Your Chatbot Should Not Own Your Business Logic

Infographic titled “Your Chatbot Should Not Own Your Business Logic” explaining that chatbots, Copilot extensions, Teams bots, Power Apps, web apps, workflows, APIs, and AI agents should be interfaces that consume governed enterprise AI capabilities rather than owning business logic. The image contrasts the bad pattern of business rules hidden in prompts and scattered across interfaces with the better pattern of shared capabilities such as invoice approval. It highlights benefits including consistency, reusability, testability, governance, observability, security, and scalability.
ChatGPT Image Jun 30 2026 12 31 53 PM

Your chatbot should not be where your enterprise business rules live.

Neither should your Copilot extension.

Neither should your Teams bot.

Neither should your Power App.

Neither should your web app.

Neither should your AI agent.

Those are interfaces.

They are ways for users, systems, and workflows to interact with business capabilities.

They are not the place where the enterprise’s core intelligence should be buried.

This is one of the most important architecture distinctions in enterprise AI:

Interfaces are consumers.

Capabilities are infrastructure.

When organizations miss that distinction, they start putting business logic inside prompts, chatbot flows, agent instructions, workflow steps, and UI-specific implementations.

That may work for a demo.

It does not scale well in production.

The Interface Is Not the Intelligence

A chatbot is an interface.

A Copilot bot is an interface.

A Teams bot is an interface.

A Power App is an interface.

A web application is an interface.

An API consumer is an interface.

An agent may include orchestration behavior, but in an enterprise system, it should still consume governed capabilities instead of becoming an unbounded container for business logic.

The interface is how work is requested.

The capability is how work is executed.

That separation matters.

If the interface owns the intelligence, every new interface becomes another place where business rules can drift, prompts can diverge, security assumptions can vary, and decisions can become inconsistent.

If the capability owns the intelligence, multiple interfaces can consume the same governed behavior.

That is the difference between AI app sprawl and enterprise AI architecture.

The Bad Pattern: Business Logic Hidden in the Chatbot

The bad pattern looks simple:

User → Chatbot → Prompt → Model → Answer

That may be useful for a prototype.

But if the chatbot owns the rules, the enterprise has a problem.

Imagine an invoice approval process. The chatbot prompt says to check the invoice amount, compare it to an approval threshold, detect missing fields, identify unusual vendor terms, decide whether legal review is required, escalate high-risk invoices, and summarize the reason for approval or rejection.

That sounds efficient.

But where does the business logic live?

Inside the prompt.

Who owns it? How is it tested? How is it versioned? How is it audited? How is it reused? How is it monitored? How is it secured?

This is where shallow AI architecture becomes dangerous.

The chatbot becomes more than an interface.

It becomes a hidden business rule engine.

That is the wrong place for enterprise logic.

Prompts Are Not a Safe Home for Core Business Rules

Prompts matter. Prompt design matters. System instructions matter. Retrieval instructions matter. Tool descriptions matter.

But prompts should not become the primary home for core business rules.

A prompt can guide behavior, provide task instructions, define formatting expectations, and explain how an AI system should reason about a bounded task.

But when prompts start containing approval policies, compliance rules, pricing rules, security exceptions, risk thresholds, escalation requirements, and operational policies, the enterprise should slow down.

That logic needs stronger architecture.

Core business rules usually need:

  • clear ownership
  • explicit versioning
  • test coverage
  • approval workflow
  • auditability
  • access control
  • change tracking
  • regression testing
  • observability
  • rollback
  • reuse across interfaces

A prompt alone does not give you that.

Do not bury enterprise business logic inside an interface-specific prompt when it should live in a reusable capability.

The Same Rule Should Not Be Rebuilt Five Times

Here is the common enterprise failure pattern.

A finance team builds an invoice approval Power App. An operations team builds a Teams bot for vendor exceptions. A procurement team builds a Copilot extension for purchase order questions. An executive dashboard includes an AI summary of payment risk. A workflow automation flags suspicious invoice patterns.

Each tool may be useful.

But each one starts implementing pieces of the same business logic.

The Power App has one version of the approval rule. The Teams bot has another version. The Copilot extension has prompt-based logic that sounds similar but behaves differently. The dashboard summarizes risk using a different model prompt. The workflow uses another set of conditions.

Now the enterprise has five versions of the same rule.

That is not innovation.

That is architecture debt.

The Better Pattern: Interfaces Call Capabilities

The better pattern is simple:

Interfaces call stable backend capabilities.

Instead of this:

  • Power App owns invoice approval logic
  • Teams bot owns invoice approval logic
  • Copilot prompt owns invoice approval logic
  • workflow owns invoice approval logic
  • web app owns invoice approval logic

Use this:

All interfaces call ApproveInvoiceCapability.

That capability can validate the invoice, check approval rules, verify the vendor, compare the purchase order, detect exceptions, classify risk, route for review, log the decision, and return structured output.

The Power App can call it. The Teams bot can call it. The Copilot extension can call it. The workflow can call it. The web app can call it. The reporting system can call it.

The interface changes.

The capability remains stable.

That is enterprise architecture.

Capabilities Make AI Reusable

A reusable AI capability is not just a prompt.

It is a governed business function that exposes useful behavior through a stable contract.

Examples include:

  • SummarizeDocument
  • ClassifyTicket
  • ExtractInvoiceData
  • ReviewContractClause
  • GenerateCustomerResponse
  • RouteServiceRequest
  • DetectComplianceRisk
  • ScoreProjectRisk
  • ValidateClaim
  • RecommendNextAction

These capabilities can be consumed from many places: chatbots, Power Apps, Teams bots, web applications, APIs, scheduled jobs, agents, and workflows.

The enterprise does not need to rebuild the same intelligence inside every interface.

It needs stable capabilities that interfaces can consume.

Capabilities Make AI Testable

Testing a chatbot conversation is difficult.

Testing a bounded capability is easier.

That is another reason business logic should live beneath the interface.

If the work is decomposed into capabilities and unit tasks, each task can have defined inputs, outputs, expectations, edge cases, and regression tests.

For example, an invoice review capability might include unit tasks such as extracting invoice fields, validating required values, comparing invoice amount to approval threshold, detecting missing purchase orders, classifying vendor risk, deciding whether human review is required, generating a decision explanation, and logging decision details.

Some of those tasks may not require AI at all.

A threshold check should probably be deterministic C# code or a business rule. Field extraction may use Azure Document Intelligence. Risk scoring may use statistics, ML.NET, or a rules model. A summary explanation may use an LLM.

The important part is that each task can be tested.

The interface should not hide that structure.

Capabilities Make AI Governable

Governance is much easier when business logic lives in shared capabilities instead of scattered interfaces.

A governed capability can define:

  • owner
  • purpose
  • approved users
  • approved data sources
  • input contract
  • output contract
  • validation rules
  • execution methods
  • approved models
  • fallback behavior
  • logging requirements
  • human review requirements
  • cost limits
  • version history
  • testing requirements
  • rollback procedure

That gives the enterprise a control point.

If every chatbot, Power App, workflow, and agent owns its own logic, governance becomes a scavenger hunt.

Interfaces Are Disposable. Capabilities Are Infrastructure.

User interfaces change. Chat experiences change. Copilot extension patterns change. Teams integration patterns change. Power Platform implementation patterns change. Web application frameworks change. Agent frameworks change. Model APIs change. Vendor offerings change.

But core business capabilities tend to last longer.

Enterprises will always need to classify requests, summarize documents, validate claims, route exceptions, review contracts, score risk, generate responses, and log decisions.

The interface may evolve.

The capability should remain stable.

That is why interfaces are disposable and capabilities are infrastructure.

Agents Do Not Eliminate the Need for Architecture

Some people assume agents solve this problem.

They do not.

Agents may make the problem worse if they become another place where business logic is hidden.

An agent that decides which tools to call still needs bounded capabilities, clear contracts, security context, tool governance, logging, testing, and human review.

Otherwise, the enterprise has simply moved business logic from a chatbot prompt into an agent instruction set.

That is not architecture.

That is relocation.

A serious enterprise agent should call approved capabilities. It should operate inside an architecture that defines what it can do, which tools it can call, what data it can access, how decisions are logged, when humans must review, and how behavior is tested.

Microsoft-Centric Example: Invoice Approval

For a Microsoft-oriented enterprise, the better pattern might look like this.

Interface options:

  • Microsoft Copilot extension
  • Teams bot
  • Power App
  • Blazor web application
  • workflow automation
  • internal .NET application
  • external vendor portal

Shared backend capability:

ApproveInvoiceCapability

Implementation components:

  • ASP.NET Core Web API exposes the capability
  • Microsoft Entra ID provides identity and security context
  • SQL Server stores invoice data, audit logs, and workflow state
  • C# business rules handle deterministic approval thresholds
  • Azure Document Intelligence extracts invoice fields
  • ML.NET scores vendor or exception risk where appropriate
  • Azure OpenAI summarizes exception reasons or generates human-readable explanations
  • Application Insights and Azure Monitor provide observability
  • Human review handles high-risk or ambiguous cases

In this pattern, the Copilot bot is not the system. The Power App is not the system. The Teams bot is not the system.

They are interfaces.

The reusable enterprise capability is the system boundary that matters.

Warning Signs Your Interface Owns Too Much

Here are some warning signs that the interface has become too intelligent:

  • The chatbot prompt contains business rules.
  • The Power App has its own version of approval logic.
  • The Copilot extension behaves differently from the web app.
  • The Teams bot has unique security assumptions.
  • The workflow has logic that no other interface can reuse.
  • The AI agent contains undocumented decision rules.
  • Nobody can explain which version of the rule is authoritative.
  • A policy change requires editing several prompts.
  • Different interfaces produce different answers for the same business question.
  • There is no central audit trail.
  • Testing happens manually through chat examples.
  • Model cost is tracked per app but not per capability.
  • Human review requirements vary by interface instead of business risk.

Those are not just implementation details.

They are architecture smells.

The Question to Ask Before Building the Interface

Before building another chatbot, Copilot extension, Power App, Teams bot, workflow, or agent, ask:

What reusable capability should this interface consume?

Then ask what business outcome the capability supports, what unit tasks are inside it, what inputs and outputs are required, what validation and security context are needed, which parts require deterministic logic, which parts require AI, which parts require human review, and how the capability will be tested, logged, versioned, and reused.

Those questions change the design.

The interface is still important.

But it is no longer pretending to be the architecture.

Final Thought

Your chatbot should not own your business logic.

Your Copilot bot should not own your business logic.

Your Power App should not own your business logic.

Your Teams bot should not own your business logic.

Your AI agent should not own your business logic.

Those are interfaces.

They should consume stable, reusable, governed enterprise capabilities.

That is how organizations avoid AI sprawl.

That is how they create consistent business behavior.

That is how they make AI testable, auditable, governable, reusable, and production-ready.

Interfaces are disposable.

Capabilities are infrastructure.

Frequently Asked Questions

Should a chatbot contain business logic?

Usually, no. A chatbot should act as an interface to business capabilities. Core business logic should live in reusable, governed services, rules, workflows, APIs, or capabilities that can be tested, audited, versioned, and reused across multiple interfaces.

Why is it risky to put business rules inside prompts?

Business rules inside prompts can be difficult to test, version, audit, and govern. They may also behave inconsistently when models change, prompts are edited, or different teams create their own prompt variations.

What is the difference between an interface and a capability?

An interface is how a user or system interacts with functionality. Examples include chatbots, Copilot extensions, Teams bots, Power Apps, web apps, workflows, agents, and APIs. A capability is the reusable business function underneath the interface that performs the work.

Can multiple interfaces use the same AI capability?

Yes. That is the preferred enterprise pattern. A Copilot extension, Teams bot, Power App, web application, workflow, and API can all call the same governed backend capability instead of each one owning separate business logic.

Do AI agents remove the need for business logic architecture?

No. AI agents still need architecture. They should call approved capabilities with clear contracts, security context, logging, testing, and governance. Otherwise, the agent becomes another place where business logic is hidden and difficult to control.

What is the better pattern for enterprise AI systems?

The better pattern is capability-first architecture. Define the reusable business capability first, decompose it into bounded unit tasks, define contracts and validation, choose the proper execution method, and then expose the capability through one or more interfaces.

author avatar
Keith Baldwin