TrustRail

TrustRail is privacy-preserving compliance infrastructure for Web3.
Protocols increasingly need to verify that users meet regulatory or financial requirements (for example: being a verified human, passing sanctions screening, or meeting minimum financial thresholds). However, existing solutions rely on centralized KYC providers or require sensitive personal and financial information to be exposed.
TrustRail solves this by introducing a policy-based compliance layer that verifies eligibility without revealing sensitive data.
Protocols define compliance policies such as:

• Minimum bank balance (e.g. $10,000)
• Minimum crypto holdings
• Human verification
• Risk screening or sanctions checks
  Users opt-in to satisfy those policies, and TrustRail routes the verification to the appropriate execution environment:
• Public signals such as World ID proofs are verified transparently onchain.
• Sensitive checks (bank balances, wallet risk analysis, cold wallet balances) are executed inside confidential Chainlink CRE enclaves using ConfidentialHTTPClient.
  The workflows integrate external systems including:
• World ID for proof of unique humanness
• Plaid Open Banking for private bank balance verification
• GoPlus Security API for wallet risk and sanctions screening
• Google Gemini 2.0 Flash for AI-assisted policy governance
  Raw financial data never leaves the secure environment. The only information written onchain is a binary compliance attestation (true / false) with an expiry timestamp.
  This allows any Web3 protocol — DeFi platforms, NFT marketplaces, DAOs, RWA platforms, or gaming ecosystems — to gate access to features based on verifiable compliance signals without ever exposing user data onchain.

TrustRail effectively acts as a privacy-preserving compliance oracle layer for Web3 protocols.

TrustRail uses a hybrid on-chain / off-chain architecture powered by Chainlink CRE workflows.
Off-chain Execution (Chainlink CRE)
Four CRE workflows form the compliance engine:

1. Base Policy Workflow
   Triggered after World ID verification.
   The workflow queries the GoPlus Security API to run sanctions and risk screening checks.
   It then writes a isBaseEligible(user) result to the blockchain.
2. Policy Governance Workflow
   Compliance policies are stored on IPFS.
   A CRE workflow retrieves the policy and uses Google Gemini 2.0 Flash (via OpenRouter) to review whether the policy follows compliance standards.
   The workflow then writes an APPROVED or REJECTED decision to the PolicyRegistry smart contract.
3. Bank Balance Attestation
   Users connect financial accounts using Plaid Open Banking APIs.
   The workflow runs inside a CRE confidential execution environment using ConfidentialHTTPClient, which securely queries bank balances.
   The balance is compared against compliance thresholds defined in the policy.
   Only a boolean compliance result is written onchain.
4. Crypto Wealth Attestation
   Users prove ownership of crypto assets by signing a challenge with EIP-191 wallet signatures.
   The CRE workflow verifies ownership and aggregates balances across Ethereum, Base, Arbitrum, and Polygon using confidential API calls.
   Additional risk checks are performed using GoPlus Security before publishing a binary compliance result onchain.
   On-chain Contracts
   Smart contracts store only minimal compliance results:

• BasePolicyContract – stores basic eligibility
• PolicyRegistry – stores AI-approved policy rules
• ComplianceAttestation – stores user compliance attestations
  Contracts are deployed on World Chain Sepolia and Tenderly Virtual TestNets.
  Frontend
  The frontend interface allows users to complete identity verification and generate compliance attestations.
  It is built using:
• React 19 + Vite
• wagmi + viem
• World ID (@worldcoin/idkit)
• MiniKit (@worldcoin/minikit-js) for World App integration
  Users can verify their identity, browse approved policies, and generate privacy-preserving compliance attestations through the interface.