
Research
Malicious npm Packages Impersonate Flashbots SDKs, Targeting Ethereum Wallet Credentials
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
@astrotask/mcp
Advanced tools
MCP (Model Context Protocol) server for Astrotask task management.
The @astrotask/mcp
package implements a Model Context Protocol server that exposes Astrotask's task management capabilities to AI agents. It provides a set of well-defined tools that agents can use to create, update, query, and manage tasks in a structured and type-safe manner.
Run the MCP server directly without installation:
npx @astrotask/mcp
npm install -g @astrotask/mcp
astrotask-mcp
The MCP server uses environment variables for configuration:
# Database configuration
DATABASE_URI=sqlite://./data/astrotask.db
# Optional: Enable verbose database logging
DB_VERBOSE=true
# Run the server
npx @astrotask/mcp
The server provides 6 essential tools for AI agent task management:
getNextTask
- Get the next available task to work onaddTasks
- Create multiple tasks with hierarchies and dependencieslistTasks
- List tasks with optional filteringaddTaskContext
- Add context information to tasksaddDependency
- Create dependency relationships between tasksupdateStatus
- Update task status (pending, in-progress, done, etc.)Configure your AI agent (Cursor, ChatGPT, etc.) to use this MCP server:
{
"name": "getNextTask",
"arguments": { "priority": "high" }
}
The MCP server exposes the following tools for AI agents:
listTasks
List tasks with optional filtering.
Parameters:
status
(optional): Filter by task status (pending
, in-progress
, done
, cancelled
)parentId
(optional): Filter by parent task IDincludeSubtasks
(optional): Include nested subtasks in resultsExample:
{
"name": "listTasks",
"arguments": {
"status": "pending",
"includeSubtasks": true
}
}
createTask
Create a new task.
Parameters:
title
(required): Task titledescription
(optional): Detailed task descriptionstatus
(optional): Initial status (default: pending
)parentId
(optional): Parent task for subtasksprd
(optional): Product Requirements Document contentcontextDigest
(optional): Context digest for AI agentsExample:
{
"name": "createTask",
"arguments": {
"title": "Implement user authentication",
"description": "Add JWT-based authentication with refresh token support",
"status": "pending"
}
}
updateTask
Update an existing task.
Parameters:
id
(required): Task ID to updatetitle
(optional): New task titledescription
(optional): New task descriptionstatus
(optional): New task statusparentId
(optional): New parent task IDprd
(optional): New PRD contentcontextDigest
(optional): New context digestExample:
{
"name": "updateTask",
"arguments": {
"id": "A",
"status": "done",
"description": "Completed: Added JWT auth with bcrypt password hashing"
}
}
deleteTask
Delete a task.
Parameters:
id
(required): Task ID to deletecascade
(optional): Whether to delete all subtasks (default: false
)Example:
{
"name": "deleteTask",
"arguments": {
"id": "A",
"cascade": true
}
}
completeTask
Mark a task as complete. This is a convenience tool that sets status to done
.
Parameters:
id
(required): Task ID to completeExample:
{
"name": "completeTask",
"arguments": {
"id": "A"
}
}
getTaskContext
Retrieve a task with its full context including related tasks.
Parameters:
id
(required): Task ID to get context forincludeAncestors
(optional): Include parent tasks (default: false
)includeDescendants
(optional): Include child tasks (default: false
)maxDepth
(optional): Maximum depth for hierarchical inclusion (default: 3
)Example:
{
"name": "getTaskContext",
"arguments": {
"id": "A",
"includeAncestors": true,
"includeDescendants": true,
"maxDepth": 5
}
}
Configure the MCP server through environment variables:
# Database configuration
DATABASE_URI=./tasks.db
DATABASE_ENCRYPTED=true
DATABASE_KEY=your-encryption-key
# Logging configuration
LOG_LEVEL=info
NODE_ENV=production
# Server configuration
MCP_SERVER_NAME=astrotask
MCP_SERVER_VERSION=1.0.0
npx @astrotask/mcp --help
Options:
--database-path <path> Database file path (default: ./tasks.db)
--encrypted Enable database encryption
--log-level <level> Log level (debug|info|warn|error)
--help Show help information
--version Show version information
Configure Cursor to use Astrotask MCP server:
.cursor/mcp.json
in your project root:{
"mcpServers": {
"astrotask": {
"command": "npx",
"args": ["@astrotask/mcp"],
"env": {
"DATABASE_URI": "./tasks.db",
"LOG_LEVEL": "info"
}
}
}
}
Add to your Claude Desktop MCP configuration:
{
"mcpServers": {
"astrotask": {
"command": "npx",
"args": ["@astrotask/mcp"],
"env": {
"DATABASE_URI": "/path/to/your/tasks.db"
}
}
}
}
# Python example using MCP client
import asyncio
from mcp import Client
async def interact_with_astrotask():
client = Client("npx @astrotask/mcp")
# Create a new task
result = await client.call_tool("createTask", {
"title": "Review pull request #123",
"description": "Review the authentication changes",
"status": "pending"
})
task_id = result["id"]
# Mark task as complete
await client.call_tool("completeTask", {
"id": task_id
})
# List all completed tasks
completed = await client.call_tool("listTasks", {
"status": "done"
})
print(f"Completed {len(completed)} tasks")
asyncio.run(interact_with_astrotask())
The MCP server provides structured error responses:
{
"error": {
"code": "INVALID_PARAMS",
"message": "Task title is required",
"data": {
"field": "title",
"receivedValue": null
}
}
}
Common error codes:
INVALID_PARAMS
: Invalid parameters providedNOT_FOUND
: Requested task/resource not foundVALIDATION_ERROR
: Data validation failedDATABASE_ERROR
: Database operation failedINTERNAL_ERROR
: Unexpected server error# Clone the repository
git clone <repository-url>
cd astrotask
# Install dependencies
pnpm install
# Start development server with hot reload
pnpm --filter @astrotask/mcp dev
# Run tests
pnpm --filter @astrotask/mcp test
Extend the MCP server with custom tools:
import { MCPHandler, HandlerContext } from '@astrotask/mcp';
class CustomTaskHandler implements MCPHandler {
constructor(public readonly context: HandlerContext) {}
async handleCustomOperation(params: CustomParams) {
// Your custom logic here
const result = await this.context.taskService.customOperation(params);
return result;
}
}
// Register the custom handler
server.addTool('customTask', CustomTaskHandler);
Enable debug logging to troubleshoot issues:
# Enable debug logs
DEBUG=astrotask:* npx @astrotask/mcp
# Or set log level
LOG_LEVEL=debug npx @astrotask/mcp
The debug output includes:
pnpm verify
MIT License - see LICENSE for details.
@astrotask/core
- Core task management library@astrotask/cli
- Command-line interfaceThis MCP server uses an enhanced documentation approach that provides both brief descriptions and comprehensive documentation for each tool. Instead of the simple one-liner schema registration, we use the object form that supports:
Each MCP tool is registered with:
The docs/
directory contains comprehensive Markdown documentation for each tool:
docs/getNextTask.md
- Get next available task with filtering optionsdocs/addTasks.md
- Batch task creation with hierarchies and dependenciesdocs/listTasks.md
- Query tasks with various filtersdocs/addTaskContext.md
- Add context slices to existing tasksdocs/addDependency.md
- Create task dependency relationshipsserver.tool('toolName', {
description: 'Brief one-sentence description for tooltips',
docs: docsMarkdown, // Full documentation from .md file
parameters: zodSchema // Complete Zod schema for validation
}, wrapMCPHandler(async (args) => {
const parsedArgs = zodSchema.parse(args); // Parse and validate
return handlers.toolMethod(parsedArgs);
}));
This approach ensures that AI agents have access to both quick summaries and detailed usage information, improving their ability to effectively use the MCP tools.
FAQs
MCP Server for Taskmaster AI
The npm package @astrotask/mcp receives a total of 9 weekly downloads. As such, @astrotask/mcp popularity was classified as not popular.
We found that @astrotask/mcp demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.