How to Build a Policy Lookup System for Approval Workflows

Let approval workflows automatically check company policies before routing for human review.

What This Integration Does

Approvers spend half their time looking up the policy that applies to the request in front of them. This workflow does that lookup automatically: every approval request hits a Knowledge query against your indexed policies first, and the matching excerpt is shown next to the request when the Human approver opens it. Decisions get faster and more consistent, and the audit trail records exactly which policy text informed each approval.

Operationally, the workflow accepts approval requests via webhook (from your purchasing system, expense tool, or internal admin UI), retrieves the relevant policy section, optionally auto-approves cases that clearly fall inside policy thresholds, and routes everything else to a Human node with the policy excerpt attached. Each approval is logged with the matched policy sourceId so a future audit can replay the reasoning.

Prerequisites

  • A Knowledge collection containing your approval policies, delegation of authority documents, and expense guidelines.
  • A way for requests to arrive: typically a Webhook Trigger from your purchasing or expense system.
  • A Slack or resend/smtp connection to notify approvers.
  • A mongodb or mysql connection for the audit log.

Step 1: Webhook Trigger

Add a Trigger node and set the sub-type to Webhook. The expected payload is the approval request itself: requestType, amount, currency, requesterId, costCenter, and a free-text description. Set up basic validation - reject obviously malformed payloads early so they don't pollute the audit log.

Step 2: Knowledge Node - Retrieve the Applicable Policy

Add a Knowledge node in query mode. Compose a query that pulls in the most relevant signals from the request:

{
  "query": "Approval policy for {{ trigger.requestType }} of {{ trigger.amount }} {{ trigger.currency }} in cost center {{ trigger.costCenter }}",
  "topK": 4,
  "minScore": 0.7
}

Save the response as policyContext. The result includes the matched excerpts plus their sourceId, which is what you'll later attach to the audit record.

Step 3: AI Agent - Extract the Threshold and Required Approvers

Add a Connector node calling the AI Agent. Feed it the policy excerpts and ask for a structured decision object:

Based on the policy excerpts below, return JSON:
{
  "withinPolicy": boolean,
  "requiredApproverLevel": "manager" | "director" | "vp" | "cfo",
  "policyQuote": string,
  "rationale": string
}

Request: {{ trigger | json }}
Policy excerpts: {{ policyContext.results }}

Set the temperature low (0.1) for consistency. Validate the response with json validate so you don't pass garbage to the next step.

Step 4: Condition - Auto-Approve, Auto-Reject, or Route

Add a Condition node with three branches:

  • Auto-approve - withinPolicy == true AND requiredApproverLevel == "manager" AND the amount is under a small workspace threshold (e.g. $250). Useful for legitimately routine spends.
  • Auto-reject - withinPolicy == false with a clear violating policy quote. Notify the requester rather than wasting an approver's time.
  • Human review - everything else, which is almost always the bulk of traffic.

Step 5: Human Node - Present the Policy with the Request

Add a Human node on the review branch. Populate the approver's view with the request fields plus the AI Agent's structured decision and the raw policy excerpts. The Human node should expose three actions: approve, reject, or request more info. The matched policy sourceId rides alongside so the approver can click through to the full document if they want context beyond the excerpt.

Step 6: Notify and Audit

On every terminal branch (auto-approve, auto-reject, or human decision), notify the requester via slack send-message or resend send-email. Then write the full audit record to mongodb or mysql: the request payload, the policy sourceId and excerpt that informed the decision, the AI Agent's structured output, who approved, and the timestamp. This is the artifact your auditors will ask for.

Tips

  • Re-index policies on every change - an out-of-date policy retrieval is worse than no retrieval. Build a CI step that re-runs your policy indexing workflow whenever the underlying documents change.
  • Show, don't summarize - approvers trust quotes more than AI summaries. Always include the raw excerpt, not just the AI's interpretation.
  • Time-box auto-approvals - keep the auto-approve threshold conservative until you've seen enough audit data to be confident. Raising the cap later is easy; clawing back over-approvals is not.

Common Pitfalls

  • Policy excerpts that miss the threshold table - chunking can split a table away from its heading. If your policies rely on numeric thresholds, make sure the chunk includes the table; consider indexing the table separately with explicit metadata.
  • Ambiguous policies - if the AI Agent can't find a clear threshold, it tends to hallucinate one. Force requiredApproverLevel to be one of an enum and bail to human review if confidence is low.
  • Currency conversion - thresholds are usually stated in one currency. Convert amount to that currency in a Transform step before the Knowledge query and threshold check.

Testing

Pick three request shapes you know the policy outcome for by hand: one obvious auto-approve, one obvious auto-reject, one ambiguous case that should go to a human. Submit each via the webhook. Confirm each lands in the right branch, that the audit record cites the correct policy excerpt, and that the human-review case shows the approver useful context.

Learn More

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.