# Notesnook MCP

> Notesnook (Private Note Taking & E2EE) MCP Server connects your AI agent directly to your private, zero-knowledge note vault. You can securely list notes, inject new encrypted entries, audit metadata, and trigger full data syncs—all without exposing raw data to third parties.

## Overview
- **Category:** knowledge-management
- **Price:** Free
- **Tags:** end-to-end-encryption, zero-knowledge, privacy-first, secure-vault, data-sync

## Description

Notesnook connects your agent directly to your private note vault. This isn't just another cloud storage bucket; you're dealing with zero-knowledge, end-to-end encrypted notes here. Your agent acts like an extension of your own memory, letting you interact with highly sensitive data—you never expose the raw text or payload to third parties. You simply tell your AI client what you need, and it handles all the secure handshakes.

To get started, remember that every action runs through specialized tools. The `get_user` tool checks and confirms your authenticated security identity within Notesnook before anything else happens. This validates that you're who you say you are before you even check a single note.

**Retrieving and Auditing Your Knowledge Base**

You can start by mapping out the structure of your entire vault. The `list_notebooks` tool shows you the main groupings that organize everything, letting you see how you've structured your thoughts. If you want to see what concepts tie different notes together across the whole collection, run `list_tags`. This enumerates all cross-cutting categorical tags used for indexing.

To see what notes are stored overall, use `list_notes`; this returns a list of every encrypted note ID in the vault. You can narrow that down by checking out your high-priority items with `list_favorites`, or if you're cleaning house, you can review records of nodes marked for permanent deletion using `list_trash`.

When you need to read the actual content, `get_note` retrieves the full, underlying encrypted cipher payload for a specific note ID. You won't get plaintext—you get the sealed data. If that note has binary files attached, `list_attachments` shows you exactly what those attachments are; it lists all PDFs, images, or other binaries stored inside your vault.

**Injecting and Modifying Content**

When you have a new idea, you don't manually upload it. You use the `create_note` tool. It takes plaintext from your agent and pushes it into the vault’s persistent, secure storage layer, encrypting it immediately so it's safe. If an existing note needs tweaking—maybe you added some details or fixed a typo—you run `update_note`. This modifies partial strings of content in that specific note and forces re-encryption across that item payload. It keeps the seal intact while letting you change the guts.

If you decide a whole entry is trash, you use `delete_note`. This irreversibly removes a specific encrypted note from the server and marks it for permanent erasure, so you know it’s gone for good.

**Maintaining Data Integrity and State**

The vault structure itself needs upkeep. If your local copy might be out of sync with the actual server data—maybe you checked notes on two different machines—you run `sync_items`. This triggers a full vault sync, fetching any encrypted binary objects or state changes that have happened since your last connection. You'll know your local view matches the source of truth.

The system works by allowing granular control over every aspect: you list the structure (`list_notebooks`), check the metadata (`list_tags`), retrieve the content payload (`get_note`), manage attachments (`list_attachments`), and then push changes back through creation, modification, or deletion tools. You're in total command of your encrypted knowledge base.

## Tools

### sync_items
Triggers a full vault sync, fetching any encrypted binary objects or state changes since your last connection.

### list_notes
Returns a list of all encrypted note IDs currently stored in the Notesnook vault.

### get_note
Retrieves the full, underlying encrypted cipher payload of an individual note ID.

### create_note
Creates a brand new encrypted note by pushing plaintext into the vault's persistent, secure storage layer.

### update_note
Modifies the partial strings of content in an existing note and forces re-encryption across that specific item payload.

### delete_note
Irreversibly removes a specific encrypted note from the server and marks it for permanent erasure.

### list_notebooks
Lists the main notebook groupings that organize your entire vault structure.

### list_tags
Enumerates all cross-cutting categorical tags used to index and classify your notes.

### list_trash
Lists records of nodes that have been marked for permanent deletion in the local waste bin.

### list_favorites
Shows a list of specific, high-priority notes you have flagged as favorites in the vault.

### list_attachments
Lists all binary attachments (like PDFs or images) that are stored inside your encrypted notes.

### get_user
Checks and validates your authenticated user security identity within Notesnook.

## Prompt Examples

**Prompt:** 
```
List the last 5 encrypted notes in my vault
```

**Response:** 
```
I've retrieved your recent encrypted notes. Highlights include 'Project Alpha Strategy' (ID: note-123), 'Meeting Notes: Backend' (ID: note-456), and 'Research Snippets'. Would you like me to fetch the encrypted payload for the strategy note?
```

**Prompt:** 
```
Create a new private note called 'Ideas 2026' with content 'Automated note generation via AI'
```

**Response:** 
```
New encrypted note 'Ideas 2026' has been successfully created and injected into your persistent vault. The note is now synced and secured with end-to-end encryption. New Note ID: 'note-98765'.
```

**Prompt:** 
```
Show me all my classified tags in Notesnook
```

**Response:** 
```
Retrieving tags… I've identified 4 cross-cutting categories in your vault: 'Confidential', 'Drafts', 'Research', and 'Personal'. I can help you list all notes associated with the 'Confidential' tag if you'd like.
```

## Capabilities

### Retrieve and Audit Notes
Your agent can list all notes (`list_notes`), check high-priority favorites (`list_favorites`), or get the full encrypted text payload for a single note using `get_note`.

### Inject, Modify, and Remove Content
You can create new secure notes (`create_note`) by sending plaintext to be encrypted, modify existing content via `update_note`, or permanently delete entries with `delete_note`.

### Manage Vault Structure and Metadata
The system lets you navigate your vault structure by listing notebooks (`list_notebooks`), auditing tags (`list_tags`), or checking encapsulated binary attachments using `list_attachments`.

### Maintain Data Integrity and State
Run `sync_items` to force a full vault sync, ensuring your local copy matches the server. You can also validate your identity with `get_user`.

## Use Cases

### Project handoff documentation
A project manager needs to offload a massive amount of sensitive meeting notes. They ask their agent: 'List all notes for Project X, and sync the vault.' The agent uses `list_notes` (filtering by tag/notebook) then runs `sync_items`. It gives the PM a clean summary that everything is up-to-date in one go.

### Quick research audit
A student needs to prove they've captured key concepts from multiple sources. They prompt: 'Show me all my favorite notes related to AI ethics.' The agent calls `list_favorites` and then uses `get_note` on the top three results, giving instant access to encrypted payloads.

### Cleaning up old data
An engineer is retiring a project and needs to purge all associated notes. They tell their agent: 'Delete everything tagged 'Legacy Beta' from my vault.' The agent uses `list_tags` first, identifies the relevant IDs, and executes `delete_note` on each one.

### Attaching external data
A compliance officer receives a new report (a PDF) that must be permanently attached to an existing policy note. They tell their agent: 'Attach this new document to the Policy Handbook entry.' The agent handles the binary injection and updates the metadata using `list_attachments`.

## Benefits

- Keep your research private. Instead of relying on third-party cloud tools, your agent interacts with Notesnook using `get_note` and `list_notes`, ensuring zero exposure of raw data.
- Maintain data structure integrity. Use `sync_items` to resolve state changes across the vault whenever you need to guarantee local notes match the server's truth.
- Organize complex ideas easily. The agent reads your metadata by calling `list_tags` and `list_notebooks`, letting you find related info without manual searching.
- Work with attachments natively. You can list all contained binaries using `list_attachments`, so you never lose track of an embedded PDF or image inside a note.
- Control the lifecycle. Need to correct something? Use `update_note` to modify partial strings, or use `delete_note` to wipe entries completely and securely.

## How It Works

The bottom line is that your AI client treats your notesnook vault like a native extension of its memory, keeping all interaction secure and encrypted.

1. Subscribe to this MCP Server and provide your Notesnook Sync URL and Auth Token.
2. Instruct your AI client (Claude, Cursor, etc.) to perform a task—for example: 'List all notes tagged 'Project X' and sync the vault.'
3. The agent uses `list_notes` and `sync_items`, retrieves the raw data, processes it according to your request, and presents you with an actionable summary.

## Frequently Asked Questions

**How do I see all my notes in Notesnook using list_notes?**
Run the `list_notes` tool to get a full index of every encrypted note ID. This provides the necessary IDs before your agent can retrieve any specific payloads using `get_note`.

**What is the best way to keep my Notesnook vault updated? Use sync_items?**
Yes, running `sync_items` is crucial. It forces the system to fetch all encrypted state changes since your last session, ensuring you don't work with stale data.

**Can I attach images or PDFs using create_note?**
No, `create_note` only accepts plaintext. To handle files, first use `list_attachments` to confirm the attachment capability, and then the agent can inject binary data.

**How do I check if my Notesnook vault is secure?**
You should always run `get_user` when connecting a new client. This validates your authentication token and confirms you have access to the correct, private user identity.

**What does the `get_user` function tell me about my Notesnook account access?**
The `get_user` tool validates your current security identity. It confirms you're logged in and verifies the credentials tied to your encrypted vault state.

**If I need to modify a specific note, how does `update_note` handle partial strings?**
`update_note` modifies only the specified text portion within an existing note. It forces re-encryption across that item payload, maintaining the integrity of the rest of your encrypted data.

**Should I use `list_notebooks` or `list_notes` first when exploring a project area?**
You should run `list_notebooks` first. This shows the high-level, boundary organizing containers in your vault before you fetch specific note clusters inside them.

**What does the `list_trash` tool track about notes slated for permanent erasure?**
`list_trash` identifies nodes that have been flagged for deletion. It provides a record of items moved to the local vault waste bin, allowing you to audit past removals.

**How does Notesnook ensure my notes remain private through the agent?**
Notesnook uses end-to-end encryption (E2EE). When your agent uses the `create_note` or `get_note` tools, it handles encrypted envelopes. This ensures that only authorized clients with your keys can decrypt the actual text body, maintaining zero-knowledge security natively.

**Can I see all my notebooks and tags using my agent?**
Yes. Use the `list_notebooks` and `list_tags` tools to retrieve the organizational hierarchy of your vault. Your agent will report the names and IDs, helping you understand how your encrypted information is classified across your account.

**How do I trigger a synchronization between my vault and the server?**
The `sync_items` tool allows your agent to initiate a full or incremental state resolution. By providing a Unix timestamp, your agent can fetch only the most recent encrypted binary objects, ensuring your local environment matches the server's state.