Covenant Sentinel

Private credit loans come with strict financial rules called covenants that borrowers must meet. In traditional finance, dedicated analyst teams costing $500K+ per year manually check whether borrowers are complying. When credit is tokenized and put on-chain, this monitoring disappears entirely. Token holders, DeFi protocols using these tokens as collateral, and insurance protocols all operate on blind trust, assuming the borrower is healthy based on whatever a fund administrator last reported, often months ago.

Covenant Sentinel closes that gap. A loan agreement is uploaded once, and AI models extract the full covenant structure, every metric, threshold, and formula, and stores the verified schema on-chain. From that point, on a recurring schedule, the system fetches the borrower's latest financials from the fund administrator, recalculates every covenant, and publishes a Loan Health Report to a smart contract. The report carries a status for each covenant: PASS, WARNING, or BREACH, along with the calculated values, confidence scores, and trend direction. Any protocol or investor can read this feed in real time.

When a breach is detected, enforcement happens automatically at the infrastructure level. The token contract is wired to Chainlink ACE: every time someone attempts a transfer, the policy engine reads the latest health report and reverts the transaction if the loan is in BREACH. The monitoring system and the enforcement system never communicate directly, they share a single on-chain data contract. This separation means real-world credit risk is enforced at the moment of transfer, with no human intervention required after initial setup.

Covenant Sentinel is built using Chainlink CRE and Chainlink ACE. The system has two CRE workflows and a set of smart contracts, primarily LoanRegistry, LoanHealthFeed and a ComplianceGatedERC20 contract.
The first workflow is triggered by an HTTP request when a loan document is uploaded. We built a demo frontend using Nextjs to upload a markdown loan document and extract covenant rules and thresholds from it. The document is sent to an LLM (Claude, GPT-4o, and Gemini) to extract the covenant schema as structured JSON. It reaches BFT consensus and writes the verified schema to LoanRegistry on-chain.
The second workflow runs on a cron schedule. It uses HTTPClient to fetch the borrower's latest financials from the fund admin API (for the demo, we built a mock API), reads the stored covenant schema from LoanRegistry via EVMClient.read(), then runs the compliance calculation through LLMs. The consensus result is written to LoanHealthFeed , which stores the latest health report per loan.
Enforcement is handled by Chainlink ACE independently. The token contract (ComplianceGatedERC20) inherits ACE's PolicyProtected, which intercepts every transfer() call and routes it through the PolicyEngine. A custom LoanHealthPolicy contract reads the latest report from LoanHealthFeed and reverts with PolicyRejected if the loan status is BREACH. The CRE workflows and ACE layer are fully decoupled and connected only through the shared LoanHealthFeed contract.