01 / 08
Nova Suite
Styx Workflows

Decision Engines

DMN for business rules & regulatory compliance. OPA/Rego for authorization & access control. Policy-as-code governance powering every Styx workflow with auditable decision logic.

35
DMN Decision Tables
30+
Regulations Covered
196
Lines of Rego
<1ms
WASM Eval Latency
02 / 08

Decision Engines in Nova Suite

How DMN and OPA power the Styx Workflow Suite

⚙️

HOW It Works

  • DMN: Native BPMN integration via businessRuleTask
  • OPA: WASM compilation for in-process evaluation
  • Both are version-controlled alongside code
  • Editable by business users (DMN) or developers (Rego)
📍

WHERE It's Used

  • Styx Workflows: Every BPMN process
  • API Layer: NestJS guards + OPA WASM
  • Camunda Engine: Runtime decision evaluation
  • CI/CD: Policy validation gates
🏆

WHY (Benefits)

  • Auditability: Every decision logged
  • Business Ownership: Non-devs edit DMN
  • Performance: <1ms WASM eval
  • Compliance: 30+ regulations built-in

Styx Workflow Decision Flow

Campaign Request
DMN: Eligibility Check
OPA: User Authorized?
DMN: Budget Guardrails
DMN: Approval Routing
Execute

DMN: packages/bpmn/poetry/decisions/ | OPA: packages/authority-management/policies/

03 / 08

DMN Decision Tables

Policy-as-code governance with auditable decision logic

Eligibility

Campaign Eligibility

Input Rule
Privacy FrameworkGDPR/CCPA required
Tracking Enabled+30 pts if true
Client TierMin budget by tier

Hit Policy: COLLECT (SUM)

Budget

Budget Guardrails

Tier Range Max Change
Enterprise$50K-$10M50%
Growth$10K-$500K30%
Starter$1K-$50K20%

Hit Policy: FIRST

Quality

Forecast Quality Gate

Metric Threshold
Confidence Score>=0.70
Variance<=25%
Coverage>=80%

Hit Policy: FIRST

Privacy

Audience Privacy

Check Rule
Data Sources1st/2nd party only
PII HandlingHashed required
ConsentExplicit opt-in

Hit Policy: COLLECT

Naming

Naming Convention

Level Pattern
Campaign[Client]_[Obj]_[Date]
Ad Set[Audience]_[Geo]
Ad[Format]_[CTA]_v#

Hit Policy: FIRST

DoA

Delegation of Authority

Budget Approver
< $25KManager
$25K-$100KDirector
> $100KVP/C-Level

Hit Policy: FIRST

Location: packages/bpmn/poetry/decisions/ - 34 DMN files total

04 / 08

DMN Industry Compliance - Regulated Verticals

Industry-specific decision tables for regulatory compliance validation

💊

Pharma

  • FDA/OPDP compliance
  • Fair balance requirements
  • ISI/PI disclosure rules
  • MLR approval workflow

pharma-fda-opdp-compliance.dmn

🏦

Financial Services

  • FINRA 2210 compliance
  • APR disclosure validation
  • UDAAP screening
  • Performance claims review

finra-2210.dmn

🏥

Healthcare

  • CMS marketing guidelines
  • Star rating display rules
  • AEP/OEP timing validation
  • Medicare compliance

cms-marketing-guidelines.dmn

43 total DMN decision tables covering industry-specific compliance rules

05 / 08

DMN Specialized Compliance

Defense, Alcohol/Cannabis, and AI Governance decision tables

🛡️

Defense

  • DoD contract compliance
  • ITAR/EAR screening
  • CUI detection
  • Cleared recruiting rules

dod-contract-compliance.dmn

🍺

Alcohol & Cannabis

  • State ABC rules
  • TTB COLA claims
  • Age verification gates
  • Cannabis state compliance

state-abc-rules.dmn

🤖

AI Governance

  • AI Act transparency
  • Algorithmic bias detection
  • Fair housing compliance
  • EEOC targeting rules

ai-act-transparency.dmn

Policy-as-Code - Version-controlled - Auditable - Business-owned rules

All DMN tables evaluated at process runtime via Camunda 7 decision service

06 / 08

Decision Engines: When to Use DMN vs Rego (OPA)

Two complementary decision engines for different purposes

📊 DMN (Camunda)

Purpose: Business rules & regulatory compliance

Audience: Business analysts, compliance officers

Editing: Visual table editor (Camunda Modeler)

Integration: Native BPMN (businessRuleTask)

Use For:
  • Campaign eligibility gates
  • Budget guardrails
  • Regulatory compliance (GDPR, ITAR, FDA)
  • Approval routing
  • Performance thresholds

🔒 Rego (OPA)

Purpose: Authorization & access control

Audience: Developers, security engineers

Editing: Code editor (Rego language)

Integration: REST API or WASM (in-process)

Use For:
  • API access control (RBAC/ABAC)
  • Tenant isolation
  • Resource permissions
  • CI/CD system authorization
  • Infrastructure policy

Key Insight: Complementary, Not Competing

DMN answers: "What should happen next?" (business logic)
Rego answers: "Can user X do action Y?" (authorization)
35
DMN Tables
30+
Regulations
196
Rego Lines
<1ms
WASM Eval

DMN: packages/bpmn/poetry/decisions/ | OPA: packages/authority-management/policies/

07 / 08

Enterprise Authority Management

Delegation of Authority (DoA) with OPA WASM for sub-millisecond authorization

👔 Approval Hierarchy

CMO Unlimited
VP Marketing $500K
Director $100K
Manager $10K
Auto-escalate after 24h timeout

🔒 OPA WASM Architecture

Request
->
NestJS Guard
->
Attribute Resolver
->
WASM Eval
->
Allow/Deny
<1ms
Eval Latency
52x
Faster than Sidecar
0
Extra Containers
196
Lines of Rego

Threshold Routing

Auto-route to correct approver based on spend amount

Vacation Delegation

Temporary authority transfer with expiration

SOX Audit Trail

Complete decision log for compliance

Tenant Isolation

Customer-specific policies via Rego

Location: packages/authority-management/

08 / 08

Key Takeaways

Why Nova Suite uses two decision engines

DMN for Business Logic

Visual decision tables that business users can own and edit. Perfect for regulatory compliance, campaign eligibility, and approval routing in Styx workflows.

OPA for Authorization

Programmatic policies for fine-grained access control. WASM compilation enables sub-millisecond evaluation with zero network hops.

Auditable & Compliant

Both engines provide complete audit trails. Every decision is logged with inputs, outputs, and the policy version that evaluated it.

Enterprise Ready

Delegation of Authority, vacation coverage, threshold-based routing, and tenant isolation - all built on these two engines.

Nova Suite Decision Engine Stats

35
DMN Tables
30+
Regulations
196
Lines of Rego
<1ms
Eval Latency