KiteTimer MCP
Made an existing time-tracking app AI-accessible — pull reports and run time entries straight from Claude Code, with real auth and per-user permissions.
The problem
The company already had a solid internal time-tracking app, but getting anything out of it meant clicking through the UI — and there was no way to drive it from the AI tools the team was starting to live in. Reporting was manual, and integrating it with an assistant meant either a brittle script or a god-mode API key.
What I built
An MCP server inside the existing Rails app that lets Claude Code (and other AI assistants) query time entries, users, and uploads — and generate reports — directly, in plain language. It’s not a bolt-on: it authenticates over OAuth, runs every request through the app’s existing permission rules, and gates writes separately, so an assistant can only see and do what the person behind it is actually allowed to.
The interesting part
- It turns an existing product into an AI-accessible one without forking it. The MCP lives in the same codebase and reuses the app’s own authorization, so there’s no second, weaker copy of the access rules to keep in sync.
- AI access is as locked-down as a normal user’s — OAuth, scoped tools, and a separate write gate, not a shared master key. An assistant inherits exactly the caller’s permissions.
- Reporting becomes a question, not a chore. What used to be manual UI work — “how many hours on X this month, by person?” — is something you just ask Claude Code.
Outcome
The team pulls reporting data and automates time entry through the AI tools they already use, securely — without leaving the app or standing up a separate reporting stack.