> ## Documentation Index
> Fetch the complete documentation index at: https://docs.lerian.studio/llms.txt
> Use this file to discover all available pages before exploring further.

# What is Tracer?

> Validate transactions in real time with Tracer — enforce spending limits, detect unauthorized activity, and decide allow/deny under 100ms.

export const GCEL = ({children}) => <Tooltip headline="CEL (Common Expression Language)" tip="A lightweight expression language for writing business rules — for example, 'if transaction amount > 10000 then REVIEW'. Tracer uses CEL for validation rules." cta="See glossary" href="/en/glossary">
    {children}
  </Tooltip>;

**Tracer** is Lerian's source-available platform for real-time transaction validation and spending controls. It helps financial institutions enforce spending policies, detect unauthorized transactions, and maintain audit-ready compliance records — all in real time, before a transaction executes.

For every transaction, Tracer evaluates your business rules and spending limits, then returns an instant decision: allow, deny, or flag for review. Response times stay under 100ms, so customers experience no delays. The source code is publicly available on [GitHub](https://github.com/LerianStudio/tracer).

## Why use Tracer?

***

Financial institutions need to control how money moves — enforcing spending caps, blocking unauthorized transactions, and producing audit trails for regulators. Doing this manually or through batch processes creates delays, errors, and compliance gaps.

Tracer solves this by evaluating every transaction in real time against your policies. It provides two foundational capabilities:

* **Validation rules**: Business rules that evaluate transaction context and return instant decisions — without requiring code deployments. You define rules using expressions, not code, making them accessible to analysts and compliance teams.
* **Dynamic spending limits**: Configurable limits per transaction, per account, per portfolio, or per segment — with real-time usage tracking and automatic period resets.

### Solving control and compliance challenges

Tracer helps institutions evaluate spending policies, identify unauthorized transactions, and satisfy audit requirements. Whether you need to detect transactions that exceed spending caps, evaluate custom business rules, or maintain a complete audit trail for SOX/GLBA compliance, Tracer provides the speed, flexibility, and governance required for modern financial operations.

## Key capabilities

***

* Real-time validation with response times under 80ms (p99)
* Expression-based rule engine using <GCEL>CEL (Common Expression Language)</GCEL> for type-safe, analyst-friendly rules
* Product-agnostic design supporting multiple transaction types:
  * Card transactions (debit, credit, prepaid)
  * Wire transfers (domestic, international, ACH)
  * PIX (instant, scheduled)
  * Cryptocurrency (bitcoin, ethereum, stablecoin)
* Dynamic spending limits:
  * Per transaction, account, portfolio, or segment
  * Daily, weekly, monthly, custom, or per-transaction periods
* Real-time limit usage tracking with automatic period resets
* Complete audit trail with 7+ year retention for SOX/GLBA compliance
* Configurable fail-open architecture to prevent blocking legitimate transactions

## How it works

***

Tracer is built around three core contexts:

1. **Validation Context** - Orchestrates validation requests, coordinates rule and limit evaluation, and records the audit trail.
2. **Rules Context** - Manages rule definitions, compiles expressions, and evaluates rules against transaction context.
3. **Limits Context** - Manages spending limit configurations, tracks usage counters, and enforces thresholds.

When a transaction is submitted for validation:

<Frame caption="Figure 1. How Tracer works">
  <img src="https://mintcdn.com/lerian-49cb71fc/Mx6bI7Rs1ieyNuQg/images/en/docs/how-tracer-works.jpg?fit=max&auto=format&n=Mx6bI7Rs1ieyNuQg&q=85&s=32754b79d2e7356acdabdc9c26d45279" alt="" width="8072" height="1982" data-path="images/en/docs/how-tracer-works.jpg" />
</Frame>

All active rules are evaluated, and if any DENY rule matches, Tracer returns a DENY decision. Limits are checked against current usage, and the decision is returned with a complete audit record. **Your system is responsible for acting on this decision** (e.g., blocking the transaction, showing an error to the user, or queuing for review).

<Note>
  Monetary values (transaction `amount`, spending limit `maxAmount`, and usage counters) are expressed as decimal strings, for example `"1500.00"` or `"50000.00"`.
</Note>

## When to use Tracer

***

Tracer fits naturally into any workflow where you need to control how money moves through your institution.

* **Spending governance**: Evaluate transactions against internal or customer-level spending policies
* **Transaction validation**: Evaluate custom business rules and return decisions before transaction execution
* **Regulatory compliance**: Produce audit-ready logs and ensure traceability
* **Customer protection**: Detect overspending and return decisions that your system can act on

## Scope and design principles

***

Tracer is a **transaction validation engine**, not a complete fraud management system. It is a specialized component optimized for low-latency decisions (\< 100ms) that validates pre-enriched payloads against configurable rules and limits.

This focused scope enables Tracer to deliver predictable performance while integrating seamlessly with broader fraud prevention ecosystems.

### What Tracer focuses on

* **Rule-based validation**: Deterministic, expression-based logic using CEL
* **Spending limits**: Real-time enforcement with automatic period reset
* **Audit trail**: Immutable records for compliance (SOX/GLBA)
* **Low-latency decisions**: Synchronous API responses under 80ms (p99)

### What Tracer does not include

| Capability                   | Reason                                                       | Alternative                                                             |
| ---------------------------- | ------------------------------------------------------------ | ----------------------------------------------------------------------- |
| **Machine learning scoring** | ML inference adds latency incompatible with sub-100ms target | Integrate external ML services upstream and pass scores via metadata    |
| **Data enrichment**          | External calls during validation break latency guarantees    | Enrich payloads in your integration before calling Tracer               |
| **Manual review workflows**  | Case management is outside core validation scope             | Build review queues in your system and use `REVIEW` decision as trigger |
| **User interface**           | API-first design enables flexible integration                | Build custom UIs or use third-party tools                               |
| **Payment execution**        | Tracer returns validation decisions; it does not move funds  | Execute or block payments in the upstream system based on the decision  |

<Tip>
  These boundaries keep Tracer fast, predictable, and focused on its core value: instant transaction decisions with complete audit trails.
</Tip>

## Integration

***

Integrating with Tracer is straightforward. Your authorization system sends validation requests with complete transaction context, and Tracer responds with a decision—typically in under 35ms.

This **Payload-Complete Pattern** keeps things simple: all the context Tracer needs arrives in a single request, so there are no external calls during validation and latency stays predictable.

<Note>
  Tracer runs single-tenant by default and supports multi-tenant operation when deployed in SaaS or BYOC Multi-Tenant mode. In multi-tenant mode, tenant resolution and isolation work the same way as in the rest of the platform — see [Multi-tenancy](/en/multi-tenancy) for the model and [Access Manager](/en/platform/access-manager/access-manager) for the auth flow.
</Note>

Like all Lerian products, Tracer ships with native [Access Manager](/en/platform/access-manager/access-manager) integration. When enabled, Access Manager handles authentication and authorization for Tracer's APIs. This is an optional feature available under the **Enterprise model**.

## Next steps

***

<CardGroup cols={2}>
  <Card title="Explore the Tracer API" icon="terminal" href="/en/reference/tracer/validate-transaction">
    Browse endpoints for validation rules, spending limits, and audit trails.
  </Card>

  <Card title="Getting started" icon="rocket" href="/en/tracer/getting-started">
    Set up Tracer and configure your first authorization rule.
  </Card>
</CardGroup>