Sentinel TreasuryDocs

Roadmap

Professional roadmap

A public delivery plan for Sentinel Treasury's HashKey testnet MVP. Dates are targets, not commitments. Mainnet, enforcement, relay, and regulated-adjacent features are gated on customer signal, HashKey ecosystem feedback, funding, operational hardening, and external review.

Current state: Sentinel is an unaudited testnet MVP. It is non-custodial, read-only over treasury data, prepares unsigned proposals only, and leaves execution plus evidence anchoring under the customer's Safe owner quorum.

What is already live

  • Public landing, docs, and testnet demo surfaces live.
  • HashKey testnet EvidenceRegistry deployed and source-verified.
  • Customer-owned demo Safe deployed and indexed by HashKey Safe Transaction Service.
  • Read-only Safe ingestion, KYC SBT badge, exposure analytics, and proposal history visible in the demo.
  • Browser-side verify-root-locally flow with tamper simulation for evidence anchors.

Milestone plan

Live now

Public testnet MVP package

M0 / M1-A / M1-B

A working public package for HashKey grant and design-partner review: website, docs, demo Safe, testnet EvidenceRegistry, KYC SBT read path, read-only treasury dashboard, and local Merkle verification.

  • Public demo runs on HashKey testnet only; no real funds.
  • Sentinel never signs or executes Safe transactions.
  • Evidence root verification runs in the customer's browser.
  • Scope boundary is visible on every public surface.

Next

End-to-end anchor preparation

Target: next 30 days

Close the remaining M1 demo loop without expanding Sentinel's trust surface: operator prepares the unsigned anchor proposal, customer Safe owners review, verify, sign, and execute through Safe.

  • Operator CLI prepares EvidenceRegistry.anchor(batchId, root) MetaTransactionData.
  • Demo UI exposes Safe Wallet copy/sign instructions and calldata review.
  • EvidenceAnchored event is detected and reflected back in the dashboard.
  • Demo screenshots and short walkthrough video are recorded.

Pilot readiness

Closed design-partner loop

Target: 60 days

Turn the testnet MVP into a pilot-ready workflow for HashKey-native Safe treasuries while keeping the product read-only and non-custodial.

  • Design-partner interviews with RWA issuer, stablecoin, DAO, and protocol treasury operators.
  • Policy engine v1: KYC-tier thresholds, concentration warnings, and reserve-rule simulation.
  • Customer-held evidence package: audit-log export, Merkle proofs, and anchor references.
  • Independent anchor monitor as a separate read-only trust boundary.

Commercial gate

Mainnet decision path

Target: 90 days

Mainnet is a decision, not a default deployment. The project only moves beyond testnet after customer signal, funding support, operational hardening, and external review.

  • Grant or pilot funding secured for security review and infrastructure.
  • At least one committed design partner or paid pilot scope.
  • Production hosting, monitoring, incident response, and data-retention plan.
  • EvidenceRegistry mainnet deployment considered only after the above gates.

Mainnet gates

The HashKey mainnet path is deliberately gated. The hackathon mainnet marker is a deployment marker only, not the production evidence anchor contract. EvidenceRegistry mainnet deployment should happen only after the gates below are satisfied.

Customer signal
A real Safe treasury team confirms the workflow solves an operational problem they would pilot.
HashKey signal
HashKey ecosystem feedback supports continuing the single-chain KYC SBT + Safe treasury direction.
Security review
External review before any mainnet deployment that customers depend on, and before any future Guard or relay surface.
Operational readiness
Hosted backend, monitoring, backup, incident response, and clear fail-open / fail-closed behavior are documented.
Commercial readiness
Pilot terms, support expectations, and scope boundaries are explicit before production onboarding.

Deferred by design

SentinelPolicyGuard

A future opt-in ITransactionGuard add-on that a customer could install on their own Safe. It is not part of the MVP and not promised as a default. If ever built, it requires independent review and strict never-brick / always-removable invariants.

EIP-1271 relay anchoring

A customer-authorized relay path is deferred. In the MVP, the customer's Safe owner quorum is the only writer to EvidenceRegistry; Sentinel does not relay anchors.

Multi-chain ingestion

Later-phase only. The MVP is intentionally HashKey-native because the KYC SBT gate is the product's compliance context.

Deeper integrations

ZKID, HSP, custodian connectors, and richer RWA disclosure workflows are demand-gated integrations, not part of the current MVP scope.

Claim boundary

Sentinel logs operational evidence: what happened, by whom, against which policy, and when. It does not provide proof-of-reserve, reserve sufficiency, reserve attestation, compliance attestation, or legal disclosure certification.
← For developers