MPC signer topology
Client Signer (MPC) holds keys, while BrainCenter only receives signed payloads. Exchange scopes exclude withdrawals. Even during that documented window, funds never left DAO custody.
Audit artifacts
We publish signer logs with hashed payloads, Redis heartbeats, and mission-control screenshots. Auditors can map each trade to a signer event plus a BrainCenter directive.
Incident handling
If anything looks odd (e.g., stale depth, RPC issues), the Boss role freezes directives, Ops receives an alert, and DAO councils can pull telemetry from `/security` to verify safeness.
Onboarding flow
This article includes a runbook: configure API scopes, deploy the signer, approve governance motion, and schedule a live fire drill. Most treasuries complete the process in under 60 minutes.
CTA
Link heads of security to `/security` for diagrams, then jump to `/contact` to book a readiness workshop tailored to your DAO.