Agents in your management system. Today, not someday.
af-cli gives coding agents like Claude Code, OpenAI Codex, opencode and Cursor direct access to AmpliFlow.
They can create risks, register deviations, work through tasks, and gather input
for management reviews. You review and decide.
What is an AI agent? An agent is software that pursues a goal on its own. You give it a task: review the risk register before a management review, find gaps, create records. It works through the steps without you guiding each one. A chatbot answers your questions. An agent acts. Tools like Claude Code and Codex can act as agents when connected to AmpliFlow via af-cli. (Definition based on Anthropic's description of agentic systems, 2024.)
af-cli requires installing a program on your computer. Prefer not to install anything? Try the MCP server instead, just paste a URL.
Watch an agent update a risk register against NIS2
The agent reads 9 tasks and 5 existing risks, identifies 5 gaps against NIS2, and creates them. Press play.
Install and connect your agent
curl -fsSL https://raw.githubusercontent.com/AmpliFlow/af-cli/main/scripts/install.sh | bashWorks on Linux and macOS, handles both install and update. Then connect your agent:
af setup claude # Claude Code
af setup opencode # opencodeThis installs the skill file in the right location. The agent picks it up automatically. Also works with Cursor and any other agent that can run shell commands.
Everything the agent creates is automatically marked as AI-generated, in line with a (probably over-cautious) interpretation of the EU AI Act. You always know what came from a person and what came from the agent.*
Read the README before running against production data. An agent can create, modify, and delete in your AmpliFlow account without asking for approval at each step. That is powerful, and it requires you to understand the implications. Read the warnings on GitHub →
* The marking tells you the content is AI-generated. It does not mean it is correct. AI makes mistakes, sometimes convincing ones. Always review what the agent has created.
af-cli A tool and an agent skill in one
af-cli is a small program with no extra requirements. It gives you access to AmpliFlow
outside the browser (projects, tasks, risks, deviations, goals, checklists) and ships
with a skill file that AI agents use directly.
The agent does not need to know how AmpliFlow's API works. It runs af commands,
just as you would. Short refs instead of UUIDs. Readable output. Built
for agent usability.
Direct or as a background service
The quality manager works in AmpliFlow. The agent works in the background. Same project, same tasks, same data.
Interactive
You start a coding agent (Claude Code, Codex, opencode, Cursor) and give it a task: "Review the risk register against NIS2." The agent runs af commands, works through the task, and you see the result directly. You are present the whole time.
Continuous with af loop
Your IT person starts af loop on a server, connected to an AmpliFlow project. The loop monitors the project, picks up ready tasks, spawns an agent for each task, and reports back in AmpliFlow until the task is done. Around the clock, with no one needing to monitor it.
People in AmpliFlow
You create tasks, write comments, and make decisions in the interface you already know. Whether the agent runs interactively or in loop mode, you see the results directly in AmpliFlow.
The agent runs as a real user
The agent logs in as an AmpliFlow account and has exactly the permissions that account has. If the account can create risks, the agent can create risks. If the account only has read access on deviations, the agent can only read deviations. We recommend creating a dedicated agent account and giving it read-only permissions on things it should not touch, and write access only where it needs to act.
Risk management
Read through all risks, spot which ones are missing probability and consequence scores, identify what your processes don't cover, create new risks and link them to the right actions.
Deviations and improvements
Go through open deviations, flag which ones have been sitting idle too long, propose root causes, create improvement items and follow up to make sure actions actually happen.
Project tasks
Pick up tasks, work through them, leave comments on what's been done and what remains, mark them complete. All while you're doing something else.
Goals and follow-up
Read your goals, see which ones haven't been updated in a while, fill in results from the latest period, and flag goals at risk of being missed.
Checklists and processes
Go through checklists that haven't been run on schedule, create new checklist instances, document results, and escalate deviations right away.
Management review
Collect input from across the system, risks, deviations, goals, audits, and produce a structured decision package ready for management to review.
What do you think?
af-cli is on GitHub and we use it ourselves every day.
This is not a finished product, but it works.
We want to know what you would use it for, what is missing, and what does not matter.
Read about AI in AmpliFlow: built-in AI for ISO controls, risk analysis, competencies, and positions. Or read about how we govern our AI usage.