Pre-Clearance, called from your TAP.
A non-custodial policy oracle for Fireblocks Transaction Authorization Policy. Your TAP fires POST /v1/preclearance/validate before signing; we return a court-ready Pre-Settlement Attestation in under 500ms p50. You apply the verdict per your existing TAP rules. The asset never enters JIL.
Your customers want a fourth-party signal.
The Ronin number
$625M, lost in March 2022 when an attacker signed an authorized transaction. The custodian's TAP did exactly what it was told. The address was technically valid. The receiver had passed onboarding.
What was missing
An independent attestation that the destination was still benign at signing time. KYC happens at onboarding. Sanctions screens once a day. The transit is the gap.
Why fourth-party
First party: customer. Second: counterparty. Third: custodian (you). Fourth: an independent attestor whose only job is the transit. Auditors and insurers want it. We are it.
A TAP webhook + an HMAC signature.
JIL Pre-Clearance maps cleanly onto the Fireblocks External Authorizer pattern. Your TAP rule fires the webhook before signing. The PSA returns in under 500ms p50, 1.5s p99. Your TAP applies the verdict (allow / hold / reject) per existing policy. We never touch keys, never broadcast a transaction, never custody an asset.
Auth surface you already know
HMAC-SHA256 over canonical request bytes (method | path | timestamp | nonce | sha256(body)), 60-second skew window, 5-minute nonce replay protection. Bearer fallback for environments without HMAC libs. mTLS optional per InfoSec sign-off. Same pattern Fireblocks ingests from Plaid, Sardine, and Elliptic today.
What we propose, what we need from you.
Week 1 - Sandbox wire-up
You issue a test workspace. We hand you an HMAC key, the OpenAPI spec, the TS SDK (@jil/preclearance-client), and a Postman collection. Your engineer writes one TAP rule. First call inside 4 hours.
Week 2 - Shadow traffic
Mirror 100% of one desk's outbound transfers to /validate in shadow mode. Compare PSA verdict vs. TAP outcome. Calibrate. Zero customer impact.
Week 3 to 4 - Enforcement
Switch one desk to enforce. Two-week observation. If incident-free, scale across desks per your release cadence. POC ends with a signed MSA or a clean revert.
What we need from your team
One integration engineer (4 hours / week), one TAP policy lead (1 hour / week), one InfoSec rep for the security questionnaire. We provide the rest, including a dedicated Slack channel and on-call coverage during the POC window. Pricing during POC: $0. Post-POC: 25 bps per attestation, $1 floor, no minimum commit.