> ## Documentation Index
> Fetch the complete documentation index at: https://developer.hellgate.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Update ruleset

> Updates `description` and/or `rules` on a DRAFT ruleset. Only DRAFT rulesets are editable.



## OpenAPI

````yaml /products/specter/openapi.yaml patch /api/admin/rulesets/{id}
openapi: 3.1.0
info:
  contact:
    email: hello@starfish.team
    name: Starfish GmbH & Co. KG
    url: https://hellgate.io/cpa/specter
  description: Composable decision engine and fraud prevention service.
  license:
    name: Hellgate API Terms
    url: https://hellgate.io/terms-and-conditions
  title: Specter API
  version: '1.0'
servers:
  - description: Managed instance of Specter
    url: https://{instance}.{env}.on-hellgate.cloud
    variables:
      instance:
        default: my-instance
        description: Your unique instance slug, provided during onboarding.
      env:
        default: eu1
        description: Deployment environment (currently eu1).
security: []
tags:
  - description: Evaluate transactions and retrieve decision results.
    name: Decisions
  - description: Close decisions that were flagged for manual review.
    name: Resolutions
  - description: Report payment lifecycle events for a prior decision.
    name: Lifecycle Events
  - description: Manage rulesets and their activation lifecycle.
    name: Rulesets
  - description: Configure interceptors and intercept live payment requests.
    name: Interceptors
  - description: Subscribe to decision and event notifications.
    name: Webhooks
  - description: Manage blocked field values.
    name: Blacklist
paths:
  /api/admin/rulesets/{id}:
    patch:
      tags:
        - Rulesets
      summary: Update ruleset
      description: >-
        Updates `description` and/or `rules` on a DRAFT ruleset. Only DRAFT
        rulesets are editable.
      operationId: admin_rulesets_update
      parameters:
        - description: Ruleset ID
          in: path
          name: id
          required: true
          schema:
            type: string
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UpdateRulesetRequest'
        description: Update attributes
        required: true
      responses:
        '200':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Ruleset'
          description: Updated ruleset
        '401':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        '403':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        '404':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
          description: Not found
        '422':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ValidationErrors'
          description: Validation errors
      callbacks: {}
      security:
        - bearerAuth: []
components:
  schemas:
    UpdateRulesetRequest:
      description: Only DRAFT rulesets are editable. Omit a field to leave it unchanged.
      properties:
        description:
          type: string
        rules:
          description: Replaces the full rules array
          items:
            $ref: '#/components/schemas/RuleInput'
          type: array
      title: UpdateRulesetRequest
      type: object
    Ruleset:
      properties:
        id:
          format: uuid
          type: string
        activated_at:
          format: date-time
          type:
            - string
            - 'null'
        context:
          example: checkout
          type: string
        created_at:
          format: date-time
          type: string
        created_by:
          type:
            - string
            - 'null'
        description:
          type:
            - string
            - 'null'
        rules:
          description: Rule definitions evaluated in array order
          items:
            $ref: '#/components/schemas/Rule'
          type: array
        status:
          enum:
            - DRAFT
            - ACTIVE
            - INACTIVE
          type: string
        version:
          example: 1
          type: integer
      title: Ruleset
      type: object
    Error:
      description: Generic error response with classifier, code, and message
      example:
        classifier: NOT_FOUND
        code: 404
        message: The requested resource does not exist
      properties:
        classifier:
          example: NOT_FOUND
          type: string
        code:
          example: 404
          type: integer
        message:
          example: The requested resource does not exist
          type: string
      required:
        - classifier
        - code
        - message
      title: Error
      type: object
    ValidationErrors:
      description: Response shape for request validation failures
      example:
        classifier: VALIDATION_ERROR
        code: 422
        validation_errors:
          - message: must be a positive integer
            path: limit
      properties:
        classifier:
          example: VALIDATION_ERROR
          type: string
        code:
          example: 422
          type: integer
        validation_errors:
          items:
            properties:
              message:
                example: must be a positive integer
                type: string
              path:
                example: limit
                type: string
            type: object
          type: array
      required:
        - classifier
        - code
        - validation_errors
      title: ValidationErrors
      type: object
    RuleInput:
      properties:
        id:
          description: >-
            Client-assigned rule identifier. Used in triggered-rule and
            backend-result entries.
          example: r1
          type: string
        action:
          description: >-
            Required for condition rules. Backend rules derive their action from
            the adapter response.
          enum:
            - BLOCK
            - REVIEW
          type: string
        async:
          description: >-
            When `true`, this backend or backend_group rule runs asynchronously
            after the synchronous response is returned. Only valid on `backend`
            and `backend_group` rules. A sync-phase ALLOW with async rules
            becomes PROVISIONAL until all async rules complete.
          type:
            - boolean
            - 'null'
        backend:
          description: >-
            Backend adapter key (backend rules only). Must match a configured
            adapter.
          example: vdm
          type: string
        condition:
          description: >-
            Condition expression tree (condition rules only). Logical: `{op:
            and|or, exprs: [...]}`, `{op: not, expr: {...}}`. Comparison: `{op:
            eq|neq|lt|lte|gt|gte, left: field_or_const, right: field_or_const}`.
            Set: `{op: in|not_in, left: field_or_const, right: field_or_const}`.
            Velocity: `{op: velocity, field: "$.path", threshold: N,
            window_seconds: N}`. Field references are JSON path strings starting
            with `$.`; constants are `{const: value}`.
          type: object
        description:
          type:
            - string
            - 'null'
        enabled:
          example: true
          type: boolean
        name:
          example: Block USD
          type: string
        on_error:
          description: >-
            Required for backend rules. `block` — fail-closed (BLOCK on adapter
            error). `allow` — fail-open (continue evaluation).
          enum:
            - block
            - allow
          type: string
        type:
          description: >-
            `condition` — evaluated locally. `backend` — delegates to an
            external adapter.
          enum:
            - condition
            - backend
          type: string
      required:
        - type
      title: RuleInput
      type: object
    Rule:
      properties:
        id:
          example: r1
          type:
            - string
            - 'null'
        action:
          description: >-
            Required for condition rules. Backend rules derive their action from
            the adapter response.
          enum:
            - BLOCK
            - REVIEW
          type: string
        async:
          description: >-
            When `true`, this backend or backend_group rule is executed
            asynchronously after the synchronous response is returned. Only
            applies to `backend` and `backend_group` rule types. A sync-phase
            ALLOW with async rules present is returned as PROVISIONAL.
          type:
            - boolean
            - 'null'
        backend:
          description: >-
            Backend adapter key (backend rules only). Must match a configured
            adapter.
          example: vdm
          type: string
        condition:
          description: >-
            Condition expression tree (condition rules only). Logical: `{op:
            and|or, exprs: [...]}`, `{op: not, expr: {...}}`. Comparison: `{op:
            eq|neq|lt|lte|gt|gte, left: field_or_const, right: field_or_const}`.
            Set: `{op: in|not_in, left: field_or_const, right: field_or_const}`.
            Velocity: `{op: velocity, field: "$.path", threshold: N,
            window_seconds: N}`. Field references are JSON path strings starting
            with `$.`; constants are `{const: value}`.
          type: object
        description:
          type:
            - string
            - 'null'
        enabled:
          example: true
          type: boolean
        fields:
          description: >-
            JSON path fields to match against the blacklist (blacklist rules
            only). All fields must match for a BLOCK to be triggered.
          items:
            type: string
          type:
            - array
            - 'null'
        live:
          description: >-
            Whether the backend runs live (true) or in shadow mode (false).
            Present on backend rules and on backend_group members.
          type:
            - boolean
            - 'null'
        members:
          description: Backend members of the group (backend_group rules only).
          items:
            properties:
              backend:
                example: vdm
                type: string
              live:
                example: true
                type: boolean
              weight:
                description: Relative weight for the split strategy.
                example: 60
                type: integer
            type: object
          type:
            - array
            - 'null'
        merge:
          description: How parallel member decisions are merged (backend_group rules only).
          enum:
            - strictest
            - most_lenient
            - consensus
          type:
            - string
            - 'null'
        name:
          example: Block USD
          type:
            - string
            - 'null'
        on_error:
          description: >-
            Error policy for backend and backend_group rules. `allow` —
            fail-open (continue evaluation). `block` — fail-closed (BLOCK on
            error). `review` — REVIEW on error.
          enum:
            - allow
            - block
            - review
          type: string
        populate_on:
          description: >-
            Event types that trigger blacklist population for this rule.
            Defaults to `["fraud_report"]` if omitted.
          items:
            enum:
              - fraud_report
              - chargeback
              - failed
            type: string
          type:
            - array
            - 'null'
        strategy:
          description: >-
            Member execution strategy (backend_group rules only). `fallback` —
            try members in order until one succeeds. `parallel` — run all
            members and merge. `split` — weighted A/B routing.
          enum:
            - fallback
            - parallel
            - split
          type:
            - string
            - 'null'
        ttl_seconds:
          description: >-
            TTL in seconds for blacklist entries created by this rule. If
            omitted, entries never expire.
          type:
            - integer
            - 'null'
        type:
          description: >-
            `condition` — evaluated locally. `backend` — delegates to an
            external adapter. `blacklist` — blocks if all specified fields match
            an active blacklist entry. `backend_group` — runs several backends
            together under a strategy.
          enum:
            - condition
            - backend
            - blacklist
            - backend_group
          type: string
      required:
        - enabled
        - type
      title: Rule
      type: object
  securitySchemes:
    bearerAuth:
      bearerFormat: JWT
      description: >-
        HS256-signed JWT bearer token, obtained via the OAuth2
        client-credentials grant (see Authentication).
      scheme: bearer
      type: http

````