Domain: risk-engine

Curated entry point for the risk-engine bounded context.

Owner

Founder + Risk Officer + agents (Phase 1). Risk Officer owns the rule definitions and parameter values; engineering owns the evaluator implementation.

Mission

Owns deterministic enforcement of the firm's risk rules: end-of-day drawdown, daily loss limit, trailing DLL (LucidScale), consistency rule, trading hours, prohibited activities, breach detection, and end-of-day snapshot computation. Boundary: risk-engine evaluates rules over broker-stream events emitted by trading; it publishes evaluations and breaches that accounts (state transitions) and notifications (alerts) consume. The evaluator is pure deterministic functions per Q-E3 to preserve future-language migration optionality.

Code paths

Application code (separate deploy unit): apps/risk-engine/
Domain logic (pure rule evaluation): packages/domain/risk-rules/ - shared by apps/risk-engine/ and any read-only previews in apps/api/
Contracts: packages/contracts/events/risk.ts
Database schemas owned: risk (RiskRuleConfig, RiskEvaluation, BreachEvent, EodComputation, ConsistencyState)

PRD chapters that touch this domain

06-rules-risk-engine.md - canonical risk-rules spec
02-business-model.md - per-program rule profiles
08-live-transition.md - additional rules for Edge Live
12-non-functional.md - latency targets for evaluation
16-open-questions.md - Q-E3 (TypeScript evaluator), Q-R6 (exchange-halt policy), Q-R7 (position-size enforcement) - both Q-R6 and Q-R7 are still open

TDD chapters

(Empty - will populate. Risk-engine TDD will be one of the most detailed Phase 1 TDD chapters.)

ADRs that affected this domain

ADR-0001 (risk-engine is one of the four extracted long-runners; pure-function evaluator preserves migration optionality)

Service interfaces this domain exposes

The risk-engine is event-driven, not request/response. Its primary interface is the events it produces:

// Inputs (consumed via Kafka):
//   trading.broker.fill_event
//   trading.broker.position_state
//   trading.broker.account_state
//   accounts.account.state_changed (for rule-profile lookup)
// Outputs (produced to Kafka):
//   risk.evaluation.completed
//   risk.evaluation.breach_detected
//   risk.evaluation.consistency_passed
//   risk.eod.snapshot_computed

Events this domain produces / consumes

Direction	Topic	Triggered by
produces	`risk.evaluation.completed`	Per-fill / per-position-update evaluation result
produces	`risk.evaluation.breach_detected`	Hard rule breach
produces	`risk.evaluation.consistency_passed`	Consistency-rule eligibility flag for payouts
produces	`risk.eod.snapshot_computed`	Daily EOD computation finished
consumes	`trading.broker.fill_event`	Triggers per-fill evaluation
consumes	`trading.broker.position_state`	Triggers continuous evaluation against current marked PnL
consumes	`trading.broker.account_state`	Account-level checks (intraday equity vs DLL)
consumes	`accounts.account.state_changed`	Rule-profile refresh

External integrations

None directly. Risk-engine is internally focused.

Runbooks for this domain

(Empty - will populate when alerts are defined in Section 17.6. Expected high-priority: evaluation-lag alarm, false-positive breach alarm, EOD-computation-stuck alarm.)

On-call

To be filled in Section 17.6. Highest-priority on-call domain - missed breaches are unbounded liability for the firm.

Cross-domain dependencies

This domain calls: nothing synchronously (it is a Kafka consumer).
This domain emits events consumed by: accounts (state transitions on breach), audit (every evaluation - regulated), notifications (breach alerts to traders), admin (risk console live feed), payouts (consistency-rule eligibility flag).

Owner​

Mission​

Code paths​

PRD chapters that touch this domain​

TDD chapters​

ADRs that affected this domain​

Service interfaces this domain exposes​

Events this domain produces / consumes​

External integrations​

Runbooks for this domain​

On-call​

Cross-domain dependencies​