Cloaked Agent

Give AI agents spending power without giving them your wallet keys. Cloaked creates on-chain spending accounts with enforced constraints that agents cannot bypass - even if jailbroken or compromised.

GitHub

Cloaked

Trustless spending accounts for AI agents on Solana

cloakedagent.com

The Problem

AI agents need to spend money autonomously. But giving them wallet access is dangerous:

Jailbroken agent? Drains your wallet
Bug in agent code? Infinite spending loop
Prompt injection? Attacker controls your funds

Agent-side limits don't work - the agent has the keys and can bypass its own rules.

The Solution

On-chain enforced constraints that agents literally cannot bypass.

┌─────────────────────────────────────────────────────────────────┐
│                      CLOAKED AGENT                              │
├─────────────────────────────────────────────────────────────────┤
│  Owner: Human wallet (full control)                             │
│  Delegate: AI agent key (can spend within limits)               │
│                                                                 │
│  Constraints (enforced by Solana program):                      │
│  ├── max_per_tx: 0.1 SOL                                        │
│  ├── daily_limit: 1 SOL                                         │
│  ├── total_limit: 10 SOL                                        │
│  ├── expires_at: 2026-02-15                                     │
│  └── token_limits:                                              │
│       └── USDC: 5/tx, 50/day, 500 total                        │
│                                                                 │
│  Even if jailbroken, agent CANNOT exceed these limits.          │
└─────────────────────────────────────────────────────────────────┘

Privacy Architecture

Cloaked offers dual-mode privacy:

Standard Mode

Owner wallet linked to agent on-chain
Simple setup, lower fees

Private Mode (ZK)

Zero-knowledge proofs hide wallet-agent link
Owner proves ownership without revealing identity
Funded anonymously via Privacy Cash

┌─────────────────────────────────────────────────────────────────┐
│                    PRIVACY STACK                                │
├─────────────────────────────────────────────────────────────────┤
│  ZK Circuits:      Noir (Aztec)                                 │
│  Client Prover:    Barretenberg (UltraHonk via WASM)            │
│  On-chain Verify:  Sunspot (Groth16 on Solana)                  │
│  Hash Function:    Poseidon (ZK-friendly)                       │
│  Anonymous Funding: Privacy Cash (privacycash.org)              │
└─────────────────────────────────────────────────────────────────┘

Private Agent Creation:
  Wallet signs message → Master secret derived → Commitment generated
  On-chain: owner_commitment (hash), NOT wallet address
  To manage: Prove knowledge of preimage via ZK proof

Technology Stack

Component	Technology
Blockchain	Solana
RPC	Helius
Smart Contract	Anchor Framework
ZK Proofs	Noir + Barretenberg + Sunspot
Frontend	Next.js 16, React 19, TypeScript
Backend	Express.js (Relayer)
AI Integration	MCP (Model Context Protocol)
Token Support	USDC
x402 Payments	Native support

Program IDs (Devnet)

Cloaked Program: 3yMjzAeXXc5FZRUrJ1YqP4YMPhPd5bBxHQ6npNSPCUwB
ZK Verifier:     G1fDdFA16d199sf6b8zFhRK1NPZiuhuQCwWWVmGBUG3F

Key Features

1. On-Chain Constraints

Per-transaction limits
Daily spending caps
Lifetime limits
Expiration dates
Instant freeze

2. Privacy Options

Standard mode (simple)
Private mode (ZK proofs)
Anonymous funding (Privacy Cash)

3. x402 Protocol Support

Automatic payment handling
Pay-per-use APIs
AI service payments

4. Multi-Agent Dashboard

Create/manage multiple agents
Real-time spending visibility
One-click freeze

5. USDC Token Support

USDC with per-token spending constraints
Same on-chain enforcement as SOL
Token balance visibility in dashboard

Quick Start

For AI Agents (MCP)

{
  "mcpServers": {
    "cloaked": {
      "command": "npx",
      "args": ["cloaked-mcp"],
      "env": {
        "CLOAKED_AGENT_KEY": "your-agent-key-here"
      }
    }
  }
}

The agent can pay in SOL or USDC - pass token: "USDC" to cloak_pay.

For Developers (SDK)

npm install @cloakedagent/sdk

import { CloakedAgent } from "@cloakedagent/sdk";

// Load agent (can spend)
const agent = new CloakedAgent(agentKey, rpcUrl);

// Spend within limits
await agent.spend({
  destination: recipientPubkey,
  amount: 100_000_000  // 0.1 SOL
});

// Spend USDC (requires token enabled on agent)
await agent.spendToken({
  destination: recipientPubkey,
  mint: USDC_MINT,
  amount: 5_000_000  // 5 USDC (6 decimals)
});

Project Structure

cloaked/
├── programs/cloaked/     # Anchor program (constraints, ZK verification)
├── circuits/             # Noir ZK circuits (ownership proofs)
├── app/                  # Next.js frontend (dashboard, docs)
├── backend/              # Express relayer (fee payer, ZK ops)
└── sdk/                  # TypeScript SDK (@cloakedagent/sdk)
    └── src/mcp/          # MCP server (cloaked-mcp binary)

Documentation

Full documentation available at cloakedagent.com/docs

Why Cloaked?

Problem	Cloaked Solution
AI can drain wallet	On-chain limits can't be bypassed
No spending visibility	Real-time dashboard
Can't stop runaway agent	Instant freeze
Wallet identity exposed	Private mode with ZK proofs
Complex integrations	Native x402 support

Cloaked - Trustless spending accounts for AI agents

Related Servers

Vibe Math MCP

A high-performance Model Context Protocol (MCP) server for math-ing whilst vibing with LLMs. Built with Polars, Pandas, NumPy, SciPy, and SymPy for optimal calculation speed and comprehensive mathematical capabilities from basic arithmetic to advanced calculus and linear algebra.

Lotlytics

Live real estate market data for 895 US metros. Home prices, rental yields, investment health scores, migration trends, and HUD fair market rents. Free tier included, no account needed.

ForgingBlock

The infrastructure for AI-driven payments

Etherscan MCP Server

MCP server for Etherscan — query transactions, balances, contract ABIs, and token data on Ethereum.

Questrade MCP Server

An unofficial server to integrate with the Questrade API, providing access to trading accounts, market data, and portfolio information.

Gaggiuino MCP

An MCP server for the Gaggiuino open-source espresso machine, providing real-time local network access to machine status and shot data.

CryptoScholar

Live crypto technical analysis MCP server — EMA, RSI, MACD, ATR, Bollinger Bands, TSS scoring, and Claude AI bull/bear debate via CoinGecko free API

StonkWatch

Real-time ASX market intelligence for AI agents — announcements, AI summaries, sentiment, social intelligence, stock prices, and franking credit calculator across 2,200+ Australian-listed companies.

Pinterest Ads MCP

Connect Pinterest Ads to Claude or ChatGPT via Two Minute Reports MCP to get clear insights into Pin clicks, outbound clicks, engagement rate and conversions.

Ecovacs Robot Control

Control and query the status of Ecovacs cleaning robots using the MCP protocol.