Goldie.city

Goldie City is a multi-tenant, non-custodial gold tokenisation platform that allows institutional issuers to launch fully regulated, on-chain gold token ecosystems. Each issuer gets a complete, isolated stack of smart contracts — a gold token, a compliance transfer router, a Chainlink-powered pricing oracle, a reserve proof module, and a redemption manager — all deployed from a single factory with role-based access control (RBAC) enforced at the contract level.
The problem it solves: Physical gold tokenisation is operationally complex. Issuers need KYB/KYC verification, vault custody attestation, live pricing, transfer compliance, and redemption audit trails — all of which today exist across disconnected systems with no enforceable on-chain logic. Goldie City moves the critical controls on-chain: transfers are blocked unless compliance passes, reserve proofs are published and verifiable, and pricing inputs come from a tamper-resistant oracle.
Where Chainlink CRE fits — and why it's central to the platform:
Goldie City is inherently multi-tenant and event-driven. Every issuer lifecycle event (KYB approval, vault audit, token redemption, pricing dispute) is a trigger for a cross-system workflow that needs consensus, external data, and on-chain writes. Chainlink CRE is the natural automation layer for the entire platform — not just a single feature. Below are three concrete workflow examples we are building or have built:

1. Proof of Reserve (built and simulated):
   The live CRE workflow runs every 30 seconds. It fetches the vault custody manifest via HTTP (with DON median consensus across nodes so no single node can falsify the weight), reads the IGU token's totalSupply and the XAU/USD Chainlink price feed on-chain, calculates the backing ratio in basis points, then sends all metrics to Google Gemini via the CRE AI capability to produce an AI risk score (0–100) and a human-readable reasoning string. The full 7-field report — backing ratio, vault weight, token supply, Chainlink price, reserve status (HEALTHY/WARNING/CRITICAL), AI risk score, AI reasoning — is ABI-encoded and written to the PoRConsumer contract on Sepolia every 30 seconds. The auditor dashboard and platform dashboard both poll this contract live and update automatically.
2. Issuer KYB → On-chain Registration (in design, next workflow):
   When an issuer completes KYB via Sumsub, a webhook fires to the platform backend. A CRE HTTP-triggered workflow picks this up, verifies the payload signature, derives the permanent entityId = keccak256(applicantId), hashes the KYC document references for privacy, and calls IssuerRegistry.verifyIssuer() on-chain. The IssuerVerified event is emitted, the subgraph indexes it, and the issuer immediately gains permission to call the token factory. Because this write goes through the DON rather than a backend wallet, it is auditable and not dependent on a single operator key.
3. Issuer Compliance Status Check in PoR (planned extension):
   The PoR workflow will be extended to also EVM-read IssuerRegistry.isVerifiedIssuer(issuer) as part of each 30-second cycle. If the token's issuer has been suspended or revoked since the last report, Gemini receives that as additional risk signal and the on-chain report reflects it. This means a single CRE workflow simultaneously verifies vault backing, live gold price, and issuer compliance standing — three independent data sources aggregated into one tamper-resistant on-chain record.
   Stack: Next.js 15, Java, Solidity (OpenZeppelin UUPS upgradeable), Foundry, The Graph (subgraph indexing), Wagmi/Viem (frontend chain reads), Chainlink CRE SDK (@chainlink/cre-sdk), Chainlink Data Feeds (XAU/USD), Google Gemini AI, Sumsub KYB, Stytch auth, Sepolia testnet,.

Smart Contracts (Solidity + Foundry)
Every issuer on the platform gets a dedicated ecosystem of UUPS-upgradeable contracts deployed from a factory: a PreciousMetalToken (ERC-20), a ComplianceRouter (transfer gating), a PreciousMetalPricingOracle (Chainlink-fed pricing), a PreciousMetalReserveProof (reserve attestation record), and a PreciousMetalRedemptionManager (redemption state machine). Platform-level contracts — IssuerRegistry, TokenRegistry, PlatformAccessManager, and PoRConsumer — are shared across all issuers. Role-based access control is enforced entirely on-chain via OpenZeppelin AccessManager.
Chainlink CRE Workflow (@chainlink/cre-sdk, TypeScript/Bun)
The core automation is a CRE workflow (main.ts) that runs on a 30-second cron:

1. HTTP + DON consensus — fetches the signed vault custody manifest (totalWeightMg, barCount) across all DON nodes, uses median aggregation so no single node can falsify the weight
2. EVM read — reads IGU.totalSupply() from the token contract on Sepolia
3. EVM read — reads latestRoundData() from the Chainlink XAU/USD price feed
4. Computation — derives backing ratio in basis points (10000 = 100% backed), reserve status (HEALTHY / WARNING / CRITICAL)
5. Gemini AI — sends all metrics to gemini-flash-latest via HTTP inside the DON; response is cached across nodes (one API call per execution); returns a 0–100 risk score + reasoning string
6. EVM write — ABI-encodes all 7 fields and calls PoRConsumer.onReport() on Sepolia, storing the result permanently on-chain
   Frontend (Next.js 15, Wagmi, Viem)
   Two dashboards read PoRConsumer live via useReadContracts polling every 30 seconds — an auditor dashboard (/auditor/dashboard) showing the full decoded report with status banner, backing ratio bar, and AI risk badge, and the platform dashboard (/platform/dashboard) showing a PoR status column alongside all deployed tokens. The subgraph (The Graph) indexes IssuerVerified and ReserveHealthUpdated events for historical queries.
   Auth & KYB
   Stytch handles user authentication. Sumsub handles issuer KYB — on approval, a webhook triggers IssuerRegistry.verifyIssuer(), which writes the issuer's entityId = keccak256(applicantId) and a privacy-preserving kycDocumentHash on-chain. Only verified issuers can call the token factory.
   Infrastructure
   Sepolia testnet, The Graph hosted service (subgraph), public RPC (ethereum-sepolia-rpc.publicnode.com), GitHub public repo (Blue-Lighthouse-Trading-Ltd/Goldie-Platform, branch restructure2-PoR).