Content Development Guidelines for Turbine

swimlane turbine provides users with the flexibility to build rich applications backed by robust automations given the degree of flexibility, it is best to adhere to the following best practice recommendations when building content in swimlane turbine area requirements notes applications and applets fields must have descriptive names field names should only be plural form if the content is an array or list field help text should only be used for fields which are being used to collect information in a process which the intended audience will experience infrequently and when the field name does not make that which is being requested intuitive / obvious to the average high school graduate applet field names must always include a differentiating value to avoid name conflicts when adding to an application, for example, “phishing reported date time” should only display fields to the user that are relevant to what they are doing use workflow to hide/show sections must avoid the risk to storing large amounts of data within a single record pay special attention to records with large data sizes and how the data is stored / /application records md have a limit of 100mb with fields being able to hold 30mb of data must limit the amount of expected reference records in a single reference field special attention needs to be placed on reference fields that could have several hundred or thousands of reference records added to them, as performance degradation can occur with records with 1000+ references added in a many to one reference relationship between records, design the content so that the side with the least amount of reference records is viewed in the ui, rather than the record with the many records that are viewed should not contain many referenced records support fields should be hidden under a dedicated “support” tab or section descriptions on the values for selection fields should be used when the number of options is seven or greater there must not be unbounded list fields if a large (100+) list of values is required, use a dedicated application and a reference field to store the data another option is to use a text field, and then in canvas, split the text field into an array using native transformation split or regex split text fields should contain a placeholder value placeholder values help the user understand the type of data that should be stored it also may be used to better inform ai models of the intention of the field orchestrator must use a date field if time is not required when capturing a timestamp be intentional when selecting a date field vs a date & time field if time is not required, date field is preferred numeric fields should include minimum and maximum values basic built in guardrails keeping numeric field values within the desired range results in a more accurate outcome applications/applets must have a useful description saved reports should not use “contains” searches, as these searches are comparatively expensive keyword searches using the condition builder is preferred workflow workflow organization should resemble a shallow tree i e one condition and one outcome workflow can become overwhelming quickly when too much logic is added widgets must minimize the number of widgets being displayed at any one time by moving widgets into tabs or sections each widget behaves like another webpage embedded in the view, that is, each widget gets a copy of the record, each widget has it’s own event listeners, etc visualizing fewer widgets on the screen at one time will reduce performance impact on the browser should consolidate functionality of multiple widgets into one if possible balance between widget complexity and reusability that is, use one widget with three action buttons rather than three widgets each with one action button should consider reusability of the widget reusability of widgets is also important consider how the widget can be used in other use cases when designing must include widget configuration parameters at the top half of the widget code describe what the widget does, any field inputs, and any configuration settings should not hardcode values into the widget code use application/applet fields instead that is pull data from a selection field, rather than hard code the selection values directly into the widget code canvas playbooks playbook names must reflect the solution/use case in which it supports for example, collaboration extension, alert ingestion playbooks must have a detailed description record event triggers must have condition filters record create and record update should check for existing components before create new ones components are meant to be reusable snippets of code attempt to discover if a component already exists that meets your needs before creating a new one should limit the usage of nested sub components if you have readability/complexity concerns if you are working through a multi step process, consider bringing the data back up to the root level and starting the next stage in the process from there that is, alert ingestion, enrichment, correlation, knowledge base article lookup, hero ai case summarization are all stages in a process, in a single flow, that should be at the root of the flow and not nested deeply within components this also helps to keep components reusable should stagger hourly cron (scheduled) trigger when using a cron to trigger a playbook, try not to set the execution time to 0 past the hour stagger executions to prevent high playbook execution volume at the top of every hour canvas components component names must reflect that action that is being performed for example, convert crowdstrike alerts into teds, strip html from string components must have a detailed description components should only use interfaces if they intend to be swappable otherwise, user defined is preferred for example, vics components should always validate their inputs components must never fail silently more on values below failures that break a business process should propagate these are seen more as “errors” for example, a record search returned an empty result, a vic was unable to authenticate to an email provider failures that don’t break the business progress should be highlighted in the content, but the flow should continue to execute these are seen more as “warnings” for example no knowledge base articles were discovered default values of component inputs should be set for example, max token count components should be designed as if their inputs and outputs will not change canvas automation consideration must be made to the concept that component execution has more overhead than flat actions runs (actions outside of a component that run in a flow) consider this when using components in canvas components are best used for re usability, and not solely for readability readability use cases for components are also valid infinite loops must be avoided infinite loop protection mechanisms are in place on all turbine cloud regions a flow with a record update trigger can not modify that same invoking record trigger conditions must be used for all record events triggers especially record update triggers multiple updates to the same record within a single flow should be avoided instead, group record updates into a single upsert at the end of the flow record search actions must only return the necessary fields “contains” searches in playbook actions should be avoided canvas actions action names should be short and start with a verb for example, normalize alert data, call crowdstrike update alert, send slack message actions doing external api calls must be configured with at least 3 retries with a 15 30 second wait data transformations data transformations must use native transformation actions as a priority where possible data transformations must have a descriptive title data transformations must have a descriptive block description advanced data transformations must use inline comments script actions should not be used in high volume flows if advanced jsonata is possible error handling should use python script action to raise errors raise componentinputerror (this is a custom error message) exception classes should be used to create custom error types class componentinputerror(exception) should write errors to a dedicated application field