Appearance
VelaPay One-Pager
The recurring-value-transfer primitive for Solana's Internet Capital Markets layer — and the only payments infrastructure on-chain with a privacy architecture.
What It Is
VelaPay is the only payments protocol — on Solana, on EVM, anywhere — where billing runs on encrypted data by architecture. Chain-enforced mandates via Token-2022 transfer hooks. Encrypted billing logic via Arcium MPC. Every other payments protocol, from Solana Pay to Stripe's Bridge, publishes transaction data in plaintext.
On Solana specifically, VelaPay is the first native recurring-payment primitive: monthly pulls, per-second streams, usage metering, and agent budgets, all validated as encrypted inputs inside Arcium before a single token moves. Validators, competitors, chain analysts — none ever see the numbers.
Token-2022 is Solana's primitive for programmable tokens. Squads is the primitive for programmable multisig. VelaPay is programmable recurring value — the third primitive in that sequence, and the last missing layer before on-chain businesses can actually run on-chain.
The Problem
The category is structurally unclaimed, not competitive
Colosseum's ML-derived cluster v1-c16 — "Stablecoin Payment Rails and Infrastructure" — contains 202 projects across four hackathons (Radar, Breakout, Cypherpunk, Renaissance). Zero have won prizes. Zero made an accelerator. Every prior attempt is an allowance-wrapper variant — subscriber delegates a token allowance, a relayer pulls on schedule, application logic is supposed to enforce the agreement. All share the same architectural ceiling.
No payments infrastructure on-chain has privacy architecture
Every existing on-chain payment protocol — Sphere, Helio, Superfluid, Solana Pay, Stripe's Bridge, every Colosseum billing attempt — publishes transaction data in plaintext. Subscriber count, revenue, churn rate, pricing tiers, all legible to any chain analyst in real-time. No serious B2B SaaS uses on-chain billing for this reason. The private payments layer does not exist as a competitive option. VelaPay builds it.
The market is massive and unserved
- The global subscription economy was $275B+ in 2024
- Stablecoin transfer volume is nearly 3× Visa ($3.2T annualized)
- Zero of that volume runs through a protocol with chain-enforced mandate authorization
The Solution
Transfer-hook mandates as the core billing engine
This is Solana-native. It does not exist on EVM chains. Token-2022's TransferHook extension lets Vela intercept every transfer and validate it against an on-chain mandate PDA. Scoped mandates replace unlimited approvals: per-period caps, lifetime caps, merchant-specific authorizations.
Arcium MPC for privacy
All billing logic runs on encrypted data. Usage, pricing, analytics, credit scoring, compliance — all computed on ciphertext. Only the boolean result (approved/denied) is revealed. Merchant billing records are encrypted blobs that only the merchant can decrypt.
Token-2022 composability
Three Token-2022 extensions combine in one protocol:
| Extension | Purpose |
|---|---|
| Transfer Fee | Platform revenue on every pull (1% fee built into the token transfer) |
| Metadata Pointer | On-chain plan terms encoded in the mint itself |
| Non-Transferable | Subscription credentials that prove active status without being tradable |
How It Works
1. Subscriber approves mandate
"Allow Acme to pull up to 30 USDC/month"
2. Mandate stored on-chain
Merchant, subscriber, amount, frequency, expiry → PDA
3. Keeper triggers pull on schedule
Permissionless — anyone can submit the pull instruction
4. Transfer Hook fires
Token-2022 program calls Vela's hook on every transfer
5. Hook validates against mandate PDA
Checks amount, period, cap, expiry, merchant identity
6. Returns: approved / denied
Unauthorized pulls fail at the chain level before transfer executesThe key insight: an unauthorized pull doesn't trigger a dispute process. It fails at the protocol level. The validator itself rejects the transfer. No relayer, no trusted intermediary, no rollback.
Traction
| Metric | Value |
|---|---|
| Milestones shipped | 8 (v1.0 → v1.8, all shipped) |
| Phases | 48 |
| Plans executed | 210+ |
| Commits | 628+ since March 29, 2026 |
| Commit velocity | ~33 commits/day (solo, AI-assisted) |
| Repos in workspace | 11 |
| Protocol deployment | Live on devnet (program IDs pinned) |
| SDK | Packaged as @vela/sdk v0.1.0, consumed across 9 downstream surfaces |
| Documentation | 68-page developer docs site (Starlight) |
Product surfaces shipped
| Repo | Status |
|---|---|
vela-protocol | Anchor dual-program workspace (protocol + transfer hook), live on devnet, Arcium circuits wired |
vela-sdk | @vela/sdk v0.1.0 + CLI with simulate and status; four billing models in one library |
vela-dashboard | Merchant dashboard — plans, subscribers, webhooks, analytics |
vela-admin | Protocol admin — monitoring, emergency controls, audit log |
vela-web | Public landing page on Cloudflare |
vela-docs | 68 MDX-page developer documentation site (Starlight) |
vela-checkout | Hosted checkout flow — session APIs, wallet approval, QR, Turnstile |
vela-portal | Subscriber portal — SIWS + magic-link, invoices, cancel, switch plans |
vela-widget | Embedded checkout loader (6.2 KB gzip) + Shadow-DOM iframe |
vela-synthetic | Devnet cron harness — synthetic subscriber/merchant load for continuous protocol validation |
vela-webhook | @vela/webhook package — Zod-typed event schemas, HMAC verification, dead-letter queue |
Differentiation
| Claim | VelaPay | Every competitor |
|---|---|---|
| Private billing compute on-chain | ✅ Arcium MPC circuits live in protocol | ❌ Every other payments protocol ships plaintext |
| Transfer hooks for billing enforcement | ✅ Only project in Colosseum corpus | ❌ All use token allowances |
| Protocol-level mandate enforcement | ✅ Validator rejects unauthorized pulls | ❌ Application-level logic (relayer can misbehave) |
| Arcium + Token-2022 intersection applied to billing | ✅ Only project | ❌ Only 2 Colosseum projects touch the intersection (incognito-protocol, zenlok); neither does billing |
| Billing models in one SDK | ✅ Recurring, streaming, usage, agent budgets | ❌ One model each, or none |
| Full-stack product | ✅ Protocol + SDK + dashboard + admin + docs + checkout + portal + widget + synthetic + webhook | ❌ Most ship an Anchor program only |
Market Signals
Investor and industry validation for the thesis:
- a16z (Sam Broner, Feb 2026): "Stablecoins are programmable. Key features like arbitration, monthly billing, streaming payments"
- Galaxy Research (Oct 2025): "Subscriptions for frictionless, one-off payments... a sea change"
- Stripe acquired Bridge for $1.1B — stablecoin payment API infrastructure
- Patrick Collison (Stripe CEO): "Stablecoins are room-temperature superconductors for financial services"
- a16z (May 2025): "The Month Fintechs Embraced Stablecoins" — Stripe/Bridge processing $1.5B/month in stablecoin payment volume on Solana
- Pantera Capital (Nov 2025): HTTP 402 + crypto makes protocol-native payments real. Privacy + payments is the convergence.
- Agent payments won 1st place in two tracks at the last Colosseum hackathon (MCPay $25k, Latinum $20k)
Team
Solo founder. Full-stack AI-assisted development. 628+ commits in 19 days across 11 repositories — the output a Series A hire plan is supposed to produce. No other project in Colosseum's stablecoin-payments cluster has shipped more than 2 surfaces. VelaPay has shipped 11, with every one of them consuming the same @vela/sdk package the protocol exposes.
Velocity is not a vanity metric. It is the fourth moat layer: any well-funded team starting today inherits a 628-commit deficit on a protocol that is already live on devnet, with encrypted billing compute, a packaged SDK, a hosted checkout, and a subscriber portal sitting on top.
Core Value
If everything else fails, the transfer hook mandate system that lets merchants pull exactly what was agreed — and nothing more — must work.
That single property — chain-enforced, scoped, private recurring payments — is what makes VelaPay a protocol primitive, not another allowance wrapper. Token-2022 gave Solana programmable tokens. Squads gave it programmable multisig. VelaPay is programmable recurring value, with privacy by architecture — the third primitive in that lineage, and the missing layer before on-chain businesses can actually run on-chain.