# AI Enablement Stack Enterprise AI adoption stacks five layers. Blekline operates at **Layer 4 — Observability and Governance** (MCP ingress). **Layer 1** sandbox providers (Daytona, Modal, Vercel Sandbox, Cloudflare, E2B) run isolated agent code. ## The five layers | Layer | Name | Role | Examples | |-------|------|------|----------| | **L5** | Agent consumer | Autonomous and assistive agents that plan, call tools, write code | [Cursor](/docs/mcp/cursor), [Continue](/docs/mcp/continue), [GitHub Copilot](/docs/mcp/github-copilot), [OpenHands](/docs/mcp/openhands), Claude Desktop, Codex | | **L4** | Observability and governance | Mask, classify risk, enforce MCP tool policy, audit | **Blekline** — ingress control plane | | **L3** | Engineering | Training, eval, testing, quality for agent systems | [LangSmith](/docs/integrations/langsmith-stack), [Guardrails](/docs/integrations/guardrails-stack), Braintrust | | **L2** | Intelligence | Frameworks, retrieval, coding models | [LangChain](/docs/integrations/langchain-stack), [LlamaIndex](/docs/integrations/llamaindex-stack), [Azure OpenAI](/docs/integrations/azure-openai-stack), [OpenRouter](/docs/integrations/openrouter-stack) | | **L1** | Infrastructure | Sandboxes, model APIs, cloud compute | [Sandbox providers](/docs/integrations/sandbox-providers) — Daytona, Modal, E2B, Cloudflare, Vercel | ## Request flow (Blekline + L1 sandbox) ```mermaid flowchart TB subgraph L5["L5 — Agent consumer"] A[Cursor / Claude / Codex] end subgraph L4["L4 — Blekline governance"] MS[mcp-server] MP[mcp-proxy] CP[mask · enforce · audit] end subgraph L1a["L1 — Sandbox MCP"] S[L1 runtime MCP] M[Model APIs] end A --> MS A --> MP MP --> MS MS --> CP MP --> CP CP --> M MP --> S ``` ## Why Layer 4 matters Teams ship **L5** agents before **L4** governance is in place. One `tool_call` can leak an API key, run an unapproved shell command, or send PII to a model — while the agent UI still looks healthy. Blekline sits at the **MCP boundary**: every prompt and tool invocation can be masked, evaluated, and audited before traffic reaches L1 runtimes or model APIs. See [Why ingress governance](why-ingress) for the problem framing and [Architecture](architecture) for component wiring. ## Open core vs cloud | Capability | OSS ([blekline-oss](https://github.com/Blekline/blekline-oss)) | Cloud ([app.blekline.com](https://app.blekline.com)) | |------------|------------------------------------------------------------------|--------------------------------------------------------| | MCP server / proxy | Yes | Yes | | Local secret + tool enforce | Yes (`@blekline/contracts`) | Yes | | Azure authoritative PII mask | — | Yes | | Fleet policy (SSE) | — | Yes | | Investigations / billing | — | Yes | --- **Next steps:** [Quick start](/docs/introduction/quick-start) · [Agent clients](/docs/integrations/agent-clients) · [Model providers](/docs/integrations/model-providers) · [Sandbox providers](/docs/integrations/sandbox-providers) · [MCP Cursor setup](/docs/mcp/cursor) · [Open workspace](https://app.blekline.com)