The question enterprises actually ask about AI automation isn't 'how smart is it?' It's 'what happens when it's wrong?' A system with a good answer to the second question gets deployed. This pattern is that answer, packaged: the AI does the work, humans keep the authority, and the paperwork writes itself.
The workflow
How it works
- The AI drafts a complete action, not a suggestion: the refund amount, the clause text, the exact config diff — plus the evidence it drew on. Approvers approve things, not ideas.
- A deterministic rules engine assigns the risk tier: thresholds on amount, blast radius, reversibility, and customer tier. The drafting model gets no vote on how risky its own draft is.
- Low risk auto-executes with full logging — an approval workflow that gates everything is just a slow queue; the point is spending human attention where it changes outcomes.
- Medium risk batches into a review queue with an SLA; approvers process ten at a time with keyboard-speed approve/edit/reject.
- High risk blocks on a named approver, chosen by routing rules (amount bands, departments, on-call schedule) — with escalation if the SLA lapses, so nothing rots in a queue.
- The approval view assembles everything in one screen: the draft, its evidence, the policy excerpt it touches, and the three most similar past decisions with their outcomes.
- Every decision writes twice: once to the immutable audit trail (who, what, why, when), once to the examples library that future drafts retrieve as few-shot context — the system gets better at drafting what this organization actually approves.
Risk tier configuration
{
"action_type": "refund",
"tiers": [
{ "tier": "low", "when": { "amount_lte": 50, "customer_months_gte": 3 }, "route": "auto_execute" },
{ "tier": "medium", "when": { "amount_lte": 500 }, "route": "batch_review", "sla_hours": 24 },
{ "tier": "high", "when": { "amount_gt": 500 }, "route": "named_approver", "approver_rule": "finance_oncall", "sla_hours": 8, "escalate_to": "finance_lead" }
],
"hard_blocks": ["chargeback_open", "account_flagged_fraud"]
}Stack
- Workflow — durable execution (n8n, Temporal-class) so pending approvals survive restarts and deploys
- Rules — versioned tier config in the repo; changes to tiers get reviewed like code
- Approval surface — Slack/Teams actions for batch tier; a focused web view for the named-approver tier
- Audit — append-only Postgres table; every row carries actor, action, evidence hash, and decision reason
- Feedback — decided examples indexed for retrieval into future drafting prompts
Autonomy isn't a setting you pick at kickoff. It's a privilege each action type earns — with an approval history to show for it.