# DBIS Rail — ISO Gateway and Relayer (Phase 6 Spec)

**Purpose:** Off-chain components that produce MintAuth and submit to DBIS_SettlementRouter (and optionally SwapAuth to DBIS_ConversionRouter). Implement per [Code Completion Task List](DBIS_RAIL_ADDONS_CODE_COMPLETION_TASK_LIST.md) Phase 6.

## 1. ISO Gateway (off-chain)

- **Ingest:** ISO-20022 messages (pacs/camt/pain).
- **Compliance:** KYC/AML/sanctions/limits per Rulebook.
- **Ledger:** Post double-entry; compute `accountingRef` = `keccak256(ledgerSystemId, journalId, batchNumber, postingTimestamp, reserveAccountId)` per Rulebook §3.2.
- **Canonical bundle:** Build ISO evidence bundle; canonicalize per [Hash Canonicalization v1.5](DBIS_RAIL_HASH_CANONICALIZATION_AND_TEST_VECTORS_V1_5.md); set `isoHash = keccak256(utf8(canonicalBundle))`.
- **FundsStatus:** Set ON_LEDGER_FINAL or OFF_LEDGER_FINAL per Good Funds Matrix (Rulebook §2).
- **MintAuth:** Build EIP-712 MintAuth (chainId 138, verifyingContract = SettlementRouter address, recipients, amounts, notBefore, expiresAt, etc.).
- **Signatures:** Request threshold signatures from allowlisted signers (3-of-5, COMPLIANCE mandatory) per SignerRegistry.

## 2. MintAuth Relayer

- **Input:** Signed MintAuth + array of 65-byte ECDSA signatures.
- **Action:** Call `DBIS_SettlementRouter.submitMintAuth(auth, signatures)` on Chain 138 (RPC from .env).
- **Tooling:** Script or service (e.g. Node/TS with ethers/viem) using PRIVATE_KEY for gas; or a relayer key with no custody of funds.

## 3. SwapAuth (optional)

- Build SwapAuthorization; get quote (RFQ/TWAP/aggregator); set quoteHash, quoteIssuer; get 2-of-4 or 3-of-5+COMPLIANCE signatures per amount; call `DBIS_ConversionRouter.submitSwapAuth(auth, signatures, amountOut)` after executing the swap so that amountOut >= minAmountOut.

## 4. Signer key management (runbook)

- Document HSM or equivalent, key rotation, emergency revoke and key compromise drill per [EMERGENCY_REVOKE_AND_KEY_COMPROMISE](runbooks/EMERGENCY_REVOKE_AND_KEY_COMPROMISE.md) and Rulebook §6.4.