Declarative app examples

This page shows complete declarative app examples and common app patterns.

Example: SOC triage app

This app defines a finding model, list page, detail page, dashboard page, actions, approvals, navigation, and an assistant.

{
  "display_name": "SOC Triage",
  "description": "Review, enrich, and route high-priority security findings.",
  "route": "/apps/soc-triage",
  "tags": ["security", "triage", "findings"],
  "defaults": {
    "warehouse": "localwarehouse",
    "limit": 100
  },
  "models": [
    {
      "name": "finding",
      "source": {
        "type": "sql",
        "sql": "SELECT * FROM findings WHERE severity IN ('critical', 'high')"
      },
      "key": "finding_id",
      "display_fields": ["finding_id", "severity", "service", "summary", "status"],
      "state_field": "status"
    }
  ],
  "pages": [
    {
      "name": "findings",
      "type": "list",
      "model": "finding",
      "title": "Findings",
      "fields": [
        { "name": "severity", "label": "Severity", "type": "string" },
        { "name": "service", "label": "Service", "type": "string" },
        { "name": "summary", "label": "Summary", "type": "string" },
        { "name": "status", "label": "Status", "type": "string" }
      ],
      "actions": ["bulk_assign"],
      "row_actions": ["open_investigation", "create_ticket"]
    },
    {
      "name": "finding_detail",
      "type": "detail",
      "model": "finding",
      "title": "Finding detail",
      "sections": [
        {
          "type": "fields",
          "title": "Summary",
          "fields": [
            { "name": "finding_id", "label": "Finding ID", "type": "string", "readonly": true },
            { "name": "severity", "label": "Severity", "type": "string" },
            { "name": "service", "label": "Service", "type": "string" },
            { "name": "summary", "label": "Summary", "type": "string" }
          ]
        },
        {
          "type": "dashboard",
          "title": "Evidence",
          "dashboard": "finding-evidence"
        }
      ],
      "actions": ["open_investigation", "create_ticket", "mark_resolved"]
    },
    {
      "name": "overview",
      "type": "dashboard",
      "title": "Overview",
      "dashboard": "soc-triage-overview"
    }
  ],
  "actions": [
    {
      "name": "open_investigation",
      "label": "Open investigation",
      "kind": "assistant",
      "target_page": "finding_detail",
      "post_action": {
        "behavior": "navigate",
        "target_page": "finding_detail"
      }
    },
    {
      "name": "create_ticket",
      "label": "Create ticket",
      "kind": "workflow",
      "workflow": "CreateFindingTicket@v1",
      "requires_confirmation": true,
      "approval": "ticket_creation",
      "input_fields": [
        { "name": "assignee", "label": "Assignee", "type": "string", "required": true },
        { "name": "priority", "label": "Priority", "type": "string", "default_value": "P2" }
      ],
      "post_action": {
        "behavior": "refresh"
      }
    },
    {
      "name": "mark_resolved",
      "label": "Mark resolved",
      "kind": "transaction",
      "requires_confirmation": true,
      "post_action": {
        "behavior": "refresh"
      }
    },
    {
      "name": "bulk_assign",
      "label": "Assign selected",
      "kind": "workflow",
      "workflow": "BulkAssignFindings@v1",
      "input_fields": [
        { "name": "owner", "label": "Owner", "type": "string", "required": true }
      ]
    }
  ],
  "approvals": [
    {
      "name": "ticket_creation",
      "action": "create_ticket",
      "approver_role": "soc-lead",
      "required": false
    }
  ],
  "navigation": [
    { "label": "Findings", "page": "findings" },
    { "label": "Overview", "page": "overview" }
  ],
  "assistants": [
    {
      "name": "triage_assistant",
      "kind": "investigation",
      "description": "Summarize finding evidence and recommend next actions.",
      "model": "finding",
      "tools": ["query_related", "create_ticket", "mark_resolved"]
    }
  ],
  "ai": {
    "default_assistant": "triage_assistant",
    "instructions": "Use evidence first. Do not recommend remediation without supporting events."
  }
}

Example: approval queue app

Use this pattern when users need to review pending actions before execution.

{
  "display_name": "Access Approval Queue",
  "description": "Review and approve high-impact identity actions.",
  "route": "/apps/access-approvals",
  "models": [
    {
      "name": "approval",
      "source": {
        "type": "app_query",
        "query_name": "pending_approvals"
      },
      "key": "approval_id",
      "display_fields": ["approval_id", "action", "requester", "record_key", "status"]
    }
  ],
  "pages": [
    {
      "name": "approval_queue",
      "type": "list",
      "model": "approval",
      "title": "Pending approvals",
      "fields": [
        { "name": "action", "label": "Action", "type": "string" },
        { "name": "requester", "label": "Requester", "type": "string" },
        { "name": "record_key", "label": "Record", "type": "string" },
        { "name": "status", "label": "Status", "type": "string" }
      ],
      "row_actions": ["approve", "reject"]
    }
  ],
  "actions": [
    {
      "name": "approve",
      "label": "Approve",
      "kind": "approval_decision",
      "requires_confirmation": true
    },
    {
      "name": "reject",
      "label": "Reject",
      "kind": "approval_decision",
      "requires_confirmation": true,
      "input_fields": [
        { "name": "comment", "label": "Reason", "type": "string", "required": true }
      ]
    }
  ],
  "navigation": [
    { "label": "Approvals", "page": "approval_queue" }
  ]
}

Example: app with embedded dashboards and notebooks

Apps can include pages that reference dashboards and notebooks defined elsewhere in the same bundle.

{
  "display_name": "Runtime Operations",
  "description": "Operational view for runtime events, hosts, and high-risk processes.",
  "route": "/apps/runtime-ops",
  "models": [
    {
      "name": "host",
      "source": {
        "type": "sql",
        "sql": "SELECT * FROM host_inventory"
      },
      "key": "host",
      "display_fields": ["host", "environment", "owner_team", "risk_score"]
    }
  ],
  "pages": [
    {
      "name": "overview",
      "type": "dashboard",
      "title": "Runtime overview",
      "dashboard": "runtime-overview"
    },
    {
      "name": "investigation_notebook",
      "type": "notebook",
      "title": "Investigation notebook",
      "notebook": "runtime-investigation"
    },
    {
      "name": "hosts",
      "type": "list",
      "model": "host",
      "title": "Hosts",
      "fields": [
        { "name": "host", "label": "Host", "type": "string" },
        { "name": "environment", "label": "Environment", "type": "string" },
        { "name": "owner_team", "label": "Owner", "type": "string" },
        { "name": "risk_score", "label": "Risk", "type": "number" }
      ]
    }
  ],
  "navigation": [
    { "label": "Overview", "page": "overview" },
    { "label": "Hosts", "page": "hosts" },
    { "label": "Notebook", "page": "investigation_notebook" }
  ]
}

Example: bundle with app, dashboard, notebook, and workflow

A bundle can install the app and the resources it depends on.

---
kind: Bundle
metadata:
  name: runtime-ops-app
spec:
  bundle_version: 1.0.0
  description: Runtime operations app with dashboard, notebook, and workflows.
---
kind: Application
metadata:
  name: runtime-ops
spec:
  display_name: Runtime Operations
  description: Operational view for runtime events and hosts.
  route: /apps/runtime-ops
  models:
    - name: host
      source:
        type: sql
        sql: SELECT * FROM host_inventory
      key: host
      display_fields: [host, environment, owner_team, risk_score]
  pages:
    - name: overview
      type: dashboard
      title: Runtime overview
      dashboard: runtime-overview
  navigation:
    - label: Overview
      page: overview
---
kind: Dashboard
metadata:
  name: runtime-overview
spec:
  description: Runtime overview dashboard.
  refresh:
    enabled: true
    interval_seconds: 60
  layout:
    columns: 24
    row_height: 30
  panels: []
---
kind: Notebook
metadata:
  name: runtime-investigation
spec:
  format_version:
    major: 1
    minor: 0
  cells: []

Example: action input fields

Actions can collect structured input before running.

{
  "name": "notify_owner",
  "label": "Notify owner",
  "kind": "workflow",
  "workflow": "NotifyOwner@v1",
  "input_fields": [
    {
      "name": "message",
      "label": "Message",
      "type": "string",
      "required": true,
      "help": "Explain why the owner is being notified."
    },
    {
      "name": "urgency",
      "label": "Urgency",
      "type": "string",
      "default_value": "normal",
      "enum_values": [
        { "value": "low", "label": "Low" },
        { "value": "normal", "label": "Normal" },
        { "value": "urgent", "label": "Urgent" }
      ]
    }
  ],
  "requires_confirmation": true
}

Example: assistant configuration

{
  "assistants": [
    {
      "name": "asset_assistant",
      "kind": "investigation",
      "description": "Answer questions about asset risk and ownership.",
      "model": "asset",
      "tools": ["query_model", "query_related", "open_dashboard", "notify_owner"]
    }
  ],
  "ai": {
    "default_assistant": "asset_assistant",
    "instructions": "Prefer current inventory data. Cite the fields used to answer each question."
  }
}

Best practices

• Start with one model and one list page.
• Add detail pages only when users need record-level context.
• Use dashboards for overview and trend pages.
• Use notebooks for guided investigation and reusable analysis.
• Put side-effecting work behind Axon workflows and approvals.
• Define clear navigation; avoid exposing every page by default.
• Keep model keys stable.
• Bundle the app with the dashboards, notebooks, workflows, and sample data it needs.