WF-20260612-021 · v1
Code-first architecture · 2026-06-12
Automation Architecture
Autonomous
Inbound lead enrichment pipeline
CONFIDENCE · HIGH
HANDOFF · BUILD_READY
CODE-FIRST
GATE CLEARED
4/4 PASS
CRITERIA CLEARED
A webhook receives each inbound lead-form submission, enriches it against a read-only firmographic API, classifies segment and priority, and appends the categorized record to the internal tracking sheet. All four autonomy criteria pass — the action is reversible (append-only, idempotent per lead ID), observed in the sheet, low exception rate, and low cost of failure — and no GATE triggers, because nothing leaves the organization and no money, commitment, or regulated record is touched. The operator is authorized to deploy and operate the pipeline within the permission scope below.
Trigger · pipeline entry point
POST /hooks/lead-intake
Webhook fires on every new lead-form submission · no schedule, no manual start
EVENT-DRIVEN
Inputs
SystemData accessedPermission level
Lead-intake webhookRaw submission payloadReceive only
Firmographic APICompany / firmographic lookupRead-only API key
Internal tracking sheetAppend target · dedupe readAppend-only write
Execution sequence
ActionSystemOutput
01Validate payload schemaService runtimeValidated record
02Enrich via firmographic APIFirmographic APIEnriched record
03Classify segment & priorityService runtimeCategorized record
04Deduplicate against sheetTracking sheet · readDedupe result
05Append record to sheet TERMINALTracking sheetNew categorized row
Outputs
Dest.Internal tracking sheet · Ops workspace
FormatOne row per lead · structured columns
Naminglead_{id}
Retain24 months
Error handling
Enrich timeout → write record with enrichment_status=partial, continue
Append fails → retry 3× · then /deadletter + alert #ops-alerts within 5 min
Rollback → none required · append is idempotent on lead ID
Audit trail · per run
timestamp · trigger source · input count
output location · terminal status · anomalies
Stored in an append-only log table · retain 24 months
Controls · pre-deployment gates
☑Audit log configured and tested
☑Dedupe idempotency tested
☑Error alert routed to named owner (Ops Lead)
☑Permission scope limited to append-only
STACK
Self-hosted n8n workflow (or a small serverless function)
Webhook-driven, low volume, and stateless per event — an integration runner fits without the burden of a bespoke service. Before first run: provision the read-only API key in the secret vault, a sheet service account scoped to append-only, and the /deadletter store.
Expected outcomes
COMPLETEDRecord enriched, categorized, appended; audit entry written
COMPLETED_WITH_WARNINGSAppended with enrichment_status=partial after an API timeout
NEEDS_REVIEWClassifier confidence below threshold; row flagged for Ops review
BLOCKEDPayload fails schema validation; rejected before enrichment
FAILEDAppend failed after retries; record parked in /deadletter, owner alerted
Autonomy expires when
✓Workflow steps, inputs, or outputs change materially
✓AI surface or tool changes (model upgrade, platform migration)
✓Policy or compliance context changes
✓An incident occurs
✓Error rate exceeds threshold — >2% deadletter over a week
✓Recertification interval passes — every 6 months
Reviewer role changes or becomes vacant — not applicable; AUTONOMOUS has no approval checkpoint
Architecture options
OPT-1PRIMARY · LOW_CODE
✓ SELECTED
Execution architectureSelf-hosted integration runner (n8n) triggered by the lead webhook; append-only sheet write
Control fitNative retry, deadletter, and audit nodes enforce the failure contract deterministically
Implementation effortLow–medium — wire nodes, secrets, and the acceptance dry run
Security fitSecret vault for the API key; append-only credential for the sheet
PortabilityWorkflow JSON exports; logic is reproducible in a code service
Skill requirementsIntegration-platform administration · basic API auth
OPT-2CODE_FIRST
A small serverless function in the org's cloud. Maximum control and testability; higher maintenance and on-call burden than the low-code runner for this volume.
Omitted — NATIVE_SUITE: no suite workspace owns this webhook. · VENDOR_NEUTRAL: covered by OPT-1's exportable workflow.
Selected OPT-1Selection by Engineering leadDate 2026-06-12
Build handoff pack
BUILD_READY
Terminal-action boundaryAppend a categorized lead row; may not write to any external or customer-facing system
PermissionsRead-only firmographic key · append-only sheet credential · no delete or update scope
Deterministic controlsSchema validation gate · dedupe by lead ID · retry-then-deadletter on append
Failure / rollback / stopPark to /deadletter and alert the Ops Lead; append is idempotent so no rollback runs
Expiration triggersSchema, model, platform, policy, or control changes; any incident; >2% deadletter weekly
CLAUDE.md · Claude Code
Scope: append-only lead enrichment.
Never update or delete sheet rows.
Never write to customer-facing systems.
On append failure: deadletter + alert.
AGENTS.md · Codex
Build the webhook → enrich → classify → append pipeline.
Honor minimum-permission scopes.
Dry-run against staging sheet first.
Acceptance: no row without a lead ID.
Current state
DISPOSITION_PENDING
Who acts next
Engineering lead
Exact next action
Record disposition for v1, run the staging dry-run, then deploy
Operator Disposition
The Gate may recommend — the operator signs
APPROVE_FOR_BUILD
HOLD_FOR_EVIDENCE
REVISE
REJECT
Gate recommendationAPPROVE_FOR_BUILD — criteria cleared, append-only scope, failure contract defined