Blekline Server
БесплатноНе проверенProvides AI ingress governance by masking prompts, classifying risk, and enforcing tool policies before agent calls reach model providers or sandboxes.
Описание
Provides AI ingress governance by masking prompts, classifying risk, and enforcing tool policies before agent calls reach model providers or sandboxes.
README
Production agent interaction governance — open-core infrastructure to mask, enforce, and audit every agent call at the MCP, SDK, and ingress proxy boundary.
Quick start · Why ingress · Architecture · MCP Server · Security · Cloud
The problem nobody wants to talk about
AI agents are eating the world. Cursor writes your code, Claude answers your support tickets, autonomous pipelines touch your databases, your APIs, your customers' data. The ecosystem is accelerating — MCP servers let agents pick up tools like apps pick up plugins — and that is genuinely exciting.
But here's the thing: your agents have no idea what they're not allowed to do. They'll happily pass an AWS key to a model context window. They'll call a tool with a customer's email as an argument. They'll execute a shell command that wasn't in the plan. Not out of malice — out of the fundamental nature of language models: they optimize for task completion, not for the organizational policies you haven't written yet.
This is the AI governance gap. And right now, there's nothing sitting between your agents and everything they can touch.
Why this is becoming urgent
The EU AI Act isn't theoretical anymore. GPAI obligations have been enforceable since August 2025. Transparency and human oversight requirements land in August 2026. High-risk system conformity assessments follow. Fines reach up to €35 million or 7% of global turnover for the worst violations. And these rules aren't just about the models — they're about the systems you build with them: how you govern tool access, how you audit decisions, how you prove a human was in the loop.
Meanwhile, enterprises running AI at scale — sandboxed, parallelized, thousands of agent calls — have no native answer for: what happened in that session? Who authorized that tool call? Did any PII leave the context window?
The compliance question is catching up to the capability question. And most teams aren't ready.
What Blekline is
Blekline is an open-core MCP ingress control plane — infrastructure that sits between your agents and everything they can touch.
It does three things, in real time, before any LLM sees a prompt or any tool executes:
Mask — strip PII, secrets, and sensitive context from prompts before they hit model APIs (MCP Server docs)
Enforce — evaluate tool calls against policy; allow, flag, or block before execution
Audit — emit a structured, tamper-evident event trail for every agent interaction
You can run it locally in two minutes. You can deploy it as a sidecar alongside any L1 sandbox (Daytona, Modal, E2B, Cloudflare, Vercel Sandbox). You can plug it into Cursor, Claude Desktop, or Codex today — without changing your agent code.
This is the infrastructure that makes governed AI deployment real: not a checkbox, not a policy document, but a running system that enforces your intentions at the call level.
Start here
pnpm install && pnpm build:packages
export BLEKLINE_WORKSPACE_TOKEN="blw_..."
export BLEKLINE_API_URL="https://app.blekline.com"
export BLEKLINE_CLIENT_SURFACE="sdk"
pnpm demo:mcp-smoke
Headless guide: cli/README.md · CI template: ci/
Connect Blekline
| Surface | Path | BLEKLINE_CLIENT_SURFACE |
|---|---|---|
| CLI / SDK | cli/ | sdk |
| CI / CD | ci/ | sdk |
| Claude Code | .claude/settings.json.example | claude-code |
| Cursor | .cursor/mcp.json.example | cursor |
| GitHub Copilot | .vscode/mcp.json.example | github-copilot |
| Continue | .vscode/continue.config.json.example | continue |
| Claude Desktop | config/claude_desktop_config.json.example | claude-desktop |
| Codex | .codex/config.toml.example | codex |
Full index: integrations/README.md · Docs: app.blekline.com/docs
pnpm generate:mcp-configs # *.example configs
pnpm verify:integrations # manifest + schema checks
In any client: "Use blekline_mask_prompt on: Contact Jane at [email protected] — API key AKIAIOSFODNN7EXAMPLE"
Architecture
Blekline sits at Layer 4 — between L5 agents (Cursor, Claude, Codex) and L1 sandboxes (Daytona, Modal, Vercel Sandbox, Cloudflare, E2B) and model APIs.
L5 Agents → L4 Blekline (mask · enforce · audit) → L1 sandbox MCP / model APIs
AI Enablement Stack · Architecture · Trust boundaries · Latency SLO
Open core vs cloud
| Capability | OSS (this repo) | Cloud (app.blekline.com) |
|---|---|---|
| MCP server / proxy | Yes | Yes |
| Local tool + secret enforce | Yes (@blekline/contracts) |
Yes |
| Azure authoritative PII mask | — | Yes |
| Workspace fleet policy (SSE) | — | Yes |
| Investigations / billing | — | Yes |
License: AGPL for proxy/server (self-host or buy cloud). Apache for contracts/SDK (embed in your agent stack).
Who this is for
Developers building with Cursor, Claude Desktop, or Codex who want their agents to stop leaking secrets and start respecting tool boundaries.
Platform teams deploying AI workloads in L1 sandboxes who need a governance layer that travels with the execution environment.
Enterprise architects preparing for EU AI Act compliance — specifically human oversight, audit trails, and tool call transparency requirements that become enforceable in August 2026.
Open source contributors who believe that the infrastructure for safe AI should be auditable, forkable, and owned by the community — not locked inside a vendor's cloud.
Packages
| Package | Install | License |
|---|---|---|
@blekline/mcp-server |
npm i @blekline/mcp-server |
AGPL-3.0 |
@blekline/mcp-proxy |
npm i @blekline/mcp-proxy |
AGPL-3.0 |
@blekline/client |
npm i @blekline/client |
Apache-2.0 |
@blekline/contracts |
workspace / embed | Apache-2.0 |
ingress-proxy |
Docker / Helm | AGPL-3.0 |
OpenAPI: packages/contracts/openapi.yaml
MCP tools
| Tool | Purpose |
|---|---|
blekline_mask_prompt |
Redact PII / secrets before model context |
blekline_classify_risk |
Risk tier → allow / review / block |
blekline_evaluate_tool_call |
Policy on tool name + arguments |
blekline_emit_event |
Metadata audit trail |
Proxy path: agent → Blekline → allow/mask/block → downstream MCP (Daytona, E2B, Modal, Cloudflare, Vercel Sandbox, custom).
Client libraries
TypeScript
npm install @blekline/client
import { BleklineClient } from "@blekline/client";
const blekline = new BleklineClient({
workspaceToken: process.env.BLEKLINE_WORKSPACE_TOKEN!,
metadata: { clientSurface: "sdk" },
});
await blekline.mask({ text: "[email protected]", platform: "MyAgent" });
await blekline.enforceToolCall({
toolName: "run_shell",
arguments: { cmd: "curl https://api.internal/deploy" },
});
Python
pip install blekline-client
Local-only (no API token)
import { enforceToolCallLocally, scanTextForSecrets } from "@blekline/contracts";
scanTextForSecrets("export AWS_KEY=AKIAIOSFODNN7EXAMPLE");
enforceToolCallLocally({
toolName: "run_shell",
arguments: { cmd: "export AWS_KEY=AKIAIOSFODNN7EXAMPLE" },
requestId: "local-1",
});
Works with
Full integration guides on app.blekline.com/docs — not mirrored in this repo.
L5 agent clients
| Client | Guide |
|---|---|
| Hub | Agent clients |
| Continue | Continue MCP |
| GitHub Copilot | Copilot MCP |
| OpenHands | OpenHands |
| Sourcegraph Cody | Cody |
L2 model providers
| Provider | Guide |
|---|---|
| Hub | Model providers |
| Azure OpenAI | Azure stack |
| AWS Bedrock | Bedrock stack |
| OpenRouter | OpenRouter stack |
L2 frameworks & RAG
| Integration | Guide |
|---|---|
| Hub | Frameworks & RAG |
| LangChain | LangChain stack |
| Pinecone | Pinecone stack |
L3 eval & safety
| Partner | Guide |
|---|---|
| Hub | Eval & safety |
| LangSmith | LangSmith stack |
| Guardrails | Guardrails stack |
L1 sandboxes
| Provider | Integration guide |
|---|---|
| All five | Sandbox providers hub |
| Daytona | Daytona stack |
| Modal | Modal stack |
| Vercel Sandbox | Vercel Sandbox stack |
| Cloudflare | Cloudflare stack |
| E2B | E2B stack |
Deploy
| Mode | Command / link |
|---|---|
| MCP (global) | npx -y @blekline/mcp-server |
| Edge sidecar | pnpm docker:ingress — Helm |
| L1 sandboxes | Sandbox providers |
Development
Client demos and smoke tests: demo/README.md.
git clone https://github.com/Blekline/blekline-oss.git && cd blekline-oss
pnpm install && pnpm build:packages && pnpm demo:mcp-smoke
Documentation
All docs: app.blekline.com/docs
| Doc | Link |
|---|---|
| Quick start | introduction/quick-start |
| EU AI Act & compliance | introduction/eu-ai-act |
| AI Enablement Stack | introduction/ai-enablement-stack |
| MCP proxy | mcp/proxy |
| Cursor setup | mcp/cursor |
Community & design partners
Questions or integration feedback — GitHub Discussions (Q&A, integration feedback).
Design partners — shipping agents in production and want help wiring Blekline into your stack (proxy or MCP server)?
- Open a design partner issue
- Or start a discussion — choose Design partner interest
Contributing
CONTRIBUTING.md · SECURITY.md · CHANGELOG.md
Private Blekline team: develop in the blekline monorepo, run pnpm sync:oss from the root repo.
License
| Component | License |
|---|---|
mcp-server, mcp-proxy, ingress-proxy |
AGPL-3.0 |
contracts, client, client-python |
Apache-2.0 |
Managed SaaS at app.blekline.com is not licensed under this repository.
Установка Blekline Server
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/Blekline/blekline-ossFAQ
Blekline Server MCP бесплатный?
Да, Blekline Server MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Blekline Server?
Нет, Blekline Server работает без API-ключей и переменных окружения.
Blekline Server — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить Blekline Server в Claude Desktop, Claude Code или Cursor?
Открой Blekline Server на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
Fetch
Web content fetching and conversion for efficient LLM usage.
AWS KB Retrieval
Retrieval from AWS Knowledge Base using Bedrock Agent Runtime.
автор: modelcontextprotocolSpring AI MCP Server
Provides auto-configuration for setting up an MCP server in Spring Boot applications.
llm-analysis-assistant
A very streamlined mcp client that supports calling and monitoring stdio/sse/streamableHttp, and can also view request responses through the /logs page. It also
автор: xuzexin-hzCompare Blekline Server with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории ai
