## GitHub Issue: ADR 003 R1b Rule Engine Implementation for Asset Discovery & Compliance
A new feature implementation details a generalized rule engine designed to automate compliance and asset management decisions in real-time. The system, referenced as ADR 003 R1b, wires a 'match → action' engine to evaluate every new `asset_discovered` event, triggering two core actions: `suggest_target` and `auto_create_target`. This moves policy enforcement from manual review to automated, inline execution upon data ingestion.

The technical core resides in `api/internal/rules/`. The `predicate.go` file defines a Go evaluator for a JSONB grammar, enabling complex logical operations (`$and`, `$or`, `$not`) and comparisons against asset properties like `technologies.<tag>`, `cves.<id>`, and `cves.severity`. Supporting tests in `predicate_test.go` validate scenarios including CIDR matching, regex, and a 'Shadow-IT' example. The `engine.go` file parses rule bodies and executes the `EvaluateAsset(rules, asset)` function to determine which actions fire.

This automation is backed by a persistent store with idempotent operations to set an asset's compliance status or add suggestions, deduplicated to prevent rule spam. Administrative APIs allow for listing active rules per tenant, upserting new versions, and soft deletion. The integration point is the `handleAssetDiscovered` function, which loads all active rules once per processing batch to run evaluations, signaling a shift towards programmable, continuous security and infrastructure governance.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: rule-engine, compliance-automation, asset-discovery, devops, security-automation
- **Credibility**: unverified
- **Published**: 2026-04-14 04:22:41
- **ID**: 63113
- **URL**: https://whisperx.ai/en/intel/63113