FlowDot Desktop App

The FlowDot native desktop app is a local AI agent surface for your machine. It runs the same FlowDot agent, recipes, and goals as the rest of the platform — with full local file and terminal access — inside a guardian-audited shell. It is also an ACP host: it can spawn and drive external Agent Client Protocol coding agents alongside FlowDot's own.

TL;DR - Quick Summary

  • What it is: A cross-platform (Electron) desktop agent for local work
  • Download: flowdot.ai/downloads
  • Guardian-audited: every LLM call, MCP tool, toolkit tool, command, and network host runs behind a signed policy + hash-chained audit log
  • Cross-surface control: a permission you grant on the desktop applies to the CLI, voice, and mobile — and vice versa
  • ACP host: host and drive external ACP agents (see ACP Integration)
  • Private by design: runs locally — your code and credentials stay on your device

Install

Download the installer for your platform from the FlowDot downloads page:

Get the Desktop App

Visit flowdot.ai/downloads and choose the build for your operating system. Sign in with your FlowDot account on first launch — the app uses the same OAuth flow as the web app and CLI.

Local Agent

The desktop app brings the FlowDot agent to your machine with a native GUI:

  • Local file & command access — the agent can read, edit, and run against your working directory, gated by the permission system below.
  • Recipes & goals — run multi-step agentic recipes and scheduled goals locally. See Recipes and Goals.
  • MCP & toolkits — the full FlowDot MCP surface and your installed toolkits are available in-app.
  • Local model routing — when Ollama is running, the desktop app detects it and routes opaque completions through it; the FlowDot server never sees the prompt body. When you authorize a personal ChatGPT subscription via PKCE, that call goes directly from your device to your provider account.

Guardian Audit & Permissions

The desktop app runs on the same @flowdot.ai/guardian-agent policy stack as the FlowDot CLI, so control and audit are consistent across surfaces.

  • Signed policy — permission decisions are written to a HMAC-signed permissions.yaml under your working directory's .flowdot/policy/.
  • Hash-chained audit — every gated action is appended to an ed25519-signed, hash-chained audit log at ~/.flowdot/audit/native.jsonl. It shares its signing key with the CLI, so a single verification run validates both surfaces.
  • Five categories — gates cover llm.call, mcp.tool, toolkit.tool, tool, and net.host. Glob rules work everywhere.
  • Cross-surface grants — permission state persists across web, native desktop, mobile, VR, CLI, and ACP host. Approving a tool on the desktop applies the next time a voice agent on mobile reaches for it.
  • Panic E-stop — the cross-surface panic switch flips a sticky server-side flag; every outbound endpoint is locked until you clear it.

For the full control model, see Trust, Audit & Control.

ACP Host Mode

Beyond running FlowDot's own agent, the desktop app is a generic Agent Client Protocol host. It can spawn external ACP agents as subprocesses and drive them from a native UI.

  • External agents page — manage a registry of ACP agents (command / args / env) and run them from /external-agents in the app.
  • Editor-native capabilities — the host advertises filesystem read/write and terminal capabilities, so hosted agents write through the app (with diffs) and stream live terminal output.
  • Guardian-audited — filesystem and terminal actions run under the same supervisor, and every permission decision is mirrored into the native audit chain.
  • Clean lifecycle — one active agent at a time; the agent and its child terminals are killed on stop and on quit, so no orphaned processes are left behind.

The FlowDot CLI itself ships an ACP agent (flowdot acp) that this host — or any ACP editor — can drive. See ACP Integration for both sides.

Privacy

The desktop app runs locally on your machine — your work stays on your device. You decide which surface and mode may write to your Memories, and you can turn any of them off, on the /memories page.