PR P: Pluggable Rules Engine (JSON DSL) #20

Merged

nsatoshi merged 1 commits from devin/1776882394-pr-p-rules-engine into main

2026-04-22 20:30:23 +00:00

Author	SHA1	Message	Date
Devin	72ff0e4cc0	Pluggable Rules Engine with JSON DSL Some checks failed CI / Frontend Lint (pull_request) Failing after 7s Details CI / Frontend Type Check (pull_request) Failing after 6s Details CI / Frontend Build (pull_request) Failing after 7s Details CI / Frontend E2E Tests (pull_request) Failing after 7s Details CI / Orchestrator Build (pull_request) Failing after 7s Details CI / Contracts Compile (pull_request) Failing after 6s Details CI / Contracts Test (pull_request) Failing after 6s Details Code Quality / SonarQube Analysis (pull_request) Failing after 23s Details Code Quality / Code Quality Checks (pull_request) Failing after 4s Details Security Scan / Dependency Vulnerability Scan (pull_request) Failing after 4s Details Security Scan / OWASP ZAP Scan (pull_request) Failing after 3s Details Closes gap-analysis v2 §5.2 partial (Rules Engine was hardcoded). - services/rulesEngine.ts — declarative JSON DSL with a closed operator set (eq/neq/gt/gte/lt/lte/in/not_in/exists/matches/ length_gte/length_lte) + AND/OR/NOT combinators. No eval, no runtime code injection. Dotted + indexed path resolver. - evaluate(ruleSet, context) returns {ok, failures}; 'error' severity blocks, 'warn' is reported but non-blocking. 'when' clauses gate a rule (e.g. only check compliance.kyc if the compliance block is present at all). - Built-in rule sets mirror the pre-DSL hardcoded checks: preconditions.builtin — plan + pay step + participants + KYC commit.builtin — dlt tx hash + bank iso msg id + state=VALIDATING + no exceptions (arch §9.2) - Pluggable: RULES_FILE env points at a JSON map overriding any built-in by id. Silent fall-through to built-ins on error. - 16 unit tests across operators, combinators, severity semantics, 'when' gating, built-in rule sets, and loader behaviour. - Full suite 96/96 green; tsc --noEmit clean.	2026-04-22 18:28:26 +00:00

Author

SHA1

Message

Date

Devin

72ff0e4cc0

Pluggable Rules Engine with JSON DSL

CI / Frontend Lint (pull_request) Failing after 7s

Details

CI / Frontend Type Check (pull_request) Failing after 6s

Details

CI / Frontend Build (pull_request) Failing after 7s

Details

CI / Frontend E2E Tests (pull_request) Failing after 7s

Details

CI / Orchestrator Build (pull_request) Failing after 7s

Details

CI / Contracts Compile (pull_request) Failing after 6s

Details

CI / Contracts Test (pull_request) Failing after 6s

Details

Code Quality / SonarQube Analysis (pull_request) Failing after 23s

Details

Code Quality / Code Quality Checks (pull_request) Failing after 4s

Details

Security Scan / Dependency Vulnerability Scan (pull_request) Failing after 4s

Details

Security Scan / OWASP ZAP Scan (pull_request) Failing after 3s

Details

Closes gap-analysis v2 §5.2 partial (Rules Engine was hardcoded).

- services/rulesEngine.ts — declarative JSON DSL with a closed
  operator set (eq/neq/gt/gte/lt/lte/in/not_in/exists/matches/
  length_gte/length_lte) + AND/OR/NOT combinators. No eval, no
  runtime code injection. Dotted + indexed path resolver.
- evaluate(ruleSet, context) returns {ok, failures}; 'error'
  severity blocks, 'warn' is reported but non-blocking. 'when'
  clauses gate a rule (e.g. only check compliance.kyc if the
  compliance block is present at all).
- Built-in rule sets mirror the pre-DSL hardcoded checks:
    preconditions.builtin — plan + pay step + participants + KYC
    commit.builtin        — dlt tx hash + bank iso msg id +
                            state=VALIDATING + no exceptions (arch §9.2)
- Pluggable: RULES_FILE env points at a JSON map overriding any
  built-in by id. Silent fall-through to built-ins on error.
- 16 unit tests across operators, combinators, severity semantics,
  'when' gating, built-in rule sets, and loader behaviour.
- Full suite 96/96 green; tsc --noEmit clean.

2026-04-22 18:28:26 +00:00

PR P: Pluggable Rules Engine (JSON DSL) #20

1 Commits