Skip to main content

Transparency

TL;DR

GET /transparency is a public proof-of-reserves: for every mint it reports the outstanding note value (the venue's liability) against the actual SPL balance held in the vault (the assets). Anyone can verify the vault covers what it owes, with no login and no trust in the operator's word.

A dark pool hides individual orders and balances, but solvency should still be publicly checkable. Transparency squares that circle: it never reveals who owns what, but it proves, in aggregate, that the assets in custody cover the liabilities the notes represent, and it ties the response to a specific, measured engine.

GET /transparency

GET /transparency

Public, with no authentication.

Response

{
"reserves": {
"merkle_root": "…",
"leaf_count": 4096,
"per_mint": [
{
"mint": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
"outstanding": "1250000.00",
"vault_balance": "1250000.00",
"stale": false
}
]
},
"tee": {
"app_id": "…",
"compose_hash": "…",
"mrtd": "…",
"signer_pubkey": "…"
},
"stats": {
"batches": 812,
"jobs": 9341
}
}

Reserves

FieldTypeDescription
reserves.merkle_rootstringRoot of the note tree the snapshot is taken against.
reserves.leaf_countintegerTotal note commitments across all shards.
per_mint[].mintstringThe SPL mint, base58.
per_mint[].outstandingstringSum of unspent note value for this mint, the venue's liability.
per_mint[].vault_balancestringThe actual SPL balance held in the vault for this mint, the assets.
per_mint[].stalebooleantrue if an on-chain read was degraded; treat the numbers as unknown, not zero, when set.

The solvency check is vault_balance >= outstanding for every mint. When it holds, the pool can honor every withdrawal: the tokens are there. If a row is stale, an on-chain read failed and you should ignore that row's numbers rather than read a transient 0 as insolvency.

Engine identity

FieldDescription
tee.app_idThe deployment's application id.
tee.compose_hashThe measured image hash, the same value you pin in attestation (see Transport & Attestation).
tee.mrtdThe TDX measurement of the running VM.
tee.signer_pubkeyThe enclave's on-chain settlement signer (base58).

These let you tie a transparency snapshot to a specific measured engine: the same engine whose attestation you can verify and whose signer settles on Solana.

Stats

FieldDescription
stats.batchesSettlement batches tracked.
stats.jobsPer-match settlement jobs tracked.

Aggregate operational counters, useful for a public health dashboard. They reveal nothing about any individual order.

How to use it

  • Independent solvency monitoring. Poll it and alert if any non-stale mint shows vault_balance < outstanding.
  • Pre-trade trust check. Before committing significant flow, confirm reserves cover liabilities and the compose_hash matches the build you trust.
  • Public dashboards. Because it is unauthenticated and leaks nothing about individuals, it is safe to surface on a status page.