The Code integration lets advanced users run small JavaScript snippets inside automation flows or live agent actions. Use it for last-mile customization when built-in steps almost solve the workflow but you need to transform, validate, format, or calculate something first.
Examples:
- Normalize phone numbers before dialing.
- Convert a webhook response into fields an agent can use.
- Calculate a lead score.
- Choose a local-presence number based on area code.
- Route by date, time window, or custom business rules.
Code is not a general-purpose serverless environment. It runs in a restricted sandbox with time, memory, network, and security limits.
How it works
A Code step receives prior node outputs through an inputs object. Your script returns a JSON-serializable value. That return value becomes the step output and can be mapped into later steps or agent actions.
const phone = inputs['trigger'].phone
const digits = phone.replace(/\D/g, '')
return {
e164: digits.startsWith('1') ? `+${digits}` : `+1${digits}`,
}
Configuration
| Field | Required | Description |
|---|
| Code | Yes | JavaScript to execute. Must return a JSON-serializable value. |
| Timeout | No | Maximum execution time. Shorter limits apply during live calls to protect call quality. |
Use variables from prior steps
Use the data picker to insert references to previous outputs. References are inserted as inputs['nodeId'].fieldName paths.
Example:
const firstName = inputs['create_contact'].first_name
const appointmentDate = inputs['check_availability'].selected_time
return {
message: `Hi ${firstName}, your appointment is confirmed for ${appointmentDate}.`,
}
Limits
Typical limits include:
| Limit | Why it exists |
|---|
| Execution timeout | Prevents slow scripts from blocking workflows or live calls. |
| Memory cap | Protects platform stability. |
| Code size cap | Keeps snippets small and reviewable. |
| Console output cap | Prevents excessive logs. |
| Concurrency cap | Prevents one workspace from consuming all runner capacity. |
Blocked capabilities
The sandbox blocks risky or platform-level operations, including:
- Network calls such as
fetch, XMLHttpRequest, or WebSocket
- Node.js built-ins such as
require or process
- Code generation such as
eval, new Function, or dynamic import()
- Known sandbox escape patterns
- Obvious infinite loops
If your workflow needs external API access, use a webhook or integration step before or after the Code step.
Examples
Validate an email address
const email = inputs['trigger'].email
const valid = /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)
return { email, valid }
Calculate a lead score
const lead = inputs['create_or_update_contact']
const score =
(lead.budget >= 50000 ? 40 : 20) +
(lead.timeline === 'immediate' ? 30 : 10) +
(lead.company_size >= 100 ? 30 : 10)
return {
score,
qualified: score >= 70,
}
Route by area code
const digits = inputs['trigger'].phone.replace(/\D/g, '')
const areaCode = digits.length === 11 ? digits.slice(1, 4) : digits.slice(0, 3)
const region = {
'212': 'new_york',
'646': 'new_york',
'415': 'san_francisco',
}[areaCode] || 'default'
return { areaCode, region }
Best practices
- Keep scripts short and focused.
- Return structured JSON objects, not long strings.
- Use webhooks or CRM steps for external API calls.
- Test with realistic sample data before going live.
- Avoid putting secrets in code.
