Architecture
The components that make up Flowra and how a transaction flows through them.
Flowra is built from three components: the Validator Client, the Relayer, and the Block Engine. Together they sit between incoming transaction flow and the validator's block production.
System overview
Components
Searchers connect to the Block Engine from the outside: they subscribe to the orderflow stream and submit tip-bearing bundles through the same service. See Searchers.
Transaction flow, step by step
- Arrival. User transactions reach the Relayer, which fronts the validator's TPU ports.
- Forwarding. The Relayer deduplicates the flow and forwards packets to the Block Engine and the validator.
- Broadcast. The Block Engine streams the flow to all subscribed searchers over gRPC.
- Bidding. Searchers detect opportunities and submit tip-bearing bundles back to the Block Engine.
- Auction and delivery. Every 50 ms the Block Engine simulates candidate bundles, drops any that revert, closes the auction round, and selects the optimal non-conflicting, highest-tip set within the policy constraints the validator pushed.
- Inclusion. The validator's BundleStage executes winning bundles atomically and places them first in the block, within a reserved compute budget. Remaining space fills under standard fee rules.
Failure behavior: the validator never depends on Flowra
The design constraint that shapes everything above: a Flowra validator must never need Flowra to produce a block.
- If the Relayer becomes unreachable, the validator reclaims its TPU ports and receives transactions directly, exactly as a stock validator does.
- If the Block Engine degrades, the validator simply stops receiving bundle sets and continues producing blocks with its standard in-client scheduling.
- Bundle inclusion is additive revenue, not a dependency. Participation never puts a leader slot at risk.
Operational guarantee
Flowra is a policy-and-revenue layer on top of block production, never a gatekeeper in front of it.
Where policy fits
The Programmable Block Policy follows an authority-push model:
- The validator owns the policy. It lives as a TOML file on the validator's machine, and the client pushes it to the Block Engine on connect (and again automatically whenever the file changes).
- The Block Engine enforces it before the auction. Non-conforming bundles are filtered out before selection, so they never compete for the validator's blocks.
Trust boundaries
- Searchers never see each other's bundles. Submissions go point-to-point to the Block Engine; strategy confidentiality is preserved even though the orderflow stream itself is open.
- Validators set the rules for their own auction. The policy the engine enforces is the policy the validator pushed, and every push and rejection is logged.
- The stream is the same for everyone. All searchers subscribe through one interface, with no privileged feeds.