{ "name": "Vendor Risk Assessment with Verifiable Decision Receipts", "nodes": [ { "parameters": { "httpMethod": "POST", "path": "vendor-risk", "options": {}, "responseMode": "responseNode" }, "id": "e69ecd78-1c6d-4e51-b970-e0dabdb61a07", "name": "Vendor Risk Assessment", "type": "n8n-nodes-base.webhook", "typeVersion": 2.1, "position": [ 0, 300 ], "webhookId": "caac5bdb-2993-4c9a-8f28-d6e3e9d09265" }, { "parameters": { "modelId": { "__rl": true, "mode": "list", "value": "gpt-4o", "cachedResultName": "GPT-4O" }, "messages": { "values": [ { "role": "system", "content": "=You are a third-party risk AI. Return JSON: {\"tier\":\"LOW|MEDIUM|HIGH\",\"decision\":\"APPROVE|REJECT\",\"reason\":\"...\"}." }, { "content": "=Return JSON only.\n\nInput:\n{{ JSON.stringify($json.body) }}" } ] }, "jsonOutput": true, "options": {} }, "id": "43b367b6-4207-46d4-ada4-68655def4c22", "name": "AI Decision", "type": "@n8n/n8n-nodes-langchain.openAi", "typeVersion": 2.1, "position": [ 220, 300 ], "credentials": { "openAiApi": { "id": "REPLACE_OPENAI_CRED_ID", "name": "OpenAi account" } } }, { "parameters": { "operation": "generateReceipt", "agentName": "VendorRiskAgent", "workflowName": "={{ $workflow.name }}", "action": "={{ 'AI decision: ' + ($json.message.content.decision || $json.message.content.recommendation || 'completed') }}", "decision": "={{ JSON.stringify($json.message.content) }}", "additionalFields": { "modelProvider": "openai", "modelUsed": "gpt-4o", "decisionType": "vendor_risk", "riskLevel": "high", "humanReview": false, "policies": "tprm-v2, soc2", "permissions": "vendor.assess", "tags": "grc, vendor, security" } }, "id": "b67d8613-4a7b-435e-925a-deaa11e960ac", "name": "Signatrust: Receipt", "type": "n8n-nodes-signatrust.signatrust", "typeVersion": 1, "position": [ 440, 300 ], "credentials": { "signatrustApi": { "id": "REPLACE_SIGNATRUST_CRED_ID", "name": "Signatrust API account" } } }, { "parameters": { "operation": "append", "documentId": { "__rl": true, "mode": "id", "value": "REPLACE_SHEET_ID" }, "sheetName": { "__rl": true, "mode": "list", "value": "Sheet1", "cachedResultName": "Sheet1" }, "columns": { "mappingMode": "autoMapInputData", "value": {}, "matchingColumns": [] }, "options": {} }, "id": "ad0ae687-9ad3-41c9-9e07-22b9f913c1a3", "name": "Log to Sheet", "type": "n8n-nodes-base.googleSheets", "typeVersion": 4.5, "position": [ 660, 300 ], "credentials": { "googleSheetsOAuth2Api": { "id": "REPLACE_SHEETS_CRED_ID", "name": "Google Sheets account" } } }, { "parameters": { "content": "## Vendor Risk Assessment with Verifiable Decision Receipts\n**Why Signatrust?** Every AI decision here becomes a tamper-evident, Ed25519-signed receipt — verifiable for audits and disputes.", "height": 170, "width": 420, "color": 5 }, "id": "6d438858-e7ae-4c10-8e9f-6066d05eb92b", "name": "Sticky Note 67afed", "type": "n8n-nodes-base.stickyNote", "typeVersion": 1, "position": [ -40, 40 ] } ], "connections": { "Vendor Risk Assessment": { "main": [ [ { "node": "AI Decision", "type": "main", "index": 0 } ] ] }, "AI Decision": { "main": [ [ { "node": "Signatrust: Receipt", "type": "main", "index": 0 } ] ] }, "Signatrust: Receipt": { "main": [ [ { "node": "Log to Sheet", "type": "main", "index": 0 } ] ] } }, "active": false, "pinData": {}, "settings": { "executionOrder": "v1" }, "tags": [ { "name": "Vendor Risk Assessment — grc" }, { "name": "Vendor Risk Assessment — vendor" }, { "name": "Vendor Risk Assessment — security" }, { "name": "Signatrust (20)" } ], "meta": { "templateCredsSetupCompleted": false }, "versionId": "42e41a5a-d284-41ab-8778-c326706b955a" }