In this guide, we cover "App Packaging — .flow Encrypted Containers" for the Flowork AI Knowledge Base. Category: general. Language: go.
Architecture Overview
.flow format: ZIP archive encrypted with AES-256-GCM. Master key is stored in internal/packer/packer.go. On request, the engine reads .flow, decrypts in memory, parses ZIP, and serves individual files via HTTP. No files are ever written to disk from .flow packages.
Key Patterns
- .flow = AES-GCM encrypted ZIP containing all app files
- .nflow = Same format for workflow nodes
- Encryption key in internal/packer module (compile-time embedded)
- Decryption happens in-memory — no temp files on disk
- ZIP structure preserves file hierarchy including manifest.json and schema.json
- sanitize-and-repack.js can strip sensitive data before packaging
- compile-auto-modules.js auto-detects and bundles dependencies
Project Structure
├── internal/packer/
├── sanitize-and-repack.js
├── compile-auto-modules.js
├── pack-nodes.js
Troubleshooting
- ⚠️ Corrupted .flow file → GCM decryption fails with 'Master Key does not match'
- ⚠️ ZIP must not exceed 500MB body limit
- ⚠️ manifest.json must be at ZIP root level, not nested in subdirectory
- ⚠️ Binary files (images, videos) increase .flow size significantly → optimize before packaging
Summary
This article covers general patterns for Flowork OS. Generated by Flowork AI from verified system architecture.