# FlowLink — Full Documentation for LLMs

> Governance & Risk Control for Autonomous AI Systems. AI Agent Security Gateway with MCP-level enforcement.

## Overview

FlowLink is a runtime security layer that sits between AI coding agents (Claude Code, Cursor, GitHub Copilot, Windsurf) and your servers. Every shell command passes through a 7-level Shield analysis before execution. FlowLink implements policy enforcement, risk scoring, and audit trails at the Model Context Protocol (MCP) layer.

**Key positioning:** FlowLink is NOT a SecOps tool, NOT a container security tool. It is a governance & risk control layer for autonomous AI systems. Policy enforcement + risk control at MCP level.

## Architecture

FlowLink uses a Control Plane / Data Plane architecture:

- **Gateway** (control plane): API server, billing, user management, MCP endpoint, dashboard backend. Port 9080.
- **Relay** (data plane): Agent connections, command filtering, policy enforcement, eBPF monitoring. Port 9081.
- **Communication**: Bidirectional WebSocket (WSS) between Relay and Gateway.

## Shield Engine — 7 Levels of Analysis

1. **Regex Pattern Matching** — known dangerous patterns (rm -rf, DROP TABLE, etc.)
2. **Semantic Analysis** — ML-based intent detection via embeddings
3. **Risk Scoring** — per-command risk assessment (0-100)
4. **Policy Matching** — organization-defined rules (allow/deny/ask patterns)
5. **Approval Routing** — auto / soft_ask / hard_ask workflows
6. **Audit Logging** — full forensic timeline with context
7. **eBPF Enforcement** — kernel-level file monitoring (ServerGuard)

## 27 MCP Tools — full governance, observability, security

### Gateway MCP Tools (21)

| Tool | Description |
|------|-------------|
| exec | Execute a command through Shield |
| deploy | Deploy code/artifacts safely |
| read | Read file contents (audited) |
| write | Write files (audited, policy-checked) |
| list | List directory contents |
| sysinfo | System information |
| agents | List connected agents |
| health | Health check endpoint |
| policy | Manage policies |
| approve | Approve pending commands |
| secrets | Zero-trust secrets management (E2EE) |
| audit | Query audit trail |
| kill | Kill a process (with safety checks) |
| deregister | Deregister an agent |
| config_update | Update agent configuration |
| shield | Query Shield status and configuration |
| fingerprint | Agent fingerprint and identity verification |
| backup | Trigger configuration backup |
| drift | Check and report config drift |
| session | Manage agent sessions |
| history | Query agent command history |
| guard | ServerGuard eBPF monitoring controls |

### Standalone MCP Tools (22)

| Tool | Description |
|------|-------------|
| status | Show FlowLink agent/relay status |
| doctor | Run diagnostic checks |
| discover | Auto-discover FlowLink services on network |
| config_init | Initialize configuration for first run |
| devices | Manage paired devices and trust |
| version | Show FlowLink version info |
| keygen | Generate encryption keypairs |
| encrypt | Encrypt data with E2EE |
| decrypt | Decrypt data with E2EE |
| approve (cli) | CLI-side approval of pending commands |
| gitops | GitOps deployment and config management |
| license | License activation and validation |
| serverguard | ServerGuard eBPF file monitoring |
| red_team | Red Team adversarial testing (sandbox) |
| sandbox | Isolated sandbox execution environment |
| forensics | Deep forensic incident chain analysis |
| webhook | Manage webhook integrations |
| compliance | Compliance reporting (FSTEC, FZ-152) |
| metrics | Query system and agent metrics |
| guard_code | Code/config/diff scanner — detect secrets, vulnerabilities, and policy violations in source code, configs, and diffs |
| check_deps | CVE scanner via OSV API — scan dependencies for known vulnerabilities and generate advisory reports |
| risk_snapshot | Composite risk score + SSL/TLS certificate analysis — aggregate risk assessment with certificate transparency checks |

## Security Model

- **Zero-Trust Secrets**: Secrets injected at runtime, E2EE, never stored in plaintext
- **Approval Workflow**: Three modes — auto (pass), soft_ask (notify), hard_ask (block until approved)
- **Per-Agent Risk Scores**: Real-time risk assessment with configurable thresholds
- **Agent Enforcement**: System prompt templates force agents to route all operations through FlowLink MCP
- **eBPF ServerGuard**: Kernel-level file system monitoring for critical paths
- **Telegram Approval**: Human-in-the-loop for suspicious commands via Telegram bot

## Audit Integrity (RFC-002)

FlowLink implements a multi-layer audit integrity system:

### Layer 1: Hash Chain Integrity
- SHA-256 hash chain for all audit events (event → prev_hash → chain_hash)
- Chain persisted in PostgreSQL, verified on load
- Integrity Verification API: `GET /api/v1/audit/integrity`
- External Witness Publisher: HMAC-SHA256 signed hash snapshots every 1000 records
- Dashboard badge: green "Chain intact" / red pulsating "Chain broken"

### Layer 2: Binary Attestation
- SHA-256 measurement of all binaries at startup (gateway + relay)
- Policy baseline capture and verification
- Attestation API:
  - `GET /api/v1/attestation/report` — current measurements
  - `GET /api/v1/attestation/policy` — expected hashes
  - `POST /api/v1/attestation/policy` — capture baseline
  - `POST /api/v1/attestation/verify` — verify integrity
- Dashboard badge: green ATTESTED / red TAMPERED

### Layers 3-4 (Roadmap)
- Layer 3: TEE Enclave (AMD SEV-SNP) — hardware-based attestation
- Layer 4: Policy Verification — Datalog formal proof of policy correctness

## Supported AI Agents

- Claude Code (Anthropic)
- Cursor
- GitHub Copilot
- Windsurf
- Any MCP-compatible client

## Pricing (RUB)

| Plan | Price | Agents | Rate Limit | Key Features |
|------|-------|--------|------------|--------------|
| Free | 0 ₽ | 1 | 200/min | Shield, Policies, Audit, Secrets, Telegram |
| Starter | 4,990 ₽/year | 5 | 500/min | +Forensics, Agent Health, Red Team Sandbox |
| Team | 14,990 ₽/year | 10 | 1500/min | +Compliance, RBAC, SSO, Webhooks |
| Business | 39,990 ₽/year | 50 | 4000/min | +SIEM, Self-Tuning Policies, eBPF, API |
| Enterprise | Custom | Unlimited | Unlimited | On-premise, Air-gapped, Custom SLA |

All tiers include: Shield Engine, Policy Engine, Zero-Trust Secrets, Audit Trail, eBPF ServerGuard, MCP Gateway.

## Platform Support

- Linux: x86_64, ARM64
- macOS: Apple Silicon (M1-M4), Intel
- Docker: x86_64, ARM64
- Kubernetes: Helm chart available

## API Reference

- **MCP Endpoint**: `POST https://flowlink.flow-masters.ru/mcp` (JSON-RPC 2.0)
- **REST API**: `https://flowlink.flow-masters.ru/api/v1/`
- **Authentication**: API key via `Authorization: Bearer flk_live_XXX` or `x-api-key` header
- **WebSocket**: `wss://flowlink.flow-masters.ru/ws` for agent connections

## Quick Start

```bash
# 1. Install FlowLink agent
curl -fsSL https://flowlink.flow-masters.ru/install.sh | sh

# 2. (Optional) Self-host relay
curl -fsSL https://flowlink.flow-masters.ru/install-relay.sh | bash

# 3. Create API key at https://flowlink.flow-masters.ru/dashboard

# 4. Add to your AI tool config
{
  "mcpServers": {
    "flowlink": {
      "url": "https://flowlink.flow-masters.ru/mcp",
      "headers": { "Authorization": "Bearer flk_live_YOUR_KEY" }
    }
  }
}
```

## Use Cases

1. **DevOps Teams**: Prevent AI agents from running destructive commands on production servers
2. **Compliance Officers**: Maintain audit trails of all AI-initiated actions (FSTEC, FZ-152)
3. **Security Teams**: Detect and block prompt injection attacks targeting server infrastructure
4. **Enterprise IT**: Enforce governance policies on AI-assisted development workflows
5. **Managed Service Providers**: Offer AI-secured infrastructure to clients

## Competitive Differentiation

FlowLink vs competitors:
- **vs Falco/Tetragon**: FlowLink operates at MCP/command level, not kernel level. Complementary.
- **vs ToolHive**: FlowLink has Shield Engine with semantic analysis, ToolHive is sandbox-only
- **vs MCP Defender**: FlowLink has eBPF enforcement, policy engine, and self-tuning ML
- **vs Lunar.dev**: FlowLink is self-hosted, no data leaves your infrastructure

## Partner Program

B2B referral program with tiered commissions:
- **Bronze**: 20% commission, 10% client discount, 0+ referrals
- **Silver**: 25% commission, 10% discount, 5+ referrals
- **Gold**: 30% commission, 15% discount, 15+ referrals
- Monthly payouts, minimum 3,000 ₽
- 30-day hold on commissions (chargeback protection)
- Auto tier-upgrade at thresholds
- Registration: https://flowlink.flow-masters.ru/partners
- Dashboard: https://flowlink.flow-masters.ru/dashboard/partners

## Compliance & Legal

- FSTEC compliance (Russian cybersecurity standards)
- FZ-152 data protection (Russian personal data law)
- Audit trail with forensic timeline for compliance reporting
- On-premise and air-gapped deployment options
- Russian market focused (RUB pricing, Точка Банк payments)

## Links

- Website: https://flowlink.flow-masters.ru
- Features: https://flowlink.flow-masters.ru/features
- Documentation: https://flowlink.flow-masters.ru/docs
- Playground: https://flowlink.flow-masters.ru/playground
- Pricing: https://flowlink.flow-masters.ru/pricing
- Partners: https://flowlink.flow-masters.ru/partners
- GitHub: https://github.com/braincreator/flowlink-ai-firewall
- FAQ: https://flowlink.flow-masters.ru/docs/faq
- Comparison: https://flowlink.flow-masters.ru/docs/comparison
- Changelog: https://flowlink.flow-masters.ru/docs/changelog