@taazkareem/clickup-mcp-server 0.8.2 → 0.8.4

package/build/server.js

@@ -20,9 +20,32 @@ import { clickUpServices } from "./services/shared.js";
 const logger = new Logger('Server');
 // Use existing services from shared module instead of creating new ones
 const { workspace } = clickUpServices;
+/**
+ * Determines if a tool should be enabled based on ENABLED_TOOLS and DISABLED_TOOLS configuration.
+ *
+ * Logic:
+ * 1. If ENABLED_TOOLS is specified, only tools in that list are enabled (ENABLED_TOOLS takes precedence)
+ * 2. If ENABLED_TOOLS is not specified but DISABLED_TOOLS is, all tools except those in DISABLED_TOOLS are enabled
+ * 3. If neither is specified, all tools are enabled
+ *
+ * @param toolName - The name of the tool to check
+ * @returns true if the tool should be enabled, false otherwise
+ */
+const isToolEnabled = (toolName) => {
+    // If ENABLED_TOOLS is specified, it takes precedence
+    if (config.enabledTools.length > 0) {
+        return config.enabledTools.includes(toolName);
+    }
+    // If only DISABLED_TOOLS is specified, enable all tools except those disabled
+    if (config.disabledTools.length > 0) {
+        return !config.disabledTools.includes(toolName);
+    }
+    // If neither is specified, enable all tools
+    return true;
+};
 export const server = new Server({
     name: "clickup-mcp-server",
-    version: "0.8.2",
+    version: "0.8.4",
 }, {
     capabilities: {
         tools: {},
@@ -93,7 +116,7 @@ export function configureServer() {
                 findMemberByNameTool,
                 resolveAssigneesTool,
                 ...documentModule()
-            ].filter(tool => !config.disabledTools.includes(tool.name))
+            ].filter(tool => isToolEnabled(tool.name))
         };
     });
     // Add handler for resources/list
@@ -112,12 +135,15 @@ export function configureServer() {
         logger.info(`Received CallTool request for tool: ${name}`, {
             params
         });
-        // Check if the tool is disabled
-        if (config.disabledTools.includes(name)) {
-            logger.warn(`Tool execution blocked: Tool '${name}' is disabled.`);
+        // Check if the tool is enabled
+        if (!isToolEnabled(name)) {
+            const reason = config.enabledTools.length > 0
+                ? `Tool '${name}' is not in the enabled tools list.`
+                : `Tool '${name}' is disabled.`;
+            logger.warn(`Tool execution blocked: ${reason}`);
             throw {
                 code: -32601,
-                message: `Tool '${name}' is disabled.`
+                message: reason
             };
         }
         try {

package/build/services/clickup/task/task-core.js

@@ -232,7 +232,7 @@ export class TaskServiceCore extends BaseClickUpService {
         this.logOperation('getSubtasks', { taskId });
         try {
             return await this.makeRequest(async () => {
-                const response = await this.client.get(`/task/${taskId}`);
+                const response = await this.client.get(`/task/${taskId}?subtasks=true&include_subtasks=true`);
                 // Return subtasks if present, otherwise empty array
                 return response.data.subtasks || [];
             });

package/build/services/clickup/task/task-search.js

@@ -193,6 +193,169 @@ export class TaskServiceSearch extends TaskServiceCore {
     async getTaskSummaries(filters = {}) {
         return this.getWorkspaceTasks({ ...filters, detail_level: 'summary' });
     }
+    /**
+     * Get all views for a given list and identify the default "List" view ID
+     * @param listId The ID of the list to get views for
+     * @returns The ID of the default list view, or null if not found
+     */
+    async getListViews(listId) {
+        try {
+            this.logOperation('getListViews', { listId });
+            const response = await this.makeRequest(async () => {
+                return await this.client.get(`/list/${listId}/view`);
+            });
+            // First try to get the default list view from required_views.list
+            if (response.data.required_views?.list?.id) {
+                this.logOperation('getListViews', {
+                    listId,
+                    foundDefaultView: response.data.required_views.list.id,
+                    source: 'required_views.list'
+                });
+                return response.data.required_views.list.id;
+            }
+            // Fallback: look for a view with type "list" in the views array
+            const listView = response.data.views?.find(view => view.type?.toLowerCase() === 'list' ||
+                view.name?.toLowerCase().includes('list'));
+            if (listView?.id) {
+                this.logOperation('getListViews', {
+                    listId,
+                    foundDefaultView: listView.id,
+                    source: 'views_array_fallback',
+                    viewName: listView.name
+                });
+                return listView.id;
+            }
+            // If no specific list view found, use the first available view
+            if (response.data.views?.length > 0) {
+                const firstView = response.data.views[0];
+                this.logOperation('getListViews', {
+                    listId,
+                    foundDefaultView: firstView.id,
+                    source: 'first_available_view',
+                    viewName: firstView.name,
+                    warning: 'No specific list view found, using first available view'
+                });
+                return firstView.id;
+            }
+            this.logOperation('getListViews', {
+                listId,
+                error: 'No views found for list',
+                responseData: response.data
+            });
+            return null;
+        }
+        catch (error) {
+            this.logOperation('getListViews', {
+                listId,
+                error: error.message,
+                status: error.response?.status
+            });
+            throw this.handleError(error, `Failed to get views for list ${listId}`);
+        }
+    }
+    /**
+     * Retrieve tasks from a specific view, applying supported filters
+     * @param viewId The ID of the view to get tasks from
+     * @param filters Task filters to apply (only supported filters will be used)
+     * @returns Array of ClickUpTask objects from the view
+     */
+    async getTasksFromView(viewId, filters = {}) {
+        try {
+            this.logOperation('getTasksFromView', { viewId, filters });
+            // Build query parameters for supported filters
+            const params = {};
+            // Map supported filters to query parameters
+            if (filters.subtasks !== undefined)
+                params.subtasks = filters.subtasks;
+            if (filters.include_closed !== undefined)
+                params.include_closed = filters.include_closed;
+            if (filters.archived !== undefined)
+                params.archived = filters.archived;
+            if (filters.page !== undefined)
+                params.page = filters.page;
+            if (filters.order_by)
+                params.order_by = filters.order_by;
+            if (filters.reverse !== undefined)
+                params.reverse = filters.reverse;
+            // Status filtering
+            if (filters.statuses && filters.statuses.length > 0) {
+                params.statuses = filters.statuses;
+            }
+            // Assignee filtering
+            if (filters.assignees && filters.assignees.length > 0) {
+                params.assignees = filters.assignees;
+            }
+            // Date filters
+            if (filters.date_created_gt)
+                params.date_created_gt = filters.date_created_gt;
+            if (filters.date_created_lt)
+                params.date_created_lt = filters.date_created_lt;
+            if (filters.date_updated_gt)
+                params.date_updated_gt = filters.date_updated_gt;
+            if (filters.date_updated_lt)
+                params.date_updated_lt = filters.date_updated_lt;
+            if (filters.due_date_gt)
+                params.due_date_gt = filters.due_date_gt;
+            if (filters.due_date_lt)
+                params.due_date_lt = filters.due_date_lt;
+            // Custom fields
+            if (filters.custom_fields) {
+                params.custom_fields = filters.custom_fields;
+            }
+            let allTasks = [];
+            let currentPage = filters.page || 0;
+            let hasMore = true;
+            const maxPages = 50; // Safety limit to prevent infinite loops
+            let pageCount = 0;
+            while (hasMore && pageCount < maxPages) {
+                const pageParams = { ...params, page: currentPage };
+                const response = await this.makeRequest(async () => {
+                    return await this.client.get(`/view/${viewId}/task`, {
+                        params: pageParams
+                    });
+                });
+                const tasks = response.data.tasks || [];
+                allTasks = allTasks.concat(tasks);
+                // Check if there are more pages
+                hasMore = response.data.has_more === true && tasks.length > 0;
+                currentPage++;
+                pageCount++;
+                this.logOperation('getTasksFromView', {
+                    viewId,
+                    page: currentPage - 1,
+                    tasksInPage: tasks.length,
+                    totalTasksSoFar: allTasks.length,
+                    hasMore
+                });
+                // If we're not paginating (original request had no page specified),
+                // only get the first page
+                if (filters.page === undefined && currentPage === 1) {
+                    break;
+                }
+            }
+            if (pageCount >= maxPages) {
+                this.logOperation('getTasksFromView', {
+                    viewId,
+                    warning: `Reached maximum page limit (${maxPages}) while fetching tasks`,
+                    totalTasks: allTasks.length
+                });
+            }
+            this.logOperation('getTasksFromView', {
+                viewId,
+                totalTasks: allTasks.length,
+                totalPages: pageCount
+            });
+            return allTasks;
+        }
+        catch (error) {
+            this.logOperation('getTasksFromView', {
+                viewId,
+                error: error.message,
+                status: error.response?.status
+            });
+            throw this.handleError(error, `Failed to get tasks from view ${viewId}`);
+        }
+    }
     /**
      * Get detailed task data
      * @param filters Task filters to apply

package/build/sse_server.js

@@ -12,13 +12,43 @@ import { SSEServerTransport } from '@modelcontextprotocol/sdk/server/sse.js';
 import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
 import { isInitializeRequest } from '@modelcontextprotocol/sdk/types.js';
 import express from 'express';
+import https from 'https';
+import http from 'http';
+import fs from 'fs';
 import { server, configureServer } from './server.js';
 import configuration from './config.js';
+import { createOriginValidationMiddleware, createRateLimitMiddleware, createCorsMiddleware, createSecurityHeadersMiddleware, createSecurityLoggingMiddleware, createInputValidationMiddleware } from './middleware/security.js';
+import { Logger } from './logger.js';
 const app = express();
-app.use(express.json());
+const logger = new Logger('SSEServer');
 export function startSSEServer() {
     // Configure the unified server first
     configureServer();
+    // Apply security middleware (all are opt-in via environment variables)
+    logger.info('Configuring security middleware', {
+        securityFeatures: configuration.enableSecurityFeatures,
+        originValidation: configuration.enableOriginValidation,
+        rateLimit: configuration.enableRateLimit,
+        cors: configuration.enableCors
+    });
+    // Always apply input validation (reasonable defaults)
+    app.use(createInputValidationMiddleware());
+    // Apply optional security middleware
+    app.use(createSecurityLoggingMiddleware());
+    app.use(createSecurityHeadersMiddleware());
+    app.use(createCorsMiddleware());
+    app.use(createOriginValidationMiddleware());
+    app.use(createRateLimitMiddleware());
+    // Configure JSON parsing with configurable size limit
+    app.use(express.json({
+        limit: configuration.maxRequestSize,
+        verify: (req, res, buf) => {
+            // Additional validation can be added here if needed
+            if (buf.length === 0) {
+                logger.debug('Empty request body received');
+            }
+        }
+    }));
     const transports = {
         streamable: {},
         sse: {},
@@ -27,6 +57,12 @@ export function startSSEServer() {
     app.post('/mcp', async (req, res) => {
         try {
             const sessionId = req.headers['mcp-session-id'];
+            logger.debug('MCP request received', {
+                sessionId,
+                hasBody: !!req.body,
+                contentType: req.headers['content-type'],
+                origin: req.headers.origin
+            });
             let transport;
             if (sessionId && transports.streamable[sessionId]) {
                 transport = transports.streamable[sessionId];
@@ -87,7 +123,11 @@ export function startSSEServer() {
     app.get('/sse', async (req, res) => {
         const transport = new SSEServerTransport('/messages', res);
         transports.sse[transport.sessionId] = transport;
-        console.log(`New SSE connection established with sessionId: ${transport.sessionId}`);
+        logger.info('New SSE connection established', {
+            sessionId: transport.sessionId,
+            origin: req.headers.origin,
+            userAgent: req.headers['user-agent']
+        });
         res.on('close', () => {
             delete transports.sse[transport.sessionId];
         });
@@ -103,11 +143,135 @@ export function startSSEServer() {
             res.status(400).send('No transport found for sessionId');
         }
     });
-    const PORT = Number(configuration.port ?? '3231');
-    // Bind to localhost only for security
-    app.listen(PORT, () => {
-        console.log(`Server started on http://127.0.0.1:${PORT}`);
-        console.log(`Streamable HTTP endpoint: http://127.0.0.1:${PORT}/mcp`);
-        console.log(`Legacy SSE endpoint: http://127.0.0.1:${PORT}/sse`);
+    // Health check endpoint
+    app.get('/health', (req, res) => {
+        res.json({
+            status: 'healthy',
+            timestamp: new Date().toISOString(),
+            version: '0.8.3',
+            security: {
+                featuresEnabled: configuration.enableSecurityFeatures,
+                originValidation: configuration.enableOriginValidation,
+                rateLimit: configuration.enableRateLimit,
+                cors: configuration.enableCors
+            }
+        });
     });
+    // Server creation and startup
+    const PORT = Number(configuration.port ?? '3231');
+    const HTTPS_PORT = Number(configuration.httpsPort ?? '3443');
+    // Function to create and start HTTP server
+    function startHttpServer() {
+        const httpServer = http.createServer(app);
+        httpServer.listen(PORT, '127.0.0.1', () => {
+            logger.info('ClickUp MCP Server (HTTP) started', {
+                port: PORT,
+                protocol: 'http',
+                endpoints: {
+                    streamableHttp: `http://127.0.0.1:${PORT}/mcp`,
+                    legacySSE: `http://127.0.0.1:${PORT}/sse`,
+                    health: `http://127.0.0.1:${PORT}/health`
+                },
+                security: {
+                    featuresEnabled: configuration.enableSecurityFeatures,
+                    originValidation: configuration.enableOriginValidation,
+                    rateLimit: configuration.enableRateLimit,
+                    cors: configuration.enableCors,
+                    httpsEnabled: configuration.enableHttps
+                }
+            });
+            console.log(`✅ ClickUp MCP Server started on http://127.0.0.1:${PORT}`);
+            console.log(`📡 Streamable HTTP endpoint: http://127.0.0.1:${PORT}/mcp`);
+            console.log(`🔄 Legacy SSE endpoint: http://127.0.0.1:${PORT}/sse`);
+            console.log(`❤️  Health check: http://127.0.0.1:${PORT}/health`);
+            if (configuration.enableHttps) {
+                console.log(`⚠️  HTTP server running alongside HTTPS - consider disabling HTTP in production`);
+            }
+        });
+        return httpServer;
+    }
+    // Function to create and start HTTPS server
+    function startHttpsServer() {
+        if (!configuration.sslKeyPath || !configuration.sslCertPath) {
+            logger.error('HTTPS enabled but SSL certificate paths not provided', {
+                sslKeyPath: configuration.sslKeyPath,
+                sslCertPath: configuration.sslCertPath
+            });
+            console.log(`❌ HTTPS enabled but SSL_KEY_PATH and SSL_CERT_PATH not provided`);
+            console.log(`   Set SSL_KEY_PATH and SSL_CERT_PATH environment variables`);
+            return null;
+        }
+        try {
+            // Check if certificate files exist
+            if (!fs.existsSync(configuration.sslKeyPath)) {
+                throw new Error(`SSL key file not found: ${configuration.sslKeyPath}`);
+            }
+            if (!fs.existsSync(configuration.sslCertPath)) {
+                throw new Error(`SSL certificate file not found: ${configuration.sslCertPath}`);
+            }
+            const httpsOptions = {
+                key: fs.readFileSync(configuration.sslKeyPath),
+                cert: fs.readFileSync(configuration.sslCertPath)
+            };
+            // Add CA certificate if provided
+            if (configuration.sslCaPath && fs.existsSync(configuration.sslCaPath)) {
+                httpsOptions.ca = fs.readFileSync(configuration.sslCaPath);
+            }
+            const httpsServer = https.createServer(httpsOptions, app);
+            httpsServer.listen(HTTPS_PORT, '127.0.0.1', () => {
+                logger.info('ClickUp MCP Server (HTTPS) started', {
+                    port: HTTPS_PORT,
+                    protocol: 'https',
+                    endpoints: {
+                        streamableHttp: `https://127.0.0.1:${HTTPS_PORT}/mcp`,
+                        legacySSE: `https://127.0.0.1:${HTTPS_PORT}/sse`,
+                        health: `https://127.0.0.1:${HTTPS_PORT}/health`
+                    },
+                    security: {
+                        featuresEnabled: configuration.enableSecurityFeatures,
+                        originValidation: configuration.enableOriginValidation,
+                        rateLimit: configuration.enableRateLimit,
+                        cors: configuration.enableCors,
+                        httpsEnabled: true
+                    }
+                });
+                console.log(`🔒 ClickUp MCP Server (HTTPS) started on https://127.0.0.1:${HTTPS_PORT}`);
+                console.log(`📡 Streamable HTTPS endpoint: https://127.0.0.1:${HTTPS_PORT}/mcp`);
+                console.log(`🔄 Legacy SSE HTTPS endpoint: https://127.0.0.1:${HTTPS_PORT}/sse`);
+                console.log(`❤️  Health check HTTPS: https://127.0.0.1:${HTTPS_PORT}/health`);
+            });
+            return httpsServer;
+        }
+        catch (error) {
+            logger.error('Failed to start HTTPS server', {
+                error: error.message,
+                sslKeyPath: configuration.sslKeyPath,
+                sslCertPath: configuration.sslCertPath
+            });
+            console.log(`❌ Failed to start HTTPS server: ${error.message}`);
+            return null;
+        }
+    }
+    // Start servers based on configuration
+    const servers = [];
+    // Always start HTTP server (for backwards compatibility)
+    servers.push(startHttpServer());
+    // Start HTTPS server if enabled
+    if (configuration.enableHttps) {
+        const httpsServer = startHttpsServer();
+        if (httpsServer) {
+            servers.push(httpsServer);
+        }
+    }
+    // Security status logging
+    if (configuration.enableSecurityFeatures) {
+        console.log(`🔒 Security features enabled`);
+    }
+    else {
+        console.log(`⚠️  Security features disabled (set ENABLE_SECURITY_FEATURES=true to enable)`);
+    }
+    if (!configuration.enableHttps) {
+        console.log(`⚠️  HTTPS disabled (set ENABLE_HTTPS=true with SSL certificates to enable)`);
+    }
+    return servers;
 }

package/build/tools/documents.js

@@ -480,12 +480,3 @@ export async function handleUpdateDocumentPage(parameters) {
         return sponsorService.createErrorResponse(`Failed to update document page: ${error.message}`);
     }
 }
-export const documentTools = [
-    createDocumentTool,
-    getDocumentTool,
-    listDocumentsTool,
-    listDocumentPagesTool,
-    getDocumentPagesTool,
-    createDocumentPageTool,
-    updateDocumentPageTool
-];

package/build/tools/task/bulk-operations.js

@@ -206,9 +206,9 @@ export const updateBulkTasksTool = {
                             description: "New status"
                         },
                         priority: {
-                            type: "number",
+                            type: "string",
                             nullable: true,
-                            enum: [1, 2, 3, 4, null],
+                            enum: ["1", "2", "3", "4", null],
                             description: "New priority (1-4 or null)"
                         },
                         dueDate: {

package/build/tools/task/handlers.js

@@ -138,9 +138,10 @@ async function buildUpdateData(params) {
         updateData.markdown_description = params.markdown_description;
     if (params.status !== undefined)
         updateData.status = params.status;
-    // Skip toTaskPriority conversion since we're handling priority in the main handler
-    if (params.priority !== undefined)
-        updateData.priority = params.priority;
+    // Use toTaskPriority to properly handle null values and validation
+    if (params.priority !== undefined) {
+        updateData.priority = toTaskPriority(params.priority);
+    }
     if (params.dueDate !== undefined) {
         updateData.due_date = parseDueDate(params.dueDate);
         updateData.due_date_time = true;
@@ -434,13 +435,16 @@ export async function createTaskHandler(params) {
         description,
         markdown_description,
         status,
-        priority,
         parent,
         tags,
         custom_fields,
         check_required_custom_fields,
         assignees: resolvedAssignees
     };
+    // Only include priority if explicitly provided by the user
+    if (priority !== undefined) {
+        taskData.priority = priority;
+    }
     // Add due date if specified
     if (dueDate) {
         taskData.due_date = parseDueDate(dueDate);
@@ -596,8 +600,135 @@ export async function getWorkspaceTasksHandler(taskService, params) {
         if (!hasFilter) {
             throw new Error('At least one filter parameter is required (tags, list_ids, folder_ids, space_ids, statuses, assignees, or date filters)');
         }
-        // For workspace tasks, we'll continue to use the direct getWorkspaceTasks method
-        // since it supports specific workspace-wide filters that aren't part of the unified findTasks
+        // Check if list_ids are provided for enhanced filtering via Views API
+        if (params.list_ids && params.list_ids.length > 0) {
+            logger.info('Using Views API for enhanced list filtering', {
+                listIds: params.list_ids,
+                listCount: params.list_ids.length
+            });
+            // Warning for broad queries
+            const hasOnlyListIds = Object.keys(params).filter(key => params[key] !== undefined && key !== 'list_ids' && key !== 'detail_level').length === 0;
+            if (hasOnlyListIds && params.list_ids.length > 5) {
+                logger.warn('Broad query detected: many lists with no additional filters', {
+                    listCount: params.list_ids.length,
+                    recommendation: 'Consider adding additional filters (tags, statuses, assignees, etc.) for better performance'
+                });
+            }
+            // Use Views API for enhanced list filtering
+            let allTasks = [];
+            const processedTaskIds = new Set();
+            // Create promises for concurrent fetching
+            const fetchPromises = params.list_ids.map(async (listId) => {
+                try {
+                    // Get the default list view ID
+                    const viewId = await taskService.getListViews(listId);
+                    if (!viewId) {
+                        logger.warn(`No default view found for list ${listId}, skipping`);
+                        return [];
+                    }
+                    // Extract filters supported by the Views API
+                    const supportedFilters = {
+                        subtasks: params.subtasks,
+                        include_closed: params.include_closed,
+                        archived: params.archived,
+                        order_by: params.order_by,
+                        reverse: params.reverse,
+                        page: params.page,
+                        statuses: params.statuses,
+                        assignees: params.assignees,
+                        date_created_gt: params.date_created_gt,
+                        date_created_lt: params.date_created_lt,
+                        date_updated_gt: params.date_updated_gt,
+                        date_updated_lt: params.date_updated_lt,
+                        due_date_gt: params.due_date_gt,
+                        due_date_lt: params.due_date_lt,
+                        custom_fields: params.custom_fields
+                    };
+                    // Get tasks from the view
+                    const tasksFromView = await taskService.getTasksFromView(viewId, supportedFilters);
+                    return tasksFromView;
+                }
+                catch (error) {
+                    logger.error(`Failed to get tasks from list ${listId}`, { error: error.message });
+                    return []; // Continue with other lists even if one fails
+                }
+            });
+            // Execute all fetches concurrently
+            const taskArrays = await Promise.all(fetchPromises);
+            // Aggregate tasks and remove duplicates
+            for (const tasks of taskArrays) {
+                for (const task of tasks) {
+                    if (!processedTaskIds.has(task.id)) {
+                        allTasks.push(task);
+                        processedTaskIds.add(task.id);
+                    }
+                }
+            }
+            logger.info('Aggregated tasks from Views API', {
+                totalTasks: allTasks.length,
+                uniqueTasks: processedTaskIds.size
+            });
+            // Apply client-side filtering for unsupported filters
+            if (params.tags && params.tags.length > 0) {
+                allTasks = allTasks.filter(task => params.tags.every((tag) => task.tags.some(t => t.name === tag)));
+                logger.debug('Applied client-side tag filtering', {
+                    tags: params.tags,
+                    remainingTasks: allTasks.length
+                });
+            }
+            if (params.folder_ids && params.folder_ids.length > 0) {
+                allTasks = allTasks.filter(task => task.folder && params.folder_ids.includes(task.folder.id));
+                logger.debug('Applied client-side folder filtering', {
+                    folderIds: params.folder_ids,
+                    remainingTasks: allTasks.length
+                });
+            }
+            if (params.space_ids && params.space_ids.length > 0) {
+                allTasks = allTasks.filter(task => params.space_ids.includes(task.space.id));
+                logger.debug('Applied client-side space filtering', {
+                    spaceIds: params.space_ids,
+                    remainingTasks: allTasks.length
+                });
+            }
+            // Check token limit and format response
+            const shouldUseSummary = params.detail_level === 'summary' || wouldExceedTokenLimit({ tasks: allTasks });
+            if (shouldUseSummary) {
+                logger.info('Using summary format for Views API response', {
+                    totalTasks: allTasks.length,
+                    reason: params.detail_level === 'summary' ? 'requested' : 'token_limit'
+                });
+                return {
+                    summaries: allTasks.map(task => ({
+                        id: task.id,
+                        name: task.name,
+                        status: task.status.status,
+                        list: {
+                            id: task.list.id,
+                            name: task.list.name
+                        },
+                        due_date: task.due_date,
+                        url: task.url,
+                        priority: task.priority?.priority || null,
+                        tags: task.tags.map(tag => ({
+                            name: tag.name,
+                            tag_bg: tag.tag_bg,
+                            tag_fg: tag.tag_fg
+                        }))
+                    })),
+                    total_count: allTasks.length,
+                    has_more: false,
+                    next_page: 0
+                };
+            }
+            return {
+                tasks: allTasks,
+                total_count: allTasks.length,
+                has_more: false,
+                next_page: 0
+            };
+        }
+        // Fallback to existing workspace-wide task retrieval when list_ids are not provided
+        logger.info('Using standard workspace task retrieval');
         const filters = {
             tags: params.tags,
             list_ids: params.list_ids,
@@ -664,11 +795,15 @@ export async function createBulkTasksHandler(params) {
             description: task.description,
             markdown_description: task.markdown_description,
             status: task.status,
-            priority: toTaskPriority(task.priority),
             tags: task.tags,
             custom_fields: task.custom_fields,
             assignees: resolvedAssignees
         };
+        // Only include priority if explicitly provided by the user
+        const priority = toTaskPriority(task.priority);
+        if (priority !== undefined) {
+            taskData.priority = priority;
+        }
         // Add due date if specified
         if (task.dueDate) {
             taskData.due_date = parseDueDate(task.dueDate);