How do I use microsoft-todo-safe-mcp?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@microsoft-todo-safe-mcp preview a plan to archive completed tasks from last month" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

microsoft-todo-safe-mcp

by Saenai

Overview Schema Related Servers Score Discussions

TypeScript

Local

Microsoft To Do Safe MCP

A local-first Microsoft To Do MCP server for AI-assisted task cleanup with backup, preview, confirmation, and audit safeguards.

This repository is a safety-focused fork of jordanburke/microsoft-todo-mcp-server. The goal is not to expose every Microsoft To Do CRUD operation directly to an AI assistant. The goal is to let an AI propose structured cleanup plans, preview the exact effects, and apply them only after explicit confirmation.

What This Is

This project sits between an AI assistant and Microsoft To Do:

Codex / Claude / local LLM
  -> Safe MCP tools
  -> Microsoft Graph API
  -> Microsoft To Do

It is intended for personal task backlog cleanup:

read visible Microsoft To Do lists and tasks
export complete JSON backups
validate AI-generated cleanup plans
preview planned changes before any write
require exact confirmation before applying
write JSON Lines audit logs
avoid permanent delete by default
prefer soft archive lists such as Archive, Someday, and Needs Review

Related MCP server: Todoist MCP Server

Current Status

Implemented:

community repository evaluation notes
device-code authentication for remote/iPhone operation
doctor script for live Microsoft Graph To Do compatibility checks
full JSON backup export
safe list setup for Archive, Someday, and Needs Review
strict safe-plan schema validation
dry-run plan preview with saved preview_id
confirmation-gated apply_plan
JSON Lines audit log output
read-only backup restore preview
default hiding of direct destructive tools

Not implemented:

GUI
VPS deployment
SQLite registry fallback
permanent delete
restore apply
arbitrary Graph request tool

Safety Model

By default, direct dangerous upstream tools are not registered:

task delete
task-list delete
checklist delete
unrestricted update/create helpers
destructive archive helper
Graph exploration helper

Set MSTODO_ENABLE_UNSAFE_TOOLS=1 only if you intentionally want the original low-level tools exposed.

The supported AI write path is:

validate_plan -> preview_plan -> apply_plan

apply_plan always:

validates the plan again
requires a matching saved preview_id
requires the exact confirmation phrase returned by preview_plan
creates a full backup before writing
writes JSON Lines audit events
defaults to fail-fast
preserves success mappings on partial failure

Soft move operations are implemented as:

copy task to Archive/Someday/Needs Review
copy checklist items when available
mark original task completed

The original task is not deleted.

Allowed Plan Operations

Plan schema version 1.0 allows:

move_to_archive
move_to_someday
move_to_needs_review
complete
update
create_checklist_item

Version 1.0 rejects:

delete
delete_task_list
silent overwrite
apply without preview
source-list mismatch
missing task IDs

See docs/SAFE_PLAN_WORKFLOW.md.

Prerequisites

Node.js 22 or newer
Corepack / pnpm
Microsoft account with Microsoft To Do enabled
Microsoft Entra / Azure app registration for OAuth

No Azure hosting is required. The app registration is only used as an OAuth client identity.

Install

git clone https://github.com/Saenai/microsoft-todo-safe-mcp.git
cd microsoft-todo-safe-mcp
corepack pnpm install
corepack pnpm run build

Azure / Microsoft App Registration

Recommended setup for personal Microsoft accounts and remote Codex/iPhone operation:

app type: public client
tenant: consumers
login flow: device code
client secret: not needed

Required delegated Microsoft Graph permissions:

User.Read
Tasks.Read
Tasks.ReadWrite
Tasks.Read.Shared
Tasks.ReadWrite.Shared
offline_access
openid
profile

Full setup checklist: docs/AZURE_APP_REGISTRATION.md.

Authenticate

Set the app registration client ID:

$env:CLIENT_ID = "<application-client-id>"
$env:TENANT_ID = "consumers"

Start device-code login:

corepack pnpm run auth:device -- --start-only

Open the printed URL on your phone or browser, enter the code, and sign in.

Then complete token retrieval on the machine running the MCP server:

corepack pnpm run auth:device -- --complete

Tokens are stored under the local user profile:

%APPDATA%\microsoft-todo-mcp\tokens.json

Do not commit or share token files.

Verify Microsoft To Do Compatibility

Run:

corepack pnpm run doctor

The doctor checks:

OAuth token availability
GET /me
GET /me/todo/lists
visible list enumeration
per-list task counts
temporary list create/delete
temporary task create/read/update/complete/delete

The doctor redacts tokens and client secrets from reports.

MCP Tools

Safe tools:

setup_safe_lists
export_backup
validate_plan
preview_plan
apply_plan
restore_preview
read/list tools inherited from the base server

Unsafe low-level tools are hidden unless MSTODO_ENABLE_UNSAFE_TOOLS=1.

Safe Plan Workflow

Call setup_safe_lists.
Call export_backup.
Ask the AI to generate a schema version 1.0 plan.
Call validate_plan.
Call preview_plan.
Review preview_id, confirmation_phrase, and effects.
Call apply_plan with the same plan, matching preview_id, and exact confirmation phrase.

Local outputs:

safe-data/backups/
safe-data/previews/
safe-data/audit/

safe-data/ is ignored by git because it may contain personal task data.

Development

corepack pnpm test
corepack pnpm run typecheck
corepack pnpm run format:check
corepack pnpm run build

Useful scripts:

corepack pnpm run auth:device
corepack pnpm run doctor
corepack pnpm run test:doctor
corepack pnpm run typecheck:doctor

Documentation

docs/REPOSITORY_EVALUATION.md: community repository review
docs/DECISIONS.md: implementation decisions and verified facts
docs/AZURE_APP_REGISTRATION.md: app registration setup
docs/SAFE_PLAN_WORKFLOW.md: plan validation, preview, and apply flow

Security Notes

Token files are sensitive.
Backups and audit logs may contain personal task metadata.
This project intentionally avoids permanent delete in the safe plan flow.
Do not expose unsafe tools to an autonomous AI assistant unless you understand the risk.
Keep the repository private if you add personal plans, backups, logs, screenshots, or account-specific notes.

License

MIT. See LICENSE.

Acknowledgments

Forked from jordanburke/microsoft-todo-mcp-server, itself a fork of @jhirono/todomcp.

This server cannot be installed

license - not found

quality - not tested

maintenance

How are these scores calculated?

Maintenance

–Maintainers

–Response time

–Release cycle

–Releases (12mo)

Commit activity

Resources

GitHub Repository

Need Help?

Related Servers

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Saenai/microsoft-todo-safe-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server