integrated external sanctions

[EmeditWeb]

Close #628

PR: Sanctions Screening Integration for Backend Compliance

Summary

This PR adds external sanctions screening support to the backend compliance engine. The compliance workflow now includes a sanctions check against an external sanctions API and flags plans when a match is detected.

Changes

• Added SanctionsApiClient to backend/src/external_integrations.rs
• Added external sanctions screening call with circuit breaker handling
• Extended ComplianceEngine in backend/src/compliance.rs to:
  • initialize the sanctions client
  • run sanctions screening before other compliance checks
  • flag plans and create audit/notification records on sanctions matches
• External sanctions failures are treated as non-blocking so internal monitoring continues

Why

• Addresses legal/regulatory risk by integrating sanctions screening into the compliance pipeline
• Reduces the chance of OFAC or other sanctions list violations
• Aligns with the project requirement for external sanctions database integration

Testing

1. Configure environment variables:
   • SANCTIONS_API_URL
   • SANCTIONS_API_KEY
2. Start the backend or run backend tests locally in backend/
3. Create a user/plan and simulate a sanctions API response with { "flagged": true, "reason": "OFAC match" }
4. Confirm the plan is flagged and that plans.suspicion_flags contains the sanctions match reason
5. Confirm the scan still proceeds if the sanctions service is unavailable

Files

• backend/src/compliance.rs
• backend/src/external_integrations.rs

[drips-wave]

@EmeditWeb Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits