🧠 Cerebro 🌐 Loom 🧢 Weave ⚑ Workflows πŸ” Identity πŸ“Š Presentation

⚑ Workflow Orchestration Engine

Multi-step, identity-aware workflows with approval gates, conditional branching, and parallel execution β€” security enforced at every step

WORKFLOW LIFECYCLE πŸ“‹ Define Visual designer or JSON Steps, triggers, branches ⚑ Trigger Manual Β· Webhook Β· Schedule Event starts the workflow πŸ”§ Execute Steps Tool calls Β· Conditions Β· Delays Identity enforced at each step βœ‹ Approve / Gate Pause Β· Notify Β· Wait Β· Escalate Human-in-the-loop βœ… Complete Notify Β· Log Β· Persist Full audit trail saved πŸ”’ Security at Every Step β€” Wired to Real MCP Engines Each tool_call step routes to the correct MCP engine via agent.call_tool() β†’ Identity injected β†’ Credentials resolved β†’ Policy enforced β†’ Action audited
Think of a workflow like a relay race with security checkpoints. Each runner (step) carries the baton (data), but before they can start running, a guard checks their badge (identity), hands them the right key (credentials), verifies they're allowed on this track (policy), and logs everything on camera (audit). If any check fails, the race pauses β€” it doesn't crash.

Step Types β€” Building Blocks of Any Workflow

πŸ”§ Tool Call Execute an MCP tool email-send Β· payments-charge Retry on failure Β· Outputβ†’vars βœ‹ Approval Gate Pause for human decision Approve / Reject / Escalate Timeout β†’ auto-escalate πŸ”€ Condition Branch on expression if amount > 500 β†’ path A True path / False path ⚑ Parallel Fan-out to N branches Run simultaneously, wait for all Require all / require 2 of 3 πŸ“§ Notification Send email / Slack / SMS Template with {{variables}} Uses user's own channels ⏱️ Delay / Timer Wait N minutes/hours Scheduled follow-ups SLA timers Β· Reminders Chain any steps together β€” each step's output feeds the next step's input via {{variables}} EXAMPLE: πŸ”§ Search flights β†’ πŸ”€ Over budget? β†’ βœ‹ Manager approval β†’ πŸ”§ Book flight β†’ πŸ”§ Charge card β†’ πŸ“§ Send confirmation Each πŸ”§ tool call has identity injected + credentials resolved + policy checked β€” automatically

Example: Expense Approval Workflow

β–Ά User submits expense πŸ”€ Validate amount > 0 ? πŸ”€ Over $500? amount > 500 yes ↓ βœ‹ Manager Approval Timeout: 24h β†’ escalate to director approved β†— rejected ↓ πŸ“§ Notify Rejected no (under $500) β†’ πŸ”§ Process Payment payments-charge πŸ“§ Notify Approved email-send confirmation βœ“ Done πŸ”’ sarah@acme.com Β· role=manager Β· vault=personal Visa 4242 Β· policy=write_allowed

Pre-Built Workflow Templates β€” Install in One Click

πŸ’° Expense Approval

Submit expense β†’ auto-approve under threshold β†’ manager approval if over β†’ process payment β†’ notify

πŸ”€ Validate πŸ”€ Threshold βœ‹ Approve πŸ”§ Pay πŸ“§ Notify

✈️ Travel Booking

Search flights β†’ check budget β†’ approval if over limit β†’ book β†’ charge card β†’ send confirmation

πŸ”§ Search πŸ”€ Budget βœ‹ Approve πŸ”§ Book πŸ”§ Charge πŸ“§ Confirm

🚨 Incident Response

Alert β†’ assess severity β†’ page on-call β†’ escalate if not acknowledged β†’ resolve

πŸ”€ Severity πŸ“§ Page βœ‹ Ack πŸ”§ Resolve

πŸ‘‹ Employee Onboarding

Create accounts β†’ assign groups β†’ equipment approval β†’ schedule orientation β†’ welcome email

πŸ”§ Create πŸ”§ Groups βœ‹ Equipment πŸ”§ Calendar πŸ“§ Welcome πŸ“§ Manager
Tool Call
Approval Gate
Condition Branch
Parallel / Critical
Notification
Delay / Timer
Every workflow template is one click to install and fully customizable. Think of them like recipe cards β€” the Expense Approval recipe works for most companies, but you can add your own ingredients (extra approval steps, different thresholds, custom notifications). And just like in ContextWeaver's agent loop, security follows every step β€” the workflow engine checks identity, resolves credentials, and enforces policies at each stage, not just at the beginning.
βœ•

πŸ“‹ Define Workflows

Visual Designer: Drag-and-drop steps in the Workflows tab. Add tool calls, conditions, approvals, notifications β€” wire them together visually.

JSON/YAML: Power users can write workflow definitions as code. Steps, triggers, branches, retry policies β€” all declared in a structured format.

Templates: Start from a pre-built template and customize. One-click install from the template gallery.

βœ•

⚑ Trigger Workflows

Manual: User clicks "Run" in the dashboard or types "start expense approval" in chat.

Webhook: External systems (monitoring alerts, form submissions, API calls) trigger workflows via POST /api/workflows/:id/run.

⏰ Schedule (Built-in Cron): APScheduler fires workflows on a cron schedule with scoped identity:

β†’ User scope: Runs as the user who created it, using their vault credentials

β†’ Group scope: Runs with group-level credentials (team lead creates)

β†’ Org scope: Runs with org-level credentials (manager only)

Presets: hourly, daily 9am, weekly Monday, weekdays, monthly. Custom cron supported.

Schedules persist to Cosmos DB and auto-restore on pod restart.

βœ•

πŸ”§ Execute Steps β€” Wired to MCP Engines

Tool call steps are not simulated β€” they execute against real MCP engines via agent.call_tool():

1. Tool lookup β€” finds which MCP engine has the requested tool (searches all registered servers)

2. Identity injection β€” _user_email, _user_role, _user_groups from the workflow trigger

3. Credential resolution β€” vault cascade (user β†’ group β†’ org) per the triggering user

4. Policy check β€” role β‰₯ min_role? write allowed? rate limit OK?

5. MCP execution β€” calls the plugin function against the external API

6. Result stored β€” output saved as workflow variables for subsequent steps

Retry: Configurable per step with exponential backoff. If all retries fail, workflow follows error path.

βœ•

βœ‹ Approval Gates

The workflow pauses and sends a notification to the designated approvers. They can:

βœ… Approve β€” workflow resumes to the next step

❌ Reject β€” workflow follows the rejection path (notify user, log reason)

⏰ Timeout β€” if no response within the SLA, automatically escalate to the next level (e.g., director)

Multiple approvers: Configure "require 2 of 3" or "require all" policies.

βœ•

βœ… Workflow Complete

When all steps finish, the workflow engine:

1. Marks the run as completed (or failed/cancelled/timed_out)

2. Saves the full execution history β€” every step, every result, every approval decision

3. Persists to Cosmos DB (or DynamoDB/Firestore depending on cloud)

4. Available for audit trail β€” who triggered it, who approved it, what was the outcome

βœ•

πŸ”§ Tool Call Step

Executes any MCP tool β€” email-send, payments-charge, travel-search, github-create-issue, etc. Arguments can use {{variables}} from previous steps. Configurable retry count with exponential backoff.

βœ•

βœ‹ Approval Gate Step

Pauses the workflow. Sends notification to approvers. Supports: single approver, multiple approvers (require all or N-of-M), timeout with auto-escalation, rejection path.

βœ•

πŸ”€ Condition Step

Evaluates an expression against workflow variables. Routes to "true" path or "false" path. Examples: amount > 500, severity == 'critical', department == 'engineering'.

βœ•

⚑ Parallel Step

Fans out to multiple branches simultaneously. Waits for all branches to complete (or N-of-M). Example: send approval to 3 managers, continue when 2 approve.

βœ•

πŸ“§ Notification Step

Sends a message via email, Slack, Teams, or SMS. Uses {{variable}} templates. Sends through the user's own configured channels (their Gmail, their Slack).

βœ•

⏱️ Delay / Timer Step

Pauses the workflow for a specified duration. Use for: follow-up reminders, SLA waiting periods, rate-limiting between API calls, scheduled check-ins.

βœ•

πŸ’° Expense Approval Template

Validate β†’ check threshold ($500) β†’ if over, get manager approval (24h timeout β†’ escalate to director) β†’ process payment via Stripe β†’ email confirmation. Under $500 auto-approves.

βœ•

✈️ Travel Booking Template

Search flights β†’ check against budget β†’ if over budget, get manager approval β†’ book flight β†’ charge card β†’ email itinerary with booking reference. Uses hierarchical RAG for seat preferences and airline policies.

βœ•

🚨 Incident Response Template

Assess severity β†’ if critical, page on-call (15-min ack timeout β†’ escalate to engineering manager) β†’ if non-critical, notify team channel β†’ update incident status.

βœ•

πŸ‘‹ Employee Onboarding Template

Create email account β†’ assign department groups β†’ get manager approval for equipment β†’ schedule orientation meeting β†’ send welcome email to new hire β†’ notify manager that onboarding is complete.