Vaultbeat MCP Server
Apple Health MCP Server — live sleep, cycle, weight & more for your AI agent
Vaultbeat's local MCP server gives Claude Code, Claude Desktop, and any MCP-capable agent read access to your — and your partner's — Apple Health data. Everything is end-to-end encrypted and synced continuously in the background: the cloud only ever holds ciphertext, decryption happens on your machine, and there are no manual exports.
Requires the Vaultbeat — AI Health Sync iOS app with a Pro subscription, and Python 3.11+ on the machine where your agent runs. The server is open source on GitHub.
Connect Apple Health to Claude Code
Get the app + Pro
Install Vaultbeat — AI Health Sync on your iPhone and subscribe to Pro — the MCP agent interface is the Pro tier. The app starts syncing your Apple Health data end-to-end encrypted in the background.
Install & bind
On the computer where your agent runs, verify the server with uvx (no clone, no venv), then start pairing:
uvx vaultbeat-mcp statusuvx vaultbeat-mcp bindbind generates a Curve25519 keypair on your machine and prints a QR code. In the Vaultbeat iOS app, open Settings → Data & AI → MCP Server and scan it. From that moment your iPhone seals an encrypted copy of each record for this machine — the private key stays in ~/.tether/mcp-local and is never uploaded anywhere.
Add it to Claude Code
claude mcp add vaultbeat-health -- uvx vaultbeat-mcp serve --transport stdioDone. Ask Claude: “How did we sleep last night?” Reads are cache-first on your own machine (10-minute TTL by default), so repeat queries answer in about 0.2 seconds.
Claude Desktop setup
After binding (steps 1–2 above), add this to your claude_desktop_config.json:
{
"mcpServers": {
"vaultbeat-health": {
"command": "uvx",
"args": ["vaultbeat-mcp", "serve", "--transport", "stdio"]
}
}
}Works with any MCP client
The server speaks standard MCP over two transports. For clients that spawn a subprocess, use stdio:
vaultbeat-mcp serve --transport stdioFor clients that connect over HTTP, a streamable-HTTP endpoint is available:
vaultbeat-mcp serve --transport httpHTTP binds to loopback only by default and requires a bearer token; binding a non-loopback address fails closed unless explicitly allowed. Hermes, OpenClaw, and any other MCP-capable agent connect the same way.
What your agent can read
The server currently exposes 16 tools, and every data tool takes an owner filter so you can ask about one person at a time. Sensitive categories reach the server only if the data owner explicitly opts in from the iOS app — they are off by default and never re-exported.
| Tool | Returns |
|---|---|
| vaultbeat_status | Local binding state — never exposes keys or tokens |
| vaultbeat_start_binding | Generate a fresh QR binding payload for the iOS app to scan |
| vaultbeat_poll_binding | Poll once for the iOS authorization to complete binding |
| vaultbeat_sync_sleep | Recent sleep sessions with heart-rate samples; per-day primary-session selection matching the iOS app |
| get_sleep_detail | Per-night heart-rate + respiratory-rate + sleep-stage timeline |
| get_water_intake | Daily water intake plus a computed daily average |
| get_weight_trend | Daily weights with latest / average / min / max and a weekly trend rate |
| get_menstrual_cycleopt-in only | Cycle samples plus a next-period prediction |
| get_symptomsopt-in only | HealthKit symptom days, grouped by data owner |
| get_notesopt-in only | Free-text day annotations with their writer |
| get_activity | Daily activity rings: steps, energy, exercise minutes, stand hours, distance |
| get_resting_hr | Resting heart-rate records with the window mean |
| get_workouts | Workout records: type, duration, calories, distance |
| get_mindfulness | Mindful sessions and minutes per day |
| get_hrv | Heart-rate variability (SDNN) records with the window mean |
| get_wrist_temp | Sleeping wrist-temperature baseline deviation |
The full, current tool list lives in the GitHub README.
Why not just export my Apple Health XML?
Most Apple Health MCP servers work on a manual export: you generate an XML or CSV dump, import it, and query a snapshot that is stale the moment it lands. Vaultbeat takes a different approach — the iOS app syncs continuously in the background, so your agent always reads current data.
| Export-based MCP servers | Vaultbeat | |
|---|---|---|
| Freshness | Manual XML/CSV export — a stale snapshot from the moment it lands | Continuous background sync — always current |
| Workflow | Re-export and re-import every time you want new data | Bind once with a QR scan; your agent just asks |
| People | Single user only | Couples — your partner's data too, with their explicit per-category consent |
| Security | Plaintext export files sitting on disk | E2EE — the cloud holds ciphertext only; keys never leave your devices |
How the end-to-end encryption works
Every health record is encrypted on your iPhone before it leaves the device: the record is sealed with AES-GCM, and its key is wrapped for each authorized recipient using Curve25519 ECDH with HKDF-SHA256 — one envelope for you, one for your partner if sharing is on, one for each machine you pair. The cloud stores and routes ciphertext only; we hold no decryption keys and cannot read your health data — architecturally, not just by policy. When you bind a machine, it generates its own Curve25519 keypair, and the private key stays in ~/.tether/mcp-local with owner-only permissions — it is never uploaded anywhere. Decryption happens in exactly the places you chose: your own devices, an opted-in partner's device, and the machine your agent runs on. The decryption code is open source — audit it.
Frequently asked questions
Do I need an Apple Watch?
No. Without a Watch, Vaultbeat uses Apple’s on-device Motion & Fitness inference on your iPhone to record sleep sessions, and your agent reads them the same way. An Apple Watch adds stage-level detail (core, deep, REM) and heart-rate samples during sleep — when both sources exist, Vaultbeat automatically prefers the Watch record.
Can my agent read my partner’s data?
Yes — with their explicit consent, granted per category from their own phone. Vaultbeat is the only health app on the App Store designed to be read by your own AI agent, and that extends to partner data: ask Claude Code, Hermes, or OpenClaw how your partner slept, and it answers from the records they chose to share. Sensitive categories are off by default and revocable at any time.
Which plan do I need?
The MCP agent interface is Vaultbeat Pro: $9.99/month, $79.99/year, or $149.99 lifetime. Pro includes everything in Plus (full history and trend charts). Recording your health and sharing it with your partner are free — partner sharing is never paywalled.
Is my data used to train AI?
No — and not just as a policy promise: it is impossible by design. The cloud stores ciphertext only, and Vaultbeat holds no decryption keys, so there is nothing readable to train on. Your data is decrypted in exactly three user-chosen places: your own devices, an opted-in partner’s device, and the machine you explicitly paired.
Not here for the agent? Vaultbeat also lets you share sleep data with your partner — that part is free. Questions? Email support@tetherme.app or open an issue on vaultbeat-community.