---
title: "Connect Envoy to Claude: Sync Employee Schedules & Space Bookings"
slug: connect-envoy-to-claude-sync-employee-schedules-space-bookings
date: 2026-06-08
author: Uday Gajavalli
categories: ["AI & Agents"]
excerpt: "Learn how to build a managed MCP server to connect Envoy to Claude. Automate visitor management, desk bookings, and employee schedules without writing custom integration code."
tldr: "Connecting Claude to Envoy allows AI agents to orchestrate physical office operations like visitor invites, desk bookings, and security blocklists. This guide shows how to deploy a secure Envoy MCP server using Truto, bypassing custom engineering."
canonical: https://truto.one/blog/connect-envoy-to-claude-sync-employee-schedules-space-bookings/
---

# Connect Envoy to Claude: Sync Employee Schedules & Space Bookings


If you need to connect Envoy to Claude to automate visitor management, employee desk bookings, or workspace analytics, you need a Model Context Protocol (MCP) server. This server translates Claude's function calls into Envoy's specific REST API operations. You can either build and maintain this translation layer yourself, or use a managed integration platform like Truto to dynamically generate a secure, authenticated MCP server URL. If your team uses ChatGPT, check out our guide on [connecting Envoy to ChatGPT](https://truto.one/connect-envoy-to-chatgpt-automate-visitor-management-desk-logs/) or explore our broader architectural overview on [connecting Envoy to AI Agents](https://truto.one/connect-envoy-to-ai-agents-orchestrate-office-safety-access/).

Giving a Large Language Model (LLM) read and write access to a physical security and workplace management platform requires extreme precision. You have to handle fragmented relational IDs, strict state machine transitions for desk bookings, and location-dependent authentication. Every time an API endpoint changes, you have to update your server code and test the integration. 

This guide breaks down exactly how to use Truto to generate a secure, [managed MCP server](https://truto.one/managed-mcp-for-claude-full-saas-api-access-without-security-headaches/) for Envoy, connect it natively to Claude, and execute complex workplace operations using natural language.

## The Engineering Reality of the Envoy API

A custom MCP server is a self-hosted API orchestration layer. While the open MCP standard provides a predictable way for Claude to discover tools, the reality of implementing it against Envoy's API is challenging. Envoy is designed to model physical, hierarchical spaces. If you expose raw API parameters to an LLM without strict boundaries, operations will fail silently or return opaque HTTP 400 errors.

If you decide to build a custom MCP server for Envoy, here are the specific architectural quirks you will face:

**Relational Strictness on Creation**
You cannot simply "create an invite" in Envoy. A visitor invite is tied to a rigid physical hierarchy. Creating an invite requires an `expectedArrivalAt` timestamp (which must be properly formatted), a visitor `type`, and crucially, a valid `locationId`. Furthermore, the `flowId` (the specific sign-in flow) and the host employee must explicitly belong to that `locationId`. If an LLM attempts to assign a host from the New York office to a visitor invite at the London office, the Envoy API will reject the payload. Your MCP server must be smart enough to provide schema hints so the LLM looks up these relational IDs first.

**State Machine Transitions vs. CRUD**
Space bookings and work schedules in Envoy are not simple database rows you can `UPDATE`. They are state machines. When a user reserves a desk, they must transition the reservation through specific endpoints: `envoy_reservations_check_in`, `envoy_reservations_check_out`, or `envoy_reservations_cancel`. If you give an LLM generic `PATCH` access to a reservation object, it will hallucinate status updates that the Envoy API ignores. A managed MCP server exposes these transitions as distinct, actionable RPC tools rather than raw REST methods.

**Fragmented ID Namespaces**
Office floor plans rely on nested identifiers: `locationId`, `floorId`, `neighborhoodId`, and space `id`. If an agent wants to book a desk near the engineering team, it has to traverse this hierarchy sequentially. Building the MCP tool descriptions required to guide an LLM through this traversal takes significant prompt engineering and schema validation.

Instead of building this logic from scratch, Truto [normalizes Envoy's endpoints into context-rich MCP tools](https://truto.one/auto-generated-mcp-tools-for-ai-agents-a-2026-architecture-guide/). Truto handles the schema derivation and documentation injection, ensuring Claude knows exactly which IDs to fetch before attempting a write operation.

## How to Generate an Envoy MCP Server with Truto

Truto derives MCP tools dynamically from the Envoy integration's resource definitions and underlying documentation. You can generate a dedicated MCP server for a specific Envoy account via the Truto dashboard or programmatically via the API.

### Method 1: Creating the Server via the Truto UI

For ad-hoc agent testing or internal operations, the UI is the fastest path.

1. Log into your Truto dashboard and navigate to your connected Envoy integrated account.
2. Click the **MCP Servers** tab.
3. Click **Create MCP Server**.
4. Configure the server parameters. You can filter the server to only allow specific operations (e.g., selecting `read` to prevent Claude from modifying blocklists or desk bookings).
5. Click Save. Truto will instantly generate a secure, tokenized URL (e.g., `https://api.truto.one/mcp/a1b2c3d4...`). Copy this URL.

### Method 2: Creating the Server via the REST API

For production workflows where you are spinning up Claude instances programmatically, you should generate MCP servers via the Truto API. This creates a database record, hashes the token into Cloudflare KV, and returns the ready-to-use URL.

Make a POST request to the MCP endpoint for your integrated account:

```bash
curl -X POST https://api.truto.one/integrated-account/{integrated_account_id}/mcp \
  -H "Authorization: Bearer YOUR_TRUTO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Envoy Space Management Agent",
    "config": {
      "methods": ["read", "write", "custom"]
    }
  }'
```

The API returns a fully provisioned MCP server URL:

```json
{
  "id": "envoy-mcp-8819",
  "name": "Envoy Space Management Agent",
  "config": {
    "methods": ["read", "write", "custom"]
  },
  "expires_at": null,
  "url": "https://api.truto.one/mcp/a1b2c3d4e5f67890"
}
```

## How to Connect the Envoy MCP Server to Claude

Because Truto embeds the authentication and tenant context directly into the cryptographic URL, connecting Claude requires zero additional authentication headers by default.

### Connecting via the Claude Desktop UI

If you are using Claude Desktop:

1. Open **Claude Desktop** and navigate to **Settings**.
2. Select **Integrations** (or **Connectors**, depending on your version).
3. Click **Add MCP Server** (or Custom Connector).
4. Provide a recognizable name (e.g., "Envoy Production Data").
5. Paste the Truto URL provided in the previous step.
6. Click **Add**.

*(Note: If your team also uses ChatGPT, the process is identical: go to Settings -> Apps -> Advanced settings -> enable Developer mode, then add the URL under Custom connectors.)*

### Connecting via Manual Configuration File

If you manage Claude Desktop centrally for your team, or if you are running an automated agent framework (like LangGraph) that consumes standard MCP config files, you can use the `@modelcontextprotocol/server-sse` transport.

Edit your `claude_desktop_config.json` file:

```json
{
  "mcpServers": {
    "envoy-workspace": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-sse",
        "https://api.truto.one/mcp/a1b2c3d4e5f67890"
      ]
    }
  }
}
```

Save the file and restart Claude Desktop. The model will initialize the connection, perform the MCP handshake, and ingest the Envoy tool schemas.

## High-Leverage Envoy Tools for Claude

Truto provides comprehensive coverage of the Envoy API. Here are 6 high-leverage tools your AI agent can use to orchestrate physical workspace operations.

### 1. `list_all_envoy_locations`
Before an LLM can book a desk or invite a visitor, it must know the physical context. This tool returns the facility roster, including `id`, `name`, `address`, `capacityLimit`, and timezone constraints. This is the prerequisite step for almost all write operations.

> "Claude, list all active Envoy locations for our company, and tell me the current capacity limit for the Austin office."

### 2. `list_all_envoy_desks`
This tool retrieves physical desk inventory. It returns critical topology data including `isAvailable`, `assignedTo` (if permanently assigned), `neighborhoodName`, and exact X/Y coordinate map positions.

> "Can you pull a list of all available desks in the Engineering neighborhood on Floor 3 of the Austin office?"

### 3. `create_a_envoy_reservation`
This tool allows Claude to dynamically book a space on behalf of a user. It requires precise schema compliance: `locationId`, `spaceType`, `userEmail`, and `startTime`. 

> "Book an available desk for john.doe@company.com in the Austin office for tomorrow morning starting at 9 AM. Find an empty space in the Sales neighborhood."

### 4. `envoy_work_schedules_check_in`
Instead of updating a status string, this RPC-style tool transitions an employee's daily schedule into an active state. Claude invokes this tool using the work schedule `id` to officially sign the employee into the building for compliance tracking.

> "I just arrived at the London office. Please check me into my work schedule for the day."

### 5. `create_a_envoy_invite`
This tool generates a visitor invitation. The agent must pass the `expectedArrivalAt`, `invitee` details, `type`, and `locationId`. Because the schema is strictly typed, Truto ensures Claude knows not to send invalid parameters that Envoy would reject.

> "Create an Envoy invite for Jane Smith (jane@vendor.com). She is arriving at the New York office tomorrow at 2 PM for a vendor meeting. Assign Sarah Jenkins as the host."

### 6. `create_a_envoy_blocklist_entry`
For security orchestration, this tool immediately blacklists an individual from a specific facility. It requires `emails`, `reason`, and `locationId`, preventing unauthorized building access.

> "Add mark.jones@terminated-vendor.com to the Envoy blocklist for all North American locations. Set the reason to 'Contract terminated - do not admit'."

To view the complete inventory of available Envoy tools, including flows, recurring invites, and hardware access logs, see the [Envoy integration page](https://truto.one/integrations/detail/envoy).

## Workflows in Action

By chaining these dynamically generated tools together, Claude can execute multi-step physical office operations that normally require human IT or facilities intervention.

### Scenario 1: VIP Visitor Prep & Desk Coordination
An executive assistant asks Claude to coordinate a VIP visit, requiring both a visitor badge and a reserved desk near the host.

> "We have a VIP guest, Alice Vance, arriving at the Seattle office next Wednesday at 10 AM. Create her Envoy invite with me as the host, then find an open desk right next to my assigned desk and reserve it for her for the day."

**How the agent executes this:**
1. Calls `list_all_envoy_locations` to resolve the `locationId` for "Seattle".
2. Calls `create_a_envoy_invite` using Alice's name, the extracted `locationId`, and next Wednesday's ISO 8601 timestamp.
3. Calls `list_all_envoy_desks` to query the host's assigned desk and identify adjacent available desks based on `floorId` and `neighborhoodName`.
4. Calls `create_a_envoy_reservation` to book the selected desk on behalf of the guest for that date.

**The result:** The visitor is securely registered, the host gets an automated email from Envoy, and adjacent physical space is locked in the system.

### Scenario 2: Rapid Security Offboarding
An IT administrator needs to immediately revoke physical access for a terminated contractor and cancel their upcoming visits.

> "Contractor Bob Lee has been terminated. Find any upcoming Envoy invites for him and delete them. Then, add him to the global blocklist immediately."

**How the agent executes this:**
1. Calls `list_all_envoy_locations` to get all active building IDs.
2. Calls `list_all_envoy_invites` filtering for Bob's email to find pending `expectedArrivalAt` records.
3. Iterates through the results, calling `delete_a_envoy_invite_by_id` for every pending visit.
4. Calls `create_a_envoy_blocklist_entry` for the relevant locations, attaching the required termination reason.

**The result:** Physical security is locked down in seconds, with zero manual clicking through the Envoy administrative dashboard.

## Handling Rate Limits at the Edge

When AI agents rapidly iterate through paginated API results (like scanning thousands of historical desk bookings), they can hit API quotas. 

Truto does not absorb, retry, or apply backoff to Envoy rate limits. When Envoy returns an HTTP 429 error, Truto passes that error directly to Claude. To make this actionable for the agent, Truto normalizes the upstream response into standardized IETF headers (`ratelimit-limit`, `ratelimit-remaining`, `ratelimit-reset`). 

Because these headers and the 429 status code are exposed in the MCP tool response, the caller (the LLM framework or Claude itself) is responsible for reading the reset window, halting execution, and implementing the necessary backoff before retrying the tool.

## Security and Access Control

Exposing an enterprise physical security system to an AI model requires strict governance. Truto's MCP servers provide granular guardrails built directly into the server URL configuration:

*   **Method Filtering:** By configuring `methods: ["read"]`, the server strips all destructive endpoints (create, update, delete) from the tool list. Claude physically cannot mutate data.
*   **Tag Filtering:** You can restrict the MCP server to specific functional domains. For example, `tags: ["visitor-management"]` exposes invites and blocklists, but hides internal desk inventory and work schedules.
*   **Expiration Controls:** Setting an `expires_at` timestamp triggers a Durable Object alarm that permanently destroys the MCP token at the exact second of expiration. Perfect for granting temporary audit access to contractors.
*   **API Token Enforcement:** Setting `require_api_token_auth: true` means the unguessable URL is not enough. The MCP client must also pass a valid Truto API token via an Authorization header to connect.

> Want to connect AI agents to Envoy without building custom API translation layers? Let us show you how Truto dynamically generates secure MCP servers for physical workspace automation.
>
> [Talk to us](https://cal.com/truto/partner-with-truto)

Connecting Envoy to Claude unlocks massive operational leverage for IT, HR, and facilities teams. Instead of forcing employees to navigate custom web apps to book a desk or sign in a guest, they can simply ask their AI assistant. By using Truto to generate the MCP infrastructure, you bypass the entire integration lifecycle - no OAuth to manage, no schemas to write, and zero custom code to maintain.