ComplianceShield

ComplianceShield is an automated risk monitoring and compliance engine for DeFi protocols. It solves a fundamental problem — DeFi protocols today have no way to monitor market risk, screen sanctioned wallets, or verify reserve backing because doing any of that requires calling external APIs, and calling APIs on-chain exposes your credentials to everyone. ComplianceShield fixes this by running three Chainlink CRE workflows inside TEE enclaves where API keys stay encrypted and hidden. Risk Sentinel checks ETH/USD and BTC/USD prices from Chainlink Data Feeds every five minutes, computes market drawdown, and auto-pauses the protocol if things get critical. Sanctions Guard screens wallet addresses against OFAC and EU sanctions lists through Confidential HTTP — the API key never leaves the enclave. Reserve Watchdog calls a bank API every ten minutes to verify reserves cover liabilities — bank credentials stay private. Every check writes a verdict on-chain and emits an OCP attestation with a timestamp, type, and proof hash, creating an immutable audit trail that regulators can verify without accessing the sensitive data underneath. The result is DeFi compliance that's fully automated, decentralized, and private.

The system has three layers. The workflow layer uses Chainlink CRE, three typescript based workflows compiled to WASM that run inside TEE enclaves on the Chainlink DON. Secrets like API keys and bank credentials are stored in the DON vault using threshold encryption and only decrypted inside the enclave at runtime. The contract layer has five Solidity contracts deployed on Sepolia RiskRegistry stores all risk scores, sanctions checks, and reserve health records with OCP attestation events; ComplianceGuard enforces actions like auto-pausing the protocol or permanently blocking sanctioned addresses; SimpleToken is the demo ERC-20; and ReceiverTemplate validates that only authorized Chainlink forwarders can submit reports. The frontend is a React + TypeScript app built with Vite, Tailwind, wagmi, viem, and RainbowKit. It reads live contract state, visualizes the three workflows using React Flow, shows historical risk data with Recharts, and supports private transfers through the Confidential Compute vault API using EIP-712 signed requests.