Loading...
Loading...
Build automated workflows for DMCA enforcement, compliance remediation, monitoring response, and security operations. Workflows use a visual node-based editor with event-driven, scheduled, or manual triggers.
Workflows are directed acyclic graphs (DAGs) composed of nodes. Each node is a trigger, condition, or action. When a trigger fires, the workflow engine evaluates conditions and executes actions in the defined order.
Events that start a workflow
Branching logic and filters
Operations to execute
Start with battle-tested workflow templates and customize them for your organization. Each template includes best-practice trigger configurations, condition logic, and action chains.
DMCA Takedown Pipeline
Automated content scanning, match detection, notice generation, and enforcement tracking.
Compliance Audit Workflow
Scheduled compliance checks against GDPR, SOC2, HIPAA, and EU AI Act requirements.
Security Incident Response
Real-time threat detection, automatic agent quarantine, notification escalation, and forensic log capture.
Agent Onboarding
KYC verification, policy assignment, trust score initialization, and capability provisioning.
Trust Score Decay
Periodic trust re-evaluation, score adjustment based on activity patterns, and tier demotion warnings.
Workflows are defined as directed graphs with nodes (actions) and edges (connections). Each workflow has a trigger that determines when it executes and a set of nodes that define the processing logic.
{
"name": "Auto DMCA Response",
"description": "Automatically process and respond to DMCA takedown requests",
"trigger": {
"type": "event",
"event": "dmca.request.received"
},
"nodes": [
{
"id": "validate",
"type": "action",
"action": "dmca.validate_request",
"config": { "checkRequiredFields": true }
},
{
"id": "check_content",
"type": "action",
"action": "content.fingerprint_match",
"config": { "threshold": 0.85 }
},
{
"id": "decision",
"type": "condition",
"condition": "{{ check_content.matchScore > 0.85 }}"
},
{
"id": "approve",
"type": "action",
"action": "dmca.approve_takedown"
},
{
"id": "review",
"type": "action",
"action": "dmca.queue_for_review"
}
],
"edges": [
{ "from": "validate", "to": "check_content" },
{ "from": "check_content", "to": "decision" },
{ "from": "decision", "to": "approve", "label": "true" },
{ "from": "decision", "to": "review", "label": "false" }
]
}
// Response
{
"workflowId": "wf_abc123",
"name": "Auto DMCA Response",
"status": "active",
"nodeCount": 5,
"createdAt": "2026-02-12T10:00:00Z"
}import { DRD } from '@drd/sdk';
const drd = new DRD({ apiKey: process.env.DRD_API_KEY });
// Create a workflow using the SDK builder
const workflow = await drd.workflows.create({
name: 'Compliance Gap Remediation',
description: 'Auto-assign and track compliance gap fixes',
trigger: { type: 'event', event: 'compliance.gap.detected' },
nodes: [
{ id: 'classify', type: 'action', action: 'compliance.classify_gap' },
{ id: 'assign', type: 'action', action: 'compliance.assign_owner' },
{ id: 'notify', type: 'action', action: 'alerts.send_notification' },
{ id: 'track', type: 'action', action: 'compliance.create_remediation' },
],
edges: [
{ from: 'classify', to: 'assign' },
{ from: 'assign', to: 'notify' },
{ from: 'notify', to: 'track' },
],
});
console.log(workflow.workflowId); // 'wf_def456'
console.log(workflow.status); // 'active'Triggers determine when a workflow is executed. Each workflow has exactly one trigger that initiates the execution pipeline.
Trigger workflows automatically when specific platform events occur, such as a security finding or compliance gap.
Run workflows on a recurring schedule — hourly, daily, weekly, or with custom cron expressions.
Execute workflows on demand from the dashboard or via API for ad-hoc operations.
// Event-driven trigger
const eventWorkflow = await drd.workflows.create({
name: 'Security Breach Response',
trigger: {
type: 'event',
event: 'security.finding.critical',
filter: { severity: 'critical' },
},
// ... nodes and edges
});
// Scheduled trigger
const scheduledWorkflow = await drd.workflows.create({
name: 'Weekly Compliance Report',
trigger: {
type: 'schedule',
cron: '0 9 * * MON',
timezone: 'America/New_York',
},
// ... nodes and edges
});
// Manual trigger (executed on demand)
const manualWorkflow = await drd.workflows.create({
name: 'Incident Investigation',
trigger: { type: 'manual' },
// ... nodes and edges
});Execute workflows manually, view active runs, and inspect execution logs with per-node timing and output data.
// Execute a manual workflow
const run = await drd.workflows.execute('wf_abc123', {
input: {
incidentId: 'inc_001',
severity: 'critical',
},
});
console.log(run.runId); // 'run_xyz789'
console.log(run.status); // 'running'
// Wait for completion
const result = await drd.workflows.waitForRun(run.runId);
console.log(result.status); // 'completed'
console.log(result.duration); // 12340 (ms)
// View run logs
const logs = await drd.workflows.getRunLogs(run.runId);
for (const entry of logs.items) {
console.log(entry.nodeId); // 'classify'
console.log(entry.status); // 'completed'
console.log(entry.duration); // 2100 (ms)
console.log(entry.output); // { gapType: 'data_retention', ... }
}// Response
{
"runs": [
{
"runId": "run_xyz789",
"workflowId": "wf_abc123",
"status": "completed",
"trigger": "manual",
"startedAt": "2026-02-12T10:30:00Z",
"completedAt": "2026-02-12T10:30:12Z",
"duration": 12340,
"nodesExecuted": 5,
"nodesFailed": 0
}
],
"total": 42,
"byStatus": { "completed": 38, "failed": 3, "cancelled": 1 }
}Start quickly with pre-built workflow templates for common trust and governance operations. Templates can be customized after creation.
dmcaAutomated takedown requests, counter-notice handling, and escalation chains
complianceAudit scheduling, gap remediation, and framework status reporting
monitoringAlert routing, kill switch activation, and incident response
securityVulnerability scanning, credential rotation, and breach notification
customUser-defined workflows with custom logic and integrations
// List available templates
const templates = await drd.workflows.listTemplates({
category: 'security',
});
// Create workflow from template
const workflow = await drd.workflows.createFromTemplate({
templateId: 'tmpl_breach_response',
name: 'Custom Breach Response',
overrides: {
nodes: {
notify: {
config: { channels: ['slack', 'pagerduty'] },
},
},
},
});
console.log(workflow.workflowId); // 'wf_ghi789'
console.log(workflow.nodeCount); // 7 (from template)Workflow runs progress through a defined set of states. Understanding the lifecycle helps with monitoring and error handling.
runningWorkflow is currently executing
completedWorkflow finished successfully
failedWorkflow encountered an error and stopped
cancelledWorkflow was manually cancelled by an operator
Lifecycle Flow
running→completed|failed|cancelledCondition nodes branch execution based on runtime data. They support comparison operators, logical combinators, and context lookups.
// Simple condition with two branches
{
"type": "condition",
"condition": "trigger.data.trustScore < 50 && trigger.data.violationCount > 3",
"branches": {
"true": "quarantine-agent",
"false": "send-warning"
}
}
// Switch condition with multiple paths
{
"type": "switch",
"expression": "trigger.data.severity",
"cases": {
"critical": "immediate-enforcement",
"high": "review-and-enforce",
"medium": "queue-review",
"low": "log-only"
},
"default": "log-only"
}Action nodes perform operations when reached during execution. DRD provides built-in actions for common trust operations and supports custom webhook actions for external integrations.
send_notificationEmail, Slack, or webhook notification
quarantine_agentSuspend agent permissions and flag for review
update_trust_scoreAdjust an agent's trust score by a delta
create_enforcementIssue a DMCA takedown or policy enforcement
generate_reportCreate a compliance or audit report
call_webhookPOST to an external URL with payload
assign_policyAttach or detach a policy from an agent
Workflows execute on DRD's serverless engine with guaranteed at-least-once delivery. Each execution is assigned a unique run ID and all steps are logged to the audit trail.
Retries
Failed action nodes are retried up to 3 times with exponential backoff (1s, 4s, 16s). After exhausting retries, the node is marked as failed and the workflow continues to the error handler if one is defined.
Timeouts
Each node has a default timeout of 30 seconds. Webhook actions allow up to 60 seconds. The total workflow execution timeout is 5 minutes. Configure custom timeouts per node.
Concurrency
By default, only one instance of a workflow can execute at a time. Set concurrency: N to allow parallel executions. Queued executions are processed FIFO.
Idempotency: Action nodes should be idempotent. The execution engine may retry a node that appeared to fail but actually succeeded (e.g., due to a network timeout). Use the run.id as an idempotency key when calling external services.
Complete list of workflow API endpoints.
/api/workflowsCreate a new workflow
/api/workflowsList all workflows
/api/workflows/{id}Get workflow details
/api/workflows/{id}Update workflow config
/api/workflows/{id}/executeExecute a workflow
/api/workflows/{id}/runsList workflow runs
/api/workflows/{id}/runs/{runId}Get run details and logs
/api/workflows/{id}/runs/{runId}/cancelCancel a running workflow
/api/workflows/templatesList workflow templates
/api/workflows/from-templateCreate from template