Yuvomi
Self-hosted family planner for tasks, calendar, shopping, meals, and budget
Alternative to: cozi, familywall, skylight

About
Versions (100)
v1.2.0
2026-07-08Added
- API Tokens: optional per-module permission scopes. An admin can restrict a token to individual modules and access levels (
<module>:read/<module>:write, where write implies read) instead of granting the creator’s full access. This matters most for tokens handed to an off-device AI/MCP client — for example a token that may write the calendar but can never read the health module. Tokens created without scopes keep full role-based access, so existing tokens are unaffected.
Security
- API Tokens: scoped tokens are enforced across both the REST API and the MCP endpoint. A scoped token can only reach modules on its allow-list — every other
/api/v1path is denied,tools/listhides MCP tools the token cannot use, out-of-scopetools/callis refused, and the OpenAPI bridge inherits the same limits because it loops back through the REST layer with the same token.