InfraNotes Finance Project · v0.6.0
Welcome
Select a document from the sidebar to read it.
UCE Integration Issues & Solutions
Issue 1: Missing Required Evidence Fields
Error:
Evidence validation failed: Invalid evidence: Missing required field: id
Root Cause:
UCE evidence validator expects specific metadata fields at root level:
id(UUID) - Entity identifiertenant_id(UUID) - Tenant identifiertype(string) - Evidence typetimestamp(ISO 8601) - Timestampsource(string) - Source system
PF service was only sending business data fields without UCE metadata.
Solution:
Added wrapEvidence() method in internal/compliance/client.go:
- Wraps business data in UCE-required structure
- Determines evidence type based on rulepack ID
- Extracts entity ID from business data
- Flattens business fields to root level for rule expressions
Files Modified:
internal/compliance/client.go- Added wrapEvidence() methodinternal/services/project_finance_service.go- Fixed field names (use AmountMinor directly)internal/services/phase_service.go- Added "id" field to evidenceinternal/services/scope_change_service.go- Added "id" field to evidence
Issue 2: Invalid Rulepack Validation Errors
Errors:
Invalid severity value: WARN (expected: LOW, MEDIUM, HIGH, CRITICAL)
Missing required field: signature
Invalid metadata_stats field: warn_rules (expected: low_rules)
Root Cause:
Rulepacks had validation errors preventing upload to UCE database.
Solution:
Created scripts/fix-rulepacks.py to fix all validation errors:
- Changed
WARN→LOWseverity - Added
signature: nullplaceholder - Fixed
warn_rules→low_rulesin metadata_stats
Issue 3: Unsigned Rulepacks
Error:
Rulepack must be signed for production use
Root Cause:
UCE requires RSA-4096/SHA-256 signatures for production rulepacks.
Solution:
-
Generate keypair using UCE CLI:
./target/release/uce rulepack keygen --out-dir ./keys --key-id project-finance -
Sign all rulepacks:
for rulepack in rulepacks/*.yaml; do ./target/release/uce rulepack sign --key ./keys/project-finance.private.pem "$rulepack" --out "$rulepack" done -
Upload to UCE database:
go run scripts/upload-rulepacks.go
Result:
4 rulepacks uploaded successfully to UCE (tenant: 550e8400-e29b-41d4-a716-446655440000):
- Project Finance Budget Controls (21 rules)
- Project Finance Phase Gates (28 rules)
- Project Finance Scope Changes (26 rules)
- Project Finance Regional Compliance (27 rules)
Issue 4: UCE Disabled in Integration Environment
Error:
UCE compliance client is disabled
Root Cause:
UCE_ENABLED: "false" in docker-compose.integration.yml
Solution:
Changed to UCE_ENABLED: "true" in deployments/docker/docker-compose.integration.yml (line 421)
Verification
All UCE compliance validations now working:
time=2025-11-15T17:42:25.056Z level=INFO msg="Wrapped evidence for UCE"
entity_id=dc459fbc-9b93-40fb-93d1-9d3eb605bfd0
evidence_type=project_finance_budget
wrapped_keys="[id tenant_id type data timestamp source ...]"
time=2025-11-15T17:42:25.075Z level=INFO msg="Compliance evaluation completed"
evaluation_id=782e9506-9b83-4ba8-9578-c5b506ecb308
compliant=true
failed_rules=0
Testing Status
✅ 11/36 endpoints tested successfully with UCE enabled
✅ Budget allocation compliance validation working
✅ All rulepacks active in UCE database