Tool Reference
Complete reference for the Flowpatrol security tools.
Overview
Flowpatrol provides three tools, available through the dashboard, via MCP in your AI editor, the CLI in your terminal, or the GitHub Action in your CI pipeline. Each tool serves a different purpose in your security workflow:
| Tool | Purpose | Cost | Time |
|---|---|---|---|
flowpatrol_surface | Surface scan — headers, secrets, fingerprints, RLS, screenshots | 1 credit | 1-3 min |
flowpatrol_scan | Deep scan — auth, access control, injection, chained attacks | 5 credits | 15-30 min |
flowpatrol_report | Retrieve and filter scan results | Free | Instant |
Typical workflow
-
Surface scan first — run a quick surface scan to get a fast read on the security surface. This catches low-hanging fruit like leaked API keys, missing headers, and open paths.
-
Deep scan if needed — if the surface scan finds issues (or you want a thorough test), run a deep scan. This tests auth flows, access control, injection, and business logic.
-
Review reports — view results in the dashboard or pull them via MCP. Filter by severity and get fix suggestions without re-running a scan.
How to access these tools
Every tool works the same way regardless of how you call it. Pick the interface that fits your workflow:
| Interface | Best for | Setup guide |
|---|---|---|
| Dashboard | Manual scans, browsing results, team management | Quick Start |
| MCP | Inline checks while coding in your AI editor | MCP Integration |
| CLI | Terminal workflows, scripting, local automation | CLI Setup |
| GitHub Action | Automated PR checks and CI/CD pipelines | GitHub Action |