Remote Access
FlowLayer can be accessed remotely with the official TUI:
flowlayer-client-tui -addr <host>:6999 -token <token>Treat this as sensitive runtime access. The /ws endpoint can control running services, so remote access should be restricted like any operational control plane.
Recommended Access Posture
Section titled “Recommended Access Posture”Prioritize these controls:
- private network paths first
- VPN for remote operators
- SSH tunnels for point-to-point access
- host firewall rules limiting who can reach the session port
In most setups, keep session.bind private and expose access only through controlled network paths.
Avoid Direct Internet Exposure
Section titled “Avoid Direct Internet Exposure”Do not expose the FlowLayer session port directly on the public Internet.
FlowLayer is designed for development and runtime control workflows, not for open public endpoint exposure.
SSH Tunnel Example
Section titled “SSH Tunnel Example”Forward local port 6999 to the server session port:
ssh -L 6999:127.0.0.1:6999 user@serverflowlayer-client-tui -addr 127.0.0.1:6999 -token <token>This keeps the session endpoint private on the server while still allowing remote operation from your local TUI.
Product Boundaries
Section titled “Product Boundaries”FlowLayer is not:
- a reverse proxy
- an IAM system
- a multi-tenant platform
Use external network and identity controls around FlowLayer when operating across distributed infrastructure.