Skip review for known and trusted senders for Payables Agent tasks#9088
Open
mynjj wants to merge 6 commits into
Open
Skip review for known and trusted senders for Payables Agent tasks#9088mynjj wants to merge 6 commits into
mynjj wants to merge 6 commits into
Conversation
added 5 commits
July 3, 2026 14:28
Replace the all-or-nothing 'Review Incoming Invoice' boolean with an 'Email Review Policy' (Unset/Only if untrusted/Never/Always), secure-by-default with a forced decision at activation. In 'Only if untrusted', emails skip review when they arrive in a configured subfolder, or when compauth=pass and the sender is an Approved known sender. Per-sender policy (Ask/Approve/Reject) added to known senders; Reject skips task creation. Enable Load Headers in the Microsoft365 connector so compauth is available. Confirms/notifications surface when the known-senders list is inert (folder or policy). Upgrade maps true->Always, false->Only if untrusted. Same-tenant/VerifiedDomains check deferred.
- IsSenderAuthenticated: fall back to X-MS-Exchange-Organization-AuthAs=Internal so intra-tenant (onmicrosoft) mail without compauth is still trusted.- Folder tooltip now references the 'Only if untrusted' review policy.- Rename known-senders 'inert' wording to 'unused'; rename ClassifySetupChangeImpact -> ClassifyKnownSendersUnusedByChange and *InertReason -> *UnusedReason.- Confirm() takes format args directly (drop StrSubstNo); remove the unnecessary monitoring-off confirmation.- Replace PA Known Sender.GetPolicy with GetForEDocument returning the record, used by both ShouldRequestReview and IsSenderRejected.
…-only line ShouldRequestReview now trusts authenticated, unknown senders when the source email is stamped X-MS-Exchange-Organization-AuthAs=Internal, covering intra-tenant (onmicrosoft) mail without a Graph/VerifiedDomains call. Explicit per-sender policy still takes precedence. Factored source-email header reads into TryGetSourceEmailHeader and split IsSenderInternal from IsSenderAuthenticated. Restored EDocPOMatching.ConfigureDefaultPOMatchingSettings() (dev-only edit).
Move the security audit into PA Known Sender OnInsert/OnModify triggers so any write path (agent auto-add, manual page add, manual policy edit) is logged when a record is or becomes Approve. InsertIfNew now inserts with triggers; the page-level OnValidate audit is removed as redundant.
Contributor
Copilot PR ReviewIteration 2 · Outcome: completed Knowledge source: https://github.com/microsoft/BCQuality@822cae1b2771ac25f665f73369f69093bd4fd630 Orchestrator pre-filter (13 file(s) excluded)
Findings produced by the Copilot CLI agent against BCQuality at |
- Activation guard message now explains that Email review sets when incoming emails need supervisor approval.- Dropdown option 'Only if untrusted' -> 'Only untrusted senders'.- Known-senders hint describes adding regular senders and auto-approving trusted ones.
dcenic
approved these changes
Jul 4, 2026
ventselartur
approved these changes
Jul 6, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes AB#625413