BLUEPRINT MCP

15 tools. 1 can modify or destroy data without limits.

1 write tool that can modify data. Rate limits recommended.

Last updated:

1 can modify or destroy data
14 read-only
15 tools total

Community server · catalogue entry verified 03/07/2026

How to control BLUEPRINT MCP ↓

What BLUEPRINT MCP exposes to your agents

Read (14) Write / Execute (1) Destructive / Financial (0)
High Risk

The most dangerous BLUEPRINT MCP tools

1 of BLUEPRINT MCP's 15 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control BLUEPRINT MCP

PolicyLayer is an MCP gateway — it sits between your AI agents and BLUEPRINT MCP, and nothing reaches the server without passing your rules. These are the rules we recommend:

Rate limit write operations
{
  "record_architectural_decision": {
    "limits": [
      {
        "counter": "record_architectural_decision_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "check_decision_constraints": {
    "limits": [
      {
        "counter": "check_decision_constraints_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register BLUEPRINT MCP — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON BLUEPRINT →

Instant setup, no code required.

All 15 BLUEPRINT MCP tools

READ 14 tools
Read check_decision_constraints Check whether the codebase violates recorded architectural decisions. Read domain_health Architecture health score from domain governance (violations, drift, boundary risks). Read explain_architectural_decisions Explain which accepted ADRs apply before creating code (auth, payments, currency, etc.). Read explain_architecture_boundaries Explain module boundaries, dependency flows, and risky imports in the repository. Read explain_domain_boundaries Domain boundary violations and drift (analytics→auth, payment internals, validator sprawl). Read find_duplicates Alias for find_existing_abstractions. Read find_existing_abstractions Advisory-first lookup for existing reusable abstractions similar to a proposed symbol. Read infer_domains Infer business domains (payments, auth, …), ownership stacks, and cross-domain risks. Read list_architectural_decisions List persistent architectural decisions (ADRs) and rationale for continuity across AI sessions. Read scan_repo Scan repository and index exported TypeScript/JS symbols into the local Blueprint SQLite index. Read suggest_file_placement Suggest correct file placement by intent and folder conventions. Advisory-first guidance. Read suggest_import Alias for suggest_import_reuse. Read suggest_import_reuse Suggest canonical import reuse for an existing abstraction (advisory guidance). Read verify_and_place_code Combined duplicate + placement check. Advisory-first by default; blocks only in enforce mode.

Questions about BLUEPRINT MCP

How do I prevent bulk modifications through BLUEPRINT MCP? +

The BLUEPRINT MCP server has 1 write tools including record_architectural_decision. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach BLUEPRINT MCP.

How many tools does the BLUEPRINT MCP server expose? +

15 tools across 2 categories: Read, Write. 14 are read-only. 1 can modify, create, or delete data.

How do I enforce a policy on BLUEPRINT MCP? +

Register the BLUEPRINT MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every BLUEPRINT MCP tool call.

Deterministic rules across all 15 BLUEPRINT MCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

15 BLUEPRINT MCP tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.