JSON Canvas MCP Server
A remote Model Context Protocol server for working with
JSON Canvas files — the open infinite-canvas format used by
Obsidian. Create, validate, read, edit, export, and
search .canvas files, with an inline interactive canvas viewer.
Hosted by MCPCentral at https://jsoncanvas.mcpcentral.io/mcp
(Streamable HTTP). This repository is the public listing for the
MCP Registry; the server itself is closed-source.
mcp-name: io.mcpcentral/jsoncanvas
Authentication
The endpoint requires Microsoft Entra OAuth via the MCPCentral gateway
(login.mcpcentral.io). MCP clients perform the standard OAuth flow automatically: an
unauthenticated request returns 401 with a WWW-Authenticate pointing at the
RFC 9728 metadata at
/.well-known/oauth-protected-resource, and the client takes you through sign-in. Canvases are
stored privately per authenticated user.
Client configuration
Claude Code
claude mcp add jsoncanvas --transport http https://jsoncanvas.mcpcentral.io/mcp
Claude Desktop / other clients via mcp-remote
{
"mcpServers": {
"jsoncanvas": {
"command": "npx",
"args": ["-y", "mcp-remote", "https://jsoncanvas.mcpcentral.io/mcp"]
}
}
}
Any MCP client that supports remote Streamable HTTP servers with OAuth (Claude, Goose, OpenAI connectors, MCP Inspector) can connect.
Tools
| Tool | Description |
|---|---|
create_canvas | Create a canvas from nodes (+ optional edges); stored under a date-prefixed .canvas name. |
validate_canvas | Validate canvas data against the JSON Canvas 1.0 spec. |
read_canvas | Read a stored canvas and return its nodes and edges. |
list_canvases | List your stored canvases. |
edit_canvas | Atomic batch add/update/remove of nodes and edges (removing a node cascades its edges). |
export_canvas | Export to markdown, svg, mermaid, or png (full-fidelity raster via Browser Rendering). |
search_canvases | Case-insensitive field-level search across your canvases. |
create_canvas, read_canvas, and edit_canvas carry MCP Apps UI metadata so supporting hosts
render the result inline in an interactive pan/zoom viewer.
Resources
canvas://schema— JSON Schema for canvas files.canvas://examples/basic— a simple two-node example canvas.ui://canvas/viewer.html— the interactive read-only viewer (MCP Apps UI).
Security
- Per-user isolation — every canvas is scoped to the authenticated user; no cross-user reads.
- Auth required — all tool calls require a valid Entra-issued bearer token.
- Hardened — strict input/size caps, bounded search, accurate tool annotations, and an SSRF-blocked PNG renderer (the headless browser cannot be coerced into outbound requests).
- Report vulnerabilities per SECURITY.md. Please do not open public issues for security reports.
License
MIT.