Aegis

Aegis introduces a new compliance primitive for DeFi: confidential, policy-bound enforcement.

In institutional finance, risk policy is enforceable and auditable. State changes must provably align with approved policy versions.
In DeFi, this guarantee does not exist.
Governance defines parameters, but enforcement is manual, discretionary, or transparently gameable. There is no cryptographic binding between policy version and state transition — and no immutable enforcement audit trail.
This structural gap prevents DeFi protocols from achieving institutional-grade risk and compliance standards.
Aegis closes this gap using the Chainlink Runtime Environment (CRE).

Governance-approved policy is loaded confidentially inside a CRE enclave via runtime.getSecret(). Off-chain risk signals are ingested privately using ConfidentialHTTPClient, and on-chain state is read via EVMClient.callContract. A deterministic bigint-based tier engine evaluates these inputs with no floating-point arithmetic, randomness, or discretionary override.

When thresholds are breached:

• A policyHash is computed from the exact serialized governance configuration
• A cryptographic digest of the enforcement decision is generated
• The digest is signed inside the enclave (EIP-191)
• The signed report is delivered on-chain via writeReport()

On-chain, the Guardian contract verifies:

• Signature authenticity
• Replay protection
• Timestamp freshness
• Policy-hash alignment
  Only after successful verification is the safeguard executed (e.g., pauseProtocol()).

Each enforcement action is immutably recorded in an AttestationRegistry alongside:

• digest
• policyHash
• runId
• timestamp

An encrypted snapshot of the risk state is also stored on-chain, preserving auditability while preventing adversarial threshold inference.
Aegis transforms governance from advisory signaling into cryptographically bound, verifiable enforcement — establishing institutional-grade risk and compliance infrastructure natively on-chain.

Aegis is implemented as a Chainlink Runtime Environment (CRE) workflow in TypeScript, with Solidity contracts forming a deterministic on-chain verification and compliance layer.

1. Confidential Policy Execution (CRE)
   The enforcement engine runs inside a CRE confidential enclave.

• runtime.getSecret() loads the governance-approved policy configuration and enclave signing key from DON secrets
• ConfidentialHTTPClient ingests off-chain risk signals privately (volatility, peg deviation, liquidity depth from coingecko api)
• EVMClient.callContract reads live on-chain state (utilization, protocol oracle price, Chainlink price feed)

All risk thresholds are loaded at runtime

A deterministic bigint-based tier engine evaluates signals using integer BPS logic only:

• No floating-point arithmetic
• No randomness
• No discretionary override

If escalation conditions are met:

• A policyHash is computed from the exact serialized governance configuration
• A domain-separated digest is constructed (chainId, guardian address, tier, timestamp, runId)
• The digest is signed inside the enclave (EIP-191)
• The signed report is delivered on-chain via EVMClient.writeReport()

This cryptographically binds enforcement to a specific governance-approved policy version.

2. On-Chain Verification & Compliance Contracts
   Four Solidity contracts enforce deterministic validation before any safeguard executes:

AegisGuardianReceiver

• Accepts CRE reports from the Keystone Forwarder
• Decodes payload and forwards to Guardian

AegisGuardian
Performs strict sequential verification:

• Signature recovery (EIP-191)
• Domain separation
• Chain ID validation
• Replay protection (digest mapping)
• Timestamp freshness window
• Policy-hash alignment

Only after all checks pass is the safeguard executed (e.g., pauseProtocol() or freezeMarket()).

AttestationRegistry

• Write-once compliance log
• Records digest, policyHash, runId, timestamp
• Publicly verifiable audit trail

ProtectedProtocol (Mock Integration)

• Demonstrates real integration with protocol pause and market freeze controls

No state change occurs without successful cryptographic verification.

3. Confidential Evidence Preservation
   Before enforcement, the workflow encrypts a snapshot of all evaluated risk signals using a policy-hash–derived key.
   The encrypted snapshot is stored on-chain alongside the attestation.
   This preserves auditability while preventing adversarial threshold inference.

4. End-to-End Demonstration
   The system is demonstrated using:

• CRE CLI simulation with --broadcast
• Sepolia fork (supported chain selector)
• Real state transitions
• Verified Guardian execution
• Immutable attestation recording

The demo proves full enclave execution → signed report → Guardian verification → protocol state change → compliance record.
Aegis isolates governance policy inside confidential compute while preserving deterministic, replay-resistant, and cryptographically verifiable enforcement on-chain.