MCP verified MIT Self-run

Gainium Mcp

Name: Gainium Mcp
Availability: InStock
Author: Gainium

mcp-gainium-gainium-mcp · by Gainium

MCP server for Gainium — manage trading bots, deals, and balances via AI assistants

↗ Repository

— No reviews yet

0 installs

0 views

— view→install

Install

$ agentstack add mcp-gainium-gainium-mcp

✓ scanned · ✓ verified — works with Claude Code, Cursor, and more.

Security review

✓ Passed

No issues found. Passed automated security review. · v3.2.3 How review works →

✓ Prompt-injection patterns
✓ Secret / credential exfiltration
✓ Dangerous shell & filesystem operations
✓ Untrusted network calls
✓ Known-malicious package signatures

Are you the author of Gainium Mcp? Claim this listing to set pricing, connect Stripe payouts, and keep 70% of every sale.

About

gainium-mcp

An MCP (Model Context Protocol) server for Gainium — the crypto trading bot platform. Lets AI assistants manage your bots, deals, balances, and more through a standard MCP interface.

Detailed setup and connection documentation is available in [docs/using-gainium-mcp.md](docs/using-gainium-mcp.md).

Quick Start

1. Get your API keys

Go to Gainium API Settings and create an API key pair.

2. Add to your MCP client

Add this to your MCP configuration (VS Code, Claude Desktop, etc.):

{
  "gainium-mcp": {
    "command": "npx",
    "args": ["-y", "gainium-mcp"],
    "env": {
      "GAINIUM_API_KEY": "",
      "GAINIUM_API_SECRET": ""
    }
  }
}

That's it. The server starts automatically when your AI assistant needs it.

This local stdio mode uses GAINIUM_API_KEY and GAINIUM_API_SECRET from the server process environment.

Environment Variables

| Variable | Required | Default | Description | |---|---|---|---| | GAINIUM_API_KEY | Yes | — | Your Gainium API public key | | GAINIUM_API_SECRET | Yes | — | Your Gainium API secret | | GAINIUM_API_BASE_URL | No | https://api.gainium.io | API base URL | | GAINIUM_MCP_TRANSPORT | No | stdio | Transport mode: stdio, http, streamable-http, sse, or http-sse | | GAINIUM_MCP_HOST | No | 127.0.0.1 | Bind host for HTTP mode | | GAINIUM_MCP_PORT | No | 3000 | Bind port for HTTP mode | | GAINIUM_MCP_HTTP_PATH | No | /mcp | Streamable HTTP endpoint path | | GAINIUM_MCP_SSE_PATH | No | /sse | Deprecated SSE GET endpoint path | | GAINIUM_MCP_MESSAGES_PATH | No | /messages | Deprecated SSE POST endpoint path | | GAINIUM_OAUTH_ISSUER | No | — | Authorization-server base URL. Setting this (with MCP_INTROSPECTION_SECRET, in HTTP mode) enables OAuth protected-resource mode | | GAINIUM_INTROSPECTION_URL | No | /oauth/introspect | Token introspection endpoint | | MCP_INTROSPECTION_SECRET | No | — | Shared secret presented to the introspection endpoint (must match the auth server) | | GAINIUM_MCP_PUBLIC_URL | No | derived from request | Public base URL used in the protected-resource metadata | | OPENAI_APPS_CHALLENGE_TOKEN | No | — | When set, served as plain text at /.well-known/openai-apps-challenge for OpenAI Apps domain verification |

Authentication Modes

gainium-mcp supports three deployment models:

Local stdio mode: the MCP server reads GAINIUM_API_KEY and GAINIUM_API_SECRET from env vars.
OAuth 2.1 hosted mode (recommended for hosted/public): the server acts as an OAuth protected resource. Clients (e.g. the Claude connector) obtain an access token from the Gainium authorization server and send it as Authorization: Bearer . See [OAuth 2.1 hosted mode](#oauth-21-hosted-mode) below.
Header hosted mode (legacy/self-hosted): each request sends X-API-Key and X-API-Secret headers so one shared server can serve many users.

In header/stdio mode, request headers take priority, falling back to GAINIUM_API_KEY / GAINIUM_API_SECRET. When OAuth mode is enabled, the Bearer token is required and the X-API-Key/X-API-Secret headers are ignored.

OAuth 2.1 hosted mode

This is the mode used for the public https://mcp.gainium.io/mcp endpoint and the Anthropic Claude connector directory (which requires OAuth and forbids API-key headers).

Enable it by setting, in HTTP mode:

export GAINIUM_MCP_TRANSPORT=http
export GAINIUM_OAUTH_ISSUER=https://app.gainium.io        # Gainium authorization server
export MCP_INTROSPECTION_SECRET=           # must match the auth server
export GAINIUM_MCP_PUBLIC_URL=https://mcp.gainium.io      # this server's public URL
# optional, defaults to /oauth/introspect:
# export GAINIUM_INTROSPECTION_URL=https://app.gainium.io/oauth/introspect
node dist/server.js

When enabled, the server:

Serves OAuth Protected Resource Metadata (RFC 9728) at

/.well-known/oauth-protected-resource and /.well-known/oauth-protected-resource/mcp, advertising the authorization server.

Rejects unauthenticated MCP requests with 401 Unauthorized and a

WWW-Authenticate: Bearer resource_metadata="…" header, so clients can discover the auth server and run the OAuth flow (Dynamic Client Registration + PKCE).

Validates the Bearer access token on each request via the auth server's

token introspection endpoint, resolving it to the user's Gainium (apiKey, apiSecret) and per-key restrictions (read/write, paper-only, single-bot), which are still enforced server-side. Introspection results are cached briefly.

The local stdio path is unaffected by these variables.

HTTP and SSE Mode

By default, gainium-mcp runs over stdio for MCP clients that spawn local processes. To run it as an HTTP server instead:

export GAINIUM_MCP_TRANSPORT=http
export GAINIUM_MCP_HOST=127.0.0.1
export GAINIUM_MCP_PORT=3000
node dist/server.js

When HTTP mode is enabled, the server exposes both transport styles:

GET|POST|DELETE /mcp for the current Streamable HTTP transport
GET /sse plus POST /messages?sessionId=... for deprecated HTTP+SSE clients

This makes one server process compatible with both modern MCP HTTP clients and older SSE-based integrations. In hosted mode, authenticate with OAuth (see [OAuth 2.1 hosted mode](#oauth-21-hosted-mode)) or, for self-hosted/legacy setups, send X-API-Key and X-API-Secret on each request.

Available Tools (17)

As of v3.0.0 the toolset is consolidated: a single tool per operation, with a botType / dealType / action discriminator instead of one tool per variant. Every tool carries an MCP safety annotation — read-only tools set readOnlyHint, write tools set destructiveHint.

Bots

| Tool | Access | Description | |---|---|---| | list_bots | read | List bots by type (dca, combo, grid) with filters and field selection | | get_bot | read | Get a single bot by id and type | | create_bot | write | Create a bot (dca, combo, or grid) | | update_bot | write | Update bot settings | | clone_bot | write | Clone a bot with optional overrides | | manage_bot | write | Lifecycle action: start, stop, archive, restore, changePairs |

Deals

| Tool | Access | Description | |---|---|---| | list_deals | read | List deals by type (dca, combo, terminal) with filters | | get_deal | read | Get a single deal by id and type | | create_deal | write | Create a deal | | update_deal | write | Update an active deal | | manage_deal | write | Deal action: close, addFunds, reduceFunds |

Backtest

| Tool | Access | Description | |---|---|---| | run_backtest | write | Run a backtest: validate, estimate, async, or sync (request/requestSync submit a job — not read-only) | | backtest_info | read | List backtest requests or get one by ID |

Discovery, Account & Market

| Tool | Access | Description | |---|---|---| | discover | read | Schema discovery for bot types and indicators | | get_account | read | Balances, connected exchanges, supported exchanges, and global variables | | get_screener | read | Cryptocurrency screener with market metrics | | manage_global_variable | write | Global variable action: create, update, delete |

Field Selection

All GET endpoints support the fields parameter for efficient payloads:

Presets: minimal, standard (default), extended, full
Custom: comma-separated dot-notation fields (e.g. _id,uuid,settings.name,profit.total)

Using minimal reduces payload size by ~85%.

API Permissions

Read-only key: read tools only (list_*, get_*, discover, backtest_info, get_screener, list_presets)
Write key: all tools, including create_*, update_*, clone_bot, manage_bot, manage_deal, manage_global_variable, apply_preset, and run_backtest
Read-only directory connector (/mcp with GAINIUM_READONLY=true, served at mcp.gainium.io/read): exposes and allows only the 9 readOnlyHint tools — run_backtest and all write tools are excluded
Token audience binding (OAuth mode): when GAINIUM_MCP_PUBLIC_URL is set, the server treats ` as its RFC 8707 resource. An access token whose introspected aud is a *different* resource is rejected — a token minted for mcp.gainium.io/read can't be replayed against mcp.gainium.io/mcp, and vice versa. Tokens with no aud` (legacy grants) are still accepted.

Development

# Clone and install
git clone https://github.com/gainium/gainium-mcp.git
cd gainium-mcp
npm install

# Build
npm run build

# Run locally (for testing)
export GAINIUM_API_KEY=your_key
export GAINIUM_API_SECRET=your_secret
node dist/server.js

# Run in HTTP/SSE mode
export GAINIUM_MCP_TRANSPORT=http
export GAINIUM_MCP_PORT=3000
node dist/server.js

Architecture

gainium-mcp/
├── src/
│   ├── server.ts          # MCP server + tool definitions (stdio + HTTP/SSE transports)
│   └── gainium-client.ts  # HMAC-authenticated HTTP client for Gainium API v2
├── dist/                  # Compiled output (published to npm)
├── package.json
├── tsconfig.json
└── README.md

License

MIT

Source & license

This open-source MCP server is cataloged on AgentStack and links to its original source — we do not rehost the code.

Author: Gainium
Source: Gainium/gainium-mcp
License: MIT

Install and usage instructions live in the source repository linked above.

Reviews

No reviews yet — be the first.

Write a review

Versions

v3.2.3 Imported from the upstream source.