Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.keystoneos.xyz/llms.txt

Use this file to discover all available pages before exploring further.

KeyStone enforces compliance at settlement time. Compliance is the only step that requires KeyStone’s off-chain involvement - everything after compliance is handled autonomously by the contracts.

Three-layer architecture

1. Off-chain screening

KeyStone’s compliance oracle screens parties via external APIs: LSEG World-Check - Entity-level screening against 100M+ records across 240+ countries:
  • Sanctions lists (OFAC, EU, UN, HMT)
  • Politically Exposed Persons (PEPs)
  • Adverse media
  • Enforcement actions
CipherOwl - Wallet-level risk scoring across 50+ blockchains:
  • Sanctions exposure
  • Mixer/tumbler interaction
  • Fraud and scam associations
  • Protocol risk attribution

2. On-chain attestation

After screening, results are attested to the ComplianceRegistry smart contract: 
attest(settlementId, partyHash, status, referenceHash)
No personal data is stored on-chain. Only hashed party identifiers and status enums (Pass/Flagged/Fail).

3. Contract-enforced gate

The SettlementCoordinator checks areAllPartiesCleared(settlementId) on the ComplianceRegistry before allowing transitions past compliance. The engine cannot skip compliance - the contract enforces it.

How it works in a settlement

Manual compliance decisions

When a party is flagged, a compliance officer reviews the screening details in the KeyStone Dashboard and submits a decision. Decisions can also be submitted via the API: 
curl -X POST https://api.keystoneos.xyz/v1/settlements/$ID/compliance-decision \
  -H "Authorization: Bearer $TOKEN" \
  -d '{"decision": "approve"}'
Decisions are:
  • approve - Override the flag, allow the settlement to proceed
  • reject - Reject the settlement, transition to ROLLED_BACK
Both decisions are recorded in the settlement’s event history with full audit context.

Open attestation interface

KeyStone operates the default compliance oracle, but the attestation interface is open:
  • Platform-operated oracles: Platforms can run their own compliance screening and submit attestations directly to the ComplianceRegistry
  • Multi-attester: Templates can require attestations from multiple providers for higher assurance
  • Verifiable: All attestations are permanent on-chain records - a false attestation is provable liability
This design separates screening (off-chain, provider-specific) from enforcement (on-chain, standardized gate check).

What KeyStone stores

KeyStone never stores raw KYC/AML data. We store only compliance status (pass/fail/flagged) and a reference ID pointing to the compliance provider’s record.
LayerWhat is stored
Off-chain (KeyStone DB)Compliance status + reference ID pointing to provider’s record
On-chain (ComplianceRegistry)Hashed party identifier + status enum + hashed reference ID
The compliance provider (LSEG, CipherOwl) remains the source of truth for the actual screening data. KeyStone only records the outcome.

Screening performance

MetricValue
Average screening time2-4 seconds
Auto-pass rate~95%
Supported jurisdictions240+ countries
Re-screeningEvery settlement (not cached)
See ComplianceRegistry for full contract documentation.