By Keel Research Team · Updated May 20, 2026
MCP — Model Context Protocol — is the open standard that lets AI agents like Claude and Cursor call typed external tools. It is a tool-call protocol, not an agent loop. The agent decides when to call; the server decides what is exposed. Anthropic released it in late 2024 and donated it to the Linux Foundation in December 2025.
If you have used Claude Code or Cursor recently and watched the agent reach out to your filesystem, your GitHub, or your database, you have seen MCP at work. The protocol turned what used to be bespoke integrations — every host inventing its own tool-call format — into a single typed surface. Write an MCP server once; it works in every host that speaks the protocol.
This page is the conceptual anchor. It explains what MCP is, what it is not, and why a typed tool-call protocol matters specifically for systematic trading. If you are looking for Keel’s MCP server specifically, see the Keel MCP product page.
Anthropic released the Model Context Protocol as an open spec in November 2024. The problem it solved: every agent host (Claude Desktop, Cursor, Windsurf, Codex) was inventing its own way to plug in tools, and every tool vendor was writing N integrations for N hosts. MCP standardizes the wire format. An MCP server exposes a list of typed tools, resources, and prompts; an MCP client (the host) discovers them and lets the model call them.
The transport layer has two modes. Stdio runs the server as a local subprocess of the host — the agent spawns the binary and talks to it over standard input/output. This is the dominant mode today; it requires the user to install a local CLI (e.g. pipx install keel-trade) and add it to the host’s config. HTTP/SSE runs the server remotely, with the host connecting over an authenticated network endpoint. The hosted mode is newer and adds OAuth flows for credentials.
In December 2025, Anthropic donated MCP to the Linux Foundation under the Agentic AI Foundation. That moved governance out of any single vendor and made MCP the de facto agent-tool standard alongside contributions from Google, Microsoft, and others.
An MCP server can expose three kinds of things to the agent.
Tools are functions. They have a name, a JSON-schema for arguments, and return structured output. The agent decides when to call a tool based on the user’s prompt and the tool’s description. Run a backtest, compose a strategy, search components — these are all tools on Keel’s server. Tools are the workhorse primitive; most production MCP servers consist mostly of tools.
Resources are read-only data the agent can fetch by URI. They are useful for grounding the model in context without consuming a tool slot — a component catalog, a reference document, a current portfolio snapshot. Keel exposes two resources: keel://components/catalog (the 182-component DSL library) and keel://dsl/reference/{topic} (in-depth reference docs).
Prompts are reusable instruction templates the user (or host) can invoke by name. They show up in some hosts as slash-commands. Adoption of prompts is lighter than tools; many MCP servers do not expose any.
MCP is a wire protocol. It is not:
Three reasons MCP is a particularly good fit for systematic trading workflows.
Compositional. A trading research workflow is naturally a tool chain. Find a signal. Compose a strategy. Backtest it. Iterate. Deploy. With MCP, an agent can call keel_components_search → keel_strategy_compose → keel_backtest_run → keel_backtest_summarize in a single prompt and present you with the results. The compositional shape matches the actual work.
Typed. Tools have JSON-schemas. The agent knows the exact argument shape, what comes back, what the error envelope looks like. This is much more reliable than scraping a web UI or asking the model to remember CLI flag syntax. Trading tools, in particular, do not tolerate slop — a typed surface makes calls verifiable.
Multi-host. The same MCP server works in Claude Code, Cursor, Windsurf, Codex, Claude Desktop, Cline, and any other compliant host. You write the integration once; the user picks their favorite agent. This is a real change from the previous world where every IDE plugin was a separate project.
A handful of MCP servers exist for Hyperliquid today. Most fall into one of two categories: price-data wrappers (read-only access to the public API, useful for analysis but no execution) and order-placement utilities (thin wrappers around the HL exchange endpoints, useful for executing trades the user has already decided on). What none of the existing third-party HL MCP servers ship is a real backtest engine underneath — they expose data or execution, not strategy validation.
For a side-by-side survey of the available Hyperliquid MCP servers and where each one fits, see the comparison post on the keel-site blog. Keel’s MCP server is in the third category: an agent-callable surface around a deterministic backtest engine plus typed component graph plus live execution that runs the same compiled artifact.
Concretely: a user installs Keel’s MCP server, opens Claude Code, and types: "Build me a funding-carry strategy on Hyperliquid using the carry signal and a funding-level regime. Backtest 2024-08 to 2026-04 and show me the decomposed P&L."
What the agent does, in order:
keel_status to confirm auth and visible tools.keel_components_search with query "carry" and "funding regime" to find the matching components in the 182-component library.keel_components_compose_help on the chosen components to see legal wiring patterns.keel_strategy_compose with the DSL graph it authored — the typed strategy artifact gets validated server-side.keel_backtest_run with the strategy ID and the requested date range. The engine runs the backtest deterministically against real Hyperliquid funding + price history.keel_backtest_summarize to get the rolled-up metrics and decomposed P&L.That workflow produced a verified backtest with Sharpe 2.17, +79.6% total return, −9.7% max drawdown, over 2024-08-15 to 2026-04-30. The full tearsheet lives at app.usekeel.io/share/gDXjURKqWPs8CZ4eXdqAI. The agent did not compute the Sharpe — it composed the strategy and called the engine. The engine computed the Sharpe deterministically from a serialized strategy artifact. That separation is what the protocol enables.
If you want to try Keel’s MCP server, the install is two commands:
pipx install keel-trade
claude mcp add keel -- keel mcp serveThe first command installs the keel-trade CLI from PyPI. The second registers the local stdio MCP with Claude Code (Cursor / Windsurf / Codex have equivalent one-line commands). On first call, keel auth login runs an OAuth 2.1 + PKCE loopback against app.usekeel.io and persists tokens locally; subsequent calls auto-refresh transparently.
For per-host configs (Cursor, Windsurf, Codex), the install path for both web app and CLI, and the full getting-started flow, see the getting-started docs.
Keel is a Strategy OS for AI-assisted systematic trading on Hyperliquid. Backtest, optimize, and run live strategies across single-stock perps, indices, and crypto majors — realistic fees, slippage, and funding modeled.
Free to start — connect a Hyperliquid wallet when you’re ready to go live.
MCP stands for Model Context Protocol. It is an open standard for connecting AI agents (LLM hosts like Claude Code, Cursor, Windsurf, Codex) to external tools and data sources. The protocol defines how an agent discovers tools, calls them with typed arguments, and consumes the structured results. It does not define what the tools do — that is up to each MCP server.
Anthropic released MCP as an open specification in November 2024. In December 2025, Anthropic donated the spec and reference SDKs to the Linux Foundation under the newly formed Agentic AI Foundation, alongside contributions from Google, Microsoft, and others. The spec lives at modelcontextprotocol.io. The reference SDKs (Python, TypeScript, several others) are MIT-licensed.
No. Using an existing MCP server is a configuration step in the host agent. For Claude Code, the command is `claude mcp add <name> -- <command>`. For Cursor, you edit a JSON config. The agent then discovers the server's tools automatically and presents them to the model. Writing a new MCP server does require code (Python or TypeScript), but most users will consume servers rather than author them.
No — and this is the most important point to disambiguate. MCP is a tool-call protocol, not an autonomous-execution framework. When you connect Keel's MCP server to Claude, Claude can call typed tools like keel_backtest_run, keel_strategy_compose, and keel_components_search. Live trading is gated behind two independent locks: an explicit OAuth scope (sign in with `keel auth login --scope live`) and a local arming step on your machine (`keel arm live set`). Even after both locks open, the agent's job is to compose and stage; the compiled strategy (not the agent) executes deterministically. The agent is not in the runtime loop.
Claude Code, Cursor, Windsurf, Codex CLI, Gemini CLI, GitHub Copilot CLI, and a growing list of others. Anthropic's Claude Desktop supports MCP natively. The Cline VS Code extension supports it. The protocol's open design means any agent runtime can implement an MCP client; the same MCP server works across all of them unchanged.
Treat an MCP server like any other piece of software you grant scoped access to your accounts. Read the source if it is open. Check the org behind it. Use scoped credentials when possible (read-only API keys for read-only servers). For servers that touch funds — like Keel's live-trading tools — verify the auth model: Keel uses OAuth 2.1 + PKCE against app.usekeel.io and never sees your Hyperliquid private key (HL execution uses native delegated signing). The official MCP Registry and curated directories like Smithery and Glama also screen submissions, but ultimately you are trusting the server.
Tools are functions the agent can call — they take typed arguments and return structured output. "Run a backtest" is a tool. Resources are read-only data that the agent can fetch by URI — like a component catalog or a reference document. Resources are typically used to ground the agent in context without consuming a tool slot. Most production MCP servers focus on tools; resources are a lighter-weight complement.
The taxonomy of agent-driven trading approaches: autonomous bot vs code generator vs strategy builder.
The pre-deploy checklist any strategy — agent-composed or not — should clear before live capital.
Step-by-step on running a realistic backtest with fees, slippage, and funding modeled.