Odel
EZ@Work

EZ@Work

@eranfinishCommunicationPythonUpdated 1w ago

Manage clients, projects, time, and invoices in EZ@Work — business management for freelancers.

View on GitHubSign in to connect
Server endpointStreamable HTTPOAuthProbed
https://mcp.ezatwork.com/mcp

This is the third-party server itself — Odel doesn't run it. Hitting this URL directly talks straight to the upstream server with no auth or proxying. Connect through Odel to front it with managed auth.

EZ@Work MCP Server

Connect EZ@Work — all-in-one business management for freelancers, lawyers, agencies, and service businesses — to Claude, Gemini, Cursor, and any MCP-compatible AI.

Tools (v1)

ToolDescriptionType
list_clientsList your clients/customersRead
list_projectsList your projects/cases/work ordersRead
log_time_entryLog billable hours to a projectWrite
create_invoiceCreate a draft invoice (auto currency/language/VAT)Write

Setup

Claude Desktop / Claude.ai (OAuth — recommended)

Settings → Connectors → Add custom connector

  • URL: https://mcp.ezatwork.com/mcp
  • Authentication: OAuth (automatic)

Claude Code / Cursor / MCP Inspector (API token)

  1. Create a free EZ@Work account at https://app.ezatwork.com
  2. Generate an API token at https://app.ezatwork.com/settings/api-tokens
  3. Connect to https://mcp.ezatwork.com/mcp with header Authorization: Bearer ezw_pat_...

Local testing with MCP Inspector:

npx @modelcontextprotocol/inspector

Connect to http://localhost:8080/mcp with header Authorization: Bearer ezw_pat_...

Security

  • Your data stays in your EZ@Work account
  • OAuth mode: Google identity → EZ@Work account lookup; no credentials stored in the MCP
  • API token mode: scoped permissions — grant only what you need; mandatory expiration
  • Authorization is verified on every request

Privacy Policy

https://www.ezatwork.com/privacy

Universal Design

EZ@Work adapts to your business type: a lawyer sees "cases," a freelancer sees "projects," a service business sees "work orders." Currency, language (24 supported), and tax rules auto-detect from your profile — no configuration needed in the MCP.

Development

Run locally

python -m venv .venv
source .venv/bin/activate  # Windows: .venv\Scripts\activate
pip install -e .

cp .env.example .env
# Edit .env: EZ_API_BASE=http://localhost:5000 for local backend

python -m ezatwork_mcp.server
# Server starts at http://localhost:8080/mcp

Run tests

pip install pytest pytest-asyncio
pytest tests/

Docker

docker build -t ezatwork-mcp .
docker run -p 8080:8080 -e EZ_API_BASE=https://api.ezatwork.com ezatwork-mcp

Deploy to Cloud Run

gcloud run deploy ezatwork-mcp \
  --source . \
  --region europe-west1 \
  --project ezatwork-production \
  --allow-unauthenticated \
  --port 8080 \
  --update-env-vars "EZ_API_BASE=https://api.ezatwork.com,MCP_BASE_URL=https://mcp.ezatwork.com" \
  --update-secrets "GOOGLE_CLIENT_ID=ezmcp-google-client-id:latest" \
  --update-secrets "GOOGLE_CLIENT_SECRET=ezmcp-google-client-secret:latest" \
  --update-secrets "EZ_MCP_MASTER_TOKEN=ezmcp-master-token:latest"

--allow-unauthenticated is correct — auth is enforced at the MCP layer (OAuth or API token), not at the Cloud Run IAM level.

Technical notes

  • Transport: Streamable HTTP (/mcp endpoint)
  • Library: fastmcp 3.3.1
  • Auth (OAuth): GoogleProvider from fastmcp.server.auth.providers.google
  • Auth (token): get_http_headers() from fastmcp.server.dependencies
  • Dual-auth: OAuth active when GOOGLE_CLIENT_ID + GOOGLE_CLIENT_SECRET + MCP_BASE_URL are set
  • Backend: GET /api/users/me for locale; GET /api/internal/users/by-email for OAuth→user mapping
  • Time entries: POST /api/timeentry with isBillable field
  • Invoices: POST /api/invoices with computed dueDate and total per item

Built by

EZ@Work — the business OS for independents.