Freshdesk SLA Risk Predictor

AI-powered per-ticket SLA breach prediction that scores risk across five factors — complexity, customer tier, agent capacity, historical patterns, and escalation signals — and alerts your team before deadlines slip.

28-node n8n workflow that predicts per-ticket SLA breach risk from Freshdesk webhooks. 4 agents: Fetcher (code-only), Enricher (code-only), Analyst (the analysis model, 5-factor risk scoring), Formatter (the analysis model, Slack alert + Notion risk log). 3-tier routing: HIGH (>=70%) Slack+Notion, MEDIUM (40-69%) Notion only, LOW (<40%) silent log. SINGLE-MODEL PER_RECORD. $0.030/ticket avg. Blueprint Quality Standard (BQS) 12/12. Independent Test Protocol (ITP) 20/20, 14/14 milestones. This came from a support manager who only learned about SLA breaches after they happened. The predictor scores active tickets for SLA risk based on complexity, current response time, and queue depth so agents can prioritize before the clock runs out.

Last updated March 16, 2026

Support teams handle 50-200 tickets per agent per week, with SLA compliance depending on accurate routing and priority assignment. Manual triage introduces 10-15 minute delays per ticket and inconsistent categorization. Automated ticket intelligence routes, prioritizes, and scores customer effort in real-time.

triggerWebhook01FetcherFreshdesk02EnricherContext03Analyst5-Factor Risk04Formatter3-Tier RoutingSlackSLA AlertNotionRisk Log

Four Agents. Per-Ticket SLA Risk. Three-Tier Routing.

Fetcher

Step 1Fetcher

Code Only

Freshdesk webhook fires on ticket.created and ticket.updated events. Config Loader enables ITP bypass for testing. Fetcher extracts ticket metadata from the webhook payload: ticket ID, subject, description, priority, status, type, tags, requester info, and SLA policy details. Zero LLM cost.

Enricher

Step 2Enricher

Code + HTTP

What does Enricher actually decide? Pulls additional context from the Freshdesk API: ticket conversation history (reply count, response times), requester profile (company tier, ticket history count), assigned agent workload (open ticket count, average resolution time), and SLA policy thresholds. Assembles a complete risk assessment input package. Zero LLM cost.

Analyst

Step 3Analyst

Tier 2 Classification

This step exists because raw data alone is not enough. the analysis model scores SLA breach risk across 5 weighted factors: (1) ticket complexity — subject/description analysis, attachment count, technical depth, (2) customer tier weight — enterprise vs mid-market vs SMB priority, (3) agent capacity utilization — current workload relative to historical throughput, (4) historical resolution patterns — similar ticket type average resolution time vs SLA deadline, (5) escalation signal strength — requester sentiment, re-open count, priority escalations. Produces a composite risk score (0–100%) with per-factor breakdown.

Formatter

Step 4Formatter

Tier 2 + Routing

Without this step, upstream analysis sits idle. Risk Router classifies the composite score into three tiers. HIGH (≥70%): the analysis model generates a Slack Block Kit alert with risk breakdown, recommended actions, and SLA deadline countdown, plus a Notion risk log entry. MEDIUM (40–69%): Notion risk log entry only for tracking. LOW (<40%): silent log — no external notifications, zero delivery cost.A HubSpot 403 threw away all completed intelligence. Now external writes are non-blocking — if CRM update fails, the report still delivers.

That's the full pipeline. Here's what it intentionally does NOT do — and why those boundaries exist.

What It Does NOT Do

×

Does not replace your helpdesk — it predicts SLA breach risk, not ticket routing or agent assignment

×

Does not analyze weekly patterns — that is what Support Pattern Analyzer does

×

Does not work with Zendesk, Intercom, or other helpdesks — Freshdesk only in v1.0

×

Does not modify Freshdesk tickets — read-only API access for enrichment

×

Does not guarantee SLA compliance — it predicts breach risk and alerts your team to act

×

Does not scrape external websites — all data from Freshdesk, Slack, and Notion APIs

With those boundaries clear, here's everything that ships when you purchase.

The Complete Customer Success Bundle

6 files.

CHANGELOG.mdVersion history
README.mdSetup and configuration guide
docs/TDD.mdTechnical Design Document
freshdesk_sla_risk_predictor_v1_0_0.jsonn8n workflow (main pipeline)
system_prompts/analyst_system_prompt.mdAnalyst system prompt
system_prompts/formatter_system_prompt.mdFormatter system prompt

The technical specifications below are ITP-measured, not estimated.

Tested. Measured. Documented.

Every metric is Independent Test Protocol (ITP)-measured. The Freshdesk SLA Risk Predictor scores per-ticket SLA breach risk across five factors — the analysis model for 5-factor risk analysis at $0.016–$0.080/ticket (avg $0.030).

Tested on n8n v2.7.5, March 2026

Freshdesk SLA Risk Predictor v1.0.0 — Technical Reference━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━Architecture: 28 n8n nodes, 4 agents (Fetcher → Enricher → Analyst → Formatter)Trigger:      Freshdesk webhook (ticket.created/updated) + Manual WebhookInput:        Freshdesk — ticket data, requester profile, agent workload, SLA policiesIntelligence: Sonnet 4.6 × 2 (5-factor risk scoring + alert/log formatting)Output:       Slack — high-risk SLA breach alerts + Notion — risk log entriesCost:         $0.016–$0.080/ticket (avg $0.030, ITP-measured)ITP:          20/20 records, 14/14 milestones PASSBQS:          12/12 PASSTool A:       Freshdesk (input — ticket data via httpHeaderAuth)Tool B:       Slack (output — high-risk SLA breach alerts)Tool C:       Notion (output — risk log entries)Intelligence: 5-factor SLA risk scoring + SINGLE-MODEL PER_RECORD patternCost Value:   0.030

What You'll Need

Platform

n8n 2.7.5+

Est. Monthly API Cost

$3-$30/month (100-1000 tickets/month)

Credentials Required

  • Anthropic API
  • Freshdesk (API Key, httpHeaderAuth)
  • Slack (Bot Token, httpHeaderAuth Bearer)
  • Notion (Integration Token, httpHeaderAuth Bearer)

Services

  • Freshdesk account (API key + webhook automation)
  • Slack workspace (Bot Token with chat:write scope)
  • Notion workspace (Integration with database create permissions)
  • Anthropic API key (~$0.030/ticket avg)

Setup Track

Quick Start

~15 min

All credentials live, n8n running

Full Setup

1–2 hrs

Needs API config + tables

From Scratch

2–4 hrs

No n8n, no credentials

Freshdesk SLA Risk Predictor v1.0.0

$199

one-time purchase

What you get:

  • ITP-tested 28-node n8n workflow — import and deploy
  • Event-driven: Freshdesk webhook fires on ticket.created and ticket.updated
  • 5-factor SLA breach risk scoring: complexity, customer tier, agent capacity, historical patterns, escalation signals
  • Composite risk score (0–100%) with per-factor breakdown for every ticket
  • 3-tier routing: HIGH (≥70%) Slack alert + Notion log, MEDIUM (40–69%) Notion log only, LOW (<40%) silent
  • Freshdesk API enrichment: ticket history, requester profile, agent workload, SLA policies
  • Slack Block Kit alerts with risk breakdown, recommended actions, and SLA deadline countdown
  • Notion risk log for medium+ risk tickets — searchable, filterable risk database
  • SINGLE-MODEL: the analysis model for risk analysis and formatting — no Opus needed
  • PER_RECORD pattern: runs per ticket, not batch — real-time risk assessment
  • Configurable: Freshdesk domain, Slack channel, Notion database, risk thresholds
  • ITP 20/20 records, 14/14 milestones, $0.016–$0.080/ticket measured
  • All sales final after download

Frequently Asked Questions

What are the five risk factors?+

The Analyst scores each ticket across: (1) ticket complexity — subject/description analysis, attachment count, technical depth, (2) customer tier weight — enterprise vs mid-market vs SMB priority adjustment, (3) agent capacity utilization — assigned agent current workload relative to historical throughput, (4) historical resolution patterns — average resolution time for similar ticket types vs SLA deadline, (5) escalation signal strength — requester sentiment, re-open count, priority escalations. Each factor produces a weighted sub-score that feeds into the composite risk percentage.

How does the 3-tier routing work?+

The Risk Router classifies the composite risk score: HIGH (≥70%) triggers both a Slack Block Kit alert and a Notion risk log entry. MEDIUM (40–69%) creates a Notion risk log entry only — no Slack noise. LOW (<40%) is silently logged — zero external notifications.

How much does each ticket cost to analyze?+

ITP-measured: $0.016–$0.080/ticket depending on ticket complexity and enrichment data volume. Average across 20 ITP records: $0.030/ticket. LOW-risk tickets that route to silent log still incur the LLM cost for risk scoring.

How does it differ from Support Pattern Analyzer?+

Different scope and timing. SPA analyzes weekly ticket patterns in aggregate — clusters topics, detects emerging bugs, scores week health. FSRP predicts SLA breach risk per individual ticket in real time via Freshdesk webhooks.

What Freshdesk data does it use?+

Webhook payload provides: ticket ID, subject, description, priority, status, type, tags, requester info, and SLA policy. The Enricher pulls additional context via Freshdesk API: conversation history (reply count, response times), requester profile (company name, tier, historical ticket count), assigned agent workload (open tickets, average resolution time), and SLA policy thresholds.

Does it work with Zendesk or other helpdesks?+

Freshdesk only in v1.0. The webhook trigger and API enrichment are Freshdesk-specific. The Analyst prompt and risk scoring framework could be adapted to other helpdesks in future versions.

Why only Sonnet instead of Opus?+

Per-ticket SLA risk scoring works with structured data — ticket metadata, agent workload numbers, historical resolution times. The Enricher pre-computes all contextual data in code. the analysis model handles the 5-factor weighted scoring with high accuracy in ITP testing.

Can I test without real Freshdesk tickets?+

Yes. Send a POST to the webhook URL with _is_itp: true and ticket data in the payload. ITP mode bypasses the Freshdesk API enrichment and uses the fixture data directly.

Does it use web scraping?+

No. All data comes from three sources: Freshdesk API (ticket data and enrichment), Slack API (Block Kit alerts), and Notion API (risk log entries). No web_search, no external data sources, no scraping.

Is there a refund policy?+

All sales are final after download. Review the Blueprint Dependency Matrix and prerequisites before purchase. Questions?

Read the full guide →

Related Blueprints

Support Pattern Analyzer

AI reads your Freshdesk. Delivers a weekly support intelligence brief before standup.

$199

Account Health Intelligence Agent

Weekly AI health briefs for every account.

$249

Customer Onboarding Intelligence Agent

Deal closes. AI builds the onboarding brief before CS picks up the phone.

$249