Qoc

MCP integration

Qoc runs an MCP server that exposes desk tools and workspace resources to Claude Code and any other MCP-capable agent.


Qoc's built-in MCP server lets any MCP-capable agent — Claude Code, a custom CLI agent, or a local model with MCP support — call desk tools and read workspace resources without leaving their normal environment.

What the MCP server exposes

When you run qoc up, Qoc starts an MCP server alongside the desk process. The server registers two categories of objects: tools (callable actions) and resources (readable workspace files). Agents discover these through the standard MCP capability negotiation handshake.

Tools run inside the Qoc process with access to live venue connections. Resources are served directly from the workspace directory as UTF-8 text, giving the agent read access to the same files you see in your editor.

Exposed MCP tools

Tool nameDescription
symbol_searchSearch for a symbol across connected venues; returns name, type, and venue.
technical_analysisRun a named indicator (SMA, RSI, MACD, Bollinger) on a symbol over a date range.
place_orderWrite a structured order proposal to orders/pending/. Does not submit to venue — requires your approval.
snapshot_equityReturn the current UTA equity, buying power, and per-venue cash breakdown.
list_positionsReturn all open positions from the latest UTA snapshot, optionally filtered by venue or asset class.

Exposed MCP resources

Resource URI patternContents
desk://workspace/desk.tomlThe active desk.toml configuration (read-only).
desk://workspace/entities/{name}A named entity file from entities/.
desk://workspace/research/{name}A research note from research/.
desk://workspace/orders/pendingAll pending order proposal files, concatenated.
desk://workspace/snapshots/latestThe most recent full-book snapshot JSON.

Pointing Claude Code at the Qoc MCP server

Claude Code reads MCP server configuration from its project or user-level mcp_servers block. Add a qoc entry pointing at the socket or HTTP address that qoc up prints on startup (default: http://localhost:4242/mcp).

After adding the config block and restarting Claude Code, the tools appear automatically in the agent's tool list. You can verify with /mcp in the Claude Code prompt.

Claude Code MCP config — project level

.claude/mcp_servers.json (place in your project root or home .claude/)
json
{
  "mcpServers": {
    "qoc": {
      "type": "http",
      "url": "http://localhost:4242/mcp",
      "description": "Qoc trading desk — tools and workspace resources"
    }
  }
}

Find the MCP address after startup

Run qoc status at any time to print the MCP server address and confirm it is reachable. The address is also written to .qoc/mcp.url inside the workspace directory for scripting.

Using Qoc tools inside an agent session

Once connected, the agent can call tools naturally in conversation. For example, asking "what is the current buying power?" will cause Claude Code to call snapshot_equity and return the live figure. Asking "place a limit buy for 5 shares of XYZ at 120" will cause it to call place_order, which writes the proposal file — it will not submit to the venue until you approve.

Because place_order is a write tool, Claude Code will prompt for your permission the first time it is called (subject to your allow-list settings). You can pre-approve it with /allowed-tools add qoc:place_order in Claude Code.

Using Qoc tools from a custom MCP client

Any MCP client — same protocol, different language
python
import httpx, json

MCP_URL = "http://localhost:4242/mcp"

payload = {
    "jsonrpc": "2.0",
    "id": 1,
    "method": "tools/call",
    "params": {
        "name": "snapshot_equity",
        "arguments": {}
    }
}

resp = httpx.post(MCP_URL, json=payload)
result = resp.json()["result"]
print(json.dumps(result, indent=2))

Security scoping

The MCP server binds to localhost only by default and does not require authentication for local connections. It should not be exposed to the public internet without an authenticating reverse proxy.

Tool-level scoping is available in desk.toml: you can restrict which tools the MCP server advertises, for example to expose read-only tools (symbol_search, technical_analysis, snapshot_equity, list_positions) to an untrusted client while keeping place_order unexposed.

Restricting exposed tools

desk.toml — MCP server security settings
toml
[mcp]
# Bind address. Never expose to 0.0.0.0 without an auth proxy.
bind = "127.0.0.1:4242"

# Allowlist of tools to advertise. Omit to expose all tools.
allowed_tools = [
  "symbol_search",
  "technical_analysis",
  "snapshot_equity",
  "list_positions",
  # "place_order" — omit to prevent order proposals via MCP
]

place_order does not bypass approval

Even when place_order is available via MCP, it only writes a proposal file to orders/pending/. It does not submit to the venue. Submission still requires your explicit approval, controlled by the require_approval setting in desk.toml.