Skip to main content
This example walks through building a weekly compliance scan — a headless scheduled workflow that audits patient records for open compliance tasks, generates a structured AI summary, and delivers it to the compliance officer. No UI surface needed.

What you’re building

ResourceDescription
Workflow (Scheduled)Weekly compliance scan — fires every Monday at 8am
Entitycompliance_task — outstanding compliance items per patient
IntegrationPostmark (weekly summary email)
Settingcompliance_officer_email, scan_cadence

Step 1: Create the project

Click New Project. Name it Compliance Operations.

Step 2: Author the workflow

In chat:
“Every Monday morning at 8am, I want to scan all open compliance tasks — things like overdue HIPAA consent reviews, missing BAA acknowledgments, and patients flagged for follow-up — and send a summary email to the compliance officer. The email should group findings by severity and include a count of how many items have been open for more than 30 days.”
The system asks: “What starts this? It sounds like a weekly schedule — shall I make this fire every Monday at 8am Central?” → Confirm. The system:
  • Creates a compliance_task entity with fields: patient_id, task_type, severity (low/medium/high), due_date, status, opened_at
  • Creates the compliance scan workflow with trigger: schedule (every Monday 08:00 America/Chicago)
  • Compiles steps: query open tasks → group by severity → identify overdue (>30 days) → AI summary generation → email delivery

Step 3: Configure the schedule

The system infers the schedule from your description. To adjust:
“Change the cadence to every first Monday of the month instead.”
The contract updates. The schedule is expressed in natural language during authoring and compiled to a cron expression in the contract.

Step 4: Add a setting for the email address

compliance_officer_email = [email protected]
scan_cadence             = weekly
The notification step references compliance_officer_email by name.

Step 5: Run a manual test

From the test/run console, click Run Now (Sandbox). This fires the workflow immediately without waiting for the Monday schedule. The trace shows:
  1. query_tasks — retrieved 47 open compliance tasks from the compliance_task entity.
  2. group_by_severity — high: 3, medium: 12, low: 32
  3. flag_overdue — 11 tasks open more than 30 days
  4. generate_summary — AI inference (PHI-processed): “3 high-severity items require immediate action: two patients have BAA acknowledgments expired more than 90 days ago, one patient consent review is 45 days overdue. 11 total items are beyond the 30-day threshold.”
  5. send_emailsandbox: “would have sent summary email to [email protected].”

Step 6: Review the AI summary step

Open the generate_summary step in the trace. The AI call:
  • Model: Claude Haiku (low-cost summarization, appropriate for this step)
  • Input: anonymized record counts and task metadata (no patient names or identifiers passed to inference)
  • Output schema: { summary: string, high_count: int, overdue_count: int, action_required: boolean }
  • PHI guard: active — all patient identifiers stripped before inference; summary is non-PHI output
To change the summary format, describe it in chat: “Include a bulleted list of high-severity items with their task type and how many days they’ve been open.” The system updates the inference step’s prompt in the contract.

Step 7: Add a condition for empty scans

In chat:
“If there are no open compliance tasks, skip the email.”
The system adds a condition step before the summary: if open_task_count == 0 → end. No email fired when everything is clean.

Step 8: Release

Click Release. Summary: “Initial release: weekly compliance scan workflow. Fires every Monday at 8am Central. Sends summary to compliance officer when open items exist.” Review the diff and publish.

What happens in production

Every Monday at 8am Central:
  1. The workflow fires on schedule.
  2. All open compliance_task records are queried.
  3. Counts are computed by severity and overdue threshold.
  4. AI generates a structured summary — PHI stripped before inference.
  5. Postmark sends the real email to the compliance officer.
  6. The run trace is audited and retained.
If there are zero open tasks: the condition exits early; no email is sent; the run is still traced.

Extending the example

  • Add Slack notification for high-severity items: if high_count > 0, post a direct message to the compliance officer on Slack in addition to the email.
  • Multi-org scan: extend the entity to include org_id and run the scan across multiple orgs in the same account.
  • Dashboard app: add a role-gated app (/compliance) that shows live task status — the same compliance_task entity, rendered as a filterable table. Clinical admins can view and close tasks without waiting for the Monday email.
  • Automated remediation: for specific task types (e.g., auto-resend consent forms), add a step that fires a remediation workflow on each open high-severity task rather than just reporting.