Blekline
v0.3.0GitHub

Enterprise

Multi-region ingress

Deploy Blekline edge sidecars near agents in five regions alongside Daytona runtime.

View as Markdown

Blekline separates control plane (tenant policy + audit) from ingress edge (low-latency mask/enforce near agents).

Target regions (Daytona-aligned)

Region codeLocationEdge URL (example)
us-west-2US West (Oregon)https://ingress-us-west.blekline.com
us-east-1US East (Washington DC)https://ingress-us-east.blekline.com
eu-west-2EU West (London)https://ingress-eu-west.blekline.com
eu-central-1EU Central (Frankfurt)https://ingress-eu-central.blekline.com
ap-south-1Asia-South (Mumbai)https://ingress-ap-south.blekline.com

Architecture

Agent (Cursor/Codex) in Mumbai
  → ingress-ap-south sidecar (local enforce <10ms)
  → policy cache (SSE from control plane)
  → async audit events → app.blekline.com (or EU tenant)
  → approved tool calls → Daytona MCP (same region)

Deploy edge sidecar

pnpm build:packages
docker build -t blekline-ingress -f packages/ingress-proxy/Dockerfile .

docker run -d -p 8787:8787 \
  -e BLEKLINE_INGRESS_REGION=ap-south-1 \
  -e BLEKLINE_INGRESS_TARGET=https://app.blekline.com \
  -e BLEKLINE_WORKSPACE_TOKEN=blw_... \
  -e BLEKLINE_WORKSPACE_ID=ws_... \
  -e BLEKLINE_EDGE_LOCAL_MASK=true \
  blekline-ingress

Helm: packages/ingress-proxy/helm/blekline-ingress/

Sidecar endpoints

RoutePurpose
GET /healthRegion + local mask latency p50/p95
POST /v1/enforce-tool-callEdge-local tool policy (<10ms p99 target)
POST /v1/chat/completionsOpenAI-compatible with edge pre-mask
POST /v1/messagesAnthropic-compatible with edge pre-mask

Control plane env (webapp)

BLEKLINE_MASK_FAST_PATH=local_first   # skip Azure when local pass is clean
BLEKLINE_INGRESS_REGION=eu-central-1  # reported in x-blekline-ingress-region

Latency SLOs

See Latency SLO.

Stack with Daytona

Same region for both layers:

LayerProductTypical latency
IngressBlekline edgep99 tool enforce <10ms
IngressBlekline fast maskp95 <20ms
RuntimeDaytona sandbox<80ms create (Daytona SLO)

Do not compare Blekline Azure mask to Daytona sandbox boot — different layers.

Next steps: AI Enablement Stack · Ingress proxy · Daytona stack · Open workspace · Report issue