Windmill

Executes scripts written in 13+ languages (Python, TypeScript, Go, Rust, Java, C#, PHP, Bash, Ansible, Deno, Bun, Nu, PowerShell) by parsing function signatures using language-specific parsers (windmill-parser-*) to automatically extract parameter types and generate JSON schemas. Workers poll PostgreSQL queue using SELECT FOR UPDATE SKIP LOCKED, execute code in sandboxed environments, and persist results to completed_job table or S3. Each language has a dedicated executor module (python_executor.rs, go_executor.rs, etc.) that handles runtime setup, dependency injection, and result serialization.

Composes scripts and flows into directed acyclic workflows using the OpenFlow specification (openflow.openapi.yaml), where modules execute sequentially or in parallel with state tracked in PostgreSQL flow_status JSONB column. The flow engine (worker_flow.rs) evaluates JavaScript expressions for branching logic, variable interpolation, and module input/output binding. Flows support error handling, retries, and dynamic branching based on previous step outputs. The entire flow state is persisted after each step, enabling resumption and audit trails.

Stores job results in PostgreSQL completed_job table with full execution metadata (duration, status, logs, output). Results can be large (up to 100MB) and are optionally stored in S3 for space efficiency. The frontend provides a job history view with filtering, search, and result visualization. Supports custom result renderers for specific output types (JSON, CSV, images, HTML). Results are queryable via REST API for integration with external systems.

Provides TypeScript, Python, and PowerShell client libraries (python-client/wmill/, frontend/src/lib/deno_fetch.d.ts) that allow external applications to invoke Windmill scripts and flows via REST API. Client libraries handle authentication, request serialization, and response deserialization. Support for async job submission with polling or webhook callbacks. Libraries are auto-generated from OpenAPI schema (windmill-api/openapi.yaml) to ensure consistency with API.

Manages script dependencies using language-specific package managers (pip for Python, npm for TypeScript, go mod for Go, etc.). Lockfiles (requirements.txt, package-lock.json, go.sum) are stored in PostgreSQL and used to ensure reproducible builds. The worker caches downloaded packages locally to avoid re-downloading on every execution. Supports private package repositories and custom package indexes. Dependency resolution happens at script creation time, not execution time, to catch errors early.

Exposes webhook endpoints for each script and flow that accept HTTP POST requests to trigger execution. Webhooks are authenticated using API tokens or HMAC signatures. Webhook payloads are parsed and mapped to script parameters using JSON path expressions. Supports conditional execution based on webhook payload content. Webhook execution history is tracked and queryable. Can integrate with external event sources (GitHub, Stripe, Slack, etc.) via standard webhook protocols.

Automatically generates REST API endpoints and web UIs from script function signatures by extracting JSON schemas via language parsers and binding them to SvelteKit frontend components. The API server (windmill-api/src/lib.rs) exposes each script as a POST endpoint that accepts JSON parameters matching the inferred schema. The frontend (frontend/src/lib/components/) renders form inputs, handles async job submission, and displays results. No manual OpenAPI/Swagger definition required — schemas are derived from code.

Schedules scripts and flows to execute on recurring intervals using cron expressions stored in PostgreSQL schedule table. The scheduling system (backend/src/monitor.rs) polls the database for due jobs, enqueues them into the job queue, and tracks execution history. Supports timezone-aware scheduling, one-time runs, and dynamic schedule updates without restarting workers. Failed scheduled jobs can be retried automatically based on configurable backoff policies.

Isolates scripts, flows, and jobs across multiple tenants using PostgreSQL workspace table and row-level security policies. Each workspace has its own set of scripts, flows, apps, and secrets. RBAC is enforced at the API level (windmill-api/src/lib.rs) using workspace membership and role assignments (admin, developer, viewer). Secrets are encrypted at rest and scoped to workspaces. The frontend (SvelteKit) enforces workspace context in all operations.

Manages sensitive credentials (API keys, database passwords, OAuth tokens) as encrypted resources stored in PostgreSQL resource table, scoped to workspaces. Secrets are encrypted at rest using a master key and decrypted only when injected into script execution contexts. Resources can be typed (e.g., 'database', 'api_key', 'oauth') and referenced by scripts using special syntax (e.g., `$var:my_secret`). The worker injects decrypted secrets into the script environment at runtime without exposing them in logs or job results.

Provides a visual app editor (frontend/src/lib/components/apps/) that allows users to compose UIs by dragging components onto a grid and binding them to scripts/flows via JavaScript expressions. Components include text inputs, buttons, tables, charts, and custom HTML. Each component has a JavaScript context that can reference other components' values and trigger script execution. The app definition is stored as JSON in PostgreSQL and rendered client-side by SvelteKit. Supports real-time preview and version history.

Integrates with LLM APIs (OpenAI, Anthropic) to generate script boilerplate from natural language descriptions. Users describe what they want (e.g., 'fetch data from Stripe API and save to PostgreSQL'), and the AI generates Python/TypeScript/Go code. The generated code is inserted into the script editor and can be refined iteratively. The system provides context about available resources, secrets, and previous scripts to improve code quality.

Distributes job execution across multiple worker processes using PostgreSQL as a distributed queue. Workers poll the queue using SELECT FOR UPDATE SKIP LOCKED to claim jobs atomically, execute them in isolated processes, and update job status. Workers can be scaled horizontally by running multiple instances. Job affinity can be configured to route jobs to specific workers based on tags or resource requirements. The system tracks worker health and automatically reassigns jobs from dead workers.

Integrates LSP servers for Python, TypeScript, Go, and other languages to provide real-time code completion, type checking, and error highlighting in the script editor. The LSP server runs as a separate process (lsp/Pipfile) and communicates with the SvelteKit frontend via WebSocket. Supports jump-to-definition, refactoring, and inline documentation. LSP context includes workspace scripts and available resources to improve suggestions.