What is an MCP-native treasury?

How Forge Treasury uses the Model Context Protocol so AI agents can discover, quote, and deposit into USDC vaults without custodial intermediaries.

Last updated: May 25, 2026 · Published 2026-05-25

Most treasury software assumes a human operator clicks through a dashboard. Forge Treasury is built for a different user: an autonomous agent that needs structured tools, not HTML forms. The Model Context Protocol (MCP) is the integration layer — a standard way for Cursor, Claude Desktop, and custom agent runtimes to call Forge tools over HTTP and receive machine-readable responses. If you are wiring an agent to move USDC into yield venues on Base, MCP is the front door.

Calldata, not custody

When an agent calls a Forge MCP tool such as `forge_deposit` or `forge_get_vault_info`, the server returns transaction calldata and context — not a signed transaction and never user private keys. The agent (or its local wallet) signs locally. Forge does not receive USDC on the public production MCP endpoint. This non-custodial posture is central to how the protocol is designed; see Risks & Disclosures for the full model. Coinbase documents a similar pattern for AgentKit MCP integration in local development — but production Forge MCP on Hetzner exposes eight Forge vault tools only, with no CDP credentials on the server.

How MCP differs from a REST dashboard API

REST endpoints work for dashboards like Stats; MCP works for agents. Tool schemas are self-describing, discoverable in Cursor, and composable with other MCP servers. An agent can chain "check USDC balance → approve → deposit → claim FORGE" without bespoke prompt engineering for every HTTP route. The MCP specification defines resources, tools, and prompts as first-class primitives — exactly what treasury automation needs.

What agents can do today

• Query vault metadata — share price, adapter allocation, chain ID, and contract addresses for the Core vault on Base.
• Build USDC deposit and withdraw calldata for Core on Base mainnet (chain ID `8453`).
• Read illustrative APY targets and FORGE emission parameters — variable, not promises.
• Check MCP health via the JSON endpoint linked from integration docs.
• Map legacy `profile: "conservative"` parameters to Core vault until multi-vault strategy tools ship.

Vaults vs strategies in MCP responses

Forge has three on-chain vault buckets — Core, Middle, and Infra — each a separate ERC-4626 `ForgeVault`. Conservative, Balanced, and Aggressive are strategies: default weights telling an agent how much USDC to send to each vault. MCP tools should route to vault addresses, not strategy names. Read the full canon in our Conservative strategy guide and Balanced strategy guide.

The eight production Forge tools

The public MCP server exposes vault discovery, deposit/withdraw calldata builders, share price reads, and FORGE reward context. Tools return structured JSON — contract addresses, function selectors, encoded parameters, and human-readable warnings when timelocks are pending. Agents should always call vault info before broadcasting: adapter counts change after P2-C0 Core expansion (~May 27, 2026) and Middle vault timelock execution.

1. Add the Forge MCP server to your agent config (see Docs for the Cursor deeplink).
2. Confirm chain ID `8453` (Base mainnet) and USDC `0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913`.
3. Read Risks & Disclosures — Forge contracts are unaudited; TVL is early-stage smoke testing (~$10 as of May 2026).
4. Call vault info tools before broadcasting; verify adapter count and timelock status on Stats.
5. Sign deposit calldata from the agent EOA, not from operator or CDP wallets.
6. Keep USDC vault yield and FORGE emissions in separate agent prompts.

Phase 2: multi-vault strategy routing

Phase 2 will extend MCP to multi-vault routing: a Balanced strategy deposit may return two calldata payloads — one for Core and one for Middle — with default weights from the product canon (50/40/10, with Infra redirecting to Middle until live). Today, agents sign separate transactions per vault. The Balanced strategy article walks through split amounts, gas limits, and timelock gates.

End-to-end deposit workflow for agents

A complete MCP-native deposit follows a predictable sequence. First, the agent calls a vault info tool to read share price, `adapterCount`, timelock flags, and the Core contract address. Second, it checks the user EOA USDC balance on Base (chain ID `8453`) against the intended deposit amount. Third, it builds an ERC-20 `approve` transaction targeting the vault — USDC address `0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913`. Fourth, it calls the deposit calldata tool and signs the resulting `ForgeVault.deposit(assets, receiver)` payload. Fifth, optionally, it queries unclaimed FORGE eligibility — a separate claim path documented in FORGE emissions vs vault yield.

1. Discover vault state via MCP (`forge_get_vault_info` or equivalent).
2. Validate chain, USDC address, and receiver EOA.
3. Simulate or estimate gas — post P2-C0 Core deposits may need ~4M limit.
4. Broadcast approve + deposit from agent EOA.
5. Monitor share balance and subgraph lag on Stats.

Production vs local MCP profiles

Option A custody is locked: Hetzner production never holds CDP credentials. The deploy script strips `CDP_*` env vars before upload. Agents integrating from Cursor should point MCP config at production for demos and docs; local AgentKit experiments stay on engineer laptops per Docs. Never interpret local AgentKit behavior as prod custody posture.

Common agent mistakes to avoid

• Depositing from the Forge deployer wallet (`0x2aAbb8…`) — that address is for owner ops, not user funds.
• Using Ethereum Sepolia USDC on a Base mainnet vault — wrong chain asset.
• Treating MCP illustrative APY as realised yield — rates are variable; see Tokenomics.
• Assuming `profile: "balanced"` works before Middle timelock — check Balanced strategy status.
• Broadcasting without reading Risks & Disclosures — unaudited contracts, early-stage TVL.

Security and compliance posture

• Unaudited Forge vault and adapter contracts — treat as experimental infrastructure.
• No guaranteed yield — MCP illustrative APY strings are planning UX, not realised returns.
• No custodial USDC on prod MCP — calldata-only reduces server-side key risk but not smart-contract risk.
• Underlying protocols (Spark, Morpho, Aave) have independent security material; that does not cover Forge wrappers.

Appendix: Base mainnet constants for integrators

Forge MCP tools embed or return chain-specific constants. Hard-coding these in agent memory reduces hallucination risk. Always treat MCP responses as authoritative over prompt-stale values — deploys can change adapter addresses after timelock without bumping MCP semver. The Core vault on Base mainnet is the primary Conservative destination; Middle vault serves Balanced routing after its timelock. USDC on Base uses Circle's native deployment — not Ethereum L1 USDC bridged informally.

Subgraph-backed Stats and MCP vault info should agree on share price within indexing lag. For dispute resolution, Basescan raw `totalAssets` / `totalSupply` reads win. Agents building user-facing UIs should show "last updated" timestamps and link Risks & Disclosures on every deposit flow. Phase 2 MCP will add strategy weight objects — until then, manual split math from Balanced strategy applies.

Frequently asked questions

Does Forge MCP hold my private keys?

No. Production MCP returns unsigned calldata. Your agent EOA or local wallet signer holds keys. The Hetzner server has no CDP wallet secrets in Option A deployment. This is different from custodial yield APIs where the provider co-signs or holds funds.

Can I use Forge MCP from Claude Desktop or Cursor?

Yes — add the server URL from Docs to your MCP client config. Tools appear in the tool picker with JSON schemas. Test on Base mainnet with small amounts first; contracts are unaudited and TVL is smoke-test scale (~$10 as of May 2026).

What happens if MCP is down?

Agents can still interact with vault contracts directly via Basescan or viem/ethers using published ABIs — MCP is convenience, not a protocol requirement. Check `mcp.forgetreasury.com/health` for status. On-chain vaults remain callable independent of MCP uptime.

How do strategies map to MCP deposit tools?

Today: `conservative` → Core vault calldata. `balanced` / `aggressive` may return not-live errors until Middle adapters execute and Infra vault deploys. Phase 2 returns explicit weight objects plus per-vault calldata arrays. Read Conservative and Balanced guides for manual split math in the interim.