System Design — flux7-mesh + flux7-memory + flux7-console
May 2026. Living document.
The stack in one sentence
flux7-mesh enforces what agents can do. flux7-memory remembers what happened. flux7-console shows it all and lets humans intervene.
Design principles
- Each project works alone. flux7-mesh without flux7-memory still enforces policies. flux7-memory without flux7-mesh is a standalone memory server. flux7-console without the others is a governance dashboard. Integration is opt-in, not required.
- Open-source runtime, product on top. flux7-mesh and flux7-memory are Apache 2.0 — free, adoptable, no lock-in. flux7-console is the management plane that makes them manageable at scale. That's where the business model sits.
- Decisions are facts. When a human approves an action or a supervisor auto-resolves a request, that decision is stored as a queryable fact in flux7-memory. It doesn't vanish into a log file.
- Write path matters more than read path. The system becomes valuable when events automatically flow between components — not when a human manually checks dashboards.
Components
flux7-mesh (runtime / data plane)
Go binary. Sidecar proxy between agents and their tools.
| What it does | How |
|---|---|
| Policy enforcement | YAML rules: allow, deny, human_approval per tool per agent |
| Approval queue | Pending requests, resolve via API or Claude Code prompt |
| Rate limiting + loop detection | Per-agent, per-tool, configurable |
| Tracing | JSONL trace files, OTEL export, session tracking |
| Grants | Temporary sudo-like bypass for specific agents |
| Supervisor protocol | External process polls pending approvals, auto-resolves routine ones |
Transports: MCP stdio (Claude Code, Cursor) · MCP Streamable HTTP at POST /mcp (Anthropic Managed Agents, remote clients) · HTTP REST (POST /tool/{name})
Current state: v0.12.0, stable. Policy hot-reload, Python SDK, /decide endpoint, daemon mode.
flux7-memory (memory substrate)
Go binary. MCP server for persistent, searchable, governed memory.
| What it does | How |
|---|---|
| Store/recall/search/forget | 7 MCP tools, markdown source of truth + SQLite FTS5 index |
| Hybrid search | BM25 + dense cosine (Ollama/OpenAI) + LLM reranking |
| Structured recall | memory_context returns JSON for SDK consumption |
| Tag-scoped access | Any agent reads/writes its own observations via tags |
| Temporal range queries | since / until filters on RFC3339 timestamps |
| Python SDK | pip install flux7-memory, provider-agnostic, wraps all tools via HTTP |
Current state: v0.5.0, 71% LoCoMo benchmark, SDK + SSE transport + daemon mode shipped.
flux7-supervisor (L1 supervisor)
Python agent. Standalone evaluation process between policy engine and human.
| What it does | How |
|---|---|
| Poll pending approvals | Consumes flux7-mesh SDK (pending(), approval_detail(), resolve()) |
| Rule-based evaluation | YAML conditions (tool, params, injection_risk), first-match-wins |
| LLM fallback | Pluggable providers: Ollama, Anthropic, Claude Code MCP callback |
| Decision persistence | Writes to flux7-memory via SDK |
Current state: v0.1.0, 49 tests, 3 LLM providers. Extracted from flux7-console (May 2026).
flux7-console (management plane / product)
Next.js 16 + TanStack Query. Dashboard and human governance UI (L2).
| What it does | How |
|---|---|
| Trace viewer | Reads flux7-mesh /traces, /otel-traces, aggregates stats |
| Session browser | Session list and drill-down via flux7-mesh /sessions |
| Memory viewer | Reads flux7-memory, displays stored facts and decisions |
| Human approval UI | Shows pending approvals from flux7-mesh, human clicks approve/reject |
| OTEL waterfall | Visual trace timeline from flux7-mesh OTEL export |
Planned (scaffolded, not yet implemented) :
| What it will do | How |
|---|---|
| Agent catalog | Registry of declared agents with metadata, scoring, lifecycle |
| Governance engine | Rules, scoring (3-axis), severity escalation, validation verdicts |
| Dependency graph | Declared (YAML) + inferred (traces), impact analysis |
| Diff engine | Breaking change detection on agent config changes |
Current state: Early stage, dashboard + traces + sessions + approvals + memory viewer working. No version tag yet.
The integrated flow
Today: tool call with human approval
Developer → Claude Code → flux7-mesh → gmail.send_email
│
policy: human_approval
│
Claude Code shows permission prompt
│
Developer says "yes"
│
flux7-mesh resolves → email sent
flux7-mesh writes trace → JSONL
│
Decision is gone. Next time, same question.
Target: tool call with governed memory
Developer → Claude Code → flux7-mesh → gmail.send_email
│
policy: human_approval
│
┌──────────────────┼──────────────────┐
│ │ │
Supervisor (L1) Human (L2) flux7-console UI
in flux7-mesh via Claude Code shows pending
│ or flux7-console UI │
│ │ │
checks flux7-memory: │ │
"has Marc approved │ │
gmail.send before?" │ │
│ │ │
if yes (3+ times) ───► auto-approve │
if no ────────────► escalate to human ◄───────┘
│
human says "yes"
│
flux7-mesh resolves → email sent
flux7-mesh writes to flux7-memory:
key: "decision.gmail.send_email.20260507"
value: "approved by Marc, recipient: X, subject: Y"
tags: [decision, approval, gmail]
agent: "flux7-mesh"
│
flux7-console displays decision in audit trail
What changes
| Step | Before | After |
|---|---|---|
| Approval source | Always human | Supervisor checks flux7-memory first, escalates if unsure |
| Decision storage | Lost in terminal history | Stored as fact in flux7-memory, queryable |
| Learning | None — same prompt every time | Supervisor learns from past decisions |
| Audit | Grep JSONL logs | flux7-console dashboard, filterable, searchable |
| Visibility | Only the developer who approved | Any team member via flux7-console |
Data flow between components
flux7-console (management plane)
┌────────────────────────────┐
│ dashboard, approval UI, │
│ governance, audit trail │
└──────┬──────────┬──────────┘
│ │
reads via │ │ reads via
HTTP API │ │ Python SDK
│ │
▼ ▼
┌─────────────────┐ ┌─────────────────┐
│ flux7-mesh │───►│ flux7-memory │
│ (runtime) │ │ (memory) │
│ │ │ │
│ • traces JSONL │ │ • facts │
│ • approvals │ │ • decisions │
│ • policies │ │ • observations │
└────────┬────────┘ └─────────────────┘
│ ▲
│ writes decisions │
└─────────────────────┘
(opt-in, if flux7-memory configured)
Write paths (who writes what where)
| Writer | Target | What | When |
|---|---|---|---|
| Any agent | flux7-memory | Observations, facts, context | During execution, via MCP store |
| flux7-mesh | flux7-memory | Approval/rejection decisions | On approval resolve (opt-in) |
| flux7-mesh | JSONL | Tool call traces | Every tool call (always) |
| Supervisor | flux7-memory | Auto-resolve rationale | On auto-approve (opt-in) |
| Human via flux7-console | flux7-mesh API | Approve/reject action | Clicking in UI |
| flux7-console | PostgreSQL | Aggregated stats, governance scores | On trace ingestion, on sync |
Read paths (who reads what from where)
| Reader | Source | What | When |
|---|---|---|---|
| Supervisor | flux7-memory | Past decisions for same pattern | Before deciding to auto-approve |
| Any agent | flux7-memory | Stored facts, context, history | During execution, via MCP search |
| flux7-console | flux7-mesh API | Pending approvals | Polling for approval UI |
| flux7-console | flux7-mesh JSONL | Trace history | On ingestion (CLI or API push) |
| flux7-console | flux7-memory (SDK) | Stored decisions, facts | For memory viewer, audit trail |
| flux7-console | PostgreSQL | Scores, rules, lifecycle | For governance dashboard |
Approval architecture (detailed)
Trust hierarchy
Level 0: Policy engine (flux7-mesh)
Static rules. Instant. No judgment.
allow reads, deny deletes, require approval for sends.
Level 1: Built-in supervisor (in flux7-mesh, Go)
flux7-memory lookup. ~100ms. Pattern matching only.
Checks past decisions: 3+ approvals, 0 rejections → auto-approve.
Escalates unknowns to Level 1+.
Level 1+: External supervisor (flux7-supervisor / sup7)
Rule engine + pluggable LLM (Ollama/Anthropic/Claude Code). ~2s rules, ~20s LLM.
Handles novel cases, complex conditions, injection detection.
Escalates unknowns to Level 2.
Level 2: Human
Full judgment. Slow. Expensive attention.
Sees pending in Claude Code prompt OR flux7-console UI.
Decision written back to flux7-memory via flux7-mesh.
Two supervisor layers. Level 1 is built into flux7-mesh — a
MemoryReaderthat queries flux7-memory before the approval queue. It's a pre-filter, not a full resolver. Level 1+ is flux7-supervisor (sup7), a standalone Python agent that implements the supervisor protocol — it polls pending approvals and resolves them with rule evaluation + pluggable LLM (Ollama, Anthropic, or Claude Code MCP callback). Thesupervisor/package inside flux7-mesh handles content redaction and injection detection on the protocol's outbound payloads (RedactParams,DetectInjection) — a separate concern from both layers.
Supervisor decision logic (pseudocode)
def evaluate(request, mem7_client):
# Check flux7-memory for similar past decisions
past = mem7_client.context(
f"{request.tool} {request.agent}",
tags=["decision"],
limit=10
)
approved_count = sum(1 for m in past if "approved" in m.value)
rejected_count = sum(1 for m in past if "rejected" in m.value)
# Pattern: consistently approved → auto-approve
if approved_count >= 3 and rejected_count == 0:
return AutoApprove(reason=f"approved {approved_count} times before")
# Pattern: recently rejected → auto-deny
recent_reject = [m for m in past if "rejected" in m.value and is_recent(m, days=7)]
if recent_reject:
return AutoDeny(reason="rejected recently, escalate")
# Unknown pattern → escalate to human
return Escalate(reason="no clear precedent")
Where the approval UI lives
Claude Code terminal — the developer gets the prompt inline. This is the current flow, works for solo use.
flux7-console web UI — for team use, overnight runs, or when multiple agents generate approvals faster than one human can handle. flux7-console polls flux7-mesh's pending queue, displays context, human clicks. flux7-console POSTs back to flux7-mesh /approval/resolve.
Both are thin clients of the flux7-mesh approval API. If flux7-console goes down, Claude Code still works. If both go down, requests queue in flux7-mesh until someone resolves them (fail-safe, not fail-open).
Deployment
Solo developer (current setup)
laptop
├── flux7-mesh (Go binary, sidecar)
│ ├── config.yaml (policies)
│ └── traces/ (JSONL)
├── flux7-memory (Go binary, MCP stdio via flux7-mesh)
│ └── ~/.mem7/ (markdown + SQLite)
└── Claude Code / Cursor (agent)
No flux7-console needed. flux7-mesh + flux7-memory provide full governance + memory. The developer is the human-in-the-loop via terminal prompts.
Small team
shared server
├── flux7-mesh (central, HTTP mode)
├── mem7 serve (HTTP, shared memory)
├── sup7 (L1 supervisor, polls mesh approvals)
└── flux7-console (dashboard + approval UI)
developer laptops
└── agents connect to shared flux7-mesh
flux7-console adds value: team visibility, approval UI for shared agents, audit trail. sup7 handles automated evaluation.
Enterprise (future)
flux7-console SaaS (hosted)
├── governance engine
├── approval UI
├── audit + compliance
└── policy push → customer flux7-mesh
customer infra
├── flux7-mesh (sidecar per agent)
├── flux7-memory (per-team or central)
├── sup7 (L1 supervisor)
└── agents (any framework)
Anthropic Managed Agents (cloud harness + governed tools)
Anthropic cloud (harness, sandbox, multi-agent orchestration)
├── Managed Agent coordinator (Opus)
│ ├── sub-agents (reviewer, tester, security)
│ └── mcp_toolset → MCP Streamable HTTP
│
└── POST /mcp ──────────────────────────────►
your infra
├── flux7-mesh (policies, approval, traces)
│ └── POST /rpc ──► flux7-memory (decisions)
└── upstream MCP servers (ollama, arch7, ...)
What Anthropic provides: cloud sandbox, session durability, multi-agent coordination (threads), outcome grading (rubrics), vault credential management.
What flux7-mesh adds: fine-grained deny policies (Managed Agents only have allow/ask), per-agent rate limiting, temporal grants, decision persistence to flux7-memory, OTEL traces, governed memory cross-session.
Integration point: flux7-mesh POST /mcp endpoint serves MCP Streamable HTTP. Managed Agent's MCP connector discovers tools via tools/list, calls them via tools/call. Policies apply transparently. Vault injects Authorization: Bearer agent:<id> for per-agent policy evaluation.
flux7-console role: same as for any deployment — dashboard, approval UI, governance scoring, audit trail. The Managed Agent sessions generate traces and decisions that flow to flux7-console like any other agent.
Implementation priorities
Phase 1: Decision write path (flux7-mesh → flux7-memory) ✓
Shipped in flux7-mesh v0.8.7.
When an approval resolves in flux7-mesh, the decision is stored in flux7-memory if configured.
- Config field:
memory.url+ optionalmemory.token - On resolve: async POST to flux7-memory
/rpcwithmemory_store - Key format:
decision.<tool>.<approval_id> - Tags:
[decision, approved|denied, <tool>, agent:<id>] - Value: human-readable summary — "approved by X — agent:Y tool:Z reason:..."
- Metrics:
agent_mesh_mem7_writes_{attempted,succeeded,failed}_total - Graceful degradation: failing flux7-memory never blocks approvals
Phase 2: Built-in supervisor reads flux7-memory ✓
Shipped in flux7-mesh v0.9.1.
flux7-mesh queries flux7-memory before submitting to the approval queue. This is the built-in Level 1 supervisor — a pre-filter that handles routine patterns.
MemoryReaderqueries flux7-memorymemory_searchwith tool name + agent + tags=["decision"]- Counts past approvals/rejections from search results
- Auto-approve if >=
min_approvals(default 3) with 0 rejections - Escalate if ambiguous, rejected, or flux7-memory is down
- Auto-approved decisions traced as
supervisor:mem7and written back to flux7-memory - Config:
supervisor.auto_approve(default true),supervisor.min_approvals(default 3)
Complements the external Python supervisor (in flux7-console): the built-in handles routine patterns (~100ms); the external supervisor handles novel cases with rule engine + Ollama LLM evaluation (~20s). Both escalate unknowns to humans.
Phase 3: flux7-console reads flux7-memory via SDK
Replace the current ad-hoc memory debug view with proper SDK integration.
flux7-console changes:
- pip install flux7-memory in backend dependencies
- Backend service: Mem7Client wrapping the SDK, configured via env var
- API routes: /api/v1/memory/search, /api/v1/memory/decisions
- Frontend: memory viewer page, decision audit trail with filters
Estimated effort: ~500 lines Python + frontend.
Phase 4: flux7-console approval UI as thin client
flux7-console displays pending approvals from flux7-mesh and lets humans resolve them.
flux7-console changes:
- Poll flux7-mesh /approval/pending (API already exists)
- Display: tool call details, agent identity, past decisions from flux7-memory (context)
- Action: approve/reject button → POST flux7-mesh /approval/resolve
- flux7-mesh handles the flux7-memory write (phase 1), flux7-console doesn't write to flux7-memory directly
Estimated effort: ~400 lines Python + frontend.
What this enables (end state)
-
Adaptive governance. Policies start strict (human approval for everything). As the system collects approved patterns in flux7-memory, the supervisor auto-approves routine actions. Governance gets less intrusive over time without getting less safe.
-
Cross-agent memory. Agent A stores an observation. Agent B searches and finds it. The supervisor checks if a decision was already made. All through the same flux7-memory store, scoped by tags.
-
Audit without effort. Every decision is a fact in flux7-memory. Every tool call is a trace in flux7-mesh. flux7-console joins them: "this agent called this tool, it was approved because of this past decision, here's the full chain." Compliance teams query, they don't grep.
-
Progressive adoption. Day 1: install flux7-mesh, get policies and tracing. Day 30: add flux7-memory, get persistent memory. Day 60: add flux7-console, get visibility and team governance. Each step is independently valuable.
Three projects, one system. Independent by default, powerful together.