Architecture

Two integration paths. Use the API alone, or combine it with the on-chain Oracle for protocol-level enforcement.

What makes Overvoid different

Every other compliance platform operates entirely off-chain. They monitor transactions, generate alerts, and file SARs — but they can't enforce compliance at the protocol level. A flagged entity can still transact freely until a human intervenes.

Overvoid is the only platform that combines a full off-chain compliance engine (API) with on-chain enforcement (Oracle). When your compliance team decides to freeze an entity, the Oracle blocks that wallet from transacting — on every chain, in every DeFi protocol that integrates the hook. No manual wallet blacklisting. No waiting for an exchange to act.

Two Integration Paths

Path A

API Only

Use Overvoid as a pure compliance platform. Ingest transactions via API, get monitoring alerts, manage cases, file SARs. No smart contract integration needed.

✓Transaction monitoring (33 rules + ML triage)
✓Sanctions & PEP screening
✓Case management & SAR/CTR filing
✓Entity onboarding (KYC/KYB)
✓AI copilot & investigation agents
✓Per-tenant ML that learns from your analysts

Best for: exchanges, custodians, payment processors, fintechs that handle compliance off-chain.

Path B

API + Oracle

Everything in Path A, plus on-chain enforcement. The ComplianceOracle stores compliance state on-chain. DeFi protocols query it before executing swaps, LP, or transfers.

✓Everything in Path A
★On-chain compliance status per wallet
★Automated freeze on CRITICAL alerts
★DeFi protocol gating (12 protocols: Uniswap, Balancer, Aave, Compound, Morpho, Lido, EigenLayer, Euler, Curve, Pendle, Aerodrome, MakerDAO/Sky)
★Travel Rule registry on-chain
★Multi-chain enforcement (Ethereum, Arbitrum, Base)

Best for: stablecoin issuers, token issuers, DeFi protocols, RWA platforms that need protocol-level compliance.

How They Work Together

Entity onboarded via API
  │
  ├─ Screening (sanctions, PEP, adverse media)
  ├─ Risk scoring
  └─ Compliance flags packed (KYB ✓, AML ✓, Sanctions ✓)
       │
       ├─ [Path A: API Only]
       │    Flags stored in database
       │    Alerts → Cases → SAR filing
       │    ML learns from analyst reviews
       │
       └─ [Path B: API + Oracle]
            Flags written to ComplianceOracle on-chain
            │
            ├─ DeFi protocols call canTransfer(from, to, amount)
            │   Returns (compliant, reasonCode)
            │
            ├─ DeFi hooks/routers check compliance before swaps, supply, borrow, stake
            │   12 protocols: Uniswap, Balancer, Aave, Compound, Morpho, Lido, EigenLayer, Euler, Curve, Pendle, Aerodrome, MakerDAO/Sky
            │   Non-compliant wallets blocked — exits never gated (funds never trapped)
            │
            ├─ CRITICAL alert → automatic freeze on all chains
            │   Oracle revokes compliance flags
            │   Wallet can't transact until resolved
            │
            └─ Travel Rule data submitted on-chain
                IVMS101 hashes stored in TravelRuleRegistry

ComplianceOracle

The Oracle is a UUPS-upgradeable smart contract deployed on each supported chain. It stores per-wallet compliance status as bit-packed flags with expiration timestamps.

Function	Purpose	Access
`canTransfer(from, to, amount)`	Check if a transfer is compliant. Returns `(bool, reasonCode)`	Public view
`isCompliantHolder(account)`	Check if a wallet can hold tokens (KYB + sanctions)	Public view
`setComplianceStatus(account, ...)`	Write compliance flags on-chain (called by Overvoid backend)	Oracle signer
`revokeCompliance(account, flags)`	Revoke compliance (freeze) — triggered by CRITICAL alerts	Oracle signer

The Oracle enforces, it doesn't decide. All compliance decisions are made by the API (rules engine + ML + human review). The Oracle is a write-once enforcement layer — it reflects decisions already made, not makes new ones. This is important: compliance is always human-in-the-loop. The Oracle just makes enforcement instant and protocol-wide.

Why This Matters Now

The GENIUS Act (signed July 2025, regulations effective July 2026) requires stablecoin issuers to have the technical capability to freeze illicit transfers. This is exactly what the ComplianceOracle does.

Without on-chain enforcement, issuers must rely on exchange cooperation to freeze funds — which is slow, incomplete, and doesn't cover DeFi. With the Oracle, a freeze is instant, covers all integrated protocols, and is auditable on-chain.

33 Rules → ML (Both Paths)

The monitoring engine starts with 33 configurable rules covering structuring, velocity anomalies, cross-chain patterns, geographic risk, fiat-crypto correlation, and more. Every rule's thresholds, severity, and mode (active, shadow, or disabled) are tunable per tenant through the compliance portal — no engineering tickets.

But the rules are just the starting point. As your analysts review alerts and mark them as true or false positives, those decisions train a per-tenant ML model that gets smarter over time:

1.Day 1: 33 rules generate alerts. A foundation model provides baseline prioritization so your team reviews the most important alerts first.
2.200 reviews: ML starts assisting — personalized to your specific risk patterns and business context. Rules keep firing, ML learns which ones matter for your entity types.
3.2,000 reviews: Auto-triage activates — clear false positives are dismissed automatically. Your analysts focus only on real risks. Rules continue as the signal source, ML handles the noise.

Rules and ML are not either/or. The rules are the detection layer — they catch suspicious patterns. The ML model is the triage layer — it learns which detections are real threats vs. normal business for your specific tenant. You tune the rules, and the ML adapts to your tuning. They compound.

The model auto-tunes to each tenant's data, provides explainable factor attribution for every decision, incorporates network topology analysis, and continuously monitors for drift. Every automated decision is logged and auditable.

Which Path Should I Choose?

If you are...	Use	Why
Centralized exchange	API Only	You already control the order book. On-chain enforcement adds complexity without benefit.
Fiat on/off ramp	API Only	Compliance happens at the fiat gateway, not on-chain.
Stablecoin issuer	API + Oracle	GENIUS Act requires freeze capability. Your token circulates in DeFi — you need protocol-level control.
Token issuer (RWA, security tokens)	API + Oracle	Regulated assets need transfer restrictions enforced at the contract level, not just monitored.
DeFi protocol	API + Oracle	Integrate the ComplianceHook to gate swaps and LP. No custody of user funds required.
Custodian / wallet provider	API Only	You control disbursement. Use the API to screen before sending.

Next Steps

Quickstart — Make your first API call in 5 minutes
Smart Contracts — ComplianceOracle, Hook, and TravelRule contract details
Transaction Monitoring — 33 rules + ML triage documentation
Data Ingestion — How to send transactions to the API