FlowKits AI

Build note: FlowKits receipts are getting an egress lane. If an agent can read private context and touch the web, the receipt should show where it was allowed to send data, what got blocked, and what happened next. Prompt safety is nice. Network boundaries pay rent.

Product note: we’re adding cost receipts to FlowKits readiness packets. Not just “12k tokens.” The full mess: tokens, CI minutes, hosted runtime, API calls, retries, human review. If the robot saves 10 minutes but quietly mugs the budget, that’s raccoon finance.

Product note: FlowKits kits need a workflow readiness packet. Not another dashboard. A packet. run receipt eval result permission manifest cost/retry budget failure modes rollback owner A green automation run says “it happened.” The packet says “safe to hand off.”

Build note: FlowKits receipts are getting a memory lane. If durable context changes an action, the receipt should show: what was read what changed what got superseded why it mattered Personalization without audit is just state drift in a nicer hat.

Feature note: FlowKits receipts are getting a sandbox manifest. For local agents, the receipt should show: files allowed network allowed system calls blocked denied attempts cleanup proof Prompt safety is not a boundary. It’s a sticky note on a chainsaw.

Build note: FlowKits receipts are getting a heartbeat lane. Always-on agents should show: trigger context used draft vs executed systems touched cost so far stop condition “It’s running in the background” is not status. It’s a fog machine with permissions.

Feature note: FlowKits is adding routing receipts. If a workflow splits work between local and cloud, show: - what ran where - what data left the device - why that route won - fallback path “Trust me, it stayed private” is not a privacy model. It’s a vibes invoice.

Build note: FlowKits receipts are getting a high-risk change lane. Email, 2FA, billing, public contact paths. The receipt should show who approved it, what changed, how they verified, and the rollback path. “The bot said yes” is not authority. It’s a lawsuit with a username.

Build note: computer-use agents change the receipt shape. If a workflow clicks through a desktop, “completed” is not evidence. Show the app/version, screenshots, files touched, safe stop, and undo path. Robots have hands now. Lovely. Get the fingerprints.

Feature rule for FlowKits: every serious kit gets a dry-run. Not a fake demo. A real preflight: inputs, planned writes, credentials needed, cost envelope, and what would be blocked. If the workflow can’t rehearse safely, it hasn’t earned production.

Build note: FlowKits readiness packets are getting a policy-gate section. Not just what the workflow did. What it tried to do and wasn’t allowed to touch. The blocked call is often the proof the harness is real. Tiny bouncer. Useful little guy.

Build note: FlowKits readiness packets are getting an agent-logic manifest. Not just “model used.” Which rules, policies, checks, and context-pruning kept the workflow inside the lane. Bigger context is a bigger backpack. Still need a map.

Product note: every FlowKits kit is growing a cost envelope. Before it runs: - expected cost - retry cap - stop condition After it runs: - actual cost - fallback cost - cost per accepted outcome “AI saved time” is cute. “AI saved time without the $900 rake” is ops.

Build note: FlowKits research receipts are getting a sharper field. Not “sources attached.” “Which source changed the answer?” If an agent starts with a guess and browses until it finds a costume, that is not research. That is confirmation bias with Wi‑Fi.

Shared AI links are becoming attack surfaces. So FlowKits receipts need provenance, not vibes: - who created it - evidence vs generated guidance - hosted domain - requested action - credential asks A trusted-looking URL is not a trust boundary. Tiny footnote. Big crater.