.ws files that can be stored in a Git repository, reviewed in pull requests, and deployed automatically when merged. This guide covers everything you need to know about managing the rule lifecycle using Git — FinWatch’s native approach.
Why GitOps for Fraud Rules?
Traditional fraud detection platforms manage rules through web UIs or proprietary configuration systems. This creates several problems:- No audit trail. Who changed the rule? When? Why? Most UIs don’t track this well.
- No review process. A single analyst can change a rule that blocks millions of dollars in transactions, with no second pair of eyes.
- No rollback. If a rule change causes false positives, reverting is manual and error-prone.
- No testing. There’s no staging environment, no CI pipeline, no way to test a rule change before it goes live.
Setting Up a Rules Repository
Creating the Repository
Create a dedicated Git repository for your fraud detection rules:Recommended Directory Structure
- One rule per
.wsfile. Always. - Organize by category. Group rules by the type of fraud pattern they detect.
- Include a README. Document the purpose of each category and any team-specific conventions.
- Store variable definitions alongside rules. This keeps everything in one place.
Initial Commit
Connecting FinWatch to Your Repository
FinWatch connects to your Git repository using two environment variables:Configuration
What Happens at Startup
When FinWatch starts with a Git repository configured:- Validation: Checks that Git is installed on the system. If not, startup fails with a fatal error.
- Clone or Update: If the local directory doesn’t exist, clones the repository. If it exists but isn’t a valid Git repo, removes it and re-clones. If it’s already a valid repo, pulls the latest changes.
- Process Existing Scripts: Scans the directory for all
.wsfiles and compiles them into the instruction database. - Start Periodic Sync: Begins polling the remote repository for changes every 30 seconds.
- Start File Watcher: Monitors the local directory for file system changes using
fsnotify.
The Rule Lifecycle
The complete lifecycle of a fraud detection rule in a GitOps workflow:Step 1: Write the Rule
Create a new.ws file on a feature branch:
Step 2: Commit with a Clear Message
- First line: Short summary of what changed.
- Body: Explain the thresholds, the reasoning behind score/verdict choices, and any regulatory context.
- Reference: Link to the fraud investigation ticket or compliance requirement that prompted the rule.
Step 3: Open a Pull Request
Push the branch and open a PR:- Description: What fraud pattern does this rule detect? Why is it needed?
- Thresholds justification: Why 10 transactions? Why 24 hours? Why $100 minimum?
- Testing evidence: Show test transactions that trigger and don’t trigger the rule.
- Scoring rationale: Why 0.5 and not 0.8?
Step 4: Review
Your team reviews the rule. Common review checklist:- Rule name is descriptive and follows
PascalCaseconvention. - Description is clear and written for a non-technical audience.
- Conditions are logically correct and cover the intended pattern.
- Cheap conditions are placed before expensive ones (performance).
- Score is appropriate for the confidence level.
- Reason is specific and actionable.
- No typos in field names.
- Time windows are appropriate (not too large, not too small).
Step 5: Merge and Auto-Deploy
Once approved, merge the PR tomain. Within 30 seconds (the default polling interval), FinWatch:
- Pulls the latest changes from the repository.
- Detects the new
.wsfile. - Compiles the rule.
- Adds it to the active rule set.
File Watching
FinWatch uses two complementary mechanisms to detect rule changes:Git Polling (Remote Changes)
TheGitManager periodically polls the remote repository for new commits:
- Default interval: Every 30 seconds.
- Mechanism: Executes
git pullon the tracked branch. - Behavior: If new commits are found, the updated/new
.wsfiles are automatically recompiled.
File System Watching (Local Changes)
For immediate feedback during development, FinWatch also watches the local directory using thefsnotify library:
- Events monitored: File creation, modification, and deletion.
- File filter: Only
.wsfiles trigger recompilation. - Behavior: When a
.wsfile is saved locally, FinWatch recompiles it within seconds.
- In production: The Git polling mechanism picks up merged changes.
- In development: Saving a file locally triggers immediate recompilation, giving you instant feedback.
Validation and Error Handling
What Happens When a Malformed Rule is Pushed
If a.ws file with a syntax error is committed and pushed, FinWatch will:
- Pull the change.
- Attempt to compile the rule.
- Log a parse error with the specific line and column number:
- Skip the malformed rule. Other valid rules continue to function normally.
- Not crash. A single bad rule does not bring down the engine.
Common Parse Errors
Pre-Merge Validation
To catch errors before they reach production, add a validation step to your CI pipeline. You can use FinWatch’s parser as a linter:Rolling Back a Rule
One of the strongest advantages of GitOps is the ability to roll back changes instantly.Revert a Specific Commit
Revert to a Known-Good State
Emergency: Delete a Rule
If a rule is causing immediate harm (blocking legitimate transactions), the fastest fix is to delete the file:Team Workflows
Branch Naming Convention
Required PR Labels
Consider labeling PRs to categorize changes:new-rule— Adding a new rule.tune— Adjusting thresholds or scores.critical— Changes that affectblockverdicts.compliance— Changes driven by regulatory requirements.
Review Requirements
- Any rule change: At least one peer review from an engineer.
blockverdict rules: Additional review from a compliance officer or fraud analyst.- Score changes above 0.8: Requires senior engineer approval.
- Variable list updates: Can be approved by the compliance team directly.
Tagging Releases
Tag your rule set after significant changes:Triggering a Manual Sync
If you need FinWatch to pull changes immediately (without waiting for the 30-second polling interval), use the Git sync API endpoint:git pull and recompilation of any changed .ws files.
Checking Repository Status
Next Steps
- Integration Guide — Connect FinWatch to your application’s transaction pipeline.
- Production Deployment — Deploy FinWatch with Git-based rules in a production environment.
- The Rule Cookbook — A library of production-ready rules to seed your repository.
- Troubleshooting — Resolve common Git sync and rule compilation issues.
.png?fit=max&auto=format&n=0JF6z69u57hmqsWm&q=85&s=531373acedba0eb783b669f6d558dfd8)