Sign up for FreeKnowledge Base

📖2025

This page has all the current & past feature, updates and changes to the p0 app for 2025.

July 14th 2025

New Features

Core Platform Capabilities

  • Service Account Support for P0 API Requests Service accounts (for example, those used by Terraform) can now authenticate and execute P0 API calls without needing static credentials, making infrastructure-as-code workflows smoother.

  • Access‑Type Selector in Routing Rules You can now pick specific access types when authoring routing rules just like the sample template so approvals can be tailored by, for example, “p0 request gcloud role.”

  • Query Search for User Listings in Directory Integrations When you’re browsing users in any directory integration (LDAP, Entra, etc.), there’s now a search box to filter by name, email, or ID.

User Experience

  • Disable Automatic Log-Out A new toggle in the UI lets you disable automatic session log-outs, so your P0 session stays active until you choose to end it.

Enhancements

Core Platform Capabilities

  • AWS Account Alias Support in SSH Requests SSH commands now accept AWS account aliases in the parent parameter (e.g. ./p0 request ssh parent:alias-name), so you can reference accounts by friendly names instead of numeric IDs.

Security & Monitoring

  • Dangerous Routing Rule Detection Automatically detects and alerts on potentially dangerous routing rules, helping you catch misconfigurations before they impact your environment.

June 29th 2025

New Features

Core Platform Capabilities

  • Group & Parent Context in SSH Notifier SSH notifications now include both group and parent identifiers in their event payloads, giving you richer context for auditing and routing.

  • Access-Type Selector in Routing Rules A new UI control lets you pick specific access types (e.g., “p0 request gcloud role”) when authoring routing rules, so you can tailor approvals more precisely.

Email Notifier Enhancements

  • Evidence-Created Alerts The Email Notifier can now send you a notification immediately when new evidence is submitted—keeping stakeholders in the loop.

  • Expiration-Reminder Alerts Receive automated email reminders before any evidence item expires, so nothing slips through the cracks. Automatic Expiration Workflow

  • Pending-Request Auto-Expiration Access requests that linger past their expiration date are now closed out automatically by a scheduled job, reducing manual cleanup.

Enhancements

Reliability & Error Handling

  • Snowflake User Detection Fix Resolved an issue where email case mismatches prevented user lookups in Snowflake. Emails are now normalized to avoid false negatives.

  • Terraform-Backed GKE Updates Improved our Terraform module to ensure GKE clusters and node pools stay aligned with the desired configuration.

  • AWS Lambda Notifier Created-At Field Fixed a missing timestamp field on Lambda-based notification events so you can reliably track when alerts were generated.

  • ProxyCommand & Versioning CLI Fixes

    • p0 --version now prints clean output without extra logging noise.

    • The p0 proxy command gracefully handles token expiry and exits quietly when no targets match.

Developer Experience & Tooling

  • Kubernetes Configuration Updates Refined default configs for cluster access and context management to simplify developer onboarding.

  • Off-Boarding Automation Streamlined user off-boarding flows so that deactivated accounts are removed from all P0 services in one go.

June 15th 2025

New Features

  • Email Notifier Default Sender The email notification channel now sends from a dedicated [email protected] address to minimize bounce-backs.

  • Installer Enhancements

    • Resource ID Injection The P0 installer can now automatically inject resource identifiers into its setup flow for more precise asset mapping.

    • ~/.kube/config Alias Generation Running p0 ssh will create friendly host aliases in your Kubernetes config file, so you can connect with a simple name.

Enhancements

  • Authentication & Proxy Fixes

    • Email addresses entered with uppercase letters (e.g. [email protected]) are normalized on sign-up so you never get blocked by case mismatches.

    • The p0 proxy command now handles token expiry without crashing and suppresses output when no matching instances are found.

  • Resource Editor Robustness

    • Guardrails have been added to the resource-editor UI to prevent “cannot read properties of undefined” errors.

  • Retry & Timeout Improvements

    • AWS component installation checks now automatically retry on transient failures.

June 1st 2025

New Features

Cloud Installers & Integrations

  • Azure Application Installers

    • Improved UI/UX for Azure related features.

  • AWS Lambda Notifier Guide Comprehensive documentation for configuring AWS Lambda as a custom alert notifier in P0.

  • PagerDuty Auto-Approver Routing rules can include PagerDuty on-call schedules as automatic approvers for emergency workflows.

API & CLI Enhancements

  • Default SSH Shell Configuration Updated p0 ssh command to default to Bash, with an option to override for other shells.

  • Resource Listing Endpoint & CLI New REST API and accompanying p0 resources list command to fetch all supported resource types and their definitions.

  • OpenAPI Specification Publications Public OpenAPI docs released for:

    • Swisscom integration

    • Routing rules engine

    • AWS SDK installation workflow

Documentation Improvements

  • Azure Command References Added step-by-step guidance for:

    • Creating the P0 Management Role in Azure

    • Generating federated credentials via CLI

  • Custom Resource Types Detailed walkthroughs for defining and using custom resource categories in P0.

Enhancements

CLI & Developer Experience

  • SSH Performance & Errors Reduced latency in p0 ssh connections and improved “identifier resolution” error messages.

  • AWS Policy Hyphen Support Enhanced attachment-rule parser to accept hyphens in AWS Function Caller policies.

  • Persistent Access Duration Fixed an issue where “persistent” access requests ignored the specified duration.

  • Enhanced Tracing Expanded internal tracing hooks for better diagnostics during CLI operations.

UI & UX Tweaks

  • Access-Key Lookback Correction Adjusted the default audit time window displayed for access-key evidence in the UI.

Microsoft Teams Resilience

  • Case-Insensitive Channels Channel name matching in Teams is now case-insensitive to avoid routing errors.

May 18th 2025

New Features

CLI Improvements

  • Seamless Login The p0 login command now detects existing sessions and skips redundant authentication steps, streamlining your workflow.

  • Automatic SSH Config A new p0 ssh-config command generates ready-to-use SSH configuration snippets for effortless access to your servers.

Authentication & Notifications

  • Microsoft Entra Support New customers can create new accounts using Microsoft Entra, expanding your choice of identity providers.

  • Email Alerts An email notification channel has been introduced so you can receive P0 alerts directly in your inbox.

  • Multi-Channel Notifications Setup notifications and chat ops with Slack, Teams, or Email to stay informed where it’s most convenient.

Cloud Platform Integrations

  • AWS Just-In-Time Provisioning Fine-tune IAM policy attachment rules with the new “extends from” attribute for more granular access control.

  • Google Cloud Run Agent Deploy P0 agents seamlessly to Cloud Run environments using the new installation component.

Visualization & Installer

  • Asset Relationship Graph Explore a prototype graph layout for visualizing compute asset topologies and their interconnections.

  • Teams Store Installer The P0 installer now defaults to installing our Microsoft Teams app straight from the official Teams Store for a smoother setup.

Enhancements

CLI & UX Fixes

  • Corrected the default time shown in the /p0 allow modal’s DateTime picker.

  • Permission-set dropdowns now display all options instead of truncating choices.

  • Email addresses entered with uppercase letters (e.g.
[email protected]) are normalized automatically.

  • Improved public-channel notification formatting and expanded help text for Microsoft Teams.

  • Clarified installation guidance messages for setting up notification channels.

Reliability & Error Handling

  • Automatic retries during AWS component installation checks to mitigate transient errors.

  • Extended Semgrep scan time-outs in CI workflows to prevent premature cancellations.

  • Suppressed errors when AWS instances are already removed during evidence revocation.

  • Safeguarded against circular-reference issues by ensuring evidence records don’t match themselves.

ProxyCommand Enhancements

  • Gracefully handle token expiration without crashing.

  • Exit quietly when no instances match, reducing unnecessary output.

  • Display SSH-friendly host identifiers for easier server selection.

  • Provide clear error messages when required parameters (e.g., reason) are missing.

  • Ensure p0 ls consistently lists servers according to specified filters.

Web Request Submission Flow

  • Backend validation errors (including “Reason” and “Request duration” fields) now surface directly in the P0 web-request form for faster troubleshooting.

April 20th 2025

New Features

Slack & Notification Enhancements

  • Rich Slack Modals Interactive input blocks for the /p0 allow command—including date/time and duration pickers—plus optimistic pre-population of form data for faster approvals.

  • Automated Expiration Alerts Email and in-app notifications to requestors and approvers before evidence items expire, so nothing slips through the cracks.

  • MS Teams Lifecycle Integrations Submit audit evidence and lifecycle events directly from Teams, complete with clear guidance and error messaging.

Security & Compliance Workflows

  • AWS Trust Policy Monitor Real-time checks on IAM roles to flag any trust policy granting unrestricted root access.

  • Custom Resource Routing Engine New API endpoints and routing rules for user-defined asset types, giving you total flexibility.

  • Okta Assessment Automation End-to-end Okta security reviews—from data collection through report generation—built into the P0 audit pipeline.

Reporting & Analytics

  • Cross-Project Findings Export One-click export of detailed findings across all your projects for off-platform analysis.

  • Enhanced Dashboard Charts Bucket-date overlays on findings charts for clearer trend analysis over time.

Cloud Platform Integrations

  • AWS Just-In-Time Provisioning “Extends from” support on attachment rules for more precise IAM policy scope.

  • Google Cloud Run Agent Installer Deploy P0 agents seamlessly into Cloud Run with a dedicated installation component.

Enhancements

Reliability & Performance

  • Datastore Indexing New index on evidence records to speed up complex queries.

User Experience

  • Posture & Monitor Pages Fixed infinite-render issues on “all” views and ensured data loads reliably.

  • Date Validation Both client and server now enforce valid future start/end times in all access-request flows.

  • Dropdown & Picker Fixes Permission-set selects now show every option, and the /p0 allow DateTime picker defaults correctly every time.

Notifications & Integrations

  • PagerDuty Resilience Standalone repro cases for token-expiry issues and automatic retries in notification flows.

  • Error Messaging Expanded help text and clarified error feedback across Slack, Teams, and email channels.

April 6th 2025

New Features

  • Unused IAM Roles Monitor View IAM roles that haven’t been used (including “never used”), complete with last-used timestamps and guided remediation suggestions.

  • AWS Identity Center Diagnostics Built-in troubleshooting for Identity Center errors, surfacing detailed traces so you can resolve issues faster.

  • Lifecycle SDK Enhancements Full support for multivalued objects in lifecycle workflows, enabling more complex automation scenarios.

  • Automated “Fix” Commands New one-click CLI commands to automatically remediate unused or overly-privileged IAM policies.

  • AWS Service Discovery Automatically enumerate which AWS services are enabled in your account to streamline compliance checks.

  • Custom Permission-Set Scopes Tailor exactly which resources, actions, and conditions are requested via both the UI and API.

  • Virtualized Permission Tables Replace full-render tables with virtualized lists so large graphs and tables load and scroll instantly.

Enhancements

  • Search & Navigation

    • No-op on empty searches to prevent errors

    • Resource links now always navigate correctly in monitor views

  • Form Validation & Error Feedback

    • Inline display of JSON parse errors in environment payloads

    • Date-pickers enforce future dates and default to the correct time

    • Backend validation errors (e.g. missing Reason or invalid duration) now surface directly in the form

  • Visual Consistency

    • Warning icons and status badges reflect real-time data states

    • Table columns render consistently across browsers, with proper truncation

  • Visibility Check Resilience Clear error message and retry option when visibility-check endpoints are unavailable

  • Performance & Responsiveness Virtualized lists and optimized rendering ensure snappy load times and smooth scrolling throughout the app.

PreviousJust-in-time settings API

Last updated