Kamal: Created page with "= Compliance Server = The Compliance Server manages compliance rules and monitors rule violations for trading accounts. It maintains a repository of compliance rule definition..."

2025-12-01T21:59:57Z

Created page with "= Compliance Server = The Compliance Server manages compliance rules and monitors rule violations for trading accounts. It maintains a repository of compliance rule definition..."

New page

= Compliance Server =
The Compliance Server manages compliance rules and monitors rule violations for trading accounts. It maintains a repository of compliance rule definitions organized by directory entry, tracks rule states (active, passive, or deleted), and records violation events. By centralizing compliance rule administration and violation tracking, the server enforces consistent regulatory and risk management policies across the trading platform.

The Compliance Server integrates with the Service Locator for authentication and permission verification, the Administration Server to validate administrator privileges, and a MySQL database to persist compliance rules and violation records.

== Configuration ==
The Compliance Server is configured via a YAML file that defines network interfaces, database connection, and Service Locator integration. Below is the structure of the configuration file with example values:

<pre>
---
server:
# Primary network interface and port the Compliance Server binds to.
interface: "0.0.0.0:21900"

# List of addresses the server is reachable at (for registration with Service Locator).
# Typically includes both public-facing and local addresses.
addresses: ["198.51.100.5:21900", "10.0.0.5:21900"]

data_store:
# The address of the MySQL server (host:port).
address: "127.0.0.1:3306"

# The username for authenticating with MySQL.
username: spireadmin

# The password for the MySQL user.
password: 1234

# The name of the database schema where data is stored.
schema: spire

service_locator:
# The address of the Service Locator (host:port).
address: "10.0.0.5:20000"

# The account username used by the Compliance Server to authenticate with the Service Locator.
username: compliance_service

# The password for the Compliance Server's Service Locator account.
password: admin_password
...
</pre>

== Installation & Setup ==
A <code>setup.py</code> script is provided to generate the final <code>config.yml</code> from the <code>config.default.yml</code> template.

The script supports the following arguments:

<pre>
python setup.py
--local 0.0.0.0 # Local interface (default: auto-detected IP)
--world 198.51.100.5 # Global/public interface (optional)
--address 10.0.0.5:20000 # Service Locator address (default: local_interface:20000)
--password [REQUIRED] # Service password for authentication
--mysql_address 127.0.0.1:3306 # MySQL server address
--mysql_username spireadmin # MySQL username
--mysql_password secretpw # MySQL password (default: --password if omitted)
--mysql_schema spire # MySQL schema
</pre>

== Functionality ==
The Compliance Server provides the following capabilities:

=== Rule Management ===
Compliance rules are organized by directory entry (accounts or groups) and consist of:
* A unique rule identifier
* The associated directory entry
* A state (active, passive, or deleted)
* A compliance rule schema defining the rule logic

Administrators can create, update, and delete compliance rules. Rule changes are immediately propagated to subscribed clients for real-time enforcement.

=== Rule Monitoring ===
Clients with appropriate permissions can:
* Load existing compliance rules for a specific directory entry
* Subscribe to receive real-time updates when rules are added, modified, or deleted

Subscriptions enable clients to maintain synchronized views of active compliance rules without polling.

=== Violation Reporting ===
Administrators can report compliance rule violations, which are:
* Timestamped by the server
* Persistently stored in the database
* Available for audit and analysis

== Operations ==
The Compliance Server is controlled using three operational scripts: <code>start.sh</code>, <code>stop.sh</code>, and <code>check.sh</code>.

Log files are generated in the format:
<pre>
srv_YYYYMMDD_HH_MM_SS.log
</pre>

Upon startup, older log files are moved into the <code>logs/</code> directory.

=== check.sh ===
The <code>check.sh</code> script verifies whether the server is currently running by inspecting the PID recorded in <code>pid.lock</code> and testing whether the associated process exists.

If the server is not running, it prints:
<pre>
ComplianceServer is not running.
</pre>

=== start.sh ===
The <code>start.sh</code> script:
* Exits immediately if the server is already running
* Creates a <code>logs/</code> directory if necessary
* Moves any existing <code>srv_*.log</code> files into <code>logs/</code>
* Starts the <code>ComplianceServer</code> process in the background
* Writes the PID to <code>pid.lock</code>
* Reads network interfaces from <code>config.yml</code> and waits until the server is listening on at least one configured address

This ensures the server is fully initialized before the script exits.

=== stop.sh ===
The <code>stop.sh</code> script:
* Reads the PID from <code>pid.lock</code>
* Sends <code>SIGINT</code> to request a graceful shutdown
* Waits for termination using exponential backoff (up to 300 seconds)
* Sends <code>SIGKILL</code> if the server fails to stop cleanly
* Appends a forced-termination message to the most recent log file (if applicable)
* Removes the <code>pid.lock</code> file

This guarantees consistent shutdown behavior across normal and exceptional conditions.

Compliance Server - Revision history

Kamal: Created page with "= Compliance Server = The Compliance Server manages compliance rules and monitors rule violations for trading accounts. It maintains a repository of compliance rule definition..."