MrSphay/intelligence-terminal
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

[Feature] Operator Rule Builder for Cross-Source Alerts #27

New Issue
Open
opened 2026-05-17 12:26:24 +00:00 by MrSphay · 0 comments
MrSphay commented 2026-05-17 12:26:24 +00:00
Owner
Copy Link

Summary

Introduce an operator-defined rule system for cross-source alerts, allowing users to create rules such as "if VIX rises and conflict events increase near an energy chokepoint, raise PRIORITY".

Why This Matters

The alert layer is currently mostly product-defined. Power users need a controlled way to encode their own intelligence requirements without editing source code.

Scope

  • Bug fix: No
  • New source: No
  • Dashboard/UI change: Yes
  • LLM/provider change: No
  • Other: Configurable alert/risk rule engine

Proposed Behavior

  • Add a rule format for source fields, thresholds, regions, keywords, time windows, and severity output.
  • Rules can combine multiple source categories: market, conflict, weather, maritime, aviation, cyber, health, sanctions, and social.
  • Each rule produces a structured finding with matched evidence and confidence.
  • Dashboard exposes rule hits in a dedicated panel and alerts can route to Telegram/Discord.
  • Include a dry-run mode that evaluates rules against runs/latest.json without sending alerts.

Acceptance Criteria

  • Rules are data-only and do not execute arbitrary code.
  • Invalid rules are reported as degraded diagnostics, not runtime crashes.
  • Rule output includes evidence and the exact conditions that matched.
  • Tests cover AND/OR logic, threshold comparison, missing source fields, and dry-run behavior.
  • Documentation includes 5 practical example rules.

Maintenance Impact

No new dependency should be introduced unless strongly justified. The main risk is rule complexity; keep the first version intentionally small and deterministic.

Additional Context

This should reuse source health and delta output where possible instead of creating a parallel alert pipeline.

## Summary Introduce an operator-defined rule system for cross-source alerts, allowing users to create rules such as "if VIX rises and conflict events increase near an energy chokepoint, raise PRIORITY". ## Why This Matters The alert layer is currently mostly product-defined. Power users need a controlled way to encode their own intelligence requirements without editing source code. ## Scope - Bug fix: No - New source: No - Dashboard/UI change: Yes - LLM/provider change: No - Other: Configurable alert/risk rule engine ## Proposed Behavior - Add a rule format for source fields, thresholds, regions, keywords, time windows, and severity output. - Rules can combine multiple source categories: market, conflict, weather, maritime, aviation, cyber, health, sanctions, and social. - Each rule produces a structured finding with matched evidence and confidence. - Dashboard exposes rule hits in a dedicated panel and alerts can route to Telegram/Discord. - Include a dry-run mode that evaluates rules against `runs/latest.json` without sending alerts. ## Acceptance Criteria - Rules are data-only and do not execute arbitrary code. - Invalid rules are reported as degraded diagnostics, not runtime crashes. - Rule output includes evidence and the exact conditions that matched. - Tests cover AND/OR logic, threshold comparison, missing source fields, and dry-run behavior. - Documentation includes 5 practical example rules. ## Maintenance Impact No new dependency should be introduced unless strongly justified. The main risk is rule complexity; keep the first version intentionally small and deterministic. ## Additional Context This should reuse source health and delta output where possible instead of creating a parallel alert pipeline.
MrSphay added the enhancementresearchproduct labels 2026-05-17 12:26:24 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
design-revert
Reverts visual/design changes
 enhancement
New feature or product improvement
 frontend-redesign
Frontend redesign and app-shell/UI work
 marketing-finalization
Product presentation, README, packaging metadata, and customer-facing communication.
 product
User-facing product capability or workflow
 research
Research-originated product idea ready for implementation design
No Label enhancement product research
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
MrSphay
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: MrSphay/intelligence-terminal#27
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?