Return the current Microsoft 365 sign-in status for this profile. Three states: signed_in (a usable token exists, regardless of how it got there — CLI login, tasks_login_begin tool, even days ago), pending (a Device Code flow is in flight from a recent tasks_login_begin call; the response carries user_code + verification_url so the agent can re-display the prompt), or none (no token, no flow — the agent should call tasks_login_begin). Read-only: actively probes the token store + does at most one /me round-trip on a fresh signed_in to learn the UPN. AGENT_INSTRUCTIONS: When status='pending', present the verification code to the user inside a fenced code block (so it can be copied with one click) and present the verification URL as a plain markdown link on its own line. Do not paraphrase, do not embed the code inside prose, do not wrap the URL in bold. Same format as tasks_login_begin.

Drive the OAuth Device Code flow as an MCP tool. Returns immediately, non-blocking. Surfaces user_code + verification_url so the agent can show them; polls Microsoft Identity in the background until the user completes sign-in OR the device code expires (~15 min cap). The agent then polls tasks_login_status until it flips to signed_in (or to a terminal expired / failed). REQUIRED parameter account_type: pass 'personal' for outlook.com / hotmail.com / live.com / msn.com (Microsoft To Do works; Planner does NOT — requires a work/school M365 group), or 'work_or_school' for any Microsoft 365 tenant account incl. B2B guests (both To Do and Planner work). The choice determines which Microsoft Device Code landing page the user is sent to (https://www.microsoft.com/link vs https://login.microsoft.com/device) — there is no auto-detection before sign-in. If you don't know, ASK THE USER first. Calling without account_type returns a structured error explicitly instructing you to elicit the choice. Idempotent: a non-expired pending session for the profile is returned as-is unless force=True. force=True cancels the in-flight session and starts a fresh flow. Returns the session's public view: session_id, user_code, verification_url, verification_url_complete, expires_at, time_remaining_s, status, signed_in_user_upn, error. AGENT_INSTRUCTIONS: Present the verification code to the user inside a fenced code block (so it can be copied with one click) and present the verification URL as a plain markdown link on its own line. Do not paraphrase, do not embed the code inside prose, do not wrap the URL in bold. Example:

Code:
```
ABCD-1234
```

Sign-in URL: https://www.microsoft.com/link

Rationale: in a chat UI, a code inside a fenced block gets a one-click copy button; a bare URL becomes clickable; bold-wrapped links and inline codes do not.

List the signed-in user's Microsoft To Do lists. Each list has id, display_name, is_owner, is_shared, well_known_list_name (e.g. 'defaultList' for the built-in Tasks list, 'flaggedEmails' for the Outlook flagged-mails list, or None for user-created lists), and etag. Read-only — does not modify anything. To list tasks within a list, pass the returned id to todo_tasks.

Fetch a single Microsoft To Do list by id. Same shape as an entry returned by todo_lists. Read-only.

List tasks in a Microsoft To Do list. Returns each task in the unified envelope: id, title, status (completed/not_completed), due_date, assignees (empty for To Do — per-user surface), web_url (None for To Do — no public deep-link), source (always 'todo'), etag (for write concurrency), list_id, body_preview, categories, importance, reminder_date, is_reminder_on, last_modified_date_time, created_date_time. status_filter defaults to 'all'; pass 'completed' or 'not_completed' to narrow.

Fetch one Microsoft To Do task by id within its list. Both list_id and task_id are required — Microsoft Graph has no global task-by-id endpoint for To Do. Returns the unified task envelope (same shape as items in todo_tasks). Read-only.

Cross-source view: every Microsoft To Do task in the user's lists plus every Microsoft Planner task assigned to the user, merged into one list. Sorted by due_date ascending (None last). include_completed=False excludes completed tasks from both surfaces. Each entry is a unified task envelope tagged with source ('todo' or 'planner') and profile so the agent can route follow-up calls correctly. Optional profiles=[...] fans out across multiple signed-in tenants and merges; per-profile failures are best-effort skipped and listed in _skipped_profiles. Returns {'tasks': [...], '_skipped_profiles': [...]}. Read-only.

Case-insensitive substring search across the user's To Do tasks and Planner tasks. Matches against title and body_preview. source narrows to a single surface — 'all' (default), 'todo', or 'planner'. Returns up to limit matches in the unified envelope shape. Read-only. Note: implementation is client-side because neither surface exposes a server-side $search for tasks; performance is fine at typical task volumes (hundreds, not hundreds of thousands).

List Microsoft Planner plans the signed-in user can see. Without group_id, enumerates the user's M365 groups via /me/memberOf (requires Group.Read.All admin-consent — already granted on the XMV-published OAuth app) and aggregates plans across them. With group_id, lists plans within that single group. Each plan has id, title, owner_group_id, created_date_time, etag. Read-only.

Fetch one Microsoft Planner plan by id. Same shape as an entry returned by planner_plans. Read-only.

List buckets (columns) within a Planner plan. Each bucket has id, name, plan_id, order_hint, etag. The order_hint follows Microsoft Graph's lexicographic ordering scheme (read-only — buckets ship pre-ordered as the user arranged them in Planner). Read-only.

List tasks within a Planner plan. Returns each task in the unified envelope: id, title, status (completed/not_completed — derived from percentComplete >= 100), due_date, assignees (list of M365 user-ids assigned to the task), web_url (deep-link to tasks.office.com built from the access token's tid claim), source ('planner'), etag, plan_id, bucket_id, priority, percent_complete, applied_categories, created_date_time, last_modified_date_time. Optionally narrow by bucket_id and status_filter ('all'/'completed'/'not_completed').

Fetch one Planner task by id. Returns the unified task envelope (same shape as items in planner_tasks). Pass include_details=True to additionally fetch the task's description, checklist, references, and preview_type (one extra Graph round-trip to /planner/tasks/{id}/details). Read-only.

Incremental diff of Microsoft Planner tasks since the last call. Polls Graph, compares against an on-disk cursor, and returns added, modified, removed envelopes plus cursor_advanced (bool). scope controls which tasks are polled — pass one of: {"kind": "plan", "plan_id": "..."} (all tasks in a plan), {"kind": "assigned_to_me"} (tasks assigned to the signed-in user), or {"kind": "registry"} (only tasks this MCP profile created — one GET per registry id). Each scope is tracked independently via a sha256 cursor key. First call → everything returned as added, cursor initialised. Subsequent calls return only tasks that appeared, changed (lastModifiedDateTime advanced), or disappeared since the previous poll. removed entries carry {"id": "...", "last_known_title": null} — the title is not available because the task is gone. Cursor file: ~/.cache/mcp-server-microsoft-tasks/<profile>/cursors.json, mode 0o600. Read-only on Graph; mutates only the local cursor file.