How it works
Plan → Govern → Execute → Audit
Every action in StudAI BOS — whether triggered by a human, by AI, or by a scheduled rule — flows through the same four-stage execution pipeline. No shortcuts. No back doors. Every stage is logged.
Stage one
AI Thinks & Plans
The AI engine doesn't operate in a vacuum. It ingests live context from every module in the system — your CRM pipeline, outstanding invoices, employee headcount, active contracts, OKR progress, and risk registers. It sees your company the way a chief of staff would.
From that context, it generates a structured execution plan: a sequence of actions, each tagged with a confidence score, estimated cost impact, and the governance policy it will trigger. Plans are fully transparent — you see every step before you approve.
How context ingestion works
Cross-module data graph
AI reads from CRM, Finance, HR, Ops, Legal, and Strategy in one unified query layer.
Plan generation
Structured action plans with step-by-step breakdown, not free-text suggestions.
Confidence scoring
Each proposed action carries a confidence score (0–100) based on data completeness and historical success rates.
Cost impact estimation
Financial impact is calculated before execution — not after.
Governance checks applied
RBAC Policy Check
Does this actor have the required role to perform this action on this resource?
ABAC Policy Check
Does the context (department, amount, time, module) satisfy attribute-based rules?
Risk Scoring
Monetary value, data sensitivity, and reversibility are scored to determine risk tier.
Separation of Duties
The person who requested cannot also approve. The person who approved cannot also execute.
Approval Routing
Low-risk → auto-execute. Medium-risk → single approver (WhatsApp or dashboard). High-risk → multi-party browser confirmation.
Stage two
Governance Pipeline
Before any plan executes, it passes through the governance pipeline. This is not a simple “admin approval” button. It's a policy engine that evaluates RBAC roles, ABAC attributes, monetary thresholds, risk scores, and separation-of-duties constraints — automatically.
The governance layer determines who needs to approve, how they approve (dashboard, WhatsApp, or in-browser confirmation), and whether the action can auto-execute based on your configured autonomy level.
Stage three
Workflow Execution
Once approved, the action doesn't trigger a raw database write. It enters the workflow engine — a structured execution layer that coordinates mutations across modules, enforces transaction boundaries, and generates execution receipts for every step.
This is what separates a Business OS from a dashboard. The workflow engine is the single path through which all state changes flow. There is no “quick edit” that bypasses the audit chain. If it happened in the system, it went through a workflow.
Execution receipt contents
workflow_id: wf_a3f8c2e1
triggered_by: ai_plan_7291
approved_by: user_cfo_jane
action: expense.approve
module: finance
cost_impact: -₹4,50,000
risk_tier: medium
sod_validated: true
before_snapshot: snap_8f2a...
after_snapshot: snap_c1d9...
audit_hash: sha256:e4b2f...
timestamp: 2025-02-28T14:32:07Z
Audit chain properties
Hash-chained events
Each audit event includes a SHA-256 hash of the previous event. Any tampering breaks the chain and is immediately detectable.
Before/after snapshots
Every mutation records the state before and after execution. Full diff visibility for compliance review.
Tamper detection
Integrity verification runs continuously. If any event is modified or deleted, the system flags the breach.
Exportable logs
90-day standard retention, 365-day for enterprise. One-click export for external audit firms.
Stage four
Audit & Review
Every workflow execution generates an immutable audit event that is appended to a hash-chained log. This is not a “log file” — it's a cryptographic chain where each event references the hash of the previous event, making any retroactive modification immediately detectable.
Audit events include the full execution receipt, before/after data snapshots, actor identity, approval chain, and governance policy that authorized the action. Your compliance team — or any external auditor — can verify the entire history independently.
Human-in-the-loop
The right level of human involvement for every action
Not every action needs the same level of oversight. StudAI BOS routes actions to the appropriate approval channel based on risk scoring.
Auto-Execute
Routine actions that fall within pre-approved parameters execute immediately. The receipt is logged, the audit event is recorded, and the operator is notified after the fact.
Example: Categorizing an expense under ₹5,000, updating a contact's phone number.
WhatsApp Approval
Actions with moderate financial or operational impact are sent to the designated approver via WhatsApp. One-tap approve or reject, with full context attached.
Example: Approving a vendor payment of ₹2,00,000, posting a journal entry.
Browser Confirmation
High-value or irreversible actions require the approver to log into the dashboard, review full context, and confirm via the browser with an additional authentication step.
Example: Terminating an employee, executing a contract obligation above ₹50L.
See it in action.
Book a 30-minute walkthrough and see how the Plan → Govern → Execute → Audit pipeline works for your specific workflows.