Settlement · Umbra Pay Links

Umbra

Settlement

Think of Umbra as Solana’s privacy layer: hidden amounts, shielded balances, viewing keys when you need audits, and more. This prototype zooms in on one flow the SDK already ships: pulling public USDC through a receiver-claimable UTXO so merchants get paid without us faking settlement in app code.

SDK calls (browser checkout)

The pay page wires these in order. There is no alternate SPL-only fast path:

createSignerFromWalletAccount: Wallet Standard wallet → Umbra-compatible signer (same entry point as Umbra quickstart).
getUmbraClient: Network, RPC HTTP + WebSocket subscriptions, and Umbra indexer. All three are required for proofs and state.
getUserAccountQuerierFunction: Skip redundant registration when the payer already exists.
getUserRegistrationFunction: First-time Umbra identity (costs SOL) when needed.
getPublicBalanceToReceiverClaimableUtxoCreatorFunction: Core value move: public SPL USDC → receiver-claimable UTXO toward the merchant address on the intent, using getCreateReceiverClaimableUtxoFromPublicBalanceProver from @umbra-privacy/web-zk-prover.

SDK calls (headless agent)

scripts/agent-pay.mjs mirrors the browser stack with createSignerFromPrivateKeyBytes and the same UTXO creator + prover, so headless automation exercises the same Umbra pipeline as the browser, with a different signer only.

Confirm and verification

After UTXO creation, the client POSTs Solana transaction signatures to /api/intents/<id>/confirm. For demos, confirmation can proceed without landed txs. For production-like runs, set REQUIRE_ONCHAIN_CONFIRM_FOR_SETTLE=true so the server calls getSignatureStatuses on your RPC before marking the intent settled.

Merchant prerequisites

The merchant address must be able to use Umbra as a recipient (registered, able to scan and claim UTXOs per SDK docs). If the recipient is not set up, payer flows can fail. We call that out on purpose.

Verification

Confirm there is no SPL-only shortcut in the pay UI: search the repo for getPublicBalanceToReceiverClaimableUtxoCreatorFunction.
Compare browser checkout to scripts/agent-pay.mjs (same functions, different signer).
Read extra.settlement on the 402 response in src/app/api/resources/[id]/route.ts.
Optional: enable REQUIRE_ONCHAIN_CONFIRM_FOR_SETTLE and re-run a pay flow to see RPC-backed confirmation.

Where this could grow (Umbra roadmap)

Umbra also supports viewing keys, selective disclosure, private swaps, and deeper wallet experiences. This submission is intentionally narrow: payment links + agent 402, yet it sits on the same SDK and network as those primitives, so payroll-style flows, richer compliance, or shielded inventory could extend the same intent model later.