Risk01 / 03
Your limits are public
Plaintext spending caps and allowlists on-chain are observable, front-runnable, and exploitable. The agent's competitor sees exactly where it stops.
Learn moreConfidential wallet layer for AI agents
Give your agent a budget.Keep full control.
Set a private spending limit on a Solana smart-wallet PDA. Jupiter DCA and Ika dWallet signings all pass the same on-chain policy gate, nothing leaks, nothing bypasses.
Solana DevnetαPre-AlphaProgram
F7Xd…rS99p49+ tests passingJupiter + Ika devnet verifiedBuilt on · Integrated with
By the numbers
0+
Tests passing
Frontend TS suite
0
Contract instructions
Single program ID
0
Execution rails
Jupiter + Ika
0
Policy gate
Confidential, on-chain
The delegation problem
You built an AI agent that works.Now it needs signing power.
Giving your agent a wallet means giving up everything, spending, allowlists, cross-chain signing, all under one key. Three structural problems every team rebuilds from scratch:
Risk02 / 03
Off-chain rules are bypass-able
A trusted proxy that enforces your policy is a single compromise away from losing it. One leaked server key and the guardrail is gone.
Learn moreRisk03 / 03
Cross-chain signing has no gate
A dWallet that approves any message means a compromised agent can drain bridgeless assets through rails your policy never saw.
Learn moreThree rails. One gate.
One policy gate.Three execution surfaces.
Encrypt keeps the limits private. Ika carries the signing across chains. Jupiter routes the trade. All three pass through the same on-chain gate before a single lamport moves.
Encrypt
Confidential numeric policy
Max-per-run and daily-cap stay encrypted on-chain. The contract enforces the guardrail before any spend without ever revealing your private thresholds, built against Encrypt pre-alpha.
Encrypt reference
Ika
Bridgeless cross-chain signing
After Polet policy approves, the contract CPI-calls Ika `approve_message` so a dWallet can sign multi-chain intents. No bridge, no asset wrapping, pure cryptographic signing.
Ika dWallet reference
Jupiter
Solana DCA strategy rail
Tokens v2, Price v3, and Swap v2 build composed into a route preview. The smart wallet PDA executes the approved instruction with raw control, no off-chain signing trust.
Jupiter reference
Try it · no wallet needed
See the policy gate in 30 seconds.
Run the three demo outcomes against a mock API. The block scenario shows how Polet rejects an over-limit agent action without revealing your private threshold.
policy gate / 01devnet · live
Pick a scenario to begin
Watch the policy gate evaluate confidential numbers, the agent’s amounts and routes glitch into ciphertext, the gate evaluates blind, and only you can decrypt.
pick a scenario
Simulation · 0ms latencyRun this live on /app →
Security model
Layered defenses, no unilateral authority.
Polet's smart wallet PDA, session-key model, anti-replay, and multisig-lite quorum compose into one defensive system that no single party can override.
threat model
Assume the agent is compromised. Assume the proxy is compromised. Assume a session key leaks. Polet's smart-wallet PDA still owns the funds, the confidential policy still blocks over-limit spends, and policy_seq still rejects replayed attestations.
01 / PDA
Smart wallet PDA
Funds custody under a program-derived address. The contract, not the agent, controls execution.
02 / SESSION
Session keys
Temporary signing authority with expires_at and granted_slot. Revoke single keys or all sessions in one tx.
03 / REPLAY
Anti-replay
policy_seq increments on every change. Stale attestations are rejected before any spend.
04 / QUORUM
Multisig & recovery
Optional M-of-N quorum for Ika approvals. Recovery authority rotates compromised sessions and dWallet controllers.
Next steps
Try the policy gate on devnet.
Connect a devnet wallet, set a confidential policy, grant an agent session key, and run the three demo outcomes.