14. 14-Step Transaction Flow
Stage 9 정식 명세 · 각 step 의 DB row 생성·갱신 매핑transaction-lifecycle.md, p.4-5 + fireblocks-cloud-architecture.md 정합. 모든 service handoff 에 zero-trust 검증.
sequenceDiagram
participant User
participant API as Dev API Gateway
participant Auth as Auth Engine (SGX)
participant TM as Transaction Manager
participant BS as Balance Service
participant SS as Screening Service
participant AML as AML Provider
participant PE as Policy Engine (SGX)
participant SV as Secure Vault (SGX)
participant CSE as Co-Signer Engine (SGX)
participant C1 as Co-Signer 1 (FB SGX)
participant C2 as Co-Signer 2 (FB SGX)
participant C3 as Co-Signer 3 (Customer)
participant Node
User->>API: 1. tx request
API-->>API: 2. JWT 서명 access token
API->>Auth: 3-4. JWT 검증 (cert store + Auth Engine)
Auth-->>API: validated
API->>TM: 5. tx
TM->>BS: 5a. balance check
BS->>Node: query
TM->>SS: 5b/5c. AML + Travel Rule
SS->>AML: query (Chainalysis / Elliptic / Notabene)
TM->>PE: 6-7. policy evaluation (SGX)
PE-->>PE: auto-approve OR collect approvals
PE->>SV: 8. signing 개시
SV->>CSE: 9. tx request cache (UUID + Policy rules)
CSE->>C1: 10. signing ceremony
CSE->>C2: 10. signing ceremony
CSE->>C3: 10. signing ceremony
C3->>CSE: partial sig
Note over C3: optional Callback Handler attached
CSE->>Auth: 11. partial signature hash 검증
CSE->>SV: 12. signed tx 조립
SV->>Node: 13. broadcast
Node-->>Blockchain: 14. 최종 broadcast
Figure 6. 14-step transaction flow — Auth Engine / Policy Engine / Secure Vault / Co-Signer Engine 모두 SGX (Azure). Co-Signer 3 가 customer-side.
Step 별 DB row 매핑
| Step | Action | DB row 생성/갱신 |
|---|---|---|
| 1 | User → API tx request | transactions INSERT (status=SUBMITTED) |
| 2-4 | JWT 발급 + Auth Engine 검증 | auth_tokens INSERT (access token, 6h) |
| 5a | Balance Service → Node | (stateless query, no DB write) |
| 5b | Screening Service → AML Provider | aml_screening_results INSERT (status=PENDING_AML_SCREENING) |
| 5c | Screening Service → Travel Rule | travel_rule_records INSERT |
| 6-7 | Policy Engine 평가 | approval_requests INSERT (status=PENDING_AUTHORIZATION), approval_decisions INSERT per approver |
| 8 | 충분한 approvals → Secure Vault | transactions.status = QUEUED → PENDING_SIGNATURE |
| 9 | Vault tx request cache → Co-Signer Engine | signing_requests INSERT (UUID + policy_rule_ref) |
| 10 | Co-Signer 1/2/3 signing ceremony | signing_events INSERT per share (append-only) |
| 10a | Co-Signer 3 → Callback Handler | callback_invocations INSERT (optional) |
| 11 | Auth Engine partial sig hash 검증 | (SGX-internal, no DB write) |
| 12 | Secure Vault 서명된 tx 조립 | transactions.raw_payload_cbor SET (set-once) |
| 13 | Node infrastructure broadcast | broadcast_attempts INSERT, transactions.status = BROADCASTING |
| 14 | Blockchain 최종 broadcast | transactions.tx_hash SET (set-once), status = CONFIRMING |
Zero-Trust Handoff 의 DB 함의
각 service handoff 마다 derived cert 검증 — service-to-service 호출 자체가 audit event. service_handoff_events 테이블 (append-only) 에 from_service / to_service / cert_chain_hash / occurred_at 기록.