bookstack-mcp

BookStack MCP Server

A Model Context Protocol (MCP) server that gives AI assistants full access to your BookStack documentation — search, read, create, and manage content.

npx bookstack-mcp

Features

• 20 read-only tools + 18 write tools for complete BookStack API coverage
• Books, chapters, pages, shelves, attachments, and comments — full CRUD
• Recycle bin support — restore or permanently delete soft-deleted content
• Type-safe input validation with Zod (auto-coerces string/number params for broad client compatibility)
• Embedded URLs and content previews in all responses
• Markdown export fallback for HTML-authored pages, so AI clients always get usable content
• Token-efficient responses: compact JSON, no redundant fields, no N+1 fetches — ~30–55% smaller payloads than 3.x
• Write operations disabled by default for safety
• Works with Claude Desktop, Claude Code, LibreChat, and any MCP-compatible client
• Stdio and Streamable HTTP transports

Quick Start

Install from npm

npx bookstack-mcp

Or clone and build

git clone https://github.com/ttpears/bookstack-mcp.git
cd bookstack-mcp
npm install && npm run build
npm start

Environment Variables

BOOKSTACK_BASE_URL=https://your-bookstack.com   # Required
BOOKSTACK_TOKEN_ID=your-token-id                # Required
BOOKSTACK_TOKEN_SECRET=your-token-secret        # Required
BOOKSTACK_ENABLE_WRITE=false                    # Optional, default false
BOOKSTACK_INSECURE_SKIP_TLS_VERIFY=false        # Optional, default false

Security warning: BOOKSTACK_INSECURE_SKIP_TLS_VERIFY=true disables TLS certificate verification for outgoing requests to BookStack. Use only for self-signed certs on a trusted LAN — connections become vulnerable to MITM attacks. The server logs a WARNING line at startup whenever this is enabled.

Client Configuration

Claude Desktop

The easiest install is the prebuilt MCPB bundle attached to each GitHub release:

1. Download bookstack-mcp-<version>.mcpb from the latest release.
2. Open Claude Desktop → Settings → Extensions and drag the .mcpb file in (or click Install Extension).
3. Fill in BookStack URL, API Token ID, and API Token Secret. Tokens are stored in your OS keychain. Leave Enable Write Operations as false for read-only access; set to true to enable create/update/delete tools.

Manual install (JSON config)

If you'd rather edit the config file directly:

{
  "mcpServers": {
    "bookstack": {
      "command": "npx",
      "args": ["-y", "bookstack-mcp"],
      "env": {
        "BOOKSTACK_BASE_URL": "https://your-bookstack.com",
        "BOOKSTACK_TOKEN_ID": "your-token-id",
        "BOOKSTACK_TOKEN_SECRET": "your-token-secret"
      }
    }
  }
}

LibreChat (stdio, single-user)

Add to your librechat.yaml:

mcpServers:
  bookstack:
    command: npx
    args:
      - -y
      - bookstack-mcp
    env:
      BOOKSTACK_BASE_URL: "https://your-bookstack.com"
      BOOKSTACK_TOKEN_ID: "your-token-id"
      BOOKSTACK_TOKEN_SECRET: "your-token-secret"

LibreChat (Streamable HTTP, recommended for production / Docker)

Run the server as a long-lived HTTP service and point LibreChat at the URL. This is the right setup for multi-user or containerized deployments.

Start the server in HTTP mode:

MCP_TRANSPORT=http \
MCP_HTTP_PORT=8080 \
BOOKSTACK_BASE_URL=https://your-bookstack.com \
BOOKSTACK_TOKEN_ID=your-token-id \
BOOKSTACK_TOKEN_SECRET=your-token-secret \
npx bookstack-mcp

Then configure LibreChat:

mcpServers:
  bookstack:
    type: streamable-http
    url: http://bookstack-mcp:8080/mcp

3.0.0 breaking change: the deprecated HTTP+SSE transport (GET /sse + POST /messages) has been removed. Streamable HTTP at /mcp already speaks SSE for streaming responses, and is the only HTTP transport in current MCP clients. If you're on an older client that needs the legacy endpoints, pin to [email protected].

HTTP transport environment variables