your agent has judgement now: parasol + phantom mcp

Parasol agents collaborating on a verified trade — the safety layer between your agent's intent and the wallet that signs

phantom gave ai agents a wallet. that's a real moment for the network — for the first time, an ai assistant can hold non-custodial sol, sign transactions, and execute swaps without a human in the middle.

a wallet without judgement is a liability. when you tell your agent to buy a token, phantom executes. nobody, in that flow, checks whether the token is safe. there is no rug detection between the decision and the transaction. no honeypot test. no liquidity adequacy check. your agent has hands but no eyes.

parasol is the eyes.

we built our mcp server during the colosseum frontier hackathon window for exactly this reason. one tool call — parasol_safe_trade_check — runs the full safety analysis before any swap. it returns a clear verdict. your agent then either proceeds with confidence, asks the user to confirm a riskier setup, or stops before the trade ever reaches the wallet.

this post explains what's there, why it matters, what it took to make it production-grade, and how to set it up in five minutes.

---

what parasol's mcp server actually does

mcp — the model context protocol — is anthropic's open standard for how ai agents discover and call external tools. parasol's mcp server is a thin protocol layer over our existing trading and safety engine, designed specifically to be called by an ai agent rather than a human.

we expose 10 tools, 3 resources, and 4 prompt templates. the tool list:

tool	what it does
`parasol_safe_trade_check`	the safety gate. rug risk + honeypot + liquidity + slippage in one call. returns `safe`, `caution` or `avoid` with the specific risk flags.
`parasol_analyze_token`	full safety analysis with the same verdict format and a recommendation.
`parasol_check_rug_risk`	detailed rug pull risk score (0–100) with a breakdown of which signals contributed.
`parasol_check_honeypot`	honeypot check via simulated sell — can your agent actually exit this token?
`parasol_token_intelligence`	deep holder quality analysis: wallet age distribution, coordination detection, funding clusters, deployer rug history. returns a 0–100 score with an a–f grade.
`parasol_get_trending`	top-scored opportunities from the latest scan cycle.
`parasol_get_portfolio`	current positions, p&l, performance stats.
`parasol_agent_status`	agent runtime, cycle count, recent errors.
`parasol_start_agent`	start an autonomous trading agent for the calling key.
`parasol_stop_agent`	emergency stop. open positions remain until manually closed.

the four prompt templates (safe-trade, analyze-token, portfolio-review, risk-assessment) are pre-built conversation templates an agent can invoke for structured interactions.

every one of these is documented in the mcp server reference and runs against our hosted endpoint at mcp.parasol.so with no setup other than an api key.

---

the phantom flow

the headline integration is the safety-gated trade. with both parasol and phantom mcp servers connected to your ai assistant, this is what happens when you ask your agent to buy a token:


you: "buy 0.5 sol of [token]"
|
v
ai assistant
|
|--- 1. calls parasol: parasol_safe_trade_check(token)
|       -> rug risk score, honeypot check, liquidity analysis
|       -> verdict: safe / caution / avoid
|
|--- 2. if safe: calls phantom: buy_token(preview)
|       -> shows expected swap result
|
|--- 3. shows you both results. asks for confirmation.
|
|--- 4. on your "yes": calls phantom: buy_token(execute: true)
-> trade executes on-chain



parasol and phantom never talk to each other directly. your ai assistant orchestrates both — using parasol for the intelligence, phantom for the execution.

if the token is dangerous, the verdict is avoid and the trade stops before it reaches the wallet, with a specific list of why. if it's borderline, the verdict is caution and the agent asks you for confirmation. if it's clean, the verdict is safe and the swap proceeds.



this is what "public good" looks like in practice. phantom has millions of users. if even a fraction of them avoid one rug pull because an ai agent checked with parasol first, that's real money saved for real people.

---



the hard cases we got right

the easy cases — a clearly-rugged honeypot, a clean usdc swap — get handled by any rug detector. the test of a real safety layer is the hard cases. three of them shaped the last two weeks of work.

pump.fun renouncements correctly read as renounced

pump.fun tokens correctly renounce both mint and freeze authorities at launch. that's a structural feature of the launchpad. early on we were occasionally flagging these as "could not verify mint/freeze authorities" and pushing them to caution — not because the token was risky, but because our verification was timing out against an upstream rpc and we were treating the timeout as a ground-truth answer.



we now retry across multiple endpoints with a longer per-attempt timeout, surface the real reason in the flag rather than a generic message, and refuse to fall back to a guessed answer. pump.fun launches with renounced authorities now correctly read as renounced. the integration story for any phantom user who buys most of their tokens on pump.fun is materially better.

parody and satire coins stay safe if their on-chain profile is healthy

we briefly auto-flagged any token whose symbol matched a scam-pattern (scam, rug, honeypot, trap, fake). that was a mistake. crypto culture is full of legitimate parody and satire coins that name themselves after scams as social commentary — tremp, boden, burnie and others. flagging them on the symbol alone produced false avoids on viable trades.



we walked it back. symbol matching is now informational only — it surfaces a warning to the calling agent so a user can verify context, but it does not change the verdict. the verdict is decided by actual on-chain risk: rug score, honeypot simulation, mint/freeze authority status, liquidity, age. a scam-named token with thin liquidity and unverified mint still escalates via the normal risk paths. a scam-named token with deep liquidity and clean on-chain stays safe.

operators can still maintain an explicit per-mint blacklist for confirmed bad tokens via an environment variable, without baking individual judgements into the heuristic.

in-position rug intent (opt-in)

most rug detection is lagging — by the time a buy/sell ratio collapses or liquidity drains 30%, the rug is already happening. we added an optional leading indicator: if the deployer of one of your open positions re-enables the mint or freeze authority, that's not a rug yet but it's the dev unlocking the lever to do one in a single transaction.

this is opt-in and off by default. operators can run it in log_only mode to audit alerts in their token universe before flipping it to exit. it polls each open position every 60 seconds, latches detected signals so we don't repeatedly flag the same event, and triggers a forced close through the existing exit path when in active mode.



---

production-grade, not a demo

three things we shipped in the same window that don't sound exciting but are the difference between a hackathon mcp and a production one:

continuous uptime monitoring. an automated probe hits the public health and readiness endpoints every 15 minutes and fails loudly if anything is degraded. the response time threshold catches slow-but-up failures, not just total outages.
metered billing that actually deducts. every tool call costs a small number of pcu (parasol compute units), tracked against your api key's balance. the free tier covers most agent integrations comfortably.
the readiness probe distinguishes "not configured" from "unhealthy" so optional dependencies can be missing without taking the whole service offline. small fix, real impact when the platform is auto-routing traffic during deploys.

we'll publish a separate post-mortem on how we discovered our metered billing had been silently failing for a week — it's a useful story for anyone building on postgrest. the short version is that it's fixed, and if you used an mcp key from us before late april and your usage looks unusual, ping us and we'll reconcile.

---

setup, in five minutes

step 1: get a parasol mcp api key

1. sign in at parasol.so and complete onboarding
2. open parasol.so/dashboard/mcp
3. click generate key, give it a name (e.g. "my-cursor"), pick a tier

4. copy the key (starts with parasol_mcp_) — it's only shown once

free tier includes 500 pcu / month. parasol_safe_trade_check costs 10 pcu per call (50 checks/month free). you can top up by sending usdc or sol to the deposit address shown on the same page.



step 2: add both mcp servers to your assistant

cursor — add to ~/.cursor/mcp.json:

`json


{
"mcpServers": {
"phantom": {
"command": "npx",
"args": ["-y", "@phantom/mcp-server@latest"]
},
"parasol": {
"url": "https://mcp.parasol.so/mcp",
"headers": {
"Authorization": "Bearer parasol_mcp_YOUR_KEY_HERE"
}
}
}
}

claude desktop — same structure in ~/Library/Application Support/Claude/claude_desktop_config.json (macos) or %APPDATA%/Claude/claude_desktop_config.json (windows).



restart your assistant.

step 3: try it

ask your agent:

use the safe-trade prompt to buy 0.1 sol of token [paste a solana mint address]

the agent will call parasol's safe-trade-check, get a verdict back, preview the swap via phantom, and ask you to confirm before executing. that's the whole flow.

full setup walkthrough is in the parasol + phantom integration guide. developer reference is in the mcp server docs.

---



why we open-sourced the sdk

the parasol agent sdk is mit-licensed. typescript types, an example mcp client, full integration guide. clone it, run it, modify it. your integration doesn't need a sales call, an nda, or an enterprise contract.

we did this because the intelligence behind a safety layer needs to be auditable to be trusted. the trading engine itself stays proprietary — that's our product — but the interface is open. this is the same model stripe uses for its client libraries, anthropic uses for the mcp specification, and most production apis use for their integration layer. the doorway is open. the implementation is protected.

---

what's next

we're working on:

more signals into the safety check — wallet-age clustering at finer granularity, deeper coordination detection across funding sources, and liquidity-depth monitoring as a leading indicator

lower-latency verdicts — current safe_trade_check` typically returns in well under a second, but we want it consistently sub-300ms even on freshly-launched tokens with no upstream cache

richer per-token reports — token intelligence already returns a 0–100 score with grade, breakdown, and red flags. we're adding human-readable reasoning so an agent can explain to a user why a token rated the way it did

if you build on the mcp endpoint and want a feature, dm @parasolsolana. we read everything.

phantom gave agents a wallet. parasol gives them judgement. together your agent trades safely.

— the parasol team

your agent has judgement now: parasol + phantom mcp

parasol is the eyes.

this post explains what's there, why it matters, what it took to make it production-grade, and how to set it up in five minutes.

---

what parasol's mcp server actually does

we expose 10 tools, 3 resources, and 4 prompt templates. the tool list:

tool	what it does
`parasol_safe_trade_check`	the safety gate. rug risk + honeypot + liquidity + slippage in one call. returns `safe`, `caution` or `avoid` with the specific risk flags.
`parasol_analyze_token`	full safety analysis with the same verdict format and a recommendation.
`parasol_check_rug_risk`	detailed rug pull risk score (0–100) with a breakdown of which signals contributed.
`parasol_check_honeypot`	honeypot check via simulated sell — can your agent actually exit this token?
`parasol_token_intelligence`	deep holder quality analysis: wallet age distribution, coordination detection, funding clusters, deployer rug history. returns a 0–100 score with an a–f grade.
`parasol_get_trending`	top-scored opportunities from the latest scan cycle.
`parasol_get_portfolio`	current positions, p&l, performance stats.
`parasol_agent_status`	agent runtime, cycle count, recent errors.
`parasol_start_agent`	start an autonomous trading agent for the calling key.
`parasol_stop_agent`	emergency stop. open positions remain until manually closed.

the four prompt templates (safe-trade, analyze-token, portfolio-review, risk-assessment) are pre-built conversation templates an agent can invoke for structured interactions.

every one of these is documented in the mcp server reference and runs against our hosted endpoint at mcp.parasol.so with no setup other than an api key.

---

the phantom flow

the headline integration is the safety-gated trade. with both parasol and phantom mcp servers connected to your ai assistant, this is what happens when you ask your agent to buy a token:


you: "buy 0.5 sol of [token]"
|
v
ai assistant
|
|--- 1. calls parasol: parasol_safe_trade_check(token)
|       -> rug risk score, honeypot check, liquidity analysis
|       -> verdict: safe / caution / avoid
|
|--- 2. if safe: calls phantom: buy_token(preview)
|       -> shows expected swap result
|
|--- 3. shows you both results. asks for confirmation.
|
|--- 4. on your "yes": calls phantom: buy_token(execute: true)
-> trade executes on-chain



parasol and phantom never talk to each other directly. your ai assistant orchestrates both — using parasol for the intelligence, phantom for the execution.



this is what "public good" looks like in practice. phantom has millions of users. if even a fraction of them avoid one rug pull because an ai agent checked with parasol first, that's real money saved for real people.

---



the hard cases we got right

the easy cases — a clearly-rugged honeypot, a clean usdc swap — get handled by any rug detector. the test of a real safety layer is the hard cases. three of them shaped the last two weeks of work.

pump.fun renouncements correctly read as renounced



we now retry across multiple endpoints with a longer per-attempt timeout, surface the real reason in the flag rather than a generic message, and refuse to fall back to a guessed answer. pump.fun launches with renounced authorities now correctly read as renounced. the integration story for any phantom user who buys most of their tokens on pump.fun is materially better.

parody and satire coins stay safe if their on-chain profile is healthy



we walked it back. symbol matching is now informational only — it surfaces a warning to the calling agent so a user can verify context, but it does not change the verdict. the verdict is decided by actual on-chain risk: rug score, honeypot simulation, mint/freeze authority status, liquidity, age. a scam-named token with thin liquidity and unverified mint still escalates via the normal risk paths. a scam-named token with deep liquidity and clean on-chain stays safe.

operators can still maintain an explicit per-mint blacklist for confirmed bad tokens via an environment variable, without baking individual judgements into the heuristic.

in-position rug intent (opt-in)

most rug detection is lagging — by the time a buy/sell ratio collapses or liquidity drains 30%, the rug is already happening. we added an optional leading indicator: if the deployer of one of your open positions re-enables the mint or freeze authority, that's not a rug yet but it's the dev unlocking the lever to do one in a single transaction.



---

production-grade, not a demo

three things we shipped in the same window that don't sound exciting but are the difference between a hackathon mcp and a production one:

continuous uptime monitoring. an automated probe hits the public health and readiness endpoints every 15 minutes and fails loudly if anything is degraded. the response time threshold catches slow-but-up failures, not just total outages.
metered billing that actually deducts. every tool call costs a small number of pcu (parasol compute units), tracked against your api key's balance. the free tier covers most agent integrations comfortably.
the readiness probe distinguishes "not configured" from "unhealthy" so optional dependencies can be missing without taking the whole service offline. small fix, real impact when the platform is auto-routing traffic during deploys.

we'll publish a separate post-mortem on how we discovered our metered billing had been silently failing for a week — it's a useful story for anyone building on postgrest. the short version is that it's fixed, and if you used an mcp key from us before late april and your usage looks unusual, ping us and we'll reconcile.

---

setup, in five minutes

step 1: get a parasol mcp api key

1. sign in at parasol.so and complete onboarding
2. open parasol.so/dashboard/mcp
3. click generate key, give it a name (e.g. "my-cursor"), pick a tier

4. copy the key (starts with parasol_mcp_) — it's only shown once

free tier includes 500 pcu / month. parasol_safe_trade_check costs 10 pcu per call (50 checks/month free). you can top up by sending usdc or sol to the deposit address shown on the same page.



step 2: add both mcp servers to your assistant

cursor — add to ~/.cursor/mcp.json:

`json


{
"mcpServers": {
"phantom": {
"command": "npx",
"args": ["-y", "@phantom/mcp-server@latest"]
},
"parasol": {
"url": "https://mcp.parasol.so/mcp",
"headers": {
"Authorization": "Bearer parasol_mcp_YOUR_KEY_HERE"
}
}
}
}

claude desktop — same structure in ~/Library/Application Support/Claude/claude_desktop_config.json (macos) or %APPDATA%/Claude/claude_desktop_config.json (windows).



restart your assistant.

step 3: try it

ask your agent:

use the safe-trade prompt to buy 0.1 sol of token [paste a solana mint address]

the agent will call parasol's safe-trade-check, get a verdict back, preview the swap via phantom, and ask you to confirm before executing. that's the whole flow.

full setup walkthrough is in the parasol + phantom integration guide. developer reference is in the mcp server docs.

---



why we open-sourced the sdk

the parasol agent sdk is mit-licensed. typescript types, an example mcp client, full integration guide. clone it, run it, modify it. your integration doesn't need a sales call, an nda, or an enterprise contract.

we did this because the intelligence behind a safety layer needs to be auditable to be trusted. the trading engine itself stays proprietary — that's our product — but the interface is open. this is the same model stripe uses for its client libraries, anthropic uses for the mcp specification, and most production apis use for their integration layer. the doorway is open. the implementation is protected.

---

what's next

we're working on:

more signals into the safety check — wallet-age clustering at finer granularity, deeper coordination detection across funding sources, and liquidity-depth monitoring as a leading indicator

lower-latency verdicts — current safe_trade_check` typically returns in well under a second, but we want it consistently sub-300ms even on freshly-launched tokens with no upstream cache

if you build on the mcp endpoint and want a feature, dm @parasolsolana. we read everything.

phantom gave agents a wallet. parasol gives them judgement. together your agent trades safely.

— the parasol team

your agent has judgement now: parasol + phantom mcp

your agent has judgement now: parasol + phantom mcp

what parasol's mcp server actually does

the phantom flow

the hard cases we got right

pump.fun renouncements correctly read as renounced

parody and satire coins stay safe if their on-chain profile is healthy

in-position rug intent (opt-in)

production-grade, not a demo

setup, in five minutes

step 1: get a parasol mcp api key

step 2: add both mcp servers to your assistant

step 3: try it

why we open-sourced the sdk

what's next

related

you asked. paper trading is coming back.

trade execution: where we are, what we did, what's next

the agent that doesn't die when you close the tab

your agent has judgement now: parasol + phantom mcp

your agent has judgement now: parasol + phantom mcp

what parasol's mcp server actually does

the phantom flow

the hard cases we got right

pump.fun renouncements correctly read as renounced

parody and satire coins stay safe if their on-chain profile is healthy

in-position rug intent (opt-in)

production-grade, not a demo

setup, in five minutes

step 1: get a parasol mcp api key

step 2: add both mcp servers to your assistant

step 3: try it

why we open-sourced the sdk

what's next

related

you asked. paper trading is coming back.

trade execution: where we are, what we did, what's next

the agent that doesn't die when you close the tab