Version: 0.1.0 (Prototype)
Last Updates: March 21 2026
Target Audience: Contributors, maintainers, and LLMs working on this codebase
Sentinel is a high-performance, compliance-first middleware layer that bridges traditional financial institutions with decentralized finance protocols. It serves as the critical infrastructure layer that enables institutional-grade execution in DeFi markets.
- Pre-built compliance infrastructure meeting HKMA and SFC licensing requirements
- Dual-officer transaction approval workflows with cryptographic audit trails
- Real-time AML/CFT screening integrated directly into transaction flow
- HK$10M capital requirement technical architecture support
- Sub-50 microsecond transaction routing with intelligent path optimization
- MEV (Maximum Extractable Value) protection through private mempool integration and transaction simulation
- Cross-chain liquidity aggregation spanning EVM chains, Solana, and Cosmos-based RWA networks
- Gasless meta-transaction support for institutional account management
- Institutional-grade oracle integration (Chainlink CCIP) for cross-chain asset messaging
- Compliance-aware smart order routing for tokenized securities
- Settlement finality guarantees bridging on-chain and traditional settlement systems
| Feature | Traditional DeFi | Sentinel Approach |
|---|---|---|
| Latency | 200-500ms | <50μs (99th percentile) |
| Compliance | Post-transaction screening | Pre-execution policy enforcement |
| MEV Protection | Basic slippage settings | Simulation-based attack prevention |
| Cross-chain | Manual bridging | Intent-based atomic routing |
| Infrastructure | Self-hosted nodes | AWS auto-scaling with 99.99% SLA |
┌──────────────────────────────────────────────────────────────────────────┐
│ CLIENT INTERFACE LAYER │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ REST API │ │ WebSocket │ │ gRPC │ │ Webhook │ │
│ │ (Reporting) │ │ (Price Feeds)│ │ (Execution) │ │ (Events) │ │
│ └──────┬───────┘ └──────┬───────┘ └──────┬───────┘ └──────┬───────┘ │
└─────────┼─────────────────┼─────────────────┼─────────────────┼──────────┘
│ │ │ │
└─────────────────┴─────────────────┴─────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────────────────────┐
│ SENTINEL CORE GATEWAY │
│ (Rust + Tokio Async Runtime) │
│ │
│ ┌──────────────────────────────────────────────────────────────────────┐ │
│ │ INTAKE PROCESSOR │ │
│ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │
│ │ │ Req Parser │→ │ Auth Engine │→ │ Rate Limiter│→ │ Schema Val │ │ │
│ │ │ (<5μs) │ │ (API Key) │ │ (Token Bucket│ │ (Protobuf) │ │ │
│ │ └─────────────┘ └─────────────┘ └─────────────┘ └─────────────┘ │ │
│ └──────────────────────────────────────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌──────────────────────────────────────────────────────────────────────┐ │
│ │ COMPLIANCE ENGINE (Policy DAG) │ │
│ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │
│ │ │ HK VASP │→ │ AML Screen │→ │ Risk Score │→ │ Dual-Officer│ │ │
│ │ │ Rule Check │ │ (Chainalysis│ │ Calculator │ │ Approval │ │ │
│ │ └─────────────┘ └─────────────┘ └─────────────┘ └─────────────┘ │ │
│ │ │ │
│ │ Policy Result: ALLOW → Continue | REVIEW → Queue | DENY → Reject │ │
│ └──────────────────────────────────────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌──────────────────────────────────────────────────────────────────────┐ │
│ │ MEV PROTECTION ENGINE │ │
│ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │
│ │ │ Mempool │→ │ Simulation │→ │ Attack │→ │ Private │ │ │
│ │ │ Monitor │ │ Sandbox │ │ Detection │ │ Relays │ │ │
│ │ │ (Geth/Reth) │ │ (Anvil fork)│ │ (Pattern ML)│ │ (Flashbots) │ │ │
│ │ └─────────────┘ └─────────────┘ └─────────────┘ └─────────────┘ │ │
│ │ │ │
│ │ Protection Score: SAFE → Execute | RISK → Time-delay | HIGH → Reject │ │
│ └──────────────────────────────────────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌──────────────────────────────────────────────────────────────────────┐ │
│ │ SMART ORDER ROUTER (SOR) │ │
│ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │
│ │ │ Liquidity │→ │ Path Find │→ │ Split Engine│→ │ Execution │ │ │
│ │ │ Scanner │ │ (Dijkstra) │ │ (CowSolver) │ │ Builder │ │ │
│ │ │ (Substreams)│ │ │ │ │ │ │ │ │
│ │ └─────────────┘ └─────────────┘ └─────────────┘ └─────────────┘ │ │
│ │ │ │
│ │ Routing Strategy: Single-chain | Cross-chain (CCIP) | Intent-based │ │
│ └──────────────────────────────────────────────────────────────────────┘ │
│ │ │
└────────────────────────────────────┼────────────────────────────────────────┘
│
┌─────────────────────────┼─────────────────────────┐
│ │ │
▼ ▼ ▼
┌─────────────────┐ ┌──────────────────┐ ┌─────────────────┐
│ EVM CLUSTER │ │ SOLANA CLUSTER │ │ COSMOS CLUSTER │
│ ┌───────────┐ │ │ ┌───────────┐ │ │ ┌───────────┐ │
│ │ Ethereum │ │ │ │ Firedancer│ │ │ │ Provenance│ │
│ │ (Reth) │ │ │ │ (Helius) │ │ │ │ (RWA) │ │
│ ├───────────┤ │ │ ├───────────┤ │ │ ├───────────┤ │
│ │ Arbitrum │ │ │ │ Jito │ │ │ │ Ondo │ │
│ │ (Nitro) │ │ │ │ (MEV) │ │ │ │ Chain │ │
│ ├───────────┤ │ │ └───────────┘ │ │ ├───────────┤ │
│ │ Base │ │ │ │ │ │ Cosmos │ │
│ │ (Geth) │ │ │ │ │ │ Hub │ │
│ └───────────┘ │ │ │ │ │ (IBC) │ │
└─────────────────┘ └──────────────────┘ │ └───────────┘ │
└─────────────────┘
│
▼
┌────────────────────────────────────────────────────────────────────────────┐
│ DATA & OBSERVABILITY LAYER │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ Redis │ │ PostgreSQL │ │ ClickHouse │ │ Grafana │ │
│ │ (Hot Cache) │ │ (Relational) │ │ (Time-Series)│ │ (Dashboards) │ │
│ └──────────────┘ └──────────────┘ └──────────────┘ └──────────────┘ │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ Kafka │ │ S3/Glacier │ │ Prometheus │ │ PagerDuty │ │
│ │ (Event Bus) │ │ (Audit Logs)│ │ (Metrics) │ │ (Alerts) │ │
│ └──────────────┘ └──────────────┘ └──────────────┘ └──────────────┘ │
└────────────────────────────────────────────────────────────────────────────┘
Purpose: Ultra-low-latency request validation and routing
Flow:
- Request Parser - Zero-copy deserialization using
rkyvorflatbuffers - Auth Engine - Ed25519 signature verification + API key validation
- Rate Limiter - Token bucket algorithm with per-client buckets
- Schema Validation - Protobuf-based request validation
Performance Targets:
- Parsing: <5 microseconds
- Auth: <10 microseconds
- End-to-end intake: <50 microseconds p99
Purpose: Regulatory policy enforcement before transaction execution
Architecture: Directed Acyclic Graph (DAG) of policy nodes
// Policy DAG Structure
enum PolicyNode {
VaspCheck { jurisdiction: Jurisdiction },
AmlScreen { provider: Chainalysis },
RiskScore { threshold: u8 },
DualOfficer { required_approvers: u8 },
VelocityCheck { window: Duration, max_tx: u32 },
}
struct PolicyResult {
decision: Decision, // Allow | Review | Deny
evidence: Vec<AuditLog>,
latency_micros: u64,
}HK VASP Specific Rules:
- Source of funds verification for transactions >HK$120,000
- Beneficial ownership screening for wallet addresses
- Travel Rule compliance for cross-border transfers
- Suspicious transaction pattern detection
Purpose: Protect institutional orders from frontrunning and sandwich attacks
Three-Layer Defense:
-
Mempool Monitoring
- Real-time mempool subscription via
eth_subscribe - Pattern detection for attacker bot behaviors
- Liquidity pool state tracking
- Real-time mempool subscription via
-
Transaction Simulation
- Local EVM fork using
anvilorrethexecution layer - Pre-flight execution with current mempool state
- Slippage impact calculation under attack scenarios
- Local EVM fork using
-
Private Execution
- Flashbots Protect integration (Ethereum)
- Jito bundles (Solana)
- MEV-Blocker fallback
Purpose: Optimal execution across fragmented liquidity
Algorithm:
- Liquidity Discovery - Real-time DEX liquidity via subgraphs/substreams
- Path Finding - Multi-hop routing with Dijkstra/CowSolver
- Order Splitting - Optimal order size distribution across venues
- Execution Building - Transaction bundle construction
Cross-Chain Routing:
- Chainlink CCIP for EVM-to-EVM messaging
- IBC protocol for Cosmos ecosystem
- Wormhole/Axelar as fallbacks
| Layer | Technology | Purpose |
|---|---|---|
| Runtime | Rust + Tokio | Async runtime for high-concurrency, low-latency operations |
| Serialization | Protobuf + rkyv | Efficient wire format and zero-copy deserialization |
| Networking | Tonic (gRPC) + axum (HTTP) | High-performance RPC and REST APIs |
| State Management | Redis Cluster | Hot cache for session, rate limiting, and liquidity state |
| Persistence | PostgreSQL + ClickHouse | Relational data and time-series analytics |
| Message Bus | Apache Kafka | Event streaming between components |
| Observability | Prometheus + Grafana + Jaeger | Metrics, dashboards, and distributed tracing |
| Chain | Client/Provider | Integration Method |
|---|---|---|
| Ethereum | Reth (self-hosted) + Alchemy (fallback) | JSON-RPC + WebSocket subscriptions |
| Arbitrum | Nitro node | Direct node connection |
| Base | Geth node | Standard EVM interface |
| Solana | Firedancer (via Helius) | gRPC + WebSocket |
| Cosmos/Provenance | Cosmos SDK node | Tendermint RPC + IBC relayer |
| Domain | Library | Purpose |
|---|---|---|
| EVM | revm, ethers-rs, foundry-evm |
EVM execution, contract interaction, testing |
| Solana | solana-sdk, anchor-lang |
Program interaction and account management |
| Cosmos | cosmrs, ibc-rs |
Chain interaction and IBC protocol |
| Cryptography | ring, dalek-cryptography |
Signature verification and encryption |
| MPC | threshold_crypto |
Threshold signature schemes for custody |
| ZK | halo2, arkworks |
Zero-knowledge proof verification |
| Component | Technology | Purpose |
|---|---|---|
| Containerization | Docker + BuildKit | Reproducible builds |
| Orchestration | Kubernetes (EKS) | Container orchestration |
| IaC | Terraform + Pulumi | Infrastructure as code |
| CI/CD | GitHub Actions | Automated testing and deployment |
| Secrets | HashiCorp Vault | Secret management |
| DDoS Protection | Cloudflare | Edge security and caching |
What: Async runtime for Rust Used For:
- Managing thousands of concurrent connections
- Non-blocking I/O for blockchain RPC calls
- Task scheduling with work-stealing thread pool
Key Features:
tokio::spawn,tokio::select!,tokio::time::interval
What: gRPC implementation for Rust Used For:
- High-performance internal service communication
- Streaming price feeds to clients
- Bidirectional RPC for order submission
Key Features:
tonic::transport::Server, protobuf code generation
What: Web framework for Rust Used For:
- REST API endpoints for reporting and management
- WebSocket handlers for real-time data
- Middleware for auth and logging
Key Features:
Router,extract,middleware::from_fn
What: Ethereum interaction library Used For:
- Contract calls and event listening
- Transaction signing and broadcasting
- ABI encoding/decoding
Key Features:
Provider,Contract,Wallet,Middleware
What: Rust EVM implementation Used For:
- Local transaction simulation (MEV protection)
- Gas estimation with current state
- Smart contract testing
Key Features:
EVM::execute,Databasetrait for state access
What: High-performance Ethereum full node in Rust Used For:
- Self-hosted Ethereum mainnet connection
- Low-latency mempool access
- Historical state queries Advantage: Memory-safe, high-performance, Rust-native integration
What: Local Ethereum testnet Used For:
- MEV simulation environment (fork mainnet state)
- Integration testing
- Gas profiling Integration: Spawn as child process, fork at specific block height
What: Solana RPC provider with enhanced APIs Used For:
- Firedancer-optimized Solana access
- Enhanced transaction simulation
- Priority fee estimation
What: Cross-chain interoperability protocol Used For:
- Cross-chain RWA token transfers
- Message passing between EVM chains
- Token bridging with rate limiting
What: In-memory data structure store Used For:
- Session management and API key caching
- Rate limiting counters (sliding window)
- Liquidity pool state caching
- Pub/sub for internal events
Key Structures:
Hash(pool states),Sorted Set(rate limits),Stream(events)
What: Relational database Used For:
- User and organization data
- Transaction audit logs (structured)
- Compliance case management
- Configuration storage
What: Columnar time-series database Used For:
- High-volume event ingestion (millions/sec)
- Analytics queries (latency percentiles, volume trends)
- Compliance reporting aggregations
What: Distributed event streaming platform Used For:
- Event sourcing between microservices
- Audit log streaming to S3
- Real-time compliance event processing
What: Metrics collection and alerting Used For:
- Latency histograms (p50, p99)
- Request rate and error rate tracking
- Business metrics (TVL routed, compliance decisions)
What: Visualization and dashboards Used For:
- Real-time system health monitoring
- Client-facing analytics dashboards
- Compliance officer review interfaces
What: Distributed tracing system Used For:
- End-to-end request tracing (intake → execution)
- Latency bottleneck identification
- Cross-service dependency mapping
What: Blockchain surveillance API Used For:
- Real-time address risk scoring
- Transaction clustering and attribution
- Sanctions screening (OFAC, UN)
What: Secrets management system Used For:
- API key encryption at rest
- Dynamic database credentials
- PKI certificate management
- Encryption key rotation
What: Smart contract security platform (optional) Used For:
- Automated security monitoring
- Admin action multisig workflows
- Incident response automation
1. Client → POST /v1/order (gRPC)
└─ Protobuf: OrderRequest { market, side, size, price_limit }
2. Intake Processor
└─ Auth (API key + HMAC signature) → 8μs
└─ Rate limit check (Redis) → 2μs
└─ Schema validation → 5μs
3. Compliance Engine
└─ VASP rule check (HK jurisdiction) → 15μs
└─ AML screen (Chainalysis cache) → 25μs
└─ Risk score calculation → 10μs
└─ Decision: ALLOW
4. MEV Protection
└─ Mempool snapshot → 20μs
└─ Anvil simulation (fork at latest) → 150ms
└─ Attack probability: 0.02 (SAFE)
└─ Route to Flashbots Protect
5. Smart Order Router
└─ Liquidity scan (Redis cache) → 5μs
└─ Path find (3-hop optimal) → 50μs
└─ Split: 60% Uniswap V3, 40% Curve
6. Execution
└─ Build transaction bundle
└─ Sign with MPC threshold (2-of-3)
└─ Submit to Flashbots Relay
└─ Monitor inclusion (12s target)
7. Settlement & Reporting
└─ Kafka event: OrderExecuted
└─ ClickHouse: Latency metrics
└─ PostgreSQL: Audit log
└─ Client Webhook: Execution confirmation
Total Latency (pre-chain): <350μs
1. Order triggers velocity limit (>$1M in 1 hour)
2. Compliance Engine
└─ Decision: REVIEW
└─ Queue in PostgreSQL (case management)
└─ Notify compliance officers (PagerDuty)
3. Dual Officer Approval
└─ Officer A reviews (web dashboard)
└─ Officer B approves (cryptographic signature)
└─ 2-of-2 threshold met
4. Resume to MEV Protection → Execution
5. Audit Trail
└─ Full decision tree logged (Vault tamper-proof)
└─ HKMA report format generated
└─ 7-year retention (S3 Glacier)
service SentinelExecution {
// Submit order for execution
rpc SubmitOrder(OrderRequest) returns (OrderResponse);
// Stream price updates
rpc StreamPrices(PriceStreamRequest) returns (stream PriceUpdate);
// Get compliance status
rpc GetComplianceStatus(ComplianceQuery) returns (ComplianceReport);
// Submit dual-officer approval
rpc SubmitApproval(ApprovalRequest) returns (ApprovalResponse);
}
message OrderRequest {
string client_order_id = 1;
string market = 2; // e.g., "ETH-USDC"
Side side = 3;
string size = 4; // Decimal as string for precision
OrderType order_type = 5;
uint64 price_limit = 6; // Optional for limit orders
TimeInForce tif = 7;
MevProtection mev_protection = 8; // ON | OFF | AGGRESSIVE
}
message OrderResponse {
string order_id = 1;
OrderStatus status = 2;
string tx_hash = 3; // If executed
uint64 latency_micros = 4;
repeated Route routes = 5;
ComplianceSummary compliance = 6;
}| Endpoint | Method | Purpose |
|---|---|---|
/v1/health |
GET | Service health check |
/v1/orders/{id} |
GET | Order status and fill details |
/v1/trades |
GET | Trade history (paginated) |
/v1/compliance/reports |
GET | Generate compliance reports |
/v1/analytics/latency |
GET | Latency percentiles |
/v1/admin/limits |
PUT | Update client rate limits |
| Channel | Direction | Payload |
|---|---|---|
prices.{market} |
Server → Client | Bid/ask/last price updates |
orders.{client_id} |
Server → Client | Order status changes |
compliance.alerts |
Server → Client | Real-time compliance events |
mempool.watch |
Server → Client | High-value mempool transactions |
┌────────────────────────────────────────────────────────────────┐
│ AWS VPC │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ Public Subnet │ │
│ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │
│ │ │ NLB │ │ CloudFlare │ │ Bastion │ │ │
│ │ │ (TLS term) │ │ (DDoS) │ │ (Jump) │ │ │
│ │ └─────────────┘ └─────────────┘ └─────────────┘ │ │
│ └─────────────────────────────────────────────────────────┘ │
│ │ │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ Private Subnet (App) │ │
│ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │
│ │ │ Sentinel │ │ Sentinel │ │ Sentinel │ │ │
│ │ │ Gateway │ │ Gateway │ │ Gateway │ │ │
│ │ │ (AZ-a) │ │ (AZ-b) │ │ (AZ-c) │ │ │
│ │ └─────────────┘ └─────────────┘ └─────────────┘ │ │
│ │ │ │ │ │ │
│ │ └────────────────┴────────────────┘ │ │
│ │ │ │ │
│ │ ┌─────────┐ │ │
│ │ │ EKS │ │ │
│ │ │ (K8s) │ │ │
│ │ └─────────┘ │ │
│ └─────────────────────────────────────────────────────────┘ │
│ │ │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ Private Subnet (Data) │ │
│ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │
│ │ │ ElastiCache│ │ RDS │ │ MSK │ │ │
│ │ │ (Redis) │ │ (PostgreSQL)│ │ (Kafka) │ │ │
│ │ └─────────────┘ └─────────────┘ └─────────────┘ │ │
│ │ ┌─────────────┐ ┌─────────────┐ │ │
│ │ │ ClickHouse │ │ Vault │ │ │
│ │ │ (EC2) │ │ (HCP) │ │ │
│ │ └─────────────┘ └─────────────┘ │ │
│ └─────────────────────────────────────────────────────────┘ │
│ │ │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ Blockchain VPC Peering │ │
│ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │
│ │ │ Reth Node │ │ Solana │ │ Cosmos │ │ │
│ │ │ (Ethereum) │ │ Validator │ │ Validator │ │ │
│ │ └─────────────┘ └─────────────┘ └─────────────┘ │ │
│ └─────────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────────────┘
- Multi-AZ Deployment: Gateway nodes across 3 availability zones
- Auto-scaling: HPA (Horizontal Pod Autoscaler) based on CPU and request queue depth
- Failover: Redis Cluster with automatic failover, RDS Multi-AZ
- Backup: Cross-region S3 replication for audit logs, daily RDS snapshots
- Disaster Recovery: RTO <5 minutes, RPO <1 minute
| Threat | Mitigation |
|---|---|
| Private key theft | MPC threshold signatures (2-of-3), HSM backup |
| API key compromise | Short-lived JWTs, IP whitelisting, rate limiting |
| MEV attacks on clients | Simulation sandbox, private relays, time-delayed execution |
| Compliance evasion | Immutable audit logs, tamper-proof evidence chains |
| DDoS | CloudFlare, AWS Shield, rate limiting, circuit breakers |
| Supply chain attacks | Reproducible builds, dependency pinning, SLSA compliance |
- Transport: TLS 1.3 for all external communication, mTLS for internal
- Authentication: Ed25519 API keys with HMAC-SHA256 request signing
- Signing: MPC threshold signatures (t-of-n) for transaction signing
- Storage: AES-256-GCM for data at rest, envelope encryption with Vault
- Extend Lobby with MEV simulation
- Build compliance policy DAG
- Implement intake processor with <50μs target
- Redis cluster setup and integration
- Reth node deployment and optimization
- EVM chain integrations (Ethereum, Arbitrum, Base)
- Flashbots Protect integration
- Smart order router with basic path finding
- Chainalysis KYT integration
- Dual-officer approval workflow
- Solana (Helius) integration
- Cosmos/IBC prototype
- AWS EKS deployment
- Observability stack (Prometheus, Grafana, Jaeger)
- Security audit and penetration testing
- Load testing (10k TPS target)
- Documentation and client SDKs
| Metric | Target | Measurement |
|---|---|---|
| Intake Latency | <50μs p99 | Prometheus histogram |
| End-to-End Latency | <350μs p99 | Jaeger traces |
| Availability | 99.99% | Uptime monitoring |
| Throughput | 10,000 TPS | Load testing |
| MEV Protection Rate | >99% | Attack simulation tests |
| Compliance Decision Time | <100μs | Policy engine metrics |
| Client Acquisition | 3 HK VASPs | Sales pipeline |
- HK VASP Licensing Guidelines
- Flashbots Protect Documentation
- Chainlink CCIP Architecture
- Cosmos IBC Protocol Specification
- "MEV Protection in DeFi" - Flashbots Research
- "RWA Tokenization Infrastructure" - State of RWA 2026
- "High-Frequency Trading on Blockchain" - Paradigm Research