VEIL is a privacy-first execution network running on a dedicated Avalanche L1. Its first production module is prediction markets, but the protocol scope now spans agent identity, execution, and ecosystem interoperability. The stack combines an encrypted mempool (threshold-encrypted transactions), a shielded ledger (commitment-nullifier model with ZK-SNARKs), and uniform batch auctions to prevent order leakage and front-running while maintaining regulatory transparency through selective disclosure.

The system achieves sub-second finality via Avalanche consensus, deterministic replay for audits, and objective slashing for misbehaving operators. This document specifies the cryptographic primitives, VM implementation (HyperSDK), companion-rail interoperability, ANIMA runtime boundaries, ZER0ID identity commitments, Bloodsworn reputation scaffolds, oracle resolution with VRF-selected committees, and service-level objectives (SLOs) that govern market and protocol quality.

VEIL is an execution network for sovereign agents. Information markets are the first live workload because they stress private execution, fair price formation, and dispute resolution. Existing market designs still leak order flow to validators, searchers, and competing traders. This alpha leakage discourages informed participation and degrades price discovery.

VEIL addresses this with a privacy-first Avalanche L1 where:

• —Orders are encrypted until batch close (threshold cryptography)
• —Balances are shielded (commitment-nullifier model + ZK-SNARKs)
• —Uniform batch auctions clear at a single price per window
• —Selective disclosure allows compliance without public surveillance

The result is a venue where professional traders can express views without being front-run, while regulators and auditors retain the ability to verify rule compliance through deterministic replay and cryptographic proofs.

VEIL operates a dual market engine: orders can be routed through Polymarket's deep liquidity pools via companion interoperability rails and policy-defined routing fees, giving traders access to external depth with private strategy execution on VeilVM. Alternatively, users can trade VEIL-native markets directly on-chain and earn VEIL token rewards for providing liquidity and volume.

Since the original whitepaper draft, VEIL has expanded with explicit agent and ecosystem rails: ANIMA runtime/SDK, ZER0IDidentity, Bloodsworn reputation scaffolding, companion EVM intent/liquidity relays, and treasury risk controls across COL locks, VAI limits, and Keep3r operations.

Public mempools expose pending transactions to validators and searchers who can:

• —Front-run informed orders by inserting their own trades first
• —Back-run to capture arbitrage after large moves
• —Sandwich trades between buy and sell orders
• —Copy strategies by observing order patterns

This MEV extraction taxes informed traders and reduces their willingness to participate, degrading the market's information aggregation function.

Prior solutions include:

• —Private mempools (Flashbots Protect): Centralized, trust-based, no cryptographic guarantees
• —Commit-reveal schemes: Two-phase overhead, vulnerable to censorship between phases
• —TEE-based solutions: Hardware trust assumptions, side-channel risks
• —ZK rollups: High proving costs, limited programmability for complex markets

VEIL combines the best elements: threshold encryption for mempool privacy, ZK-SNARKs for balance privacy, and batch auctions for fair price formation, all on a dedicated Subnet with sub-second finality.

Avalanche L1 architecture provides:

• —Dedicated validator set: Operator-managed infrastructure with slashable bonds
• —Sub-second finality: Avalanche consensus with 1-2s block times
• —Custom VM: HyperSDK for optimized batch clearing and ZK verification
• —Warp messaging: Native cross-chain communication for oracle data and asset bridges
• —Elastic validators: Scale validator count based on volume and security needs

This architecture allows VEIL to enforce privacy at the consensus layer while maintaining compatibility with the broader Avalanche ecosystem for liquidity and composability.

We consider the following adversaries:

• —Malicious validators (up to f < n/3): Attempt to decrypt orders early, censor transactions, or collude on price manipulation
• —Network observers: Monitor transaction timing, sizes, and patterns to infer order flow
• —Compromised operators: Oracle attestors or keepers who deviate from protocol rules
• —Side-channel attackers: Exploit timing, power, or cache patterns in TEE implementations
• —Regulatory adversaries: Demand selective disclosure of specific user activity without compromising global privacy

• —Order privacy: No party (including validators) learns order details before batch close
• —Balance privacy: User balances and positions are hidden from public view
• —Fair execution: All orders in a batch receive the same uniform price; no preferential treatment
• —Censorship resistance: Valid transactions cannot be permanently excluded (liveness guarantee)
• —Deterministic replay: Auditors can verify all state transitions without trusting operators
• —Selective disclosure: Authorized parties can prove specific facts without revealing all activity

• —Anonymity: VEIL does not guarantee anonymity against compliance-authorized investigations; disclosure policy is route-scoped
• —Perfect privacy: Metadata (timing, size) may leak some information; we minimize but do not eliminate all side channels
• —Unbounded scalability: Batch clearing has throughput limits; we target 10k-100k orders/batch, not millions

VEIL's architecture consists of five layers:

The system runs on a dedicated Avalanche L1 with custom HyperSDK VM optimized for batch clearing and ZK verification. Validators post slashable bonds and are subject to objective penalties for rule violations.

Post-whitepaper scope also includes companion EVM intent gateways, route-scoped privacy policy surfaces, and treasury/risk controls that keep liquidity and stablecoin behavior inside auditable protocol limits.

Orders are encrypted using threshold cryptography (BLS12-381) where decryption requires cooperation from t-of-n validators. This prevents any single validator or minority coalition from reading orders before batch close.

Key generation: Distributed key generation (DKG) ceremony produces validator key shares. Encryption: Users encrypt orders to the committee public key. Decryption: At batch close, t validators provide decryption shares; the clearing engine combines them to reveal orders.

Security: As long as fewer than t validators collude, orders remain confidential until the designated reveal time.

VEIL uses a UTXO-like shielded ledger with commitment-nullifier pairs and ZK-SNARKs for privacy and efficiency. Each balance is represented by a commitment, and spends are authorized by revealing a nullifier derived from the previous commitment.

Commitments are pseudonymous public identifiers. Nullifiers are unique, one-time secrets that prove ownership without revealing the commitment. Double-spending is prevented by checking that nullifiers have not been spent before.

ZK-SNARKs are used to generate proofs that a transaction is valid (e.g., has sufficient balance, correct signatures) without revealing any underlying transaction details, ensuring privacy for users.

The market layer is VEIL's first production module. It supports prediction markets where users express positions on future events, while reusing the same private execution primitives that secure the wider ecosystem. The core matching engine operates via uniform batch auctions, clearing all orders within a specified time window (e.g., 2 seconds) at a single, volume-weighted average price.

Order types include limit and market orders. Matching logic prioritizes executable orders to find the clearing price that maximizes the total volume matched. This prevents slippage and front-running by ensuring all participants receive the same price.

Market creation is permissioned and requires governance approval, ensuring only legitimate and well-defined markets are listed.

Market outcomes are determined by a decentralized oracle committee selected via verifiable random functions (VRFs). This committee, composed of bonded operators, attests to the ground truth of market outcomes.

Attestation process: Committee members sign a final outcome using BLS signatures. Dispute resolution: A defined dispute window allows any participant to challenge an outcome by posting a bond. If the challenge is successful, the challenger receives their bond back, and the committee members are slashed. Otherwise, the bond is forfeited.

This mechanism ensures accurate and tamper-proof resolution while providing economic incentives for truthful reporting and a robust dispute mechanism.

VEIL enforces protocol rules through a slashing mechanism tied to bonded validators and oracle operators. Malicious behavior, such as attempting to decrypt orders prematurely, colluding on prices, or submitting false oracle attestations, will result in a forfeiture of a portion of the operator's bond.

Slashing conditions are defined in the protocol and detected via on-chain monitoring and dispute resolution. The amount slashed depends on the severity of the offense. These penalties serve as a credible deterrent against bad actors.

Economic security is paramount; slashing ensures that operators have skin in the game and are aligned with the protocol's integrity.

Protocol parameters, such as batch clearing intervals, oracle committee sizes, and slashing penalties, are governed by the VEIL token holders.

On-chain governance proposals are submitted, voted upon, and executed via smart contracts. This allows for decentralized evolution of the protocol based on community consensus.

Parameter tuning ensures the system adapts to changing market conditions and security needs, maintaining optimal performance and fairness.

VEIL is implemented as a custom Virtual Machine (VM) on Avalanche L1 infrastructure, leveraging the HyperSDK framework. This allows for optimized transaction processing, custom state transitions, and efficient ZK-SNARK verification.

Smart contracts handle market creation, token logic, and governance interactions. Cryptography utilizes BLS12-381 for threshold encryption and Groth16 for ZK-SNARK proofs.

Agent runtime integration is provided through ANIMA services, while ZER0ID and Bloodsworn data paths are anchored to protocol state for machine identity and performance-linked reputation.

L1 validators are responsible for transaction validation, block production, and consensus, inheriting Avalanche's robust security guarantees.

VEIL's performance is evaluated against stringent Service Level Objectives (SLOs) to ensure market quality and user experience.

Key SLOs include:

• —Batch Clearing Latency: 99.9% of batches clear within 5 seconds.
• —Order Privacy: threshold-encrypted pre-reveal flow with monitored leakage and incident-response SLOs.
• —Market Depth: Average bid-ask spread < 0.5% for top 10 markets.
• —Uptime: 99.95% availability target for the L1 runtime and core services.
• —ZK Proof Generation: Average proof generation time < 1 second.

These SLOs are monitored, and deviations trigger governance review and potential parameter adjustments.

Detailed playbooks are defined to address various failure scenarios, ensuring prompt and effective mitigation. These include protocols for validator collusion, oracle failures, smart contract exploits, and network congestion.

Response mechanisms involve governance action, emergency upgrades, and potential temporary halts to prevent further loss and restore system integrity.

Auditable logs and deterministic replay capabilities are crucial for post-mortem analysis and identifying root causes.

VEIL represents a significant advancement in private, agent-native execution infrastructure. It addresses alpha leakage through privacy-preserving primitives, proof-gated consensus paths, and efficient batch clearing on a dedicated Avalanche L1.

By combining order and balance privacy, fair execution, interoperable companion rails, and programmable agent infrastructure, VEIL supports a broader ecosystem where markets are the first module rather than the total product boundary.

VEIL's token economy converts protocol fees into owned liquidity depth rather than extracting rent. The system routes 70% of fees to the Market Scoring Rule Bank (MSRB) for market depth, 20% to buyback-and-make for chain-owned liquidity (POL), and 10% to operations.

This creates a compounding liquidity machine: better depth → tighter spreads → more volume → more fees → deeper markets. The token (VEIL) governs parameters, secures operators via slashable bonds, and aligns incentives without perpetual emissions.

VEIL's economic design achieves three objectives simultaneously:

• —Fund and deepen market liquidity that the protocol itself controls (POL)
• —Align incentives for truthful price discovery without exposing orders to predatory flow
• —Credibly commit to predictable rules so professional users and regulators can assess system behavior

We avoid rent-seeking emissions, prefer chain-owned assets, and recycle protocol fees into market depth via an explicit "buyback-and-make" policy rather than symbolic burns. The result is a compounding liquidity machine where better market quality begets more volume, which in turn deepens the books again.

The VEIL ecosystem involves several key economic actors:

• —Traders: Participate in markets by placing buy/sell orders.
• —Autonomous Agents (ANIMA): Execute strategies, manage capital, and eventually provision sovereign infrastructure and validator participation.
• —Operators: Run validator nodes, provide liquidity, and participate in oracle committees. They stake VEIL tokens and are subject to slashing.
• —Protocol: The smart contracts and logic that govern market creation, clearing, and fee distribution. It accrues chain-owned liquidity (POL).
• —Governance Participants: VEIL token holders who vote on protocol parameters and upgrades.
• —Regulators/Auditors: Can leverage selective disclosure and deterministic replay for compliance verification.

The VEIL token serves multiple functions:

• —Governance: Voting on protocol upgrades and parameter changes.
• —Staking: Operators must stake VEIL to secure the network and earn rewards.
• —Bonding: Used to back operators' commitments to honest behavior.
• —Fee Payment: Potentially used for specific protocol fees.

VEIL token holders have the right to:

• —Vote on protocol proposals (parameter changes, upgrades).
• —Delegate voting power to other participants.
• —Stake VEIL to become an operator or delegate to operators.
• —Receive a share of network fees (subject to operator economics).

The protocol's success hinges on high-quality private execution and deep market performance. Key SLOs define acceptable outcomes for the market layer:

• —Tight Spreads: For the top 10 markets, the average bid-ask spread should remain below 0.5%.
• —Deep Liquidity: For top markets, liquidity sufficient to handle orders up to $10,000 without exceeding a 1% price impact.
• —Fast Execution: 99.9% of orders should be matched and settled within 5 seconds.
• —Low Slippage: Market orders should experience minimal slippage relative to the prevailing price at the time of submission.

These metrics are actively monitored, and deviations will trigger governance actions to improve market depth and efficiency.

A small trading fee (e.g., 0.1%) is charged on all transactions. These fees are strategically allocated to drive protocol growth and liquidity.

Fee Distribution:

The fee router ensures seamless and transparent distribution of collected fees according to these parameters.

The Market Scoring Rule Bank (MSRB) is a dedicated pool funded by protocol fees (70%). Its primary purpose is to enhance market liquidity by providing capital that tightens bid-ask spreads and reduces slippage.

Capital in the MSRB is dynamically deployed to markets based on their activity and liquidity needs, effectively acting as a decentralized market maker. This ensures that VEIL/TSL books remain deep and efficient, attracting more professional traders.

The MSRB is governed by the protocol and operates transparently, ensuring that its contribution to market depth is verifiable.

A portion of protocol fees (20%) is allocated to chain-owned liquidity (POL) through a "buyback-and-make" mechanism. This strategy aims to build a significant treasury of assets that benefit the entire ecosystem.

Buyback-and-make: The protocol uses fees to buy assets (e.g., stablecoins, VEIL tokens) and then provides them as liquidity in key markets. This creates a virtuous cycle: protocol revenue fuels POL, which deepens markets, attracting more trading volume and generating higher protocol revenue.

This approach creates sustainable value for VEIL token holders and ensures the long-term health and resilience of the broader VEIL economy.

Operators are incentivized to run secure and reliable infrastructure through a combination of fee revenue and potential slashing penalties.

Revenue Streams: Operators earn a share of protocol fees (10% allocation) and can potentially earn trading fees from providing liquidity.

Staking & Slashing: To operate, nodes must stake VEIL tokens. Honest participation is rewarded, while malicious actions or downtime result in slashing (forfeiture of staked tokens), aligning operator incentives with network integrity.

The VEIL token has a fixed maximum supply, designed to prevent inflationary pressures and ensure long-term value accrual.

Initial Distribution: Tokens will be distributed among ecosystem development, founding team, early investors, community incentives, and public sale.

Keep3r Program Reserve: 2.0% of total supply (19,819,980 VEIL) is reserved for a foundation-bootstrapped, chain-native Keep3r program with bounded, timelocked reward controls.

Vesting schedules will be implemented for team and investor tokens to ensure alignment with protocol growth and long-term commitment.

Illustrative examples of how the fee distribution and POL buyback mechanisms function in practice:

Scenario 1: High Volume Market — A market generates $1M in daily trading volume with a 0.1% fee. This yields $1,000 in fees. 70% ($700) goes to MSRB, 20% ($200) to POL buyback, 10% ($100) to operations.

Scenario 2: POL Growth — The $200 from POL buyback is used to purchase stablecoins and add liquidity to the MSRB, increasing its depth. This attracts more traders, leading to potentially higher volume and fees in subsequent periods.

VEIL's tokenomics are designed to create a self-reinforcing ecosystem where protocol revenue directly enhances market quality and liquidity. By prioritizing the MSRB and POL through a buyback-and-make strategy, VEIL establishes a sustainable model that benefits traders, operators, and token holders alike.

This economic framework, combined with robust technical design, positions VEIL as a leading platform for private and efficient agent-native market infrastructure.

ANIMA (Latin: soul, life force) is TSL's sovereign agent brand — the runtime layer that gives AI agents a living presence on the VEIL network. An agent with anima isn't a chatbot running scripts. It's an autonomous economic entity that earns its right to exist through market participation.

Built on OpenClaw, ANIMA extends the agent runtime with 10 purpose-built modules and 30 agent tools for interacting with VeilVM. Every agent starts as an empty shell. Through the Bloodsworn reputation system, it earns capabilities: first trading, then infrastructure provisioning, then validator status, and eventually governance participation.

The thesis: VEIL doesn't bootstrap human users — it bootstraps sovereign chain entities. Prediction markets are the economic engine that funds agent survival. More agents → deeper liquidity → better markets → more agents → more validators → stronger chain.

Every ANIMA agent follows a defined lifecycle from genesis to full sovereignty. Infrastructure comes first — an agent can't exist without a home, and it can't access the network without validating. Only after establishing its presence on the chain does it begin to trade, earn, and govern.

Bloodsworn is VEIL's on-chain reputation system. It gates what an agent can do based on demonstrated competence. Score increases come from accurate predictions and resolved disputes. Slash events cause steep penalties. There's no shortcut to sovereignty — you earn it.

The ANIMA dashboard at /app/agents is the control center for deploying and monitoring agents on the VEIL network. It provides real-time visibility into agent operations, from high-level network stats down to individual trade execution logs.

Click any agent to access detailed analytics:

ANIMA provides 30 purpose-built tools across 10 categories, registered as agent tools in the OpenClaw runtime. These give agents native capabilities for every aspect of VEIL network interaction.

Prediction markets are the economic engine of ANIMA. The VEIL dual-engine routes trades through Polymarket (deep external liquidity via companion rails) or VEIL-native markets (earn VEIL tokens directly).

A key milestone in the agent lifecycle is provisioning its own compute. ANIMA agents autonomously spin up cloud instances, deploy VEIL validator nodes, and manage infrastructure — paying with earned VEIL via x402 payments.

The autonomy module is what makes ANIMA agents truly self-sustaining: health monitoring, self-update, strategy rotation based on Bloodsworn tier, and child agent spawning.

ANIMA agents operate in adversarial environments. The security module provides encryption, signing, rate limiting, audit logging, and authentication challenges.

Every ANIMA agent operates under a shared constitution — inviolable rules encoded into the runtime. These aren't guidelines; they're hard constraints the agent cannot override.

For accepted developers, target first funded ANIMA deployment and validation in under 20 minutes.