@starasia/task-management-mcp
v1.5.3
Published
MCP server for Star Perkasa Technology Task Management API
Readme
Task Management MCP
MCP server for Star Perkasa Technology Task Management.
Package ini membantu AI agent membaca, membuat, memperbarui, memantau, dan merangkum task melalui Task Management API dengan permission sesuai user aktif.
Server ini menyimpan auth context secara aman di runtime/persistent local store agar agent tidak perlu meminta login berulang selama token masih valid. Token tidak pernah dikembalikan ke output tool.
Requirements
- Node.js 20+
- Access to a running Starasia Task Management API instance
Features
- List spaces, projects, project members, workflow statuses, and tasks
- Get project and task detail
- Create single or bulk tasks
- Update task fields, status, and assignees
- Monitor overdue and stale tasks
- Summarize project progress, workload, and work reports
- Dry-run-first write tools for safer agent workflows
Install
Install global:
npm install -g @starasia/task-management-mcpRun manually for smoke test:
task-management-mcpOr run without global install:
npx -y @starasia/task-management-mcpQuick start for users
You do not need to know every MCP tool name to use this package. In most AI agents, ask in natural language and let the agent choose the right tool.
Start by asking the agent to log in:
Login to Task Management MCPThe agent should call start_web_sso_login, show you a secure SSO login URL, then ask you to open the URL and log in through the browser. Do not paste your SSO password into chat. After login, the agent will call check_web_sso_login. If your account has access to multiple organizations, the agent should show organization names and ask which one to use.
After login, try prompts like:
Show my Task Management spacesWhat projects exist in the Ofa Lite space?Create a task in the MVP Generate Cycle project for implementing fleet settingsAssign this task to BayuSummarize my overdue tasksAgents should preview write actions first. For example, when creating or updating tasks, the agent should show the planned title, description, status, priority, dates, and assignees before calling write tools with dryRun: false.
Claude Code
Install global lalu daftarkan ke Claude Code:
npm install -g @starasia/task-management-mcp
claude mcp add --scope user task-management -- task-management-mcpAlternatif tanpa install global:
claude mcp add --scope user task-management -- npx -y @starasia/task-management-mcpVerifikasi:
claude mcp list
claude mcp get task-managementCodex CLI
Quick command:
codex mcp add task-management --command npx --args -y --args @starasia/task-management-mcpFallback via ~/.codex/config.toml:
[mcp_servers.task_management]
command = "npx"
args = ["-y", "@starasia/task-management-mcp"]JSON MCP Config
Untuk client lain yang memakai format JSON mcpServers:
{
"mcpServers": {
"task-management": {
"command": "npx",
"args": ["-y", "@starasia/task-management-mcp"]
}
}
}Tools
Auth/session
sso_loginselect_sso_organizationstart_web_sso_logincheck_web_sso_logincancel_web_sso_loginset_auth_contextget_auth_context_statusclear_auth_context
Read-only
list_spaceslist_projectsget_projectlist_statuseslist_space_membersget_my_space_membershiplist_project_membersget_my_project_membershiplist_tasksget_taskresolve_task_ticketlist_task_assigneessummarize_my_taskssummarize_project_progress
Write tools
Write tools default to dryRun: true. Set dryRun: false only when the user has approved the action.
create_spaceupdate_spacedelete_spacecreate_projectupdate_projectdelete_projectmove_projectarchive_projectrestore_projectcreate_taskbulk_create_tasksupdate_taskchange_task_statusdelete_taskduplicate_taskadd_space_membersjoin_spaceset_space_member_roleremove_space_memberadd_project_membersbulk_add_project_membersremove_project_memberassign_taskunassign_taskreplace_task_assigneesreassign_task_assignee
Member-management tools use user ids from HRIS/SSO. Task assignee tools use project member ids from list_project_members.
Monitoring/reporting
monitor_overdue_tasksmonitor_stale_tasksworkload_by_usergenerate_work_report
Auth model
Before using task tools, the agent should check whether an auth context is configured. If not, prefer SSO login instead of asking for a raw bearer token.
Recommended flow for chat-based agents:
- Call
get_auth_context_status. - If not configured, prefer
start_web_sso_loginand present the returned login URL/button to the user. - The user enters email/password in the browser form, not in chat.
- Poll or call
check_web_sso_loginwith the returned session id. - When completed, the MCP activates and persists the auth context without returning the token.
- Use the task tools.
CLI/local fallback flow:
- Call
sso_loginwith the user's SSO email/password only when the platform can handle secrets safely. - If
sso_loginreturns multiple organizations, present organization names in a human-friendly list and ask which organization should be used. Do not ask the user to copy an organization ID. - Call
select_sso_organizationwith the user's typed organization name. The MCP supports normalized/fuzzy matching, so close inputs such asstar perkasacan matchPT Star Perkasa Technology. - Use the task tools.
Manual fallback remains available through set_auth_context when explicitly needed.
The MCP stores auth context in an encrypted local store and process memory, returns masked auth status, and never returns the bearer token from any tool. The persisted context is reused until its configured expiry.
Call clear_auth_context when the session is done; it clears process state, pending SSO sessions, web login sessions, and the persisted auth store.
SSO configuration
For SSO login, provide the Task Management module client ID via environment:
TASK_MANAGEMENT_SSO_CLIENT_ID=APP-xxxxxxxxOptional SSO API base URL override, mainly for local/dev testing:
TASK_MANAGEMENT_SSO_API_BASE_URL=https://api.starasia.tech/ssoAuth persistence TTL defaults to 30 days. Override it with a millisecond value when a shorter or longer auth-context lifetime is required:
TASK_MANAGEMENT_AUTH_TTL_MS=2592000000Use a stable TASK_MANAGEMENT_AUTH_STORE_KEY in deployment so the encrypted auth store remains readable after MCP restarts.
Passwords are accepted only by sso_login; the resulting token stays in MCP process memory and is never returned.
Safety notes
- The MCP does not bypass application permissions.
- All API actions are performed using the active user's permission context.
- Write tools use dry-run mode by default.
- Bulk task creation supports idempotency by normalized title.
- Use this MCP only in trusted local agent sessions.
Development
npm test
npm run typecheck
npm run lint
npm run build
npm run pack:check