harvest-mcp-server
Verified Safeby ianaleck
Overview
Provides a Model Context Protocol (MCP) server for seamless integration with the Harvest time tracking API, enabling AI clients to manage time entries, projects, clients, users, expenses, invoices, estimates, and reports.
Installation
npx -y @ianaleck/harvest-mcp-serverEnvironment Variables
- HARVEST_ACCESS_TOKEN
- HARVEST_ACCOUNT_ID
Security Notes
The server demonstrates strong security practices. It uses Zod for comprehensive input validation on all tool arguments, significantly reducing the risk of injection attacks or malformed requests. Sensitive API credentials (Harvest Access Token and Account ID) are strictly loaded from environment variables, preventing hardcoding. Error handling is well-structured, wrapping exceptions in MCP-compliant error responses to prevent sensitive information disclosure. Dependencies like Axios, Express, Winston, and Zod are reputable. An optional API key authentication is available for the HTTP transport, which is a good security layer, although not mandatory by default for HTTP.
Similar Servers
tmcp
OAuth 2.1 authorization helper for Model Context Protocol (MCP) servers.
backlog-mcp-server
Integrate Backlog API with AI agents (e.g., Claude) to manage projects, issues, wikis, and Git repositories through natural language commands.
mcp-github-project-manager
AI-powered GitHub Project Management, including automated roadmap generation, sprint planning, issue triaging, task breakdown, and comprehensive project workflow automation.
tempo-mcp-server
Manages Tempo worklogs in Jira via a Model Context Protocol (MCP) server, allowing time tracking and worklog operations through MCP-compatible clients.