LogoBook of DALP
Asset Tokenization Kit

Custody Operations

ATK ships bank-grade key control, policy automation, and custodian adapters so assets and controls stay aligned.

What the custody layer delivers

ATK supports self-custody, institutional sub-custody, and third-party vaults under one policy model. Hardware wallets, HSM-backed platforms, and bank custodians plug into the same control plane, so institutions keep their preferred vendors without losing governance.

The stack was designed for network choice too. The same policy engine and signer services run across public chains, consortium rollouts, and private EVM networks, so teams match jurisdictional needs without splintering their build.

Threshold signatures, HSM support, and dedicated HSM deployments remove single points of failure. Critical actions require approvals bound to policy statements, keeping routine flows fast while stopping unauthorized transfers at the signer.

A single Bun-based signer exposes JSON-RPC and OpenAPI surfaces for key management and transaction orchestration. Storage providers load at runtime, letting the same binary run in Postgres-backed, KMS-wrapped, or full HSM mode without code changes. Memory stays locked, buffers zeroize, and every sensitive workflow demands explicit approval.

Key storage tiers

Postgres storage with pgsodium encryption keeps secrets local while the platform secrets store manages the server key. It is the quickest path to a secure pilot without extra hardware.

The custody container bundles Biome, Drizzle, viem, Noble crypto, and shadcn/ui tooling, ships non-root and read-only, and includes vendor PKCS#11 libraries under /opt/pkcs11 so deployments move cleanly between cloud, on-prem, or air-gapped clusters.

Policy, compliance, and settlement

The same compliance engine that governs transfers applies to custody calls: RBAC and ABAC statements gate every method, whitelists block disallowed wallets, and maker-checker flows capture dual control. Standardized custodian adapters (Fireblocks, Metaco, others) align with the payment-rails architecture so cash and tokens settle together.

Look-through tooling reconciles omnibus accounts with beneficiary-level eligibility. Recovery runbooks document backup material, multi-site DR, and re-verification so key loss never cascades into missed settlement windows.

Interfaces and flows

Custody onboarding begins with a provider handshake that maps accounts to issuers. Once registered, the orchestrator submits notarized moves that respect both ATK policy and the custodian’s own approval stack. Execution follows a simple loop: proposal -> validation -> approval -> broadcast. Proposals enter the queue, policy validators review them, and only then does ATK dispatch the transaction on-chain or to the payment rail.

Operational dashboards surface wallet posture, cold-storage ratios, policy exceptions, and real-time notifications. Finance and risk teams monitor the same telemetry without touching secret material.

Custody in ATK keeps the asset path, compliance engine, and bank connections synchronized, which is what risk committees expect before green-lighting production.

Servicing

ATK handles coupons, redemptions, distributions, and vault events without spreadsheet choreography.

Settlement & Interop

ATK treats T+0 as the baseline: atomic swaps, settlement validators, and payment-rail adapters remove counterparty gaps.

On this page

What the custody layer deliversKey storage tiersPolicy, compliance, and settlementInterfaces and flows