command
@scopecraft/cmd provides a CLI and MCP server to manage Markdown-Driven Task Management (MDTM) files. It reads/writes tasks (including phase/current-archive workflows and parent/subtask sequencing) stored in markdown frontmatter (TOML/YAML) and exposes operations via MCP (HTTP/SSE and STDIO) so LLM agents can perform task CRUD without manual parsing.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Likely operates on local project files (MDTM markdown), which reduces remote data exposure but increases risk if the process has broad filesystem access. The README does not document authentication/authorization for MCP/HTTP/SSE. TLS is mentioned only implicitly via 'HTTP/SSE' phrasing; explicit HTTPS requirement and verification are not documented. Dependency list includes common utility libs; no audit/CVE data provided.
⚡ Reliability
Best When
You want local, file-based task management driven by markdown frontmatter and you want an MCP-accessible interface for AI tooling to operate on those files.
Avoid When
You need strong server-side authorization/tenant security, remote data hosting, or regulated workflows requiring explicit compliance/audit guarantees.
Use Cases
- • Manage development tasks and workflows stored as markdown (MDTM)
- • Drive an agent (via MCP) to list/create/update/complete tasks and subtasks
- • Organize complex features using parent tasks with ordered or parallel subtasks
- • Integrate task operations into AI IDEs (Cursor/Claude Desktop) via MCP root-dir configuration
- • Support multi-project workspaces with switching via config/env
Not For
- • Replacing a full project management backend (Jira/Linear) where you need robust permissions and audit logs
- • Handling sensitive multi-tenant data requiring strong access control and segregation
- • Use as an authenticated SaaS API (it appears designed for local/project file operations)
Interface
Authentication
The README describes local/project-root configuration and MCP server startup but does not document authentication/authorization for MCP or HTTP/SSE endpoints.
Pricing
No pricing information found (appears to be an open-source CLI package).
Agent Metadata
Known Gotchas
- ⚠ State is filesystem-backed; agent retries may duplicate actions if the underlying operation is not idempotent (not documented).
- ⚠ Authentication/authorization for MCP endpoints is not documented; assume local/trusted network usage unless verified in code.
- ⚠ Pagination/filtering behavior for list methods is not documented in the provided README; agent should be prepared to handle large task sets.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for command.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.