{
  "name": "Vendor Risk Assessment with Verifiable Decision Receipts",
  "nodes": [
    {
      "parameters": {
        "httpMethod": "POST",
        "path": "vendor-risk",
        "options": {},
        "responseMode": "responseNode"
      },
      "id": "e69ecd78-1c6d-4e51-b970-e0dabdb61a07",
      "name": "Vendor Risk Assessment",
      "type": "n8n-nodes-base.webhook",
      "typeVersion": 2.1,
      "position": [
        0,
        300
      ]
    },
    {
      "parameters": {
        "modelId": {
          "__rl": true,
          "mode": "list",
          "value": "gpt-4o",
          "cachedResultName": "GPT-4O"
        },
        "messages": {
          "values": [
            {
              "role": "system",
              "content": "=You are a third-party risk AI. Return JSON: {\"tier\":\"LOW|MEDIUM|HIGH\",\"decision\":\"APPROVE|REJECT\",\"reason\":\"...\"}."
            },
            {
              "content": "=Return JSON only.\n\nInput:\n{{ JSON.stringify($json.body) }}"
            }
          ]
        },
        "jsonOutput": true,
        "options": {}
      },
      "id": "43b367b6-4207-46d4-ada4-68655def4c22",
      "name": "AI Decision",
      "type": "@n8n/n8n-nodes-langchain.openAi",
      "typeVersion": 2.1,
      "position": [
        220,
        300
      ],
      "credentials": {
        "openAiApi": {
          "name": "<your credential>"
        }
      }
    },
    {
      "parameters": {
        "operation": "generateReceipt",
        "agentName": "VendorRiskAgent",
        "workflowName": "={{ $workflow.name }}",
        "action": "={{ 'AI decision: ' + ($json.message.content.decision || $json.message.content.recommendation || 'completed') }}",
        "decision": "={{ JSON.stringify($json.message.content) }}",
        "additionalFields": {
          "modelProvider": "openai",
          "modelUsed": "gpt-4o",
          "decisionType": "vendor_risk",
          "riskLevel": "high",
          "humanReview": false,
          "policies": "tprm-v2, soc2",
          "permissions": "vendor.assess",
          "tags": "grc, vendor, security"
        }
      },
      "id": "b67d8613-4a7b-435e-925a-deaa11e960ac",
      "name": "Signatrust: Receipt",
      "type": "n8n-nodes-signatrust.signatrust",
      "typeVersion": 1,
      "position": [
        440,
        300
      ],
      "credentials": {
        "signatrustApi": {
          "name": "<your credential>"
        }
      }
    },
    {
      "parameters": {
        "operation": "append",
        "documentId": {
          "__rl": true,
          "mode": "id",
          "value": "REPLACE_SHEET_ID"
        },
        "sheetName": {
          "__rl": true,
          "mode": "list",
          "value": "Sheet1",
          "cachedResultName": "Sheet1"
        },
        "columns": {
          "mappingMode": "autoMapInputData",
          "value": {},
          "matchingColumns": []
        },
        "options": {}
      },
      "id": "ad0ae687-9ad3-41c9-9e07-22b9f913c1a3",
      "name": "Log to Sheet",
      "type": "n8n-nodes-base.googleSheets",
      "typeVersion": 4.5,
      "position": [
        660,
        300
      ],
      "credentials": {
        "googleSheetsOAuth2Api": {
          "name": "<your credential>"
        }
      }
    },
    {
      "parameters": {
        "content": "## Vendor Risk Assessment with Verifiable Decision Receipts\n**Why Signatrust?** Every AI decision here becomes a tamper-evident, Ed25519-signed receipt \u2014 verifiable for audits and disputes.",
        "height": 170,
        "width": 420,
        "color": 5
      },
      "id": "6d438858-e7ae-4c10-8e9f-6066d05eb92b",
      "name": "Sticky Note 67afed",
      "type": "n8n-nodes-base.stickyNote",
      "typeVersion": 1,
      "position": [
        -40,
        40
      ]
    }
  ],
  "connections": {
    "Vendor Risk Assessment": {
      "main": [
        [
          {
            "node": "AI Decision",
            "type": "main",
            "index": 0
          }
        ]
      ]
    },
    "AI Decision": {
      "main": [
        [
          {
            "node": "Signatrust: Receipt",
            "type": "main",
            "index": 0
          }
        ]
      ]
    },
    "Signatrust: Receipt": {
      "main": [
        [
          {
            "node": "Log to Sheet",
            "type": "main",
            "index": 0
          }
        ]
      ]
    }
  },
  "active": false,
  "settings": {
    "executionOrder": "v1"
  },
  "tags": [
    {
      "name": "Vendor Risk Assessment \u2014 grc"
    },
    {
      "name": "Vendor Risk Assessment \u2014 vendor"
    },
    {
      "name": "Vendor Risk Assessment \u2014 security"
    },
    {
      "name": "Signatrust (20)"
    }
  ],
  "meta": {
    "templateCredsSetupCompleted": false
  },
  "versionId": "42e41a5a-d284-41ab-8778-c326706b955a"
}