Proposal: TokenProof — reusable on-ledger compliance primitive for CIP-0056 tokens (working PoC, CI green)

OPENPull Request
by Mharris4019-04-2026Incoming
needs-sig-label
References:CIP-0056
View on GitHub ↗← All Proposals

Development Fund Proposal Submission

Proposal file: Find the Proposal at https://github.com/Mharris40/canton-dev-fund/blob/proposal-tokenproof/proposals/tokenproof.md

Summary

TokenProof is a shared, open-source compliance primitive for the Canton Network — designed to be reusable across CIP-0056 token implementations and DvP settlement workflows.

The PoC is already running on Canton local ledger. This is a production hardening proposal, not a greenfield request.

  • Repo (Apache 2.0): https://github.com/Compliledger/canton_tokenproof
  • Architecture: https://github.com/Compliledger/canton_tokenproof/blob/main/docs/architecture.md
  • CI: https://github.com/Compliledger/canton_tokenproof/actions

Why shared ecosystem infrastructure matters

Without a reusable on-ledger compliance primitive, each issuer, custodian, exchange, transfer agent, and settlement participant must independently implement proprietary off-ledger compliance orchestration.

This creates:

  • Fragmented enforcement logic across the ecosystem
  • Inconsistent audit evidence between participants
  • Higher integration complexity for tokenized asset workflows
  • Increased operational and regulatory risk
  • No common compliance state portable across settlement participants

TokenProof standardises compliance enforcement into a reusable Canton-native primitive:

  • reusable across CIP-0056 token implementations
  • composable across DvP workflows
  • independently auditable
  • privacy-preserving by design
  • portable across institutional participants

This reduces duplicated infrastructure effort while improving interoperability, auditability, and deterministic enforcement across Canton-based tokenized markets.

---

CI evidence — all 3 DAML packages green

dpm build --all + dpm test passing on every push to main.

| Package | dpm build | dpm test | |---|---|---| | daml/ — ComplianceProof, ComplianceGuard, EvaluationRequest | ✓ pass | ✓ pass | | examples/cip0056-gated-transfer/ — TokenBond atomic DvP | ✓ pass | ✓ pass | | examples/stablecoin-genius-act/ — GENIUS Act stablecoin | ✓ pass | ✓ pass |

dpm test output (all 5 tests passing):

✔ complianceProofLifecycleTest   (6 transactions)
✔ transferGateTest               (5 transactions)
✔ atomicDvPDemo                  (5 transactions)
✔ dvpWorkflowDemo                (4 transactions)
✔ geniusActMintingDemo           (5 transactions)

Key behaviours verified:

  • Active → Suspended → Revoked lifecycle enforced
  • Transfer succeeds when decisionStatus == Active
  • Transfer fails (submitMustFail) when Revoked or Suspended — atomic compliance gate confirmed
  • Payment + compliance check + asset transfer in one Canton transaction (DvP)
  • Proof hash anchored and retrieved via ACS query

---

Problem this solves

Digital asset regulation is shifting from disclosure-based to enforcement-based compliance. GENIUS Act, CLARITY Act, and SEC/CFTC guidance all share a common requirement:

Compliance must be enforceable at the point of transaction, verifiable after execution, and auditable with a deterministic record.

Today, RWA workflows perform compliance checks off-ledger before submitting a transaction. This creates:

  • Race conditions between evaluation and settlement
  • No verifiable record of what compliance state was enforced
  • Inability for regulators to independently verify decisions
  • Duplicated compliance infrastructure across participants

This is not just an architectural limitation — it is a regulatory exposure.

---

Why now

Emerging digital asset regulation is increasing pressure for transaction-level compliance enforcement and deterministic auditability.

Frameworks including:

  • the GENIUS Act
  • the CLARITY Act
  • SEC/CFTC tokenization guidance
  • institutional stablecoin oversight expectations

are shifting compliance requirements toward:

  • provable enforcement
  • transaction-time authorization
  • independently auditable state
  • operational accountability

TokenProof positions Canton as infrastructure capable of supporting these emerging operational requirements natively at the transaction layer.

---

Core primitives introduced by TokenProof

ComplianceProof

Reusable on-ledger compliance state object containing:

  • evaluation result
  • policy version
  • proof hash
  • lifecycle state
  • timestamped audit evidence

ComplianceGuard

Reusable interface enabling CIP-0056 token implementations to enforce compliance gating directly inside Transfer execution.

EvaluationRequest

Composable workflow primitive for requesting and resolving compliance evaluations prior to settlement execution.

Deterministic proof verification

Compliance proof hashes are independently recomputable and auditable by any authorized participant.

Regulator observer model

Party-scoped visibility enables privacy-preserving supervisory access without exposing