{"id":"quentintou-agent-board","name":"agent-board","homepage":"https://openclaw.ai","repo_url":"https://github.com/quentintou/agent-board","category":"automation","subcategories":[],"tags":["ai-agents","agent-orchestration","task-management","kanban","dag","mcp","webhooks","audit-trail","nodejs","typescript"],"what_it_does":"Agent Board is a multi-agent task orchestration service combining a Kanban board with DAG-enforced task dependencies, quality gates, auto-retries, task chaining, signed webhooks for event-driven wakeups, and an append-only audit trail. It exposes both a REST API and an MCP server so AI agents can create/move tasks and manage task comment threads.","use_cases":["Coordinating multiple LLM agents with shared task state (Kanban + DAG dependencies)","Building agent pipelines via task chaining (nextTask auto-created/assigned)","Event-driven agent wakeups using signed webhooks and/or OpenClaw webhook integration","Retriable task execution flows with attempt tracking in an audit trail","Integrating agent teams via MCP tools (no HTTP client needed for MCP clients)"],"not_for":["High-assurance production systems requiring strong auth-by-default and formal security/compliance guarantees (auth is optional/backward compatible)","Multi-region or managed SaaS usage (appears to be self-hosted/local-data oriented)","Environments needing an enterprise-grade identity provider (OAuth/OIDC) out of the box"],"best_when":"You want a self-hosted orchestration layer for autonomous agent teams where tasks must be coordinated, dependencies enforced, and agents woken quickly on state changes.","avoid_when":"You cannot safely run with default/optional authentication or you require strict SLAs/status guarantees and documented operational practices.","alternatives":["Open-source workflow/orchestration tools (e.g., Temporal, Airflow) for dependency graphs and retries (different UX than a Kanban agent board)","Project management systems with custom automation (e.g., Jira + webhook/automation) for less agent-native MCP integration","Other MCP-enabled agent tool hubs or custom MCP servers layered over a database/task queue"],"af_score":60.6,"security_score":51.5,"reliability_score":38.8,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:36:11.876147+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":true},"auth":{"methods":["X-API-Key (API key header) when AGENTBOARD_API_KEYS is set"],"oauth":false,"scopes":false,"notes":"Authentication is described as optional/backward-compatible: if AGENTBOARD_API_KEYS is not set, all requests are allowed."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Self-hosted open-source npm package; no pricing details provided."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":60.6,"security_score":51.5,"reliability_score":38.8,"mcp_server_quality":78.0,"documentation_accuracy":75.0,"error_message_quality":0.0,"error_message_notes":"README mentions Zod validation with clear error messages, but no concrete error format examples (HTTP status codes or MCP tool error schema) are shown in the provided content.","auth_complexity":55.0,"rate_limit_clarity":0.0,"tls_enforcement":70.0,"auth_strength":45.0,"scope_granularity":20.0,"dependency_hygiene":55.0,"secret_handling":70.0,"security_notes":"Webhooks can be signed with HMAC-SHA256 (and include timestamp/source) when AGENTBOARD_WEBHOOK_SECRET is set, which supports message authenticity. However, REST API authentication is optional/backward-compatible; when API keys are not configured, requests are allowed, reducing security for default deployments. No explicit mention of OAuth scopes, fine-grained authorization, or TLS/HTTP enforcement details; TLS is likely handled by the underlying server but is not explicitly documented here.","uptime_documented":0.0,"version_stability":35.0,"breaking_changes_history":45.0,"error_recovery":75.0,"idempotency_support":"false","idempotency_notes":"Auto-retry, task moves, and comment creation are state-changing; no explicit idempotency keys or semantics are described for REST or MCP mutations.","pagination_style":"none","retry_guidance_documented":true,"known_agent_gotchas":["Auth is optional when API keys are not configured; agents may successfully call endpoints but this can be unsafe in shared environments.","Webhook signing is enabled only when AGENTBOARD_WEBHOOK_SECRET is set; without it, receivers must not rely on signatures.","Auto-retry moves tasks from failed back to todo; agents should handle repeated attempts and avoid assuming exactly-once execution.","DAG dependency enforcement may block moves to doing/review if dependencies are not yet done or cycles are detected."]}}