A Re-evaluation of

Workflow-based AI Agent Development Tools

Recently acquired by Workday, Flowise is a tool synonymous with agentic workflows. I found Flowise’s RAG to be way above most other tools. It supports things like:

• Text splitting — broadest range of splitter types in the evaluation. Character, Token, Recursive Character, Markdown, Code, and HTML-to-Markdown splitters all available natively. Configurable chunk size and chunk overlap per splitter
• Data preview and refinement - Live preview of chunking output before processing, allowing iterative tuning of splitter, chunk size, and overlap before committing
• Post-processing chunk editing — individual chunks can be deleted or have content added after upsert
• Embedding - Multiple embedding model providers supported (OpenAI, Google, others)
• Vector store - Multiple vector store options including production-ready hosted options (e.g. Upstash)
• Record management - Optional Record Manager component for tracking upserted chunks, enabling incremental updates and targeted deletions without full re-ingestion
• Retrieval tuning - Chunk overlap explicitly designed to bridge the top K retrieval limit and preserve contextual continuity across chunk boundaries

I also like shared state, which provides a way to manage and share data dynamically throughout the execution of a single workflow instance. It’s a runtime, key-value store that is shared among the nodes in a single execution. It functions as temporary memory or a shared context that exists only for the duration of that particular run/execution. Its primary purpose is to enable explicit data sharing and communication between nodes, especially those that may not be directly connected in the workflow graph, or when data needs to be intentionally persisted and modified across multiple steps.

Google delivers. They rebranded VertexAI and combined it with ADK to release the Gemini Enterprise Agent Platform as I was researching this report. A part of this platform is Agent Studio, the visual designer with a drag-and-drop canvas.

However, what you can achieve with Agent Studio is a subset of the wider platform.

As such, I’ve evaluated the whole EAP against the report’s criteria for you, the reader, but I do not think Google’s EAP is comparable with the other tools here in terms of procurement, provisioning, and management. So they get an asterisk. Google themselves said users need a solid understanding of Python programming, and mandatory completion of the ADK Quickstart tutorial(s) or equivalent foundational knowledge of ADK basics.

Between the Vertex rebrand and all its modules, I am confused about their overall product taxonomy, including the pricing structure, which includes model inference. I spent a lot of time trying to figure it out, but as I could not write clear lines between products, I have evaluated it all.

Regardless, there is a lot of cool enterprise-grade stuff, including:

• Agent Gateway - is the network entry and exit point for all agent interactions. It gives enterprise security administrators the ability to enforce security and governance policies for agents as a part of the platform infrastructure.
• Model Armor - applies the organization's content security guardrails by inspecting all prompts and responses that pass through the Agent Gateway. This feature enforces content security guardrails consistently across all agents governed by the gateway. Model Armor helps mitigate risks such as prompt injection, jailbreak attempts, leakage of sensitive information, and generation of harmful content.
• Agent Identity - provides an attested, cryptographic identity for each agent that is based on the SPIFFE standard. With Agent Identity, agents can securely authenticate to MCP servers, cloud resources, endpoints, and other agents, acting either on its own behalf or on behalf of an end user. Agent Identity uses the agent's own credential and Agent Identity auth manager.
• Policy testing - used to verify that it correctly filters traffic during ingress or egress based on the conditions defined.

I like Gumloop, not only because it’s a good product, but mainly because it takes agent security and authentication really seriously. Most other products have security features, like auth and RBAC and such, but they’re mainly for the tool itself rather than for agent behavior. But in Gumloop you get goodness like:

• Per-tool authorization - Authorize different access levels for different types of tools by setting per-tool policies.
• Credentials & Authentication - When an agent uses integrations and workflows, it needs credentials to access external services. Every node that requires authentication has a “Credentials to use” dropdown.
• Lineage - Agents always use the credentials of the person running the agent, not the agent creator’s credentials. If a user runs the agent, it uses their credentials. Personal Agents always use the personal default credentials of whoever is running the agent.
• AI Model Governance & Configuration - enable administrators to implement security policies, manage costs, ensure compliance, and maintain centralized control over AI automation workflows.
• AI Proxy Routing - Route AI requests through custom proxy URLs
• Secrets management - No local plaintext keys, no mystery config files. Enforce credential flows, handle rotation and revocation, and plug into existing vaults.

Langflow is another tool synonymous with agentic workflows. I think this is IBM’s doing, but Langflow really gives you a lot more back-end configuration capabilities than the other tools, which include:

• Memory management options - Langflow provides flexible memory management options for storage and retrieval of data relevant to flows and Langflow servers. This includes essential Langflow database tables, file management, and caching, as well as chat memory.
• Logging - Langflow produces logs for individual flows and the Langflow application itself using the structlog library for logging.
• File management system - Each Langflow server has a file management system where files that need to be used can be stored. Files uploaded to Langflow file management are stored in Langflow's storage backend (local or AWS S3), and they are available to all flows. Uploading files to Langflow file management keeps files in a central location, and allows users to reuse files across flows without repeated manual uploads.
• Proxy - Deploying Langflow on a Linux-based server and using Nginx as a reverse proxy. It encrypts for SSL certificates, and Certbot for automated certificate management. This setup encrypts all communications between users and the Langflow server. SSL certificates ensure that sensitive data is protected from eavesdropping and tampering, and the automatic certificate management through Certbot eliminates the complexity of manual SSL configuration.

I remember Make from last year as the one with three sets of docs. While this is neither a bonus nor a limitation, you should know about this if you’re evaluating them.

• https://help.make.com/
• https://developers.make.com/
• https://apps.make.com/code

Some of their cool stuff include:

• Grid - a dependency map that helps businesses visually manage and optimize their entire automation and AI ecosystem. It’s like a simulation of the automation infrastructure - it shows a layout of how everything is built and wired. Make Grid creates a near real-time, auto-generated map that shows how scenarios, apps, data stores, and AI-powered components are connected, making it easier to debug, scale, and optimize workflows.
• Rollback error handler - stops the scenario run and reverts changes made by modules that support transactions. They always use a database app, like MySQL or Data store. Make cannot undo actions made by modules that don't support transactions, like Gmail > Send an email or Dropbox > Delete a file.
• Make Managed Services (MMS) is a product offering that lets distributors of Make manage multiple organizations under a single entity. Users can manage child organizations in the Make platform or with the Make API. With MMS, organizations can now easily distribute Enterprise licenses to clients and manage their operations in one place, or create automations for clients after an easy, quick user setup. Make Managed Services is useful to distributors that need to manage organizations on behalf of their clients, such as Make resellers or automation experts who build for organizations.
• Make White Label - Make's White Label solution allows OEM customers to rebrand and manage their own instance of the automation platform. It provides tools for customizing appearance (logos, domain) and controlling user access roles, enabling partners to offer Make’s automation capabilities seamlessly under their own brand.

First, n8n is cool for commissioning, publishing, and hosting this independent report. It is synonymous with automation and is often the reference point when comparing tools, as I am constantly reminded by my YouTube feed with ‘New Tool just killed n8n’.

But beyond the strong brand, community, and community content, n8n has been serious about their enterprise-grade scalability and security. Some of the cooler stuff I’ve seen includes:

• Self-hosted AI kit - a pre-packaged containerized image which includes n8n (obviously), Ollama as a cross-platform LLM platform to run alongside and as part of n8n workflows, Qdrant as an open-source vector store that integrates with the workflow via API, and PostgreSQL to handle data locally.
• Docker Hardened Images - n8n migrated to DHI to offer a low-CVE foundation with continuous patching and verified provenance. This is particularly important for self-hosted versions for hardened assurance.
• The OEM deployment option - lets users embed and surface n8n's interface inside their own product's UI. This allows end-users to build workflows, configure connections, and run workflow automation inside the user’s product.
• Task isolation via task runners as sidecars in external mode - running tasks as separate containers to provide a fully isolated environment when executing the JavaScript defined in the Code node.
• Distroless images - reduces the attack surface by only including the application and its runtime dependencies, excluding package managers, shells, and other utilities that aren't needed at runtime.
• Nobody user - task runners can execute as the unprivileged nobody user to prevent the container process from running with root privileges and limit potential damage from security vulnerabilities.
• Read-only root filesystem - Configure a read-only root filesystem to prevent any modifications to the container's filesystem at runtime. This helps protect against malicious code that might attempt to modify system files.

I initially thought OpenAI’s Agent Builder was a filler service that would retain users that wanted to use alternatives. But their capabilities are overall very good, and considering OpenAI is the model provider, you can do some nifty things with their agent builder.

While some of the capabilities evaluated include both features available with the Agent Builder as well as the SDKs, this gap is nowhere near as big as with Google’s EAP.

• Agent visualization - generates a structured graphical representation of agents and their relationships using Graphviz. This is useful for understanding how agents, tools, and handoffs interact within an application. Users can generate an agent visualization using the draw_graph function.
• Compaction - Manages long-running conversations with server-side and standalone compaction to reduce context size while preserving state needed for subsequent turns. Compaction helps balance quality, cost, and latency as conversations grow.
• Counting tokens - Get accurate input token counts before sending requests. Token counting determines how many input tokens a request will use before sending it to the model. Used to optimize prompts to fit within context limits, estimate costs before making API calls
• Predicted Outputs - Reducing latency for model responses where much of the response is known ahead of time. Predicted Outputs can speed up API responses from Chat Completions when many of the output tokens are known ahead of time. This is most common when regenerating a text or code file with minor modifications.

Retool is an app development tool first, for both backend and frontend. All the agent automation stuff you do with it is a bonus. It also has some really great monitoring features, like these:

• The agent sidebar - The agent sidebar includes an expandable list of all agents, small activity graphs showing recent runs, and a search bar. Clicking on an agent from the sidebar accesses monitoring information for that particular agent, or expand an agent and click on a particular run to access the monitoring information for that agent run.
• Time range selector - The time range selector shows runs and errors across all agents for the selected timeframe when hovering over the graph. The time range selector can view the run and error history of all agents or an individual agent.
• Real-time live events - pulls in live events, or visualize agents and tool calls in real-time.
• The Agent graph - shows agent-resource interactions in real-time. Agents are displayed as primary nodes, and tools are shown as secondary nodes. Active connections are shown as animated lines during tool execution. .

As part of the app building experience, Retool also does external apps to white-label an instance and deliver web applications to external users in a controlled, branded environment.

I found Sim.ai late in the report writing process and I was surprised to see so much one-to-one mapping between the criteria defined and their capabilities. Outside of the report, there aren’t many notable features, but they’ve only been around for one year, so let them cook. Today, some of their distinguishing features include:

• Mothership - I really want to understand how this is more than just a global copilot. The Mothership is fed all of the Sim environment as context to run things rather than just context of a task or process. Regardless, it is advertised to help users to build, edit, run and debug a workflow, run research, generate a presentation, query a table, schedule a recurring job, or send a Slack message.
• Sim Mailer - creates a dedicated email address for the workspace. Users can forward or send emails to it and Sim will process them as tasks — reading the subject, body, and any attachments, then replying to the thread with the result. Users can interact with Sim directly from the email client without switching apps.
• Secrets - better secrets management features than we evaluate, which includes Workspace and Personal sections with inline key-value rows. External workspace members count as workspace members for workspace-scoped secrets. They can use workspace secrets according to their workspace permission level, even though they are not members of the organization.

In late May, Asana announced its acquisition of StackAI. I’m unclear on how the product will look a few months from now, but what is clear is that StackAI made the biggest jump in capabilities from last year. They’ve developed their product to cater to enterprises (as you can tell from their feature set and their ISO27001 and SOC2 certs) so I can see why Asana chose them over a whole lot of other similar products. A lot of their enterprise-grade features have to do with the tool itself rather than agents (see call out box at the beginning of this document), and considering their trajectory, I expect they’ll do their Agent ABAC and such soon. Some cool stuff includes:

• Interfaces - While we evaluate interfaces in the report, StackAI’s explicit interface methods are comprehensive, and include Forms, Chat Assistant, Website Chatbot, Slack App, Microsoft Teams, WhatsApp / SMS with Twilio, APIs, iFrame, and React component.
• The URL Node - allows users to add a URL to the flow and scrape the HTML or Metadata of a website to use as an input to the LLM. If an LLM node returns a URL as its output, it can feed into the URL node to scrape a website in a more complex workflow. The entire output of the URL Node will be given to the LLM as context.
• The StackAI Node - an all-purpose node that does things like analyze data, browse the web, send emails, call APIs, and more. Pick the action, fill in the required inputs, and connect the outputs to the rest of the workflow.

Tines started as a security-first product which then extended its scope to non-security use cases. The good thing about this is that you get a tool with a security pedigree. It’s also a product for enterprises, which is reflected in the second-best score (after Google*) in Enterprise-Readiness.

On top of that, Tines is a product for operations teams. This means that you, the human, can handle things that happen in your environment from Tines in real-time.

• Cases - a mechanism for creating and managing tickets. This is a whole workspace where users can investigate and respond to incidents, as well as invoking agents to automate the processes, such as enrichment, data transformation, automatic assignment, and orchestrating third party tools.
• Self-hosting - Tines is a product for enterprises. To self-host it, Tines offers a package with three core components - Web server, Background worker and Command runner components, which are run as Docker containers. Additional components used for optimization include a load balancer-Routing requests to the web server component(s), Postgres as a Persistent data store, Redis for caching of data from the database and queuing for the background worker(s), and an SMTP server (optional) - Sending emails for user management, notifications, monitoring and the “Send Email” action.
• Data residency - all of AI-powered features in Tines run in the same private architecture. Customer data never leaves the stack, does not travel on the open internet, is not logged, and is not used for training.

Workato is an enterprise for enterprises. They score well on criteria where other vendors don’t do as well, such as Proxy-based filtering and FW, tool ABAC, authentication and authorization, lineage.

Some distinguishing factors include:

• Workato Genies - purpose built, production ready, and optimized for major functions across the enterprise.
• Platform identity - integrates with identity provider. Supported providers include Okta, Azure AD, and other SAML-compatible IdPs. User identity is established through the authentication flow of the genie chat interface. Supported interfaces include Slack, Microsoft Teams, and Workato GO. Workato
• User identity for access control - these are pulled from the skill trigger context rather than from the conversation. Every skill recipe begins with a genie trigger. Users send a message that invokes a skill and the trigger passes authenticated user context to the recipe.