The MCP audit: which project tools can AI agents actually use? (July 2026)

A year ago, "does your tracker have an MCP server" separated two or three tools from the pack. That era is over: of the 13 project management tools we audited this week, 12 have a first-party MCP server. The interesting questions have moved. What can an agent actually do once it connects? What does it cost? And what is the agent, in the tool's model, once it is inside?
This is a documentation audit, done the honest way: for every tool we read the official MCP docs, repos, and announcements during the week of July 14, 2026, and we link every claim to its source. Where the docs are silent, we say "unpublished" instead of guessing. We build Utter, one of the 13, so check our claims against the sources; they are all one click away.
The state of the field, in one table
| Tool | First-party MCP | Access | Auth | Notable limits |
|---|---|---|---|---|
| Jira (Atlassian) | Yes, GA | Remote | OAuth 2.1 | Rate limits exist but unpublished |
| Linear | Yes | Remote only | OAuth 2.1 / API key | Issues, projects, comments |
| Asana | Yes, v2 GA | Remote | OAuth | Smaller tool set (~17 tools) |
| Monday.com | Yes | Remote + open-source local | OAuth / token | Can delete items (rare) |
| ClickUp | Yes, beta | Remote | OAuth only | 50-300 calls/day without the AI add-on |
| Trello | Yes | Remote | OAuth 2.0 | One workspace per connection, no deletes |
| Notion | Yes | Remote + open-source local | OAuth | Local repo may be sunset |
| Shortcut | Yes | Remote (local archived) | OAuth | Stories, epics, docs |
| Wrike | Yes | Remote | OAuth / token | Scoped to user permissions |
| Airtable | Yes, GA | Remote | OAuth / PAT | No deletes, 10-record write batches |
| Plane | Yes, open source | Hosted + self-hosted | OAuth / PAT | 30+ tools |
| Basecamp | No | Community servers only | Varies | 37signals ships a CLI + agent skills instead |
| Utter | Yes | Remote | OAuth / API key | Full API surface |
Sources for every row are linked in the sections below.
Who shipped what
Atlassian runs one remote server for the whole suite, Jira, Confluence, JSM, and Bitbucket, at a single endpoint with OAuth 2.1, and it went GA after a 2025 beta (docs, repo). Agents can search, create, and update work items with the user's own permissions. The gap is transparency: rate limits are tied to your Cloud plan but the numbers are not published, and there is an open issue of users hitting 429s earlier than expected.
Trello, also Atlassian, gets its own server with read, write, and search scopes, archive-only deletion, and a one-workspace-per-connection limit (docs).
Linear was early and stayed disciplined: a hosted-only server, OAuth 2.1 with dynamic client registration, covering issues, projects, and comments (docs, changelog). No self-hosted option, no published rate limits.
Asana is on its second generation. The v1 SSE beta is being shut down and v2 is generally available at a new endpoint (docs). The current tool set is around 17 tools, noticeably smaller than v1 offered, which is a useful reminder that these surfaces can shrink as well as grow.
Monday.com publishes its server as open source under MIT, offers both a hosted endpoint and a local npm package, and, unusually for this field, exposes delete operations (repo, docs). If you connect an agent to Monday, scope it carefully; most vendors decided agents should not delete, Monday lets them.
ClickUp has the most consequential fine print in the audit. The server itself is a public beta, OAuth-only (docs). But without ClickUp's paid AI add-on, MCP calls are capped at 50 per 24 hours on Free and 300 per 24 hours on paid plans (help center). An active coding agent triaging a backlog will burn 300 calls in one session. That makes MCP effectively a feature of the AI add-on ($9 to $28 per user per month), not of the plan.
The fine print in flowchart form:
flowchart TD
A[Agent MCP call to ClickUp] --> B{AI addon purchased}
B -- yes --> C[Normal plan rate limits]
B -- no --> D{Plan tier}
D -- Free --> E[50 calls per day]
D -- Paid --> F[300 calls per day]
The next five all shipped credible first-party servers:
- Notion: hosted, plus an open-source local server it may eventually sunset (overview).
- Shortcut: moved fully to a hosted server and archived its local one in July 2026 (help center).
- Wrike: launched in mid-2025 with OAuth and permission-scoped access (docs).
- Airtable: GA on all plans with a deliberately safe surface, no deletes, small write batches (docs).
- Plane: the open-source tracker ships 30+ tools you can run hosted, self-hosted, or local (docs).
Basecamp is the one holdout, and it looks intentional. There is no first-party MCP server, only community ones of varying depth. Instead, 37signals ships a CLI with agent skills (dev.37signals.com), a different bet on how agents should reach a tool. Given who they are, expect them to argue the case in public eventually.
Utter, ours: a first-party remote server whose tools derive from the same OpenAPI registry as our REST API, so MCP coverage tracks the full product surface, issues, projects, docs, comments, search, sprints, agents, rather than a curated subset. Setup is documented on the developer page. For Claude Code it is one command:
claude mcp add utter-product https://utter.ae/api/mcp/v1/ \
--header "Authorization: Bearer $UTTER_API_KEY"
Cursor takes the same server as JSON in ~/.cursor/mcp.json:
{
"mcpServers": {
"utter-product": {
"url": "https://utter.ae/api/mcp/v1/",
"headers": { "Authorization": "Bearer YOUR_API_KEY" }
}
}
}
Every tools/call re-enters the REST pipeline in-process with the caller's own key, so there is no separate MCP permission layer to drift out of sync:
sequenceDiagram
participant A as Agent
participant M as Utter MCP server
participant R as REST API
A->>M: tools/call
M->>R: same request, same key, same scopes
R-->>M: result
M-->>A: result

What the table does not show
Reading 13 sets of docs back to back, the real differences are not in the "has MCP" column.
Coverage is the quiet differentiator. Most servers expose a curated subset: issues, comments, search. That covers demos well and real work partially. The test worth running on any tool: can the agent do over MCP everything you can do in the UI? Sprints, custom fields, workflow transitions, docs? Sub-setted servers mean your agent hits a wall mid-task, and the wall is undocumented.
You do not have to take any vendor's word for it. Every MCP server answers a standard tools/list request, so you can count the surface yourself. Against Utter's endpoint it looks like this; swap in another vendor's URL and auth to probe theirs:
curl -s https://utter.ae/api/mcp/v1/ \
-H "Authorization: Bearer $UTTER_API_KEY" \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'
const res = await fetch("https://utter.ae/api/mcp/v1/", {
method: "POST",
headers: {
Authorization: `Bearer ${process.env.UTTER_API_KEY}`,
"Content-Type": "application/json",
},
body: JSON.stringify({ jsonrpc: "2.0", id: 1, method: "tools/list" }),
});
const { result } = await res.json();
console.log(result.tools.length, "tools");
import os
import requests
res = requests.post(
"https://utter.ae/api/mcp/v1/",
headers={"Authorization": f"Bearer {os.environ['UTTER_API_KEY']}"},
json={"jsonrpc": "2.0", "id": 1, "method": "tools/list"},
)
print(len(res.json()["result"]["tools"]), "tools")
The response lists every tool with its name and input schema. If the sprint or custom-field operations you need are not in that list, no amount of prompt engineering will make the agent reach them.
Caps change what MCP is. A server capped at 300 calls a day is an integration for occasional questions, not a channel an autonomous agent can work through. Vendors are entitled to price agent traffic, but the cap belongs in the comparison table, not the footnotes.
Write policies reveal each vendor's threat model. Airtable and Trello ship no destructive deletes. Monday ships deletes. Atlassian scopes everything to the human's permissions. There is no standard answer yet for "what should an agent be forbidden to do," and it shows.
Nobody but us treats the agent as a member. In every other tool audited, the agent acts through a connection: its work appears under an app identity or the connecting user's name. In Utter, an agent is a named workspace member with its own profile, assigned issues, live session states on the ticket, and attribution in the activity log, and agent members are not billed as seats. We think that identity layer, not the transport, is where this category is actually competing next. See the complete guide for why identity is the load-bearing piece.

How to use this audit
If you are choosing a tracker partly for agent access, "has MCP" is now table stakes. Three questions make the real comparison:
- Check the caps first. ClickUp's is the one that bites today; Atlassian's are real but unpublished.
- Check coverage against the tasks you actually want agents doing. Run the
tools/listprobe above and compare it to your workflow, not to the demo. - Check what the agent's actions look like in the audit trail. If everything lands under one app identity, you cannot answer "who changed this" once two agents share a workspace.

We will re-run this audit quarterly and keep the table honest, including where rivals improve. If we got a fact wrong, the sources are linked, and [email protected] reaches us; corrections get made with a changelog note.
Frequently asked questions
Which project management tools have an MCP server in 2026?
Of the 13 project management tools audited in July 2026, 12 ship a first-party MCP server: Jira, Linear, Asana, Monday.com, ClickUp, Trello, Notion, Shortcut, Wrike, Airtable, Plane, and Utter. Basecamp is the holdout: no first-party server, only community ones, with 37signals shipping a CLI plus agent skills instead.
Does ClickUp limit MCP calls?
Yes, and it is the most consequential fine print in the audit: without ClickUp's paid AI add-on ($9 to $28 per user per month), MCP calls are capped at 50 per 24 hours on Free and 300 per 24 hours on paid plans. An active coding agent triaging a backlog will burn 300 calls in one session, which makes MCP effectively a feature of the add-on, not of the plan.
Can AI agents delete items through these MCP servers?
It varies, and the write policies reveal each vendor's threat model: Airtable and Trello ship no destructive deletes, Monday.com unusually exposes delete operations, and Atlassian scopes everything to the human user's permissions. There is no standard answer yet for what an agent should be forbidden to do.
How should you compare MCP support when choosing a tracker for AI agents?
"Has MCP" is now table stakes, so ask three questions instead: what are the call caps (ClickUp's is the one that bites today), does coverage include the tasks you actually want agents doing, and what do the agent's actions look like in the audit trail. Utter is the only tool audited where the agent is a named workspace member with its own attribution, rather than acting through an app identity or the connecting user's name.
Related reading

Which project management tools actually ship a first-party MCP server
Having AI features is not the same as shipping an MCP server. Here is how to tell first-party from community-built from none, with an honest checklist.
June 22, 2026 · 9 min read

The best AI project management software in 2026, honestly ranked
Eight AI project management tools ranked with a stated lens: what the AI really does, what it costs on top of the seat price, and who each one fits.
July 15, 2026 · 10 min read

Why we gave Utter an MCP server, and what it changes
What the Model Context Protocol is in plain terms, why a project tracker is a good fit for it, and how an agent picks up your workspace without any glue code.
July 11, 2026 · 5 min read

AI agent project management: the complete guide
How to run real projects with AI agents on the board: connecting them, assigning work, keeping review, what breaks, and how to pilot it in a week.
July 15, 2026 · 12 min read

What is agentic project management? A plain-language guide with a working example
A copilot waits for your prompt. An agent acts on an event. Here is the perceive-plan-act-check loop explained, with one real end-to-end run inside Utter.
June 11, 2026 · 11 min read

Project management for solo founders (you plus a few agents is the team)
Project management for solo founders means capturing everything and letting a few AI agents do real work, at $0, with agents as free members not paid seats.
July 16, 2026 · 11 min read

Project management for small agencies (clients in, chaos out)
Project management for agencies without the seat tax: scoped projects isolate each client, guests and viewers are free, and public forms take intake with no account.
July 16, 2026 · 13 min read

What is an AI project manager? What one actually does today
A plain definition of the AI project manager: the three things the term means, a week of real work on a live board, and the parts only a human can hold.
July 15, 2026 · 8 min read

Free project management software: what the free tiers actually give you
What the free tiers of Trello, Asana, ClickUp, Notion, and Jira actually give you (as of July 2026), which cap stops a small team first, and how Utter Free compares.
July 16, 2026 · 11 min read

How to use AI agents in Utter: connect them, assign work, and follow their sessions
A start-to-finish walkthrough: connect an agent, scope its key, assign it issues, and watch its sessions, without giving up control of the board.
July 15, 2026 · 11 min read
أضف تعليقًا
ابدأ النقاش.
