(no title)

I built a stateless blockchain compliance API as a solo developer. Most compliance tooling in the crypto/fintech space is either enterprise-only, closed, expensive, or requires storing user data. I wanted to see how far a fully stateless model can go.

What it does: • AML / sanctions check (advisory only) • ISO20022 XML validation (pacs.008/pain.001) • Cross-border payment rule checks • RWA attestation • Multi-chain wallet validation (BTC, ETH, MATIC, XLM, XRPL, HBAR)

Architecture: • AWS API Gateway + Lambda (Python) • No PII stored • External RPC reads • Single-region deployment • DynamoDB used only for rate limits / usage • No multi-region failover yet

What it does not have: • No SOC2 / ISO27001 • No enterprise SLA • No deterministic RPC fallback yet • Sandbox depends on public RPC stability

Why I’m posting: Looking for technical feedback on: 1. Whether stateless design makes sense for compliance 2. RPC reliability strategies 3. Minimum viable SLA devs expect 4. Anything obviously insecure or naive

Links: Docs: https://zkorigoplus.com/architecture.html Sandbox (no signup): https://zkorigoapi.com

Happy to answer questions.