Available tools
All 31 Hoursmith MCP tools grouped by resource, the REST API call each maps to, the roles they need, and the 5 destructive ones.
The Hoursmith MCP server exposes 31 tools, grouped by resource. Each tool maps to exactly one REST API call, and runs with the permissions of the membership that minted your token — so a tool only works if your role allows the underlying API call.
5 of these tools are destructive — they delete or archive data. They're flagged below. The server runs them with no extra confirmation beyond what your AI client asks, so review what your assistant is about to do before you approve it. See Security.
Identity
Read-only details about you and your workspace.
| Tool | API call | Notes |
|---|---|---|
get_me | GET /me | The authenticated member. |
get_organization | GET /organization | Your workspace/organization. |
Clients
| Tool | API call | Notes |
|---|---|---|
list_clients | GET /clients | |
get_client | GET /clients/{id} | |
create_client | POST /clients | Needs Manager+. |
update_client | PATCH /clients/{id} | Needs Manager+. |
delete_client ⚠️ | DELETE /clients/{id} | Destructive. Refuses if the client has active projects or invoices. |
Projects
| Tool | API call | Notes |
|---|---|---|
list_projects | GET /projects | |
get_project | GET /projects/{id} | |
create_project | POST /projects | Needs Manager+. |
update_project | PATCH /projects/{id} | Needs Manager+. |
archive_project ⚠️ | POST /projects/{id}/archive | Destructive (soft-delete). Needs Manager+. |
Tasks
| Tool | API call | Notes |
|---|---|---|
list_tasks | GET /tasks | |
get_task | GET /tasks/{id} | |
create_task | POST /tasks | |
update_task | PATCH /tasks/{id} | |
archive_task ⚠️ | POST /tasks/{id}/archive | Destructive (soft-delete). |
Time entries
| Tool | API call | Notes |
|---|---|---|
list_time_entries | GET /time-entries | |
get_time_entry | GET /time-entries/{id} | |
get_running_timer | GET /time-entries/running | Your currently running timer, if any. |
create_time_entry | POST /time-entries | Logs a time entry. |
update_time_entry | PATCH /time-entries/{id} | |
delete_time_entry ⚠️ | DELETE /time-entries/{id} | Destructive. Fails on already-invoiced entries. |
Expenses
All expense tools need a Manager+ role.
| Tool | API call | Notes |
|---|---|---|
list_expenses | GET /expenses | Needs Manager+. |
get_expense | GET /expenses/{id} | Needs Manager+. |
create_expense | POST /expenses | Needs Manager+. |
update_expense | PATCH /expenses/{id} | Needs Manager+. |
delete_expense ⚠️ | DELETE /expenses/{id} | Destructive. Needs Manager+. |
Invoices (read-only)
There is no write capability for invoices via MCP — you can read them, but you can't create, edit, or send them. This mirrors the REST API.
| Tool | API call | Notes |
|---|---|---|
list_invoices | GET /invoices | Needs Manager+. |
get_invoice | GET /invoices/{id} | Needs Manager+. |
Members (read-only)
There is no write capability for members via MCP — you can't invite, edit, or remove teammates. This mirrors the REST API.
| Tool | API call | Notes |
|---|---|---|
list_members | GET /members | |
get_member | GET /members/{id} |
The 5 destructive tools
These are the only tools that remove or archive data. Treat them with care:
delete_client— refuses if the client has active projects or invoices.archive_project— soft-delete; needs Manager+.archive_task— soft-delete.delete_time_entry— fails on already-invoiced entries.delete_expense— needs Manager+.
Roles cascade: a Member token can read most things and write its own time and the projects it's on, but can't touch invoices, expenses, or clients. A Manager token can read everything and write clients, projects, tasks, and time. See Permissions & plans and Roles explained.