Access
FlowMind Control Plane
Sign in to FlowMind
A browser shell for operators, a gateway for policy and auth, and a private model router that stays outside the frontend.
VisitorNot signed in
STAGE
System map
What each layer owns
Public edge
frontend/web
Pages, session-aware navigation, same-origin proxy
This layer renders screens and forwards browser calls. It does not know provider keys or upstream model names.
Deploy switchSet FLOWMIND_API_BASE_URL on the frontend deployment.
HTTP boundary
api-gateway
Auth, sessions, dashboards, health, chat dispatch
The gateway exposes the public API and translates stable model IDs into routed LiteLLM calls.
Source of truthbackend/services/api-gateway
Private runtime
agent-orchestrator
Workflow planning and future tool execution
Agent logic stays behind the gateway so frontend and public clients do not couple to internal runtime behavior.
Service lanebackend/services/agent-orchestrator
AI router
LiteLLM
Provider routing, retries, credentials, upstream aliases
Stable public model IDs map to provider models here, not in the browser and not in agent code.
Routing configgateways/litellm/flowmind_proxy.yaml
Registration is currently restricted.
unknown stays behind the backend boundary and never ships in the browser bundle.
Change public IDs in `model-catalog.ts`, change provider routing in `flowmind_proxy.yaml`, and keep frontend pages provider-agnostic.
After a model swap, smoke-test `/api/health`, `/api/models`, text chat, search, and image input before release.
- The frontend does not hold provider keys or direct LiteLLM credentials.
- Authentication is session-based and terminates at the API gateway.
- If deployed frontend requests return 503 on `/api/meta`, check `FLOWMIND_API_BASE_URL` first.