ZenTao MCP Server

call

Execute ZenTao RESTful API calls to manage projects, track bugs, and handle product data with automatic token authentication.

Instructions

Call any ZenTao RESTful API endpoint (api.php/v1). Automatically injects Token header. Paths accept leading slash or relative.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`path`	Yes	Relative path, e.g. /projects or projects/1
`method`	No	HTTP verb	GET
`query`	No	Query params object
`body`	No	JSON body
`forceTokenRefresh`	No	Refresh token before request

Implementation Reference

src/zentao-mcp-server.js:557-575 (handler)

Specific handler logic for the 'call' tool within the MCP CallToolRequestSchema handler. Extracts arguments and delegates to callZenTao helper.

if (name === "call") {
  const { path, method = "GET", query, body, forceTokenRefresh = false } = args;
  if (!path) throw new Error("path is required");
  const response = await callZenTao({
    path,
    method,
    query,
    body,
    forceTokenRefresh,
  });
  return {
    content: [
      {
        type: "text",
        text: JSON.stringify(response, null, 2),
      },
    ],
  };
}

src/zentao-mcp-server.js:79-111 (helper)

Core implementation of the API call to ZenTao, handling authentication token, URL building, HTTP request, and response parsing.

async function callZenTao({
  path,
  method = "GET",
  query,
  body,
  headers = {},
  forceTokenRefresh = false,
}) {
  assertConfig();
  const token = await fetchToken(forceTokenRefresh);
  const url = buildUrl(path, query);
  const res = await fetch(url, {
    method,
    headers: {
      "Content-Type": "application/json",
      Token: token,
      ...headers,
    },
    body: body ? JSON.stringify(body) : undefined,
  });
  const text = await res.text();
  const data = safeJson(text);
  if (!res.ok) {
    throw new Error(
      `Request failed ${res.status}: ${text || res.statusText || "unknown"}`
    );
  }
  return {
    status: res.status,
    headers: Object.fromEntries(res.headers.entries()),
    data: data ?? text,
  };
}

src/zentao-mcp-server.js:389-413 (registration)

Tool registration in the tools/list response, defining name, description, and input schema for the 'call' tool.

{
  name: "call",
  description:
    "Call any ZenTao RESTful API endpoint (api.php/v1). Automatically injects Token header. Paths accept leading slash or relative.",
  inputSchema: {
    type: "object",
    properties: {
      path: { type: "string", description: "Relative path, e.g. /projects or projects/1" },
      method: {
        type: "string",
        description: "HTTP verb",
        enum: ["GET", "POST", "PUT", "PATCH", "DELETE"],
        default: "GET",
      },
      query: { type: "object", description: "Query params object", additionalProperties: true },
      body: { type: "object", description: "JSON body", additionalProperties: true },
      forceTokenRefresh: {
        type: "boolean",
        description: "Refresh token before request",
      },
    },
    required: ["path"],
    additionalProperties: false,
  },
},

src/zentao-mcp-server.js:393-412 (schema)

Input schema definition for the 'call' tool, specifying parameters like path, method, query, body.

inputSchema: {
  type: "object",
  properties: {
    path: { type: "string", description: "Relative path, e.g. /projects or projects/1" },
    method: {
      type: "string",
      description: "HTTP verb",
      enum: ["GET", "POST", "PUT", "PATCH", "DELETE"],
      default: "GET",
    },
    query: { type: "object", description: "Query params object", additionalProperties: true },
    body: { type: "object", description: "JSON body", additionalProperties: true },
    forceTokenRefresh: {
      type: "boolean",
      description: "Refresh token before request",
    },
  },
  required: ["path"],
  additionalProperties: false,
},

Tool Definition Quality

A3.9/5.0

Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. It adds useful context: automatic Token header injection, path format flexibility (leading slash or relative), and token refresh capability via the forceTokenRefresh parameter. However, it lacks details on error handling, rate limits, authentication requirements beyond token injection, or response formats, leaving gaps for a general-purpose API tool.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is highly concise and front-loaded, consisting of two sentences that efficiently convey the tool's core functionality and key features (API calling, token injection, path flexibility). Every sentence earns its place with no wasted words, making it easy to understand quickly.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity as a general-purpose API caller with 5 parameters, no annotations, and no output schema, the description is incomplete. It covers basic purpose and some behavioral traits but lacks details on error handling, response structure, or advanced usage scenarios. While concise, it does not fully compensate for the missing structured data, leaving room for improvement.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so the schema already documents all parameters thoroughly. The description adds minimal value beyond the schema by implying path format flexibility and token refresh behavior, but it does not explain parameter interactions or provide additional semantic context. This meets the baseline for high schema coverage.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Call any ZenTao RESTful API endpoint (api.php/v1).' It specifies the verb ('Call'), resource ('ZenTao RESTful API endpoint'), and scope ('any'), distinguishing it from sibling tools that perform specific operations like getBugDetail or markBugResolved. The mention of automatic Token header injection adds specificity.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides clear context for usage by indicating it's for ZenTao RESTful API endpoints and handles token injection automatically. However, it does not explicitly state when to use this tool versus the more specific sibling tools (e.g., getBugDetail for bug details), nor does it mention exclusions or prerequisites. The guidance is implied but not comprehensive.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Valiant-Cat/zentao-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server