Skip to content
VeraFrame Docs

External review

Some organizations have existing review systems — legal review platforms, internal governance tools, ticketing systems — that own the oversight process. Rather than duplicating that process inside VeraFrame, you can use the external review workflow to hand a validation off to the external system, track its state, and close the loop when the external decision comes back.

External review is available on tenants with the external_review_workflow feature enabled, typically the Compliance Edition tier.

The handoff flow

  1. A validation is generated and a review case enters pending_review because the tenant’s workflow settings created one.
  2. A reviewer opens the validation in the Admin dashboard and clicks Handoff.
  3. VeraFrame records the handoff details: the external system name, an external reference (ticket ID, case number), and the review owner.
  4. The validation state moves to in_review. The external reference becomes part of the audit trail.
  5. The external system does its thing — on its own timeline, in its own UI.
  6. When the external decision comes back, VeraFrame is updated with either external_approve or external_reject, plus a note.
  7. The validation state moves to approved or rejected accordingly. The audit trail now contains the full trace: initial generation → review case creation → handoff → external decision.

Updating the validation from the external system

There are two ways to update a handed-off validation:

Via the Admin dashboard

A reviewer with a required_reviewer_roles role can open the validation and click External approve or External reject, supplying a note that references the external decision (for example, a link to the legal review memo).

Via the REST API

If your external system supports outbound webhooks or scheduled syncs, it can call VeraFrame’s review endpoint directly:

POST /api/v1/history/{validation_id}/review
{
  "action": "external_approve",   // or "external_reject"
  "note": "Approved per legal review #12345",
  "external_reference": "LEGAL-12345",
  "external_system": "legal-reviewer"
}

See REST API for authentication details.

What gets recorded

The audit trail captures:

  • review_handed_off — when the validation was handed off, to which external system, with what reference.
  • external_review_approved / external_review_rejected — the external decision, who recorded it, and the note.

This produces a complete auditable chain from AI output to external decision, even when the actual decision happened in another tool.

When to use external review

  • Your organization already has an AI governance workflow in a legal or compliance platform.
  • Your reviewers are not VeraFrame users and should not have to log in to VeraFrame.
  • You need review timings or SLAs that VeraFrame does not model natively (for example, stage-gated multi-reviewer approvals).

When to stay with VeraFrame’s built-in review

  • You want reviewers to see the trust report and the evidence panel directly — external systems rarely render these richly.
  • Your review process is simple: approve, reject, edit.
  • You do not already have an external governance tool.

Not available on SaaS Cloud

External review is an Integration / Compliance Edition feature. SaaS Cloud tenants use the built-in approve/reject workflow instead.