BLACKSHIELD

Public Guide

Enable AI Shim and MCP Tooling

Connect your preferred AI provider and MCP client so teams can run assisted triage and secure review workflows. Audience: Security platform admins and integration engineers. Typical setup time: 20-30 minutes.

Before You Begin

  • Choose an approved model provider and store credentials in your secret manager.
  • Confirm which AI tasks are allowed under your internal risk policy.
  • Ensure MCP clients can send workspace JWT credentials securely.

Step-by-step

Step 1

Configure provider credentials safely

Keep model provider secrets in your own secret manager and reference them from BlackShield configuration.

  • Create provider credentials for your approved model endpoint.
  • Map credential references through `AI_SHIM_SECRET_VALUES` using `credentials_ref` keys.
  • Enable only the AI tasks your team intends to use.

Step 2

Enable AI-assisted workflows with guardrails

Start with high-value workflows and enforce human review for production decisions.

  • Enable `smart_alert_triage` for backlog prioritization.
  • Enable `pr_diff_analysis` for secure code review support.
  • Set model, token, timeout, and temperature limits aligned to your risk policy.

Step 3

Integrate your MCP client

Configure your MCP client to call BlackShield tools while keeping model inference under your control.

  • Set MCP endpoint to `/api/v1/mcp` and include workspace JWT in the Authorization header.
  • Run `initialize` and `tools/list` before calling `tools/call`.
  • Use `/api/v1/mcp/manifest` to discover available tool metadata.
  • Keep provider keys in your own runtime and require human approval for production changes.

Success Checks

  • MCP handshake and tools/list complete successfully.
  • AI-assisted actions keep human approval for production-impacting changes.
Enable AI Shim and MCP Tooling | BlackShield Docs