buzzberg-mcp 0.1.0b1__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- buzzberg_mcp-0.1.0b1/.github/ISSUE_TEMPLATE/bug_report.md +20 -0
- buzzberg_mcp-0.1.0b1/.github/ISSUE_TEMPLATE/feature_request.md +10 -0
- buzzberg_mcp-0.1.0b1/.github/ISSUE_TEMPLATE/security.md +11 -0
- buzzberg_mcp-0.1.0b1/.github/workflows/ci.yml +55 -0
- buzzberg_mcp-0.1.0b1/.github/workflows/release.yml +34 -0
- buzzberg_mcp-0.1.0b1/.gitignore +11 -0
- buzzberg_mcp-0.1.0b1/CHANGELOG.md +13 -0
- buzzberg_mcp-0.1.0b1/INSTALL.md +164 -0
- buzzberg_mcp-0.1.0b1/LICENSE +21 -0
- buzzberg_mcp-0.1.0b1/PKG-INFO +105 -0
- buzzberg_mcp-0.1.0b1/README.md +80 -0
- buzzberg_mcp-0.1.0b1/SECURITY.md +75 -0
- buzzberg_mcp-0.1.0b1/TOOLS.md +302 -0
- buzzberg_mcp-0.1.0b1/buzzberg_mcp/__init__.py +5 -0
- buzzberg_mcp-0.1.0b1/buzzberg_mcp/__main__.py +4 -0
- buzzberg_mcp-0.1.0b1/buzzberg_mcp/cli.py +166 -0
- buzzberg_mcp-0.1.0b1/buzzberg_mcp/constants.py +19 -0
- buzzberg_mcp-0.1.0b1/buzzberg_mcp/installers.py +328 -0
- buzzberg_mcp-0.1.0b1/examples/add_to_watchlist.md +5 -0
- buzzberg_mcp-0.1.0b1/examples/compare_speakers.md +6 -0
- buzzberg_mcp-0.1.0b1/examples/get_portfolio.md +5 -0
- buzzberg_mcp-0.1.0b1/examples/get_price.md +5 -0
- buzzberg_mcp-0.1.0b1/examples/get_recent_content.md +5 -0
- buzzberg_mcp-0.1.0b1/examples/get_sentiment.md +5 -0
- buzzberg_mcp-0.1.0b1/examples/get_sentiment_divergence.md +5 -0
- buzzberg_mcp-0.1.0b1/examples/get_speaker_profile.md +5 -0
- buzzberg_mcp-0.1.0b1/examples/get_ticker_info.md +6 -0
- buzzberg_mcp-0.1.0b1/examples/get_ticker_mentions.md +5 -0
- buzzberg_mcp-0.1.0b1/examples/get_top_speaker_signals.md +6 -0
- buzzberg_mcp-0.1.0b1/examples/get_top_speakers.md +5 -0
- buzzberg_mcp-0.1.0b1/examples/read_ticker_content.md +5 -0
- buzzberg_mcp-0.1.0b1/examples/remove_from_watchlist.md +5 -0
- buzzberg_mcp-0.1.0b1/examples/save_trade_idea.md +5 -0
- buzzberg_mcp-0.1.0b1/examples/search_content.md +6 -0
- buzzberg_mcp-0.1.0b1/examples/search_trade_ideas.md +6 -0
- buzzberg_mcp-0.1.0b1/pyproject.toml +53 -0
- buzzberg_mcp-0.1.0b1/security-controls.json +21 -0
- buzzberg_mcp-0.1.0b1/sessions/contrarian-scan.md +6 -0
- buzzberg_mcp-0.1.0b1/sessions/crypto-vs-stocks-sentiment.md +5 -0
- buzzberg_mcp-0.1.0b1/sessions/morning-briefing.md +6 -0
- buzzberg_mcp-0.1.0b1/sessions/new-watchlist-from-signals.md +6 -0
- buzzberg_mcp-0.1.0b1/sessions/ticker-deep-dive.md +6 -0
- buzzberg_mcp-0.1.0b1/tests/test_atomic_write.py +19 -0
- buzzberg_mcp-0.1.0b1/tests/test_cli.py +60 -0
- buzzberg_mcp-0.1.0b1/tests/test_docs.py +32 -0
- buzzberg_mcp-0.1.0b1/tests/test_installers.py +99 -0
- buzzberg_mcp-0.1.0b1/tests/test_key_handling.py +54 -0
- buzzberg_mcp-0.1.0b1/tools_manifest.json +405 -0
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: Bug report
|
|
3
|
+
about: Report an installer or documentation bug
|
|
4
|
+
title: "[bug] "
|
|
5
|
+
labels: bug
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
## What happened?
|
|
9
|
+
|
|
10
|
+
## Client
|
|
11
|
+
|
|
12
|
+
Claude Desktop / Claude Code / Cursor / Cline / Continue.dev / other:
|
|
13
|
+
|
|
14
|
+
## Installer version
|
|
15
|
+
|
|
16
|
+
`buzzberg-mcp version`:
|
|
17
|
+
|
|
18
|
+
## Notes
|
|
19
|
+
|
|
20
|
+
Do not paste API keys or client config files containing Bearer tokens.
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: Security report
|
|
3
|
+
about: Do not file public vulnerability reports
|
|
4
|
+
title: "[security] do not use public issues"
|
|
5
|
+
labels: security
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
Please email security reports to security@buzzberg.ai.
|
|
9
|
+
|
|
10
|
+
Do not include secrets, API keys, exploit details, or vulnerability reports in a
|
|
11
|
+
public GitHub issue.
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
name: CI
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
pull_request:
|
|
5
|
+
push:
|
|
6
|
+
branches: [main]
|
|
7
|
+
|
|
8
|
+
permissions:
|
|
9
|
+
contents: read
|
|
10
|
+
|
|
11
|
+
jobs:
|
|
12
|
+
test:
|
|
13
|
+
runs-on: ubuntu-latest
|
|
14
|
+
steps:
|
|
15
|
+
- name: Checkout
|
|
16
|
+
# actions/checkout v4.2.2
|
|
17
|
+
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
|
|
18
|
+
- name: Set up Python
|
|
19
|
+
# actions/setup-python v5.6.0
|
|
20
|
+
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065
|
|
21
|
+
with:
|
|
22
|
+
python-version: "3.12"
|
|
23
|
+
- name: Install dev dependencies
|
|
24
|
+
run: python -m pip install --upgrade pip && python -m pip install -e ".[dev]"
|
|
25
|
+
- name: Ruff
|
|
26
|
+
run: ruff check .
|
|
27
|
+
- name: Mypy
|
|
28
|
+
run: mypy buzzberg_mcp
|
|
29
|
+
- name: Pytest
|
|
30
|
+
run: pytest
|
|
31
|
+
- name: Validate public docs
|
|
32
|
+
run: |
|
|
33
|
+
python - <<'PY'
|
|
34
|
+
import json, pathlib, re, sys
|
|
35
|
+
root = pathlib.Path(".")
|
|
36
|
+
manifest = json.loads((root / "tools_manifest.json").read_text())
|
|
37
|
+
expected = {tool["name"] for tool in manifest["tools"]}
|
|
38
|
+
headings = set(re.findall(r"^## ([a-z_]+)$", (root / "TOOLS.md").read_text(), re.M))
|
|
39
|
+
if headings != expected:
|
|
40
|
+
print("TOOLS.md mismatch")
|
|
41
|
+
print("missing:", sorted(expected - headings))
|
|
42
|
+
print("extra:", sorted(headings - expected))
|
|
43
|
+
sys.exit(1)
|
|
44
|
+
forbidden = re.compile("|".join(["n1" + "fan", r"github\.com/n1" + "fan", r"ghcr\.io/n1" + "fan"]))
|
|
45
|
+
bad = []
|
|
46
|
+
for path in root.rglob("*"):
|
|
47
|
+
if path.is_dir() or ".git" in path.parts or "__pycache__" in path.parts or ".pytest_cache" in path.parts:
|
|
48
|
+
continue
|
|
49
|
+
text = path.read_text(encoding="utf-8", errors="ignore")
|
|
50
|
+
if forbidden.search(text):
|
|
51
|
+
bad.append(str(path))
|
|
52
|
+
if bad:
|
|
53
|
+
print("Forbidden references:", bad)
|
|
54
|
+
sys.exit(1)
|
|
55
|
+
PY
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
name: Release
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
push:
|
|
5
|
+
tags:
|
|
6
|
+
- "v*"
|
|
7
|
+
|
|
8
|
+
permissions:
|
|
9
|
+
contents: read
|
|
10
|
+
id-token: write
|
|
11
|
+
|
|
12
|
+
jobs:
|
|
13
|
+
publish:
|
|
14
|
+
runs-on: ubuntu-latest
|
|
15
|
+
environment:
|
|
16
|
+
name: pypi
|
|
17
|
+
steps:
|
|
18
|
+
- name: Checkout
|
|
19
|
+
# actions/checkout v4.2.2
|
|
20
|
+
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
|
|
21
|
+
- name: Set up Python
|
|
22
|
+
# actions/setup-python v5.6.0
|
|
23
|
+
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065
|
|
24
|
+
with:
|
|
25
|
+
python-version: "3.12"
|
|
26
|
+
- name: Install build dependencies
|
|
27
|
+
run: python -m pip install --upgrade pip && python -m pip install build==1.2.2.post1 twine==6.1.0
|
|
28
|
+
- name: Build
|
|
29
|
+
run: python -m build
|
|
30
|
+
- name: Check distributions
|
|
31
|
+
run: python -m twine check dist/*
|
|
32
|
+
- name: Publish to PyPI
|
|
33
|
+
# pypa/gh-action-pypi-publish v1.13.0 peeled commit
|
|
34
|
+
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
# Changelog
|
|
2
|
+
|
|
3
|
+
## Beta Period
|
|
4
|
+
|
|
5
|
+
SemVer is not guaranteed before `1.0.0`. Breaking changes will be documented
|
|
6
|
+
here and announced to active beta users.
|
|
7
|
+
|
|
8
|
+
## 0.1.0b1
|
|
9
|
+
|
|
10
|
+
- Initial private beta installer package.
|
|
11
|
+
- Adds stdlib-only client config writers for Claude Desktop, Claude Code,
|
|
12
|
+
Cursor, Cline, and Continue.dev.
|
|
13
|
+
- Adds public SECURITY.md, TOOLS.md, examples, and release workflow skeleton.
|
|
@@ -0,0 +1,164 @@
|
|
|
1
|
+
# Install Buzzberg MCP
|
|
2
|
+
|
|
3
|
+
## Recommended Install
|
|
4
|
+
|
|
5
|
+
```bash
|
|
6
|
+
pip install buzzberg-mcp
|
|
7
|
+
buzzberg-mcp setup
|
|
8
|
+
```
|
|
9
|
+
|
|
10
|
+
For one client:
|
|
11
|
+
|
|
12
|
+
```bash
|
|
13
|
+
buzzberg-mcp setup --client cursor
|
|
14
|
+
```
|
|
15
|
+
|
|
16
|
+
For all detected clients:
|
|
17
|
+
|
|
18
|
+
```bash
|
|
19
|
+
buzzberg-mcp setup --all
|
|
20
|
+
```
|
|
21
|
+
|
|
22
|
+
The installer reads your key through a hidden prompt by default. For password
|
|
23
|
+
managers, use stdin:
|
|
24
|
+
|
|
25
|
+
```bash
|
|
26
|
+
pass show buzzberg/mcp | buzzberg-mcp setup --key-stdin --client claude-desktop
|
|
27
|
+
```
|
|
28
|
+
|
|
29
|
+
Dry-runs do not need a real key and never print a plaintext key:
|
|
30
|
+
|
|
31
|
+
```bash
|
|
32
|
+
buzzberg-mcp setup --dry-run --client claude-desktop
|
|
33
|
+
```
|
|
34
|
+
|
|
35
|
+
## Paranoid Path
|
|
36
|
+
|
|
37
|
+
This path lets you inspect the wheel before installing it. It is the path for
|
|
38
|
+
"read before running"; a normal `pip install` may run package build/install code
|
|
39
|
+
by design.
|
|
40
|
+
|
|
41
|
+
```bash
|
|
42
|
+
pip download --only-binary :all: --no-deps buzzberg-mcp -d /tmp/bz
|
|
43
|
+
python -m zipfile -l /tmp/bz/buzzberg_mcp-*.whl
|
|
44
|
+
python -m pip install /tmp/bz/buzzberg_mcp-*.whl
|
|
45
|
+
```
|
|
46
|
+
|
|
47
|
+
Attestation verification is optional. The exact `pypi-attestations verify`
|
|
48
|
+
command will be copied here after it passes the Test PyPI smoke test.
|
|
49
|
+
|
|
50
|
+
## Manual Install
|
|
51
|
+
|
|
52
|
+
Use this path if your security policy forbids installing packages. Add the
|
|
53
|
+
Buzzberg server to your client config manually.
|
|
54
|
+
|
|
55
|
+
Transport: `sse`
|
|
56
|
+
URL: `https://mcp.buzzberg.ai/sse`
|
|
57
|
+
Header: `Authorization: Bearer <key from Profile -> MCP Access>`
|
|
58
|
+
|
|
59
|
+
### Claude Desktop
|
|
60
|
+
|
|
61
|
+
macOS:
|
|
62
|
+
`~/Library/Application Support/Claude/claude_desktop_config.json`
|
|
63
|
+
|
|
64
|
+
Windows:
|
|
65
|
+
`%APPDATA%/Claude/claude_desktop_config.json`
|
|
66
|
+
|
|
67
|
+
Linux:
|
|
68
|
+
`~/.config/Claude/claude_desktop_config.json`
|
|
69
|
+
|
|
70
|
+
```json
|
|
71
|
+
{
|
|
72
|
+
"mcpServers": {
|
|
73
|
+
"buzzberg": {
|
|
74
|
+
"url": "https://mcp.buzzberg.ai/sse",
|
|
75
|
+
"headers": {
|
|
76
|
+
"Authorization": "Bearer <BUZZBERG_MCP_API_KEY>"
|
|
77
|
+
}
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
}
|
|
81
|
+
```
|
|
82
|
+
|
|
83
|
+
### Claude Code
|
|
84
|
+
|
|
85
|
+
```bash
|
|
86
|
+
claude mcp add --transport sse buzzberg https://mcp.buzzberg.ai/sse \
|
|
87
|
+
--header "Authorization: Bearer $BUZZBERG_MCP_API_KEY"
|
|
88
|
+
```
|
|
89
|
+
|
|
90
|
+
### Claude Mobile
|
|
91
|
+
|
|
92
|
+
Use URL `https://mcp.buzzberg.ai/sse` and header
|
|
93
|
+
`Authorization: Bearer <BUZZBERG_MCP_API_KEY>` where the mobile integration UI
|
|
94
|
+
supports custom headers. If headers are unavailable, use Desktop, Code, Cursor,
|
|
95
|
+
or Cline during private beta.
|
|
96
|
+
|
|
97
|
+
### Cursor
|
|
98
|
+
|
|
99
|
+
Settings -> MCP Servers -> Add new:
|
|
100
|
+
|
|
101
|
+
```json
|
|
102
|
+
{
|
|
103
|
+
"mcpServers": {
|
|
104
|
+
"buzzberg": {
|
|
105
|
+
"url": "https://mcp.buzzberg.ai/sse",
|
|
106
|
+
"headers": {
|
|
107
|
+
"Authorization": "Bearer <BUZZBERG_MCP_API_KEY>"
|
|
108
|
+
}
|
|
109
|
+
}
|
|
110
|
+
}
|
|
111
|
+
}
|
|
112
|
+
```
|
|
113
|
+
|
|
114
|
+
### Cline
|
|
115
|
+
|
|
116
|
+
VS Code -> Cline -> Settings -> Edit MCP Settings. Add the same `mcpServers`
|
|
117
|
+
block used for Cursor.
|
|
118
|
+
|
|
119
|
+
### Continue.dev
|
|
120
|
+
|
|
121
|
+
Edit `~/.continue/config.json`:
|
|
122
|
+
|
|
123
|
+
```json
|
|
124
|
+
{
|
|
125
|
+
"experimental": {
|
|
126
|
+
"modelContextProtocolServers": [
|
|
127
|
+
{
|
|
128
|
+
"name": "buzzberg",
|
|
129
|
+
"transport": {
|
|
130
|
+
"type": "sse",
|
|
131
|
+
"url": "https://mcp.buzzberg.ai/sse",
|
|
132
|
+
"headers": {
|
|
133
|
+
"Authorization": "Bearer <BUZZBERG_MCP_API_KEY>"
|
|
134
|
+
}
|
|
135
|
+
}
|
|
136
|
+
}
|
|
137
|
+
]
|
|
138
|
+
}
|
|
139
|
+
}
|
|
140
|
+
```
|
|
141
|
+
|
|
142
|
+
### Agent SDK
|
|
143
|
+
|
|
144
|
+
```python
|
|
145
|
+
from claude_agent_sdk import ClaudeAgentOptions
|
|
146
|
+
|
|
147
|
+
options = ClaudeAgentOptions(
|
|
148
|
+
mcp_servers={
|
|
149
|
+
"buzzberg": {
|
|
150
|
+
"type": "sse",
|
|
151
|
+
"url": "https://mcp.buzzberg.ai/sse",
|
|
152
|
+
"headers": {"Authorization": f"Bearer {KEY}"},
|
|
153
|
+
}
|
|
154
|
+
},
|
|
155
|
+
allowed_tools=["mcp__buzzberg__*"],
|
|
156
|
+
)
|
|
157
|
+
```
|
|
158
|
+
|
|
159
|
+
## Troubleshooting
|
|
160
|
+
|
|
161
|
+
- Tools do not appear: fully quit and reopen the client, then validate JSON.
|
|
162
|
+
- 401 Unauthorized: revoke and recreate the key in Profile -> MCP Access.
|
|
163
|
+
- Connection timeout: corporate networks sometimes block SSE.
|
|
164
|
+
- Health check: `curl https://mcp.buzzberg.ai/health` should return `{"status":"ok"}`.
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 Buzzberg
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
|
@@ -0,0 +1,105 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: buzzberg-mcp
|
|
3
|
+
Version: 0.1.0b1
|
|
4
|
+
Summary: Buzzberg MCP installer for Claude / Cursor / Cline / Continue.dev
|
|
5
|
+
Project-URL: Homepage, https://buzzberg.ai
|
|
6
|
+
Project-URL: Repository, https://github.com/buzzberg-ai/buzzberg-mcp
|
|
7
|
+
Project-URL: Issues, https://github.com/buzzberg-ai/buzzberg-mcp/issues
|
|
8
|
+
Author: Buzzberg
|
|
9
|
+
License-Expression: MIT
|
|
10
|
+
License-File: LICENSE
|
|
11
|
+
Classifier: Development Status :: 4 - Beta
|
|
12
|
+
Classifier: Environment :: Console
|
|
13
|
+
Classifier: Intended Audience :: Financial and Insurance Industry
|
|
14
|
+
Classifier: Programming Language :: Python :: 3
|
|
15
|
+
Classifier: Programming Language :: Python :: 3 :: Only
|
|
16
|
+
Classifier: Topic :: Utilities
|
|
17
|
+
Requires-Python: >=3.10
|
|
18
|
+
Provides-Extra: dev
|
|
19
|
+
Requires-Dist: build==1.2.2.post1; extra == 'dev'
|
|
20
|
+
Requires-Dist: mypy==1.15.0; extra == 'dev'
|
|
21
|
+
Requires-Dist: pytest==8.3.5; extra == 'dev'
|
|
22
|
+
Requires-Dist: ruff==0.11.2; extra == 'dev'
|
|
23
|
+
Requires-Dist: twine==6.1.0; extra == 'dev'
|
|
24
|
+
Description-Content-Type: text/markdown
|
|
25
|
+
|
|
26
|
+
# Buzzberg MCP
|
|
27
|
+
|
|
28
|
+

|
|
29
|
+
|
|
30
|
+
> Private Beta: the MCP contract can change before broader beta. See
|
|
31
|
+
> [CHANGELOG.md](CHANGELOG.md) for breaking changes.
|
|
32
|
+
|
|
33
|
+
Buzzberg MCP connects Claude, Cursor, Cline, Continue.dev, and other MCP clients
|
|
34
|
+
to Buzzberg market intelligence: trade ideas, sentiment, speakers, prices, and
|
|
35
|
+
watchlist actions for your own Buzzberg account.
|
|
36
|
+
|
|
37
|
+
## Quickstart
|
|
38
|
+
|
|
39
|
+
```bash
|
|
40
|
+
pip install buzzberg-mcp
|
|
41
|
+
buzzberg-mcp setup
|
|
42
|
+
```
|
|
43
|
+
|
|
44
|
+
The setup command uses an interactive hidden prompt for your key. Get a personal
|
|
45
|
+
key from `https://buzzberg.ai -> Profile -> MCP Access`.
|
|
46
|
+
|
|
47
|
+
## What Your Key Can Do
|
|
48
|
+
|
|
49
|
+
| Action | Allowed? |
|
|
50
|
+
|---|---|
|
|
51
|
+
| Read public trade ideas, sentiment, and prices | Yes |
|
|
52
|
+
| Add/remove tickers in your watchlist | Yes |
|
|
53
|
+
| Save trade ideas to your account | Yes |
|
|
54
|
+
| Server sees tool-call arguments Claude sends | Yes* |
|
|
55
|
+
| See another user's watchlist or saved ideas | No |
|
|
56
|
+
| Change another user's watchlist or saved ideas | No |
|
|
57
|
+
| Place trades on an exchange | No |
|
|
58
|
+
| See your full Claude conversation | No |
|
|
59
|
+
| Access your X, broker, or other accounts | No |
|
|
60
|
+
| Download files from your computer | No |
|
|
61
|
+
|
|
62
|
+
*Buzzberg receives only MCP requests and tool arguments selected by your client,
|
|
63
|
+
not your full Claude transcript. Avoid putting sensitive private text into tool
|
|
64
|
+
arguments.
|
|
65
|
+
|
|
66
|
+
## Supported Clients
|
|
67
|
+
|
|
68
|
+
| Client | Status |
|
|
69
|
+
|---|---|
|
|
70
|
+
| Claude Desktop | Supported |
|
|
71
|
+
| Claude Code | Supported via SSE beta transport |
|
|
72
|
+
| Cursor | Supported |
|
|
73
|
+
| Cline | Supported |
|
|
74
|
+
| Continue.dev | Supported |
|
|
75
|
+
| Claude Mobile | Works only where custom headers are available |
|
|
76
|
+
| Agent SDK | Manual config supported |
|
|
77
|
+
|
|
78
|
+
Private beta currently uses SSE at `https://mcp.buzzberg.ai/sse`. Streamable
|
|
79
|
+
HTTP `/mcp` ships before broader beta; `/sse` will remain for legacy clients for
|
|
80
|
+
a migration window.
|
|
81
|
+
|
|
82
|
+
## Tools
|
|
83
|
+
|
|
84
|
+
Buzzberg exposes 17 tools. See [TOOLS.md](TOOLS.md) for signatures and examples.
|
|
85
|
+
|
|
86
|
+
## Trust And Verification
|
|
87
|
+
|
|
88
|
+
The normal path is `pip install buzzberg-mcp`. pip uses HTTPS and package hashes
|
|
89
|
+
from the index for download integrity, but pip does not automatically verify
|
|
90
|
+
Sigstore attestations.
|
|
91
|
+
|
|
92
|
+
Buzzberg releases use PyPI Trusted Publishing through GitHub OIDC. Attestations
|
|
93
|
+
are available for manual verification; the exact command will be published after
|
|
94
|
+
the Test PyPI smoke test confirms the working `pypi-attestations` syntax.
|
|
95
|
+
|
|
96
|
+
Read more in [SECURITY.md](SECURITY.md).
|
|
97
|
+
|
|
98
|
+
## Links
|
|
99
|
+
|
|
100
|
+
- [INSTALL.md](INSTALL.md)
|
|
101
|
+
- [SECURITY.md](SECURITY.md)
|
|
102
|
+
- [TOOLS.md](TOOLS.md)
|
|
103
|
+
- [examples](examples)
|
|
104
|
+
- [sessions](sessions)
|
|
105
|
+
- [CHANGELOG.md](CHANGELOG.md)
|
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
# Buzzberg MCP
|
|
2
|
+
|
|
3
|
+

|
|
4
|
+
|
|
5
|
+
> Private Beta: the MCP contract can change before broader beta. See
|
|
6
|
+
> [CHANGELOG.md](CHANGELOG.md) for breaking changes.
|
|
7
|
+
|
|
8
|
+
Buzzberg MCP connects Claude, Cursor, Cline, Continue.dev, and other MCP clients
|
|
9
|
+
to Buzzberg market intelligence: trade ideas, sentiment, speakers, prices, and
|
|
10
|
+
watchlist actions for your own Buzzberg account.
|
|
11
|
+
|
|
12
|
+
## Quickstart
|
|
13
|
+
|
|
14
|
+
```bash
|
|
15
|
+
pip install buzzberg-mcp
|
|
16
|
+
buzzberg-mcp setup
|
|
17
|
+
```
|
|
18
|
+
|
|
19
|
+
The setup command uses an interactive hidden prompt for your key. Get a personal
|
|
20
|
+
key from `https://buzzberg.ai -> Profile -> MCP Access`.
|
|
21
|
+
|
|
22
|
+
## What Your Key Can Do
|
|
23
|
+
|
|
24
|
+
| Action | Allowed? |
|
|
25
|
+
|---|---|
|
|
26
|
+
| Read public trade ideas, sentiment, and prices | Yes |
|
|
27
|
+
| Add/remove tickers in your watchlist | Yes |
|
|
28
|
+
| Save trade ideas to your account | Yes |
|
|
29
|
+
| Server sees tool-call arguments Claude sends | Yes* |
|
|
30
|
+
| See another user's watchlist or saved ideas | No |
|
|
31
|
+
| Change another user's watchlist or saved ideas | No |
|
|
32
|
+
| Place trades on an exchange | No |
|
|
33
|
+
| See your full Claude conversation | No |
|
|
34
|
+
| Access your X, broker, or other accounts | No |
|
|
35
|
+
| Download files from your computer | No |
|
|
36
|
+
|
|
37
|
+
*Buzzberg receives only MCP requests and tool arguments selected by your client,
|
|
38
|
+
not your full Claude transcript. Avoid putting sensitive private text into tool
|
|
39
|
+
arguments.
|
|
40
|
+
|
|
41
|
+
## Supported Clients
|
|
42
|
+
|
|
43
|
+
| Client | Status |
|
|
44
|
+
|---|---|
|
|
45
|
+
| Claude Desktop | Supported |
|
|
46
|
+
| Claude Code | Supported via SSE beta transport |
|
|
47
|
+
| Cursor | Supported |
|
|
48
|
+
| Cline | Supported |
|
|
49
|
+
| Continue.dev | Supported |
|
|
50
|
+
| Claude Mobile | Works only where custom headers are available |
|
|
51
|
+
| Agent SDK | Manual config supported |
|
|
52
|
+
|
|
53
|
+
Private beta currently uses SSE at `https://mcp.buzzberg.ai/sse`. Streamable
|
|
54
|
+
HTTP `/mcp` ships before broader beta; `/sse` will remain for legacy clients for
|
|
55
|
+
a migration window.
|
|
56
|
+
|
|
57
|
+
## Tools
|
|
58
|
+
|
|
59
|
+
Buzzberg exposes 17 tools. See [TOOLS.md](TOOLS.md) for signatures and examples.
|
|
60
|
+
|
|
61
|
+
## Trust And Verification
|
|
62
|
+
|
|
63
|
+
The normal path is `pip install buzzberg-mcp`. pip uses HTTPS and package hashes
|
|
64
|
+
from the index for download integrity, but pip does not automatically verify
|
|
65
|
+
Sigstore attestations.
|
|
66
|
+
|
|
67
|
+
Buzzberg releases use PyPI Trusted Publishing through GitHub OIDC. Attestations
|
|
68
|
+
are available for manual verification; the exact command will be published after
|
|
69
|
+
the Test PyPI smoke test confirms the working `pypi-attestations` syntax.
|
|
70
|
+
|
|
71
|
+
Read more in [SECURITY.md](SECURITY.md).
|
|
72
|
+
|
|
73
|
+
## Links
|
|
74
|
+
|
|
75
|
+
- [INSTALL.md](INSTALL.md)
|
|
76
|
+
- [SECURITY.md](SECURITY.md)
|
|
77
|
+
- [TOOLS.md](TOOLS.md)
|
|
78
|
+
- [examples](examples)
|
|
79
|
+
- [sessions](sessions)
|
|
80
|
+
- [CHANGELOG.md](CHANGELOG.md)
|
|
@@ -0,0 +1,75 @@
|
|
|
1
|
+
# Security Policy
|
|
2
|
+
|
|
3
|
+
## Reporting
|
|
4
|
+
|
|
5
|
+
Email security issues to `security@buzzberg.ai`. We acknowledge reports within
|
|
6
|
+
72 hours. Please do not file public GitHub issues for vulnerabilities.
|
|
7
|
+
|
|
8
|
+
## Threat Model
|
|
9
|
+
|
|
10
|
+
Buzzberg MCP is a hosted remote MCP server. The public package in this repo is
|
|
11
|
+
an installer and documentation package; it is not the server implementation.
|
|
12
|
+
|
|
13
|
+
- Confused deputy: the server resolves each Bearer key to a server-side user
|
|
14
|
+
context. Write tools use that context and do not accept user-id overrides.
|
|
15
|
+
- Token passthrough: Buzzberg MCP keys are not passed to downstream market-data
|
|
16
|
+
providers.
|
|
17
|
+
- Session hijacking: there is no server-side session cookie for MCP. Each request
|
|
18
|
+
authenticates with a Bearer key.
|
|
19
|
+
- SSRF: tool inputs are not arbitrary outbound HTTP URLs.
|
|
20
|
+
- Local installer compromise: installer code is public in this repo and releases
|
|
21
|
+
are published with PyPI Trusted Publishing through GitHub OIDC.
|
|
22
|
+
|
|
23
|
+
See [security-controls.json](security-controls.json) for the sanitized public
|
|
24
|
+
mapping of scope claims to enforcement mechanisms.
|
|
25
|
+
|
|
26
|
+
## What Your Key Can And Cannot Do
|
|
27
|
+
|
|
28
|
+
| Action | Allowed? |
|
|
29
|
+
|---|---|
|
|
30
|
+
| Read public trade ideas, sentiment, and prices | Yes |
|
|
31
|
+
| Add/remove tickers in your watchlist | Yes |
|
|
32
|
+
| Save trade ideas to your account | Yes |
|
|
33
|
+
| Server sees tool-call arguments Claude sends | Yes |
|
|
34
|
+
| See another user's watchlist or saved ideas | No |
|
|
35
|
+
| Change another user's watchlist or saved ideas | No |
|
|
36
|
+
| Place trades on an exchange | No |
|
|
37
|
+
| See your full Claude conversation | No |
|
|
38
|
+
| Access your X, broker, or other accounts | No |
|
|
39
|
+
| Download files from your computer | No |
|
|
40
|
+
|
|
41
|
+
## Key Storage
|
|
42
|
+
|
|
43
|
+
MCP keys are generated as `bzb_` plus a high-entropy random value from
|
|
44
|
+
`secrets.token_urlsafe(32)`. Buzzberg stores a SHA-256 hash of the key, not the
|
|
45
|
+
raw key. SHA-256 is appropriate here because the secret is random and high
|
|
46
|
+
entropy; this is not a low-entropy password.
|
|
47
|
+
|
|
48
|
+
## Logging
|
|
49
|
+
|
|
50
|
+
Buzzberg stores `last_used_at` per key and standard HTTP access logs such as
|
|
51
|
+
path, status, IP, and response time. Buzzberg does not intentionally log request
|
|
52
|
+
bodies, tool arguments, or MCP response payloads. Per-tool audit logs are on the
|
|
53
|
+
roadmap but are not present in this beta.
|
|
54
|
+
|
|
55
|
+
## What The Server Can See
|
|
56
|
+
|
|
57
|
+
The server receives MCP requests and tool arguments sent by your client. Tool
|
|
58
|
+
arguments are visible to Buzzberg. The server does not receive your full Claude
|
|
59
|
+
conversation unless your client chooses to include text from that conversation
|
|
60
|
+
inside a tool argument.
|
|
61
|
+
|
|
62
|
+
## Key Lifecycle
|
|
63
|
+
|
|
64
|
+
Create keys in Buzzberg Profile -> MCP Access. Revoke keys from the same page.
|
|
65
|
+
Revoked keys stop authenticating once their `revoked_at` timestamp is set.
|
|
66
|
+
|
|
67
|
+
If the server is compromised, Buzzberg will revoke all active MCP keys, require
|
|
68
|
+
re-issue, and email active MCP users within 72 hours.
|
|
69
|
+
|
|
70
|
+
## Attestation Verification
|
|
71
|
+
|
|
72
|
+
pip does not automatically verify Sigstore attestations. Buzzberg releases use
|
|
73
|
+
PyPI Trusted Publishing through GitHub OIDC, and attestations are available for
|
|
74
|
+
manual verification. The exact `pypi-attestations verify` command will be added
|
|
75
|
+
after the Test PyPI smoke test validates the working syntax.
|