Rules Engine

The FORG Rules Engine evaluates policy rules against incoming signals in real time, before the tool call completes from the developer's perspective. Rules can notify, block, or allow AI calls based on configurable conditions.

Rule anatomy

{
  "id":      "rule_7c3d1a2b",
  "name":    "Monthly per-user cap",
  "enabled": true,
  "scope":   "user",          // user | team | project | session | org
  "window":  "month",         // 1h | 1d | 7d | month | session | all-time
  "condition": {
    "cost_usd": { "gt": 100 }
  },
  "action":  "block",         // block | notify | allow
  "notify_channels": [],      // email | slack | webhook
  "notify_users":    []       // list of emails (for notify action)
}

Evaluation model

When a signal arrives at the Rule Engine, the following happens for each enabled rule:

1. Accumulate— The engine computes the running total for the rule's scope and window (e.g., total cost for this user this month).
2. Evaluate condition — The accumulated value is compared against the rule condition threshold.
3. Apply action — If the condition is met, the action fires. Multiple rules can match a single signal; the most restrictive action wins (block beats notify).

Condition operators

Compound conditions

Multiple field conditions in a single rule are AND-ed. For OR logic, create multiple rules:

// Match: high-cost model AND large context
{
  "condition": {
    "model": { "in": ["claude-opus-4-5", "gpt-4o"] },
    "tokens_in": { "gt": 50000 }
  }
}

Evaluation windows

Performance

Rule evaluation adds less than 5ms to the signal processing path in the 99th percentile. The rule engine runs in the Cloudflare Workers edge runtime, co-located with the ingestion endpoint, minimizing round-trip latency.