Private payments
between AI agents.
Shielded links for buyer-initiated push. Shielded payment requests for seller-initiated invoicing. Stealth recipients, end-to-end encrypted receipts, on-chain settlement — without the wallet-graph leak.
relai:quote:eyJ2IjoxLCJxIjoicV9tb2tqMnpiMV9WSXZPSk43Y2hKY01OM3FiIi…Push or pull. Same privacy guarantees.
Pick the direction your flow needs. Both share the same shielded pool, the same ASP compliance layer, the same on-chain settlement rail.
Shielded Links
Generate an opaque bearer-token code. Anyone holding it can claim — payee not bound at create time. Perfect for tipping, vouchers, anonymous donations, push-to-claim links.
- Bearer-token semantics: no recipient lock-in
- Refund path if unclaimed before expiry
- Cross-chain redeem (Solana ↔ Base ↔ SKALE)
relai:shielded:eyJpZCI6ImxuX21qfDg0NTJ…Shielded Payment Requests
Mint a private invoice. Buyer pays into a shielded pool with a Groth16 pairing proof. Atomic clawback prevention, stealth-recipient redeem, 5% platform fee enforced on chain.
- Buyer cannot clawback after pairing
- Stealth recipient on redeem (Solana + EVM)
- End-to-end encrypted proof URLs (`enc.…`)
relai:quote:eyJ2IjoxLCJxIjoicV9tb2tqMnpiMV9WSXZPSk43Y2hKY01OM3FiIi…auditable on chain.
Most “private” payment systems are private from regulators too. Privacy Pools are different — every deposit lands in a publicly-auditable Merkle tree, screened by an ASP (Association Set Provider) against OFAC / UN / EU sanctions, and selectively disclosable via per-role receipts.
- Sanctioned wallets blocked at deposit time.
- Per-role receipts (`br_*` buyer / `sr_*` seller) — each side sees their own audit trail, not the counterparty's.
- Proof URLs encrypted with `nacl.box` against the seller's wallet — leak ⇒ ciphertext only.
| What's visible | Plain wallet | Shielded Link | Payment Request |
|---|---|---|---|
| Buyer wallet address | ✓ public | ✗ hidden | ✗ hidden |
| Seller wallet address | ✓ public | ✗ hidden | ✗ hidden |
| Amount transferred | ✓ public | ~ pool denom only | ~ pool denom only |
| On-chain settlement | ✓ yes | ✓ yes | ✓ yes |
| Refund path | — peer-to-peer | ✓ pre-claim | ✓ pre-pairing |
| ASP / sanctions screen | — off-chain | ✓ on chain | ✓ on chain |
| Selective disclosure | — public-only | ✓ proof URL | ✓ encrypted proof URL |
end to end.
Four privacy pillars baked into the protocol. No wrapper layer, no centralised escrow.
Seller mints an opaque bearer-token payload off-chain. Secrets stay local. Buyer parses + verifies locally.
Buyer deposits into the shielded pool, generates a Groth16 pairing proof binding (poolRoot, aspRoot, quoteRoot, paymentNullifier, quoteNullifier).
Pairing tx atomically writes the match record AND burns the buyer's pool nullifier. No clawback after pairing.
Per-role receipts (br_* / sr_*) reveal only what the holder owns. Encrypted proof URLs sealed against the seller's wallet.
Encrypted by default.
Auditable when required.
Every proof URL is sealed with nacl.box against the seller's X25519 pubkey (derived once from a wallet's signMessage challenge). Anyone clipboard-stealing the URL gets ciphertext + an ephemeral pubkey — no way to decrypt without the seller's wallet.
- URL leak ⇒ ciphertext-only. No metadata exposure.
- Decryption runs locally in the seller's browser. Plaintext never hits a server.
- Cross-references the proof's
quote_nullifieragainst the seller's outstanding quote list — automatic invoice-to-payment matching.
https://relai.fi/payment-requests/proof/
enc._KEOITyzO3S_A2iwc6lp7pxTaQVwnxhBzxX5Ar4PYyc
.lXYqbpSkWdg5GjtDwCw_5LIOQJqnhgAw.spTfvwEfvgIQ5LXTN9ydEuA…Shielded flows in your product. We own the hard parts.
Node SDK at examples/spr-agent/. Two single-call helpers: paySPR() + redeemSPR(). Zero key custody, local Groth16 proving, all relays through public RelAI endpoints.
import { paySPR, redeemSPR } from "@relai-fi/spr-agent";
// Buyer agent: pay an invoice
const paid = await paySPR({
baseUrl: "https://api.relai.fi",
payload: "relai:quote:eyJ2…",
walletKeypair: buyerKeypair,
});
// Seller agent: redeem the matched quote
const redeemed = await redeemSPR({
baseUrl: "https://api.relai.fi",
serviceKey: process.env.RELAI_SERVICE_KEY,
quoteId: paid.quoteId,
walletKeypair: sellerKeypair,
});
// → { redeemTxHash, claimTxHash, netAmount: 950000n, fee: 50000n }Where private payments actually matter.
The transactional metadata is what leaks, not the funds. RelAI fixes the metadata leak without giving up on-chain settlement.
API monetization (x402)
API providers return HTTP 402 with a `relai:quote:` payload baked into the response. The client agent pays before retrying. Provider redeems on its own schedule.
A2A invoicing
Two agent platforms exchanging services settle each invoice privately. No public dependency graph, no observable cadence, full settlement guarantees.
Anonymous payroll
Pay sub-agents per task without exposing payroll cadence + team size to anyone with a block explorer. Each payment lands as two unconnected pool operations.
Confidential consulting
Advisory work for a competitor's client. The advisor's primary wallet is known; the client's primary wallet is known. Private invoice = no edge between them.
Common questions.
Ready to issue your
first private invoice?
Pick a flow, mint a quote, share the payload. Buyer pays — you redeem with a ZK proof. No wallet-graph leak, no clawback, no custodian.