Vote in the shadows. Execute in the light. Zero-knowledge DAO governance on Stellar / Soroban.
ShadowKit is privacy infrastructure for DAO voting on Stellar/Soroban. Members cast weighted votes with zero-knowledge proofs — who voted, how much weight they hold, and which way they voted all stay private — and the running tally is timelock-encrypted so it's cryptographically unknowable until the deadline, eliminating whale-watching and coercion. After close, the result is revealed and re-aggregated on-chain, and (as a bonus use-case) a policy-bounded AI agent can carry out the approved decision.
🔗 Live demo: https://shadowkit.nexvar.io — 🛰️ Network: Stellar testnet · Built for Build On Stellar — IBW 2026 · Track: Hack Privacy
DAOs leak. Whales watch the running tally and vote last; members self-censor when their choice is public. And "let an AI run the treasury" is terrifying when a hallucinating agent can move funds.
ShadowKit fixes both:
- Private, sealed voting. Members vote with a zero-knowledge proof (Groth16 over BLS12-381) that proves "I'm an eligible snapshot member and I haven't voted" while hiding who they are, how much weight they carry, and which way they voted. Each vote's weight + direction is timelock-encrypted (drand / tlock) so the tally stays sealed until voting closes — no whale manipulation, no bandwagon.
- Bounded autonomous execution. When the timelock opens and quorum passes, an LLM-bounded AI agent (Gemini) plans the approved action and executes it on-chain — but every move is gated by an on-chain policy (an OpenZeppelin smart-account policy reading the GovVault). A hallucinating agent cannot move funds outside the approved, capped action.
The result: members vote in the shadows; the agent executes in the light.
| Demo | Route | Showcases | What's live |
|---|---|---|---|
| ShadowFund | /demo/fund |
Hack Privacy — SCF-style community-fund voting | Connect a wallet → cast a real sealed ZK vote (snarkjs proof + tlock seal generated in your browser) → submitted on-chain. Tally stays blurred until Close & Reveal runs the real drand decrypt + close_and_reveal. |
| AgentBoard | /demo/agent |
AI-in-a-DAO use-case — bounded AI execution + x402 | A Cloudflare Worker reads the approved proposal → pays for market data over x402 → asks Gemini for a plan → policy-gates it → executes the swap on-chain, streaming every step live. |
📚 SDK docs: /docs
All deployed and verifiable on stellar.expert (testnet):
| Contract | Address |
|---|---|
| GovVault (sealed governance) | CDYNOYGSY3JKLKDC5OWUNVKB3W4YAB7DIKELI7GCSJBFE7TYH3WDWTX5 |
| Groth16 Verifier (BLS12-381) | CDOBZTBJQMJHY64NLVPX3DWHB5KDFEU7HKZL7RENZXSOGDZ4MT3EF35W |
| AgentPolicy (smart-account policy) | CCFU2WVP7CQPJB3KY7YFIFIJJN7FIB72DS6JZ37264VUSBREUGRHXVFV |
| FallbackAMM (swap venue) | CADBGUKOL66RVUZHAH5USFOVM5FKK6DU62AGK2JLW5RT72MJEZ5CS3OH |
| USDC (test SAC) | CDRNVEH5SUVZWJKGCHX4T4UE3QKAQAU6NQKCLG2ITZ4HJIFKKH4O4ITI |
| wXLM (test SAC) | CAB33I3VSYNY55DQCUEUTXOMEXLUOBJ727DQBPY322OA6MW5ZO3ME5TB |
| Treasury (executor / x402 payTo) | GCULI6E2MGYMEBDOPQRKNWXBKVCQH4GLEJDSLSG4SKDUEARMCVZTBKVJ |
| Admin / deployer (USDC issuer) | GDS7PPKEERWQVBOOLZHKGQRAVIBRVYJXXB4FBZ7WXCGXLW4XONPUNMQH |
Regenerated by
scripts/deploy-demo.sh→.env.demo.testnet; the site reads them fromweb/src/lib/contracts.json(scripts/gen-web-config.mjs). Snapshot Merkle root:5559d48b82e7d0c7c0999e70ea8c7233a1a2274909ca2b212554112088a6a5fb.
snapshot ─► member builds a SEALED vote in the browser
(Groth16 proof hides identity+weight+direction; tlock encrypts to a future drand round)
─► cast_vote on-chain (verifier checks the proof; only an opaque ciphertext + nullifier land)
─► … tally is SEALED — weighted_yes/no read back as null …
─► deadline + drand round releases ─► tlock DECRYPT ─► close_and_reveal (yes=350 no=300) ─► Approved
─► AI agent: x402-pay market data ─► Gemini plan ─► POLICY GATE ─► on-chain swap ─► Executed
(treasury USDC ↓, wXLM ↑ — real balance movement)
Run it end-to-end on testnet against the live contracts (no redeploy):
SKIP_DEPLOY=1 bash scripts/demo.sh --network testnet- Contracts (Rust / Soroban):
groth16-verifier(BLS12-381 pairing check, CAP-0059),gov-vault(sealedcast_vote/close_and_reveal, quorum, executor gate),agent-policy(OZ smart-accountPolicy+ hand-rolled__check_authfallback),fallback-amm(constant-product) +swap-venue(Soroswap adapter). - Circuits (Circom + snarkjs):
circuits/vote— membership in a Poseidon Merkle snapshot + nullifier + sealed-commitment binding. Public signals[merkleRoot, nullifier, proposalId, sealedCommitmentHash]. - SDK (TypeScript):
@shadowkit/zk-prover(proofs + tlock seal),@shadowkit/tally-reveal(drand decrypt + weighted re-aggregation),@shadowkit/snapshot-tool,@shadowkit/shared(bindings + types). - Agent:
agent/—GeminiPlanner(modelgemini-3.1-flash-lite, structured output) +DeterministicPlannerfallback, cap-guard, executor, x402 data client. - x402: paid market-data API (both directions) over the OpenZeppelin Channels facilitator.
- Web: Astro + React, deployed to Cloudflare Pages; the live agent runs in Pages Functions (
web/functions/).
npm install # workspaces
npm run build # typecheck every TS package (tsc --noEmit) — green
npm test # vitest — 123+ tests, REAL crypto (proofs / tlock / sigs), no skips on the default path
cd web && npm run build # astro build → dist/ (then: npx vitest run + npx vitest run --config functions/vitest.config.ts)
just test # umbrella: cargo (contracts) + circuit + TS + x402 + soroswapjust deploy-testnet # deploy contracts to testnet → .env.demo.testnet
node scripts/gen-web-config.mjs # → web/src/lib/contracts.json (public ids only)
cd web && npm run build
npx wrangler pages deploy dist --project-name shadowkit --branch main
# worker secrets (agent demo): GEMINI_API_KEY, EXECUTOR_SECRET, ADMIN_SECRET, CLIENT_SECRET,
# RESOURCE_SERVER_ADDRESS, X402_FACILITATOR_URL, OZ_API_KEY (wrangler pages secret put …)contracts/ Soroban contracts · circuits/ Circom · packages/ TS SDK · agent/ AI agent middleware · x402-services/ paid APIs + facilitator client · web/ Astro site + Pages Functions · scripts/ deploy + demo orchestration · docs/ specs, plans, design, marketing.
Main (a genuinely novel governance primitive), Hack Privacy (on-chain ZK + timelocked sealed tally), Hack Agentic (LLM-bounded, policy-gated autonomous execution + x402 machine payments).