CLI Reference

OpenMM CLI

One command to set up. One command to start.
Works with every MCP client.

Quick Start

Install

npm install -g @qbtlabs/openmm-mcp

Setup

openmm-init    # one-time setup wizard

Start

openmm serve   # start before launching Claude

Client Configuration

All clients use the same config — just OPENMM_SOCKET, no credentials.

Client	Config File
Claude Desktop	`~/Library/Application Support/Claude/claude_desktop_config.json`
Claude Code	`~/.claude.json`
Cursor	`.cursor/mcp.json`
Windsurf	`~/.codeium/windsurf/mcp_config.json`

Command Reference

openmm-init

One-time setup wizard. Creates your encrypted vault, generates a wallet, and optionally adds exchange credentials.

Options:

--chain	`base` \| `base-sepolia` (default: `base-sepolia`)
--import 0x...	Import an existing wallet by private key
--no-exchanges	Skip exchange credential setup

openmm serve

Start the unified MCP server. Run this before launching any MCP client.

Terminal output:

$ openmm serve
Enter vault password: ••••••••

✅ Vault unlocked
✅ Wallet loaded  0x1a2B...9fE4
✅ Exchanges       3 connected (mexc, gateio, bitget)
✅ Policy          max 0.1 ETH/tx, 1.0 ETH/day
✅ Socket          /tmp/openmm.sock (mode 0600)

Ready — waiting for MCP connections...

Note: Password is typed once in the terminal, never stored anywhere — not in a file, not in an environment variable.

openmm-status

Health check. No password required — just reads the socket.

$ openmm-status

Vault       ~/.openmm/vault.enc
Wallet      0x1a2B...9fE4
Exchanges   3 connected
Socket      /tmp/openmm.sock ● active

openmm-exchange

Manage exchange API credentials inside the encrypted vault.

List configured exchanges

openmm-exchange list

Add exchange credentials

openmm-exchange add mexc

Remove exchange

openmm-exchange remove gateio

Supported: mexc, gateio, bitget, kraken, binance, coinbase, okx

openmm-wallet

View and manage the on-chain wallet stored in your vault.

Show wallet address and chain

openmm-wallet info

Set a new wallet

openmm-wallet set

Export private key

openmm-wallet export   # requires "I understand" confirmation

openmm-policy

Configure spending limits. Policies are enforced at the socket level before any key is touched.

Show current limits

openmm-policy show

Set per-transaction limit

openmm-policy set max-per-tx 0.1

Set daily limit

openmm-policy set max-per-day 1.0

Restrict chains

openmm-policy set allowed-chains base,base-sepolia

Reset to defaults

openmm-policy reset

Policy violations return POLICY_REJECTED to the MCP client. The private key is never reached.

openmm-vault

Advanced vault management. Most users only need openmm-init.

init	Create a new vault
info	Show vault metadata
list	List entries in the vault
add	Add an entry
remove	Remove an entry
change-password	Re-encrypt with a new password
destroy	Permanently delete the vault

Security Model

AES-256-GCM vault at ~/.openmm/vault.enc
Password: interactive terminal only — never in any file or environment variable
Socket /tmp/openmm.sock mode 0600 — socket existence = authenticated
Policy checked before key is touched — POLICY_REJECTED returned on violation
Private key never enters any MCP client process memory

No passwords. No API keys. Just the socket path and payment server — credentials stay in the vault.

claude.json

// ~/.claude.json — written by openmm-mcp --setup
{
  "mcpServers": {
    "openmm": {
      "type": "stdio",
      "command": "node",
      "args": ["<openmm-mcp-path>/dist/index.js"],
      "env": {
        "MCP_TRANSPORT": "stdio",
        "OPENMM_SOCKET": "/tmp/openmm.sock",
        "PAYMENT_SERVER": "https://mcp.openmm.io",
        "X402_TESTNET": "true"
      }
    }
  }
}

Next Steps