I beg of you, please reconsider the SSO tax (https://sso.tax/). This is becoming a big pain point for small orgs trying to become compliant that a small change like this can be huge in decision making. If I look at Pipedream, Airplane, Temporal, and Retool none of them will even list pricing if I need SSO, I'm suddenly a 40 person company with "Enterprise" needs. If you want an easy differentiator, including SSO in your Team tier is a simple way to do that.

The reason a lot of companies charge extra for SSO is because it is a support nightmare. Most users can't tell the difference between "my SSO provider is broken" and "your service is broken" so they always blame the service, who now has to either tell the customer "talk to your SSO provider", which of course they don't like, or having to diagnose and fix SSO problems.

I agree that it should be a core feature, but I sympathize with companies that need to charge extra for it.

(Small plug for my startup, hope that's ok :))

WorkOS makes adding SAML to your app incredibly easy and fast. We're powering Vercel, Planetscale, Webflow, Loom, and hundreds of others. Pricing is transparent and scales as you grow. And you don't need to talk to a sales rep. ;)

https://workos.com/single-sign-on

Great product.

What? That's such absolute nonsense. Compared to managing your users passwords? Bah! No way is supporting saml that hard. It's. Library, and config. Users usually find out pretty quick when thier idp is down.

Plugging in my startup BoxyHQ here. This is the reason why we open sourced our SAML integration - https://github.com/boxyhq/jackson, it should be commodity.

Isn't this true for just about any integration in a product?

Yes, but SSO is a very upfront integration that blocks all access to app. Most other integrations only break a piece of the app or are in the background. And lots of companies charge extra for those integrations too.

I find this hard to believe, setting up SSO was a piece of cake with Github. Sure you have some issues during the setup, but once it’s there it never changes.

Then again, Github also chargea you $20/month instead of $4/month if you want SSO in a small org, but it’s possible.

If I as a SaaS provider get my SSO SAML integration via a provider like Okta or Auth0, the auth provider pricing itself is also on a "call us" tier, with a per-federation pricing in the low four figures for each individual company connecting to me via SAML.

It's pretty insane, so I'll state it again: To have a company connect to my SaaS via SAML, I as the SaaS provider have to pay my auth provider $X,000 per year for the privilege. Not counting the base enterprise tier pricing for the auth solution itself. So then I have to roll my own solution if I want to provide it for free, and I get the joy of supporting the long tail of broken SAML implementations on both the service and identity provider sides. For free. In a perfect world SSO wouldn't be a shitshow and everyone could have it for free, unfortunately that is not this world.

The SAML world is definitely a fun mess. We’re[1] building out SAML support and are beta testing it with a few customers and it is funny how different even the large IDPs are. Add in things like needing to test the integration, making sure attribute and role mappings are correct, and it’s unfortunate but understandable that companies not specializing in auth wouldn’t want to deal with it except for customers that pay a lot.

[1] Disclaimer, I’m a founder of PropelAuth

Plugging in my startup BoxyHQ here. This is the reason why we open sourced our SAML integration - https://github.com/boxyhq/jackson, it should be commodity.

Fwiw, Amazon offers an sso platform with saml for free. That's not the answer for everyone though, and may not be for you even. Just putting it out there for those looking for a cheap saml identity provider.

I don't disagree with what you are saying. It's just that everything is already free and as friction-less as possible. I made a point to remove any lock-in. My goal is to make Windmill fully-featured and available to the widest range of people. On the other hand, we do need to make some money at some point. We could have an "enterprise edition" with features that are proprietary. This is what most open-source companies do, but it would create misaligned incentives to not bake those into the product and make the product worse. If I am being honest I will probably bake SSO into the team-tier as soon as we have some healthy financials :)

From my limited knowledge of how SSO works, is this possible?

1. A company Acme wants to have SSO in the tools A, B and C that it uses.

2. Another company Balloon integrates with A, B, C to use the admin API for an admin account to modify or delete users in that account

3. Acme logs in to Balloon and connects its admin account of A, B, and C to these integrations.

4. Now Acme has access to employee's accounts in A, B, C through the Balloon's dashboard to modify or delete users etc.

Yes, it’s typically referred to as SCIM and is supported by most serious SSO services.

I was not aware of this and will look it up. I was of the naive opinion of the parent thread.

I wish this website had a wall of fame on it as well

The ability to run sandboxed workers from a PostgreSQL-based queue sounds useful all by itself, particularly for multi-tenant SaaS applications that need to do compute-intensive tasks on untrusted inputs. The difference, of course, is that in this case, the worker implementation is part of the application, not a user-defined script. How tightly are the work queue and sandboxed worker runner coupled to the rest of the product?

They are tightly coupled at the moment but easy to extract out. I did not think there would be interest for that but I could carve it out as a separate dependency project for everyone to reuse!

Here is the magic part to implement the queue in sql: https://github.com/windmill-labs/windmill/blob/main/backend/...

We are thinking about creating something like this actually. We are still early-stage and haven't launched yet but we are looking for feedback and input to our idea.

Would you mind talking to us about your problem?

I've only been in the industry for about a year and a half, so forgive my lack of knowledge here...I see these no-code/internal tools/run a script easily startups every so often

What are examples of things people are building with these services? My context - I work at a 200ish person b2b saas - I don't know of anyone in my company using these, at least not in an official capacity I can see

hoping to learn and b informed

Great question. The answer varies widely depending on the kind of company you are.

1. The biggest pain we solve is to turn scripts that you would run on your own laptop as internal apps that you can share. If your company make no use of script anywhere and does not need any automation then maybe it doesn't apply to you.

2. Avoid live sql queries in production and use templatized sql query made into apps instead (automatically!). Making live sql queries is common in DevOps, support and ops in general. It can be very error-prone, stressful and inconvenient.

3. Integrations between tools you already use but that are unable to talk to each other.

4. Workflows, code that runs very frequently to react to new events, transform data and run your business logic. Most companies are a frontend on a database that is updated in the background. We make it possible to build those workflows from simple scripts so that you can build it faster, more reliable and easier to maintain.

5. The last one only apply if you are a SaaS that want to provide automation as a feature of your product, or a no-code tools yourself. Because we focused very much on the hard-engineering of orchestration and specs for workflows, you might simply want to wrap Windmill to offer it to your own clients.

Have been looking for something like this for several years to replace the custom UI/orchestrator for a science gateway. The other options I've seen don't do auto UI generation or don't allow self-hosting or aren't open source. This looks great. Thank you.

Thank you for the kind words!

I'll admit I only gave the docs a cursory review, but it might help to expand on what self-hosted means. Over at r/selfhosted, for example, it typically translates to, "can run on my hardware with no external dependencies." It's hard for me to tell if Windmill meets this definition, but early indications seem to suggest the answer is no.

-- Edit --

I just saw the Github repo. Does this section exist[1] in the docs anywhere? Might be good to include.

[1]: https://github.com/windmill-labs/windmill#how-to-self-host

Thank you for giving me the opportunity to clarify this! https://github.com/windmill-labs/windmill#how-to-self-host

You just need to docker-compose up https://github.com/windmill-labs/windmill/blob/main/docker-c... and you are all set :)

I believe his question was about "does this docker instance then rely on an external service/api to run", which it appears it does, and thus wouldn't quite qualify for fully self hosted.

Many reasons why it's important to know that, the one that matters to me personnaly is because of data storage location requirements.

It does not rely on external api or services, you can run this completely isolated (well you would need a postgres instance). The WindmillHub that Windmill fetch data from is completely unidirectional and something purely out of convenience. In theory shouldn't have an impact in your ability to use the product without it, although we should introduce a flag for the product to not even attempt to list the available scripts from the community if that's your wish. I will write an issue on the roadmap about that.

Ah then I guess my (very quick) look at your link was wrong then, I apologize.

I'm personally from the EU AND in an industry with stricter data control than usual which is why I made that particular point. If that is a possibility for your product then I believe you should absolutely have it somewhere on your roadmap, and then make it extra clear in your "self host" description (things like "on premise", "your data never leaves your server", "retain control of your data", ...). It's usually a lot easier to do it early and stand by it than try to make it possible later.

Best of luck !

Yes one of our primary target is actually clients with regulatory, compliant or ethical concerns to not control all of their data on-prem. By being open-source and self-hostable, we can meet those standards. I am from France myself and am pretty sensitive about the data privacy issues.

For what it's worth, I'm confused about the self-hosting option too.

On the home page it has the phrase "Self-hostable AWS Lambda" which when clicked takes me to a page entitled "Benchmark" [0]. As someone who doesn't use AWS, and the linked page seemingly not giving me much clear indication of being able to host this outside of AWS, I'm left confused about options for self-hosting.

Often with these sorts of products, I won't necessarily self-host initially, but will almost always want to ensure up-front that the option is there if I want to in the future.

It's perhaps slightly counterintuitive that being clear about self-hosting being available is a big tick for me onboarding as a SaaS customer!

Meant as constructive feedback as Windmill looks very cool!

[0] https://docs.windmill.dev/docs/benchmark/

Edit: Ok I see I misunderstood... that page is showing how Windmill benchmarks against AWS Lambda. I had assumed that clicking on the prominent blue link that mentioned "self hosting" would tell me about self-hosting :-)

This looks cool. Since I haven't used Airplane etc. it looks to me a bit like a mix between n8n and low code tools for creating internal apps.

A bit of feedback for the website:

- I can't see anything linking to a pricing page / feature tiers. There should be a prominent "Pricing" link in the top menu like all other such services do, even if the paid Tier isn't enforced yet. - the docs should have a page for self-hosting / deplyoment. This is another big one I always look for in any tool. - when I go to https://app.windmill.dev I am redirected to the login, but I can also click the browser back button, which leads to the app page, but all broken because no data is available

Pricing is at the bottom of the landing page. Point taken, we should add the link directly to the menu bar.

Good catch for the back-button bug, we will fix it. Thanks!

Very cool!

I've seen too many companies with spaghetti integration built on Zapier / Make to orchestrate the user onboarding (CRM, database, Finance tool)

At the beginning it's a good idea and at one point everything start to crash and you wonder how to put everything in a got repository!

Windmill seems really cool

Thank you. I agree, everything starts very nice and it's all downhill from there with rigid tools.

I could see my company using this, we have some internal tooling that we were considering moving to Retool. I think for any of these platforms to succeed long term they need to be just as easy to back out of (e.g. once it gets too complicated, go back to normal code) as they are to start using.

One thing that I misread and I believe others would too is on the main landing page where it has the list of features is one of them says "UI? Done (checkmark)" and the rest of the items don't have any Done or checkmark. It reads like the rest of the items listed aren't ready at all, which based on the docs they are at least available.

checkmark removed, thanks for the feedback. Looking forward to have demanding users with strong use-cases.

About lock-in I completely agree which is why you can just deploy from github and export a tarball of your entire workspace at any point. The scripts can be used outside of Windmill (except if you use our K/V store but you do not have to). The day you want to migrate out, you will just have to redeploy your scripts as lambdas somewhere else.

My 2 cents, choose retool. I have no association with retool but as a product/business owner question is do you want to risk with a startup or an established product that reasonably solves your problem. Retool is pretty reasonable pricing wise, very stable, great support and inherently you dont have to deal with startup like bugs.

Retool is a great product, but I don't think your reasoning is entirely sound.

> do you want to risk with a startup or an established product that reasonably solves your problem

I think it depends greatly and I don't think this is a hard-and-fast rule. If you're adopting a product that is easy to replace and doesn't have huge vendor lock-in, and the startup offering solves your problem better than the established vendor, then a startup might be a better choice. Windmill is an open source product, so even if they went out of business, you'd still have access to the code which is a great way to avoid some amount of the risk surface area.

This looks amazing and I'd love to try it out for this one thing I have in mind.

I'm not familiar with the Deno part of Typescript. Would it somehow be possible to use a C# library as a dependency?

For example https://github.com/OfficeDev/Open-XML-SDK I need for a way to edit (not create) the openXML content of Microsoft Office files

Will you eventually support importing workflows from similar closed low code/no code tools?

If there is a way to do this in an automatic manner for sure but it's of course hard to reverse engineer proprietary spec.

On the other hand, one model is to have low code/no code tools, or SaaS that want to add automation as a feature of their product, wrap us to run their backends as we have done a lot of effort on the engineering of the orchestrator/backend and we cannot compete on every vertical. If they all run deno/python code with the OpenFlow format, then everything is interchangeable everywhere!

Tremendous, wishing you much success!

Friendly suggestion to all future "Launch HN's"... I think you may get better engagement with the link to your product right at the top of the announcement comment.

I'm sure lots of people are more interested in immediately checking out your cool thing and not necessarily having to read (or skim) a wall of text first :)

As a side note; I've noticed that Launch HN posts are typically very verbose as a rule. Maybe this reflects more on me, but I almost never read them, but still am often interested in the products/services themselves and will hunt down the link to just go and check it out.

It's great to have the backstory and detail there, but to those writing them, it's worth bearing in mind that a large % of people (possibly a majority?) will skim read at best. So link upfront and maybe a TLDR sentence would always be a good opener IMHO.

Edit: Also... congrats on the launch :-)

This is great. I have been trying out pipedream and would love to try this too. Are there steps available to do a self deploy? Also, can the URL be rendered on my own domain?

Self-host: https://github.com/windmill-labs/windmill#how-to-self-host

Custom domain: not yet but for sure we will add it as an option for the teams plan

Looks great! Can I install dependencies like Chrome Webdriver and Selenium so I can use it for web scraping scripts?

We are working on that, it is non trivial because of the tight sandboxing but we will add it soon

Congrats on the launch Ruben! It's really exciting to see an open source tool like this out in the wild.

Thank you! It is an immense honor and joy to be able to do both the exciting endeavor that is a startup, and being able to do it my way, open-source with great tech. I wake up every day excited to contribute to open-source software and could not imagine it otherwise now .

I like the idea! Is there any plan to support existing scheduler / orchesrator tools such as Airflow?

No plan yet but that's an interesting idea! We will do cloudflare workers and lambda first then move up the layers probably.

Do you have instructions on how to build the project from source so that it can be self-hosted?

Yes. If you want to build from source, replace `image: ...` by `context: .` in https://github.com/windmill-labs/windmill/blob/main/docker-c... and docker-compose will rebuild from source.

If you just want to compile backend and frontend separately: `cd backend && cargo build` `cd frontend && npm install && run build`

Windmill rocks, and the cloud version makes it easier to automate my stuffs now! Thanks guys

Thank you!

Bravo! Eager to see if we can integrate this, will probably save us a lot of time!

Looking forward to partner with you as our first no-code tool partner to wrap us!

It is back up, sorry for the inconvenience, should have rented more servers!

Oops, we killed it already.

503 Service Unavailable

No server is available to handle this request.

It is back up!

legend! Thank you, that was quickly restored. Now let me go check it out!

now it's actually completely back up, hub included

On it!

This is awesome

Thank you!

Awesome, Airplane for free, I love it.

Don't look for free (as in beer) tools; look for good tools that are free (as in speech) and fund them.

Not just free, open-source! :)

One q: why are you building a code running/functions platform inside your project, sounds very overdone and not related to your project. Also scary as a customer. I would recommend just make people host workers, we'll need it anyway to access resources, VPCs, etc.

I can understand being skeptic about that but we did not invent nsjail nor linux forks so it's pretty simple and rock solid: take source code, wrap it a little, execute it with python or deno. As soon as cloudflare workers is open-source, we will provide adapters. We did not have much alternative to make it easily self-hostable but interested to hear your suggestions.

I'm one of the founders at Airplane–we have a free plan as well up to 5 users: https://www.airplane.dev/pricing

If pricing is a problem above that, I'm happy to chat about a discounted plan or higher free limit depending on your use case! Feel free to send me a note at ravi@airplane.dev

Congrats on the launch! I'm working on something similar, Airplane.dev, which you mentioned in your initial post.

One thing you mentioned:

> You can think of it as a superset of both Pipedream and Airplane.dev

I don't think this is true that Windmill is a strict superset of Airplane. Airplane has a lot of functionality that Windmill doesn't seem to offer (based on my reading of your docs). A few things I noticed that are unique to Airplane:

* Ability to store everything in code that you control. In Airplane, we have a CLI that lets you deploy scripts from your own machine to Airplane. You can version control the script code as well as the metadata (name, parameters, validation rules, etc). In Windmill you have to create everything in their UI as far as I can tell. Airplane's approach is more developer-friendly and also allows you to reference other code in your codebase if you want.

* Many ways to create scripts/tasks outside of just Python and Typescript. We have a direct SQL integration, REST-based tasks without writing code, Shell, Docker, etc

* Third-party integrations (Sendgrid, Slack, etc). I only saw Slack in your docs.

There are of course things that Windmill does that Airplane doesn't (for example, Windmill is open source). Just wanted to point out that while our tools have some overlap, there are also many differences that might make one or the other a better fit.

> Ability to store everything in code that you control. In Airplane, we have a CLI that lets you deploy scripts from your own machine to Airplane. You can version control the script code as well as the metadata (name, parameters, validation rules, etc). In Windmill you have to create everything in their UI as far as I can tell. Airplane's approach is more developer-friendly and also allows you to reference other code in your codebase if you want.

https://github.com/windmill-labs/windmill-gh-action-deploy lets you sync from github, including metadata that are stored in a json file alongside the code with the same name. What this integration does is basically just sending a tar of your repo to Windmill to sync it so you do not have to centralize your code on Windmill if you do not want to. We will provide the same mechanism for local filesystems and CLI or any other source control providers very soon as the approach will stay similar.

It is not a strict superset and the approach are radically different in fundamental aspects, like operating at the source code-level versus container level, but what about the features you do not provide, like a fully-featured web editor with lsp in the backend for smart assistant. The ability to convert script parameters to UI directly and so on.

> * Third-party integrations (Sendgrid, Slack, etc). I only saw Slack in your docs.

This is disingenuous, we provide integrations for anything that has OAuth https://docs.windmill.dev/docs/contributors_guide#add-an-oau... by just needing to append the oauth informations to this file: https://github.com/windmill-labs/windmill/blob/main/backend/.... We have a hub for anyone to provide the no-code module part out of it. We will do it before the community reach a critical mass. I built this in 7 months, the product just got extremely stable and feature-complete so we can now focus on adding integrations. We expect this ways to have thousands of integrations by the end of this quarter when given your current needs for custom work on each module, it will be harder for you to grow your integrations at the same rate. We have much more than just slack already and it's comparable to your current integrations.

We have a public roadmap with all the features we intend to build over the next month if you are curious: https://github.com/orgs/windmill-labs/projects/2/views/1

You have an amazing product but being open-source is not our sole differentiator, we want to build an even better amazing product.

EDIT: The point holds that our docs need improvement and it's fair to assume that every integration that is not named explicitly does not exist. Our approach is very different as we believe less in custom integrations and more on relying on existing libraries in Deno and Python. In Windmill, it is sufficient to write a main function that call an existing library, and that we add the OAuth provider information to the library of integrated OAuth to have a very high quality integration experience so we did not feel the need to name all of them.

> we provide integrations for anything that has OAuth by just needing to append the oauth informations to this file

Thanks for the clarification. I do think there is a difference between a dedicated, bespoke integration to a tool as compared to your approach, and that different customers may have different needs. I previously worked on an analytics startup, and in that industry, many products took a similar approach to what you're mentioning. However, Segment's strategy was to build first-party, high-quality connectors that took into account the particular nuances of each tool, and they were massively successful as a result.

> We expect this ways to have thousands of integrations by the end of this quarter when you will only have a dozen.

Interesting, looking forward to seeing this!

> You have an amazing product but being open-source is not our sole differentiator, we want to build an even better amazing product.

I didn't mean to imply it was the only differentiator, I meant that it was an example of a differentiator - apologies if that was unclear.