Kaelix

Inspiration

AI agents are starting to move real capital in DeFi, and the industry is sleepwalking into a trust crisis. Today, the only way for an autonomous agent to prove it followed a user's risk rules is to either (a) publish the rules and the wallet state, which leaks the entire strategy, or (b) ask everyone to trust an opaque LLM. Neither is acceptable for a DAO treasury, a quant fund, or a copy-trading platform.

We kept coming back to the same question: can an AI agent prove it obeyed hidden rules without revealing the rules, the balances, or the reasoning? Midnight's selective-disclosure model is the cleanest answer we've seen. So we built Kaelix to make that proof concrete, demoable, and verifiable in two minutes.

What it does

Kaelix is a private AI firewall for DeFi agents on Midnight.

1. The user defines a private risk policy (max high-risk exposure, max leverage, min stablecoin reserve, max single-trade size, max drawdown). These limits never leave their device.
2. An AI agent proposes a trade with a rationale.
3. The private guard evaluates the proposal against the policy entirely off-chain. If it violates a rule, the action is blocked privately and nothing is published.
4. If it passes, Kaelix generates a SHA-256 commitment over (policyId, proposalId, normalized action, decision, salt) and submits a public attestation to a Compact contract on Midnight Preprod.
5. A third party (DAO, lender, copy-trader, auditor) opens the verifier page, pastes the commitment, and confirms the agent followed a valid policy — without ever seeing the wallet balance, the thresholds, the strategy logic, or the AI's reasoning.

The promise printed on the verifier is intentionally narrow and honest: "AI action followed the user's private risk policy. Private fields revealed: 0."

How we built it

Frontend. Next.js 16 (App Router) + React 19 + TypeScript + Tailwind v4 + shadcn/ui. Strict monochrome theme — no neon, no gradients. Routes: /, /simulate, /policy, /guard, /attestation, /verify, /docs. Framer Motion only for subtle load transitions. Designed to read like Linear and Stripe, not like a crypto demo.

Smart contract. contracts/KaelixGuard.compact written in Compact language_version 0.23.0, compiled with the official compact toolchain (compactc 0.31.0). Public ledger stores only commitments, policy IDs, decisions, attester addresses, and revocation status. Three circuits: submitAttestation, verifyAttestation, revokeAttestation. Explicit confidentiality disclosures on circuit parameters used as public map keys (the compiler caught this and forced us to be explicit, which is a feature, not a bug).

Midnight integration. Real packages, not stubs:

• @midnight-ntwrk/midnight-js-contracts for deployContract
• @midnight-ntwrk/midnight-js-indexer-public-data-provider
• @midnight-ntwrk/midnight-js-http-client-proof-provider
• @midnight-ntwrk/midnight-js-level-private-state-provider
• @midnight-ntwrk/midnight-js-node-zk-config-provider
• @midnight-ntwrk/dapp-connector-api v4.0.1 for browser wallet connection
• @midnight-ntwrk/wallet-sdk-facade + wallet-sdk-hd + wallet-sdk-unshielded-wallet for the deploy CLI
• Self-hosted proof server via midnightntwrk/proof-server:8.0.3 on localhost:6300

Privacy model. All sensitive data — balances, thresholds, AI reasoning, raw proposal details, commitment salt — lives in memory only. Only the commitment hash, policy ID, decision enum, and attester address ever touch public state.

AI logic. Deterministic rule-based agent that proposes, gets blocked, learns the failing constraint, and revises. The demo never fails because the LLM never has to fire; an optional API-key path can swap in natural-language rationales, but the policy verdict is always computed deterministically.

Testing. Vitest. Ten tests covering policy pass/fail, blocked-then-approved flow, commitment determinism, duplicate-attestation rejection, revoke authorization, verifier status, and UI rendering. Full pipeline: compile:midnight → typecheck → lint → test → build all green.

Challenges we ran into

This was a hackathon of real infrastructure friction, not made-up problems.

1. Compact compiler upgrade mid-build. Midnight docs in many places still reference pragma language_version 0.16, but the current compiler is 0.31.0 and demands 0.23.0. We had to rewrite both contract copies.
2. Confidentiality disclosure errors. The Compact compiler correctly refused to let exported circuit parameters be used as public map keys without explicit disclosure. Fixing this taught us more about Midnight's privacy model than any doc page did.
3. Node 24 vs 22. The Midnight SDK currently rejects Node 24. We had to route the deploy CLI through npx -p node@22 -p tsx to even reach wallet creation.
4. ESM/CJS dual-package hazard. The Midnight SDK ships ESM-only entrypoints; the CJS export points to a missing file. We flipped the whole app to "type": "module" and gated native LevelDB imports behind dynamic await import() so static Next.js route collection wouldn't crash.
5. Wallet sync timeouts on Preprod. First deploy attempts exited cleanly with code 0 but never wrote deployment.local.json. The wallet was waiting on a sync that never settled. We added explicit progress logs, a setInterval keepalive, and a hard 120s timeout that surfaces the real blocker instead of hanging silently.
6. The faucet is human-only. Midnight's Preprod faucet is gated by Cloudflare Turnstile (X-Captcha-Token required), so there is no programmatic funding path. Worse, when we did solve the CAPTCHA, the faucet's backend itself returned Transaction submission error — likely a dry faucet wallet or per-address rate-limit. We documented this honestly rather than fake a tx hash.
7. DUST generation is a Cardano-mapping flow. This was the biggest surprise. DUST isn't dispensed; it's generated by staking tNIGHT against a Cardano reward address, which requires a Cardano testnet wallet extension (Lace), a mapping transaction, and an epoch boundary wait. The indexer schema (dustGenerationStatus(cardanoRewardAddresses)) confirms this is structural.
8. Discipline against fake demos. The biggest temptation in a hackathon is to mock the chain layer and call it a day. We refused. Kaelix has a clearly labeled local-fallback mode for offline demos and a separate real-Preprod code path, and the README documents exactly which prerequisites unlock the latter.

Accomplishments that we're proud of

• A fully working end-to-end demo with a real policy engine, real SHA-256 commitments, persistent attestation store, and a verifier flow — no Lorem Ipsum, no fake "connected" badges, no broken buttons.
• A real Compact contract compiling cleanly under the current toolchain, with circuits we actually wrote rather than copy-pasted from a counter example.
• Production-grade Midnight integration code sitting one funded wallet away from a live Preprod tx. The integration is real; the blocker is third-party human gating.
• A monochrome UI that looks like institutional fintech, not a hackathon dashboard. Sharp hierarchy, wide spacing, lockicons where they belong, nothing where they don't.
• Honest privacy framing. We never say "zero-knowledge proof" where we mean "commitment-based attestation." Trust comes from precision, not hand-waving.
• 10/10 tests green, lint clean, typecheck clean, production build clean.
• A demo script that runs in under 2 minutes and lands the core idea: AI agents can prove they followed the rules without leaking alpha.

What we learned

• Midnight's privacy model isn't just ZK; it's selective disclosure with a compiler that enforces it. Once we accepted the compiler's confidentiality errors as teaching tools instead of obstacles, the contract design got dramatically cleaner.
• The hardest part of building on a new chain is the surrounding infrastructure, not the protocol itself. Compact was pleasant. The proof server, the Cardano-mapped DUST flow, the SDK's Node-version constraints, and the human-only faucet were where the hours went.
• Honest fallback beats fake success. A clearly labeled local mode that always works is worth more in a demo than a "live" deployment that flakes on stage.
• Privacy products live or die by their UI. If the verifier doesn't make it instantly obvious what is hidden, the user doesn't believe the math. We spent more time on the verifier's "Hidden data" panel than on any other component.
• Compact's enforced disclosure on map keys is genuinely useful. It made us decide, at design time, which lookups have to be public — which is a question most ZK frameworks let you avoid until it's too late.

What's next for Kaelix

• Land the Preprod deployment as soon as the public faucet refills and we have time to run the Cardano-mapped DUST flow end-to-end. The code path is ready; only the funded wallet is missing.
• Real ZK proofs. Today Kaelix attests "the agent ran a policy check and got this decision." Next is attesting "a circuit verified the proposal against the policy without revealing either" using Midnight's full proving stack. The contract surface is designed to accept proof blobs without a breaking change.
• Live LLM-driven agent. Optional Claude/OpenAI integration where the AI explains its rationale and revises its trade under guard feedback, with deterministic fallback preserved.
• Policy marketplace. Named policy templates (Conservative Treasury, Yield Aggressive, Stablecoin-Only) that DAOs can adopt and that verifiers can recognize by policy ID without seeing the underlying numbers.
• Lace DApp Connector deeper integration. End-to-end browser flow: connect wallet, sign attestation tx, watch confirmation in real time.
• Auditor mode. Bulk verification: paste a set of commitments, get a compliance report covering all attestations against a known policy ID, all without exposing any private data.
• SDK. A drop-in TypeScript library that any AI agent framework (LangChain, ElizaOS, custom in-house) can import to wrap proposed actions in a Kaelix-attested envelope.

The hero idea stays the same: AI agents can control capital, but users need private guardrails. Kaelix proves the agent followed hidden risk rules without leaking the user's strategy, balances, or alpha.

Built With

• bech32m
• compact
• docker
• javascript
• next.js
• react
• sha-256
• typescript