Command Palette

Search for a command to run...

UnylyUnyly
Весь каталог

Blekline Server

БесплатноНе проверен

Provides AI ingress governance by masking prompts, classifying risk, and enforcing tool policies before agent calls reach model providers or sandboxes.

GitHubEmbed

Описание

Provides AI ingress governance by masking prompts, classifying risk, and enforcing tool policies before agent calls reach model providers or sandboxes.

README

Blekline — mark and wordmark

Production agent interaction governance — open-core infrastructure to mask, enforce, and audit every agent call at the MCP, SDK, and ingress proxy boundary.

Quick start · Why ingress · Architecture · MCP Server · Security · Cloud

CI AGPL v3 Apache-2.0 npm npm proxy


The problem nobody wants to talk about

AI agents are eating the world. Cursor writes your code, Claude answers your support tickets, autonomous pipelines touch your databases, your APIs, your customers' data. The ecosystem is accelerating — MCP servers let agents pick up tools like apps pick up plugins — and that is genuinely exciting.

But here's the thing: your agents have no idea what they're not allowed to do. They'll happily pass an AWS key to a model context window. They'll call a tool with a customer's email as an argument. They'll execute a shell command that wasn't in the plan. Not out of malice — out of the fundamental nature of language models: they optimize for task completion, not for the organizational policies you haven't written yet.

This is the AI governance gap. And right now, there's nothing sitting between your agents and everything they can touch.

Why this is becoming urgent

The EU AI Act isn't theoretical anymore. GPAI obligations have been enforceable since August 2025. Transparency and human oversight requirements land in August 2026. High-risk system conformity assessments follow. Fines reach up to €35 million or 7% of global turnover for the worst violations. And these rules aren't just about the models — they're about the systems you build with them: how you govern tool access, how you audit decisions, how you prove a human was in the loop.

Meanwhile, enterprises running AI at scale — sandboxed, parallelized, thousands of agent calls — have no native answer for: what happened in that session? Who authorized that tool call? Did any PII leave the context window?

The compliance question is catching up to the capability question. And most teams aren't ready.

What Blekline is

Blekline is an open-core MCP ingress control plane — infrastructure that sits between your agents and everything they can touch.

It does three things, in real time, before any LLM sees a prompt or any tool executes:

Mask — strip PII, secrets, and sensitive context from prompts before they hit model APIs (MCP Server docs)

Enforce — evaluate tool calls against policy; allow, flag, or block before execution

Audit — emit a structured, tamper-evident event trail for every agent interaction

You can run it locally in two minutes. You can deploy it as a sidecar alongside any L1 sandbox (Daytona, Modal, E2B, Cloudflare, Vercel Sandbox). You can plug it into Cursor, Claude Desktop, or Codex today — without changing your agent code.

This is the infrastructure that makes governed AI deployment real: not a checkbox, not a policy document, but a running system that enforces your intentions at the call level.


Start here

pnpm install && pnpm build:packages
export BLEKLINE_WORKSPACE_TOKEN="blw_..."
export BLEKLINE_API_URL="https://app.blekline.com"
export BLEKLINE_CLIENT_SURFACE="sdk"
pnpm demo:mcp-smoke

Headless guide: cli/README.md · CI template: ci/

Connect Blekline

Surface Path BLEKLINE_CLIENT_SURFACE
CLI / SDK cli/ sdk
CI / CD ci/ sdk
Claude Code .claude/settings.json.example claude-code
Cursor .cursor/mcp.json.example cursor
GitHub Copilot .vscode/mcp.json.example github-copilot
Continue .vscode/continue.config.json.example continue
Claude Desktop config/claude_desktop_config.json.example claude-desktop
Codex .codex/config.toml.example codex

Full index: integrations/README.md · Docs: app.blekline.com/docs

pnpm generate:mcp-configs          # *.example configs
pnpm verify:integrations           # manifest + schema checks

In any client: "Use blekline_mask_prompt on: Contact Jane at [email protected] — API key AKIAIOSFODNN7EXAMPLE"

Architecture

Blekline sits at Layer 4 — between L5 agents (Cursor, Claude, Codex) and L1 sandboxes (Daytona, Modal, Vercel Sandbox, Cloudflare, E2B) and model APIs.

L5 Agents → L4 Blekline (mask · enforce · audit) → L1 sandbox MCP / model APIs

AI Enablement Stack · Architecture · Trust boundaries · Latency SLO

Open core vs cloud

Capability OSS (this repo) Cloud (app.blekline.com)
MCP server / proxy Yes Yes
Local tool + secret enforce Yes (@blekline/contracts) Yes
Azure authoritative PII mask Yes
Workspace fleet policy (SSE) Yes
Investigations / billing Yes

License: AGPL for proxy/server (self-host or buy cloud). Apache for contracts/SDK (embed in your agent stack).

Who this is for

Developers building with Cursor, Claude Desktop, or Codex who want their agents to stop leaking secrets and start respecting tool boundaries.

Platform teams deploying AI workloads in L1 sandboxes who need a governance layer that travels with the execution environment.

Enterprise architects preparing for EU AI Act compliance — specifically human oversight, audit trails, and tool call transparency requirements that become enforceable in August 2026.

Open source contributors who believe that the infrastructure for safe AI should be auditable, forkable, and owned by the community — not locked inside a vendor's cloud.

Packages

Package Install License
@blekline/mcp-server npm i @blekline/mcp-server AGPL-3.0
@blekline/mcp-proxy npm i @blekline/mcp-proxy AGPL-3.0
@blekline/client npm i @blekline/client Apache-2.0
@blekline/contracts workspace / embed Apache-2.0
ingress-proxy Docker / Helm AGPL-3.0

OpenAPI: packages/contracts/openapi.yaml

MCP tools

Tool Purpose
blekline_mask_prompt Redact PII / secrets before model context
blekline_classify_risk Risk tier → allow / review / block
blekline_evaluate_tool_call Policy on tool name + arguments
blekline_emit_event Metadata audit trail

Proxy path: agent → Blekline → allow/mask/block → downstream MCP (Daytona, E2B, Modal, Cloudflare, Vercel Sandbox, custom).

Client libraries

TypeScript

npm install @blekline/client
import { BleklineClient } from "@blekline/client";

const blekline = new BleklineClient({
  workspaceToken: process.env.BLEKLINE_WORKSPACE_TOKEN!,
  metadata: { clientSurface: "sdk" },
});

await blekline.mask({ text: "[email protected]", platform: "MyAgent" });
await blekline.enforceToolCall({
  toolName: "run_shell",
  arguments: { cmd: "curl https://api.internal/deploy" },
});

Python

pip install blekline-client

Local-only (no API token)

import { enforceToolCallLocally, scanTextForSecrets } from "@blekline/contracts";

scanTextForSecrets("export AWS_KEY=AKIAIOSFODNN7EXAMPLE");
enforceToolCallLocally({
  toolName: "run_shell",
  arguments: { cmd: "export AWS_KEY=AKIAIOSFODNN7EXAMPLE" },
  requestId: "local-1",
});

Works with

Full integration guides on app.blekline.com/docs — not mirrored in this repo.

L5 agent clients

Client Guide
Hub Agent clients
Continue Continue MCP
GitHub Copilot Copilot MCP
OpenHands OpenHands
Sourcegraph Cody Cody

L2 model providers

Provider Guide
Hub Model providers
Azure OpenAI Azure stack
AWS Bedrock Bedrock stack
OpenRouter OpenRouter stack

L2 frameworks & RAG

Integration Guide
Hub Frameworks & RAG
LangChain LangChain stack
Pinecone Pinecone stack

L3 eval & safety

Partner Guide
Hub Eval & safety
LangSmith LangSmith stack
Guardrails Guardrails stack

L1 sandboxes

Provider Integration guide
All five Sandbox providers hub
Daytona Daytona stack
Modal Modal stack
Vercel Sandbox Vercel Sandbox stack
Cloudflare Cloudflare stack
E2B E2B stack

Deploy

Mode Command / link
MCP (global) npx -y @blekline/mcp-server
Edge sidecar pnpm docker:ingressHelm
L1 sandboxes Sandbox providers

Development

Client demos and smoke tests: demo/README.md.

git clone https://github.com/Blekline/blekline-oss.git && cd blekline-oss
pnpm install && pnpm build:packages && pnpm demo:mcp-smoke

Documentation

All docs: app.blekline.com/docs

Doc Link
Quick start introduction/quick-start
EU AI Act & compliance introduction/eu-ai-act
AI Enablement Stack introduction/ai-enablement-stack
MCP proxy mcp/proxy
Cursor setup mcp/cursor

Community & design partners

Questions or integration feedbackGitHub Discussions (Q&A, integration feedback).

Design partners — shipping agents in production and want help wiring Blekline into your stack (proxy or MCP server)?

Contributing

CONTRIBUTING.md · SECURITY.md · CHANGELOG.md

Private Blekline team: develop in the blekline monorepo, run pnpm sync:oss from the root repo.

License

Component License
mcp-server, mcp-proxy, ingress-proxy AGPL-3.0
contracts, client, client-python Apache-2.0

Managed SaaS at app.blekline.com is not licensed under this repository.

from github.com/Blekline/blekline-oss

Установка Blekline Server

У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.

▸ github.com/Blekline/blekline-oss

FAQ

Blekline Server MCP бесплатный?

Да, Blekline Server MCP бесплатный — установка в пару кликов через Unyly без оплаты.

Нужен ли API-ключ для Blekline Server?

Нет, Blekline Server работает без API-ключей и переменных окружения.

Blekline Server — hosted или self-hosted?

Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.

Как установить Blekline Server в Claude Desktop, Claude Code или Cursor?

Открой Blekline Server на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.

Похожие MCP

Compare Blekline Server with

Не уверен что выбрать?

Найди свой стек за 60 секунд

Автор?

Embed-бейдж для README

Похожее

Все в категории ai