Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.flowx.ai/llms.txt

Use this file to discover all available pages before exploring further.

The Task Management plugin is available as a Docker image and serves as a dedicated microservice within the FlowX platform ecosystem.

Dependencies

Before setting up the plugin, ensure you have the following dependencies:
  • A MongoDB database for task storage
  • A connection to the RuntimeDB for operational data
  • Access to the database used by the FlowX Engine
  • Connection to the Kafka instance used by the FlowX Engine
  • A Redis instance for caching and performance optimization
While many configuration properties come pre-configured, several environment variables must be explicitly set for proper functionality.

Authorization configuration & access roles

Configure the following variables to connect to your identity management platform:
Environment VariableDescriptionDefault Value
SECURITY_TYPESecurity typeoauth2
SECURITY_OAUTH2_BASESERVERURLBase URL of your OpenID Connect provider
SECURITY_OAUTH2_REALMOAuth2 realm name
SECURITY_OAUTH2_CLIENT_CLIENT_IDClient ID for token introspection
SECURITY_OAUTH2_CLIENT_CLIENT_SECRETClient secret for token introspection
SECURITY_OAUTH2_SERVICE_ACCOUNT_ADMIN_CLIENT_IDService account client IDflowx-task-management-plugin-sa
SECURITY_OAUTH2_SERVICE_ACCOUNT_ADMIN_CLIENT_SECRETService account client secret
SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_MAINAUTHPROVIDER_TOKEN_URIProvider token URI${SECURITY_OAUTH2_BASESERVERURL}/realms/${SECURITY_OAUTH2_REALM}/protocol/openid-connect/token
A dedicated service account must be configured in your OpenID provider. The task management service account requires view-users, query-users, and query-groups client roles from realm-management to support task auto-assignment.

OpenID connect settings

The Task Management plugin supports Microsoft Entra ID as an OpenID provider.
Environment VariableDescriptionDefault Value
OPENID_PROVIDERType of OpenID providerkeycloak (possible values: keycloak, entra)
OPENID_ENTRA_TENANTIDTenant ID for Microsoft Entra ID-
OPENID_ENTRA_PRINCIPALIDPrincipal ID for Microsoft Entra ID-
OPENID_ENTRA_GRAPHSCOPEGraph scope for Microsoft Entra IDhttps://graph.microsoft.com/.default
For more detailed information about configuring the service account:

Task Management Service Account

FlowX Engine datasource configuration

The service needs access to process instance data from the engine database. Configure these connection parameters:
Environment VariableDescriptionDefault Value
SPRING_DATASOURCE_URLJDBC URL for the engine databasejdbc:postgresql://onboardingdb:5432/onboarding
SPRING_DATASOURCE_USERNAMEDatabase usernamepostgres
SPRING_DATASOURCE_PASSWORDDatabase passwordpassword

MongoDB configuration

Configure access to the primary MongoDB instance:
Environment VariableDescriptionDefault Value
SPRING_DATA_MONGODB_URIMongoDB connection URImongodb://${DB_USERNAME}:${DB_PASSWORD}@mongodb-0.mongodb-headless,mongodb-1.mongodb-headless,mongodb-arbiter-0.mongodb-arbiter-headless:27017/task-management-plugin
DB_USERNAMEMongoDB usernametask-management-plugin
DB_PASSWORDMongoDB passwordpassword
Task Manager requires a runtime connection to function correctly. Starting the service without a configured and active runtime MongoDB connection is not supported.

Runtime MongoDB configuration

Task Manager requires a runtime connection to function correctly. Starting the service without a configured and active runtime MongoDB connection is not supported.
Enable the Runtime MongoDB connection:
Environment VariableDescriptionDefault Value
SPRING_DATA_MONGODB_RUNTIME_ENABLEDEnable runtime MongoDB connectiontrue
SPRING_DATA_MONGODB_RUNTIME_URIURI for connecting to MongoDB Runtimemongodb://${RUNTIME_DB_USERNAME}:${DB_PASSWORD}@mongodb-0.mongodb-headless,mongodb-1.mongodb-headless,mongodb-arbiter-0.mongodb-arbiter-headless:27017/app-runtime?retryWrites=false
RUNTIME_DB_USERNAMEUsername for runtime databaseapp-runtime
RUNTIME_DB_PASSWORDPassword for runtime databasepassword

Redis configuration

Task Management Plugin uses Redis for caching. Configure Redis connection using the standard Redis environment variables. Quick reference:
Environment VariableDescriptionExample ValueStatus
SPRING_DATA_REDIS_HOSTRedis server hostnamelocalhostRecommended
SPRING_DATA_REDIS_PORTRedis server port6379Recommended
SPRING_DATA_REDIS_PASSWORDRedis authentication password-Recommended
REDIS_TTLCache TTL in milliseconds5000000Optional
Both SPRING_DATA_REDIS_* and SPRING_REDIS_* variable prefixes are supported. The SPRING_DATA_REDIS_* prefix is the modern Spring Boot standard and is recommended for new deployments.
For advanced Redis deployment modes (Sentinel, Cluster) and SSL/TLS setup, see the Redis Configuration guide. Note that Sentinel and Cluster modes are only supported by the Events Gateway service.

Kafka configuration

Configure the Kafka integration using these environment variables:

Core Kafka settings

Environment VariableDescriptionDefault Value
SPRING_KAFKA_BOOTSTRAPSERVERSAddress of the Kafka server(s)localhost:9092
SPRING_KAFKA_SECURITY_PROTOCOLSecurity protocol for Kafka connectionsPLAINTEXT
SPRING_KAFKA_CONSUMER_GROUPIDConsumer group identifiertask-management-plugin-consumer
KAFKA_MESSAGE_MAX_BYTESMaximum message size (bytes)52428800 (50 MB)
KAFKA_AUTHEXCEPTIONRETRYINTERVALRetry interval after authorization exceptions (seconds)10
KAFKA_CONSUMER_THREADSNumber of consumer threads3
KAFKA_CONSUMER_EXCLUDEUSERSTHREADSNumber of threads for processing user exclusion events3

OAuth authentication (when using SASL_PLAINTEXT)

Environment VariableDescriptionDefault Value
KAFKA_OAUTH_CLIENT_IDOAuth client IDkafka
KAFKA_OAUTH_CLIENT_SECRETOAuth client secretkafka-secret
KAFKA_OAUTH_TOKEN_ENDPOINT_URIOAuth token endpointkafka.auth.localhost
When using the kafka-auth profile, the security protocol will automatically be set to SASL_PLAINTEXT and the SASL mechanism will be set to OAUTHBEARER.

Topic naming configuration

Environment VariableDescriptionDefault Value
KAFKA_TOPIC_NAMING_SEPARATORPrimary separator for topic names.
KAFKA_TOPIC_NAMING_SEPARATOR2Secondary separator for topic names-
KAFKA_TOPIC_NAMING_PACKAGEPackage prefix for topic namesai.flowx.
KAFKA_TOPIC_NAMING_ENVIRONMENTEnvironment segment for topic names
KAFKA_TOPIC_NAMING_VERSIONVersion suffix for topic names.v1

Kafka topics

Process management topics

Environment VariableDescriptionDefault Value
KAFKA_TOPIC_PROCESS_START_OUTTopic for running hooksai.flowx.core.trigger.start.process.v1
KAFKA_TOPIC_PROCESS_OPERATIONS_OUTTopic for task operations (assign, unassign, etc.)ai.flowx.core.trigger.operation.v1
KAFKA_TOPIC_PROCESS_OPERATIONS_BULKOUTTopic for bulk operations on tasksai.flowx.core.trigger.operations.bulk.v1

Scheduling topics

Environment VariableDescriptionDefault Value
KAFKA_TOPIC_PROCESS_SCHEDULE_INTopic for receiving scheduler messages for hooksai.flowx.plugin.tasks.trigger.run.hook.v1
KAFKA_TOPIC_PROCESS_SCHEDULE_OUT_SETTopic for setting schedulesai.flowx.core.trigger.set.schedule.v1
KAFKA_TOPIC_PROCESS_SCHEDULE_OUT_STOPTopic for stopping schedulesai.flowx.core.trigger.stop.schedule.v1

User management topics

Environment VariableDescriptionDefault Value
KAFKA_TOPIC_EXCLUDEUSERS_SCHEDULE_INTopic for user exclusion eventsai.flowx.plugin.tasks.trigger.exclude.users.v1

Task operations topics

Environment VariableDescriptionDefault Value
KAFKA_TOPIC_TASK_INTopic for incoming task creation messagesai.flowx.plugin.tasks.trigger.save.task.v1

Events and integration topics

Environment VariableDescriptionDefault Value
KAFKA_TOPIC_EVENTSGATEWAY_OUT_MESSAGETopic for Events Gateway messagesai.flowx.eventsgateway.receive.taskmanager.commands.message.v1
KAFKA_TOPIC_RESOURCESUSAGES_REFRESHTopic for resource usage refresh eventsai.flowx.application-version.resources-usages.refresh.v1
The Engine listens for messages on topics with specific naming patterns. Ensure you use the correct outgoing topic names when configuring the Task Management plugin to maintain proper communication with the engine.

CAS lib configuration

Environment VariableDescriptionDefault Value
FLOWX_SPICEDB_HOSTSpiceDB server hostnamespicedb
FLOWX_SPICEDB_PORTSpiceDB server port50051
FLOWX_SPICEDB_TOKENSpiceDB authentication tokenspicedb-token

Logging configuration

Control logging verbosity with these environment variables:
Environment VariableDescriptionDefault Value
LOGGING_LEVEL_ROOTRoot Spring Boot microservice logs-
LOGGING_LEVEL_APPApplication-level logsDEBUG
LOGGING_LEVEL_MONGO_DRIVERMongoDB driver logsINFO
LOGGING_LEVEL_REDISRedis/Lettuce client log levelOFF

Ingress and CORS

The Task Management plugin is exposed on both the admin and public hosts. Routing is configured through the FlowX Helm chart, which renders either a Kubernetes Ingress (default) or a Gateway API HTTPRoute per service. CORS handling lives in the service code; only the allowed-origins list is deployment-specific.

Service routes

Host groupExternal pathBackend receives
admin/task/
public/task/
Paths are set through services.task-management-plugin.ingress.admin.path / services.task-management-plugin.ingress.public.path (or the corresponding gateway.<key>.paths) in the chart values.

CORS configuration

Environment VariableDescriptionDefault Value
APPLICATION_CORS_ALLOW_ORIGINComma-separated list of origins allowed to call this service from the browser. Supports wildcard subdomains. Must include every Designer, runtime renderer, and integration domain that calls Task Management.-
Allowed methods, allowed headers (including Authorization, Content-Type, Fx-Workspace-Id), and credential handling are baked into the service’s application.yaml with safe defaults. Override these only if you have a non-standard requirement. For the complete route reference, Gateway API HTTPRoute configuration, and route customization, see the ingress configuration guide.

Filtering feature

Environment VariableDescription
FLOWX_ALLOW_USERNAME_SEARCH_PARTIALEnables filtering possible assignees by partial names

Scheduled jobs

Configure scheduled maintenance jobs:
Environment VariableDescriptionDefault Value
SCHEDULER_USERSCACHESCLEANUP_CRONEXPRESSIONCron expression for user cache cleanup0 0 0 * *? (daily at midnight)

Resource usage monitoring

The plugin includes a resource usage monitoring feature that can be configured:
Environment VariableDescriptionDefault Value
FLOWX_LIB_RESOURCESUSAGES_ENABLEDEnable resource usage trackingtrue
FLOWX_LIB_RESOURCESUSAGES_REFRESHLISTENER_ENABLEDEnable refresh listenertrue
FLOWX_LIB_RESOURCESUSAGES_REFRESHLISTENER_COLLECTOR_THREADCOUNTNumber of threads for resource collection5
FLOWX_LIB_RESOURCESUSAGES_REFRESHLISTENER_COLLECTOR_MAXBATCHSIZEMaximum batch size for collection1000
FLOWX_LIB_RESOURCESUSAGES_KAFKA_CONSUMER_GROUPID_RESOURCESUSAGES_REFRESHConsumer group for resource usage refresh eventstaskMgmtResourcesUsagesRefreshGroup
FLOWX_LIB_RESOURCESUSAGES_KAFKA_CONSUMER_THREADS_RESOURCESUSAGES_REFRESHNumber of threads for processing resource usage events3

Database migration

The Task Management plugin uses Mongock for MongoDB migrations:
Environment VariableDescriptionDefault Value
MONGOCK_CHANGELOGSSCANPACKAGEPackage to scan for database change logsai.flowx.task.management.config.mongock
Last modified on June 2, 2026