Security considerations
- Trusted configs: Edge conditions are rendered and then evaluated as Python; only load trusted workflow definitions.
- Template inputs: Avoid injecting untrusted data directly into templates without validation.
- Least privilege: External actions should operate under scoped credentials; validate parameters before execution.
- Observability: Prefer structured logs; avoid logging sensitive values from
in/var/response without redaction.
- Concurrency limits: Tune FOREACH concurrency to prevent resource exhaustion.
- Error handling: Use typed errors and avoid leaking internals in user-facing messages.