Continuous compliance enforcement for financial systems β privacy-preserving, deterministic, and automated.
Features β’ Architecture β’ Quick Start β’ Compliance Controls β’ Documentation
CompliGuard is a production-grade compliance enforcement engine that continuously evaluates and enforces financial safety controls using deterministic rules, private offchain data, and Chainlink's Runtime Environment (CRE).
Unlike traditional compliance tools that rely on periodic reporting and trust, CompliGuard treats compliance as a runtime system property β evaluated continuously and enforced automatically.
Modern financial systems (stablecoins, tokenized assets, treasuries, custodians) rely on sensitive, non-public data to meet regulatory expectations:
- Are reserves still covering liabilities?
- Is proof of backing recent and reliable?
- Are reserves held in acceptable, diversified assets?
- What happens immediately when those conditions fail?
Existing approaches are: periodic, manual, document-driven, and slow to react.
CompliGuard provides: continuous, automated enforcement β without exposing sensitive data.
| Feature | Description |
|---|---|
| π Continuous Monitoring | Real-time evaluation of compliance controls |
| π Privacy-Preserving | Sensitive data never exposed on-chain |
| β‘ Deterministic Rules | Machine-readable, auditable policy engine |
| π Chainlink CRE | Secure offchain orchestration |
| π€ AI-Enhanced | Human-readable explanations (non-decisional) |
| π Multi-Control | Reserve ratio, freshness, asset quality |
β
A compliance enforcement engine
β
A Chainlink CRE workflow
β
A deterministic control plane
β
A privacy-preserving architecture
β
A foundation for automated safeguards
β A legal opinion
β A regulatory certification
β A sanctions adjudication engine
β A dashboard or reporting tool
β A replacement for auditors or regulators
CompliGuard enforces controls β it does not encode laws.
βββββββββββββββββββββββββββββββββββββββ
β External Regulated APIs β
β (reserves, liabilities, signals) β
ββββββββββββββββββββ¬βββββββββββββββββββ
β Confidential HTTP
βΌ
βββββββββββββββββββββββββββββββββββββββ
β Chainlink Runtime Environment β
β (CRE) β
β Offchain Execution Layer β
ββββββββββββββββββββ¬βββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββ
β Deterministic Policy Engine β
β βββββββββββ¬ββββββββββ¬ββββββββββ β
β β Reserve β Proof β Asset β β
β β Ratio βFreshnessβ Quality β β
β βββββββββββ΄ββββββββββ΄ββββββββββ β
ββββββββββββββββββββ¬βββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββ
β Compliance Status + Evidence β
β π’ GREEN β π‘ YELLOW β π΄ RED β
βββββββββββββββββββββββββββββββββββββββ
CRE acts as the orchestration and reliability layer, coordinating private data ingestion, policy execution, and output propagation.
- Node.js >= 18.0.0
- npm or yarn
- Chainlink CRE access (for production)
# Clone the repository
git clone https://github.com/Compliledger/CompliGuard.git
cd CompliGuard
# Install dependencies
npm install
# Copy environment variables
cp .env.example .env
# Run in development mode
npm run dev| File | Purpose |
|---|---|
cre-workflow/compliance-monitor/main.ts |
Primary CRE workflow β EVMClient reads Chainlink PoR + BTC/USD feeds, deterministic policy evaluation, writeReport() to Sepolia |
cre-workflow/compliance-monitor/config.staging.json |
Feed addresses (WBTC PoR, BTC/USD, WBTC ERC20), Sepolia report contract, cron schedule |
cre-workflow/compliance-monitor/workflow.yaml |
CRE workflow metadata (name, entry point, config paths, secrets path) |
cre-workflow/project.yaml |
Global CRE project config β RPC endpoints for mainnet + Sepolia |
cre-workflow/secrets.yaml |
CRE Vault secret declarations (RESERVE_API_KEY, LIABILITY_API_KEY) |
cre-workflow/contracts/abi/AggregatorV3.ts |
Chainlink AggregatorV3Interface ABI (latestRoundData, decimals) |
cre-workflow/contracts/abi/ERC20.ts |
ERC20 ABI subset (totalSupply) for WBTC circulating supply |
cre-workflow/README.md |
CRE setup, simulation, and deployment guide |
| File | Purpose |
|---|---|
src/api/chainlink-por-reader.ts |
Reads WBTC PoR + BTC/USD feeds via viem β live reserve & liability data |
src/api/server.ts |
API server with live/simulation mode toggle, compliance endpoints |
src/cre/workflow.ts |
Local CRE workflow executor (orchestrates engine + API clients) |
src/cre/http.ts |
HTTP adapter (Node β CRE mode switching) |
src/cre/confidential-http.ts |
Confidential HTTP bridge (local fallback; CRE uses SDK directly) |
docs/privacy-boundary.md |
Privacy boundary architecture and data classification |
# Navigate to CRE project
cd cre-workflow
# Install workflow dependencies
cd compliance-monitor && bun install && cd ..
# Simulate the CRE workflow via CLI
cre workflow simulate compliance-monitor --target staging-settings
# Deploy to CRE network (Early Access β requires approval)
cre workflow deploy compliance-monitor --target production-settingsLocal workflow run (without CRE CLI):
npm install
# Terminal 1 β Start API server
npm run server
# Terminal 2 β Run local workflow
npm run workflowDemo scenarios (for video recording):
# Switch to healthy (GREEN)
curl -X POST http://localhost:3001/api/simulate/scenario -H 'Content-Type: application/json' -d '{"scenario":"healthy"}'
# Switch to at-risk (YELLOW)
curl -X POST http://localhost:3001/api/simulate/scenario -H 'Content-Type: application/json' -d '{"scenario":"at_risk"}'
# Switch to non-compliant (RED)
curl -X POST http://localhost:3001/api/simulate/scenario -H 'Content-Type: application/json' -d '{"scenario":"non_compliant"}'
# Get current compliance status
curl http://localhost:3001/api/compliance/status# Unit tests
npm test
# Integration tests
npm run test:integration
# Coverage report
npm run test:coverageCompliGuard enforces explicit, machine-readable financial safety controls.
reserve_ratio = reserves / liabilities
| Condition | Status |
|---|---|
| β₯ 1.02 | π’ GREEN |
| 1.00β1.019 | π‘ YELLOW |
| < 1.00 | π΄ RED |
| Attestation Age | Status |
|---|---|
| β€ 6 hours | π’ GREEN |
| 6β24 hours | π‘ YELLOW |
| > 24 hours | π΄ RED |
| Condition | Status |
|---|---|
| Disallowed assets present | π΄ RED |
| Risky assets > 30% | π΄ RED |
| Single-asset concentration > 75% | π‘ YELLOW |
Worst-of wins. If any required control fails, the system is non-compliant.
This mirrors real-world prudential logic used by regulators and auditors.
CompliGuard is privacy-preserving by design, using Chainlink CRE's Confidential HTTP capability to securely integrate sensitive Web2 data into decentralized workflows.
| Never Exposed | Safely Exposed |
|---|---|
| API keys and credentials | Compliance status (GREEN/YELLOW/RED) |
| Raw reserve values | Policy version |
| Liability values | Cryptographic evidence hash |
| Detailed asset composition | Evaluation timestamp |
| Internal evaluation logic | Human-readable explanation |
[Confidential HTTP Fetch] β [Offchain Policy Evaluation] β [Status + Evidence Emission]
See Privacy Boundary Architecture for the complete data flow diagram, classification matrix, and verification steps.
CompliGuard is policy-agnostic and designed to operationalize regulatory requirements without hardcoding statutory language.
Modern regulation (GENIUS, CLARITY, etc.) emphasizes:
- β Continuous monitoring
- β Verified reserve backing
- β Clear, enforceable controls
- β Immediate response to breaches
- β Use of non-public, regulated data
Laws define obligations. Risk systems detect exposure. CompliGuard enforces consequences.
AI is used only to generate human-readable explanations of deterministic outcomes.
- AI does not decide compliance
- AI cannot override rules
- AI failure does not affect enforcement
This ensures: auditability, determinism, and explainability without risk.
CompliGuard uses Chainlink CRE to:
- π Orchestrate offchain workflows
- π Securely integrate external APIs
- π Manage retries and failures
- π₯οΈ Execute confidential computation
- β Produce verifiable execution outcomes
CRE is the control plane that makes CompliGuard production-ready.
A typical demonstration (3β5 minutes):
- System starts π’ GREEN
- Confidential reserve data is ingested
- Policy rules are evaluated offchain
- A control threshold is violated
- Status flips to π΄ RED
- Explanation is generated
- Sensitive data remains private throughout
CompliGuard/
βββ cre-workflow/ # Chainlink CRE project (compiled to WASM)
β βββ compliance-monitor/ # CRE workflow subdirectory
β β βββ main.ts # Workflow: EVM reads + policy eval + Sepolia write
β β βββ config.staging.json # Feed addresses, API URLs, cron schedule
β β βββ config.production.json # Production config
β β βββ workflow.yaml # CRE workflow metadata
β β βββ package.json # CRE SDK + viem + zod
β β βββ tsconfig.json # TypeScript config
β βββ contracts/abi/ # On-chain ABI definitions
β β βββ AggregatorV3.ts # Chainlink AggregatorV3Interface
β β βββ ERC20.ts # ERC20 totalSupply
β β βββ index.ts # Barrel export
β βββ project.yaml # Global CRE config (RPCs)
β βββ secrets.yaml # CRE Vault secret declarations
β βββ .env.example # Environment template
βββ src/
β βββ core/ # Core policy engine
β β βββ engine.ts # Deterministic compliance engine
β β βββ ai-reasoning.ts # AI reasoning agent (advisory only)
β β βββ audit.ts # Tamper-proof audit logger
β β βββ validation.ts # Zod schema validation
β β βββ rules/ # 4 compliance rules
β β β βββ reserve-ratio.rule.ts
β β β βββ proof-freshness.rule.ts
β β β βββ asset-quality.rule.ts
β β β βββ asset-concentration.rule.ts
β β βββ types.ts # Type definitions
β βββ api/ # API layer
β β βββ server.ts # API server + live Chainlink data
β β βββ chainlink-por-reader.ts # On-chain PoR + BTC/USD + WBTC supply reader
β β βββ clients.ts # Reserve/liability API clients
β βββ cre/ # CRE integration (local mode)
β β βββ workflow.ts # Local CRE workflow executor
β β βββ http.ts # HTTP adapter (Node/CRE mode)
β β βββ confidential-http.ts # Confidential HTTP bridge
β β βββ run.ts # CLI runner
β βββ utils/ # Utilities (hash, logger)
βββ frontend/ # React dashboard (Vercel)
βββ contracts/ # Solidity compliance contract (Sepolia)
βββ tests/ # Unit + integration tests
βββ docs/
β βββ privacy-boundary.md # Privacy boundary architecture
βββ progress.md # Milestone tracker
| Track | Status | Key Evidence |
|---|---|---|
| Best Use of CRE | β Primary | Full CRE workflow: EVM reads + HTTP + cron trigger + EVM write |
| Best Use of Chainlink Data | β Primary | Reads WBTC PoR + BTC/USD price feeds on Ethereum mainnet |
| Privacy Track | β Primary | Confidential HTTP ready; raw values never leave DON |
| DeFi Track | β Primary | Automated compliance monitoring for wrapped-asset reserves |
| AI | β Supporting | Human-readable explanations (non-decisional) |
Compliance cannot be slower than risk.
CompliGuard turns compliance from a periodic promise into a continuously enforced system property β while preserving privacy, auditability, and institutional trust.
This project is licensed under the MIT License - see the LICENSE file for details.
CompliGuard β Privacy-preserving compliance enforcement, powered by Chainlink CRE.