Skip to content

ADR 0001 — The server remains neutral infrastructure

Status

Accepted.

Context

The Blurt MCP server exposes public Blurt blockchain data and optional posting-authority write tools to AI clients.

During the Phase 3 write-security review, an earlier roadmap considered richer operator policy files: allowed or blocked accounts, blocked communities or tags, posting quotas, and a separate preview engine. That direction risked turning the shared MCP layer into a moderation or social-policy engine.

The project should not do that because:

  • the Blurt blockchain is designed around freedom of expression;
  • Layer 1 already validates operation authority and protocol rules;
  • posting authority cannot move funds;
  • deployment-specific policy belongs outside the shared server when an operator needs it.

Decision

The Blurt MCP server remains neutral infrastructure.

It may enforce security and transport boundaries, such as:

  • refusing active and owner keys;
  • requiring posting authority for write tools;
  • keeping public HTTP read-only by default;
  • requiring an explicit unsafe override for HTTP signing;
  • letting operators choose which write tools are registered;
  • supporting preview-first defaults such as BLURT_DRY_RUN_DEFAULT=true;
  • supporting optional process-local write limits when an operator explicitly configures BLURT_WRITE_RATE_LIMITS; the shared server does not impose default MCP write caps.

It should not become a policy engine for:

  • allowed or blocked accounts;
  • allowed or blocked communities or tags;
  • content moderation rules;
  • social-usage scoring;
  • posting quotas intended to shape speech or community behavior.

Those concerns belong in clients, wrappers, gateways, external signers, custom deployments, or forks.

Consequences

  • Phase 3 keeps neutral safety controls and removes policy-file/moderation enforcement from the roadmap.
  • The server can still support deployment ergonomics, previews and capability profiles.
  • Operators remain responsible for local policy if they run custom deployments.
  • Future signing architecture work should keep this boundary unless a maintainer explicitly opens a new ADR.