The neutral software layer for regulated real-world, environmental, and public-sector assets.

Boli is the tokenization tech infrastructure, distribution interoperability layer, and agentic automation runtime for regulated real-world, environmental, and public-sector assets. It expresses each asset as a two-layer composable grammar: Layer 1 is a compliance-gated asset container and Layer 2 is an optional customer-issued vault wrapper. The same grammar compiles to the Ethereum Virtual Machine (ERC-3643 + ERC-4626 + ERC-1155), the Solana Virtual Machine (SPL Token-2022 with transfer hooks, default-frozen mints, permanent delegate, and confidential transfers), and Canton (Daml templates with party-scoped disclosure on the Global Synchronizer). Every container and every wrapper is born with an agent surface exposing x402-metered reads, MCP-exposed actions, ERC-8004 agent identity and reputation, and AP2 mandate-bound flows.

Boli does not mint a branded token at either layer. The customer is the issuer, carries every license, and makes every listing decision. Boli writes, hosts, and licenses software — the Stripe / Twilio / Plaid model applied to tokenized regulated assets. This whitepaper specifies the asset model, the execution substrate, the compliance grammar, the integrity packs, the settlement topology, the agent runtime, the security posture, the regulatory positioning, the economic model, and the sequencing for a 2026–2027 build-out.

The tokenization thesis has matured. The question in 2022 was whether regulated assets could be represented on public ledgers at all. The question in 2024 was whether institutions would use them. The question in 2026 is which software will carry the next trillion dollars of regulated assets on-chain — and under what operating model.

Four shifts converged between 2024 and early 2026 that make the pattern Boli implements not merely viable but overdetermined: the finalization of the EU’s Markets in Crypto-Assets Regulation (MiCA) transitional period; the US Securities and Exchange Commission’s Joint Staff Statement on tokenized securities in January 2026, clarifying that the same federal securities framework applies on-chain as off-chain; the operational launches of wholesale cash legs on Canton, Solana, and Ethereum by tier-one global banks; and the stabilization of an open agent-standards stack (x402, AP2, ACP, ERC-8004, MCP, A2A) around autonomous execution.

At the same time, the market discovered which tokenization patterns fail. Branded platform tokens concentrate operational, regulatory, and community risk inside the infrastructure layer. Pooled basket instruments require the operator to be regulated as a fund, a stablecoin issuer, or both. Per-issuance bespoke deployments produce one-off compliance artifacts that cannot be reused. Boli’s design rejects all three in favor of a single engineering pattern: a neutral multi-VM runtime whose output is customer-issued, customer-branded, customer-regulated on-chain instruments that compose across venues and rails.

Boli writes the software. The customer carries every license, registration, filing, and listing.

Four vectors turned simultaneously in the eighteen months before this document. Together they make the Boli pattern the lowest-risk path to institutional tokenization across our four target asset classes.

2.1 Financial markets

The SEC’s January 2026 Joint Staff Statement resolved the principal question that slowed US-facing issuance through 2024–2025: tokenized securities are securities, and on-chain issuance, distribution, and transfer are governed by the same federal framework that governs paper. The NYSE—Securitize digital trading platform launched in March 2026 as the first SEC-registered venue natively trading ERC-3643 instruments. MiCA’s transitional period closes in July 2026, after which ARTs and EMTs must be fully authorized. VARA’s Category 1 ARVA token-issuance guidance clarified in April 2026. Singapore VCC 2.0 opened a legally scoped sub-fund structure that maps cleanly onto per-sub-fund tokenization. Switzerland’s DLT Act remains the most permissive EU-adjacent regime for on-chain registered securities. Japan’s FSA approved a second round of security-token platforms. The UK’s FCA-FCMSO Digital Securities Sandbox (DSS) entered its operational phase.

2.2 Cash-leg maturity

Institutional DvP requires an institutional-grade cash leg. By Q1 2026 the stablecoin and tokenized-deposit landscape rationalized: USDC, EURC, RLUSD, PYUSD, and USDG became the dominant public-chain legs; JPMD went live natively on Canton as the first tier-1 bank wholesale deposit token; EURCV (Société Générale’s euro deposit token) scaled on public EVM and Canton; DTCC and Digital Asset brought Canton Treasury into production. Central-bank-adjacent infrastructures — BIS Agorá, HKMA Ensemble, MAS Project Guardian — progressed from pilot to production during the same window. The policy direction is clear: public-chain settlement will be bridged into institutional balance-sheet money, and the bridging primitive is the DvP contract on a regulated venue.

2.3 Environmental integrity

The Integrity Council for the Voluntary Carbon Market (ICVCM) finalized its Core Carbon Principles and began awarding CCP labels. CORSIA entered its first compliance phase. Article 6.2 and 6.4 of the Paris Agreement became operational, with corresponding-adjustment flags now a first-class field. Biodiversity-credit frameworks (UK BNG, Australia Nature Repair Market, Verra SD VISta) moved from pilot to live. dMRV providers (Pachama, CTrees, Sylvera, dClimate, OFP) stabilized their interfaces. The EU’s Carbon Border Adjustment Mechanism tightened its reporting phase. Environmental assets are now machine-readable for the first time at scale — which is the precondition for programmable integrity.

2.4 Public-sector interop

The EU Digital Identity Wallet under eIDAS 2.0 onboarded member-state deployments through 2025 and 2026. ISO 18013-5 mobile driving licences became standard in several US states. MOSIP reached 1B+ eligible identities across emerging markets. Tokenized sovereign and sub-sovereign debt issuances moved from one-off pilots to ramp: digital gilts in the UK, Hong Kong’s multi-tranche digital green bond programme, Singapore’s Project Guardian bond tracks, BIS Agorá’s cross-currency wholesale prototype. Conditional disbursement patterns — vouchers bound by time, use, and merchant class — entered live procurement in several jurisdictions.

2.5 Agents

The agent stack stabilized around five open standards during 2025: x402 (HTTP-native metered payments), AP2 (Agent Payments Protocol for mandate-bound execution), ACP (Agent Commerce Protocol), ERC-8004 (on-chain agent identity and reputation), and MCP (Model Context Protocol for tool exposure), together with A2A for agent-to-agent orchestration. These standards collapsed a dozen proprietary agent frameworks into a small set of interoperable primitives. Boli was designed from day one to expose every asset through all six.

The tokenization stack is crowded but shallow. Six recurring failure modes show up in virtually every attempt to tokenize a regulated asset at institutional scale:

3.1 Bespoke issuance

Most current tokenization deployments are one-off consulting engagements wrapping a bespoke smart contract, a bespoke compliance module, and a bespoke dashboard around a single asset. None of the three artifacts compose back into a platform. The second asset costs as much as the first.

3.2 Branded platform tokens

Operators that mint a branded platform token inherit four burdens simultaneously: a retail community, secondary-market price sensitivity, treasury management, and ongoing exchange-listing politics. They also concentrate regulatory exposure: a platform token sold into retail channels can be characterized as a security, an e-money token, a commodity, or a utility token in different jurisdictions, with no consistent answer. Boli declines this trade entirely.

3.3 Pooled-basket operators

Operators that issue a single pooled token backed by a rotating basket of RWAs must be regulated as a fund manager, an e-money issuer, or a stablecoin issuer depending on jurisdiction; must run NAV, administration, and custody themselves; and must accept liability for redemption. This is a valid business — and one Boli’s Layer-2 wrapper supports for customers that choose it — but it is not infrastructure. Boli is infrastructure.

3.4 Single-chain lock-in

Most current tokenization platforms are single-chain. This forecloses the three destinations that institutional capital actually cares about simultaneously: EVM for public DeFi, SVM for low-latency consumer flows, and Canton for bank-internal settlement. Boli is tri-VM by design.

3.5 Compliance as afterthought

The dominant pattern is to deploy a permissionless token and bolt a KYC gate on top via an allowlist. This works until the first regulator asks how the gate would respond to a recovery event, a force-transfer order, a corporate action, a redemption queue, or a freeze in one jurisdiction and not another. Boli expresses compliance as a composable pack at the container level, so the enforcement primitives are part of the asset, not an app-layer decoration.

3.6 Agent bolt-ons

Where agent functionality exists today it is almost always an app-layer integration sitting above an agent-blind asset. Boli makes agent-addressability a property of the container itself: every container is an agent target and every action is cryptographically attributable.

Boli is organized around three pillars that share one execution substrate.

Pillar 01

Tokenization tech infrastructure. The built core: one asset-definition grammar compiling to multi-VM smart-contract containers across EVM, SVM, and Canton. Compliance-programmable. Agent-native. Asset-class polymorphic across financial, real, environmental, and public-sector.

Pillar 02

Distribution interoperability. Because Boli containers live on EVM, SVM, and Canton, every venue, custodian, DeFi market, registry, government system, and agent rail on those VMs becomes reachable through one adapter pattern instead of bespoke per-destination work. Integration targets today; live adapters progressively through 2026–2027.

Pillar 03

Agentic automation. Every Boli container is born with an agent surface (MCP · x402 · ERC-8004 · AP2 · ACP · A2A) and a policy-bound automation runtime (issuance, DvP, distributions, retirement, corporate actions, risk, and fraud/AML graph AI). Operated continuously, not just deployed.

Below the three pillars sits one horizontal primitive: the two-layer asset model. Every asset on every class reduces to the same Layer-1 container plus optional Layer-2 wrapper. This is the entire product surface. Everything else — compliance packs, integrity packs, registry connectors, venue adapters, cash-leg adapters, custody adapters, agent rails — is a pluggable module around that grammar.

Boli represents every asset, on every class, as two composable layers.

5.1 Layer 1 — Asset containers

A Layer-1 container is a compliance-gated smart-contract object that represents a single distinct regulated asset: one SPV, one fund share class, one credit project, one voucher cohort, one carbon project vintage. The container encodes its own compliance pack, its own integrity pack (where relevant), its own registry connector (where relevant), and its own agent surface. Share classes live as sub-tokens inside the same container — not as separate tokens — so cap-table operations remain atomic.

On EVM the container is an ERC-3643 T-REX token with ERC-1155 multi-token sub-classes and an OnchainID-anchored identity module. On SVM the container is an SPL Token-2022 mint with default-frozen state, a transfer hook that re-runs the compliance pack, a permanent delegate for force-transfer and recovery, confidential transfers where the asset requires it, and an interest-bearing mint where the asset pays yield. On Canton the container is a Daml template with party-scoped disclosure over the Global Synchronizer. All three compile from the same source definition.

Containers are factory-deployed: a single verified, audited implementation produces thousands of instances. The compliance pack is parameterized per instance; the runtime is identical.

5.2 Layer 2 — Composable wrappers

A Layer-2 wrapper is an optional, customer-issued vault share token that bundles one or more Layer-1 containers into a feeder fund, a basket, a structured note, an index, or a tranched-credit pool. The wrapper itself is a standard instrument: on EVM, ERC-4626 for synchronous vehicles and ERC-7540 for async subscription and redemption; on SVM, an SPL Token-2022 interest-bearing mint with a transfer hook carrying the wrapper’s own compliance pack; on Canton, a Daml pool template with sub-transaction privacy.

Wrappers inherit compliance through subsumption: an investor in a wrapper must pass the tightest underlying pack across all constituents. Lockups, capital-call schedules, waterfall rules, and NAV cadence are expressed declaratively on the wrapper. A wrapper can be reopened, recomposed, or retired without touching the underlying containers.

5.3 Why two layers

The two-layer split is the single most important decision in the Boli architecture. Layer 1 isolates per-asset regulatory reality from portfolio construction. Layer 2 provides the expressive power that DeFi composability demands, without ever having to unify unlike assets at the token level. A portfolio operator can build a wrapper over financial, real, and environmental containers simultaneously; each constituent retains its own compliance enforcement at the container level, and the wrapper enforces the superset.

Per-asset containers at Layer 1. Optional portfolio wrappers at Layer 2. The customer is always the issuer. Boli is never the issuer.

The same Boli asset definition compiles to three execution substrates. Which one the customer ships on is a distribution decision, not an architectural commitment.

6.1 EVM

The EVM path targets ERC-3643 (T-REX) for the transfer-restricted container, ERC-4626 and ERC-7540 for vault wrappers, ERC-1155 for share classes inside a container, ERC-721 / ERC-7498 for singular non-fungible asset representations, and OnchainID / ERC-735 claims for the identity substrate. Cross-chain portability uses Chainlink CCT (Cross-Chain Token standard) over CCIP; the compliance pack travels with the token canonically across chains where the pack allows.

The EVM path is the most public, the most DeFi-composable, and the default for secondary-listed instruments. Venues in integration scope include Securitize, tZERO, Archax, ADDX, NYSE Digital, Plume, and Ondo GM. DeFi credit and collateral targets include Aave Horizon, Morpho, and Pendle. None of these venues are live integrations today; each is a named adapter target on the built core.

6.2 SVM

The SVM path targets SPL Token-2022 extensions: default-frozen mint state so new accounts are dormant until the compliance pack clears; transfer hooks that re-run the compliance pack at each movement; a permanent delegate that can execute force-transfers and recoveries under court order, regulator direction, or internal policy; confidential transfers for balance-privacy with regulator-viewable audit; interest-bearing mints for yield expression at the token layer. The SVM path is the default for high-throughput, low-latency flows: payment rails, consumer-facing environmental retirements, real-time conditional vouchers, and any flow where sub-second finality is required.

6.3 Canton

The Canton path targets Daml templates over the Canton Global Synchronizer, with party-scoped disclosure as the default privacy model. This is the execution substrate preferred by tier-one banks, central-bank-aligned infrastructures (DTCC Treasury, HKMA Ensemble, BIS Agorá), and wholesale deposit-token issuers. JPMD lives natively on Canton. For bank-internal settlement flows where public-chain exposure is undesirable, the Canton path is the first choice.

6.4 Cross-VM coordination

DvP across two different VMs is expressed either (a) as a single atomic coordination over a cross-chain messaging layer — Chainlink CCIP with CCT, LayerZero V2, Wormhole, or Canton Global Synchronizer bridging — or (b) as a two-leg HTLC where either leg’s failure unwinds the other. The choice is a per-flow parameter. Cross-chain messaging adapters are integration scope today; the DvP core itself is built.

A Boli compliance pack is a parameterized module that expresses the enforcement behavior a regulator or counterparty expects at the token level. Packs are not opinions; they are executable specifications.

7.1 Investor eligibility

The pack declares which investor classes are eligible (accredited under Reg D 506(c), non-US under Reg S, professional under MiFID II, accredited under VCC Singapore, Category 1 ARVA under VARA, qualified purchaser under 3(c)(7), and so on). Eligibility is attested on-chain via OnchainID on EVM, a delegate credential on SVM, or a Daml party claim on Canton. Attestations carry expiry, issuer, and revocation.

7.2 Transfer restrictions

Packs express lockups, holding periods, geography-based bans, counterparty-class restrictions, maximum-holder caps (e.g., Section 12(g) 2,000-holder caps for US private issuers), per-investor maximum positions, and per-account position limits. Each rule is checked at the transfer-hook layer, not at the venue layer, so any venue listing the instrument inherits the same enforcement.

7.3 Corporate-action primitives

Force-transfer, freeze, pause, recovery, mint, burn, split, merge, dividend, coupon, redemption, vote. Each primitive is a first-class multi-party workflow with its own authorization policy. A force-transfer triggered by a court order is the same operation as a force-transfer triggered by a regulator; the attestation is different, the effect is the same.

7.4 Jurisdictions supported at launch

The built compliance library covers Reg D / Reg S / Reg A+ and US state Blue Sky laws at issuance; MiCA ART and EMT classifications; MiFID II investor categorization; VCC Singapore sub-fund structures; VARA ARVA Category 1; ADGM FSRA security tokens; MAS Guardian-aligned institutional flows; HKMA/SFC digital-asset circulars; FINMA DLT Act registered securities; FCA DSS participation; the FSA Japan token-offering regime. Each jurisdiction is expressed as a pack. Customers can compose packs; the resulting enforcement is the tightest cover of the constituent packs.

Environmental assets are structurally different from financial and real assets: they are not primarily scarce through geography or ownership but through verified integrity. A carbon credit is worth what the measurement, reporting, and verification (MRV) around it claims. Boli treats integrity as a first-class parameter distinct from compliance.

8.1 Asset taxonomy

The environmental class covers voluntary and compliance carbon credits (VCUs, CORSIA-eligible, ICVCM CCP-labeled, CCAs, EUAs, UKAs, NZUs), biodiversity credits, water credits, plastic credits, renewable energy certificates (RECs, I-RECs, GOs), soil-carbon units, blue-carbon units, ecosystem-service units, and nutrient credits. Each has its own unit definition, its own MRV protocol, and its own registry.

8.2 Pack contents

An integrity pack on a Boli environmental container carries: MRV event logs (which instrument measured what, when, and to what standard); serial-number assignment from the underlying registry; vintage stamping; label preservation (ICVCM CCP, CORSIA, ART-TREES, Verified Carbon Standard); retirement proofs; and Article 6.2 / 6.4 corresponding-adjustment flags. Every retirement burns the token on-chain and emits a proof that the underlying registry mirror applied the retirement atomically.

8.3 Registry mirroring

Registries in integration scope include Verra, Gold Standard, Puro.earth, CAR, ACR, ART, and I-REC. dMRV oracles in scope include Pachama, CTrees, Sylvera, dClimate, and OFP. Satellite and IoT sources in scope include Planet, Sentinel-2, and Landsat. Environmental venues in scope include Xpansiv CBL, Carbonplace, and Toucan. None are live integrations today; each is a named adapter on the built integrity core.

8.4 Double-spend prevention

Every environmental container maintains a canonical serial range tied to the source registry. Cross-chain portability is gated: a credit can be active on only one chain at a time, enforced through lock-mint via Chainlink CCT or a Canton-mirrored synchronizer entry.

The public-sector class includes sovereign and sub-sovereign tokenized debt, central-bank-aligned instruments, government-procurement tokens, subsidy and grant disbursement rails, conditional voucher and cash-transfer programmes, land-title records, permits, tax credits, and eID issuance. Each is expressed in the same Layer-1 grammar with a public-sector pack attached.

9.1 Sovereign signer attestation

Public-sector containers carry a sovereign or sub-sovereign signer claim, rooted in the relevant national PKI or central-bank attestation framework. This allows a bond holder, a voucher recipient, or a permit checker to verify the signer without a trusted intermediary.

9.2 Conditional disbursement

Procurement milestones, benefit cohorts, cash-transfer eligibility, and subsidy unlocks are all expressed as the same underlying workflow primitive: a conditional token that activates on one or more attested events. Conditions can be time-bound (valid 2026-06-01 through 2026-12-31), use-bound (food categories only), merchant-bound (registered public clinics only), or any composition.

9.3 Interop standards

The public-sector grammar is designed to interoperate with eIDAS 2.0 / EUDI Wallet, ISO 18013-5 mobile driving licences, MOSIP, HKMA Ensemble, MAS Project Guardian, and BIS Agorá. Each is integration scope: named adapters, not live connectors.

Delivery-versus-payment (DvP) is a core primitive. Boli’s DvP engine coordinates token movement on the asset leg with value movement on the cash leg atomically — either both occur or neither does.

10.1 Cash-leg menu

The cash leg is the customer’s choice. Supported targets include USDC, EURC, RLUSD, PYUSD, USDG, JPMD, EURCV, other regulated tokenized deposits, and wholesale central-bank money where available. None are live integrations today; each is a named adapter on the DvP core.

10.2 Same-VM atomic DvP

Where the asset leg and cash leg share a VM, DvP is a single atomic transaction. On EVM this is a standard atomic swap. On SVM this is a single-transaction multi-instruction bundle with the transfer hook enforcing compliance on the asset leg. On Canton this is a single exercise over both parties’ ledgers.

10.3 Cross-VM DvP

Where the legs live on different VMs, Boli coordinates through either a hash-time-locked-contract (HTLC) pattern with bounded timeouts, a cross-chain messaging layer (CCIP, LayerZero V2, Wormhole, Canton Global Synchronizer), or a trusted bridge to a regulated venue. The pattern chosen is a per-flow parameter.

10.4 Settlement windows and NAV

Funds priced on end-of-day NAV use ERC-7540 async subscription/redemption on EVM, with the equivalent async pattern on SVM and Canton. Intra-day repricing is supported where the venue and underlying allow. Redemption queues are first-class primitives with explicit ordering, notice periods, and gate conditions.

Every Boli-issued asset is born with an agent surface. This is not a future roadmap feature; it is a structural property of the container.

11.1 Six open standards

MCP

Model Context Protocol. Exposes per-asset tools (subscribe, redeem, retire, read NAV, request corporate action) as MCP servers any compliant agent can call.

x402

HTTP-native metered payments. Reads and actions can be priced per call or per byte, with settlement in the cash-leg of choice.

AP2

Agent Payments Protocol. Mandate-bound execution — an agent can only execute within limits signed off-chain by its principal.

ACP

Agent Commerce Protocol. Agent-to-service commerce with attribution-preserving receipts.

ERC-8004

On-chain agent identity and reputation. Every agent that touches an asset carries an ERC-8004 identity and accrues reputation against it.

A2A

Agent-to-agent orchestration. Multi-agent workflows (fraud triage, MRV anomaly escalation, corporate-action drafting) compose over A2A channels.

11.2 Policy binding

Autonomy is a dial, not a switch. Every workflow — issuance, KYC escalation, corporate action, distribution, retirement — exposes a policy surface that the customer can tune from “agent drafts, human approves” through “agent executes within mandate, human on exception” through “agent executes autonomously, human on appeal”. Every action is cryptographically attributable to an ERC-8004 identity.

11.3 Agent runtime primitives

On top of the standards layer, Boli ships runtime components: a multi-party workflow engine (issuance, DvP, distributions, retirement); fraud and AML graph AI with policy-tunable thresholds; MRV anomaly detection for environmental flows; predictive risk, NAV drift, settlement-failure, and demand models; regulatory-change watchers that alert customers when a pack’s upstream source changes; and a bring-your-own-model interface for customers with in-house AI.

Boli’s security posture assumes the threat surface of institutional finance plus the threat surface of public ledgers plus the threat surface of autonomous agents.

12.1 Smart-contract assurance

Every Boli contract, pack, and runtime module is subject to independent audit by two reputable firms prior to mainnet deployment. Formal verification is applied to force-transfer, redemption-queue, waterfall, and DvP primitives. Upgrades are governed by a multisig with time-locked execution and a public diff window.

12.2 Key management

Administrative keys on Boli’s own operational infrastructure are held by a 3-of-5 threshold on hardware-backed signers. Customer keys live with the customer’s chosen custodian. Fireblocks, BitGo, Anchorage, Copper, Taurus, Komainu, and Fordefi are all integration targets; none are live today.

12.3 Privacy

Privacy is a per-flow parameter. SPL Token-2022 confidential transfers hide amounts from public observers while keeping a regulator-viewable audit channel. Canton party-scoped disclosure restricts data visibility to counterparties and regulators. Zero-knowledge attestation kits are integration scope for flows that require selective disclosure on EVM.

12.4 Agent safety

Agents operate within explicit mandates (AP2) and carry on-chain identity (ERC-8004). Runaway agents are bounded by mandate expiry, rate limits, and policy-level circuit breakers. Every agent action is cryptographically attributable and reversible through the force-transfer / recovery primitives where the compliance pack allows.

Boli is unregulated software. It does not hold assets, does not hold customer funds, does not run an ATS, MTF, or exchange, does not operate as a broker-dealer or placement agent, does not act as a transfer agent, does not operate a custody business, and does not issue stablecoins or tokens of any kind. This is the Stripe / Twilio / Plaid pattern applied to tokenized regulated assets.

13.1 What Boli does

Boli writes, hosts, and licenses software that a regulated customer uses to issue, distribute, administer, and operate on-chain regulated instruments. Boli can host the runtime on the customer’s behalf as a software-as-a-service; Boli can also deliver the runtime as a self-hosted deployment in the customer’s cloud. Either way, Boli’s role is software vendor.

13.2 What Boli does not do

Boli does not issue any security, e-money token, asset-referenced token, voucher, or commodity. Boli does not act as an agent for the issuer. Boli does not hold, administer, or settle customer funds. Boli does not provide tax, legal, accounting, or compliance advice. Every license — broker-dealer, ATS, MTF, transfer agent, fund administrator, qualified custodian, VASP, CASP, DTSP, EMI, MTL, CFTC, ATS-N, MiFID, ARVA, VASP — is held by the customer or the customer’s chosen partner.

13.3 Consequences

The consequence of this positioning is that Boli can ship one product to a fund manager in Singapore, a debt-management office in Hong Kong, a carbon project developer in Brazil, and a benefits agency in Estonia without taking on conflicting regulatory obligations. The customer always carries the license; Boli always carries the software.

Boli is priced as software. Revenue comes from four counterparty-neutral lines, none of which require Boli to hold, issue, or custody any asset.

14.1 Platform licence

Customers pay an annual platform licence indexed to the scope of the deployment: asset classes enabled, VMs enabled, packs enabled, and support tier. A debt-management office running sovereign-debt issuance on Canton pays differently from a multi-strategy real-estate manager running fund wrappers on EVM and SVM.

14.2 Usage

Certain runtime services — workflow executions, agent reads via x402, MRV oracle calls, cross-chain CCIP sends — are metered. Pricing is published and tier-based. Most customers hit a flat-rate cap quickly.

14.3 Professional services

Onboarding a new asset class, authoring a new compliance pack for a jurisdiction Boli does not yet cover, and integrating a new venue or registry are time-and-materials engagements. These are capped and delivered under fixed-scope statements of work.

14.4 Pack marketplace

Over time, the library of compliance, integrity, and public-sector packs becomes a marketplace. Third-party law firms and specialist consultancies can publish packs against Boli’s specification. Revenue-share flows back to pack authors.

The reference deployment for Boli’s first production cohort is a portfolio of luxury hospitality real estate with enterprise value in the hundreds of millions of US dollars. Each asset is represented as its own Layer-1 container. A Layer-2 wrapper is offered to qualified investors as an evergreen real-estate strategy. Share classes inside each container distinguish common equity from preferred tranches. Secondary listing is opt-in per container, routed through a venue partner.

15.1 Containers

Each individual property SPV is a distinct Layer-1 container on EVM (ERC-3643 + ERC-1155) with a compliance pack composing Reg D 506(c), Reg S, FIRPTA withholding, and the relevant state Blue Sky overlay. Each container carries an OnchainID eligibility attestation, a cap-table sub-token per share class, a waterfall distribution primitive, and a force-transfer authority for court orders and tax-levy events.

15.2 Wrapper

A Layer-2 ERC-7540 wrapper aggregates the containers into a single investor-facing share. Investors subscribe and redeem asynchronously against the wrapper; the wrapper settles into or out of the underlying containers on NAV cadence. The wrapper is the customer’s chosen vehicle, not Boli’s.

15.3 DvP and cash leg

Primary subscription settles in USDC or EURC on EVM with same-chain atomic DvP. Secondary transfers are listed through a venue partner in integration scope. FIRPTA withholding is computed at the container level and remitted in the cash leg to the customer’s tax agent.

15.4 Agent surface

Each container exposes an MCP server for investor reporting, NAV queries, distribution notices, and tax-lot exports. Reads are x402-metered for downstream aggregators. Agent-initiated distributions run under AP2 mandates signed by the customer’s fund administrator.

The roadmap is expressed as named milestones, not dates — dates shift with audit cadence, jurisdiction approvals, and customer sequencing.

M1 — Core GA on EVM

Layer-1 and Layer-2 GA on Ethereum mainnet and two additional EVM chains. Core compliance packs (Reg D, Reg S, VCC, MiCA-aligned institutional) live. First anchor deployment onboarded.

M2 — SVM and first cash-leg adapter

SPL Token-2022 containers GA on Solana mainnet. First production cash-leg adapter live (USDC or EURC on EVM). First venue adapter live for secondary listing.

M3 — Canton and first wholesale deposit cash-leg

Daml container GA on Canton. First wholesale deposit cash-leg adapter live (JPMD or EURCV). First cross-VM DvP production flow.

M4 — Environmental integrity

ICVCM CCP, CORSIA, and Article 6 integrity packs GA. First two registry-mirror adapters live (Verra and Gold Standard). First dMRV oracle adapter live. Retirement proofs production.

M5 — Public-sector grammar

Public-sector pack GA with sovereign-signer attestation and conditional-voucher primitives. First public-sector customer in production. eIDAS 2.0 / EUDI Wallet integration live.

M6 — Pack marketplace

Third-party pack authoring opens. First external compliance pack published and certified. Revenue-share enabled.

Tokenization at institutional scale is not a token problem; it is a grammar problem. The question is not which chain, which wrapper, or which stablecoin; it is whether there exists a single asset-definition grammar whose output is customer-issued, customer-regulated on-chain instruments that compose across venues, classes, and rails without forcing the infrastructure layer to become a regulated entity.

Boli is that grammar. Two layers. One runtime. Three VMs. Four asset classes. Zero Boli tokens. Every license with the customer; every line of software with Boli. The result is a neutral software layer that an issuer, a fund manager, a project developer, a debt-management office, or a benefits agency can adopt without inheriting a retail community, a treasury, or a listing politics problem.

The thesis is simple: the next trillion dollars of regulated assets will not be issued on a branded platform token. They will be issued as customer-branded containers on a neutral multi-VM runtime. Boli builds the runtime.

The customer carries the license. Boli carries the software. That is the entire product.