Everything you need to ship a workflow on Nexus — from your first canvas to your hundredth published agent.
From signup to a running workflow in under ten minutes.
Open app.nexus.santeon.com, sign in with your SSO. A workspace is provisioned on first login.
From Settings → Connectors, paste a server URL and credentials. Nexus calls tools/list and the tools appear on the palette.
Open a new canvas. Drop a Webhook trigger, an MCP node, and a Slack action. Wire them. Hit Run.
Press Publish. The workflow is now reachable as a typed MCP server other workflows can call.
If you're self-hosted, run nexus init from the CLI — it scaffolds a workspace and seeds an example workflow.
This guide walks through a Webhook → MCP → Slack pipeline. The whole thing takes five minutes.
Workflows start with a trigger node. Drop a Webhook trigger onto the canvas. Click it and copy the generated URL — that's where you'll send events from your upstream system.
Drag an MCP node and connect it to the webhook output. Pick the tool you want to call from the dropdown — input fields are auto-generated from the tool's JSON Schema. Reference webhook fields with {{ trigger.body.email }}.
Drop a Slack Action node downstream. Configure the channel and message body. You can interpolate output from any upstream node: {{ steps.enrich.output.company }}.
Hit Run with a sample payload. The right pane shows every step's input and output. Once green, press Publish — your webhook URL is now live.
An agent is a workflow whose LLM has access to a curated tool set and a persona. Here we'll build a research agent that queries Confluence and Salesforce.
Open Agents → New. Give it a name and a system prompt. Be specific about scope — agents are most reliable when their job is narrow.
// system prompt
You are a sales-research agent. Given a company name, return:
- the latest opportunity stage from Salesforce
- any related internal docs from Confluence
Cite your sources. If you can't find data, say so.
From the tool picker, select tools from any MCP server connected to your workspace. For this agent: sf.opp.search, sf.account.get, confluence.search.
Toggle on Require approval for writes if you want a human checkpoint before any tool that mutates state runs. Set a max-iteration budget (default: 8).
Test with a few real questions. Inspect the agent's tool-call trace. When happy, publish — the agent is now callable from any workflow as agent.research.run.
A workflow is a directed graph. Nodes do work; edges carry typed data between them. Nexus has 16 node types across 4 categories.
Every output port has a JSON Schema. Connecting incompatible types is a publish-time error, not a runtime crash.
Publishing freezes a workflow's topology (which nodes exist, how they're wired) but leaves configuration (rule values, prompts, thresholds) editable in production.
Every publish creates a new version. In-flight runs continue on their starting version. New triggers route to the latest. Roll back via the version dropdown — instant, no redeploy.
Agent-to-Agent. A workflow can call another workflow as a single step — typed input, typed output, full observability.
Decompose. The "customer onboarding" workflow doesn't need to know how KYC verification works — it just calls the KYC workflow and gets a result. Each piece evolves independently.
Drop a Workflow node. The picker shows every published workflow in your workspace. Pick one — its input form is auto-generated from its schema.
Nexus tracks the call stack. A workflow that calls itself (directly or transitively) past a configurable depth (default: 16) errors at publish time, not runtime.
Knowledge is how you ground LLM nodes and agents in your own data. Nexus indexes content from connected sources and exposes it as a retrieval tool.
Every chunk inherits the source document's ACL. When an LLM node retrieves chunks, the lookup is filtered by the calling user's identity — so a workflow run by Alice never sees Bob's private docs.
Schedule per-source. Default: daily incremental, weekly full. Per-document hashes mean unchanged docs cost nothing.
To use an MCP server in a workflow, register it once at the workspace level.
You'll need the server's URL (HTTPS or stdio) and any required auth.
Nexus supports bearer tokens, OAuth flows, mTLS, and AWS IAM signing. Pick the right one and provide credentials. Secrets are encrypted with your workspace KMS key.
Nexus calls tools/list and resources/list. You'll see every tool surfaced with its name, schema, and description.
Optional — restrict which tools are usable from which workflows. Useful for write-tools that should only run from approved automations.
If your service doesn't have an MCP server yet, write one. The TypeScript starter takes about 20 lines for a basic tool.
import { Server } from "@modelcontextprotocol/sdk"; const srv = new Server({ name: "my-svc", version: "1.0.0" }); srv.tool( "createTicket", { title: "string", body: "string", priority: "low|med|high" }, async ({ title, body, priority }) => { const id = await db.tickets.insert({ title, body, priority }); return { id, status: "open" }; } ); srv.listen({ transport: "http", port: 8421 });
Schema patterns and a full Python starter are in the cookbook.
Twelve recipes for common MCP server patterns.
Trigger workflows, query runs, manage workspaces. Stable, versioned at /v1. Full reference at developers/sdk.
API keys via Authorization: Bearer …. Scoped (workflow, run, admin). Rotate from the dashboard or CLI.
POST /v1/workflows/{slug}/runs
Authorization: Bearer nx_...
Content-Type: application/json
{ "email": "a@example.com", "plan": "enterprise" }
// Response
{ "runId": "run_01h…", "status": "queued" }
GET /v1/runs/{id}/events?stream=sse
Authorization: Bearer nx_...
// SSE: StepStarted, StepCompleted, StepFailed, RunDone
The nexus CLI mirrors the REST API and adds local dev affordances.
# install brew install santeon/tap/nexus # auth nexus login # run a graph locally nexus run ./graph.json --input='{"email":"a@example.com"}' # tail a live run nexus runs tail run_01h... # trigger a deployed workflow nexus trigger customer-onboarding --json='{"email":"a@example.com"}'
The portable TypeScript executor. Same engine that powers the cloud. Run it embedded, in CI, or self-hosted.
import { runWorkflow } from "@nexus/engine"; import graph from "./onboarding.json"; const events = runWorkflow(graph, { trigger: { kind: "webhook", payload: { email: "a@example.com" } }, state: postgresStore(pool), bus: sqsBus(queueUrl), mcp: mcpClient({ servers }), }); for await (const ev of events) console.log(ev);
Full surface area on the engine page.
Three deployment shapes — managed, BYOC (your AWS), or air-gapped on-prem. Full requirements matrix on the self-host page.
helm repo add nexus https://charts.santeon.com helm install nexus nexus/nexus \ --set postgres.host=... \ --set redis.host=... \ --set llm.provider=bedrock-vpc \ --set sso.issuer=https://idp.example.com
The operational playbook for self-hosted deployments.
Postgres holds the entire state graph — runs, events, configs, secrets-references. Snapshot it on whatever cadence your RPO requires. Object storage holds large payloads (set a lifecycle policy).
Pull the new image. Run migrations (nexus migrate). Roll deployments. Engine versions are N-1 compatible — in-flight runs survive a rolling upgrade.