Punchlist is preparing controlled beta support for AI agents and Model Context Protocol access.
The goal is practical: approved external tools should be able to help with real service business workflows without asking a user to copy data between systems or share their Punchlist login.
For trade and service businesses, that can mean giving an approved assistant enough context to find jobs, check customer details, review quote or invoice information, and help with admin work while Punchlist keeps company access, credentials, and permissions under company control.
What is being added
This launch work adds the public, legal, documentation, localization, and test surface for AI agent access.
That includes:
- A new AI Agent Access feature page
- Updated landing and pricing SEO copy
- API and agent access documentation for company admins
- English and Polish localization updates
- Privacy Policy and Terms of Use updates for AI agent and API usage
- Tests covering route rendering, API access pages, and Leaf route coverage
The live MCP tool endpoint remains gated until the server implementation is enabled for beta companies. Until then, this work prepares the product surface, access model, and customer-facing language around the feature.
Why MCP matters
MCP gives AI applications a standard way to connect to external tools and data sources.
Instead of building one-off integrations for every AI client, Punchlist can prepare a consistent agent access layer that follows the same direction as the wider MCP ecosystem, including Streamable HTTP transport and authorization patterns.
That matters because business data access should not depend on a prompt pasted into a generic chat window. A proper agent integration needs clear boundaries: which company it belongs to, what it can read, what it can do, how requests are authenticated, and how access is revoked.
Company-scoped access
Punchlist agent access is designed around company-scoped credentials.
An external AI client or MCP-compatible tool should not send an arbitrary company ID and receive data for that company. Access should come from credentials issued for the company account, with the server resolving the company context from those credentials.
That keeps the access model aligned with the way Punchlist already separates leads, customers, quotes, bookings, invoices, payments, services, products, team members, and company settings.
Safe tools first
The first agent tools should be explicit and narrow.
For example, a safe tool can help retrieve relevant records or prepare an action that a user reviews. Riskier actions, such as modifying customer data, changing invoice details, or triggering operational workflows, need stricter scopes and approval rules.
That is why the beta language focuses on safe tools, credential scopes, revocation, and rate limits. AI agent access should make admin work faster without giving a connected assistant broader access than the company intended.
Admin control and revocation
Company owners and admins need clear control over who can connect and when access should stop.
The API access settings are being extended so admins can manage the launch surface for agent access in the same place they manage company API credentials. If an external tool is no longer trusted or no longer needed, access should be revoked from company settings.
This is especially important for AI clients because prompts, tool calls, and returned data can involve sensitive business context. The updated legal language covers credentials, prompts and tool data, external AI and MCP clients, revocation, and beta availability.
Beta expectations
AI Agent Access is a controlled beta, not a broad public integration switch.
During the beta, availability, supported tools, rate limits, scopes, and client compatibility may change. That gives us room to test the real workflows carefully before expanding access.
The immediate focus is making the access model understandable and defensible: documented endpoints, scoped credentials, admin-managed access, legal coverage, localization, and tests around the user-facing surface.
What this means for Punchlist customers
For most customers, nothing changes until AI Agent Access is enabled for their company.
When it is available, the expected flow is simple: a company owner or admin reviews the access option, creates or approves credentials, connects an external MCP or AI agent client, and can revoke that access later from company settings.
That keeps the company in control while opening the door to useful assistants that can work with the same operational data teams already manage in Punchlist.