The control plane for agent-native work

Agent-native work,
governed.

FlowDesk doesn't just let AI agents do the work — it bounds, approves, and proves every move. Explainable dispatch. Tamper-evident audit. Per-agent RBAC. The intelligence and the receipts, in one place.

Open FlowDesk For agents & developers
$0.004
est. cost / AI action
cost-aware routing
87%
decision confidence
scored & explained
SHA-256
audit hash-chain
tamper-evident
0→∞
agents, scoped
keys · RBAC · expiry

// figures illustrate the product's real mechanics on example data — not customer traction. The audit hashes below are real SHA-256, recomputed live in your browser.

The whole process — live

A sentence becomes
governed, proven work.

One request, the entire pipeline — parsed, routed, governed, executed, sealed into the audit chain, and remembered. Run it end-to-end, or hover any stage to inspect it.

Hover a stage to inspect — or run the whole flow.
The gold — intelligence

Plain English in.
Structured, explained, priced work out.

AI Dispatch turns a messy sentence into a structured task — then tells you why, how sure it is, and what it cost. A cost-aware pipeline runs simple parses on-device for $0 and reserves the model for genuinely hard input.

// a human (or agent) writes
urgent: ship launch email to @marco by friday #launch
exact cache · miss on-device router claude-fable-5
// cost-aware: cache → heuristic router → model only when it earns it
// FlowDesk returns
Ship launch email
URGENT
Assignee
@marco
Deadline
Fri
Tags
#launch
AI · claude-fable-5 87% sure
// why? — "urgent" → priority · "@marco" routed · "friday" → deadline · stamped to an immutable decision ledger
AgentOps

Every action, measured

Method mix, average confidence, p95 latency, and est. spend — the observability layer for your agent fleet, over the real decision log.

Decision ledger

Explainable by record

Input, method, model, confidence, reason and the system-prompt version — written to ai_decisions for every AI call.

Workspace intelligence

A moat that compounds

Decisions accumulate into owned, workspace-specific memory — history a competitor's parser can't copy on day one.

The moat — trust

Hand it off.
Keep the receipts.

Autonomy is only valuable if it's accountable. FlowDesk seals every agent action into a cryptographic hash-chain — any third party can prove the log hasn't been altered.

// tamper-evident audit · row_hash = SHA-256( prev_hash ‖ row ) · recomputed live in your browser
9c2e
7f3a
b41d
#25
c1d4
5be9
// what one audit row actually contains — written for every AI & agent action
{ "seq": 25, "prev_hash": "a420…e9", // links to the row before — this is the chain "created_at": "2026-06-17T09:22:03Z", "actor_type": "agent", // human | agent | workflow "agent_key_id": "fdk_live_a91f", // which scoped key acted "action": "approval.granted", "subject": "task:7c1d…", "model": "claude-fable-5", "prompt_version": "dispatch.v4", // reproducibility "confidence": 0.93, // scored & gate-checked "approved_by": "human:vasile", // human-in-the-loop, when required "hash": "7489…c1", // SHA-256( prev_hash ‖ this row ) "signature": "hmac-sha256:…" // HMAC over the hash }
// every receipt is also signed — anyone can verify it came from FlowDesk, with our public key
algorithmECDSA · elliptic-curve P-256 · SHA-256 ES256
public key/.well-known/flowdesk-signing-key.json
signaturelWUgVpJVVRMv2pi8PViiLR4orPSV+McixAmOl8aLv7KaBAO0Nu/banh1m7Kx6OJyJw4B9AlITHHSve8+BpXIdQ==
// the hash-chain proves nothing was altered; the signature proves the receipt genuinely came from FlowDesk — an agent verifies both, with only the public key, before trusting it.
Scoped keys

Per-agent fdk_live_ keys — sha256-hashed, scoped, rate-limited, with expiry.

Agent-RBAC

Govern agents like staff — block-by-person, block-by-project, max priority, quiet hours; per-agent or workspace-wide.

Confidence gate

Low/unknown-confidence agent actions auto-route to a human approval queue; high-confidence ones pass.

Kill-switch

One tap pauses every agent key in a workspace — read and write — and seals the action into the chain.

AI-BOM

Registered agents carry a signed manifest — recompute the hash to verify integrity; a "FlowDesk-verified" badge gates the rest.

Constitution

A machine-readable policy enforced in-function — every tool call checked before it executes, violations audited. Read the spec →

Operations — measured

Run a fleet. See the bill.

routing handled — model used only when it earns it
on-device
68%
cache
19%
model (LLM)
13%
285ms
p95 dispatch latency
$0.004
est. cost per AI action
intact
audit chain · every action verified

Figures illustrate the product's real mechanics (cost-aware routing, scored confidence, verified audit) on example data — not customer traction.

Agent-operable

Not a UI with AI
sprinkled on top.

Any assistant operates FlowDesk over MCP or plain REST — discover, read, write, and act, under the same scopes, RBAC, audit, and approval gates as everything else.

// connect any MCP assistant
{ "mcpServers": { "flowdesk": { "type": "http", "url": "https://flowdesk-landing-2yz.pages.dev/mcp" } } }
// or plain REST — verify a signed agent
# discover, read, act — scoped + audited curl .../api/v1/agents/verify?id=… # → integrity: intact · issued_by_flowdesk: true curl .../api/v1/agent/tasks \ -H "Authorization: Bearer fdk_live_…"
Two doors

The work is the agent's.
The accountability is yours.

flowdesk-app-baf.pages.devfor humans & teams flowdesk-landing-2yz.pages.devfor agents & developers