@starasia/task-management-mcp 1.0.0 → 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +70 -138
- package/dist/config.js +3 -1
- package/dist/config.js.map +1 -1
- package/dist/generated-config.d.ts +1 -0
- package/dist/generated-config.js +4 -0
- package/dist/generated-config.js.map +1 -0
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -1,148 +1,99 @@
|
|
|
1
1
|
# Task Management MCP
|
|
2
2
|
|
|
3
|
-
MCP server for Star Perkasa Technology Task Management
|
|
3
|
+
MCP server for Star Perkasa Technology Task Management.
|
|
4
4
|
|
|
5
|
-
|
|
5
|
+
Package ini membantu AI agent membaca, membuat, memperbarui, memantau, dan merangkum task melalui Task Management API dengan permission sesuai user aktif.
|
|
6
|
+
|
|
7
|
+
Server ini tidak menyimpan token global. Akses API memakai auth context runtime yang diberikan oleh user aktif melalui tool MCP.
|
|
6
8
|
|
|
7
9
|
## Requirements
|
|
8
10
|
|
|
9
11
|
- Node.js 20+
|
|
10
|
-
-
|
|
11
|
-
- A user-provided auth context at runtime:
|
|
12
|
-
- bearer token
|
|
13
|
-
- user id
|
|
14
|
-
- organization id
|
|
12
|
+
- Access to a running Starasia Task Management API instance
|
|
15
13
|
|
|
16
|
-
##
|
|
14
|
+
## Features
|
|
17
15
|
|
|
18
|
-
|
|
16
|
+
- List spaces, projects, project members, workflow statuses, and tasks
|
|
17
|
+
- Get project and task detail
|
|
18
|
+
- Create single or bulk tasks
|
|
19
|
+
- Update task fields, status, and assignees
|
|
20
|
+
- Monitor overdue and stale tasks
|
|
21
|
+
- Summarize project progress, workload, and work reports
|
|
22
|
+
- Dry-run-first write tools for safer agent workflows
|
|
19
23
|
|
|
20
|
-
|
|
21
|
-
@starasia/task-management-mcp
|
|
22
|
-
```
|
|
24
|
+
## Install
|
|
23
25
|
|
|
24
|
-
Install
|
|
26
|
+
Install global:
|
|
25
27
|
|
|
26
28
|
```bash
|
|
27
29
|
npm install -g @starasia/task-management-mcp
|
|
28
30
|
```
|
|
29
31
|
|
|
30
|
-
|
|
32
|
+
Run manually for smoke test:
|
|
31
33
|
|
|
32
34
|
```bash
|
|
33
|
-
|
|
34
|
-
npm run build
|
|
35
|
+
task-management-mcp
|
|
35
36
|
```
|
|
36
37
|
|
|
37
|
-
|
|
38
|
+
Or run without global install:
|
|
38
39
|
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
```text
|
|
42
|
-
TASK_MANAGEMENT_API_BASE_URL=http://localhost:3000
|
|
43
|
-
TASK_MANAGEMENT_TIMEOUT_MS=30000
|
|
44
|
-
TASK_MANAGEMENT_MAX_BULK_SIZE=50
|
|
45
|
-
TASK_MANAGEMENT_AUTH_TTL_MS=28800000
|
|
40
|
+
```bash
|
|
41
|
+
npx -y @starasia/task-management-mcp
|
|
46
42
|
```
|
|
47
43
|
|
|
48
|
-
|
|
44
|
+
## Claude Code
|
|
45
|
+
|
|
46
|
+
Install global lalu daftarkan ke Claude Code:
|
|
49
47
|
|
|
50
|
-
```
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
TASK_MANAGEMENT_ORGANIZATION_ID
|
|
48
|
+
```bash
|
|
49
|
+
npm install -g @starasia/task-management-mcp
|
|
50
|
+
claude mcp add --scope user task-management -- task-management-mcp
|
|
54
51
|
```
|
|
55
52
|
|
|
56
|
-
|
|
53
|
+
Alternatif tanpa install global:
|
|
57
54
|
|
|
58
|
-
|
|
55
|
+
```bash
|
|
56
|
+
claude mcp add --scope user task-management -- npx -y @starasia/task-management-mcp
|
|
57
|
+
```
|
|
59
58
|
|
|
60
|
-
|
|
61
|
-
mcp_servers:
|
|
62
|
-
task_management_dev:
|
|
63
|
-
command: "npx"
|
|
64
|
-
args: ["-y", "@starasia/task-management-mcp"]
|
|
65
|
-
env:
|
|
66
|
-
TASK_MANAGEMENT_API_BASE_URL: "https://dev-task-management-api.example.com"
|
|
59
|
+
Verifikasi:
|
|
67
60
|
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
env:
|
|
72
|
-
TASK_MANAGEMENT_API_BASE_URL: "https://task-management-api.example.com"
|
|
61
|
+
```bash
|
|
62
|
+
claude mcp list
|
|
63
|
+
claude mcp get task-management
|
|
73
64
|
```
|
|
74
65
|
|
|
75
|
-
|
|
66
|
+
## Codex CLI
|
|
76
67
|
|
|
77
|
-
|
|
68
|
+
Quick command:
|
|
78
69
|
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
```json
|
|
82
|
-
{
|
|
83
|
-
"mcpServers": {
|
|
84
|
-
"task-management-dev": {
|
|
85
|
-
"command": "npx",
|
|
86
|
-
"args": ["-y", "@starasia/task-management-mcp"],
|
|
87
|
-
"env": {
|
|
88
|
-
"TASK_MANAGEMENT_API_BASE_URL": "https://dev-task-management-api.example.com"
|
|
89
|
-
}
|
|
90
|
-
},
|
|
91
|
-
"task-management-prod": {
|
|
92
|
-
"command": "npx",
|
|
93
|
-
"args": ["-y", "@starasia/task-management-mcp"],
|
|
94
|
-
"env": {
|
|
95
|
-
"TASK_MANAGEMENT_API_BASE_URL": "https://task-management-api.example.com"
|
|
96
|
-
}
|
|
97
|
-
}
|
|
98
|
-
}
|
|
99
|
-
}
|
|
70
|
+
```bash
|
|
71
|
+
codex mcp add task-management --command npx --args -y --args @starasia/task-management-mcp
|
|
100
72
|
```
|
|
101
73
|
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
Before calling any task/space/project tool, the agent should:
|
|
74
|
+
Fallback via `~/.codex/config.toml`:
|
|
105
75
|
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
3. Call `set_auth_context`:
|
|
111
|
-
|
|
112
|
-
```json
|
|
113
|
-
{
|
|
114
|
-
"bearerToken": "user-supplied-jwt-access-token",
|
|
115
|
-
"organizationId": "organization-id",
|
|
116
|
-
"environment": "dev",
|
|
117
|
-
"validate": true
|
|
118
|
-
}
|
|
76
|
+
```toml
|
|
77
|
+
[mcp_servers.task_management]
|
|
78
|
+
command = "npx"
|
|
79
|
+
args = ["-y", "@starasia/task-management-mcp"]
|
|
119
80
|
```
|
|
120
81
|
|
|
121
|
-
|
|
82
|
+
## JSON MCP Config
|
|
83
|
+
|
|
84
|
+
Untuk client lain yang memakai format JSON `mcpServers`:
|
|
122
85
|
|
|
123
86
|
```json
|
|
124
87
|
{
|
|
125
|
-
"
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
88
|
+
"mcpServers": {
|
|
89
|
+
"task-management": {
|
|
90
|
+
"command": "npx",
|
|
91
|
+
"args": ["-y", "@starasia/task-management-mcp"]
|
|
92
|
+
}
|
|
93
|
+
}
|
|
129
94
|
}
|
|
130
95
|
```
|
|
131
96
|
|
|
132
|
-
`set_auth_context` validates the token with `GET /spaces` by default, stores the context only in the MCP process memory, and returns a masked status. It never returns the token. The context expires after `TASK_MANAGEMENT_AUTH_TTL_MS` milliseconds, default 8 hours.
|
|
133
|
-
|
|
134
|
-
Important security note: for broad Claude Code / Codex compatibility, the bearer token is passed as a tool argument. That means it may transit the host application's conversation or debug surface before it reaches the MCP. Users should only provide tokens in trusted local agent sessions, prefer short-lived tokens, and call `clear_auth_context` when done.
|
|
135
|
-
|
|
136
|
-
For separate dev/prod MCP instances, call `set_auth_context` separately on each instance because each process has its own in-memory session.
|
|
137
|
-
|
|
138
|
-
When the user is done, call:
|
|
139
|
-
|
|
140
|
-
```text
|
|
141
|
-
clear_auth_context
|
|
142
|
-
```
|
|
143
|
-
|
|
144
|
-
If a tool is called before auth is configured, the MCP returns an error instructing the agent to ask the user for bearer token and organization id, then call `set_auth_context`. `userId` is derived from the token JWT `sub` claim unless an explicit override is provided.
|
|
145
|
-
|
|
146
97
|
## Tools
|
|
147
98
|
|
|
148
99
|
### Auth/session
|
|
@@ -165,17 +116,17 @@ If a tool is called before auth is configured, the MCP returns an error instruct
|
|
|
165
116
|
|
|
166
117
|
### Write tools
|
|
167
118
|
|
|
168
|
-
Write tools default to `dryRun: true`. Set `dryRun: false`
|
|
119
|
+
Write tools default to `dryRun: true`. Set `dryRun: false` only when the user has approved the action.
|
|
169
120
|
|
|
170
121
|
- `create_task`
|
|
171
122
|
- `bulk_create_tasks`
|
|
172
123
|
- `update_task`
|
|
173
124
|
- `change_task_status`
|
|
174
|
-
- `assign_task`
|
|
175
|
-
- `unassign_task`
|
|
176
|
-
- `replace_task_assignees`
|
|
125
|
+
- `assign_task`
|
|
126
|
+
- `unassign_task`
|
|
127
|
+
- `replace_task_assignees`
|
|
177
128
|
|
|
178
|
-
|
|
129
|
+
Assignee tools use project member ids from `list_project_members`.
|
|
179
130
|
|
|
180
131
|
### Monitoring/reporting
|
|
181
132
|
|
|
@@ -184,47 +135,28 @@ Write tools default to `dryRun: true`. Set `dryRun: false` to execute.
|
|
|
184
135
|
- `workload_by_user`
|
|
185
136
|
- `generate_work_report`
|
|
186
137
|
|
|
187
|
-
##
|
|
138
|
+
## Auth model
|
|
188
139
|
|
|
189
|
-
|
|
190
|
-
- Projects are scoped by space: `/spaces/:spaceId/projects`.
|
|
191
|
-
- Tasks are scoped by project: `/projects/:projectId/tasks`.
|
|
192
|
-
- Cross-project task list is `GET /my-tasks` with `scope=me|all`.
|
|
193
|
-
- The MCP forwards `Authorization`, `X-User-Id`, and `X-Organization-Id` from the active auth context.
|
|
194
|
-
- Task creation currently requires `createdBy`; assignment uses numeric `ProjectMember.id` values.
|
|
140
|
+
Before using task tools, the agent should check whether an auth context is configured. If not, it should ask the active user for the required runtime credentials and call `set_auth_context`.
|
|
195
141
|
|
|
196
|
-
|
|
142
|
+
The MCP keeps auth context in process memory only, returns masked auth status, and never returns the bearer token from any tool.
|
|
197
143
|
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
-
|
|
203
|
-
-
|
|
204
|
-
- Write tools
|
|
205
|
-
- Bulk
|
|
206
|
-
-
|
|
207
|
-
- The MCP does not bypass application permissions; it only calls HTTP endpoints with the active user's auth context.
|
|
144
|
+
Call `clear_auth_context` when the session is done.
|
|
145
|
+
|
|
146
|
+
## Safety notes
|
|
147
|
+
|
|
148
|
+
- The MCP does not bypass application permissions.
|
|
149
|
+
- All API actions are performed using the active user's permission context.
|
|
150
|
+
- Write tools use dry-run mode by default.
|
|
151
|
+
- Bulk task creation supports idempotency by normalized title.
|
|
152
|
+
- Use this MCP only in trusted local agent sessions.
|
|
208
153
|
|
|
209
154
|
## Development
|
|
210
155
|
|
|
211
156
|
```bash
|
|
157
|
+
npm test
|
|
212
158
|
npm run typecheck
|
|
213
159
|
npm run lint
|
|
214
|
-
npm test
|
|
215
160
|
npm run build
|
|
216
161
|
npm run pack:check
|
|
217
162
|
```
|
|
218
|
-
|
|
219
|
-
## CI/CD
|
|
220
|
-
|
|
221
|
-
- `CI` runs on pull requests to `main`/`dev`, pushes to `dev`, and manual dispatch.
|
|
222
|
-
- `CI` uses GitHub Environment `development` for Discord notification only.
|
|
223
|
-
- `Release and Notify` runs on pushes to `main` and manual dispatch.
|
|
224
|
-
- Release workflow validates typecheck, lint, test, build, and `npm pack --dry-run` before publishing.
|
|
225
|
-
- Publish is skipped when the package version already exists on npm.
|
|
226
|
-
- Required development secrets:
|
|
227
|
-
- `DISCORD_WEBHOOK_URL`
|
|
228
|
-
- Required production secrets:
|
|
229
|
-
- `NPM_TOKEN`
|
|
230
|
-
- `DISCORD_WEBHOOK_URL` (notification)
|
package/dist/config.js
CHANGED
|
@@ -1,9 +1,11 @@
|
|
|
1
1
|
import { z } from "zod";
|
|
2
|
+
import { BUILD_TASK_MANAGEMENT_API_BASE_URL } from "./generated-config.js";
|
|
3
|
+
const DEFAULT_TASK_MANAGEMENT_API_BASE_URL = BUILD_TASK_MANAGEMENT_API_BASE_URL || "http://localhost:3000";
|
|
2
4
|
const envSchema = z.object({
|
|
3
5
|
TASK_MANAGEMENT_API_BASE_URL: z
|
|
4
6
|
.string()
|
|
5
7
|
.url()
|
|
6
|
-
.default(
|
|
8
|
+
.default(DEFAULT_TASK_MANAGEMENT_API_BASE_URL),
|
|
7
9
|
TASK_MANAGEMENT_TIMEOUT_MS: z.coerce
|
|
8
10
|
.number()
|
|
9
11
|
.int()
|
package/dist/config.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,SAAS,GAAG,CAAC,CAAC,MAAM,CAAC;IACzB,4BAA4B,EAAE,CAAC;SAC5B,MAAM,EAAE;SACR,GAAG,EAAE;SACL,OAAO,CAAC,
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,kCAAkC,EAAE,MAAM,uBAAuB,CAAC;AAE3E,MAAM,oCAAoC,GACxC,kCAAkC,IAAI,uBAAuB,CAAC;AAEhE,MAAM,SAAS,GAAG,CAAC,CAAC,MAAM,CAAC;IACzB,4BAA4B,EAAE,CAAC;SAC5B,MAAM,EAAE;SACR,GAAG,EAAE;SACL,OAAO,CAAC,oCAAoC,CAAC;IAChD,0BAA0B,EAAE,CAAC,CAAC,MAAM;SACjC,MAAM,EAAE;SACR,GAAG,EAAE;SACL,QAAQ,EAAE;SACV,OAAO,CAAC,MAAM,CAAC;IAClB,6BAA6B,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;IAC7E,2BAA2B,EAAE,CAAC,CAAC,MAAM;SAClC,MAAM,EAAE;SACR,GAAG,EAAE;SACL,QAAQ,EAAE;SACV,OAAO,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;CAC/B,CAAC,CAAC;AAIH,MAAM,UAAU,UAAU,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG;IAC1C,OAAO,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AAC9B,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export declare const BUILD_TASK_MANAGEMENT_API_BASE_URL = "https://task-management-api-323393867185.asia-southeast2.run.app";
|
|
@@ -0,0 +1,4 @@
|
|
|
1
|
+
// This file is generated by scripts/generate-build-config.mjs.
|
|
2
|
+
// BUILD_TASK_MANAGEMENT_API_BASE_URL is injected by CI for published builds.
|
|
3
|
+
export const BUILD_TASK_MANAGEMENT_API_BASE_URL = "https://task-management-api-323393867185.asia-southeast2.run.app";
|
|
4
|
+
//# sourceMappingURL=generated-config.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"generated-config.js","sourceRoot":"","sources":["../src/generated-config.ts"],"names":[],"mappings":"AAAA,+DAA+D;AAC/D,6EAA6E;AAC7E,MAAM,CAAC,MAAM,kCAAkC,GAAG,kEAAkE,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@starasia/task-management-mcp",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.2",
|
|
4
4
|
"private": false,
|
|
5
5
|
"type": "module",
|
|
6
6
|
"description": "MCP server for Star Perkasa Technology Task Management API",
|
|
@@ -34,7 +34,7 @@
|
|
|
34
34
|
},
|
|
35
35
|
"scripts": {
|
|
36
36
|
"test": "vitest run",
|
|
37
|
-
"build": "tsc",
|
|
37
|
+
"build": "node scripts/generate-build-config.mjs && tsc",
|
|
38
38
|
"dev": "tsx src/index.ts",
|
|
39
39
|
"typecheck": "tsc --noEmit",
|
|
40
40
|
"lint": "eslint src --ext .ts",
|