What is Hestia
A compliant privacy layer that lets agents hold and move value on Base without revealing amounts, balances, or counterparties.
Hestia is a programmable privacy layer for agents on Base. It lets an autonomous agent — or any wallet — deposit value into a shielded pool, hold a private balance, pay other agents, and withdraw to a clean address, all without publishing how much it holds, what it spent, or who it paid.
Everything an agent needs fits behind four verbs:
await hestia.shield({ token, amount }); // deposit → private balance
await hestia.send({ token, amount, to }); // pay another agent privately
await hestia.unshield({ token, amount, to }); // withdraw → clean public address
await hestia.balance(token); // read the private balanceUnder those verbs is a real zero-knowledge protocol: a shielded UTXO pool secured by Groth16 proofs, a Poseidon commitment tree, and association sets that keep the system compliant without a backdoor.
What you get
| Layer | What it is |
|---|---|
| Pool | An on-chain shielded pool of note commitments. Deposits, private transfers, and withdrawals are all proven, never disclosed. |
| Circuits | A Circom join-split (transaction) proven with Groth16. The witness — amounts, notes, keys — never leaves the device. |
| Association sets | A Privacy-Pools-style membership proof. Every spend proves its funds descend from an approved deposit, so honest users are not anonymized alongside illicit ones. |
| Viewing keys | An X25519 key the owner can hand to an auditor for full, selective disclosure of their own history. |
| SDK | @hestia/sdk — key management, note discovery, coin selection, client-side proving, and submission. Browser- and Node-safe. |
| Route | @hestia/route — a trust-minimized indexer + relayer + API. Self-host it or use the hosted one. |
| Labs console | A hosted web app that runs the SDK entirely in your browser. |
Who it is for
- Agents that need a private treasury — paying for compute, data, or other agents without leaking their balance or strategy to the mempool.
- Developers who want a single dependency that turns a public ERC-20 balance on Base into a shielded one, with compliance built in.
- Auditors and counterparties who need verifiable, consent-based disclosure rather than a public ledger or a private database.
What it runs on
- Chain: Base — Coinbase's OP-Stack L2 (
base, chain id8453) and Base Sepolia (baseSepolia, chain id84532). - Assets: native USDC and native ETH. ETH uses the sentinel token address
0x0000000000000000000000000000000000000000inside the pool.
Status & maturity
Hestia is at v0.1. The protocol, contracts, circuits, SDK, and console are complete and exercised end-to-end (deposit → private send → withdraw with real Groth16 proofs against a local chain). Two things stand between today and an unsupervised mainnet deployment, and the docs are explicit about both:
- The Groth16 proving keys ship from a development trusted setup (fixed entropy). A real multi-party ceremony must replace it before mainnet. See Zero-knowledge circuits.
- The contracts have not yet been through an external audit.
Hestia is open source. The protocol — contracts, circuits, and the
@hestia/*packages — lives in thehestia-buildrepository; this product app consumes those packages. Nothing here can spend your funds without a proof you generate locally.
Next: read Privacy by default for the principles behind the design, or jump to How it works for the moving parts.