All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- SubType matching is now case-insensitive (BREAKING) — All
subTypevalues accepted via the rule and limit APIs are trimmed and normalized to lowercase canonical form before storage and matching. API responses now returnsubTypefields in lowercase. Clients that relied on the original casing in API responses (for display, diffing, or equality checks) must update. Downstream validation requests matching onsubTypeno longer need to preserve caller casing. - Rule and limit lifecycle mutations are now transactional with their audit events (BREAKING) — When a rule or limit lifecycle mutation is requested (create, update, activate, deactivate, draft, delete — including partial
PATCHedits viaUpdateLimitCommandandRule.Update), the repository mutation and the correspondingaudit_eventsrow now commit atomically inside a single PostgreSQL transaction. Operations that previously succeeded with a warn-logged audit failure now return HTTP 5xx and roll the mutation back, including ordinary field edits that do not change status. The post-commit rule cache update is guarded by a panic-safe closure so cache-layer faults do not convert successful commits into 5xx. Operator run-books that treated audit-failure-as-success must be updated; SOX/GLBA audit-chain integrity is now enforced at the persistence boundary for every write path.
- Limit merchant scope enforcement —
CheckLimitsInputnow propagatesMerchantIDfromValidationRequestthrough the limit evaluation pipeline. Limits scoped to a specific merchant are now correctly enforced only on transactions matching that merchant. Previously the merchant identifier was silently dropped, causing scoped limits to either over-enforce (matching all merchants) or under-enforce (matching none), depending on downstream wiring.
This is the first public release of Tracer, a real-time transaction validation and fraud prevention API for financial systems.
- Transaction Validation API - Real-time ALLOW/DENY/REVIEW decisions with <80ms p99 latency
- Expression-based Rules - Type-safe rule engine using CEL (Common Expression Language)
- Flexible Spending Limits - Daily, monthly, and per-transaction limits with scope-based application (account, segment, portfolio, merchant, transaction type)
- Complete Audit Trail - SOX/GLBA compliant with hash chain integrity and 7-year retention policy
- Rule Management - Create, activate, deactivate, update, and delete validation rules with draft/active status workflow
- Limit Management - Configure and manage spending limits with real-time usage tracking
- REST API - Comprehensive OpenAPI 3.0 documented endpoints for all operations
- Authentication - API key-based authentication with secure key management
- PostgreSQL Persistence - Robust data storage with database migrations and connection pooling
- Observability - Structured logging with slog, OpenTelemetry tracing, and Prometheus metrics
- Health Checks - Liveness and readiness endpoints for orchestration integration
- Docker Support - Production-ready containerization with distroless base images
- Input validation on all API endpoints with detailed error messages (TRC-* error codes)
- SQL injection protection via parameterized queries
- TLS 1.2+ enforcement for encrypted communications
- Rate limiting and request size constraints (100KB max payload)
- Audit trail immutability with PostgreSQL rules preventing UPDATE/DELETE operations
- Hash chain integrity for tamper detection in audit logs