Appearance
v1.0 Foundation
Shipped: 2026-03-31 | Phases: 5 | Plans: 20
The starting point. v1.0 proved that the transfer-hook billing model works end-to-end: a merchant can create a mandate, a subscriber can accept it, the keeper can pull exactly what was agreed, and the subscriber can cancel — all enforced at the Token-2022 transfer boundary.
What Shipped
Phase 1: Protocol Core
The Anchor program at the heart of VelaPay. Built on Solana with Anchor 0.32.1 and Token-2022.
- Mandate PDAs — The core account model. A mandate represents a billing agreement between a merchant and a subscriber. It encodes the amount, cadence, and token mint.
- 4 core instructions:
create_plan— Merchant defines a billing plan (amount, interval, mint)subscribe— Subscriber accepts the plan, creating a mandate PDAexecute_pull— Keeper pulls payment according to the mandate termscancel— Either party cancels the mandate
- Credential minting — Non-transferable Token-2022 credentials that represent billing authorization
- LiteSVM test suite — In-process VM tests replacing deprecated Bankrun
- Devnet deployment — First program deployment to Solana devnet
Phase 2: SDK + CLI
The TypeScript developer interface to VelaPay.
- Published to npm as
@vela/sdk— CommonJS + ESM dual output - Instruction builders — Type-safe wrappers for every protocol instruction
- Error handling — Structured error types with program-specific error codes
- CLI tooling —
velacommand-line tool for developer testing and quick operations - Bun-native — Built with Bun as runtime and package manager, TypeScript native
Phase 3: Merchant Dashboard
The merchant-facing application built on TanStack Start + Hono + Cloudflare D1.
- Wallet-authenticated — SIWS (Sign-In With Solana) as the primary auth mechanism
- Plan creation — Create and manage billing plans with amount, interval, and token configuration
- Subscriber management — View subscribers, mandate states, and billing history
- Helius webhook indexing — Real-time subscription events indexed from on-chain via Helius Enhanced webhooks
Phase 4: Landing Page
velapay.com, the public-facing site.
- Cloudflare Workers deployment — Static site via Astro on Workers
- Value proposition — Privacy-first recurring billing on Solana
- Developer CTAs — Code snippets, SDK install commands, documentation links
Phase 5: Developer Documentation
The developer-facing docs site built on Starlight.
- Quickstart guide — From install to first subscription in minutes
- SDK reference — Complete API documentation for
@vela/sdk - Architecture docs — Protocol design, mandate lifecycle, transfer hook mechanics
- Cloudflare deployment — Static docs served from Cloudflare Workers
Key Decisions
Transfer Hooks as Billing Engine
The single most important architectural decision in the project. Instead of using Solana allowances (which grant unlimited spending authority), VelaPay uses Token-2022 transfer hooks to validate every pull against the mandate terms. This means:
- No unlimited approvals — Merchants can only pull what was agreed
- Enforcement at the protocol layer — Not in off-chain trust logic
- Token-2022 only — Requires the transfer hook extension, so Token (classic) is not supported
This decision cascaded through everything: Anchor 0.32 (for #[interface] support), LiteSVM (for transfer hook testing), the entire PDA schema, and the SDK instruction builders.
Multi-Repo Model
Five separate repositories from the start:
vela-protocol— Rust/Anchor programvela-sdk— TypeScript SDK + CLIvela-dashboard— Merchant dashboardvela-web— Landing pagevela-docs— Developer documentation
Each repo has its own deploy lifecycle, its own CI/CD, and its own package dependencies. This was chosen over a monorepo because different repos have fundamentally different deployment targets (Solana devnet vs npm vs Cloudflare Workers vs Railway).
Anchor 0.32 with Token-2022
Anchor 0.32.1 was chosen because:
- Adds
bunsupport (package manager alignment) - Stable IDL building without nightly Rust
#[interface]attribute support for transfer hooks (removed in Anchor 1.0 RC)- ~5% CPI savings via
solana-invoke - Last release before Anchor 1.0 breaking changes
LiteSVM for Testing
LiteSVM replaced the deprecated Bankrun testing framework. It provides an in-process Solana VM that is orders of magnitude faster than solana-test-validator. This decision paid dividends across every subsequent milestone.
Bun Everywhere
Bun was chosen as the universal package manager for all TypeScript repos. Benefits:
- Native TypeScript support (no
ts-nodeortsx) - Built-in test runner (
bun:test) - Auto-loads
.envfiles - Fast installs and builds
- Consistent tooling across the workspace
Validation
The milestone validated four core properties:
- Mandate creation and enforcement works — Create a plan, subscribe, execute pulls on schedule
- Transfer hook integration validates pulls — Every transfer goes through the hook, which checks the mandate
- SDK is usable by developers — Instruction builders, error types, and CLI all work as expected
- Billing flow is correct end-to-end — From plan creation through payment execution to cancellation
What Wasn't Known Yet
At v1.0, several things were unproven:
- Whether Arcium encrypted compute could be layered in without disrupting the billing primitive
- Whether the admin story (monitoring, emergency controls) would work with the PDA-based model
- Whether merchants would accept wallet-only login or need traditional email auth
- Whether agent payments (AI spending limits) would be a viable use case
- Whether the multi-repo model would scale or become a burden
All of these were answered in subsequent milestones.
Technical Debt Created
- No account versioning — Core accounts had no reserved space, forcing v1.7 to add versioning retroactively
- Single mint assumption — Protocol assumed USDC only, requiring v1.7 TokenConfig registry for multi-token
- Wallet-only auth — No email/password login, addressed in v1.3
- No streaming — Only periodic pull payments, addressed in v1.8