CompliLedger Core applied to Aleo smart contracts, generating PCI DSS–aligned, privacy-preserving security evidence and verifiable attestations for payment systems.
CompliLedger is a compliance and security assurance platform designed to generate verifiable, privacy-preserving evidence for regulated systems.
This repository, CompliledgerAleo, demonstrates CompliLedger Core applied to Aleo smart contracts, with a focus on producing PCI DSS–aligned security evidence for payment and financial applications—without compromising privacy or claiming formal certification.
- A CLI-first implementation of CompliLedger Core for Aleo (Leo)
- Generates machine-readable security reports and cryptographic attestations
- Demonstrates how PCI DSS–aligned controls can be evaluated and evidenced in a zero-knowledge–friendly environment
- Designed for developers, security teams, and auditors supporting payment systems (e.g., Paxos-style use cases)
- ❌ Not a PCI DSS certification
- ❌ Not a replacement for a PCI audit or QSA
- ❌ Not a new or separate CompliLedger product
This project focuses on alignment and evidence generation, not compliance claims.
- Leo smart contract ingestion and fingerprinting
- Aleo-native security rule evaluation
- PCI DSS–aligned control mapping (subset, evidence-focused)
- Verifiable artifacts:
report.json– structured findings and summariesattestation.json– cryptographic proof of what was evaluated, when, and with which ruleset
- CI/CD integration via GitHub Actions
- Privacy-preserving design (no sensitive code or data disclosure)
Leo Smart Contracts ↓ Aleo Adapter (Facts Extraction) ↓ CompliLedger Core Rule Engine Evidence Generator Attestation Engine ↓ Artifacts report.json attestation.json
CompliLedger evaluates PCI DSS–aligned security controls, including:
- Access control on sensitive transitions
- Transaction integrity and state-change validation
- Auditability signals and evidence generation
This project does not claim PCI DSS compliance or certification.
It generates verifiable evidence that supports PCI DSS assessments for privacy-preserving systems.
Detailed instructions will evolve throughout the Aleo × Akindo Buildathon waves.
# Example (placeholder)
compliledger scan examples/payment_contract.leo --profile pci-dss
Outputs:
report.json
attestation.json
Buildathon Context
This repository is developed as part of the Aleo × Akindo Buildathon, demonstrating how CompliLedger Core supports enterprise-grade payment security requirements on Aleo.
Roadmap (High Level)
Expanded PCI DSS–aligned rulesets
Drift detection (before/after remediation)
CI/CD automation and SARIF output
Privacy-preserving attestations (ZK-ready)
Auditor-usable evidence bundles
License
MIT (or Apache 2.0 — TBD)