Living Knowledge

A privacy-first AI system that reads, searches, and writes to your personal notes.

Living Knowledge turns your local Obsidian vault into a living, searchable memory that an AI can access and extend. It runs entirely on your own hardware—your notes never leave your machine—while still being accessible from your phone or any device through a secure tunnel.

---

What This Is

This project combines:

• LibreChat — A self-hosted ChatGPT-style interface
• devrag — Semantic search over markdown files using local embeddings
• Model Context Protocol (MCP) — Lets the AI read and write files directly
• Cloudflare Tunnel — Secure access from anywhere without exposing ports

The result: Ask an AI about your notes. It searches semantically, finds relevant context, and can create new notes on your behalf.

---

Why This Exists

Most AI tools require uploading your data to someone else's servers. That's fine for public information, but not for:

• Personal journals and reflections
• Health records and medical notes
• Financial planning documents
• Private research and ideas
• Handwritten notes (via reMarkable → Obsidian workflows)

Living Knowledge keeps everything local while still giving you the power of retrieval-augmented generation (RAG).

---

Architecture

┌─────────────────────────────────────────────────────────────────┐
│                        Your Device                              │
│                     (Phone, Laptop, etc.)                       │
└─────────────────────────────────────────────────────────────────┘
                              │
                              ▼
┌─────────────────────────────────────────────────────────────────┐
│                    Cloudflare Tunnel                            │
│            (Zero Trust Authentication + Encryption)             │
└─────────────────────────────────────────────────────────────────┘
                              │
                              ▼
┌─────────────────────────────────────────────────────────────────┐
│                   Your Local Machine                            │
│                   (Mac / Linux / Windows)                       │
│  ┌───────────────────────────────────────────────────────────┐  │
│  │                   Docker Compose                          │  │
│  │  ┌─────────────┐  ┌─────────────┐  ┌─────────────┐       │  │
│  │  │  LibreChat  │  │   MongoDB   │  │ MeiliSearch │       │  │
│  │  │     API     │  │  (history)  │  │  (search)   │       │  │
│  │  └──────┬──────┘  └─────────────┘  └─────────────┘       │  │
│  │         │                                                 │  │
│  │         ▼                                                 │  │
│  │  ┌─────────────────────────────────────────────┐         │  │
│  │  │            MCP Servers                      │         │  │
│  │  │  ┌─────────────────┐  ┌──────────────────┐ │         │  │
│  │  │  │     devrag      │  │    filesystem    │ │         │  │
│  │  │  │ (semantic search│  │  (read/write     │ │         │  │
│  │  │  │   read-only)    │  │     notes)       │ │         │  │
│  │  │  └────────┬────────┘  └────────┬─────────┘ │         │  │
│  │  └───────────┼────────────────────┼───────────┘         │  │
│  └──────────────┼────────────────────┼───────────────────────┘  │
│                 │                    │                          │
│                 ▼                    ▼                          │
│  ┌───────────────────────────────────────────────────────────┐  │
│  │                   Obsidian Vault                          │  │
│  │              (iCloud, local folder, etc.)                 │  │
│  └───────────────────────────────────────────────────────────┘  │
└─────────────────────────────────────────────────────────────────┘

Components

Component	Purpose
LibreChat	Web interface and API for chatting with AI models
MongoDB	Stores user accounts and conversation history
MeiliSearch	Full-text search over past conversations
devrag	Semantic vector search over your markdown notes
filesystem	MCP server that allows AI to create/edit notes
Cloudflare Tunnel	Secure, encrypted access without port forwarding

---

Prerequisites

• Docker & Docker Compose — Install Docker
• Anthropic API Key — From console.anthropic.com (or use OpenAI/other providers)
• Cloudflare Account — Free tier works; needed for secure external access
• Obsidian Vault — Or any folder of markdown files

Hardware

Optimized for Apple Silicon (M1/M2/M3) but works on any system that runs Docker:

• macOS (ARM64 or Intel)
• Linux (x86_64 or ARM64)
• Windows with WSL2

---

Quick Start

1. Clone the Repository

git clone https://github.com/sahlstra/living-knowledge.git
cd living-knowledge/librechat

2. Configure Environment

# Copy the example environment file
cp .env.example .env

# Edit .env and add your API key(s)
# Required: ANTHROPIC_API_KEY=sk-ant-...
# Optional: OPENAI_API_KEY, GOOGLE_KEY, etc.

3. Configure Your Vault Path

# Copy the Living Knowledge override example
cp docker-compose.override.yml.living-knowledge.example docker-compose.override.yml

# Edit docker-compose.override.yml and update the vault path:
# - /path/to/your/obsidian_vault:/app/obsidian_vault

Common vault paths:

• macOS iCloud: /Users/yourname/Library/Mobile Documents/iCloud~md~obsidian/Documents
• macOS local: /Users/yourname/Documents/ObsidianVault
• Linux: /home/yourname/Documents/ObsidianVault
• Windows (WSL2): /mnt/c/Users/yourname/Documents/ObsidianVault

4. Build and Run

# Build the custom image with MCP servers
docker compose -p living-knowledge up -d --build

# Watch the logs to confirm startup
docker compose -p living-knowledge logs -f api

5. Access LibreChat

Open http://localhost:3080 and create your account.

---

Setting Up External Access (Optional)

To access Living Knowledge from your phone or outside your home network:

1. Install Cloudflare Tunnel

# macOS
brew install cloudflare/cloudflare/cloudflared

# Linux
# See: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/

2. Authenticate and Create Tunnel

cloudflared tunnel login
cloudflared tunnel create living-knowledge

3. Configure the Tunnel

Create ~/.cloudflared/config.yml:

tunnel: <your-tunnel-id>
credentials-file: /path/to/.cloudflared/<tunnel-id>.json

ingress:
  - hostname: notes.yourdomain.com
    service: http://localhost:3080
  - service: http_status:404

4. Add DNS Record

cloudflared tunnel route dns living-knowledge notes.yourdomain.com

5. Run the Tunnel

cloudflared tunnel run living-knowledge

6. Enable Zero Trust (Recommended)

In the Cloudflare Zero Trust dashboard:

1. Go to Access → Applications
2. Add your hostname (notes.yourdomain.com)
3. Configure authentication (email OTP is simple and effective)

Now your notes are only accessible to authenticated users.

---

How the AI Uses Your Notes

Living Knowledge gives the AI two capabilities:

1. Semantic Search (devrag)

The AI can search your notes by meaning, not just keywords:

"Find my notes about the conversation with Dr. Martinez about sleep patterns"

Even if those exact words don't appear, devrag finds semantically similar content.

2. Reading & Writing Files (filesystem)

The AI can:

• Read any markdown file in your vault
• Create new notes
• Update existing notes

"Create a new note summarizing what we just discussed about project planning"

The AI will create a properly formatted markdown file in your vault.

---

Configuration Reference

librechat.yaml

Controls MCP server configuration:

fileStrategy: "local"

endpoints:
  agents:
    recursionLimit: 50  # Increase for complex RAG tasks

mcpServers:
  filesystem:
    type: stdio
    command: "npx"
    args: ["-y", "@modelcontextprotocol/server-filesystem", "/app/obsidian_vault"]

  devrag:
    type: stdio
    command: "/app/devrag_server"
    args: ["-config", "/app/devrag_config.json"]

devrag_config.json

Controls semantic search behavior:

{
  "document_patterns": ["/app/obsidian_vault/**/*.md"],
  "db_path": "/app/vectors.db",
  "chunk_size": 500,
  "search_top_k": 5,
  "model": {
    "name": "multilingual-e5-small",
    "dimensions": 384
  }
}

---

The "Nuclear Build" Explained

Running semantic search on ARM64 Alpine containers requires a special approach. The devrag binary uses SQLite with vector extensions, which have C library dependencies.

The problem: Alpine Linux uses musl libc, but most binaries are compiled against glibc.

The solution: Dockerfile.mcp uses a multi-stage build:

1. Stage 1 (Debian): Compile the Go binary with static linking:

   -ldflags "-linkmode external -extldflags '-static'"
   

   This bakes all C dependencies into the binary itself.

2. Stage 2 (Alpine): Copy the standalone binary into the LibreChat image.

The result is a single, portable binary that runs anywhere.

---

Troubleshooting

Verify MCP servers are working

# Check devrag binary
docker compose -p living-knowledge exec api /app/devrag_server --help

# Check filesystem server
docker compose -p living-knowledge exec api npx -y @modelcontextprotocol/server-filesystem --help

Rebuild after configuration changes

docker compose -p living-knowledge up -d --build

View logs

# All services
docker compose -p living-knowledge logs -f

# Just the API
docker compose -p living-knowledge logs -f api

Reset everything

docker compose -p living-knowledge down -v
docker compose -p living-knowledge up -d --build

---

Security Considerations

• Docker binding: Services are bound to localhost only by default
• No port forwarding: Cloudflare Tunnel creates an outbound connection; no inbound ports needed
• Zero Trust: Add email/OAuth authentication via Cloudflare Access
• Local data: Your notes and embeddings never leave your machine
• API keys: Stored in .env which is gitignored

---

Cost

Component	Cost
Hosting	$0 (runs on your hardware)
Cloudflare Tunnel	$0 (free tier)
Domain	~$10-15/year (optional; can use Cloudflare's free *.cfargotunnel.com)
AI API	Pay-per-use (Claude Sonnet: ~$3/M input tokens, ~$15/M output tokens)

Typical monthly cost: $5-20 depending on usage.

---

Author

Aaron Sahlstrom — GitHub

---

Credits

This project builds on excellent open-source work:

• LibreChat by Danny Avila
• devrag by Tomohiro Owada
• Model Context Protocol by Anthropic
• Cloudflare Tunnel

---

License

This configuration and documentation is provided as-is. LibreChat and devrag have their own licenses—please review them for your use case.

---

Contributing

Issues and pull requests welcome. This is a personal project shared in hopes it's useful to others who want AI-powered access to their private notes.