-
-
Notifications
You must be signed in to change notification settings - Fork 6
Features
Every workflow is a directed acyclic graph. Steps declare dependencies via depends_on and the engine automatically parallelizes independent branches. No manual orchestration needed.
From simple LLM calls to parallel races and human approvals. See Step Types for the full reference.
Describe a workflow in plain language (any language - Czech, English, Japanese, anything) and the generator builds a complete YAML definition with steps, dependencies, and model assignments.
When you need full control, write YAML directly. Define models per step, set timeouts, configure retries, declare input schemas with validation.
Reference inputs with {input.field_name} and previous step outputs with {steps.step_id.output}. The engine handles resolution automatically.
Define typed input fields with descriptions, defaults, and required flags. The dashboard renders forms automatically from the schema.
| Backend | Use case | Isolation |
|---|---|---|
| E2B | Production cloud | Full VM-level isolation |
| Docker | Self-hosted | Container with seccomp + CapDrop ALL |
| Cloudflare | Edge execution | V8 isolate |
| Local | Development | Subprocess (no isolation) |
7 models across 4 providers with automatic failover:
- Claude (Sonnet, Opus, Haiku)
- OpenAI (Codex, Codex Mini)
- Google (Gemini 2.5 Pro via OpenRouter)
- MiniMax (M2.5)
Provider failover: automatic retry on 429/5xx with per-key cooldown and ordered fallback chains.
Slack, GitHub, Salesforce, Stripe, SAP, PostgreSQL, MongoDB, browser automation, and 48 more. See Integrations.
Real-time metrics: active runs, success rate, cost tracking, recent activity feed with live SSE updates.
Visual DAG editor with drag-and-drop step creation, dependency wiring, model selection per step, and live YAML preview. Template browser for starting from existing workflows.
118 built-in templates organized by packs (Marketing, Sales, Engineering, etc.), searchable, with preview and one-click install to workflows directory.
Real-time step-by-step progress with SSE streaming. View inputs, outputs, token usage, cost per step. Compare runs side-by-side. Export to PDF.
Cron-based scheduling with visual cron builder. Pause, resume, delete schedules. View next run time.
Human-in-the-loop approval queue. Approve, reject, or skip pending approval steps. Configurable timeout with auto-approve/reject fallback.
Browse all 56 tools by category. Configure credentials per tool. Test connections. View which workflows use each integration.
Create, list, rotate, and delete API keys. Set expiry dates. Configure IP allowlists per key. Grace period for key rotation.
Runtime configuration, license status, theme selection. Persistent settings saved to database.
Backend status, database connectivity, queue health, sandbox availability, memory system status.
Track spending across models and workflows. Automatic model downgrade suggestions. Budget alerts.
A/B testing for workflows. Deploy experiments, track metrics, auto-advance rollouts based on performance.
Run eval suites against workflows. Compare quality across model changes. Track evaluation scores over time.
Failed workflow runs that can be retried, inspected, or resolved. Automatic DLQ routing for transient failures.
Guardrail violations log. See which steps triggered policy rules, with severity and details.
Full command reference at CLI Reference. Highlights:
sandcastle init # Interactive setup wizard
sandcastle serve # Start API + dashboard
sandcastle run workflow.yaml # Run a workflow
sandcastle generate "..." # Generate from natural language
sandcastle doctor # Diagnostics (7 sections)
sandcastle hub search # Browse community templatesGlobal --json flag for scripting and CI/CD integration.
Persistent memory across workflow runs:
- Write admission control - Importance scoring prevents trivial memories
- Novelty detection - Deduplication via word overlap heuristics
- Decay / TTL - Memories expire based on age and relevance
- Graph support - Optional Neo4j for relationship-aware memory
- Structured enrichment - Auto-extracted keywords and tags
- API + CLI - Full CRUD for memory management
| Protocol | Standard | Use case |
|---|---|---|
| A2A | Google Agent-to-Agent | Agent discovery via /.well-known/agent.json, inter-agent task delegation |
| AG-UI | CopilotKit | SSE streaming for real-time UI updates in compatible frontends |
| MCP | Anthropic Model Context Protocol | Expose Sandcastle as a tool server for Claude and other MCP clients |
- Fernet credential encryption (AES-128-CBC + HMAC-SHA256)
- API key rotation with configurable grace period
- IP allowlisting per key (IPv4 + IPv6)
- Docker seccomp profiles with CapDrop ALL
- Distributed rate limiting (Redis sorted sets)
- Security headers (CSP, X-Frame-Options, HSTS-ready)
- SSRF prevention, path traversal protection
- CORS wildcard filtering
- Ed25519 offline signature verification
- Three tiers: Community, Pro, Enterprise
- No features blocked - purely a compliance/legal signal
- License info in dashboard, CLI doctor, and API
- Git-like version management (draft, production, archived)
- Promote/rollback versions via API or dashboard
- Diff between versions
- Configurable webhook delivery on run events
- Retry with exponential backoff
- Callback URL support per run
- Export any run as a formatted PDF
- Step-by-step results with metadata
- 1,257 lines of PDF generation logic
Sandcastle v0.17.0 | BSL-1.1 License | Created by Tomas Pflanzer @gizmax