Aegis-Gate

AegisGate
AegisGate is a privacy-preserving compliance layer for decentralized finance (DeFi). It allows DeFi protocols to verify that their users are accredited investors and have passed KYC/AML checks — without ever exposing sensitive personal or financial data on the blockchain. Think of it as a bridge between traditional finance regulation and the on-chain world, where a protocol can ask "is this wallet compliant?" and get a simple yes or no, with zero access to the underlying personal data.
What problem does it solve?
DeFi protocols face a fundamental conflict: regulators increasingly require them to verify users (checking identity, financial status, and accreditation), but users don't want their bank balances, Social Security numbers, or identity documents stored on a public blockchain — and centralizing that data defeats the entire purpose of decentralization. Today, protocols either skip compliance entirely (risking legal action) or collect sensitive data centrally (risking data breaches). AegisGate eliminates that tradeoff.
How does it work?
AegisGate combines three technologies to make verification possible without data exposure:
World ID confirms that the user is a unique, real human being using a zero-knowledge proof — no personal identity information is revealed in the process.
Plaid is used to connect the user's bank account and check their balance. The balance is verified, but never stored or transmitted beyond the moment of verification.
Chainlink CRE (Confidential Runtime Environment) is the core innovation. It runs the entire verification process inside a Trusted Execution Environment (TEE) — a hardware-isolated enclave within the processor where even the Chainlink node operators cannot see the data being processed. The enclave verifies the World ID proof, exchanges the Plaid token, reads the user's bank balance, checks it against a configurable minimum threshold stored on-chain, and then destroys all sensitive data once the check is complete.
The only thing that ever reaches the blockchain is a signed attestation containing an anonymous nullifier hash and a boolean: isAccredited: true or false. No bank balance. No name. No identity documents.
DeFi protocols can then call a single function — isCompliant(wallet) — to gate access to their platform.
The user journey in five steps:

1. The user enters their Ethereum wallet address
2. They scan a QR code with the World App to prove they are a unique human
3. They connect their bank account through Plaid Link
4. The data is bundled and sent to the Chainlink CRE enclave for confidential processing
5. The compliance result is written on-chain, and any approved DeFi protocol can verify it instantly
   What goes on-chain vs. what stays private:
   On-chain (public): an anonymous nullifier hash, a true/false accreditation flag, a verification timestamp, and a cryptographic attestation proof.
   Never on-chain: bank balances, account numbers, names, SSNs, passport data, Plaid tokens, or any financial history.
   Why it matters:
   AegisGate makes it possible for DeFi to meet real-world regulatory requirements without becoming a surveillance system. It proves compliance without revealing the evidence — giving regulators what they need, giving users privacy, and giving protocols a legally defensible path forward.

AegisGate is composed of three distinct layers that work together: a frontend application, a smart contract, and a confidential compute workflow.
Frontend — Next.js 16 / React 19
The user-facing application is built with Next.js 16 and React 19, styled with Tailwind CSS. It walks the user through a five-step verification wizard. It integrates the World ID IDKit widget (which handles the zero-knowledge proof flow entirely client-side), the Plaid Link SDK (which opens a secure bank connection popup), and ethers.js v6 for reading compliance status directly from the Sepolia blockchain. The frontend also exposes a set of API routes that handle server-side tasks like generating Plaid link tokens, exchanging Plaid public tokens, and reading contract state.
Smart Contract — Solidity 0.8.28 on Ethereum Sepolia
The on-chain component is a single Solidity contract called AegisGate.sol, deployed on the Ethereum Sepolia testnet. It acts as the source of truth for compliance status. It stores a mapping from anonymous nullifier hashes to wallet addresses, a compliance record per wallet (containing the accreditation boolean, a verification timestamp, and an expiry), and a configurable minimum balance threshold that the CRE workflow reads during verification. It uses a forwarder pattern — only the designated Chainlink CRE Forwarder contract can call onReport() to write compliance results, preventing any unauthorized updates. DeFi protocols query it via isCompliant(wallet), and only pre-approved protocol addresses are permitted to call that function. The contract was deployed and managed using Hardhat v3 with Hardhat Ignition for declarative deployment.
CRE Workflow — Chainlink Confidential Runtime Environment (TypeScript / Bun)
This is the core of the system. The workflow is written in TypeScript and runs inside Chainlink's Trusted Execution Environment — a hardware-isolated processor enclave (using technologies like Intel SGX or AMD SEV) where even the Chainlink node operators cannot read the data being processed. It uses four key capabilities from the Chainlink CRE SDK:

• ConfidentialHTTPClient makes encrypted outbound API calls to World ID and Plaid. The requests, responses, API keys, and all data are encrypted end-to-end — invisible to node operators.
• runtime.getSecret() retrieves sealed credentials (Plaid API keys, World ID app ID) that are encrypted and can only be decrypted inside the genuine hardware enclave.
• EVMClient reads the minimum balance threshold directly from the smart contract and later writes the compliance result back to the chain.
• runtime.report() + evmClient.writeReport() produce a collectively signed report from multiple CRE nodes (DON consensus), which is then submitted via the Forwarder contract to onReport() on-chain. This means no single node can forge a result.
  The workflow runs six steps in sequence: verify the World ID proof, exchange the Plaid public token for an access token, read the on-chain balance threshold, fetch and validate the user's bank balance, extract the nullifier hash, and write the signed compliance attestation on-chain. All sensitive data is destroyed when execution ends.
  Configuration and Secrets
  The workflow is configured through three files: a workflow.yaml defining the entry point, a config.staging.json with non-sensitive chain-specific settings (contract address, gas limits), and a secrets.yaml containing references to encrypted secrets that are only decrypted inside the TEE at runtime.
  In summary, the stack is Next.js for the interface, Solidity + Hardhat for the on-chain registry, and Chainlink CRE (TypeScript running in a TEE) as the privacy-preserving verification engine that ties everything together. The architecture ensures that sensitive data touches exactly one place — the hardware-encrypted enclave — and is never persisted anywhere.