Summary
The xochi_cross_chain_transfer ACP offering launches in same-owner, public
mode: it settles a cross-chain transfer to the settler's own configured
wallet_address, with public (non-shielded) settlement. This issue tracks the
deferred capability to deliver to a different recipient and/or via a
shielded / stealth path.
Background
Raxol.ACP.Xochi.Settler builds the QuoteRequest with wallet: wallet_address
(the owner) and delivers there on the destination chain. The Xochi
QuoteRequest schema has no distinct recipient field — :wallet is both funder
and recipient — so plaintext delivery to a third party is not expressible today.
The supported mechanism for different-recipient delivery is ERC-5564 stealth
addresses (settlement_preference: "stealth" + the buyer's compressed
spending/viewing pubkeys), which the wider raxol stealth stack already
implements but which is not wired into this offering.
As of the same-owner launch, the settler now fails closed on anything it
can't honor rather than silently misrouting or downgrading:
- a
destination that differs from wallet_address -> {:error, {:different_recipient_not_enabled, dest}}
settlement_preference other than public, or any stealth pubkey present -> {:error, :stealth_not_enabled} / {:error, {:non_public_not_enabled, pref}}
Scope of this issue (the deferred capability)
Out of scope
Same-owner public settlement (the launch mode) — already shipped and
fork-validated.
References
- Settler:
packages/raxol_acp/lib/raxol/acp/xochi/settler.ex
- Offering:
packages/raxol_acp/lib/raxol/acp/xochi/offering.ex
- Stealth stack:
Raxol.Payments.Xochi.Stealth (ERC-5564/6538) in raxol_payments
Summary
The
xochi_cross_chain_transferACP offering launches in same-owner, publicmode: it settles a cross-chain transfer to the settler's own configured
wallet_address, with public (non-shielded) settlement. This issue tracks thedeferred capability to deliver to a different recipient and/or via a
shielded / stealth path.
Background
Raxol.ACP.Xochi.Settlerbuilds theQuoteRequestwithwallet: wallet_address(the owner) and delivers there on the destination chain. The Xochi
QuoteRequestschema has no distinct recipient field —:walletis both funderand recipient — so plaintext delivery to a third party is not expressible today.
The supported mechanism for different-recipient delivery is ERC-5564 stealth
addresses (
settlement_preference: "stealth"+ the buyer's compressedspending/viewing pubkeys), which the wider raxol stealth stack already
implements but which is not wired into this offering.
As of the same-owner launch, the settler now fails closed on anything it
can't honor rather than silently misrouting or downgrading:
destinationthat differs fromwallet_address->{:error, {:different_recipient_not_enabled, dest}}settlement_preferenceother thanpublic, or any stealth pubkey present ->{:error, :stealth_not_enabled}/{:error, {:non_public_not_enabled, pref}}Scope of this issue (the deferred capability)
requirement schema into the
QuoteRequest(settlement_preference: "stealth"+ spending/viewing pubkeys), so funds land at a stealth address the buyer
controls on the destination chain.
ensure_same_owner/ensure_publicgates in the settler (orwiden them) once stealth is validated.
as a same-owner privacy option, separate from stealth.
different-recipient stealth settlement before enabling on mainnet.
Raxol.ACP.Xochi.Offeringschema/metadata to advertise thecapability once shipped.
Out of scope
Same-owner public settlement (the launch mode) — already shipped and
fork-validated.
References
packages/raxol_acp/lib/raxol/acp/xochi/settler.expackages/raxol_acp/lib/raxol/acp/xochi/offering.exRaxol.Payments.Xochi.Stealth(ERC-5564/6538) in raxol_payments