FlowCheck MCP Server
Monitors Git repository state, providing real-time metrics, security scanning, and semantic search of commit history.
Uses OpenAI's API for smart intent verification, aligning code diffs with ticket descriptions.
Provides OpenTelemetry tracing for observability of MCP server operations.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@FlowCheck MCP Servercheck my branch for git hygiene and security issues"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
FlowCheck MCP Server
๐ก๏ธ Production-Grade Safety Layer for AI-First Development
Git hygiene monitoring + Security scanning + Semantic search + Full observability
Why FlowCheck?
AI coding assistants are incredibly productiveโbut they can also create massive, hard-to-review changesets and security risks. FlowCheck is a production-grade safety layer that:
๐ Monitors Git state in real-time during AI-assisted coding
๐ Scans for security issues (PII, secrets, prompt injection attacks)
๐ Semantic history search - find commits by meaning, not keywords
๐ Tracks flow health (time, lines, branch age, drift from main)
๐ Full observability (OpenTelemetry traces, audit logs)
๐ฏ Intent validation (ticket-to-diff alignment)
๐ค Designed for AI agents with enforceable rules
Think of FlowCheck as a "smart fitness watch with a biometric lock" for your codebaseโit helps you code faster while actively defending against security threats.
Related MCP server: hAIve MCP
AI-First Design
FlowCheck is built specifically for the agentic coding workflow:
flowchart LR
Agent["๐ค AI Agent<br/>(Claude, Cursor, etc)"]
FC["๐ก๏ธ FlowCheck<br/>MCP Server"]
Git["๐ Git Repo<br/>(.git)"]
Agent -->|"get_flow_state()"| FC
FC -->|"analyze"| Git
Git -->|"metrics"| FC
FC -->|"status: warning<br/>security_flags: [...]"| Agent
Agent -->|"โธ๏ธ Pause & suggest<br/>checkpoint commit"| AgentAgent Rules (Recommended)
Copy rules/flowcheck-rules.md to your AI tool's rules directory:
# For Cursor
cp rules/flowcheck-rules.md .cursor/rules/
# For Claude Projects
cp rules/flowcheck-rules.md .claude/rules/
# For other tools
cp rules/flowcheck-rules.md .agent/rules/This instructs AI agents to automatically check Git hygiene before starting tasks and to pause when thresholds are exceeded.
Quick Start
Installation
git clone https://github.com/backslash-ux/flowcheck.git
cd flowcheck
python3 -m venv .venv
source .venv/bin/activate
pip install -e .Claude Desktop Integration
Add to ~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"flowcheck": {
"command": "/path/to/flowcheck/.venv/bin/python",
"args": ["-m", "flowcheck.server"],
"env": {
"PYTHONPATH": "/path/to/flowcheck/src"
}
}
}
}MCP Tools
Core Tools
Tool | Purpose |
| Returns metrics + security_flags (PII/injection) |
| Returns actionable nudges + security warnings |
| Dynamically adjust thresholds |
v0.2 Smart Features (New)
Tool | Purpose |
| Semantic search - find commits by meaning |
| Smart Intent Verification - use "AI Judge" (BYOK LLM) to align diffs with tickets |
| PII/secret redaction before sharing with AI |
Example: verify_intent (Smart Mode)
{
"alignment_score": 0.4,
"is_aligned": false,
"ticket_id": "42",
"scope_creep_warnings": ["Scope Creep Detected by AI Judge"],
"reasoning": "The ticket asks for a bug fix in auth, but the diff contains a full refactor of the billing module."
}Configuration
FlowCheck supports hierarchical configuration:
Repo Config:
.flowcheck.json(in project root)Global Config:
~/.flowcheck/config.jsonDefaults
.flowcheck.json Example
{
"max_minutes_without_commit": 45,
"intent": {
"provider": "openai",
"model": "gpt-4o",
"api_key_env": "OPENAI_API_KEY"
}
}Ignoring Files (.flowcheckignore)
Create a .flowcheckignore file in your repo root to exclude files from analysis (uses gitignore syntax):
tests/fixtures/
*.min.js
legacy/Security Features
Guardian Layer
PII Detection: Emails, phone numbers, SSNs, credit cards
Secret Scanning: AWS keys, GitHub tokens, API keys, passwords
Injection Filtering: Detects prompt injection attacks in diffs
Observability
OpenTelemetry Traces:
gen_ai.*semantic conventionsAudit Logs: Append-only JSON Lines format in
~/.flowcheck/audit.logAll tool invocations are logged with trace IDs
Semantic Search
TF-IDF Vectorization: No external ML dependencies
SQLite Storage: Local index in
~/.flowcheck/semantic_index.dbFind commits by meaning, not just keywords
Installation & Deployment
Option 1: Docker (Recommended)
Get FlowCheck running in 30 seconds:
# Clone and setup
git clone https://github.com/backslash-ux/flowcheck.git
cd flowcheck
# Configure environment
cp .env.example .env
nano .env # Add your API keys
# Start the stack
docker-compose upFlowCheck is now running at http://localhost:8000
See Docker Deployment Guide for:
Local development setup
Production deployment
Image variants (production/slim/dev)
Troubleshooting
Option 2: Python Package
pip install git+https://github.com/backslash-ux/flowcheck.git
# Set environment variables
export ANTHROPIC_API_KEY=sk-ant-xxxxx
# Start server
flowcheck-serverOption 3: From Source
git clone https://github.com/backslash-ux/flowcheck.git
cd flowcheck
# Create virtual environment
python3 -m venv .venv
source .venv/bin/activate
# Install in development mode
pip install -e ".[dev]"
# Run tests
pytest tests/
# Start server
flowcheck-serverDeployment
FlowCheck supports multiple deployment models:
Scenario | Time | Guide |
Local Development | 5 min | |
Production (Docker) | 10 min | |
Kubernetes | 30 min | |
CI/CD Integration | 15 min |
๐ Deployment Guide for full options
Development
# Setup development environment
docker-compose -f docker-compose.dev.yml up
# Or use Python venv
python3 -m venv .venv
source .venv/bin/activate
pip install -e ".[dev]"
# Run tests
pytest tests/ -v
# Run with coverage
pytest tests/ --cov=src/flowcheckPhilosophy
FlowCheck embodies the principle that good Git hygiene enables good AI collaboration:
Smaller commits are easier for humans to review and audit
Frequent checkpoints prevent losing work during long sessions
Clean history makes it easier to understand what the AI changed
Non-blocking nudges preserve developer autonomy
License
MIT
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/backslash-ux/flowcheck'
If you have feedback or need assistance with the MCP directory API, please join our Discord server