Summary
Users may have numerous projects in their Dida365/TickTick account, but they may want to restrict AI access to only specific projects for security and privacy reasons. We need to provide a configuration option that allows users to specify allowed projectId(s) to limit the AI's access scope.
Motivation
- Security: Users may have sensitive projects they don't want AI to access or modify
- Safety: Prevent accidental modifications to important projects when using YOLO mode
- Organization: Users with many projects can focus AI interactions on relevant projects only
- Complementary to Read-Only Mode: While read-only mode prevents all writes, project scope restriction provides granular access control
Proposed Solution
Configuration Options
Add new configuration parameters that can be set via:
- Environment Variables
- Command Line Arguments
# Environment Variable
DIDA365_ALLOWED_PROJECTS=projectId1,projectId2,projectId3
# Command Line Argument
--allowed-projects=projectId1,projectId2,projectId3
# or
--project=projectId1 --project=projectId2
Example MCP Configuration
{
"mcpServers": {
"dida365": {
"command": "npx",
"args": [
"-y",
"dida365-mcp-server@latest",
"--allowed-projects=project1,project2"
],
"env": {
"DIDA365_CLIENT_ID": "your_client_id",
"DIDA365_CLIENT_SECRET": "your_client_secret"
}
}
}
}Behavioral Changes
| Tool |
Behavior with Project Scope |
list_projects |
Only return allowed projects |
get_project |
Return error if projectId not in allowed list |
get_project_data |
Return error if projectId not in allowed list |
create_project |
Discuss: Allow/Deny/Add to allowed list? |
update_project |
Return error if projectId not in allowed list |
delete_project |
Return error if projectId not in allowed list |
create_task |
Return error if target projectId not in allowed list |
get_task |
Return error if projectId not in allowed list |
update_task |
Return error if projectId not in allowed list |
delete_task |
Return error if projectId not in allowed list |
complete_task |
Return error if projectId not in allowed list |
Implementation Tasks
Open Questions
- Should
create_project be allowed when project scope is enabled?
- Should we support wildcard patterns (e.g.,
project-*)?
- Should we provide a way to exclude projects instead of include?
- How should the Inbox project be handled?
Related Features
- Read-Only Mode (
--readonly) - Prevents write operations
- This feature - Restricts access to specific projects
- Both can be combined for maximum security
Summary
Users may have numerous projects in their Dida365/TickTick account, but they may want to restrict AI access to only specific projects for security and privacy reasons. We need to provide a configuration option that allows users to specify allowed
projectId(s) to limit the AI's access scope.Motivation
Proposed Solution
Configuration Options
Add new configuration parameters that can be set via:
Example MCP Configuration
{ "mcpServers": { "dida365": { "command": "npx", "args": [ "-y", "dida365-mcp-server@latest", "--allowed-projects=project1,project2" ], "env": { "DIDA365_CLIENT_ID": "your_client_id", "DIDA365_CLIENT_SECRET": "your_client_secret" } } } }Behavioral Changes
list_projectsget_projectget_project_datacreate_projectupdate_projectdelete_projectcreate_taskget_taskupdate_taskdelete_taskcomplete_taskImplementation Tasks
DIDA365_ALLOWED_PROJECTSenv var--allowed-projectsCLI argument supportlist_projectsto filter resultsOpen Questions
create_projectbe allowed when project scope is enabled?project-*)?Related Features
--readonly) - Prevents write operations