Descriptor-driven
A catalog entry declares the base URL, the auth scheme, and the operations a service exposes. The generic adapter executes whatever the descriptor describes.
Services
Connect to anything, declaratively
A generic, data-driven service node calls any REST API described by a catalog descriptor. Vendor names and endpoints live in catalog data, never in code. Credentials never reach a model.
Service nodes
One adapter, every API
Instead of a hand-written integration per vendor, Flow ships one generic service
adapter that executes any REST API described by a catalog entry's
serviceIntegration descriptor: base URL, auth scheme, and operations.
Adding an integration means adding catalog data, not platform code.
Full OAuth2
Authorization-code flow with refresh, driven through the system browser with loopback capture. Bearer, basic, and API-key schemes are also supported.
Keyring-held secrets
Tokens and connection secrets live in the OS-native credential store, such as macOS Keychain, Windows Credential Manager, or libsecret. They are never on disk and never visible to a model.
Connection management
Per-service connect, disconnect, and status live in Settings, with a provider-console help link for each service.
Off by default
External API calls are a deliberate, opt-in carve-out from Flow's zero-egress posture. They are gated by workspace settings, the same way cloud AI is.
On the roadmap
Connection health checks, per-operation scope selection, and inbound webhook and event triggers.
Posture
Opt-in by design
Flow's default is zero egress, so nothing leaves the workstation. Service nodes are one of two deliberate carve-outs, and cloud AI is the other. Both default to off, both are gated by settings, and both keep credentials in the OS keyring with the orchestration engine as the sole custodian.
When a service node runs, the engine resolves the connection, injects credentials at execution time, and never passes them to the AI models that may interpret the response.
The node catalog is the contract
Read how catalog descriptors drive nodes, inspectors, and adapters.