Risk monitoring
Read-only HashKey Safe ingestion via Safe Transaction Service. Native + ERC-20 balances, pending proposals, executed transactions — refreshed on a polling interval.
Sentinel Treasury
Safe treasuries on HashKey · KYC-SBT-gated · customer-Safe-anchored
Non-custodial treasury control plane
for HashKey-native RWA issuers and stablecoin operators.
Risk monitoring, policy simulation, approval-ready proposals, and disclosure-ready evidence — with proposal drafting compliance-gated by HashKey's KYC SBT, and execution always under the team's own Safe quorum. Sentinel holds no signing key for any on-chain write.
Scope boundary (MVP)
• no custody · no RWA issuance or tokenization
• no trading, rebalancing, or liquidity execution
• no proof-of-reserve, reserve sufficiency, or reserve attestation
• no compliance attestation or legal disclosure certification
• execution remains under the customer's Safe quorum
• currently an unaudited testnet MVP
🥉 Top 3 · HashKey Horizon HackathonHashKey mainnet markerSingle-chain by design
Four product pillars
Policy simulation
Deterministic off-chain engine evaluates proposed transactions against your rules (KYC tier thresholds, concentration warnings, reserve rule) — warnings, risk labels, and approval-ready drafts only. Never blocks Safe execution.
Approval-ready proposals
MetaTransactionData proposals built off your wallet's KYC SBT tier (NONE / BASIC / ADVANCED / PREMIUM / ULTIMATE) and posted unsigned to your Safe Transaction Service queue. Your Safe quorum signs and executes.
Disclosure-ready evidence
Primary artifact: an exportable hash-chained audit log (CSV / JSONL) wrapping every state-changing operation. Tamper-evident on-chain anchor: customer-Safe-anchored EvidenceRegistry on HashKey, where your quorum is the sole writer to your evidence namespace. Sentinel cannot anchor on your behalf. The on-chain anchor strengthens auditability without replacing the conventional export — Sentinel logs operational evidence, not asset backing or compliance attestation.
Why HashKey — the KYC SBT compliance gate
The HashKey-native differentiator is the on-chain KYC SBT (Soulbound Token). Sentinel reads the proposer's tier before drafting or surfacing a proposal, and records the tier in the hash-chained audit trail. This is the reason the product cannot be lifted to another chain unchanged.
Claim boundary (binding): Sentinel provides compliance-gated proposal drafting, not compliance-enforced execution. Your Safe owner quorum can always bypass Sentinel and sign directly through Safe. Marketing copy never blurs that line.
Example: compliance-gated drafting in practice
“Any transfer above USD 50,000 must be proposed by an ULTIMATE-tier HashKey KYC SBT holder.”
A treasury committee configures this policy. If a lower-tier proposer attempts a USD 50K+ transfer, Sentinel surfaces a policy warning, marks the draft as fail-flagged, and records the gate in the audit log. The Safe owner quorum still decides execution — owners can always bypass Sentinel and sign directly through Safe. The auditor receives a clean evidence trail: proposer address, KYC tier at evaluation time, policy version, threshold rule, warning flag, and timestamp, with the audit-log Merkle root anchored on HashKey Chain by the customer's own Safe.
The threshold and tier are illustrative; each customer configures their own policy.
Reduced-risk MVP surface by construction
- • Zero new on-chain fund-path surface. The only logic that can move funds is Safe's native owner quorum.
- • Zero Sentinel-controlled signing key. No KMS in the MVP. Sentinel literally cannot write into any customer's on-chain namespace.
- • One on-chain contract: EvidenceRegistry. ≤50 LOC, immutable, no admin, no external calls, no EIP-1271 / EIP-712 relay. Fund-isolated by mechanism — no payable, no transfers, never installed as a Safe guard/module.
- • Per-customer namespace by msg.sender. Cross-customer writes are impossible by mechanism.
- • SentinelPolicyGuard is NOT part of the MVP. It is not required for the core product and not promised as a default roadmap item. It is a future opt-in add-on that the customer can install on their own Safe.
Roadmap
Full roadmap →Dates are targets, not commitments. Mainnet, enforcement, relay, and regulated-adjacent features are gated on customer signal, HashKey ecosystem feedback, funding, operational hardening, and external review.
Live now
Public testnet MVP package
- • Website, docs, and demo surfaces live
- • EvidenceRegistry deployed on HashKey testnet
- • Demo Safe indexed by HashKey Safe Transaction Service
- • KYC SBT badge + verify-root-locally demo
Next target — 30 days
End-to-end customer-signed anchor flow
- • Operator CLI prepares unsigned anchor proposal
- • Safe Wallet review instructions and calldata display
- • EvidenceAnchored event reflected in dashboard
- • Demo screenshots and walkthrough video
Pilot target — 60 days
Closed design-partner loop
- • RWA issuer, stablecoin, DAO, and protocol treasury interviews
- • Policy engine v1 for KYC, concentration, and reserve-rule simulation
- • Customer-held evidence export with Merkle proofs
- • Independent anchor monitor as a separate trust boundary
Mainnet decision — 90 days
Gated production path
- • Grant or pilot funding for review and infrastructure
- • At least one committed design partner or paid pilot scope
- • Production hosting, monitoring, and incident response plan
- • Mainnet EvidenceRegistry only after the gates are satisfied
What Sentinel does NOT do
The MVP imposes structural (not just policy) constraints. There is no key to compromise, no admin to bribe, no upgrade path to abuse.
- • Hold custody of customer funds
- • Hold any signing key for on-chain writes
- • Sign Safe transactions on behalf of customers
- • Issue, mint, or tokenize assets
- • Trade, rebalance, or execute liquidity
- • Provide proof-of-reserve, reserve sufficiency, or reserve attestation
- • Perform compliance attestation or legal disclosure certification
- • Recommend specific allocations, swap counterparties, or yield strategies
- • Operate as a discretionary investment manager, “AI optimizer,” or autonomous agent
- • Claim “compliance-enforced execution” while the MVP gate is off-chain
- • Automate evidence anchoring — customers sign anchor proposals through their own Safe quorum
Design partner cohort
HashKey-ecosystem teams and mid-tier DAO / protocol foundation treasuries (USD 1–50M Safe-managed) are invited to the M1 design partner cohort. 25-minute discovery calls — no sales, no commitment.