Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.finwatch.finance/llms.txt

Use this file to discover all available pages before exploring further.

An Aggregate is a powerful, stateful function that performs a calculation over a specified time window. This is the key to detecting sophisticated fraud patterns that occur over multiple transactions. Aggregates are highly optimised; the engine pre-calculates them to ensure low-latency evaluation. Structure & Examples: The time window is defined using the ISO 8601 duration format (e.g., PT1H for 1 hour, P7D for 7 days). count: Counts the number of transactions. Use Case: Detect rapid, repeated transactions. 
// Block if more than 5 transactions are made from the same source in 1 hour.
when
    count(transaction_id, "PT1H", source == $current.source) > 5
 
sum: Calculates the sum of a numerical field. Use Case: Detect structuring or high-volume activity. 
// Flag if the total amount sent from an account in 24 hours exceeds $50,000.
when
    sum(amount, "P1D", source == $current.source) > 50000