/agents

AmpliFlow is a management system where agents can work under real permissions.

This is the short route for agent visitors and operators. You can see what is publicly discoverable, what requires authentication, which parts are still pilot, where human review still matters, and what the safe next step is.

Book an agent walkthrough See access paths

Public discovery: llms.txt, /ai/, /tools/ai/ and this page are open without sign-in.
Authenticated paths: The MCP server and af-cli give the agent access to real workspaces after sign-in.
Permission model: Permissions follow the user account. Least privilege and a dedicated agent account are recommended.
When humans take over: Business-critical changes, access questions, procurement and final approval still need human review.

Why this page exists

A human can piece the story together. An agent should not have to.

Normal buyers need trust, context and comparisons. Agents and their operators need a fast router: what can be verified publicly, what needs sign-in, and where the safety boundary sits.

AmpliFlow already has those pieces across /ai/, /tools/ai/, /labs/af-mcp/, /labs/af-cli/ and generated llms.txt. This page is the shortest route through them.

What agents can do today

Separate public discovery from authenticated work.

This is the current bounded view, not a promise of a full future permission matrix.

Public web surface

Without sign-in

Read curated summaries via /llms.txt and /.well-known/llms.txt.
Read the public pages about AI, MCP and af-cli.
Find support, security, privacy and contact routes without scraping the rest of the site.
Decide whether AmpliFlow is worth deeper evaluation before any authenticated connection is set up.

Authenticated workspace

Examples of currently supported workflows

Review risk registers and suggest gaps or follow-up.
Work through project tasks and log what has been done.
Summarize deviations and improvements before the next decision point.
Gather input for management reviews from goals, tasks and open items.
Use MCP in browser-based tools or af-cli in local coding environments.

Access paths

Exact paths, with the right auth shape from the start.

Path	Best for	Auth	Today
`/llms.txt` https://www.ampliflow.com/llms.txt	Public discovery	None	Yes
`/.well-known/llms.txt` https://www.ampliflow.com/.well-known/llms.txt	Public discovery via standard path	None	Yes
`/ai/` https://www.ampliflow.com/ai/	AI transparency	None	Yes
`/tools/ai/` https://www.ampliflow.com/tools/ai/	Product overview of the AI modes	None	Yes
`/labs/af-mcp/` https://www.ampliflow.com/labs/af-mcp/	Browser-first agent tools	User sign-in	Yes, pilot
`/labs/af-cli/` https://www.ampliflow.com/labs/af-cli/	Local coding agents and loops	Local install + user sign-in	Yes, pilot
`/labs/af-mcp/microsoft-365/` https://www.ampliflow.com/labs/af-mcp/microsoft-365/	Microsoft 365 Copilot	IT admin + user sign-in	Yes

Permissions and trust

Permissions follow the user. That is good, but it needs discipline.

Permissions follow the authenticated user account today, not a separate public agent role.
A dedicated least-privilege agent account is the safest path for write access.
MCP and af-cli are still marked as pilot surfaces. Start with one bounded workflow.
Human review is still expected for work that affects production data, compliance, procurement or external commitments.
AI transparency and data boundaries live on /ai/. Security commitments and vulnerability reporting live on /security/.

Procurement reality

Procurement and onboarding are still human-led.

AmpliFlow does not offer autonomous self-serve checkout for agents today. Pricing, commercial terms and production onboarding still go through humans.

The safe next action is therefore a walkthrough or contact, not an automatic purchase flow.

Future pattern

Serious agent procurement often needs spend limits, approval rules, receipts and structured catalog data. That is a benchmark for the future, not a capability AmpliFlow claims today.

Example workflows

Concrete examples beat agent hype.

Review the risk register against NIS2

Let the agent read the current risks, spot gaps and suggest what needs follow-up before the next review.

Available nowRequires authenticated workspace accessHuman review required

Gather management review input

The agent can pull signals from goals, tasks, deviations and improvements so leadership gets a first decision pack faster.

Available nowRequires authenticated workspace accessHuman review required

Find old open tasks

The agent can read project context, summarize what has stalled and leave a proposed next step.

Available nowRequires authenticated workspace access

Choose between MCP and af-cli

The public web surface is enough to decide whether to start in a browser with MCP or in a local coding environment with af-cli.

Available nowPublic discovery

Machine-readable links

These are the stable links an agent or operator usually needs.

Agents page: https://www.ampliflow.com/agents/ This route.
llms.txt: https://www.ampliflow.com/llms.txt Public summary for agents.
.well-known llms.txt: https://www.ampliflow.com/.well-known/llms.txt The same content via the standard path.
AI transparency: https://www.ampliflow.com/ai/ Data use, AI principles and guardrails.
AI tool overview: https://www.ampliflow.com/tools/ai/ Zero AI, writing help, or agent mode.
MCP server: https://www.ampliflow.com/labs/af-mcp/ Browser-first agent connection. Pilot.
af-cli: https://www.ampliflow.com/labs/af-cli/ Local agent path for coding environments. Pilot.
Microsoft 365 MCP guide: https://www.ampliflow.com/labs/af-mcp/microsoft-365/ IT admin path for M365 Copilot.
Support: https://www.ampliflow.com/support/ Setup help and support flows.
Security: https://www.ampliflow.com/security/ Security commitments and vulnerability policy.
Privacy policy: https://www.ampliflow.com/privacy-policy/ Personal data, subprocessors and contact.
Contact: https://www.ampliflow.com/contact/ Commercial contact and walkthrough.

Support and escalation

When the automated path stops

Commercial questions: /contact/
Setup and user support: /support/
Security and vulnerabilities: /security/ and the vulnerability disclosure policy

Let a human take over when the work affects real production data, user access, procurement, legal commitments or certification evidence that must be approved externally.

Analytics note

Normal web analytics will undercount some agent interactions.

Some traffic comes from crawlers that only read /llms.txt or a public page. Some comes from clicked source links inside agent tools. The actual work in MCP or af-cli then happens in authenticated tools, not as normal page views on the website.