Rize MCP

Live

OAUTH 2.0

PRODUCTIVITY

Productivity

Connect to Rize MCP using OAuth 2.1 with MCP discovery and dynamic client registration. Access and analyze your time tracking data, projects, clients.

  • Acts as the user: Every tool call runs as the authorizing user. Access and audit trail stay intact.
  • Credentials stay vaulted: AES-256 encrypted, resolved at request time, never stored in LLM context.
  • Scoped before every call: Per-user permissions enforced automatically. 90-day audit trail included.
Rize MCP
agent · Acme Q3
Run
Add Note in Rize MCP
S
rizemcp_add_note
85ms
Rize MCP agent
Add a note about what you're working on. notes give rize context to improve time tracking accuracy. this is the primary.
Sources: Rize MCP
rizemcpmcp
1 tool call
18:29
Message Claude...

Rize MCP tools for AI agents

CALL ANY TOOL
12 tools covering approve, add.
rizemcp_add_note
Add a note about what you're working on. notes give rize con
Add a note about what you're working on. notes give rize context to improve time tracking accuracy. this is the primary way to tell rize what you worked on. every call creates a timeline note. if you also provide `blocks` with durations, time entries are created too. **context only (no entries created):** - "working on the nvidia project today" - "just finished the pitch deck for acme" - "switching to internal tooling" **context + time entries (blocks with durations):** - "2hrs on nvidia pitch deck" → blocks: [{project: "nvidia", description: "pitch deck work", durationmin: 120}] - "30min call with acme about onboarding" → blocks: [{client: "acme", description: "onboarding call", durationmin: 30}] when blocks are provided: defaults to preview mode — shows matched entries for confirmation. call again with save=true to commit. the tool fetches the user's clients, projects, tasks, existing time entries, app activity, and existing notes for the target date. it detects overlaps between blocks and existing entries.
Parameters
Name
Type
Required
Description
text
string
Required
What did you work on? Natural language.
billable
boolean
Optional
Override billable status for created entries.
blocks
array
Optional
Pre-parsed time blocks. When provided with durations > 0, time entries will be created in addition to the note. Tag each block with any combination of client, project, and/or task.
date
string
Optional
Reference date YYYY-MM-DD. Defaults to today.
save
boolean
Optional
Set true to save time entries after previewing. Only relevant when blocks are provided.
rizemcp_approve_tag_suggestion
Approve an ai-generated tag suggestion (client, project, or
rizemcp_approve_time_entries
Approve pending ai-generated time entry suggestions, making
rizemcp_create_client
Create a new client (customer/account). clients are top-leve
rizemcp_create_contract
Create a new contract for profitability tracking. contracts
rizemcp_create_expense
Add an expense to a contract period. expenses can be pass-th
rizemcp_create_label
Create a new label for categorizing time entries. requires t
rizemcp_create_project
Create a new project, optionally under a client. projects or
rizemcp_create_revenue_entry
Add a revenue entry to a contract period. categories: setup_
rizemcp_create_task
Create a new task, optionally under a project. tasks are the
rizemcp_create_time_entry
Create a new time entry with optional client, project, and t
rizemcp_delete_label
Delete a label by id. requires team admin role. the label is
Build your Agent
Same auth pattern across every framework.
Python · LlamaIndex
from langchain_mcp_adapters.client import MultiServerMCPClient
from scalekit import ScalekitClient

client = ScalekitClient(env_url=ENV_URL, client_id=CLIENT_ID, client_secret=SECRET)
token = client.agent.get_token(user_id="user_id", connector="rizemcp")

mcp = MultiServerMCPClient({
"rizemcp": {
"url": "https://mcp.scalekit.com/rizemcp",
"headers": {"Authorization": "Bearer " + token}
}
})
tools = await mcp.get_tools()
import OpenAI from "openai";
import { ScalekitClient } from "@scalekit-sdk/node";

const client = new ScalekitClient({ envUrl, clientId, clientSecret });
const token = await client.agent.getToken({ userId: "user_id", connector: "rizemcp" });

const openai = new OpenAI();
// Connect to MCP at https://mcp.scalekit.com/rizemcp
// Pass: Authorization: Bearer + token
import Anthropic from "@anthropic-ai/sdk";
import { ScalekitClient } from "@scalekit-sdk/node";

const client = new ScalekitClient({ envUrl, clientId, clientSecret });
const token = await client.agent.getToken({ userId: "user_id", connector: "rizemcp" });

const anthropic = new Anthropic();
// Connect to MCP at https://mcp.scalekit.com/rizemcp
// Pass: Authorization: Bearer + token
from google.adk.agents import LlmAgent
from scalekit import ScalekitClient

client = ScalekitClient(env_url=ENV_URL, client_id=CLIENT_ID, client_secret=SECRET)
token = client.agent.get_token(user_id="user_id", connector="rizemcp")
# Connect to MCP at https://mcp.scalekit.com/rizemcp
# Pass: Authorization: Bearer + token
Try these prompts
Paste any prompt into your agent to get started.
Get started
Copy the prompt
Copied
Update an existing time entry?
Copy the prompt
Copied
Create a new Rize account via magic link?
Advanced
Copy the prompt
Copied
Reject pending AI-generated time entry suggestions?
Copy the prompt
Copied
Regenerate AI content for a pending or failed time entry?
SEE HOW AUTH WORKS
User authorises once. Every agent call after uses their token with scope enforcement.
1
Authorize
Your user connects
Rize MCP
once. We tie it to their identity and the meetings they approved — no shared bot account, no org-wide access
Who:
user ‘A’
when:
Once per user
access:
Limited to user
2
Store
Their
Rize MCP
token lives in a vault scoped to them. User A's meetings are never reachable by an agent acting for user B, even on the same connection
vault:
encrypted
scope:
per-user
tokens:
auto-refreshed
3
Resolve
When your agent calls a
Rize MCP
tool, we fetch the right token server-side. It never touches your agent, never appears in the LLM context, never shows up in your logs
speed:
~40ms
check:
before every call
seen by:
nobody
4
Audit
Every
Rize MCP
tool call is logged — who triggered it, which meeting was fetched, what came back. 90 days of history, tied to the user who authorized it
history:
90 days
export:
SIEM-ready
logged:
every call
Test other agents
See the same per-user auth pattern across other connectors.
OPS
Email-to-calendar scheduling agent
Parse scheduling intent from Gmail threads and create Google Calendar events with the right attendees and timezone.
ENGINEERING
Engineering standup agent
Aggregate GitHub and GitLab activity, link to Jira, and post a daily standup digest to Slack. No async updates.
Why Scalekit
Secure your agent's access. Connectors ship in minutes
Other connector libraries treat auth as a demo afterthought.
01.
Shared tokens break per-user analytics
A shared token looks fine in a demo. In production every call looks like a service account. Scalekit resolves the real user credential.
// shared token
audit → bot_service_account

// scalekit
audit → user_abc ✓
02.
Authentication is not authorization
03.
Multi-tenancy is architectural
04.
One connector today. Ten tomorrow.
“Our agents act across Salesforce, Gong, Google Drive, and more, on behalf of every customer. Scalekit behind the scenes meant we can keep adding tools without ever rebuilding how credentials or tool calling work.”
Venu Madhav Kattagoni
Head of Engineering / Von
FAQs
Frequently Asked Questions

Does the agent access Rize as the user or as a shared key?
As the user. Each workspace member authorizes once and Scalekit resolves their credential at request time. Audit logs attribute every action to that user, not a shared service account.

Where is the Rize OAuth token stored?
In Scalekit's managed AES-256 token vault, namespaced per tenant. Refresh is automatic. Revocation is a single dashboard action. Tokens never appear in prompts, logs, or LLM context.

Can I limit what the agent is allowed to do in Rize?
Yes. Pass a tool name filter to listScopedTools so the productivity agent only sees the subset you authorize. Pre-API-call scope checks block out-of-policy actions before the request reaches Rize.

What happens when a user revokes Rize access?
The connection is invalidated on the next tool call. Subsequent requests for that user fail closed with a clear error. Other users in the tenant remain unaffected. The event is logged for audit.

Whose time tracking data can the agent read or approve?
Only the authorizing user's Rize workspace. Time entry approvals, client and contract edits, and notes run as that user, keeping personal productivity data personal.

Start in your coding agent
Up and running in one command
Install the Scalekit skill in your editor of choice. Connector, auth, tools, prompt, all wired up
Claude Code REPL
/plugin marketplace add scalekit-inc/claude-code-authstack
/plugin install agentkit@scalekit-auth-stack
Cursor Code REPL
# ~/.cursor/mcp.json
{
""mcpServers"": {
""rizemcp"": {
""url"": ""https://mcp.scalekit.com/rizemcp"",
""headers"": { ""Authorization"": ""Bearer $SCALEKIT_TOKEN"" }
}
}
}
Codex Code REPL
# ~/.codex/config.toml
[mcp_servers.rizemcp]
url = ""https://mcp.scalekit.com/rizemcp""
auth_env = ""SCALEKIT_TOKEN""
Copilot Code REPL
# .vscode/mcp.json
{
""servers"": {
""rizemcp"": {
""url"": ""https://mcp.scalekit.com/rizemcp"",
""type"": ""http""
}
}
}