Silent intent

Inspiration

The idea started from a simple question: what happens when AI agents start spending company money?

Most people think the privacy issue is just the transaction itself. But the bigger leak is intent. If a vendor can see or infer a company’s budget, urgency, requirements, or deal-breakers, they can tailor their offer accordingly. They can price close to the buyer’s limit, over-emphasize the exact things the buyer wants, or hide risky terms in proposal language.

That felt like a real problem for agentic commerce. Agents will buy APIs, data, software, compute, and services. But companies still need control over what those agents are allowed to spend money on.

SilentIntent is our attempt to solve that problem with privacy as the default. The company’s policy stays hidden, the vendor offer gets reduced into structured facts, and the public only sees whether the spend was authorized.

What it does

SilentIntent is a confidential spend authorization console for AI agents.

In our demo, a company AI agent starts with a mock $10,000 USDC treasury and needs to buy dental lead data. The company has a hidden procurement policy with rules like a maximum budget, required freshness verification, required category, and a forbidden rule against campaign metadata reuse.

There are two vendors.

BrightReach Data looks like the better offer at first. It costs $1,900, has high volume, and claims freshness verification. But its proposal includes a buried clause saying campaign metadata may be used for partner enrichment and audience modeling. The AI extraction layer catches that risk, and the authorization proof rejects the spend. The treasury stays at $10,000.

CleanList Pro costs more at $2,250, but its terms are cleaner. It keeps customer datasets siloed and does not reuse campaign outputs across clients. That offer passes, so the spend is authorized, and the mock treasury debits $2,250, leaving $7,750 USDC.

The public verifier only sees the result, price band, deal ID, policy ID, treasury action, and commitments. It does not see the exact policy, exact budget, full vendor terms, raw witness values, or AI reasoning.

How we built it

We built SilentIntent as a full-stack demo with a Next.js and TypeScript frontend, a deterministic mock proof layer, cached AI extraction outputs, and a Midnight-oriented circuit specification.

The frontend is designed like a treasury proof console. It shows the agent treasury, hidden policy commitment, vendor cards, AI extraction layer, proof checks, and public verifier.

The proof model checks whether the structured offer facts satisfy the hidden procurement policy:

the offer price is within the hidden max budget
the category matches the required category
the freshness credential is present
forbidden reuse terms are absent
only the authorization result and commitments are disclosed

We also added a witness adapter to map extracted vendor facts into bounded proof-style inputs, plus a circuit specification that shows how the same logic would map into a Compact-style Midnight proof.

How we used Midnight

SilentIntent is built around Midnight’s core privacy model: private witnesses, commitments, proof constraints, and selective disclosure.

The private data is the company’s procurement policy, and the vendor offers facts. The public output is only the spend authorization result, price band, deal ID, policy ID, treasury action, and commitments.

For this hackathon version, our sandbox uses a deterministic mock proof model and a circuit specification. We are not claiming a fully deployed Midnight contract unless it is separately wired and tested. The goal of the demo is to show the product flow and the proof boundary clearly: private policy in, public authorization out.

How we used AI

AI is used to turn messy vendor proposals into structured facts.

Vendor proposals are not clean JSON. They contain pricing, delivery promises, credentials, and legal language. The AI extraction layer pulls out the fields the proof needs, such as price, category, credentials, and forbidden terms.

We are being careful about the boundary here. The proof does not prove that the AI understood the proposal perfectly. It proves constraints over the structured facts that were committed. In a production version, vendors would submit signed structured offer artifacts, and AI would assist with extraction instead of being the final source of truth.

Challenges we faced

The hardest part was keeping the project small enough to actually work.

This idea could easily turn into a marketplace, payment platform, vendor compliance tool, or full procurement engine. We cut all of that. The hackathon version focuses on one clean flow: hidden policy, two vendor offers, one rejected spend, one authorized spend, and a public verifier.

Another challenge was being honest about what the proof does and does not prove. It is easy to make vague claims about AI and zero-knowledge. We wanted the project to be more precise: AI extracts, the proof verifies, and the public only gets selected outputs.

The last challenge was making the DeFi framing visible. SilentIntent is not just an AI proposal reviewer. The important object is the agent treasury. The proof is what determines whether the agent is allowed to spend from that treasury.

What we learned

We learned that privacy in agentic commerce is not only about hiding balances or transaction history. It is also about hiding intent.

A company’s budget, urgency, vendor preferences, and deal-breakers are all valuable information. If those leak, vendors can optimize against the buyer.

We also learned that AI and ZK work best when their jobs are separated. AI is useful for extracting structure from messy text. ZK is useful for proving constraints over private structured data. SilentIntent combines those two pieces without pretending they do the same job.

What's next

The next version of SilentIntent would add:

a real Compact contract wired into the Midnight proof flow
vendor-signed structured offer artifacts
real payment rail integration
nonce tracking to prevent replayed authorizations
multi-vendor procurement
richer policy language
multi-agent treasury controls
audit exports for companies using AI agents

The long-term version is a policy-gated treasury layer for AI agents. Agents will spend money, but companies need proof that the spending followed policy without exposing the policy itself.

Built With

ai
circuit
compact
css
framer
github
midnight
motion
next.js
node.js
phosphor
react
tailwind
typescript

Submitted to

Midnight Hackathon

Created by

I worked on the UI using TypeScript

martin lam
Private user
vishnumahesha Mahesha
Shreyas Rao
A software engineer student at University of Toronto cursious about technolgy and always absorbing knowledge.
Alim Dhanani

Updates

vishnumahesha Mahesha started this project — May 17, 2026 10:56 AM EDT

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.