Windmill

Executes code in 13+ languages (Python, TypeScript, Go, Bash, Java, Rust, C#, PHP, Deno, Bun, Ansible, Nu, SQL) by routing to language-specific executors in windmill-worker that parse function signatures using language-specific parsers (windmill-parser-*) to automatically infer JSON schemas without manual type annotation. Workers poll PostgreSQL queue table using SELECT FOR UPDATE SKIP LOCKED, execute in sandboxed nsjail environments, and store results in completed_job table or S3, enabling polyglot workflow composition.

Composes multi-step workflows using OpenFlow specification (openflow.openapi.yaml) where modules execute sequentially or in parallel with full state tracking in PostgreSQL flow_status JSONB column. Each step can branch on conditions, loop over arrays, or call other flows/scripts, with intermediate results passed between steps via variable interpolation. The worker processes flow definitions by parsing the DAG, executing modules in dependency order, and persisting state after each step for resumability and debugging.

Provides official SDKs in TypeScript, Python, and PowerShell for programmatically calling Windmill scripts and flows from external applications. The SDKs handle authentication, request serialization, and response deserialization, with type hints generated from script schemas. Clients support both synchronous and asynchronous execution, polling for job completion, and streaming results. The SDKs are auto-generated from the OpenAPI spec (windmill-api/openapi.yaml) ensuring consistency with the API.

Stores job results in PostgreSQL completed_job table with full execution context (inputs, outputs, logs, duration), and provides a web UI for browsing results with filtering by status, date, and user. Large payloads (>1MB) are stored in S3 with references in the database. Results can be visualized as tables, charts, or raw JSON depending on output type, and artifacts (files, exports) are downloadable. The system maintains result history per script/flow for trend analysis and debugging.

Automatically detects dependencies in scripts (imports, requires, use statements) and generates language-specific lockfiles (requirements.txt for Python, package-lock.json for Node.js, go.mod for Go, etc.) to ensure reproducible execution. Dependencies are cached on workers to avoid repeated downloads, and the system detects when lockfiles change to invalidate caches. The parser (windmill-parser-*) extracts imports from code and resolves them to specific versions, supporting both public registries and private package repositories.

Exposes webhook endpoints for each script/flow that accept HTTP POST requests and enqueue jobs with the request payload as parameters. Webhooks support signature verification (HMAC-SHA256) to ensure requests come from trusted sources, and can be triggered by external services (GitHub, Slack, Stripe, etc.) without authentication. The system generates unique webhook URLs per script and supports custom headers and query parameters for routing. Webhook delivery is retried with exponential backoff if the job fails.

Automatically exposes any script as a REST API endpoint and generates a web form UI by introspecting the inferred JSON schema. The API server (windmill-api) creates routes dynamically for each script, accepting JSON payloads that map to function parameters. The frontend (SvelteKit) renders form components based on schema type (string, number, object, array) with validation, and submits to the API which enqueues a job. Results are returned synchronously for short-running scripts or via polling/webhooks for long-running jobs, eliminating manual API/UI boilerplate.

Schedules scripts and flows to run on cron expressions with timezone awareness, storing schedule definitions in PostgreSQL and using a background scheduler service to enqueue jobs at the specified times. The scheduler respects concurrency limits per script (preventing duplicate runs if previous execution hasn't completed) and supports both simple cron syntax and human-readable schedules. Failed scheduled jobs are retried with exponential backoff, and execution history is logged for audit and debugging.

Provides a visual editor (frontend/src/lib/components/apps/) for building internal tool UIs by dragging components onto a grid, binding them to scripts/flows via JavaScript expressions that evaluate in the browser. Components (buttons, tables, forms, charts) can reference script outputs, user inputs, and state variables; expressions are sandboxed and re-evaluated reactively when dependencies change. Apps are stored as JSON definitions in PostgreSQL and rendered server-side or client-side depending on complexity, supporting both static and dynamic layouts.

Implements workspace-level isolation where each tenant has separate scripts, flows, apps, and secrets stored in PostgreSQL with workspace_id foreign keys. Role-based access control (RBAC) defines permissions (admin, developer, viewer) per workspace, and resource sharing allows fine-grained access to specific scripts/flows. Secrets are encrypted at rest and scoped to workspaces, preventing cross-tenant data leakage. The API enforces workspace membership checks on every request, and audit logs track all resource access and modifications.

Integrates with LLM APIs (OpenAI, Anthropic) to generate script boilerplate and flow definitions from natural language descriptions. Users describe what they want (e.g., 'fetch data from Postgres and send to Slack'), and the AI generates executable Python/TypeScript code or OpenFlow YAML with proper error handling and type hints. Generated code is inserted into the editor with syntax highlighting and can be immediately tested, reducing time-to-first-execution for common patterns.

Manages sensitive data (API keys, database credentials, OAuth tokens) in a secrets store encrypted at rest in PostgreSQL, with support for dynamic credential generation (e.g., temporary AWS STS tokens, database connection strings). Resources are scoped to workspaces and can be referenced in scripts via environment variables or direct API calls. The system supports resource types (database, API, OAuth provider) with connection pooling and health checks, and logs all secret access for audit purposes without exposing the actual values.

Implements an asynchronous job queue in PostgreSQL (queue table) where API requests insert jobs with parameters, and workers poll using SELECT FOR UPDATE SKIP LOCKED to claim jobs atomically without race conditions. Workers execute jobs in isolated processes, capture stdout/stderr, and persist results in completed_job table or S3 for large payloads. The queue supports priority levels, retry logic with exponential backoff, and timeout enforcement, enabling reliable execution at scale without message brokers.

Provides Language Server Protocol (LSP) support for Windmill scripts, enabling syntax highlighting, autocompletion, and error checking in VS Code and other LSP-compatible editors. The LSP server (lsp/) understands Windmill's schema inference and provides completions for script parameters, imported modules, and resource references. Type checking is performed using language-specific type checkers (mypy for Python, tsc for TypeScript) integrated into the LSP, surfacing errors in the editor before execution.