Workflow Playbooks
Pick the product workflow you are building, then copy the Mighty scan plan for that workflow.
This page answers one question: where should Mighty go in a real product flow?
Use it like a menu. Pick the workflow that matches your app, then follow the scan plan.
The Pattern
Every workflow has the same shape:
untrusted material -> Mighty scan -> product route -> trusted next stepMighty should run before material reaches:
- AI model context.
- OCR or extraction.
- Permanent storage.
- Search or indexing.
- Payment or approval.
- Agent tools.
- Human review queues.
Pick Your Workflow
| If your app has | Use this playbook | First scan goes before |
|---|---|---|
| A chat assistant | Chat apps | The model call. |
| Public AI answers | Output scanning | The user sees the answer. |
| PDF, image, or document uploads | File intake | Storage, OCR, or extraction. |
| OCR or IDP | OCR and IDP | Extracted fields become trusted data. |
| Damage photos | Damage photo review | Claim, repair, or payment decisions. |
| Invoices or estimates | Invoice review | Approval, payment, or AI summary. |
| Agents or tools | Agent tool review | Tool output enters model context. |
| Large batches | Batch intake | Batch automation writes state. |
| Human reviewers | Review queues | Reviewers act on scan results. |
Chat Apps
Goal: stop risky prompts before the model runs, then scan public output before users see it when strict output safety matters.
Scan plan:
| Step | What to scan | Settings | Route |
|---|---|---|---|
| 1 | Latest user message | content_type=text, scan_phase=input, mode=secure, focus=both | ALLOW calls model. WARN reviews or adds friction. BLOCK stops. |
| 2 | Assistant answer for strict routes | scan_phase=output, profile=ai_safety, data_sensitivity=strict | Show ALLOW. Show redacted_output when returned. Block otherwise. |
| 3 | Tool output or retrieval content | scan_phase=output, profile=ai_safety | Only clean output enters model context. |
Use Vercel AI SDK Chat Guardrail when this is a Next.js AI SDK route.
File Intake
Goal: stop suspicious uploads before storage, OCR, extraction, indexing, or automation trusts them.
Scan plan:
| Step | What to scan | Settings | Route |
|---|---|---|---|
| 1 | Original upload | content_type=auto, scan_phase=input, mode=secure, focus=both | ALLOW continues. WARN quarantines or reviews. BLOCK stops. |
| 2 | OCR text or extracted fields | content_type=text, same scan_group_id, data_sensitivity=tolerant | Keep extracted data untrusted until scan passes. |
| 3 | AI summary of the file | scan_phase=output, same scan_group_id | Show or store only after routing. |
Use one scan_group_id for the original file and all derived scans from that file.
OCR And IDP
Goal: prevent hidden document instructions, OCR errors, and poisoned extracted text from becoming workflow facts.
Scan plan:
| Step | What to scan | Settings | Route |
|---|---|---|---|
| 1 | Original PDF or image | content_type=pdf, image, or auto, focus=both | Review suspicious original evidence. |
| 2 | OCR text | content_type=text, data_sensitivity=tolerant | WARN marks fields untrusted. BLOCK stops automation. |
| 3 | Structured fields or summary | scan_phase=output if generated by extraction or AI | Store only routed output. |
Common mistake: scanning only the extracted text. Scan the original file first when possible.
Damage Photo Review
Goal: flag suspicious image evidence before it drives a claim, repair, or payment decision.
Scan plan:
| Step | What to scan | Settings | Route |
|---|---|---|---|
| 1 | Damage photo | content_type=image, scan_phase=input, focus=both, profile=strict | ALLOW continues. WARN reviews. BLOCK stops automation. |
| 2 | High-value or suspicious photo | mode=comprehensive, async=true | Show pending review until final result. |
| 3 | AI-generated damage summary | scan_phase=output, same scan_group_id | Do not trust generated summary without output routing. |
Say Mighty flagged suspicious evidence. Do not say Mighty proved fraud.
Invoice And Estimate Review
Goal: check invoices and repair estimates before approval, payment, or AI summarization.
Scan plan:
| Step | What to scan | Settings | Route |
|---|---|---|---|
| 1 | Invoice PDF, estimate PDF, or image | content_type=auto, scan_phase=input, data_sensitivity=tolerant | WARN queues review. BLOCK stops approval. |
| 2 | Extracted line items | content_type=text, same scan_group_id | Do not write risky fields to payment workflow. |
| 3 | AI comparison or recommendation | scan_phase=output, profile=strict | Review WARN, BLOCK, and indeterminate. |
Use metadata such as workflow=invoice_review, vendor_id, claim_id, and invoice_id when available.
Agent Tool Review
Goal: keep unsafe tool output, retrieved documents, and browser content out of the next model step.
Scan plan:
| Step | What to scan | Settings | Route |
|---|---|---|---|
| 1 | User prompt | scan_phase=input, focus=both | Only ALLOW starts the agent. |
| 2 | Retrieved documents or tool output | scan_phase=output, profile=ai_safety or code_assistant | ALLOW can enter context. WARN needs constrained handling. BLOCK stays out of context. |
| 3 | Final answer or plan | scan_phase=output, same session_id | Scan before user or tools act on it. |
Agents are multistep. Use one session_id for the agent run. Use scan groups for related prompt, retrieval, tool output, and final answer chains.
Batch Intake
Goal: scan many records or files without losing traceability.
Scan plan:
| Step | What to scan | Settings | Route |
|---|---|---|---|
| 1 | Each item | One scan per item, unique request_id | Do not use one result for the whole batch. |
| 2 | Batch session | One session_id for the batch | Use one scan_group_id per item. |
| 3 | Failures and limits | Handle 402, 413, 429 | Retry with backoff or route item to review. |
Common mistake: one scan_group_id for the whole batch. Use one group per item.
Human Review Queues
Goal: give reviewers enough context to decide what happens next.
Store:
| Field | Why |
|---|---|
scan_id | Link to the scan result. |
request_id | Debug request and retry behavior. |
scan_group_id | Show the evidence chain for one item. |
session_id | Show the wider claim, chat, case, batch, or agent run. |
action, risk_score, risk_level, threats | Explain why the item was routed. |
content_type_detected, authenticity, forensics | Show modality-specific evidence when returned. |
| Human decision | Keep final review outcome separate from Mighty scan result. |
Mighty routes risk. Your team makes the final business decision.
Default Routing
Three response fields drive workflow decisions, and each comes from a different part of the response.
action — the routing decision. Switch on this:
action | Default product route |
|---|---|
| ALLOW | Continue. Store IDs. |
| WARN | Review, add friction, constrain model, or request more evidence. |
| BLOCK | Stop automation. Use redacted_output only when returned and policy allows it. |
scan_status — async lifecycle. Only meaningful for mode=comprehensive + async=true:
scan_status | Default product route |
|---|---|
pending | Keep pending, poll GET /v1/scan/<scan_id>, or wait for the webhook. |
complete | The action field is final — apply routing. |
failed | High-risk workflows go to review. Low-risk workflows can retry once. |
authenticity.verdict — forensics finding on file content (image / PDF), distinct from routing:
authenticity.verdict | Meaning |
|---|---|
likely_real | Camera capture or signed-document signals match. |
likely_ai_generated | Mid-confidence synthetic-content signals — usually pairs with WARN. |
ai_generated | High-confidence synthetic — usually pairs with BLOCK. |
indeterminate | Evidence is weak or conflicting. Route to manual review. |
Ready to scan real traffic?
Create an API key, keep it on your server, then wire Mighty into the workflow that handles untrusted material.
AI-Agent Prompt
Paste this into Cursor, Codex, Claude Code, or Windsurf.
Choose the Mighty workflow for this product and implement it.
First identify the workflow:
- chat app
- public AI output
- file upload
- OCR or IDP
- damage photo review
- invoice or estimate review
- agent tool review
- batch intake
- human review queue
For each workflow:
- Put POST /v1/scan before the first trust boundary.
- Use scan_phase=input for submitted material.
- Use scan_phase=output for generated, extracted, summarized, or tool-created material.
- Choose content_type from text, image, pdf, document, or auto.
- Use mode=secure by default.
- Use mode=comprehensive and async=true for high-value image or PDF review.
- Use focus=both when AI will consume the material or authenticity matters.
- Use data_sensitivity=tolerant when normal business PII is expected.
- Use data_sensitivity=strict for public AI output.
- Store scan_id, request_id, scan_group_id, session_id, action, risk_score, and risk_level.
- Route ALLOW, WARN, BLOCK, indeterminate, pending, and failed.
Acceptance criteria:
- Every workflow has a clear scan point before trust.
- Derived OCR, extraction, model, and tool output scans reuse the correct scan_group_id.
- Review wording says Mighty flagged risk, not that Mighty proved fraud.
- Tests cover ALLOW, WARN, BLOCK, scan failure, and output scanning.