Microsoft Todo MCP Service

Instructions

Implementation Reference

• src/todo-index.ts:392-477 (registration)

  Registration of the 'get-task-lists' tool with the MCP server. Includes tool name, description, empty input schema ({}), and inline async handler function that fetches and formats task lists from Microsoft To Do via Graph API.
  server.tool( "get-task-lists", "Get all Microsoft Todo task lists (the top-level containers that organize your tasks). Shows list names, IDs, and indicates default or shared lists.", {}, async () => { try { const token = await getAccessToken(); if (!token) { return { content: [ { type: "text", text: "Failed to authenticate with Microsoft API", }, ], }; } const response = await makeGraphRequest<{ value: TaskList[] }>( `${MS_GRAPH_BASE}/me/todo/lists`, token ); if (!response) { return { content: [ { type: "text", text: "Failed to retrieve task lists", }, ], }; } const lists = response.value || []; if (lists.length === 0) { return { content: [ { type: "text", text: "No task lists found.", }, ], }; } const formattedLists = lists.map((list) => { // Add well-known list name if applicable let wellKnownInfo = ""; if (list.wellknownListName && list.wellknownListName !== "none") { if (list.wellknownListName === "defaultList") { wellKnownInfo = " (Default Tasks List)"; } else if (list.wellknownListName === "flaggedEmails") { wellKnownInfo = " (Flagged Emails)"; } } // Add sharing info if applicable let sharingInfo = ""; if (list.isShared) { sharingInfo = list.isOwner ? " (Shared by you)" : " (Shared with you)"; } return `ID: ${list.id}\nName: ${list.displayName}${wellKnownInfo}${sharingInfo}\n---`; }); return { content: [ { type: "text", text: `Your task lists:\n\n${formattedLists.join("\n")}`, }, ], }; } catch (error) { return { content: [ { type: "text", text: `Error fetching task lists: ${error}`, }, ], }; } } );
• src/todo-index.ts:396-476 (handler)

  The core handler logic for the get-task-lists tool. Handles authentication, API call to retrieve task lists, formats the lists with details like ID, name, well-known status, and sharing info, and returns structured text content.
  async () => { try { const token = await getAccessToken(); if (!token) { return { content: [ { type: "text", text: "Failed to authenticate with Microsoft API", }, ], }; } const response = await makeGraphRequest<{ value: TaskList[] }>( `${MS_GRAPH_BASE}/me/todo/lists`, token ); if (!response) { return { content: [ { type: "text", text: "Failed to retrieve task lists", }, ], }; } const lists = response.value || []; if (lists.length === 0) { return { content: [ { type: "text", text: "No task lists found.", }, ], }; } const formattedLists = lists.map((list) => { // Add well-known list name if applicable let wellKnownInfo = ""; if (list.wellknownListName && list.wellknownListName !== "none") { if (list.wellknownListName === "defaultList") { wellKnownInfo = " (Default Tasks List)"; } else if (list.wellknownListName === "flaggedEmails") { wellKnownInfo = " (Flagged Emails)"; } } // Add sharing info if applicable let sharingInfo = ""; if (list.isShared) { sharingInfo = list.isOwner ? " (Shared by you)" : " (Shared with you)"; } return `ID: ${list.id}\nName: ${list.displayName}${wellKnownInfo}${sharingInfo}\n---`; }); return { content: [ { type: "text", text: `Your task lists:\n\n${formattedLists.join("\n")}`, }, ], }; } catch (error) { return { content: [ { type: "text", text: `Error fetching task lists: ${error}`, }, ], }; } }
• src/todo-index.ts:360-366 (schema)

  TypeScript interface defining the TaskList type used in the response parsing for get-task-lists tool.
  interface TaskList { id: string; displayName: string; isOwner?: boolean; isShared?: boolean; wellknownListName?: string; // 'none', 'defaultList', 'flaggedEmails', 'unknownFutureValue' }
• src/todo-index.ts:75-138 (helper)

  Generic helper function for making HTTP requests to Microsoft Graph API, used by the tool handler for fetching task lists. Handles authentication headers, error cases, and personal account limitations.
  async function makeGraphRequest<T>(url: string, token: string, method = "GET", body?: any): Promise<T | null> { const headers = { "User-Agent": USER_AGENT, "Accept": "application/json", "Authorization": `Bearer ${token}`, "Content-Type": "application/json" }; try { const options: RequestInit = { method, headers }; if (body && (method === "POST" || method === "PATCH")) { options.body = JSON.stringify(body); } console.error(`Making request to: ${url}`); console.error(`Request options: ${JSON.stringify({ method, headers: { ...headers, Authorization: 'Bearer [REDACTED]' } })}`); const response = await fetch(url, options); if (!response.ok) { const errorText = await response.text(); console.error(`HTTP error! status: ${response.status}, body: ${errorText}`); // Check for the specific MailboxNotEnabledForRESTAPI error if (errorText.includes('MailboxNotEnabledForRESTAPI')) { console.error(` ================================================================= ERROR: MailboxNotEnabledForRESTAPI The Microsoft To Do API is not available for personal Microsoft accounts (outlook.com, hotmail.com, live.com, etc.) through the Graph API. This is a limitation of the Microsoft Graph API, not an authentication issue. Microsoft only allows To Do API access for Microsoft 365 business accounts. You can still use Microsoft To Do through the web interface or mobile apps, but API access is restricted for personal accounts. ================================================================= `); throw new Error("Microsoft To Do API is not available for personal Microsoft accounts. See console for details."); } throw new Error(`HTTP error! status: ${response.status}, body: ${errorText}`); } const data = await response.json(); console.error(`Response received: ${JSON.stringify(data).substring(0, 200)}...`); return data as T; } catch (error) { console.error("Error making Graph API request:", error); return null; } }
• src/todo-index.ts:192-243 (helper)

  Helper function to obtain a valid access token, reading from file or memory, refreshing if expired. Critical dependency for the tool's authentication.
  async function getAccessToken(): Promise<string | null> { try { console.error('getAccessToken called'); // First check if we have a valid current access token in memory if (currentAccessToken) { return currentAccessToken; } // Check for tokens in environment variables or file try { // Read token file const tokenData = readTokens(); if (tokenData) { // Check if token is expired const now = Date.now(); if (now > tokenData.expiresAt) { console.error(`Token is expired. Current time: ${now}, expires at: ${tokenData.expiresAt}`); // If we have a refresh token, try to refresh the access token if (tokenData.refreshToken || currentRefreshToken) { console.error('Attempting to refresh token...'); const refreshTokenToUse = currentRefreshToken || tokenData.refreshToken; const newTokenData = await refreshAccessToken(refreshTokenToUse); if (newTokenData) { console.error('Token refreshed successfully'); return newTokenData.accessToken; } console.error('Token refresh failed'); } return null; } // Success - return the token and update current state currentAccessToken = tokenData.accessToken; currentRefreshToken = tokenData.refreshToken; console.error(`Successfully retrieved valid token (${tokenData.accessToken.substring(0, 10)}...)`); return tokenData.accessToken; } } catch (readError) { console.error(`Direct token read error: ${readError}`); return null; } return null; } catch (error) { console.error("Error getting access token:", error); return null; } }