Skip to main content

AxonFlow for HR Tech

HR and people-tech agents handle the most sensitive data in any organization -- Social Security numbers, salary figures, bank account details for direct deposit, health benefit selections, and performance reviews. Every compensation recommendation, hiring decision, and termination workflow carries legal exposure under employment law, tax regulation, and data protection statutes. A single ungoverned AI action -- leaking an employee's SSN to an LLM provider, auto-approving a salary change without manager review, or double-posting a payroll run on retry -- can trigger regulatory penalties, lawsuits, and irreparable employee trust damage.

AxonFlow provides the runtime governance layer that sits between your HR AI agents and the actions they take -- enforcing policies, detecting employee PII before it reaches LLM providers, gating consequential workforce decisions for human review, and producing the audit trail your compliance, legal, and HR leadership teams will ask for. This page maps AxonFlow capabilities to concrete HR workflows, regulatory requirements, and deployment patterns. Everything described here is shipped and available today.

The HR AI governance challenge

Employee data is uniquely sensitive

HR systems hold the intersection of every regulated data category: financial (SSNs, bank accounts, salary), medical (health plan selections, disability accommodations, leave reasons), and personal (performance reviews, disciplinary actions, termination reasons). AI agents that process this data touch multiple regulatory frameworks simultaneously. A single employee onboarding interaction can involve an SSN for tax purposes (IRS/SOX), a bank account for payroll (NACHA/ACH), and a health plan selection that crosses into HIPAA territory. Generic AI governance that treats all PII the same cannot enforce the different handling requirements each category demands.

Employment law in most jurisdictions places specific obligations on AI-assisted hiring, promotion, compensation, and termination decisions. EEOC guidance on AI in hiring requires that automated selection tools do not produce disparate impact. GDPR Article 22 gives employees the right not to be subject to decisions based solely on automated processing when those decisions produce legal or similarly significant effects -- and employment decisions are the textbook example. SOX Section 302 requires that compensation decisions at public companies have documented internal controls and officer certification. An AI agent that recommends salary adjustments or screens candidates without a human review gate and a documented audit trail creates liability under all three frameworks.

Payroll errors compound fast

A payroll agent that double-posts a direct deposit on retry does not create a "data quality issue." It creates an overpayment that triggers tax withholding corrections, W-2 amendments, and potential Department of Labor complaints. Idempotency is not a nice-to-have in payroll workflows -- it is the difference between an automated system and an automated liability. The same applies to benefits enrollment: an AI agent that processes a health plan change without human confirmation can trigger insurance coverage gaps that affect the employee and their dependents.

HIPAA crossover is real

HR systems that manage employee benefits, leave requests, and accommodation workflows routinely handle information that qualifies as protected health information (PHI) under HIPAA. An AI benefits administration agent that sends an employee's health plan selection or disability accommodation request to an external LLM has created a HIPAA exposure. The boundary between "HR data" and "health data" is not always clear, and AI agents do not respect boundaries they cannot see. Deterministic PII detection that catches health-adjacent identifiers before they leave your network is the only reliable safeguard.

Use cases

1. Employee onboarding copilot

What the agent does: An AI onboarding copilot guides new hires through document collection, tax form completion (W-4, I-9), benefits enrollment, and direct deposit setup. It queries HRIS and payroll systems via MCP connectors to pre-populate forms and verify submissions.

What could go wrong: The agent includes the employee's SSN in a prompt to an LLM for form-filling assistance. Or the agent forwards bank account details from the direct deposit setup to an unauthorized downstream tool. Or the agent completes enrollment in a benefits plan without the employee's explicit confirmation.

How AxonFlow prevents it:

  • PII detection catches SSNs (area/group/serial validated), bank account numbers (ABA checksum), email addresses, phone numbers, and dates of birth before they reach an LLM. The action is configurable per path: block, redact, warn, or log. See PII Detection.
  • MCP connector governance applies three-phase policy evaluation on every connector call to the HRIS: request-phase (before the call), response-phase (on the returned employee data), and exfiltration-phase (if data flows to another tool or LLM). This prevents employee PII from leaking across connector boundaries.
  • HITL approval gates pause benefits enrollment changes for employee or HR review. The require_approval policy action routes the step to a human approval queue where a reviewer approves or rejects via the API. Unanswered requests auto-expire after 24 hours in Evaluation tier.
  • Audit logging produces a complete decision chain across every step: LLM calls, connector invocations, policy evaluations, and human approvals. See Audit Logging.

2. Payroll processing agent

What the agent does: A payroll agent calculates compensation, applies tax withholdings, processes deductions, and initiates direct deposit transfers for each pay cycle. It queries HR, timekeeping, and benefits systems to assemble the payroll run.

What could go wrong: The agent retries on a network timeout and double-posts a payment. Or it includes employee bank account numbers in a prompt to an LLM for "payroll summary generation." Or it processes a payroll adjustment above the authorized threshold without manager sign-off, creating a SOX control gap.

How AxonFlow prevents it:

  • HITL approval gates pause any payroll adjustment above a configurable threshold. The require_approval policy action routes the step to a human approval queue where a payroll manager approves or rejects.
  • Idempotency enforcement via retry_context and idempotency_key prevents duplicate payments on retry. Each payroll disbursement carries a unique key that AxonFlow tracks across retries.
  • PII detection catches bank account numbers (ABA checksum), SSNs (format-validated), and credit card numbers (Luhn-validated) before they reach an LLM. See PII Detection.
  • Audit logging produces a structured record of every payroll decision: the policies evaluated, the verdict, the human approver, and the timestamp. This audit chain is the documented internal control your SOX auditor will ask for. See Audit Logging.
# Policy: require manager approval on payroll adjustments above threshold
name: payroll-adjustment-approval
category: sensitive-data
action: require_approval
conditions:
  - field: step_metadata.adjustment_amount
    operator: gt
    value: 5000
  - field: step_metadata.step_type
    operator: eq
    value: payroll_adjustment

3. Benefits administration agent

What the agent does: A benefits administration agent helps employees navigate open enrollment, process life-event changes (marriage, birth, address change), compare plan options, and update beneficiary designations. It queries benefits platforms and insurance carrier APIs via MCP connectors.

What could go wrong: The agent sends an employee's health plan selection or dependent information to an external LLM for plan comparison -- crossing into HIPAA territory. Or it processes a beneficiary change without employee confirmation. Or it enrolls an employee in the wrong plan tier because the connector returned stale eligibility data and no human caught the discrepancy.

How AxonFlow prevents it:

  • PII detection catches SSNs, dates of birth, email addresses, and phone numbers in benefits enrollment payloads. Health plan selection identifiers in LLM-bound prompts are detected and governed before they leave your boundary. See PII Detection.
  • HITL approval gates require employee confirmation on every enrollment change, beneficiary update, and plan modification. No benefits change executes without explicit human sign-off through the approval queue.
  • MCP connector governance enforces three-phase policy on every call to insurance carrier APIs: preventing the agent from forwarding dependent health information to an unauthorized downstream tool.
  • Governance profiles with AXONFLOW_PROFILE=strict ensure all detections trigger enforcement actions, not just logging. See Governance Profiles.

4. Compensation analysis agent

What the agent does: A compensation analysis agent reviews salary data, market benchmarks, performance ratings, and equity grants to generate adjustment recommendations for the annual compensation cycle. It queries HRIS and compensation management systems, calls LLMs for market analysis, and produces recommendation reports for manager and HR leadership review.

What could go wrong: The agent leaks individual salary data into an LLM prompt. Or it auto-applies a salary adjustment without the required approval chain (manager, HR, compensation committee). Or the adjustment recommendation has no audit trail linking the AI analysis to the human approver who signed off -- a SOX control failure.

How AxonFlow prevents it:

  • HITL approval gates enforce a deterministic review chain on every compensation recommendation. The require_approval action routes salary adjustments to the approval queue where the appropriate reviewer (manager, HR business partner, or compensation committee) approves or rejects.
  • PII detection catches SSNs, bank account numbers, and employee identifiers before salary data reaches an external LLM. See PII Detection.
  • Audit logging produces a complete decision chain: the data inputs, the policies evaluated, the AI recommendation, and the human approval. Each record includes decision_id, verdict, evaluated policies, timestamp, and caller identity. This is the SOX Section 302 documentation trail. See Audit Logging.
  • Evidence export (Evaluation and Enterprise) produces audit packages suitable for internal audit, SOX review, and compensation committee inspection. See Evidence Export.
# Decision Mode: check a compensation recommendation before it reaches the HRIS
curl -s -X POST http://localhost:8080/api/v1/decide \
  -H "Content-Type: application/json" \
  -d '{
    "stage": "agent",
    "caller_identity": {
      "gateway_id": "comp-analysis-gw",
      "tenant_id": "hr-compensation"
    },
    "target": {
      "type": "action",
      "action": "salary_adjustment"
    },
    "context": {
      "adjustment_percent": 12.5,
      "adjustment_amount": 15000,
      "employee_level": "senior"
    }
  }' | jq .
{
  "verdict": "require_approval",
  "decision_id": "c4e7b2a1-5f3d-4a8e-b9c1-7d2f8e3a6b5c",
  "trace_id": "3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f",
  "stage": "agent",
  "reasons": ["Salary adjustment exceeds automatic approval threshold"],
  "obligations": [],
  "evaluated_policies": ["comp_high_value_approval"],
  "expires_at": "2026-05-26T14:30:00Z"
}

5. Recruitment screening agent

What the agent does: A recruitment screening agent ingests resumes, extracts candidate qualifications, matches them against job requirements, and produces a ranked shortlist for the hiring manager. It queries applicant tracking systems (ATS) via MCP connectors and calls LLMs for resume parsing and qualification matching.

What could go wrong: The agent sends a candidate's full resume -- including SSN, email, phone, and date of birth -- to an external LLM. Or the agent produces a ranked shortlist without any human review, creating EEOC exposure if the ranking produces disparate impact. Or the screening decision has no audit trail documenting which criteria were applied and who reviewed the AI output.

How AxonFlow prevents it:

  • PII detection catches SSNs (format-validated), email addresses (RFC 5322), phone numbers, dates of birth, and other personal identifiers in resumes before they reach an LLM. The redact action strips identifiers while preserving the qualification content needed for screening. See PII Detection.
  • SQL injection scanning detects injection payloads in resume text fields and candidate-submitted data that could manipulate agent behavior. See SQL Injection Scanning.
  • HITL approval gates ensure every shortlist and screening recommendation receives human review before it advances in the hiring pipeline. The require_approval action routes the ranking decision to the approval queue for hiring manager sign-off.
  • Audit logging records the full decision chain: which policies were evaluated, the verdict, and the identity of the reviewer who approved the shortlist. This audit trail is the documentation your legal team needs to demonstrate that AI-assisted hiring decisions had appropriate human oversight. See Audit Logging.
# Policy: require hiring manager approval on all candidate rankings
name: recruitment-screening-approval
category: sensitive-data
action: require_approval
conditions:
  - field: step_metadata.step_type
    operator: eq
    value: candidate_ranking

Regulatory mapping

The table below maps specific regulatory requirements to shipped AxonFlow capabilities. HR AI systems touch employment law, tax regulation, data protection, and health information -- often in the same workflow. AxonFlow provides the technical safeguards referenced in these frameworks.

RequirementRegulationAxonFlow CapabilityDocs
Documented internal controls on compensation decisionsSOX Section 302/404HITL approval gates with require_approval action, structured audit logging with decision_id, verdict, evaluated policies, timestamp, approver identityHITL Approval Gates, Audit Logging
Human oversight on AI-assisted hiring decisionsEEOC AI Guidancerequire_approval action on screening and ranking steps, HITL approval queue, full decision chain audit trailHITL Approval Gates
Right not to be subject to solely automated decisions with legal effectsGDPR Article 22HITL approval gates ensuring human review on employment-affecting decisions (hiring, promotion, compensation, termination)Human-in-the-Loop
Employee data protectionGDPR Art. 5-6, CCPAPII detection (SSN, email, phone, DOB) with configurable block/redact/warn/log actions per pathPII Detection
Right to erasure (employee data)GDPR Art. 17POST /api/v1/gdpr/delete endpoint for data subject erasure requestsTrust Overview
Protection of taxpayer identification numbersIRS Publication 1075, SOXSSN detection (area/group/serial validated) with configurable enforcement actionPII Detection
Technical safeguards for health information in benefitsHIPAA Security RulePII detection applied to benefits enrollment and health plan data before it reaches LLMs; self-hosted deployment keeps data within your boundaryPII Detection
Payment data protection for direct depositNACHA Operating RulesBank account detection (ABA checksum), credit card detection (Luhn algorithm) with configurable actionsPII Detection
Transparency in automated employment decisionsEU AI Act Art. 13-14 (high-risk: employment)Structured decision records with evaluated policies, verdict rationale, and W3C traceparent correlationDecision Mode
Payroll processing integrityDOL / FLSAIdempotency enforcement via retry_context and idempotency_key preventing duplicate disbursements on retryChoosing a Mode

Note on EEOC compliance: AxonFlow does not perform fairness testing or bias detection on AI model outputs. It provides the human oversight gates and audit trail that demonstrate AI-assisted hiring decisions were reviewed by qualified humans before taking effect. Disparate impact testing is a separate discipline that requires statistical analysis of outcomes across protected classes.

Reference architecture

The diagram below shows AxonFlow in a typical HR tech stack. The pattern applies whether your AI agents are employee-facing (onboarding, benefits), manager-facing (compensation, hiring), or back-office (payroll processing).

Every interaction between an HR agent and an LLM provider passes through the Orchestrator, where policies are evaluated and PII detection runs. Every interaction between an HR agent and a data source (HRIS, ATS, payroll, benefits) passes through the MCP Gateway, where three-phase policy evaluation (request, response, exfiltration) applies. High-risk workforce decisions route to the HITL queue. All decisions produce structured audit records with decision_id, verdict, evaluated policies, timestamp, and identity.

Decision Mode for HR platform teams

Large HR tech platforms and enterprise people teams typically run existing integration layers between their HRIS, applicant tracking, payroll, and benefits systems. Asking these teams to rearchitect their traffic flow through a new proxy is not realistic -- especially when the HRIS integration has already passed security and compliance review.

Decision Mode solves this. AxonFlow runs as a standalone policy decision service. Each integration layer makes one inline POST /api/v1/decide call per request, receives a verdict (allow, deny, or require_approval), and enforces it locally. AxonFlow is never on the traffic path -- it is consulted, not traversed. This is the PDP/PEP pattern used across the industry by policy engines like OPA, XACML, and Cedar.

Each integration layer passes a stage identifier (llm, tool, or agent) and a caller_identity with its gateway_id and tenant_id. AxonFlow evaluates the same policy hierarchy for all three and returns a verdict with a trace_id that correlates decisions across layers using W3C traceparent headers. The result: one audit trail, one policy engine, enforcement at every layer, and zero changes to your existing HR infrastructure beyond the HTTP call.

For the full API reference, request/response schemas, and curl examples, see Decision Mode. For guidance on when to use Decision Mode versus Gateway Mode, Proxy Mode, or Workflow Control Plane, see Choosing an Integration Mode.

Deployment options for HR tech

HR teams handle data that spans financial, medical, and personal categories, often subject to multiple regulatory frameworks simultaneously. AxonFlow supports three deployment modes:

ModeDescriptionBest for
Self-HostedYou run AxonFlow on your own infrastructure. Source-available under BSL 1.1. Full control over data, network, and upgrades. Employee data never leaves your environment.Enterprises with strict data-residency requirements or HIPAA crossover concerns in benefits data
In-VPCAxonFlow runs inside your AWS VPC. No data leaves your network boundary. Managed by AxonFlow with your infrastructure controls.HR tech platforms that want managed operations without employee data leaving their VPC
SaaSManaged by AxonFlow in us-east-1. Fastest path to production.HR tech startups and teams without data-residency constraints

All three modes support the same feature set. For organizations handling benefits data that may cross into HIPAA territory, Self-Hosted or In-VPC deployment is recommended. See Deployment Mode Matrix for the full comparison and Licensing for tier details.

Getting started

Step 1: Run locally. Follow the Getting Started guide to run AxonFlow on your machine in under 5 minutes.

Step 2: Configure PII detection for employee data. Set up SSN detection (area/group/serial validated), bank account detection (ABA checksum), and email/phone/DOB detection. See PII Detection for configuration details.

Step 3: Set up HITL approval gates. Configure require_approval policies on high-risk workforce decisions: payroll adjustments, compensation changes, hiring decisions, and benefits enrollment. See HITL Approval Gates.

Step 4: Map your regulatory requirements. Use the compliance pages for your regulatory context:

Step 5: Evaluate with real workloads. Request a free Evaluation License for self-hosted validation with HITL approval gates, evidence export, and higher limits. If you need enterprise features, direct rollout support, or managed deployment, apply for the Design Partner Program.

Last updated on