diff --git a/.eslintrc b/.eslintrc
index 8c2212d51a..106a9acc1a 100644
--- a/.eslintrc
+++ b/.eslintrc
@@ -39,7 +39,15 @@
     "react/no-find-dom-node": 0,
     "jsx-a11y/label-has-for": 0,
     "react/no-unescaped-entities": 0,
-    "@typescript-eslint/no-inferrable-types": 0
+    "@typescript-eslint/no-inferrable-types": 0,
+    "@typescript-eslint/no-unused-vars": [
+      "warn",
+      {
+        "argsIgnorePattern": "^_",
+        "varsIgnorePattern": "^_",
+        "ignoreRestSiblings": true
+      }
+    ]
   },
   "settings": {
     "react": {
diff --git a/src/api/patronBlockingRules.ts b/src/api/patronBlockingRules.ts
new file mode 100644
index 0000000000..76a7e44d91
--- /dev/null
+++ b/src/api/patronBlockingRules.ts
@@ -0,0 +1,49 @@
+import { PatronBlockingRule } from "../interfaces";
+
+const VALIDATE_URL = "/admin/patron_auth_service_validate_patron_blocking_rule";
+
+/**
+ * Validate a patron blocking rule expression against live ILS data on the server.
+ *
+ * The server loads the saved PatronAuthService by serviceId, makes a live
+ * authentication call using its configured test credentials, and evaluates
+ * the rule expression against the real patron data returned.  Only parse/eval
+ * success or failure is reported — the boolean result is discarded.
+ *
+ * Returns null on success, or an error message string on failure.
+ */
+export const validatePatronBlockingRuleExpression = async (
+  serviceId: number | undefined,
+  rule: PatronBlockingRule,
+  csrfToken: string | undefined
+): Promise<string | null> => {
+  const formData = new FormData();
+  if (serviceId !== undefined) {
+    formData.append("service_id", String(serviceId));
+  }
+  formData.append("rule", rule.rule);
+  formData.append("name", rule.name);
+
+  const headers: Record<string, string> = {};
+  if (csrfToken) {
+    headers["X-CSRF-Token"] = csrfToken;
+  }
+
+  const res = await fetch(VALIDATE_URL, {
+    method: "POST",
+    headers,
+    body: formData,
+    credentials: "same-origin",
+  });
+
+  if (res.ok) {
+    return null;
+  }
+
+  try {
+    const data = await res.json();
+    return data.detail || "Rule validation failed.";
+  } catch {
+    return "Rule validation failed.";
+  }
+};
diff --git a/src/components/PatronAuthServiceEditForm.tsx b/src/components/PatronAuthServiceEditForm.tsx
new file mode 100644
index 0000000000..0628217a86
--- /dev/null
+++ b/src/components/PatronAuthServiceEditForm.tsx
@@ -0,0 +1,183 @@
+import * as React from "react";
+import {
+  LibraryWithSettingsData,
+  PatronAuthServicesData,
+  ProtocolData,
+} from "../interfaces";
+import ServiceEditForm from "./ServiceEditForm";
+import PatronBlockingRulesEditor, {
+  PatronBlockingRulesEditorHandle,
+} from "./PatronBlockingRulesEditor";
+import { supportsPatronBlockingRules } from "../utils/patronBlockingRules";
+
+const NEW_LIBRARY_KEY = "__new__";
+
+/** Extends ServiceEditForm with patron-blocking-rules support for protocols that
+ *  support it. The editor is injected via the hook methods added
+ *  to ServiceEditForm; editLibrary and addLibrary are overridden to collect the
+ *  rules from the editor ref and persist them in library state. */
+export default class PatronAuthServiceEditForm extends ServiceEditForm<
+  PatronAuthServicesData
+> {
+  private newLibraryRulesRef = React.createRef<
+    PatronBlockingRulesEditorHandle
+  >();
+  private libraryRulesRefs = new Map<
+    string,
+    React.RefObject<PatronBlockingRulesEditorHandle>
+  >();
+
+  // Tracks whether any rule editor is currently blocking save due to pending
+  // or failed validation, or duplicate names. Updated via onValidationStateChange.
+  // Stored as an instance variable (not React state) to avoid TypeScript state
+  // type conflicts with the parent class; forceUpdate() triggers re-render.
+  private rulesBlockingSave: { [shortName: string]: boolean } = {};
+
+  private getOrCreateLibraryRef(
+    shortName: string
+  ): React.RefObject<PatronBlockingRulesEditorHandle> {
+    if (!this.libraryRulesRefs.has(shortName)) {
+      this.libraryRulesRefs.set(
+        shortName,
+        React.createRef<PatronBlockingRulesEditorHandle>()
+      );
+    }
+    return this.libraryRulesRefs.get(shortName);
+  }
+
+  handleRulesValidationStateChange(
+    shortName: string,
+    isBlocking: boolean
+  ): void {
+    if (this.rulesBlockingSave[shortName] !== isBlocking) {
+      this.rulesBlockingSave = {
+        ...this.rulesBlockingSave,
+        [shortName]: isBlocking,
+      };
+      this.forceUpdate();
+    }
+  }
+
+  isLibrarySaveDisabled(library: LibraryWithSettingsData): boolean {
+    return !!this.rulesBlockingSave[library.short_name];
+  }
+
+  isAddLibraryDisabled(): boolean {
+    return !!this.rulesBlockingSave[NEW_LIBRARY_KEY];
+  }
+
+  protocolHasLibrarySettings(protocol: ProtocolData): boolean {
+    return (
+      super.protocolHasLibrarySettings(protocol) ||
+      supportsPatronBlockingRules(protocol && protocol.name)
+    );
+  }
+
+  renderExtraAssociatedLibrarySettings(
+    library: LibraryWithSettingsData,
+    protocol: ProtocolData,
+    disabled: boolean
+  ): React.ReactNode {
+    if (!supportsPatronBlockingRules(protocol && protocol.name)) {
+      return null;
+    }
+    return (
+      <PatronBlockingRulesEditor
+        ref={this.getOrCreateLibraryRef(library.short_name)}
+        value={library.patron_blocking_rules || []}
+        disabled={disabled}
+        error={this.props.error}
+        csrfToken={this.props.additionalData?.csrfToken}
+        serviceId={
+          this.props.item?.id !== undefined
+            ? Number(this.props.item.id)
+            : undefined
+        }
+        onValidationStateChange={(isBlocking) =>
+          this.handleRulesValidationStateChange(library.short_name, isBlocking)
+        }
+      />
+    );
+  }
+
+  renderExtraNewLibrarySettings(
+    protocol: ProtocolData,
+    disabled: boolean
+  ): React.ReactNode {
+    if (!supportsPatronBlockingRules(protocol && protocol.name)) {
+      return null;
+    }
+    return (
+      <PatronBlockingRulesEditor
+        ref={this.newLibraryRulesRef}
+        value={[]}
+        disabled={disabled}
+        error={this.props.error}
+        csrfToken={this.props.additionalData?.csrfToken}
+        serviceId={
+          this.props.item?.id !== undefined
+            ? Number(this.props.item.id)
+            : undefined
+        }
+        onValidationStateChange={(isBlocking) =>
+          this.handleRulesValidationStateChange(NEW_LIBRARY_KEY, isBlocking)
+        }
+      />
+    );
+  }
+
+  editLibrary(library: LibraryWithSettingsData, protocol: ProtocolData) {
+    const libraries = this.state.libraries.filter(
+      (stateLibrary) => stateLibrary.short_name !== library.short_name
+    );
+    const expandedLibraries = this.state.expandedLibraries.filter(
+      (shortName) => shortName !== library.short_name
+    );
+    const newLibrary: LibraryWithSettingsData = {
+      short_name: library.short_name,
+    };
+    for (const setting of this.protocolLibrarySettings(protocol)) {
+      const value = (this.refs[
+        `${library.short_name}_${setting.key}`
+      ] as any).getValue();
+      if (value) {
+        ((newLibrary as unknown) as Record<string, string>)[
+          setting.key
+        ] = value;
+      }
+    }
+    if (supportsPatronBlockingRules(protocol && protocol.name)) {
+      const editorRef = this.libraryRulesRefs.get(library.short_name);
+      if (editorRef?.current) {
+        newLibrary.patron_blocking_rules = editorRef.current.getValue();
+      }
+    }
+    libraries.push(newLibrary);
+    this.setState(
+      Object.assign({}, this.state, { libraries, expandedLibraries })
+    );
+  }
+
+  addLibrary(protocol: ProtocolData) {
+    const name = this.state.selectedLibrary;
+    const newLibrary: LibraryWithSettingsData = { short_name: name };
+    for (const setting of this.protocolLibrarySettings(protocol)) {
+      const value = (this.refs[setting.key] as any).getValue();
+      if (value) {
+        ((newLibrary as unknown) as Record<string, string>)[
+          setting.key
+        ] = value;
+      }
+      (this.refs[setting.key] as any).clear();
+    }
+    if (supportsPatronBlockingRules(protocol && protocol.name)) {
+      if (this.newLibraryRulesRef.current) {
+        newLibrary.patron_blocking_rules = this.newLibraryRulesRef.current.getValue();
+      }
+    }
+    const libraries = this.state.libraries.concat(newLibrary);
+    this.setState(
+      Object.assign({}, this.state, { libraries, selectedLibrary: null })
+    );
+  }
+}
diff --git a/src/components/PatronAuthServices.tsx b/src/components/PatronAuthServices.tsx
index 7f084cd5e1..aee6770bce 100644
--- a/src/components/PatronAuthServices.tsx
+++ b/src/components/PatronAuthServices.tsx
@@ -7,7 +7,7 @@ import EditableConfigList, {
 import { connect } from "react-redux";
 import ActionCreator from "../actions";
 import { PatronAuthServicesData, PatronAuthServiceData } from "../interfaces";
-import ServiceEditForm from "./ServiceEditForm";
+import PatronAuthServiceEditForm from "./PatronAuthServiceEditForm";
 import NeighborhoodAnalyticsForm from "./NeighborhoodAnalyticsForm";
 
 /** Right panel for patron authentication services on the system
@@ -18,7 +18,7 @@ export class PatronAuthServices extends EditableConfigList<
   PatronAuthServicesData,
   PatronAuthServiceData
 > {
-  EditForm = ServiceEditForm;
+  EditForm = PatronAuthServiceEditForm;
   ExtraFormSection = NeighborhoodAnalyticsForm;
   extraFormKey = "neighborhood_mode";
   listDataKey = "patron_auth_services";
@@ -70,6 +70,7 @@ function mapStateToProps(state, ownProps) {
   // of the create/edit form.
   return {
     data: data,
+    additionalData: { csrfToken: ownProps.csrfToken },
     responseBody:
       state.editor.patronAuthServices &&
       state.editor.patronAuthServices.successMessage,
diff --git a/src/components/PatronBlockingRulesEditor.tsx b/src/components/PatronBlockingRulesEditor.tsx
new file mode 100644
index 0000000000..a520c8a18c
--- /dev/null
+++ b/src/components/PatronBlockingRulesEditor.tsx
@@ -0,0 +1,377 @@
+import * as React from "react";
+import { Button } from "library-simplified-reusable-components";
+import { FetchErrorData } from "@thepalaceproject/web-opds-client/lib/interfaces";
+import { PatronBlockingRule } from "../interfaces";
+import EditableInput from "./EditableInput";
+import WithRemoveButton from "./WithRemoveButton";
+import { validatePatronBlockingRuleExpression } from "../api/patronBlockingRules";
+
+/** Returns the set of non-empty rule names that appear more than once. */
+function getDuplicateNameSet(rules: RuleEntry[]): Set<string> {
+  const counts: { [name: string]: number } = {};
+  rules.forEach((r) => {
+    if (r.name) counts[r.name] = (counts[r.name] || 0) + 1;
+  });
+  return new Set(
+    Object.entries(counts)
+      .filter(([, n]) => n > 1)
+      .map(([name]) => name)
+  );
+}
+
+function extractErrorMessage(error: FetchErrorData): string | null {
+  if (!error || error.status < 400) return null;
+  const resp = error.response as string;
+  if (!resp) return null;
+  try {
+    return JSON.parse(resp).detail || resp;
+  } catch {
+    return resp;
+  }
+}
+
+export interface PatronBlockingRulesEditorProps {
+  value?: PatronBlockingRule[];
+  disabled?: boolean;
+  error?: FetchErrorData;
+  csrfToken?: string;
+  serviceId?: number;
+  /** Called whenever the "save should be blocked" state changes.
+   *  True while any rule is incomplete, awaiting or has failed server-side
+   *  validation, or while any two rules share the same name. */
+  onValidationStateChange?: (isBlocking: boolean) => void;
+}
+
+export interface PatronBlockingRulesEditorHandle {
+  getValue: () => PatronBlockingRule[];
+  validateAndGetValue: () => PatronBlockingRule[] | null;
+}
+
+type RuleEntry = PatronBlockingRule & { _id: number };
+type ClientErrors = { [index: number]: { name?: boolean; rule?: boolean } };
+type ServerErrors = { [index: number]: string | null };
+
+interface RuleFormListItemProps {
+  rule: RuleEntry;
+  index: number;
+  disabled: boolean;
+  rowErrors: { name?: boolean; rule?: boolean };
+  nameDuplicateError?: boolean;
+  serverRuleError?: string | null;
+  error?: FetchErrorData;
+  onRemove: () => void;
+  onUpdate: (field: keyof PatronBlockingRule, value: string) => void;
+  onRuleBlur: () => void;
+}
+
+function RuleFormListItem({
+  rule,
+  index,
+  disabled,
+  rowErrors,
+  nameDuplicateError,
+  serverRuleError,
+  error,
+  onRemove,
+  onUpdate,
+  onRuleBlur,
+}: RuleFormListItemProps) {
+  const nameClientError = !!rowErrors.name;
+  const ruleClientError = !!rowErrors.rule;
+
+  return (
+    <li className="patron-blocking-rule-row">
+      <WithRemoveButton disabled={disabled} onRemove={onRemove}>
+        <div className="patron-blocking-rule-fields">
+          {nameClientError && (
+            <p className="patron-blocking-rule-field-error text-danger">
+              Rule Name is required.
+            </p>
+          )}
+          {nameDuplicateError && (
+            <p className="patron-blocking-rule-field-error text-danger">
+              Rule Name must be unique within this library.
+            </p>
+          )}
+          <EditableInput
+            elementType="input"
+            type="text"
+            label="Rule Name"
+            name={`patron_blocking_rule_name_${index}`}
+            value={rule.name}
+            required={true}
+            disabled={disabled}
+            readOnly={disabled}
+            optionalText={false}
+            clientError={rowErrors.name}
+            error={error}
+            onChange={(value) => onUpdate("name", value)}
+          />
+          {ruleClientError && (
+            <p className="patron-blocking-rule-field-error text-danger">
+              Rule Expression is required.
+            </p>
+          )}
+          {serverRuleError && (
+            <p className="patron-blocking-rule-field-error text-danger">
+              {serverRuleError}
+            </p>
+          )}
+          {/* This div captures the focusout event that bubbles up from the
+              textarea inside it, triggering server-side rule validation on blur.
+              It is not an interactive element and has no keyboard/mouse role —
+              the textarea itself handles all user interaction. */}
+          {/* eslint-disable-next-line jsx-a11y/no-static-element-interactions */}
+          <div onBlur={onRuleBlur}>
+            <EditableInput
+              elementType="textarea"
+              label="Rule Expression"
+              name={`patron_blocking_rule_rule_${index}`}
+              value={rule.rule}
+              required={true}
+              disabled={disabled}
+              readOnly={disabled}
+              optionalText={false}
+              clientError={rowErrors.rule}
+              error={error}
+              onChange={(value) => onUpdate("rule", value)}
+            />
+          </div>
+          <EditableInput
+            elementType="textarea"
+            label="Message (optional)"
+            name={`patron_blocking_rule_message_${index}`}
+            value={rule.message || ""}
+            disabled={disabled}
+            readOnly={disabled}
+            optionalText={false}
+            onChange={(value) => onUpdate("message", value)}
+          />
+        </div>
+      </WithRemoveButton>
+    </li>
+  );
+}
+
+/** Protocol-agnostic editor for a list of patron blocking rules stored in library settings. */
+const PatronBlockingRulesEditor = React.forwardRef<
+  PatronBlockingRulesEditorHandle,
+  PatronBlockingRulesEditorProps
+>(
+  (
+    {
+      value = [],
+      disabled = false,
+      error,
+      csrfToken,
+      serviceId,
+      onValidationStateChange,
+    },
+    ref
+  ) => {
+    const nextId = React.useRef(0);
+    const newId = () => nextId.current++;
+
+    const [rules, setRules] = React.useState<RuleEntry[]>(() =>
+      (value || []).map((r) => ({ ...r, _id: newId() }))
+    );
+    const [clientErrors, setClientErrors] = React.useState<ClientErrors>({});
+    const [serverErrors, setServerErrors] = React.useState<ServerErrors>({});
+    const [pendingValidationIds, setPendingValidationIds] = React.useState<
+      Set<number>
+    >(new Set());
+
+    // Keep a stable ref to the latest callback so the useEffect below does not
+    // need it as a dependency (avoids extra calls when a class-component parent
+    // creates a new arrow function on every render).
+    const onValidationStateChangeRef = React.useRef(onValidationStateChange);
+    React.useLayoutEffect(() => {
+      onValidationStateChangeRef.current = onValidationStateChange;
+    }, [onValidationStateChange]);
+
+    React.useEffect(() => {
+      const hasIncomplete = rules.some((r) => !r.name || !r.rule);
+      const isBlocking =
+        pendingValidationIds.size > 0 ||
+        getDuplicateNameSet(rules).size > 0 ||
+        hasIncomplete;
+      onValidationStateChangeRef.current?.(isBlocking);
+    }, [pendingValidationIds, rules]);
+
+    const serverErrorMessage = extractErrorMessage(error);
+
+    React.useImperativeHandle(
+      ref,
+      () => ({
+        getValue: () => rules.map(({ _id, ...r }) => r),
+        validateAndGetValue: () => {
+          const errors: ClientErrors = {};
+          let valid = true;
+          rules.forEach((r, i) => {
+            const rowErrors: { name?: boolean; rule?: boolean } = {};
+            if (!r.name) {
+              rowErrors.name = true;
+              valid = false;
+            }
+            if (!r.rule) {
+              rowErrors.rule = true;
+              valid = false;
+            }
+            if (Object.keys(rowErrors).length > 0) {
+              errors[i] = rowErrors;
+            }
+          });
+          setClientErrors(errors);
+          return valid ? rules.map(({ _id, ...r }) => r) : null;
+        },
+      }),
+      [rules]
+    );
+
+    const addRule = () => {
+      const newEntry: RuleEntry = {
+        name: "",
+        rule: "",
+        message: "",
+        _id: newId(),
+      };
+      setRules((prev) => [...prev, newEntry]);
+      // Only track pending validation when we have a saved service to validate against.
+      if (serviceId !== undefined) {
+        setPendingValidationIds((prev) => new Set(prev).add(newEntry._id));
+      }
+    };
+
+    const removeRule = (index: number) => {
+      const removedId = rules[index]._id;
+      setRules((prev) => prev.filter((_, i) => i !== index));
+      setPendingValidationIds((prev) => {
+        const next = new Set(prev);
+        next.delete(removedId);
+        return next;
+      });
+      setClientErrors((prev) => {
+        const next: ClientErrors = {};
+        Object.entries(prev).forEach(([key, val]) => {
+          const k = Number(key);
+          if (k < index) next[k] = val;
+          else if (k > index) next[k - 1] = val;
+          // k === index is dropped
+        });
+        return next;
+      });
+      setServerErrors((prev) => {
+        const next: ServerErrors = {};
+        Object.entries(prev).forEach(([key, val]) => {
+          const k = Number(key);
+          if (k < index) next[k] = val;
+          else if (k > index) next[k - 1] = val;
+          // k === index is dropped
+        });
+        return next;
+      });
+    };
+
+    const updateRule = (
+      index: number,
+      field: keyof PatronBlockingRule,
+      value: string
+    ) => {
+      setRules((prev) =>
+        prev.map((r, i) => (i === index ? { ...r, [field]: value } : r))
+      );
+      if (field === "name" || field === "rule") {
+        setClientErrors((prev) => {
+          if (!prev[index]) return prev;
+          return { ...prev, [index]: { ...prev[index], [field]: !value } };
+        });
+      }
+      if (field === "rule") {
+        setServerErrors((prev) => ({ ...prev, [index]: null }));
+        // Mark as needing re-validation whenever the expression changes.
+        if (serviceId !== undefined) {
+          setPendingValidationIds((prev) =>
+            new Set(prev).add(rules[index]._id)
+          );
+        }
+      }
+    };
+
+    const handleRuleBlur = async (index: number) => {
+      const rule = rules[index];
+      if (!rule || !rule.rule) {
+        // Empty expression — skip server call; leave in pending so Save stays
+        // disabled until the user fills in the expression or removes the rule.
+        return;
+      }
+      // NOTE: There is a possible, though unlikely, race condition  when rendering multiple rules,
+      // each with their own onRuleBlur because there could potentially be multiple
+      // validatePatronBlockingRuleExpression fetches in flight. In that case,
+      // the last one to resolve will win, which might in correctly set the save button state.
+      // TODO: address the race condition if users see it occurring.
+      const errorMessage = await validatePatronBlockingRuleExpression(
+        serviceId,
+        rule,
+        csrfToken
+      );
+      setServerErrors((prev) => ({ ...prev, [index]: errorMessage }));
+      if (!errorMessage) {
+        // Validation passed — unblock save for this rule.
+        setPendingValidationIds((prev) => {
+          const next = new Set(prev);
+          next.delete(rule._id);
+          return next;
+        });
+      }
+    };
+
+    const hasIncompleteRule = rules.some((r) => !r.name || !r.rule);
+    const duplicateNameSet = getDuplicateNameSet(rules);
+
+    return (
+      <div className="patron-blocking-rules-editor">
+        <div className="patron-blocking-rules-header">
+          <label className="control-label">Patron Blocking Rules</label>
+          <Button
+            type="button"
+            className="add-patron-blocking-rule"
+            disabled={disabled || hasIncompleteRule}
+            callback={addRule}
+            content="Add Rule"
+          />
+        </div>
+        {serverErrorMessage && (
+          <p className="patron-blocking-rule-field-error text-danger">
+            {serverErrorMessage}
+          </p>
+        )}
+        {rules.length === 0 && (
+          <p className="no-rules-message">No patron blocking rules defined.</p>
+        )}
+        <ul className="patron-blocking-rules-list list-unstyled">
+          {rules.map((rule, index) => (
+            <RuleFormListItem
+              key={rule._id}
+              rule={rule}
+              index={index}
+              disabled={disabled}
+              rowErrors={clientErrors[index] || {}}
+              nameDuplicateError={
+                !!rule.name && duplicateNameSet.has(rule.name)
+              }
+              serverRuleError={serverErrors[index]}
+              error={error}
+              onRemove={() => removeRule(index)}
+              onUpdate={(field, value) => updateRule(index, field, value)}
+              onRuleBlur={() => handleRuleBlur(index)}
+            />
+          ))}
+        </ul>
+      </div>
+    );
+  }
+);
+
+PatronBlockingRulesEditor.displayName = "PatronBlockingRulesEditor";
+
+export default PatronBlockingRulesEditor;
diff --git a/src/components/ServiceEditForm.tsx b/src/components/ServiceEditForm.tsx
index c49203051b..82407f5735 100644
--- a/src/components/ServiceEditForm.tsx
+++ b/src/components/ServiceEditForm.tsx
@@ -17,6 +17,7 @@ import { FetchErrorData } from "@thepalaceproject/web-opds-client/lib/interfaces
 export interface ServiceEditFormProps<T> {
   data: T;
   item?: ServiceData;
+  additionalData?: any;
   disabled: boolean;
   save?: (data: FormData) => void;
   urlBase: string;
@@ -227,6 +228,32 @@ export default class ServiceEditForm<
     return [];
   }
 
+  /** Hook for subclasses to inject extra fields into the expanded per-library settings panel.
+   *  Rendered after protocol library_settings fields and before the Save button. */
+  renderExtraAssociatedLibrarySettings(
+    _library: LibraryWithSettingsData,
+    _protocol: ProtocolData,
+    _disabled: boolean
+  ): React.ReactNode {
+    return null;
+  }
+
+  /** Hook for subclasses to inject extra fields into the add-new-library panel.
+   *  Rendered after protocol library_settings fields and before the Add Library button. */
+  renderExtraNewLibrarySettings(
+    _protocol: ProtocolData,
+    _disabled: boolean
+  ): React.ReactNode {
+    return null;
+  }
+
+  /** Returns true when this protocol has any editable per-library settings,
+   *  either from the protocol definition or injected by a subclass.
+   *  Subclasses should override this when they add extra library-level fields. */
+  protocolHasLibrarySettings(protocol: ProtocolData): boolean {
+    return this.protocolLibrarySettings(protocol).length > 0;
+  }
+
   renderRequiredFields(
     requiredFields,
     protocol: ProtocolData,
@@ -357,8 +384,7 @@ export default class ServiceEditForm<
               >
                 {this.props.data &&
                   this.props.data.protocols &&
-                  this.protocolLibrarySettings(protocol) &&
-                  this.protocolLibrarySettings(protocol).length > 0 && (
+                  this.protocolHasLibrarySettings(protocol) && (
                     <WithEditButton
                       disabled={disabled}
                       onEdit={() => this.expandLibrary(library)}
@@ -370,8 +396,7 @@ export default class ServiceEditForm<
                 {!(
                   this.props.data &&
                   this.props.data.protocols &&
-                  this.protocolLibrarySettings(protocol) &&
-                  this.protocolLibrarySettings(protocol).length > 0
+                  this.protocolHasLibrarySettings(protocol)
                 ) &&
                   this.getLibrary(library.short_name) &&
                   this.getLibrary(library.short_name).name}
@@ -386,14 +411,23 @@ export default class ServiceEditForm<
                         key={setting.key}
                         setting={setting}
                         disabled={disabled}
-                        value={library[setting.key]}
+                        value={
+                          ((library as unknown) as Record<string, string>)[
+                            setting.key
+                          ]
+                        }
                         ref={library.short_name + "_" + setting.key}
                       />
                     ))}
+                  {this.renderExtraAssociatedLibrarySettings(
+                    library,
+                    protocol,
+                    disabled
+                  )}
                   <Button
                     type="button"
                     className="edit-library"
-                    disabled={disabled}
+                    disabled={disabled || this.isLibrarySaveDisabled(library)}
                     callback={() => this.editLibrary(library, protocol)}
                     content="Save"
                   />
@@ -446,9 +480,10 @@ export default class ServiceEditForm<
                       ref={setting.key}
                     />
                   ))}
+                {this.renderExtraNewLibrarySettings(protocol, disabled)}
                 <Button
                   type="button"
-                  disabled={disabled}
+                  disabled={disabled || this.isAddLibraryDisabled()}
                   callback={() => this.addLibrary(protocol)}
                   content="Add Library"
                   className="left-align"
@@ -601,13 +636,22 @@ export default class ServiceEditForm<
    * Subclasses may override this method to control removal.
    * @param library The library to remove.
    */
-  isLibraryRemovalPermitted(library: LibraryWithSettingsData): boolean {
-    // library should be provided on every call.
-    // It is not used here, but might be in subclass implementations.
-    // Removal is permitted by default.
+  isLibraryRemovalPermitted(_library: LibraryWithSettingsData): boolean {
     return true;
   }
 
+  /** Hook for subclasses to additionally disable the per-library Save button.
+   *  Return true to keep the button disabled even when the form is otherwise enabled. */
+  isLibrarySaveDisabled(_library: LibraryWithSettingsData): boolean {
+    return false;
+  }
+
+  /** Hook for subclasses to additionally disable the Add Library button.
+   *  Return true to keep the button disabled even when the form is otherwise enabled. */
+  isAddLibraryDisabled(): boolean {
+    return false;
+  }
+
   /**
    * Removes the association with the given library from a service's state.
    *
diff --git a/src/interfaces.ts b/src/interfaces.ts
index f234b3c402..c687110206 100644
--- a/src/interfaces.ts
+++ b/src/interfaces.ts
@@ -283,9 +283,15 @@ export interface LibrariesData {
   settings?: LibrarySettingField[];
 }
 
+export interface PatronBlockingRule {
+  name: string;
+  rule: string;
+  message?: string | null;
+}
+
 export interface LibraryWithSettingsData {
   short_name: string;
-  [key: string]: string;
+  patron_blocking_rules?: PatronBlockingRule[];
 }
 
 export type SpecificSettingType =
diff --git a/src/stylesheets/app.scss b/src/stylesheets/app.scss
index 128be09983..77d626e2bc 100644
--- a/src/stylesheets/app.scss
+++ b/src/stylesheets/app.scss
@@ -50,6 +50,7 @@ $fontfamily: 'Open Sans', sans-serif;
 @import "manage_patrons";
 @import "paired_menu";
 @import "password_input";
+@import "patron_blocking_rules_editor";
 @import "protocol_form_field";
 @import "self_tests";
 @import "set_up";
diff --git a/src/stylesheets/patron_blocking_rules_editor.scss b/src/stylesheets/patron_blocking_rules_editor.scss
new file mode 100644
index 0000000000..8d53af4f80
--- /dev/null
+++ b/src/stylesheets/patron_blocking_rules_editor.scss
@@ -0,0 +1,46 @@
+.patron-blocking-rules-editor {
+  border-top: 1px solid $gray-border;
+  margin-top: 20px;
+  padding-top: 16px;
+  padding-bottom: 20px;
+  margin-bottom: 20px;
+  border-bottom: 1px solid $gray-border;
+
+  .patron-blocking-rules-header {
+    display: flex;
+    flex-direction: row;
+    align-items: center;
+    justify-content: space-between;
+    margin-bottom: 8px;
+
+    .control-label {
+      margin-bottom: 0;
+    }
+
+    .add-patron-blocking-rule {
+      margin: 0;
+    }
+  }
+
+  .no-rules-message {
+    color: $medium-dark-gray;
+    font-style: italic;
+    margin: 8px 0 0;
+  }
+
+  .patron-blocking-rules-list {
+    margin: 0;
+    padding: 0;
+  }
+
+  .patron-blocking-rule-row {
+    border-bottom: 1px solid $medium-gray;
+    padding-bottom: 12px;
+    margin-bottom: 0;
+
+    &:last-child {
+      border-bottom: none;
+      padding-bottom: 0;
+    }
+  }
+}
diff --git a/src/utils/patronBlockingRules.ts b/src/utils/patronBlockingRules.ts
new file mode 100644
index 0000000000..26272c4e10
--- /dev/null
+++ b/src/utils/patronBlockingRules.ts
@@ -0,0 +1,7 @@
+export const SIP2_PROTOCOL = "api.sip";
+
+export function supportsPatronBlockingRules(
+  protocolName: string | null | undefined
+): boolean {
+  return protocolName === SIP2_PROTOCOL;
+}
diff --git a/tests/jest/api/patronBlockingRules.test.ts b/tests/jest/api/patronBlockingRules.test.ts
new file mode 100644
index 0000000000..c54f6595f0
--- /dev/null
+++ b/tests/jest/api/patronBlockingRules.test.ts
@@ -0,0 +1,78 @@
+import * as fetchMock from "fetch-mock-jest";
+import { validatePatronBlockingRuleExpression } from "../../../src/api/patronBlockingRules";
+import { PatronBlockingRule } from "../../../src/interfaces";
+
+const VALIDATE_URL = "/admin/patron_auth_service_validate_patron_blocking_rule";
+
+const sampleRule: PatronBlockingRule = {
+  name: "Fine Check",
+  rule: "{fines} > 10.0",
+};
+
+describe("validatePatronBlockingRuleExpression", () => {
+  afterEach(() => {
+    fetchMock.mockReset();
+  });
+
+  it("returns null on a 200 response", async () => {
+    fetchMock.post(VALIDATE_URL, { status: 200 });
+    const result = await validatePatronBlockingRuleExpression(
+      42,
+      sampleRule,
+      "test-token"
+    );
+    expect(result).toBeNull();
+  });
+
+  it("returns the detail string from a 400 response", async () => {
+    fetchMock.post(VALIDATE_URL, {
+      status: 400,
+      body: { detail: "Unknown placeholder: {unknown_field}" },
+    });
+    const result = await validatePatronBlockingRuleExpression(
+      42,
+      sampleRule,
+      "test-token"
+    );
+    expect(result).toBe("Unknown placeholder: {unknown_field}");
+  });
+
+  it("returns a fallback string when a 400 response body has no detail", async () => {
+    fetchMock.post(VALIDATE_URL, { status: 400, body: {} });
+    const result = await validatePatronBlockingRuleExpression(
+      42,
+      sampleRule,
+      "test-token"
+    );
+    expect(result).not.toBeNull();
+    expect(typeof result).toBe("string");
+  });
+
+  it("sends the correct URL, method, and CSRF header", async () => {
+    fetchMock.post(VALIDATE_URL, { status: 200 });
+    await validatePatronBlockingRuleExpression(42, sampleRule, "my-csrf-token");
+    expect(fetchMock).toHaveBeenCalledWith(
+      VALIDATE_URL,
+      expect.objectContaining({
+        method: "POST",
+        headers: expect.objectContaining({ "X-CSRF-Token": "my-csrf-token" }),
+      })
+    );
+  });
+
+  it("omits service_id from the form body when serviceId is undefined", async () => {
+    fetchMock.post(VALIDATE_URL, { status: 200 });
+    // Should not throw and should still make the request (server returns "save first" error)
+    const result = await validatePatronBlockingRuleExpression(
+      undefined,
+      sampleRule,
+      "tok"
+    );
+    expect(fetchMock).toHaveBeenCalledWith(
+      VALIDATE_URL,
+      expect.objectContaining({ method: "POST" })
+    );
+    // Server would return an error detail in a real call; here it returns 200 (mocked)
+    expect(result).toBeNull();
+  });
+});
diff --git a/tests/jest/components/PatronAuthServiceEditForm.test.tsx b/tests/jest/components/PatronAuthServiceEditForm.test.tsx
new file mode 100644
index 0000000000..941e41eb3d
--- /dev/null
+++ b/tests/jest/components/PatronAuthServiceEditForm.test.tsx
@@ -0,0 +1,458 @@
+import * as React from "react";
+import { render, screen, waitFor } from "@testing-library/react";
+import userEvent from "@testing-library/user-event";
+import * as fetchMock from "fetch-mock-jest";
+import PatronAuthServiceEditForm from "../../../src/components/PatronAuthServiceEditForm";
+import {
+  PatronAuthServicesData,
+  PatronBlockingRule,
+} from "../../../src/interfaces";
+import { SIP2_PROTOCOL } from "../../../src/utils/patronBlockingRules";
+
+const VALIDATE_URL = "/admin/patron_auth_service_validate_patron_blocking_rule";
+
+async function expandLibrariesPanel(user: ReturnType<typeof userEvent.setup>) {
+  const toggle = screen
+    .getAllByRole("button")
+    .find((btn) => btn.getAttribute("aria-controls")?.includes("libraries"));
+  if (toggle && toggle.getAttribute("aria-expanded") === "false") {
+    await user.click(toggle);
+  }
+}
+
+const SIP2_PROTOCOL_DATA = {
+  name: SIP2_PROTOCOL,
+  label: "SIP2",
+  description: "SIP2 authentication",
+  sitewide: false,
+  settings: [{ key: "server", label: "Server", required: true }],
+  library_settings: [],
+};
+
+const OTHER_PROTOCOL_DATA = {
+  name: "api.saml.provider",
+  label: "SAML",
+  description: "SAML authentication",
+  sitewide: false,
+  settings: [{ key: "idp_url", label: "IdP URL", required: true }],
+  library_settings: [],
+};
+
+const LIBRARY_SHORT_NAME = "test-lib";
+
+const servicesData: PatronAuthServicesData = {
+  protocols: [SIP2_PROTOCOL_DATA, OTHER_PROTOCOL_DATA],
+  allLibraries: [{ short_name: LIBRARY_SHORT_NAME, name: "Test Library" }],
+  patron_auth_services: [],
+};
+
+const baseProps = {
+  data: servicesData,
+  disabled: false,
+  save: jest.fn(),
+  urlBase: "/admin/web/config/patronAuth/",
+  listDataKey: "patron_auth_services",
+  adminLevel: 10,
+};
+
+function buildSIP2Item(rules: PatronBlockingRule[] = []) {
+  return {
+    id: 1,
+    protocol: SIP2_PROTOCOL,
+    settings: { server: "sip.example.com" },
+    libraries: [
+      { short_name: LIBRARY_SHORT_NAME, patron_blocking_rules: rules },
+    ],
+  };
+}
+
+// Guard: any blur on the Rule Expression textarea calls validatePatronBlockingRuleExpression.
+// All describe blocks get a default 200 mock so tests that incidentally trigger blur
+// don't fail with "only absolute URLs are supported" from the fetch polyfill.
+beforeEach(() => {
+  fetchMock.post(VALIDATE_URL, { status: 200 });
+});
+
+afterEach(() => {
+  fetchMock.mockReset();
+});
+
+describe("PatronAuthServiceEditForm – capability gating", () => {
+  it("shows PatronBlockingRulesEditor in expanded library settings for SIP2", async () => {
+    const user = userEvent.setup();
+    render(<PatronAuthServiceEditForm {...baseProps} item={buildSIP2Item()} />);
+
+    await expandLibrariesPanel(user);
+    const editButton = screen.getByRole("button", { name: /Edit/i });
+    await user.click(editButton);
+
+    // The PatronBlockingRulesEditor label and Add Rule button should be visible
+    expect(screen.getByText("Patron Blocking Rules")).toBeTruthy();
+    expect(screen.getByRole("button", { name: /Add Rule/i })).toBeTruthy();
+  });
+
+  it("does not show PatronBlockingRulesEditor for non-SIP2 protocol", async () => {
+    const user = userEvent.setup();
+    const item = {
+      id: 2,
+      protocol: "api.saml.provider",
+      settings: { idp_url: "https://idp.example.com" },
+      libraries: [{ short_name: LIBRARY_SHORT_NAME }],
+    };
+    render(<PatronAuthServiceEditForm {...baseProps} item={item} />);
+    await expandLibrariesPanel(user);
+
+    // For non-SIP2 with no library_settings, the Edit button should not render
+    expect(screen.queryByRole("button", { name: /Edit/i })).toBeNull();
+    expect(screen.queryByText(/Patron Blocking Rules/i)).toBeNull();
+    expect(screen.queryByRole("button", { name: /Add Rule/i })).toBeNull();
+  });
+});
+
+describe("PatronAuthServiceEditForm – load / initial value", () => {
+  it("populates the editor with existing patron_blocking_rules from saved library settings", async () => {
+    const user = userEvent.setup();
+    const existingRules: PatronBlockingRule[] = [
+      {
+        name: "Block expired",
+        rule: "status == expired",
+        message: "Card expired",
+      },
+    ];
+    render(
+      <PatronAuthServiceEditForm
+        {...baseProps}
+        item={buildSIP2Item(existingRules)}
+      />
+    );
+
+    await expandLibrariesPanel(user);
+    const editButton = screen.getByRole("button", { name: /Edit/i });
+    await user.click(editButton);
+
+    const nameInput = screen.getByLabelText(/Rule Name/i) as HTMLInputElement;
+    expect(nameInput.value).toBe("Block expired");
+
+    const ruleTextarea = screen.getByLabelText(
+      /Rule Expression/i
+    ) as HTMLTextAreaElement;
+    expect(ruleTextarea.value).toBe("status == expired");
+
+    const messageInput = screen.getByLabelText(/Message/i) as HTMLInputElement;
+    expect(messageInput.value).toBe("Card expired");
+  });
+
+  it("shows empty editor when library has no existing patron_blocking_rules", async () => {
+    const user = userEvent.setup();
+    render(
+      <PatronAuthServiceEditForm {...baseProps} item={buildSIP2Item([])} />
+    );
+
+    await expandLibrariesPanel(user);
+    const editButton = screen.getByRole("button", { name: /Edit/i });
+    await user.click(editButton);
+
+    expect(screen.getByText(/No patron blocking rules defined/i)).toBeTruthy();
+  });
+});
+
+describe("PatronAuthServiceEditForm – error display", () => {
+  it("passes error prop down to PatronBlockingRulesEditor", async () => {
+    const user = userEvent.setup();
+    const error = { status: 400, response: "Validation failed", url: "" };
+    render(
+      <PatronAuthServiceEditForm
+        {...baseProps}
+        item={buildSIP2Item([{ name: "", rule: "expr", message: null }])}
+        error={error}
+      />
+    );
+
+    await expandLibrariesPanel(user);
+    const editButton = screen.getByRole("button", { name: /Edit/i });
+    await user.click(editButton);
+
+    // The PatronBlockingRulesEditor should be present (error prop is wired in)
+    expect(screen.getByText(/Patron Blocking Rules/i)).toBeTruthy();
+  });
+});
+
+describe("PatronAuthServiceEditForm – serialization", () => {
+  it("includes patron_blocking_rules in the library state when editLibrary is called", async () => {
+    const user = userEvent.setup();
+    render(<PatronAuthServiceEditForm {...baseProps} item={buildSIP2Item()} />);
+
+    await expandLibrariesPanel(user);
+    const editButton = screen.getByRole("button", { name: /Edit/i });
+    await user.click(editButton);
+
+    // Add a rule via the editor UI
+    await user.click(screen.getByRole("button", { name: /Add Rule/i }));
+    await user.type(screen.getByLabelText(/Rule Name/i), "Test Rule");
+    await user.type(
+      screen.getByLabelText(/Rule Expression/i),
+      "field == value"
+    );
+
+    // Tab out of the expression field to trigger blur → validation (mocked 200).
+    // The Save button is disabled until validation succeeds.
+    await user.tab();
+    const saveButton = screen.getByRole("button", { name: /^Save$/i });
+    await waitFor(() => expect(saveButton).not.toBeDisabled());
+
+    await user.click(saveButton);
+
+    // The library should now be collapsed (indicating editLibrary was called)
+    expect(screen.queryByRole("button", { name: /Add Rule/i })).toBeNull();
+  });
+
+  it("includes patron_blocking_rules in payload when adding a new library", async () => {
+    const user = userEvent.setup();
+    // No existing libraries associated with service
+    const item = {
+      id: 3,
+      protocol: SIP2_PROTOCOL,
+      settings: {},
+      libraries: [],
+    };
+    render(<PatronAuthServiceEditForm {...baseProps} item={item} />);
+
+    await expandLibrariesPanel(user);
+    // Select the library from the dropdown
+    const select = screen.getByRole("combobox", { name: /Add Library/i });
+    await user.selectOptions(select, LIBRARY_SHORT_NAME);
+
+    // Add a patron blocking rule
+    await user.click(screen.getByRole("button", { name: /Add Rule/i }));
+    await user.type(screen.getByLabelText(/Rule Name/i), "New Rule");
+    await user.type(
+      screen.getByLabelText(/Rule Expression/i),
+      "some expression"
+    );
+
+    // Tab out to trigger blur → validation (mocked 200).
+    // The Add Library button is disabled until validation succeeds.
+    await user.tab();
+    const addButton = screen.getByRole("button", { name: /Add Library/i });
+    await waitFor(() => expect(addButton).not.toBeDisabled());
+
+    await user.click(addButton);
+
+    // After adding, the library should appear in the list, editor no longer in "new library" form
+    expect(screen.queryByLabelText(/Rule Name/i)).toBeNull();
+  });
+});
+
+describe("PatronAuthServiceEditForm – save button gating", () => {
+  it("disables the per-library Save button immediately when a new rule is added", async () => {
+    const user = userEvent.setup();
+    render(<PatronAuthServiceEditForm {...baseProps} item={buildSIP2Item()} />);
+
+    await expandLibrariesPanel(user);
+    await user.click(screen.getByRole("button", { name: /Edit/i }));
+    await user.click(screen.getByRole("button", { name: /Add Rule/i }));
+
+    const saveButton = screen.getByRole("button", { name: /^Save$/i });
+    await waitFor(() => expect(saveButton).toBeDisabled());
+  });
+
+  it("re-enables the per-library Save button once validation succeeds", async () => {
+    const user = userEvent.setup();
+    render(<PatronAuthServiceEditForm {...baseProps} item={buildSIP2Item()} />);
+
+    await expandLibrariesPanel(user);
+    await user.click(screen.getByRole("button", { name: /Edit/i }));
+    await user.click(screen.getByRole("button", { name: /Add Rule/i }));
+    await user.type(screen.getByLabelText(/Rule Name/i), "My Rule");
+    await user.type(screen.getByLabelText(/Rule Expression/i), "{{fines}} > 0");
+    // Tab out triggers blur → server validation → 200 OK (from beforeEach mock)
+    await user.tab();
+
+    const saveButton = screen.getByRole("button", { name: /^Save$/i });
+    await waitFor(() => expect(saveButton).not.toBeDisabled());
+  });
+
+  it("keeps the per-library Save button disabled when validation fails", async () => {
+    const user = userEvent.setup();
+    fetchMock.mockReset();
+    fetchMock.post(VALIDATE_URL, {
+      status: 400,
+      body: { detail: "Unknown placeholder" },
+    });
+
+    render(<PatronAuthServiceEditForm {...baseProps} item={buildSIP2Item()} />);
+
+    await expandLibrariesPanel(user);
+    await user.click(screen.getByRole("button", { name: /Edit/i }));
+    await user.click(screen.getByRole("button", { name: /Add Rule/i }));
+    await user.type(screen.getByLabelText(/Rule Name/i), "My Rule");
+    await user.type(screen.getByLabelText(/Rule Expression/i), "bad_syntax");
+    await user.tab();
+
+    await screen.findByText(/Unknown placeholder/i);
+    const saveButton = screen.getByRole("button", { name: /^Save$/i });
+    expect(saveButton).toBeDisabled();
+  });
+
+  it("disables the Add Library button immediately when an incomplete rule is added to the new library section", async () => {
+    const user = userEvent.setup();
+    const item = {
+      id: 3,
+      protocol: SIP2_PROTOCOL,
+      settings: {},
+      libraries: [],
+    };
+    render(<PatronAuthServiceEditForm {...baseProps} item={item} />);
+
+    await expandLibrariesPanel(user);
+    const select = screen.getByRole("combobox", { name: /Add Library/i });
+    await user.selectOptions(select, LIBRARY_SHORT_NAME);
+
+    const addButton = screen.getByRole("button", { name: /Add Library/i });
+    // Before adding a rule the button is enabled
+    expect(addButton).not.toBeDisabled();
+
+    await user.click(screen.getByRole("button", { name: /Add Rule/i }));
+
+    // Incomplete rule (empty name + expression) must block the Add Library button
+    await waitFor(() => expect(addButton).toBeDisabled());
+  });
+
+  it("disables the per-library Save button when two rules share the same name", async () => {
+    const user = userEvent.setup();
+    const existingRules = [
+      { name: "Rule A", rule: "expr_a" },
+      { name: "Rule B", rule: "expr_b" },
+    ];
+    render(
+      <PatronAuthServiceEditForm
+        {...baseProps}
+        item={buildSIP2Item(existingRules)}
+      />
+    );
+
+    await expandLibrariesPanel(user);
+    await user.click(screen.getByRole("button", { name: /Edit/i }));
+
+    const saveButton = screen.getByRole("button", { name: /^Save$/i });
+    // Both rules are complete and unique — Save should be enabled
+    await waitFor(() => expect(saveButton).not.toBeDisabled());
+
+    // Rename rule B to match rule A → duplicate → Save must disable
+    const nameInputs = screen.getAllByLabelText(
+      /Rule Name/i
+    ) as HTMLInputElement[];
+    await user.clear(nameInputs[1]);
+    await user.type(nameInputs[1], "Rule A");
+
+    await waitFor(() => expect(saveButton).toBeDisabled());
+  });
+
+  it("re-enables the per-library Save button after a duplicate name is resolved", async () => {
+    const user = userEvent.setup();
+    const existingRules = [
+      { name: "Rule A", rule: "expr_a" },
+      { name: "Rule A", rule: "expr_b" }, // starts as duplicate
+    ];
+    render(
+      <PatronAuthServiceEditForm
+        {...baseProps}
+        item={buildSIP2Item(existingRules)}
+      />
+    );
+
+    await expandLibrariesPanel(user);
+    await user.click(screen.getByRole("button", { name: /Edit/i }));
+
+    const saveButton = screen.getByRole("button", { name: /^Save$/i });
+    await waitFor(() => expect(saveButton).toBeDisabled());
+
+    // Fix the duplicate
+    const nameInputs = screen.getAllByLabelText(
+      /Rule Name/i
+    ) as HTMLInputElement[];
+    await user.clear(nameInputs[1]);
+    await user.type(nameInputs[1], "Rule B");
+
+    await waitFor(() => expect(saveButton).not.toBeDisabled());
+  });
+
+  it("re-blocks and then re-enables the Save button when an existing rule's expression is edited and re-validated", async () => {
+    const user = userEvent.setup();
+    const existingRules = [{ name: "Rule A", rule: "expr_a" }];
+    render(
+      <PatronAuthServiceEditForm
+        {...baseProps}
+        item={buildSIP2Item(existingRules)}
+      />
+    );
+
+    await expandLibrariesPanel(user);
+    await user.click(screen.getByRole("button", { name: /Edit/i }));
+
+    const saveButton = screen.getByRole("button", { name: /^Save$/i });
+    // Existing rule is not pending — Save should be enabled
+    await waitFor(() => expect(saveButton).not.toBeDisabled());
+
+    // Edit the expression — Save must re-block
+    const ruleTextarea = screen.getByLabelText(
+      /Rule Expression/i
+    ) as HTMLTextAreaElement;
+    await user.clear(ruleTextarea);
+    await user.type(ruleTextarea, "new_expr");
+    await waitFor(() => expect(saveButton).toBeDisabled());
+
+    // Blur → 200 OK from beforeEach mock → Save re-enabled
+    await user.tab();
+    await waitFor(() => expect(saveButton).not.toBeDisabled());
+  });
+});
+
+describe("PatronAuthServiceEditForm – csrfToken / serviceId wiring", () => {
+  it("passes the csrfToken from additionalData to the validation API request", async () => {
+    const user = userEvent.setup();
+    render(
+      <PatronAuthServiceEditForm
+        {...baseProps}
+        item={buildSIP2Item()}
+        additionalData={{ csrfToken: "test-csrf-token" }}
+      />
+    );
+
+    await expandLibrariesPanel(user);
+    await user.click(screen.getByRole("button", { name: /Edit/i }));
+    await user.click(screen.getByRole("button", { name: /Add Rule/i }));
+    await user.type(screen.getByLabelText(/Rule Name/i), "My Rule");
+    await user.type(screen.getByLabelText(/Rule Expression/i), "expr");
+    await user.tab();
+
+    await waitFor(() =>
+      expect(fetchMock).toHaveBeenCalledWith(
+        VALIDATE_URL,
+        expect.objectContaining({
+          headers: expect.objectContaining({
+            "X-CSRF-Token": "test-csrf-token",
+          }),
+        })
+      )
+    );
+  });
+
+  it("passes the item id as service_id in the validation API request body", async () => {
+    const user = userEvent.setup();
+    // item.id = 1 (from buildSIP2Item)
+    render(<PatronAuthServiceEditForm {...baseProps} item={buildSIP2Item()} />);
+
+    await expandLibrariesPanel(user);
+    await user.click(screen.getByRole("button", { name: /Edit/i }));
+    await user.click(screen.getByRole("button", { name: /Add Rule/i }));
+    await user.type(screen.getByLabelText(/Rule Name/i), "My Rule");
+    await user.type(screen.getByLabelText(/Rule Expression/i), "expr");
+    await user.tab();
+
+    await waitFor(() => expect(fetchMock).toHaveBeenCalled());
+    const [, options] = fetchMock.calls(VALIDATE_URL)[0];
+    const body = (options as RequestInit).body as FormData;
+    expect(body.get("service_id")).toBe("1");
+  });
+});
diff --git a/tests/jest/components/PatronBlockingRulesEditor.test.tsx b/tests/jest/components/PatronBlockingRulesEditor.test.tsx
new file mode 100644
index 0000000000..f7dcf6046d
--- /dev/null
+++ b/tests/jest/components/PatronBlockingRulesEditor.test.tsx
@@ -0,0 +1,840 @@
+import * as React from "react";
+import { render, screen, waitFor, act } from "@testing-library/react";
+import userEvent from "@testing-library/user-event";
+import * as fetchMock from "fetch-mock-jest";
+import PatronBlockingRulesEditor, {
+  PatronBlockingRulesEditorHandle,
+} from "../../../src/components/PatronBlockingRulesEditor";
+import { PatronBlockingRule } from "../../../src/interfaces";
+import { FetchErrorData } from "@thepalaceproject/web-opds-client/lib/interfaces";
+
+const VALIDATE_URL = "/admin/patron_auth_service_validate_patron_blocking_rule";
+
+const existingRules: PatronBlockingRule[] = [
+  { name: "Rule A", rule: "expr_a", message: "msg a" },
+  { name: "Rule B", rule: "expr_b" },
+];
+
+/**
+ * Both describe blocks share a beforeEach/afterEach that provides a default
+ * successful validation response.  This ensures that any incidental blur events
+ * fired by user interactions in non-blur-focused tests don't throw
+ * "only absolute URLs are supported" errors from the fetch polyfill.
+ *
+ * Blur-specific tests that need a non-200 response call fetchMock.mockReset()
+ * at the start and then set up their own route.
+ *
+ * Note: in userEvent.type, curly braces are special key sequences.  Use {{
+ * and }} to type literal { and } characters.
+ */
+
+describe("PatronBlockingRulesEditor — save-blocking (onValidationStateChange)", () => {
+  beforeEach(() => {
+    fetchMock.post(VALIDATE_URL, { status: 200 });
+  });
+
+  afterEach(() => {
+    fetchMock.mockReset();
+  });
+
+  it("calls onValidationStateChange(true) when a rule is added with a known serviceId", async () => {
+    const user = userEvent.setup();
+    const onChange = jest.fn();
+
+    render(
+      <PatronBlockingRulesEditor
+        value={[]}
+        serviceId={42}
+        csrfToken="tok"
+        onValidationStateChange={onChange}
+      />
+    );
+
+    await user.click(screen.getByRole("button", { name: /Add Rule/i }));
+
+    await waitFor(() => expect(onChange).toHaveBeenCalledWith(true));
+  });
+
+  it("calls onValidationStateChange(false) after successful validation on blur", async () => {
+    const user = userEvent.setup();
+    const onChange = jest.fn();
+
+    render(
+      <PatronBlockingRulesEditor
+        value={[]}
+        serviceId={42}
+        csrfToken="tok"
+        onValidationStateChange={onChange}
+      />
+    );
+
+    await user.click(screen.getByRole("button", { name: /Add Rule/i }));
+    await user.type(screen.getByLabelText(/Rule Name/i), "My Rule");
+    await user.type(screen.getByLabelText(/Rule Expression/i), "{{fines}} > 0");
+    await user.tab();
+
+    await waitFor(() => expect(onChange).toHaveBeenCalledWith(false));
+  });
+
+  it("leaves onValidationStateChange(true) after failed validation on blur", async () => {
+    const user = userEvent.setup();
+    const onChange = jest.fn();
+
+    fetchMock.mockReset();
+    fetchMock.post(VALIDATE_URL, {
+      status: 400,
+      body: { detail: "Bad expression" },
+    });
+
+    render(
+      <PatronBlockingRulesEditor
+        value={[]}
+        serviceId={42}
+        csrfToken="tok"
+        onValidationStateChange={onChange}
+      />
+    );
+
+    await user.click(screen.getByRole("button", { name: /Add Rule/i }));
+    await user.type(screen.getByLabelText(/Rule Name/i), "My Rule");
+    await user.type(screen.getByLabelText(/Rule Expression/i), "bad_syntax");
+    await user.tab();
+
+    // Wait for the error to appear; the rule stays in pending so the last
+    // call must have been true (not unblocked by the failed validation).
+    await screen.findByText(/Bad expression/i);
+    expect(onChange).toHaveBeenLastCalledWith(true);
+  });
+
+  it("calls onValidationStateChange(true) when two rules have the same name", async () => {
+    const user = userEvent.setup();
+    const onChange = jest.fn();
+    const rules: PatronBlockingRule[] = [
+      { name: "Rule A", rule: "expr_a" },
+      { name: "Rule B", rule: "expr_b" },
+    ];
+
+    render(
+      <PatronBlockingRulesEditor
+        value={rules}
+        serviceId={42}
+        csrfToken="tok"
+        onValidationStateChange={onChange}
+      />
+    );
+
+    // Initially not blocking (no duplicates, no pending)
+    await waitFor(() => expect(onChange).toHaveBeenCalledWith(false));
+
+    // Rename rule B to match rule A
+    const nameInputs = screen.getAllByLabelText(
+      /Rule Name/i
+    ) as HTMLInputElement[];
+    await user.clear(nameInputs[1]);
+    await user.type(nameInputs[1], "Rule A");
+
+    await waitFor(() => expect(onChange).toHaveBeenCalledWith(true));
+  });
+
+  it("calls onValidationStateChange(false) after a duplicate name is resolved", async () => {
+    const user = userEvent.setup();
+    const onChange = jest.fn();
+    const rules: PatronBlockingRule[] = [
+      { name: "Rule A", rule: "expr_a" },
+      { name: "Rule A", rule: "expr_b" }, // duplicate
+    ];
+
+    render(
+      <PatronBlockingRulesEditor
+        value={rules}
+        serviceId={42}
+        csrfToken="tok"
+        onValidationStateChange={onChange}
+      />
+    );
+
+    // Initially blocking due to duplicate name
+    await waitFor(() => expect(onChange).toHaveBeenCalledWith(true));
+
+    // Fix the duplicate
+    const nameInputs = screen.getAllByLabelText(
+      /Rule Name/i
+    ) as HTMLInputElement[];
+    await user.clear(nameInputs[1]);
+    await user.type(nameInputs[1], "Rule B");
+
+    await waitFor(() => expect(onChange).toHaveBeenCalledWith(false));
+  });
+
+  it("calls onValidationStateChange(true) when a rule is added without a serviceId because it is incomplete", async () => {
+    const user = userEvent.setup();
+    const onChange = jest.fn();
+
+    render(
+      <PatronBlockingRulesEditor
+        value={[]}
+        csrfToken="tok"
+        onValidationStateChange={onChange}
+        // No serviceId — new service not yet saved
+      />
+    );
+
+    await user.click(screen.getByRole("button", { name: /Add Rule/i }));
+
+    // Incomplete rule (empty name + expression) still blocks save even without serviceId
+    await waitFor(() => expect(onChange).toHaveBeenCalledWith(true));
+  });
+
+  it("removes blocking state when the pending rule is deleted", async () => {
+    const user = userEvent.setup();
+    const onChange = jest.fn();
+
+    render(
+      <PatronBlockingRulesEditor
+        value={[]}
+        serviceId={42}
+        csrfToken="tok"
+        onValidationStateChange={onChange}
+      />
+    );
+
+    await user.click(screen.getByRole("button", { name: /Add Rule/i }));
+    await waitFor(() => expect(onChange).toHaveBeenCalledWith(true));
+
+    // Delete the only rule — blocking should clear
+    await user.click(screen.getByRole("button", { name: /Delete/i }));
+    await waitFor(() => expect(onChange).toHaveBeenCalledWith(false));
+  });
+
+  it("does not block save when a rule with no serviceId has all required fields filled", async () => {
+    const user = userEvent.setup();
+    const onChange = jest.fn();
+
+    render(
+      <PatronBlockingRulesEditor
+        value={[]}
+        csrfToken="tok"
+        // No serviceId — server validation skipped; only completeness matters
+        onValidationStateChange={onChange}
+      />
+    );
+
+    await user.click(screen.getByRole("button", { name: /Add Rule/i }));
+    await user.type(screen.getByLabelText(/Rule Name/i), "My Rule");
+    await user.type(screen.getByLabelText(/Rule Expression/i), "{{fines}} > 0");
+
+    // Both fields filled, no serviceId → not blocking
+    await waitFor(() => expect(onChange).toHaveBeenCalledWith(false));
+  });
+
+  it("keeps save blocked until every pending rule has been individually validated", async () => {
+    const user = userEvent.setup();
+    const onChange = jest.fn();
+
+    render(
+      <PatronBlockingRulesEditor
+        value={[]}
+        serviceId={42}
+        csrfToken="tok"
+        onValidationStateChange={onChange}
+      />
+    );
+
+    // Add and validate the first rule
+    await user.click(screen.getByRole("button", { name: /Add Rule/i }));
+    await user.type(screen.getByLabelText(/Rule Name/i), "Rule One");
+    await user.type(screen.getByLabelText(/Rule Expression/i), "expr_one");
+    await user.tab(); // blur → 200 OK
+    await waitFor(() => expect(onChange).toHaveBeenCalledWith(false));
+
+    // Add a second rule — save should block again
+    await user.click(screen.getByRole("button", { name: /Add Rule/i }));
+    await waitFor(() => expect(onChange).toHaveBeenCalledWith(true));
+
+    // Fill in and validate the second rule
+    const nameInputs = screen.getAllByLabelText(
+      /Rule Name/i
+    ) as HTMLInputElement[];
+    const ruleInputs = screen.getAllByLabelText(
+      /Rule Expression/i
+    ) as HTMLTextAreaElement[];
+    await user.type(nameInputs[1], "Rule Two");
+    await user.type(ruleInputs[1], "expr_two");
+    await user.tab(); // blur → 200 OK
+    await waitFor(() => expect(onChange).toHaveBeenCalledWith(false));
+  });
+
+  it("re-enters blocking state when an existing rule's expression is edited", async () => {
+    const user = userEvent.setup();
+    const onChange = jest.fn();
+    const rules: PatronBlockingRule[] = [{ name: "Rule A", rule: "expr_a" }];
+
+    render(
+      <PatronBlockingRulesEditor
+        value={rules}
+        serviceId={42}
+        csrfToken="tok"
+        onValidationStateChange={onChange}
+      />
+    );
+
+    // Existing rules start as non-blocking (already saved, not pending)
+    await waitFor(() => expect(onChange).toHaveBeenCalledWith(false));
+
+    // Edit the expression — should immediately re-block
+    const ruleTextarea = screen.getByLabelText(
+      /Rule Expression/i
+    ) as HTMLTextAreaElement;
+    await user.clear(ruleTextarea);
+    await user.type(ruleTextarea, "new_expr");
+    await waitFor(() => expect(onChange).toHaveBeenCalledWith(true));
+
+    // Validate (blur → 200 OK) — should unblock again
+    await user.tab();
+    await waitFor(() => expect(onChange).toHaveBeenCalledWith(false));
+  });
+});
+
+describe("PatronBlockingRulesEditor — on-blur server validation", () => {
+  beforeEach(() => {
+    fetchMock.post(VALIDATE_URL, { status: 200 });
+  });
+
+  afterEach(() => {
+    fetchMock.mockReset();
+  });
+
+  it("calls the validation API when the user leaves the Rule Expression field", async () => {
+    const user = userEvent.setup();
+
+    render(
+      <PatronBlockingRulesEditor value={[]} serviceId={42} csrfToken="tok" />
+    );
+
+    await user.click(screen.getByRole("button", { name: /Add Rule/i }));
+    await user.type(screen.getByLabelText(/Rule Name/i), "My Rule");
+    await user.type(
+      screen.getByLabelText(/Rule Expression/i),
+      "{{fines}} > 10.0"
+    );
+    await user.tab();
+
+    await waitFor(() =>
+      expect(fetchMock).toHaveBeenCalledWith(
+        VALIDATE_URL,
+        expect.objectContaining({ method: "POST" })
+      )
+    );
+  });
+
+  it("shows a server error message inline after a failed validation", async () => {
+    const user = userEvent.setup();
+    fetchMock.mockReset();
+    fetchMock.post(VALIDATE_URL, {
+      status: 400,
+      body: { detail: "Unknown placeholder: {x}" },
+    });
+
+    render(
+      <PatronBlockingRulesEditor value={[]} serviceId={42} csrfToken="tok" />
+    );
+
+    await user.click(screen.getByRole("button", { name: /Add Rule/i }));
+    await user.type(screen.getByLabelText(/Rule Name/i), "Bad Rule");
+    await user.type(screen.getByLabelText(/Rule Expression/i), "{{x}} > 0");
+    await user.tab();
+
+    expect(await screen.findByText(/Unknown placeholder: \{x\}/i)).toBeTruthy();
+  });
+
+  it("clears the server error immediately when the user edits the rule field", async () => {
+    const user = userEvent.setup();
+    fetchMock.mockReset();
+    fetchMock.post(VALIDATE_URL, {
+      status: 400,
+      body: { detail: "Bad expression" },
+    });
+
+    render(
+      <PatronBlockingRulesEditor value={[]} serviceId={42} csrfToken="tok" />
+    );
+
+    await user.click(screen.getByRole("button", { name: /Add Rule/i }));
+    await user.type(screen.getByLabelText(/Rule Name/i), "My Rule");
+    await user.type(screen.getByLabelText(/Rule Expression/i), "bad");
+    await user.tab();
+
+    await screen.findByText(/Bad expression/i);
+
+    // Typing in the rule field clears the server error immediately (no re-fetch needed)
+    await user.click(screen.getByLabelText(/Rule Expression/i));
+    await user.type(screen.getByLabelText(/Rule Expression/i), "x");
+
+    expect(screen.queryByText(/Bad expression/i)).toBeNull();
+  });
+
+  it("does not call the validation API when the rule field is empty on blur", async () => {
+    const user = userEvent.setup();
+    fetchMock.mockReset();
+
+    render(
+      <PatronBlockingRulesEditor value={[]} serviceId={42} csrfToken="tok" />
+    );
+
+    await user.click(screen.getByRole("button", { name: /Add Rule/i }));
+    await user.type(screen.getByLabelText(/Rule Name/i), "My Rule");
+    // Click the Rule Expression textarea then tab away without typing
+    await user.click(screen.getByLabelText(/Rule Expression/i));
+    await user.tab();
+
+    expect(fetchMock).not.toHaveBeenCalled();
+  });
+
+  it("still calls the validation API when serviceId is undefined and shows the server error", async () => {
+    const user = userEvent.setup();
+    fetchMock.mockReset();
+    fetchMock.post(VALIDATE_URL, {
+      status: 400,
+      body: {
+        detail:
+          "Patron auth service not found. Save the service before validating rules.",
+      },
+    });
+
+    // No serviceId — simulates a new service that has not yet been saved
+    render(<PatronBlockingRulesEditor value={[]} csrfToken="tok" />);
+
+    await user.click(screen.getByRole("button", { name: /Add Rule/i }));
+    await user.type(screen.getByLabelText(/Rule Name/i), "My Rule");
+    await user.type(screen.getByLabelText(/Rule Expression/i), "{{fines}} > 0");
+    await user.tab();
+
+    await waitFor(() =>
+      expect(fetchMock).toHaveBeenCalledWith(
+        VALIDATE_URL,
+        expect.objectContaining({ method: "POST" })
+      )
+    );
+    expect(
+      await screen.findByText(/Save the service before validating rules/i)
+    ).toBeTruthy();
+  });
+
+  it("preserves the server error on the second rule after the first rule is deleted", async () => {
+    const user = userEvent.setup();
+    fetchMock.mockReset();
+    fetchMock.post(VALIDATE_URL, {
+      status: 400,
+      body: { detail: "Bad expression syntax" },
+    });
+
+    render(
+      <PatronBlockingRulesEditor
+        value={[{ name: "Rule A", rule: "expr_a" }]}
+        serviceId={42}
+        csrfToken="tok"
+      />
+    );
+
+    // Add a second rule and give it an invalid expression
+    await user.click(screen.getByRole("button", { name: /Add Rule/i }));
+    const nameInputs = screen.getAllByLabelText(
+      /Rule Name/i
+    ) as HTMLInputElement[];
+    const ruleTextareas = screen.getAllByLabelText(
+      /Rule Expression/i
+    ) as HTMLTextAreaElement[];
+    await user.type(nameInputs[1], "Rule B");
+    await user.type(ruleTextareas[1], "bad_syntax");
+    await user.tab();
+
+    // Wait for the server error to appear on the second rule
+    await screen.findByText(/Bad expression syntax/i);
+
+    // Delete the first (valid) rule
+    const deleteButtons = screen.getAllByRole("button", { name: /Delete/i });
+    await user.click(deleteButtons[0]);
+
+    // Only the formerly-second rule should remain
+    const remainingNameInputs = screen.getAllByLabelText(
+      /Rule Name/i
+    ) as HTMLInputElement[];
+    expect(remainingNameInputs).toHaveLength(1);
+    expect(remainingNameInputs[0].value).toBe("Rule B");
+
+    // The server error for that rule must still be visible
+    expect(screen.getByText(/Bad expression syntax/i)).toBeTruthy();
+  });
+
+  it("shows no error after a successful re-validation that follows a failure", async () => {
+    const user = userEvent.setup();
+    fetchMock.mockReset();
+    fetchMock.post(VALIDATE_URL, {
+      status: 400,
+      body: { detail: "Syntax error in rule" },
+    });
+
+    render(
+      <PatronBlockingRulesEditor value={[]} serviceId={42} csrfToken="tok" />
+    );
+
+    await user.click(screen.getByRole("button", { name: /Add Rule/i }));
+    await user.type(screen.getByLabelText(/Rule Name/i), "My Rule");
+    await user.type(screen.getByLabelText(/Rule Expression/i), "bad_syntax");
+    await user.tab();
+
+    await screen.findByText(/Syntax error in rule/i);
+
+    // Switch mock to success, correct the rule, and blur again
+    fetchMock.mockReset();
+    fetchMock.post(VALIDATE_URL, { status: 200 });
+
+    await user.clear(screen.getByLabelText(/Rule Expression/i));
+    await user.type(screen.getByLabelText(/Rule Expression/i), "{{fines}} > 0");
+    await user.tab();
+
+    await waitFor(() =>
+      expect(screen.queryByText(/Syntax error in rule/i)).toBeNull()
+    );
+  });
+});
+
+describe("PatronBlockingRulesEditor", () => {
+  // Provide a default successful validation response so that tests which
+  // incidentally trigger blur on the Rule Expression field (e.g. by typing in
+  // the Message textarea) don't produce "only absolute URLs" fetch errors.
+  beforeEach(() => {
+    fetchMock.post(VALIDATE_URL, { status: 200 });
+  });
+
+  afterEach(() => {
+    fetchMock.mockReset();
+  });
+
+  it("renders with no rules when no value provided", () => {
+    render(<PatronBlockingRulesEditor />);
+    expect(screen.getByText(/No patron blocking rules defined/i)).toBeTruthy();
+    expect(screen.getByRole("button", { name: /Add Rule/i })).toBeTruthy();
+  });
+
+  it("renders existing rules from value prop", () => {
+    render(<PatronBlockingRulesEditor value={existingRules} />);
+    expect(screen.getAllByLabelText(/Rule Name/i)).toHaveLength(2);
+    expect(screen.getAllByLabelText(/Rule Expression/i)).toHaveLength(2);
+
+    const nameInputs = screen.getAllByLabelText(
+      /Rule Name/i
+    ) as HTMLInputElement[];
+    expect(nameInputs[0].value).toBe("Rule A");
+    expect(nameInputs[1].value).toBe("Rule B");
+
+    const ruleTextareas = screen.getAllByLabelText(
+      /Rule Expression/i
+    ) as HTMLTextAreaElement[];
+    expect(ruleTextareas[0].value).toBe("expr_a");
+    expect(ruleTextareas[1].value).toBe("expr_b");
+  });
+
+  it("adds a new blank rule row when Add Rule is clicked", async () => {
+    const user = userEvent.setup();
+    render(<PatronBlockingRulesEditor value={[]} />);
+
+    expect(screen.queryByLabelText(/Rule Name/i)).toBeNull();
+
+    await user.click(screen.getByRole("button", { name: /Add Rule/i }));
+
+    expect(screen.getAllByLabelText(/Rule Name/i)).toHaveLength(1);
+    expect(screen.getAllByLabelText(/Rule Expression/i)).toHaveLength(1);
+    expect(screen.getAllByLabelText(/Message/i)).toHaveLength(1);
+  });
+
+  it("removes a rule row when Delete is clicked", async () => {
+    const user = userEvent.setup();
+    render(<PatronBlockingRulesEditor value={existingRules} />);
+
+    expect(screen.getAllByLabelText(/Rule Name/i)).toHaveLength(2);
+
+    const deleteButtons = screen.getAllByRole("button", { name: /Delete/i });
+    await user.click(deleteButtons[0]);
+
+    expect(screen.getAllByLabelText(/Rule Name/i)).toHaveLength(1);
+    const remaining = screen.getAllByLabelText(
+      /Rule Name/i
+    ) as HTMLInputElement[];
+    expect(remaining[0].value).toBe("Rule B");
+  });
+
+  it("getValue returns current rules including edits", async () => {
+    const user = userEvent.setup();
+    const ref = React.createRef<PatronBlockingRulesEditorHandle>();
+    render(<PatronBlockingRulesEditor ref={ref} value={[]} />);
+
+    await user.click(screen.getByRole("button", { name: /Add Rule/i }));
+
+    const nameInput = screen.getByLabelText(/Rule Name/i);
+    const ruleTextarea = screen.getByLabelText(/Rule Expression/i);
+    const messageInput = screen.getByLabelText(/Message/i);
+
+    await user.clear(nameInput);
+    await user.type(nameInput, "My Rule");
+    await user.clear(ruleTextarea);
+    await user.type(ruleTextarea, "blocked = true");
+    await user.clear(messageInput);
+    await user.type(messageInput, "You are blocked");
+
+    const value = ref.current.getValue();
+    expect(value).toHaveLength(1);
+    expect(value[0].name).toBe("My Rule");
+    expect(value[0].rule).toBe("blocked = true");
+    expect(value[0].message).toBe("You are blocked");
+  });
+
+  it("getValue returns an empty array when no rules exist", () => {
+    const ref = React.createRef<PatronBlockingRulesEditorHandle>();
+    render(<PatronBlockingRulesEditor ref={ref} value={[]} />);
+    expect(ref.current.getValue()).toEqual([]);
+  });
+
+  it("disables all inputs and buttons when disabled prop is true", () => {
+    render(<PatronBlockingRulesEditor value={existingRules} disabled={true} />);
+
+    const buttons = screen.getAllByRole("button");
+    buttons.forEach((btn) => expect(btn).toBeDisabled());
+
+    const inputs = screen.getAllByRole("textbox");
+    inputs.forEach((input) => expect(input).toBeDisabled());
+  });
+
+  it("does not show 'no rules' message when rules exist", () => {
+    render(<PatronBlockingRulesEditor value={existingRules} />);
+    expect(screen.queryByText(/No patron blocking rules defined/i)).toBeNull();
+  });
+
+  it("disables Add Rule button when an existing rule is missing required fields", async () => {
+    const user = userEvent.setup();
+    render(<PatronBlockingRulesEditor value={[]} />);
+
+    await user.click(screen.getByRole("button", { name: /Add Rule/i }));
+
+    expect(screen.getByRole("button", { name: /Add Rule/i })).toBeDisabled();
+  });
+
+  it("re-enables Add Rule button once all required fields are filled", async () => {
+    const user = userEvent.setup();
+    render(<PatronBlockingRulesEditor value={[]} />);
+
+    await user.click(screen.getByRole("button", { name: /Add Rule/i }));
+    expect(screen.getByRole("button", { name: /Add Rule/i })).toBeDisabled();
+
+    await user.type(screen.getByLabelText(/Rule Name/i), "My Rule");
+    await user.type(
+      screen.getByLabelText(/Rule Expression/i),
+      "blocked = true"
+    );
+
+    expect(
+      screen.getByRole("button", { name: /Add Rule/i })
+    ).not.toBeDisabled();
+  });
+
+  it("shows a duplicate-name error inline when two rules share the same name", async () => {
+    const user = userEvent.setup();
+    const rules: PatronBlockingRule[] = [
+      { name: "Rule A", rule: "expr_a" },
+      { name: "Rule B", rule: "expr_b" },
+    ];
+
+    render(<PatronBlockingRulesEditor value={rules} serviceId={42} />);
+
+    // Rename rule B to match rule A
+    const nameInputs = screen.getAllByLabelText(
+      /Rule Name/i
+    ) as HTMLInputElement[];
+    await user.clear(nameInputs[1]);
+    await user.type(nameInputs[1], "Rule A");
+
+    await waitFor(() =>
+      expect(screen.getAllByText(/Rule Name must be unique/i)).toHaveLength(2)
+    );
+  });
+
+  it("clears the duplicate-name error once the name is made unique", async () => {
+    const user = userEvent.setup();
+    const rules: PatronBlockingRule[] = [
+      { name: "Rule A", rule: "expr_a" },
+      { name: "Rule A", rule: "expr_b" }, // duplicate
+    ];
+
+    render(<PatronBlockingRulesEditor value={rules} serviceId={42} />);
+
+    // Both rows should start with the duplicate error
+    expect(screen.getAllByText(/Rule Name must be unique/i)).toHaveLength(2);
+
+    // Fix the second rule's name
+    const nameInputs = screen.getAllByLabelText(
+      /Rule Name/i
+    ) as HTMLInputElement[];
+    await user.clear(nameInputs[1]);
+    await user.type(nameInputs[1], "Rule B");
+
+    await waitFor(() =>
+      expect(screen.queryByText(/Rule Name must be unique/i)).toBeNull()
+    );
+  });
+
+  it("shows server error message even when there are no rules", () => {
+    const error: FetchErrorData = {
+      status: 500,
+      response: JSON.stringify({ detail: "Internal server error" }),
+      url: "",
+    };
+    render(<PatronBlockingRulesEditor value={[]} error={error} />);
+    expect(screen.getByText(/Internal server error/i)).toBeTruthy();
+  });
+
+  it("getValue does not include internal _id field in returned rules", () => {
+    const ref = React.createRef<PatronBlockingRulesEditorHandle>();
+    render(<PatronBlockingRulesEditor ref={ref} value={existingRules} />);
+    const value = ref.current.getValue();
+    value.forEach((rule) => {
+      expect(rule).not.toHaveProperty("_id");
+    });
+  });
+
+  it("hides the 'no rules' message once a rule is added", async () => {
+    const user = userEvent.setup();
+    render(<PatronBlockingRulesEditor value={[]} />);
+    expect(screen.getByText(/No patron blocking rules defined/i)).toBeTruthy();
+
+    await user.click(screen.getByRole("button", { name: /Add Rule/i }));
+
+    expect(screen.queryByText(/No patron blocking rules defined/i)).toBeNull();
+  });
+});
+
+describe("PatronBlockingRulesEditor — validateAndGetValue", () => {
+  beforeEach(() => {
+    fetchMock.post(VALIDATE_URL, { status: 200 });
+  });
+
+  afterEach(() => {
+    fetchMock.mockReset();
+  });
+
+  it("returns all rules (stripped of _id) when every rule has name and expression", () => {
+    const ref = React.createRef<PatronBlockingRulesEditorHandle>();
+    render(<PatronBlockingRulesEditor ref={ref} value={existingRules} />);
+
+    let result: PatronBlockingRule[] | null;
+    act(() => {
+      result = ref.current.validateAndGetValue();
+    });
+
+    expect(result).toHaveLength(2);
+    expect(result[0]).toEqual({
+      name: "Rule A",
+      rule: "expr_a",
+      message: "msg a",
+    });
+    expect(result[1]).toEqual({ name: "Rule B", rule: "expr_b" });
+    result.forEach((r) => expect(r).not.toHaveProperty("_id"));
+  });
+
+  it("returns null and shows a name error when a rule is missing its name", async () => {
+    const user = userEvent.setup();
+    const ref = React.createRef<PatronBlockingRulesEditorHandle>();
+    render(<PatronBlockingRulesEditor ref={ref} value={[]} />);
+
+    await user.click(screen.getByRole("button", { name: /Add Rule/i }));
+    // Leave name empty, fill only the expression
+    await user.type(screen.getByLabelText(/Rule Expression/i), "expr");
+
+    let result: PatronBlockingRule[] | null;
+    act(() => {
+      result = ref.current.validateAndGetValue();
+    });
+
+    expect(result).toBeNull();
+    expect(screen.getByText(/Rule Name is required/i)).toBeTruthy();
+    expect(screen.queryByText(/Rule Expression is required/i)).toBeNull();
+  });
+
+  it("returns null and shows an expression error when a rule is missing its expression", async () => {
+    const user = userEvent.setup();
+    const ref = React.createRef<PatronBlockingRulesEditorHandle>();
+    render(<PatronBlockingRulesEditor ref={ref} value={[]} />);
+
+    await user.click(screen.getByRole("button", { name: /Add Rule/i }));
+    // Fill only the name, leave expression empty
+    await user.type(screen.getByLabelText(/Rule Name/i), "My Rule");
+
+    let result: PatronBlockingRule[] | null;
+    act(() => {
+      result = ref.current.validateAndGetValue();
+    });
+
+    expect(result).toBeNull();
+    expect(screen.queryByText(/Rule Name is required/i)).toBeNull();
+    expect(screen.getByText(/Rule Expression is required/i)).toBeTruthy();
+  });
+
+  it("returns null and shows both errors when a rule has neither name nor expression", async () => {
+    const user = userEvent.setup();
+    const ref = React.createRef<PatronBlockingRulesEditorHandle>();
+    render(<PatronBlockingRulesEditor ref={ref} value={[]} />);
+
+    // Add rule but leave both fields empty
+    await user.click(screen.getByRole("button", { name: /Add Rule/i }));
+
+    let result: PatronBlockingRule[] | null;
+    act(() => {
+      result = ref.current.validateAndGetValue();
+    });
+
+    expect(result).toBeNull();
+    expect(screen.getByText(/Rule Name is required/i)).toBeTruthy();
+    expect(screen.getByText(/Rule Expression is required/i)).toBeTruthy();
+  });
+
+  it("clears prior client errors on a subsequent call that succeeds", async () => {
+    const user = userEvent.setup();
+    const ref = React.createRef<PatronBlockingRulesEditorHandle>();
+    render(<PatronBlockingRulesEditor ref={ref} value={[]} />);
+
+    await user.click(screen.getByRole("button", { name: /Add Rule/i }));
+
+    // First call: both fields empty → errors shown
+    act(() => {
+      ref.current.validateAndGetValue();
+    });
+    expect(screen.getByText(/Rule Name is required/i)).toBeTruthy();
+    expect(screen.getByText(/Rule Expression is required/i)).toBeTruthy();
+
+    // Fill in both fields
+    await user.type(screen.getByLabelText(/Rule Name/i), "My Rule");
+    await user.type(screen.getByLabelText(/Rule Expression/i), "expr");
+
+    // Second call: valid → errors gone, rules returned
+    let result: PatronBlockingRule[] | null;
+    act(() => {
+      result = ref.current.validateAndGetValue();
+    });
+
+    expect(result).toHaveLength(1);
+    expect(result[0].name).toBe("My Rule");
+    expect(screen.queryByText(/Rule Name is required/i)).toBeNull();
+    expect(screen.queryByText(/Rule Expression is required/i)).toBeNull();
+  });
+
+  it("returns an empty array (not null) when there are no rules at all", () => {
+    const ref = React.createRef<PatronBlockingRulesEditorHandle>();
+    render(<PatronBlockingRulesEditor ref={ref} value={[]} />);
+
+    let result: PatronBlockingRule[] | null;
+    act(() => {
+      result = ref.current.validateAndGetValue();
+    });
+
+    expect(result).toEqual([]);
+  });
+});
diff --git a/tests/jest/utils/patronBlockingRulesCapability.test.ts b/tests/jest/utils/patronBlockingRulesCapability.test.ts
new file mode 100644
index 0000000000..e04f58a65c
--- /dev/null
+++ b/tests/jest/utils/patronBlockingRulesCapability.test.ts
@@ -0,0 +1,23 @@
+import {
+  SIP2_PROTOCOL,
+  supportsPatronBlockingRules,
+} from "../../../src/utils/patronBlockingRules";
+
+describe("supportsPatronBlockingRules", () => {
+  it("returns true for SIP2 protocol", () => {
+    expect(supportsPatronBlockingRules(SIP2_PROTOCOL)).toBe(true);
+    expect(supportsPatronBlockingRules("api.sip")).toBe(true);
+  });
+
+  it("returns false for other protocol types", () => {
+    expect(supportsPatronBlockingRules("api.sirsidynix.auth")).toBe(false);
+    expect(supportsPatronBlockingRules("api.saml.provider")).toBe(false);
+    expect(supportsPatronBlockingRules("api.millenium.patron")).toBe(false);
+    expect(supportsPatronBlockingRules("")).toBe(false);
+  });
+
+  it("returns false for null-ish values", () => {
+    expect(supportsPatronBlockingRules(null)).toBe(false);
+    expect(supportsPatronBlockingRules(undefined)).toBe(false);
+  });
+});