Non-custodial treasury control plane for HashKey-native RWA issuers and stablecoin operators — risk monitoring, policy simulation, approval-ready proposals, and disclosure-ready evidence — with execution always under the customer's own Safe quorum, and compliance gated by HashKey's KYC SBT.
Scope boundary (MVP). RWA and stablecoin framing is target market context, not product scope:
- no custody
- no RWA issuance or tokenization
- no trading, rebalancing, or liquidity execution
- no proof-of-reserve, reserve sufficiency, or reserve attestation
- no compliance attestation or legal disclosure certification
- execution remains under the customer's Safe quorum
- currently an unaudited testnet MVP
v3 architecture pivot. Sentinel Treasury transitioned from the v1 hackathon MVP (multi-chain, Guard-in-MVP, Sentinel submitter-key anchoring) to v3: single-chain HashKey, customer-Safe-anchored
EvidenceRegistry(no Sentinel-controlled signing key for any on-chain write), KYC-SBT-gated proposal drafting, Guard deferred to a later phase, EIP-1271 relay deferred to Phase 2. The v1 hackathon code is no longer part of the active product repo; its history is preserved in git. Mainnet (177) deployment ofEvidenceRegistryis currently deferred.
Sentinel Treasury is the operating layer that turns Safe-based wallets and stablecoin reserves into controlled, explainable, disclosure-ready treasury operations. It provides:
- Read-only HashKey Safe ingestion via Safe Transaction Service (testnet
/txsattestnet-safe.hsk.xyz; mainnet/txsatmultisig.hashkeychain.net). - Deterministic off-chain policy simulation — KYC tier thresholds, concentration warnings, reserve rule. Never blocks Safe execution; produces warnings, risk labels, and approval-ready drafts.
- KYC-SBT-gated proposal drafting —
MetaTransactionDataproposals built off the HashKey KYC SBT tier of the proposer/operator wallet (NONE/BASIC/ADVANCED/PREMIUM/ULTIMATE). - Append-only, hash-chained audit log with pre-anchor commits, anchored to HashKey by the customer's own Safe quorum via
EvidenceRegistry— Sentinel prepares the unsigned anchor proposal; the customer signs and executes through their normal Safe flow. - Read-only exposure analytics — native-token, stablecoin-issuer, per-protocol concentration. Not investment advice.
Execution authority always remains with the customer's signer quorum. Sentinel never holds funds, never holds private keys, never broadcasts transactions on behalf of customers, and never signs evidence anchors on the customer's behalf.
- Hold custody of customer funds.
- Sign Safe transactions on behalf of customers.
- Hold any signing key for on-chain writes (no KMS in MVP; the customer's Safe owner quorum is the sole writer to
EvidenceRegistry). - Issue, mint, or tokenize assets.
- Trade, rebalance, or execute liquidity.
- Provide proof-of-reserve, reserve sufficiency, or reserve attestation.
- Perform compliance attestation or legal disclosure certification.
- Recommend specific allocations, swap counterparties, or yield strategies.
- Operate as a discretionary investment manager, "AI optimizer," or autonomous agent.
- Claim "compliance-enforced execution" — the MVP gate is off-chain; a Safe owner can always sign directly through Safe.
- Automate evidence anchoring — anchor proposals are prepared by Sentinel and signed by the customer's Safe owner quorum.
These constraints are mechanical, not just contractual: there is no key to compromise, no admin to bribe, no upgrade path to abuse. The non-custodial guarantees hold even under full server compromise — no Sentinel-controlled key can write into EvidenceRegistry or move customer funds.
Two-layer separation:
- Off-chain core (
policy-service/) — Python/FastAPI service performing read-only Safe Transaction Service polling, KYC SBT off-chain reads, deterministic policy simulation, proposal drafting (no signing), hash-chained audit log writing (with pre-anchor commits), and evidence anchor proposal preparation (POSTed unsigned to the customer's Safe Transaction Service queue). - On-chain (
contracts/contracts/EvidenceRegistry.sol) — ≤50 LOC, immutable, no admin, no submitter, no external calls, no EIP-1271 / EIP-712 /anchorForrelay. Per-customer namespaced bymsg.sender:mapping(address customer => mapping(bytes32 batchId => Anchor)). Customer Safe owner quorum is the sole writer to each customer's namespace. Fund-isolated by mechanism (no payable, no transfers, never installed as Safe guard/module). Deployed and source-verified on HashKey testnet at0xDF1470Cb919a302a1Ec5C49D6138aB85b1005a9F.
A future SentinelPolicyGuard (an opt-in ITransactionGuard implementation the customer can install on their own Safe) is deferred and not part of the MVP scope. An EIP-1271 customer-authorized anchor relay is similarly deferred — Sentinel never signs evidence anchors in the current architecture.
| Area | State |
|---|---|
| v1 hackathon contracts | Removed from active product repo; history preserved in git |
SentinelDeploymentMarker (hackathon mainnet anchor) |
Live: 0xbE6962010697f1B914166209a0E5B18A56bf5708 on HashKey mainnet 177 |
EvidenceRegistry.sol |
Live on HashKey testnet 133: 0xDF1470Cb919a302a1Ec5C49D6138aB85b1005a9F — Blockscout source-verified |
| Demo Safe (1-of-1, customer-Safe-controlled anchoring) | Live on HashKey testnet 133: 0xd0E2BDa7DB57630817B8Efd75e351356d2ddabC6 — canonical Safe v1.3.0 L2 stack |
| KYC SBT reader | Functionally verified against the live HashKey mainnet KYC SBT contract |
| Single-chain HashKey Safe Transaction Service ingestion | Read-only adapter shipped (safe-tx-service GET-only client + health poller) |
| Append-only hash-chained audit log + Merkle-rooted evidence anchoring | Implemented; customer-Safe-controlled anchoring (Sentinel prepares, customer signs) |
| Read-only exposure analytics | Implemented (native / stablecoin-issuer / counterparty concentration + heuristic risk labels) |
| Aggregated treasury endpoint | Implemented (GET /api/v1/treasury/{safe}) |
SentinelPolicyGuard |
Deferred — not part of the MVP |
EIP-1271 relay (EvidenceRegistryV2) |
Deferred to Phase 2 |
| External audit (Cantina) | Not on MVP critical path |
Mainnet (177) deployment of EvidenceRegistry |
Deferred |
SentinelTreasury_project/
├── contracts/
│ ├── contracts/ # active production Solidity (EvidenceRegistry,
│ │ │ # interfaces, SentinelDeploymentMarker)
│ │ └── test/ # Solidity test fixtures (MockKycSBT,
│ │ # MockAggregator, HskForwarder) — never
│ │ # deployed to production
│ ├── scripts/ # active deploy + tooling (deploy-marker, deploy-evidence-registry,
│ │ # create-demo-safe, verify-hashkey-safe-deployments)
│ └── test/ # active contract tests (EvidenceRegistry, MockKycSBT)
├── policy-service/ # FastAPI off-chain core (ingestion, KYC reader, policy engine,
│ # proposal builder, audit log, evidence anchor preparation).
│ # Renamed from ai-service/; v1 recommender removed.
├── frontend-landing/ # Next.js — sentineltreasury.com
│ # Marketing landing: hero, pillars, why-HashKey, roadmap, CTAs
├── frontend-docs/ # Nextra 4 — docs.sentineltreasury.com
│ # Public documentation site
└── frontend-demo/ # Next.js — demo.sentineltreasury.com
# HashKey testnet (Chain ID 133) read-only demo with global
# testnet disclaimer banner; wallet connect + V3Preview
This repository is in active v3 implementation. Build instructions for v3 components will be published as milestones land. The v1 hackathon codebase is no longer part of the active product repo; its history is preserved in git.
| Network | Chain ID | Status |
|---|---|---|
| HashKey Chain testnet | 133 | v3 target; EvidenceRegistry + demo Safe deployed |
| HashKey Chain mainnet | 177 | SentinelDeploymentMarker deployed (hackathon anchor); EvidenceRegistry deferred |
Multi-chain ingestion (Ethereum, Optimism, Arbitrum, Base) is out of v3 MVP scope. The v3 architecture is single-chain HashKey by design — the HashKey KYC SBT is the product's core differentiator and cannot be lifted to other chains unchanged.
Sentinel Treasury is in active v3 implementation. The v3 architecture described above is partially shipped. No code in this repository should be used to manage real funds without independent security review, operational controls, and protocol hardening. Underlying destination chains have varying decentralization profiles and security postures; Sentinel makes no warranty regarding the security or operational continuity of any underlying L1 or L2 network.
LeventLabs