Trigger. Snapshot. Dispatch. Undo if needed.
22 typed trigger events. 13 production action handlers. Every action is snapshot-and-undo, dry-run by default, 7-day mandatory dry-run for paid spend, audit-logged with a plain-language reason. The safety primitives that make automation deployable across 50 client shops.
Most automation is fire-and-forget. That's the problem.
Operators want speed AND safety. Most platforms force a choice.
"Oops, I auto-paused 47 products."
Most automation tools dispatch the action and then it's gone. No state snapshot. No reversal. You write the support ticket and pray.
First run is production.
Operators turn on a new rule. It fires immediately. If the threshold is wrong, the spend went to zero before anyone saw the dashboard.
"Why did this happen?"
Action fired. Compliance team asks why. No log row, no reasoning, no traceId. Hours of forensics for one question.
Match. Snapshot. Dispatch. Audit.
Every rule fire follows the same four stages — and writes a row in each.
Trigger event matches
22 typed event types: seo.decay-detected, ads.roas-dropped, sales.cart-abandoned, mc.disapproval-flagged, product.low-stock, etc. Rule engine matches conditions + cooldown + freeze windows.
Before-state captured
Every handler exports a snapshot() function. Action stored with full before-state JSON, traceId, ruleId, timestamp. Undo is a function call away.
Worker runs the action
BullMQ worker dequeues + dispatches. Per-platform throttle (Shopify 1000-bucket, Ads token-bucket). Dry-run gated for paid spend (7-day mandatory).
Plain-language reason
engineAudit() row: 'Reduced bid on campaign 47 because attribution flagged sustained ROAS drop.' Searchable, traceId-correlated, 365-day default retention.
22 triggers. Three stages. 13 handlers.
The exact runtime topology. Hover any source or output to inspect.
Three concrete moves customers made.
Anonymised but representative.
Automation across 50 client shops, audited
An agency runs 50 Shopify Plus accounts on Sumeru. The Automation Engine fires ~847 actions per week across the portfolio — most are alt-text generation, low-stock reorders, and cart-recovery sends. Snapshot+undo means zero day-1 disasters.
7-day dry-run caught a bad rule
An operator wrote a 'reduce_paid_bid' rule with an off-by-one threshold. The 7-day mandatory dry-run flagged 320 simulated bids that would have zeroed out a $40k/wk campaign. The rule was caught and corrected before it ever went live.
Every action carries plain-language reason
Audit log row: 'Reduced bid on campaign 47 by 12% because attribution-engine reported sustained ROAS drop -34% over 6 days, threshold breached.' Compliance team reads these directly. No code, no Looker.
What's available where.
| Capability | Starter | Pro | Agency | Enterprise |
|---|---|---|---|---|
| Typed trigger → action rule engine | ✓ | ✓ | ✓ | ✓ |
| 13 production action handlers | ✓ | ✓ | ✓ | ✓ |
| 22 trigger events (seo · ads · sales · mc) | ✓ | ✓ | ✓ | ✓ |
| Snapshot + undo on every fire | ✓ | ✓ | ✓ | ✓ |
| 7-day mandatory dry-run · paid spend | ✓ | ✓ | ✓ | ✓ |
| Per-rule cooldown · quiet hours · freeze | — | ✓ | ✓ | ✓ |
| Approval queues · agency-tier | — | — | ✓ | ✓ |
| Kill-switch · freeze entire shop · BFCM-safe | ✓ | ✓ | ✓ | ✓ |
| 365-day audit retention | ✓ | ✓ | ✓ | ✓ |
See snapshot + undo on a real action.
We walk through a representative rule, fire it in dry-run, show the snapshot, then undo. The whole loop in 8 minutes.