Agentic Task System

30 tools. 17 can modify or destroy data without limits.

2 destructive tools with no built-in limits. Policy required.

Last updated:

17 can modify or destroy data
13 read-only
30 tools total

Community server · catalogue entry verified 30/06/2026

How to control Agentic Task System ↓

What Agentic Task System exposes to your agents

Read (13) Write / Execute (15) Destructive / Financial (2)
Critical Risk

The most dangerous Agentic Task System tools

17 of Agentic Task System's 30 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Agentic Task System

PolicyLayer is an MCP gateway — it sits between your AI agents and Agentic Task System, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "remove_task_link": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "acknowledge_task_events": {
    "limits": [
      {
        "counter": "acknowledge_task_events_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "context_for_task": {
    "limits": [
      {
        "counter": "context_for_task_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Agentic Task System — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON AGENTIC TASK SYSTEM →

Instant setup, no code required.

All 30 Agentic Task System tools

WRITE 15 tools
Write acknowledge_task_events WRITE/LOCAL. Explicitly acknowledges one or more durable task-event ids and removes them from the pending spoo Write add_task_link WRITE. Adds a typed relationship from one task to another. Types express dependencies, evidence, decisions, ou Write add_task_reference WRITE. Adds a resource the task consults (an external URL or a reference note) to its Write check_task_access WRITE/AUDIT. Evaluates one task-scoped access request and appends an allow or deny record. Requires an action, Write create_task WRITE. Creates a new item (task/note) in the store — the agent→human write side of the two-way bus. Use to han Write poll_task_events WRITE/LOCAL. Diffs the current task corpus, durably stages deterministic event envelopes, then advances the ch Write promote_exploration WRITE. Creates a committed execution item from exploratory material. The source body is not copied; the new it Write record_action WRITE. Appends an auditable agent action or outcome to the local ATS JSONL ledger, including sources, approval Write relate_task WRITE. Auto-routes a relevant target into the right section by what it is: an active task goes to Write set_task_hierarchy WRITE. Assigns an exploration/goal/project/task role and optionally replaces or clears the single explicit par Write set_task_intent WRITE. Adds or updates portable execution intent inside the task body: desired outcome, why it matters, comple Write set_task_lifecycle WRITE. Sets portable lifecycle state and validity windows. Archived, expired, future, and superseded tasks are Write set_task_security WRITE. Sets a portable task security policy. This policy is a decision point for cooperating clients; it does Write snapshot_task_events WRITE/LOCAL. Creates or replaces the local corpus-diff event checkpoint. This only observes task state; it nev Write update_task WRITE. Patches an existing item (partial update) — only the fields you provide change; omitted fields are left
READ 13 tools
Read context_for_task Read-only. Builds execution context for a task. Typed relationships come first, retrieval adds candidates, inv Read evaluate_task_hierarchy Read-only. Deterministically checks whether a task still supports its parent objective and reports invalid rol Read find Read-only. Search the task store by free-text QUERY using available adapter signals plus Core keyword retrieva Read get_task Read-only. Fetch one item (task/note) by its project id + task id, including the full markdown body, tags, and Read get_task_hierarchy Read-only. Returns the item role and its explicit parent relationship. Roles are exploration, goal, project, t Read get_task_security Read-only. Returns the portable trust, action, resource, denial, approval, and approver policy for one task. U Read list_actions Read-only. Lists action-ledger records, optionally filtered by task, agent, action, or advancement. Read list_pending_task_events Read-only. Lists durable task-event envelopes that have not been acknowledged by a consumer. Task bodies are n Read list_projects Read-only. List the projects / folders in the store, each with its id and name. Call this first to discover th Read list_task_references Read-only. Lists the resources (external URLs and reference notes) in a task\ Read similar Read-only. Find items semantically similar to a KNOWN item, given its id (not a text query — for text search u Read task_graph Read-only. Traverses typed incoming and outgoing task relationships around one task. Returns nodes, edges, lif Read url_for Read-only. Build a paste-ready deep link (a URL string) to an item in its native app, so you can hand the huma

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Agentic Task System

Can an AI agent delete data through the Agentic Task System MCP server? +

Yes. The Agentic Task System server exposes 2 destructive tools including remove_task_link, remove_task_reference. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Agentic Task System? +

The Agentic Task System server has 15 write tools including acknowledge_task_events, add_task_link, add_task_reference. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Agentic Task System.

How many tools does the Agentic Task System MCP server expose? +

30 tools across 4 categories: Destructive, Execute, Read, Write. 13 are read-only. 17 can modify, create, or delete data.

How do I enforce a policy on Agentic Task System? +

Register the Agentic Task System MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Agentic Task System tool call.

Deterministic rules across all 30 Agentic Task System tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

30 Agentic Task System tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.