Skip to main content
FlowGuard’s security model starts with BCH consensus enforcement. The contracts validate treasury rules, stream math, timing constraints, and state transitions on-chain. Off-chain services help with UX, indexing, and liveness, but they do not replace contract enforcement.

What the Contracts Enforce

AreaOn-chain guarantee
Treasury policyspending limits, signer thresholds, recipient rules, and treasury state transitions are validated by covenant logic
Stream schedulesclaim amounts, unlock timing, refill transitions, and terminal states follow the deployed schedule family
Vote lockslocked voting state and reclaim timing are enforced by the vote lock covenant
Distribution rulescampaign state, claim limits, and payout conditions are validated by the distribution contract path

What Off-Chain Services Do

ComponentRole
frontendpresents product state and helps the user build the right transaction
backend APIassembles transaction descriptors, confirms broadcasts, and serves indexed state
indexerreconstructs covenant state into queryable product views
executorimproves liveness for permissionless timed actions

Honest Trust Boundaries

Frontend and API

The frontend and API can be wrong about display state, but they still cannot make an invalid contract transition succeed on-chain. Users can self-host or independently verify if they need stronger operational assurance.

Indexer

Indexing improves usability and reporting. It is not the source of truth for covenant validity. If indexed state looks wrong, the on-chain contract state still governs what can actually happen.

Executor

Executors improve liveness for permissionless functions. They do not get special contract powers and they cannot bypass the covenant.

Metadata

Descriptions, labels, and some higher-level UI context are off-chain metadata. They improve readability, but they are not the authority for contract state.

Key Management

FlowGuard does not remove the need for good key management.
  • protect signer keys and treasury operators carefully
  • use hardware wallets for high-value operations
  • choose signer thresholds that fit your recovery and control needs

Current Contract Status

FlowGuard is operating on Chipnet and should be treated as a BCH-native testnet product today. Contract verification and local test coverage have improved, but mainnet-grade production assumptions should wait for the full deployment and audit posture you are comfortable with.

Self-Hosted Verification

If you want a stronger verification posture, run your own:
  • frontend
  • backend API
  • indexer
  • executor
That gives you an independent operating view while still using the same on-chain covenants.