Technical Architecture
Architecture Overview
JIL Sovereign is a multi-jurisdictional, horizontally-scalable L1 infrastructure. The wallet layer consists of a Next.js 14 frontend and Express.js backend, backed by PostgreSQL, Redis, and Kafka - deployed across 80+ microservices spanning Switzerland, Singapore, ADGM, and the United States.
L1 System Topology
ledger-service (x5)ledger-compliance (x3)policy-registry (x2)consent-ledger (x3)proof-bulletin (x2)tx-sink (x2)validator-nodempc-cosigner (1 shard)guardian-attestor (x2)wallet-api (x3)validator-nodempc-cosigner (1 shard)guardian-attestor (x2)wallet-api (x3)validator-nodempc-cosigner (1 shard)guardian-attestor (x2)wallet-api (x3)Hot standby ledger (secondary), automated failover, cross-region Kafka replication. MPC quorum survives loss of any single jurisdiction (3-of-4 threshold).
Wallet Service Topology
How the wallet frontend and backend connect to the L1 infrastructure.
User BrowserCloudflare Edgewallet-ui :3000wallet-api :8082ledger-service:8001mpc-cosigner:8120bridge-relayer:8150market-state:8561consent-ledger:8410proof-verifier:8250guardian-attestor:8140fraud-firewall:8097PostgreSQL:5432Redis:6379Kafka:9092Service Tiers
80+ services organized into five deployment tiers across jurisdictions.
| Service | Port | Purpose | Status |
|---|---|---|---|
ledger-service | 8001 | Account balances, transaction ledger | Active |
ledger-router | 8000 | Ledger API gateway and load balancing | Active |
ledger-compliance | 8098 | Transaction policy enforcement | Active |
policy-registry | 8099 | Compliance rules storage | Active |
tx-sink | 8091 | Kafka consumer, database sync | Active |
| Service | Port | Purpose | Status |
|---|---|---|---|
mpc-cosigner | 8120 | Multi-party computation key signing | Active |
guardian-attestor | 8140 | Recovery attestation verification | Active |
recovery-ceremony | 8130 | Account recovery coordination | Active |
solvency-attestor | 8480 | On-chain reserve proofs | Active |
| Service | Port | Purpose | Status |
|---|---|---|---|
wallet-api | 8082 | User-facing wallet operations | Active |
explorer-api | 8070 | Block explorer API | Active |
proof-gateway | 8260 | Selective disclosure proofs | Active |
settlement-router | 8500 | Settlement transaction routing | Active |
ramps-api | 8550 | Fiat on/off ramp | Planned |
| Service | Port | Purpose | Status |
|---|---|---|---|
consent-ledger | 8410 | User consent records (GDPR) | Active |
consent-killswitch | 8425 | Emergency consent revocation | Active |
fraud-firewall | 8097 | Transaction screening | Active |
compliance-api | 8100 | Regulatory compliance checks | Planned |
kyc-service | 8112 | Identity verification (KYC/KYB) | Planned |
| Service | Port | Purpose | Status |
|---|---|---|---|
bridge-relayer | 8150 | Ethereum bridge relay | Active |
proof-verifier | 8250 | Bridge proof verification | Active |
market-state (DEX v5) | 8561 | Oracle prices, market data | Active |
execution-router | 8562 | Trade execution routing | Active |
dex-order-manager | 8563 | Order book management | Active |
Token Flow
How assets move from Ethereum into JIL Wallet through the bridge infrastructure.
EthereumUser initiates deposit on Ethereum mainnet
JILBridge ContractFunds locked in bridge smart contract (14-of-20 threshold)
bridge-relayerRelayer detects deposit event on-chain
proof-verifierVerifies inclusion proof across validator quorum
ledger-serviceCredits user account on JIL L1 ledger
Wallet BalanceWrapped asset (jETH, jUSDC, etc.) appears in wallet
Asset Wrapping Flow
How unsecured base tokens are wrapped into JIL-protected assets via Secure Assets.
Unsecured AssetBase token (BTC, ETH, USDC) from ACH purchase or vesting release
wallet-apiUser confirms wrapping via Secure Assets page (0.50% fee)
bridge-relayerBurns base token, mints JIL-protected wrapper (wBTC-JIL, wETH-JIL)
wallet_audit_logWrap event logged to immutable audit trail
Secured BalanceProtected asset with MPC key sharding and coverage eligibility
Data Flow
Event-driven messaging pipeline across the system.
wallet-apiKafka (RedPanda)ledger-producerledger-serviceEvents Published
Database Schema
Key PostgreSQL 16 tables used by wallet-api.
userswalletstransactionsbridge_depositsbilling_invoicesprotection_policieswallet_audit_logDeployment Model
Hetzner CPX62 - 16 vCPU, 32GB RAM, 640GB NVMe. Runs 172 services via Docker Compose.
ProductionHetzner CPX42 - 8 vCPU, 16GB RAM. POC demos and pre-release testing.
StagingHetzner CPX52. Fleet controller, image registry, and deployment orchestration.
Control PlaneCloudflare Tunnel for secure ingress - no ports exposed directly. TLS terminated at Cloudflare edge before reaching origin.
MPC threshold signing (3-of-4 quorum), 14-of-20 bridge validators, mTLS between services, post-quantum algorithms (Kyber/Dilithium) ready.
Deployment Pipeline
docker builddocker save | ssh docker loaddocker compose up -d --force-recreateCloudflare cache purgeHealth check (HTTP 200)Technology Stack
| Layer | Technology |
|---|---|
| Frontend | Next.js 14, Tailwind CSS, Zustand, TypeScript |
| Backend | Express.js, Pino, Zod |
| Database | PostgreSQL 16 |
| Cache | Redis |
| Messaging | Kafka (RedPanda) |
| Auth | JWT, WebAuthn, OAuth, TOTP |
| Bridge | ethers.js, WalletConnect |
| Cryptography | MPC threshold signing, post-quantum ready (Kyber/Dilithium) |
| i18n | 12 languages, RTL support (Arabic, Hebrew) |
Architecture documentation for JIL Sovereign L1 - Last updated March 2026