Docs/Concepts

Concepts

The mental model behind FlowGuard. Six objects — read once, the rest of the docs will make sense.

Application

The web app you're testing. Stores its name, base URL, repo URL, and the codebase analysis FlowGuard built from your code. One tenant can have many applications; the Free tier caps you at 1, Team is unlimited.

Configured once, used by every flow and run
Holds the application map (pages, routes, forms) the agent extracted
Owns its TicketConfiguration (Azure DevOps / GitHub)

Flow

An ordered sequence of steps that exercises one user journey — login, checkout, an admin action, anything. Flows are the unit you author, run, schedule, and ticket against.

Source: AI-generated, recorded (Chrome extension), manual, or imported
Versioned — every save bumps the version, runs reference the version they ran on
Tagged for filtering (e.g. smoke, regression, billing)

Step

A single action inside a flow. FlowGuard supports eight step types — see the Building Flows guide for each one's options.

Action steps: Navigate, Click, Fill, Select, Wait
Verification steps: Assert (DOM-based), Checkpoint (AI-vision), Screenshot
Each step records timing, screenshot, network calls and DOM snapshot

Checkpoint

A verification point where Claude vision compares the live screenshot against an expected description. Checkpoints catch what selector-based assertions miss — visual regressions, missing data, broken layouts.

Plain-English expectation: "the dashboard shows 3 widget cards"
Pass / fail verdict with confidence score and rationale
Failed checkpoints become tickets if a TicketConfiguration is set

Run

One execution of a flow. A run captures every step, screenshot, network call, console log, and verdict. Status follows the lifecycle Queued → Running → Passed / Failed / Cancelled.

Triggered manually, on schedule (cron), via webhook, or post-deploy
Counts against your monthly run quota (see Pricing)
Auto-expires after 30 days on Free, 90 days on Starter, 1 year on Team

Variable

Per-flow secrets and configuration — emails, passwords, IDs, environment URLs. Variables are encrypted at rest and only decrypted in the agent process at run time.

Reference inside a step with {{my_variable}}
Mark as secret to redact from logs and screenshots
Override per-environment so the same flow runs against staging and prod

Up next

Building Flows — the visual editor and every step type, with examples Codebase Analysis — what the AI scan reads, sends, and keeps local