$cat connect-chatgpt-claude-to-your-notes.md

How to Give ChatGPT and Claude Access to Your Notes (Remote MCP)

11 min readby MDflowview as .md
Two glowing emerald AI agent cores connected over a network cloud to a floating cluster of markdown documents and a folder, on a dark terminal-grid background

Every few days, the same small ritual repeats. You open ChatGPT or Claude, and before you can ask anything useful you paste in the same background you pasted last week — the project brief, the API notes, the decisions you already made. The model is brilliant and completely amnesiac. Your knowledge lives in one place; your AI lives in another; and you are the copy-paste bridge between them.

Remote MCP is how you retire that ritual. Instead of pasting your notes into the chat, you give the model a live connection to where they actually live — and you do it without installing anything on your machine.

TL;DR — A remote MCP server lets ChatGPT and Claude read and write your notes over HTTPS, with no local server to run. MDflow hosts one at https://mdflow.cz/api/mcp. You create a Personal Access Token, drop it into a header, and connect. It works today with Claude Code, Cursor, VS Code, and the OpenAI Responses API directly; ChatGPT (developer mode) and Claude Desktop connect through their remote-connector paths. Start free and connect an agent.

What is a remote MCP server?

A remote MCP server is a Model Context Protocol server you reach over the network at an HTTPS URL, rather than a program you launch on your own computer. The Model Context Protocol is the open standard — introduced by Anthropic in late 2024 and now adopted across the industry — for how an AI client discovers and calls external tools. "Remote" just describes where the server runs: on the vendor's infrastructure, not yours.

That distinction matters more than it sounds. The original MCP servers were local: you cloned a repo, installed Node.js or Python, and your desktop app spawned the server as a stdio subprocess. It worked, but it meant every user maintained a little server on their laptop. A remote server flips that around. The vendor runs one server; every client connects to the same URL over MCP's Streamable HTTP transport; and connecting is reduced to paste a URL, add a credential.

Here is the entire connection, for Claude Code:

claude mcp add --transport http mdflow https://mdflow.cz/api/mcp \
  --header "Authorization: Bearer mdf_your_token_here"

No download, no npm install, nothing to keep running. The server is hosted, so it is always on the latest version, and the same endpoint serves every client the same set of tools.

MDflow's remote server is deliberately stateless: no session IDs, plain JSON responses, one POST per JSON-RPC message. Unauthenticated requests get a 401 with a WWW-Authenticate challenge and setup instructions right in the body — so a well-behaved agent can tell you exactly what it needs.

Why remote MCP is useful

Remote MCP is useful because it turns "my notes" into "a place my AI can reach" — cleanly, for two different audiences.

For you, the person, it removes setup as a barrier.

  • Nothing to install. No runtime, no local process, no version drift. If you can paste a URL into a settings box, you can connect.
  • Every client, one endpoint. The same https://mdflow.cz/api/mcp works from Claude Code, Cursor, VS Code, and the OpenAI Responses API. Learn it once.
  • Always current. Because the server is hosted, new tools and fixes show up without you upgrading anything.
  • Revocable. Access is a Personal Access Token. Rotate or revoke it from Settings and the connection is cut — no files to hunt down on disk.

For the AI agent, it turns a blank slate into grounded context.

  • Read your real knowledge, not a summary. The agent fetches actual markdown documents — the source of truth — rather than whatever you remembered to paste.
  • Retrieve by topic, not by filename. MDflow's mdflow_get_context tool ranks folder descriptions first, then titles, then returns the best-matching document bodies, so the agent gets relevant context instead of your entire workspace.
  • Write back, not just read. The same connection lets an agent create, update, move, and share documents — so it can maintain the knowledge base, not just consume it.
  • Structured and portable. Everything is plain markdown with YAML frontmatter, so what the agent reads is exactly what you'd read, and it survives any change of tool or model.

Which clients work today

Remote MCP support is real but uneven across clients, and being honest about that saves you an afternoon of frustration. Here is the state of play for connecting to an authenticated remote server like MDflow with a Personal Access Token (a static Authorization: Bearer header).

  1. Claude Code — the smoothest path. One claude mcp add --transport http … --header command and you are connected. Native custom-header support.
  2. Cursor — native Streamable HTTP. Add the server URL and an Authorization header to ~/.cursor/mcp.json (global) or .cursor/mcp.json (per project).
  3. VS Code and MCP SDK clients — any client that can attach an Authorization header to a remote MCP connection works the same way.
  4. OpenAI Responses API (ChatGPT's developer surface) — pass a remote MCP tool with a custom headers object in the request. This is how you wire ChatGPT-family models to an authenticated server programmatically.
  5. ChatGPT app (developer mode) — ChatGPT supports remote MCP connectors only, and developer mode lets Plus, Pro, Business, Enterprise, and Edu accounts add custom ones. Header-based static credentials are still maturing in the consumer UI; the OAuth path is the smoothest there, and for MDflow, OAuth support is on the roadmap.
  6. Claude Desktop — reaches a remote server through the mcp-remote stdio bridge (which needs Node.js). It is a thin local shim, not the MDflow server running on your machine:
{
  "mcpServers": {
    "mdflow": {
      "command": "npx",
      "args": [
        "mcp-remote",
        "https://mdflow.cz/api/mcp",
        "--header",
        "Authorization:Bearer mdf_your_token_here"
      ]
    }
  }
}

The one honest caveat: Claude.ai's and the ChatGPT app's native custom-connector pickers currently expose OAuth client id/secret rather than a free-form Bearer header. So if your server authenticates with a static token today — as MDflow's does — reach it from a header-capable client (Claude Code, Cursor, VS Code, the Responses API, or Claude Desktop via mcp-remote). OAuth is the direction both apps are heading, and MDflow is building toward it.

How MDflow fits

MDflow was built to be the place your notes live and the place your AI reaches — so remote MCP is not a bolt-on, it is the front door.

What already works today

A hosted remote MCP server, no setup. MDflow runs the server at https://mdflow.cz/api/mcp over Streamable HTTP. Create a Personal Access Token (it starts with mdf_), put it in your client's Authorization header, and you are connected — there is nothing to download or keep running. A local stdio server is available too, for people who prefer a process on their own machine, but it is entirely optional and exposes the same tools.

Tools that read and write. The server is not a read-only feed. Agents can list and open workspaces, folders, and documents (each carrying its full path and a compounded description), create and update markdown bodies, rename, move, and delete, and control both public link sharing and private email sharing. Your AI can keep the knowledge base current, not just read it.

Context retrieval that beats a keyword grep. mdflow_get_context is the tool agents call most. Give it a topic and it scores folder descriptions first — the description you write on a folder is the primary ranking signal — then names and titles, then returns the most relevant document bodies as readable markdown plus structured JSON. Optionally scope it to a single workspace. It is retrieval without you standing up a vector database.

Raw markdown twins for the agents that can't speak MCP. Not every tool is MCP-capable yet. Every shared MDflow document also has a plain-markdown twin — append .md to its share URL — served with YAML frontmatter and open CORS, so any agent that can fetch a URL can read and cite it in one request.

Discovery already published. MDflow ships the surrounding layers so an agent can find its way in: an llms.txt index, a self-contained docs.md agent manual, an A2A agent card at the well-known location, and an OpenAPI 3.1 spec. The same operations are available as a plain HTTP API with the same token, so scripts and CI can use them too.

Security you control. The token belongs in your client config, never in a prompt — MDflow's server refuses to accept it as a tool argument. Tokens are workspace-scoped, cover write and delete, require MDflow Pro, and can be revoked instantly. The rate limit is 30 requests per minute per token, with Retry-After on 429.

Where we are headed

This is direction, not a dated commitment, but it is the shape of our thinking:

  • OAuth for the consumer apps. Adding an OAuth flow so MDflow appears directly in Claude.ai's and the ChatGPT app's native custom-connector pickers — a one-click "Connect MDflow" with no header to paste.
  • Scoped tokens. Read-only and folder-scoped Personal Access Tokens, so you can hand an agent exactly the access it needs and nothing more.
  • Collection-level context. Serving a whole collection to an agent as one cross-linked bundle over the remote server, so it can pull an entire curated knowledge set in a single call.
  • Richer discovery. Continuing to keep llms.txt, the agent card, and the OpenAPI spec in lock-step with the MCP tools, so new capabilities are discoverable the moment they ship.

The bottom line

Giving ChatGPT and Claude access to your notes used to mean either endless copy-paste or babysitting a local server. Remote MCP removes both: a hosted server, a URL, and a token you control. Your knowledge stays in one place, portable and yours, while your AI reads and updates it on demand.

MDflow is that place — markdown-native storage with a hosted remote MCP server, context retrieval, write-back, and raw .md twins for the tools that need them. Connect the client you already use and stop re-explaining yourself.

Start free · Connect an AI agent · Read the API docs

Frequently asked questions

What is a remote MCP server?

A remote MCP server is a Model Context Protocol server you reach over HTTPS instead of running as a process on your own machine. The client (ChatGPT, Claude, Cursor) connects to a URL, authenticates, and calls the server's tools. Because the server is hosted, there is nothing to install, no Node.js to manage, and it is always up to date. MDflow's remote MCP server lives at https://mdflow.cz/api/mcp.

Can I connect ChatGPT to my notes with a remote MCP server?

Yes, through ChatGPT's developer mode, which lets Plus, Pro, Business, Enterprise, and Edu accounts add custom remote MCP connectors, and through the OpenAI Responses API, which accepts a remote MCP tool with a custom Authorization header. The consumer ChatGPT connector UI currently prefers OAuth for authenticated servers, so passing a static Personal Access Token is easiest via developer mode or the Responses API today.

Can I connect Claude to my notes with a remote MCP server?

Yes. Claude Code connects in one command with a custom header (claude mcp add --transport http). Cursor and VS Code accept a remote MCP URL plus an Authorization header natively. Claude Desktop reaches a remote server through the mcp-remote bridge. Claude.ai's native custom-connector picker currently exposes OAuth client id/secret rather than a static Bearer token, so use one of the header-capable clients for a Personal Access Token.

Do I need to run a local server to connect my AI to markdown notes?

No. With a hosted remote MCP server you connect a client to a URL and authenticate — there is no local process to install or keep running. MDflow also offers a local stdio server for people who prefer a process on their own machine, but it is optional; the remote server exposes the same tools.

Is my Personal Access Token safe to use with remote MCP?

Yes, if you keep it where it belongs: in your MCP client configuration, never in a chat prompt or a tool argument. MDflow's server deliberately refuses to accept the token as a tool parameter. Tokens grant workspace-level access — including write, delete, and sharing — and can be revoked at any time from Settings.

Further reading