Blekline MCP Server
OfficialEnforces MCP tool policy and masks prompts before traffic reaches OpenAI's models.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Blekline MCP Servermask PII in this prompt before sending to Claude"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
The problem nobody wants to talk about
AI agents are eating the world. Cursor writes your code, Claude answers your support tickets, autonomous pipelines touch your databases, your APIs, your customers' data. The ecosystem is accelerating — MCP servers let agents pick up tools like apps pick up plugins — and that is genuinely exciting.
But here's the thing: your agents have no idea what they're not allowed to do. They'll happily pass an AWS key to a model context window. They'll call a tool with a customer's email as an argument. They'll execute a shell command that wasn't in the plan. Not out of malice — out of the fundamental nature of language models: they optimize for task completion, not for the organizational policies you haven't written yet.
This is the AI governance gap. And right now, there's nothing sitting between your agents and everything they can touch.
Related MCP server: sovr-mcp-proxy
Why this is becoming urgent
The EU AI Act isn't theoretical anymore. GPAI obligations have been enforceable since August 2025. Transparency and human oversight requirements land in August 2026. High-risk system conformity assessments follow. Fines reach up to €35 million or 7% of global turnover for the worst violations. And these rules aren't just about the models — they're about the systems you build with them: how you govern tool access, how you audit decisions, how you prove a human was in the loop.
Meanwhile, enterprises running AI at scale — sandboxed, parallelized, thousands of agent calls — have no native answer for: what happened in that session? Who authorized that tool call? Did any PII leave the context window?
The compliance question is catching up to the capability question. And most teams aren't ready.
What Blekline is
Blekline is an open-core MCP ingress control plane — infrastructure that sits between your agents and everything they can touch.
It does three things, in real time, before any LLM sees a prompt or any tool executes:
Mask — strip PII, secrets, and sensitive context from prompts before they hit model APIs (MCP Server docs)
Enforce — evaluate tool calls against policy; allow, flag, or block before execution
Audit — emit a structured, tamper-evident event trail for every agent interaction
You can run it locally in two minutes. You can deploy it as a sidecar alongside any L1 sandbox (Daytona, Modal, E2B, Cloudflare, Vercel Sandbox). You can plug it into Cursor, Claude Desktop, or Codex today — without changing your agent code.
This is the infrastructure that makes governed AI deployment real: not a checkbox, not a policy document, but a running system that enforces your intentions at the call level.
Start here
pnpm install && pnpm build:packages
export BLEKLINE_WORKSPACE_TOKEN="blw_..."
export BLEKLINE_API_URL="https://app.blekline.com"
export BLEKLINE_CLIENT_SURFACE="sdk"
pnpm demo:mcp-smokeHeadless guide: cli/README.md · CI template: ci/
Connect Blekline
Surface | Path |
|
CLI / SDK |
| |
CI / CD |
| |
Claude Code |
| |
Cursor |
| |
GitHub Copilot |
| |
Continue |
| |
Claude Desktop |
| |
Codex |
|
Full index: integrations/README.md · Docs: app.blekline.com/docs
pnpm generate:mcp-configs # *.example configs
pnpm verify:integrations # manifest + schema checksIn any client: "Use blekline_mask_prompt on: Contact Jane at jane@acme.com — API key AKIAIOSFODNN7EXAMPLE"
Architecture
Blekline sits at Layer 4 — between L5 agents (Cursor, Claude, Codex) and L1 sandboxes (Daytona, Modal, Vercel Sandbox, Cloudflare, E2B) and model APIs.
L5 Agents → L4 Blekline (mask · enforce · audit) → L1 sandbox MCP / model APIsAI Enablement Stack · Architecture · Trust boundaries · Latency SLO
Open core vs cloud
Capability | OSS (this repo) | Cloud (app.blekline.com) |
MCP server / proxy | Yes | Yes |
Local tool + secret enforce | Yes ( | Yes |
Azure authoritative PII mask | — | Yes |
Workspace fleet policy (SSE) | — | Yes |
Investigations / billing | — | Yes |
License: AGPL for proxy/server (self-host or buy cloud). Apache for contracts/SDK (embed in your agent stack).
Who this is for
Developers building with Cursor, Claude Desktop, or Codex who want their agents to stop leaking secrets and start respecting tool boundaries.
Platform teams deploying AI workloads in L1 sandboxes who need a governance layer that travels with the execution environment.
Enterprise architects preparing for EU AI Act compliance — specifically human oversight, audit trails, and tool call transparency requirements that become enforceable in August 2026.
Open source contributors who believe that the infrastructure for safe AI should be auditable, forkable, and owned by the community — not locked inside a vendor's cloud.
Packages
Package | Install | License |
|
| AGPL-3.0 |
|
| AGPL-3.0 |
|
| Apache-2.0 |
| workspace / embed | Apache-2.0 |
| Docker / Helm | AGPL-3.0 |
OpenAPI: packages/contracts/openapi.yaml
MCP tools
Tool | Purpose |
| Redact PII / secrets before model context |
| Risk tier → allow / review / block |
| Policy on tool name + arguments |
| Metadata audit trail |
Proxy path: agent → Blekline → allow/mask/block → downstream MCP (Daytona, E2B, Modal, Cloudflare, Vercel Sandbox, custom).
Client libraries
TypeScript
npm install @blekline/clientimport { BleklineClient } from "@blekline/client";
const blekline = new BleklineClient({
workspaceToken: process.env.BLEKLINE_WORKSPACE_TOKEN!,
metadata: { clientSurface: "sdk" },
});
await blekline.mask({ text: "alice@corp.com", platform: "MyAgent" });
await blekline.enforceToolCall({
toolName: "run_shell",
arguments: { cmd: "curl https://api.internal/deploy" },
});Python
pip install blekline-clientLocal-only (no API token)
import { enforceToolCallLocally, scanTextForSecrets } from "@blekline/contracts";
scanTextForSecrets("export AWS_KEY=AKIAIOSFODNN7EXAMPLE");
enforceToolCallLocally({
toolName: "run_shell",
arguments: { cmd: "export AWS_KEY=AKIAIOSFODNN7EXAMPLE" },
requestId: "local-1",
});Works with
Full integration guides on app.blekline.com/docs — not mirrored in this repo.
L5 agent clients
Client | Guide |
Hub | |
Continue | |
GitHub Copilot | |
OpenHands | |
Sourcegraph Cody |
L2 model providers
Provider | Guide |
Hub | |
Azure OpenAI | |
AWS Bedrock | |
OpenRouter |
L2 frameworks & RAG
Integration | Guide |
Hub | |
LangChain | |
Pinecone |
L3 eval & safety
Partner | Guide |
Hub | |
LangSmith | |
Guardrails |
L1 sandboxes
Provider | Integration guide |
All five | |
Daytona | |
Modal | |
Vercel Sandbox | |
Cloudflare | |
E2B |
Deploy
Mode | Command / link |
MCP (global) |
|
Edge sidecar |
|
L1 sandboxes |
Development
Client demos and smoke tests: demo/README.md.
git clone https://github.com/Blekline/blekline-oss.git && cd blekline-oss
pnpm install && pnpm build:packages && pnpm demo:mcp-smokeDocumentation
All docs: app.blekline.com/docs
Doc | Link |
Quick start | |
EU AI Act & compliance | |
AI Enablement Stack | |
MCP proxy | |
Cursor setup |
Community & design partners
Questions or integration feedback — GitHub Discussions (Q&A, integration feedback).
Design partners — shipping agents in production and want help wiring Blekline into your stack (proxy or MCP server)?
Or start a discussion — choose Design partner interest
Contributing
CONTRIBUTING.md · SECURITY.md · CHANGELOG.md
Private Blekline team: develop in the blekline monorepo, run pnpm sync:oss from the root repo.
License
Component | License |
| |
|
Managed SaaS at app.blekline.com is not licensed under this repository.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Blekline/blekline-oss'
If you have feedback or need assistance with the MCP directory API, please join our Discord server