← Blog
Comparisons7 min readThe Utter team3 views

The MCP audit: which project tools can AI agents actually use? (July 2026)

XLinkedIn

A year ago, "does your tracker have an MCP server" separated two or three tools from the pack. That era is over: of the 13 project management tools we audited this week, 12 have a first-party MCP server. The interesting questions have moved. What can an agent actually do once it connects? What does it cost? And what is the agent, in the tool's model, once it is inside?

This is a documentation audit, done the honest way: for every tool we read the official MCP docs, repos, and announcements during the week of July 14, 2026, and we link every claim to its source. Where the docs are silent, we say "unpublished" instead of guessing. We build Utter, one of the 13, so check our claims against the sources; they are all one click away.

The state of the field, in one table

Tool First-party MCP Access Auth Notable limits
Jira (Atlassian) Yes, GA Remote OAuth 2.1 Rate limits exist but unpublished
Linear Yes Remote only OAuth 2.1 / API key Issues, projects, comments
Asana Yes, v2 GA Remote OAuth Smaller tool set (~17 tools)
Monday.com Yes Remote + open-source local OAuth / token Can delete items (rare)
ClickUp Yes, beta Remote OAuth only 50-300 calls/day without the AI add-on
Trello Yes Remote OAuth 2.0 One workspace per connection, no deletes
Notion Yes Remote + open-source local OAuth Local repo may be sunset
Shortcut Yes Remote (local archived) OAuth Stories, epics, docs
Wrike Yes Remote OAuth / token Scoped to user permissions
Airtable Yes, GA Remote OAuth / PAT No deletes, 10-record write batches
Plane Yes, open source Hosted + self-hosted OAuth / PAT 30+ tools
Basecamp No Community servers only Varies 37signals ships a CLI + agent skills instead
Utter Yes Remote OAuth / API key Full API surface

Sources for every row are linked in the sections below.

Who shipped what

Atlassian runs one remote server for the whole suite, Jira, Confluence, JSM, and Bitbucket, at a single endpoint with OAuth 2.1, and it went GA after a 2025 beta (docs, repo). Agents can search, create, and update work items with the user's own permissions. The gap is transparency: rate limits are tied to your Cloud plan but the numbers are not published, and there is an open issue of users hitting 429s earlier than expected.

Trello, also Atlassian, gets its own server with read, write, and search scopes, archive-only deletion, and a one-workspace-per-connection limit (docs).

Linear was early and stayed disciplined: a hosted-only server, OAuth 2.1 with dynamic client registration, covering issues, projects, and comments (docs, changelog). No self-hosted option, no published rate limits.

Asana is on its second generation. The v1 SSE beta is being shut down and v2 is generally available at a new endpoint (docs). The current tool set is around 17 tools, noticeably smaller than v1 offered, which is a useful reminder that these surfaces can shrink as well as grow.

Monday.com publishes its server as open source under MIT, offers both a hosted endpoint and a local npm package, and, unusually for this field, exposes delete operations (repo, docs). If you connect an agent to Monday, scope it carefully; most vendors decided agents should not delete, Monday lets them.

ClickUp has the most consequential fine print in the audit. The server itself is a public beta, OAuth-only (docs). But without ClickUp's paid AI add-on, MCP calls are capped at 50 per 24 hours on Free and 300 per 24 hours on paid plans (help center). An active coding agent triaging a backlog will burn 300 calls in one session. That makes MCP effectively a feature of the AI add-on ($9 to $28 per user per month), not of the plan.

The fine print in flowchart form:

flowchart TD
    A[Agent MCP call to ClickUp] --> B{AI addon purchased}
    B -- yes --> C[Normal plan rate limits]
    B -- no --> D{Plan tier}
    D -- Free --> E[50 calls per day]
    D -- Paid --> F[300 calls per day]

The next five all shipped credible first-party servers:

  • Notion: hosted, plus an open-source local server it may eventually sunset (overview).
  • Shortcut: moved fully to a hosted server and archived its local one in July 2026 (help center).
  • Wrike: launched in mid-2025 with OAuth and permission-scoped access (docs).
  • Airtable: GA on all plans with a deliberately safe surface, no deletes, small write batches (docs).
  • Plane: the open-source tracker ships 30+ tools you can run hosted, self-hosted, or local (docs).

Basecamp is the one holdout, and it looks intentional. There is no first-party MCP server, only community ones of varying depth. Instead, 37signals ships a CLI with agent skills (dev.37signals.com), a different bet on how agents should reach a tool. Given who they are, expect them to argue the case in public eventually.

Utter, ours: a first-party remote server whose tools derive from the same OpenAPI registry as our REST API, so MCP coverage tracks the full product surface, issues, projects, docs, comments, search, sprints, agents, rather than a curated subset. Setup is documented on the developer page. For Claude Code it is one command:

claude mcp add utter-product https://utter.ae/api/mcp/v1/ \
  --header "Authorization: Bearer $UTTER_API_KEY"

Cursor takes the same server as JSON in ~/.cursor/mcp.json:

{
  "mcpServers": {
    "utter-product": {
      "url": "https://utter.ae/api/mcp/v1/",
      "headers": { "Authorization": "Bearer YOUR_API_KEY" }
    }
  }
}

Every tools/call re-enters the REST pipeline in-process with the caller's own key, so there is no separate MCP permission layer to drift out of sync:

sequenceDiagram
    participant A as Agent
    participant M as Utter MCP server
    participant R as REST API
    A->>M: tools/call
    M->>R: same request, same key, same scopes
    R-->>M: result
    M-->>A: result

Utter agent hub showing an agent connected over MCP

What the table does not show

Reading 13 sets of docs back to back, the real differences are not in the "has MCP" column.

Coverage is the quiet differentiator. Most servers expose a curated subset: issues, comments, search. That covers demos well and real work partially. The test worth running on any tool: can the agent do over MCP everything you can do in the UI? Sprints, custom fields, workflow transitions, docs? Sub-setted servers mean your agent hits a wall mid-task, and the wall is undocumented.

You do not have to take any vendor's word for it. Every MCP server answers a standard tools/list request, so you can count the surface yourself. Against Utter's endpoint it looks like this; swap in another vendor's URL and auth to probe theirs:

curl -s https://utter.ae/api/mcp/v1/ \
  -H "Authorization: Bearer $UTTER_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'
const res = await fetch("https://utter.ae/api/mcp/v1/", {
  method: "POST",
  headers: {
    Authorization: `Bearer ${process.env.UTTER_API_KEY}`,
    "Content-Type": "application/json",
  },
  body: JSON.stringify({ jsonrpc: "2.0", id: 1, method: "tools/list" }),
});
const { result } = await res.json();
console.log(result.tools.length, "tools");
import os
import requests

res = requests.post(
    "https://utter.ae/api/mcp/v1/",
    headers={"Authorization": f"Bearer {os.environ['UTTER_API_KEY']}"},
    json={"jsonrpc": "2.0", "id": 1, "method": "tools/list"},
)
print(len(res.json()["result"]["tools"]), "tools")

The response lists every tool with its name and input schema. If the sprint or custom-field operations you need are not in that list, no amount of prompt engineering will make the agent reach them.

Caps change what MCP is. A server capped at 300 calls a day is an integration for occasional questions, not a channel an autonomous agent can work through. Vendors are entitled to price agent traffic, but the cap belongs in the comparison table, not the footnotes.

Write policies reveal each vendor's threat model. Airtable and Trello ship no destructive deletes. Monday ships deletes. Atlassian scopes everything to the human's permissions. There is no standard answer yet for "what should an agent be forbidden to do," and it shows.

Nobody but us treats the agent as a member. In every other tool audited, the agent acts through a connection: its work appears under an app identity or the connecting user's name. In Utter, an agent is a named workspace member with its own profile, assigned issues, live session states on the ticket, and attribution in the activity log, and agent members are not billed as seats. We think that identity layer, not the transport, is where this category is actually competing next. See the complete guide for why identity is the load-bearing piece.

Activity log attributing changes to a named agent member

How to use this audit

If you are choosing a tracker partly for agent access, "has MCP" is now table stakes. Three questions make the real comparison:

  1. Check the caps first. ClickUp's is the one that bites today; Atlassian's are real but unpublished.
  2. Check coverage against the tasks you actually want agents doing. Run the tools/list probe above and compare it to your workflow, not to the demo.
  3. Check what the agent's actions look like in the audit trail. If everything lands under one app identity, you cannot answer "who changed this" once two agents share a workspace.

API usage and audit log table showing per-key activity

We will re-run this audit quarterly and keep the table honest, including where rivals improve. If we got a fact wrong, the sources are linked, and [email protected] reaches us; corrections get made with a changelog note.

Frequently asked questions

Which project management tools have an MCP server in 2026?

Of the 13 project management tools audited in July 2026, 12 ship a first-party MCP server: Jira, Linear, Asana, Monday.com, ClickUp, Trello, Notion, Shortcut, Wrike, Airtable, Plane, and Utter. Basecamp is the holdout: no first-party server, only community ones, with 37signals shipping a CLI plus agent skills instead.

Does ClickUp limit MCP calls?

Yes, and it is the most consequential fine print in the audit: without ClickUp's paid AI add-on ($9 to $28 per user per month), MCP calls are capped at 50 per 24 hours on Free and 300 per 24 hours on paid plans. An active coding agent triaging a backlog will burn 300 calls in one session, which makes MCP effectively a feature of the add-on, not of the plan.

Can AI agents delete items through these MCP servers?

It varies, and the write policies reveal each vendor's threat model: Airtable and Trello ship no destructive deletes, Monday.com unusually exposes delete operations, and Atlassian scopes everything to the human user's permissions. There is no standard answer yet for what an agent should be forbidden to do.

How should you compare MCP support when choosing a tracker for AI agents?

"Has MCP" is now table stakes, so ask three questions instead: what are the call caps (ClickUp's is the one that bites today), does coverage include the tasks you actually want agents doing, and what do the agent's actions look like in the audit trail. Utter is the only tool audited where the agent is a named workspace member with its own attribution, rather than acting through an app identity or the connecting user's name.

Related reading

أضف تعليقًا

ابدأ النقاش.