MPC + TEE Flow Semantics

walk me through manual transfers (no automation) who signs what? how do the policy engine, enclave, and mpc fit together? answer think of it as three steps intent → check → sign intent a human or system creates a structured intent (who/what/where/how much) approvers review and sign the intent (not the raw chain tx yet) check (inside secure policy engine) the intent is sent into primevault’s secure policy engine (spe) running inside a hardware enclave the spe verifies the right approvals/limits/quorums, compiles the exact on‑chain transaction inside the enclave from the approved intent, and only then authorizes signing sign (mpc) the mpc shards produce a threshold signature for the enclave‑built transaction no single shard sees a full key, and nothing is signed unless the spe’s deterministic checks pass how does mpc differ from on chain multisig? in on chain multisig, each signer holds a full key and approves on chain the contract enforces rules in public, which adds gas cost and latency in mpc, approvals and quorums are handled off chain by the policy engine, and a single transaction is signed once the off chain quorum is met this reduces on chain overhead and keeps the separation of duties without exposing full keys to any party mpc also preserves privacy because approvals and quorums happen off chain, your internal governance, risk, and compliance controls are not published on chain with on chain multisig, signer addresses, thresholds, and approval timing are visible to anyone, which can leak operating patterns and create targeting risks with mpc, you still get full auditability through tamper evident logs and attestations without broadcasting your controls publicly you can also combine approaches, for example, policy driven approvals with a destination contract that performs extra checks where do mpc key shards live, and can we host them? shards are only ever accessible inside hardware enclaves pv uses cloud based tees or enclaves, specifically aws nitro you can choose primevault hosted, customer hosted, or a hybrid setup in all cases, shards are generated and used inside remote attested secure hardware access to shards is strictly controlled by policy, which in turn is controlled by your org’s administrators no signature is produced unless the policy conditions are met