A comprehensive Model Context Protocol (MCP) server that provides LLMs with direct access to the AT Protocol ecosystem, enabling seamless interaction with Bluesky and other AT Protocol-based social networks.
Supports both authenticated and unauthenticated modes - Start immediately with public data access (view profiles, search accounts, fetch follower/following lists), or add authentication for full functionality (search, write operations, private data, feeds).
Zero-config launch:
npx atproto-mcpruns the server in unauthenticated public-data mode — no credentials required.Recent additions: Batch operations for bulk actions, advanced analytics and insights, intelligent content discovery, and a conversation-context scratchpad resource.
This MCP server acts as a bridge between LLM clients and the AT Protocol ecosystem:
┌─────────────────┐
│ User │ "Search for posts about AI"
└────────┬────────┘
│ Natural Language
▼
┌─────────────────┐
│ LLM Client │ (Claude Desktop, etc.)
│ (MCP Client) │
└────────┬────────┘
│ MCP Protocol (JSON-RPC 2.0)
▼
┌─────────────────┐
│ This Server │ AT Protocol MCP Server
│ (MCP Server) │ - Tools, Resources, Prompts
└────────┬────────┘
│ AT Protocol API
▼
┌─────────────────┐
│ AT Protocol │ Bluesky, Custom PDS, etc.
│ Ecosystem │
└─────────────────┘
Key Point: Users don't interact with this server directly. Instead, they talk to their LLM client in natural language, and the LLM client uses this MCP server to access AT Protocol functionality.
- Batch Operations: Perform multiple operations in a single call (follow/like/repost up to 25 items at once)
- Analytics & Insights: Analyze engagement patterns, network connections, and get content strategy recommendations
- Content Discovery: Find similar users, trending topics, and influential voices in your areas of interest
- Conversation Context: An MCP resource that acts as a scratchpad for conversation state (not auto-populated yet)
- Zero-config Unauthenticated Mode: Run
npx atproto-mcpto access public data without any setup - view profiles, search accounts, and fetch follower/following lists - Optional Authentication: Enable full functionality with app passwords for write operations, feeds, and private data
- Complete AT Protocol Integration: Full implementation using official
@atproto/api - MCP Server Compliance: Built with
@modelcontextprotocol/sdkfollowing MCP specification - Type-Safe: Written in TypeScript with strict type checking
- Comprehensive Tools: 43 MCP tools for social networking operations
- Rate Limiting: Built-in respect for AT Protocol rate limits
- Extensible: Modular architecture for easy customization
Planned: OAuth login and real-time firehose streaming are on the roadmap but not yet functional. App-password authentication is the supported auth path today.
This is an MCP (Model Context Protocol) server designed to be consumed by LLM clients such as:
- Claude Desktop
- Other MCP-compatible AI assistants
- Custom LLM applications using the MCP SDK
How it works:
User → LLM Client (Claude Desktop) → MCP Protocol → This Server → AT Protocol → Bluesky
Users interact with their LLM client in natural language (e.g., "search for posts about AI"), and the LLM client uses this MCP server to fulfill those requests by calling the appropriate tools via the MCP protocol.
This project is also for developers who want to:
- Deploy the MCP server for their LLM clients to connect to
- Extend the server with custom MCP tools and resources
- Contribute to the open-source project
- A direct-use REST API or SDK for application developers
- A JavaScript/TypeScript library to import into your app
- An end-user application
If you're building an application that needs AT Protocol functionality, you should either:
- Use the official
@atproto/apipackage directly, OR - Build an LLM-powered application that uses this MCP server through an LLM client
Run it with no install and no configuration — npx atproto-mcp launches the
server in unauthenticated public-data mode immediately:
npx atproto-mcpOr install globally:
npm install -g atproto-mcpAdd this to your Claude Desktop MCP configuration to run the server with zero config:
{
"mcpServers": {
"atproto": { "command": "npx", "args": ["-y", "atproto-mcp"] }
}
}Perfect for LLM clients that need to access public AT Protocol data:
-
Configure your LLM client (e.g., Claude Desktop) to launch the MCP server:
Add to your LLM client's MCP configuration:
{ "mcpServers": { "atproto": { "command": "npx", "args": ["atproto-mcp"] } } } -
Start your LLM client - it will automatically launch the MCP server
-
Interact in natural language - Ask your LLM to search posts, view profiles, etc.
What your LLM can do in unauthenticated mode:
- View user profiles (
get_user_profile- works without auth, provides additional viewer-specific data when authenticated) - Search for accounts by handle or name (
search_actors) - List a user's posts (
get_author_feed) - View follower/following lists (
get_user_connectionswithdirection: 'followers' | 'follows'- ENHANCED mode: works without auth, enriches the underlying API call when authenticated)
Note: The following features require authentication:
- Searching posts and hashtags (
search_posts) - API changed in 2025 to require authentication - Browsing feeds and threads (
get_post_context,get_custom_feed,get_timeline) - All write operations (create, like, repost, follow, etc.)
- Resources (timeline, profile, notifications) - these are listed but require
authentication to return data (the
conversation-contextscratchpad resource is readable without auth and simply returns near-empty placeholder content) - Prompts (content composition, reply templates) - these are listed but require authentication to be available
Important: All tools, resources, and prompts are listed by the MCP server regardless of authentication state. Most tools and resources that require authentication will return a clear error message when called without proper credentials.
Enable write operations and private data access for your LLM:
-
Configure your LLM client with AT Protocol credentials:
{ "mcpServers": { "atproto": { "command": "npx", "args": ["atproto-mcp"], "env": { "ATPROTO_IDENTIFIER": "your-handle.bsky.social", "ATPROTO_PASSWORD": "your-app-password" } } } } -
Start your LLM client - it will launch the authenticated MCP server
What your LLM can do in authenticated mode:
- Create, edit, and delete posts
- Follow/unfollow users
- Like and repost content
- Access personalized timelines and notifications
- Manage lists and moderation settings
The server provides 43 MCP tools across multiple categories. See the complete API documentation for detailed information on each tool.
Data Retrieval
get_user_profile- Retrieve basic user information (ENHANCED mode: works without auth, provides additional viewer-specific data when authenticated)get_user_summary- Get a profile with recent posts and engagement stats in one call (ENHANCED mode)search_actors- Find accounts by handle or display name (ENHANCED mode)get_author_feed- List a specific user's posts (ENHANCED mode)get_user_connections- Get follower or following lists viadirection: 'followers' | 'follows'(ENHANCED mode: works without auth, enriches the underlying API call when authenticated)get_post_context- Get a post with optional thread, author profile, engagement metrics, and media (ENHANCED mode)
Rich Media
analyze_image- Report blob-declared size and MIME type for an image (PUBLIC mode: no auth required; does not decode pixels, so no dimensions/aspect ratio)
Note: As of 2025, the AT Protocol API has changed to require authentication
for most endpoints that were previously public, including search_posts.
Social Operations
create_post- Create posts with text, auto-detected or explicit richtext facets, replies, image/external embeds, and quote postscreate_thread- Create multi-post threads in one callreply_to_post- Reply to existing posts with threadinglike_post/unlike_post- Like and unlike postsrepost/unrepost- Repost content with optional quotesfollow_user/unfollow_user- Follow and unfollow users
Data Retrieval
search_posts- Search for posts and content across the network (⚠️ API changed in 2025 to require auth)get_custom_feed- Access custom feedsget_timeline- Retrieve personalized timelinesget_notifications- Access notification feeds (usecountOnly: truefor a cheap unread badge count)mark_notifications_seen- Mark notifications as seen up to a timestamp
Content Management
upload_image/upload_video- Upload media contentdelete_post- Remove postsupdate_profile- Modify profile and settingsgenerate_link_preview- Generate link previews for posts
List Management
create_list- Create user listsadd_to_list/remove_from_list- Manage list membersget_list- Retrieve list information
Moderation
mute_user/unmute_user- Mute and unmute usersblock_user/unblock_user- Block and unblock usersreport_content/report_user- Report content and usersanalyze_moderation_status- Check moderation status of content
Batch Operations
batch_action- Apply one action across up to 25 targets in a single call viaaction: 'follow' | 'like' | 'repost'
Analytics & Insights
analyze_account- Analyze a single account along one dimension viadimension: 'engagement' | 'network' | 'strategy'find_influential_users- Find influential users in a topic area
Content Discovery
discover- Surface timeline content viamode: 'trending' | 'recommended'find_similar_users- Find users similar to a given userdiscover_communities- Discover communities around topics
Visit our documentation site for:
- Getting Started Guide
- API Reference
- Configuration Options
- Examples and Tutorials
- Troubleshooting
The server works perfectly without authentication for accessing public data. Authentication is only needed for write operations and private data access.
export ATPROTO_IDENTIFIER="your-handle.bsky.social"
export ATPROTO_PASSWORD="your-app-password"
atproto-mcpApp passwords are the supported authentication path. OAuth login is planned but not yet functional.
# Clone the repository
git clone https://github.com/cameronrye/atproto-mcp.git
cd atproto-mcp
# Install dependencies (use pnpm, npm, or yarn)
pnpm install # or: npm install
# Start development server
pnpm dev # or: npm run dev
# Run tests
pnpm test # or: npm test
# Build for production
pnpm build # or: npm run buildThis project provides cross-platform npm scripts that work on Windows, macOS, and Linux:
# Show all available commands
npm run help
# Development
npm run dev # Start development server with hot reload
npm run build # Build for production
npm run start # Start production server
# Testing & Quality
npm test # Run tests
npm run test:coverage # Run tests with coverage
npm run test:ui # Run tests with interactive UI
# Integration Tests (connects to real AT Protocol servers)
npm run test:integration
npm run lint # Run ESLint
npm run lint:fix # Fix linting issues
npm run format # Format code with Prettier
npm run type-check # Run TypeScript type checking
npm run check # Run all quality checks
# Utilities
npm run clean # Clean build artifacts
npm run clean:all # Clean everything including node_modules
npm run status # Show project status
npm run ci # Run full CI pipeline locally
# Dependencies
npm run deps:update # Update dependencies
npm run deps:audit # Audit for security issuesAll build commands work on Windows, macOS, and Linux without requiring
additional tools. Simply use npm scripts on any platform (e.g., npm run dev,
npm test, npm run build).
The project includes comprehensive test coverage:
# Run all unit tests
pnpm test
# Run with coverage
pnpm test:coverage
# Run with interactive UI
pnpm test:uiComprehensive integration tests that connect to real AT Protocol servers to validate all public-facing functionality:
# Run integration tests (requires internet connection)
npm run test:integrationWhat's tested:
- Public/enhanced tools (
get_user_profile,get_user_connections,get_author_feed) and authenticated tools (search_posts,get_post_context,get_custom_feed) - DID and handle resolution
- Pagination support
- Error handling
- AT Protocol specification compliance
- Rate limiting behavior
Note: Integration tests are opt-in and disabled by default to avoid hitting real servers during normal development. See Integration Tests Documentation for details.
We welcome contributions! Please see our Contributing Guide for details.
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests
- Submit a pull request
This project is licensed under the MIT License.
- AT Protocol Team for the excellent protocol and SDK
- Anthropic for the Model Context Protocol
- The open source community for inspiration and contributions
This is a stdio MCP server: it is normally launched by an MCP client (e.g.
Claude Desktop) via npx atproto-mcp and communicates over stdin/stdout. It
does not listen on a network port, so there is no HTTP endpoint to expose or
scale.
- Error sanitization: in
NODE_ENV=production, internal error details are redacted before being returned to the client. - Rate limiting: per-tool invocation rate limiting guards against runaway loops.
- SSRF protection: outbound URL/media fetches reject private/internal network destinations and cap response size and time.
- Path-traversal protection: local file reads are confined to an allowed
base directory (
ATPROTO_MEDIA_DIR, default: working directory).
The container runs the same stdio server, so attach to it via your MCP client rather than mapping a port:
docker build -t atproto-mcp .
docker run -i --rm \
-e ATPROTO_IDENTIFIER=your.handle.bsky.social \
-e ATPROTO_PASSWORD=your-app-password \
atproto-mcp# Copy the example environment file and edit it (loaded automatically by the CLI)
cp .env.example .envATPROTO_IDENTIFIER=your.handle.bsky.social
ATPROTO_PASSWORD=your-app-password
NODE_ENV=production
LOG_LEVEL=infoSee .env.example for the full list of variables the server reads.
Security is a top priority for this project. Please review our security practices and policies:
Before deploying to production:
-
Secure Your Credentials
- Never commit
.envfiles to version control - Use app passwords instead of your main account password
- Rotate credentials regularly
- Use a secret management system where available (AWS Secrets Manager, HashiCorp Vault, etc.)
- Never commit
-
Run in production mode
- Set
NODE_ENV=productionso returned error messages are sanitized
- Set
-
Keep Dependencies Updated
pnpm audit pnpm update
If you discover a security vulnerability, please review our Security Policy for responsible disclosure guidelines.
Do not open public issues for security vulnerabilities. Instead, send me a message privately.
- Input validation and sanitization
- Rate limiting and abuse prevention
- Credential redaction in logs
- Non-root Docker containers
- HTTPS support for AT Protocol
- Error sanitization to prevent information leakage
For more details, see SECURITY.md.
Made with ❤️ by Cameron Rye