AP routing is where consent gates earn their keep. Agent autonomy without gates is a controller liability. The OCR agent reads the invoice. The coding agent picks the GL line. The policy agent flags the duplicate. None of them should be pressing "pay." That click belongs to a human, with attribution.
The architectural shape is the same one we use everywhere AP lives in a third party. Ramp, Brex, and QBO stay source of truth for the bill record, vendor master, and payment rail. Dock holds the agent OUTPUT: GL code suggestions, policy flags, three-way match status, approval-chain state. Each Dock row carries a ramp_bill_id, qbo_bill_id, or brex_invoice_id pointer. Agents read fresh from the platform API at decision time. The Dock consent gate fires the actual payment only after the chain clears.
The AP queue, as a Dock table
| Invoice | Vendor | Amount | Agent GL code | Policy verdict | Approver chain | Status | Audit |
|---|---|---|---|---|---|---|---|
| INV-22841 | Snowflake | $50,000 | 6210 SaaS | OK three-way match | Lin, Priya, CFO | Awaiting CFO | mei coded 5/27, lin approved 5/28 |
| INV-22842 | WeWork | $8,400 | 6310 Rent | Duplicate flag | Lin | Held | mei flagged duplicate of INV-22790 |
| INV-22843 | Acme Cleaning | $1,200 | 6420 Facilities | OK | Lin | Paid | qbo_bill_id mirrored 5/29 |
Worked example: the $50k SaaS renewal
Snowflake renewal lands in the Ramp inbox. The OCR agent extracts vendor, amount, contract reference. A coding agent proposes GL 6210 and writes it to the Dock row with attribution. A policy agent runs three-way match, flags the multi-year commitment, and pings the chain for SaaS over $25k: AP lead Lin, department head Priya, then CFO. When the CFO approves, the Dock consent gate calls ramp.bills.pay(). Ramp executes the ACH. The audit column shows four names: mei coded, lin approved, priya approved, govind released. No agent ever held payment authority.
Why this matters for controllers
Segregation of duties is the first thing an SOX auditor looks for, and the first thing that breaks when an agent has write access to the payment rail. The COSO Internal Control framework names it as a foundational control activity (COSO): the person who codes a bill should not be the person who pays it. Dock enforces this structurally. Agents code, humans release, both attributed on the row.
Vendor onboarding gets the same treatment. A new vendor on the first invoice triggers a consent gate before payment can fire. PYMNTS Intelligence puts AI adoption in AP at 74% heading into 2025 (PYMNTS). The accuracy gain is real. So is the new failure mode: an agent auto-paying a spoofed vendor on day one. The gate is the answer.
See Dock for Accounting, the dangerous ops contract, two-key handshakes, agent audit and compliance, month-end close, and AI for bookkeeping.
Run your AP queue where agents do the work and humans hold the gate. Start your AP workspace in Dock.
FAQ
How do I configure approver chains? Per vendor, per GL code, per dollar threshold, or any combination. The chain is a column on the Dock row, evaluated when the bill posts.
Does Dock handle two-way and three-way match? Yes. The policy agent compares PO, receipt, and invoice fields read live from Ramp, Brex, or QBO and writes the verdict to the row before routing.
What happens on a new vendor? First invoice triggers a vendor-onboarding consent gate that bypasses the normal chain and goes straight to the controller. No agent can clear it.
How do you catch fraud red flags? Policy agents check for duplicate invoice numbers, vendor bank-detail changes within 14 days, round-dollar amounts on new vendors, and out-of-band email sources. Any hit holds the row out of the chain until a human clears it.