Public endpoint operations notes
These notes describe how to operate a public read-only Blurt MCP endpoint. They are not a hard SLO or an on-call contract; those should be finalized only when hosting ownership, alerting, and maintenance responsibilities are explicit.
Service posture
The public endpoint is a best-effort, anonymous, read-only MCP service for public Blurt blockchain data. It should not hold private keys and should not expose write tools. Write/signing deployments are private operator responsibility.
Dependencies
| Dependency | Used for | Degradation behavior |
|---|---|---|
| Blurt blockchain Layer 1 RPC nodes | accounts, balances, history, witnesses, votes, broadcasts in private write mode | Read tools depending on L1 may fail or become slow. Node checker keeps the client on healthy configured nodes when possible. |
| Nexus / Bridge API | ranked posts, account posts, communities, discussions and social L2 views | Nexus-backed tools may fail while L1 tools continue. |
Price feed (BLURT_PRICE_URL) | BLURT/USD and BTC values | Price fields are best-effort; on-chain fields should still be returned where possible. |
| Reverse proxy / ingress | TLS, public rate limiting, body-size enforcement, host/origin filtering | Misconfiguration can expose the app directly or amplify abuse. |
Health checks
/healthz: process liveness. Use for container/process checks./readyz: cheap readiness. Use for load balancers and monitoring. It reports non-sensitive RPC counters and does not perform a heavy live RPC call on every request.
Logging
In production (NODE_ENV=production) logs are JSON lines on stderr. The HTTP app logs method, path, status and duration for requests, without request bodies or secrets. Collect logs at the process manager, container runtime, or platform layer.
Incident examples
| Symptom | Likely area | First checks |
|---|---|---|
/healthz fails | process/container | process manager, container status, recent deploy logs |
/healthz passes but /readyz fails | app readiness/config | env vars, configured RPC URL count, startup logs |
| MCP read tools slow/failing | upstream RPC or Nexus | node checker logs, configured RPC nodes, Nexus status |
| Price fields null | price feed | BLURT_PRICE_URL, external feed availability |
| High 4xx/429 at proxy | client misuse/abuse | reverse-proxy logs and rate-limit settings |
| High 5xx from app | app/runtime/upstream errors | app logs, recent commits, dependency status |
Rollback and maintenance
- Keep deployments reproducible from a Git commit and package lockfile.
- Prefer blue/green or rolling deployment where the platform supports it.
- Validate
/healthz,/readyz, andnpm run smoke:httpafter deployment. - Roll back to the previous known-good commit if the MCP transport or core read tools regress.
SLO candidate, not a guarantee
A future production service may define uptime and latency SLOs. Until monitoring, alerting, incident ownership, and hosting budget are formalized, treat this document as operational guidance rather than a public availability guarantee.