n8n-flow

NDA intake triage with n8n

Difficulty

intermediate

Setup time

60min

For

legal-ops · contract-manager · paralegal

Legal Ops

Stack

An n8n flow that intercepts every inbound NDA arriving at a dedicated nda-intake@ mailbox, classifies the counterparty risk tier from a Postgres registry, runs the document through Claude Sonnet 4.6 against your NDA playbook, and either auto-approves the contract into Ironclad or routes it to a named reviewer in Slack with the clause-by-clause summary attached. Designed for in-house teams handling 50+ NDAs per month, where intake-time triage — not negotiation — is what consumes legal hours.

The downloadable bundle is at apps/web/public/artifacts/nda-intake-triage-n8n/ and contains the full workflow JSON plus a setup README. The bundle is the deliverable; this page explains when and how to use it.

When to use

Use this flow when three things are true at once. First, your team is processing enough NDAs that volume itself is the problem — typically 40+ per month, where the marginal NDA is essentially identical to the previous one and the legal team is acting as a bottleneck on commercial velocity rather than as a strategic gate. Second, you have an actual playbook — a written list of clause families, your standard-paper position on each, your authorized fallback positions, and the walk-away threshold. If the playbook lives in someone’s head, the AI step has nothing to compare against and you’ll get high-confidence garbage. Third, you have a counterparty registry in some queryable form — Postgres, Airtable, even a Google Sheet exported nightly — that maps email domains to a risk tier. Without it, every counterparty falls into “unknown” and the flow does nothing useful.

The flow shines on inbound counterparty paper from known commercial partners — the classic vendor-NDA-before-RFP and prospect-NDA-before-pricing-call cases. It is also useful as the first-pass filter on outbound NDAs your sales team kicks off from a Salesforce-triggered template, where the only deviation possible is the counterparty’s redline back to you.

When NOT to use

Skip this flow for any contract type that is not a vanilla NDA. The clause taxonomy in the system prompt is calibrated for confidentiality agreements only — feeding it an MSA, DPA, or services agreement will produce confident output against the wrong checklist, which is the worst possible failure mode. Build a separate flow per contract family if you want to extend.

Skip it for M&A NDAs, government contracting NDAs, and any NDA tied to a litigation hold. These need the GC’s attention from minute one, and the time the flow saves on triage is dwarfed by the political cost of a missed escalation. Route those through a separate intake email that bypasses the automation entirely.

Skip it for the first month after a material playbook change — clause additions, new fallback positions, a tier-rebalancing on the registry. The Claude prompt encodes the playbook implicitly through the system message; you need a manual-review window to catch where the model and the new policy disagree before you trust auto-approval again.

Skip it altogether if you process fewer than ~15 NDAs per month. The setup time (60 minutes plus the playbook codification work, which is the real cost) does not pay back inside a year at that volume. A shared mailbox and a paralegal with a checklist is the better answer.

Setup

Follow the README at apps/web/public/artifacts/nda-intake-triage-n8n/_README.md for the full credential and table-schema walkthrough. The 30-second version: provision the dedicated nda-intake@ mailbox, create the Postgres counterparty_registry and nda_audit_log tables (DDL is implied by the column lists in the README’s credentials section), pre-create three Ironclad workflow templates (nda-review, nda-escalation, and an nda record type), invite a Slack bot into #legal-ops-firehose, #legal-nda-queue, and #legal-gc-escalations, then import nda-intake-triage-n8n.json into n8n and bind the five credentials by name.

Run the five smoke tests in the README’s “First-run verification” section before you activate the workflow. The fifth test — temporarily breaking the Claude prompt to confirm the parser-error fallback escalates rather than silently auto-approves — is the one most teams skip and most regret.

What the flow does

The trigger is a Gmail poll that fires once per minute against the intake mailbox, filtered to messages with PDF or DOCX attachments and not yet labelled nda-processed. A Code node (Normalize Intake) extracts the sender, base64-encodes the attachment, and emits a typed envelope; messages with no usable attachment are diverted to a no_attachment status that downstream branches handle gracefully rather than crashing the workflow.

A Postgres node (Counterparty Lookup) queries the registry by sender domain and returns risk tier, preferred paper, and free-form notes. A second Code node (Merge Counterparty Context) defaults missing rows to risk_tier = 'unknown' rather than failing — the conservative override later catches this case.

The Claude call (Claude — Playbook Check) sends the document as a base64 block to Sonnet 4.6 alongside a system prompt that names ten clause families (governing law, term, mutuality, IP carve-outs, residuals, non-solicit, indemnity, exclusion-of-consequential-damages, definition-of-confidential-information, notice-of-breach) and demands strict JSON output with per-clause position, quote, suggested_redline, and confidence, plus a top-level recommendation of auto-approve, lawyer-review, or escalate.

The next Code node (Apply Risk Rules) is the safety belt. It applies three overrides in priority order: any walk-away clause forces escalate regardless of what Claude said; overall confidence below 0.7 demotes any auto-approve to lawyer-review; and any non-low risk tier demotes auto-approve to lawyer-review. The override reason is stamped on the audit row so you can measure how often each guard fires.

A Switch node routes to one of three branches — Ironclad record creation (auto-approve), Ironclad review workflow + Slack lawyer queue post with Block Kit summary (lawyer-review), or Ironclad escalation workflow + GC channel alert (escalate). Every branch converges on Audit Log Write, which inserts a single row keyed on the Gmail message ID (so retries are idempotent), and then Mark Gmail Processed, which adds the nda-processed label so the trigger does not re-fire.

The engineering choices worth naming: Sonnet 4.6 over Haiku because Haiku misses fallback clauses (cheaper per call but more expensive per false-approve); base64 document attachment over text extraction because PDF text extraction loses formatting cues that change clause meaning; conservative override at the Code-node layer rather than in the prompt because prompt-only safeguards are bypassable by adversarial counterparty paper; idempotent audit insert via ON CONFLICT (message_id) DO NOTHING because n8n retries on transient Postgres errors and you do not want duplicate rows; and Switch over IF because Switch keeps each branch’s connection topology visually obvious in the n8n canvas.

Cost reality

Per-NDA Anthropic cost is the dominant variable expense. A typical 4-page NDA serializes to roughly 6,000-9,000 input tokens (the document plus the system prompt and counterparty context) and the structured response lands at 800-1,200 output tokens. At Sonnet 4.6 list pricing of $3 per million input tokens and $15 per million output tokens, that is $0.018-$0.027 input + $0.012-$0.018 output, or roughly $0.03-$0.045 per NDA. At 100 NDAs per month, that is $3-$5 in API spend. At 1,000 NDAs per month it is $30-$45. Even with a 3x multiplier for retries on long documents and the occasional 10-page MSA misclassified as an NDA, the monthly bill stays under $200 at typical volumes.

n8n hosting is the other line item. Self-hosted on a $20/month VPS handles thousands of executions per day. n8n Cloud’s Starter tier is $24/month for 5,000 executions; if your intake mailbox triggers more than 5,000 polls + processed-message executions per month (it will at 200+ NDAs/month with one-minute polling), you need the Pro tier at $60/month or self-hosted.

The cost that actually matters is the legal-hours cost you avoid. A paralegal triaging an NDA manually averages 12-15 minutes per contract for the read-classify-route step alone. At a $90/hour fully-loaded paralegal rate, that is $18-$22 per NDA in human time. The flow’s $0.03 of API spend replacing $20 of paralegal time is a 600x cost ratio — but only if your team actually trusts the auto-approve branch and stops re-reading every contract behind it. Teams that double-check every auto-approval lose the savings; the flow becomes pure cost. Plan the trust-building rollout (point 2 under Watch-outs below) deliberately.

Success metric

Track two numbers weekly. Cycle time from intake to disposition (auto-approve, lawyer-review queued, or escalation queued) should land under 5 minutes for every branch — Slack alert in the queue, Ironclad record exists, audit log row written. If it drifts above 5 minutes, your Anthropic API is slow or n8n is queueing executions; investigate. Auto-approve precision is the second number: of every NDA the flow auto-approved, what percentage would a human reviewer have approved unchanged? Target 99% within 60 days of go-live. The weekly false-positive review queries nda_audit_log WHERE recommendation = 'auto-approve' AND overall_confidence < 0.85, samples 10 rows, and walks them through the playbook by hand. Anything below 99% precision means the playbook prompt or the override thresholds need tightening before you raise volume.

A useful supporting metric: escalation rate. Below 5% means the flow is doing real work. Above 15% means either the registry is undersized (too many “unknown” counterparties) or the playbook is too aggressive in classifying clauses as walk-away. Above 30% means the flow is acting as expensive routing for what is effectively manual triage; either fix the inputs or turn the flow off.

vs alternatives

vs manual triage by a paralegal. A senior paralegal with a written checklist costs $18-$22 per NDA and takes 12-15 minutes. The flow costs $0.03 and takes 90 seconds. The paralegal is dramatically better at edge cases (litigation triggers, unusual jurisdictions, novel clause structures) and dramatically worse at consistency and volume. The right architecture is both — the flow handles the 80% of vanilla NDAs that are exact-paper or one-clause-fallback, and the paralegal owns the lawyer-review queue with their judgment freed up for the contracts that need it. Replacing the paralegal entirely is the failure mode; augmenting them is the win.

vs an off-the-shelf CLM intake module. Ironclad, Icertis, ContractWorks, and similar all ship intake-routing features. They are excellent at the “store, version, route to approver” half of the problem and weak at the “classify against our specific playbook” half — their built-in AI tends to be a generic clause extractor calibrated against a generic clause library, not your particular fallback positions. The flow trades the convenience of an integrated product for the precision of a playbook-specific prompt. If your playbook is genuinely vanilla (you accept any reasonable mutual NDA), the off-the-shelf module is fine and you should not build this. If your playbook has specific positions on residuals, IP carve-outs, or non-solicits that matter, the flow’s prompt is what makes it earn its keep.

vs a manual Salesforce-to-Ironclad routing rule. A Salesforce flow that creates an Ironclad workflow when an opportunity hits a stage is purely deterministic — same routing, same reviewer, regardless of contract content. That is fine for outbound paper where you control the document, but useless for inbound counterparty paper where the routing decision should depend on what the contract actually says. Use both: Salesforce for outbound triggers, this flow for inbound classification.

Watch-outs

Counterparty registry coverage drives the auto-approve rate; without it the flow degrades to lawyer-review-on-everything. Failure mode: registry coverage is below 60% of inbound senders, so 40%+ of NDAs hit the non_low_risk_tier override and route to manual review even when clean. Guard: instrument Counterparty Lookup with a weekly query (SELECT count(*) FROM nda_audit_log WHERE counterparty_id IS NULL AND processed_at > now() - interval '7 days') and feed the unknown-domain list back to whoever owns the registry. Treat registry maintenance as a named role, not a side project.

Playbook drift causes silent miscalibration when policy changes faster than the prompt. Failure mode: legal updates the residuals position, but the system prompt in Claude — Playbook Check still encodes the old position, and Claude confidently auto-approves clauses your team has just decided are unacceptable. Guard: gate every playbook change behind a 30-day manual-review window. The override that demotes any auto-approve to lawyer-review on risk_tier != 'low' partially mitigates by funnelling more contracts through human eyes; the harder mitigation is a quarterly diff check between the prompt’s clause descriptions and the canonical playbook document.

Parser failures must always escalate, never default to approve. Failure mode: a long or unusual NDA causes Claude to wrap its response in markdown fences, the JSON.parse in Apply Risk Rules throws, and a naive implementation might fall through to a default branch and mis-route. Guard: the Apply Risk Rules Code node explicitly catches the parse exception and stamps recommendation = 'escalate' with escalation_reason: 'parser_error'. Do not edit this guard out, and run the README’s smoke test #5 every time you change the Claude prompt to confirm the catch still fires.

Privileged content can leak into the Anthropic API call when senders mistake the intake mailbox for general counsel. Failure mode: a business unit forwards an email thread that includes pending-litigation context plus an attached NDA into nda-intake@, and the entire thread (subject, body snippet, attachment) ends up in an Anthropic API request. Guard: the Code node currently caps body_snippet to 2,000 characters but does not strip body content; pair the flow with the AI policy for legal teams to authorize the data flow explicitly, and consider a pre-Claude IF node that diverts messages with subjects matching /litigation|privileged|attorney-client/i into the GC escalation branch without an LLM call.

Email channel discipline determines whether the flow ever sees the work. Failure mode: business teams ignore the intake mailbox and email NDAs to attorneys directly because the flow is faster only after the first NDA, and the first NDA is always sent the way it has always been sent. Guard: an autoresponder on every individual attorney mailbox (legal-bd@, gc@, etc.) that says “thanks, please re-send to nda-intake@” combined with a forwarding rule that auto-routes anything with NDA-shaped attachments. Drive the channel norm in the first 30 days; revisit if the flow’s monthly volume plateaus below your estimate.

Stack

n8n for orchestration, Claude Sonnet 4.6 for clause classification, Ironclad (or your preferred CLM) for record-keeping and downstream signature workflow, Slack for the reviewer queue, Postgres for the counterparty registry and audit log, Gmail for the intake mailbox. See the legal-ops vertical for related workflows including the contract review SOP this flow plugs into as the Tier 1-2 triage layer.

Edit this page on GitHub

Files in this artifact

Download all (.zip)

# NDA intake triage — n8n flow

## What this flow does

This flow watches a dedicated `nda-intake@yourcompany.com` inbox once per minute and processes every inbound message that carries a `.pdf` or `.docx` attachment. For each message the flow extracts the sender domain, looks the counterparty up in your Postgres `counterparty_registry`, sends the contract document to Claude Sonnet 4.6 with the company NDA playbook in the system prompt, parses the structured clause-by-clause output, applies a conservative-tier override (any walk-away clause or sub-0.7 confidence forces escalate; non-low-tier counterparties never auto-approve), then routes to one of three branches via a Switch node — auto-approve (Ironclad record + audit Slack message), lawyer-review (Ironclad review workflow + Slack queue ping with summary and SLA tag), or escalate (Ironclad escalation workflow + GC channel alert). Every path writes to a `nda_audit_log` table for the weekly false-positive review and labels the Gmail message `nda-processed` to keep the trigger query idempotent.

The flow is deliberately one-way — it never sends mail to the counterparty itself. Outbound communication (executed copy back, redline negotiation) stays in Ironclad where the audit trail, version history, and signature workflow already live.

## Import

1. In n8n, go to **Workflows → Import from File** and upload `nda-intake-triage-n8n.json`.
2. Open the imported workflow. Every node will show a red badge against its credential field — that is expected. Bind credentials in the next section before you switch the workflow on.
3. Open **Settings → Timezone** for the workflow and confirm it matches the inbox owner's working hours. The bundled JSON sets `America/New_York`; change to your own.
4. Leave the workflow in **Inactive** state until you have verified the first-run flow below.

## Credentials

### Gmail — `nda-intake` mailbox (`PLACEHOLDER_GMAIL_CRED_ID`)

Used by the trigger node and the final `Mark Gmail Processed` node. Create a Gmail OAuth2 credential authorized against the dedicated intake mailbox (not a shared inbox alias — the trigger needs its own message store). Required scopes: `https://www.googleapis.com/auth/gmail.modify`. The credential must be able to add labels — read-only scopes will fail at the last node. After you connect, create a Gmail label called `nda-processed` in the intake mailbox; capture its label ID from `https://gmail.googleapis.com/gmail/v1/users/me/labels` and replace `Label_NdaProcessed` in the `Mark Gmail Processed` node parameters with the actual ID.

### Postgres — counterparty registry (`PLACEHOLDER_POSTGRES_CRED_ID`)

Used by `Counterparty Lookup` and `Audit Log Write`. Point at the Postgres instance that holds your counterparty registry. The flow expects two tables — `counterparty_registry` with at least the columns `counterparty_id`, `counterparty_name`, `primary_domain`, `secondary_domains text[]`, `risk_tier` (one of `low`, `mid`, `high`, `unknown`), `preferred_paper`, `notes` — and `nda_audit_log` with `id serial primary key`, `message_id text unique`, `thread_id text`, `sender text`, `sender_domain text`, `counterparty_id text`, `counterparty_name text`, `risk_tier text`, `recommendation text`, `override_reason text`, `overall_confidence numeric`, `clauses_json jsonb`, `summary text`, `processed_at timestamptz`. Grant the n8n role `SELECT` on the registry and `INSERT` on the audit log only — no `UPDATE` or `DELETE` rights, so a misbehaving flow cannot rewrite history.

### Anthropic — `x-api-key` (`PLACEHOLDER_ANTHROPIC_CRED_ID`)

Used by `Claude — Playbook Check`. Create an HTTP Header Auth credential in n8n with header name `x-api-key` and value set to your Anthropic API key. Use a workspace key scoped to this single workflow — don't reuse a personal key. The bundled prompt targets `claude-sonnet-4-6`; downgrade to Haiku only after you have measured the false-auto-approve rate at Sonnet (Haiku misses fallback clauses more often).

### Ironclad — API token (`PLACEHOLDER_IRONCLAD_CRED_ID`)

Used by all three Ironclad nodes. Create an HTTP Header Auth credential with header `Authorization` and value `Bearer <your token>`. The token needs `records:write` and `workflows:write` scopes. Pre-create three workflow templates in Ironclad named `nda-review` and `nda-escalation`, plus a record type `nda` with the property fields named in the node bodies (`counterparty`, `risk_tier`, `contract_type`, `status`, `intake_email`, `ai_confidence`, `summary`, `escalation_reason`, `override_reason`, `sla_hours`, `ai_summary`). The HTTP request bodies are written against Ironclad's `properties` shape — if you use a different CLM, replace the three Ironclad nodes wholesale and keep the Switch outputs and audit log path intact.

### Slack — bot token (`PLACEHOLDER_SLACK_CRED_ID`)

Used by `Slack — Audit Log`, `Slack — Lawyer Queue`, and `Slack — GC Escalation`. Create an HTTP Header Auth credential with header `Authorization` and value `Bearer xoxb-...`. The bot needs `chat:write` and must be invited to three channels: `#legal-ops-firehose` (auto-approve audit), `#legal-nda-queue` (lawyer review queue), and `#legal-gc-escalations` (GC alerts). The lawyer queue payload is built with Block Kit so the reviewer gets a one-click "Open in Ironclad" button — replace the placeholder URL in the `Slack — Lawyer Queue` node with the Ironclad workflow URL field returned by the API.

## First-run verification

Run these five smoke tests in order with the workflow still **Inactive** and the trigger swapped for a manual run on a single Gmail message ID. Use your own real-paper NDA samples, not synthetic ones — the playbook check is calibrated against actual paper.

1. **Auto-approve happy path.** Send an NDA from a domain you have inserted into `counterparty_registry` with `risk_tier = 'low'` and a contract that uses your standard mutual paper unmodified. Trigger the flow. Expect: `Routing Switch` fires output 1, an Ironclad record appears with status `Executed — Auto-Approved`, a `:white_check_mark:` message lands in `#legal-ops-firehose`, and `nda_audit_log` has one row with `recommendation = 'auto-approve'`, `override_reason IS NULL`.
2. **Lawyer-review on fallback clause.** Send the same low-tier counterparty an NDA where the term clause is 5 years instead of your standard 3. Expect: `Routing Switch` fires output 2, an Ironclad `nda-review` workflow exists with `sla_hours = 24`, the Slack lawyer queue post shows `override_reason: none` and the summary references the 5-year term, audit log row has `recommendation = 'lawyer-review'`.
3. **Conservative override on unknown counterparty.** Send a clean standard-paper NDA from a domain that does NOT exist in the registry. Expect: even though every clause is acceptable, the audit row shows `override_reason = 'non_low_risk_tier'` and the message routes to the lawyer queue, not auto-approve. This is the guard against silently approving anything from an unknown sender.
4. **Escalate on walk-away clause.** Send an NDA that includes a non-mutual indemnity that is outside your fallback library. Expect: `Routing Switch` fires output 3, the `nda-escalation` workflow exists in Ironclad, `#legal-gc-escalations` receives a `:rotating_light:` post, `has_walk_away = true` in the audit row.
5. **Parser-error fallback.** Temporarily edit the `Claude — Playbook Check` system prompt to ask for prose instead of JSON, then re-run any sample. Expect: the flow does not auto-approve. `Apply Risk Rules` catches the JSON parse failure and forces `recommendation = 'escalate'` with `escalation_reason: 'parser_error'`. Revert the prompt before activating the workflow.

Once all five behave as expected, label the original Gmail messages with `nda-processed` (so the trigger does not re-fire on them), switch the workflow to **Active**, and watch the audit log + `#legal-ops-firehose` for the first 30 days. Treat any auto-approve with `overall_confidence < 0.85` as a manual-spot-check candidate during that window.

{
  "name": "NDA intake triage",
  "nodes": [
    {
      "parameters": {
        "pollTimes": {
          "item": [
            {
              "mode": "everyMinute"
            }
          ]
        },
        "filters": {
          "labelIds": ["INBOX"],
          "q": "in:inbox -from:me has:attachment (filename:pdf OR filename:docx) -label:nda-processed newer_than:2d"
        },
        "options": {
          "downloadAttachments": true,
          "attachmentsPrefix": "nda_"
        }
      },
      "id": "1c1c1c1c-0002-0000-0000-000000000001",
      "name": "Intake Inbox Poll",
      "type": "n8n-nodes-base.gmailTrigger",
      "typeVersion": 1.2,
      "position": [240, 400],
      "credentials": {
        "gmailOAuth2": {
          "id": "PLACEHOLDER_GMAIL_CRED_ID",
          "name": "Gmail — nda-intake mailbox"
        }
      },
      "notesInFlow": true,
      "notes": "Polls the dedicated nda-intake@ inbox once per minute. Downloads attachments inline so downstream nodes can stream the .pdf / .docx body to Claude."
    },
    {
      "parameters": {
        "jsCode": "// Pull the first NDA-shaped attachment, base64-encode it, and normalize the\n// envelope fields the downstream prompt needs. Reject mail with no usable file.\nconst item = $json;\nconst binary = $binary || {};\nconst attachmentKey = Object.keys(binary).find(k => /\\.(pdf|docx)$/i.test(binary[k].fileName || ''));\n\nif (!attachmentKey) {\n  // Surface as a structured 'no_attachment' record so the routing IF can divert it.\n  return [{\n    json: {\n      status: 'no_attachment',\n      sender: (item.from || '').replace(/.*<|>.*/g, ''),\n      subject: item.subject || '',\n      thread_id: item.threadId,\n      message_id: item.id,\n    }\n  }];\n}\n\nconst file = binary[attachmentKey];\nconst sender = (item.from || '').match(/<([^>]+)>/)?.[1] || (item.from || '').trim();\nconst senderDomain = sender.split('@').pop()?.toLowerCase() || '';\n\nreturn [{\n  json: {\n    status: 'have_attachment',\n    sender,\n    sender_domain: senderDomain,\n    subject: item.subject || '',\n    body_snippet: (item.snippet || '').slice(0, 2000),\n    received_at: item.internalDate ? new Date(Number(item.internalDate)).toISOString() : new Date().toISOString(),\n    thread_id: item.threadId,\n    message_id: item.id,\n    attachment_filename: file.fileName,\n    attachment_mime: file.mimeType,\n    attachment_size: file.fileSize,\n    attachment_b64: file.data,\n  }\n}];"
      },
      "id": "1c1c1c1c-0002-0000-0000-000000000002",
      "name": "Normalize Intake",
      "type": "n8n-nodes-base.code",
      "typeVersion": 2,
      "position": [460, 400]
    },
    {
      "parameters": {
        "operation": "executeQuery",
        "query": "SELECT\n  counterparty_id,\n  counterparty_name,\n  risk_tier,\n  preferred_paper,\n  notes\nFROM counterparty_registry\nWHERE primary_domain = $1\n  OR $1 = ANY(secondary_domains)\nLIMIT 1;",
        "options": {
          "queryReplacement": "={{ $json.sender_domain }}"
        }
      },
      "id": "1c1c1c1c-0002-0000-0000-000000000003",
      "name": "Counterparty Lookup",
      "type": "n8n-nodes-base.postgres",
      "typeVersion": 2.4,
      "position": [680, 400],
      "credentials": {
        "postgres": {
          "id": "PLACEHOLDER_POSTGRES_CRED_ID",
          "name": "Postgres — counterparty registry"
        }
      },
      "notesInFlow": true,
      "notes": "Returns null row when domain is unknown. Downstream code defaults missing rows to risk_tier='unknown'."
    },
    {
      "parameters": {
        "jsCode": "// Merge the intake payload with the counterparty row (or default unknown).\nconst intake = $('Normalize Intake').item.json;\nconst registry = $json || {};\n\nconst risk_tier = registry.risk_tier || 'unknown';\nconst counterparty_name = registry.counterparty_name || intake.sender_domain;\n\nreturn [{\n  json: {\n    ...intake,\n    counterparty_id: registry.counterparty_id || null,\n    counterparty_name,\n    risk_tier,\n    preferred_paper: registry.preferred_paper || 'unknown',\n    registry_notes: registry.notes || null,\n  }\n}];"
      },
      "id": "1c1c1c1c-0002-0000-0000-000000000004",
      "name": "Merge Counterparty Context",
      "type": "n8n-nodes-base.code",
      "typeVersion": 2,
      "position": [900, 400]
    },
    {
      "parameters": {
        "method": "POST",
        "url": "https://api.anthropic.com/v1/messages",
        "sendHeaders": true,
        "headerParameters": {
          "parameters": [
            { "name": "anthropic-version", "value": "2023-06-01" },
            { "name": "content-type", "value": "application/json" }
          ]
        },
        "authentication": "predefinedCredentialType",
        "nodeCredentialType": "httpHeaderAuth",
        "sendBody": true,
        "specifyBody": "json",
        "jsonBody": "={\n  \"model\": \"claude-sonnet-4-6\",\n  \"max_tokens\": 2048,\n  \"system\": \"You are an in-house contracts paralegal classifying inbound NDAs against the company playbook. For each clause family (governing law, term, mutuality, IP carve-outs, residuals, non-solicit, indemnity, exclusion-of-consequential-damages, definition-of-confidential-information, notice-of-breach), label the contract's position as 'acceptable' (matches our paper or a pre-approved fallback), 'fallback' (deviates but inside our authorized fallback library), or 'walk-away' (outside fallback envelope, requires GC sign-off). Then emit a top-level recommendation: 'auto-approve' only if every clause is acceptable AND counterparty risk_tier is 'low'; 'lawyer-review' if any clause is fallback OR risk_tier is 'mid'/'unknown'; 'escalate' if any clause is walk-away OR risk_tier is 'high'. Return strict JSON only — no prose, no markdown fences.\",\n  \"messages\": [\n    {\n      \"role\": \"user\",\n      \"content\": [\n        {\n          \"type\": \"document\",\n          \"source\": {\n            \"type\": \"base64\",\n            \"media_type\": \"{{ $json.attachment_mime }}\",\n            \"data\": \"{{ $json.attachment_b64 }}\"\n          }\n        },\n        {\n          \"type\": \"text\",\n          \"text\": \"Counterparty: {{ $json.counterparty_name }} ({{ $json.sender_domain }}). Risk tier: {{ $json.risk_tier }}. Preferred paper: {{ $json.preferred_paper }}. Registry notes: {{ $json.registry_notes }}. Email subject: {{ $json.subject }}. Output JSON shape: { \\\"clauses\\\": [{ \\\"family\\\": str, \\\"position\\\": 'acceptable'|'fallback'|'walk-away', \\\"quote\\\": str (<=200 chars), \\\"suggested_redline\\\": str|null, \\\"confidence\\\": 0..1 }], \\\"recommendation\\\": 'auto-approve'|'lawyer-review'|'escalate', \\\"summary\\\": str (<=500 chars), \\\"overall_confidence\\\": 0..1 }.\"\n        }\n      ]\n    }\n  ]\n}",
        "options": {
          "response": {
            "response": {
              "fullResponse": false
            }
          },
          "timeout": 60000
        }
      },
      "id": "1c1c1c1c-0002-0000-0000-000000000005",
      "name": "Claude — Playbook Check",
      "type": "n8n-nodes-base.httpRequest",
      "typeVersion": 4.2,
      "position": [1120, 400],
      "credentials": {
        "httpHeaderAuth": {
          "id": "PLACEHOLDER_ANTHROPIC_CRED_ID",
          "name": "Anthropic — x-api-key"
        }
      },
      "notesInFlow": true,
      "notes": "Sends the .pdf or .docx as a base64 document block. Sonnet 4.6 handles both. Cap at 2048 output tokens — clause JSON typically lands at 800–1200 tokens."
    },
    {
      "parameters": {
        "jsCode": "// Parse the Claude response, apply the conservative-tier override, and stamp\n// the routing decision used by every downstream branch.\nconst intake = $('Merge Counterparty Context').item.json;\nconst raw = $json.content?.[0]?.text || '';\n\nlet parsed;\ntry {\n  parsed = JSON.parse(raw);\n} catch (e) {\n  // Hard-fail to escalate when we cannot parse — never silently auto-approve.\n  return [{\n    json: {\n      ...intake,\n      recommendation: 'escalate',\n      escalation_reason: 'parser_error',\n      raw_response: raw.slice(0, 1000),\n      clauses: [],\n      summary: 'Claude response was not valid JSON. Manual review required.',\n      overall_confidence: 0,\n    }\n  }];\n}\n\n// Conservative override: any walk-away clause OR confidence < 0.7 forces escalate.\nconst hasWalkAway = (parsed.clauses || []).some(c => c.position === 'walk-away');\nconst hasFallback = (parsed.clauses || []).some(c => c.position === 'fallback');\nconst lowConfidence = (parsed.overall_confidence ?? 0) < 0.7;\n\nlet recommendation = parsed.recommendation;\nlet override_reason = null;\nif (hasWalkAway) {\n  recommendation = 'escalate';\n  override_reason = 'walk_away_clause';\n} else if (lowConfidence && recommendation === 'auto-approve') {\n  recommendation = 'lawyer-review';\n  override_reason = 'low_confidence';\n} else if (intake.risk_tier !== 'low' && recommendation === 'auto-approve') {\n  recommendation = 'lawyer-review';\n  override_reason = 'non_low_risk_tier';\n}\n\nreturn [{\n  json: {\n    ...intake,\n    recommendation,\n    override_reason,\n    has_walk_away: hasWalkAway,\n    has_fallback: hasFallback,\n    clauses: parsed.clauses || [],\n    summary: parsed.summary || '',\n    overall_confidence: parsed.overall_confidence ?? 0,\n  }\n}];"
      },
      "id": "1c1c1c1c-0002-0000-0000-000000000006",
      "name": "Apply Risk Rules",
      "type": "n8n-nodes-base.code",
      "typeVersion": 2,
      "position": [1340, 400]
    },
    {
      "parameters": {
        "rules": {
          "values": [
            {
              "conditions": {
                "options": {
                  "caseSensitive": true,
                  "leftValue": "",
                  "typeValidation": "strict"
                },
                "conditions": [
                  {
                    "id": "auto-approve-branch",
                    "leftValue": "={{ $json.recommendation }}",
                    "rightValue": "auto-approve",
                    "operator": {
                      "type": "string",
                      "operation": "equals"
                    }
                  }
                ],
                "combinator": "and"
              },
              "renameOutput": true,
              "outputKey": "auto-approve"
            },
            {
              "conditions": {
                "options": {
                  "caseSensitive": true,
                  "leftValue": "",
                  "typeValidation": "strict"
                },
                "conditions": [
                  {
                    "id": "lawyer-review-branch",
                    "leftValue": "={{ $json.recommendation }}",
                    "rightValue": "lawyer-review",
                    "operator": {
                      "type": "string",
                      "operation": "equals"
                    }
                  }
                ],
                "combinator": "and"
              },
              "renameOutput": true,
              "outputKey": "lawyer-review"
            },
            {
              "conditions": {
                "options": {
                  "caseSensitive": true,
                  "leftValue": "",
                  "typeValidation": "strict"
                },
                "conditions": [
                  {
                    "id": "escalate-branch",
                    "leftValue": "={{ $json.recommendation }}",
                    "rightValue": "escalate",
                    "operator": {
                      "type": "string",
                      "operation": "equals"
                    }
                  }
                ],
                "combinator": "and"
              },
              "renameOutput": true,
              "outputKey": "escalate"
            }
          ]
        },
        "options": {
          "fallbackOutput": "extra"
        }
      },
      "id": "1c1c1c1c-0002-0000-0000-000000000007",
      "name": "Routing Switch",
      "type": "n8n-nodes-base.switch",
      "typeVersion": 3.2,
      "position": [1560, 400]
    },
    {
      "parameters": {
        "method": "POST",
        "url": "https://api.ironcladapp.com/public/api/v1/records",
        "authentication": "predefinedCredentialType",
        "nodeCredentialType": "httpHeaderAuth",
        "sendHeaders": true,
        "headerParameters": {
          "parameters": [
            { "name": "content-type", "value": "application/json" }
          ]
        },
        "sendBody": true,
        "specifyBody": "json",
        "jsonBody": "={\n  \"type\": \"nda\",\n  \"name\": \"NDA — {{ $json.counterparty_name }} — auto-approved\",\n  \"properties\": {\n    \"counterparty\": { \"type\": \"singleSelect\", \"value\": \"{{ $json.counterparty_name }}\" },\n    \"risk_tier\": { \"type\": \"singleSelect\", \"value\": \"{{ $json.risk_tier }}\" },\n    \"contract_type\": { \"type\": \"singleSelect\", \"value\": \"NDA\" },\n    \"status\": { \"type\": \"singleSelect\", \"value\": \"Executed — Auto-Approved\" },\n    \"intake_email\": { \"type\": \"email\", \"value\": \"{{ $json.sender }}\" },\n    \"ai_confidence\": { \"type\": \"number\", \"value\": {{ $json.overall_confidence }} },\n    \"summary\": { \"type\": \"longText\", \"value\": \"{{ $json.summary }}\" }\n  },\n  \"attachments\": [\n    {\n      \"filename\": \"{{ $json.attachment_filename }}\",\n      \"contentType\": \"{{ $json.attachment_mime }}\",\n      \"data\": \"{{ $json.attachment_b64 }}\"\n    }\n  ]\n}",
        "options": {
          "timeout": 30000
        }
      },
      "id": "1c1c1c1c-0002-0000-0000-000000000008",
      "name": "Ironclad — Auto-Approved Record",
      "type": "n8n-nodes-base.httpRequest",
      "typeVersion": 4.2,
      "position": [1800, 200],
      "credentials": {
        "httpHeaderAuth": {
          "id": "PLACEHOLDER_IRONCLAD_CRED_ID",
          "name": "Ironclad — API token"
        }
      }
    },
    {
      "parameters": {
        "method": "POST",
        "url": "https://slack.com/api/chat.postMessage",
        "authentication": "predefinedCredentialType",
        "nodeCredentialType": "httpHeaderAuth",
        "sendHeaders": true,
        "headerParameters": {
          "parameters": [
            { "name": "content-type", "value": "application/json" }
          ]
        },
        "sendBody": true,
        "specifyBody": "json",
        "jsonBody": "={\n  \"channel\": \"#legal-ops-firehose\",\n  \"text\": \":white_check_mark: Auto-approved NDA — {{ $('Apply Risk Rules').item.json.counterparty_name }} (risk: {{ $('Apply Risk Rules').item.json.risk_tier }}, conf: {{ $('Apply Risk Rules').item.json.overall_confidence }}). Ironclad record: {{ $json.id || 'created' }}.\"\n}",
        "options": {}
      },
      "id": "1c1c1c1c-0002-0000-0000-000000000009",
      "name": "Slack — Audit Log",
      "type": "n8n-nodes-base.httpRequest",
      "typeVersion": 4.2,
      "position": [2020, 200],
      "credentials": {
        "httpHeaderAuth": {
          "id": "PLACEHOLDER_SLACK_CRED_ID",
          "name": "Slack — bot token"
        }
      }
    },
    {
      "parameters": {
        "method": "POST",
        "url": "https://api.ironcladapp.com/public/api/v1/workflows",
        "authentication": "predefinedCredentialType",
        "nodeCredentialType": "httpHeaderAuth",
        "sendHeaders": true,
        "headerParameters": {
          "parameters": [
            { "name": "content-type", "value": "application/json" }
          ]
        },
        "sendBody": true,
        "specifyBody": "json",
        "jsonBody": "={\n  \"template\": \"nda-review\",\n  \"name\": \"NDA review — {{ $json.counterparty_name }}\",\n  \"properties\": {\n    \"counterparty\": { \"type\": \"singleSelect\", \"value\": \"{{ $json.counterparty_name }}\" },\n    \"risk_tier\": { \"type\": \"singleSelect\", \"value\": \"{{ $json.risk_tier }}\" },\n    \"sla_hours\": { \"type\": \"number\", \"value\": 24 },\n    \"ai_summary\": { \"type\": \"longText\", \"value\": \"{{ $json.summary }}\" },\n    \"override_reason\": { \"type\": \"singleSelect\", \"value\": \"{{ $json.override_reason || 'none' }}\" }\n  },\n  \"attachments\": [\n    {\n      \"filename\": \"{{ $json.attachment_filename }}\",\n      \"contentType\": \"{{ $json.attachment_mime }}\",\n      \"data\": \"{{ $json.attachment_b64 }}\"\n    }\n  ]\n}",
        "options": {
          "timeout": 30000
        }
      },
      "id": "1c1c1c1c-0002-0000-0000-00000000000a",
      "name": "Ironclad — Review Workflow",
      "type": "n8n-nodes-base.httpRequest",
      "typeVersion": 4.2,
      "position": [1800, 400],
      "credentials": {
        "httpHeaderAuth": {
          "id": "PLACEHOLDER_IRONCLAD_CRED_ID",
          "name": "Ironclad — API token"
        }
      }
    },
    {
      "parameters": {
        "method": "POST",
        "url": "https://slack.com/api/chat.postMessage",
        "authentication": "predefinedCredentialType",
        "nodeCredentialType": "httpHeaderAuth",
        "sendHeaders": true,
        "headerParameters": {
          "parameters": [
            { "name": "content-type", "value": "application/json" }
          ]
        },
        "sendBody": true,
        "specifyBody": "json",
        "jsonBody": "={\n  \"channel\": \"#legal-nda-queue\",\n  \"text\": \":mag: NDA needs review — *{{ $('Apply Risk Rules').item.json.counterparty_name }}*\",\n  \"blocks\": [\n    {\n      \"type\": \"section\",\n      \"text\": {\n        \"type\": \"mrkdwn\",\n        \"text\": \":mag: *NDA needs review* — {{ $('Apply Risk Rules').item.json.counterparty_name }}\\nRisk tier: `{{ $('Apply Risk Rules').item.json.risk_tier }}`  ·  Confidence: `{{ $('Apply Risk Rules').item.json.overall_confidence }}`  ·  Override: `{{ $('Apply Risk Rules').item.json.override_reason || 'none' }}`\\nSLA: 24h\"\n      }\n    },\n    {\n      \"type\": \"section\",\n      \"text\": { \"type\": \"mrkdwn\", \"text\": \"*Summary*\\n{{ $('Apply Risk Rules').item.json.summary }}\" }\n    },\n    {\n      \"type\": \"actions\",\n      \"elements\": [\n        { \"type\": \"button\", \"text\": { \"type\": \"plain_text\", \"text\": \"Open in Ironclad\" }, \"url\": \"{{ $json.workflowUrl || 'https://app.ironcladapp.com' }}\" }\n      ]\n    }\n  ]\n}",
        "options": {}
      },
      "id": "1c1c1c1c-0002-0000-0000-00000000000b",
      "name": "Slack — Lawyer Queue",
      "type": "n8n-nodes-base.httpRequest",
      "typeVersion": 4.2,
      "position": [2020, 400],
      "credentials": {
        "httpHeaderAuth": {
          "id": "PLACEHOLDER_SLACK_CRED_ID",
          "name": "Slack — bot token"
        }
      }
    },
    {
      "parameters": {
        "method": "POST",
        "url": "https://api.ironcladapp.com/public/api/v1/workflows",
        "authentication": "predefinedCredentialType",
        "nodeCredentialType": "httpHeaderAuth",
        "sendHeaders": true,
        "headerParameters": {
          "parameters": [
            { "name": "content-type", "value": "application/json" }
          ]
        },
        "sendBody": true,
        "specifyBody": "json",
        "jsonBody": "={\n  \"template\": \"nda-escalation\",\n  \"name\": \"NDA escalation — {{ $json.counterparty_name }}\",\n  \"properties\": {\n    \"counterparty\": { \"type\": \"singleSelect\", \"value\": \"{{ $json.counterparty_name }}\" },\n    \"risk_tier\": { \"type\": \"singleSelect\", \"value\": \"{{ $json.risk_tier }}\" },\n    \"escalation_reason\": { \"type\": \"singleSelect\", \"value\": \"{{ $json.override_reason || 'walk_away_clause' }}\" },\n    \"ai_summary\": { \"type\": \"longText\", \"value\": \"{{ $json.summary }}\" }\n  },\n  \"attachments\": [\n    {\n      \"filename\": \"{{ $json.attachment_filename }}\",\n      \"contentType\": \"{{ $json.attachment_mime }}\",\n      \"data\": \"{{ $json.attachment_b64 }}\"\n    }\n  ]\n}",
        "options": {
          "timeout": 30000
        }
      },
      "id": "1c1c1c1c-0002-0000-0000-00000000000c",
      "name": "Ironclad — Escalation Workflow",
      "type": "n8n-nodes-base.httpRequest",
      "typeVersion": 4.2,
      "position": [1800, 600],
      "credentials": {
        "httpHeaderAuth": {
          "id": "PLACEHOLDER_IRONCLAD_CRED_ID",
          "name": "Ironclad — API token"
        }
      }
    },
    {
      "parameters": {
        "method": "POST",
        "url": "https://slack.com/api/chat.postMessage",
        "authentication": "predefinedCredentialType",
        "nodeCredentialType": "httpHeaderAuth",
        "sendHeaders": true,
        "headerParameters": {
          "parameters": [
            { "name": "content-type", "value": "application/json" }
          ]
        },
        "sendBody": true,
        "specifyBody": "json",
        "jsonBody": "={\n  \"channel\": \"#legal-gc-escalations\",\n  \"text\": \":rotating_light: NDA escalation — {{ $('Apply Risk Rules').item.json.counterparty_name }} (reason: {{ $('Apply Risk Rules').item.json.override_reason || 'walk_away_clause' }})\"\n}",
        "options": {}
      },
      "id": "1c1c1c1c-0002-0000-0000-00000000000d",
      "name": "Slack — GC Escalation",
      "type": "n8n-nodes-base.httpRequest",
      "typeVersion": 4.2,
      "position": [2020, 600],
      "credentials": {
        "httpHeaderAuth": {
          "id": "PLACEHOLDER_SLACK_CRED_ID",
          "name": "Slack — bot token"
        }
      }
    },
    {
      "parameters": {
        "operation": "executeQuery",
        "query": "INSERT INTO nda_audit_log (\n  message_id, thread_id, sender, sender_domain, counterparty_id, counterparty_name,\n  risk_tier, recommendation, override_reason, overall_confidence, clauses_json, summary, processed_at\n) VALUES (\n  $1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11::jsonb, $12, now()\n)\nON CONFLICT (message_id) DO NOTHING\nRETURNING id;",
        "options": {
          "queryReplacement": "={{ $('Apply Risk Rules').item.json.message_id }},{{ $('Apply Risk Rules').item.json.thread_id }},{{ $('Apply Risk Rules').item.json.sender }},{{ $('Apply Risk Rules').item.json.sender_domain }},{{ $('Apply Risk Rules').item.json.counterparty_id }},{{ $('Apply Risk Rules').item.json.counterparty_name }},{{ $('Apply Risk Rules').item.json.risk_tier }},{{ $('Apply Risk Rules').item.json.recommendation }},{{ $('Apply Risk Rules').item.json.override_reason }},{{ $('Apply Risk Rules').item.json.overall_confidence }},{{ JSON.stringify($('Apply Risk Rules').item.json.clauses) }},{{ $('Apply Risk Rules').item.json.summary }}"
        }
      },
      "id": "1c1c1c1c-0002-0000-0000-00000000000e",
      "name": "Audit Log Write",
      "type": "n8n-nodes-base.postgres",
      "typeVersion": 2.4,
      "position": [2240, 400],
      "credentials": {
        "postgres": {
          "id": "PLACEHOLDER_POSTGRES_CRED_ID",
          "name": "Postgres — counterparty registry"
        }
      },
      "notesInFlow": true,
      "notes": "Single audit row per inbound message (idempotent on message_id). Used for the weekly false-positive review."
    },
    {
      "parameters": {
        "operation": "addLabels",
        "messageId": "={{ $('Apply Risk Rules').item.json.message_id }}",
        "labelIds": ["Label_NdaProcessed"]
      },
      "id": "1c1c1c1c-0002-0000-0000-00000000000f",
      "name": "Mark Gmail Processed",
      "type": "n8n-nodes-base.gmail",
      "typeVersion": 2.1,
      "position": [2460, 400],
      "credentials": {
        "gmailOAuth2": {
          "id": "PLACEHOLDER_GMAIL_CRED_ID",
          "name": "Gmail — nda-intake mailbox"
        }
      },
      "notesInFlow": true,
      "notes": "Replace 'Label_NdaProcessed' with the actual Gmail label ID from your inbox so the trigger query (`-label:nda-processed`) deduplicates correctly."
    }
  ],
  "connections": {
    "Intake Inbox Poll": {
      "main": [
        [{ "node": "Normalize Intake", "type": "main", "index": 0 }]
      ]
    },
    "Normalize Intake": {
      "main": [
        [{ "node": "Counterparty Lookup", "type": "main", "index": 0 }]
      ]
    },
    "Counterparty Lookup": {
      "main": [
        [{ "node": "Merge Counterparty Context", "type": "main", "index": 0 }]
      ]
    },
    "Merge Counterparty Context": {
      "main": [
        [{ "node": "Claude — Playbook Check", "type": "main", "index": 0 }]
      ]
    },
    "Claude — Playbook Check": {
      "main": [
        [{ "node": "Apply Risk Rules", "type": "main", "index": 0 }]
      ]
    },
    "Apply Risk Rules": {
      "main": [
        [{ "node": "Routing Switch", "type": "main", "index": 0 }]
      ]
    },
    "Routing Switch": {
      "main": [
        [{ "node": "Ironclad — Auto-Approved Record", "type": "main", "index": 0 }],
        [{ "node": "Ironclad — Review Workflow", "type": "main", "index": 0 }],
        [{ "node": "Ironclad — Escalation Workflow", "type": "main", "index": 0 }],
        [{ "node": "Slack — Lawyer Queue", "type": "main", "index": 0 }]
      ]
    },
    "Ironclad — Auto-Approved Record": {
      "main": [
        [{ "node": "Slack — Audit Log", "type": "main", "index": 0 }]
      ]
    },
    "Slack — Audit Log": {
      "main": [
        [{ "node": "Audit Log Write", "type": "main", "index": 0 }]
      ]
    },
    "Ironclad — Review Workflow": {
      "main": [
        [{ "node": "Slack — Lawyer Queue", "type": "main", "index": 0 }]
      ]
    },
    "Slack — Lawyer Queue": {
      "main": [
        [{ "node": "Audit Log Write", "type": "main", "index": 0 }]
      ]
    },
    "Ironclad — Escalation Workflow": {
      "main": [
        [{ "node": "Slack — GC Escalation", "type": "main", "index": 0 }]
      ]
    },
    "Slack — GC Escalation": {
      "main": [
        [{ "node": "Audit Log Write", "type": "main", "index": 0 }]
      ]
    },
    "Audit Log Write": {
      "main": [
        [{ "node": "Mark Gmail Processed", "type": "main", "index": 0 }]
      ]
    }
  },
  "active": false,
  "settings": {
    "executionOrder": "v1",
    "timezone": "America/New_York",
    "saveExecutionProgress": true,
    "saveManualExecutions": true,
    "errorWorkflow": ""
  },
  "versionId": "1c1c1c1c-0002-0000-0000-0000000000ff",
  "meta": {
    "templateCreatedBy": "ooligo",
    "instanceId": "ooligo-nda-intake"
  },
  "id": "nda-intake-triage",
  "tags": [
    { "name": "legal-ops" },
    { "name": "contracts" },
    { "name": "nda" }
  ]
}