Ruflo is enterprise-ready with security baked in at every layer, not bolted on afterward. The seven protection layers described below activate automatically — no configuration required for the defaults. Additional hardening is available through theDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/ruvnet/ruflo/llms.txt
Use this file to discover all available pages before exploring further.
ruflo-aidefence plugin, the ruflo-security-audit plugin, and the ruflo-metaharness grading system.
Protection Layers
| Feature | Protection | Implementation |
|---|---|---|
| Input Validation | Injection attacks | Boundary validation on all inputs via Zod schemas |
| Path Traversal Prevention | Directory escape | Blocked patterns (../, ~/., /etc/) on every file path |
| Command Sandboxing | Shell injection | Allowlisted commands, metacharacter blocking |
| Prototype Pollution | Object manipulation | Safe JSON parsing with validation on all deserialized data |
| TOCTOU Protection | Race conditions | Symlink skipping and atomic operations on file access |
| Information Disclosure | Data leakage | Error message sanitization — stack traces never reach the client |
| CVE Monitoring | Known vulnerabilities | Active scanning and patching pipeline |
Security Plugins
ruflo-aidefence
Theruflo-aidefence plugin adds a real-time threat detection layer in front of every agent call. It activates in under 10ms and handles three threat classes:
- Prompt injection — detects
ignore all previous instructionsfamilies (0–4 modifier-word window), role-hijack patterns (you are now …,act as …,pretend to be …), and jailbreak markers (DAN mode,developer mode,god mode,root mode) - PII detection — 14-type pipeline (emails, SSNs, API keys, credit card numbers, and more)
- Safety scanning — classifies inputs by risk level:
Safe → Sanitize → Block
ruflo-security-audit
Theruflo-security-audit plugin scans your codebase and dependencies for CVEs, hardcoded secrets, insecure patterns, and policy violations:
ruflo-metaharness
MetaHarness grades your entire agent setup on a 1–100 readiness scale, scans all tool configurations for security risks, and snapshots the project so you can detect regressions between runs:- Tool configuration security — flags overly permissive MCP tool groups
- Agent scope isolation — verifies agents are not sharing memory namespaces they should not access
- Hooks coverage — confirms critical lifecycle hooks are registered
- Change detection — diffs snapshots across runs to catch unauthorized configuration drift
Security CLI Commands
AIDefence Security Flow
Every request passes through the AIDefence pipeline before reaching an agent:Best Practices
Minimal Attack Surface
Use
--omit=optional for a ~45MB install that skips ML/embedding dependencies. This removes ONNX Runtime and Transformers.js from the dependency tree — appropriate when vector memory features are not needed.Restrict MCP Tool Surface
Use
CLAUDE_FLOW_TOOL_GROUPS to load only the tool groups your workflow requires. Fewer exposed tools means a smaller injection surface.API Key Hygiene
Set
ANTHROPIC_API_KEY (and other provider keys) as environment variables. Never write them into claude-flow.config.json or any file that could be committed.Enable AIDefence in Production
Install and activate
ruflo-aidefence for any deployment where agents process untrusted input — public-facing APIs, multi-tenant environments, or federated nodes.Environment Variable Security
Environment Variables Reference
| Variable | Description | Security Note |
|---|---|---|
ANTHROPIC_API_KEY | Anthropic API key for Claude models | Required; never commit |
OPENAI_API_KEY | OpenAI API key for GPT models | Optional; never commit |
GOOGLE_API_KEY | Google AI API key for Gemini | Optional; never commit |
CLAUDE_FLOW_LOG_LEVEL | Logging verbosity (debug, info, warn, error) | Set to warn or error in production to reduce log verbosity |
CLAUDE_FLOW_TOOL_GROUPS | Comma-separated MCP tool groups to enable | Restrict to minimum required groups |
CLAUDE_FLOW_TOOL_MODE | Preset mode (develop, pr-review, devops, triage) | Use the narrowest mode for your workflow |
Federation Security
When running federated agents across machines, additional security properties apply automatically:- Ed25519 identity — every node generates a keypair at init; all messages are signed
- Zero-trust ladder — new peers start at
UNTRUSTEDand must earn trust through successful interactions - PII pipeline — 14-type detection with
BLOCK/REDACT/HASH/PASSpolicies runs on every outbound message - Behavioral scoring — malicious or unreliable behavior triggers instant trust downgrade
- Audit trail — every federation event produces a structured audit record (HIPAA, SOC2, GDPR modes available)
