dav-mcp
dav-mcp provides an MCP server (and optionally an HTTP interface) that exposes CalDAV (calendar), CardDAV (contacts), and VTODO/VTODO-over-CalDAV-style (tasks) operations as a set of agent-callable tools for creating, updating, querying, and deleting calendar, contact, and todo resources on a DAV server.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
README claims inputs are validated with Zod, bearer token auth for HTTP mode, 'no credential storage' with pass-through only, structured logging with request IDs and no PII exposure, and CORS origin whitelisting. No explicit mention of TLS-only enforcement, token format/expiry, or OAuth scope restrictions. Dependency hygiene/CVE status cannot be confirmed from provided content.
⚡ Reliability
Best When
You want LLM/MCP-driven orchestration over calendar/contacts/tasks on an RFC-compliant CalDAV/CardDAV/VTODO server and can supply credentials via environment variables or configured MCP runtime.
Avoid When
You cannot control or secure outbound credentials/requests, or you need strongly specified retry/idempotency and pagination/error-code contracts (not fully evidenced in README).
Use Cases
- • AI agents that manage calendars: create/update events, run filtered event queries, batch fetch events
- • AI agents that manage contacts: search address books, create/update/delete vCards, batch fetch contacts
- • AI agents that manage tasks/todos: create/update/delete VTODO items and query/filter by status/due dates
- • Automation workflows (e.g., n8n) that connect an MCP client tool to a DAV-backed backend
- • Local desktop integrations (e.g., Claude Desktop) that call calendar/contacts/todos via MCP
Not For
- • Use as a general-purpose DAV proxy for arbitrary clients (the surface is agent-tool oriented, not a full generic DAV API)
- • Environments requiring an OpenAPI/SDK-first developer experience beyond MCP usage
- • Teams needing guaranteed idempotency semantics for every write operation (not documented)
Interface
Authentication
README describes bearer token auth for the HTTP server mode and an OAuth configuration path for Google Calendar. No explicit scope model or fine-grained permission scopes are documented in the provided content.
Pricing
As an npm package, runtime cost depends on your DAV server and hosting for the MCP/HTTP server; no pricing model is described in the provided content.
Agent Metadata
Known Gotchas
- ⚠ Write operations (create/update/delete) are exposed; without documented idempotency, agents may cause duplicate records if retries occur.
- ⚠ HTTP endpoint is localhost in examples; remote deployments should ensure correct routing and secure exposure.
- ⚠ DAV servers can differ in RFC feature completeness; some queries/filters may behave differently by provider even if the tool exists.
- ⚠ Agents may need to use the *_query tools for filtering rather than listing-all tools to avoid excessive data retrieval.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for dav-mcp.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.