Flows

Deploy code that moves your money across DeFi + CEX, governed by a policy that can refuse. Built on Lit Protocol.

Live at flows.litprotocol.com

What Is This?

You write a fund-moving action — a trade, a rebalance, a yield deposit — and deploy it onto your own on-chain wallet (DeFi) or a connected exchange account (CEX). Before it runs, it's dry-run against your policy through the same gate that runs in production. The policy can allow, hold (wait for a human), or deny — and a deny is absolute.

The code you deploy is a proposer: it computes and returns the move it wants to make, and never signs. A certified executor acts on the judged intent only after the policy gate blesses it. Your code never holds a key.

npm install -g @lit-protocol/flows
flows login                        # prompts securely for your API key

flows init rebalance               # scaffold a runnable action + its manifest
flows deploy rebalance.js          # dry-run it against your policy → see the verdict

That's a two-command first deploy. flows deploy prices the action, judges it against your policy, and prints the verdict — with nothing executed and nothing signed.

Honest about today: the deploy loop is a dry-run — actions don't move funds yet. Autonomous live execution unlocks with the runtime. The gate refuses out-of-policy moves either way.

Quick Start — deploy

# See the template gallery, then scaffold one
flows init --list
flows init rebalance               # → rebalance.js + rebalance.manifest.json

# Dry-run against your policy — see the gate verdict, install nothing
flows deploy rebalance.js

# Judge against a custom agent leash, or a full policy file
flows deploy rebalance.js --leash 5000
flows deploy rebalance.js --policy @policy.json

The action's manifest declares what it may do (its verbs); your policy decides what it actually does. Read the references:

Reference	What it covers
Manifest reference	flows-capability-manifest-v1 — every field, with a valid example per shape
Verb reference	Each verb (read, trade-spot, transfer-internal, withdraw, contract-call) + egress, and how the gate treats it
Policy reference	The PolicyDoc — caps, the agent leash, allowlists, circuits, screening, and the named presets

• Template gallery: examples/actions/ — six runnable, copy-paste-able fund actions.
• Deploy from an agent (MCP): SKILL-deploy.md — drive the whole loop from Claude / Cursor / Codex.
• Full CLI: flows init / flows deploy / flows policy.

Calling paid APIs from an agent

Separately from deploying your own actions, an agent with a Flows credit balance can discover and call other people's paid web APIs (web search, scraping, transcription, image gen, …) over the x402 catalog — one credit balance, no per-provider keys. That's the consume side; see SKILL-agent.md. This is a consumption capability over external x402 facilitators — Flows is not a paid marketplace and you don't publish endpoints to sell.

Documentation

Guide	Description
Overview & Concepts	What Flows is, the deploy loop, the proposer/executor model, trust model
Manifest Reference	flows-capability-manifest-v1 — every field, with examples
Verb Reference	Each verb + egress, and how the gate treats it
Policy Reference	The PolicyDoc — caps, the agent leash, allowlists, circuits, presets
CLI Reference	flows init / flows deploy / flows policy and the rest
Secrets & Connections	Encrypted secrets and OAuth connections
SKILL-deploy.md	Drive the deploy loop from an agent (MCP)
SKILL-agent.md	Call paid APIs (the x402 consume side) from an agent

Examples

Fund actions to deploy — examples/actions/, all scaffoldable with flows init:

• rebalance — Trade toward target weights, capped by turnover per run (trade-spot)
• cex-limit — A single bounded limit order on a connected exchange (trade-spot)
• dca — Buy a fixed quantity at/under a limit each run (trade-spot)
• stop-loss — Propose a sell when price crosses a trigger (trade-spot)
• yield-enter — Route idle stablecoins into an on-chain vault (transfer-internal)
• contract-call — Call one allowlisted function on one allowlisted contract (contract-call)

CLI Commands

Command	Description
flows login	Authenticate with your API key (prompts securely)
flows init [template]	Scaffold a runnable fund action + its manifest
flows deploy <file>	Dry-run an action against your policy, then install it
flows policy show|presets|apply|edit	View and edit your policy (policy-as-code)
flows list	List your actions
flows logs <slug>	View execution logs
flows secrets set|list|delete	Manage encrypted secrets
flows connect <app>	Connect an OAuth app (Gmail, Slack, etc.)

Full reference: CLI docs

API Reference

• Full docs: flows.litprotocol.com/docs
• OpenAPI spec: GET /api/docs/openapi.json
• Per-flow spec: GET /api/flows/{slug}/openapi.json

Tech Stack

• Node.js 20+, TypeScript, Express 5
• Prisma (PostgreSQL)
• Lit Protocol TEE (Chipotle REST API)
• Vitest for testing

Development

npm install
npm run dev       # API + frontend with hot reload
npm test          # Run unit tests
npm run build     # Build everything

License

MIT