BLOCK short-circuits evaluation, while
REVIEW outcomes accumulate. If no rule matches, the decision is ALLOW.
Rule types
Each rule carries an
action (ALLOW, REVIEW, or BLOCK) and an enabled flag. Rules are evaluated in the
order they appear in the ruleset’s rules array.
The exact ruleset JSON schema is documented in the API
reference. This page
describes the concepts; the schema is the source of truth for field names.
Conditions
A condition rule evaluates a boolean expression tree over the decision context, addressed with JSONPath ($.transaction.amount, $.metadata.channel, …). Expressions compose:
- Comparison —
eq,neq,lt,lte,gt,gte - Set membership — value
ina list - Boolean composition —
and,or,not - Velocity — a rolling-window count (see below)
Velocity
Velocity conditions count how many decisions matched a given identity within a rolling time window — for example, “more than 5 attempts on this card in the last hour”. Counters are maintained atomically and fail open: if the counter store is unavailable, the velocity check never blocks a transaction. The following fields can be counted:| Field | Counter |
|---|---|
$.credential_fingerprint | Per card instrument |
$.device.ip | Per device IP |
$.device.fingerprint | Per device fingerprint |
$.customer.id | Per customer |
Backend rules
A backend rule delegates the decision to a backend exposed by a Link integration. The rule names the integrationslug and the backend_id to invoke; Specter calls Link to assess
the transaction and maps the outcome to a Specter decision.
Before any call, Specter checks that the context contains the backend’s required fields. If any are missing, it
skips the backend with an insufficient_context result and makes no call.
Each backend rule has an on_error setting that governs what happens when the backend errors or times out:
on_error | Behavior |
|---|---|
allow | Skip the backend and continue evaluation (fail open). The default. |
block | Treat the failure as a BLOCK. |
review | Treat the failure as a REVIEW. |
Evaluation order
Related
Rulesets
Version and activate collections of rules.
Backends & connections
Connect external risk engines.