Corporate proxies

If your organisation already runs an egress proxy or secure web gateway, Flowstate fits alongside it. This page covers the three integration questions you'll have:

Will Flowstate break the egress my SWG already handles? (No — but there's a subtle case around Server-Sent Events to know about.)
How do I point Flowstate at my corporate proxy upstream? (One environment variable.)
Does my SWG need to allow-list Flowstate's hostnames? (Yes — short list below.)

Confirmed-compatible products

We've validated co-existence with:

Zscaler Internet Access / Private Access
Netskope NG-SWG / Borderless SD-WAN
Palo Alto Prisma Access
Forcepoint ONE Web Security
Cisco Umbrella (formerly OpenDNS) + Secure Internet Gateway
Cloudflare Zero Trust / WARP
Symantec WSS (Broadcom)
SonicWall Cloud Edge

Other transparent or explicit proxies should also work — these are the ones we've tested end-to-end with the v1.12 agent against the cloud proxy at ai.flowstate.inc.

Co-existence: how it works

Both Flowstate's agent and your corporate SWG terminate TLS to inspect traffic. Each generates its own root certificate authority and installs it in the local trust store. Operating systems and browsers accept multiple trusted CAs; two CAs in the trust store don't conflict.

The traffic path on a managed machine becomes:

AI tool (Claude Desktop, Cursor, etc.)
  → Flowstate Agent (re-issues leaf cert from Flowstate CA, inspects)
  → Flowstate cloud proxy (ai.flowstate.inc — composite-key authenticated)
  → Corporate SWG (re-issues leaf cert from SWG CA, inspects)
  → Internet (the actual AI provider)

The provider sees a TLS handshake from your egress IP, signed against the public CA chain (because the SWG terminates and re-originates). The Flowstate Agent sees the original request bodies in clear text before the SWG ever touches them. Your SWG sees post-Flowstate traffic but pre-internet — same content semantically.

The one subtle case: Server-Sent Events and WebSocket upgrades

Modern AI tools stream responses via Server-Sent Events (most browser chats, the Anthropic and OpenAI APIs) or WebSocket upgrades (Claude Desktop's streaming bridge, increasingly common in newer clients). Some SWGs buffer streaming responses to inspect them in full before forwarding — fine for normal HTTP, fatal for streaming, because the user's tool stops receiving incremental tokens.

The v1.12 line of the Flowstate Agent handles both SSE and WebSocket upgrades end-to-end via ALPN pinning on the upstream connection. The "Claude Desktop streaming cuts off mid-stream" bug that affected earlier versions is fixed.

If your SWG buffers SSE or breaks WebSocket upgrades, configure it to bypass inspection for the AI provider hostnames. This isn't a Flowstate-specific recommendation — many SaaS vendors require it. The hostnames to bypass are listed at the bottom of this page.

Routing Flowstate's outbound through your proxy

Set FLOWSTATE_UPSTREAM_PROXY in the agent's environment — either by exporting it before flowstate install, or by editing the per-platform managed config after install.

macOS / Linux — /etc/flowstate.env:

FLOWSTATE_UPSTREAM_PROXY=http://zscaler.corp.example.com:80

After editing, reload the agent:

bash

# macOS
sudo launchctl kickstart -k system/inc.flowstate.agent.proxy

# Linux
sudo systemctl restart flowstate-agent

Windows — HKLM\SOFTWARE\Flowstate\Agent:

Value name	Type	Value
`FLOWSTATE_UPSTREAM_PROXY`	`REG_SZ`	`http://zscaler.corp.example.com:80`

Restart the service:

powershell

Restart-Service FlowstateAgent

Authenticated proxies: http://user:pass@proxy.example.com:8080 or https://proxy.example.com:443.

The agent uses this for its own outbound — talking to the cloud proxy, fetching release manifests for updates. It does not use the upstream proxy for the captured AI traffic it's inspecting locally: that traffic exits the machine via the normal route after Flowstate inspects it, and your SWG picks it up there as usual.

Hostnames to allow-list in your SWG

If you run a default-deny SWG (most organisations do), allow-list these Flowstate-controlled hostnames so the agent can reach the cloud proxy and pick up updates:

Hostname	Purpose	Bypass inspection?
`ai.flowstate.inc`	Cloud proxy — every captured AI exchange is forwarded here. HTTPS + WebSocket.	Yes — recommended. WebSocket upgrades through a buffering SWG break Claude Desktop streaming.
`app.flowstate.inc`	Main web app — where admins issue org-scope keys, view sessions.	Not required.
`docs.flowstate.inc`	Documentation site.	Not required.
GitHub Releases on `meetflowstate/flowstate-agent` — currently `github.com` and `objects.githubusercontent.com`	Release manifest + binary downloads for `flowstate install` and (future) Sparkle auto-updates.	Not required, but allow-list the binary hostnames if your SWG defaults to denying GitHub release downloads.

And the AI-provider hostnames the agent inspects locally — these need SSE / WebSocket-bypass on inspecting proxies:

Provider	Hostnames
Anthropic	`api.anthropic.com`, `claude.ai`
OpenAI	`api.openai.com`, `chatgpt.com`
Google	`generativelanguage.googleapis.com`, `aistudio.google.com`
GitHub Copilot	`copilot-proxy.githubusercontent.com`, `api.github.com`, `api.githubcopilot.com`
Cursor	`api.cursor.com`, `api2.cursor.sh`

This list grows; the canonical machine-readable version is published by the cloud proxy and the agent re-fetches it on every startup.

Double-MITM and what to avoid

Two MITM proxies in series usually works. Three is fragile. If your machine fleet is going through Flowstate and Zscaler and a developer's local mitmproxy / Charles for debugging, expect intermittent TLS errors. Either remove the developer-local proxy, or set FLOWSTATE_UPSTREAM_PROXY to point at it and skip the SWG for that machine.

Troubleshooting

Agent fails to reach ai.flowstate.inc — first thing to check is that your SWG allows the hostname. The agent's log (/var/log/flowstate.proxy.log on macOS, journalctl -u flowstate-agent on Linux, C:\ProgramData\Flowstate\logs\agent.log on Windows) includes the exact TLS error from the underlying HTTP client.
Streaming responses stop mid-stream in Claude Desktop / ChatGPT / Cursor — your SWG is buffering SSE or breaking the WebSocket upgrade. Add the provider hostnames to the bypass list. Confirm the Flowstate Agent itself is on v1.12.1 (2026-05-15) or newer — earlier versions had a server-side bug in WebSocket forwarding that has since been fixed.
Update downloads time out — the .pkg / .msi are 30–80 MB; some SWGs throttle binary downloads. Allow-list the binary host (see table above) and exempt it from binary-content scanning.

Corporate proxies ​

Confirmed-compatible products ​

Co-existence: how it works ​

The one subtle case: Server-Sent Events and WebSocket upgrades ​

Routing Flowstate's outbound through your proxy ​

Hostnames to allow-list in your SWG ​

Double-MITM and what to avoid ​

Troubleshooting ​