Vendor Onboarding
Policy-scored vendor approval with a sealed record
Every new vendor requires sign-off from procurement, legal, compliance, and finance. Currently each team emails the same attachments back and forth with no shared record. Wrap the intake form submission with Patchr: it scores the vendor against your policy rules, flags missing certifications, and packages a decision-ready proof pack — one call, one record.
Agent route
Manual process, no audit trail, inconsistent outcomes.
// Before: email chain, no shared record
async function submitVendor(form) {
const vendor = await saveVendorForm(form);
// ❌ Each team reviews independently — no unified verdict
// ❌ Policy rules checked manually — inconsistent
// ❌ No tamper-evident approval record
await notifyTeams(["procurement", "legal", "compliance", "finance"]);
return vendor.id;
}One SDK call. Evidence map, proof card, and recommended action returned.
import { PatchrClient } from "@patchr-core/sdk";
const patchr = PatchrClient.fromEnv();
async function submitVendor(form) {
const run = await patchr.runOrchestrator({
clientId: "vendor-ops",
channel: "api",
conversationId: `conv_vendor_${form.vendorId}`,
request: `Run vendor due diligence on ${form.vendorName} (${form.website}).
Score against policy: ${form.policyRules.join(", ")}.
Flag missing compliance certificates.`,
attachments: form.documents.map(doc => ({
name: doc.filename,
mime: doc.mimeType,
url: doc.url,
})),
metadata: {
vendorName: form.vendorName,
jurisdiction: form.jurisdiction,
policyRules: form.policyRules,
},
});
// ✅ Policy scored — evidence map attached
// ✅ Proof pack sealed for all stakeholders
// ✅ Decision-ready: proceedSafely | proceedWithCaution | escalateBeforeActing
return {
taskId: run.task?.taskId,
proofCard: run.proofCard,
verdict: run.proofCard?.recommendedRestraint,
};
}Same integration using the raw HTTP API with the httpx client.
import os, httpx
PATCHR_API = os.environ["PATCHR_API_BASE_URL"]
PATCHR_TOKEN = os.environ["PATCHR_API_TOKEN"]
def submit_vendor(form):
resp = httpx.post(
f"{PATCHR_API}/v1/orchestrator/run",
headers={"Authorization": f"Bearer {PATCHR_TOKEN}"},
json={
"clientId": "vendor-ops",
"channel": "api",
"conversationId": f"conv_vendor_{form['vendorId']}",
"request": (
f"Run vendor due diligence on {form['vendorName']} "
f"({form['website']}). Score against policy: "
f"{', '.join(form['policyRules'])}. "
"Flag missing compliance certificates."
),
"attachments": [
{"name": d["filename"], "mime": d["mimeType"], "url": d["url"]}
for d in form.get("documents", [])
],
"metadata": {
"vendorName": form["vendorName"],
"jurisdiction": form["jurisdiction"],
"policyRules": form["policyRules"],
},
},
)
run = resp.json()
return {
"taskId": run.get("task", {}).get("taskId"),
"proofCard": run.get("proofCard"),
"verdict": run.get("proofCard", {}).get("recommendedRestraint"),
}Output shape
A consistent proof card — every run.
Whether you run a dispute audit or an agent governance check, the output shape is identical. External systems — dashboards, decision ledgers, compliance tools — consume the same format regardless of which workflow produced it.
evidenceStatus — sourceBound | verified | partial
confidence — 0–1 score from the evidence map
recommendedRestraint — proceedSafely | proceedWithCaution | escalateBeforeActing
cite — portable proof ref for cross-system ledgers
Sample output
{
"status": "ready",
"route": ["resolve"],
"proofCard": {
"title": "Vendor due diligence: Acme Supply Co.",
"evidenceStatus": "sourceBound",
"confidence": 0.78,
"openQuestions": ["priceVarianceExceedsThreshold"],
"recommendedRestraint": "proceedWithCaution",
"cite": "patchr:proofCard:card_vendor_...#v1",
"citeRef": "patchr:proofPack:pack_...#v1"
}
}Ready to run it?
Run vendor due diligence on Acme Supply Co. (acme-supply.example.com). Check business registration, score against our Q3 procurement policy (priceVarianceUnder5pct, noSanctionedEntities), and flag any missing compliance certificates.