System Architecture

Audit Pipeline Architecture

Every transaction flows through a 7-step compliance pipeline. Each step is a checkpoint that either gates the transaction (steps 1-6) or reports on its health (step 7). Every checkpoint produces a structured audit record.

Pipeline Visualization

Transaction Flow & Audit Capture

7-Step Compliance Pipeline → Audit Trail01IdentityGate02DiscoveryGate03ReservesGate04TransferGate05ExecutionGate06TokenGate07ReportingObligationAudit Trail:AUD-001AUD-002AUD-003AUD-004AUD-005AUD-006AUD-007Hover over steps to see details. Gates block on failure; Obligations are advisory.
Pipeline Specifications

Pipeline Stages

Detailed breakdown of each step in the compliance pipeline, its checkpoint type, and regulatory significance.

Stage Step Checkpoint Domain Audit Output Regulatory Standards
Identity Verification 1 Gate Identity AUD-001: DID resolution result, credential chain depth BSA/AML, FATF, GENIUS Act, ACK
AML/CFT Screening 2 Gate Discovery AUD-002: Sanctions check result, watchlist hits, jurisdiction flags BSA/AML, FATF, GENIUS Act, ACK
Reserve Verification 3 Gate Reserves AUD-003: Available balance, reserve status, token validity GENIUS Act, ACK
Settlement Execution 4 Gate Transfer AUD-004: Transaction hash, settlement network, finality confirmation BSA/AML, GENIUS Act, ACK
Receipt Generation 5 Gate Execution AUD-005: Receipt issuance timestamp, credential issuer, signature GENIUS Act, ACK
Credential Verification 6 Gate Token AUD-006: Revocation status, credential chain validity, expiration ACK
Health Reporting 7 Obligation Reporting AUD-007: Post-settlement observations, quantum risk assessment, final regulatory tags BSA/AML, FinCEN
Information Architecture

Data Flow

Pipeline Execution

Transaction Input: Every audit record begins with a transaction object: originator DID, beneficiary DID, amount, currency, settlement network.
7 Compliance Steps: The transaction flows through steps 1-7. At each step, a compliance check (gate or monitor) is applied. If a gate fails, the transaction halts and the audit trail shows the failure point. If a monitor detects an anomaly, it records a warning but does not block.
Audit Trail Assembly: Each step produces an audit record (AUD-001 through AUD-007). Records are accumulated into an array with a shared correlationId that ties all records from a single pipeline run.

Evidence & Export

Evidence Capture: Each record includes a timestamp, checkpoint result (PASS/FAIL/WARN), evidence hash, step duration in milliseconds, and a JSON object of evidence key-value pairs. Hashes ensure tamper-evidence: any modification of the record will break cryptographic validation.
Export Formats: The accumulated audit trail can be exported as JSON (raw records), as a W3C Verifiable Credential (signed, tamper-evident), or as a filtered regulatory report (e.g., FATF Travel Rule fields only).
Regulatory Tagging: Each record is tagged with the regulations it satisfies (BSA/AML, FATF, GENIUS Act, FinCEN, ACK). Filters can extract only the tags relevant to a specific jurisdiction or standard.
Downstream Integration

Integration Points

StableAudit exports connect to compliance infrastructure, security operations, and regulatory reporting systems.

PSP Integration

Payment Service Providers ingest StableAudit records to satisfy their ACK operational compliance requirements. JSON audit exports include all fields PSPs need for real-time monitoring and escalation workflows.

SIEM/SOC Feed

JSON audit exports are structured for direct ingestion by security information and event management systems. Each record includes correlation IDs for transaction tracking across multiple infrastructure layers.

Regulatory Submission

Filtered VC-format exports for targeted regulatory reporting. Export only the fields required by a specific standard — FATF Travel Rule, FinCEN, or GENIUS Act — for compliant, audit-ready submission packages.

Technical Details

Audit Record Structure

Each audit record is a structured JSON object with cryptographic integrity guarantees. 

{
  "correlationId": "txn-2024-001-abc123def456",
  "step": 1,
  "stepName": "Identity",
  "checkpoint": "gate",
  "result": "PASS",
  "timestamp": "2024-11-15T14:23:45.123Z",
  "duration_ms": 145,
  "evidence": {
    "did": "did:key:z6Mkj7...",
    "credential_chain_depth": 3,
    "issuer_trusted": true,
    "revocation_checked": true
  },
  "evidence_hash": "sha256:a3f5d...",
  "regulatory_tags": [
    "BSA/AML",
    "FATF_TRAVEL_RULE",
    "GENIUS_ACT_4",
    "ACK_OPERATIONAL"
  ]
}
Correlation IDs: Tie all records from a single pipeline run. When a transaction flows through all 7 steps, it produces 7 audit records — all tagged with the same correlationId. This allows downstream systems to reconstruct the complete audit trail for a single transaction.
Evidence Hashes: Each record includes evidence_hash — a cryptographic digest of the evidence object. Any tampering with the record after generation will break the hash, making the tampering immediately detectable. Export formats (JSON, VC, reports) all preserve and validate hashes.
Regulatory Tags: Every record is tagged with the regulations it satisfies. This enables filtering: extract only BSA/AML records for FinCEN submission, or only GENIUS Act fields for PPSI reporting. Tags are immutable and included in the evidence hash.