Security
The Blurt MCP server is read-only by default and holds no private keys in its normal HTTP mode.
Optional write tools are opt-in and local-first:
- local stdio signing uses a posting key only;
- posting keys cannot move funds;
- owner and active keys are refused;
- public HTTP remains read-only by default;
- HTTP signing requires an explicit unsafe trusted-deployment override.
For the full repository security policy and threat model, see SECURITY.md.
For operator instructions, see write operations.
For HTTP deployments, /mcp intentionally does not maintain an AI-product Origin allow-list. The public endpoint is safe by design only while it remains read-only and has no browser ambient authority: no posting key, no cookies, no credentialed CORS and no user-specific private data. JSON-RPC batch arrays are rejected because MCP 2025-06-18 removed batching support.