Cloaked Agent

Give AI agents spending power without giving them your wallet keys. Cloaked creates on-chain spending accounts with enforced constraints that agents cannot bypass - even if jailbroken or compromised.

GitHub

Cloaked

Trustless spending accounts for AI agents on Solana

cloakedagent.com

The Problem

AI agents need to spend money autonomously. But giving them wallet access is dangerous:

Jailbroken agent? Drains your wallet
Bug in agent code? Infinite spending loop
Prompt injection? Attacker controls your funds

Agent-side limits don't work - the agent has the keys and can bypass its own rules.

The Solution

On-chain enforced constraints that agents literally cannot bypass.

┌─────────────────────────────────────────────────────────────────┐
│                      CLOAKED AGENT                              │
├─────────────────────────────────────────────────────────────────┤
│  Owner: Human wallet (full control)                             │
│  Delegate: AI agent key (can spend within limits)               │
│                                                                 │
│  Constraints (enforced by Solana program):                      │
│  ├── max_per_tx: 0.1 SOL                                        │
│  ├── daily_limit: 1 SOL                                         │
│  ├── total_limit: 10 SOL                                        │
│  ├── expires_at: 2026-02-15                                     │
│  └── token_limits:                                              │
│       └── USDC: 5/tx, 50/day, 500 total                        │
│                                                                 │
│  Even if jailbroken, agent CANNOT exceed these limits.          │
└─────────────────────────────────────────────────────────────────┘

Privacy Architecture

Cloaked offers dual-mode privacy:

Standard Mode

Owner wallet linked to agent on-chain
Simple setup, lower fees

Private Mode (ZK)

Zero-knowledge proofs hide wallet-agent link
Owner proves ownership without revealing identity
Funded anonymously via Privacy Cash

┌─────────────────────────────────────────────────────────────────┐
│                    PRIVACY STACK                                │
├─────────────────────────────────────────────────────────────────┤
│  ZK Circuits:      Noir (Aztec)                                 │
│  Client Prover:    Barretenberg (UltraHonk via WASM)            │
│  On-chain Verify:  Sunspot (Groth16 on Solana)                  │
│  Hash Function:    Poseidon (ZK-friendly)                       │
│  Anonymous Funding: Privacy Cash (privacycash.org)              │
└─────────────────────────────────────────────────────────────────┘

Private Agent Creation:
  Wallet signs message → Master secret derived → Commitment generated
  On-chain: owner_commitment (hash), NOT wallet address
  To manage: Prove knowledge of preimage via ZK proof

Technology Stack

Component	Technology
Blockchain	Solana
RPC	Helius
Smart Contract	Anchor Framework
ZK Proofs	Noir + Barretenberg + Sunspot
Frontend	Next.js 16, React 19, TypeScript
Backend	Express.js (Relayer)
AI Integration	MCP (Model Context Protocol)
Token Support	USDC
x402 Payments	Native support

Program IDs (Devnet)

Cloaked Program: 3yMjzAeXXc5FZRUrJ1YqP4YMPhPd5bBxHQ6npNSPCUwB
ZK Verifier:     G1fDdFA16d199sf6b8zFhRK1NPZiuhuQCwWWVmGBUG3F

Key Features

1. On-Chain Constraints

Per-transaction limits
Daily spending caps
Lifetime limits
Expiration dates
Instant freeze

2. Privacy Options

Standard mode (simple)
Private mode (ZK proofs)
Anonymous funding (Privacy Cash)

3. x402 Protocol Support

Automatic payment handling
Pay-per-use APIs
AI service payments

4. Multi-Agent Dashboard

Create/manage multiple agents
Real-time spending visibility
One-click freeze

5. USDC Token Support

USDC with per-token spending constraints
Same on-chain enforcement as SOL
Token balance visibility in dashboard

Quick Start

For AI Agents (MCP)

{
  "mcpServers": {
    "cloaked": {
      "command": "npx",
      "args": ["cloaked-mcp"],
      "env": {
        "CLOAKED_AGENT_KEY": "your-agent-key-here"
      }
    }
  }
}

The agent can pay in SOL or USDC - pass token: "USDC" to cloak_pay.

For Developers (SDK)

npm install @cloakedagent/sdk

import { CloakedAgent } from "@cloakedagent/sdk";

// Load agent (can spend)
const agent = new CloakedAgent(agentKey, rpcUrl);

// Spend within limits
await agent.spend({
  destination: recipientPubkey,
  amount: 100_000_000  // 0.1 SOL
});

// Spend USDC (requires token enabled on agent)
await agent.spendToken({
  destination: recipientPubkey,
  mint: USDC_MINT,
  amount: 5_000_000  // 5 USDC (6 decimals)
});

Project Structure

cloaked/
├── programs/cloaked/     # Anchor program (constraints, ZK verification)
├── circuits/             # Noir ZK circuits (ownership proofs)
├── app/                  # Next.js frontend (dashboard, docs)
├── backend/              # Express relayer (fee payer, ZK ops)
└── sdk/                  # TypeScript SDK (@cloakedagent/sdk)
    └── src/mcp/          # MCP server (cloaked-mcp binary)

Documentation

Full documentation available at cloakedagent.com/docs

Why Cloaked?

Problem	Cloaked Solution
AI can drain wallet	On-chain limits can't be bypassed
No spending visibility	Real-time dashboard
Can't stop runaway agent	Instant freeze
Wallet identity exposed	Private mode with ZK proofs
Complex integrations	Native x402 support

Cloaked - Trustless spending accounts for AI agents

Related Servers

Send247 Human Logistics

Human Logistics in the AI Layer

McpVanguard

An open-source security proxy and active firewall for the Model Context Protocol (MCP).

RobotMem

Persistent memory system for robots. Store, recall and learn from sensor data, motor commands, and experiences across sessions. Fully offline, SQLite + ONNX.

Sysmetrics

Give your self-hosted agents 'situational awareness.' This MCP server provides a direct interface for agents to query Linux system telemetry, enabling autonomous resource monitoring, proactive alerting, and interactive troubleshooting via any MCP-compatible client.

Skillbase/spm

npm for AI skills. Create, share, and discover reusable AI instructions for any model via MCP.

US Safety Recalls MCP

Search NHTSA vehicle recalls and FDA food/drug recalls in real-time. 4 MCP tools for product safet monitoring.

stresszero-mcp

MCP server for burnout risk scoring across 3 dimensions (physical, emotional, effectiveness) via the StressZero Intelligence API. Provides AI agents with burnout analysis, personalized recommendations, and detailed reports for coaches and HR platforms.

MCP Time Server

A simple server that provides the current UTC time.

Regenique Elegance Commerce

AI-powered commerce MCP server enabling product discovery, cart management, and checkout for the Regenique Elegance luxury skincare store via Shopify Storefront API.

News MCP

Provides access to news articles from a PostgreSQL database and offers a tool to summarize them using the OpenAI API.