Skip to main content

Adding Lumis Compliance Checks to GitHub Actions CI/CD

A developer guide showing how to automate KYC and AML rule validation by adding Lumis checks to your GitHub Actions pipelines.

Automating Compliance Checks in GitHub Actions CI/CD

When compliance rules change, how do you verify they don't break your signup flows or registration pages? In modern fintech teams, compliance testing shouldn't be a manual check list or an annual event. It must be built into your continuous integration (CI) workflow.

With Lumis, you can automate compliance rule checks within your GitHub Actions CI/CD pipeline. Since Lumis executes simulation checks under 500ms and has generous rate limits, you can run automated verification suites on every pull request.

The Workflow Setup

To execute compliance validation, your pipeline must query the Lumis API, send a batch of mock customer payloads (representing expected approvals, failures, and manual review flags), and assert that your backend responds correctly.

Step 1: Add Lumis Credentials to GitHub Secrets

  1. Go to your GitHub Repository Settings.
  2. Select Secrets and variablesActions.
  3. Create a new repository secret:
    • Name: LUMIS_API_KEY
    • Value: Paste your Lumis Pro or Business API Key.

Step 2: Configure the GitHub Actions Workflow

Create a new file in your repository at .github/workflows/compliance-checks.yml:

name: Continuous Compliance Testing

on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]

jobs:
  validate-compliance:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout Codebase
        uses: actions/checkout@v3

      - name: Setup Node.js
        uses: actions/setup-node@v3
        with:
          node-version: '18'
          cache: 'npm'

      - name: Install Dependencies
        run: npm ci

      - name: Run Lumis Integration Test Suite
        env:
          LUMIS_API_KEY: ${{ secrets.LUMIS_API_KEY }}
          LUMIS_RULESET_ID: "ruleset_kyc_fincen_v1"
          DATABASE_URL: "mock-staging-db"
        run: |
          npm run test:compliance

Step 3: Implement the Integration Test script

Inside your test runner (such as Jest, Vitest, or Playwright), implement a script to trigger the simulation endpoint and verify the outcome. Here is a TypeScript example using Vitest:

import { describe, it, expect } from "vitest";
import fetch from "node-fetch";

describe("Lumis Staging KYC Validation Suite", () => {
  const API_KEY = process.env.LUMIS_API_KEY;
  const RULESET_ID = process.env.LUMIS_RULESET_ID;

  it("should return APPROVED for a valid mock customer profile", async () => {
    const response = await fetch("https://api.lumiscompliance.com/v1/simulate", {
      method: "POST",
      headers: {
        "Authorization": `Bearer ${API_KEY}`,
        "Content-Type": "application/json"
      },
      body: JSON.stringify({
        ruleset_id: RULESET_ID,
        data: {
          first_name: "Alice",
          last_name: "Smith",
          dob: "1991-08-24",
          ssn_last_four: "1234",
          address: {
            street: "456 Oak Rd",
            city: "Denver",
            state: "CO",
            zip: "80202",
            country: "US"
          }
        }
      })
    });

    const data = await response.json();
    expect(response.status).toBe(200);
    expect(data.status).toBe("APPROVED");
    expect(data.risk_score).toBeLessThan(30);
  });
});

Benefits of Pipeline Automation

  • Prevent Failed Rollouts: Asserting logic before merges prevents buggy compliance code from reaching production.
  • Continuous Compliance Audit: Run tests on every commit, generating a continuous trail of compliance logic verification.
  • Instant Feedback Loops: Discover schema deviations and validation problems in seconds, not during end-of-year compliance audits.