Windmill
Open-source developer platform for building and running scripts, flows, and internal apps in Python, TypeScript, Go, SQL, and Bash, with a visual flow editor and built-in UI builder.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Secrets stored as Windmill Variables with encryption at rest; resource credentials never exposed in logs; AGPLv3 license means all self-hosted customizations must be open — evaluate implications for proprietary agent integrations; SOC 2 Type II for cloud offering
⚡ Reliability
Best When
You want a single platform where developers write scripts in their preferred language, compose them into flows, expose them as APIs, and build lightweight internal tools — all without leaving one UI.
Avoid When
You need enterprise process governance features like BPMN visual modeling for business stakeholders or DMN decision management for non-technical rule owners.
Use Cases
- • Wrapping agent tools as Windmill scripts that can be composed into flows with automatic type-safe interfaces and dependency management
- • Building internal dashboards and forms on top of agent workflows using the built-in app builder without separate frontend infrastructure
- • Running scheduled Python and TypeScript agent jobs with automatic dependency resolution and secret management
- • Creating approval-gated workflows where human review steps are implemented as Windmill apps with form inputs that resume paused flows
- • Composing multi-language agent pipelines where Python ML steps, TypeScript API calls, and SQL data queries run in sequence with shared state
Not For
- • Enterprise BPM with complex BPMN process modeling requirements — Windmill is code-first and does not support BPMN notation or DMN decisions
- • Teams needing sub-second workflow latency at massive scale — Windmill optimizes for developer experience over extreme throughput
- • Organizations that cannot self-host or do not want to manage infrastructure — cloud offering exists but the OSS advantage is lost on pure SaaS usage
Interface
Authentication
Token-based auth for API access; OAuth2 SSO supported (GitHub, GitLab, Google, OIDC); workspace-scoped tokens with optional expiry; resource-level permissions via Windmill's group/user permission model
Pricing
AGPLv3 open source for self-hosted; cloud pricing based on seats and execution count; Enterprise adds audit logs, SLA, SAML SSO, and dedicated support
Agent Metadata
Known Gotchas
- ⚠ Script dependency installation happens at runtime via lockfile — first execution of a new Python script has cold start overhead of 30-120 seconds while pip installs packages into the worker
- ⚠ Flow steps share state via explicit result passing only — there is no implicit shared memory between steps; large objects must be serialized and deserialized at each step boundary
- ⚠ Windmill scripts run in isolated environments but the AGPLv3 license requires that modifications to Windmill itself be open-sourced — review license implications for proprietary agent tool wrappers that extend core Windmill behavior
- ⚠ Webhook-triggered flows execute asynchronously by default — callers receive a job ID, not the result; synchronous execution requires polling the job status endpoint or using the sync trigger endpoint
- ⚠ Resource and variable secrets are workspace-scoped — multi-tenant deployments where different agent pipelines must not share secrets require separate workspaces, which have separate worker pools and configuration
Alternatives
Full Evaluation Report
Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Windmill.
Scores are editorial opinions as of 2026-03-06.