Blekline is the Layer 4 ingress control plane in the AI Enablement Stack. Agent clients (L5) call Blekline over MCP; Blekline governs traffic before model providers (L2), frameworks/RAG, and L1 sandboxes.
System view
flowchart TB
subgraph L5["L5 — Agent consumer"]
C[Cursor]
CO[Continue]
CP[GitHub Copilot]
CL[Claude Desktop]
end
subgraph L4["L4 — Blekline"]
MS["@blekline/mcp-server"]
MP["@blekline/mcp-proxy"]
CP["Control plane /api/*"]
end
subgraph L1["L1 — Sandbox + models"]
S[L1 sandbox MCP]
M[Anthropic / OpenAI / …]
end
C --> MS
CO --> MS
CP --> MS
CL --> MS
C --> MP
MP --> MS
MS --> CP
MP --> CP
CP --> M
MP --> S
ASCII (copy-paste friendly)
[ Cursor | Claude Desktop | Codex ] L5 — agent consumer
│ MCP stdio / SSE
▼
[ @blekline/mcp-server | @blekline/mcp-proxy ] L4 — observability & governance
│ HTTPS mask · enforce-tool-call · events
▼
[ Blekline control plane — app.blekline.com ]
├──────────────► [ Model APIs ] L1 — infrastructure
└──────────────► [ L1 sandbox MCP — approved tools ]
What Blekline does not do
Blekline is an ingress control plane. It is not:
- A network WAF or packet-level firewall
- A model output filter (it operates before the model call, not after)
- A full SIEM — forward audit events via
/api/integrations/siem(Pro+) - A sandbox runtime — L1 providers (see Sandbox providers) handle isolated execution
This scope boundary is intentional. Blekline does one thing at the MCP boundary and does it with low latency and high reliability. Everything else integrates via the audit event stream or the policy API.
Trust and diligence
- Trust boundaries — what leaves the client; metadata-only audit.
- MCP identity pinning — downstream server attestation.
- Latency SLO — enforce path p99 targets.
Masking in production uses Blekline backend + Azure PII (not local-only). OSS @blekline/contracts supports offline dev secret scan without a token.
Next steps: AI Enablement Stack · Agent clients · Model providers · MCP proxy · Open workspace