default: reuse the gateway bearer. No new config needed.
- TRILIUM_METRICS_AUTH=gateway
# Or, give Prometheus its own rotatable credential:
# - TRILIUM_METRICS_AUTH=bearer
# - TRILIUM_METRICS_TOKENS=${PROMETHEUS_SCRAPE_TOKEN}In Kubernetes, the equivalent is two env vars (TRILIUM_METRICS=true and TRILIUM_METRICS_AUTH) on the Deployment plus a ServiceMonitor with bearerTokenSecret pointing at the token Secret.
Multi-tenant HTTP deployment
By default the server is single-tenant: TRILIUM_URL and TRILIUM_TOKEN are loaded once at startup and every MCP client that connects talks to the same Trilium instance. That's fine for a personal setup, but if you want to run one MCP server process that serves multiple users, each with their own Trilium and their own ETAPI token, switch it into multi-tenant mode.
Quick start (Docker)
export MCP_GATEWAY_TOKEN=$(openssl rand -hex 32)
docker compose -f docker-compose.multi-tenant.yml up -dDistribute MCP_GATEWAY_TOKEN to authorized clients. Put a TLS-terminating reverse proxy (nginx, Caddy, Traefik) in front of this container — bearer tokens in plaintext HTTP are unsafe.
Setup
npm install # Install dependencies
npm run build # Build TypeScript
npm test # Run unit tests
npm run test:integration # Run integration tests (starts Trilium in Docker)
npm run lint # Run linter
npm run format # Format codeDocker
Start Trilium and the MCP server:
TRILIUM_TOKEN=your-token docker compose up -dBuild the Docker image:
docker build -t triliumnext-mcp .Example output
info level, text format (the default):
2026-05-12T18:16:21.098Z INFO server_started transport=stdio
2026-05-12T18:16:33.937Z INFO http_request method=GET path=/health status=200 duration_ms=2 remote=::1
2026-05-12T18:16:40.512Z INFO sse_connected session=2f1c... host=notes.example.com
2026-05-12T18:16:40.871Z INFO list_tools session=2f1c... count=19
2026-05-12T18:16:41.044Z INFO tool_call session=2f1c... tool=search_notes duration_ms=42 ok=true
2026-05-12T18:16:42.110Z INFO tool_call session=2f1c... tool=get_note duration_ms=11 ok=false error=trilium status=404 code=NOT_FOUND
2026-05-12T18:16:55.802Z INFO sse_closed session=2f1c...LOG_FORMAT=json:
{"ts":"2026-05-12T18:16:41.044Z","level":"info","event":"tool_call","session":"2f1c...","tool":"search_notes","duration_ms":42,"ok":true}The session field is identical across sse_connected, every tool_call on that connection, and sse_closed, so you can correlate tool activity to its SSE session and (in multi-tenant mode) to its Trilium host.
Quick start (local)
npm run build
node dist/index.js \
--transport http \
--port 3000 \
--multi-tenant \
--gateway-token "$(openssl rand -hex 32)"Configuration
Configuration precedence (highest to lowest): 1. CLI arguments 2. Environment variables 3. Configuration file (./trilium-mcp.json or ~/.trilium-mcp.json) 4. Default values
Environment Variables
```bash export TRILIUM_URL=http://localhost:37740/etapi export TRILIUM_TOKEN=your-etapi-token export TRILIUM_PUBLIC_URL=https://trilium.example.com # optional; web URL for note links (defaults to TRILIUM_URL without /etapi) export TRILIUM_TRANSPORT=stdio export TRILIUM_HTTP_PORT=3000 export TRILIUM_MAX_POST_BYTES=500mb # SSE POST body cap; see "Request body size limits"
Config File
Create trilium-mcp.json in the current directory or ~/.trilium-mcp.json:
{
"url": "http://localhost:37740/etapi",
"token": "your-etapi-token",
"transport": "stdio",
"httpPort": 3000
}For multi-tenant HTTP deployments, the same precedence applies (CLI > env > file > default). Multi-tenant keys:
{
"transport": "http",
"httpPort": 3000,
"multiTenant": true,
"gatewayAuth": "bearer",
"gatewayTokens": ["pick-a-long-random-token"],
"urlAllowlist": ["notes.example.com", "trilium.internal"],
"allowPrivateUrls": false
}Sample Prometheus scrape config
scrape_configs:
- job_name: triliumnext-mcp
scheme: https
static_configs:
- targets: ['mcp.example.com']
metrics_path: /metrics
authorization:
type: Bearer
credentials: 'YOUR_GATEWAY_OR_METRICS_TOKEN'SSRF configuration
| Flag | Behavior |
|---|---|
| *(default)* | Reject any X-Trilium-Url whose hostname resolves to a private / loopback / link-local / CGNAT / multicast address. |
--trilium-url-allowlist host1,host2 | Only hostnames matching the list (exact or suffix — example.com matches a.example.com) are accepted. Takes precedence over the private-IP block. |
--allow-private-urls | Disable the private-IP block entirely. Use only on trusted/homelab networks. |
CLI Arguments
npm install -g .
triliumnext-mcp --url http://localhost:37740/etapi --token YOUR_TOKENOptions: - -u, --url <url> — Trilium ETAPI URL (default: http://localhost:37740/etapi) - -t, --token <token> — Trilium ETAPI token (required in single-tenant mode) - --public-url <url> — user-facing Trilium web URL used for the clickable note links returned to the user. Defaults to --url with /etapi stripped. Set this only when the MCP server reaches Trilium at a different address than the user's browser does (e.g. an internal ETAPI host behind a public reverse-proxy domain). - --transport <type> — Transport type: stdio or http (default: stdio) - -p, --port <port> — HTTP server port when using http transport (default: 3000) - --max-post-bytes <size> — max size of a single MCP JSON-RPC POST body on the SSE transport. Accepts raw bytes or suffixed values like 500mb / 1gb (default: 500mb). See Request body size limits. - -h, --help — Show help message
Multi-tenant HTTP options (see Multi-tenant HTTP deployment below): - --multi-tenant — each SSE client supplies its own Trilium URL + token - --gateway-auth <mode> — none or bearer (default: bearer when multi-tenant) - --gateway-token <token> — accepted bearer token (repeatable) - --trilium-url-allowlist <hosts> — comma-separated allowed hostnames for client URLs - --allow-private-urls — skip the private/loopback IP SSRF block
Event reference
| Event | Level | Fields | When | ||||
|---|---|---|---|---|---|---|---|
server_started | info | transport, port?, mode?, gateway_auth? | After the listener is up (or stdio is connected). | ||||
startup_failed | error | err | Server failed to start. | ||||
list_tools | info | session, count | Client called tools/list. | ||||
tool_call | info | session, tool, duration_ms, ok, error?, code?, status? | One per tools/call. error is one of trilium \ | zod \ | diff \ | unknown_tool \ | unknown. |
tool_call_args | debug | session, tool, args | Per call, before dispatch. args is shallow + redacted (secrets stripped, content blobs replaced with <string len=N>, scalars truncated at 64 chars). | ||||
http_request | info | method, path, status, duration_ms, remote | One per HTTP request to the SSE gateway. Path is pre-? to avoid logging query-string secrets. | ||||
sse_connected | info | session, host | New SSE connection accepted. host is the Trilium hostname (never the full URL or token). | ||||
sse_closed | info | session | SSE connection closed by either side. | ||||
sse_post | debug | session, bytes | Per POST /message, after body read. | ||||
sse_connect_failed | error | session, err | server.connect(transport) threw. | ||||
unauthorized | warn | remote | Gateway bearer check failed. | ||||
missing_trilium_credentials | warn | remote | Multi-tenant connect without X-Trilium-Url+X-Trilium-Token. | ||||
url_rejected | warn | reason | SSRF guard rejected the client URL. | ||||
trilium_auth_failed | warn | host, status, code | Trilium returned 401/403 to the connect-time probe. | ||||
trilium_validate_timeout | warn | host | Probe exceeded 10 s. | ||||
trilium_unreachable | warn | host, err | Trilium probe failed for any other reason. | ||||
allow_private_urls_enabled | warn | *(none)* | Operator started multi-tenant mode with --allow-private-urls. | ||||
request_handler_error | error | method, path, err | Unhandled error in the HTTP handler chain. |
Event names match the JSON error strings returned to the HTTP client where applicable, so a grep for a failure mode finds both the log line and the response.
HTTP endpoints
| Method | Path | Auth | Purpose |
|---|---|---|---|
GET | /health | none | Liveness probe — returns {"status":"ok"}. |
GET | /sse | gateway + per-connection | Open an SSE stream. Server replies with an endpoint event containing /message?sessionId=<uuid>. |
POST | /message | implicit via sessionId | Client sends JSON-RPC messages here. Content-Type: application/json, up to 1 MB. |
Getting an ETAPI Token
- Open TriliumNext in your browser
- Go to Options (gear icon) → ETAPI
- Create a new ETAPI token
- Copy the token and use it in your configuration
Troubleshooting
Connection immediately returns 401 unauthorized. Missing or malformed Authorization: Bearer. Check your client logs — some MCP clients strip non-standard headers on SSE.
Connection returns 401 trilium_auth_failed. The ETAPI token was rejected by Trilium. Test it directly: curl -H "Authorization: $TOKEN" https://trilium.example.com/etapi/app-info.
Connection returns 400 url_rejected with reason=private_address. You're pointing at a private/loopback IP (common in homelabs). Either add the hostname to --trilium-url-allowlist or pass --allow-private-urls.
Connection returns 504 trilium_validate_timeout. getAppInfo didn't respond within 10 seconds. Usually a DNS black hole, a firewall dropping packets, or Trilium is actually down.
Connection succeeds but tool calls hang. Reverse proxy is buffering SSE. Verify proxy_buffering off (nginx) / flush_interval -1 (Caddy).
/health returns 200 but clients get 502/504 from the proxy. Proxy can reach the MCP server, but the server can't reach Trilium from its own network namespace (e.g., Docker bridge vs. host). Check docker exec triliumnext-mcp wget -qO- http://trilium:8080/etapi/app-info.
triliumnext-mcp 是一个基于 Model Context Protocol (MCP) 标准开发的服务器,旨在通过 TriliumNext 的 ETAPI 实现 LLM(大语言模型)与笔记系统之间的深度交互。通过该服务器,Claude 等 AI 客户端可以实现对笔记的创建、读取、更新及组织管理,甚至支持直接在笔记内容中嵌入图片和文件,让 AI 具备管理个人知识库的能力。
本项目提供了强大的工具集,包含 8 个类别共 19 个工具,涵盖了笔记管理、搜索、组织、附件处理、版本修订及系统操作等全方位功能。为了提升客户端的交互体验,所有工具均配置了 MCP tool annotations(如 readOnlyHint、destructiveHint 等),帮助客户端在执行敏感操作时提供更精准的审批对话提示。此外,系统还支持图片与文件的内联嵌入。
在开始使用之前,请确保您的开发环境已安装 Node.js 20 或更高版本,并配备 npm 包管理器。此外,如果您需要运行集成测试,系统中还需配置 Docker 环境。
您可以通过源码安装:首先使用 git clone 克隆项目仓库,进入目录后执行 npm install 进行依赖安装,最后通过 npm run build 完成构建。对于容器化部署,您可以将配置项添加到 docker-compose.yml 文件中,通过环境变量控制 TRILIUM_METRICS 等参数,实现快速集成。
在本地开发环境下,您可以通过运行构建后的 dist/index.js 并指定 --transport http 模式来启动服务器。对于需要支持多用户场景的部署,请务必开启 --multi-tenant 模式,并配合 --gateway-token 参数使用,以确保每个用户都能通过各自的 ETAPI token 安全地访问其专属的 Trilium 实例。
项目配置遵循严格的优先级顺序:CLI 命令行参数 > 环境变量 > 配置文件(./trilium-mcp.json 或 ~/.trilium-mcp.json) > 默认值。您可以根据需求配置 TRILIUM_URL、TRILIUM_TOKEN 等关键参数。在多租户 HTTP 部署模式下,配置逻辑保持一致,确保了灵活的扩展性。
通过 CLI 命令行,您可以直接指定 Trilium ETAPI 的 URL 和 Token 进行快速启动。服务器支持多种传输模式,包括 stdio 和 HTTP (SSE)。此外,项目提供了详细的 Event reference,记录了 server_started、list_tools 等关键事件的日志级别与字段信息,方便开发者进行监控与调试。
针对常见问题,若遇到 401 unauthorized 错误,请检查客户端是否剥离了非标准的 Authorization 头部;若遇到 401 trilium_auth_failed,则说明 ETAPI token 被 Trilium 拒绝,建议使用 curl 进行直接验证。此外,系统在日志记录方面非常注重隐私,会自动脱敏 token、password 等敏感字段,并对大型内容进行长度描述而非全量输出。
高质量的MCP工具,易于使用
- 需要让 Claude / Cursor 操作本地工具的 AI 工程师
- 配置 MCP 服务器时建议使用 stdio 传输 + JSON-RPC,避免暴露公网
- API key 直接提交到 git 仓库(请用 .env 并加入 .gitignore)
- MCP 配置路径拼错或权限不足,重启 Claude Desktop 才生效
- 云端托管:可放在 Vercel / Railway / Fly.io 等 PaaS 平台
⚡ 核心功能
- 通过标准 MCP 协议与 Claude、Cursor 等主流 AI 客户端深度集成
- 提供结构化工具调用接口,显著降低 AI 集成复杂度
- 支持 Claude Desktop 和 Claude Code 无缝接入,开箱即用
- 可与其他 MCP 工具组合叠加,构建完整 AI 工作站
- 轻量无侵入设计,不影响现有系统架构
- 需要让 Claude / Cursor 操作本地工具的 AI 工程师
- 配置 MCP 服务器时建议使用 stdio 传输 + JSON-RPC,避免暴露公网
- API key 直接提交到 git 仓库(请用 .env 并加入 .gitignore)
- MCP 配置路径拼错或权限不足,重启 Claude Desktop 才生效
👥 适合人群
🎯 使用场景
- 在 Claude Desktop 对话中直接调用本地工具,实现 AI 与系统的深度联动
- 通过自然语言驱动复杂的多步骤自动化任务,代替繁琐手动操作
- 将多个 MCP 工具组合使用,构建个人专属 AI 工作站
⚖️ 优点与不足
- +标准化 MCP 协议,生态互联性强
- +与 Claude 官方生态无缝对接
- +即插即用,配置简单快捷
- −未明确开源协议,商用场景需谨慎评估
- −依赖 Claude 客户端,非 Claude 用户无法使用
- −MCP 协议仍在持续演进,接口可能变更
- −需要一定的配置步骤
该工具未明确声明开源协议,商业使用前请联系原作者确认授权范围,避免侵权风险。
AI Skill Hub 为第三方内容聚合平台,本页面信息基于公开数据整理,不对工具功能和质量作任何法律背书。
建议在沙箱或测试环境中充分验证后,再部署至生产环境,并做好必要的安全评估。
🔗 相关工具推荐
❓ 常见问题 FAQ
总体来看,Trilium MCP 是一款质量良好的MCP工具,在同类工具中具备一定竞争力。AI Skill Hub 将持续追踪其更新动态,建议收藏备用,结合自身场景选择合适时机引入使用。
| 原始名称 | triliumnext-mcp |
| 原始描述 | 开源MCP工具:An MCP server for interacting with a Trilium instance。⭐39 · TypeScript |
| Topics | mcptriliumtypescript |
| GitHub | https://github.com/perfectra1n/triliumnext-mcp |
| 语言 | TypeScript |
收录时间:2026-05-28 · 更新时间:2026-05-30 · License:未公布 · AI Skill Hub 不对第三方内容的准确性作法律背书。