Workflows

Approval gates that
never get bypassed

Every autonomous action flows through a governance pipeline. Three tiers of escalation. Real human approvers. Complete evidence trail. No exceptions.

Workflow Pipeline

From detection to governed execution

Every SageOS workflow follows the same governance pipeline — regardless of the domain or agent.

01

Agent Detects & Classifies

An agent identifies an event — a security threat, an operational anomaly, a compliance gap. It classifies the event against the policy engine to determine the risk tier.

02

Policy Engine Routes

Based on the risk classification, the policy engine determines the approval path: auto-execute (Tier 1), on-call approval (Tier 2), or executive sign-off (Tier 3).

03

Approval Request Sent

For Tier 2/3 actions, an approval request is pushed to the designated approver via Teams. The request includes full context: what, why, risk assessment, and recommended action.

04

Human Reviews & Decides

The approver reviews the context in a Teams adaptive card. One click to approve or deny. If no response within the SLA window, the request auto-escalates.

05

Governed Execution

Once approved, the action executes through the governed M365 identity. Email via Graph, Teams notifications, SharePoint uploads — all through one audited executor.

06

Evidence Pack Generated

Every workflow generates a complete evidence pack: decision timeline, approval chain, action logs, and outcomes — automatically uploaded to SharePoint.

Approval Roles

Real humans, real authority

Approval roles map to positions in your organization — not AI personas. Each role has specific decision authority defined by the policy engine.

On-Call Responder

Tier 2

Designated team member who handles medium-risk operational decisions. Receives Teams notifications with full context and one-click approve/deny.

Network segment isolation
Service restart approval
Vendor escalation
Internal team notification

CISO

Tier 3

Chief Information Security Officer approves security-related external communications and high-impact containment actions.

External breach notification
Regulator communication
Forensic vendor engagement
Security hold orders

CEO

Tier 3

Chief Executive approves company-wide communications, board notifications, and actions with significant business impact.

Board notification
Press statements
Major vendor notifications
Business continuity decisions

General Counsel

Tier 3

Legal authority for regulatory filings, legal hold orders, and communications that carry legal implications.

Regulatory filings
Legal hold orders
Contract-related communications
Litigation-sensitive actions
Escalation

Auto-escalation with SLA enforcement

Timeout Detection

Every approval request has a configurable SLA window. If the designated approver doesn't respond within the window, the system takes action.

Auto-Escalation

Unresponsived requests automatically escalate to the next authority in the chain. CEO → Board, CISO → VP Security, GC → Deputy Counsel.

Escalation Audit

Every escalation is logged with timestamps, original assignee, reason for escalation, and the new approver. Full accountability at every step.

See governance in action

Walk through a complete incident response — from breach detection to executive-approved external communication.

View Case Study