Poly Agent
PolyAgent is a multi-chain payroll system that lets organizations, DAOs, and global teams run payroll without exposing signer identities. Transactions appear on-chain as if submitted by a single
ビデオ
テックスタック
説明
1. Project Overview
PolyAgent is a multi-chain payroll and multisig platform that enables organizations, DAOs, and global teams to run payroll without exposing signer identities. Every transaction appears on-chain as if submitted by a single anonymous relayer — signer identities remain completely hidden using zero-knowledge proofs.
The platform combines four key innovations into a unified product:
ZK-private multisig signing — no on-chain signer exposure
MetaMask Smart Accounts with ERC-7715 advanced permissions
x402 gasless USDC deposits — zero ETH required
Venice AI assistant for transaction analysis and platform guidance
Component | Description |
ZK Privacy | Noir circuits + zkVerify aggregation hide all signer identities on-chain |
Smart Accounts | MetaMask ERC-7572 Hybrid implementation upgrades EOAs to smart accounts |
Gasless Deposits | x402 protocol with EIP-3009 enables USDC deposits without ETH |
AI Assistant | Venice AI provides real-time transaction analysis and contextual help |
Multi-Chain | Deployed on Horizen, Base, and Arbitrum (Stylus Rust/WASM) |
Social Login | Web3Auth embedded wallets via Google, Apple, and email login |
2. The Problem
Existing on-chain payroll and multisig solutions expose critical information that puts organizations at risk:
Problem | Impact |
Exposed signer identities | Multisig approvers are publicly visible on-chain, creating security and privacy risks for organizations and individuals |
Traceable payments | Recipient addresses and amounts are visible to competitors, analysts, and bad actors |
Gas complexity | Every deposit requires ETH, creating friction for non-crypto-native teams adopting web3 payroll |
Wallet fragmentation | Teams juggle multiple wallet extensions with inconsistent UX and security trade-offs |
No intelligent assistance | Users navigate complex blockchain operations — ZK proofs, permissions, multisig — without contextual help |
3. Our Solution
Layer | Solution | Technology |
Identity Privacy | ZK proofs hide all signer identities; only a relayer appears on-chain | Noir circuits + zkVerify aggregation |
Smart Account | Upgrade EOAs to MetaMask Smart Accounts with advanced capabilities | @metamask/smart-accounts-kit (ERC-7572) |
Gasless Deposits | x402 protocol enables USDC deposits without any ETH | EIP-3009 TransferWithAuthorization |
Delegated Execution | ERC-7715 permissions allow pre-authorized spending with caveats | ERC-7710 delegation + ERC-7715 permissions |
Social Login | Web3Auth for non-custodial social authentication | @web3auth/modal (Google, Apple, Email) |
AI Assistant | Venice AI-powered chat for transaction analysis and guidance | Venice AI + OpenAI-compatible SDK |
Multi-Chain | Deployed on Horizen, Base, and Arbitrum | Solidity + Arbitrum Stylus Rust/WASM |
4. MetaMask Smart Account Integration
PolyAgent uses @metamask/smart-accounts-kit to upgrade user wallets to MetaMask Smart Accounts (ERC-7572). This is the foundation that unlocks the entire advanced permissions and gasless deposit flow.
4.1 Why the Hybrid Implementation?
PolyAgent uses the Hybrid implementation, which combines EOA and smart account capabilities in a single wallet identity:
Transactions can originate from the EOA directly (no extra gas overhead) or from the smart account (for delegated/permissioned flows)
ERC-7715 permissions apply at the smart account level
x402 deposits can be delegated via the smart account without exposing the raw EOA
One-time deployment cost — users pay gas once, then unlock all advanced features permanently
4.2 Upgrade Flow
Step | What Happens |
1. Connect wallet | User connects via RainbowKit (EOA) or Web3Auth (social login) |
2. Open upgrade modal | SmartAccountUpgradeModal explains benefits and the one-time gas cost |
3. Deploy smart account | toMetaMaskSmartAccount() deploys the Hybrid implementation contract |
4. Store address | Smart account address stored via useSmartAccountStore (Zustand persist) |
5. Unlock features | ERC-7715 permissions, x402 delegation, and gasless flows now available |
4.3 Key Implementation Files
File | Purpose |
services/web3/smartAccount.ts | Creates MetaMask Smart Account from the user's existing EOA |
hooks/app/useSmartAccount.ts | React hook managing upgrade lifecycle, auto-deploy, and account retrieval |
components/modals/SmartAccountUpgradeModal.tsx | UI explaining capabilities and guiding the one-time deployment |
services/store/useSmartAccountStore.ts | Zustand store persisting smart account address across sessions |
5. Advanced Permissions — ERC-7715 + ERC-7710
PolyAgent implements ERC-7715 Advanced Permissions to enable secure, scoped transaction execution. Users grant one-time permissions with enforced caveats — eliminating repeated signing while keeping full control.
5.1 Permission Types
Permission Type | Description | Use Case in PolyAgent |
erc20-token-periodic | Spend up to X tokens per time period | x402 USDC deposit delegation — facilitator deposits on user's behalf within limits |
call-token-allowance | Authorize specific function calls | Relayer execution of payroll transactions within defined parameters |
native-transfer | Native ETH transfers up to a cap | Gas sponsorship — smart account covers fees without unlimited exposure |
5.2 Permission Grant Flow
Step | Action |
1 | User calls requestUSDCx402Permission(token, amount) from useAdvancedPermissions hook |
2 | MetaMask opens the ERC-7715 permission grant UI — user reviews caveats (max amount, token, period) |
3 | User signs — permission is stored and linked to the smart account |
4 | x402 facilitator can now deposit USDC on the user's behalf within those limits |
5 | Permission auto-expires or user explicitly revokes — no permanent trust required |
5.3 Key Implementation Files
File | Purpose |
services/web3/permissions.ts | ERC-7715 helpers — requestExecutionPermissions, permission encoding |
hooks/app/useAdvancedPermissions.ts | React hook: requestUSDCx402Permission(), getGrantedPermissions() |
components/modals/PermissionRequestModal.tsx | UI for reviewing and confirming permission grants |
6. Venice AI Integration
PolyAgent integrates Venice AI as the first AI assistant built into a privacy-preserving multisig platform. The API is accessed entirely server-side — the API key never reaches the client, and chat history is managed client-side for privacy.
6.1 Assistant Capabilities
Feature | Description |
Transaction Analysis | Analyze any transaction payload, explain what it does, and flag potential risks in plain language |
ZK Privacy Explainer | Guide users through how zero-knowledge proofs protect signer identities on PolyAgent |
Smart Account Help | Step-by-step assistance for the upgrade flow, permission grants, and delegation setup |
Gas Optimization | Suggest optimal chains and timing for payroll transfers across Horizen, Base, and Arbitrum |
Platform Guidance | Answer questions about any PolyAgent feature in real time during complex operations |
6.2 Technical Architecture
Component | Detail |
API Endpoint | POST /api/venice/chat — Next.js server route with lazy client initialization |
Model | zai-org-glm-5-1 accessed via Venice AI's OpenAI-compatible API |
API URL | |
Security | API key stored server-side only, never exposed to the browser client |
Chat history | Managed client-side in React state — no conversation logs stored on the server |
System prompt | Tuned specifically for PolyAgent context: ZK proofs, multisig, payroll, permissions |
6.3 Key Implementation Files
File | Purpose |
app/api/venice/chat/route.ts | Server-side API route — handles requests, streams responses |
services/api/venice.ts | Service layer: getAIAssistantResponse(), analyzeTransaction() |
hooks/app/useVeniceAI.ts | React hooks: askAssistant(), analyzeTx() |
components/AiAssistant/VeniceChat.tsx | Chat UI component with message history and input |
app/dashboard/ai-assistant/page.tsx | Full-page AI Assistant dashboard view |
7. Web3Auth Embedded Wallet
PolyAgent integrates Web3Auth Modal v11 to provide non-custodial social login, making the platform accessible to teams who do not want to manage seed phrases or install wallet extensions.
7.1 Supported Login Methods
Method | Type | Wallet Derivation |
OAuth 2.0 | Deterministic from social account ID — same address on every login | |
Apple | OAuth 2.0 | Deterministic from Apple ID — same address on every login |
Passwordless | Deterministic from email address — same address on every login |
7.2 Key Derivation Rule
The same wallet address is guaranteed only when all three conditions match:
Same Web3Auth Client ID
Same Sapphire network (Devnet for development, Mainnet for production)
Same auth connection (e.g., same Google account)
Changing any one of these three factors produces a different wallet address.
7.3 Integration Architecture
Component | Detail |
Provider | Web3Auth Modal wired at the app root in ScaffoldEthAppWithProvidersClient |
wagmi bridge | useWeb3AuthLogin hook connects Web3Auth provider to wagmi after login |
EOA compatibility | Post-login, the Web3Auth EIP-1193 provider works with all existing wagmi hooks |
Smart Account | Web3Auth wallet can be upgraded to a MetaMask Smart Account like any other EOA |
Networks | Sapphire Devnet (development) and Sapphire Mainnet (production) |
8. x402 Gasless USDC Deposits
PolyAgent implements the x402 protocol for gasless USDC deposits using EIP-3009 TransferWithAuthorization. Users sign deposits completely off-chain — no ETH is ever required.
8.1 Standard Flow (without Smart Account)
Step | Action |
1 | User initiates deposit with an amount and target multisig address |
2 | Frontend generates an EIP-3009 TransferWithAuthorization signature (off-chain, no gas) |
3 | Signed authorization is submitted to the x402 facilitator |
4 | Facilitator submits the transfer on-chain — user pays zero ETH at any step |
8.2 Enhanced Flow (with Smart Account + ERC-7715)
Step | Action |
1 | User grants a one-time ERC-7715 erc20-token-periodic permission to the x402 facilitator |
2 | Permission includes enforced caveats: maximum amount, token address, and time period |
3 | Facilitator can now deposit USDC on the user's behalf without any further signatures |
4 | User never needs ETH for deposit gas — the entire flow is gasless and non-custodial |
8.3 Implementation Details
Detail | Value |
Protocol | x402 with EIP-3009 TransferWithAuthorization |
Primary hook | hooks/api/useX402Deposit.ts |
Delegation mode | useDelegation: true — routes authorization through smart account address |
Direct mode | useDelegation: false — routes authorization through user's EOA |
Shared utilities | @polypay/shared — EIP-3009 helpers and x402 payload encoding |
9. ZK Privacy — How It Works
PolyAgent uses Noir circuits compiled to UltraHonk proofs, aggregated on-chain by zkVerify. The result: multiple signers approve a transaction privately, and only the relayer's address ever appears in tx.from.
9.1 Transaction Approval Flow
Step | Actor | Action |
1 | Each signer | Derives a secret from their wallet signature and computes commitment = poseidon(secret) |
2 | Each signer | Generates a Noir UltraHonk ZK proof proving their commitment is in the authorized signer Merkle tree — without revealing which position |
3 | Each signer | Submits their proof (commitment, nullifier, aggregationId, domainId, merklePath, leafCount, index) to the relayer |
4 | Relayer | Once enough proofs are collected (>= signaturesRequired), calls execute(nonce, to, value, data, proofs[]) |
5 | Smart contract | Calls zkVerify.verifyProofAggregation() for each proof — all must pass |
6 | Blockchain | Transaction executes; only the relayer's address appears on-chain; all signer identities remain private |
9.2 ZK Proof Parameters
Parameter | Value |
Proving system | UltraHonk (keccak256('ultrahonk')) |
Hash function | PoseidonT3 — compatible with Noir poseidon2 |
Field prime | BN254 — 21888242871839275222246405745257275088548364400416034343698204186575808495617 |
Verification | On-chain via IVerifyProofAggregation (zkVerify contract) |
Circuit language | Noir |
10. Smart Contracts
10.1 MetaMultiSigWallet.sol
The core wallet contract deployed on Horizen and Base. Handles ZK proof verification, signer management, and batch payroll transfers.
Function | Description |
execute(nonce, to, value, data, proofs[]) | Executes a transaction once proofs.length >= signaturesRequired. Each proof is verified via zkVerify.verifyProofAggregation() |
addSigners(commitments[], newThreshold) | Add new signer commitments to the Merkle tree (onlySelf guard) |
removeSigners(commitments[], newThreshold) | Remove signer commitments and update threshold (onlySelf guard) |
batchTransfer(recipients[], amounts[]) | Batch native ETH transfers for payroll distribution |
batchTransferMulti(recipients[], amounts[], tokenAddresses[]) | Batch mixed token transfers across multiple ERC-20s |
10.2 MetaMultiSigWalletStylusFactory.sol
An EIP-1167 minimal proxy factory for Arbitrum Stylus. The Rust/WASM port of MetaMultiSigWallet exceeds the 24KB EVM code-size limit (~29KB compressed). PolyAgent solves this with a two-tier deployment:
The Stylus implementation (~29KB WASM) is deployed once via cargo-stylus
Per-user EIP-1167 proxies (~52 bytes EVM bytecode) delegatecall into the implementation
Each proxy holds independent storage: signers, nonces, nullifiers
A custom EIP-1167 variant includes a 5-byte prefix to handle empty-calldata (receive() / plain ETH transfers)
10.3 Deployment Addresses
Chain | Network | zkVerify Contract | Stylus Impl |
2651420 | Horizen testnet | 0x3098A697...E868C21 | — |
84532 | Base Sepolia | 0x0807C544...A1e8A8 | — |
26514 | Horizen mainnet | 0xCb47A3C3...b2B69 | — |
8453 | Base mainnet | 0xCb47A3C3...b2B69 | — |
421614 | Arbitrum Sepolia | 0xd0074949...F0FDE2 | 0x61fddf7c...59f1d1 |
42161 | Arbitrum One | 0xCb47A3C3...b2B69 | 0x49e772bd...2850f |
All chains share vkHash = 0xb3c5381523...ae38. PoseidonT3 library at 0x3333...3B93 on all chains.
11. Full Tech Stack
Layer | Technology |
Frontend | Next.js 15, React 19, TypeScript 5.8, Tailwind CSS 4, DaisyUI 5 |
State | Zustand 5 (persist middleware), TanStack React Query 5 |
Forms | React Hook Form 7 + Zod 3 |
Web3 | wagmi 2, viem 2, RainbowKit 2 |
Smart Account | @metamask/smart-accounts-kit (ERC-7572 Hybrid) |
Permissions | ERC-7715 Advanced Permissions, ERC-7710 Delegations |
Embedded Wallet | @web3auth/modal v11 (Google, Apple, Email) |
AI | Venice AI via OpenAI-compatible API (zai-org-glm-5-1 model) |
Gasless | x402 + venice-x402-client (EIP-3009 TransferWithAuthorization) |
ZK | Noir circuits, UltraHonk proofs, zkVerify on-chain aggregation |
Backend | NestJS 11, TypeScript 5.7, Prisma 7, PostgreSQL |
Contracts | Solidity (Horizen/Base), Arbitrum Stylus in Rust/WASM |
Real-time | Socket.io WebSocket notifications |
12. Project Structure
Package / Path | Description |
packages/nextjs/ | Frontend — Next.js 15 App Router |
packages/nextjs/app/api/venice/chat/ | Venice AI server-side API route |
packages/nextjs/app/dashboard/ai-assistant/ | AI Assistant full-page dashboard |
packages/nextjs/hooks/app/useSmartAccount | Smart Account lifecycle hook |
packages/nextjs/hooks/app/useAdvancedPermissions | ERC-7715 permissions hook |
packages/nextjs/hooks/app/useVeniceAI | Venice AI assistant hooks |
packages/nextjs/hooks/app/useWeb3AuthLogin | Web3Auth social login hook |
packages/nextjs/hooks/api/useX402Deposit | Gasless USDC deposit hook |
packages/nextjs/services/web3/smartAccount.ts | Smart Account creation service |
packages/nextjs/services/web3/permissions.ts | ERC-7715 helpers |
packages/nextjs/services/web3/web3auth.tsx | Web3Auth provider setup |
packages/backend/ | NestJS 11 backend — Auth, Tx Engine, ZK Verify |
packages/shared/ | @polypay/shared — DTOs, types, EIP-3009 utilities |
packages/hardhat/contracts/MetaMultiSigWallet.sol | Core ZK multisig wallet contract |
packages/hardhat/contracts/MetaMultiSigWalletStylusFactory.sol | Arbitrum Stylus proxy factory |
usdc-deposit-agent/ | x402 gasless deposit facilitator agent |
docker/ | Docker Compose — PostgreSQL setup |
13. Quick Start
13.1 Prerequisites
Node.js >= 20.18.3
Yarn v3.2.3 or higher
Docker & Docker Compose (for PostgreSQL)
13.2 Environment Variables
Variable | Required | Description |
NEXT_PUBLIC_WEB3AUTH_CLIENT_ID | Yes | Web3Auth project client ID (from developer.metamask.io) |
VENICE_API_KEY | Yes | Venice AI API key (from venice.ai) |
NEXT_PUBLIC_API_URL | No | Backend URL (default: localhost:4000) |
NEXT_PUBLIC_NETWORK | No | testnet (default) or mainnet |
NEXT_PUBLIC_FEATURE_X402_DEPOSIT | No | Set to true to enable x402 gasless deposits |
NEXT_PUBLIC_ALCHEMY_API_KEY | No | Alchemy API key (has default) |
NEXT_PUBLIC_WALLET_CONNECT_PROJECT_ID | No | WalletConnect project ID (has default) |
13.3 Run Commands
Command | Description |
yarn install | Install all dependencies across packages |
yarn workspace @polypay/shared build | Build shared utilities package (required first) |
yarn workspace @polypay/frontend dev | Start frontend dev server on port 3000 |
yarn workspace @polypay/backend start:dev | Start NestJS backend on port 4000 |
cd docker && docker compose up -d postgres | Start PostgreSQL database |
yarn build | Build all packages for production |
yarn test | Run Hardhat contract tests |
yarn lint | ESLint check across frontend and contracts |
yarn next:check-types | TypeScript type check (frontend) |
14. Hackathon Track Alignment
Primary Track: Best x402 + ERC-7710
PolyAgent demonstrates the most complete integration of x402 + ERC-7710 in a real production use case — payroll for DAOs and global teams:
Zero ETH required for any deposit at any point
One-time ERC-7715 permission grant permanently replaces repeated transaction signing
Caveat-enforced spending limits (max amount, token, period) protect user funds
Smart Account delegation routes authorization through ERC-7710 scopes with caveat enforcers
The Smart Account + x402 synergy is the most novel UX unlocked by ERC-7715: a facilitator deposits on your behalf with zero interaction after the first grant
Overlap Track: Best Venice AI
PolyAgent is the first AI-integrated privacy-preserving multisig platform:
Real-time transaction analysis — paste any payload and get plain-language risk assessment
Contextual ZK explainer — guides users through proof generation and identity hiding
Smart Account upgrade assistant — walks users through ERC-7715 permission grants step by step
Gas optimization advice across Horizen, Base, and Arbitrum
Server-side API architecture — Venice AI key is never exposed to the browser
PolyAgent — MIT License — Built for MetaMask Smart Accounts Kit × 1Shot API Hackathon
ハッカソンの進行状況
Progress During Hackathon
During the MetaMask Smart Accounts Kit × 1Shot API Hackathon, we successfully designed and developed PolyAgent, a privacy-preserving payroll and treasury management platform that combines Zero-Knowledge cryptography, MetaMask Smart Accounts, ERC-7715 Advanced Permissions, Venice AI, Web3Auth Embedded Wallets, and x402 gasless payment infrastructure.
Phase 1: Research & Architecture Design
Identified key challenges in existing blockchain payroll systems, including public signer visibility, treasury transparency, gas fee friction, and poor onboarding experiences.
Designed a privacy-first architecture leveraging Zero-Knowledge proofs to hide signer identities while maintaining verifiable approvals.
Planned a multi-layer architecture integrating Smart Accounts, AI assistance, embedded wallets, and delegated permissions.
Phase 2: Smart Contract Development
Developed the MetaMultiSigWallet smart contract for privacy-preserving treasury management.
Integrated Noir-based Zero-Knowledge proof verification using zkVerify aggregation.
Implemented signer management, threshold approvals, batch transfers, and secure treasury execution mechanisms.
Deployed contracts across Horizen, Base, and Arbitrum environments.
Phase 3: MetaMask Smart Account Integration
Integrated MetaMask Smart Accounts Kit to upgrade traditional EOAs into programmable Smart Accounts.
Built the Smart Account upgrade workflow and user onboarding experience.
Enabled account abstraction capabilities including delegated execution and advanced permission management.
Implemented Hybrid Smart Account architecture for seamless compatibility with existing wallets.
Phase 4: ERC-7715 Advanced Permissions
Implemented ERC-7715 permission request and management flows.
Developed permission templates for periodic token spending, treasury execution, and delegated payment operations.
Added support for secure session-based execution with configurable limits and caveats.
Enabled one-time approval workflows that eliminate repetitive transaction signing.
Phase 5: Web3Auth Embedded Wallet Integration
Integrated Web3Auth Embedded Wallets for simplified onboarding.
Added support for Google, Apple, and Email authentication methods.
Connected embedded wallets with the existing wagmi and Smart Account infrastructure.
Eliminated the need for seed phrase management for new users.
Phase 6: Venice AI Assistant Development
Integrated Venice AI through an OpenAI-compatible API architecture.
Built an intelligent assistant capable of transaction analysis, platform guidance, Smart Account support, and privacy education.
Developed a dedicated AI dashboard and chat interface.
Added contextual assistance for treasury and payroll management workflows.
Phase 7: x402 Gasless Payment Infrastructure
Implemented x402 protocol support for gasless USDC deposits.
Integrated EIP-3009 TransferWithAuthorization workflows.
Combined Smart Account permissions with delegated payment execution.
Enabled users to interact with treasury operations without requiring ETH for gas fees.
Phase 8: Frontend & User Experience
Developed a modern dashboard using Next.js, React, TypeScript, and Tailwind CSS.
Built treasury management, account creation, AI assistant, and permission management interfaces.
Added real-time feedback and transaction monitoring capabilities.
Created a streamlined user experience suitable for both Web3-native and non-crypto-native users.
Final Outcome
By the end of the hackathon, we successfully delivered a functional prototype demonstrating:
Privacy-preserving multisignature treasury management.
MetaMask Smart Account integration.
ERC-7715 Advanced Permission workflows.
Web3Auth Embedded Wallet onboarding.
Venice AI-powered treasury assistant.
Gasless USDC deposits through x402.
Multi-chain deployment support across Base, Horizen, and Arbitrum.
PolyAgent demonstrates how privacy, account abstraction, artificial intelligence, and user-friendly onboarding can be combined into a single enterprise-ready platform for modern Web3 payroll and treasury operations.
資金調達の状況
na