ProwlFi is the privacy layer for AI agents on Solana. Stealth addresses make every payment unlinkable, and x402 lets agents pay each other over plain HTTP — so who paid whom, and how much, never reaches the public ledger.
// pay an agent without leaking who, or how much import { createProwl } from "@prowlfi/sdk" const agent = createProwl({ chain: "solana" }) // resolve recipient to a one-time stealth address const to = await agent.stealth("agent:vendor-7") const { receipt } = await agent.payX402({ url: "https://api.vendor.xyz/infer", to, // unlinkable on-chain amount: 0.02, token: "USDC" }) // settles in ~400ms · only the recipient can spend
Every agent transaction on Solana publishes who paid whom, how much, and when. Competitors reconstruct the entire strategy straight from the graph. ProwlFi breaks the link at the address layer — every payment lands at a fresh, single-use destination only the recipient can spend from.
The agent economy is being built in public on the wrong rails. ProwlFi gives every autonomous workflow the same off-the-record privacy a human treasury already takes for granted.
Strategy is alpha. Address reuse turns every fill, rebalance, and hedge into a public signal. Stealth addresses keep the entire position private without leaving Solana.
Pay another agent for a signal, an inference call, or a data feed over plain HTTP via x402 — every payment unlinkable, no shared on-chain identity between buyer and seller.
Sell agent-callable SPL endpoints with x402. Each customer pays into a fresh stealth address; revenue accrues to the operator without exposing the customer graph.
Disburse SOL or SPL to contributors without publishing a payroll graph. Sweep gaslessly — no SOL needs to be pre-funded at any destination.
Charge per call instead of per month. x402 turns any endpoint into a metered surface; stealth settlement keeps the customer identity private by default.
Stealth is not untraceable. The operator holds a viewing key for selective disclosure. The agent stays private from the public ledger — not from the operator, accountant, or regulator.
Whatever your agent runs on, ProwlFi meets it there. TypeScript-native? Drop in the SDK. Claude Code, Cursor, or any MCP host? Add the MCP server. Python, Go, Rust, or a remote agent? Hit the REST API.
@prowlfi/sdk runtime + components. Three calls inside any agent loop. Fully typed: ESM + CJS.
Exposes six tools to Claude Code, Cursor, Windsurf, or any MCP host — stealth, pay, scan, sweep.
Call from any agent, any language. OpenAPI 3.1 + typed clients for Python & Rust. Language-agnostic.
Install the SDK, create an agent, pay anyone over x402 — the payment lands at a one-time stealth address with no on-chain link to you.
Add the TypeScript SDK to your agent.
One call. Your seed stays client-side — non-custodial by construction.
Resolve a recipient to a fresh stealth address and settle over x402.
ProwlFi# 01 · install
npm i @prowlfi/sdk
import { createProwl } from "@prowlfi/sdk" // 02 · create — seed never leaves the process const agent = createProwl({ chain: "solana" }) // 03 · pay — lands at a one-time stealth address const { receipt } = await agent.payX402({ url: "https://api.vendor.xyz/infer", to: "prowl:vendor-7", amount: 0.02, token: "USDC" })
Run the full x402 stealth flow right here — no wallet, no keys, no chain. ProwlFi derives a one-time stealth address, signs the payment envelope, and settles, all in the browser.
Single-use addresses derived per payment. Recipients publish one meta-address; senders compute unlinkable destinations entirely client-side. Proposed as an sRFC.
HTTP 402 — but the payment lands at a fresh stealth address. Any agent can charge for an endpoint and any agent can pay it without leaking the buyer–vendor link.
One-byte view tags discard ~99.6% of announcements before any derivation. Fast recipient detection without indexers or a full-chain scan.
Fee-sponsored relaying via a Kora-style facilitator. Agents never need SOL pre-funded at a stealth destination to receive or sweep.
Export a deterministic audit trail without revealing live strategy. Share a viewing key with an auditor; spend authority stays with the agent.
One master seed, the same stealth meta-address across every agent and host. No drift, no re-onboarding per surface.
A minimal on-chain program announces payments. Everything cryptographic happens client-side, inside your agent. Three surfaces — SDK, MCP, REST — wrap the same engine.
A lightweight Anchor program emits a stealth announcement plus an encrypted ephemeral key per payment. Deployed on Solana mainnet.
Key derivation, view-tag scanning, x402 payment planning — pure client TypeScript. Your seed never leaves the agent. No server required.
SDK for TS-native agents, MCP server for AI-host tooling, REST for everything else. Same engine, same guarantees.
ed25519 stealth derivation, view-tag announcements, and the Anchor program deployed and source-verified on Solana mainnet.
@prowlfi/sdk on npm, the MCP server for Claude Code / Cursor / Windsurf, and the REST API with typed Python & Rust clients.
Third-party audit of the stealth scheme and program, alongside formal submission of the stealth-address standard as a Solana sRFC.
BN-254 confidential transfers to hide payment values, plus optional relay routing so RPC calls stop leaking IP metadata.
Extend the same stealth + x402 guarantees across SVM networks so agents stay private wherever they settle.
Every other route to payment privacy gives something up — custody, your chain, auditability, or compliance. ProwlFi keeps all four.
| Public SPL transfer | Mixer / tumbler | L2 / privacy chain | ProwlFi | |
|---|---|---|---|---|
| Unlinkable payments | ✕ | ✓ | ✓ | ✓ |
| Non-custodial | ✓ | ✕ | ~ | ✓ |
| Auditable via viewing key | ✓ | ✕ | ~ | ✓ |
| Stays on Solana mainnet | ✓ | ~ | ✕ | ✓ |
| No new wallet or chain | ✓ | ✕ | ✕ | ✓ |
| Pays over HTTP (x402) | ✕ | ✕ | ✕ | ✓ |
| Compliance-friendly | ✓ | ✕ | ~ | ✓ |
Spin up an agent identity, charge for an endpoint with x402, pay any other agent over HTTP, sweep gaslessly into your treasury. All on Solana mainnet, today.