d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dc8abb06e2bbd33e30803ca59d284ead8ea970c6
proxmox/docs/dbis-rail/E2E_WHITEPAPER_SIMPLE.md

159 lines
9.2 KiB
Markdown
Raw Normal View History

chore: update submodule references and documentation - Marked submodules ai-mcp-pmm-controller, explorer-monorepo, and smom-dbis-138 as dirty to reflect recent changes. - Updated documentation to clarify operator script usage, including dotenv loading and task execution instructions. - Enhanced the README and various index files to provide clearer navigation and task completion guidance. Made-with: Cursor
2026-03-04 02:03:08 -08:00
# DBIS Rail — End-to-End White Paper (Simple Terms)
**What is it?**
The DBIS Rail is a **settlement and minting system** that runs on a dedicated blockchain (Chain 138). It connects **traditional banking and ledger evidence** (ISO messages, double-entry bookkeeping) to **on-chain token creation (GRU)**. Only properly authorized, compliant instructions can record a settlement and mint tokens—and the chain never decides whether “real money” is final; that stays in the regulated world.
---
## 1. The Problem It Solves
**Banks and institutions** need to:
- Move value in a way that is **auditable** and tied to **real ledger entries** and **compliance checks**.
- **Mint digital tokens (GRU)** only when a defined process has been completed: messages received, funds confirmed, accounting done, and a **group of authorized signers** has agreed.
- Avoid **single points of failure**: no one person or system can approve a mint alone.
- Keep **proof** that each on-chain settlement links back to a specific message, accounting batch, and evidence bundle.
The DBIS Rail does this by:
1. Taking **off-chain** evidence (ISO-20022 messages, ledger postings, compliance) and turning it into a **signed authorization**.
2. Running that authorization **on-chain** through contracts that check signers, replay, limits, and participant allowlists.
3. **Recording** the settlement and **minting** GRU only when every check passes.
---
## 2. How It Works End-to-End (Settlement and Mint)
### Step 1: Message and compliance (off-chain)
- An **ISO Gateway** (off-chain system) receives banking messages (e.g. payment instructions, statements).
- It runs **compliance** (KYC, AML, sanctions, limits) per the Rulebook. No authorization is built for failed or unresolved cases.
- It posts the transaction in the **DBIS ledger** (double-entry, reserve accounts) and creates a **unique accounting reference** from that posting (journal, batch, timestamp, reserve account). That reference will be attached to the on-chain settlement forever.
### Step 2: “Good funds” and finality (off-chain)
- The Rulebook defines **when** funds are treated as final (e.g. wire posted, ACH return window passed, internal transfer completed).
- The Gateway sets a **funds status** (e.g. ON_LEDGER_FINAL or OFF_LEDGER_FINAL) only when the right conditions are met. **The chain does not decide finality**—the regulated process does.
### Step 3: Building the Mint Authorization (off-chain)
- The Gateway builds a **Mint Authorization**: a compact package that includes:
- A **unique message ID** (from the payment/instruction).
- **Evidence hash** (hash of the canonical evidence bundle).
- **Accounting reference** (tied to the ledger posting).
- **Recipients and amounts** (who gets GRU and how much).
- **Time window** (valid from/until).
- **Chain and contract** (Chain 138, Settlement Router address).
- This package is in a standard signing format (EIP-712) so signers sign **exactly this instruction**.
### Step 4: Signers approve (off-chain)
- A **quorum of authorized signers** (e.g. 3 of 5) must sign the Mint Authorization. One of them must be from a **Compliance** category. No single signer can approve alone.
- Signers are expected to sign only when the Rulebook and good-funds rules are satisfied. Their keys are kept secure (e.g. HSM).
### Step 5: Relayer submits on-chain
- A **relayer** (script or service) sends the **signed Mint Authorization + signatures** to the **Settlement Router** contract on Chain 138.
### Step 6: Router validates and records (on-chain)
- The **Settlement Router**:
- Checks **signatures** (correct hash, valid signers).
- Checks **quorum and categories** (enough signers, including Compliance).
- Ensures **message ID** has never been used (no replay).
- Checks **time window** and **chain/contract**.
- Checks **policy** (per-message caps, corridor limits).
- Confirms **recipients** are approved participant wallets.
- If anything fails, the transaction reverts. If all pass, the Router **records** the settlement and calls the **Mint Controller**.
### Step 7: Mint (on-chain)
- The **Mint Controller** is the **only** contract allowed to mint GRU. It accepts instructions **only** from the Settlement Router.
- It mints the agreed amounts to the recipient addresses. **SettlementRecorded** and **MintExecuted** events are emitted for audit and reporting.
### Step 8: Audit trail
- Every settlement is tied on-chain to:
- **Message ID** (links to the original instruction).
- **Accounting reference** (links to the ledger posting).
- **Evidence hash** (links to the off-chain evidence bundle).
- These anchors support regulatory and internal audit.
---
## 3. The Main Pieces (Simple Map)
| Piece | Where | Role in simple terms |
|-------|--------|------------------------|
| **ISO Gateway** | Off-chain | Receives messages, runs compliance, does ledger posting, builds the Mint Authorization, asks signers to sign. |
| **Signers** | Off-chain | Authorized people/systems that sign the Mint Authorization when the Rulebook and good-funds rules are met. |
| **Relayer** | Off-chain | Submits the signed authorization to the Settlement Router (pays gas; no custody of funds). |
| **Chain 138** | Blockchain | Runs the contracts and stores immutable settlement and mint events. |
| **Participant Registry** | On-chain | List of allowed institutions and their approved wallets (only those can receive GRU). |
| **Signer Registry** | On-chain | List of allowed signers and quorum rules (who can sign, how many, which category required). |
| **Settlement Router** | On-chain | Validates the signed Mint Authorization and policy; records settlement; calls Mint Controller. |
| **Mint Controller** | On-chain | Mints GRU only when called by the Settlement Router. |
| **Root Registry** | On-chain | Holds addresses of the other DBIS contracts (single place to find them). |
---
## 4. Conversions (Swaps) in Short
- The rail also supports **governed token conversions** (e.g. swap one token for another) via a **Conversion Router**.
- A **Swap Authorization** is built (with venue, quote, amounts, deadline), signed by the allowlisted signers (with rules for small vs large swaps), and submitted on-chain.
- The Conversion Router checks: chain, contract, deadline, **venue allowlist**, **quote-issuer allowlist**, **stablecoin status**, and **blocklist**. Only then is the conversion treated as authorized; execution (e.g. DEX swap) is done so that the outcome meets the signed minimum output.
- **Stablecoin policy** defines which tokens count as canonical stablecoins and how they are monitored; the Conversion Router can enforce that only active, compliant ones are used.
---
## 5. Safety and Controls (Plain Language)
- **No single point of approval**
Mint and swap authorizations need a **quorum** of signers, with **Compliance** required for mints (and for large swaps where configured).
- **Replay protection**
Each message ID can be used **once**. Reusing it is rejected.
- **Time-bound**
Every authorization has a validity window; expired or not-yet-valid submissions are rejected.
- **Chain and contract binding**
Signatures are tied to Chain 138 and to the correct contract address. Wrong chain or wrong contract → invalid.
- **Only the Router can trigger mint**
GRU is minted **only** via the Mint Controller when the Settlement Router calls it. Other mint paths (e.g. owner mint) are removed or revoked.
- **Pause**
Authorized roles can **pause** the Settlement Router (and related components) to stop new settlements in an emergency.
- **Participant and signer allowlists**
Only registered participants wallets can receive GRU; only registered signers signatures count. Signers can be revoked; procedures cover key compromise and in-flight authorizations.
- **Caps and corridors**
The Router can enforce **per-message** and **per-corridor** limits so that no single instruction or corridor exceeds policy.
- **Audit trail**
Settlement and mint (and conversion) produce **on-chain events** with message ID, accounting reference, evidence hash, and amounts—so every move can be traced and reported.
---
## 6. Who Its For and What You Get
- **Banks and financial institutions** that need settlement and token minting tied to **real messages, ledger, and compliance**, with **multi-party sign-off** and a clear audit trail.
- **Operators** who run the ISO Gateway, signer set, and relayer—with a **Rulebook** and **runbooks** for good funds, finality, reversals, and incidents.
- **Regulators and auditors** who need to see **who can sign**, **how** finality is decided (off-chain), **how** the chain enforces authorization and policy, and **how** each settlement links to message, ledger, and evidence.
**In one sentence:**
The DBIS Rail turns **compliant, ledger-anchored banking instructions** into **on-chain settlements and GRU mints** that are **multi-signer authorized, replay-proof, and fully auditable**, while leaving **finality of “real money”** in the regulated domain.
---
## Document info
| Field | Value |
|-------|--------|
| Title | DBIS Rail — End-to-End White Paper (Simple Terms) |
| Network | DBIS Mainnet (Chain 138) |
| Audience | General technical and business readers |
| Companion docs | Technical Spec v1, Rulebook v1, Regulator Brief v1, ISO Gateway & Relayer Spec |
Reference in New Issue Copy Permalink