Skip to main content
Guardrails ensure automations run securely and within defined boundaries. For general Ona guardrails (policies, SSO, audit logs), see Ona Guardrails.

Environment isolation

Each automation runs in an isolated environment with dedicated resources - no access to other automations or user environments. See Environments.

Command deny lists

Prevent automations from executing dangerous commands (sudo, rm -rf /, cloud CLIs). Blocked commands fail immediately. Configure at the organization level. See Command deny lists.

Audit logging

Every execution is logged - commands, file changes, PRs created, errors. Use for debugging and compliance. See Audit logs.

Concurrency limits

Control parallel execution to manage costs and prevent automations from running excessively. Maximum values depend on your plan.
LimitCoreEnterprise
Max concurrent1025
Max total50100
Setting values above your plan’s cap returns an error. Existing automations are not retroactively affected - only new creates and updates are validated.
StageConcurrentTotal
Initial test510
Team validation1050
Full rollout25100
The maximum values (25 concurrent, 100 total) are hard limits that apply to all plans.

Queue behavior

When concurrent limit is reached, additional actions queue and start as others complete. When total limit is reached, the automation stops - increase limits and re-run to process remaining targets.

Next steps