# Architecture

Blekline is the **Layer 4** ingress control plane in the [AI Enablement Stack](ai-enablement-stack). [Agent clients](/docs/integrations/agent-clients) (L5) call Blekline over MCP; Blekline governs traffic before [model providers](/docs/integrations/model-providers) (L2), [frameworks/RAG](/docs/integrations/frameworks-and-rag), and [L1 sandboxes](/docs/integrations/sandbox-providers).

## System view

```mermaid
flowchart TB
  subgraph L5["L5 — Agent consumer"]
    C[Cursor]
    CO[Continue]
    CP[GitHub Copilot]
    CL[Claude Desktop]
  end

  subgraph L4["L4 — Blekline"]
    MS["@blekline/mcp-server"]
    MP["@blekline/mcp-proxy"]
    CP["Control plane /api/*"]
  end

  subgraph L1["L1 — Sandbox + models"]
    S[L1 sandbox MCP]
    M[Anthropic / OpenAI / …]
  end

  C --> MS
  CO --> MS
  CP --> MS
  CL --> MS
  C --> MP
  MP --> MS
  MS --> CP
  MP --> CP
  CP --> M
  MP --> S
```

## ASCII (copy-paste friendly)

```text
[ Cursor | Claude Desktop | Codex ]              L5 — agent consumer
           │ MCP stdio / SSE
           ▼
[ @blekline/mcp-server | @blekline/mcp-proxy ]   L4 — observability & governance
           │ HTTPS  mask · enforce-tool-call · events
           ▼
[ Blekline control plane — app.blekline.com ]
           ├──────────────► [ Model APIs ]              L1 — infrastructure
           └──────────────► [ L1 sandbox MCP — approved tools ]
```

## What Blekline does not do

Blekline is an ingress control plane. It is not:

- A network WAF or packet-level firewall
- A model output filter (it operates before the model call, not after)
- A full SIEM — forward audit events via `/api/integrations/siem` (Pro+)
- A sandbox runtime — L1 providers (see [Sandbox providers](/docs/integrations/sandbox-providers)) handle isolated execution

This scope boundary is intentional. Blekline does one thing at the MCP boundary and does it with low latency and high reliability. Everything else integrates via the audit event stream or the policy API.

## Trust and diligence

- [Trust boundaries](/docs/security/trust-boundaries) — what leaves the client; metadata-only audit.
- [MCP identity pinning](/docs/security/mcp-identity-pinning) — downstream server attestation.
- [Latency SLO](/docs/reference/latency-slo) — enforce path p99 targets.

Masking in production uses Blekline backend + Azure PII (not local-only). OSS `@blekline/contracts` supports offline dev secret scan without a token.

---

**Next steps:** [AI Enablement Stack](ai-enablement-stack) · [Agent clients](/docs/integrations/agent-clients) · [Model providers](/docs/integrations/model-providers) · [MCP proxy](/docs/mcp/proxy) · [Open workspace](https://app.blekline.com)