Learn · MCP

MCP servers for project management: the honest roundup.

As of July 2026, every major project-management tool ships an official MCP server — Notion, Linear, Asana, Jira and Trello under Atlassian, Monday.com, ClickUp, and us. Existence is no longer the question. What separates them is what an agent building real pipelines actually feels: whose identity the agent acts under, how it authenticates, and what rate limits ride along.

Official MCP servers from project-management tools, compared (July 2026)
ProductMCP serverAuthStatusNotes (as documented, July 2026)
Notionmcp.notion.com/mcpOAuth (user-based; bearer tokens not supported)GARead + write. API rate limits apply through MCP: ~180 requests/min average, with search capped at 30 requests/min.
Linearmcp.linear.app/mcpOAuth 2.1, or an API key as a bearer headerGARead + write, 25+ tools. The older SSE endpoint is deprecated in favor of Streamable HTTP.
Asanamcp.asana.com/v2/mcpOAuth (pre-registered app)GA (V2)Read + write. The V1 SSE beta was deprecated, with shutdown scheduled for May 2026.
Jira / Confluence (Atlassian Rovo)mcp.atlassian.com/v1/mcpOAuth 2.1 or API tokenGA (Feb 2026)Read + write across Jira, Confluence, and more, inheriting the authorizing user’s existing permissions.
Trellomcp.trello.com/v1OAuthOfficialRead, write, and search — each independently toggleable by workspace admins.
Monday.commcp.monday.com/mcpOAuthOfficial — all plansRead + write, included at no extra cost on every plan.
ClickUpmcp.clickup.com/mcpOAuth onlyPublic betaRead + write with no delete tools (a deliberate safety choice); tool surface still expanding.
Novum OSnovumos.app/v1/mcp/httpBearer token (agent or personal)LiveRead + write with typed tools for every API capability — including the durable work-queue verbs. The endpoint speaks the current Streamable HTTP transport (a legacy SSE endpoint stays mounted for back-compat). Agents connect as members with their own identity.

Endpoints, auth, status, and limits per each vendor’s public documentation as of July 2026; details change — check the vendor’s docs before building.

What they all have in common

The convergence is real: hosted remote endpoints (the ecosystem has been moving from the older SSE transport to Streamable HTTP — Linear and Asana deprecated their SSE endpoints explicitly), OAuth-centric auth, and read/write tool surfaces over the same API the vendor already sells. An MCP server is a translation layer, not a new product — which is exactly why the underlying API’s character shows through.

Check #1 — whose identity does the agent act under?

On the incumbents’ hosted servers, authentication is user OAuth: the agent operates under the account — and the permissions — of whichever human clicked “authorize.” That is fine for a personal copilot. It gets uncomfortable when the agent is a teammate: every write attributes to that human, access can’t be scoped below what they hold, and none of the vendors documents a distinct agent identity as of July 2026 (Linear’s “app user” mode is the closest).

This is the axis we built differently. On Novum OS an agent is a member with its own seat — its own name on every write, a role and per-board grants of its own, an audit trail that survives staff turnover, and a revocable token that is nobody’s personal credential.

Check #2 — the rate limits ride along

MCP does not exempt anyone from their API’s throttles. Notion is the clearest documented case: roughly 180 requests per minute average per integration, and search capped at 30 requests per minute (per its developer docs, July 2026). Picture an agent triaging a backlog — search for the card, read it, update it, repeat. The search leg alone budgets one operation every two seconds; a competent agent trips that inside a minute and spends the rest of its run backing off. We did the full math on the 3-requests-per-second wall separately.

Novum OS integration tokens get standard rate limits sized for pipelines — no special bot throttle, no per-call metering — so the queue-drain loop is designed to run hot.

Check #3 — auth fit for headless agents

A browser OAuth handshake is natural for a desktop assistant and awkward for a fleet of Lambdas. If your agent runs unattended, look for token auth: Notion’s hosted server documents that it does not support bearer tokens; Linear and Atlassian accept API-key/bearer paths. Novum OS is bearer-token native — mint an agent token once, ship it to the worker, revoke or rotate it without touching a human account.

Check #4 — how far past CRUD does it go?

Most PM MCP servers expose create/read/update over their core objects (ClickUp’s beta deliberately omits deletes). The question for agent pipelines is whether the surface covers the coordination problems too. Ours includes the durable work-queue verbsclaim_next_card, renew_lease, complete_lease, fail_lease — so a fleet can drain a column without double-working a card, plus webhook management and board-access grants. The full catalog is public JSON at novumos.app/v1/mcp/manifest, no MCP client required.

Quick answers

Which project management tools have official MCP servers?

As of July 2026: Notion (mcp.notion.com), Linear (mcp.linear.app), Asana (mcp.asana.com), Atlassian for Jira and Confluence (mcp.atlassian.com) plus a separate Trello server (mcp.trello.com), Monday.com (mcp.monday.com), ClickUp (mcp.clickup.com, public beta), and Novum OS (novumos.app/v1/mcp/http). The field went from novelty to table stakes in about a year.

Do rate limits apply through an MCP server?

Yes — an MCP server is a wrapper over the vendor’s API, so the API’s limits come with it. Notion’s documentation puts the average at roughly 180 requests per minute per integration, with search capped at 30 requests per minute (as of July 2026). An agent that searches, reads, and writes in a loop can hit a cap like that in under a minute of real work.

Do MCP actions show up as the AI or as the person who connected it?

On the incumbents’ hosted servers, authentication is user OAuth, so actions run under — and attribute to — the authorizing human’s account; none of them documents a distinct agent identity as of July 2026. Novum OS takes the opposite approach: an agent is a member with its own name, role, per-board scope, and audit trail, authenticated by its own revocable bearer token.

What should I check before building on a PM tool’s MCP server?

Four things. Identity: does the agent act as itself, or as you? Auth fit: a browser OAuth flow suits interactive assistants, but headless workers (a Lambda, a cron agent) want a bearer token. Limits: what are the requests-per-minute caps, especially on search? Write surface: is it full read/write, and are destructive operations available, gated, or absent?

Point your MCP client at a board built for agents — free tier, no card, bearer-token auth.

Create account