Skip to main content
Guardrails keep Automations running securely and within defined boundaries. For general Ona guardrails (policies, SSO, audit logs), see Ona Guardrails.

Environment isolation

Each Automation runs in an isolated environment with dedicated resources. No access to other Automations or user environments. See Environments.

Command deny lists

Prevent Automations from executing dangerous commands (sudo, rm -rf /, cloud CLIs). Blocked commands fail immediately. Configure at the organization level. See Command deny lists.

Executable deny list

Block specific binaries from running inside Automation environments using kernel-level enforcement. Unlike command deny lists, executables are identified by content hash and cannot be bypassed by renaming. See Executable deny list.

Audit logging

Every execution is logged: commands, file changes, PRs created, errors. Use for debugging and compliance. See Audit logs.

Concurrency limits

Control parallel execution to manage costs and prevent Automations from running excessively. Maximum values depend on your plan.
LimitCoreEnterprise
Max concurrent1025
Max total50100
Setting values above your plan’s cap returns an error. Existing Automations are not retroactively affected. Only new creates and updates are validated.
StageConcurrentTotal
Initial test510
Team validation1050
Full rollout25100
The maximum values (25 concurrent, 100 total) are hard limits that apply to all plans.

Queue behavior

When the concurrent limit is reached, additional actions queue and start as others complete. When the total limit is reached, the Automation stops. Increase limits and re-run to process remaining targets.

Next steps