Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.flowx.ai/llms.txt

Use this file to discover all available pages before exploring further.

Infrastructure prerequisites

Before installing the FlowX.AI Engine, verify that the following infrastructure components are installed and configured:
  • Kafka
  • Elasticsearch
  • PostgreSQL or Oracle
  • MongoDB

Dependencies

The FlowX Engine requires the following components:
  • Database: Primary storage for the engine (PostgreSQL or Oracle)
  • Redis Server: Used for caching. See Redis Configuration
  • Kafka: Handles messaging and event-driven architecture. See Configuring Kafka
For a microservices architecture, services typically manage their data via dedicated databases.

Required external services

  • Redis Cluster: Caches process definitions, compiled scripts, and Kafka responses
  • Kafka Cluster: Enables communication with external plugins and integrations

Configuration setup

FlowX.AI Engine uses environment variables for configuration. This section covers key configuration areas:

Database configuration

The FlowX Engine supports both PostgreSQL and Oracle as its primary relational database.

PostgreSQL

Environment variableDescription
SPRING_DATASOURCE_URLDatabase URL for PostgreSQL
SPRING_DATASOURCE_USERNAMEUsername for PostgreSQL
SPRING_DATASOURCE_PASSWORDPassword for PostgreSQL
SPRING_DATASOURCE_DRIVERCLASSNAMEDriver class for PostgreSQL

Oracle

Environment variableDescription
SPRING_DATASOURCE_URLDatabase URL for Oracle
SPRING_DATASOURCE_USERNAMEUsername for Oracle
SPRING_DATASOURCE_PASSWORDPassword for Oracle
SPRING_DATASOURCE_DRIVERCLASSNAMEDriver class for Oracle
Default: oracle.jdbc.OracleDriver

MongoDB configuration

Configure connection to the Runtime MongoDB instance:
Environment variableDescriptionDefault value
SPRING_DATA_MONGODB_RUNTIME_URIURI for connecting to MongoDBFormat: mongodb://${RUNTIME_DB_USERNAME}:${DB_PASSWORD}@<host1>,<host2>,<arbiter-host>:<port>/${DB_NAME}?retryWrites=false
RUNTIME_DB_USERNAMEMongoDB usernameapp-runtime
DB_NAMEMongoDB database nameapp-runtime

Configuration parameters

There are two types of Config Params that can be read from the environment: variables and secrets. There is one provider for variables and secrets extracted from the environment variables, and two providers for the ones extracted from Kubernetes. By default, the variables and secrets are extracted from environment variables (env provider).

Configuration parameters from environment variables (default)

The env provider used for variables and secrets extracts them from environment variables. For security reasons, the env provider uses an allow list regex which defaults to FLOWX_CONFIGPARAM_.*. This means only environment variables that match this naming pattern can be read at runtime into configuration params (either as variables or secrets). Feel free to edit it to match the environment variables that you use in your deployment.
Environment variableDescriptionDefault value
FLOWX_CONFIGPARAMS_VARS_PROVIDERProvider type for variablesenv
FLOWX_CONFIGPARAMS_VARS_ALLOWLISTREGEXRegular expression to match allowed env variables for variablesFLOWX_CONFIGPARAM_.*
FLOWX_CONFIGPARAMS_SECRETS_PROVIDERProvider type for secretsenv
FLOWX_CONFIGPARAMS_SECRETS_ALLOWLISTREGEXRegular expression to match allowed env variables for secretsFLOWX_CONFIGPARAM_.*

Configuration parameters from Kubernetes Secrets and ConfigMaps

Use the following configuration to read Config Params from Kubernetes Secrets and ConfigMaps:
Environment variableDescriptionValues
FLOWX_CONFIGPARAMS_VARS_PROVIDERProvider type for variablesk8s-configmaps
FLOWX_CONFIGPARAMS_SECRETS_PROVIDERProvider type for secretsk8s-secrets
These providers can be configured as follows:
Environment variableDescriptionValues
FLOWX_CONFIGPARAMS_PROVIDERS_K8SCONFIGMAPS_CONFIGMAPSLIST_0_Name of the ConfigMap to use for variablesflowx-configparams
FLOWX_CONFIGPARAMS_PROVIDERS_K8SSECRETS_SECRETSLIST_0_Name of the Secret to use for secretsflowx-configparams
You can configure multiple secrets and ConfigMaps by incrementing the index number (e.g., FLOWX_CONFIGPARAMS_PROVIDERS_K8SSECRETS_SECRETSLIST_1, FLOWX_CONFIGPARAMS_PROVIDERS_K8SCONFIGMAPS_CONFIGMAPSLIST_1). Values are overridden based on the order in which the maps are defined.The default provider is env, but there is a built-in allowlist with the regex pattern FLOWX_CONFIGPARAM_.*. This means only configuration parameters that match this naming pattern can be read at runtime, whether they are environment variables or secret variables.

Config params cache

Configure caching behavior for configuration parameters to optimize performance:
Environment variableDescriptionDefault value
FLOWX_CACHE_CONFIGPARAMS_TTLSECONDSTime-to-live in seconds for cached configuration params120
FLOWX_CACHE_CONFIGPARAMS_MAXENTRIESMaximum number of entries in the config params cache500
These settings control how long configuration parameters are cached in memory before being refreshed from the source (environment variables, ConfigMaps, or Secrets). Adjust these values based on how frequently your configuration changes and your memory constraints.

Authorization & access roles

This section covers OAuth2 configuration settings for securing the Spring application.

Security configuration

Environment variableDescriptionDefault value
SECURITY_TYPEType of security mechanismoauth2
SECURITY_BASIC_ENABLEDEnable basic authenticationfalse
SECURITY_PUBLIC_PATHS_0Public path not requiring authentication/api/platform/components-versions
SECURITY_PUBLIC_PATHS_1Public path not requiring authentication/manage/actuator/health
SECURITY_PATH_AUTHORIZATIONS_0_PATHSecurity path pattern"/api/**"
SECURITY_PATH_AUTHORIZATIONS_0_ROLES_ALLOWEDRoles allowed for path access"ANY_AUTHENTICATED_USER"

Resource server (opaque-token introspection)

Environment variableDescriptionDefault value
SECURITY_OAUTH2_BASE_SERVER_URLOAuth2 server base URL
SECURITY_OAUTH2_REALMOAuth2 realm name
SECURITY_OAUTH2_CLIENT_CLIENT_IDClient ID for token introspection
SECURITY_OAUTH2_CLIENT_CLIENT_SECRETClient secret for token introspection

Service account configuration

Environment variableDescriptionDefault value
SECURITY_OAUTH2_SERVICE_ACCOUNT_ADMIN_CLIENT_IDService account client IDflowx-process-engine-sa
SECURITY_OAUTH2_SERVICE_ACCOUNT_ADMIN_CLIENT_SECRETService account client secret
SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_MAINAUTHPROVIDER_TOKEN_URIProvider token URI${SECURITY_OAUTH2_BASE_SERVER_URL}/realms/${SECURITY_OAUTH2_REALM}/protocol/openid-connect/token
For more information about the necessary service account, see Process Engine Service Account.

Configuring Kafka

Kafka handles all communication between the FlowX.AI Engine, external plugins, and integrations. It also notifies running process instances when certain events occur.

Kafka connection settings

Environment variableDescriptionDefault value
KAFKA_BOOTSTRAP_SERVERSKafka bootstrap servers (fallback: SPRING_KAFKA_BOOTSTRAP_SERVERS)localhost:9092
KAFKA_SECURITY_PROTOCOLSecurity protocol for Kafka (fallback: SPRING_KAFKA_SECURITY_PROTOCOL)PLAINTEXT

Message routing configuration

Environment variableDescriptionDefault value
KAFKA_DEFAULT_FX_CONTEXTDefault context value for message routing when no context is provided"" (empty string)
When KAFKA_DEFAULT_FX_CONTEXT is set and an event is received on Kafka without an fxContext header, the system will automatically apply the default context value to the message.

Kafka consumer retry settings

Environment variableDescriptionDefault value
KAFKA_AUTHEXCEPTIONRETRYINTERVALInterval between retries after AuthorizationException (seconds)10

Consumer groups & consumer threads configuration

Both a producer and a consumer must be configured:

Configuring a Kafka Producer

Configuring a Kafka Consumer

FlowX Engine Kafka communication pattern
About consumer groups and threads
A consumer group is a set of consumers that jointly consume messages from one or more Kafka topics. Each consumer group has a unique identifier (group ID) that Kafka uses to manage message distribution. Thread numbers refer to the number of threads a consumer application uses to process messages. Increasing thread count can improve parallelism and efficiency, especially with high message volumes.
Consumer group configuration
Environment variableDescriptionDefault value
KAFKA_CONSUMER_GROUPID_NOTIFYADVANCEGroup ID for notifying advance actionsadvance
KAFKA_CONSUMER_GROUPID_NOTIFYPARENTGroup ID for notifying when a subprocess is blockednotify-parent
KAFKA_CONSUMER_GROUPID_ADAPTERSGroup ID for messages related to adaptersadapters
KAFKA_CONSUMER_GROUPID_SCHEDULERRUNACTIONGroup ID for running scheduled actionsscheduler-run-action
KAFKA_CONSUMER_GROUPID_SCHEDULERADVANCINGGroup ID for messages indicating continuing advancementscheduler-advancing
KAFKA_CONSUMER_GROUPID_MESSAGEEVENTSGroup ID for message eventsmessage-events
KAFKA_CONSUMER_GROUPID_PROCESS_STARTGroup ID for starting processesprocess-start
KAFKA_CONSUMER_GROUPID_PROCESS_STARTFOREVENTGroup ID for starting processes for an eventprocess-start-for-event
KAFKA_CONSUMER_GROUPID_PROCESS_EXPIREGroup ID for expiring processesprocess-expire
KAFKA_CONSUMER_GROUPID_PROCESS_OPERATIONSGroup ID for processing operations from Task Management pluginprocess-operations
KAFKA_CONSUMER_GROUPID_PROCESS_BATCHPROCESSINGGroup ID for processing bulk operations from Task Management pluginprocess-batch-processing
KAFKA_CONSUMER_GROUPID_PROCESS_UIFLOWUPDATEGroup ID for processing UI flow session variable updatesui-flow-update
Consumer thread configuration
Environment variableDescriptionDefault value
KAFKA_CONSUMER_THREADS_NOTIFYADVANCENumber of threads for notifying advance actions6
KAFKA_CONSUMER_THREADS_NOTIFYPARENTNumber of threads for notifying when a subprocess is blocked6
KAFKA_CONSUMER_THREADS_ADAPTERSNumber of threads for processing messages related to adapters6
KAFKA_CONSUMER_THREADS_SCHEDULERADVANCINGNumber of threads for continuing advancement6
KAFKA_CONSUMER_THREADS_SCHEDULERRUNACTIONNumber of threads for running scheduled actions6
KAFKA_CONSUMER_THREADS_MESSAGEEVENTSNumber of threads for message events6
KAFKA_CONSUMER_THREADS_PROCESS_STARTNumber of threads for starting processes6
KAFKA_CONSUMER_THREADS_PROCESS_STARTFOREVENTNumber of threads for starting processes for an event2
KAFKA_CONSUMER_THREADS_PROCESS_EXPIRENumber of threads for expiring processes6
KAFKA_CONSUMER_THREADS_PROCESS_OPERATIONSNumber of threads for processing operations from task management6
KAFKA_CONSUMER_THREADS_PROCESS_BATCHPROCESSINGNumber of threads for processing bulk operations from task management6
KAFKA_CONSUMER_THREADS_PROCESS_UIFLOWUPDATENumber of threads for processing UI flow session variable updates6
All events that start with a configured pattern will be consumed by the Engine. This enables you to create new integrations and connect them to the engine without changing the configuration.

Configuring Kafka topics

Topic naming configuration
Environment VariableDescriptionDefault Value
KAFKA_TOPIC_NAMING_PACKAGEPackage prefix for topic namesai.flowx.
KAFKA_TOPIC_NAMING_ENVIRONMENTEnvironment segment for topic names
KAFKA_TOPIC_NAMING_VERSIONVersion suffix for topic names.v1
KAFKA_TOPIC_NAMING_SEPARATORPrimary separator for topic names.
KAFKA_TOPIC_NAMING_SEPARATOR2Secondary separator for topic names-
KAFKA_TOPIC_NAMING_ENGINERECEIVEPATTERNEngine receive patternengine.receive.
KAFKA_TOPIC_NAMING_INTEGRATIONRECEIVEPATTERNIntegration receive patternintegration.receive.
Core engine topics
Environment variableDescriptionDefault value
KAFKA_TOPIC_PROCESS_NOTIFY_ADVANCETopic used internally for advancing processesai.flowx.core.notify.advance.process.v1
KAFKA_TOPIC_PROCESS_NOTIFY_PARENTTopic used for sub-processes to notify the parent processai.flowx.core.notify.parent.process.v1
KAFKA_TOPIC_PATTERNPattern the Engine listens on for incoming eventsai.flowx.engine.receive.*
KAFKA_TOPIC_PROCESS_EVENT_MESSAGETopic for process message eventsai.flowx.core.message.event.process.v1
Topics related to the Task Management plugin
Environment variableDescriptionDefault value
KAFKA_TOPIC_TASK_OUTTopic used for sending notifications to the pluginai.flowx.plugin.tasks.trigger.save.task.v1
KAFKA_TOPIC_PROCESS_OPERATIONS_INTopic for receiving information about operations performedai.flowx.core.trigger.operation.v1
KAFKA_TOPIC_PROCESS_OPERATIONS_BULKINTopic where operations can be performed in bulkai.flowx.core.trigger.operations.bulk.v1
Topics related to the Notification plugin
Environment variableDescriptionDefault value
KAFKA_NOTIFICATION_OUTTopic for sending notification requests to the Notification pluginai.flowx.plugin.notification.trigger.send.notification.v1
The KAFKA_NOTIFICATION_OUT topic must resolve to the same value as KAFKA_TOPIC_NOTIFICATION_INTERNAL_IN in the Notification plugin configuration.
Topics related to the Document plugin
The process-engine receives results from document-plugin operations on topics matching the pattern ai.flowx.engine.receive.plugin.document.*. The following topics are used for file encryption and decryption operations:
Topic nameDescription
ai.flowx.engine.receive.plugin.document.encrypt.file.results.v1Topic for receiving file encryption results from document-plugin
ai.flowx.engine.receive.plugin.document.decrypt.file.results.v1Topic for receiving file decryption results from document-plugin
These topics are automatically matched by the Engine’s KAFKA_TOPIC_PATTERN configuration (default: ai.flowx.engine.receive.*). No additional configuration is required. The topics must be created in your Kafka infrastructure before deployment.
OPERATIONS_IN request example
{
  "operationType": "UNASSIGN", //type of operation performed in Task Management plugin
  "taskId": "some task id",
  "processInstanceUuid": "1cff0b7d-966b-4b35-9e9b-63b1d6757ec6",
  "swimlaneName": "Default",
  "swimlaneId": "51ec1241-fe06-4576-9c84-31598c05c527",
  "owner": {
    "firstName": null,
    "lastName": null,
    "username": "service-account-flowx-process-engine-account",
    "enabled": false
  },
  "author": "admin@flowx.ai"
}
BULK_IN request example
{
  "operations": [
    {
      "operationType": "HOLD",
      "taskId": "some task id",
      "processInstanceUuid": "d3aabfd8-d041-4c62-892f-22d17923b223", // the id of the process instance
      "swimlaneName": "Default", //name of the swimlane
      "owner": null,
      "author": "john.doe@flowx.ai"
    },
    {
      "operationType": "HOLD",
      "taskId": "some task id",
      "processInstanceUuid": "d3aabfd8-d041-4c62-892f-22d17923b223",
      "swimlaneName": "Default", //name of the swimlane
      "owner": null,
      "author": "john.doe@flowx.ai"
    }
  ]
}
To send additional keys in the response, attach them in the header. For example, you can use a requestID key.
A response should be sent on a callbackTopic if it is mentioned in the headers:
Callback topic with requestID header example
{"processInstanceId": ${processInstanceId}, "callbackTopic": "test.operations.out", "requestID":"1234567890"}
Task manager operations include: assignment, unassignment, hold, unhold, terminate. These are matched with the ...operations.out topic on the engine side. For more information, see the Task Management plugin documentation:📄 Task management plugin
Topics related to UI flow session updates
Environment variableDescriptionDefault value
KAFKA_TOPIC_UIFLOW_UPDATE_INTopic for receiving UI flow session variable updatesai.flowx.core.trigger.ui-flow.update.v1
Topics related to the scheduler extension
Environment variableDescriptionDefault value
KAFKA_TOPIC_PROCESS_EXPIRE_INTopic for requests to expire processesai.flowx.core.trigger.expire.process.v1
KAFKA_TOPIC_PROCESS_SCHEDULE_OUT_SETTopic used for scheduling process expirationai.flowx.core.trigger.set.schedule.v1
KAFKA_TOPIC_PROCESS_SCHEDULE_OUT_STOPTopic used for stopping process expirationai.flowx.core.trigger.stop.schedule.v1
KAFKA_TOPIC_PROCESS_SCHEDULE_IN_RUN_ACTIONTopic for requests to run scheduled actionsai.flowx.core.trigger.run.action.v1
KAFKA_TOPIC_PROCESS_SCHEDULE_IN_ADVANCETopic for events related to advancing through a databaseai.flowx.core.trigger.advance.process.v1
Topics related to Timer Events
Environment variableDescriptionDefault value
KAFKA_TOPIC_PROCESS_SCHEDULEDTIMEREVENTS_OUT_SETUsed to communicate with Scheduler microserviceai.flowx.core.trigger.set.timer-event-schedule.v1
KAFKA_TOPIC_PROCESS_SCHEDULEDTIMEREVENTS_OUT_STOPUsed to communicate with Scheduler microserviceai.flowx.core.trigger.stop.timer-event-schedule.v1
Topics related to the Search Data service
Environment variableDescriptionDefault value
KAFKA_TOPIC_DATA_SEARCH_INTopic that the Engine listens on for search requestsai.flowx.core.trigger.search.data.v1
KAFKA_TOPIC_DATA_SEARCH_OUTTopic used by the Engine to reply after finding a processai.flowx.engine.receive.core.search.data.results.v1
Topics related to the Audit service
Environment variableDescriptionDefault value
KAFKA_TOPIC_AUDIT_OUTTopic for sending audit logsai.flowx.core.trigger.save.audit.v1
Topics related to Elasticsearch indexing
Environment variableDefault value
KAFKA_TOPIC_PROCESS_INDEX_OUTai.flowx.core.index.process.v1
Processes that can be started by sending messages to a Kafka topic
Environment variableDescriptionDefault value
KAFKA_TOPIC_PROCESS_START_INTopic for requests to start a new process instanceai.flowx.core.trigger.start.process.v1
KAFKA_TOPIC_PROCESS_START_OUTTopic for sending the reply after starting a new process instanceai.flowx.core.confirm.start.process.v1
Topics related to Message Events
Environment variableDefault value
KAFKA_TOPIC_PROCESS_STARTFOREVENTai.flowx.core.trigger.start-for-event.process.v1
Topics related to Events-gateway microservice
Environment variableDescriptionDefault value
KAFKA_TOPIC_EVENTSGATEWAY_OUT_MESSAGEOutgoing messages from process-engine to events-gatewayai.flowx.eventsgateway.engine.commands.message.v1
KAFKA_TOPIC_EVENTSGATEWAY_OUT_DISCONNECTDisconnect commands from process-engine to events-gatewayai.flowx.eventsgateway.engine.commands.disconnect.v1
KAFKA_TOPIC_EVENTSGATEWAY_OUT_CONNECTConnect commands from process-engine to events-gatewayai.flowx.eventsgateway.engine.commands.connect.v1
Topics related to platform components
Environment variableDescriptionDefault value
KAFKA_TOPIC_PLATFORM_COMPONENTS_VERSIONS_OUTTopic for platform version cachingai.flowx.core.trigger.platform.versions.caching.v1
Inter-service topic coordination
When configuring FlowX services, ensure the following:
  1. The Engine’s pattern must match the pattern used by services sending messages to the Engine
  2. The integrationPattern must match the pattern used by the Integration Designer
  3. Output topics from one service must match the expected input topics of another service
For example:
  • Services send to topics matching ai.flowx.engine.receive.* → Engine listens
  • Engine sends to topics matching ai.flowx.integration.receive.* → Integration Designer listens
Kafka message size configuration
Environment variableDescriptionDefault value
KAFKA_MESSAGE_MAX_BYTESMaximum message size in bytes52428800 (50MB)
This setting affects:
  • Producer message max bytes
  • Producer max request size
  • Consumer max partition fetch bytes
Kafka authentication (when using SASL_PLAINTEXT)
For secure environments, enable OAuth authentication with the following environment variables:
Environment VariableDescriptionDefault Value
KAFKA_OAUTH_CLIENT_IDOAuth client IDkafka
KAFKA_OAUTH_CLIENT_SECRETOAuth client secretkafka-secret
KAFKA_OAUTH_TOKEN_ENDPOINT_URIOAuth token endpointkafka.auth.localhost
When using the kafka-auth profile, the security protocol will automatically be set to SASL_PLAINTEXT and the SASL mechanism will be set to OAUTHBEARER.

Configuring Elasticsearch connection

The Process Engine uses Elasticsearch for process instance indexing and search capabilities. Configure the connection using these environment variables:
VariableDescriptionDefault Value
SPRING_ELASTICSEARCH_REST_PROTOCOLConnection protocolhttps
SPRING_ELASTICSEARCH_REST_URISURL(s) of Elasticsearch nodes (no protocol)-
SPRING_ELASTICSEARCH_REST_DISABLESSLDisable SSL verificationfalse
SPRING_ELASTICSEARCH_REST_USERNAMEAuthentication username-
SPRING_ELASTICSEARCH_REST_PASSWORDAuthentication password-
For indexing setup, check the Configuring Elasticsearch indexing section.

Indexing settings

VariableDescriptionDefault Value
FLOWX_INDEXING_ENABLEDEnable/disable indexing globallytrue
FLOWX_INDEXING_TYPEIndexing strategy (http, kafka, no-indexing)http
FLOWX_ELASTICSEARCH_INDEXSETTINGS_NAMEName of the Elasticsearch indexprocess_instance
FLOWX_ELASTICSEARCH_INDEXSETTINGS_SHARDSNumber of primary shards2
FLOWX_ELASTICSEARCH_INDEXSETTINGS_REPLICASNumber of replica shards0
FLOWX_INDEXING_OPTIMISTICLOCKINGRETRIESRetry attempts for optimistic locking (HTTP only)3

Configuring file upload size

Environment variableDescriptionDefault value
SPRING_SERVLET_MULTIPART_MAXFILESIZEMaximum file size allowed for uploads50MB
SPRING_SERVLET_MULTIPART_MAXREQUESTSIZEMaximum request size allowed for uploads50MB

Connecting the Advancing controller

To use the advancing controller, configure the following variables:
Environment variableDescriptionDefault value
ADVANCING_DATASOURCE_URLConnection URL for Advancing Postgres DBjdbc:postgresql://postgresql:5432/advancing
ADVANCING_DATASOURCE_USERNAMEUsername for Advancing DB connectionflowx
ADVANCING_DATASOURCE_PASSWORDPassword for Advancing DB connection-
ADVANCING_DATASOURCE_MAXIMUMPOOLSIZEMaximum size of the advancing datasource connection pool. Worker threads open their own connections, configured separately via ADVANCING_PICKINGTHREADS and ADVANCING_PROCESSINGTHREADS20

Configuring the Advancing controller

Environment variableDescriptionDefault value
ADVANCING_TYPEType of advancing mechanismPARALLEL (alternatives: KAFKA, PARALLEL)
ADVANCING_PICKINGTHREADSNumber of worker threads for reading from database (picking operations)1
ADVANCING_PROCESSINGTHREADSNumber of threads for parallel processing of advancing events20
ADVANCING_PROCESSINGBUFFERSIZEMaximum buffer size for processing queue. Controls how many events can be queued20
ADVANCING_BLOCKPICKINGIFNOWORKERAVAILABLEBlock picking operations when no worker threads are availabletrue
ADVANCING_PICKINGPAUSEMILLISPause duration between picking batches (ms)50
ADVANCING_COOLDOWNAFTERSECONDSCooldown period after processing a batch (seconds)120
ADVANCING_SCHEDULER_HEARTBEAT_CRONEXPRESSIONCron expression for the heartbeat"*/2 * * * * ?"
How the new advancing controller works:
  • Picking threads (ADVANCING_PICKINGTHREADS): Controls how many worker threads read events from the database. This handles only the picking/reading operations.
  • Processing buffer (ADVANCING_PROCESSINGBUFFERSIZE): Acts as a queue between picking and processing. When the buffer is full, no new events are read. When there’s available space (even just 1 position), that amount of events will be read.
  • Processing threads (ADVANCING_PROCESSINGTHREADS): Controls how many threads process the advancing events in parallel. Events are processed instantly if processing threads are available. If all processing threads are busy, events accumulate in the buffer until it reaches capacity.
  • Blocking behavior (ADVANCING_BLOCKPICKINGIFNOWORKERAVAILABLE): When enabled, prevents picking operations if no worker threads are available, ensuring better resource management.

Advancing controller setup

CAS lib configuration

Environment VariableDescriptionDefault Value
FLOWX_SPICEDB_HOSTSpiceDB server hostnamespicedb
FLOWX_SPICEDB_PORTSpiceDB server port50051
FLOWX_SPICEDB_TOKENSpiceDB authentication token-

Configuring cleanup mechanism

Environment variableDescriptionDefault value
SCHEDULER_THREADSNumber of threads for the scheduler10
SCHEDULER_PROCESSCLEANUP_ENABLEDActivates the cron job for process cleanupfalse
SCHEDULER_PROCESSCLEANUP_CRONEXPRESSIONCron expression for the process cleanup scheduler0 */5 0-5 * * ? (every 5 minutes between 12 AM and 5 AM)
SCHEDULER_PROCESSCLEANUP_BATCHSIZENumber of processes to clean up in one batch1000
SCHEDULER_MASTERELECTION_CRONEXPRESSIONCron expression for the master election process30 */3 * * * ? (every 3 minutes)

Managing subprocesses expiration

Environment variableDescriptionDefault value
FLOWX_PROCESS_EXPIRESUBPROCESSESWhen true, terminates all subprocesses upon parent process expiration. When false, subprocesses follow their individual expiration settingstrue

Configuring application management

The following configuration from versions before 4.1 will be deprecated in version 5.0:
  • MANAGEMENT_METRICS_EXPORT_PROMETHEUS_ENABLED: Enables or disables Prometheus metrics export.
Starting from version 4.1, use the following configuration instead. This setup is backwards compatible until version 5.0.
Environment variableDescriptionDefault value
MANAGEMENT_PROMETHEUS_METRICS_EXPORT_ENABLEDEnables Prometheus metrics exportfalse

RBAC configuration

Process Engine requires specific RBAC permissions for proper access to Kubernetes resources: 
rbac:
  create: true
  rules:
    - apiGroups:
        - ""
      resources:
        - secrets
        - configmaps
        - pods
      verbs:
        - get
        - list
        - watch

Ingress and CORS

The Process Engine is exposed on both the admin and public hosts, with a dedicated route for runtime process instances on the admin host. Routing is configured through the FlowX Helm chart, which renders either a Kubernetes Ingress (default) or a Gateway API HTTPRoute per service. CORS handling lives in the service code; only the allowed-origins list is deployment-specific.

Service routes

Host groupExternal pathBackend receivesNotes
admin/onboarding/api/api/...Strip /onboarding
public/onboarding/api/api/...Strip /onboarding
admin-instances/api/instances/api/instances/...Path preserved
Paths are set through services.process-engine.ingress.<key>.path (or gateway.<key>.paths) in the chart values. The admin and public routes share the same backend route family — the /onboarding prefix is stripped before forwarding so the backend receives /api/....

CORS configuration

Environment VariableDescriptionDefault Value
APPLICATION_CORS_ALLOW_ORIGINComma-separated list of origins allowed to call this service from the browser. Supports wildcard subdomains. Must include every Designer, runtime renderer, and integration domain that calls Process Engine.-
Allowed methods, allowed headers (including Authorization, Content-Type, Fx-Workspace-Id), and credential handling are baked into the service’s application.yaml with safe defaults. Override these only if you have a non-standard requirement. For the complete route reference, Gateway API HTTPRoute configuration, and route customization, see the ingress configuration guide.
For SSE (Server-Sent Events) communication configuration, refer to the Events Gateway setup guide.

Script engine configuration

The process engine uses a native script engine for executing JavaScript and Python business rules. The native engine runs scripts in separate Node.js and Python worker processes.
Environment variableDescriptionDefault value
APPLICATION_SCRIPT_ENGINE_PROVIDERScript engine provider (native or graalvm)native
APPLICATION_SCRIPT_ENGINE_NATIVEENGINE_JS_POOLSIZENumber of Node.js worker processes16
APPLICATION_SCRIPT_ENGINE_NATIVEENGINE_JS_EXECUTIONTIMEOUTMSExecution timeout per script (ms)5000
APPLICATION_SCRIPT_ENGINE_NATIVEENGINE_JS_MAXEXECUTIONSPERWORKERMax executions before a worker is recycled10000
APPLICATION_SCRIPT_ENGINE_NATIVEENGINE_JS_MAXPAYLOADSIZEBYTESMax input payload size (bytes)1048576 (1 MB)
APPLICATION_SCRIPT_ENGINE_NATIVEENGINE_PYTHON_POOLSIZENumber of Python worker processes8
APPLICATION_SCRIPT_ENGINE_NATIVEENGINE_PYTHON_EXECUTIONTIMEOUTMSExecution timeout per script (ms)10000
APPLICATION_SCRIPT_ENGINE_NATIVEENGINE_PYTHON_MAXEXECUTIONSPERWORKERMax executions before a worker is recycled10000
APPLICATION_SCRIPT_ENGINE_NATIVEENGINE_PYTHON_MAXPAYLOADSIZEBYTESMax input payload size (bytes)1048576 (1 MB)
The native script engine is the default starting with 5.9.0, replacing the previous GraalVM-based engine. Scripts run in isolated subprocess pools. To revert to GraalVM, set APPLICATION_SCRIPT_ENGINE_PROVIDER=graalvm.

Stuck token recovery

Automatically recovers process tokens that get stuck due to transient failures.
Environment variableDescriptionDefault value
SCHEDULER_STUCKTOKENRECOVERY_ENABLEDTurn on or off stuck token recoveryfalse
SCHEDULER_STUCKTOKENRECOVERY_CRONEXPRESSIONCron expression for recovery sweeps0 */5 * * * ?
SCHEDULER_STUCKTOKENRECOVERY_THRESHOLDMINUTESMinutes a token must be stuck before recovery triggers10
SCHEDULER_STUCKTOKENRECOVERY_BATCHSIZEMax tokens recovered per sweep100
SCHEDULER_STUCKTOKENRECOVERY_MAXAGEHOURSMax age (hours) of stuck tokens to consider4

Troubleshooting

Common issues

Symptoms: The process-engine pod crashes or restarts repeatedly during startup.Solutions:
  1. Verify PostgreSQL connectivity and that the database exists and is accessible
  2. Check Redis connection settings (SPRING_REDIS_HOST, SPRING_REDIS_PORT) and ensure Redis is running
  3. Confirm Kafka bootstrap servers are reachable (SPRING_KAFKA_BOOTSTRAPSERVERS)
  4. Review pod logs for specific connection errors — the first failing dependency is usually the root cause
  5. Ensure all required secrets (database passwords, OAuth credentials) are correctly mounted
Symptoms: Processes get stuck at certain nodes and do not move forward.Solutions:
  1. Verify the advancing controller is running and properly connected (ADVANCING_DATASOURCE_JDBC_URL)
  2. Check that advancing-related Kafka topics exist and are correctly configured (KAFKA_TOPIC_PROCESS_NOTIFY_ADVANCE)
  3. Review the advancing controller type (ADVANCING_TYPE) and thread configuration
  4. Ensure the scheduler extension topics are properly set up for timer-based advances
  5. Check Kafka consumer group lag for advance and scheduler-advancing groups
Symptoms: Process instances are not appearing in search results or the indexing service reports errors.Solutions:
  1. Confirm FLOWX_INDEXING_ENABLED is set to true
  2. Verify Elasticsearch connection settings (SPRING_ELASTICSEARCH_REST_URIS, credentials)
  3. Check that the indexing type matches your setup (FLOWX_INDEXING_TYPE: kafka or http)
  4. If using Kafka indexing, ensure the KAFKA_TOPIC_PROCESS_INDEX_OUT topic exists
  5. Verify the Elasticsearch index name and shard configuration are valid
Symptoms: The process-engine pod experiences OOM kills or high memory consumption.Solutions:
  1. Review Redis caching configuration — large process definitions and compiled scripts are cached in Redis
  2. Check ADVANCING_PROCESSINGBUFFERSIZE and ADVANCING_PROCESSINGTHREADS — high values increase memory usage
  3. Ensure the cleanup mechanism is enabled (SCHEDULER_PROCESSCLEANUP_ENABLED) to remove completed process instances
  4. Review Kafka consumer thread counts — each thread consumes memory for message buffering
  5. Monitor the config params cache settings (FLOWX_CACHE_CONFIGPARAMS_MAXENTRIES) and reduce if needed

Redis Configuration

Cache and session configuration including Sentinel and Cluster modes

Elasticsearch Indexing

Configure process instance indexing and search capabilities

Process Instance Archiving

Archive and manage historical process instance data

Access Roles for Processes

Configure role-based access control for process definitions
Last modified on June 2, 2026