proxmox/docs/dbis-rail/ISO_GATEWAY_AND_RELAYER_SPEC.md

DBIS Rail — ISO Gateway and Relayer (Phase 6 Spec)

Purpose: Off-chain components that produce MintAuth and submit to DBIS_SettlementRouter (and optionally SwapAuth to DBIS_ConversionRouter). Implement per Code Completion Task List Phase 6.

1. ISO Gateway (off-chain)

• Ingest: ISO-20022 messages (pacs/camt/pain).
• Compliance: KYC/AML/sanctions/limits per Rulebook.
• Ledger: Post double-entry; compute accountingRef = keccak256(ledgerSystemId, journalId, batchNumber, postingTimestamp, reserveAccountId) per Rulebook §3.2.
• Canonical bundle: Build ISO evidence bundle; canonicalize per Hash Canonicalization v1.5; set isoHash = keccak256(utf8(canonicalBundle)).
• FundsStatus: Set ON_LEDGER_FINAL or OFF_LEDGER_FINAL per Good Funds Matrix (Rulebook §2).
• MintAuth: Build EIP-712 MintAuth (chainId 138, verifyingContract = SettlementRouter address, recipients, amounts, notBefore, expiresAt, etc.).
• Signatures: Request threshold signatures from allowlisted signers (3-of-5, COMPLIANCE mandatory) per SignerRegistry.

2. MintAuth Relayer

• Input: Signed MintAuth + array of 65-byte ECDSA signatures.
• Action: Call DBIS_SettlementRouter.submitMintAuth(auth, signatures) on Chain 138 (RPC from .env).
• Tooling: Script or service (e.g. Node/TS with ethers/viem) using PRIVATE_KEY for gas; or a relayer key with no custody of funds.

3. SwapAuth (optional)

• Build SwapAuthorization; get quote (RFQ/TWAP/aggregator); set quoteHash, quoteIssuer; get 2-of-4 or 3-of-5+COMPLIANCE signatures per amount; call DBIS_ConversionRouter.submitSwapAuth(auth, signatures, amountOut) after executing the swap so that amountOut >= minAmountOut.

4. Signer key management (runbook)

• Document HSM or equivalent, key rotation, emergency revoke and key compromise drill per EMERGENCY_REVOKE_AND_KEY_COMPROMISE and Rulebook §6.4.