sandbox · example data only · not your workspace
← all scenarios

Automation (Dry Run) Demo

Pick a Python script → dry-run → approval → execute → audit.

The safety wall around any automation: dry-run first, then human approval, then audited execution.

Steps
6
Est. time
~7 min
Audience
client
Reviewed
2026-05-23

read first

Execution PlansPhased plans, dependency graphs, rollback verification.
Approval WorkflowAudit Logs

data flow

scenario architecture


   library  ──pick script──▶  dry-run (no live calls)
                                      │
                              plan output + risk class
                                      │
                                      ▼
                          two-person approval ──tip──▶ execute
                                      │
                                  audit row
step 1/6·No approval needed

Pick automation

Library of curated Python scripts + workflows.

visionxixlabs.com/dashboard/automation
AAxiom
Sign out

automation · dry-run output · no side effects

# script: tag_untagged_ec2.py (curated · lastReviewed: 2026-05-23)
# mode: dry-run (default)
# scope: aws/ec2:Tag (read-only describe + simulated tag)

[ 1/4] describing 142 EC2 instances...                      ✓ 142 found
[ 2/4] filtering untagged...                                ✓ 12 missing CostCenter
[ 3/4] computing tag plan...                                ✓ 12 actions queued
[ 4/4] writing dry-run report...                            ✓ done

DRY-RUN SUMMARY
  · would tag 12 instances with CostCenter=platform
  · would emit 12 audit rows: execution_plan.create
  · would notify slack #platform-ops (12-line summary)
  · estimated cost: $0 (read-only + simulated)
  · risk class: low · blast radius: 12 metadata-only writes

NO live API calls made. To execute, click Promote → Live.
Mode
dry-run
Risk class
low
Audit rows
0 / 12 planned
default-safeEvery automation defaults to dry-run. The plan output enumerates every side-effect. Live mode requires explicit promotion and emits a stage of awaiting_approval if any action is change-class.

Dry-run is the default

Every automation runs in dry-run mode by default. The plan output enumerates every side-effect; you have to explicitly promote it to live. Live runs always emit an audit row + a stage of awaiting_approval if any action is change-class.

expected result

Script card with description + last reviewed.

platform route

/dashboard/automation

engineering principle

Every automation has two modes: dry-run (default, no side effects, just plan output) and live. Live mode requires approval for any change-class step, and the runner is durable — a process restart resumes from the last stage row.

Platform reference →Architecture overview →← Back to all scenariosSet up your real workspace →