"By leveraging Envoy as an agent gateway, organizations can decouple security and policy enforcement from agent development code." Google (partially) gets @agent.io -- they understand the potential but, as usual, miss the importance of simplicity! cloud.google.com/blog/product...
Slink is infrastructure code that generates infrastructure code. To facilitate usage, it's now available under the most permissive OSS license.
I've been building a new service that, like IO, uses an SSH port to take commands and display a TUI. When I deployed it to one of my Nomad-based servers, I realized that I needed a way to proxy the SSH port from my internal Nomad port to a public port on my server. Thus the new "tcp_port" config.
New in IO: Direct TCP port configuration agent.io/io/config/#t...
Are you worried about DID:PLC? There are reasons to be, but they can be fixed agent.io/posts/risks-...
Finally! The treatise about slink that no one was asking for but everyone needed agent.io/posts/slink
Slink also generates a Go client library that powers the CLI. We can use that in other Go programs like this tool that sends chat messages like the one above. github.com/agentio/chat...
# izakaya:~/Desktop/agentio/slink $ CONVOID=$(SLINK_ATPROTOPROXY=did:web:api.bsky.chat#bsky_chat slink call chat.bsky.convo get-convo-for-members --members $(slink resolve did timburks.me) --members $(slink resolve did agent.io) | jq .convo.id -r) # izakaya:~/Desktop/agentio/slink $ echo $CONVOID 3md2h2kakjk22 # izakaya:~/Desktop/agentio/slink $ vi message.json # izakaya:~/Desktop/agentio/slink $ cat message.json {"text":"Here's your CLI-generated Bluesky chat message! I built a mechanically-generated CLI that calls XRPC functions. I'm using it to send you this with chat.bsky.convo.sendMessage"} # izakaya:~/Desktop/agentio/slink $ SLINK_ATPROTOPROXY=did:web:api.bsky.chat#bsky_chat slink call chat.bsky.convo send-message --convo-id $CONVOID --message message.json { "id": "3mdjbt5flrc26", "rev": "2222224a7rehk", "sender": { "did": "did:plc:ahr5yhciwadehhwm7fotyfju" }, "sentAt": "2026-01-28T22:06:03.745Z", "text": "Here's your CLI-generated Bluesky chat message! I built a mechanically-generated CLI that calls XRPC functions. I'm using it to send you this with chat.bsky.convo.sendMessage" }
A chat view showing the message that I just sent.
Among many other things, you can use it to send Bluesky chat messages.
Here's a little CLI that generates itself from Lexicon and calls XRPC APIs. github.com/agentio/slink
$ ssh localhost -p 2200 -- get traffic -m calling -a digitaloceandns -l 1 { "log": { "version": "1.2", "creator": { "name": "IO", "version": "v0.1.75-f45f06b2*" }, "entries": [ { "startedDateTime": "2026-01-09T14:53:54-08:00", "time": 0, "request": { "method": "DELETE", "url": "/v2/domains/agent.io/records/1781875673", "headers": [ { "name": ":authority", "value": "localhost:5000" }, { "name": ":path", "value": "/v2/domains/agent.io/records/1781875673" }, { "name": ":method", "value": "DELETE" }, { "name": ":scheme", "value": "http" }, { "name": "user-agent", "value": "curl/8.12.1" }, { "name": "accept", "value": "*/*" }, { "name": "x-forwarded-for", "value": "192.168.4.172" }, { "name": "x-forwarded-proto", "value": "http" },
Here we see that the disallowed request was blocked by IO, which returned a 403 (Forbidden) error
Another thing that auth scopes don't provide is visibility into how auth tokens are used. So IO allows traffic histories to be exported as HAR files that show us all the approved and blocked requests.
calling "digitaloceandns" { name = "Digital Ocean DNS" target = "api.digitalocean.com" port = 5000 require_apikey { users = <<END fury:{SHA}czqgP91Ev45QGKCokt/+mBIHgn8= hulk:{SHA}Mf6CeupM9fas594sId4LX2t4OFg= END } apply_header "authorization" { secret = "vault:default/io/digitalocean-dns" } operation "retrieve-domain" { method = "GET" path = "/v2/domains/{domain}" } operation "retrieve-domain-records" { method = "GET" path = "/v2/domains/{domain}/records" } operation "retrieve-domain-record" { method = "GET" path = "/v2/domains/{domain}/records/{recordid}" } }
Auth scopes are great but they don't always restrict access as much as we want. Here's an IO configuration that *only* allows a couple of authorized API key users to call a few named methods of the Digital Ocean DNS API using a token that it gets from Hashicorp Vault.
Here's IO running on MacOS agent.io/decisions/ma...
Are you familiar with the XDG Base Directory Specification? Here's how we used it to improve IO: agent.io/decisions/xdg/
Recently we started building our own Envoy binaries and IO container images. agent.io/decisions/co...
Envoy requires libc, so it doesn't make sense for IO to make performance sacrifices to avoid depending on libc itself. That lets us build IO with CGO and use the native SQLite library, which has big performance benefits. agent.io/decisions/cgo/
In September we created Sidecar, a new Go gRPC implementation that focuses on clarity, simplicity, and security for apps that run with sidecars. It's now how IO does gRPC. Here's a discussion of our decision to switch. agent.io/decisions/si...
Echo is a simple gRPC service that we wrote to test and experiment with gRPC and ConnectRPC agent.io/posts/echo/
