# Workflow Playbooks

Pick the product workflow you are building, then copy the Mighty scan plan for that workflow.

Source URL: https://trymighty.ai/docs/workflows

This page answers one question: where should Mighty go in a real product flow?

Use it like a menu. Pick the workflow that matches your app, then follow the scan plan.

For exact setting recipes, see [Choose Scan Settings](/docs/concepts/configs). This page shows where each scan belongs in the product flow.

## The Pattern

Every workflow has the same shape:

```text
untrusted material -> Mighty scan -> product route -> trusted next step
```

Mighty should run before material reaches:

- AI model context.
- OCR or extraction.
- Permanent storage.
- Search or indexing.
- Payment or approval.
- Agent tools.
- Human review queues.

## Pick Your Workflow

| If your app has | Use this playbook | First scan goes before |
| --- | --- | --- |
| A chat assistant | Chat apps | The model call. |
| Public AI answers | Output scanning | The user sees the answer. |
| PDF, image, or document uploads | File intake | Storage, OCR, or extraction. |
| OCR or IDP | OCR and IDP | Extracted fields become trusted data. |
| Damage photos | Damage photo review | Claim, repair, or payment decisions. |
| Invoices or estimates | Invoice review | Approval, payment, or AI summary. |
| Agents or tools | Agent tool review | Tool output enters model context. |
| Large batches | Batch intake | Batch automation writes state. |
| Human reviewers | Review queues | Reviewers act on scan results. |

## Chat Apps

Goal: stop risky prompts before the model runs, then scan public output before users see it when strict output safety matters.

Scan plan:

| Step | What to scan | Settings | Route |
| --- | --- | --- | --- |
| 1 | Latest user message | `content_type=text`, `scan_phase=input`, `mode=secure`, `focus=steg` | `ALLOW` calls model. `WARN` reviews or adds friction. `BLOCK` stops. |
| 2 | Assistant answer for strict routes | `scan_phase=output`, `profile=ai_safety`, `data_sensitivity=strict` | Show `ALLOW`. Show `redacted_output` when returned. Block otherwise. |
| 3 | Tool output or retrieval content | `scan_phase=output`, `profile=ai_safety` | Only clean output enters model context. |

Use [Vercel AI SDK Chat Guardrail](/docs/frameworks/vercel-ai-sdk) when this is a Next.js AI SDK route.

Settings recipe: [user prompt before AI and public AI answer](/docs/concepts/configs#start-with-the-thing-you-are-about-to-trust).

## File Intake

Goal: stop suspicious uploads before storage, OCR, extraction, indexing, or automation trusts them.

Scan plan:

| Step | What to scan | Settings | Route |
| --- | --- | --- | --- |
| 1 | Original upload | `content_type=auto`, `scan_phase=input`, `mode=secure`, `focus=steg` | `ALLOW` continues. `WARN` quarantines or reviews. `BLOCK` stops. Use `focus=all` only after routing known image/PDF evidence that needs authenticity or edit review. |
| 2 | OCR text or extracted fields | `content_type=text`, same `scan_group_id`, `data_sensitivity=tolerant` | Keep extracted data untrusted until scan passes. |
| 3 | AI summary of the file | `scan_phase=output`, same `scan_group_id` | Show or store only after routing. |

Use one `scan_group_id` for the original file and all derived scans from that file.

Settings recipe: [mixed file upload](/docs/concepts/configs#start-with-the-thing-you-are-about-to-trust).

## OCR And IDP

Goal: prevent hidden document instructions, OCR errors, and poisoned extracted text from becoming workflow facts.

Scan plan:

| Step | What to scan | Settings | Route |
| --- | --- | --- | --- |
| 1 | Original PDF or image | `content_type=pdf`, `image`, or `auto`, `focus=all` | Review suspicious original evidence. |
| 2 | OCR text | `content_type=text`, `data_sensitivity=tolerant` | `WARN` marks fields untrusted. `BLOCK` stops automation. |
| 3 | Structured fields or summary | `scan_phase=output` if generated by extraction or AI | Store only routed output. |

Common mistake: scanning only the extracted text. Scan the original file first when possible.

Settings recipe: [OCR text before automation](/docs/concepts/configs#start-with-the-thing-you-are-about-to-trust).

## Damage Photo Review

Goal: flag suspicious image evidence before it drives a claim, repair, or payment decision.

Scan plan:

| Step | What to scan | Settings | Route |
| --- | --- | --- | --- |
| 1 | Damage photo | `content_type=image`, `scan_phase=input`, `focus=all`, `profile=strict` | `ALLOW` continues. `WARN` reviews. `BLOCK` stops automation. |
| 2 | High-value or suspicious photo | `mode=comprehensive`, `async=true` | Show pending review until final result. |
| 3 | AI-generated damage summary | `scan_phase=output`, same `scan_group_id` | Do not trust generated summary without output routing. |

Say Mighty flagged suspicious evidence. Do not say Mighty proved fraud.

Settings recipe: [image authenticity, image edits, and full image/PDF evidence review](/docs/concepts/configs#focus-modes-without-jargon).

## Invoice And Estimate Review

Goal: check invoices and repair estimates before approval, payment, or AI summarization.

Scan plan:

| Step | What to scan | Settings | Route |
| --- | --- | --- | --- |
| 1 | Invoice PDF, estimate PDF, or image | `content_type=auto`, `scan_phase=input`, `data_sensitivity=tolerant` | `WARN` queues review. `BLOCK` stops approval. |
| 2 | Extracted line items | `content_type=text`, same `scan_group_id` | Do not write risky fields to payment workflow. |
| 3 | AI comparison or recommendation | `scan_phase=output`, `profile=strict` | Review `WARN`, `BLOCK`, and `indeterminate`. |

Use metadata such as `workflow=invoice_review`, `vendor_id`, `claim_id`, and `invoice_id` when available.

Settings recipe: [mixed file upload, office document, and OCR text](/docs/concepts/configs#start-with-the-thing-you-are-about-to-trust).

## Agent Tool Review

Goal: keep unsafe tool output, retrieved documents, and browser content out of the next model step.

Scan plan:

| Step | What to scan | Settings | Route |
| --- | --- | --- | --- |
| 1 | User prompt | `scan_phase=input`, `focus=steg` | Only `ALLOW` starts the agent. |
| 2 | Retrieved documents or tool output | `scan_phase=output`, `profile=ai_safety` or `code_assistant` | `ALLOW` can enter context. `WARN` needs constrained handling. `BLOCK` stays out of context. |
| 3 | Final answer or plan | `scan_phase=output`, same `session_id` | Scan before user or tools act on it. |

Agents are multistep. Use one `session_id` for the agent run. Use scan groups for related prompt, retrieval, tool output, and final answer chains.

Settings recipe: [agent tool output and generated output inspection](/docs/concepts/configs#output-inspection).

## Batch Intake

Goal: scan many records or files without losing traceability.

Scan plan:

| Step | What to scan | Settings | Route |
| --- | --- | --- | --- |
| 1 | Each item | One scan per item, unique `request_id` | Do not use one result for the whole batch. |
| 2 | Batch session | One `session_id` for the batch | Use one `scan_group_id` per item. |
| 3 | Failures and limits | Handle `402`, `413`, `429` | Retry with backoff or route item to review. |

Common mistake: one `scan_group_id` for the whole batch. Use one group per item.

## Human Review Queues

Goal: give reviewers enough context to decide what happens next.

Store:

| Field | Why |
| --- | --- |
| `scan_id` | Link to the scan result. |
| `request_id` | Debug request and retry behavior. |
| `scan_group_id` | Show the evidence chain for one item. |
| `session_id` | Show the wider claim, chat, case, batch, or agent run. |
| `action`, `risk_score`, `risk_level`, `threats` | Explain why the item was routed. |
| `content_type_detected`, `authenticity`, `forensics` | Show modality-specific evidence when returned. |
| Human decision | Keep final review outcome separate from Mighty scan result. |

Mighty routes risk. Your team makes the final business decision.

## Default Routing

Three response fields drive workflow decisions, and each comes from a different part of the response.

**`action`** — the routing decision. Switch on this:

| `action` | Default product route |
| --- | --- |
| `ALLOW` | Continue. Store IDs. |
| `WARN` | Review, add friction, constrain model, or request more evidence. |
| `BLOCK` | Stop automation. Use `redacted_output` only when returned and policy allows it. |

**`scan_status`** — async lifecycle. Only meaningful for `mode=comprehensive` + `async=true`:

| `scan_status` | Default product route |
| --- | --- |
| `pending` | Keep pending, poll `GET /v1/scan/<scan_id>`, or wait for the webhook. |
| `complete` | The `action` field is final — apply routing. |
| `failed` | High-risk workflows go to review. Low-risk workflows can retry once. |

**`authenticity.verdict`** — forensics finding on file content (image / PDF), distinct from routing:

| `authenticity.verdict` | Meaning |
| --- | --- |
| `likely_real` | Camera capture or signed-document signals match. |
| `likely_ai_generated` | Mid-confidence synthetic-content signals — usually pairs with `WARN`. |
| `ai_generated` | High-confidence synthetic — usually pairs with `BLOCK`. |
| `indeterminate` | Evidence is weak or conflicting. Route to manual review. |

## AI-Agent Prompt

### Implement the right Mighty workflow

```text
Choose the Mighty workflow for this product and implement it.

First identify the workflow:
- chat app
- public AI output
- file upload
- OCR or IDP
- damage photo review
- invoice or estimate review
- agent tool review
- batch intake
- human review queue

For each workflow:
- Put POST /v1/scan before the first trust boundary.
- Use scan_phase=input for submitted material.
- Use scan_phase=output for generated, extracted, summarized, or tool-created material.
- Choose content_type from text, image, pdf, document, or auto.
- Use mode=secure by default.
- Use mode=comprehensive and async=true for high-value image or PDF review.
- Use focus=steg for mixed file intake and structured documents. Use focus=all when known image/PDF evidence needs threat, authenticity, and edit evidence together.
- Use data_sensitivity=tolerant when normal business PII is expected.
- Use data_sensitivity=strict for public AI output.
- Store scan_id, request_id, scan_group_id, session_id, action, risk_score, and risk_level.
- Route ALLOW, WARN, BLOCK, indeterminate, pending, and failed.

Acceptance criteria:
- Every workflow has a clear scan point before trust.
- Derived OCR, extraction, model, and tool output scans reuse the correct scan_group_id.
- Review wording says Mighty flagged risk, not that Mighty proved fraud.
- Tests cover ALLOW, WARN, BLOCK, scan failure, and output scanning.
```