Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/ruvnet/ruflo/llms.txt

Use this file to discover all available pages before exploring further.

Ruflo is enterprise-ready with security baked in at every layer, not bolted on afterward. The seven protection layers described below activate automatically — no configuration required for the defaults. Additional hardening is available through the ruflo-aidefence plugin, the ruflo-security-audit plugin, and the ruflo-metaharness grading system.

Protection Layers

FeatureProtectionImplementation
Input ValidationInjection attacksBoundary validation on all inputs via Zod schemas
Path Traversal PreventionDirectory escapeBlocked patterns (../, ~/., /etc/) on every file path
Command SandboxingShell injectionAllowlisted commands, metacharacter blocking
Prototype PollutionObject manipulationSafe JSON parsing with validation on all deserialized data
TOCTOU ProtectionRace conditionsSymlink skipping and atomic operations on file access
Information DisclosureData leakageError message sanitization — stack traces never reach the client
CVE MonitoringKnown vulnerabilitiesActive scanning and patching pipeline

Security Plugins

ruflo-aidefence

The ruflo-aidefence plugin adds a real-time threat detection layer in front of every agent call. It activates in under 10ms and handles three threat classes:
  • Prompt injection — detects ignore all previous instructions families (0–4 modifier-word window), role-hijack patterns (you are now …, act as …, pretend to be …), and jailbreak markers (DAN mode, developer mode, god mode, root mode)
  • PII detection — 14-type pipeline (emails, SSNs, API keys, credit card numbers, and more)
  • Safety scanning — classifies inputs by risk level: Safe → Sanitize → Block
/plugin install ruflo-aidefence@ruflo
# or
npx ruflo@latest plugins install -n ruflo-aidefence

ruflo-security-audit

The ruflo-security-audit plugin scans your codebase and dependencies for CVEs, hardcoded secrets, insecure patterns, and policy violations:
/plugin install ruflo-security-audit@ruflo
# or
npx ruflo@latest plugins install -n ruflo-security-audit

ruflo-metaharness

MetaHarness grades your entire agent setup on a 1–100 readiness scale, scans all tool configurations for security risks, and snapshots the project so you can detect regressions between runs:
/plugin install ruflo-metaharness@ruflo
MetaHarness checks:
  • Tool configuration security — flags overly permissive MCP tool groups
  • Agent scope isolation — verifies agents are not sharing memory namespaces they should not access
  • Hooks coverage — confirms critical lifecycle hooks are registered
  • Change detection — diffs snapshots across runs to catch unauthorized configuration drift

Security CLI Commands

# Scan for vulnerabilities in dependencies and code
npx ruflo@latest security scan --depth full

# Check for CVEs in installed dependencies
npx ruflo@latest security cve --check

# Compliance check — ensure code meets security standards
npx ruflo@latest security audit

# Run AIDefence against a specific input
npx ruflo@latest security defend -i "some input text"

# View AIDefence threat detection stats
npx ruflo@latest security defend --stats

AIDefence Security Flow

Every request passes through the AIDefence pipeline before reaching an agent:
Input → AIDefence Scan → PII Detection → Injection Check → Jailbreak Detection

                          Risk Assessment
                         /      |       \
                      Safe   Warning   Threat
                        ↓       ↓         ↓
                     Allow  Sanitize    Block
                        ↓       ↓         ↓
                         Log Pattern → Update Model
The pipeline learns from each decision, reducing false positives over time via adaptive confidence calibration.

Best Practices

Minimal Attack Surface

Use --omit=optional for a ~45MB install that skips ML/embedding dependencies. This removes ONNX Runtime and Transformers.js from the dependency tree — appropriate when vector memory features are not needed.
npm install -g ruflo@latest --omit=optional

Restrict MCP Tool Surface

Use CLAUDE_FLOW_TOOL_GROUPS to load only the tool groups your workflow requires. Fewer exposed tools means a smaller injection surface.
export CLAUDE_FLOW_TOOL_GROUPS=implement,test,memory

API Key Hygiene

Set ANTHROPIC_API_KEY (and other provider keys) as environment variables. Never write them into claude-flow.config.json or any file that could be committed.
export ANTHROPIC_API_KEY="sk-ant-..."

Enable AIDefence in Production

Install and activate ruflo-aidefence for any deployment where agents process untrusted input — public-facing APIs, multi-tenant environments, or federated nodes.
npx ruflo@latest plugins install -n ruflo-aidefence

Environment Variable Security

Never commit .env files to version control. Ruflo reads ANTHROPIC_API_KEY and other secrets from the environment at runtime — they should live in your shell profile, a secrets manager, or a .env file that is listed in .gitignore.Use .env.example as a template that documents which variables are required without containing real values:
# .env.example — commit this
ANTHROPIC_API_KEY=sk-ant-...
OPENAI_API_KEY=sk-...
GOOGLE_API_KEY=...
CLAUDE_FLOW_LOG_LEVEL=info
CLAUDE_FLOW_TOOL_GROUPS=implement,test,memory

# .env — DO NOT commit this
# Add to .gitignore: echo ".env" >> .gitignore

Environment Variables Reference

VariableDescriptionSecurity Note
ANTHROPIC_API_KEYAnthropic API key for Claude modelsRequired; never commit
OPENAI_API_KEYOpenAI API key for GPT modelsOptional; never commit
GOOGLE_API_KEYGoogle AI API key for GeminiOptional; never commit
CLAUDE_FLOW_LOG_LEVELLogging verbosity (debug, info, warn, error)Set to warn or error in production to reduce log verbosity
CLAUDE_FLOW_TOOL_GROUPSComma-separated MCP tool groups to enableRestrict to minimum required groups
CLAUDE_FLOW_TOOL_MODEPreset mode (develop, pr-review, devops, triage)Use the narrowest mode for your workflow
For the complete environment variable reference, see Environment Variables.

Federation Security

When running federated agents across machines, additional security properties apply automatically:
  • Ed25519 identity — every node generates a keypair at init; all messages are signed
  • Zero-trust ladder — new peers start at UNTRUSTED and must earn trust through successful interactions
  • PII pipeline — 14-type detection with BLOCK/REDACT/HASH/PASS policies runs on every outbound message
  • Behavioral scoring — malicious or unreliable behavior triggers instant trust downgrade
  • Audit trail — every federation event produces a structured audit record (HIPAA, SOC2, GDPR modes available)
See Federation for the complete federation security model.

Build docs developers (and LLMs) love