# Swirls — expanded site context (swirls.ai)

> Swirls is a durable, security-first runtime for agentic AI workflows. You author workflows in `.swirls` files: a graph of nodes (tools, LLM calls, control flow) with explicit data flow and scoped credentials. Run the same workflow locally for development, then deploy to Swirls Cloud for a managed, production-grade runtime.

## What Swirls is

- **Workflow-as-policy**: Security and access control are derived from the workflow definition. Permissions attach to the workflow’s cryptographic identity (SHA-256 hash of the canonical workflow), not ad-hoc runtime grants.
- **Durable execution**: Steps are persisted; workflows can sleep, wait for signals, spawn children, and resume across process restarts—similar in spirit to durable workflow engines, tuned for LLM/agent workloads.
- **Human-in-the-loop**: Review and approval steps can gate sensitive actions before they run in production.
- **Auditability**: Executions produce a tamper-evident chain (hash-linked records) suitable for export and verification.

## Primary URLs (marketing site)

| Page | URL | Summary |
|------|-----|--------|
| Home | https://swirls.ai | Product overview, runtime value props, getting started pointers |
| Cloud | https://swirls.ai/cloud | Managed runtime: scaling, observability, Portal, SLA-oriented positioning |
| Security | https://swirls.ai/security | Threat model, delegation levels, key derivation, secret isolation, audit chain |
| Pricing | https://swirls.ai/pricing | Plans and usage (local free tier; Cloud paid tiers) |
| Blog | https://swirls.ai/blog | Release notes and engineering posts |
| Demo | https://swirls.ai/demo | Product demo entry points (if exposed) |

## Security model (high level)

- **Structural security**: Agent capabilities are constrained by the workflow graph and declared tool scopes—not by a generic “model may call anything” default.
- **Delegation**: Authorization is modeled in levels (e.g. workspace → deployment → execution → node → tool) with explicit caveats; see the Security page for diagrams and examples.
- **Keys and secrets**: Cryptographic keys are derived (HKDF-style) and not stored long-lived in plaintext for workflow operation; per-node encryption and envelope patterns support multi-tenant isolation. See /security for primitives (AES-GCM, HKDF, HMAC, SHA-256) and operational notes.
- **Audit trail**: Append-only, hash-chained execution history for forensic and compliance workflows.

## Swirls Cloud (managed)

- Durable workers, failover-oriented positioning, and operations features (e.g. OpenTelemetry-oriented observability, audit logs, replay concepts—details on /cloud).
- Same security posture as self-hosted in principle: scoped agents, per-node secrets, tenant isolation patterns—cross-check /security.

## Local vs Cloud

- **Local**: Free local runtime for development and testing; align with CLI install and docs.
- **Cloud**: Paid managed service; pricing and credit models are on /pricing.

## Documentation (technical depth)

- **Docs home**: https://swirls.ai/docs
- **Docs LLM-oriented full text** (generated from documentation): https://swirls.ai/docs/llms-full.txt

Use the docs site for language syntax, CLI commands, API contracts, and cookbook-style examples. This file (`/llms-full.txt` on swirls.ai) focuses on **product and marketing-site context**; the docs `llms-full.txt` focuses on **reference material**.

## Community and source

- GitHub organization: https://github.com/byteslicehq
- Discord: https://discord.gg/ZXTBZGjQ5a

## Short index (`/llms.txt`)

A shorter companion file lives at https://swirls.ai/llms.txt for quick crawlers and tools that want a minimal sitemap-style summary.

## Versioning note

Content describes the product as of the page generation on swirls.ai. For authoritative pricing, terms, and compliance statements, prefer the live pages (/pricing, /terms-of-service, /privacy-policy) and the Security page for the latest posture language.