{"id":"democratize-technology-vikunja-mcp","name":"vikunja-mcp","homepage":null,"repo_url":"https://github.com/democratize-technology/vikunja-mcp","category":"automation","subcategories":[],"tags":["mcp","vikunja","task-management","automation","typescript","productivity","ai-tools"],"what_it_does":"MCP server that exposes Vikunja task/project/workflow functionality as subcommand-style tools, with session-based token/JWT authentication, validation, rate limiting, and retry/circuit-breaking for resilience.","use_cases":["Let AI assistants create, list, update, and delete tasks in a Vikunja instance","Automate task workflows (labels, assignees, comments, reminders, relations)","Manage projects and teams via MCP tools","Bulk import tasks from CSV/JSON with validation and dry-run","Export project data or request/download user export"],"not_for":["Highly sensitive deployments that require zero exposure of end-user tokens to an external agent runtime","Use where you need a fully standard REST/GraphQL/SDK integration surface instead of MCP tools","Environments that cannot provide access to the Vikunja instance API endpoint"],"best_when":"You want an MCP-compatible assistant to operate Vikunja with typed inputs, pagination, and guardrails against abusive requests.","avoid_when":"You cannot securely provision/store API tokens/JWTs or you cannot constrain the assistant’s tool use to least-privilege operations.","alternatives":["Use Vikunja REST API directly","Use a different MCP-to-task integration (e.g., generic productivity/task MCPs if available)","Write a custom MCP server around the official Vikunja API for your specific subset of operations"],"af_score":75.8,"security_score":65.0,"reliability_score":53.8,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:20:44.912379+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":true},"auth":{"methods":["API token authentication (tk_*)","JWT authentication (eyJ* tokens)"],"oauth":false,"scopes":false,"notes":"Auth is session-based/automatic token management per README. JWT appears to be user-context capable and expires (likely ~24h); API tokens are more limited (not user-specific endpoints). Scope granularity is not described."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing information for the MCP package itself is provided in the supplied data."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":75.8,"security_score":65.0,"reliability_score":53.8,"mcp_server_quality":85.0,"documentation_accuracy":75.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":65.0,"rate_limit_clarity":70.0,"tls_enforcement":80.0,"auth_strength":75.0,"scope_granularity":40.0,"dependency_hygiene":55.0,"secret_handling":70.0,"security_notes":"README claims Zod-based input validation, DoS protection, express-rate-limit rate limiting, and centralized/typed error handling. It also recommends using env vars for configuration. JWT extraction steps increase the chance of token exposure in the operator workflow; the package appears to manage tokens automatically but scope granularity and secret logging behavior are not fully verifiable from the provided content.","uptime_documented":0.0,"version_stability":60.0,"breaking_changes_history":80.0,"error_recovery":75.0,"idempotency_support":"false","idempotency_notes":"Some operations are inherently non-idempotent (create/update/delete). No explicit idempotency keys or documented idempotent semantics are described.","pagination_style":"cursor-less pagination (page/perPage)","retry_guidance_documented":true,"known_agent_gotchas":["JWT token expiry: the assistant/operator may need to refresh/reprovide JWT periodically.","Different tool availability/capabilities depending on API token vs JWT (users/export likely JWT-only).","Bulk operations may have limits (e.g., bulk create/delete max 100); agents should respect these constraints to avoid failures.","Filtering syntax is passed as a string; malformed filters may be rejected by validation/parsing."]}}