Transport

Flocks doesn’t ship a transport. It speaks over whatever transport your mesh already uses:

Transport	Why
Tailscale	Zero-config WireGuard mesh; ACLs out of the box.
WireGuard	Self-managed, kernel-level, maximum control.
Custom	Any IP-routable network; supply your own CA + PKI.

The gateway and roost don’t care which one — they require a routable IP and a TLS cert (in production).

The private network is not the trust boundary. Even on Tailscale, Flocks expects every node to prove its identity over Ed25519. Don’t treat “they can reach me” as “they’re allowed to talk to me.”

MCP & the tool fabricHow tools are routed across local and remote agents.

Get started

Install

Concepts

Architecture

Modes

Drivers

Connect (desktop)

Security

Contributing