Documentation Index
Fetch the complete documentation index at: https://docs.velt.dev/llms.txt
Use this file to discover all available pages before exploring further.
This is the deep-dive reference. Setup covers the happy path. This page covers everything you reach for when you need precise control over node behavior, edge routing, quorum policies, SLA breaches, and event consumption.
Node configuration
Every node has a nodeId, a type (agent or human), a config block, and an optional slaMs deadline.
Agent nodes
| Field | Type | Notes |
|---|
agentId | string | Required. |
promptOverride | string | ≤ 8000 chars. |
inputMapping | object | Pass step inputs to the agent. |
blocking | boolean | Default false. When true, the step parks in waiting until external resolutions arrive via /steps/recordAgentResolution. |
resolutionPolicy | object | Required when blocking: true. { kind: "allResolved" | "minResolved", minCount?: integer }. minCount is required when kind === "minResolved". |
agentMaxRuntimeMs | integer | ≤ 86400000. |
requireNonEmptyOutput | boolean | Fail the step if the agent returns an empty output. |
{
"nodeId": "brand-check",
"type": "agent",
"config": {
"agentId": "brand-agent-v1",
"blocking": false,
"requireNonEmptyOutput": true
},
"slaMs": 3600000
}
Human nodes
Exactly one of reviewers[] (preferred) or reviewerIds[] (legacy) must be provided.
| Field | Type | Notes |
|---|
reviewers | array | Preferred: [{ userId, mandatory }]. Must include at least one mandatory: true. UserIds must be unique. |
reviewerIds | string[] | Legacy. Accepted for back-compat only. |
commentBody | string | ≤ 8000 chars. Initial comment surfaced to reviewers. |
{
"nodeId": "human-legal",
"type": "human",
"config": {
"reviewers": [{ "userId": "u_legal_01", "mandatory": true }],
"commentBody": "Please review for legal compliance."
}
}
Edge gating expressions
Edges can carry an optional when expression evaluated against the source step’s output. Expressions compile at write time (pure AST, no eval) and walk at runtime. No untrusted code ever runs.
{ "from": "brand-check", "to": "legal-review", "when": "output.passesBrandCheck == true" }
includes, startsWith, endsWith, length, isEmpty.
Path roots:
| Root | Resolves to |
|---|
output.* | The source step’s output object. |
step.* | The source step’s metadata (status, timing). |
execution.input.* | The triggerContext you passed on dispatch. |
when is omitted, the edge always fires.
SLA and breach handling
Set slaMs on any node to give the step a deadline. If the step doesn’t complete within the window, it transitions to breached and emits a step.breached event.
To handle breaches, declare an outgoing edge that routes on the breached status. Otherwise the engine emits the missing-breach-edge linter rule and rejects the definition. Silent dead-ends are a bug.
Parallel groups and quorum policies
A parallel group declares a set of member nodes that conceptually run in parallel and share an approval threshold.
{
"groupId": "parallel-review",
"memberNodeIds": ["human-legal", "human-brand"],
"expectedSteps": 2,
"quorum": 2,
"onQuorumMet": "waitAll"
}
| Field | Type | Required | Description |
|---|
groupId | string | yes | 1 to 64 chars. Stable identifier. |
memberNodeIds | string[] | yes | 1 to 500 nodes. Each must be declared as a top-level node. A node may belong to at most one group. |
expectedSteps | integer | yes | 1 to 500. Total members the group expects to terminate. Must equal memberNodeIds.length. |
quorum | integer | yes | 1 to expectedSteps. The number of approvals required to fire the policy’s side effect. |
onQuorumMet | enum | no | waitAll (default), cancelOnQuorum, or joinOnQuorum. |
requiredNodeIds | string[] | no | Specific members whose approval is required for quorum to be met. Every entry must also be in memberNodeIds. length must be <= quorum. |
Quorum is approval count, not completion count
A member counts as an approval when its terminal status is completed AND its output.decision === 'approve'. Rejections, failures, breaches, and cancellations contribute to the completion counter only, never the approval counter.
Two consequences:
- Non-blocking agent members never satisfy quorum. They have no decision concept. Only place human or blocking agent nodes inside groups whose policy is
cancelOnQuorum or joinOnQuorum.
- A
reject does not block the group from rolling up to “complete”. It just keeps approvedShards from advancing. Group-completion (expectedSteps met) and group-quorum (approval threshold) are tracked separately.
onQuorumMet policies
| Policy | Side effect on first-time approval-quorum-met | Per-member fan-out |
|---|
waitAll (default) | Emits group.quorum-met event only. Group is purely informational. | Each member’s outgoing edges fire on its own completion. If two members both fan out to the same downstream node, you get two downstream step instances. |
cancelOnQuorum | Emits group.quorum-met AND cancels every sibling member step still in waiting (system-actor cancellation, audit reason group-quorum-met). | Each completing member still fans out per-edge. Cancelled siblings do not fan out. |
joinOnQuorum | Emits group.quorum-met, cancels waiting siblings, AND fires a single group-owned downstream fan-out: one new step per shared outgoing-edge target with deterministic stepId group_<groupId>__to__<childNodeId>. The successor’s input is { groupOutputs, groupId, quorum, totalApproved }. | Suppressed for group members. The group container owns fan-out, so downstream successors run exactly once. |
Specific-must-approve quorum
By default, quorum is anonymous: any N approvals out of M members trigger the policy. To express “these specific members must approve”, declare them in requiredNodeIds:
{
"groupId": "approver-group",
"memberNodeIds": ["legal", "finance", "brand"],
"expectedSteps": 3,
"quorum": 2,
"requiredNodeIds": ["legal", "finance"]
}
- Every
nodeId in requiredNodeIds is among the approvers, AND
- Total approval count reaches the numeric
quorum.
In the example, brand alone approving doesn’t satisfy quorum even if quorum: 2 is reached numerically. legal AND finance must both also approve. If requiredNodeIds is omitted or empty, behavior collapses back to anonymous quorum.
Linter rules
Definitions are linted at create and update time. Any rule violation is rejected with INVALID_ARGUMENT and an explicit code in the error message.
| Code | Meaning |
|---|
duplicate-node-id | Two nodes share the same nodeId. |
dangling-edge | Edge references a from or to that isn’t declared. |
cycle-detected | The graph contains a cycle. v1 is DAG-only. |
unreachable-node | A node has no path from any root. |
node-missing-config | A node has no config block. |
missing-breach-edge | A node has slaMs set but no outgoing edge that routes on status == 'breached'. Breaches would silently dead-end. |
group-duplicate-id | Two groups share the same groupId. |
group-members-empty | memberNodeIds is empty. |
group-member-missing | A member references an unknown node. |
group-expected-steps-invalid | expectedSteps < 1. |
group-quorum-invalid | quorum < 1 or quorum > expectedSteps. |
group-cancelonquorum-requires-quorum-lt-expected | cancelOnQuorum requires quorum < expectedSteps. |
group-joinonquorum-members-must-share-successors | joinOnQuorum requires every member to have an identical set of outgoing-edge target nodes. |
group-required-not-in-members | An entry in requiredNodeIds is not in memberNodeIds. |
group-required-exceeds-quorum | requiredNodeIds.length > quorum. |
group-node-in-multiple-groups | A node appears as a member of two or more groups. |
Events
For receiver setup (signature verification, security rules, delivery basics), see Setup, Configure your webhook receiver.
Event reference
Externally-visible events delivered via webhook and returned from Get Execution Events:
| Event type (external) | Internal name | When emitted | data highlights |
|---|
execution.dispatched | same | Execution created. First step(s) scheduled. | { definitionId, definitionVersion, rootStepIds } |
execution.completed | same | All steps terminal, no unhandled failures. | null |
execution.failed | same | Any blocking step ended in failed or breached without a recovery edge. | { failureReason } |
execution.cancelled | same | /executions/cancel or full-execution rollback. | { reason? } |
step.awaiting-approval | step.waiting | A human or blocking-agent step entered waiting. | { waitingForReviewers, mandatoryCount, resumeKey } |
step.completed | same | Step transitioned to completed. | For human or blocking-agent: { aggregatorStatus, nodeType, decision, aggregatorBacked }. For non-blocking agents: { agentId }. |
step.failed | same | Step transitioned to failed (retry budget exhausted). | { error: { code, message } } |
step.breached | same | Step exceeded its configured SLA before completing. | { reason } |
step.cancelled | same | Step cancelled via /steps/cancel or by quorum-met side effect. | { actorId, reason } |
group.quorum-met | parallel-group.quorum-met | A parallel group’s approval threshold was first satisfied. | { groupId, total, quorum, completedTotal, expectedSteps } |
Internal-only events (step.scheduled, step.started, step.retried, step.resumed, step.response-recorded, step.overridden, parallel-group.completed, idempotency.suppressed) fill seq gaps but are filtered from external delivery. Your stream may have non-contiguous seq values.
Cancellation reasons
step.cancelled events carry a data.reason string. This is an open string set. Consumers should switch on event.type for control flow, not on data.reason.
| Reason | Source | Meaning |
|---|
group-quorum-met | system | Cancelled by the engine when the parent group’s approval quorum was met under cancelOnQuorum or joinOnQuorum. Audit shows actorId: "system:group-quorum". |
| (admin-supplied) | admin | Free-form reason passed to /steps/cancel. |
Webhook retry policy
| Attempt | Delay before retry |
|---|
| 1 (initial) | n/a |
| 2 | 2 s |
| 3 | 8 s |
| 4 | 32 s |
| 5 | 2 min |
| 6 | 8 min, then dead-letter |
sinceSeq.
At-least-once delivery. The same eventId and seq appear on retries. Make your receiver idempotent on (executionId, seq).
Errors
All errors follow the standard envelope:
{ "error": { "message": "...", "status": "INVALID_ARGUMENT", "details": {} } }
Canonical codes
| Code | Meaning | Typical cause |
|---|
INVALID_ARGUMENT | Schema or linter failure. | Missing field, wrong type, value out of range, linter rule violation. |
UNAUTHENTICATED | Missing or invalid x-velt-auth-token. | |
PERMISSION_DENIED | Auth token valid but lacks the required scope. | Non-admin attempting /steps/cancel or /steps/resolve. |
NOT_FOUND | Target doc does not exist. | Unknown executionId, definitionId, or stepId. |
ALREADY_EXISTS | Conflicting create. | Creating a definition with a definitionId already in use. |
FAILED_PRECONDITION | Optimistic lock or state-machine violation. | ifVersion mismatch on update. Cancelling a terminal step. Deleting a definition with in-flight executions. |
RESOURCE_EXHAUSTED | Rate limit exceeded. | Per-IP or per-API-key quota. |
DEADLINE_EXCEEDED | Internal timeout. | Retry with idempotency. |
Schema-level validation errors
message | Trigger |
|---|
webhookUrl and webhookSecret must be provided together | Dispatch supplied one but not the other. |
webhookUrl must use https scheme | Non-HTTPS scheme. |
webhookUrl host resolves to a private, loopback, or link-local address | Literal private IP, localhost, metadata.google.internal, or *.internal. |
at least one of reviewerIds or reviewers must be provided | Human node with no reviewers. |
cannot set both reviewerIds and reviewers, use one | Both populated. Pick the modern reviewers[] form. |
reviewer userIds must be unique | Duplicate userId in reviewers[]. |
reviewers must include at least one mandatory reviewer (allMandatoryApproved would otherwise never resolve) | Every reviewer.mandatory === false. |
resolutionPolicy required when blocking === true | Blocking agent node without a policy. |
minCount required when kind === "minResolved" | resolutionPolicy.kind = "minResolved" with no minCount. |
Rate limiting
Rate limits are applied per API key, with additional per-endpoint tiers on high-volume routes. A RESOURCE_EXHAUSTED error indicates you should back off with exponential retry. Dispatch retries are safe to replay with an idempotencyKey.
Object reference
interface ExecutionView {
executionId: string;
status: 'pending' | 'running' | 'completed' | 'failed' | 'cancelled';
startedAt: number; // epoch ms
completedAt: number | null;
cancelledAt: number | null;
definitionId: string;
definitionVersion: number;
correlationId: string;
idempotencyKey: string;
failureReason: { code: string; message: string } | null;
steps: StepView[];
}
interface StepView {
stepId: string;
nodeId: string;
nodeType: 'agent' | 'human';
status: 'pending' | 'running' | 'waiting' | 'completed' | 'failed' | 'skipped' | 'cancelled' | 'breached';
groupId: string | null;
startedAt: number | null;
completedAt: number | null;
output: Record<string, unknown>;
error: { code: string; message: string } | null;
}
interface DefinitionView {
definitionId: string;
name: string;
description: string | null;
version: number;
scope: { level: 'apiKey' | 'organization' | 'document'; organizationId: string | null; documentId: string | null };
nodes: NodeView[];
edges: EdgeView[];
groups: ParallelGroupDef[] | null;
triggers: WorkflowTriggerConfig[] | null;
tags: string[] | null;
custom: Record<string, unknown> | null;
createdAt: number;
updatedAt: number;
status: 'active' | 'tombstoned';
}
interface ApprovalEventView {
eventId: string;
seq: number; // monotonic per-execution
type: string; // external event type, see Event reference
stepId: string | null;
timestamp: number; // epoch ms
correlationId: string;
data?: Record<string, unknown>;
}
output (after resume) includes the aggregator rollup:
{
reviewers: Array<{ userId: string; mandatory: boolean }>;
reviewerIds: string[];
reviewerEmails: string[];
commentBody: string | null;
aggregatorStatus: 'resolved' | 'rejected';
approveCount: number;
rejectCount: number;
totalResponses: number;
mandatoryCount: number;
mandatoryApproveCount: number;
decision: 'approve' | 'reject';
approved: boolean;
resumedAt: number;
resumeKey: string;
}
joinOnQuorum group successor steps, input includes:
{
groupOutputs: Record<string /* memberNodeId */, Record<string, unknown> /* member's output */>;
groupId: string;
quorum: number;
totalApproved: number;
}
