Skip to content
Oris Docs
Sign in Get API Key

L3 Veris

L3 LIVE

L3 is the compliance engine. It is a Rust gRPC service that produces a signed attestation for every transaction: sanctions clean, risk tier set, drift score computed. The attestation is BLS12-377 signed by the Veris MPC ring, separate from the Oris MPC ring that signs policy roots.

What it does

Given an agent_did, the counterparty, and the transaction intent, L3 returns:

  • sanctions_clean: bool — both parties pass every active sanctions list.
  • risk_tier: enum(Low | Medium | High | Blocked) — composite risk classification.
  • drift_score_bp: u16 — behavioral drift in basis points (0 to 10000).
  • signer_pubkey + signature — BLS aggregate signed by the Veris MPC quorum.

If risk_tier = Blocked or sanctions_clean = false, downstream layers will reject the bundle. The attestation is also valid evidence in a sealed envelope for a regulator review.

Latency

Stepp50p99
Sanctions cache read0.8 ms2 ms
Risk tier hot-path rules1.4 ms4 ms
Drift score (online features)0.9 ms3 ms
BLS12-377 aggregate sign1.0 ms5 ms
Total attest4.4 ms15 ms

Async ML models for deep risk profiling run out of band and feed back into the rule set. The hot path stays purely rule-based to hold the latency budget.

Sanctions coverage

Hybrid feed model. Always-on sources plus configurable third-party providers.

SourceUpdate cadenceCoverage
OFAC SDN (US)6 hSpecially Designated Nationals
UN Security Council6 hConsolidated sanctions list
EU Sanctions Map12 hEU restrictive measures
Chainalysis Sanctions APIliveAddress-level taint
TRM Labs APIliveAddress-level taint
Internal labeled-address graphliveMixers, sanctioned protocols

A counterparty address is sanctions_clean = false if any source returns a hit. The matched source is recorded in the attestation for downstream disclosure.

Risk tier rules

The tier is composed deterministically from twelve features. The full rule table is documented in sanctions screening. Headline rules:

  • Low — counterparty in whitelist, no historical drift, amount under one thousand dollars.
  • Medium — counterparty unknown, no historical drift, amount under ten thousand dollars.
  • High — counterparty unknown, mild drift, amount under one hundred thousand dollars.
  • Blocked — counterparty sanctioned, severe drift, or amount above one hundred thousand dollars without enterprise attestation.

Blocked is a hard stop. The bundle does not assemble.

Drift score

Drift is the distance between an incoming transaction and the agent’s behavioral baseline. The baseline captures:

  • typical counterparty cluster
  • typical asset and chain mix
  • typical hourly and daily volume
  • transaction-size distribution

Drift score is recorded in basis points. Above the policy threshold the agent demotes one KYA level on the next evaluation cycle. See KYA requirements for the demotion rules.

Signing scheme

BLS12-377 aggregate signatures. The Veris MPC ring holds the share custody in Vault Transit. Single-region for v1, multi-region for v2.

The signing pubkey is published at:

https://api.useoris.xyz/v1/veris/pubkey

Cache it. The pubkey rotates only on key-rotation events, which are signed by the previous quorum.

SDK example

from oris import OrisClient


client = OrisClient(...)


attest = client.compliance.attest(
    agent_id=agent.id,
    counterparty="0xA1b2...",
    amount=12.50,
    chain="base-sepolia",
)


print(attest.sanctions_clean)
print(attest.risk_tier)
print(attest.drift_score_bp)
print(attest.signer_pubkey)
print(attest.evaluated_at)
print(attest.expires_at)

What flows into the bundle

The full attestation block is embedded in every Compliance Bundle under veris_attestation. Eleven fields are signed by the Veris MPC quorum and shipped verbatim. A verifier replays the BLS signature against the embedded pubkey, then confirms the attestation against the policy verdict at L2.

Deploy state

The Veris engine runs as a managed gRPC service secured with mutual TLS. It passed its security audit with all critical and important findings closed.

Where to go next