Skip to content

PhyComp

PhyComp is the compliance evaluation and audit reporting service for the PhyWare platform. It pulls telemetry from PhyCloud, evaluates each event against a configurable rules engine (speed limits, geofences, proximity thresholds, custom rules), records violations, and renders audit reports for regulatory and ISO 10218 / ISO/TS 15066 / EU AI Act inspections.

Canonical implementation

The canonical PhyComp service is the Rust implementation under PhyComp/rust/:

  • axum + tokio HTTP server, tower-http middleware.
  • sqlx async database layer (SQLite for dev, PostgreSQL for production) with embedded sqlx::migrate!() schema migrations.
  • reqwest + rustls-tls for the outbound PhyCloud client (no OpenSSL).
  • Shared schema DTOs with PhyCloud Rust (no duplicated request / response types — see issue #225).
  • Structured JSON logging via tracing-subscriber (shape-compatible with the historical Python structlog output).
  • Single static binary, small container image, no Python runtime.

The historical Python MVP was removed after the #235 cutover (the final step of the Python → Rust migration epic #219). operators upgrading from the Python service should follow the operator migration guide.

Quick start

The repo-root docker-compose.yml now builds the canonical phycomp service from the Rust Dockerfile:

# Bring up Postgres + the canonical Rust PhyCloud + PhyComp services.
docker compose up -d phycomp

# Health check
curl -sf http://localhost:8001/health

For local development without Docker:

source SetEnv.sh
cd PhyComp/rust
PHYCOMP_AUTO_MIGRATE=true cargo run --release --bin phycomp

Feature surface

Area Endpoints Notes
Health & readiness GET /health, GET /health/ready
Bootstrap (platform admin) POST /api/v1/admin/bootstrap, GET /api/v1/admin/bootstrap/status First-run platform-admin tenant + key issuance
Tenant registration POST /api/v1/registration/register Federated registration using a PhyCloud phyc_… key
Rules GET/POST/PUT/DELETE /api/v1/rules*, POST /api/v1/rules/defaults Speed limit / geofence / proximity / custom
Violations GET /api/v1/violations, GET /api/v1/violations/{id} Tenant-scoped query + filtering
Evaluation POST /api/v1/evaluate Trigger evaluation against PhyCloud data or inline events
Reports POST/GET /api/v1/reports* Audit report generation
Admin POST/GET /api/v1/admin/tenants* Platform-admin gated

A full OpenAPI document is served at GET /openapi.json (with a Swagger UI at GET /docs) by the Rust service.

Architecture

flowchart LR
    A[PhyTrace SDK] -->|UDM events| B[PhyCloud — Rust]
    C[phyware CLI] -->|query / admin| B
    C -->|comp rules / violations / reports| D[PhyComp — Rust]
    D -->|fetch + introspect| B
    D -->|persist| E[(PostgreSQL / SQLite)]
    F[Admin dashboard] -->|browse + manage| D

Federation with PhyCloud

PhyComp tenants are minted by exchanging a PhyCloud phyc_… API key for a PhyComp-scoped phycomp_… key via the POST /api/v1/registration/register endpoint. The Rust service reuses PhyCloud's introspection endpoint (/oauth/introspect) to validate the inbound key, so no shared secrets are needed between the two services. See PhyComp/rust/phycomp/src/api/registration.rs.

Further reading