Back to Blog
Release 2026-02-17

Iddio v2026.0217 — First Release

The first public release of Iddio is here. 5-tier classification, mTLS with SPIFFE, JIT credentials, hash-chained audit, session recording, and multi-protocol support for Kubernetes, SSH, Terraform, Helm, and AWS CLI.

What Shipped

Iddio v2026.0217 is the first public release. It includes everything from Phase 1 and Phase 2, plus the multi-protocol extensions from Phase 4. Here’s what’s in the box.

5-Tier Request Classification

Every command is classified into one of five tiers based on method, resource type, and blast radius:

  • T0 OBSERVE — reads, auto-allowed
  • T1 OPERATE — pre-approved runbook operations
  • T2 MODIFY — standard writes, escalated
  • T3 SENSITIVE — deletes and secret access, escalated
  • T4 BREAK-GLASS — exec, RBAC mutations, blocked by default

Classification is sub-millisecond with zero allocations.

mTLS with SPIFFE URIs

Each agent gets a client certificate signed by iddio’s CA, with identity embedded as a SPIFFE URI: spiffe://iddio.local/agent/claude-code. No shared secrets on the wire.

JIT Credentials via TokenRequest

The proxy mints 5-minute Kubernetes tokens on every request using the TokenRequest API. No long-lived cluster credentials are stored.

Hash-Chained Audit Log

Every event links to its predecessor via SHA-256 hash. Tamper with one line, and iddio audit verify catches it. Append-only JSONL format with agent identity, tier, decision, and latency on every entry.

Session Recording

Two complementary systems:

  • Exec sessions — raw byte-stream capture of kubectl exec and kubectl attach
  • API sessions — structured request/response body capture for all other API calls

Both include automatic secrets redaction and forensic-quality replay.

Multi-Protocol Support

Beyond Kubernetes:

  • SSH — JIT certificates, compound command classification, PTY relay
  • Terraform — plan/apply/destroy classification, workspace scoping
  • Helm — install/upgrade/rollback classification, release scoping
  • AWS CLI — service and region scoping, IAM mutation detection

All protocols share the same policy engine, audit log, and approval workflow.

Policy Engine

YAML-based policy with namespace globs, per-agent rules, and runbook assignments. OPA/Rego integration available with the opa build tag.

Deployment Options

  • Desktop app — native macOS app with visual policy editor and approval dialogs
  • CLI proxy — single binary, runs in a terminal
  • Helm chart — deploy to Kubernetes as a service

Install

# Desktop app (macOS)
brew install --cask leonardaustin/tap/iddio-desktop

# CLI proxy (macOS + Linux)
brew install leonardaustin/tap/iddio

What’s Next

Phase 3 focuses on the enterprise control plane: multi-cluster management, OIDC authentication, centralized RBAC, and a web dashboard with live audit feed. The open-source core remains free and unlimited.

Try It Yourself

Iddio is open source. Deploy a zero-trust command proxy for your AI agents in minutes.

View on GitHub Read the Docs