Product Update

May Update: AI Assistants, Personal Access Tokens & a Full Developer Platform

This is our biggest release for power users yet. Your workspace is now AI-native: connect an assistant like Claude or ChatGPT and ask it to track time, triage tasks, draft invoices, or pull a profitability report — in plain language, acting safely inside your own permissions. We also shipped Personal Access Tokens, rounded out TRCR into a true four-interface developer platform, and made reports invoice-aware. Here's everything that's new.

May 27, 2026 · 8 min read

Bring an AI Assistant Into Your Workspace

The headline of this release is the new TRCR MCP server. MCP — the Model Context Protocol — is the emerging standard that lets AI assistants take real actions in real tools. With a single connection, assistants such as Claude Desktop, Claude Code, OpenAI Codex, and ChatGPT can now operate directly in your TRCR workspace.

This isn't a chatbot bolted onto a help page. It's roughly 150 tools across 20 domains — tasks, timers, projects, clients, invoices, payments, reports, chat, search, and more — exposed to your assistant so it can actually do the work. Stop describing what you want done and start asking for it:

  • “Start a timer on the Homepage redesign task.”
  • “Create three tasks for the Q3 launch, assign them to Maria, and put them in the Design board.”
  • “How many billable hours did we log for Acme Corp last week, and who logged them?”
  • “Draft an invoice from this month's unbilled time for Acme and show me the total before sending.”
  • “Which active projects are over budget right now?”

Because the assistant works through the same service layer that powers the rest of TRCR, anything it does is a first-class action — a task it creates is indistinguishable from one you create in the app, and it shows up live for your whole team the instant it happens.

Built to Be Safe by Design

Handing an assistant the keys only works if the keys are limited. They are. Three guarantees sit underneath every tool call:

  • It can only do what you can do. Every action is authorized against your role and permissions in that organization. The AI inherits your access — never more. If you can't delete a project in the app, neither can your assistant.
  • Destructive actions ask first. Tools that delete, remove, or revoke data are explicitly flagged, so your assistant pauses for confirmation before anything irreversible happens. No silent deletions.
  • One token, one organization. Access is scoped to a single workspace at a time, so connecting an assistant to a client project never exposes the rest of your account.

There's even a whoami tool so you (or your assistant) can confirm exactly which user and organization a connection is acting as, any time.

Personal Access Tokens

To make all of this possible — and to open TRCR up to your own scripts and integrations — we added Personal Access Tokens. Head to Settings → Personal Access Tokens, create a token, give it a name you'll recognize (“Claude Desktop,” “CI pipeline,” “my laptop”), and you're set.

Tokens are shown once at creation and stored only as a hash, so they stay secret even from us. Each token is bound to a single organization, you can create as many as you need, and you can revoke any one of them instantly without touching your password or your other connections. It's the clean, auditable way to grant access — to an AI assistant or to anything else.

One Product, Four Ways to Reach It

With MCP in place, TRCR now speaks four API languages, and they're all first-class citizens:

  • WebSocket — our primary, real-time transport. Every change streams to every connected client the moment it happens.
  • REST — familiar, predictable HTTP for scripts, webhooks, and quick integrations.
  • GraphQL — ask for exactly the fields you want, in one round trip.
  • MCP — the new AI-assistant interface described above.

The important part: all four are thin shims over the same core service layer. Business logic, validation, and permissions are identical no matter how you connect, and every interface publishes the same real-time events. Build on whichever one fits, mix and match freely, and trust that they all behave the same way. Full guides — including copy-paste setup for each AI client — live in our developer docs.

Invoice-Scoped Reports

Reporting got sharper this month. The Timesheet and Utilization reports now accept an optional invoice filter, so you can scope a report to the exact set of time entries that make up a single invoice.

That means when a client asks “what am I actually paying for?” you can hand them a precise, line-by-line breakdown that reconciles perfectly with the invoice total. It also powers the detailed time report we now attach to invoice PDFs — so every bill you send can arrive with its own proof of work, automatically. Available in both the app and via the REST and WebSocket APIs.

Why This Matters

A year ago, TRCR was a beautifully fast time tracker. Today it's a platform: your time, tasks, projects, clients, invoices, and reports all live in one real-time system — and now that system is open to your scripts, your integrations, and the AI assistant you already work with every day. The busywork of running a services business — logging hours, chasing tasks, assembling invoices, pulling numbers — is exactly the kind of work you can now delegate and double-check in seconds.

Best of all, none of it asks you to change how you work. The app you love is unchanged and just as fast. These are new doors into the same house.

What's Next

We're working on native one-click OAuth connect for ChatGPT and Claude.ai (so you won't even need to paste a token), more granular tool-group scopes for tokens, and a growing tool catalog as we expand what assistants can do. On the reporting side: saved report views and scheduled exports.

Want to try the AI integration? Create a token under Settings → Personal Access Tokens, point your assistant at https://api.trcr.pro/mcp, and ask it to do something. We can't wait to see what you build.