Cloud providers
Cloud AI is the ai node with a cloud provider. There is no separate cloud
node type. Cloud egress is a deliberate carve-out from Flow’s zero-egress
posture. It defaults to off, and users opt in via Settings.
Posture
Section titled “Posture”ai node, local provider | ai node, cloud provider | |
|---|---|---|
| Network egress | None | Yes - to the provider’s API |
| Credentials | None required | Provider API key (OS keyring, env fallback) |
| PII sanitization | Mandatory | Mandatory (same sanitizer) |
| Default policy | Always on | Off; opt-in via Settings |
| Persisted output | Full assistant text | Metadata + 200-char preview by default |
| Visual badge | None | A cloud egress indicator on the node |
Supported providers
Section titled “Supported providers”| Provider | Env var fallback | Example default models |
|---|---|---|
| Claude (Anthropic) | ANTHROPIC_API_KEY | Opus, Sonnet, Haiku families |
| OpenAI | OPENAI_API_KEY | GPT-4-class models |
| Gemini (Google) | GOOGLE_API_KEY | Gemini 2.x / 1.5 families |
| NVIDIA | NVIDIA_API_KEY | Nemotron and hosted open models |
Adding a new provider is a contained, code-level change. See Extension APIs.
Capabilities, at parity
Section titled “Capabilities, at parity”The same five capabilities wire through to each provider in its native format. Reasoning, vision, and tool use work on the major providers. Embeddings work where the provider exposes an embeddings API, which Claude does not. Classification works everywhere. Structured output rides as native JSON-schema enforcement on OpenAI-compatible providers, and is prompt-constrained elsewhere. Agentic mode works with any provider. Generation uses the node’s provider and model, and review, monitor, and fix are the shared lifecycle.
Privacy and audit
Section titled “Privacy and audit”Metadata-only by default. A cloud node’s persisted output contains
provider, model, finish reason, token counts, latency, and a 200-character
preview. This supports cost and latency review without keeping transcripts on
disk. Setting auditContent: true on a node persists the full prompt and
response for debugging or training-data collection.
What flows out: the provider receives the sanitized prompt. Datasets, hostnames, credentials, and IPs are replaced with typed placeholders before the HTTP call. Each provider has its own data-retention policy, and Flow does not negotiate or alter those terms.
Credentials
Section titled “Credentials”API keys resolve at execution time through keyring, then env var:
- Keyring (recommended) is stored in the OS-native credential store. Set it from Settings → Providers. The key is never echoed back, and the row shows a keyring-OK indicator.
- Environment variables (fallback) are the matching env var per provider. The Settings drawer marks env-only providers with an amber hint to migrate.
If neither path produces a key when a cloud node runs, the node fails with a clear message naming the provider and the env var. The runtime never persists keys to disk outside the OS keyring.
Settings
Section titled “Settings”{ "allow_cloud_ai": false, "providers_enabled": { "claude": true, "openai": true, "gemini": true, "nvidia": true }}The global toggle plus per-provider toggles live in the Settings drawer.
Related
Section titled “Related”- AI overview is the local-first counterpart.
- Isolation boundaries show where the carve-out sits in the security model.
- flow-execution
is the internal dispatch path an
ainode runs through.