01 / 08

Nova Suite

Styx Workflows

Decision Engines

DMN for business rules & regulatory compliance. OPA/Rego for authorization & access control. Policy-as-code governance powering every Styx workflow with auditable decision logic.

35

DMN Decision Tables

30+

Regulations Covered

196

Lines of Rego

<1ms

WASM Eval Latency

02 / 08

Decision Engines in Nova Suite

How DMN and OPA power the Styx Workflow Suite

⚙️

HOW It Works

DMN: Native BPMN integration via businessRuleTask
OPA: WASM compilation for in-process evaluation
Both are version-controlled alongside code
Editable by business users (DMN) or developers (Rego)

📍

WHERE It's Used

Styx Workflows: Every BPMN process
API Layer: NestJS guards + OPA WASM
Camunda Engine: Runtime decision evaluation
CI/CD: Policy validation gates

🏆

WHY (Benefits)

Auditability: Every decision logged
Business Ownership: Non-devs edit DMN
Performance: <1ms WASM eval
Compliance: 30+ regulations built-in

Styx Workflow Decision Flow

Campaign Request

→

DMN: Eligibility Check

→

OPA: User Authorized?

→

DMN: Budget Guardrails

→

DMN: Approval Routing

→

Execute

DMN: packages/bpmn/poetry/decisions/ | OPA: packages/authority-management/policies/

03 / 08

DMN Decision Tables

Policy-as-code governance with auditable decision logic

Eligibility

Campaign Eligibility

Input	Rule
Privacy Framework	GDPR/CCPA required
Tracking Enabled	+30 pts if true
Client Tier	Min budget by tier

Hit Policy: COLLECT (SUM)

Budget

Budget Guardrails

Tier	Range	Max Change
Enterprise	$50K-$10M	50%
Growth	$10K-$500K	30%
Starter	$1K-$50K	20%

Hit Policy: FIRST

Quality

Forecast Quality Gate

Metric	Threshold
Confidence Score	>=0.70
Variance	<=25%
Coverage	>=80%

Hit Policy: FIRST

Privacy

Audience Privacy

Check	Rule
Data Sources	1st/2nd party only
PII Handling	Hashed required
Consent	Explicit opt-in

Hit Policy: COLLECT

Naming

Naming Convention

Level	Pattern
Campaign	[Client]_[Obj]_[Date]
Ad Set	[Audience]_[Geo]
Ad	[Format]_[CTA]_v#

Hit Policy: FIRST

DoA

Delegation of Authority

Budget	Approver
< $25K	Manager
$25K-$100K	Director
> $100K	VP/C-Level

Hit Policy: FIRST

Location: packages/bpmn/poetry/decisions/ - 34 DMN files total

04 / 08

DMN Industry Compliance - Regulated Verticals

Industry-specific decision tables for regulatory compliance validation

💊

Pharma

FDA/OPDP compliance
Fair balance requirements
ISI/PI disclosure rules
MLR approval workflow

pharma-fda-opdp-compliance.dmn

🏦

Financial Services

FINRA 2210 compliance
APR disclosure validation
UDAAP screening
Performance claims review

finra-2210.dmn

🏥

Healthcare

CMS marketing guidelines
Star rating display rules
AEP/OEP timing validation
Medicare compliance

cms-marketing-guidelines.dmn

43 total DMN decision tables covering industry-specific compliance rules

05 / 08

DMN Specialized Compliance

Defense, Alcohol/Cannabis, and AI Governance decision tables

🛡️

Defense

DoD contract compliance
ITAR/EAR screening
CUI detection
Cleared recruiting rules

dod-contract-compliance.dmn

🍺

Alcohol & Cannabis

State ABC rules
TTB COLA claims
Age verification gates
Cannabis state compliance

state-abc-rules.dmn

🤖

AI Governance

AI Act transparency
Algorithmic bias detection
Fair housing compliance
EEOC targeting rules

ai-act-transparency.dmn

Policy-as-Code - Version-controlled - Auditable - Business-owned rules

All DMN tables evaluated at process runtime via Camunda 7 decision service

06 / 08

Decision Engines: When to Use DMN vs Rego (OPA)

Two complementary decision engines for different purposes

📊 DMN (Camunda)

Purpose: Business rules & regulatory compliance

Audience: Business analysts, compliance officers

Editing: Visual table editor (Camunda Modeler)

Integration: Native BPMN (businessRuleTask)

Use For:

Campaign eligibility gates
Budget guardrails
Regulatory compliance (GDPR, ITAR, FDA)
Approval routing
Performance thresholds

🔒 Rego (OPA)

Purpose: Authorization & access control

Audience: Developers, security engineers

Editing: Code editor (Rego language)

Integration: REST API or WASM (in-process)

Use For:

API access control (RBAC/ABAC)
Tenant isolation
Resource permissions
CI/CD system authorization
Infrastructure policy

Key Insight: Complementary, Not Competing

DMN answers: "What should happen next?" (business logic)

Rego answers: "Can user X do action Y?" (authorization)

35

DMN Tables

30+

Regulations

196

Rego Lines

<1ms

WASM Eval

DMN: packages/bpmn/poetry/decisions/ | OPA: packages/authority-management/policies/

07 / 08

Enterprise Authority Management

Delegation of Authority (DoA) with OPA WASM for sub-millisecond authorization

👔 Approval Hierarchy

CMO Unlimited

VP Marketing $500K

Director $100K

Manager $10K

Auto-escalate after 24h timeout

🔒 OPA WASM Architecture

Request

->

NestJS Guard

->

Attribute Resolver

->

WASM Eval

->

Allow/Deny

<1ms

Eval Latency

52x

Faster than Sidecar

0

Extra Containers

196

Lines of Rego

Threshold Routing

Auto-route to correct approver based on spend amount

Vacation Delegation

Temporary authority transfer with expiration

SOX Audit Trail

Complete decision log for compliance

Tenant Isolation

Customer-specific policies via Rego

Location: packages/authority-management/

08 / 08

Key Takeaways

Why Nova Suite uses two decision engines

DMN for Business Logic

Visual decision tables that business users can own and edit. Perfect for regulatory compliance, campaign eligibility, and approval routing in Styx workflows.

OPA for Authorization

Programmatic policies for fine-grained access control. WASM compilation enables sub-millisecond evaluation with zero network hops.

Auditable & Compliant

Both engines provide complete audit trails. Every decision is logged with inputs, outputs, and the policy version that evaluated it.

Enterprise Ready

Delegation of Authority, vacation coverage, threshold-based routing, and tenant isolation - all built on these two engines.

Nova Suite Decision Engine Stats

35

DMN Tables

30+

Regulations

196

Lines of Rego

<1ms

Eval Latency