Skip to content
XeroML XeroML

Rules & Proposals

Rules are the core policy objects evaluated against traces.

Rule Fields

Each rule includes:

  • name
  • description
  • regulationSource (optional)
  • severity: CRITICAL | WARNING | INFO
  • checkType: STEP_SEQUENCE | SENSITIVE_DATA_SCAN | NUMERIC_THRESHOLD | LLM_POLICY
  • config (check-type specific JSON)
  • isActive
  • isArchived
  • version (increments on policy changes)

Check Type Config Shapes

STEP_SEQUENCE

{
  "before": "risk_assessment",
  "after": "final_decision",
  "requireBefore": true,
  "requireAfter": true
}

SENSITIVE_DATA_SCAN

{
  "regionPacks": ["GLOBAL", "IN"],
  "dataTypes": ["TAX_ID", "BANK_ACCOUNT"],
  "scanInputs": true,
  "scanOutputs": true,
  "scanMetadata": false,
  "customPatterns": [
    { "name": "internal_customer_id", "pattern": "CUST-[0-9]{8}" }
  ]
}

NUMERIC_THRESHOLD

{
  "field": "risk_score",
  "threshold": 80,
  "operator": ">=",
  "decisionField": "decision",
  "inconsistentDecision": "APPROVE",
  "spanName": "decision_engine"
}

LLM_POLICY

{
  "evaluationPrompt": "Verify sanctions screening completed before decision.",
  "temperature": 0,
  "provider": "openai",
  "model": "gpt-4.1"
}

Creation Modes

  • Manual: define fields and config directly
  • Natural Language: generate one proposal from a free-text requirement
  • Document: extract multiple proposals from uploaded policy documents (including PDF)
  • Proposals: approve/reject/edit generated proposals before they become rules

Rule Lifecycle

  • Create in inactive mode, then activate when validated
  • Toggle single rules or bulk activate/deactivate
  • Archive and restore rules
  • Hard delete is blocked when historical evaluations reference the rule

Policy changes return policyChanged metadata in the API/UI so you can decide whether to run historical backfill.