§0 — Webhook Intake
ServiceNow ticket arrives → Regisseur case auto-created, idempotent
Settings → Integrations shows the servicenow-inbound event source configured with a visual routing pipeline. A ROUTE rule maps ServiceNow access request payloads to the Energy Access Request template. MAP rules extract the applicant name, ticket number, and department into job fields. No JSON editing required — the entire webhook pipeline is configured through visual step cards.
ServiceNow ticket REQ0002345 arrived via outbound webhook. Regisseur auto-created case "REQ0002345 — Alice Chen (Access Request)" (intakeStatus: activated). No human action required — the ServiceNow ticket is now a structured Regisseur workflow visible in the active case queue. Employee: Alice Chen, EMP-9123, Field Operations, starting 2026-07-01.
Workflow graph for webhook-created case REQ0002345 — Alice Chen. The energy-access-request-v1 process template was instantiated automatically from the ServiceNow JSON payload. 6 nodes configured: Request Intake → Policy Validation (AI) → Manager Approval → Access Provisioning (AI) → ServiceNow Writeback (AI) → Request Complete. Zero manual configuration — the template was bound to the webhook in Settings → Integrations.
ServiceNow retry protection: the same ticket (Idempotency-Key: demo-alice-chen-17792081…) was sent a second time. Regisseur returned: duplicate=true, jobId=db44cba6-7349-4dc5-b671-7fcf4200a4fc. No duplicate case was created — enterprise-grade idempotency prevents double-processing even when ServiceNow's retry logic fires multiple times for the same ticket.
§1 — Control Center
The daily operating surface for the access management team
Workflow Control Center — the daily operating surface for the access management team. Live queue metrics, active cases, and SLA indicators. The energy vertical is installed and the access-request workflow template is ready.
Case queue shows the pre-seeded access request for James Kowalski (REQ0001234). The case is active and ready for the AI pipeline to begin. Priority 2 — High. Employee: EMP-4821, Field Engineer, Permian Basin.
§2 — Integration Blueprint
ServiceNow ITSM and access provisioning wired via MCP
Energy — Access Request package is installed. Two mock integration servers registered: ServiceNow ITSM (port 39810) and multi-system access provisioning (port 39811). Eight MCP tools registered across the two servers.
MCP server registry shows servicenow-mock (port 39810) and access-provisioning-mock (port 39811). Eight tools registered across the two servers: snow_get_request, snow_get_user, snow_add_work_note, snow_update_request_state, provision_ad_groups, provision_azure_role, provision_application_access, verify_access_granted.
Policy Validation Agent: reads the ServiceNow ticket, fetches the requester's AD profile, then runs LLM reasoning against the SOX/ISO-27001 access control policy. Graduated autonomy — operator review enabled for high-risk decisions. Pipeline: read case data → snow_get_request → snow_get_user → llm_reasoning → write results.
§3 — Active Case Overview
Pre-seeded REQ0001234 — James Kowalski ready for validation
Active access request case: REQ0001234 for James Kowalski (Field Engineer, Permian Basin). Node 1 — Request Intake — is complete. Node 2 — Policy Validation — is eligible and queued for the AI agent. Graph state reflects direct-seeded initial conditions.
Case Record tab shows the structured data from the intake form: employee profile (James Kowalski, EMP-4821, Field Engineer, Permian Basin TX), requested systems (PI System, SCADA Viewer, Corporate AD — Field Engineers), priority 2 — High, and business justification. All fields pulled from the ServiceNow fixture.
§4 — Policy Validation Agent
LLM validates SOX/ISO 27001 compliance via ServiceNow data
Policy Validation node is eligible. Agent executor: energy-access-policy-validator. Graduated autonomy mode — pipeline reads the ServiceNow ticket, fetches the requester's AD profile, then runs LLM reasoning against SOX/ISO-27001 policy. Triggering execution...
Policy Validation agent triggered (cascade re-fire: true). Pipeline executing: read case data → snow_get_request (ServiceNow ticket) → snow_get_user (AD profile) → llm_reasoning (SOX/ISO 27001 compliance check) → write results. This is a real pg-boss task running a real LLM call against mock MCP endpoints.
Policy Validation complete (result: complete). Pipeline trace shows: read case data → snow_get_request (ServiceNow ticket fetched) → snow_get_user (AD profile retrieved) → LLM reasoning (SOX/ISO 27001 compliance check) → write results. Risk level and compliance decision written to case attributes. Graduated autonomy: agent task approved automatically (no compliance_flags triggered).
Case attributes updated after Policy Validation Agent (result: complete): policy_check_result (compliance decision), policy_check_notes (validation reasoning), and risk_level (low | medium | high) written to case_attributes. These feed the manager approval UI in the next node. D-16: all writes via case_attributes.
§5 — Manager Approval
Human gate: on-call manager approves with full context
Manager Approval node is now active. The on-call manager receives the case in their work queue with the policy validation result pre-populated (risk_level + policy_check_notes). For this demo, the manager approves inline via the API to maintain automated flow.
Manager reviews the policy validation result (risk_level, policy_check_notes) and approves the access request. Approval note recorded: 'Approved — standard field engineer access, low risk per policy validation.' The case record shows all agent-written attributes alongside the human decision.
Manager approval recorded (API result: true). Case cascade fires — Access Provisioning agent (energy-access-provisioning-agent) is now queued. Node 3 shows complete status. Node 4 — Access Provisioning — is now eligible.
§6 — Access Provisioning
4-tool provisioning pipeline: AD → Azure → PI System → SCADA
Access Provisioning node is eligible. Agent: energy-access-provisioning-agent. Will execute 4 provisioning tools in sequence: provision_ad_groups → provision_azure_role → provision_application_access (PI System + SCADA Viewer) → verify_access_granted. Each tool simulates 400–800ms provisioning latency against the mock server.
Access Provisioning agent executing (result: complete). Provisioning sequence: AD group enrollment (Corporate AD — Field Engineers) → Azure RBAC assignment (Reader, /field-ops) → PI System access (read) → SCADA Viewer access (read) → verification check. All tools call the access-provisioning-mock MCP server on port 39811.
Access Provisioning complete (result: complete). Pipeline trace: provision_ad_groups (Corporate AD — Field Engineers, success) → provision_azure_role (Reader, /subscriptions/energy-prod/resourceGroups/field-ops, success) → provision_application_access (PI System, read, success) → provision_application_access (SCADA Viewer, read, success) → verify_access_granted (all 3 systems verified). case.access.provisioned = true written by pipeline. D-24: deterministic, auditable.
§7 — ServiceNow Writeback
LLM generates work note; ticket automatically closed
ServiceNow Writeback agent is queued (n5 eligible). Agent generates a professional work note and closes the ticket. Always autonomous — no human review step required. Pipeline: read data → LLM generate work note → snow_add_work_note → snow_update_request_state → write.
ServiceNow Writeback node do tab. Agent: energy-servicenow-writeback-agent. Always autonomous mode — no graduated review gate. Pipeline will call snow_add_work_note with an LLM-generated professional summary, then snow_update_request_state to close the ticket as 'fulfilled'.
ServiceNow Writeback complete (result: complete). LLM generated a formal ServiceNow work note documenting: employee name, systems granted, approver, and timestamp. snow_add_work_note called (REQ0001234). snow_update_request_state set ticket to 'fulfilled'. case.request.snow_closed = true, case.notification.status = 'ticket_closed' written.
Workflow graph final state (n5 result: complete): Request Intake (complete), Policy Validation (complete), Manager Approval (complete), Access Provisioning (complete), ServiceNow Writeback (complete). Node 6 — Request Complete — is now eligible for the final human confirmation.
§8 — Audit Trail
SOX/ISO 27001 evidence generated as a natural byproduct
Case Record Raw Attributes: all schema attributes written after full pipeline execution. Employee profile, requested systems, policy check result, risk level, provisioning results (ad_result, azure_result, app_result, scada_result, verification), notification status, and ServiceNow ticket state — all written and queryable. Every attribute has source_type, node_id, and actor identity provenance.
Complete audit trail: every agent action, tool call, and human decision recorded with timestamps and actor identity. Events include: n1 HUMAN_STATUS_CHANGE (Request Intake complete), n2 AGENT_TASK_QUEUED + AGENT_TASK_COMPLETE (Policy Validation), n3 HUMAN_STATUS_CHANGE (Manager Approval), n4 AGENT_TASK_QUEUED + AGENT_TASK_COMPLETE (Access Provisioning), n5 AGENT_TASK_QUEUED + AGENT_TASK_COMPLETE (ServiceNow Writeback). SOX/ISO 27001 compliance evidence generated as a natural byproduct of the orchestration run.
End-to-end: a ServiceNow access request received 2026-06-01, processed through policy validation, manager approval, multi-system provisioning, and automatic ticket closure — all orchestrated by Regisseur with a real LLM reasoning engine and mock integration layer. Total elapsed: from intake to ticket closure in under 5 minutes of automated orchestration.