woladi

🧠 Your Obsidian Vault as a Private Second Brain β€” Powered by Local AI

πŸ“„ Scan PDFs. ✍️ Transcribe handwriting. πŸ€– Ask Claude anything. πŸ”’ Zero personal data leaves your Mac.

😀 The Problem Nobody Has Solved

Obsidian users have built elaborate second brains β€” journals, medical notes, financial records, scanned contracts, handwritten meeting notes. The vault becomes deeply personal. Then AI arrives, and the promise is irresistible: β€œAsk your entire knowledge base a question.”

But there’s a catch.

Every plugin that connects your vault to a cloud LLM (Claude, GPT-4, Gemini) sends your raw notes upstream. Social Security Numbers, credit card numbers, medical diagnoses, client names β€” all of it lands on a third-party server. For anyone who takes their vault seriously, this is a dealbreaker.

The alternatives are bleak: run a weak local LLM and accept lower quality, or redact manually before every query. Neither is sustainable.

βœ… This guide introduces a third path.

πŸ› οΈ The Stack

Two open-source MCP servers, both by the same author, designed to work together:

Package What it does Key technology
macos-vision-mcp πŸ“Έ Extracts text from PDFs, images, and handwritten notes Apple Vision framework β€” fully offline
pseudonym-mcp πŸ•΅οΈ Replaces PII with opaque tokens before any cloud call Regex NER + local Ollama β€” fully offline

Both run on your Mac. Neither sends data anywhere. Together, they form a complete local privacy pipeline between your vault and any cloud LLM.

βš™οΈ How It Works

πŸ—‚οΈ Your Obsidian Vault
        β”‚
        β”œβ”€β”€ πŸ“ Markdown notes (.md)
        β”‚         β”‚
        β”‚         └──► pseudonym-mcp
        β”‚                mask_text()
        β”‚                   β”‚
        └── πŸ“„ Scanned files (.pdf, .jpg, .png)
                  β”‚
                  └──► macos-vision-mcp
                         extract_text()
                              β”‚
                              └──► pseudonym-mcp
                                     mask_text()
                                          β”‚
                                          β–Ό
                                  [PERSON:1], [SSN:1],
                                  [CREDIT_CARD:1], [EMAIL:1]...
                                          β”‚
                                          β–Ό
                                ☁️ Cloud LLM API
                           (Claude / GPT-4 / Gemini)
                                          β”‚
                                     response with
                                      tokens only
                                          β”‚
                                          β–Ό
                                  πŸ”“ pseudonym-mcp
                                   unmask_text()
                                          β”‚
                                          β–Ό
                            βœ… You see real names & data

At no point does any personal data leave your machine. The cloud LLM reasons about structure and content β€” never about identities.

πŸš€ Setup (5 minutes)

Step 1 β€” Add both servers to Claude Desktop:

Edit ~/Library/Application Support/Claude/claude_desktop_config.json:

{
  "mcpServers": {
    "macos-vision-mcp": {
      "command": "npx",
      "args": ["-y", "macos-vision-mcp"]
    },
    "pseudonym-mcp": {
      "command": "npx",
      "args": ["-y", "pseudonym-mcp", "--engines", "hybrid"]
    }
  }
}

Restart Claude Desktop. Both tool sets appear automatically. ✨

Step 2 β€” Pull an Ollama model (optional, for full NER including names and organisations):

ollama pull llama3

πŸ’‘ Skip this if you only need regex-based masking (SSN, credit cards, email, phone).

Step 3 β€” For Claude Code:

claude mcp add macos-vision-mcp -- npx -y macos-vision-mcp
claude mcp add pseudonym-mcp -- npx -y pseudonym-mcp --engines hybrid

πŸ’‘ Real-World Use Cases

πŸ“‹ 1. Summarise a scanned contract

You have a PDF scan of a lease agreement in your vault:

vault/legal/lease_agreement_2026.pdf

In Claude Desktop or Claude Code:

Extract text from vault/legal/lease_agreement_2026.pdf using macos-vision-mcp,
then mask all PII with pseudonym-mcp (save the session_id),
then summarise the key obligations, deadlines, and termination conditions.
Finally, restore the response using the session_id.

πŸ” What happens:

✍️ 2. Transcribe handwritten notes

You photograph a page from your notebook and drop it into the vault:

vault/journal/2026-04-12.jpg

Transcribe my handwritten note at vault/journal/2026-04-12.jpg
and save it as vault/journal/2026-04-12.md

Apple Vision handles handwriting recognition natively. The resulting Markdown note is fully searchable inside Obsidian. πŸ”

πŸ’° 3. Categorise monthly expenses

You keep iPhone camera scans of receipts in your vault:

vault/finance/receipts/april/

Extract text from all images in vault/finance/receipts/april/,
mask PII with pseudonym-mcp (single session for all files),
then create a categorised expense summary for April 2026
and save it as vault/finance/2026-04-summary.md

Credit card numbers, account holders, and names are tokenised before Claude sees them. πŸ”

πŸ”­ 4. Query your entire vault with a persistent session

This is the most powerful use case β€” a session that spans multiple notes:

# Step 1: mask vault notes, save the session_id
Use mask_text on all notes in vault/work/ β€” remember the session_id

# Step 2: ask anything
Which clients did I meet most frequently in Q1 2026?
What were the main topics across my meetings with [PERSON:1]?

# Step 3: restore when done
Use unmask_text with the saved session_id on the response

πŸ’‘ [PERSON:1] always refers to the same person across all notes in the session β€” Claude can reason about relationships and patterns without ever knowing real identities.

πŸ₯ 5. Medical notes without HIPAA risk

vault/health/2026-03-cardiology-visit.md

Mask this note with pseudonym-mcp, then explain the diagnosis in plain language
and suggest questions I should ask at my next appointment.

Your doctor’s name, SSN, and diagnosis are tokenised locally. The cloud provider never processes your Protected Health Information (PHI). No Business Associate Agreement (BAA) required. βœ…

⚑ One-Click Privacy β€” Built-in Prompt Templates

Instead of typing the full pipeline every time, pseudonym-mcp ships two built-in prompt templates that chain masking, the LLM task, and unmasking automatically.

pseudonymize_task β€” inline text

/pseudonymize_task text="Meeting with Jan Kowalski (PESEL: 90010112318). Contract: 45 000 zΕ‚." task="Extract action items"

What happens:

  1. pseudonym-mcp masks PII locally β†’ [PERSON:1], [PESEL:1]
  2. Claude processes the anonymized text
  3. pseudonym-mcp restores originals in the response

Optional lang argument: en (default) or pl.

privacy_scan_file β€” file or PDF

Requires macos-vision-mcp to be installed alongside pseudonym-mcp.

/privacy_scan_file filePath="/Users/me/vault/contracts/nda.pdf" task="Summarize obligations and deadlines"

What happens:

  1. macos-vision-mcp extracts text from the file locally via Apple Vision
  2. pseudonym-mcp masks all PII before sending anything to the cloud
  3. Claude processes the anonymized content
  4. pseudonym-mcp restores originals before the response is shown

Optional arguments: task (default: summarize the key points), lang (en or pl).

πŸ›‘οΈ What Gets Protected

πŸ‡ΊπŸ‡Έ English PII (--lang en, default)

Token Covers
[PERSON:1] πŸ‘€ Full names (via Ollama NER)
[SSN:1] πŸͺͺ Social Security Numbers β€” with area-number validation
[CREDIT_CARD:1] πŸ’³ 13–19 digit card numbers β€” with Luhn checksum
[EMAIL:1] πŸ“§ Email addresses
[PHONE:1] πŸ“± US phone formats
[ORG:1] 🏒 Organisation names (via Ollama NER)

🌍 International users: --lang pl adds support for PESEL (national ID), Polish IBAN, and Polish phone formats.

πŸ”’ Privacy Guarantees

βš–οΈ Regulatory Alignment

Regulation Who it affects How the pipeline helps
πŸ‡ΊπŸ‡Έ HIPAA Healthcare providers, patients PHI never reaches a non-BAA cloud provider
πŸ’³ PCI DSS 3.4 Anyone storing card data Card numbers masked before LLM transit
πŸ‡ΊπŸ‡Έ CCPA / CPRA California residents & businesses Minimises personal data sent to third-party processors
🏒 SOC 2 SaaS & enterprise Demonstrates PII leaves no trust boundary
πŸ‡ͺπŸ‡Ί GDPR Art. 44 EU users & businesses If no personal data is transferred, cross-border restrictions do not apply

⚠️ Note: Pseudonymisation does not equal anonymisation β€” the data remains personal data in your local system. However, it substantially reduces risk and demonstrates compliance with accountability principles.

🌿 Why This Matters for Obsidian Users Specifically

Obsidian’s core philosophy is local-first: your data lives on your device, in plain text, under your control. Every file is yours.

Cloud AI plugins break this contract the moment they send vault content upstream. macos-vision-mcp + pseudonym-mcp extend the local-first principle to AI: ☁️ cloud model quality, 🏠 local data sovereignty.

Your second brain stays yours. πŸ§ πŸ”’

πŸ“¦ Quick Start Reference

// Claude Desktop β€” ~/Library/Application Support/Claude/claude_desktop_config.json
{
  "mcpServers": {
    "macos-vision-mcp": {
      "command": "npx",
      "args": ["-y", "macos-vision-mcp"]
    },
    "pseudonym-mcp": {
      "command": "npx",
      "args": ["-y", "pseudonym-mcp", "--engines", "hybrid"]
    }
  }
}

# Claude Code
claude mcp add macos-vision-mcp -- npx -y macos-vision-mcp
claude mcp add pseudonym-mcp -- npx -y pseudonym-mcp --engines hybrid

# Optional: full NER (names + organisations)
ollama pull llama3

πŸ”— Links