Compliance runs before the operation, not after.
Supported provider operations pass through a compliance gate before execution. Credentials are encrypted, decisions are logged, and high-impact actions wait for approval.
Controls as code, not adjectives.
Compliance is a gate for supported provider operations, not a post-launch checklist. Each control below traces to a real path in the codebase.
The gate runs first
The adapter runtime evaluates configured compliance policy before a supported provider operation continues. If the decision is not pass, the operation returns blocked.
Screening returns a decision
The agent screening endpoint returns a structured PASS, ESCALATE, or BLOCK with a risk score, so a policy or approval workflow can act on it deterministically.
Credentials encrypted at rest
Provider credentials are stored per organization, encrypted with AES-256-GCM in the credential vault — never in plaintext, never shared across tenants.
The audit trail can't be rewritten
Compliance, escrow, payment, and ledger audit tables are append-only — enforced by database triggers. An UPDATE or DELETE raises an exception at the database.
Irreversible actions wait for a human
High-impact actions route through deployment approvals with role-aware thresholds; the approval record is preserved alongside the action it authorized.
Scoped keys, not master keys
Bearer API keys are scoped to specific resources — wallets, payments, compliance, fx, projects, analytics. A key issued for compliance screening cannot move funds.
Compliance is the environment, not a post-launch checklist.
The adapter runtime evaluates the compliance gate before supported provider operations continue. If the decision is not pass, the operation returns blocked, with the decision hashed into the audit record.
The same governance the UI relies on applies to every request.
The path that screens an operation also records who authorized it, which decision the gate returned, and the evidence it produced — for operators in the UI and agents on the API alike.
Scope & encrypt
Credentials are stored per organization and encrypted with AES-256-GCM. Bearer keys are scoped to specific resources — a compliance key cannot move funds.
Gate & approve
The runtime evaluates the compliance gate before execution. Irreversible actions route through deployment approvals with weight-based, role-aware thresholds.
Hash & log
Decisions land in compliance_decision_traces — an append-only trail an examiner can follow from approval to execution, enforced by database triggers.
The engine is real. We mark the line rather than blur it.
The compliance engine includes MiCA (EMT/ART), GENIUS Act traces, SAR generation, precedent query, reserve validators, and license tracking. The gate-before-execute path runs in dispatch. Screening today resolves against builtin adapters, not a live provider API.
Compliance engine
MiCA (EMT/ART), GENIUS Act framework traces, SAR generation, precedent query, reserve validators, and license tracking in the shipped code path.
Sanctions screening
Resolves through the mock-sanctions builtin adapter against a hardcoded watchlist and a jurisdiction check today. Live screening of real users is on the corridor-1 roadmap.
Chainalysis adapter
The one real provider integration packaged today. Every other provider in the directory is an eligibility example, not a connected integration.
Own & audit
You deploy contracts you own to Base / Base Sepolia, bring your own custody, and your audit trail lives in org-scoped tables under RLS.
Scoped keys, not master keys.
A key issued for compliance screening cannot move funds. The same governance an operator relies on in the UI applies to scoped agent requests.
# compliance-scoped key: allowed GET /api/v2/agent/compliance/precedent # compliance-scoped key: rejected POST /api/v1/agent-payments/execute # screening returns a decision { "decision": "BLOCK", "riskScore": 95 }
Read the provider intelligence layer spec.
The category ontology, regime model, and the compliance gate in the dispatch path. Or contact us for an architecture walkthrough scoped to your controls and launch sequence.