⚡ Advanced transaction triage engine. Combines LightGBM ML scoring with a robust 15-rule engine to automate fraud detection and reduce manual review workload by ~70%. Features real-time AUC-ROC 0.92 performance, automated LightGBM training, and GPT-powered rule refinement for risk orchestration.
Live API: https://soupstick-risk-pipeline.hf.space API Docs: https://soupstick-risk-pipeline.hf.space/docs
Manual fraud review today is a slow, expensive bottleneck where analysts must hand-check thousands of low-risk transactions every day. This repetitive process increases operational costs and delays legitimate customer payments, leading to a poor user experience. The RiskOS Risk Pipeline automates this triage by using ML-driven scoring and safety rules to instantly approve or flag transactions, reducing the manual review workload by approximately 70%.
Incoming Transactions (batch, up to 500)
│
▼
LightGBM Scorer
├── Risk score: 0.0 – 1.0
└── Threshold: 0.45
│
▼
Rule Engine (15 static rules)
├── Velocity rules
├── Cross-border rules
├── Amount anomaly rules
└── Device + account age rules
│
▼
Triage Decision
├── ESCALATE → Human analyst queue
├── MONITOR → Watchlist + auto-flag
└── AUTO_CLOSE → No human needed
│
▼
Output: Structured JSON
├── per-transaction decision
├── rule that fired
├── workload_reduction_estimate
└── processing_time_ms
| Metric | Value |
|---|---|
| Model | LightGBM |
| Recall | 0.89 |
| Precision | 0.87 |
| AUC-ROC | 0.92 |
| Decision threshold | 0.45 |
| Workload reduction | ~70% |
| Latency (100 txns) | <5000ms |
| Max batch size | 500 transactions |
| Static rules | 15 |
# Run a batch of transactions
curl -X POST https://soupstick-risk-pipeline.hf.space/api/v1/run \
-H "Content-Type: application/json" \
-d '{
"transactions": [
{
"transaction_id": "txn-001",
"amount": 9500,
"hour_of_day": 3,
"is_cross_border": true,
"merchant_risk_tier": 3,
"velocity_1h": 8,
"amount_vs_user_avg": 4.5,
"account_age_days": 15,
"failed_auth_count": 2,
"device_seen_before": false,
"country_risk_score": 0.85
}
]
}'
# Get active rules
curl https://soupstick-risk-pipeline.hf.space/api/v1/rules
# Refine rules using false positives (requires LLM_API_KEY)
curl -X POST https://soupstick-risk-pipeline.hf.space/api/v1/rules/refine \
-H "Content-Type: application/json" \
-d '{"false_positives": [...]}'git clone https://github.com/Souptik96/riskos-risk-pipeline
cd riskos-risk-pipeline
pip install -r requirements.txt
python data/generate_data.py # generates train.csv and test.csv
python scripts/train_model.py # trains LightGBM, asserts metrics, saves model
uvicorn app.main:app --port 7860 # starts API
# Or with Docker:
docker build -t riskos-risk-pipeline .
docker run -p 7860:7860 riskos-risk-pipeline| Rule ID | Name | Condition | Action | Confidence |
|---|---|---|---|---|
| R001 | High Amount | amount > 10000 | ESCALATE | 0.95 |
| R002 | High Velocity | velocity_1h > 10 | ESCALATE | 0.95 |
| R003 | High Risk Country | country_risk_score > 0.8 | ESCALATE | 0.95 |
| R004 | Failed Auth | failed_auth_count > 3 | ESCALATE | 0.95 |
| R015 | High ML Score | ml_score > 0.8 | ESCALATE | 0.92 |
Test Results (last run: 2026-03-25)
test_pipeline.py: 7 passed / 0 failedtest_api.py: 9 passed / 0 failed- Total: 16/16 passed
If LLM_API_KEY is set (OpenAI), the /api/v1/rules/refine endpoint uses GPT-4o-mini to suggest rule modifications based on recent false positives. Without the key, the endpoint returns current static rules unchanged.
Add LLM_API_KEY to your environment or HuggingFace Secrets to enable this.
| Repository | Description | Link |
|---|---|---|
| RiskOS | Core Orchestrator & Multi-Agent Switchboard | Link |
| Risk-Pipeline | ML Triage & Rule Engine (this repo) | Link |
| LLM-Guard | RAG-Augmented Guardrails | Link |
| Marketplace-Intelligence | NL→SQL Analytics Layer | Link |