Vaultbeat

Vaultbeat MCP Server

Apple Health MCP Server — live sleep, cycle, weight & more for your AI agent

Vaultbeat's local MCP server gives Claude Code, Claude Desktop, and any MCP-capable agent read access to your — and your partner's — Apple Health data. Everything is end-to-end encrypted and synced continuously in the background: the cloud only ever holds ciphertext, decryption happens on your machine, and there are no manual exports.

Requires the Vaultbeat — AI Health Sync iOS app with a Pro subscription, and Python 3.11+ on the machine where your agent runs. The server is open source on GitHub.

Connect Apple Health to Claude Code

1

Get the app + Pro

Install Vaultbeat — AI Health Sync on your iPhone and subscribe to Pro — the MCP agent interface is the Pro tier. The app starts syncing your Apple Health data end-to-end encrypted in the background.

2

Install & bind

On the computer where your agent runs, verify the server with uvx (no clone, no venv), then start pairing:

uvx vaultbeat-mcp status
uvx vaultbeat-mcp bind

bind generates a Curve25519 keypair on your machine and prints a QR code. In the Vaultbeat iOS app, open Settings → Data & AI → MCP Server and scan it. From that moment your iPhone seals an encrypted copy of each record for this machine — the private key stays in ~/.tether/mcp-local and is never uploaded anywhere.

3

Add it to Claude Code

claude mcp add vaultbeat-health -- uvx vaultbeat-mcp serve --transport stdio

Done. Ask Claude: “How did we sleep last night?” Reads are cache-first on your own machine (10-minute TTL by default), so repeat queries answer in about 0.2 seconds.

Setting this up with an agent? Point it at tetherme.app/skill.md — machine-readable setup instructions it can follow directly.

Claude Desktop setup

After binding (steps 1–2 above), add this to your claude_desktop_config.json:

{
  "mcpServers": {
    "vaultbeat-health": {
      "command": "uvx",
      "args": ["vaultbeat-mcp", "serve", "--transport", "stdio"]
    }
  }
}

Works with any MCP client

The server speaks standard MCP over two transports. For clients that spawn a subprocess, use stdio:

vaultbeat-mcp serve --transport stdio

For clients that connect over HTTP, a streamable-HTTP endpoint is available:

vaultbeat-mcp serve --transport http

HTTP binds to loopback only by default and requires a bearer token; binding a non-loopback address fails closed unless explicitly allowed. Hermes, OpenClaw, and any other MCP-capable agent connect the same way.

What your agent can read

The server currently exposes 16 tools, and every data tool takes an owner filter so you can ask about one person at a time. Sensitive categories reach the server only if the data owner explicitly opts in from the iOS app — they are off by default and never re-exported.

ToolReturns
vaultbeat_statusLocal binding state — never exposes keys or tokens
vaultbeat_start_bindingGenerate a fresh QR binding payload for the iOS app to scan
vaultbeat_poll_bindingPoll once for the iOS authorization to complete binding
vaultbeat_sync_sleepRecent sleep sessions with heart-rate samples; per-day primary-session selection matching the iOS app
get_sleep_detailPer-night heart-rate + respiratory-rate + sleep-stage timeline
get_water_intakeDaily water intake plus a computed daily average
get_weight_trendDaily weights with latest / average / min / max and a weekly trend rate
get_menstrual_cycleopt-in onlyCycle samples plus a next-period prediction
get_symptomsopt-in onlyHealthKit symptom days, grouped by data owner
get_notesopt-in onlyFree-text day annotations with their writer
get_activityDaily activity rings: steps, energy, exercise minutes, stand hours, distance
get_resting_hrResting heart-rate records with the window mean
get_workoutsWorkout records: type, duration, calories, distance
get_mindfulnessMindful sessions and minutes per day
get_hrvHeart-rate variability (SDNN) records with the window mean
get_wrist_tempSleeping wrist-temperature baseline deviation

The full, current tool list lives in the GitHub README.

Why not just export my Apple Health XML?

Most Apple Health MCP servers work on a manual export: you generate an XML or CSV dump, import it, and query a snapshot that is stale the moment it lands. Vaultbeat takes a different approach — the iOS app syncs continuously in the background, so your agent always reads current data.

Export-based MCP serversVaultbeat
FreshnessManual XML/CSV export — a stale snapshot from the moment it landsContinuous background sync — always current
WorkflowRe-export and re-import every time you want new dataBind once with a QR scan; your agent just asks
PeopleSingle user onlyCouples — your partner's data too, with their explicit per-category consent
SecurityPlaintext export files sitting on diskE2EE — the cloud holds ciphertext only; keys never leave your devices

How the end-to-end encryption works

Every health record is encrypted on your iPhone before it leaves the device: the record is sealed with AES-GCM, and its key is wrapped for each authorized recipient using Curve25519 ECDH with HKDF-SHA256 — one envelope for you, one for your partner if sharing is on, one for each machine you pair. The cloud stores and routes ciphertext only; we hold no decryption keys and cannot read your health data — architecturally, not just by policy. When you bind a machine, it generates its own Curve25519 keypair, and the private key stays in ~/.tether/mcp-local with owner-only permissions — it is never uploaded anywhere. Decryption happens in exactly the places you chose: your own devices, an opted-in partner's device, and the machine your agent runs on. The decryption code is open source — audit it.

Frequently asked questions

Do I need an Apple Watch?

No. Without a Watch, Vaultbeat uses Apple’s on-device Motion & Fitness inference on your iPhone to record sleep sessions, and your agent reads them the same way. An Apple Watch adds stage-level detail (core, deep, REM) and heart-rate samples during sleep — when both sources exist, Vaultbeat automatically prefers the Watch record.

Can my agent read my partner’s data?

Yes — with their explicit consent, granted per category from their own phone. Vaultbeat is the only health app on the App Store designed to be read by your own AI agent, and that extends to partner data: ask Claude Code, Hermes, or OpenClaw how your partner slept, and it answers from the records they chose to share. Sensitive categories are off by default and revocable at any time.

Which plan do I need?

The MCP agent interface is Vaultbeat Pro: $9.99/month, $79.99/year, or $149.99 lifetime. Pro includes everything in Plus (full history and trend charts). Recording your health and sharing it with your partner are free — partner sharing is never paywalled.

Is my data used to train AI?

No — and not just as a policy promise: it is impossible by design. The cloud stores ciphertext only, and Vaultbeat holds no decryption keys, so there is nothing readable to train on. Your data is decrypted in exactly three user-chosen places: your own devices, an opted-in partner’s device, and the machine you explicitly paired.

Not here for the agent? Vaultbeat also lets you share sleep data with your partner — that part is free. Questions? Email support@tetherme.app or open an issue on vaultbeat-community.