One of the biggest decisions we made while building Nod was what not to build.
Nod is not a workflow engine.
It does not:
- Run customer code
- Store workflow steps
- Resume execution cursors
- Hold customer infrastructure credentials
Instead, Nod does one thing well: it handles the human decision.
Your app stays in control of the workflow. Nod only answers the question:
Did a human approve this action?
The developer experience looks like this:
const approval = await nod.approvals.create({
idempotencyKey: `deploy:${commitSha}`,
policyId: "prod_deploy",
title: "Deploy to production?",
data: {
repo: "justnod/web",
commitSha,
diffUrl,
},
});
After a human approves or rejects, Nod sends a signed webhook:
const event = nod.webhooks.verify({
rawBody,
headers: request.headers,
secret: process.env.NOD_WEBHOOK_SECRET!,
});
if (event.type === "approval.approved") {
await deployToProduction(event.data);
}
This separation keeps Nod simple and useful.
The customer owns:
- The agent
- The workflow
- The business logic
- The final side effect
Nod owns:
- The approval request
- The policy
- The human decision
- The audit trail
- The signed callback
That boundary made the product much cleaner. Developers do not need to move their whole system into Nod. They only add one approval checkpoint where risk begins.
Top comments (0)