If you’ve ever tried to automate a real FinOps workflow, you’ve felt the sprawl: thousands of AWS and GCP APIs, inconsistent parameters, and “just one more edge case” before it’s safe to run at scale. The result is usually the same story: a good idea stalls because stitching it together takes longer than the savings it’s meant to unlock.

CloudFlow’s Agent Builder is designed for that moment: when you know the outcome you want (for example, investigate a cost spike and recommend the next action), but you don’t want to build and maintain a custom integration for every system involved.

Agent Builder provides a way to create and manage flows in CloudFlow so you can move from “we should automate this” to a repeatable workflow that can be triggered and governed like any other CloudFlow automation. Instead of designing every branch of logic around individual APIs, you define the flow in natural language once.

In practice, this is meant to shift your work up a level:

• from integrating every AWS/GCP endpoint yourself,
• to packaging a reusable “investigate and act” capability you can drop into multiple flows (alerts, ticket enrichment, scheduled checks, remediation handoffs).

Getting Started with Agent Builder

• Create or open an existing flow and navigate to the Agent Builder page.
• Ask Agent Build to create a new flow (for example: cost anomaly triage, tagging governance checks, owner resolution).
• Run it in a controlled scope first (a single account, a single project, or a narrow set of services), then expand.

Cost anomalies do not always stop after the first notification. In real environments, an anomaly can persist across hours or days, get buried in Slack or Teams, or grow significantly after initial detection. FinOps and CloudOps teams need a follow-up signal when cost risk remains unresolved or escalates.

In DoiT Cloud Intelligence, cost anomaly notifications are no longer limited the initial detection.

You can now configure re-notifications so you’re notified again when:

• An anomaly remains active after a specified period of time (similar to a reminder or snooze), or
• The anomaly impact increases, either by a fixed dollar amount, a percentage, or a combination of amount and percentage.

Previously, notifications were triggered only when a threshold was first crossed. Now, notifications can continue if cost risk persists or escalates, helping teams stay aware of ongoing or worsening spend issues.

Re-notifications can be configured within your existing anomaly notification settings and works with current Slack, Teams, and email delivery options. To learn more about it, consult our Help docs or raise a support ticket to speak to a DoiT expert.

Cloud automations rarely live in isolation. One flow detects an issue, another enriches context, a third notifies the right team. Without a shared source of truth, you end up duplicating logic or hardcoding mappings that drift over time.

The Datastore node provides your CloudFlow automations with a shared, managed place to store and query structured data, enabling multiple flows to reference the same tables for enrichment, routing, and state. Think of Datastore as a lightweight database you can use directly from flows.

A common pattern is a tag ownership table:

• You maintain a table that maps tags (or tag patterns) to an owner, team, cost center, escalation channel, and metadata.
• Any flow can query it to resolve “who owns this?” consistently.

Example: an anomaly flow spots a sudden spike on an untagged workload. It looks up the resource’s tags, queries the ownership table, and then routes the alert to the correct Slack channel. A separate remediation flow uses the same table to decide who can approve a change and where to open a ticket.

In the Datastore node, you can:

• Get records using filters (including values from previous nodes)
• Insert records for new rows, including batch inserts
• Upsert records to keep a table current without duplicates by using a unique key column

Supported column types include Text, Integer, Numeric, Boolean, Date, Timestamp, and JSON.

How to get started

Create a Datastore table for shared mappings (for example, tag-to-owner), then reference it from any flow via a Datastore node query. Use Upsert when you want scheduled flows to keep the table continuously in sync from an authoritative source. 

Some workflows need a deliberate delay to avoid API throttling or to wait for changes to propagate. For example, if you’re looping through cloud resources or applying IAM updates, a short pause can prevent rate-limit errors and reduce noisy retries.

A common operational pattern is also dev environment scheduling: start in the morning, run all day, then shut down in the evening. Sleep lets you build this into a single flow without external schedulers.

What’s new

You can add a Sleep node to pause a CloudFlow run for a configurable duration, then automatically resume execution. This helps you:

• Space out provider API calls to reduce throttling risk
• Add cooldown periods before re-checking or notifying
• Wait for eventual consistency (for example, new resources or IAM changes becoming effective)
• Orchestrate time-based actions in one flow, like dev environment start and end-of-day shutdown

How it works

When a run reaches the Sleep node, CloudFlow marks the run as Sleeping and pauses execution until the configured time elapses. After the duration completes, CloudFlow wakes the run and continues to the next node.

How to get started: https://help.doit.com/docs/operate/cloudflow/nodes/sleep

As CloudFlows grow, the same steps often get copied into multiple workflows. That makes fixes slower and outcomes inconsistent, because you end up updating the same logic in several places.

Use-case example: you run a daily workflow that detects cost anomalies, then triggers CloudOps remediation. Instead of duplicating “ownership resolution” and “notification formatting” steps across every anomaly flow, rightsizing flow, and incident flow, you put that logic in a single subflow and call it from each parent workflow, so updates propagate everywhere.

What’s new

• You can now use the Sub Flow node to run one CloudFlow from inside another, so shared logic lives in a single reusable flow.
• Parent flows can pass inputs as parameters (mapped to the sub flow’s local variables), so the same sub flow works across multiple use cases.
• Each invocation creates a child run you can open from the run history, making troubleshooting and auditing easier.

You build a reusable flow (the sub flow) and publish it. In your main workflow, add a Sub Flow node, select the flow you want to call, and provide the parameter values for that run. When the parent reaches that node, CloudFlow runs the selected flow as a child run and returns its output back to the parent so the workflow can continue.

Getting started

• Create the reusable flow you want to call and define the local variables it should accept.
• In the parent flow, add a Sub Flow node and select the flow to call from the Flow drop-down.
• Map parameters, then use the Sub Flow node output in downstream nodes.

Read more about subflows in CloudFlow Help Center.

CloudFlow notification nodes now support threaded Slack messages — post a summary to the channel and automatically follow up with detailed information in the thread.

What's new

When configuring a Slack notification node, you'll see a new Thread Message field below the main message. If you add content there, CloudFlow will:

1. Post your main message to the Slack channel
2. Automatically reply in a thread with the detailed follow-up

If you leave the thread message empty, notifications work exactly as before — just a single message to the channel.

Why use threads?

• Keep channels clean — post a brief alert to the channel, then put the full breakdown (cost tables, resource lists, detailed findings) in the thread where those who need the details can find them
• Organize related data — separate the "what happened" summary from the "here's everything you need to know" details
• Reduce noise — team members see the headline without being overwhelmed by data-heavy content

Full message formatting support

Both the main message and the thread message support all of CloudFlow's rich formatting options:

• Tables — rendered as native Slack tables with bold headers
• Lists — bullet points with nested indentation
• Buttons — clickable action buttons with URLs
• Images — embedded image blocks
• Links — inline clickable links

How to get started

1. Open any Slack notification node in your CloudFlow
2. Write your main channel message as usual
3. Add your detailed content in the new Thread Message field
4. Save and test — you'll see both messages appear in Slack, neatly organized

This is a fully backward-compatible addition. Your existing notification nodes continue to work without any changes.

Metrics is one of the most powerful tools in your FinOps toolkit. This latest release brings substantial usability improvements that make building, understanding, and acting on your data faster and easier than ever.

New Allocation previews give you clear visibility into the individual building blocks that make up your Metric, so you can understand exactly what's contributing to your data, not just the end result. This means no more jumping back and forth between Allocations and Metrics to piece together the full picture; everything you need is right there in context.

AI-powered allocation creation takes the manual effort out of the process. Instead of building allocations from scratch, you can now express your intent and let AI generate them for you; a meaningful step toward a more intelligent, streamlined workflow.

We've also made it easier to manage Metric variables. You can now remove variables you no longer need, and the experience for adding new ones has been streamlined so it gets out of your way.

Rounding out the update: direct links to use a metric in reports mean fewer clicks between insight and action, and improved interactions around generating previews make the whole experience feel more responsive and fluid.

As your CloudFlow flows grow in complexity, keeping context about why a flow was built, what it monitors, and how to modify it becomes essential. Instructions live alongside the workflow itself — so the documentation is always where your team needs it, not in a separate wiki or document.

You can now write rich-text instructions directly inside your CloudFlow flows — making it easy for your team to understand what a flow does, how to configure it, and what to expect.

What's new

Every CloudFlow now has a dedicated README node visible at the top of the editor canvas. Click it to open a side panel that displays your flow's documentation, or click Edit to open a full markdown editor where you can write and format your instructions.

The instructions editor supports full Markdown, so you can structure your documentation with headings, bullet points, code snippets, bold/italic text, and more — everything you need to clearly explain your workflow's purpose and logic.

Link directly to nodes

Use the special $nodes["Node Name"] syntax to create clickable references to specific nodes in your workflow. When someone reads your instructions and clicks a node reference, the editor automatically navigates to and highlights that node on the canvas. You'll also get autocomplete suggestions as you type, so you don't need to remember exact node names.

Always accessible

• README node on the canvas — a dedicated node is always visible at the top of your workflow, giving you one-click access to the instructions panel
• Top bar menu — you can also open the instructions editor from the workflow's top bar
• Side panel — read your instructions without leaving the graph view, in a convenient slide-out drawer

You can now format numbers, dates, bytes, and percentages directly inside your CloudFlow Notification node — making Slack and email messages clearer and more professional without any extra workflow nodes.

How it works

Wrap any referenced value in double curly braces with a formatting function:

{{ format(diskSize, "#,##0.00") }}

That's it. When the notification fires, raw values like 1234.5 become 1,234.50.

Available functions

Numbers & currency — Use Excel-style patterns to add thousands separators, decimals, or currency symbols:

• format(val, "#,##0.00") → 1,234.50
• format(val, "$#,##0") → $1,234

Percentages — Automatically multiplies by 100 and adds the % sign:

• format(val, "0.0%") → 85.6%

Bytes — Automatically picks the best unit (B, KB, MB, GB, TB):

• bytes(val) → 5.49 GB
• bytes(val, 1) → 5.5 GB (control decimal places)

Dates — Parse timestamps (Unix seconds, milliseconds, or ISO strings) and reformat them:

• date(val, "yyyy-mm-dd") → 2026-02-12
• date(val, "unix") → convert back to Unix timestamp

Text — Change case:

• upper(val) → HELLO
• lower(val) → hello

Inline math — Perform calculations on the fly:

• {{ val * 5 }} → 500

Multi-value support

When a referenced field returns multiple values (e.g., disk sizes across several VMs), each value is formatted individually and joined with commas:

{{ bytes(7665791702, 6046802307, 1) }} → 7.7 GB, 6.0 GB

Resilient by design

If one expression in your message has a formatting error, only that expression falls back gracefully — the rest of your notification renders normally.

In-editor reference

A new Formatting tab in the template tags dialog gives you a quick reference of all available functions with live examples, so you don't need to memorize the syntax.