Metadata-only events — no prompt bodies in default ingest.
HTTP headers
| Header | Values | Required |
|---|---|---|
x-blekline-workspace-token | blw_* | Yes (API token path) |
x-blekline-client-surface | cursor, claude-desktop, codex, continue, github-copilot, openhands, sourcegraph-cody, sdk, extension, unknown | Recommended |
x-blekline-model-provider | anthropic, openai, google, xai, cursor, unknown | Optional |
x-blekline-model-id | string ≤80 | Optional |
x-request-id | UUID | Auto if omitted |
POST /api/events body
{
"kind": "tool_call_enforcement",
"platform": "MCP-Proxy",
"entitiesMasked": 2,
"riskTier": "high",
"action": "block",
"clientSurface": "cursor",
"modelProvider": "anthropic",
"modelId": "claude-sonnet-4",
"mcpToolName": "run_shell",
"downstreamServer": "daytona"
}
downstreamServer identifies the L1 sandbox MCP behind the proxy. Set via BLEKLINE_DOWNSTREAM_SERVER:
| Value | Provider |
|---|---|
daytona | Daytona |
modal | Modal |
vercel | Vercel Sandbox |
cloudflare | Cloudflare Containers / Sandbox SDK |
e2b | E2B |
mock | BLEKLINE_MCP_PROXY_MOCK=1 |
unknown | Default when unset |
Stored under `sensorMetadata` on workspace events.
## Policy stream
`GET /api/workspace/policy-stream` (SSE):
```text
event: policy
data: {"revision":"abc123","mcpToolPolicy":{...},"redactionProfile":{...}}
OpenTelemetry labels (recommended)
blekline.ingress.action=mask|block|allow
blekline.client.surface=cursor
blekline.model.provider=openai
blekline.entities.masked=3
blekline.request.id=<uuid>
Export from sidecar or agent runtime; correlate with Blekline audit rows via requestId.
Next steps: AI Enablement Stack · Enterprise telemetry · Open workspace · Report issue