MCP Quickstart
Connect Starkscan to Codex, Claude Code, and similar MCP clients without losing the app and API context.
MCP quickstart
Use this guide when a tool-calling client needs Starkscan over MCP. Do not start here if a normal service can call HTTP directly or if a human operator is better served by the CLI.
Hosted MCP HTTP is currently beta; the @starkscan/mcp launcher resolves to
the smoked stable 0.1.2 package on the default npm channel.
Check the Launch matrix before treating a launcher
or hosted transport path as stable.
For npm package provenance, Socket links, and exact-version pinning rules, use
Package trust.
Use this surface for
- Codex, Claude Code, and other tool-calling clients
- workflows where an agent needs Starkscan tools instead of raw REST requests
- reusing the same Starkscan auth policy while keeping rollout access bounded
Current labels
| Surface | Public label | Current state |
|---|---|---|
| REST core API | certified | Direct /v1/{chain}/* REST calls for the certified route set, including timestamp-to-block plus exact token balance for accounting. Use this when a normal service can call HTTP. |
| TypeScript SDK | stable | Typed application code over the same REST contract; use @starkscan/sdk by default or pin exact @starkscan/[email protected] for unattended services. |
| Agent CLI | stable | Shell workflows and local exports with the same STARKSCAN_* environment variables. |
| Hosted MCP | hosted beta / stable launcher | Use https://api.starkscan.co/mcp on the API domain or {appBaseUrl}/api/mcp on an app-origin deployment; use @starkscan/mcp by default or pin exact @starkscan/[email protected] in unattended agent configs. |
Try in app first
Before you connect an agent, look at the same explorer surfaces on the current host:
That keeps the agent workflow grounded in the same product behavior that Starkscan users actually see.
Current external setup
Today the cleanest setup is:
- export the same
STARKSCAN_*variables used by REST and CLI - let the AI client launch
npx -y @starkscan/[email protected] - install the CLI from the Agent CLI guide only when you want lower-level shell commands
Use STARKSCAN_* for new clients. Legacy internal env names are accepted only as hidden compatibility aliases during the cutover.
Use untagged @starkscan/mcp for normal setup. Keep unattended MCP host
configs pinned to exact @starkscan/[email protected] when reproducibility matters.
tools/list should expose 18 tools total: bootstrap guidance, 16 read route tools, and the contract_write_payload unsigned write-payload builder.
Environment
export STARKSCAN_API_KEY="<set in your local shell or agent secret store>"
export STARKSCAN_CHAIN="SN_MAIN"
# Optional: only set this for preview or self-hosted hosts.
# export STARKSCAN_BASE_URL="https://preview.example.com/api"Print client config locally before wiring an agent. The output contains
${STARKSCAN_API_KEY} placeholders, not secret values:
npx -y @starkscan/[email protected] print-config --transport remoteCodex setup
codex mcp add starkscan \
--env STARKSCAN_API_KEY=$STARKSCAN_API_KEY \
--env STARKSCAN_CHAIN=$STARKSCAN_CHAIN \
-- npx -y @starkscan/[email protected]Useful starter tools for Starkscan agent workflows:
statusblock_detailblock_transactionstoken_total_supplytoken_balance_oftoken_transfers
Common agent mistakes
searchis identifier-first, not ticker or symbol search, and some responses normalize into canonical padded felt forms.contract_entrypointsis broader thancontract_read; forread, prefer selectors withstateMutability=viewand pass required calldata.address_token_holdingsis the wallet-screening surface. Treat it as complete only whenexact=true,truncated=false, andcompleteness.reasonCode="complete".- On very active wallets, separate
latestcalls to holdings andtoken_balance_ofcan drift numerically if the chain moved between requests. Missing a core-token row on a completed holdings response is the stronger bug signal.
Claude Code setup
claude mcp add --scope project --transport stdio \
--env 'STARKSCAN_API_KEY=${STARKSCAN_API_KEY}' \
--env STARKSCAN_CHAIN=$STARKSCAN_CHAIN \
starkscan -- npx -y @starkscan/[email protected]Check that Claude Code sees it:
claude mcp listHosted MCP transport
Starkscan also exposes a native HTTP MCP endpoint at:
https://api.starkscan.co/mcpon the API domain{appBaseUrl}/api/mcpon an app-origin deployment such as a preview host
Do not append another /api when STARKSCAN_BASE_URL already ends with /api, and do not set STARKSCAN_BASE_URL to the full /mcp URL. The npm launcher and CLI use the API-domain shape by default.
This is documented here instead of the REST reference because it is a JSON-RPC transport, not the normal explorer HTTP surface.
Current behavior:
POST https://api.starkscan.co/mcporPOST {appBaseUrl}/api/mcpaccepts one JSON-RPC message per request- hosted MCP requests require
Accept: application/json, text/event-stream - requests after
initializerequireMCP-Protocol-Version: 2025-11-25; include it on scripted calls for consistent behavior - inline JSON-RPC responses return as
application/json - JSON-RPC notifications return
202 Acceptedwithout a response body GETrequiresAccept: text/event-stream; when that header is present today it returns405 Method Not Allowedbecause SSE streams are not enabled- stdio MCP frames are newline-delimited JSON-RPC messages; send one JSON object per line and keep each frame at or below the 1 MiB content cap
Smoke-test the remote MCP path
This direct smoke uses API-key auth because that is the same external key model as the REST, CLI, and launcher examples. OAuth-enabled hosted MCP deployments also accept Authorization: Bearer <token> with a Starkscan MCP resource/audience claim; resource metadata is served from /.well-known/oauth-protected-resource when OAuth metadata is configured.
curl -sS -X POST "${STARKSCAN_BASE_URL:-https://api.starkscan.co}/mcp" \
-H "Accept: application/json, text/event-stream" \
-H "Content-Type: application/json" \
-H "MCP-Protocol-Version: 2025-11-25" \
-H "X-Starkscan-Api-Key: $STARKSCAN_API_KEY" \
--data '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}'This single-request smoke validates API-key auth, the required MCP HTTP headers, and a tools/list JSON-RPC response. For a full client session, use the MCP launcher or a real MCP client; they send initialize and notifications/initialized before tool calls.
tools/list
When not to start with MCP
- Use the REST API for direct service integrations.
- Use the SDK for typed application code.
- Use the CLI when you need explicit commands and local exports.
- Stay in the explorer app when the job is visual investigation rather than tool-calling.