Что такое FlowLink?

FlowLink — Runtime AI Firewall, который перехватывает команды от AI агентов (Claude Code, Cursor, Copilot) и анализирует их на 7 уровнях безопасности перед выполнением на сервере. Защищает от shell injection, кражи credentials и утечки данных за 2 минуты установки.

Как FlowLink защищает от AI агентов?

FlowLink защищает от 3 векторов атаки: shell injection (уничтожение данных), credential theft (кража секретов), data exfiltration (утечка данных). Каждый запрос проходит через 7 уровней анализа за <1мс — kill switch, read-only, blacklist, policy engine, sandbox, approval workflow, backup.

Сколько времени занимает установка FlowLink?

Установка FlowLink занимает 2 минуты — одна команда для скачивания бинарника и systemd service. Не требует изменения кода AI агента или инфраструктуры. Работает как прозрачный proxy.

С какими AI инструментами работает FlowLink?

FlowLink интегрируется с Claude Code, Cursor, GitHub Copilot, Windsurf и любыми MCP-совместимыми инструментами через единый MCP gateway. Поддерживает облачный remote MCP и self-hosted deployment.

Есть ли бесплатный тариф FlowLink?

Да, тариф Starter бесплатен и включает базовую защиту с 1 агентом, MCP gateway, playground и community поддержку. Для production рекомендуется Professional (1 990 ₽/мес) или Scale (4 990 ₽/мес) с приоритетной поддержкой.

FlowLink работает self-hosted или в облаке?

FlowLink устанавливается на ваш сервер (self-hosted) как systemd service. Релей для координации работает в облаке. Все данные о командах и политиках хранятся на вашем сервере. Код открыт.

Platform Overview

FlowLink is an AI-native SecOps & Operations Platform — the central control plane between AI agents and your infrastructure. Not just a gateway, not just a firewall — a complete platform for secure, observable, and governed AI agent operations.

Why FlowLink?

AI agents (Claude Code, Cursor, Copilot, Windsurf, custom agents) can now execute code, access databases, manage infrastructure, and interact with APIs. Without a control plane, every agent is an uncontrolled privilege escalation vector.

FlowLink sits inline between agents and your tools, providing:

Runtime guardrails — real-time command filtering, blocking, and approval
Zero-trust secrets — inject secrets at runtime, never expose to agent memory
Full audit trail — every action logged, timestamped, attributed
Compliance & forensics — incident timelines, compliance reports, state snapshots
Observability — live service map, agent health, anomaly detection

Platform Architecture

┌──────────────────────────────────────────────────────────────────┐
│                     AI Agents & Coding Tools                      │
│  Claude Code · Cursor · Copilot · Windsurf · Custom Agents       │
└──────────────────────────────┬───────────────────────────────────┘
                               │ MCP / WSS / HTTP
┌──────────────────────────────▼───────────────────────────────────┐
│                      FlowLink Relay                               │
│  ┌──────────┐ ┌──────────┐ ┌───────────┐ ┌──────────────────┐   │
│  │  Shield   │ │  Policy  │ │ Approval  │ │  Rate Limiter    │   │
│  │  Engine   │ │  Engine  │ │  Queue    │ │  & Auth          │   │
│  └──────────┘ └──────────┘ └───────────┘ └──────────────────┘   │
│  ┌──────────┐ ┌──────────┐ ┌───────────┐ ┌──────────────────┐   │
│  │  Secret   │ │  Audit   │ │   SIEM    │ │  Infra Map       │   │
│  │ Injection │ │   Log    │ │ Integration│ │  & Discovery     │   │
│  └──────────┘ └──────────┘ └───────────┘ └──────────────────┘   │
│  ┌──────────┐ ┌──────────┐ ┌───────────┐ ┌──────────────────┐   │
│  │ Forensics│ │ Service  │ │   AI Ops  │ │  Change Mgmt     │   │
│  │ Timeline │ │ Catalog  │ │ Assistant │ │  & Rollback      │   │
│  └──────────┘ └──────────┘ └───────────┘ └──────────────────┘   │
└──────────────────────────────┬───────────────────────────────────┘
                               │
┌──────────────────────────────▼───────────────────────────────────┐
│                    MCP Servers & Infrastructure                    │
│  Git · K8s · PostgreSQL · Redis · Docker · AWS · Vault · SIEM    │
└──────────────────────────────────────────────────────────────────┘

Platform Layers

🛡️ Layer 1: Security & Governance

Component	Description	Status
Shield Engine	Real-time command filtering — allow, block, or require approval based on pattern matching and risk scoring	✅ GA
Policy Engine	Per-agent, per-service, per-tool policies with priority rules and wildcard support	✅ GA
Approval Queue	Human-in-the-loop approval for high-risk operations — Slack, Telegram, Web UI	✅ GA
Rate Limiting	Per-agent and per-tool rate limits with hot-reloadable configuration	✅ GA
Authentication	OAuth (VK, Yandex, GitHub), email/password, 2FA/TOTP, httpOnly cookie sessions	✅ GA

🔑 Layer 2: Secrets & Zero-Trust

Component	Description	Status
Secret Injection	Inject secrets at runtime (env vars, files, vault pull) — agents never see credentials	✅ GA
Per-Org Encryption	X25519 key exchange — each organization has unique encryption keys	✅ GA
External Vault	Integration with HashiCorp Vault and other secret backends	✅ GA
Zero-Trust API	Key setup, verification, and rotation endpoints	✅ GA

📋 Layer 3: Audit & Compliance

Component	Description	Status
Audit Log	Every action logged with agent ID, account ID, timestamp, result, and metadata	✅ GA
Command History	Full command recording with exit codes, duration, shield results, and risk levels	✅ GA
SIEM Integration	Push alerts and events to external SIEM via webhooks (Alertmanager, Generic)	✅ GA
Compliance Reports	Auto-generated security audit and policy compliance reports with scoring	✅ GA
Context Snapshots	Point-in-time state capture for audit, rollback, and post-mortem analysis	✅ GA

🗺️ Layer 4: Infrastructure & Observability

Component	Description	Status
Infrastructure Map	Semantic graph of hosts, services, databases, queues, and their relationships	✅ GA
Service Discovery	Auto-discover infrastructure via agents (processes, Docker, config files, env vars)	✅ GA
Service Catalog	Live catalog with ownership, SLA tiers, health status, and risk scoring	✅ GA
Agent Health	Real-time agent monitoring with heartbeat tracking and auto-recovery	✅ GA
Incident Timeline	Forensic timeline with blast radius analysis and anomaly detection	✅ GA

🤖 Layer 5: AI Ops & Business

Component	Description	Status
AI Ops Assistant	Natural language queries about infrastructure, agents, risks, and costs	✅ GA
Efficiency Insights	Agent ROI analysis — time saved, success rates, cost optimization	✅ GA
Change Management	Safe rollout with approval workflow, rollback, and full audit trail	✅ GA
Pattern Learning	Learn agent behavior patterns and auto-generate policy suggestions	🔄 Beta
Cost Attribution	Per-agent, per-service cost tracking and budget alerts	📋 Planned

Compliance Alignment

FlowLink is built in alignment with emerging AI security standards:

OWASP GenAI MCP Security Guide — tool poisoning prevention, least-privilege access, runtime guardrails
Zero-Trust Architecture — per-org encryption keys, secret injection, no standing credentials
ФСТЭК / ГОСТ Р 57580 — audit logging, access control, incident response (Russian compliance)
SOC 2 Type II — audit trail completeness, access management, change management

See the Compliance and ФСТЭК pages for detailed mapping.

How FlowLink Compares

Capability	FlowLink	Enkrypt AI	Operant AI	MintMCP
Inline MCP Gateway	✅	✅	✅	✅
Runtime Command Filtering	✅	⚠️ Partial	✅	⚠️ Partial
Human Approval Queue	✅	❌	❌	❌
Zero-Trust Secrets	✅	❌	⚠️ Partial	❌
Infrastructure Map	✅	❌	❌	❌
Forensic Timeline	✅	❌	❌	❌
Service Catalog	✅	❌	❌	❌
AI Ops Assistant	✅	❌	❌	❌
Self-hosted / On-premise	✅	❌ Cloud	❌ Cloud	❌ Cloud
ФСТЭК Compliance	✅	❌	❌	❌

Technology Stack

Backend: Rust (Tokio, Axum, SQLx, Teloxide)
Frontend: Next.js 15 (App Router, Server Components, Tailwind CSS)
Database: PostgreSQL (Supabase-compatible)
Agent Protocol: MCP (Model Context Protocol) over WebSocket / HTTP
Crypto: X25519 + AES-256-GCM for zero-trust encryption
Infrastructure: Docker, systemd, nginx reverse proxy