zkPay

zk Payment
Rails.

x402-compatible payment intents with policy enforcement. Agents and users pay with provable privacy — amounts, identities, and receiver lists stay off-chain.

Next: zkAttest →

Intent → Receipt flow

01

Intent

The payer creates an intent with a policy manifest — amount cap, allowed receivers, cooldown, expiry. The intent hash is anchored on-chain.

02

Voucher

The payee receives a signed voucher derived from the intent. The voucher is off-chain — no on-chain record links payer to payee yet.

03

Settlement

The payer settles by revealing a nullifier. The verifier checks the nullifier has not been used. Settlement recorded. No amount or identity exposed.

04

Receipt

A receipt is issued. The payee can prove they received payment without revealing the payers identity, amount, or any metadata.

Code.

Create a policy-gated intent in three lines. The policy is enforced on-chain — there's no way to bypass it at settlement time.

Settlement uses a nullifier to break the link between the intent and the transfer. Observers see a settlement but cannot connect it to a specific intent or payer.

zkpay.ts
// Create intent with policy
const intent = await cloak.zkPay.createIntent({
  from: wallet.address,
  to: merchant.address,
  amount: "1000000",
  policy: {
    maxAmount: "1000000",
    cooldownSeconds: 3600,
    allowedReceivers: [merchant.address],
    expiresAt: Math.floor(Date.now()/1000)+3600
  }
})

// Voucher is off-chain — private
const voucher = intent.voucher

// Settle with nullifier — no link
await cloak.zkPay.settle(intent.id, nullifier)

Features.

Policy Manifests

Spending caps, receiver allowlists, cooldown windows — all enforced on-chain at settlement time. No off-chain policy changes.

Nullifier Privacy

Nullifiers break the link between intent and settlement. Observers cannot connect a settlement to its intent.

x402 Compatible

Designed to integrate with the EIP-402 payment flow. Agents can pay and be paid using standard HTTP calls.

ERC-20 + Native

Supports both ERC-20 tokens and native ETH. Gas abstracted where needed.

Cooldown Enforcement

Intents can specify a cooldown period. During cooldown, settlement is blocked even if the nullifier is valid.

Deadline Expiry

Intents expire automatically after a deadline. Expired intents cannot be settled — eliminates pending-payment ghost states.