# Architecture one-pager

Source: https://docs.settlemint.com/docs/architects/overview/architecture-one-pager
All eight DALP systems, their sub-components, and their external dependencies on one page, formatted for RFP, security, and integration reviews.



Read this after the [architecture overview](/docs/architects/overview) when your review asks which system owns a specific decision. The map gives each area a clear owner: operator workspaces, API calls, transaction lifecycle, compliance checks, signing, pricing, on-chain enforcement, indexed evidence, and shared platform services.

## The short version [#the-short-version]

Eight systems run the platform. Operators, compliance teams, treasury, and integrators work in the Operations Console, which drives one Platform API. The Transaction Lifecycle Engine runs every write end to end: it checks each transfer with Compliance & Identity, signs through Custody & Settlement, prices with Market Data, and writes to the Asset Registry contracts on your selected EVM network. The Ledger Index reads chain events back for query and audit, and the Core Platform carries all of it.

<DownloadableDiagram
  filename="dalp-architecture.svg"
  chart="`flowchart TB
  USERS([Operators, Compliance, Treasury, Integrators])

  subgraph OC[&#x22;Operations Console&#x22;]
    C1[Console] --- C2[&#x22;Identity & Access&#x22;] --- C3[Developer Platform] --- C4[Deployment]
  end

  subgraph TLE[&#x22;Transaction Lifecycle Engine&#x22;]
    T1[Platform API] --> T2[Transaction Queue] --> T3[Workflow Engine] --> T4[Broadcast] --> T5[Confirmation Tracking] --> T6[Event Delivery]
  end

  subgraph CI[&#x22;Compliance & Identity&#x22;]
    I1[Compliance Engine] --- I2[Identity Registry] --- I3[&#x22;KYC / AML Orchestration&#x22;] --- I4[Claim Issuance]
  end

  subgraph CSY[&#x22;Custody & Settlement&#x22;]
    K1[Key Management] --- K2[Vaults] --- K3[Settlement] --- K4[Distribution]
  end

  subgraph MD[&#x22;Market Data&#x22;]
    M1[Price Feeds] --- M2[FX Rates]
  end

  subgraph AR[&#x22;Asset Registry (on your selected EVM network)&#x22;]
    A1[SMART Protocol] --- A2[Asset Classes] --- A3[Control Plane]
  end

  subgraph LI[&#x22;Ledger Index&#x22;]
    L1[Indexing Pipeline] --> L2[Read Model] --> L3[Change Data Capture]
  end

  subgraph CP[&#x22;Core Platform (underpins the other seven systems)&#x22;]
    P1[Data Platform] --- P2[Observability] --- P3[Document Storage] --- P4[Core Libraries]
  end

  KYCX[Compliance and KYC providers]
  CUST[Custody providers]
  RPCX[EVM RPC provider or node]
  CONS[Downstream consumers: webhooks, reports, integrations]

  USERS --> OC
  OC --> T1
  T3 -->|gated by| I1
  T3 -->|signs via| K1
  T3 -->|priced by| M1
  T4 -->|writes on-chain| A1
  T4 -.->|submits via| RPCX
  I3 -.->|checks via| KYCX
  K1 -.->|policy and quorum| CUST
  A1 -->|indexed by| L1
  T1 -->|reads from| L2
  T6 -->|streams from| L3
  T6 -.->|delivers to| CONS
  LI -.->|runs on| CP

  style C1 fill:#5fc9bf,stroke:#3a9d96,stroke-width:2px,color:#fff
  style C2 fill:#5fc9bf,stroke:#3a9d96,stroke-width:2px,color:#fff
  style C3 fill:#5fc9bf,stroke:#3a9d96,stroke-width:2px,color:#fff
  style C4 fill:#5fc9bf,stroke:#3a9d96,stroke-width:2px,color:#fff
  style T1 fill:#6ba4d4,stroke:#4a7ba8,stroke-width:2px,color:#fff
  style T2 fill:#6ba4d4,stroke:#4a7ba8,stroke-width:2px,color:#fff
  style T3 fill:#6ba4d4,stroke:#4a7ba8,stroke-width:2px,color:#fff
  style T4 fill:#6ba4d4,stroke:#4a7ba8,stroke-width:2px,color:#fff
  style T5 fill:#6ba4d4,stroke:#4a7ba8,stroke-width:2px,color:#fff
  style T6 fill:#6ba4d4,stroke:#4a7ba8,stroke-width:2px,color:#fff
  style I1 fill:#5fc9bf,stroke:#3a9d96,stroke-width:2px,color:#fff
  style I2 fill:#5fc9bf,stroke:#3a9d96,stroke-width:2px,color:#fff
  style I3 fill:#5fc9bf,stroke:#3a9d96,stroke-width:2px,color:#fff
  style I4 fill:#5fc9bf,stroke:#3a9d96,stroke-width:2px,color:#fff
  style K1 fill:#6ba4d4,stroke:#4a7ba8,stroke-width:2px,color:#fff
  style K2 fill:#6ba4d4,stroke:#4a7ba8,stroke-width:2px,color:#fff
  style K3 fill:#6ba4d4,stroke:#4a7ba8,stroke-width:2px,color:#fff
  style K4 fill:#6ba4d4,stroke:#4a7ba8,stroke-width:2px,color:#fff
  style M1 fill:#b661d9,stroke:#8a3fb3,stroke-width:2px,color:#fff
  style M2 fill:#b661d9,stroke:#8a3fb3,stroke-width:2px,color:#fff
  style A1 fill:#8571d9,stroke:#654bad,stroke-width:2px,color:#fff
  style A2 fill:#8571d9,stroke:#654bad,stroke-width:2px,color:#fff
  style A3 fill:#8571d9,stroke:#654bad,stroke-width:2px,color:#fff
  style L1 fill:#b661d9,stroke:#8a3fb3,stroke-width:2px,color:#fff
  style L2 fill:#b661d9,stroke:#8a3fb3,stroke-width:2px,color:#fff
  style L3 fill:#b661d9,stroke:#8a3fb3,stroke-width:2px,color:#fff
  style P1 fill:#64748b,stroke:#475569,stroke-width:2px,color:#fff
  style P2 fill:#64748b,stroke:#475569,stroke-width:2px,color:#fff
  style P3 fill:#64748b,stroke:#475569,stroke-width:2px,color:#fff
  style P4 fill:#64748b,stroke:#475569,stroke-width:2px,color:#fff
  style USERS fill:#e8e8e8,stroke:#999,stroke-width:2px,color:#333
  style KYCX fill:#e8e8e8,stroke:#999,stroke-width:2px,color:#333
  style CUST fill:#e8e8e8,stroke:#999,stroke-width:2px,color:#333
  style RPCX fill:#e8e8e8,stroke:#999,stroke-width:2px,color:#333
  style CONS fill:#e8e8e8,stroke:#999,stroke-width:2px,color:#333`"
/>

Three points matter in most reviews:

1. DALP is EVM-focused. It does not make non-EVM chains native DALP execution environments.
2. DALP keeps workflow authorisation, transaction signing, and on-chain compliance in separate systems rather than treating any one system as the whole control plane.
3. DALP stores operational data off chain for workflow and review, while asset ownership and rule enforcement live in smart contracts on your selected EVM network.

## How to read the architecture in a review [#how-to-read-the-architecture-in-a-review]

Start with the system that owns the decision you are checking. A request enters through the Operations Console or the Platform API and moves through the Transaction Lifecycle Engine. The Workflow Engine gates each transfer through the Compliance Engine, which reaches your compliance and KYC providers where configured. It signs through Key Management under custody-provider policy, prices with Market Data feeds, and broadcasts through your EVM RPC provider to the SMART Protocol contracts in the Asset Registry. The Ledger Index turns emitted events into the read model the Platform API serves, and Event Delivery streams confirmations and webhooks to downstream consumers. The Core Platform carries the data platform, observability, document storage, and shared libraries under all of it.

Use that flow to make procurement and security reviews concrete:

| Review topic                         | Architectural question                                                                    | Primary docs path                                                                                                                        |
| ------------------------------------ | ----------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- |
| Bank-grade platform architecture     | Which system owns user requests, workflow state, signing, on-chain enforcement, and data? | [System context](/docs/architects/overview/system-context) and [Components](/docs/architects/components)                                 |
| Privacy on public networks           | Which data is on chain, and which data stays in DALP or external systems?                 | [Public chain privacy](/docs/compliance-security/privacy/overview)                                                                       |
| Replay, retries, and idempotency     | How does DALP coordinate state-changing work before and after signing?                    | [Signing flow](/docs/architects/flows/signing-flow) and [workflow engine recovery](/docs/developers/operations/workflow-engine-recovery) |
| Auditability and source verification | How can a reviewer trace deployed contracts, events, and transaction history?             | [Source verification and deployment auditability](/docs/compliance-security/source-verification/overview)                                |
| Hosting, backup, and recovery        | Which responsibilities belong to DALP services, the deployment model, and the operator?   | [Deployment topology](/docs/architects/overview/deployment-topology) and [Operability](/docs/architects/operability)                     |

## What runs inside DALP [#what-runs-inside-dalp]

| System                       | Responsibility                                                                                                                                            | Review question it answers                                                  |
| ---------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------- |
| Operations Console           | Browser workspace for issuers, operators, compliance reviewers, and asset servicing users: console, identity & access, developer platform, and deployment | How do business users and platform operators work with the platform?        |
| Transaction Lifecycle Engine | One Platform API plus the transaction queue, workflow engine, broadcast, confirmation tracking, and event delivery that run every write end to end        | What coordinates a transaction from API call to confirmed on-chain state?   |
| Compliance & Identity        | Compliance engine, identity registry, KYC / AML orchestration, and claim issuance that gate every transfer                                                | What decides whether a transfer is allowed, and on which identity evidence? |
| Custody & Settlement         | Key management, vaults, settlement, and distribution, enforcing custody-provider signing policy                                                           | Who controls signing policy and quorum decisions?                           |
| Market Data                  | Price feeds and FX rates that value and settle assets                                                                                                     | Where do prices and rates come from?                                        |
| Asset Registry               | SMART Protocol contracts, asset classes, and the control plane on your selected EVM network                                                               | What enforces token state and transfer controls on chain?                   |
| Ledger Index                 | Indexing pipeline, read model, and change data capture that turn chain events into queryable evidence                                                     | How does chain activity become searchable operational evidence?             |
| Core Platform                | Data platform, observability, document storage, and core libraries that carry the other seven systems                                                     | Which shared services keep the platform operable and auditable?             |

## Control responsibilities [#control-responsibilities]

DALP checks each request through a series of gates before it proceeds.

| Responsibility area         | What DALP checks                                                                                                         | Where to continue                                                                                                                                |
| --------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------ |
| Identity and access         | Sessions, API credentials, roles, organisation scope, and resource permissions                                           | [Authentication](/docs/compliance-security/security/authentication) and [Authorization](/docs/compliance-security/security/authorization)        |
| Operator confirmation       | Wallet verification for browser-session blockchain writes where confirmation is required                                 | [Wallet verification](/docs/compliance-security/security/wallet-verification)                                                                    |
| Execution and signing       | Workflow state, transaction preparation, nonce handling, signer routing, and custody-provider policy                     | [Signing flow](/docs/architects/flows/signing-flow) and [Custody providers](/docs/architects/integrations/custody-providers)                     |
| On-chain asset rules        | Identity claims, compliance modules, asset policy, transfer approval, caps, and time-based restrictions where configured | [Identity and compliance](/docs/compliance-security/security/identity-compliance) and [Compliance modules](/docs/compliance-security/compliance) |
| Audit and recovery evidence | Deployment addresses, source verification, indexed events, and transaction history                                       | [Source verification and deployment auditability](/docs/compliance-security/source-verification/overview)                                        |

This split matters when you review as an auditor:

* Authentication proves who is calling.
* Authorization decides whether the caller may perform the requested operation.
* Signing policy decides whether a transaction can be signed.
* SMART Protocol contracts decide whether a state change is valid on chain.

## Deployment responsibilities [#deployment-responsibilities]

DALP can run in managed, customer-hosted, hybrid, private-chain, and restricted-network patterns depending on the operating model. The division is consistent across patterns: DALP services operate the eight systems in the diagram. The selected EVM network, custody provider, RPC service, identity sources, pricing sources, payment rails, and operational approvals remain explicit dependencies.

For hosting, networking, high availability, backup, recovery, or restricted-network detail, continue to [Deployment topology](/docs/architects/overview/deployment-topology) and [Operability](/docs/architects/operability) for your context.

## Reader paths [#reader-paths]

| If you are...                     | Start here                                                                        | Then read                                                                                                                                                                                                                                             |
| --------------------------------- | --------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| An integrating developer          | [Platform API](/docs/architects/components/platform/platform-api)                 | [Signing flow](/docs/architects/flows/signing-flow) and [Key flows](/docs/architects/overview/key-flows)                                                                                                                                              |
| A platform operator               | [Admin operating model](/docs/developers/platform-setup/admin-operating-model)    | [Platform role provisioning](/docs/developers/platform-setup/add-admins), [administrator role changes](/docs/developers/platform-setup/change-admin-roles), and [Operator wallets](/docs/operators/platform-setup/operator-wallets)                   |
| A security reviewer               | [Security overview](/docs/compliance-security/security)                           | [Public chain privacy](/docs/compliance-security/privacy/overview), [Compliance and custody split](/docs/compliance-security/security/compliance-custody-boundary), and [Source verification](/docs/compliance-security/source-verification/overview) |
| A platform architect              | [System context](/docs/architects/overview/system-context)                        | [Deployment topology](/docs/architects/overview/deployment-topology) and [Operability](/docs/architects/operability)                                                                                                                                  |
| An auditor or compliance reviewer | [Identity and compliance](/docs/compliance-security/security/identity-compliance) | [Compliance modules](/docs/compliance-security/compliance) and [Compliance transfer flow](/docs/architects/flows/compliance-transfer)                                                                                                                 |

## What this page does not claim [#what-this-page-does-not-claim]

DALP does not make every external system part of its native platform control. Custody-provider quorum rules, bridge design, liquidity venues, payment rails, source data methodology, public-network validator behaviour, non-EVM execution environments, and physical-asset reserve attestations each need their own review. DALP integrates with selected external systems where configured, but that integration is not the same as native platform control.
