excalidraw-mcp-server

lock_elements

Prevent modification of selected elements in Excalidraw diagrams by locking them to maintain layout integrity during collaborative editing.

Instructions

Lock elements to prevent modification

Input Schema

TableJSON Schema

Name	Required	Description	Default
`elementIds`	Yes

Implementation Reference

src/mcp/index.ts:425-442 (handler)

Main registration and handler for lock_elements tool. Validates input with IdsZ schema, iterates through elementIds, and calls client.updateElement(eid, { locked: true }) for each element. Returns JSON response with lockedCount.

// --- Tool: lock_elements ---
server.tool(
  'lock_elements',
  'Lock elements to prevent modification',
  { elementIds: IdsZ },
  async ({ elementIds }) => {
    try {
      let count = 0;
      for (const eid of elementIds) {
        await client.updateElement(eid, { locked: true });
        count++;
      }
      return { content: [{ type: 'text', text: JSON.stringify({ lockedCount: count }, null, 2) }] };
    } catch (err) {
      return { content: [{ type: 'text', text: `Error: ${(err as Error).message}` }], isError: true };
    }
  }
);

src/mcp/schemas/element.ts:108-115 (schema)
Input validation schema ElementIdsSchema for lock_elements tool. Requires elementIds as an array of strings (max length LIMITS.MAX_ID_LENGTH), with minimum 1 and maximum LIMITS.MAX_ELEMENT_IDS elements.
```
export const ElementIdsSchema = z
  .object({
    elementIds: z
      .array(z.string().max(LIMITS.MAX_ID_LENGTH))
      .min(1)
      .max(LIMITS.MAX_ELEMENT_IDS),
  })
  .strict();
```

src/mcp/canvas-client.ts:67-87 (helper)

CanvasClient.updateElement method that performs the actual API call to update an element with { locked: true }. Makes PUT request to /api/elements/{id} endpoint with API key authentication.

async updateElement(
  id: string,
  data: Record<string, unknown>
): Promise<ServerElement> {
  const res = await fetch(
    `${this.baseUrl}/api/elements/${this.safePath(id)}`,
    {
      method: 'PUT',
      headers: this.headers(),
      body: JSON.stringify(data),
    }
  );

  if (!res.ok) {
    const body = await res.json().catch(() => ({})) as ApiResponse;
    throw new Error(body.error ?? `Canvas error: ${res.status}`);
  }

  const body = await res.json() as { element?: ServerElement };
  return body.element!;
}

src/mcp/apps/canvas-client-adapter.ts:59-78 (helper)

CanvasClientAdapter.updateElement method for standalone mode. Updates element in the in-memory StandaloneStore by merging data with existing element, preserving id/createdAt, and updating timestamp/version.

async updateElement(
  id: string,
  data: Record<string, unknown>
): Promise<ServerElement> {
  const existing = await this.store.get(id);
  if (!existing) throw new Error(`Element ${id} not found`);

  const updated: ServerElement = {
    ...existing,
    ...stripUndefined(data),
    id: existing.id,
    createdAt: existing.createdAt,
    updatedAt: new Date().toISOString(),
    version: existing.version + 1,
  };

  await this.store.set(id, updated);
  logger.debug({ id }, 'Element updated');
  return updated;
}

src/mcp/tools/lock-elements.ts:1-18 (handler)

Alternative handler implementation lockElementsTool exported from tools directory but not used in main index.ts. Uses ElementIdsSchema for validation and calls client.updateElement(id, { locked: true }) in a loop, returning { success, lockedCount }.

import type { CanvasClient } from '../canvas-client.js';
import { ElementIdsSchema } from '../schemas/element.js';

export async function lockElementsTool(
  args: unknown,
  client: CanvasClient
) {
  const { elementIds } = ElementIdsSchema.parse(args);
  let lockedCount = 0;

  for (const id of elementIds) {
    await client.updateElement(id, { locked: true });
    lockedCount++;
  }

  return { success: true, lockedCount };
}

Tool Definition Quality

C2.9/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. While 'prevent modification' implies a write/mutation operation with side effects, it doesn't specify what 'lock' entails (e.g., whether it's reversible only via 'unlock_elements', permission requirements, or if it affects other operations). This leaves significant gaps for a tool that modifies state.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is extremely concise at just 5 words, front-loading the core purpose with zero wasted words. Every part of the sentence directly contributes to understanding the tool's function.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a mutation tool with no annotations, no output schema, and 0% schema description coverage, the description is inadequate. It doesn't cover behavioral aspects like reversibility, error conditions, or what happens when elements are already locked, leaving the agent with insufficient context to use it safely.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The schema has 0% description coverage, so the description must compensate. It mentions 'elements' which relates to the 'elementIds' parameter, but doesn't explain what element IDs are, their format, or the implications of locking multiple elements. This provides minimal semantic value beyond the schema's structural constraints.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the action ('Lock elements') and the purpose ('to prevent modification'), which is a specific verb+resource combination. However, it doesn't explicitly distinguish this tool from its sibling 'unlock_elements' beyond the obvious opposite action, missing an opportunity for clearer differentiation.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It doesn't mention prerequisites (e.g., needing element IDs), when not to use it, or how it relates to sibling tools like 'update_element' or 'unlock_elements'.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/debu-sinha/excalidraw-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server