Labsco
floomhq logo

Floom

โ˜… 39

from floomhq

Deploy Python functions as web apps. Type hints become UI, API, and shareable links. 32 MCP tools for deploy, run, storage, secrets, scheduling, versioning, and sharing.

๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅโœ“ VerifiedAccount requiredAdvanced setup

Floom

The loop engineering harness. AI workers that run on a loop.

Schedule them, trigger them, require approvals, and keep every run on the record.
A worker is a folder: worker.yml + SKILL.md or run.py. Deploy it from Claude Code, Codex, or the CLI. Run it from the UI, REST, or MCP.

Get started ยท Build a worker ยท Try the hosted version ยท Read the docs

Floom: the loop engineering harness for AI workers


Most "AI automation" is a chat window you babysit, or a no-code graph that bills you per task and can't be audited. Floom is the loop engineering harness: a real runtime where a worker is a readable package, it runs on a loop without you watching, and every execution leaves logs, outputs, tool calls, approvals, and a replay you can trust. Used natively from Claude Code and Codex via MCP or CLI.

What Floom Is: Worker Runtime For Background AI Workers

Floom turns repeatable knowledge-work automations into background AI workers. A worker can run manually, on a schedule, from a webhook, or from an app event. The runtime keeps the worker definition, input schema, output schema, logs, tool calls, approvals, and run history inspectable.

Use Floom when you want an AI agent to do recurring work without turning that work into an opaque chat thread, a hard-to-diff automation graph, or a one-off script with no supervision.

What A Worker Looks Like

A worker is a folder-backed job definition. Describe the work in plain English (SKILL.md) or hand it a script (run.py), declare its tools, trigger, memory, and secrets in worker.yml, and Floom runs it.

# workers/github-digest/worker.yml  (abbreviated)
name: github-digest
description: "Every morning at 9am, send a digest of unread GitHub PRs and open issues."
exec:
  entry: SKILL.md          # plain-English agent; or run.py for a script
trigger:
  type: schedule
  cron: "0 9 * * *"        # also: manual, webhook, Composio event
connections:
  - app: github            # the only tools this agent is allowed to call
    allowed_tools: [GITHUB_FIND_PULL_REQUESTS, GITHUB_LIST_ASSIGNED_ISSUES]
<!-- workers/github-digest/SKILL.md -->
You are a GitHub assistant generating a daily PR + issues digest.
Fetch the user's open PRs and assigned issues, compile a markdown digest
with Action items, and finish_with_outputs({ "digest": "<markdown>" }).

It runs at 9am, calls only the two GitHub tools it declared, and writes digest.md to a run you can open, replay, or roll back:

run 7f3a ยท github-digest ยท finished 09:00:04 ยท 2 tool calls ยท output: digest.md
  โœ“ GITHUB_FIND_PULL_REQUESTS    q="is:open is:pr author:@me"   โ†’ 4 PRs
  โœ“ GITHUB_LIST_ASSIGNED_ISSUES  state=open                     โ†’ 2 issues
  โ†’ out/digest.md (text/markdown)   [open ยท replay ยท rollback]

The full manifest adds schema_version, title, version, and declared outputs. See workers/ for runnable examples, BUILDING.md for a minimal deployable worker, and the agent cookbook.

Two kinds of agent

runs inhost isolationtoolsside effects
Script (run.py / .sh / .js / .ts)E2B sandbox microVMisolated filesystem, env & process; platform secrets withheldsandbox + declared connectionsapproval gate when declared
Agent (SKILL.md)AgentDriver in the API process (trusted bundles only)not microVM-isolated by policydeclared connections, allow-listedapproval gate when declared

Sandboxes allow public network egress by default and block private/internal ranges; a stricter allowlist is optional. Full trust model: ARCHITECTURE.md.

Worker Runtime At A Glance

What it isSelf-hosted runtime to create, run, and supervise background AI agents
Best forRecurring agent work: inbox triage, digests, outreach drafting, enrichment, monitoring
Agent typesScript (run.py/.sh/.js/.ts) and plain-English agent (SKILL.md)
IsolationScript workers run in E2B sandbox microVMs - isolated host filesystem, env & process; platform secrets withheld
TriggersManual, schedule (cron), webhook, Composio event
SafetyHuman-in-the-loop approvals for side-effecting agents; tools allow-listed per agent
On the recordEvery run records logs, outputs, tool calls, approval state, replay + rollback
Cost modelFloom adds no per-task fee - you pay E2B sandbox runtime (per second) plus your model/API provider usage
StackNext.js + Tailwind UI ยท FastAPI + SQLite API ยท MCP server + CLI
Runs onLinux, macOS, Windows (Python 3.11+, Node 20+)
LicenseMIT ยท hosted version

Who Floom Is For

  • Founders & operators turning recurring work (digests, triage, outreach) into agents that run themselves.
  • Engineers who want a real runtime - manifests, sandboxes, limits, approvals - not a prompt file and a cron job.
  • Teams who need every action allow-listed, approved, and replayable for audit.
  • Anyone burned by agents that ran a destructive command, leaked a secret, or claimed success with nothing on the record.

Floom Compared: Raw Scripts vs Zapier vs Hand-Rolled MCP

raw scriptsZapier / Makehand-rolled MCP serverFloom
Worker definitionad-hoc prompt or codevisual graph, hard to diffcustom tool server codea folder: worker.yml + SKILL.md or run.py
Runtimecron, shell, or local processvendor automation runtimewhatever the developer buildsagent runtime with triggers, runs, logs, outputs, approvals, replay, and rollback
Isolationruns on your hostvendor cloud, opaquedepends on implementationE2B sandbox microVM for script workers
Tool accesswhatever the script can reachper-connectorMCP tools onlydeclared and allow-listed per worker
Side effectsfire immediatelyworkflow-dependentcustom approval logichuman approval gate when declared
Observabilityscrollback, if anyper-step logscustom logslogs, tool calls, outputs, artifacts, approval state, replay, and rollback
Agent accesscustom wrapper needednot an agent-native build targetagent can call tools, but app runtime is separateMCP tools let agents create, run, watch, and inspect workers
Cost modelmodel tokens and infrastructureper-task or per-execution feesmodel tokens and infrastructureno per-task fee; you pay runtime and provider usage
Hostingyour hostvendor onlyyour hostself-host, or hosted

How a run works

Floom worker runtime flow from trigger to worker, runner, sandbox or agent driver, side-effect approval, and run record

Core concepts

  • Agents - folders under workers/<name>/ with worker.yml plus a script entrypoint (run.py) or an agent prompt (SKILL.md).
  • Runs - every execution records logs, outputs, tool calls, approval state, and replay/rollback context.
  • Contexts - reusable file bundles attached to agents as reference material; sensitive by default.
  • Approvals - side-effecting agents pause for a human decision before anything leaves the building.
  • Workspace history - agents, contexts, and settings versioned in a git-backed workspace for rollback.

Write your first agent in docs/GETTING-STARTED.md, then docs/AUTHORING.md for the full manifest and runtime contract.

How workers execute

Script workers (.py/.sh/.js/.ts) run in an E2B sandbox microVM by default: isolated dependencies, no host process access, contained resources. TypeScript workers use the Node runtime with tsx (npx --yes tsx run.ts) and the same inputs.json/result.json contract as Python workers. A bundle that dumps os.environ inside the sandbox sees only sandbox metadata - FLOOM_SECRET, provider keys, and E2B_API_KEY are all absent. Agent workers (SKILL.md) run through the API-hosted AgentDriver tool loop and are governed by their declared connections and the approval gate; the current single-tenant policy permits only trusted agent bundles on that path. There is no in-process local script runner. Full trust model: ARCHITECTURE.md.

Data handling, connected-account safeguards, retention boundaries, and hosted Cloud legal surfaces are summarized in docs/DATA-RETENTION.md.

Architecture

apps/web      Next.js + TypeScript + Tailwind + shadcn/ui
apps/api      FastAPI + SQLite + Pydantic
apps/mcp      MCP server + CLI
workers/      Worker folders (worker.yml + run.py or SKILL.md)
data/         SQLite DB + run artifacts

Docs

Security

To report a vulnerability, follow SECURITY.md and report it privately rather than opening a public issue.