Agent IO
@agent.io
📤 22
đź“Ą 25
đź“ť 88
Fetching and serving by
@timburks.me
. Application superpowers on the Envoy proxy.
pinned post!
IO is a new network proxy that makes application development easier and application deployments more secure.
agent.io/posts/io
loading . . .
Your Friendly Neighborhood Network Proxy
Meet the proxy you’ve always wanted.
https://agent.io/posts/io
12 months ago
0
1
0
I went native and built ACME support directly into IO. Here are some things that I learned:
agent.io/posts/acme/
loading . . .
Building an ACME Client
RFC8555 is revolutionary, but it has some rough edges.
https://agent.io/posts/acme/
9 days ago
0
0
1
"You've already used Envoy today. You probably didn't know it." From this beautiful overview by Erica Hughberg:
a-decade-of-envoy.netlify.app
loading . . .
A decade of Envoy
A decade of Envoy: from Lyft's debugging nightmare to the AI infrastructure era.
https://a-decade-of-envoy.netlify.app/
14 days ago
0
0
0
Recently I added support for proxying "raw" TCP ports so that IO could proxy SSH and other non-HTTP services. Here's an updated start screen that describes all of IO's modes.
18 days ago
0
0
0
reposted by
Agent IO
Tim Burks
23 days ago
Today I added local service discovery to IO and OMG it's so nice... I didn't realize how good it would feel to write zero-configuration API clients like this example that calls the Google Cloud Translate API...
1
5
1
Is it an agent that you want, or just agency?
agent.io/posts/agency/
loading . . .
Agency over Agents
A lot of people are trying to sell you agents. What you really want is agency.
https://agent.io/posts/agency/
26 days ago
0
0
1
reposted by
Agent IO
Tim Burks
about 1 month ago
"By leveraging Envoy as an agent gateway, organizations can decouple security and policy enforcement from agent development code." Google (partially) gets
@agent.io
-- they understand the potential but, as usual, miss the importance of simplicity!
cloud.google.com/blog/product...
loading . . .
https://cloud.google.com/blog/products/networking/the-case-for-envoy-networking-in-the-agentic-ai-era
1
2
1
People at Google really like Envoy (so do we)
cloud.google.com/blog/product...
loading . . .
The case for Envoy networking in the agentic AI era | Google Cloud Blog
In the world of AI agents, the Envoy networking proxy consistently enforces governance and security across all agentic paths, and at scale.
https://cloud.google.com/blog/products/networking/the-case-for-envoy-networking-in-the-agentic-ai-era
about 1 month ago
0
0
0
The slink CLI and code generator is now MIT-licensed.
github.com/agentio/slin...
loading . . .
GitHub - agentio/slink at v0.2.0
A tool for calling XRPC APIs, automatically generated from Lexicon. - agentio/slink
https://github.com/agentio/slink/tree/v0.2.0
about 2 months ago
1
6
0
Software Licenses and Workers' Rights
agent.io/posts/softwa...
loading . . .
Software Licenses and Workers' Rights
The open source ladder is leaning on the wrong wall.
https://agent.io/posts/software-licenses-and-workers-rights/
about 2 months ago
0
5
1
On the decision to write a PDS
agent.io/decisions/pds/
loading . . .
Build an ATProto PDS
Build an AT Protocol PDS the hard way (from scratch).
https://agent.io/decisions/pds/
about 2 months ago
0
0
1
Managing a Beta with Bluesky
agent.io/posts/managi...
loading . . .
Managing a Beta with Bluesky
How I use Bluesky to easily and securely preview a software product to users.
https://agent.io/posts/managing-a-beta/
about 2 months ago
0
1
1
Building a PDS the Hard Way
agent.io/posts/buildi...
loading . . .
Building a PDS the Hard Way
Commits that could get me committed.
http://agent.io/posts/building-a-pds
2 months ago
0
3
1
New in IO: Direct TCP port configuration
agent.io/io/config/#t...
loading . . .
IO Configuration Reference
Here’s how you can configure IO using its HCL-based configuration language.
https://agent.io/io/config/#tcp-port-configuration
2 months ago
1
0
0
Are you worried about DID:PLC? There are reasons to be, but they can be fixed
agent.io/posts/risks-...
loading . . .
Risks of DID:PLC
It’s the cornerstone of identity on Bluesky. What could possibly go wrong?
https://agent.io/posts/risks-of-did-plc/
2 months ago
0
2
4
Finally! The treatise about slink that no one was asking for but everyone needed
agent.io/posts/slink
loading . . .
Better Go clients for ATProto
Easily call XRPC APIs from your Go code and the command line.
https://agent.io/posts/slink
2 months ago
0
2
1
Here's a little CLI that generates itself from Lexicon and calls XRPC APIs.
github.com/agentio/slink
loading . . .
GitHub - agentio/slink: A tool for calling XRPC APIs, automatically generated from Lexicon.
A tool for calling XRPC APIs, automatically generated from Lexicon. - agentio/slink
https://github.com/agentio/slink
4 months ago
1
1
2
Auth scopes are great but they don't always restrict access as much as we want. Here's an IO configuration that *only* allows a couple of authorized API key users to call a few named methods of the Digital Ocean DNS API using a token that it gets from Hashicorp Vault.
4 months ago
1
1
0
Here's IO running on MacOS
agent.io/decisions/ma...
5 months ago
0
1
1
Are you familiar with the XDG Base Directory Specification? Here's how we used it to improve IO:
agent.io/decisions/xdg/
loading . . .
Conform to the XDG Base Directory Specification
Store IO state and temporary files in a standard location.
https://agent.io/decisions/xdg/
5 months ago
0
0
0
Recently we started building our own Envoy binaries and IO container images.
agent.io/decisions/co...
loading . . .
Build Envoy and IO containers directly
Use gcr.io/distroless and self-built Envoys to have more control and to reduce dependencies, vulnerabilites, and image size.
https://agent.io/decisions/containers/
6 months ago
0
0
0
Envoy requires libc, so it doesn't make sense for IO to make performance sacrifices to avoid depending on libc itself. That lets us build IO with CGO and use the native SQLite library, which has big performance benefits.
agent.io/decisions/cgo/
loading . . .
Use CGO, libc, and pure SQLite.
Since Envoy will always depend on libc, it seems reasonable for IO to also.
https://agent.io/decisions/cgo/
6 months ago
0
0
0
This week IO's configuration language got a revamp and a reference
agent.io/io/config/
loading . . .
IO Configuration Reference
Here’s how you can configure IO using its HCL-based configuration language.
https://agent.io/io/config/
7 months ago
1
0
0
Tempted by Alpine Linux:
agent.io/decisions/al...
loading . . .
Hold on Alpine Linux
I love the ideas behind this lightweight distribution, but it’s challenging in practice.
https://agent.io/decisions/alpine/
7 months ago
0
0
0
In September we created Sidecar, a new Go gRPC implementation that focuses on clarity, simplicity, and security for apps that run with sidecars. It's now how IO does gRPC. Here's a discussion of our decision to switch.
agent.io/decisions/si...
loading . . .
Build and Use Sidecar
Replace Connect with a new, simple, transparent Go gRPC library.
https://agent.io/decisions/sidecar/
8 months ago
0
0
0
Is it an SDK... or a monster infesting your app?
agent.io/posts/sdks/
loading . . .
Out-of-Process SDKs
Do you really want to put that vendor code in your app?
http://agent.io/posts/sdks/
8 months ago
0
0
1
reposted by
Agent IO
Tim Burks
8 months ago
If you use Go, gRPC, and sidecar proxies, I wrote this for you
github.com/agentio/sidecar
loading . . .
GitHub - agentio/sidecar: Baggage-free gRPC for Go.
Baggage-free gRPC for Go. . Contribute to agentio/sidecar development by creating an account on GitHub.
https://github.com/agentio/sidecar
0
2
1
Echo is a simple gRPC service that we wrote to test and experiment with gRPC and ConnectRPC
agent.io/posts/echo/
loading . . .
What can we learn with a simple gRPC service?
Exploring gRPC and connectrpc with a simple echo service.
https://agent.io/posts/echo/
9 months ago
0
0
0
How IO uses gRPC:
agent.io/posts/grpc/
loading . . .
How IO runs on gRPC
IO doesn’t just manage gRPC APIs, gRPC makes IO go.
https://agent.io/posts/grpc/
9 months ago
0
0
0
IO was created to work with a set of API management APIs from Google called Service Infrastructure, but now we think we've outgrown it.
agent.io/decisions/dr...
loading . . .
Drop Service Infrastructure
Remove integration with Google’s Service Infrastructure APIs.
https://agent.io/decisions/dropserviceinfra/
9 months ago
0
0
0
What's it like to run an application with Nomad and IO? Here's an example with bonus info about gRPC:
agent.io/posts/memos/
loading . . .
These are my Memos on IO
Here’s how I self-host a gRPC-based web application with IO.
https://agent.io/posts/memos/
10 months ago
0
0
0
Here's a practical benefit of our exploration of
@hashicorp.com
's Nomad and Vault: all of the configuration for this Nomad-hosted ATProto PDS is now read from secrets in Vault.
10 months ago
0
1
0
I'm getting more and more hooked on Nomad. With the raw_exec driver, I can run pretty much anything on my Nomad-running laptop. Here's how I use it to automatically unseal Vault.
agent.io/posts/laptop...
loading . . .
Nomad+Vault to Go
How I set up my Ubuntu laptops to run Nomad and Vault.
https://agent.io/posts/laptop-setup/#appendix-automatically-unsealing-vault
10 months ago
0
0
0
"The caller never sees this secret." IO can read and apply API keys so that applications can securely use secrets without ever directly possessing them.
agent.io/posts/vault
loading . . .
Let IO Handle your Vault Secrets
If you’re protecting your secrets with Vault, why are you handing them out to your applications? Let IO handle them instead.
https://agent.io/posts/vault
10 months ago
0
0
1
Here's IO using an API key that it read from Vault using its Nomad workload identity.
10 months ago
0
2
1
We've been working a lot with HashiCorp's Nomad and Vault. Here's an easy way to run them both on an Ubuntu laptop.
agent.io/posts/laptop...
loading . . .
Nomad+Vault to Go
How I set up my Ubuntu laptops to run Nomad and Vault.
https://agent.io/posts/laptop-setup/
10 months ago
0
0
1
Our preferred JWx library is
@lestrrat.bsky.social
‬'s lestrrat-go/jwx
agent.io/decisions/jwt/
loading . . .
Use one JWT library
Use github.com/lestrrat-go/jwx/v3 for all JWT operations.
https://agent.io/decisions/jwt/
10 months ago
0
0
0
A more general idea behind "No SDKs" and other design decisions is that we work to keep the number of third-party dependencies low and their quality high.
agent.io/decisions/de...
loading . . .
Minimize Dependencies
Keep third-party dependencies at a minimum.
https://agent.io/decisions/dependencies/
10 months ago
0
0
0
Finally (for now), we've been picky about limiting dependencies and controlling the network connections that IO makes. This seems worth noting as a decision, i.e. "No SDKs".
agent.io/decisions/sd...
loading . . .
No SDKs
No third-party SDKs are used by IO to call networked APIs.
https://agent.io/decisions/sdks/
11 months ago
0
0
0
Now we have a small fleet of droplets running Nomad and IO to use for testing and demos. We can manage them all over SSH, and quickly went from bash scripts to a small Go tool that can do things like check versions and trigger restarts.
agent.io/decisions/fl...
loading . . .
Use a Custom Fleet Manager
Manage node configurations with Go and ssh.
https://agent.io/decisions/fleet/
11 months ago
0
0
0
When we initially thought of adding analytics to the preview, we added a small custom API for sending them. But a little bit of investigation led to Open Telemetry, which we're using in a very basic and direct way (with no SDKs).
agent.io/decisions/ot...
loading . . .
Use Open Telemetry
Use Open Telemetry and Grafana for metrics, logging, and tracing.
https://agent.io/decisions/otel/
11 months ago
1
1
0
Once we had images on DockerHub, we started getting warnings about security vulnerabilities in the standard Envoy releases that we were using as base images. This led us to switch to the Envoy "distroless" images that are published by a team at Google.
agent.io/decisions/di...
loading . . .
Use Distroless Envoy images
Reduce dependencies, vulnerabilites, and image size.
https://agent.io/decisions/distroless/
11 months ago
0
0
0
At this point, the realization that "we've made so many decisions" forced me to stop, come up with a structure, and put as many past decisions that I could think of in it.
agent.io/decisions/re...
loading . . .
Record Decisions
Keep a record of significant decisions that have been made or are in progress.
https://agent.io/decisions/records/
11 months ago
0
0
0
The preview is based on IO Docker images, and setting up a paid DockerHub account seemed to be the best way to directly manage these and other images that we wanted to publish.
agent.io/decisions/do...
loading . . .
Use DockerHub
Use DockerHub for container distribution.
https://agent.io/decisions/dockerhub/
11 months ago
0
0
0
Adding SSH support made it clear that it would be easy to add SFTP/SCP support, which has been a great way to read and write configuration of remote IOs. More uses are coming.
agent.io/decisions/scp/
loading . . .
Use SCP and SFTP
Use SCP and SFTP to configure and observe IO.
https://agent.io/decisions/scp/
11 months ago
0
0
0
Honestly, THIS IS SO COOL. As soon as we discovered that we could use Charm's wish package to SSH into remote running IOs, we had to do it.
agent.io/decisions/ssh/
loading . . .
Use SSH to connect to IO
Use SSH to make the IO TUI available to remote users.
https://agent.io/decisions/ssh/
11 months ago
0
0
0
Our first step from the homelab to the cloud was to use Digital Ocean. The big draw was the simplicity of the console experience and Digital Ocean's APIs.
agent.io/decisions/di...
loading . . .
Use Digital Ocean
Prefer Digital Ocean for online operations and examples.
https://agent.io/decisions/digitalocean/
11 months ago
1
0
0
We're using Google Workspace for email and docs.
agent.io/decisions/wo...
loading . . .
Use Google Workspace
Use Google Workspace to host agent.io email and docs.
https://agent.io/decisions/workspace/
11 months ago
0
0
0
What's the least-commitment way to make IO available to other users? I wasn't ready to go through any "one-way doors", so we decided to start with a private preview.
agent.io/decisions/pr...
loading . . .
Release a Private Preview
Initially release IO in a licensed private preview with analytics.
https://agent.io/decisions/preview/
11 months ago
0
0
0
IO manages secrets so applications never see them. But where should secrets be kept? IO can store them in local storage, but to increase security, we wanted to integrate with a secrets manager. We decided to start with Vault.
agent.io/decisions/va...
loading . . .
Use Vault
Build Vault integration and use Vault to manage secrets.
https://agent.io/decisions/vault/
11 months ago
0
0
0
Importing generated code from other people's repos is a recipe for suffering, so we don't do it.
agent.io/decisions/pr...
loading . . .
Internalize Protobuf Codegen
All protobuf support code that IO uses is generated within the project.
https://agent.io/decisions/protos/
11 months ago
0
0
0
Load more
feeds!
log in
