Private payout operations for Solana teams

Agent-assisted payouts with human signing authority.

ShadeOps turns a payout request into an operator-ready draft: recipient resolved, treasury checked, policy explained, route recommended, and proof recorded only after admin approval.

Open workspace dashboard Review payout console

Agent: Draft
Authority: Policy
Signer: Admin

ShadeOps payout review console showing intent, recipient resolution, policy status, route recommendation, signing step, and proof receipt.

Built for teams that pay real contributors while keeping operational relationships private and reviewable.

Bounty roundsVendor opsDAO grantsContributor payroll

Why it exists

Public payouts expose the operating graph.

Transparent transfers can reveal who works with the team, how often they are paid, which vendors matter, and when treasury cadence changes. ShadeOps keeps payout preparation inspectable without broadcasting every relationship.

Visible relationships

7 links

Private proof state

recorded

Treasury graph showing public payout relationships to contributors, vendors, and grantees.

Controlled agentic workflow

A payout pipeline with checkpoints.

The agent can parse and explain. Deterministic code resolves data, checks policy, prepares execution, and blocks unsafe plans before signing.

ShadeOps payout workflow from intent through proof, with deterministic checkpoints before admin signing.

ShadeOps control plane showing workspace data, policy engine, privacy route, admin signer, and proof boundary.

Security boundary

The agent is present, but boxed in.

ShadeOps is intentionally boring where money moves. It cannot invent wallets, cannot sign, cannot fake execution references, and cannot override policy results.

Contacts decide recipientsNamed recipients resolve only from workspace address book entries or explicit wallet input.

Treasury is configuredConnected wallets sign approvals. They are never silently treated as treasury wallets.

Policy outranks the agentDeterministic rules decide whether preparation can continue before any route is offered.

Proof follows executionProof packages require real protocol execution references and preserve the decision hash.

FAQ

Operational questions, answered plainly.

ShadeOps is designed around explicit treasury ownership, wallet signing, and auditable private payout preparation.

Do I need an existing treasury wallet?

Yes. ShadeOps uses an existing Solana wallet, multisig, DAO treasury, or program treasury public address. It does not create or custody treasury wallets.

How do I create a treasury wallet?

Create one with a Solana wallet app for simple teams, use Squads for multisig control, or use Realms for DAO treasury governance. After it exists, paste the public treasury address into the dashboard.

Does ShadeOps ever hold private keys?

No. Wallet signing stays client-side through the connected admin wallet. The server stores configuration and proof data, not private keys.

Which tokens are supported?

ShadeOps supports SOL, USDC, and USDT payout planning. Cloak devnet is wired for SOL and devnet mock USDC shield-and-withdraw flows. Umbra creates receiver-claimable SPL token payouts, so recipients may need to claim with their wallet.

Are there fees?

Yes. Solana network fees apply to protocol transactions. Cloak can include protocol or relay fees, while Umbra receiver-claimable payouts may require the recipient to pay a claim transaction fee unless sponsorship is added. ShadeOps does not add a platform fee.

What does the agent actually control?

The agent drafts and explains. Deterministic code resolves recipients, checks treasury balance, applies policy, selects a route, and blocks unsafe plans before signing.

When is a proof package created?

Only after execution references are supplied from the browser-side protocol path. Blocked plans and fake references cannot create proof packages.