✅ Phase 2 Complete · 100%
Infra-UCE
Universal Compliance Engine – deterministic, explainable, auditable.
Infra-UCE validates transactions, infrastructure, and processes against regulatory frameworks—without opaque AI. The same input always produces the same output, on any platform, at any time.
The Problem with Traditional Compliance
Most current compliance tools suffer from a fundamental problem: opacity. AI-based solutions that no one can explain, results that vary across runs, auditors receiving “the algorithm decided” instead of evidence, and regulators frustrated by a lack of transparency.
Infra-UCE solves this with a radical approach: total determinism. Every rule is explicit, every evaluation is reproducible, and every result is backed by signed attestations and audit trails.
Snapshot
- Engine
- Deterministic CEL rule engine in Rust
- Best for
- Banks, fintechs, auditors, regulators, infra teams
- Coverage
- 10+ frameworks, 170+ rules, 510 test vectors
How Infra-UCE Works
Evaluation Flow
- Evidence ingestion with JSON schema validation.
- Rulepack loading and signature verification (RSA-4096).
- Deterministic CEL evaluation in a memory-safe Rust engine.
- Result generation (PASS/FAIL/WARN per rule).
- Attestation signing (RSA-4096/SHA-256) with UETR linking where applicable.
- Storage and export to SARIF, JSON, and HTML reports.
Determinism Guarantees
- Same input always produces the same output.
- Reproducible results across Linux, macOS, and Windows.
- No non-deterministic functions (no randomness, no hidden time).
- Pure CEL expressions with no side effects.
- Signed rulepacks and hash-chained audit logs.
- Test vectors for every rule and cross-platform CI validation.
Frameworks, Deployment & Performance
Supported Frameworks
Infra-UCE ships with rulepacks for more than ten major frameworks:
Total coverage: 170+ rules, 510 validated test vectors.
Deployment Modes
- CLI (standalone): single binary <20 MB with no runtime dependencies—ideal for CI/CD.
- gRPC service: multi-tenant, mTLS, rate-limited, and horizontally scalable.
- Embedded Rust library: direct integration with Rust and Go (via cgo) with zero network hops.
- Air-gapped: offline deployments with pre-signed rulepacks, local CA, and MinIO storage.
Performance
- ~46 microseconds per payment pre-check (217× faster than spec).
- 500 rules evaluated over 100 assets in <5 seconds.
- Binary <20 MB, container image <50 MB, startup <100ms.
- Memory usage <100 MB (gRPC service), <50 MB (CLI).
CLI Examples & Integration
CLI Usage (Standalone)
Use the Infra-UCE CLI in CI/CD pipelines or local checks with a small, dependency-free binary:
# Evaluate evidence against rulepack uce evaluate --rulepack pci-dss-4.0.1.yaml --evidence evidence.json --output sarif # Sign rulepack uce rulepack sign --key private.pem rulepack.yaml # Verify rulepack uce rulepack verify rulepack.yaml.signed
- Single binary <20 MB with no runtime dependencies.
- Designed for GitHub Actions, GitLab CI, and other pipelines.
- Exit codes: 0 (pass), 1 (fail), 2 (error).
Integration with Infranotes
Infranotes calls Infra-UCE through a compliance adapter, with attestations and events flowing back into your systems:
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ Infranotes │────▶│ Compliance │────▶│ Infra-UCE │
│ (BaaS/Payments)│ │ Adapter │ │ (Rust gRPC) │
└─────────────────┘ └─────────────────┘ └─────────────────┘
│ │ │
│ │ ▼
│ │ ┌─────────────────┐
│ │ │ PostgreSQL │
│ │ │ + S3/MinIO │
│ │ └─────────────────┘
│ │ │
│ ▼ │
│ ┌─────────────────┐ │
│ │ Attestation │◀───────────┘
│ │ + UETR Link │
│ └─────────────────┘
│ │
▼ ▼
┌─────────────────────────────────────────┐
│ compliance.checked event │
│ (attestation_uri included) │
└─────────────────────────────────────────┘Each payment can emit a `compliance.checked` event with a cryptographically signed attestation attached.
Tired of opaque compliance? Try Infra-UCE — where every decision is explainable.