Flowplane

Flowplane — an API gateway built for humans and AI agents.

Publish your APIs once. Get governance (auth, rate limits, audit), a REST proxy, schema learning that infers OpenAPI from live traffic, and an MCP server so LLMs can call your APIs as tools. Drive it from a CLI, REST API, web UI, or MCP tools.

Quick Start

curl -fsSL https://raw.githubusercontent.com/rajeevramani/flowplane/main/scripts/install.sh | sh
flowplane init                    # full demo stack: PG + CP + Envoy + httpbin
flowplane expose http://httpbin:80 --name demo
curl http://localhost:10001/get

flowplane init brings up the full demo stack — control plane, gateway data plane, and a test backend — in containers. Images are pulled from GHCR (no local source build required). flowplane expose registers an upstream and provisions everything required to route to it — cluster, route config, listener — in one command. The new endpoint is reachable on localhost:10001.

{
  "headers": {
    "X-Envoy-Expected-Rq-Timeout-Ms": "15000",
    "...": "..."
  },
  "url": "http://localhost:10001/get"
}

flowplane status    # 1 listener, 1 cluster, 0 filters
flowplane list      # demo → port 10001
flowplane down      # stop everything

Two binaries: flowplane (control plane + CLI) and flowplane-agent (sidecar that watches the gateway data plane for warming failures and reports them back). make install is a wrapper around two cargo install --path invocations — required because cargo install doesn't follow workspace default-members.

Breaking change (v0.2.3+): FLOWPLANE_DEV_DISABLE_AGENT is no longer honored — the agent is required and always spawns. Remove the var from your shell rc or CI environment if set.

Architecture

graph LR
    Caller[Developer / Service / AI Agent] -->|REST API / MCP| FP[Flowplane]
    FP -->|gRPC xDS| Envoy[Envoy data plane]
    Envoy -->|HTTP| US[Upstream Services]

Loading

Flowplane stores gateway configuration (clusters, routes, listeners, filters) in PostgreSQL and pushes it to the data plane over xDS. The data plane is Envoy.

Key Features

• MCP front door — MCP tools spanning gateway management (cp_*) and ops/diagnostics (ops_*) so AI agents can deploy, configure, and troubleshoot end-to-end. Dynamic api_* tools proxy through the gateway to upstream services. An MCP HTTP filter inspects and validates JSON-RPC 2.0 and SSE traffic to upstream MCP servers.
• API schema learning — capture live traffic, infer JSON schemas with confidence scoring, export as OpenAPI 3.1 with enum detection, path normalization, and domain-model deduplication.
• HTTP filter chain — JWT auth, OAuth2, CORS, local rate limit, header mutation, ext authz, RBAC, response compression, custom response, and MCP traffic validation. Per-route overrides supported.
• Multi-tenant — org / team hierarchy with Zitadel-backed OIDC + RBAC. A single enforcement point governs REST, MCP control plane, and MCP gateway calls.
• xDS data plane — ADS-based xDS multiplexing LDS, RDS, CDS, EDS, and SDS over a single gRPC stream. Access Log Service and ExtProc are exposed as separate gRPC services.
• REST API + Web UI — JSON API and SvelteKit dashboard on port 8080.

Documentation

The documentation home routes by reader path. Pick the one that matches what you're trying to do:

Reader path	Start here
Developer exposing an API	Quickstart — Developer
Platform team running Flowplane	Quickstart — Platform
AI agent (Claude Code) configuring via MCP	Quickstart — MCP

The full surface:

Topic	Link
Concepts and vocabulary	Concepts
Schema learning walkthrough	Quickstart — Schema Learning
CLI commands	CLI reference
Filters	Filter reference
MCP tools	MCP tools reference

Demo (prod-mode local evaluation)

make demo HTTPBIN=1           # boot CP stack (postgres, zitadel, vault, control-plane, httpbin)
make seed                     # create demo org / users / teams
flowplane auth login          # OIDC login
make demo-envoy-up            # boot Envoy + agent against the running CP

make demo is an evaluation harness, not a production deployment template. See Quickstart — Platform for the production operator contract.

Claude Code Skills

This repo ships with Claude Code skills in .claude/skills/ that give AI assistants deep context about the codebase. They load automatically when Claude Code detects a matching task.

For operating Flowplane (CLI use, MCP-driven configuration, ops):

Skill	Covers
flowplane-api	MCP tools, learning sessions, filter attach/detach, routing workflows
flowplane-cli	CLI command reference with flags, syntax, and examples
flowplane-ops	Boot recipes, diagnostic MCP tools, troubleshooting playbooks
flowplane-secrets	SDS secrets, encryption keys, filter integration

For developing on Flowplane:

Skill	Covers
flowplane-dev	Architecture, domain model, auth modes, boot lifecycle, filter system
flowplane-testing	Test layers, E2E framework, anti-patterns
flowplane-skill-maintainer	Keep skills in sync with the code as it evolves

Skills are tracked in git so they stay in sync with the code. The .claude/ directory is otherwise gitignored (settings, memory, and tasks remain private).

Requirements

• Docker or Podman
• Rust 1.92+

License

MIT — see LICENSE.