📄 工具详情 ⚙️ 安装教程 📚 使用教程
能力标签
🤖 Agent🔄 工作流💻 CLI🔗 REST API📚 RAG🧠 Claude✨ GPT🖥 本地 LLM⛓ LangChain
⚙️
Agent工作流

SFlow

基于 Python · 无代码搭建完整 AI 自动化流程
⭐ 11 Stars 🍴 3 Forks 💻 Python 📄 MIT 🏷 AI 7.5分
7.5AI 综合评分
workflowpython
⬇ 下载源码 ZIP ⚙️ 配置说明
✦ AI Skill Hub 推荐

AI Skill Hub 推荐使用:SFlow 是一款优质的Agent工作流。AI 综合评分 7.5 分,在同类工具中表现稳健。如果你正在寻找可靠的Agent工作流解决方案,这是一个值得深入了解的选择。

📚 深度解析
SFlow 是一套完整的 AI Agent 自动化工作流方案。随着 AI 能力的不断提升,基于 Agent 的自动化工作流正在成为提升个人和团队效率的核心方式。区别于传统的 RPA 自动化(模拟鼠标键盘操作),AI Agent 工作流通过理解任务意图、动态规划执行路径,能够处理更复杂的非结构化任务。

SFlow 工作流的设计遵循"最小配置,最大复用"原则:核心逻辑已经封装好,用户只需配置自己的 API Key 和业务参数即可快速上手。工作流内置错误处理和重试机制,在网络波动或 API 限速等情况下仍能稳定运行,适合作为生产环境的自动化基础设施。

在实际部署时,建议先在测试环境中运行 3-5 次,验证各个环节的输出结果符合预期,再部署到生产环境。AI Skill Hub 评分 7.5 分,是同类 Agent 工作流中的精选推荐。
📋 工具概览

AI Native SecOps平台,基于LangGraph多智能体协调。自动化安全运维平台。

SFlow 是一套完整的 AI Agent 自动化工作流方案。通过可视化的节点编排,将复杂的多步骤任务拆解为清晰的自动化流程,实现全程无人值守的智能处理。支持与数百种外部服务和 API 无缝集成,适合构建数据处理管线、业务自动化和 AI 辅助决策系统。

GitHub Stars
⭐ 11
开发语言
Python
支持平台
Windows / macOS / Linux
维护状态
轻量级项目,按需更新
开源协议
MIT
AI 综合评分
7.5 分
工具类型
Agent工作流
Forks
3
📖 中文文档
以下内容由 AI Skill Hub 根据项目信息自动整理,如需查看完整原始文档请访问底部「原始来源」。

AI Native SecOps平台,基于LangGraph多智能体协调。自动化安全运维平台。

SFlow 是一套完整的 AI Agent 自动化工作流方案。通过可视化的节点编排,将复杂的多步骤任务拆解为清晰的自动化流程,实现全程无人值守的智能处理。支持与数百种外部服务和 API 无缝集成,适合构建数据处理管线、业务自动化和 AI 辅助决策系统。

📌 核心特色
  • 可视化 Agent 工作流编排,无需编写复杂代码
  • 支持多步骤自动化任务链,实现全流程无人值守
  • 与外部 API、数据库和第三方服务无缝集成
  • 内置错误处理与自动重试机制,保障稳定运行
  • 提供可复用的自动化模板,快速在同类场景部署
🎯 主要使用场景
  • 自动化日常重复性工作,将精力集中于创造性任务
  • 构建数据采集 → 处理 → 输出的完整自动化管线
  • 实现跨平台、跨系统的数据流转和业务协同
以下安装命令基于项目开发语言和类型自动生成,实际以官方 README 为准。
安装命令
# 方式一:pip 安装(推荐)
pip install sflow

# 方式二:虚拟环境安装(推荐生产环境)
python -m venv .venv
source .venv/bin/activate  # Windows: .venv\Scripts\activate
pip install sflow

# 方式三:从源码安装(获取最新功能)
git clone https://github.com/Ch1nfo/SFlow
cd SFlow
pip install -e .

# 验证安装
python -c "import sflow; print('安装成功')"
📋 安装步骤说明
  1. 访问 GitHub 仓库获取工作流文件
  2. 在对应平台(Dify / Flowise / Make 等)中找到「导入工作流」功能
  3. 上传工作流文件
  4. 按照提示配置必要的环境变量和 API Key
  5. 运行测试确认流程正常后投入使用
以下用法示例由 AI Skill Hub 整理,涵盖最常见的使用场景。
常用命令 / 代码示例
# 命令行使用
sflow --help

# 基本用法
sflow input_file -o output_file

# Python 代码中调用
import sflow

# 示例
result = sflow.process("input")
print(result)
以下配置示例基于典型使用场景生成,具体参数请参照官方文档调整。
配置示例
# sflow 配置文件示例(config.yml)
app:
  name: "sflow"
  debug: false
  log_level: "INFO"

# 运行时指定配置文件
sflow --config config.yml

# 或通过环境变量配置
export SFLOW_API_KEY="your-key"
export SFLOW_OUTPUT_DIR="./output"
📑 README 深度解析 真实文档 完整度 83/100 查看 GitHub 原文 →
以下内容由系统直接从 GitHub README 解析整理,保留代码块、表格与列表结构。

简介

Architecture Overview

<details> <summary><strong>System Architecture Diagram</strong></summary>

┌─────────────────────────────────────────────────────────────────┐
│                   React WebUI (Vite + TS)                       │
│  ┌──────────────┐  ┌─────────────────┐  ┌───────────────────┐   │
│  │ Overview /   │  │ Conversation UI │  │ Plugin & Config   │   │
│  │ Alerts /     │  │  + approvals    │  │    Management     │   │
│  │ Tasks        │  │                 │  │                   │   │
│  └──────────────┘  └─────────────────┘  └───────────────────┘   │
└──────────────────────────┬──────────────────────────────────────┘
                           │  REST API (FastAPI)
┌──────────────────────────▼──────────────────────────────────────┐
│              SentinelFlow Runtime (Python / FastAPI)            │
│  ┌────────────────────────────────────────────────────────────┐  │
│  │               Multi-Agent Orchestrator                     │  │
│  │   ┌──────────────────────────────────────────────────┐    │  │
│  │   │  Primary Agent (Supervisor)                       │    │  │
│  │   │  LangGraph StateGraph + ToolNode                  │    │  │
│  │   │  Context Window → ReAct → Worker/Skill Tools      │    │  │
│  │   │    ↓ sequential / parallel worker delegation      │    │  │
│  │   │  ┌────────────┐  ┌────────────┐  ┌────────────┐  │    │  │
│  │   │  │  Worker A  │  │  Worker B  │  │  Worker C  │  │    │  │
│  │   │  │ ReAct Sub- │  │ ReAct Sub- │  │ ReAct Sub- │  │    │  │
│  │   │  │   Graph    │  │   Graph    │  │   Graph    │  │    │  │
│  │   │  └────────────┘  └────────────┘  └────────────┘  │    │  │
│  │   └──────────────────────────────────────────────────┘    │  │
│  └────────────────────────────────────────────────────────────┘  │
│  ┌────────────────────────────────────────────────────────────┐  │
│  │                    Skill Runtime                           │  │
│  │    loader → executor → subprocess isolation → audit log    │  │
│  └────────────────────────────────────────────────────────────┘  │
│  ┌────────────────────────────────────────────────────────────┐  │
│  │            Prompt Window & Run Log Traceability            │  │
│  │  task anchors → case_context → compact tool records        │  │
│  │  full state/checkpoints/run logs remain available          │  │
│  └────────────────────────────────────────────────────────────┘  │
│  ┌────────────────────────────────────────────────────────────┐  │
│  │              Alert Ingestion & Task Queue                  │  │
│  │  Multi-Source API/Script Poller → Parser → Dedup → Queue   │  │
│  │  Source-Scoped Auto-Executor → Task Runner → Agent/Workflow│  │
│  └────────────────────────────────────────────────────────────┘  │
└─────────────────────────────────────────────────────────────────┘

Core Design Patterns

  • Supervisor + Worker SubGraph — Workers are compiled ReAct SubGraphs and wrapped as @tool functions; compact summaries, key facts, action results, approvals, and errors surface back to the Supervisor
  • SOC context window controlprepare_messages_for_llm() creates the actual LLM prompt view from full state, preserving task anchors and recent ReAct turns while compressing older tool records
  • Run-local case contextcase_context carries current goal, alert refs, facts, actions taken, missing inputs, pending approvals, completed steps, and do-not-repeat hints for the current run only
  • SKILL.md discovery — Skills are file-system plugins; no code changes needed to add new capabilities
  • Dual entry typesalert (JSON from SIEM) and conversation (human command); both routed through the same agent runtime
  • Source-aware SQLite task persistence — Alert tasks survive restarts; source-scoped event IDs and atomic status transitions prevent duplicate execution
  • Atomic result serialization — All graph results pass through _serialize_alert_result for a consistent, structured execution trace
  • Lossless audit / compact inference split — Full state, checkpoints, and run logs are retained; only the prompt sent to the LLM is windowed and compacted

Key Components

  • SentinelFlowAgentService — Top-level service; routes to orchestrator or single-agent graph; serializes results
  • build_orchestrator_graph() — Compiles the Supervisor + Worker multi-agent LangGraph
  • build_agent_graph() — Builds a single-agent ReAct SubGraph (used for both workers and standalone agents)
  • context_utils — Builds context manifests, task anchors, case context, prompt windows, key facts, compact tool summaries, and pre-execution input checks
  • RunLogTracer / AgentRunLogService — Records per-run LLM prompt views, window information, worker boundaries, skill calls, approvals, and final results
  • AlertDispatchService — SQLite-backed source-aware task queue; handles create, dedup, status transition, and finalization
  • AlertPollingService — Per-source scheduler that polls enabled API/script alert sources and dispatches normalized alerts into the task queue
  • AlertAutoExecutionService — Asyncio-based source-scoped executor loop; processes queued and retry-eligible tasks without human action
  • AlertParserGenerator — LLM-assisted + heuristic field-mapping rule generator for arbitrary JSON alert payloads
  • SentinelFlowSkillRuntime — Manages skill lifecycle; adapts skills as LangChain tools for agent use
  • AgentWorkflowRegistry — Lists and resolves workflow definitions for multi-step Agent Workflows
  • SkillApprovalService — Persists approval records and checkpoint resume state for human-in-the-loop execution
  • weekly_alert_cleanup_service — Optional weekly cleanup for stored alert tasks and run artifacts
  • AuditService — Records runtime audit events for dispatch, task execution, approval handling, and background services

</details>

<details> <summary><strong>Project Structure</strong></summary>

.
├── pyproject.toml                      # Python package metadata & CLI entrypoint
├── scripts/
│   ├── dev.py                          # Unified local dev entrypoint
│   └── serve_webui.py                  # Production WebUI static file server
├── .sentinelflow/                      # Local plugins, runtime.json, SQLite queue (generated at runtime)
├── runtime/
│   └── sentinelflow/
│       ├── agent/
│       │   ├── service.py              # Top-level agent service (orchestration logic)
│       │   ├── orchestrator_graph.py   # Supervisor + Worker SubGraph builder
│       │   ├── graph.py                # Single-agent ReAct graph builder
│       │   ├── registry.py             # Agent definition loader (agent.yaml)
│       │   ├── prompts.py              # System prompts & appendix templates
│       │   ├── context_utils.py        # Context manifest, prompt window, case_context, compact records
│       │   ├── run_log_tracer.py       # LLM prompt/run-log event tracing
│       │   ├── skill_run_analyzer.py   # Skill/closure/action result convergence
│       │   ├── policy.py               # Per-agent skill permission resolver
│       │   ├── nodes.py                # LangGraph node implementations
│       │   ├── tools.py                # Agent-facing tool definitions
│       │   └── state.py                # Agent graph state schema
│       ├── skills/
│       │   ├── loader.py               # SKILL.md discovery & validation
│       │   ├── executor.py             # Skill subprocess execution
│       │   ├── adapters.py             # Skill → LangChain tool adapters
│       │   ├── resolver.py             # Local/plugin skill resolution
│       │   └── models.py               # Skill data models
│       ├── alerts/
│       │   ├── client.py               # Alert source HTTP/script client
│       │   ├── poller.py               # Scheduled polling service
│       │   ├── parser_runtime.py       # Field-mapping parser engine
│       │   ├── parser_generator.py     # LLM + heuristic parser rule generator
│       │   └── dedup.py                # Alert deduplication store
│       ├── services/
│       │   ├── agent_run_log_service.py # Per-alert JSONL run logs
│       │   ├── dispatch_service.py     # SQLite-backed task queue & lifecycle
│       │   ├── task_runner_service.py  # Task execution orchestration
│       │   ├── auto_execution_service.py # Continuous auto-executor loop
│       │   ├── skill_approval_service.py # Skill approval records + checkpoint persistence
│       │   ├── triage_service.py       # Rule-based alert disposition fallback
│       │   ├── weekly_alert_cleanup_service.py # Optional weekly cleanup
│       │   └── audit_service.py        # Audit event log
│       ├── tools/                      # Built-in operational tools
│       ├── workflows/                  # Agent workflow registry & runner
│       ├── api/                        # FastAPI route handlers
│       ├── config/                     # Runtime config loader (.env + persisted JSON)
│       └── domain/                     # Shared enums, models, errors
│   └── tests/                          # Runtime regression tests
├── webui/
│   └── src/
│       ├── components/                 # React UI components
│       ├── pages/                      # Page-level views
│       ├── api/                        # API client (fetch wrappers)
│       ├── hooks/                      # Custom React hooks
│       └── styles/                     # Global styles & Tailwind config

</details>

<details> <summary><strong>Development Guide</strong></summary>

Features

Environment Requirements

  • Python 3.11+
  • Node.js 18+ / pnpm 8+
  • (Optional) A LangGraph-compatible LLM API key (OpenAI-compatible endpoint)

Install WebUI dependencies

cd webui && pnpm install && cd ..

1. Install Python Dependencies

```bash

2. Install WebUI Dependencies

cd webui
pnpm install
cd ..

Build WebUI for production

python scripts/dev.py webui-build

Quick Start

Screenshots

Security Overview DashboardConversation Console
![image-20260405225720016](https://raw.githubusercontent.com/Ch1nfo/picbed/main/img/20260405225720053.png)![image-20260405231100920](https://raw.githubusercontent.com/Ch1nfo/picbed/main/img/20260406140803364.png)
Alert WorkbenchSkill Management
![image-20260405225903594](https://raw.githubusercontent.com/Ch1nfo/picbed/main/img/20260405225903635.png)![image-20260405230107750](https://raw.githubusercontent.com/Ch1nfo/picbed/main/img/20260405230107788.png)
Agent ManagementWorkflow Management
![image-20260405230145352](https://raw.githubusercontent.com/Ch1nfo/picbed/main/img/20260405230145399.png)![image-20260405230315299](https://raw.githubusercontent.com/Ch1nfo/picbed/main/img/20260405230315341.png)

Clone and set up Python environment

python -m venv .venv source .venv/bin/activate pip install -e ".[dev]"

Environment Configuration

The preferred way to configure SentinelFlow is through the WebUI Settings panel — all settings are persisted to .sentinelflow/runtime.json by default without requiring a server restart.

Alternatively, create a project-root .env file for environment-level defaults:

touch .env

Key environment variables (all prefixed with SENTINELFLOW_):

```ini

LLM Configuration (OpenAI-compatible)

SENTINELFLOW_LLM_API_KEY=sk-... SENTINELFLOW_LLM_API_BASE_URL=https://api.openai.com/v1 SENTINELFLOW_LLM_MODEL=gpt-4o SENTINELFLOW_LLM_THINKING_ADAPTER_ENABLED=false # enable only for thinking-model adapters such as DeepSeek

4. Configure via WebUI

Open the WebUI and navigate to Settings. Configure your LLM endpoint and one or more alert sources — all settings are persisted immediately without a restart.

Alternatively, create a .env file for environment-level defaults:

```bash touch .env

Edit .env with your SENTINELFLOW_LLM_API_KEY, SENTINELFLOW_LLM_API_BASE_URL, etc.

```

5. Add Your First Skill (Optional)

Create a new directory under .sentinelflow/plugins/skills/ (default local workspace) with a SKILL.md, or use the Skill Management page in the WebUI to create one directly:

Alert Ingestion Pipeline

  • Multiple named alert sources — Manage more than one upstream source from Settings; each source carries its own name, enablement state, parser, poll interval, retry interval, auto-execution flag, and optional source-specific analysis prompt
  • Dual alert source typesapi mode polls any REST endpoint (configurable method, headers, query, body); script mode runs a custom Python script and reads its stdout as the alert payload
  • AI-powered parser generation — Paste a raw sample payload; the LLM auto-generates a field_mapping parser rule with live preview and one-click apply
  • Fetch / Parse Validation — Test upstream fetches, import parser JSON, and preview parsed alert records before saving settings
  • Flexible field mapping — Point-path-based rules map arbitrary JSON structures to SentinelFlow's canonical alert schema (eventIds, alert_name, sip, dip, alert_time, etc.)
  • Source-aware deduplication & idempotency — SQLite-backed dedup store prevents re-queueing already-active alerts while keeping identical event IDs from different sources isolated
  • Per-source polling scheduler — Each enabled source can poll on its own interval; the UI can trigger immediate polling for the selected source, while the API also supports all-source polling
  • Fallback & retry — Failed tasks can be retried manually or automatically after the retry interval configured for the matching alert source

FAQ

<details> <summary><strong>What LLM providers does SentinelFlow support?</strong></summary>

SentinelFlow uses an OpenAI-compatible API interface (langchain-openai). Any provider that supports the OpenAI Chat Completions API format works — including OpenAI, Anthropic (via proxy), DeepSeek, Qwen, local models via Ollama/LM Studio, and API relay services.

Configure the endpoint in the WebUI Settings or via environment variables: 

SENTINELFLOW_LLM_API_BASE_URL=https://your-provider/v1
SENTINELFLOW_LLM_API_KEY=your-key
SENTINELFLOW_LLM_MODEL=model-name

For DeepSeek-style thinking models, enable Thinking Model Adapter in Settings or set SENTINELFLOW_LLM_THINKING_ADAPTER_ENABLED=true. When enabled, SentinelFlow sends thinking: {"type": "disabled"} to avoid provider-side reasoning_content replay errors. Leave it disabled for providers that do not support this request body.

</details>

<details> <summary><strong>What alert source types are supported?</strong></summary>

SentinelFlow supports multiple named alert sources from the Settings panel. Each source can use one of two modes:

  • API mode (api): Polls any REST/HTTP endpoint. Supports GET/POST, custom headers, query parameters, and request body. Ideal for SIEM/SOAR platforms with a REST API.
  • Script mode (script): Runs a Python script you write directly in the UI. The script should print a JSON object to stdout containing count and alerts. Use this for custom data sources, local log files, or any integration that doesn't expose a REST endpoint.

Each source has its own parser rule, polling interval, failed-task retry interval, auto-execution flag, and optional alert-analysis prompt. Tasks are stored with source_id / source_name, and deduplication is scoped by source plus event ID.

</details>

<details> <summary><strong>How does the AI parser generation work?</strong></summary>

Paste a sample alert JSON payload in the Settings panel and click Generate Parser. SentinelFlow sends the sample to your configured LLM, which returns a field_mapping rule that maps your schema's fields to SentinelFlow's canonical alert fields (eventIds, alert_name, sip, dip, etc.). A live preview shows how the rule would parse your sample. If the LLM call fails or is unavailable, a heuristic fallback rule is generated instead.

</details>

<details> <summary><strong>How do I define a Worker Sub-Agent?</strong></summary>

Create a directory under .sentinelflow/plugins/agents/ (default local workspace) with an agent.yaml and optional prompt files, or use the Agent Management page in the WebUI:

```yaml

🎯 aiskill88 AI 点评 A 级 2026-05-23

该项目提供了一个开源的AI工作流平台,基于LangGraph多智能体协调技术,自动化安全运维流程。虽然项目质量较高,但仍需要进一步完善和测试。

⚡ 核心功能
👥 适合人群
自动化工程师和运维人员项目经理和业务分析师希望减少重复性工作的专业人士数字化转型团队
🎯 使用场景
  • 自动化日常重复性工作,将精力集中于创造性任务
  • 构建数据采集 → 处理 → 输出的完整自动化管线
  • 实现跨平台、跨系统的数据流转和业务协同
⚖️ 优点与不足
✅ 优点
  • +MIT 协议,可免费商用
  • +大幅减少重复性人工操作
  • +可视化流程,清晰直观
  • +可扩展性强,支持复杂场景
⚠️ 不足
  • 初始配置和调试需投入一定时间
  • 强依赖外部服务的稳定性
  • 复杂场景需具备一定技术基础
⚠️ 使用须知

AI Skill Hub 为第三方内容聚合平台,本页面信息基于公开数据整理,不对工具功能和质量作任何法律背书。

建议在沙箱或测试环境中充分验证后,再部署至生产环境,并做好必要的安全评估。

📄 License 说明

✅ MIT 协议 — 最宽松的开源协议之一,可自由商用、修改、分发,仅需保留版权声明。

🔗 相关工具推荐
LLM资源合集(精选)
精选100+可直接运行的AI Agent和RAG应用集合。包含完整工作流示例、智能代理框架和检索增强生成系统。适合AI开
agency agents
A complete AI agency at your fingertips - From frontend wiza
LangChain AI开发框架
Agent工作流
ai-agents-for-beginners Agent工作流
微软官方开源项目,提供12堂系统课程学习AI智能体框架。涵盖工作流设计、RAG检索增强、多智能体协作等核心技能。适合AI
🧩 你可能还需要
基于当前 Skill 的能力图谱,自动补全的工具组合
ECC MCP工具
MCP · Agent · 工作流
SQLite内存MCP服务器
基于SQLite的MCP内存服务器,提供WAL并发安全、FTS5全文搜索和会话管理功能。支持Claude等AI助手的持久化记忆存储,适合需要
优先级锻造
MCP · Agent · 工作流
CrewAI 多代理协作平台
MCP · Agent · 工作流
Ghidra逆向工程MCP服务器
基于Ghidra的开源MCP工具集,提供200+个AI驱动的逆向工程工具和GUI插件。整合先进的二进制分析能力与AI能力,适合安全研究员、逆
LEANN AI技能包
MCP · Agent · 工作流
❓ 常见问题 FAQ
解答
💡 AI Skill Hub 点评

总体来看,SFlow 是一款质量良好的Agent工作流,在同类工具中具备一定竞争力。AI Skill Hub 将持续追踪其更新动态,建议收藏备用,结合自身场景选择合适时机引入使用。

⬇️ 获取与下载
⬇ 下载源码 ZIP

✅ MIT 协议 · 可免费商用 · 直接从 aiskill88 服务器下载,无需跳转 GitHub

📚 深入学习 SFlow
查看分步骤安装教程和完整使用指南,快速上手这款工具
⚙️ 安装教程 📚 使用教程
🌐 原始信息
原始名称 SFlow
原始描述 开源AI工作流:AI Native SecOps platform powered by LangGraph multi-agent orchestration. Automa。⭐11 · Python
Topics workflowpython
GitHub https://github.com/Ch1nfo/SFlow
License MIT
语言 Python
🔗 原始来源
🐙 GitHub 仓库  https://github.com/Ch1nfo/SFlow

收录时间:2026-05-23 · 更新时间:2026-05-23 · License:MIT · AI Skill Hub 不对第三方内容的准确性作法律背书。