Privacy-preserving token compliance built on Chainlink Confidential Compute and CRE workflows. ComplianceShield demonstrates that privacy and regulatory compliance can coexist on-chain, solving the core barrier to institutional DeFi adoption.
Public blockchains expose every transaction, balance, and counterparty to the world. Institutions cannot operate under these conditions — they need privacy for client data, trading strategies, and financial operations.
At the same time, regulators require sanctions screening (OFAC, EU), risk monitoring, and reserve auditing. Privacy tools like Tornado Cash failed because they offered no compliance layer, leading to sanctions.
ComplianceShield bridges this gap: compliant privacy on-chain.
ComplianceShield operates across three layers:
Privacy Layer -- Tokens deposit from the public ERC20 into a TEE-secured vault. Inside the vault, balances are tracked offchain, transfers are invisible on-chain, and recipients can use ECDH-derived shielded addresses. Only deposits and withdrawals touch the blockchain. All vault operations are authenticated via EIP-712 typed data signatures.
Compliance Layer -- Three CRE (Chainlink Runtime Environment) workflows run continuously. The Risk Sentinel monitors ETH and BTC prices via Chainlink Data Feeds and computes market drawdown. The Sanctions Guard screens addresses against OFAC and EU sanctions lists via confidential HTTP calls inside TEEs. The Reserve Watchdog audits token reserve backing through TEE-secured bank API connections. API keys and credentials never leave the trusted execution environment.
Enforcement Layer -- Two on-chain contracts handle enforcement automatically. RiskRegistry stores every risk score, sanctions check, and reserve health snapshot as an immutable audit trail, emitting OCP (Onchain Compliance Protocol) attestation events. ComplianceGuard gates all transfers — it can pause the protocol or block specific addresses, triggered automatically by CRE workflows when conditions are met.
| Component | Technology |
|---|---|
| Smart Contracts | Solidity 0.8.28, Foundry |
| CRE Workflows | TypeScript, compiled to WASM |
| Frontend | React, TypeScript, Vite, Tailwind CSS |
| Web3 Integration | wagmi v2, viem, RainbowKit |
| Workflow Visualization | React Flow |
| Charts | Recharts |
| CLI Scripts | TypeScript, ethers v6, bun |
| Mock APIs | Express.js (sanctions + reserve simulators) |
| Network | Ethereum Sepolia Testnet |
Clone the repository:
git clone https://github.com/Gmin2/ComplianceShield.git
cd ComplianceShield
cd contracts
# Install Foundry dependencies
forge install foundry-rs/forge-std --no-commit
forge install OpenZeppelin/openzeppelin-contracts --no-commit
forge install OpenZeppelin/openzeppelin-contracts-upgradeable --no-commit
cd frontend
pnpm install
pnpm dev
The dev server starts at http://localhost:5173. A Vite proxy is configured to forward vault API calls, bypassing CORS restrictions.
For a production build:
pnpm build
cd scripts
bun install
Available commands:
PRIVATE_KEY=0x... bun run deposit 10 # Deposit tokens into the vault
PRIVATE_KEY=0x... bun run balances # Check on-chain + private vault balance
PRIVATE_KEY=0x... bun run transfer # Execute a compliant private transfer
PRIVATE_KEY=0x... bun run withdraw # Request a withdrawal ticket
PRIVATE_KEY=0x... bun run src/populate-data.ts # Seed contracts with sample data
Local sanctions and reserve API simulators for development without external dependencies:
cd mock-apis
pnpm install
pnpm run sanctions # Starts sanctions screening API
pnpm run reserves # Starts reserve health API
Each workflow is in cre/ with its own package.json and configuration:
cre/risk-sentinel/ # Cron-triggered market risk monitoring
cre/sanctions-guard/ # HTTP-triggered sanctions screening
cre/reserve-watchdog/ # Cron-triggered reserve health auditing
Refer to individual workflow READMEs for deployment instructions.
| Contract | Address |
|---|---|
| RiskRegistry | 0x18325E75fe862D93bEC029303cCe280EbD0DDef2 |
| ComplianceGuard | 0xefC3837e4f568102AfbC053F5f71ab1BCC541d7d |
| SimpleToken (DEMO) | 0x765157b939a1C417991b29003aC3ad81ae6BebB1 |
| Vault | 0xE588a6c73933BFD66Af9b4A07d48bcE59c0D2d13 |
| PolicyEngine | 0x81adA64b6a6730f65264689AD18c1c4da4394754 |
Vault API: https://convergence2026-token-api.cldev.cloud
Three Foundry scripts are provided for contract deployment and setup:
script/Deploy.s.sol-- Deploys RiskRegistry and ComplianceGuard with a configured forwarder address.script/SetupPrivateTransfer.s.sol-- Deploys SimpleToken and PolicyEngine, registers them on the Vault, and deposits test tokens.script/WithdrawWithTicket.s.sol-- Redeems a withdrawal ticket obtained from the vault API.
Run a deployment script:
cd contracts
forge script script/Deploy.s.sol --rpc-url https://ethereum-sepolia-rpc.publicnode.com --broadcast --private-key $PRIVATE_KEY
EIP-712 authentication over sessions. Every vault API call requires a fresh typed data signature from the user's wallet. This eliminates session tokens, cookies, and server-side auth state. The vault verifies signatures against the EIP-712 domain tied to its contract address.
Ticket-based withdrawals. The vault cannot push tokens to users. Instead, it issues a signed withdrawal ticket that the user redeems on-chain within a one-hour window. This separates the authorization (offchain, in TEE) from the execution (on-chain, by the user).
OCP attestation events. Every compliance action emits a standardized OCPAttestationRecorded event. These attestations are interoperable across chains and can be verified by any protocol that adopts the Onchain Compliance Protocol standard.
Automatic enforcement. CRE workflows write directly to ComplianceGuard without human intervention. A critical risk score pauses the protocol. A positive sanctions hit blocks the address. The compliance layer is reactive and autonomous.
MIT