Bayt al-Hiqma Personal Memory MCP
A Vercel-ready JSON-RPC MCP server that lets ChatGPT search, read, and safely update a user-owned Markdown memory vault.
Endpoints
POST /api/mcp— OAuth-protected MCP JSON-RPC endpoint for ChatGPT.GET /oauth/authorize— owner password authorization screen for OAuth clients.POST /oauth/token— OAuth token exchange endpoint for issued authorization codes.GET /api/health— configuration health check with no secrets.GET /api/diagnostics— redacted diagnostics, optionally protected byDIAGNOSTICS_TOKEN.
Required configuration
| OAUTH_OWNER_PASSWORD | Owner password used on the OAuth authorization screen. |
|---|---|
| OAUTH_TOKEN_SECRET | Secret used to sign OAuth authorization codes and bearer tokens. |
| OAUTH_BASE_URL / MCP_PUBLIC_ORIGIN | Public deployment origin used for OAuth metadata and callbacks. |
| OAUTH_RESOURCE | Optional protected resource identifier; defaults to the public /api/mcp URL. |
| OAUTH_ISSUER | Optional OAuth issuer URL; defaults to the public app origin. |
| OAUTH_CLIENT_ID | Optional client allow-list for OAuth authorization requests. |
| OAUTH_TOKEN_TTL_SECONDS / OAUTH_CODE_TTL_SECONDS | Optional expiration windows for access tokens and authorization codes. |
| DIAGNOSTICS_TOKEN | Optional bearer token for /api/diagnostics only. |
| VAULT_BACKEND | Use github for Vercel deployments or local for development. |
| GITHUB_TOKEN | Server-side token with access to the Markdown vault repository. |
| GITHUB_OWNER / GITHUB_REPO / GITHUB_BRANCH | Repository namespace, storage identifier, and branch target. |
| VAULT_ROOT | Optional root folder inside the repository. |
| DAILY_NOTES_DIR / CANONICAL_NOTES_DIR / DECISIONS_DIR | Generated note folders. |
| SEARCH_RESULT_LIMIT / GRAPH_RESULT_LIMIT / MAX_FILE_SIZE_BYTES | Bounds for context exposure and processing. |
ChatGPT connection
- Deploy this app to Vercel with the GitHub vault and OAuth environment variables set server-side.
- Configure ChatGPT to call
https://your-app.vercel.app/api/mcpwith OAuth. - Authorize the connection with the owner password from
OAUTH_OWNER_PASSWORD. - Optionally set
DIAGNOSTICS_TOKENif you want/api/diagnosticsto require a bearer token. - Ask ChatGPT to retrieve before relying on personal context and to write only concise, durable memories.
Safety model
Reads are bounded, writes are path-safe, note creation refuses overwrites, section updates and canonical updates use conflict detection, and generated content remains plain Markdown with common frontmatter conventions.