Founder here - Since a workflow in the context of CTO.ai is just a container, which executes your code, you can build out as robust permissions as you need to by leveraging our vault integration, configs and teams.

Currently, our teams are a basic ACL that lets you manage who in Slack can run the workflow, but we also allow you to associate any of your teams to private channels, so you can more granularly control access using Slack's user membership.

We're looking at more RBAC on top of this for enterprise but for most smaller teams, this covers the majority of their use cases. They often create a team for ops and a team for dev and then associate these teams to members + channels as needed.