The loop engineering harness. AI workers that run on a loop.
Schedule them, trigger them, require approvals, and keep every run on the record.
A worker is a folder: worker.yml + SKILL.md or run.py. Deploy it from Claude Code, Codex, or the CLI. Run it from the UI, REST, or MCP.
Get started · Build a worker · Try the hosted version · Read the docs
Most "AI automation" is a chat window you babysit, or a no-code graph that bills you per task and can't be audited. Floom is the loop engineering harness: a real runtime where a worker is a readable package, it runs on a loop without you watching, and every execution leaves logs, outputs, tool calls, approvals, and a replay you can trust. Used natively from Claude Code and Codex via MCP or CLI.
Floom lets an agent or developer turn a Python script into a worker that non-developers can run from a UI, other systems can call through REST, and AI agents can operate through MCP.
Start with three files:
workers/my-worker/
worker.yml
run.py
requirements.txt
Then validate, deploy, and run:
floom workers validate ./workers/my-worker
floom workers push ./workers/my-worker
floom run my-worker --input key=valueRead BUILDING.md for the full copy-paste worker contract.
Floom turns repeatable knowledge-work automations into background AI workers. A worker can run manually, on a schedule, from a webhook, or from an app event. The runtime keeps the worker definition, input schema, output schema, logs, tool calls, approvals, and run history inspectable.
Use Floom when you want an AI agent to do recurring work without turning that work into an opaque chat thread, a hard-to-diff automation graph, or a one-off script with no supervision.
AI agents and developers can build a Floom worker from a folder:
workers/<worker-id>/
worker.yml # manifest: inputs, outputs, trigger, runtime, secrets
run.py # script entrypoint, or SKILL.md for agent mode
requirements.txt # optional Python dependencies
Deploy the worker with:
floom workers validate ./workers/<worker-id>
floom workers push ./workers/<worker-id>
floom run <worker-id> --input key=valueAfter deployment, Floom exposes the worker in the UI, through REST endpoints, and through the Floom MCP server for AI clients. For the complete copy-paste build contract, read BUILDING.md.
A worker is a folder-backed job definition. Describe the work in plain English (SKILL.md) or hand it a script (run.py), declare its tools, trigger, memory, and secrets in worker.yml, and Floom runs it.
# workers/github-digest/worker.yml (abbreviated)
name: github-digest
description: "Every morning at 9am, send a digest of unread GitHub PRs and open issues."
exec:
entry: SKILL.md # plain-English agent; or run.py for a script
trigger:
type: schedule
cron: "0 9 * * *" # also: manual, webhook, Composio event
connections:
- app: github # the only tools this agent is allowed to call
allowed_tools: [GITHUB_FIND_PULL_REQUESTS, GITHUB_LIST_ASSIGNED_ISSUES]<!-- workers/github-digest/SKILL.md -->
You are a GitHub assistant generating a daily PR + issues digest.
Fetch the user's open PRs and assigned issues, compile a markdown digest
with Action items, and finish_with_outputs({ "digest": "<markdown>" }).It runs at 9am, calls only the two GitHub tools it declared, and writes digest.md to a run you can open, replay, or roll back:
run 7f3a · github-digest · finished 09:00:04 · 2 tool calls · output: digest.md
✓ GITHUB_FIND_PULL_REQUESTS q="is:open is:pr author:@me" → 4 PRs
✓ GITHUB_LIST_ASSIGNED_ISSUES state=open → 2 issues
→ out/digest.md (text/markdown) [open · replay · rollback]
The full manifest adds schema_version, title, version, and declared outputs. See workers/ for runnable examples, BUILDING.md for a minimal deployable worker, and the agent cookbook.
| runs in | host isolation | tools | side effects | |
|---|---|---|---|---|
Script (run.py / .sh / .js / .ts) |
E2B sandbox microVM | isolated filesystem, env & process; platform secrets withheld | sandbox + declared connections | approval gate when declared |
Agent (SKILL.md) |
AgentDriver in the API process (trusted bundles only) | not microVM-isolated by policy | declared connections, allow-listed | approval gate when declared |
Sandboxes allow public network egress by default and block private/internal ranges; a stricter allowlist is optional. Full trust model: ARCHITECTURE.md.
| What it is | Self-hosted runtime to create, run, and supervise background AI agents |
| Best for | Recurring agent work: inbox triage, digests, outreach drafting, enrichment, monitoring |
| Agent types | Script (run.py/.sh/.js/.ts) and plain-English agent (SKILL.md) |
| Isolation | Script workers run in E2B sandbox microVMs - isolated host filesystem, env & process; platform secrets withheld |
| Triggers | Manual, schedule (cron), webhook, Composio event |
| Safety | Human-in-the-loop approvals for side-effecting agents; tools allow-listed per agent |
| On the record | Every run records logs, outputs, tool calls, approval state, replay + rollback |
| Cost model | Floom adds no per-task fee - you pay E2B sandbox runtime (per second) plus your model/API provider usage |
| Stack | Next.js + Tailwind UI · FastAPI + SQLite API · MCP server + CLI |
| Runs on | Linux, macOS, Windows (Python 3.11+, Node 20+) |
| License | MIT · hosted version |
- Founders & operators turning recurring work (digests, triage, outreach) into agents that run themselves.
- Engineers who want a real runtime - manifests, sandboxes, limits, approvals - not a prompt file and a cron job.
- Teams who need every action allow-listed, approved, and replayable for audit.
- Anyone burned by agents that ran a destructive command, leaked a secret, or claimed success with nothing on the record.
| raw scripts | Zapier / Make | hand-rolled MCP server | Floom | |
|---|---|---|---|---|
| Worker definition | ad-hoc prompt or code | visual graph, hard to diff | custom tool server code | a folder: worker.yml + SKILL.md or run.py |
| Runtime | cron, shell, or local process | vendor automation runtime | whatever the developer builds | agent runtime with triggers, runs, logs, outputs, approvals, replay, and rollback |
| Isolation | runs on your host | vendor cloud, opaque | depends on implementation | E2B sandbox microVM for script workers |
| Tool access | whatever the script can reach | per-connector | MCP tools only | declared and allow-listed per worker |
| Side effects | fire immediately | workflow-dependent | custom approval logic | human approval gate when declared |
| Observability | scrollback, if any | per-step logs | custom logs | logs, tool calls, outputs, artifacts, approval state, replay, and rollback |
| Agent access | custom wrapper needed | not an agent-native build target | agent can call tools, but app runtime is separate | MCP tools let agents create, run, watch, and inspect workers |
| Cost model | model tokens and infrastructure | per-task or per-execution fees | model tokens and infrastructure | no per-task fee; you pay runtime and provider usage |
| Hosting | your host | vendor only | your host | self-host, or hosted |
Linux / macOS
git clone https://github.com/floomhq/floom.git
cd floom
./scripts/setup.sh
# edit apps/api/.env: add a model provider key and E2B_API_KEY
./scripts/dev.shWindows PowerShell
git clone https://github.com/floomhq/floom.git; cd floom
.\scripts\setup.ps1
# edit apps\api\.env: add a model provider key and E2B_API_KEY
.\scripts\dev.ps1Requires Python 3.11+, Node.js 20+, Git, a model provider key, and an E2B key from e2b.dev. Open http://localhost:3000 and sign in - no auth secret for local dev, and the example agents are seeded on first boot.
Full setup, model providers, optional integrations, and the safe self-hosting checklist: docs/GETTING-STARTED.md. Common issues: docs/TROUBLESHOOTING.md.
Not ready to self-host? floom.dev is the hosted version - hire AI agents with no setup. Hosted users can start from an MCP client with:
npx -y @floomhq/floom mcp install --target claudeThe .env, model-provider, and E2B keys above are for running your own local or
self-hosted runtime, not for using Floom Cloud.
- Agents - folders under
workers/<name>/withworker.ymlplus a script entrypoint (run.py) or an agent prompt (SKILL.md). - Runs - every execution records logs, outputs, tool calls, approval state, and replay/rollback context.
- Contexts - reusable file bundles attached to agents as reference material; sensitive by default.
- Approvals - side-effecting agents pause for a human decision before anything leaves the building.
- Workspace history - agents, contexts, and settings versioned in a git-backed workspace for rollback.
Write your first agent in docs/GETTING-STARTED.md, then docs/AUTHORING.md for the full manifest and runtime contract.
Script workers (.py/.sh/.js/.ts) run in an E2B sandbox microVM by default: isolated dependencies, no host process access, contained resources. TypeScript workers use the Node runtime with tsx (npx --yes tsx run.ts) and the same inputs.json/result.json contract as Python workers. A bundle that dumps os.environ inside the sandbox sees only sandbox metadata - FLOOM_SECRET, provider keys, and E2B_API_KEY are all absent. Agent workers (SKILL.md) run through the API-hosted AgentDriver tool loop and are governed by their declared connections and the approval gate; the current single-tenant policy permits only trusted agent bundles on that path. There is no in-process local script runner. Full trust model: ARCHITECTURE.md.
Data handling, connected-account safeguards, retention boundaries, and hosted Cloud legal surfaces are summarized in docs/DATA-RETENTION.md.
apps/web Next.js + TypeScript + Tailwind + shadcn/ui
apps/api FastAPI + SQLite + Pydantic
apps/mcp MCP server + CLI
workers/ Worker folders (worker.yml + run.py or SKILL.md)
data/ SQLite DB + run artifacts
Floom is an open-source runtime for background AI workers that run from versioned worker folders with declared inputs, outputs, triggers, tools, approvals, logs, REST API access, UI access, and MCP access.
Floom includes an MCP server, but it is more than an MCP server. The MCP endpoint lets agent clients create, run, watch, inspect, and manage Floom workers. The Floom runtime is the part that executes those workers, records runs, manages approvals, and exposes the UI and REST API.
Yes. Read BUILDING.md first. The build contract is a workers/<id>/ folder with worker.yml, run.py or SKILL.md, and optional requirements.txt, then floom workers validate and floom workers push.
Yes. Put the script in workers/<id>/run.py, declare its inputs and outputs in worker.yml, deploy it with floom workers push, and Floom makes it runnable from the UI, REST API, and MCP tools.
Script mode runs deterministic code such as Python, shell, or Node in the sandbox. Agent mode runs a SKILL.md prompt through the agent loop with declared tools and output writers.
Floom is for teams that want versioned worker folders, sandbox execution, approval gates, logs, outputs, replay, rollback, REST API access, and MCP access. Zapier and Make are visual automation products with their own vendor runtimes.
Floom can expose work through MCP without making you hand-roll the whole app runtime. A hand-written MCP server gives an agent tools; Floom gives the worker a runtime, UI, API, triggers, outputs, logs, approvals, and MCP tools.
- Getting started - why Floom exists, first run, first agent, safe self-hosting checklist.
- Building Floom workers - machine-readable build contract for agents and developers.
- Authoring agents - full
worker.ymlschema, execution modes, secrets, connections, triggers, approvals. - Data, retention, and safeguards - what Floom stores, how connected-account data is scoped, and what deletion/retention guarantees are safe to make.
- Agent cookbook - agent-assisted authoring recipes.
- Architecture - runtime topology and the sandbox trust model. Read before filing security findings.
- API overview - curated endpoint map; full reference at
http://localhost:8000/docs. - Troubleshooting · Roadmap · Project history · v1.0.0 release notes
- Licensing - Floom's MIT license and third-party dependency license notes.
Contributions are welcome. See CONTRIBUTING.md for local setup, the first-contribution map, and PR guidelines. Quick local checks from the repo root:
npm run test:api
npm run lint:web
npm run test:web
npm run test:mcpTo report a vulnerability, follow SECURITY.md and report it privately rather than opening a public issue.
MIT License (c) 2026 Floom contributors. You may use, copy, modify, merge, publish, distribute, sublicense, and sell copies of Floom, subject to the MIT license notice and warranty disclaimer.

