Things I've designed and built — across agentic wallets, cross-chain intents, privacy, and account abstraction.
Agentic Wallets & Security
mallow
An agent-native wallet where a Guardian agent reviews every transaction and signature before anything is signed. Third-party agents are installed, validated, and managed like apps — never trusted by default.
- Guardian pipeline (planner → analyzer → summarizer) returns a plain-language verdict with a risk level before signing.
- Analyzer decodes calldata, checks contract verification, and simulates against an anvil fork of live state.
- High/critical verdicts require typed confirmation; the wallet signs bytes verbatim but never interprets them.
Cross-Chain Intents
Graviton
A cross-chain intent system that turns user goals into routed execution across chains — handling routing, execution, relaying, and settlement. Includes protocol contracts, backend services, an SDK, and a frontend app.
- Orchestration server, relayer worker, and quote aggregator built with TypeScript, Fastify, RabbitMQ, and PostgreSQL.
- Quote aggregation across Uniswap swaps and Circle CCTP bridges.
- Shipped as a full product: protocol, backend, SDK, app, and integration tooling.
Privacy & Zero Knowledge
Typhoon
A privacy-preserving protocol for compliant transactions. It uses zero-knowledge proofs (zkSNARK) to protect user privacy while suspending transactions from flagged addresses.
- Trustless, zkSNARK-based design that keeps privacy without compromising compliance.
- Circuits, contracts, and a full test suite.
Account Abstraction
Stealth Address AA Plugin
A smart-account plugin that brings stealth (private receiving) addresses into account abstraction flows. Built on modular smart account providers including ZeroDev Kernel and Biconomy.
- Private receiving addresses for modular smart wallets.
- Built with Foundry and Hardhat across ZeroDev Kernel and Biconomy.
Privacy & Zero Knowledge
ZK-Agent
A trustless, privacy-preserving GitHub bounty protocol built on ZK-Email. Maintainers fund bounties on issues with ERC-20 tokens, and contributors claim rewards by proving in zero knowledge — from DKIM-signed GitHub notification emails — that their PR was merged and the issue closed, with no oracle or trusted third party.
- Circom circuits verify DKIM-signed GitHub emails and reveal only the repo, issue, and PR numbers — the rest of the email stays private.
- On-chain escrow handles create → assign → solve → cancel/report, with protocol fees and time-based penalties for dishonest issuers.
- Groth16 proofs bound to the claimer address to prevent front-running; built with snarkjs, @zk-email, Solidity, and Hardhat.