AI-Controlled-By-ZK

Project name

AI Gmail Automation with ZKP — ETHTokyo Edition

One-liner: A proof-carrying AI agent that auto-processes Gmail and executes JPYC payments only when ZKP-verified rules (whitelist, amount caps, time windows) are satisfied.

Project description

Email-driven ops (invoices, meeting invites) are high-volume and error-prone. Pure AI automation is fast but unsafe—rules can be misread or bypassed.This project cryptographically fixes “what must be obeyed” up front and executes actions only after a Zero-Knowledge Proof (ZKP) confirms rule compliance—we call this Proof-Carrying Automation.

Flow:

1. Ingest Gmail → GPT-5-nano classifies mail (invoice / meeting / other) and extracts key fields (amount, due date, counterparty).

2. Generate ZKP (Circom + Groth16) → prove that the action satisfies policy: whitelisted recipient, amount ≤ cap, within allowed time window, etc., without revealing private data.

3. Verify & Execute → if proof is valid, perform JPYC transfer (EVM; demo on Sepolia) or create a Google Calendar event.

4. Auditability → persist verifiable results; sensitive inputs remain undisclosed—only compliance is proven.

This delivers human-review-level safety with AI-level speed, aligning with ETHTokyo’s Privacy/Security and AI & Society ideals (private-by-default, proof-carrying, consent over capture).

Technologies used

• Runtime & Frameworks: Node.js 18+, TypeScript, Next.js (App Router)

• Agent Interface: MCP Server (mcp-server.ts, dist/mcp-server.js)

• AI: GPT-5-nano (classification & extraction)

• ZK Stack: Circom, snarkjs (Groth16); custom circuits in circuits/*.circom

• Crypto/EVM: JPYC (ERC-20) transfers; EVM RPC (Sepolia for demo); viem/ethers client

• APIs: Gmail API, Google Calendar API

• Tooling: pnpm, jq, TypeScript (optional: Railway/Vercel for hosting)

• Configs: .env with GOOGLE_*, OPENAI_API_KEY, SEPOLIA_RPC_URL, JPYC_CONTRACT_ADDRESS, etc.

Basic architecture

• MCP client ↔ MCP server (dist/mcp-server.js)

• Inside the server: AI classification → ZKP proving → ZKP verification → on-chain payment or calendar scheduling

• Policies are encoded in circuits (whitelist / amount cap / time window) so actions are only possible if proofs validate.

graph TD  U[User / Judge] -->|commands| C[MCP Client]  C --> S[MCP Server (node dist/mcp-server.js)]  S --> AI[AI Classifier (GPT-5-nano)]  S --> GP[Gmail API]  S --> GC[Google Calendar API]  S --> ZP[ZKP Prover (snarkjs)]  ZP --> CR[Circom Circuits (payment_rules.circom, etc.)]  S --> ZV[ZKP Verifier]  S --> CHN[EVM RPC (Sepolia)]  CHN --> TOK[JPYC ERC-20]  S --> LOG[Logs / Results]

Source code

• Open-source repo:  (project must be open-sourced; copyleft preferred—e.g., AGPL-3.0; MIT acceptable)

Key paths (unchanged):

• dist/mcp-server.js — agent entrypoint

• src/lib/ — gmail.ts, calendar.ts, blockchain.ts, zkp-prover.ts, zkp-verifier.ts, ai-classifier.ts, payment-planner.ts

• circuits/ — ZK circuits (payment_rules.circom, address_whitelist.circom, time_constraint.circom)

• build/ — .wasm, .zkey, verification_key.json

• aya-mcp-config.json — MCP client config (name retained by design)

Deployment

• Demo (quick, local):

  ./demo-script.sh

• Manual run:

  pnpm install && pnpm run build-mcppnpm run mcp-serverecho '{"jsonrpc":"2.0","id":1,"method":"tools/list"}' | node dist/mcp-server.js

• Environment example:

  cp env.example .env# GOOGLE_CLIENT_ID=...# GOOGLE_CLIENT_SECRET=...# GOOGLE_REFRESH_TOKEN=...# OPENAI_API_KEY=...# PRIVATE_KEY=...# SEPOLIA_RPC_URL=...# JPYC_CONTRACT_ADDRESS=0x431D5dfF03120AFA4bDf332c61A6e1766eF37BDB

• Hosted demo (if web app): (e.g., Next.js UI on Vercel; MCP server on Railway/Fly.io/self-hosted)