Keystone Labs · Product briefing

Wahd
The back office you
don’t have to build.

Your ops team gets a configurable, auditable case platform. Your engineers get an SDK. Launch new operations in days - with the controls regulators expect, from day one.

SDK-EXTENSIBLE CONFIGURABLE TAMPER-EVIDENT
KEYSTONE LABSWAHID · FOR DIGITAL BANKS & FINTECHS
The second product

Every fintech ends up building two
products. Only one of them ships.

Ops tooling eats your sprints

Admin panels, KYC queues, dispute trackers - internal tools nobody planned for, rebuilt at every stage of growth while the roadmap waits.

Spreadsheet ops don’t scale

Handoffs in Slack, evidence in sheets, status in someone’s head. Fine at a thousand customers - fatal at a hundred thousand.

Regulators don’t grade effort

Licensing and audits ask for maker-checker, audit trails and access control - controls that are expensive to retrofit and impossible to fake.

Headcount is not a workflow

Without queues, SLAs and routing rules, operations scale linearly with hiring - and every departure takes process knowledge with it.

KEYSTONE LABS02
The platform

Ops gets a back office.
Engineering gets a platform.

Your product
App & web events
Support escalations
Risk & fraud alerts
WebhooksHMAC
WahdOperations layer
  • Case management & team queues
  • Workflow engine, maker-checker
  • Decision tables & routing rules
  • SLA timers & dashboards
  • Tamper-evident audit log
  • Default-deny RBAC & SSO
Your stack
Ledger / coreREST
Card processorREST
KYC vendorREST
ScreeningREST

Ops configures workflows in the console. Engineering extends the platform through an SDK and connects systems through one integration layer - nobody builds another admin panel.

KEYSTONE LABS03
Ship an operation in days

New use cases without a release.

Everything an operation needs is configuration - versioned with draft, activate, archive and history. Ops iterates in the admin console; engineering stays on the roadmap.

Draw the workflow on a canvas

Stages, transitions, role gates, approval gates, decision gateways and API calls - a state machine you can see, not a config file you decode.

Build the form, not the frontend

Case data captured through a form builder with sections, field types and validation - no React sprint for every new checklist.

Route by rule, not by tribal knowledge

Decision tables score and route cases - readable by your risk team, versioned, simulated before they go live, explainable afterwards.

Put a clock on everything

SLA policies on the case or a single stage, calendar-aware. Breaches surface in queues before they become complaints.

KEYSTONE LABS04
Follow a case

Intake to sealed, in one flow.

01

A case arrives

A screening hit, a dispute, an escalation - it lands in the right team’s queue, SLA armed.

Intake
02

The workflow takes over

Role gates, maker-checker, timers - the state machine you drew.

In workflow
03

Routed by rule

Decision tables score and route - every rule versioned and explainable.

Routed
04

Sealed for good

Every action seals into a hash-chained audit log, verifiable on demand.

Sealed ✓

One timeline holds it all: transitions, approvals, comments, documents, integration calls - who, what, when, in order.

KEYSTONE LABS05
Where fintechs start

The operations behind every
digital product.

Onboarding & KYC exceptions

Screening-hit triage, document review and EDD approval chains - so growth campaigns don’t drown compliance in manual review.

Fraud & transaction review

Alert queues with decision-table triage and SLA-bound response - measurable, auditable, and staffed by queue instead of by heroics.

Disputes & chargebacks

Network deadlines as timers, maker-checker on decisions, evidence attached to the case record - not scattered across tools.

Support escalations, in context

Customer 360 pulls live data from your systems into one view, so tier-2 support works a case - not five browser tabs.

If you can draw it as stages and rules, Wahid can run it - this week, not next quarter.

KEYSTONE LABS06
For engineers

Extend it like you built it.

  • TypeScript + React SDK. Modules are real code built against the platform’s design system and API client - not a widget iframe.
  • One manifest registers everything. Views, permissions and integration access declared in defineModule() - RBAC picks them up automatically.
  • A versioned platform contract. Modules build against a stable, versioned API surface - platform upgrades don’t break your code silently.
  • Per-deployment assembly. Each environment ships only the modules it selects - the platform itself is never forked.
KEYSTONE LABS07
Integration

Wired for your stack.

REST-first, with the delivery guarantees ops platforms usually skip. Connect your ledger, processors and KYC vendors once - reuse them from every workflow.

Auth that matches reality

OAuth2 client credentials, API keys, HMAC, bearer and basic - plus mTLS when a bank partner demands it, and SOAP for the legacy corner cases.

Webhooks in, calls out

HMAC-verified inbound webhooks open or advance cases; outbound calls gate workflow transitions or fire-and-forget notify.

Delivery you can reason about

Outbox with retries and dead-letter, idempotency keys on every call, circuit breakers and explicit timeouts - at-least-once, receiver-dedupable.

A blocking call that fails rolls the transition back cleanly. A timeout is an explicit unknown-outcome, never a silent success.

KEYSTONE LABS08
The proof

Compliance-grade from day one.

The controls a license application asks about are the platform’s foundation - not a roadmap item you promise the regulator.

  • Hash-chained audit log - every action seals against the last; verify the chain on demand.
  • Default-deny RBAC with segregation of duties - permissions down to module, tab and widget.
  • Maker-checker as policy - sequential or parallel approvals; a maker never checks their own work.
  • OIDC-native SSO - Keycloak out of the box; your IdP, JIT provisioning, roles from groups.
KEYSTONE LABS09
Operational leverage

Scale operations, not headcount.

  • Queues, not inboxes. Work routes to teams by stage and rule; anyone can see what’s waiting, aging or breaching.
  • Measure ops like product. Live dashboards per team and case type - review, open, pending, breached - not a Friday spreadsheet.
  • Process outlives people. The workflow is the documentation - a new hire works cases correctly on day one.
  • Tune without a ticket. Thresholds, routing and SLAs are decision tables and policies ops can change - versioned and reversible.
KEYSTONE LABS10
Deployment

Single-tenant. Your cloud.
Your data.

Containerized, where you run

A single-tenant deployment in your cloud account - or on-premise when a bank partnership or regulator requires it. Your data never leaves your estate.

Your identity provider

OIDC-native with Keycloak: SSO against the IdP you already run, just-in-time provisioning, roles and teams synced from groups.

Starts small, grows with you

Begin with one case type and one team. Add workflows, modules and integrations as operations grow - on the same platform, without migrations.

One yearly license

Predictable platform pricing per deployment - no per-seat meter punishing you for growing the ops team.

KEYSTONE LABS11
Why Keystone exists

Financial software still runs on systems written decades ago and patched ever since. We build the frontier alternative: platforms that are configurable, auditable and AI-ready from day one - built in the GCC, for the institutions the region’s standards are written for.

Configurable per tenant, per module Tamper-evident by design Built for GCC regulation

We don’t ship alone

Our engineers work alongside yours - from the first workshop through production. Consulting and embedded engineering with deep banking-domain context.

Two products, one foundation

Wahid, the back office - available today. SafeConnect, open-banking consent management - in active development on the same platform.

KEYSTONE LABS12
Next step

See Wahid in action.

Bring one workflow you run in spreadsheets today - we’ll show it configured and running in Wahid, queues to audit trail.

01

Working session

Two hours with your ops and engineering leads - we map one real process end to end.

02

Configured pilot

Your case types, rules and SLAs live in Wahid - reviewed with the team that will run them.

03

Integration & rollout

Wire your stack through the integration layer, deploy single-tenant in your cloud, go live.

[email protected]keystonelbs.com
KEYSTONE LABSWAHID · FOR DIGITAL BANKS & FINTECHS · 13
01 / 13 ← → navigate · F fullscreen