feat(sanctions): entity lookup index + OpenSanctions search (#2042) (#2085)

* feat(sanctions): entity lookup index + OpenSanctions search (#2042)

* fix: guard tokens[0] access in sanctions lookup

* fix: use createIpRateLimiter pattern in sanctions-entity-search

* fix: add sanctions-entity-search to allowlist and cache tier

* fix: add LookupSanctionEntity RPC to service.proto, regenerate

* fix(sanctions): strip _entityIndex/_state from main key publish, guard limit NaN

P0: seed-sanctions-pressure was writing the full _entityIndex array and _state
snapshot into sanctions:pressure:v1 because afterPublish runs after atomicPublish.
Add publishTransform to strip both fields before the main key write so the
pressure payload stays compact; afterPublish and extraKeys still receive the full
data object and write the correct separate keys.

P1: limit param in sanctions-entity-search edge function passed NaN to OpenSanctions
when a non-numeric value was supplied. Fix with Number.isFinite guard.

P2: add 200-char max length on q param to prevent oversized upstream requests.

* fix(sanctions): maxStaleMin 2x interval, no-store on entity search

health.js: 720min (1x) → 1440min (2x) for both sanctionsPressure and
sanctionsEntities. A single missed 12h cron was immediately flagging stale.

sanctions-entity-search.js: Cache-Control public → no-store. Sanctions
lookups include compliance-sensitive names in the query string; public
caching would have logged/stored these at CDN/proxy layer.
This commit is contained in:
Elie Habib
2026-03-23 19:38:11 +04:00
committed by GitHub
parent d29fd4e03f
commit 3321069fb3
13 changed files with 449 additions and 3 deletions

View File

@@ -36,6 +36,44 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/Error'
/api/sanctions/v1/lookup-sanction-entity:
get:
tags:
- SanctionsService
summary: LookupSanctionEntity
description: LookupSanctionEntity searches the OFAC entity index by name, vessel, or aircraft.
operationId: LookupSanctionEntity
parameters:
- name: q
in: query
required: false
schema:
type: string
- name: max_results
in: query
required: false
schema:
type: integer
format: int32
responses:
"200":
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/LookupSanctionEntityResponse'
"400":
description: Validation error
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
default:
description: Error response
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
components:
schemas:
Error:
@@ -188,3 +226,43 @@ components:
type: integer
format: int32
description: ProgramSanctionsPressure summarizes designation volume and recent additions by OFAC program.
LookupSanctionEntityRequest:
type: object
properties:
q:
type: string
maxResults:
type: integer
format: int32
description: LookupSanctionEntityRequest searches the OFAC entity index by name, vessel, or aircraft.
LookupSanctionEntityResponse:
type: object
properties:
results:
type: array
items:
$ref: '#/components/schemas/SanctionEntityMatch'
total:
type: integer
format: int32
source:
type: string
description: LookupSanctionEntityResponse contains matched entities from OFAC + OpenSanctions.
SanctionEntityMatch:
type: object
properties:
id:
type: string
name:
type: string
entityType:
type: string
countryCodes:
type: array
items:
type: string
programs:
type: array
items:
type: string
description: SanctionEntityMatch is a compact entity match from the lookup index.