Traditional fraud detection systems are rigid — they either rely on static thresholds that generate excessive false positives, or require expensive ML pipelines that are slow to update. RiskPulse needed a detection system that business analysts could configure without engineering involvement, while still supporting complex composite rules.
Designed a rule engine supporting five composable detection strategies: threshold (simple value checks), velocity (event frequency over time windows), blacklist (entity matching), pattern (regex/behavioral), and composite (boolean logic combining other rules). Each rule type implements a common interface with `evaluate(event) → Alert | null`. Composite rules enable AND/OR/NOT combinations, allowing analysts to build complex detection logic from simple primitives. The engine processes events through a pipeline: ingest → enrich → evaluate → score → alert. A model score simulator provides deterministic heuristics for demo environments without requiring a trained ML model. Background workers (Redis + Python) handle async processing to keep the API responsive.
The composable architecture allows new detection rules to be created in minutes rather than days. The rule type system is extensible — adding a new detection strategy requires implementing a single interface. The portable database types (SQLite for dev, PostgreSQL for prod) enable rapid local development with production parity. LLM-optional narrative generation means the platform degrades gracefully without API keys.