SignTrail

Architecture

How SignTrail Fits Your Signing Infrastructure

The runtime provenance-gated control plane, integration options, audit evidence, and how a pilot begins.

Architecture

Runtime Provenance-Gated Signing Control

SignTrail combines transaction payload, runtime provenance, signer identity, and policy context into one signing authorization decision.

End-to-end signing flow
  1. Transaction Request
  2. Payload Canonicalizer
  3. Runtime Collector
  4. Provenance Builder
  5. Policy / Decision Service
  6. Signer-Side Enforcement
  7. Signer
  8. Audit Sink
  1. Layer 1: Transaction Request

    • Raw tx
    • Safe tx
    • Squads tx
    • Fireblocks callback
    • HSM/MPC request
    • Internal signer request
  2. Layer 2: Payload Canonicalizer

    • Canonical payload
    • tx_payload_hash
    • Chain-specific normalization
  3. Layer 3: Runtime Collector

    • exec
    • open/openat
    • connect
    • Process chain
    • File access
    • Network egress
  4. Layer 4: Provenance Builder

    • Event window digest
    • runtime_provenance_digest
    • collector_id
    • Optional collector_signature
  5. Layer 5: Policy / Decision Service

    • signer_id
    • policy_hash
    • Risk rules
    • ALLOW/HOLD/REJECT
    • Signed decision token
  6. Layer 6: Signer-Side Enforcement

    • Public-key verification
    • TTL/replay check
    • Signer mismatch check
    • Fail-closed stop
    External

    Signer

    External signer (HSM/MPC/Fireblocks/Safe/Squads/internal) that SignTrail sits in front of — not a SignTrail layer.

  7. Layer 7: Audit Sink

    • Decision record
    • Execution result
    • Hash-chain audit log
    • Evidence export

Integration

Designed to Sit in Front of Existing Signing Infrastructure

No replacement. No migration. Add a pre-sign gate to the workflow you already use.

  • Local Signer Proxy

    For internal signer or hot wallet signer workflows.

  • HSM/MPC Adapter

    Before signing API calls or MPC signing requests.

  • Fireblocks Callback

    Evaluate transaction payload and context before callback approval.

  • Safe Module/Guard

    Pre-sign or pre-execution verification for Safe transactions.

  • Squads/Solana Adapter

    Interpret Solana instructions and authority changes before execution.

  • Custom API / Enterprise Gateway

    For exchanges, custody platforms, and internal wallet systems.

Audit & Evidence

Every Signing Decision Must Be Explainable

SignTrail records why a request was allowed, held, or rejected.

  • ALLOW
    1. 1
      Received
    2. 2
      Payload verified
    3. 3
      Path verified
    4. 4
      Policy passed
    5. 5
      Signature allowed
  • HOLD
    1. 1
      Risk signal
    2. 2
      Manual review
    3. 3
      Approval context requested
    4. 4
      Isolated from signer
  • REJECT
    1. 1
      Payload mismatch
    2. 2
      Invalid decision artifact
    3. 3
      Unknown signer
    4. 4
      Runtime provenance mismatch

Evidence left behind

  • EV-01

    Decision evidence

  • EV-02

    Execution record

  • EV-03

    Review workflow

  • EV-04

    Compliance export

  • EV-05

    Hash-chain audit log

Audit evidence is not an afterthought. It is part of the signing decision.

Pilot Program

Start With One Critical Signing Workflow

A SignTrail pilot can begin in shadow mode without interrupting production operations.

  1. 1

    Signing Workflow Mapping

  2. 2

    Shadow Mode Integration

    observe, no block

  3. 3

    Risk Review Dashboard

  4. 4

    Controlled Enforcement

Start in shadow mode. Enforce only when the customer is ready.