TaskForge
Allows GitHub Copilot to manage TaskForge tasks, boards, and lists through the MCP protocol.
Allows Hermes AI agent to interact with TaskForge boards, tasks, and lists via the MCP protocol.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@TaskForgeCreate a new board for sprint 5"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
TaskForge
A multi-user task tracker built for humans and AI agents to collaborate on the same boards.
TaskForge is a full-stack task management application with three interfaces — REST API, MCP Server (for AI agents), and a Kanban SPA — all running in a single NestJS backend. It's designed so that any MCP-compatible agent (Claude Code, Cursor, GitHub Copilot, etc.) can do everything a human can: create boards, move tasks, assign work, comment, search, and more.
Features
Authentication — Email/password login, session tokens, invite-only signup, bot tokens for agents, admin/member roles
Onboarding — First-run setup creates the admin account and instance title
Kanban Board — Drag-and-drop columns with Backlog → To Do → In Progress → Review → Done
List View — Table view for quick scanning across all lists
Task Detail — Edit title, description, priority, assignee, due date, labels; dedicated route per task
Sub-tasks — Nest tasks under a parent task
Task Relations — Link tasks with
blocks/related_torelationshipsPer-board Task Numbers — Each task gets a sequential board-scoped id (e.g.
TF-12)Comments — Threaded discussion on any task, attributed to the authenticated user
Labels — Color-coded tags per board, assignable to tasks
Activity Log — Full audit trail per task and per board
Real-time Updates — WebSocket events push changes to all connected clients instantly (auth-required)
Full-text Search — Search across task titles and descriptions, or by task number
MCP Protocol — AI agents connect via the Streamable HTTP transport to do everything humans can
Priority System — Low / Medium / High / Urgent with visual indicators
WIP Limits — Optional per-list work-in-progress limits
Soft Delete — Tasks archive instead of hard-deleting
Single Container — Everything (API + SPA + WebSocket) in one Docker image
Related MCP server: kanban-lite
Screenshots
Home Page | Kanban Board |
|
|
List View | Task Detail |
|
|
Architecture
┌─────────────────────────────────────────────────────┐
│ TaskForge Container │
│ │
│ ┌──────────────────────────────────────────────┐ │
│ │ NestJS Backend (:3000) │ │
│ │ │ │
│ │ ┌──────────┐ ┌──────────┐ ┌────────────┐ │ │
│ │ │ REST API │ │ MCP API │ │ WebSocket │ │ │
│ │ │ /api/* │ │ /api/mcp │ │ /ws │ │ │
│ │ └──────────┘ └──────────┘ └────────────┘ │ │
│ │ │ │
│ │ ┌──────────────────────────────────────────┐ │ │
│ │ │ AuthGuard (Bearer session tokens, │ │ │
│ │ │ @Public exceptions, @Admin routes) │ │ │
│ │ └──────────────────────────────────────────┘ │ │
│ │ │ │
│ │ ┌──────────────────────────────────────────┐ │ │
│ │ │ Prisma ORM → SQLite │ │ │
│ │ └──────────────────────────────────────────┘ │ │
│ │ │ │
│ │ ┌──────────────────────────────────────────┐ │ │
│ │ │ React SPA (served as static assets) │ │ │
│ │ └──────────────────────────────────────────┘ │ │
│ └──────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────┘Data Model
User
├── Sessions (Bearer tokens; bot sessions flagged)
├── InviteTokens (created by admin, single-use)
└── Memberships (per-board role: admin/member/viewer)
Settings (singleton — instance title, onboarded flag)
Board
├── identifier (3-letter prefix for task numbers, e.g. TF)
├── nextTaskNum (sequential counter)
├── Lists (ordered by position)
│ ├── Tasks (ordered by position, board-scoped number)
│ │ ├── Comments (attributed to a User)
│ │ ├── Activity (audit log, attributed to a User)
│ │ ├── Labels (many-to-many via TaskLabel)
│ │ ├── Sub-tasks (self-relation via parentId)
│ │ └── Relations (blocks / related_to via TaskRelation)
│ └── WIP Limit (optional)
├── Labels (board-level)
└── Members (board-level)Quick Start
Prerequisites
Node.js >= 20
pnpm >= 10 (install with
corepack enable && corepack prepare pnpm@10.12.1 --activate)
Docker (fastest)
docker run -d --name taskforge -p 3000:3000 -v taskforge-data:/data emreyc/taskforge:latestOpen http://localhost:3000 and follow the onboarding prompt to create the admin account. The SQLite database is persisted in the taskforge-data volume at /data/taskforge.db.
Local Development
# Clone
git clone https://github.com/emreycolakoglu/taskforge.git
cd taskforge
# Install dependencies
pnpm install
# Generate Prisma client and apply migrations
cd apps/api
pnpm prisma:generate
pnpm prisma:migrate
cd ../..
# Start development servers (API on :3000, Web on :5173 with proxy)
pnpm devThe API runs on http://localhost:3000 and the Vite dev server on http://localhost:5173 (proxied to the API). On first visit the SPA redirects to /onboarding to create the admin account.
Docker (Production, from source)
# Build and run (exposes :4321 by default via docker-compose)
docker compose up --build
# Or build manually
docker build -t taskforge .
docker run -p 3000:3000 -v taskforge-data:/data taskforgeThen open http://localhost:4321 (compose) or http://localhost:3000 (manual run) in your browser. The first visit triggers onboarding.
Configuration
All configuration is via environment variables:
Variable | Default | Description |
|
| HTTP server port |
|
| SQLite database path. In Docker, use |
|
| Allowed CORS origin(s) |
|
| Comma-separated origins allowed for browser MCP requests (DNS-rebinding protection) |
|
| Set to |
|
| Set to |
.env file
PORT=3000
DATABASE_URL=file:./prisma/dev.db
CORS_ORIGIN=*Authentication
All REST endpoints (except a few @Public ones) require a Authorization: Bearer <token> header. Sessions are UUID tokens stored in the DB with a 90-day expiry (365 days for bot tokens).
Auth Endpoints (/api/auth)
Method | Endpoint | Auth | Description |
|
| Public | Whether instance is onboarded + instance title |
|
| Public | First-run setup; creates admin user + settings |
|
| Public | Login with email/password, returns session token |
|
| Authenticated | Revokes current session |
|
| Admin | Create a single-use invite token (7-day expiry) |
|
| Public | Sign up via invite token; returns session |
|
| Admin | Create a long-lived bot session token for agents |
|
| Authenticated | Current user |
|
| Authenticated | Update display name / change password |
|
| Admin | List all users |
|
| Admin | List all invite tokens |
|
| Admin | Revoke an invite token |
Settings Endpoints (/api/settings)
Method | Endpoint | Auth | Description |
|
| Admin | Full settings |
|
| Public |
|
|
| Public | Instance title |
|
| Admin | Update settings |
REST API
All endpoints are under /api and require a Bearer token (see Authentication). Request and response bodies are JSON.
Boards
Method | Endpoint | Description |
|
| List all boards |
|
| Get board with lists and labels |
|
| Get board with lists, tasks, labels, members |
|
| Create a board (auto-creates 5 default lists) |
|
| Update board name/slug/identifier/description |
|
| Delete board and all its data |
Create a board:
{ "name": "My Project", "slug": "my-project", "identifier": "MYP", "description": "Optional" }
identifieris a 3-letter uppercase prefix used for per-board task numbers (e.g.MYP-1).
Lists
Method | Endpoint | Description |
|
| List all lists in a board |
|
| Get a single list |
|
| Create a list |
|
| Update list name/color/wipLimit/position |
|
| Reorder lists |
|
| Delete list and its tasks |
Create a list:
{ "boardId": "...", "name": "In Progress", "color": "#f59e0b", "wipLimit": 5 }Tasks
Method | Endpoint | Description |
|
| List tasks in a board ( |
|
| List tasks in a specific list (same query params) |
|
| Full-text search across tasks (also matches task numbers like |
|
| Get task with comments, activity, labels, sub-tasks, relations |
|
| Create a task |
|
| Update task fields |
|
| Move task to another list |
|
| Reorder tasks within a list |
|
| Attach a label to a task |
|
| Detach a label from a task |
|
| Archive a task (soft delete) |
Create a task:
{
"listId": "...",
"title": "Implement login page",
"description": "Add email/password and OAuth login",
"priority": "high",
"assigneeId": "user-id",
"dueDate": "2026-07-01T00:00:00Z",
"parentId": "parent-task-id",
"labelIds": ["label-id-1", "label-id-2"],
"metadata": "any JSON string"
}Move a task:
{ "listId": "new-list-id", "position": 0 }Task Relations
Relations are scoped under a task. blocks is directed; related_to is undirected (canonicalized).
Method | Endpoint | Description |
|
| List relations for a task |
|
| Create a relation |
|
| Delete a relation |
Create a relation:
{ "otherTaskId": "other-task-id", "type": "blocks", "direction": "source" }
direction: "source"means the path task blocks the other;"target"means the path task is blocked by the other. Defaults to"source". Ignored forrelated_to.
Comments
Method | Endpoint | Description |
|
| List comments on a task |
|
| Add a comment (attributed to the authenticated user) |
|
| Delete a comment |
Add a comment:
{ "taskId": "...", "body": "Looks good to me!" }Labels
Labels are nested under a board for creation/listing.
Method | Endpoint | Description |
|
| List labels on a board |
|
| Create a label |
|
| Update label name/color |
|
| Delete a label |
Create a label:
{ "name": "bug", "color": "#ef4444" }Activity
Method | Endpoint | Description |
|
| Activity log for a task |
|
| Activity log for an entire board |
MCP Server (AI Agent Interface)
TaskForge implements the MCP (Model Context Protocol) over the Streamable HTTP transport (2025-03-26 spec) at POST /api/mcp. Any MCP-compatible agent (Claude Code, Cursor, GitHub Copilot, opencode, etc.) can connect and perform all the same operations a human can.
Authentication
The MCP endpoint is behind the global AuthGuard. Agents must send a Bearer session token. The token can be:
A user session token (from
POST /api/auth/login)A bot token created by an admin via
POST /api/auth/bot-token(365-day expiry, recommended for agents)
# Admin creates a bot token
curl -X POST http://localhost:3000/api/auth/bot-token \
-H "Authorization: Bearer <admin-token>"
# → { "id": "...", "token": "bot-uuid", "expiresAt": "..." }How Agents Connect
Claude Code / Cursor / Copilot — Add to your MCP config:
{
"mcpServers": {
"taskforge": {
"url": "http://localhost:3000/api/mcp",
"headers": { "Authorization": "Bearer <bot-token>" }
}
}
}The Streamable HTTP transport requires an initialize handshake that returns an Mcp-Session-Id header; subsequent requests must include that header. Most MCP clients handle this automatically.
Available MCP Tools
Boards
Tool | Params | Description |
|
| List all boards with list and member counts |
|
| Get board with lists, tasks, labels |
|
| Create board with 5 default lists |
|
| Delete board |
Lists
Tool | Params | Description |
|
| List all lists in a board |
|
| Create a list |
|
| Update a list |
|
| Delete a list |
Tasks
Tool | Params | Description |
|
| List tasks with filters |
|
| Get task with comments, activity, labels, sub-tasks, relations |
|
| Full-text search or task-number lookup (e.g. |
|
| Create a task (assignee defaults to caller) |
|
| Update a task ( |
|
| Move task to another list |
|
| Archive a task |
Comments
Tool | Params | Description |
|
| List comments on a task |
|
| Add a comment (attributed to caller) |
Labels
Tool | Params | Description |
|
| List labels on a board |
|
| Create a label |
|
| Delete a label |
Activity
Tool | Params | Description |
|
| Get activity log |
Relations
Tool | Params | Description |
|
| List blocking/blockedBy/relatedTo relations for a task |
|
| Create a |
|
| Delete a relation |
Example: Agent Creates a Board and Tasks
// 1. Create a board
→ {"method":"tools/call","params":{"name":"boards_create","arguments":{"name":"Sprint 24","slug":"sprint-24","identifier":"SPR"}},"id":1}
← {"jsonrpc":"2.0","id":1,"result":{...}}
// 2. Create a task in the "To Do" list
→ {"method":"tools/call","params":{"name":"tasks_create","arguments":{"listId":"...","title":"Design API schema","priority":"high","assigneeId":"alice-id"}},"id":2}
← {"jsonrpc":"2.0","id":2,"result":{...}}
// 3. Move task to "In Progress"
→ {"method":"tools/call","params":{"name":"tasks_move","arguments":{"id":"...","listId":"in-progress-list-id"}},"id":3}
← {"jsonrpc":"2.0","id":3,"result":{...}}
// 4. Search for tasks
→ {"method":"tools/call","params":{"name":"tasks_search","arguments":{"query":"API"}},"id":4}
← {"jsonrpc":"2.0","id":4,"result":[{...}]}WebSocket Events
The WebSocket server at /ws pushes real-time events to connected clients. Authentication is required — clients must emit an auth message with a session token within 5 seconds of connecting:
const ws = new WebSocket('ws://localhost:3000/ws');
ws.onopen = () => {
ws.send(JSON.stringify({ event: 'auth', data: { token: '<session-token>', boardId: 'board-123' } }));
};
ws.onmessage = (event) => {
const { event: name, data } = JSON.parse(event.data);
console.log(name, data);
};On success the server emits auth_success; on failure it emits auth_error and disconnects. Providing boardId joins the board's event room.
Event Types
Event | Payload | When |
| Board object | A new board is created |
| Board object | A board is renamed/updated |
|
| A board is deleted |
| List object | A new list is added |
| List object | A list is renamed/recolored |
| Reorder result | Lists are reordered |
|
| A list is deleted |
| Task object | A new task is created |
| Task object | A task is edited |
| Task object | A task is moved to another list |
|
| A task is archived |
| Task object | A label is attached to a task |
| Task object | A label is detached from a task |
| Comment object | A comment is added |
|
| A comment is deleted |
| Label object | A new label is created |
| Label object | A label is renamed/recolored |
|
| A label is deleted |
| Relation object | A task relation is created |
|
| A task relation is deleted |
Frontend (SPA)
The React SPA is served by the NestJS backend in production. In development, Vite proxies API and WebSocket requests to the backend.
Routes
Route | View |
| First-run admin setup |
| Login form |
| Invite-based signup |
| Home — board list with create/delete |
| Kanban board with task cards, labels, priority indicators, assignees |
| Board settings (labels, members) |
| Task detail page (edit fields, activity log, comments, sub-tasks, relations) |
| List view — sortable table across all tasks |
| Admin settings |
| Account settings (display name, password) |
Tech Stack
React 19 + TypeScript (strict)
React Router 7
Vite 6 (dev server with proxy)
Tailwind CSS 4 + shadcn/ui (Radix primitives)
TanStack Query (server state)
@hello-pangea/dnd(drag and drop)Socket.IO client (real-time events)
Sonner (toasts), Lucide icons
The SPA follows a dark "midnight command deck" design system with a single Acid Lime accent. See
design.mdbefore any frontend change.
Docker
Building
# Using docker-compose (recommended — exposes :4321)
docker compose up --build
# Manual build
docker build -t taskforge .The Dockerfile uses multi-stage builds:
base — Node 23 Alpine + pnpm
deps — Install all dependencies
builder — Generate Prisma client, build API and SPA
runner — Minimal production image with SQLite persistence at
/data
Volumes
Data loss warning: The SQLite database lives at
/data/taskforge.dbinside the container. Without a persistent volume mounted at/data, every redeploy recreates the container and wipes the database. This is true fordocker run,docker compose up, Coolify, and any container orchestrator.
Mount a volume at /data to persist the SQLite database:
volumes:
- taskforge-data:/dataThe Dockerfile declares VOLUME ["/data"] so anonymous Docker storage is created automatically on docker run without -v — but anonymous volumes are per-container and do not survive docker rm or image redeploys. For real persistence, use a named volume or a bind mount:
# Named volume (recommended)
docker run -d --name taskforge -p 3000:3000 -v taskforge-data:/data emreyc/taskforge:latest
# Bind mount (for backups / host access)
docker run -d --name taskforge -p 3000:3000 -v /opt/taskforge-data:/data emreyc/taskforge:latestHealth Check
The container includes a health check that pings GET /api/settings/initialized every 30 seconds.
Migrations on Startup
docker-entrypoint.sh runs prisma migrate deploy before starting the app, so schema changes ship with the image. To ship a schema change: run pnpm --filter @taskforge/api prisma:migrate -- --name <desc> locally, commit the new migration file, and push.
Development
Project Structure
taskforge/
├── apps/
│ ├── api/ # NestJS backend (CommonJS)
│ │ ├── prisma/
│ │ │ ├── schema.prisma # Database schema
│ │ │ └── migrations/ # Prisma migrations
│ │ ├── docker-entrypoint.sh # Runs migrations then starts node
│ │ └── src/
│ │ ├── main.ts # Entry (SPA serving + CORS + validation)
│ │ ├── app.module.ts # Root module
│ │ ├── prisma/ # Prisma client service (@Global)
│ │ ├── auth/ # Users, sessions, invites, bot tokens, AuthGuard
│ │ ├── settings/ # Instance settings (singleton)
│ │ ├── boards/ # Boards module (REST)
│ │ ├── lists/ # Lists module (REST)
│ │ ├── tasks/ # Tasks module (REST)
│ │ ├── relations/ # Task relations (blocks / related_to)
│ │ ├── comments/ # Comments module (REST)
│ │ ├── labels/ # Labels module (REST)
│ │ ├── activity/ # Activity log module (REST)
│ │ ├── events/ # WebSocket gateway + event bus
│ │ └── mcp/ # MCP Streamable HTTP server + tool defs
│ └── web/ # React SPA (ESM, strict)
│ └── src/
│ ├── app.tsx # Routes
│ ├── contexts/ # AuthContext
│ ├── pages/ # Route components
│ ├── components/ # KanbanBoard, TaskCard, TaskDetail, dialogs, UI primitives
│ ├── hooks/ # api.ts, use-auth, use-socket, use-tasks, use-relations, ...
│ ├── lib/ # constants, utils
│ └── types/ # TypeScript interfaces
├── Dockerfile
├── docker-compose.yml
├── package.json # Root workspace config
├── pnpm-workspace.yaml
└── turbo.json # Turborepo pipelineCommands
pnpm dev # Start both API and web in dev mode
pnpm build # Build both apps
pnpm lint # Lint all apps (note: eslint not installed — see AGENTS.md)
pnpm clean # Clean build artifacts
# Database
pnpm db:generate # Generate Prisma client
pnpm db:migrate # Run Prisma migrations (add -- --name <desc> to create one)
# Tests
pnpm --filter @taskforge/api test # API (Jest)
pnpm --filter @taskforge/web test # Web (Vitest)
# Docker
pnpm docker:build # Build Docker image
pnpm docker:run # Run Docker containerAdding a New Module
Create
apps/api/src/<module>/with controller, service, module, and DTO filesRegister the module in
apps/api/src/app.module.tsAdd MCP tool definitions in
apps/api/src/mcp/tool-definitions.tsand handlers inmcp.service.tsAdd API client methods in
apps/web/src/hooks/api.tsAdd WebSocket event handling in
apps/web/src/hooks/use-socket.ts
Use Cases
Solo Developer
Run locally with SQLite. Use the SPA for daily work, the MCP server to let your AI coding agent create and manage tasks automatically via a bot token.
Small Team
Deploy on a single VPS with Docker. Admins create invite tokens; members sign up and use the SPA. CI/CD pipelines use the REST API (via bot tokens) to create release tasks. AI agents join standups and update boards.
Agent-First Workflow
Your AI agent manages the entire board. The agent creates tasks from PR descriptions, moves them through review stages, assigns reviewers, links blockers, and archives completed work — all via MCP. Humans check in via the SPA when needed.
Hybrid
Humans use the Kanban board. AI agents use MCP to:
Create tasks from bug reports
Move tasks through pipeline stages
Assign work based on team capacity
Search and report on task status
Add comments with analysis results
Link blocking relationships
FAQ
Q: Can I use a different database?
A: Yes. Change the provider in prisma/schema.prisma from sqlite to postgresql or mysql, update DATABASE_URL, and run pnpm db:migrate. Prisma handles the rest.
Q: How do agents authenticate?
A: An admin creates a bot token via POST /api/auth/bot-token (365-day expiry). The agent sends it as Authorization: Bearer <token> on every REST and MCP request, and in the auth WebSocket message. User session tokens (90-day expiry) also work.
Q: Can I deploy to Fly.io / Railway / Render?
A: Yes. The Docker image is self-contained. Set DATABASE_URL to a persistent volume path. For SQLite, ensure the volume persists across restarts. For production, consider PostgreSQL.
Q: How do I add custom fields to tasks?
A: Use the metadata field — it's a JSON string that accepts arbitrary data. Parse it in your frontend or agent logic.
Q: Can multiple agents connect simultaneously? A: Yes. The MCP endpoint is session-based and handles concurrent requests. WebSocket events broadcast to all connected clients.
Q: How are task numbers assigned?
A: Each board has an identifier (3-letter prefix) and a nextTaskNum counter. Every new task gets the next number (e.g. TF-1, TF-2), displayed and searchable as TF-12.
License
MIT
Contributing
Fork the repository
Create a feature branch (
git checkout -b feature/amazing)Commit your changes (
git commit -m 'Add amazing feature')Push to the branch (
git push origin feature/amazing)Open a Pull Request
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/emreycolakoglu/taskforge'
If you have feedback or need assistance with the MCP directory API, please join our Discord server



