Programmable Compliance Layer (PCL)
An on-chain framework for defining and enforcing custom transaction rules and regulatory policies.
The Programmable Compliance Layer (PCL) is a core module of the Maroo network that enables the creation and enforcement of compliance policies directly on the blockchain. It intercepts transactions before they are processed, validating them against a set of global and contract-specific rules. This allows for the implementation of complex regulatory requirements, such as KYC/AML checks, transfer restrictions, and volume limits, without altering the core logic of smart contracts.
Key Features
Global and Contract-Specific Policies
Apply rules across the entire network or target specific smart contracts for granular control.
Template-Based Policy Creation
Use pre-defined, reusable policy templates (e.g., Denylist, Volume Limits, EAS Attestation) to quickly configure complex rules.
Seamless EVM Integration
Policies are automatically enforced on both native Cosmos SDK messages and standard Ethereum transactions, ensuring consistent compliance.
Extensible via EAS
Leverages the Ethereum Attestation Service (EAS) to enforce rules based on on-chain attestations, enabling sophisticated identity and credential checks.
Architecture
graph TD
subgraph Transaction Lifecycle
A[Tx Submitted] --> B{PclAnteDecorator};
B -- Global Policies --> C{Policy Validator};
C -- Valid --> D[Execute Tx];
C -- Invalid --> E[Reject Tx];
D --> F[State Change];
end
subgraph EVM Execution
G[Contract Call] --> H{EVM Pre-execution Hook};
H -- Global/Contract Policies --> I(PCL Keeper);
I --> J{Policy Validator};
J -- Valid --> K[Execute EVM Logic];
J -- Invalid --> L[Revert Tx];
end
subgraph PCL State
M[Policy Admin] -- Manages --> N(Policy Templates);
M -- Manages --> O(Global Policy Config);
P[Contract Admin] -- Manages --> Q(Contract Policy Config);
N --> O;
N --> Q;
end The PCL integrates into the transaction lifecycle via an Ante Handler for global checks and into the EVM via pre-execution hooks for both global and contract-specific checks. All policy configurations are stored on-chain and managed by designated admin accounts.
Policy Enforcement Flow
For any transaction, whether it's a native token transfer (
bank/MsgSend) or an EVM smart contract call, it first passes through a series of preliminary checks called an AnteHandler. Maroo includes a PclAnteDecorator in this handler chain. This decorator automatically loads all active Global Policies and runs them against the transaction's details (sender, recipient, value, etc.). If any global policy check fails, the entire transaction is rejected before it can consume significant gas or be processed by its destination module.For EVM transactions, an additional check occurs. The Maroo EVM is configured with hooks that call into the PCL keeper before executing a call. This allows the PCL to check not only Global Policies but also any Contract-Specific Policies that apply to the target contract address. This dual-check mechanism ensures that compliance is enforced consistently across the entire network.
Policy Templates and Configuration
PolicyTemplate is a blueprint for a type of rule. It defines a name, a description, and a JSON schema for the parameters it requires. Maroo comes with several built-in templates, such as DENYLIST_POLICY, VOLUME_POLICY, and EAS_POLICY.The
PolicyAdmin, a privileged account set in the module's parameters (controllable by governance), is responsible for registering and managing these templates.To activate a rule, an administrator creates a
UnitPolicy, which is a reference to a template filled with concrete parameters. For example, to create a denylist, one would create a UnitPolicy pointing to the DENYLIST_POLICY template and provide a JSON object containing the list of banned addresses as its parameters. These UnitPolicy objects are then grouped into a GlobalPolicyConfig or ContractPolicyConfig to be applied.