What is the Tokenbooks MCP server?

The Tokenbooks MCP server is a first-party Model Context Protocol endpoint on top of Tokenbooks. AI agents that support MCP — Claude Desktop, ChatGPT (Apps in ChatGPT on Business, Enterprise, and Edu plans), Cursor, Codex, and others — can use it to drive the same accounting operations a controller drives in the Tokenbooks UI, with the same audit trail and the same review gates.

Which AI tools work with the Tokenbooks MCP server?

Any client that supports the Model Context Protocol. For finance teams that means Claude (Desktop) and ChatGPT (via Apps in ChatGPT on the Business, Enterprise, or Edu plan). Engineering-led teams can also connect Cursor, Codex, or build their own agents on the underlying public REST API.

Does the MCP server (or Tokenbooks itself) ever access my private keys?

No. Tokenbooks is accounting-only. We ingest wallet data from public block explorers using your wallet address — we never ask for, store, or use private keys, seed phrases, or signing access. We cannot move funds, sign transactions, or initiate payments. The MCP server inherits the same constraint: agents can read your books and propose accounting changes, but cannot touch your treasury or move a single dollar on-chain.

Is this safe for SOC 2 or audit-bound finance teams?

Every action the agent takes is the same action a controller would take in the Tokenbooks UI — drafted, reviewed, posted, exported. The same audit trail, the same permissions, the same review gates. Tokens are workspace-scoped and revocable. Every action is replayable and defensible at audit.

What is in the early preview, and what is coming next?

The early preview covers the wallet side of the books — multi-chain sync, portfolio and transaction queries, asset position drill-downs, report exports, and the close-cycle workflows our customers ask for most. Centralized exchange sync is in the broader Tokenbooks product but is not yet exposed through MCP. CEX coverage is the next addition.

How do I connect Tokenbooks to Claude or ChatGPT?

Add the Tokenbooks MCP endpoint to your MCP-compatible client. OAuth handles workspace consent in two clicks — no API key copy-paste. We are onboarding early preview users individually right now; reach out from the AI-Native Accounting page or comment on our LinkedIn announcement to get a connection link.

Tokenbooks now speaks MCP: agent-native crypto accounting

Q: Can the AI agent post journal entries without my approval?

No. Read, write, and destructive actions are kept separate, and any destructive operation prompts your MCP client for explicit human approval before the agent runs it. The agent can propose; the controller approves. Every change goes through the same approval flow your team already uses.

Crypto books don't reconcile to one ledger. They reconcile to four — and the four disagree by default.

For every (wallet, asset) pair in a portfolio, our system tracks four independent stores that should always agree:

The on-chain balance — what the blockchain says the address holds right now.
The wallet token balance store — Tokenbooks' cached view of the chain, updated on every sync.
The cost-basis position — the accounting layer's view, derived from posted journal entries.
The lot ledger — the audit trail of every cost-basis lot event (acquire, dispose, move, reserve, release).

When everything is healthy, all four agree. When they don't, an accountant has work to do — and that work is most of crypto accounting.

Why crypto reconciliation is hard

Producing a single correct journal entry for an on-chain transaction means cross-referencing data from sources that don't agree out of the box:

Block explorers across 50+ chains — Ethereum, Base, Arbitrum, Optimism, Polygon, Solana, Bitcoin, and many more. Each chain has its own pagination quirks, reorg behavior, and finality assumptions.
DEX and DeFi protocol contracts — a swap on Uniswap, a deposit into Aave, a Curve LP withdrawal, a Lido stake — each is its own contract pattern that has to be decoded into accounting events.
Price oracles for fair market value — multiple price sources, often disagreeing within minutes of each other, especially for thin-liquidity tokens or wrapped assets.
Bridge state — a transfer leaving Base and arriving on Arbitrum is two on-chain events that have to be matched into one accounting event, or it shows up as a phantom disposal.
Our own cost-basis ledger — the lot-by-lot record of what was acquired, when, at what FMV, and what's been disposed since.

We've been doing this in production for millions of transactions. Reconciliation is the actual job.

For a deeper look at how Tokenbooks reconciles those four stores against each other, see the reconciliation methodology help article.

What we shipped today

A first-party MCP server on top of Tokenbooks, available in early preview.

Model Context Protocol (MCP) is a protocol that lets AI agents call tools exposed by a server, with read and write semantics, scopes, and a discoverable tool catalog. It's the standard Anthropic introduced in late 2024 that has since been adopted by ChatGPT, Cursor, Codex, and the broader agent ecosystem.

With the Tokenbooks MCP server, Claude, ChatGPT, or your own agent can drive the same operations a controller drives in our UI — same ledger, same audit trail, same review gates. The agent reads from the same source of truth your team already trusts; it doesn't make up numbers.

Concrete example. You can ask, in plain English:

"Reconcile our Q3 USDC inflows across Base and Arbitrum and flag any unmatched bridge events."

And get back every transaction hash, every wallet, every divergence — cited.

You can also ask:

"Show me all wallets in the Treasury portfolio that have a positive on-chain ETH balance but no posted journal entries since March."
"Drill into our stETH position. Show cost basis lots, current quantity, current market value, and unrealized gain by wallet."
"Trigger an incremental sync on the Base operations wallet, then poll until it completes and tell me what changed."
"Generate a balance sheet as of last quarter close and email me the PDF."

The agent translates each question into a sequence of MCP tool calls — every one of them a documented Public API operation — and answers with cited results.

Why agent-native, not AI-bolted-on

In 2026, most "AI accounting" products are a chatbot wrapped around a dashboard. The agent has no real access to the system; it pattern-matches on what it sees, which means it can hallucinate numbers, miss context, and produce answers that look right but are not.

Tokenbooks took the inverse approach: a real ledger, a real audit trail, and the same review gates and permissions your controllers already work in — with an agent surface on top.

Four principles guided the build:

Accounting-only — no key access, no payments. Tokenbooks is read-only on-chain. We ingest wallet data from public block explorers using your wallet address — we never ask for, store, or use private keys, seed phrases, or signing access. We can't move funds, sign transactions, or initiate payments. Your treasury keys never touch our system, and the MCP server inherits the same constraint: agents can read your books and propose accounting changes, but cannot move a single token on-chain.

Built for agents, not chatbots. Every tool the MCP exposes is the same operation a human controller can audit, replay, and reverse. There's no model-generated SQL, no scraped UI screenshot — every answer comes from your real numbers, every change goes through your real review workflow.

Nothing posts without your sign-off. Read, write, and destructive actions are individually scoped. Anything that would change your books prompts your MCP client for explicit human approval before the agent runs it. The agent can propose; the controller approves.

Permission scopes match the UI. Read-only, sync, reports, write — separate scopes for separate trust levels. The same permission model your team already approves changes through. Tokens are workspace-scoped. Revoke a token; revoke the agent.

The 86% of CFOs who've watched an AI tool hallucinate financial data don't need another chatbot. They need an accounting system agents can drive without giving up the audit trail or the controller's sign-off. That's what this is.

What the agent does — and doesn't

The agent can	The agent cannot
Reconcile multi-chain treasury flows in plain English	Post a journal entry without controller approval
Pull capital gains, balance sheet, P&L on demand	Run destructive operations (full resync, irreversible writes) without explicit human consent
Drill into one asset position across every wallet	Change workspace or member access
Search and explain individual portfolio transactions	Issue or revoke its own scopes
Trigger incremental sync and poll for completion	Freelance — every action lands in the audit trail your auditors trust

The MCP surface mirrors the same workflow the Tokenbooks UI already supports. The agent accelerates the close — it doesn't take it over.

The four-step workflow

Connect your agent. Add the Tokenbooks MCP endpoint to Claude Desktop, ChatGPT, or your own client. OAuth handles workspace consent in two clicks.
Ask in plain English. The agent translates your question into MCP tool calls and answers with cited transaction hashes, wallets, and divergences.
Approve what posts. Read tools answer immediately. Write tools surface to your team for sign-off. Destructive operations always escalate. Every accounting change runs through your existing approval flow.
Audit the trail. Every action the agent takes lands in the same audit trail the Tokenbooks UI writes to. Replayable, exportable, defensible at audit.

What's in the early preview

The preview covers what most of our customers ask for first:

Multi-chain wallet sync (incremental and full)
Portfolio, wallet, and asset queries
Per-asset position drill-down across all wallets
Multi-chain portfolio transaction search
Report export (capital gains, balance sheet, P&L, cost-basis ledger, and others)
Close-cycle workflows: pre-close drill-downs, mid-close classification review, post-close report exports

What's not in the preview yet, but coming:

Centralized exchange sync — Coinbase, Kraken, Binance, and the 50+ CEXes Tokenbooks supports via the broader product. CEX is the next MCP scope addition.
Write tool catalog expansion — additional propose-and-approve flows for transaction reclassification, manual journal entries, and counterparty management.

We're shipping the rest in public.

Try it

The MCP server is in early preview and we're onboarding teams individually. If you run a crypto close and want to try it:

Read the AI-Native Accounting page for the full feature surface.
Or schedule a 30-minute walkthrough — happy to help your team set up the first connection and the first agent prompt.

If you've spent time chasing reconciliation diffs across chains, lot ledgers, and cost-basis positions, this is built for you. We'd love to hear what you find.

Get started with Tokenbooks today.