Workflow Agents
Multi-step pipelines with tool use. Chain agents, conditional logic, policy gateway for allow/deny per tool, and per-step audit logging.
Workflow Agents run multi-step pipelines with tool use. They chain multiple agents, branch on conditions, and call tools like document search, bucket operations, and web fetch. The policy gateway controls which tools each agent can use, and every step is logged for audit.
Multi-Step Pipelines
Workflow agents orchestrate sequences of steps:
- Agent chaining — Output of one agent feeds into the next
- Tool use — Agents call tools (search, fetch, bucket ops) and use results
- Conditional logic — Branch based on step outcomes or user input
- Parallel execution — Run independent steps concurrently when possible
┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ Step 1 │────►│ Step 2 │────►│ Step 3 │────►│ Step 4 │
│ Document │ │ Classify │ │ Conditional│ │ Summarize │
│ Search │ │ (LLM) │ │ Branch │ │ (LLM) │
└─────────────┘ └─────────────┘ └──────┬──────┘ └─────────────┘
│ │ │
│ │ ├──► Path A: Notify
│ │ └──► Path B: Escalate
▼ ▼
Tool: search Tool: noneChaining Agents
Chain RAG, LLM, and custom agents in a single workflow:
{
"name": "support-pipeline",
"type": "workflow",
"steps": [
{
"id": "search",
"agent": "knowledge-base-rag",
"input": "{{user_query}}"
},
{
"id": "classify",
"agent": "intent-classifier-llm",
"input": "{{steps.search.output}}"
},
{
"id": "respond",
"agent": "response-generator-llm",
"input": "Query: {{user_query}}\nContext: {{steps.search.output}}\nIntent: {{steps.classify.output}}"
}
]
}Step outputs are referenced via {{steps.<step_id>.output}}. The workflow engine resolves these before each step runs.
Conditional Logic
Branch based on step results:
{
"steps": [
{
"id": "classify",
"agent": "intent-classifier-llm"
},
{
"id": "branch",
"type": "conditional",
"condition": "{{steps.classify.output}} == 'urgent'",
"then": { "agent": "escalation-agent" },
"else": { "agent": "standard-response-agent" }
}
]
}Supported condition operators: ==, !=, >, <, >=, <=, contains, startsWith, endsWith.
Policy Gateway
The policy gateway controls which tools each agent can use. Configure allow/deny rules per workspace, project, or agent:
{
"policyGateway": {
"rules": [
{
"tool": "document_search",
"action": "allow",
"scope": ["bucket:knowledge-base"]
},
{
"tool": "bucket_list",
"action": "allow",
"scope": ["bucket:my-bucket"]
},
{
"tool": "web_fetch",
"action": "deny"
}
]
}
}Tool Scopes
- allow — Agent can use the tool within the specified scope
- deny — Agent cannot use the tool
- scope — Restricts which buckets, URLs, or resources the tool can access
If a tool is not explicitly allowed, it is denied by default.
Audit Logging
Every workflow step produces an audit log entry:
| Field | Description |
|---|---|
stepId | Step identifier |
agentId | Agent that ran |
input | Resolved input to the step |
output | Step output (or error) |
toolCalls | Tools invoked and their arguments/results |
timestamp | When the step completed |
durationMs | Step execution time |
userId | User who triggered the workflow |
workspaceId | Workspace context |
Use audit logs for:
- Debugging — Trace why a workflow produced a given output
- Compliance — Prove what data was accessed and when
- Analytics — Measure latency, tool usage, failure rates
Example Audit Entry
{
"workflowId": "support-pipeline",
"runId": "run_abc123",
"stepId": "search",
"agentId": "knowledge-base-rag",
"input": "What is the refund policy?",
"output": "Retrieved 5 chunks. Top result: ...",
"toolCalls": [
{
"tool": "document_search",
"args": {"query": "refund policy", "topK": 5},
"result": {"chunks": 5}
}
],
"timestamp": "2026-03-01T12:34:56Z",
"durationMs": 342,
"userId": "user_xyz",
"workspaceId": "ws_123"
}Configuration Example
{
"name": "research-assistant",
"type": "workflow",
"policyGateway": {
"rules": [
{"tool": "document_search", "action": "allow"},
{"tool": "web_fetch", "action": "allow", "scope": ["https://docs.example.com/*"]},
{"tool": "bucket_write", "action": "deny"}
]
},
"steps": [
{
"id": "search",
"agent": "corpus-rag",
"input": "{{user_query}}"
},
{
"id": "synthesize",
"agent": "synthesis-llm",
"input": "Based on: {{steps.search.output}}\n\nAnswer: {{user_query}}"
}
]
}API: Run Workflow
curl -X POST "https://api.yourdomain.com/v1/agents/research-assistant/run" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"input": {
"user_query": "Summarize our product documentation for new hires"
}
}'Response
{
"runId": "run_xyz789",
"status": "completed",
"output": {
"steps": {
"search": { "output": "..." },
"synthesize": { "output": "..." }
},
"finalOutput": "Here is a summary of our product documentation..."
},
"auditLogId": "audit_abc123"
}Next Steps
- Custom Agents — Build custom workflow logic and tools
- Agent Tools — Built-in tools and custom tool SDK
- RAG Agents — Use RAG as a step in workflows