Two ways to trigger an Agent. Both governed by your rules.

Why it matters

AI in compliance review is only as good as the controls around when it runs. An Agent that runs on every file regardless of need is wasteful and creates noise. An Agent that requires every reviewer to remember to call it is unreliable. An Agent that anyone can call without governance is a security and audit problem.

Aproove's triggering model gives you fine-grained control over both axes: when AI runs, and who can make it run. Workflow triggers ensure that critical scans (a regulatory check at intake, a brand check before approval) happen consistently. Human invocation ensures that reviewers can pull AI into the moment when they sense risk, without being forced to use it on every file. The permission model ensures that both paths are bounded by your organization's governance.

The result is AI that is both reliable (when you need it to run, it runs) and contained (it only runs in the contexts you have approved).

Workflow triggers (automated)

A workflow Action is the mechanism that lets an Agent run automatically inside a project's workflow. Administrators configure this through the Workflow admin tool by creating an Action of type "Execute AI prompt" and binding it to a trigger.

Common trigger events:

• Project creation or file upload. A new file enters Aproove, triggering an immediate Agent scan. Common pattern for risk pre-screening or initial brand check.
• Task completion or invitation answer. A reviewer finishes their step, and an Agent runs as the next action, validating the file before it moves to the next reviewer.
• Decision events. A specific decision (Approved, Rejected, Send to SME) triggers an Agent. For example: when a creative team marks a draft "Ready for Legal," a regulatory Agent pre-screens the disclosures before the human legal reviewer picks it up.
• Project or proof approval. A final-stage Agent runs on approval, validating that no last-minute change introduced new risk.
• Decision conflicts. An Agent runs when assignees disagree, generating a third-party analysis that the Conflict Manager can use to break the tie.
• Project deadline. Time-based triggers can run an Agent on a schedule.
• Metadata-conditional triggers. Triggers can evaluate project, file, or component metadata before firing, so an Agent runs only when conditions match (file type, project category, regulatory framework, or any other metadata field).

Where an Action lives. Actions can be configured at the workflow level (specific to a workflow step or transition) or at the project level (independent of workflow state). Workflow-level Actions execute first, then project-level Actions, so Agents tied to specific workflow events fire in predictable order.

What happens after triggering. When triggered, the Agent processes the relevant file or component, writes its Tags and Notes back to the proof, and the next step in the workflow proceeds. Humans inheriting the file see the Agent's findings already on the page.

Human invocation (delegated)

Reviewers with the right permissions invoke Agents manually from the Review Interface or Proof Plan View. The available Agents appear in the user's interface based on the Agents configured for their role.

Invocation contexts:

• Single proof (Proof context). A reviewer in the Review Interface can run an Agent against the proof they are viewing. Useful for focused review of a specific file.
• Multiple proofs (Section context). A reviewer in Proof Plan View can run an Agent across many proofs at once, with parallel execution (forking) for high-volume cycles. Useful for batch review or scanning a campaign's worth of assets in one pass.
• Specific selection. Where supported, an Agent can be invoked against a specific component a reviewer points it at (a paragraph, a section, an image), rather than the whole file.

Who can invoke what.

• Agents are grouped into Prompt Template Sets.
• Prompt Template Sets are assigned to Roles at the schema level.
• A user inherits access to an Agent through their Role.
• The user only sees and can invoke the Agents their Role permits.

This means a brand specialist Agent can be available to your brand team, a legal disclosure Agent available only to legal reviewers, and a regulatory Agent available to a specific compliance group, all in the same project, with each role seeing only what is theirs. It’s like a marketing platform with automated approval workflows and version control but applied to your specific process with your insight and guidance.

One critical rule. When a human invokes an Agent, the Agent operates strictly within that human's permissions. It cannot access files, components, or projects beyond what the invoking user is permitted to see. AI is never a back door to data the invoker does not have access to.

Configuring Permissions Across Both Paths

Permissions for triggering apply slightly differently in each pattern but use the same permission infrastructure:

• Automated triggers are governed by workflow configuration. The administrator who can configure the workflow can configure which Agents run as Actions and on which triggers. Workflow design is itself a permission-controlled activity.
• Human invocation is governed by Role assignment in the schema, with Prompt Template Sets controlling which Agents a Role can see and invoke. Permissions can be set at the user, role, or team level.
• Both paths are independent of file-level review permissions. An Agent's reach is configured separately from a reviewer's reach. You can give a reviewer access to a file without giving them access to an Agent, and vice versa.

When an Agent runs, the workflow trigger or the invoking human is recorded in the audit trail alongside the Agent's findings. There is no anonymous AI activity in the system.

What an Agent Does When Triggered

Regardless of how the Agent was triggered, the same things happen once it runs:

1. The Agent reads the structured file representation. It works with Aproove's atomic breakdown of the file (text, metadata, image regions, layout, color, brand elements) rather than a flattened image.
2. The Agent applies its analysis. It scans the components it was scoped to, using its configured prompt and reference files (style guide, compliance framework, banned-words list, brand book, or whatever it has been configured with).
3. The Agent returns findings. Tags (severity, category) and Notes (specific issue, suggested resolution) are placed on the exact components the Agent flagged. Each Note is prefixed [AI GENERATED] and attributed to a human (the invoking user, or the user owning the workflow step).
4. The workflow or reviewer takes the next step. For automated triggers, the workflow continues with Agent findings already written to the file. For human invocation, the reviewer immediately sees the findings and decides what to do next.‍
5. The audit trail captures the run. Generation Jobs records the Agent invocation, the model used, the prompt version, the cost (where applicable), and the findings returned. Spend and provenance stay transparent.

Benefits

• Critical scans cannot be skipped. Workflow triggers ensure that mandatory checks (regulatory pre-screen, brand validation, final compliance review) run on every file that enters that step.
• Reviewers reach for AI when they want it. Delegated triggering puts AI in the reviewer's hands as a tool they can pull on, without forcing them to call it on every file.
• Permissions match your governance. Role-based access controls who can trigger which Agents. Schema-level configuration keeps it administrable.
• AI activity is bounded by user permissions. Agents cannot exceed the access of the human or workflow that triggered them. AI is not a back door.
• Conditional triggers reduce noise. Metadata-evaluated triggers mean Agents only run when conditions match, rather than on every file regardless of relevance.
• Two triggering patterns, one Agent library. The same Agents can be triggered automatically in some workflows and delegated to humans in others. No need to maintain parallel configurations.‍
• Every trigger is in the audit trail. Workflow triggers, human invocations, and Agent findings are all captured. AI activity is observable and reviewable.

Who it's for

• Aproove administrators configuring how Agents fit into specific business workflows.
• Compliance and governance leaders setting policies on when AI must run and who can run it.
• Workflow owners designing review processes that combine automated and on-demand AI.
• Reviewers and SMEs working in environments where AI is part of the review experience.‍
• IT and security teams evaluating AI deployment controls in regulated environments.

Under the hood

AI Agent triggering operates through Aproove's Action and Trigger framework, part of the BPM (Business Process Management) engine. Workflow Actions of type "Execute AI prompt" reference an AI prompt template configured with an "Action" context (distinct from "Proof" or "Section" contexts used for human invocation). Triggers can be bound to events including project creation, file upload, task completion, decision events, conflict events, project or proof approval, project deadlines, and configurable workflow flow events. Triggers support metadata evaluation, which conditions firing on project, file, or component metadata values. Actions can be configured at the workflow level (per step, per transition) or at the project level (independent of workflow state), with workflow-level Actions executing before project-level Actions by default. Human invocation runs through the Review Interface (Proof context) or Proof Plan View (Section context, with parallel forking), filtered by the invoking user's Role and the Prompt Template Sets assigned to that Role at the schema level. AI Agents operate strictly within the invoking user's permissions: AI cannot access files, components, or projects beyond what the invoking user is permitted to see. Every Agent run is logged in Generation Jobs, with full API call records, model and provider information, and provider cost data. Tags and Notes returned by the Agent are written back to the proof prefixed [AI GENERATED] and attributed to a human user, integrating into the same audit trail that captures human decisions.