d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4eead3e53fecdb2b7e629bb9f56b22ff92c61d2e
proxmox/docs/dbis-rail/ISO_GATEWAY_AND_RELAYER_SPEC.md
defiQUG 4de9676da7
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
chore: update implementation status in DBIS_RAIL_ADDONS_CODE_COMPLETION_TASK_LIST.md 
- Added a detailed implementation status table outlining the completion status of various phases.
- Marked the submodule reference for smom-dbis-138 as dirty to reflect changes.

Made-with: Cursor
2026-03-02 13:56:53 -08:00

28 lines
2.0 KiB
Markdown
Raw Blame History

# DBIS Rail — ISO Gateway and Relayer (Phase 6 Spec)
**Purpose:** Off-chain components that produce MintAuth and submit to DBIS_SettlementRouter (and optionally SwapAuth to DBIS_ConversionRouter). Implement per [Code Completion Task List](DBIS_RAIL_ADDONS_CODE_COMPLETION_TASK_LIST.md) Phase 6.
## 1. ISO Gateway (off-chain)
- **Ingest:** ISO-20022 messages (pacs/camt/pain).
- **Compliance:** KYC/AML/sanctions/limits per Rulebook.
- **Ledger:** Post double-entry; compute `accountingRef` = `keccak256(ledgerSystemId, journalId, batchNumber, postingTimestamp, reserveAccountId)` per Rulebook §3.2.
- **Canonical bundle:** Build ISO evidence bundle; canonicalize per [Hash Canonicalization v1.5](DBIS_RAIL_HASH_CANONICALIZATION_AND_TEST_VECTORS_V1_5.md); set `isoHash = keccak256(utf8(canonicalBundle))`.
- **FundsStatus:** Set ON_LEDGER_FINAL or OFF_LEDGER_FINAL per Good Funds Matrix (Rulebook §2).
- **MintAuth:** Build EIP-712 MintAuth (chainId 138, verifyingContract = SettlementRouter address, recipients, amounts, notBefore, expiresAt, etc.).
- **Signatures:** Request threshold signatures from allowlisted signers (3-of-5, COMPLIANCE mandatory) per SignerRegistry.
## 2. MintAuth Relayer
- **Input:** Signed MintAuth + array of 65-byte ECDSA signatures.
- **Action:** Call `DBIS_SettlementRouter.submitMintAuth(auth, signatures)` on Chain 138 (RPC from .env).
- **Tooling:** Script or service (e.g. Node/TS with ethers/viem) using PRIVATE_KEY for gas; or a relayer key with no custody of funds.
## 3. SwapAuth (optional)
- Build SwapAuthorization; get quote (RFQ/TWAP/aggregator); set quoteHash, quoteIssuer; get 2-of-4 or 3-of-5+COMPLIANCE signatures per amount; call `DBIS_ConversionRouter.submitSwapAuth(auth, signatures, amountOut)` after executing the swap so that amountOut >= minAmountOut.
## 4. Signer key management (runbook)
- Document HSM or equivalent, key rotation, emergency revoke and key compromise drill per [EMERGENCY_REVOKE_AND_KEY_COMPROMISE](runbooks/EMERGENCY_REVOKE_AND_KEY_COMPROMISE.md) and Rulebook §6.4.
Reference in New Issue View Git Blame Copy Permalink