The agent economy is forming an open stack — MCP for tools, A2A for communication, ERC-8004 for identity, x402 for public payments — but every rail is public by design, broadcasting prices, balances, and revenue to anyone with a block explorer. For a real business, that's a non-starter. Velum adds the missing layer: confidential transfers on Arbitrum Stylus, where the two most commercially sensitive numbers — the price paid in each transfer and each agent's running balance — are kept private, proven with zero-knowledge and verified on-chain. Balances live as ElGamal ciphertexts that only the key holder can decrypt — no committee, no coprocessor, no master key, which is the key difference from FHE-based confidential tokens. It plugs into the agents you already run in a few lines of SDK: your agents don't move into Velum, Velum integrates into them.
Velum is the confidential settlement rail for the agent economy. AI agents are starting to transact autonomously, and an open stack is forming to support it — MCP for tools, A2A for communication, ERC-8004 for identity and reputation, x402 for public payments. But every one of those rails is public by design: amounts, balances, and revenue are broadcast in plaintext. No real business wants its supplier pricing, per-call costs, treasury size, or revenue-per-agent visible to every competitor with a block explorer. Velum adds the missing layer — privacy — without breaking the rest of the stack.
Two agents settle a payment on-chain, and an observer can see that they transacted — but not how much moved, and not how much either agent holds. Velum makes the two most commercially sensitive numbers private — the price paid in each transfer and each agent's running balance — while keeping identity, reputation, and the existence of every transaction fully auditable.
Private: the value transferred in each payment, and the plaintext of each agent's balance (readable only by the holder of the key).
Public: that a transfer happened, the token and agent public keys, deposit/withdrawal amounts (real ERC-20 movements), and the balance ciphertexts on-chain.
This narrow, specific guarantee removes the two pieces of information that kill a public marketplace — the price actually paid and the revenue per agent — while leaving everything else auditable.
Balances live on-chain as ElGamal ciphertexts; only the key holder can decrypt them.
Deposits, withdrawals, and transfers are validated by Noir-generated zero-knowledge proofs (UltraHonk). The custody contract — written in Rust on Arbitrum Stylus — checks every proof against a deployed on-chain verifier before touching a single balance.
In the transfer circuit, the amount is a private witness — it never appears in the proof's public inputs, so no observer can read it from chain data.
Solvency is proven in-circuit: every transfer proves, without revealing either number, that the sender's balance covers the amount. Overdrafts are rejected by math, not by trust.
The dominant confidential-token approach (ERC-7984) is FHE-based, where decryption runs through a threshold committee — a set of parties who, together, can read any balance. Velum takes the zero-knowledge path: balances are ElGamal ciphertexts and only the holder of the matching key can ever decrypt one. No committee, no coprocessor, no operator with a master key. Because verification is ZK and EVM-portable, it isn't locked to one chain's privacy infrastructure. And confidential ≠ unaccountable: privacy is aimed at the public, not at auditors — viewing keys on the roadmap give auditors cryptographic access to their own flows.
The SDK is the primary surface. Adding confidential, paid access to a service you already run takes a few lines: gate an endpoint with requirePayment(), or, as a buyer, discover → invoice → pay → call. Your agents don't move into Velum — Velum integrates into the OpenAI agents, LangChain workflows, MCP servers, and APIs you already run.
A Rust custody contract on Arbitrum Stylus (ciphertext storage, agent registry, proof orchestration, ERC-20 custody).
Three Noir circuits (deposit, withdraw, transfer) and three deployed UltraHonk verifiers.
ERC-8004 identity: every agent is auto-registered in the official ERC-8004 IdentityRegistry (deployed on Arbitrum Sepolia).
A working SDK with delegated proving and an end-to-end agent-to-agent purchase example.
Verifying an UltraHonk proof is exactly the compute-heavy workload Stylus (Rust/WASM) is built to make cheap, and porting verification into the Stylus contract itself is the next milestone — turning Velum into a true end-to-end Stylus ZK showcase. The ZK path also keeps Velum portable across EVM chains rather than locked to one ecosystem's privacy coprocessor.