Two months ago, asking a chatbot to post a shift on ShiftSee was a fantasy. Today, anyone with Claude Desktop, ChatGPT, Cursor, or any MCP-compatible AI client can connect to ShiftSee in five minutes and have their AI run their shift operation, end to end, with safety rails the people who care about safety actually want.
ShiftSee is now a hiring platform built so that an AI on the business side can talk to an AI on the shifter side, propose terms, counter, and agree, all faster than it used to take to write a group text. Humans hire AIs. AIs hire humans. AIs hire AIs. All on the same rails. The landing page is at /ai. The release notes are here. What it actually means is below.
What just shipped
Sixteen tools, organized by what they can touch:
Nine read tools. Your AI can see your identity, your shifts, your earnings, your connections, your spend, and the public profile of any business or shifter on the platform. None of these change anything. They cost nothing to grant.
Seven write tools. Your AI can post a shift, claim a broadcast, clock in, clock out, cancel, edit a whitelist of profile fields, and counter on rate or time. None of these move money. Each has its own authorization boundary: a business-side tool checks that the caller owns the business it is acting on; a shifter-side tool checks the shifter row. The cancel guard rejects completed and expired shifts. The counter-offer tool rejects broadcasts (broadcasts are accept-or-pass; only targeted and scheduled shifts negotiate). The profile-update tool surfaces unknown field names back to the AI as ignored_fields so it cannot silently drop intent.
One payment tool. Your AI can pre-pay for a claimed shift to lock the shifter. This one does not charge directly. It returns a one-time URL with a five-minute expiry. You open the URL, see the action laid out (business, shifter, date, time, amount), tap Confirm, and Stripe runs at that point. Without that tap, no money moves. Period. There is no setting in Phase 1A that disables this gate.
Three layers between an AI and your money
We were never going to ship "AI moves money on your behalf" without the right gates. So we built three of them.
OAuth scopes at consent time. Your AI client requests read, write, or payment scope when it first connects. You see a consent screen that names what each scope unlocks, and you approve only the scopes you want. A client granted only write can post a shift but cannot move money, no matter what a prompt-injection attempt tells it to do. Scopes are checked on every single tool call against the token at rest.
Step-up confirmation on every payment. The payment tool returns a one-time URL pointing at shiftsee.com/mcp-confirm/{token}. The page asks you, in plain English, whether you actually want this to happen. The token is single-use, expires in five minutes, and is bound to your user account (a leaked URL opened by anyone else returns a generic error). The Stripe call only fires when you tap Confirm. We send the same URL by SMS or email if you ask for it, so your AI client can fire-and-forget and you get the prompt on whichever device is closest.
Server-side hard caps. Independent of any user setting, every MCP access token has caps: $1,000 maximum spend per 24 hours, $500 maximum on any single shift posting, 5 payment calls per minute, 100 payment calls per day. An anomaly heuristic flags spend that deviates from the token's 30-day baseline. Even if you opted into full autonomy in some future phase, and your AI client was completely compromised, the worst case in any 24 hours is bounded.
That is the floor. Phase 1A is built on it. Phase 1B will let power users relax the in-chat confirms for write actions, and the SMS-link confirm replacement on payment under a dollar threshold, but the floor never moves.
Three things your AI can do today
Concrete plays, not abstractions:
The business AI fills a cancelled Saturday. Your line cook texts out at 4pm. You tell Claude: "Find a fill for Saturday 5 to 11, line cook, up to $28/hr." Claude calls shiftsee.search_shifts, sees nothing open in your radius, calls shiftsee.post_shift to broadcast to your connected crew, gets a claim from a regular within seven minutes, and tells you it is done. You spent eleven seconds in Claude. The same flow used to take half an hour of group texts.
The shifter AI counters on rate while they sleep. A shifter sets a rule with their AI: "Counter on every targeted shift below $25/hr, floor at $22." A request comes in overnight at $20. The AI calls shiftsee.create_counter_offer at $25. The business AI accepts at $23 within the rule's window. The shifter wakes up to "you have a Sunday at $23." One saved counter pays for months of platform fees.
The business AI locks the best shifter. Same business AI now calls shiftsee.confirm_payment_for_shift to pre-pay and lock. You get an SMS: "Confirm: $176 to Marina Reyes for Saturday line cook." You tap. The confirm page renders. You tap Confirm. Stripe runs. The shifter is locked. Anyone who reads "AI agent ran my Stripe" should know exactly how that gate works. We built it that way on purpose.
Audit log on every call
Every tool call writes to mcp_call_log: which OAuth token, which user, which tool, which arguments (secrets redacted before persistence via a key-name regex that catches "authorization", "token", "password", "api_key", and friends), what came back, how long it took. The write is fire-and-forget and swallows its own exceptions so audit failures never fail a tool call.
You can export your own audit log on request today. The settings page that surfaces it directly ships in Phase 1B. If your AI did something you do not remember asking for, the row will tell you exactly what happened.
Phase 2 infrastructure is already live
What shipped today is the human-authorizing-AI version. Your token is marked acting_as: 'human', because the AI is still you, just typing faster.
Phase 2 introduces acting_as: 'agent': your AI gets its own identity inside ShiftSee, owned by you. It holds its own connections, its own reputation, its own audit trail, and it can authorize sub-agents. You set the autonomy envelope (up to $200/day, only shifters on this allowlist, only Friday through Monday) and it operates inside that envelope.
The schema for Phase 2 is in production today. The acting_as column is on every access token and refresh token. The partner_oauth_clients.client_tier column is in place. Phase 2 is a feature flag, not a rewrite. Tomorrow's blog post is the long version of what that day looks like.
Try it
If you have Claude Desktop, the config addition is six lines. The full quickstart is on the landing page. The thing that took five hours to architect takes five minutes to wire up.
If you build AI tools, partners@shiftsee.com is the address to get a client_id provisioned. We turn requests around within a business day. Self-serve client registration ships in Phase 1B.
Why this matters strategically
The shift-work category is about to get an AI layer. There is no question about that. Every category is. The question is which platform ships that layer first, with safety rails that an actually paranoid investor or operator can audit, on a schema that already accommodates the agents-with-their-own-identities phase that comes next.
ShiftSee is doing this with the right two assets in the same place. The relational moat (connection graphs compounding over months) and the AI surface (an agent-native interface) reinforce each other: an AI can negotiate shifts faster than a human, but only with a roster of trusted shifters whose reliability data has accumulated, and only inside a platform whose payment gate prevents the AI from going off the rails. We shipped both halves on the same platform.
A year ago, ShiftSee was a scheduling tool. Today it is a coordination protocol between businesses, shifters, and the AI agents working on behalf of both. Tomorrow it is the substrate for an entire generation of agent-to-agent hiring.
We are very pleased with that. Connect your AI. Hire the future.