🚀 Bear 2.8: BearCLI, Claude Connector, and MCP server

AI has become a genuinely useful part of how a lot of people work, and we’ve spent a good while thinking about what that means for Bear. We didn’t want to bolt something on, hand your notes to a third party. Instead, we built something that gets out of the way and lets you decide what connects to Bear and how.

Today we’re introducing BearCLI with Claude Connector and MCP server to open a whole new world for developers, power users, and anyone who wants to connect Bear to the tools they already use.

Bear CLI

BearCLI is a command-line tool bundled directly inside Bear. It lets you read, search, create, and edit notes from outside the app from a terminal, a script, or any tool that can run a shell command. Run bearcli -h to see everything it can do. For full installation instructions, see the support page.

1024×846 123 KB

Claude Connector

For Claude users, this is the most direct way to put your notes to work. Install it from Bear’s top menu Help → Advanced → Install Claude Connector, and Bear handles the rest. After that, you can open Claude and have a real conversation with your notes: ask questions, make changes, or create new ones, all in natural language. It’s built on BearCLI under the hood, so everything that works in the CLI works here too.

Once you set up, the kinds of things you can ask become surprisingly useful, and occasionally a little philosophical:

• “Find all notes tagged #todo that haven’t been edited in over 30 days”
• “List all notes I created this week, sorted by last modified”
• “Find all empty notes and move them to the trash”
• “Based on everything in my notes, what kind of person do you think I am?”

That last one is our favorite.

1024×862 92.1 KB

MCP Server

The MCP Server is for tools that speak the MCP protocol like Claude Code or certain IDEs. If you’re building workflows or working in an environment that supports MCP, bearcli mcp-server gives those tools direct access to your Bear notes with no extra setup. You can read here for more information about MCP Server and how to use it.

Your notes, your tools

When we chose Markdown as Bear’s foundation, the reason wasn’t just technical. It was because an open format means your notes aren’t locked to any single app or use case. Your notes stay yours, whatever happens. We think about the CLI the same way. It’s a general-purpose tool that doesn’t know or care what’s on the other end. Nothing connects to your notes unless you set it up, and no notes are shared with any tool until you choose to. This just gives you more ways to use it.

Try it now!

Update Bear now on macOS to try it out. Kind reminder: It’s always a good idea to make a backup before you start anything adventurous. For the full setup guide and command reference, see the support page.

Comment below to tell us what you build with BearCLI, we’d love to know!

Happy writing!

What’s up with this grey box with the save button?

CleanShot 2026-04-29 at 12.02.09@2x1920×1443 308 KB

Exciting to see this! One thought I had while reading the docs is that it would be nice if bearcli had options to scope the visibility/permissions of accessible notes, eg. either to make certain notes readonly, or to control eg. which tags are visible to tools/MCP clients using bearcli to access note data. Really cool to see progress in this area, and it’s nice to have a supported command-line interface to Bear since it makes interacting with notes data computationally much easier – I previously had some hacked-together Shortcut automations that I’m going to see if I can port over to bearcli. Thanks!

This is a Claude bug, the Save button only activates when changes are detected in the box. As a workaround, try adding a space and deleting it, that should do the trick!

This is a great leap forward. However, I can’t believe that hashtag exclusions weren’t part of the spec. Sometimes you want the AI to only see certain hashtags and not see other, more sensitive subjects. Could we have this as an update soon, please?

edit Edit a note by finding exact string and replacing or inserting

Fantastic. Finally we have a way to do bulk find and replace!

It seems edit and search-in do not accept regex. Is it because they use the same engine as Bear’s in-app find and replace?

Well documented CLI! Very helpful. I think you’re just scratching the surface on how important this tool can become.

Unbelievable. What a stupid decision.

I was hoping that a European company wouldn’t do this. Yes I know it’s optional, bla bla bla.

But what if those notes contains information from sources/persons that don’t want have BT AI access to it?

Adding this will motivate users to take a look at AI agents. These agents are a big risk and will lead to more privacy violations, like reading and scraping data from unwanted sources.

Last week I ended my Fastmail subscription for adding MCP. So now I’m ending my Bear subscription.

Luckily there are still apps/services that do get it (no AI).

Hi,

just upgraded to 2.8 on macOS 26.4 (M4 max). BearCLI failed.

bearcli                                                                                                       [0]
dyld[44228]: Library not loaded: @rpath/BearModel.framework/Versions/A/BearModel
  Referenced from: <C629C530-5EBE-3F79-B184-3A3298D1D72C> /usr/local/bin/bearcli
  Reason: tried: '/usr/lib/swift/BearModel.framework/Versions/A/BearModel' (no such file, not in dyld cache), '/System/Volumes/Preboot/Cryptexes/OS/usr/lib/swift/BearModel.framework/Versions/A/BearModel' (no such file), '/usr/local/bin/BearModel.framework/Versions/A/BearModel' (no such file), '/usr/local/Frameworks/BearModel.framework/Versions/A/BearModel' (no such file), '/usr/lib/swift/BearModel.framework/Versions/A/BearModel' (no such file, not in dyld cache), '/System/Volumes/Preboot/Cryptexes/OS/usr/lib/swift/BearModel.framework/Versions/A/BearModel' (no such file), '/usr/local/bin/BearModel.framework/Versions/A/BearModel' (no such file), '/usr/local/Frameworks/BearModel.framework/Versions/A/BearModel' (no such file)
zsh: abort      bearcli

thanks

Just to clarify: no AI was added to Bear. What we shipped is an official way to hook external tools into your data via the CLI. This was already possible through 3rd party solutions, but those were brittle and could potentially corrupt or mishandle your notes, the CLI removes that risk.

The Claude Connector is completely optional and needs to be installed separately alongside Claude Desktop. Nothing leaves your device unless you actively set it up and use it. If you don’t install it, nothing changes about how Bear handles your notes.

We hear you on the broader worry about notes containing info from other people. That’s exactly why we’ve baked in multiple safeguards, and more are on the way. Realistically, AI agents aren’t going away, and there were already several 3rd party MCPs for Bear floating around. We’d rather provide an official, safer path than leave people to use unverified 3rd party tools.

Our focus remains on making Bear better and giving you more ownership of your data. Sorry to see you go, but we appreciate you sharing the feedback.

Yes, the CLI just leverage the exact same search engine that we have in Bear

We are working on workspaces and that will provide a way to scope your data both in the App and in the CLI/MPC

Ah thats cool and will definitely help. Still feel like tag exclusions - maybe just for CLI interactions because its cleaner - could provide more reassurance for the privacy aware

We will likely have filtering on a tag to get the same functionality as workspaces, but we could also have an exclusion for tags. How would you use it with your notes? What would be most useful to you?

So let’s say you implement workspaces, and I have a personal workspace and a work workspace.

Within the personal workspace, I might be okay with an AI tool having access to health information, but I wouldn’t want to see anything that’s tagged financial, for example.

In my work workspace, I may be okay with Claude seeing my client tags, but I wouldn’t want to see all my client rejection tags or billing tags, for example.

The thing is that people will ultimately have more tags than they will workspaces. You don’t want to end up with like 10 workspaces just so you can have an element of separation on a tag basis.

Realistically, I can only see people, maybe excluding a certain handful of tags. I don’t think it makes sense to do on an inclusion basis.

Bug report:

When Claude reads a note, highlighted content like ==🔵29w== is read as ==🔵 29w== — an extra space gets inserted inside the highlight markers. After the note is updated with this content, the extra space breaks the highlight rendering.

I am not sure if this is a bug as much as Claude not knowing our syntax for colored highlight. We could perhaps give the AI client a short summary of our extended syntax. Will write a note about it. Maybe for a future version.

First of all, thanks for introducing bearcli, a convenient tool for accessing Bear notes from other apps.

However, this also raises some concerns. macOS limits access to the data of sandboxed apps (including Bear), and other APIs to access Bear notes, such as x-callback URLs, provide protection mechanisms, e.g. they require a token to read a note.

bearcli, however, allows any locally running app to access Bear notes without further restrictions. In particular, I can run it to get the list of my notes from a terminal (iTerm in my case) and then get the note text given the note ID, all without granting the terminal app any extra permissions (e.g. I haven’t granted it Full Disk Access).

Would it be possible to limit the use of bearcli to specific apps or have a setting to switch it off entirely if I don’t need it?

Hello!

Thanks for the kind words and the thoughtful question, but there’s a small misunderstanding about how the macOS security model works that I’d like to clear up.

Sandboxed apps (like Bear and bearcli) are restricted by Apple from accessing data outside what you’ve explicitly granted them. That’s the whole point of the sandbox.

Non-sandboxed apps (like iTerm, in your example) are a different story: they already have unrestricted access to your files, regardless of bearcli. Even without it, that terminal could read pretty much anything in your home folder and send it to a remote server: your notes, your documents, your SSH keys, you name it. bearcli doesn’t really change the threat model here; it just makes accessing notes more convenient for tools that already have the keys to the kingdom.

So the rule of thumb is: if you run a non-sandboxed app, you need to fully trust it. If you run a sandboxed app and you’re careful about the permissions you grant, you’re mostly safe.

For x-callback URLs, the token requirement exists because any app on the system can trigger them (including ones with no file access at all) so the token is what gates access. bearcli operates in a different context where that gating already exists at the OS level (file permissions).

Hope this clears things up! Let me know if you have other questions.

Bear just did a huge privacy mistake, enabling the CLI by default. It would be great to make “default off”. Or at least allowing to disable it via UI.

@matteo that’s false. Macos has System Integrity Protection. Macos notes can’t be accessed by a terminal app, because “Full Disk Access” permission is required. It can’t be circumvented. Do this on a fresh mac or a mac which hadn’t given the permissions to terminal.app: ls ~/Library/Group\ Containers/group.com.apple.notes. It would return “Operation not permitted”.

Meanwhile with Bear it’s completely different story. All notes are accessible via a simple script below:

import { execSync } from 'node:child_process';
const ecmd = (cmd) => execSync(`/Applications/Bear.app/Contents/MacOS/bearcli ${cmd}`).toString('utf-8').trim();
const ids = ecmd('list').split('\n').map(line => line.split('\t')[0]);
const notes = ids.map(id => {
  try { return ecmd(`cat ${id}`); } catch (error) { return null; }
});
console.log(notes);

I’ve used nodejs for the example above, to showcase that any app (not just bash commands) can easily access it.