AIDO · Secure execution harness for Agents

What happens when your agent acts

Why

Shell is broken

Agents execute raw bash.
Mistakes, hallucinations, dataset poisoning can be dangerous.

The harness is the product

SWE-Bench Pro shows a 22-point swing between the same model with a basic scaffold vs. an optimized harness.

The model is commodity.
The harness determines success.

Security by design

Default deny. Directory whitelists. Command whitelists. Deny patterns. Path traversal prevention. Confirmation mode. Snapshots before every mutation.

Every action is matched against policy rules before execution. rm -rf /, exfiltration, privilege escalation — blocked by pattern, not by luck.

Not bolted on. Built in.

Capabilities

—60+ typed actions: math, string, filesystem, git, code search, network, system, data, crypto, desktop, snapshots, events
—Policy engine — default deny, path whitelists, command allowlist, deny patterns, confirm mode
—Structured JSON results — never raw stdout
—Snapshots and rollback before mutations
—MCP server mode — plug into any MCP-compatible client
—Async handles for long-running tasks and event subscriptions
—Desktop control via Wayland (mouse, keyboard, screenshots)
—Works with any model: Claude, GPT, Ollama, Gemma, Qwen, Mistral, Deepseek
—Incus sandbox — agent executes in container, host untouched
—One Rust binary, ~5MB, zero runtime dependencies

MCP — works with any client

Claude Desktop

~/.config/Claude/claude_desktop_config.json

Cursor

.cursor/mcp.json or global MCP settings

Continue.dev

~/.continue/config.json → mcpServers

Zed

settings.json → context_servers

Windsurf

MCP plugin via Cascade settings

Any MCP client

Implements the Model Context Protocol spec

// common config pattern (Claude Desktop, Cursor, Continue…) { "mcpServers": { "aido": { "command": "aido-core", "args": ["--mode", "mcp"] } } }

For teams

Your agents act on real systems.
AIDO makes that safe.

If your team uses Cursor, Claude Code, or MCP tools in production workflows, agent actions hit your infrastructure without guardrails.

AIDO sits between the model and your systems — adding policy enforcement, human approvals, and a full audit trail to every action.

We run a 2-week pilot with your team to integrate AIDO into your existing stack. No commitment, no vendor lock-in — it's open source.

Book a 30-min intro →

❱ Policy engine — default deny, path whitelists, command allowlists. Every action checked before execution.

❱ Human-in-the-loop — granular approval gates per action, per scope, per risk level. Auto-approve safe reads, confirm writes.

❱ Audit trail — every action logged with structured traces. Who did what, when, and what the policy decided.

❱ MCP-native — drop-in for Cursor, Claude Desktop, Continue, Zed, Windsurf. One config line.

❱ Open source — Apache 2.0. Single Rust binary. Runs on your infra, air-gapped if needed.

Shell is broken

The harness is the product

Security by design

Your agents act on real systems.AIDO makes that safe.

Your agents act on real systems.
AIDO makes that safe.