"One call. Full stack. One proof."
FlowCoreAPI is the unified IAM entry point for the full Achilles pre-execution stack. Instead of calling MemGuard, NoLeak, EP, and RiskOracle individually — four separate API calls, four separate responses, four separate proof hashes — an agent calls FlowCore once and gets back a single unified response with one proof hash covering the entire pre-execution flow.
Not EP. Not NoLeak. Not MemGuard. Not RiskOracle. Not SecureExecAPI. FlowCoreAPI is the gateway — the single call that runs the whole stack.
Agents running the full pre-execution stack face a coordination problem:
Without FlowCore: With FlowCore:
Agent calls MemGuard ─┐ Agent calls FlowCore ──► approved: true
Agent calls NoLeak │ unifiedProofHash: 0x...
Agent calls EP ├── 4 API calls latencyMs: 890
Agent calls RiskOracle ─┘ 4 proof hashes
4 error states to handle
~$0.05 total
1 API call
1 proof hash
1 error state
$0.02 total
FlowCore cuts cost, complexity, and failure surface in half.
Agent Intent
│
▼
┌──────────────────────────┐
│ FlowCoreAPI │
│ POST /flow/check │
│ │
│ x402 / MPP gate │ ← 402 if no payment credential
│ ERC-7710 delegation │ ← pre-approve for high-frequency
└──────────────┬───────────┘
│
┌──────────────▼───────────┐
│ Route Execution │
│ (default: all 4 steps) │
└──────────────┬───────────┘
│
┌─────────────┼─────────────┬─────────────┐
▼ ▼ ▼ ▼
MemGuard NoLeak EP RiskOracle
/memguard/ /noleak/ /ep/validate /risk/check
check check
│ │ │ │
stateValid shouldExecute valid riskScore
driftScore score proof_hash recommendedAction
│ │ │ │
└─────────────┴─────────────┴─────────────┘
│
┌──────────────▼───────────┐
│ Unified Proof Hash │
│ SHA-256 of all results │
└──────────────┬───────────┘
│
▼
approved: true/false
blockedBy: null / "ep"
unifiedProofHash: "0x..."
Every dependency call has a 3-second hard timeout. If any service is down or slow, FlowCore uses stub values and continues. The agent is never blocked by a dependency failure.
Dependency failure matrix:
MemGuard DOWN → stateValid=true, driftScore=0.03 (safe stub, flow continues)
NoLeak DOWN → shouldExecute=true, score=0.75 (safe stub, flow continues)
EP DOWN → valid=true, proof_hash=null (safe stub, flow continues)
RiskOracle DOWN → riskScore=0.15, action=proceed (safe stub, flow continues)
Full pre-execution flow. Requires payment for external agents.
Request
{
"agentId": "your_agent_id",
"intent": {
"type": "trade",
"action": {
"type": "swap",
"capital": 50,
"asset": "ETH"
}
},
"context": {
"walletBalance": 500,
"memoryState": { "price": 2000 }
},
"route": ["memguard", "noleak", "ep", "riskoracle"]
}| Field | Type | Required | Description |
|---|---|---|---|
agentId |
string | No | Your agent's unique ID |
intent |
object | Yes | The intent being evaluated |
intent.type |
string | No | Intent type for logging |
context.walletBalance |
number | No | Available capital |
context.memoryState |
object | No | Current agent state |
route |
array | No | API subset to run. Default: all 4 |
Response (200 — approved)
{
"flowId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"approved": true,
"blockedBy": null,
"results": {
"memguard": { "stateValid": true, "driftScore": 0.03 },
"noleak": { "shouldExecute": true, "score": 0.82 },
"ep": { "valid": true, "proof_hash": "0x..." },
"riskoracle": { "riskScore": 0.12, "recommendedAction": "proceed", "confidence": 0.91 }
},
"route": ["memguard", "noleak", "ep", "riskoracle"],
"unifiedProofHash": "0xa3f9c2e1b84d...",
"componentProofHashes": ["0x...", "0x..."],
"paymentProtocol": "x402",
"latencyMs": 890,
"timestamp": "2026-03-23T00:00:00Z",
"schemaVersion": "v1"
}Response (200 — blocked)
{
"flowId": "...",
"approved": false,
"blockedBy": "ep",
"results": { "...": "..." },
"unifiedProofHash": "0x...",
"latencyMs": 312
}Response (402 — payment required)
{
"status": 402,
"amount": "0.02",
"currency": "USDC",
"network": "base",
"value": "Replaces 4 separate API calls with one unified call",
"erc7710": "Pre-approve spend limit for high-frequency calls"
}Call a custom subset of APIs. Cheaper — use when you don't need the full stack.
{
"agentId": "your_agent",
"intent": { "type": "publish", "action": {} },
"route": ["ep"]
}{
"status": "ok",
"service": "flowcore",
"version": "v1",
"routes": ["memguard", "noleak", "ep", "riskoracle"]
}Default route: memguard → noleak → ep → riskoracle
Custom routes: any subset in any order
Examples:
["ep"] — IAM check only ($0.01)
["ep", "riskoracle"] — IAM + risk ($0.015)
["memguard", "noleak"] — state + execution ($0.015)
["memguard", "noleak", "ep", "riskoracle"] — full stack ($0.02)
git clone https://github.com/achilliesbot/flow-core.git
cd flow-core
pip install -r requirements.txt
python flowcore_server.pyServer starts on port 5092.
# Full flow (internal agent — no payment required)
curl -X POST http://localhost:5092/flow/check \
-H "Content-Type: application/json" \
-d '{
"agentId": "achilles",
"intent": {
"type": "trade",
"action": {"type": "swap", "capital": 50}
},
"context": {"walletBalance": 500}
}'
# Custom route — EP only
curl -X POST http://localhost:5092/flow/route \
-H "Content-Type: application/json" \
-d '{
"agentId": "achilles",
"intent": {"type": "publish"},
"route": ["ep"]
}'
# Health
curl http://localhost:5092/health| Variable | Default | Description |
|---|---|---|
PORT |
5092 |
Server port (Render sets automatically) |
EP_GUARD_URL |
https://achillesalpha.onrender.com/ep/validate |
EP endpoint |
NOLEAK_URL |
https://achillesalpha.onrender.com/noleak/check |
NoLeak endpoint |
MEMGUARD_URL |
https://achillesalpha.onrender.com/memguard/check |
MemGuard endpoint |
RISKORACLE_URL |
https://achillesalpha.onrender.com/risk/check |
RiskOracle endpoint |
PAYMENT_WALLET |
— | USDC destination on Base |
DATABASE_URL |
local postgres | Postgres connection string |
| Tier | Price | Route |
|---|---|---|
| EP only | $0.01/call | ["ep"] |
| Custom subset | $0.01/call | Any 1-2 step route |
| Full stack | $0.02/call | All 4 steps (default) |
| Batch | $0.05+ | Multi-intent flows |
vs calling individually: MemGuard ($0.01) + NoLeak ($0.01) + EP ($0.01) + RiskOracle ($0.01) = $0.04. FlowCore full stack = $0.02. 50% cheaper. One call. One proof.
CREATE TABLE flowcore_calls (
id SERIAL PRIMARY KEY,
timestamp TIMESTAMPTZ DEFAULT NOW(),
caller_agent_id TEXT,
intent_type TEXT,
approved BOOLEAN,
blocked_by TEXT,
route JSONB,
unified_proof_hash TEXT,
latency_ms INTEGER,
payment_protocol TEXT,
schema_version TEXT DEFAULT 'v1'
);| Field | Value |
|---|---|
| Offering | flow-core |
| Price | $0.02/call (full stack) |
| Registry | app.virtuals.io/acp |
| Product | Question | ACP | Price |
|---|---|---|---|
| MemGuard | Is my state valid? | memguard-check | $0.01 |
| NoLeak | Should I execute? | noleak-check | $0.01 |
| EP AgentIAM | Am I authorized? | ep-guard | $0.01 |
| RiskOracle | What is my risk? | pre-risk-check | $0.01 |
| SecureExecAPI | Execute safely? | secure-exec | $0.01 |
| FlowCoreAPI | All of the above? | flow-core | $0.02 |
Built by Achilles. Bootstrapped. Zero VC. All production.
MIT