Skip to content

Security

The Blurt MCP server is read-only by default and holds no private keys in its normal HTTP mode.

Optional write tools are opt-in and local-first:

  • local stdio signing uses a posting key only;
  • posting keys cannot move funds;
  • owner and active keys are refused;
  • public HTTP remains read-only by default;
  • HTTP signing requires an explicit unsafe trusted-deployment override.

For the full repository security policy and threat model, see SECURITY.md.

For operator instructions, see write operations.

For HTTP deployments, /mcp intentionally does not maintain an AI-product Origin allow-list. The public endpoint is safe by design only while it remains read-only and has no browser ambient authority: no posting key, no cookies, no credentialed CORS and no user-specific private data. JSON-RPC batch arrays are rejected because MCP 2025-06-18 removed batching support.