Money Transparency

Public payments with full cryptographic traceability.

Hashes and signatures live on-chain while sensitive files stay off-chain but remain tied to those commitments so audits can replay the full path.

Money flow and audit verification diagramMoney flow and audit verification diagram
Coverage Target
>=99.9%
Proof Query P95
<=5s
Transition Validity100%

Architecture

On-chain proofs + off-chain evidence

Events carry commitments, signatures, and links to the prior state. Documents sit off-chain with hashes so integrity checks still bind.

Store event type, tx_trace_id, previous hash, payload hash, signer role, signature, and timestamp.

Every state transition anchors a cryptographic link to the previous event. Tampering or missing events are detected by proof-chain validation.

Contracts, invoices, and beneficiary metadata are content-addressed and linked by cryptographic hash.

Sensitive records remain off-chain but every audit query can verify document integrity through hash matching and signature checks.

The trace interface reconstructs full path, validates signatures and hash continuity, and returns policy compliance status.

The same interface supports public transparency views and internal forensic review with deterministic reconstruction results.

Lifecycle

Deterministic transaction state machine

Illegal transitions fail and leave a log line. Higher-risk payment classes need more signatures before money moves.

Lifecycle steps

A payment intent becomes immutable after commitment and receives a stable trace identifier.

Role-based approvals are verified against policy thresholds before disbursement can proceed.

Disbursement emits a signed settlement event and references approved intent hashes.

Receipt evidence is anchored and reconciliation closes the chain with compliance summary.

Data Model

Minimum entities for V0-V1

This set covers proof replay, policy checks, and load tests for the early builds.

Top-level program budget commitment entity.

Defines source authority, amount class, and disbursement boundaries.

Initial payment proposal with purpose and destination.

Carries pre-disbursement policy data and risk profile tags.

Role-scoped authorization for execution.

Supports multi-sig chains and explicit signer accountability.

Executed transfer event with settlement metadata.

Anchors final movement reference for audit trace reconstruction.

Proof of completion from receiving side.

Ties off-chain evidence to on-chain hash commitment.

Post-payment consistency validation object.

Confirms accounting closure and flags deviations.

Machine-readable proof package.

Bundles all cryptographic checks and compliance outcomes.

Dispute and review workflow object.

Tracks anomaly escalations and adjudication outcomes.