Vendra HoldingsVendra Holdings
All products
Product 01 · Capital governance infrastructureProduction · v1

ACIE Protocol

Deterministic risk enforcement for human traders and AI agents.

Inception
Q1 2026
Status
Production · v1
ACIE · Live governance feed

Every order. Every agent. On the ledger.

Each node is a governance event. PASS, WARN, BLOCK, or KILL. Edges are cryptographic hash links chaining sequential ledger entries. Hover a node to inspect the ledger record. Click a filter to isolate decision types. The feed below is a synthetic replay of an ACIE production stream.

Synthetic data · illustrative only
Events total
···
Pass rate
···
Avg latency
···
Chain depth
···
Status quo

What ACIE replaces

Broker-level risk limits applied sleeve-by-sleeve, after-the-fact reconciliation, Slack channels where a risk officer approves exceptions at 3am, and audit trails scattered across vendors and formats. ACIE consolidates all of that into a single, pre-trade, append-only enforcement layer.

The thesis

The deterministic governance layer between a trading strategy and its venue. Every order, human or autonomous, is evaluated against a four-mode state machine (Normal / Caution / Defense / Locked) and either passed, scaled, blocked, killed, or cooled. The decision lands at the broker in 0 ms; the rationale lands in a hash-chained audit ledger that even the operator cannot edit.

In one diagram

The order path, end to end.

Every order traverses ACIE before reaching the venue. The diagram below traces the flow from strategy emission to broker placement, including the audit-ledger fork.

Architecture

ACIE sits in the order path.

Every order generated by a strategy passes through ACIE before it reaches the venue. No reconciliation after the fact, because nothing leaves the network ungoverned.

INPUTStrategyHuman or agentACIE PROTOCOLGovernance layer01State machine4 modes · realised-equity triggers02Decisioning engineALLOW · WARN · BLOCK · KILL03Audit ledgerHash-chained · append-onlyOUTPUTVenueBroker · ExchangeIMMUTABLE AUDIT TRAIL · 7-YEAR RETENTIONORDERALLOW · 0 MSp99 latencyBLOCK · DENIAL RETURNED
Inline, not after-the-fact

ACIE sits synchronously in the order path. There is no parallel reconciliation, no eventual-consistency window.

Realised-equity triggers

Mode escalations fire on realised equity deviation from peak, never on unrealised PnL, to avoid locks during normal intraday fluctuation.

Append-only audit

Every decision, input, state, outcome, rationale, is written to a hash-chained ledger. Tamper attempts produce verifiable inconsistencies.

What it does

5 capabilities, no overlap.

01

Four-mode state machine

Normal · Caution · Defense · Locked. Transitions trigger on realised equity, not unrealised PnL. No discretion, no drift.

02

Pre-trade enforcement

ACIE sits inline in the order path. Approve · scale · block · kill · cool. Sub-millisecond decisioning.

03

Tamper-proof audit ledger

Every decision is hash-chained. Tampering produces inconsistencies, not silent corruption.

04

Multi-platform integration

MetaTrader 4/5, Interactive Brokers, Binance, Bybit, Tiger Brokers, Moomoo, Coinbase, Kraken, Deribit, TradingView, 12 native adapters today.

05

EU AI Act Article 6 compliance

Risk-management documentation, audit trail, and human-in-the-loop oversight required by the 2 August 2026 enforcement deadline.

Specifications

Spec sheet · v1.

Enforcement latency
0 ms
p99, last 24h
Decision throughput
5M+ / month
per tenant, Growth tier
Audit retention
7 years
minimum, configurable up
Audit integrity
Hash-chained
tamper-detectable on export
Connected venues
12
native adapters; 2-week onboarding
Override model
Human-in-loop
every override audit-logged
Deployment
Shared / Region-pinned / Single-tenant
Uptime SLA
99.95%
Enterprise tier
Compliance
EU AI Act Art. 6 · MAS tech vendor
Integration

What integration looks like.

A single policy file pins every governance threshold, cap, and integration. Versioned in git; deploys are diffable.

acie.policy.yaml
yaml
# acie.policy.yaml
account: prop-desk-01
mode_thresholds:
  caution: 3.0    # % drawdown
  defense: 6.0
  locked:  10.0
caps:
  daily_drawdown:      2.0      # % of NAV
  max_position_size:   5.0      # % of NAV
  cooldown_after_loss: 30m
venues:
  - mt5:        primary
  - binance:    enabled
  - interactive_brokers: enabled
audit:
  retention: 7y
  export:    pdf, csv
  signing:   sha256-chain
Design principles

What we will not compromise.

  • 01Deterministic, not probabilistic
  • 02Per-order enforcement, not after-the-fact reconciliation
  • 03Append-only audit, not editable logs
  • 04Configured per account, not firm-wide
Questions

The ones we’re asked most.

If yours isn’t here, email vendraholdings@gmail.com.

How is ACIE different from broker-level risk limits?
Broker limits are sleeve-by-sleeve, post-hoc, and editable from the broker UI. ACIE is portfolio-wide, pre-trade, and append-only, even Vendra cannot edit a logged decision after the fact. The two are complementary; most clients keep broker limits as a backstop.
What actually happens when ACIE blocks a trade?
The order is rejected at the broker-adapter layer before it reaches the venue. A decision record (input, policy version, rationale, outcome) is written to the ledger. The operator is notified through the console. The trade does not execute.
Can the operator override ACIE?
Yes, on policies that permit override (defaults: none on Locked, restricted on Defense). Every override creates a ledger entry with operator ID, timestamp, and a free-text justification. Compliance review is automatic on the next reporting cycle.
What deployment topology should we pick?
Three options: shared (multi-tenant SaaS, fastest onboarding), region-pinned (your data stays in chosen region, SGP1/FRA1/NYC1 today), or single-tenant (dedicated infrastructure on Enterprise tier with custom SLA).
How does ACIE handle venue outages?
Adapter health is continuously monitored. Orders submitted while a venue is unreachable queue with a configurable TTL; on restoration, queued orders re-evaluate against current state, they may have aged out of policy and re-block on resume.
Can we self-host?
Single-tenant Enterprise deployments run in a VPC you control. We provide the container images and the policy framework; you operate the infrastructure. Not available on Starter or Growth tiers.
Other products
Adaptive trading agentPaper-trade · v0

Mahoraga

Adapts in production. Never falls to the same regime twice.

View product
Quantitative portfolio toolkit · private · formally Quant StackPaper-trade · v0

VenEdge

Institutional-grade quant research, run on your own account.

View product
Deployment

Deploying ACIE Protocol for your desk?

Tell us about your venues, your strategies, and the governance gap you're trying to close. We respond within two business days, or not at all.

Request access