Compliant Bridge

Compliant Bridge solves the hardest problem in institutional DeFi: how do you enforce regulatory compliance across multiple blockchains without putting sensitive user data on-chain?
Today, every cross-chain protocol faces a dilemma. KYC/AML compliance requires checking sanctions lists, verifying accredited investor status, and validating jurisdiction — but writing that data on-chain is a privacy violation. Doing the check off-chain means it can be faked. And enforcing it on a second chain is even harder.
Compliant Bridge solves all three problems at once.
A Chainlink CRE workflow runs four compliance checks inside a Confidential HTTP enclave , sanctions screening (OFAC/UN/EU), KYC/AML, accredited investor status, and jurisdiction eligibility. The raw API responses never leave the enclave. Only four numbers reach the blockchain: a compliance tier (1–3), a transfer cap, an expiry timestamp, and a keccak256 check ID. The ComplianceGateway contract stores this as an on-chain attestation.
Chainlink CCIP then bridges that attestation to any destination chain. One check on Sepolia, valid on Arbitrum Sepolia simultaneously. If a wallet is revoked, a single call broadcasts the invalidation to all registered chains at once via CCIP, no gap where a revoked wallet keeps trading on a destination chain.
On top of this infrastructure, Compliant Bridge adds a compliance-gated AMM: three constant-product liquidity pools (Basic, Accredited, Institutional) where every swap, addLiquidity, and removeLiquidity call verifies the caller's attestation tier on-chain before executing. A non-compliant wallet reverts at the contract level , the UI cannot bypass it.
The result: privacy where it's needed (raw compliance data stays in the enclave), transparency where it's required (pass/fail verdicts and tier levels are fully on-chain and auditable), and enforcement that travels cross-chain automatically.

Smart Contracts (Solidity / Foundry)

• ComplianceGateway — stores attestations (tier, cap, expiry, checkId) per address; supports revocation; deployed on Sepolia and Arbitrum Sepolia
• ComplianceToken — ERC-20 with _update() hook that blocks transfers for non-compliant wallets
• AttestationSender — sends attestation data cross-chain using Chainlink CCIP
• AttestationReceiver — CCIPReceiver that writes remote attestations into the destination gateway
• AttestationInvalidator — broadcasts revocations to all registered chains simultaneously via CCIP
• CompliancePool — constant-product AMM with onlyCompliant modifier that calls gateway.isCompliantWithTier() on every state-changing function
• MockERC20 — testnet tokens (IUSD with 6 decimals, tTREAS with 18 decimals) with open faucet
  CRE Workflow (TypeScript / WASM via Javy)
• Four compliance checks via ConfidentialHTTPClient — sanctions, KYC, accredited investor, jurisdiction
• Results aggregated and returned as a minimal struct (tier, cap, expiry, checkId)
• Secrets managed via Chainlink Vault DON
• Workflow deployed via CRE CLI, simulated with cre workflow simulate
  Frontend (Next.js 15 / TypeScript / Tailwind v4)
• Four tabs: Public (blurred amounts, compliance badges), Institution (private attestation view), Regulator (full compliance visibility, revocation controls), Compliant Pool (tier-gated AMM)
• ethers v6 for all contract reads/writes
• Chainlink CCIP for cross-chain bridging directly from the UI
• No wallet required to view attestations (read-only mode)