RPA Invoice Processor
Description
An RPA bot reads vendor invoices from storage and posts to ERP if vendor is approved and amount ≤ threshold; tokens are one-shot per invoice.
Policies can include currency/rate checks, business-unit allowlists, or required dual approval above a limit. Each posting requires a fresh token; the decision logs invoice ID, vendor ID, approver, and limits evaluated.
Business Value
Slash manual AP effort while preventing accidental overpayments and ensuring every posting is auditable:
- Reduce erroneous payments: Catch out-of-policy amounts and unapproved vendors automatically.
- Lower fraud exposure: One-shot tokens and vendor allowlists constrain misuse.
- Compliance ready: A clean ledger of every AP write with contextual evidence.
- Scalable control: Uniform rules across bots, ERP endpoints, and subsidiaries.
Why Not With Alternatives?
Conventional RPA credentials are broad and static; Iron Book adds CapBAC, one-shot tokens, thresholds, and immutable logs per invoice post:
- Shared bot credentials are broad and non-repudiable.
- ERP role permissions lack per-invoice contextual checks (thresholds, vendor whitelist, dual approvals).
- DLP/workflow tools aren’t tied to attested agent identity and cannot enforce capability-based checks inline.
Policy
default allow = false
allow if {
input.action == "erp_write_invoice" # bot needs to have this capability in its VC
input.resource == "erp://ap/invoices"
input.context.vendor_approved == true
input.context.amount <= input.context.ap_threshold # e.g., 10000
input.trust >= 70
}Core SDK Call (Python)
# get approval status pre-defined AP threshold from env vars or database, etc.
decision = await client.policy_decision(PolicyInput(
did=agent_vc["agentDid"], token=token["access_token"],
action="erp_write_invoice", resource="erp://ap/invoices",
context={
"vendor_approved": invoice["approved"],
"amount": 4250,
"ap_threshold": threshold,
"approved_by": invoice["approved_by"] # not policy-relevant, but will be logged for audit
}
))Updated 12 days ago