robocop

README.md (3471B)

---

 <!--
 SPDX-FileCopyrightText: 2025 Christian Grothoff
 
 SPDX-License-Identifier: GPL-3.0-or-later
 -->
 
 # Robocop
 
 Robocop is a Counter Terrorist Financing (CTF) sanction processing tool written in Rust. It can be used for compliance processes in software such as [GNU Taler](https://taler.net).
 
 ## Prepare for installation
 
 Download the repository containing all the [source files](https://git.taler.net/robocop.git/)
 
 Then make sure you have Rust and Cargo installed.
 
 ## Install and run
 
 Once Cargo is installed, we can install `robocop` with the command:
 
 ```
 $ cargo install --path .
 ```
 
 You can then run it by providing the sanction list in JSON format:
 
 ```
 $ ~/.cargo/bin/robocop swiss.json
 ```
 
 
 ## Converting official sanction lists to robocop's internal format
 
 `robocop` consumes its sanction list as a JSON **array of target records**. Each
 record has a string `ssid` (its identifier) plus any number of registry fields
 whose values are **arrays of strings** (e.g. `FULL_NAME`, `PERSON_FIRST_NAMES`,
 `PERSON_LAST_NAME`, `DATE_OF_BIRTH`, `NATIONALITY`, `PERSON_NATIONAL_ID`,
 `COMPANY_NAME`, `ADDRESS_*` / `REGISTERED_OFFICE_ADDRESS_*`). At match time
 `robocop` compares each field of an incoming query against the same-named field
 of every record (fuzzy, Levenshtein-based), so all converters emit the **same**
 registry field names regardless of source list.
 
 One converter is provided per source-list format. Each reads the official XML on
 stdin and writes the JSON array on stdout; pipe it through
 `robocop-json-postprocess` (which drops empty/`null` fields) to get the final
 list:
 
 | Converter | Source list | Official XML schema |
 |-----------|-------------|---------------------|
 | `robocop-ch-to-json`   | Switzerland — SECO | `swiss-sanctions-list` |
 | `robocop-eu-to-json`   | EU — Consolidated Financial Sanctions List | `export` / `sanctionEntity` |
 | `robocop-un-to-json`   | UN — Security Council Consolidated List | `CONSOLIDATED_LIST` |
 | `robocop-ofac-to-json` | US — OFAC SDN **and** Consolidated lists | legacy `sdnList` / `sdnEntry` |
 | `robocop-uk-to-json`   | UK — OFSI Consolidated List | `ArrayOfFinancialSanctionsTarget` |
 
 Each record's `ssid` is namespaced by authority (`EU-`, `UN-`, `OFAC-`, `GB-`,
 and the bare numeric Swiss id) so records stay unique if several lists are
 concatenated into one file.
 
 ```
 $ ./robocop-ch-to-json   < swiss.xml   | robocop-json-postprocess > swiss.json
 $ ./robocop-eu-to-json   < eu.xml      | robocop-json-postprocess > eu.json
 $ ./robocop-un-to-json   < un.xml      | robocop-json-postprocess > un.json
 $ ./robocop-ofac-to-json < SDN.XML | robocop-json-postprocess > ofac-sdn.json
 $ ./robocop-ofac-to-json --prefix OFAC-CONS- < CONSOLIDATED.XML \
       | robocop-json-postprocess > ofac-cons.json
 $ ./robocop-uk-to-json   < ConList.xml | robocop-json-postprocess > uk.json
 ```
 
 Note on the OFAC consolidated (non-SDN) list: OFAC serves it in the legacy
 `sdnList` format at `.../exports/CONSOLIDATED.XML`, and in the newer "advanced"
 format at `CONS_ADVANCED.XML`. `robocop-ofac-to-json` reads the **legacy** format,
 so a single converter handles both the SDN list and the consolidated list; use
 `CONSOLIDATED.XML` (not `CONS_ADVANCED.XML`, which robocop does not parse). Because
 OFAC reuses a few `uid`s across the two lists, pass `--prefix OFAC-CONS-` when
 converting the consolidated list if you intend to merge it with the SDN list into
 one file, so the records keep distinct `ssid`s.