Appendix B: Glossary
Auto-routing. Employee-configured rules that automatically split claimed funds across destinations (bank accounts, external wallets, other chains) on each claim event.
Better Auth. Open-source authentication framework used by Capxul for magic link login and session management. Runs on a separate server from Convex due to SQL storage requirements.
Bidirectional hash linking. The mechanism by which every on-chain payment includes a bytes32 document hash and every off-chain document stores the confirming transaction hash, creating a two-way verifiable link.
Block cursor. The indexer’s bookmark recording the last fully processed block per chain. Stored in Convex. Survives process crashes.
CapxulRouter. A singleton smart contract (Path B) that enforces destination whitelisting on-chain. Maintains per-account allowlists of approved destinations. Deployed behind an upgradeable proxy.
Child Safe. A Safe deployed on a chain other than Base, controlled by the master Safe on Base via Zodiac cross-chain modules. Not needed at V2 launch.
Claim. The act of an employee withdrawing accrued funds from LlamaPay into their smart account. The claim may be manual or automated via session key.
Convex. Document database and real-time backend platform. Capxul’s primary data store for all application state.
Counterfactual deployment. Computing a smart account’s address via CREATE2 before deploying it on-chain. Allows streaming payments to an address before the employee has signed in.
Document hash. A keccak256 hash of a canonical subset of a financial document’s fields. Used for on-chain anchoring.
ERC-4337. The account abstraction standard that enables smart contract wallets with UserOperations, bundlers, paymasters, and programmable validation logic.
ERC-7579. A module standard for smart accounts. Openfort V1 is NOT 7579 compliant. This does not block Capxul because V1’s built-in features cover all needs.
EIP-7702. Allows an existing EOA to temporarily delegate to a smart contract, gaining smart account features. On Capxul’s roadmap for crypto-native users.
Facade pattern. An abstraction layer that hides provider-specific logic behind a common interface. Used for fiat ramps, bridges, and identity verification.
Launch market. A jurisdiction where Capxul has active fiat ramp providers, identity verification coverage, and confirmed compliance rules. Initial launch markets: Nigeria and Ghana. Fast-follow: Kenya and Uganda.
Match-and-update. An indexer mutation mode for events tied to existing documents (e.g., invoice payments). Finds the document by hash and updates it.
Create. An indexer mutation mode for events that birth new documents (e.g., claim receipts). No pre-existing document expected.
OpenSigner. Openfort’s MIT-licensed key management system. Generates keys client-side, splits into Shamir shares, runs in an isolated browser iframe. Self-hostable.
Path A / Path B. The two destination enforcement strategies for session keys. Path A: offchain enforcement in Convex (launch). Path B: on-chain enforcement via CapxulRouter (fast follow when value thresholds warrant).
Payment Module. Custom Solidity module extending Zodiac’s Module.sol. Handles all discrete (non-streaming) payments from the Safe. Emits PaymentExecuted with a document hash.
Provider deposit address. A unique address generated by an off-ramp provider per transaction. The provider controls the address. USDC sent to it is converted to fiat and paid out. Not an escrow — no conditional release mechanism exists.
Pull-based architecture. The invariant that all funds flow through the employee’s smart account. Funds never skip the smart account to reach an external destination.
Session key. A scoped key registered on the smart account that allows the Capxul backend to execute transactions without the employee signing each one. V1 supports: time bounds, transaction count limits, and contract-level whitelisting.
Shield. Openfort’s open-source recovery server. Stores encrypted recovery shares. Issues encryption sessions during authentication. Self-hostable.
Smart account. An ERC-4337 smart contract wallet for individual employees/vendors. Created via Openfort. Not a Safe. Supports session keys, batch transactions, counterfactual deployment, and guardian recovery.
UserOperation (UserOp). An ERC-4337 transaction object submitted to a bundler. Can include initCode for counterfactual deployment and can batch up to 9 calls.
Virtual cards. Planned capability for issuing virtual debit cards funded from a smart account balance. Eliminates the manual off-ramp step for day-to-day fiat spending. Design deferred.
Zodiac Roles Modifier. A Gnosis Guild module that sits between callers and the Safe. Enforces role-based permissions: who can call which functions on which contracts with what constraints.
Acronyms
Section titled “Acronyms”| Acronym | Full Term |
|---|---|
| AMB | Arbitrary Message Bridge |
| AML | Anti-Money Laundering |
| AP | Accounts Payable |
| BRS | Business Registration Service (Kenya) |
| BVN | Bank Verification Number (Nigeria) |
| CAC | Corporate Affairs Commission (Nigeria) |
| CBK | Central Bank of Kenya |
| CBN | Central Bank of Nigeria |
| BoG | Bank of Ghana |
| BOU | Bank of Uganda |
| CCTP | Cross-Chain Transfer Protocol (Circle) |
| DEX | Decentralized Exchange |
| EOA | Externally Owned Account |
| eIDV | Electronic Identity Verification |
| FX | Foreign Exchange |
| IPRS | Integrated Population Registration System (Kenya) |
| KYB | Know Your Business |
| KYC | Know Your Customer |
| MAU | Monthly Active Users |
| MoMo | Mobile Money |
| NIN | National Identification Number (Nigeria) |
| PEP | Politically Exposed Person |
| POC | Proof of Concept |
| RPC | Remote Procedure Call |
| UBO | Ultimate Beneficial Owner |
| URSB | Uganda Registration Services Bureau |
| WaaS | Wallet-as-a-Service |
Providers
Section titled “Providers”| Provider | Role | Status |
|---|---|---|
| Openfort | Smart account infrastructure (key management, contracts, hosted API) | Active. Hosted API is temporary. |
| HoneyCoin | Fiat off-ramp and on-ramp | Active. Sole ramp provider at launch. |
| deBridge | Cross-chain bridging | Active. Sole bridge provider at launch. |
| Hyperbridge | Cross-chain bridging (EVM corridors) | Planned. Phase 2 addition. |
| LI.FI | Cross-chain bridging (rate optimization) | Planned. Phase 3 addition. |
| Shufti Pro | Identity verification (KYC/KYB) | Active. Sole verification provider. |
| Better Auth | Authentication (magic links, sessions) | Active. Self-hosted. |
| Convex | Backend database and real-time platform | Active. |
| Railway | Event indexer hosting | Active. |
Previous Providers (Historical Context)
Section titled “Previous Providers (Historical Context)”| Provider | Previous Role | Why Replaced |
|---|---|---|
| Privy | Auth and embedded wallet | Acquired by Stripe. Proprietary TEE key management, non-exportable. |
| ZeroDev | Smart account provider (Kernel v3) | Acquired by Offchain Labs. Replaced alongside Privy by Openfort. |
Chains
Section titled “Chains”| Chain | Role | Status |
|---|---|---|
| Base | Primary chain. Safe treasury, smart accounts, all modules. | Active |
| Ethereum | Bridge destination | Supported via deBridge |
| Arbitrum | Bridge destination | Supported via deBridge |
| Optimism | Bridge destination | Supported via deBridge |
| Polygon | Bridge destination | Supported via deBridge |
| Solana | Bridge destination (non-EVM) | Supported via deBridge |
| Tron | Bridge destination (non-EVM, USDT) | Supported via deBridge |