Omni-Compliance Guard (OCG)

Omni-Compliance Guard (OCG) is a verifiable, privacy-preserving cross-chain compliance protocol that intercepts Chainlink CCIP token transfers and enforces AML / Travel Rule requirements before funds reach the recipient.

The problem: Every regulated cross-chain token transfer today requires manual compliance checks - AML screening, sanctions verification, and Travel Rule identity exchange. There is no on-chain middleware that automates this while preserving privacy and working across chains.

How it works:

1. A CCIP token transfer arrives at ComplianceConsumerV2 on the destination chain. Tokens are quarantined and a ComplianceCheckRequested event is emitted.
2. A CRE workflow running on Chainlink's DON detects the event. Each DON node independently calls an AML provider (Scorechain + 2 mock providers) via the HTTP capability, and BFT consensus ensures agreement on the result.
3. The DON delivers the compliance report on-chain via KeystoneForwarder → ComplianceConsumerV2.onReport().
4. The contract routes the report to one of three finalization modes: ZK proof (Groth16 => risk score stays private), Quorum Attestation (M-of-N provider consensus), or Full Compliance (ZK + quorum + Travel Rule). If all checks pass, tokens are released; otherwise, they are rejected.

What it solves: Automated, trustless, privacy-preserving compliance for any DeFi protocol using CCIP => no manual intervention, no exposed PII, jurisdiction-aware policy enforcement (US FinCEN, EU TFR), and pluggable AML providers.

• Solidity ^0.8.20 (Foundry): 5 core contracts: ComplianceConsumerV2 (CCIP receiver + CRE IReceiver), ZKComplianceVerifier (Groth16/BN254), ProviderRegistry (EIP-712 M-of-N quorum), VASPRegistry (Travel Rule envelopes, per-jurisdiction thresholds), PolicyRegistry (timelocked governance). 51 Foundry tests covering quorum, replay attacks, jurisdiction routing, quarantine timeout, and CRE report delivery.
• Go + CRE SDK v1.2.0: Production CRE workflow scaffolded via cre init, compiled to WASM. Uses evm.LogTrigger to detect on-chain events, http.SendRequest for AML API calls, and cre.ConsensusIdenticalAggregation for BFT consensus across DON nodes.
• Multi-provider AML server (Go): Queries 3 providers in parallel (Scorechain real API + Elliptic mock + TRM Labs mock), aggregates with median-risk + any-flagged consensus. Includes a real OFAC-sanctioned Tornado Cash address for rejection demo.
• Circom 2.1.6: ZK circuit for private risk score verification (riskScore ≤ threshold +notsanctioned).
• TypeScript (ethers v6): Deployment scripts for 5 contracts + policy setup on Sepolia.
• Networks: Ethereum Sepolia (destination, contracts + CRE listener) and Base Sepolia (CCIP source chain).