AI Financial Workspace Legos + Ghost Privacy

BUFI is a financial OS purpose-built for distributed B2B teams. Our drag-and-drop "financial workspaces" let companies create custom payment flows, manage multi-currency treasury (fiat + stablecoins), and run invoicing, corporate cards, and payroll from a single platform — eliminating the fragmentation of juggling Wise, Mercury, crypto wallets, and spreadsheets. Currently in private beta and stealth mode.
Modern businesses struggle with fragmented financial tools, no stablecoin payment support, idle balances earning nothing, and expensive cross-border transactions. Worse, blockchain payments are entirely public — creating operational chaos, high costs, and low enterprise adoption.
BUFI is the first all-in-one financial platform combining banking, stablecoin payments, automatic yields, international payroll, invoicing, and AI-powered management in one customizable interface. With Ghost Mode, you can run your business privately. BUFI stands for Business Finance — cutting-edge widgets powered by blockchain and AI, in an agile platform where businesses, human stakeholders, and AI agents coordinate in a shared, context-aware financial back-office.
What we built for this hackathon:

1. Ghost Mode — Private Compliant Stablecoin Issuance We built from scratch a private, compliant stablecoin (USDCg and eUSDCg - exploring TEEs and FHE with ACE compliance) for confidential business transfers. Leveraging Chainlink ACE, Circle's Compliance Engine at the wallet level, and Persona KYB/KYC, only verified parties — after automated fraud screening and OFAC checks with signed service agreements — can participate. The private token wrapping deposits underlying USDC into a Hashnote USYC vault strategy (24/7 redeemable), generating short-term treasury yield while delivering privacy-as-a-service for business finance.
2. AI Contract Builder + Escrow System Users visually compose agreements with milestones, multiple signers, payment schedules, and dispute resolution — all drag-and-drop with react-flow or ready-made templates. For contracts with payments, an AI escrow system analyzes deliverables (PDFs, files) against contract terms and automatically settles payment upon verified delivery. Funds held in escrow are deposited into a selected DeFi yield strategy, and the generated yield becomes an incentive layer — for example, timely delivery unlocks the yield bonus to the payee. An additional layer of compliance is added by integrating Persona, WorldId, Compliance Engine from Circle and ACE intro private transfer settlement and contract due dilligence step between parties.
3. AI Tribunal — Global Arbitration for All If disputes arise, each workspace gets a set number of reconciliation attempts. If unresolved, each party's workspace AI ingestion knowledge graph (past work, emails, transactions, uploaded documents, platform history, and pipedream connector's to 3000 apps ex Notion, Stripe, Github, etc. ) is used by AI adversary advocates to defend their position before a 5-model tribunal. Three LLMs vote independently with confidence scores and detailed reasoning — making global arbitration accessible to every business, not just multinationals. No lawyers means dramatically lower costs. Verdicts are published as on-chain attestations via our BUAttestation contract, with payments settling automatically at stablecoin speed.

Architecture: Next.js app → Cloudflare Worker (Shiva) → Circle Programmable Wallets → Solidity contracts on Sepolia + Arbitrum Sepolia → +15 Chainlink CRE workflows for compliance, privacy, escrow, payroll, invoicing, and treasury management → USYC Hashnote + +5 DeFi strategies indexed via API → Persona, WorldId, Circle Compliance Engine and Chainlink ACE → FHE cofhe by Fhenix and Private Tee Transfers with Confidential HTTP by Chainlink.
3-Layer Compliance Stack (every transaction passes all three)

• Circle Compliance Engine — sanctions, PEP lists, and adverse media screening on every Circle Programmable Wallet transaction before anything hits the chain.
• ACE Policy Guards — PolicyEngine contract (ERC1967Proxy) enforces Chainlink ACE policy on every token transfer. Every transfer(), deposit(), and wrap() calls _requireCompliant(sender, recipient) on-chain.
• Persona KYB/KYC — Context-aware: personal wallets trigger KYC, team wallets trigger KYB. Status attested on-chain via BUAttestation with a 365-day TTL. No unverified wallet touches privacy or contract features.
  Two Privacy Methods (both CRE-compliant)

1. eUSDCg (FHE) — USDC wraps into an FHERC20Wrapper. Balances encrypted as euint64 via CoFHE TaskManager. Server-side FHE — no browser SDK needed; encryption happens on-chain via FHE.asEuint64(). Deployed on ETH-Sepolia and ARB-Sepolia.
2. USDCg (Private Transfers) — USDC deposits into ACE Vault. Transfers happen off-chain via CRE's private ledger with zero on-chain trace. EIP-712 signatures authenticate each transfer.
   CRE Integration — 15 Workflows Across 4 Domains
   Ghost Mode Privacy (4 workflows)

• workflow-ghost-deposit — Verifies KYC/KYB compliance via BUAttestation, reads USDC backing in GhostUSDC, checks yield allocation via TreasuryManager, publishes on-chain attestation.
• workflow-ghost-withdraw — Validates DON state, verifies USDC + USYC backing covers withdrawal amount, publishes attestation before releasing funds.
• workflow-ghost-transfer — Monitors ConfidentialTransfer events on GhostUSDC, verifies both parties are compliant, syncs DON state.
• workflow-private-transfer — Handles USDCg private transfers via ACE Vault — EIP-712 signed off-chain ledger with CRE enforcing concentration limits and real-time policy.
  Escrow Contracts (6 workflows)
• workflow-escrow-deploy — Deploys EscrowWithAgentV3 contracts via EscrowFactory. Encodes milestone amounts and descriptions, signs via CRE consensus, writes to chain, publishes escrow_verify attestation.
• workflow-escrow-verify — AI-powered milestone verification. Fetches deliverable submission and acceptance criteria, runs confidential AI analysis, stores encrypted verdict, publishes attestation. No funds move until deliverables pass.
• workflow-escrow-dispute — 4-layer AI arbitration. Locks milestone on-chain to freeze funds, then runs: Layer 2 (two advocate briefs — provider + client), Layer 3 (3-judge tribunal, majority vote), Layer 4 (5-judge supreme court, 4/5 supermajority — appeal only). All briefs and verdicts encrypted. Publishes escrow_dispute attestation with document hashes.
• workflow-escrow-finalize — Executes final decision. Calls setDecision() on-chain (immutable: payee basis points + receipt hash), then executeDecision() to release funds, then setMilestoneStatus(RELEASED). Publishes escrow_finalize attestation.
• workflow-escrow-monitor — Dual-trigger: watches EscrowFactoryV3 for AgreementCreated, MilestoneFunded, and DecisionExecuted events (EVM log), plus a 6-hour cron for proof of reserves. Aggregates total locked escrow across all active contracts.
• workflow-escrow-yield — Deposits idle escrow USDC into Deframe yield strategies via Motora. Queries strategies sorted by APY and executes deposit. On milestone release, redeems position back to USDC.
  Financial Operations (3 workflows)
• workflow-invoice-settle — CRE-orchestrated invoice payment with compliance verification.
• workflow-payroll-attest — Payroll execution with on-chain attestation for each batch.
• workflow-treasury-rebalance — Monitors USDC buffer across Ghost Mode and escrow; redeems USYC when reserves drop below threshold.
  Reporting (1 workflow)
• workflow-report-verify — Validates financial report data integrity.
  Smart Contracts (7+ deployed on Sepolia)
  BUAttestation (pausable, rate-limited, TTL-enforced) · PolicyEngine (ERC1967Proxy + Chainlink ACE) · USDCg (6 decimals, Ownable2Step + Pausable) · TreasuryManager (USDC→USYC yield) · ACE Vault · GhostUSDC (ETH-Sepolia + ARB-Sepolia) · EscrowFactory + EscrowWithAgentV3 (milestone-based, on-chain decisions)
  Business Model
  TreasuryManager allocates USDC into Hashnote USYC (~6.5% APY) from two sources: Ghost Mode deposits and idle escrow balances. Yield accrues to the platform. Users get privacy, compliance, and programmable contracts — the same model as traditional banking, but on-chain and fully auditable via CRE attestations.

Compliance Stack for Contract Due Diligence & Private Transfers
BUFI's compliance architecture goes beyond transaction screening — it enforces identity and policy at the contract signing step itself, before a single dollar enters escrow.
Layer 1 — World ID (Sybil Resistance) Before countersigning, each party can opt-in to complete a World ID verification via IDKit, generating a ZK proof of unique humanness. The proof is verified off-chain inside a CRE workflow (workflow-contract-verify-human) via verifyCloudProof, then attested on-chain via BUAttestation. The nullifierHash is scoped to a unique action per contract (sign-contract:{contractId}), making it non-reusable and contract-specific. Since World ID is not natively supported on Sepolia or Arbitrum Sepolia, CRE is the bridge — this is precisely the cross-chain, off-chain-verified World ID pattern the track is designed for. We make this opt-in as we intend to expose escrow contracts to AI-agents.
Layer 2 — Persona KYB/KYC (Identity Verification) Personal wallets trigger KYC (individual identity); team wallets trigger KYB (business entity). Verification status is attested on-chain via BUAttestation with a 365-day TTL. No unverified wallet can access contract, private transfer or escrow features.
Layer 3 — Circle Compliance Engine (Sanctions Screening) Every Circle Programmable Wallet transaction is screened against sanctions lists, PEP registries, and adverse media before anything hits the chain.
Layer 4 — ACE Policy Guards (On-Chain Enforcement) PolicyEngine (ERC1967Proxy + Chainlink ACE) enforces compliance policy on every token transfer. Every transfer(), deposit(), and wrap() calls _requireCompliant(sender, recipient) on-chain — no exceptions.
The result: by the time funds enter escrow, every counterparty has proven they are a unique human (World ID), a verified entity (Persona), sanctions-clean (Circle), and policy-compliant (ACE) — all without exposing any identity data on-chain.