Zeli FlowForge — Operations guide

1. Signup & 2FA

1. Go to /signup and create your account (email + 12+ char password).
2. Confirm your email by clicking the link you receive (valid 24h).
3. On first login, configure mandatory 2FA: scan the QR with Google Authenticator / 1Password / Authy.
4. Save the 10 recovery codes (shown only once) in a password manager. They are needed if you lose access to the TOTP app.

2. Create a workspace

After 2FA setup, the portal asks you to create the first workspace. A workspace:

• Has an isolated Docker container (FlowForge runtime) on the sub-domain {slug}.app.automazionezeli.com
• Contains workflows, credentials, logs — all tenant-isolated
• Has a plan (Free/Starter/Pro/Team/Enterprise) that determines LLM quota, RAM, disk, workspace member limit

Provisioning takes ~10 seconds (capacity check → docker create → start → healthcheck). You see it live in the onboarding modal.

3. FlowForge editor

Click "Open FlowForge" from the dashboard. The portal issues a short-lived SSO token (5 min, single-use) and POST autosubmit to {slug}.app.azel/sso. The container validates the token and creates a local session.

In the editor you’ll find:

• Workflow canvas — drag nodes, connect, run live
• DB Studio — connect Postgres/MySQL/Mongo/Redis/Vector and run queries
• Credentials vault — secrets for external integrations (AES-256-GCM)
• Node marketplace — community packs
• Liara chat — native LLM for workflow generation / debugging

4. Invite the team

From /account/team, owners/admins invite members by email with a role:

The invitee receives an email with a /accept-invite?token=... link (valid 7 days). After accept, the role is propagated to the FlowForge editor via SSO.

5. Liara LLM & BYOK

FlowForge includes Liara (Qwen3 32B with Zeli fine-tuning) hosted on EU GPUs. Daily quota per plan:

• Free: 200 calls/day · Starter: 1K · Pro: 5K · Team: 25K · Enterprise: unlimited

Pro+ plans support BYOK (Bring Your Own Key) — use your Anthropic / OpenAI / Google API key. Keys are encrypted AES-256-GCM and used only for your calls.

6. External API & keys

Generate API keys from /account/api-keys to integrate FlowForge with external systems (CI/CD, webhook, server-to-server). Each key has:

• Scope: read:workflows, write:workflows, execute:workflows, admin:tenant
• Expiry: 30d / 90d / 1 year / never
• Revoke: immediate, integrations using that key stop working

The key plaintext is shown only once at creation. Store it in a password manager.

7. Billing & plans

From /account/billing you see current plan, next renewal, payment history. Upgrade/downgrade from /pricing via PayPal Subscriptions:

• Monthly auto-renew · Yearly discount -17%
• Cancel anytime — access remains until the end of the current period
• Failed payment → 3 automatic PayPal retries · then container suspended · warning email to owner
• 22% VAT applied automatically (IT regime)

For Enterprise (€499+/mo) contact us — DPA, SOC2, ISO27001, on-premise, white-label available.

8. Security & compliance

• EU hosting — Hetzner Falkenstein, GDPR-native (no extra-EU transfer)
• 2FA enforced on all accounts
• 24h session rotation sliding window
• Immutable audit log with SHA-256 hash chain (automatic tamper detection)
• Encryption at rest: AES-256-GCM for secrets, TOTP, BYOK keys (envelope with master key)
• Sentinel WAF in front of LLM and auth (prompt injection, brute force, anomaly detection)
• Daily backups (client-side encrypted, retention 7d local + 90d B2 remote)
• GDPR art.17/20: ZIP data export, account deletion with 7d grace

9. FAQ