NautLense
The compliance engine nobody else built. Banking-grade sanctions screening, multi-jurisdiction Travel Rule, cryptographic wallet verification, and emergency lockdown — all without a middleman. Built on SecondBrain's 170K+ record knowledge base. Powers NautPay and works standalone for any fintech.
Express.js · PostgreSQL 16 · pgvector · SecondBrain · Neo4j · Redis · AWS KMS · Solana · TypeScript
2024-present
Crypto compliance tools are either too simple (static sanctions lists, no context) or too expensive (Notabene charges per-transfer and routes all data through their infrastructure).
No existing solution gives operators full control: self-hosted data, direct VASP-to-VASP communication, multi-jurisdiction Travel Rule, and emergency response — without a middleman taking a cut and holding your compliance data hostage.
NautLense is a self-hosted compliance engine built on SecondBrain's organizational intelligence.
It doesn't just check addresses against static lists — it uses a knowledge graph (170K+ production records) to understand payment patterns, detect anomalies, and correlate behavior across wallets and chains.
Travel Rule enforcement is jurisdiction-specific: Switzerland (FINMA, 0 CHF threshold), Germany (BaFin), Austria (FMA — strictest), and EU (TFR 2023/1113).
Wallet verification uses the Poco protocol — ed25519/secp256k1 cryptographic signature challenges that prove ownership without private key exposure.
And when regulators call, INIT LOCKDOWN freezes everything with zero latency.
No Middleman
Direct VASP-to-VASP compliance data exchange. Unlike Notabene's hub-and-spoke model, NautLense keeps regulated data under the operator's control. Self-hosted, self-sovereign.
Multi-Jurisdiction Travel Rule
FATF Recommendation 16 implemented per-jurisdiction. Switzerland requires name + account + one alternative (address/DOB/national ID). Austria requires everything (strictest). Completeness scored 0.0–1.0.
Built on SecondBrain Intelligence
170K+ production records from SecondBrain power pattern detection. Goes beyond static sanctions lists to understand behavioral context — layering, structuring, circular transfers — before they trigger regulatory alerts.
Poco Wallet Verification
Cryptographic proof of wallet ownership via ed25519 (Solana) and secp256k1 (EVM) signature challenges. Five-word slug + nonce, 30-minute expiry, one-year verified state. No private key exposure.
INIT LOCKDOWN
Zero-latency emergency freeze. In-memory enforcement (no database roundtrip) with persistent audit trail. When authorities issue freeze orders, every transaction returns HTTP 423 Locked instantly. Dashboard shows red banner, blocked count, full history.
Tamper-Proof Audit Trail
SHA256 hash chain links every transaction immutably. Each transaction hashes the previous one. Breaking the chain triggers critical notifications automatically. Regulators can verify the entire history is intact.
Connecting SecondBrain's knowledge graph to real-time payment streams without introducing latency — compliance screening must be invisible to the user, not a 3-second loading spinner
Codifying four jurisdictions' Travel Rule requirements into a single engine — each country interprets FATF Recommendation 16 differently, and Austria's requirements are so strict they break most implementations
Building pattern detection that distinguishes legitimate DeFi activity from money laundering — the on-chain behaviors look identical, and false positives destroy user trust
Designing graceful degradation so NautLense works with just PostgreSQL — Neo4j, Redis, and Qdrant are optional enhancements, not hard dependencies. The system must never go down because an optional service is offline