Are you an LLM? Read llms.txt for a summary of the docs, or llms-full.txt for the full context.
Skip to content

Building on Pampalo

Pampalo aims to be a bedrock layer to build new finance applications on top of. Pampalo ships a headless toolkit so scripts, backends, and AI agents can hold and operate Pampalo identities without a browser: no passkey, no web wallet. Everything the web app does (shield, transfer, unshield, sync) runs in plain nodejs, with zero-knowledge proofs generated locally.

The off-chain toolkit comes as two packages:

  • @pampalo/sdk: the programmatic core. An Account class that custodies keys, reads balances, syncs notes from chain, and builds + broadcasts shielded transactions. This is what you import.
  • @pampalo/cli: the pampalo command-line tool, a thin wrapper over the SDK. Anything the CLI does, the SDK does identically.

Both sit on @pampalo/shared, the protocol cryptography (notes, proofs, ECIES, the Poseidon merkle tree), which is published too.

On the on-chain side:

  • @pampalo/contracts: Pampalo's core Solidity as importable source. Inherit PrivatePaymentAcceptor to let your own contract take a private payment the way it takes an ERC-20 — settling against the live protocol. This is the on-chain counterpart to the SDK.

Agent accounts

An agent account is a Pampalo identity created and custodied outside the browser. It has the same on-chain shape as a web wallet (one recovery phrase producing one EVM address, one envelope key, and one Poseidon identifier), but:

  • It's a fresh, separate identity by default. pampalo init (or Account.create) generates a brand-new recovery phrase, so an agent never holds the keys to your human web wallet. You can import an existing phrase explicitly if you want them to be the same identity.
  • Its recovery phrase is stored in an encrypted keystore, modelled on ~/.ssh/: a scrypt + AES-256-GCM file under ~/.pampalo/accounts/, unlocked by a passphrase. The web wallet uses a passkey instead; an agent has no authenticator, so it uses a passphrase, the same trade-off ssh-keygen and Foundry's cast make.

Requirements

  • Node.js 20+ (22 recommended, that's where proof generation is tested).
  • An RPC endpoint for the chain you operate on (any standard JSON-RPC URL).

Status

Pampalo is open source — the full codebase lives at github.com/pampalodotcom/pampalo. It's based heavily on commbank.eth's codebase, with a Convex backend for catalog data and the transfer relayer.

The SDK and CLI are at 0.1.1: the read path and shield/transfer/unshield all work; the privacy-preserving relayer and a few conveniences are still on the way (each page calls out what's not done yet).

Head to the SDK or CLI page to get started.