vikunja-mcp
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@vikunja-mcplist my projects"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
vikunja-mcp
A FastMCP server that exposes the Vikunja REST API as MCP tools — projects, tasks, labels, comments, saved filters, and webhooks — designed for multi-agent use behind scoped-mcp.
Why it's shaped this way — token passthrough
This server holds no Vikunja credentials. Vikunja issues a per-user API token, and each agent has its own account. Rather than teaching this server to fetch five tokens from Vault and pick one per call, it stays stateless: it reads the caller's bearer token off the incoming request and forwards it to Vikunja unchanged.
The token is injected upstream by each agent's own scoped-mcp instance (from its manifest, resolved out of Vault). The payoff:
Small blast radius — a compromise of this process exposes one in-flight request's token, never the whole set of agent credentials.
Real attribution — every call reaches Vikunja as the agent that made it, so task authorship, comments, and audit trails are per-agent for free.
flowchart LR
A[Agent] -->|MCP + own bearer token| S[scoped-mcp<br/>per-agent process]
S -->|mcp_proxy injects<br/>Authorization header| V[vikunja-mcp<br/>:8501 stateless]
V -->|forwards token verbatim| K[(Vikunja REST API<br/>/api/v1)]
W[Vault] -.->|per-agent token<br/>resolved into manifest| SBecause the token is the credential, a request with no Authorization header is rejected
fail-closed (AuthError) — there is no ambient fallback.
Related MCP server: vikunja-mcp
Tools
Group | Tools |
Identity |
|
Projects |
|
Tasks |
|
Labels |
|
Comments |
|
Filters |
|
Webhooks |
|
Vikunja's REST idiom: PUT creates, POST updates. The tool names hide this, but it's why
*_createand*_updatehit the same path with different verbs.
Configuration
All configuration is environment variables. No token is ever configured here.
Var | Purpose | Default |
| Base URL of the Vikunja instance (no |
|
| Bind address |
|
| Bind port |
|
|
|
|
| Upstream timeout (seconds) |
|
| Log verbosity |
|
| Enable OTLP tracing (needs | off |
Run
pip install -e ".[dev]"
VIKUNJA_URL=https://vikunja.example.com vikunja-mcpThen, as a caller, present a Vikunja API token as a bearer:
curl -H "Authorization: Bearer <vikunja-token>" http://127.0.0.1:8501/mcp/...In production this header is set by scoped-mcp, not by hand — see
docs/forge.md for the manifest wiring.
Development
pip install -e ".[dev]"
ruff check src/ tests/
ruff format --check src/ tests/
pytest --cov=vikunja_mcp --cov-report=term-missingDeployment
Runs as a PM2 service on forge, fronted by scoped-mcp. See docs/forge.md
for the PM2 config, the scoped-mcp manifest, and the per-agent token wiring.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/TadMSTR/vikunja-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server