Workflow Customisation

Workflow engines enables an organisation to define custom business processes for their projects. Instead of being locked into fixed, predetermined steps, you can create workflows that match your specific operational requirements.

RiskNodes provides the ability to:

• Track individual approvals against specific entities
• Gate transitions based on approval status
• Maintain detailed audit trails of who approved what and when
• Configure complex, multi-tier approval requirements
• Write business logic in human-readable guard expressions
• Coordinate workflows across nested entity hierarchies

// Replace configuration with clear rules
agent.confidence >= 0.85 && approval.security_risk <= 'medium' 
  || user.role == 'principal_engineer'

What Are Workflows?

A workflow defines the lifecycle of business objects in your organisation - such as AI pull request audits, agentic deployments, or secure SDLC processes. Each workflow consists of:

• Statuses - The different stages an item can be in (e.g., “Agentic Eval”, “Human Review Required”, “Blocked”, “Approved”)
• Transitions - The allowed movements between statuses (e.g., moving from “Agentic Eval” to “Human Review Required”)
• Actions - What users or agents can do at each status (e.g., provide evidence, flag risks, approve, merge)

Benefits

Organisational Flexibility

Different organisations have different processes. RiskNodes workflows adapt to your existing business rules rather than forcing you to change how you work.

Version Control

Workflows are versioned, allowing you to evolve your processes over time while maintaining historical consistency for existing projects.

Permission Integration

Each status defines exactly what actions users can perform, ensuring proper governance and access control throughout your processes.

Customisable Business Logic

Advanced users can define custom rules that determine when transitions are allowed and what happens during status changes.

How Workflows Work

Status-Based Permissions

At any given status, users only see the actions they’re permitted to perform.

Controlled Transitions

Moving between statuses is controlled and auditable. Users (or automated agents) can only make transitions that are explicitly defined and for which they have permission.

Guard Expressions - Business Logic in Readable form

RiskNodes uses “CEL” (Common Expression Language), a readable and industry-standard expression language that lets you write complex business rules without programming. Instead of endless configuration screens, you write logical conditions that are simple to understand and maintain.

Access Control Example:

user.roles.contains('admin') || resource.owner == user.id

Data Filtering Example:

created_at.within(duration('24h')) && status == 'pending'

Workflow Conditions Example:

approval.status == 'approved' && budget.remaining >= cost

Context-Aware Rules

Workflows can incorporate business rules that consider the current state of the project, user roles, deadlines, approval status, and other contextual factors.

Nested Workflow Scopes

Example: Coordinated Transition Logic

• Child Module Audit workflows attempt to transition parent Audit from “Checking” to “Final Decision”
• Parent transition only fires when guard condition is satisfied, such as requiring all modules to be checked before final risk score calculation:

all_modules.all(m, m.status == 'checked') && modules.size() > 0

Workflow Management

Creating Workflows

Administrators can create new workflows for different types of business processes. Each workflow is specific to:

• A particular entity type (projects, issues, etc.)
• Your organisation
• A specific version for change management

Workflow Designer

The workflow designer provides a visual interface for:

• Defining statuses and their properties
• Setting up transitions between statuses
• Configuring permissions for each status
• Writing guard expressions in -English CEL language
• Adding business rules and validation logic
• Specifying required approvals for transitions
• Creating cross-scope transition logic between parent and child workflows

Deployment and Testing

New workflows can be tested and refined before being deployed to live operations, ensuring business continuity during process improvements.

Real-World Examples

Agentic Code Deployment Pipeline

flowchart TD
    A[Agent Proposes Code] --> B[Automated Context Gathering]
    B --> C[Local LLM Audit]
    C --> D[Risk Score Calculation]
    D --> E{Exceeds Threshold?}
    E -->|No| F[Auto-Merge Allowed]
    E -->|Yes| G[Human Security Review]
    G --> H[Final Decision]
    
    %% Escalate transitions
    C -.-> G
    
    %% Iterate and refine
    G -.-> A

• Local LLM Audit automatically answers questions against the pre-defined safety framework.
• Human Security Review requires domain expert approval of all flagged responses before merge.
• Auto-Merge Allowed integrates with CI tools via webhooks to continue the deployment.

evaluations.all(e, e.confidence > 0.8) && flags.count == 0

approvals.security.size() >= 1 && approvals.security.exists(a, a.role == 'principal_security_engineer')

risk_level == 'high' && flags.contains('unvalidated_external_call')

Continuous AI Guardrail Verification

flowchart TD
    A[Model Config Change] --> B[Automated Red Teaming]
    B --> C[Alignment Check]
    C --> D{Pass Rate?}
    D -->|100%| E[Update Approved]
    D -->|<100%| F[Ethics Committee Review]
    F --> G[Remediation Required]
    G --> H[Re-Run Checks]
    H --> E

LLM Service Integration Pipeline

flowchart TD
    A[Scope Definition] --> B[Requirement Mapping]
    B --> C[Agentic Sandbox Deploy]
    C --> D[Simulated Load Testing]
    D --> E[Sovereign Architecture Check]
    E --> F[Expert Flag Review]
    F --> G[Final Sign-Off]
    
    %% Emergency block transitions
    D -.-> F
    
    %% Backtrack for revisions and corrections
    E -.-> B
    F -.-> C

Getting Started

1. Review Default Workflows - RiskNodes comes with sensible default workflows that work for most organisations
2. Map Your Approval Requirements - Identify who needs to approve what at each stage of your processes
3. Identify Business Rules - Document the logical conditions that govern when transitions should occur
4. Write Guard Expressions - Convert business rules into readable CEL expressions
5. Design Custom Workflows - Use the workflow designer to create processes that match your requirements and approval gates
6. Configure Cross-Scope Logic - Set up parent-child workflow coordination where needed
7. Test and Refine - Validate new workflows with a small team before full deployment
8. Train Users - Ensure your team understands the new processes, their roles, and approval responsibilities

Advanced Features

Example Rules:

// Prevent weekend submissions
!(submission_date.getDayOfWeek() in [0, 6])

// Require senior approval for large budgets  
budget.total > 100000 && approvals.exists(a, a.seniority >= 'director')

// Coordinate parent-child workflows
child_workflows.all(w, w.status in ['completed', 'approved'])

Integration Capabilities

Workflows can trigger external system calls, send notifications, update dashboards, and integrate with other business applications when approvals are received or transitions occur.

Audit and Compliance Reporting

Complete audit trails show:

• How items move through workflows
• Who provided approvals and when
• Any approval exceptions or escalations
• Full compliance history for regulatory requirements

Multi-Organisation Support

Large enterprises can define different workflows for different business units while maintaining consistent approval standards and governance requirements across the organisation.

Competitive Advantage

Workflow customisation transforms RiskNodes from a assessment tool into a platform that supports unique business processes, improving efficiency while maintaining the rigorous controls and approval processes required in regulated environments.