@marketprior/mcp-server

The MCP intake for MarketPrior — AI-generated competitive intelligence reports for founders, sourced from a proprietary corpus (SEC EDGAR Form D + Crunchbase open data + Companies House + verified press feeds + founder-submitted pitches with consent). Submit a startup idea + vertical + geography through the 7-axis input protocol; MarketPrior returns a 4–6 page report with named competitors (funding, team, traction), a ranked distribution-channel map with CAC benchmarks, and a founder-market-fit assessment.

Positioning: This is the V2 framing — MarketPrior is the intelligence platform, the MCP server is the input-collection layer. The V1 anti-sycophancy gating product is logged in STRATEGIC_FRAMING.md; the V2 supersession is in STRATEGIC_FRAMING_V2.md.

Vertical-first launch: AI-native SaaS at launch. Fintech next. Reports for verticals outside the launch one carry a "thin coverage" warning. We tell you before charging.

What this tool does in the new product

@marketprior/mcp-server is the input-collection layer for the MarketPrior intelligence platform. The platform itself runs on MarketPrior's hosted backend (corpus + report generator). This server is one of three intake mechanisms — the web app at marketprior.com is the default for most users; the HTTP API at marketprior.com/api/v1/research is the default for programmatic integrations; this MCP server is the intake of choice for users working inside AI coding agents (Claude Desktop, Cursor, Cline, Claude Code).

In all three cases the protocol is the same: the user (or agent) provides a startup idea + vertical + geography + optional context through the 7-axis spec; MarketPrior queries the corpus, runs LLM synthesis with citation tracking, and returns a structured report. The report is the product; the MCP transport is the wire format for agent-side users.

Quickstart

npx -y @marketprior/mcp-server

That single command runs the server over stdio. To wire it into an MCP-compatible agent (Claude Desktop, Cursor, Cline, Claude Code), add the following to that agent's MCP config:

{
  "mcpServers": {
    "marketprior": {
      "command": "npx",
      "args": ["-y", "@marketprior/mcp-server"],
      "env": {
        "SCALE4_SESSION_SECRET": "<32+ char random hex string>"
      }
    }
  }
}

Generate the session secret with:

node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"

Optional global install:

npm install -g @marketprior/mcp-server
marketprior-mcp   # invokes the bin

Tools

| Tool | Tier | Description | |------|------|-------------| | scale4.start | free | Opens an intake session. Returns the 7-axis input spec + a signed session token. The agent stores the token and round-trips it on every subsequent call. | | scale4.submit_signal | free | Submits one piece of context for one axis (vertical, geography, top known competitors, channel hypothesis, etc.). Validates shape — URL HEAD-check (fails closed on 4xx/5xx), min-char floor, placeholder regex (lorem|TODO|example|placeholder block). Returns refreshed token. | | scale4.check_progress | free | Per-axis completeness — how much context MarketPrior has vs the minimum required to query the corpus and generate a report. | | scale4.generate_report | free (3/mo) / paid | Runs the corpus query + LLM synthesis pipeline. Free tier: synchronous return at small-corpus default depth (~1 minute). Paid tiers: async — returns a job_id; use get_report to retrieve. | | scale4.get_report | free | Fetches a previously generated report by job_id. Used for resumed agent sessions and async paid-tier polling. Returns { status: "queued"\|"running"\|"complete"\|"failed", report? }. | | scale4.export | free (markdown) / Pro (PDF) | Markdown or PDF bundle of the report + evidence ledger + source list. format: 'pdf' requires a Pro API key and renders via the marketing-site PDF service. | | scale4.deep_research_mode | Pro+ | Two modes by request shape:(A) { session, axis } — returns the optional-context spec for an axis (extra context that bumps corpus coverage).(B) { citations: [{ verbatim, source_url }, …] } — calls verifyCitations() from @scale4/engine-deep. Each URL is re-fetched (SSRF-allowlisted) and an LLM judges whether the quote appears at the URL with the same meaning. Returns per-citation { valid, reason? }. Hard cap: 25 citations / call. | | scale4.stackforge_handoff | Pro+ | Portfolio cross-sell. When the report's founder-fit assessment is positive, emits a Stackforge compose_stack intent string. Optional; nothing in MarketPrior's primary value-prop depends on Stackforge. | | scale4.pitchforge_handoff | Pro+ | Portfolio cross-sell. Emits a stable deck-generation seed JSON (top market signal, ICP, wedge candidate, named competitors, signal counts, attribution). The Pitchforge MCP server itself is not yet published — the seed format is stable and can be fed to any deck-generation tool. |

The tool names retain the scale4.* prefix as a stable wire identifier — existing agent configs keep working through the rebrand. The product surface is MarketPrior; the protocol prefix is the protocol prefix.

The 7-axis intake protocol

Under V2 the 7 axes are the input-collection layer, not a scoring rubric. The richer the context, the deeper the corpus query and the more specific the report. Most axes accept partial input on the free tier; paid tiers and deep_research_mode mode A surface the optional-context spec that bumps corpus coverage further.

Axis              Context the agent supplies (kind × min for full coverage)
─────────────     ───────────────────────────────────────────────────────────
problem           one_paragraph_description ×1, user_quote ×3 (optional)
market            vertical ×1, geography ×1, icp_definition ×1, named_prospect ×3 (optional)
solutions         named_competitor ×0–5 (MarketPrior finds more; user-supplied seed helps)
wedge             wedge_statement ×1, anti_wedge ×1 (optional)
distribution      channel_hypothesis ×0–3 (MarketPrior returns the ranked map)
economics         cac ×1, ltv ×1, gross_margin ×1, breakeven_customers ×1 (optional)
founder           domain_years ×1, unfair_advantage ×1, shipped_artifact ×1 (optional)

Minimum to generate a report: a one-paragraph description + a vertical

• a geography. Everything else is optional but tightens the corpus query. The intake spec is versioned ([email protected]); sessions pin to the version they started with.

The report that comes back contains:

• 10 named competitors with funding history, team size, traction signals
• A ranked distribution-channel map for the vertical, with CAC benchmarks
• A list of journalists, influencers, and communities that have covered comparable companies
• A founder-market-fit assessment from public signals
• A coverage-confidence note — if the vertical is outside the launch one, the report is flagged coverage: "thin" and we tell the user before charging.

Configuration

The server reads the following environment variables. Only SCALE4_SESSION_SECRET is required.

| Var | Required? | Purpose | |-----|-----------|---------| | SCALE4_SESSION_SECRET | yes | 32+ char string used to HMAC-sign session tokens. If unset, the server refuses to start. | | SCALE4_API_KEY | optional | Paid-tier API key. Unlocks unlimited reports, deep_research_mode, PDF export, async-job paid-tier flow, and the cross-sell handoffs. Without a key, the free-tier 3-reports/month cap applies. | | SCALE4_API_BASE_URL | optional | Base URL for the MarketPrior web service (PDF rendering, web-tier endpoints). Defaults to https://marketprior.com. Self-hosters override. | | SCALE4_TELEMETRY_URL | optional | Override for the telemetry sink. Defaults to the MarketPrior-hosted endpoint. Telemetry posts are fire-and-forget; failures never block tool calls. | | SCALE4_LICENSE_URL | optional | Override for the license check service. Defaults to the MarketPrior-hosted Worker. Self-hosters point this at their own. | | SCALE4_TRUST_INSECURE | dev only | Set to 1 to bypass ed25519 signature verification on registry axis JSONs. Refuses to take effect when NODE_ENV=production. Use only when developing custom axes locally. |

The SCALE4_* env-var prefix is preserved across the rebrand so existing installs keep working without config-file edits. A future major (1.0.0) may add MARKETPRIOR_* aliases.

Usage — one round-trip in Claude Desktop

After installing per the Quickstart, paste a pitch into Claude Desktop and ask: "Generate a MarketPrior competitive intelligence report on this idea."

The expected agent flow:

1. Claude calls scale4.start({ pitch: "..." }).
   → server returns: session token + the 7-axis intake spec.
2. Claude collects the minimum context (one_paragraph_description +
   vertical + geography) and optionally adds richer context (known
   competitors, channel hypothesis, founder background). For each
   piece of context Claude calls:
   scale4.submit_signal({
     session, axis: "market", kind: "vertical",
     value: { vertical: "ai-native-saas", subvertical: "developer-tools" }
   })
   → server validates shape, accepts or rejects with a reason.
3. When the minimum is in, Claude calls scale4.generate_report(session).
   → free tier (3/mo): returns the report synchronously (~1 min).
   → paid tier: returns { job_id }; Claude polls with
     scale4.get_report({ job_id }) until status === "complete".
4. Optional: scale4.export(session) for a markdown bundle (or
   format: 'pdf' on Pro).
5. Optional cross-sells (Pro+):
   scale4.stackforge_handoff(session) — emits a compose_stack intent
   when founder-fit is positive.
   scale4.pitchforge_handoff(session) — emits a deck-generation seed.

The session token is what makes this work across resumed sessions. If you close the chat and come back later, paste the token and the report retrieval (get_report) continues to work for the lifetime of the session token (30 days).

Why the corpus matters, not just the prompt

The single positioning risk for MarketPrior is the gap between "AI-generated competitive intelligence" and "well-prompted Claude with web search." We close that gap on the corpus side, not the prompting side:

• SEC EDGAR Form D ingestion. Every US private-company fundraise is publicly disclosed within 15 days. MarketPrior ingests the full-index endpoint daily; the corpus tracks named competitors with real funding numbers and dates that the LLM cannot confabulate.
• Crunchbase open dataset. Crunchbase publishes a CC-BY 4.0 attribution dataset; MarketPrior ingests it as the entity-resolution spine for competitor and channel-comparable matching.
• Companies House (UK). The entire UK corporate registry is available as bulk downloads. Founder-graph data and corporate registration history come from here, not LinkedIn.
• Verified press feeds. A whitelist of outlets, RSS-ingested and deduped against the EDGAR + Crunchbase entity graph, gives the report its "who has covered comparable companies" content.
• verifyCitations layer (Pro tier). Every quote in the report carries a source URL; the Pro-tier citation verification re-fetches each URL and asks an LLM whether the quote actually appears at the source with the same meaning. Same mechanism used in the V1 build, repurposed for V2 reports.

A Perplexity-style answer is plausible. A MarketPrior report is citable to a real corpus row. That's the wedge.

State posture

The server holds zero state on the free tier. Every tool call takes a signed session token of the form srv1.<payload>.<hmac>. The agent stores the token and round-trips it on every call. Losing the token means restarting the assessment.

• Token expiry: 30 days from start.
• Token max size: 32 KB (≈ 80 full signal entries with full URLs + 200-char verbatim quotes).
• HMAC algorithm: SHA-256 with SCALE4_SESSION_SECRET.
• Axis JSON files are ed25519-signed; the public key is pinned in the built binary.

The Pro tier optionally retains sessions server-side in an encrypted Cloudflare D1 with the encryption key derived from the API key.

Known limitations

Stated honestly, because the alternative is users discovering them at the worst possible time. These map to V2's risk table and the open questions in IMPLEMENTATION.md.

• Vertical-first coverage. At launch the corpus has depth on AI-native SaaS. Fintech is the next vertical. For verticals outside the launch one, generate_report returns the report with a prominent coverage: "thin" flag and we surface the corpus gaps in the response. We'd rather tell you we don't have it than charge for a report we can't yet make great. The launch-vertical decision is per V2 §critical-path action 2.
• Corpus is open-data first. The launch corpus is SEC EDGAR Form D + Crunchbase open CSV + Companies House + verified press feeds. These are public-domain or licensed-for-attribution sources; anyone with a crawl budget can replicate them. The durable layer — founder-submitted pitches with consent, accelerator data partnerships, outcome tracking — accumulates over time and is the long-term differentiator. We're honest that the moat is partial at launch; see STRATEGIC_FRAMING_V2.md §moat.
• No LinkedIn data. No Twitter/X data. People-graph data comes from SEC filings, Companies House, GitHub, and public press. We do not scrape LinkedIn (ToS exposure) and we do not use Twitter/X (API blackout post-2023). Founder-fit assessments are correspondingly signal-thin for founders without public artifacts; the report says so when it happens.
• Report generation is async on paid tiers. The 4–6 page report takes 2–7 minutes to generate at full corpus depth. Free tier runs the small-corpus default depth synchronously (~1 minute); Pro/Team/Capital tiers use the async-job pattern — generate_report returns a job_id, get_report retrieves the finished report. The agent should poll get_report or subscribe to a webhook; do not assume sync return on paid tiers.
• The 7-axis intake is an input spec, not a scoring rubric. Under V1, the 7 axes were the product (gating, scorecard, verdict). Under V2 they are the input-collection layer that tells the report generator what context to query against. There is no "kill verdict" in V2; the report can surface a crowded market or thin founder-market-fit, but the framing is intelligence, not judgement.
• The MCP spec is moving. Tool registration, content shapes, and transports have changed across versions of @modelcontextprotocol/sdk. This server is pinned to ~1.29.0; if your MCP host is on a different major, register an issue and we'll add a compat shim.
• deep_research_mode citation verification is Pro-tier. Free-tier reports include source URLs but do not LLM-verify that each quote actually appears at its source. The verifyCitations layer is the same one from the V1 build, repurposed for the V2 report-citation pass; it stays Pro-tier because the LLM cost is material.
• stackforge_handoff is a portfolio cross-sell, not a roadmap pillar. When the report's founder-fit assessment is positive, the handoff emits a Stackforge compose_stack intent string. Optional; nothing in MarketPrior's primary value-prop depends on Stackforge being installed. (V1 made this the strategic flywheel; V2 demoted it to cross-sell.)
• No public report hosting. A shareable "here's my MarketPrior report" URL is intentionally not built — the failure mode of founders sharing reports that surface unflattering competitive landscapes and then blaming the tool is real. Reports stay private to the generator. May ship as an opt-in feature in Team tier with auth-gated recipients.

Security

• Session tokens are HMAC-SHA256 signed with SCALE4_SESSION_SECRET; tampering breaks verification (any change to payload or signature yields a 401 from verifyToken).
• Axis JSON files are ed25519-signed; the public key is pinned at build time. SCALE4_TRUST_INSECURE=1 bypasses verification only when NODE_ENV !== 'production' — production builds ignore the override.
• URL HEAD-check validators fail closed on 4xx/5xx and on 3-second timeout.
• Outbound fetches (URL HEAD checks, citation source fetches) go through an SSRF allowlist — RFC1918, loopback, link-local, IPv6 ULA are all blocked before the connection is made.
• The scoring expression evaluator is a hand-written Pratt parser; no eval(), no Function() constructor.

Links

• Site: https://marketprior.com/
• MCP docs: https://marketprior.com/mcp
• npm: https://www.npmjs.com/package/@marketprior/mcp-server

License

MIT. See LICENSE.