Use Cases

AI-native accounting for crypto FinOps

Drive your crypto close from Claude, ChatGPT, or your own agent — with the same audit trail and sign-off gates your controllers already work in. Tokenbooks ships a first-party MCP server on the same ledger, source of truth, and permission model as the public REST API.

First-party MCP serverAccounting-only — no key accessAudit trail on every actionNothing posts without sign-off

Who It's For

Built for the team that runs your close

Crypto-native finance teams, treasury leads, and the engineers building on top of them — sharing one ledger, one permission model, and one agent surface.

Crypto FinOps Controllers

Compress the close without giving up review control. Ask the agent to draft journal entries, reconcile cross-chain transfers, and surface unmatched activity — then approve, reject, or drill in. Every action lands in the same audit trail your team already runs on.

  • Compress month-end work, keep every approval gate
  • Plain-English drill-down across wallets, chains, and counterparties
  • Same review and post workflow as the Tokenbooks UI

Web3 Treasury Teams

Get an always-on view across every chain you operate on. The agent reconciles inflows and outflows, tracks unrealized gains, and keeps cost basis tight — without you context-switching between explorers, spreadsheets, and your books.

  • One-query cross-chain reconciliation
  • Realized and unrealized gains on demand
  • Treasury, accounting, and ledger context in one workflow

Engineering-led FinOps

Build your own agent on the same REST API and MCP server we ship. Workspace-scoped tokens, an OpenAPI-documented surface, and full read and write coverage of the same operations the Tokenbooks UI exposes.

  • REST and MCP from one source of truth
  • Workspace-scoped permissions for every agent
  • Bring Claude, Cursor, Codex, or your own client

Why AI-Native, Not AI-Bolted-On

Real accounting, agent-driven, fully auditable

AI agents work best when they have a real system to drive. Tokenbooks gives them one: a real ledger, a real audit trail, and the same review gates and permissions your controllers already work in.

No private keys. No payments. Accounting-only.

Tokenbooks is read-only on-chain. We ingest wallet data from public block explorers using your wallet address — we never ask for, store, or use private keys, seed phrases, or signing access. We can't move funds, sign transactions, or initiate payments. Your treasury keys never touch our system, and the MCP server inherits the same constraint: agents can read your books and propose accounting changes, but cannot move a single dollar on-chain.

Built for agents, not chatbots

A first-party MCP server on the same Tokenbooks ledger and REST API. Every tool the agent calls is the same operation a controller would run by hand — every answer comes from your real numbers, every change goes through your real review workflow.

Nothing posts without your sign-off

Read, write, and destructive actions are kept separate. Anything that would change your books prompts your MCP client for explicit human approval before the agent runs it.

Cross-chain reconciliation, on demand

Ask "reconcile our Q3 USDC inflows across Base and Arbitrum and flag any unmatched bridge events." The answer cites every transaction hash, names every wallet, and labels every divergence.

Deterministic, replayable, auditable

Every action the agent takes is the same action a controller would take in the Tokenbooks UI — drafted, reviewed, posted, exported. It all lands in the same audit trail your auditors already trust.

Real accounting depth, not chain dashboards

Cost basis, FMV resolution, lot ledger, and journal entries are first-class in the agent's tool catalog. Agents work in accounting concepts, not raw on-chain events.

Workspace-scoped permissions

MCP scopes mirror the same permission model the Tokenbooks UI uses. Read-only, sync-only, full-access — your call. Revoke a token; revoke the agent.

What The Agent Does — And Doesn't

The agent accelerates your close — it doesn't take it over

Read tools, write tools, and destructive tools are individually scoped. Every action the agent takes is the same operation a controller can audit, replay, and reverse.

What you can ask the agent to do

Read tools answer immediately and cite their sources. Built around the questions controllers and treasury leads ask every week.

  • Reconcile multi-chain treasury flows in plain English
  • Pull capital gains, balance sheet, and P&L on demand
  • Drill into one asset position across every wallet
  • Search and explain individual portfolio transactions

What stays in human control

Write and destructive operations are gated. The agent proposes; the controller approves. The audit trail records both.

  • Final sign-off on PROPOSED journal entries
  • Destructive operations (full resync, irreversible writes)
  • Workspace and member access changes
  • Token issuance, scope changes, and revocation

How it fits your close

The MCP surface mirrors the same workflow the Tokenbooks UI already supports. The agent accelerates the close — it doesn't take it over.

  • Pre-close: incremental sync and reconciliation drill-downs
  • Mid-close: agent-drafted classifications, controller approves
  • Post-close: report exports and audit trail review
  • Always-on: ask "what changed since yesterday" without scheduling a stand-up

MCP Server. REST API. Same Source Of Truth.

Connect Claude, ChatGPT, or your own agent in two minutes

Add the Tokenbooks MCP endpoint to any MCP-compatible client and the agent picks up the full tool surface — workspace-scoped, OAuth-secured, audit-logged. Or hit the same operations directly via the public REST API.

Building your own agent or embedding accounting in your product? See the Public API page →

MCP, ready out of the box

Workspace-scoped OAuth, a stable tool catalog, and the same operations the Tokenbooks UI exposes. Add the MCP endpoint to Claude Desktop, ChatGPT, Cursor, or Codex and the agent is ready to work.

REST API, openly documented

Every MCP tool resolves to a documented public API endpoint, with OpenAPI spec and a generated TypeScript SDK. Build your own agent on the same surface we use.

Permission scopes that match the UI

Read-only, sync, reports, write — separate scopes for separate trust levels. The same permission model your team already approves changes through.

Audit trail by design

Every action the agent takes lands in the same audit trail the Tokenbooks UI writes to. Replayable, exportable, and defensible at audit — nothing the agent did is hidden.

How It Works

Four steps from connection to audit-ready

Step 1

Connect your agent

Add the Tokenbooks MCP server to Claude Desktop, ChatGPT, or your own client. OAuth handles workspace consent in two clicks.

Step 2

Ask in plain English

"Show me unmatched USDC bridge events across Base and Arbitrum for Q3." The agent translates the question into MCP tool calls and answers with cited transaction hashes.

Step 3

Approve what posts

Read tools answer immediately. Write tools surface to your team for sign-off. Destructive operations always escalate. Every accounting change runs through the approval flow your team already uses.

Step 4

Audit the trail

Every action lands in the same journal, sync, and report log your controllers and auditors already use. Nothing the agent did is invisible.

FAQ

Questions FinOps teams ask before connecting an agent

Does Tokenbooks (or the MCP server) ever access my private keys?
No. Tokenbooks is accounting-only. We ingest wallet data from public block explorers using your wallet address — we never ask for, store, or use private keys, seed phrases, or signing access. We cannot move funds, sign transactions, or initiate payments. The MCP server inherits the same constraint: agents can read your books and propose accounting changes, but cannot touch your treasury or move a single token on-chain.
What is an "AI-native accounting system"?
A real accounting platform — full ledger, FMV resolution, cost basis, multi-chain sync, audit trail — exposed through both a public REST API and a first-party MCP (Model Context Protocol) server. AI agents like Claude and ChatGPT can drive it natively, with the same permissions and audit trail your controllers already work in.
Which AI tools work with Tokenbooks?
Anything that supports the Model Context Protocol. For finance teams that means Claude (Desktop) and ChatGPT (Apps in ChatGPT, on Business / Enterprise / Edu plans). Engineering-led teams can also use Cursor, Codex, or any MCP-compatible client. For non-MCP agents, the same operations are available through the public REST API and TypeScript SDK.
Can the AI agent post journal entries without my approval?
No. Read, write, and destructive actions are kept separate, and any destructive action prompts your MCP client for explicit human approval before the agent runs it. The agent can propose; the controller approves.
Is this safe for SOC 2 / audit-bound finance teams?
Every action the agent takes is the same action a controller would take in the Tokenbooks UI — drafted, reviewed, posted, exported. The same audit trail, the same permissions, the same review gates. Tokens are workspace-scoped and revocable. Every action is replayable and defensible at audit.
What's the difference between the MCP server and the public API?
Same source of truth, two surfaces. The Public API is the REST endpoint engineers integrate against directly. The MCP server is the agent-native interface on top of it — what lets MCP-compatible clients (Claude, ChatGPT) connect through OAuth and use the same operations a controller would. Read more on the Public API page.
Do I need to be a developer to use the AI features?
No. If you use Claude Desktop, ChatGPT, or another MCP-compatible client, connecting Tokenbooks takes about two minutes. Engineering-led teams can also build their own agents on the same REST API and MCP server.

Bring your agent. We bring the books.

Schedule a demo to see the Tokenbooks MCP server in action.