Run it solo as a personal brain, or as a small company's shared knowledge base — corporate SSO sign-in, namespace-scoped role hierarchy, live collaboration, AI-ready over MCP. Notes are plain .md files on your hardware. No cloud. No lock-in.
Access your notes from the web, terminal, REST API, or AI agents — all connected to the same plain files on your server.
Everything runs on your server. No cloud services required. Team features and git sync are optional.
Your markdown. Your server. Your rules.
Personal knowledge base or team workspace. No compromises.
Obsidian-style editing where markdown renders inline as you type. Bold shows bold, headings render instantly. Click-to-edit tables and mermaid diagram labels. Or use plain text mode -- your choice.
Highlight any text and leave a comment; passages stay visibly yellow until resolved. Reply in threaded conversations. Click a highlight to jump to the chat. Comments are anchored to invisible UUIDs, so moving or renaming files keeps them attached.
See who's editing, where their cursor is, and what they're typing -- live. Built-in WebSocket presence with conflict detection. No external services.
One or two SuperAdmins overall, plus per-team Admins who own a single namespace — invite teammates, manage grants, trigger git-sync — without seeing other teams. Collaborators get only the paths they're granted. Path depth caps prevent overly-narrow grants.
Point mdnest at your OIDC provider — Google Workspace, Okta, Microsoft Entra, Keycloak, Auth0. Users sign in with their existing corporate accounts; the IdP owns MFA. Or use local username/password with TOTP, or Firebase Auth as a peer mode. One USER_PROVIDER setting flip — no code changes.
Built-in MCP server. Claude, Cursor, and other AI agents can read, write, search, and organize your notes. Your knowledge base becomes context for your AI workflows.
Solo: laptop or home server with Tailscale for encrypted private access from any device. Team: built-in Caddy for automatic HTTPS via Let's Encrypt, or nginx + certbot, or Cloudflare Tunnel — backend stays loopback, only the proxy is exposed.
Notes are .md files in directories. cat, grep, git, VS Code -- every tool you already use works. No proprietary format, no migration needed.
The mdnest CLI lets you read, write, search, and manage notes from any terminal. Full REST API with token auth for scripts and automations.
Binds to localhost. No cloud, no telemetry, no third-party accounts. Everything stays on your hardware. Add Tailscale for encrypted remote access.
Optional auto-commit and push to a private repo. Pull from admin panel. Each namespace can have its own remote.
Responsive web UI for desktop, tablet, and mobile. Edit and preview toggle on phones. Drag to resize panels on desktop.
The mdnest CLI works from any machine. Login once with a token, then read, write, search, and organize notes without leaving your terminal. Perfect for scripts, cron jobs, and AI pipelines.
CLI documentationClone the repo, run setup, edit credentials and mounts. For a team install: also flip USER_PROVIDER=sso and paste your IdP's client ID + secret.
./mdnest-server setup
./mdnest-server add-namespace
One command builds and starts everything in Docker — backend, frontend, Postgres (if multi-user), git-sync, and Caddy (if you set CADDY_DOMAIN for automatic HTTPS).
./mdnest-server rebuild
Solo: add Tailscale and reach mdnest from any of your devices. Team: invite teammates from the admin panel, assign per-team Admins, watch cursors live as people edit.
# solo
tailscale serve --bg --https 3236 ...
# team
open https://notes.example.com
Open source. Free forever. Personal or team. Takes 3 minutes to set up.
View on GitHub