Skip to content
Capxul V2

Chapter 12: Implementation Roadmap

Each layer has its own phased implementation defined in its respective chapter. This chapter consolidates them into a unified timeline showing what gets built when and how the layers interleave.

POC Specification

Section titled “POC Specification”

Before full implementation, a focused proof-of-concept validates the full workflow.

Stack: Better Auth (Hono + SQLite) + Openfort + Convex + Base Sepolia

Duration: 1-2 week sprint, one senior engineer

POC Scenarios

Section titled “POC Scenarios”
#ScenarioValidates
1Better Auth magic link login + Openfort wallet creationAuth-to-wallet bridge
2Server-side bulk creation of 5 accounts from emailsPre-generation API
3Re-run produces same addressesDeterministic addresses
4User signs in, wallet creates, smart account deploys on first claimEnd-to-end claim flow
5Session key routing: claim funds, split to 2 addresses in batched UserOpPath A validation
6Wrong email correction: new player, update stream, verify no fund lossOperational safety
7Guardian recovery: set Capxul as guardian, simulate key loss, execute recoveryRecovery model
87702 path: connect existing EOA, upgrade, receive paymentFuture readiness
9CapxulRouter: deploy, register session key, confirm allowlist enforcementPath B validation
10Zodiac Roles: configure role on test Safe, validate spending limit enforcementPermission model

Success criteria: Scenarios 1-6 must work. 7-8 are important but not blockers for the architecture decision. 9-10 are important but not blockers for V2 launch.

Unified Timeline

Section titled “Unified Timeline”

Weeks 1-2: Foundation

Section titled “Weeks 1-2: Foundation”

Building the lowest layers that everything else depends on.

On-chain infrastructure:

  • Deploy LlamaPay on Base Sepolia (vanilla, no modifications)
  • Build and deploy the Payment Module (extends Zodiac Module.sol)
  • Deploy Zodiac Roles Modifier on test Safe, configure initial roles
  • Validate Openfort session key registration with contract-level whitelisting (POC Scenario 5)

Smart account infrastructure:

  • Convex backend: session key management (grant, revoke, status tracking)
  • Convex backend: offchain destination enforcement (allowlist checks)

Financial document layer:

  • Unified financialDocuments schema in Convex with all three types and all fields
  • Auto-generated payslips from stream data at period end
  • Auto-generated claim receipts on claim transactions
  • Downloadable PDF for payslips and receipts
  • Document hash computation and inclusion in Safe module calls

Event indexing:

  • Indexer process with single-chain polling (Base only)
  • Block cursor table and management in Convex
  • processPaymentExecuted mutation (match-and-update for invoices)
  • processTransferEvent mutation (treasury balance for USDC)
  • Idempotency layer (indexedEvents table, dedup check)
  • Health endpoint and basic logging
  • Safe registry table (single Safe per org)

Dashboard:

  • Basic org admin dashboard: treasury balance, active stream obligations, recent payment activity
  • Employee view: live earnings counter, claim history, payslip archive

Identity verification:

  • verificationRecords table with all fields and indexes
  • jurisdictionThresholds table with conservative defaults
  • getActorVerificationLevel query function
  • checkVerificationForTransaction function
  • Wire verification check into off-ramp and on-ramp mutations
  • “Manual approve” admin function for testing

Weeks 3-4: Invoicing and Ramps

Section titled “Weeks 3-4: Invoicing and Ramps”

Building the payment approval flow and fiat integration.

Financial document layer:

  • Invoice status lifecycle (draft through paid)
  • Basic AP view: manual invoice creation and approval
  • Spending limits and multi-approver thresholds
  • AP aging display on dashboard
  • Burn rate and runway calculations

Fiat ramps (off-ramp):

  • Provider facade with HoneyCoin implementation (off-ramp only)
  • fiatTransactions table with off-ramp lifecycle
  • Manual employee off-ramp flow: quote, confirm, execute, track
  • Session key grant flow in UI
  • Webhook endpoint and processing
  • Status polling fallback
  • Receipt generation on fiat_complete

Fiat ramps (org ramps):

  • On-ramp facade with virtual account provisioning
  • On-ramp lifecycle
  • Org off-ramp flow: invoice approval with fiat destination
  • Dashboard: fiat activity feed

Smart account infrastructure:

  • Routing rules schema and management
  • On-claim trigger integration (hook into indexer’s claim event processing)
  • Session key orchestration: batch UserOp construction for multi-destination routing

Identity verification:

  • Shufti Pro adapter implementation
  • Webhook endpoint for Shufti Pro
  • Polling fallback scheduled function
  • Tier 2 individual verification flow
  • KYB verification flow
  • End-to-end test: initiate off-ramp, get blocked, verify, proceed

Event indexing:

  • processStreamEvent mutations (create, modify, cancel)
  • processClaimEvent mutation (receipt creation)
  • Multi-token treasury tracking
  • Token discovery
  • Periodic reconciliation

Weeks 5-6: External Access, Routing, and Bridging

Section titled “Weeks 5-6: External Access, Routing, and Bridging”

Opening the platform to vendors and enabling advanced routing.

Financial document layer:

  • Vendor/contractor accounts with progressive disclosure
  • Vendor self-service invoice submission
  • Vendor dashboard (status, history)
  • Email delivery integration (Resend/Postmark)
  • Configurable scheduled reports
  • PDF report generation

Fiat ramps (auto-routing):

  • On-claim trigger with multi-destination execution
  • Parallel off-ramp + crypto transfer execution
  • Failure handling and partial execution notifications

Cross-chain bridging (outbound):

  • Bridge provider facade with deBridge adapter
  • bridgeTransactions table with outbound lifecycle
  • Org-initiated bridge flow: select recipient, specify destination, quote, confirm, execute
  • Destination address registry
  • Provider status polling
  • Stuck transaction detection and alerting
  • Source chain indexer integration
  • Receipt generation on complete

Smart account infrastructure:

  • CapxulRouter deployment on testnet (Path B, POC Scenario 9)
  • Monitoring and alerting for anomalous session key usage

Identity verification:

  • Tier 1 implementation (eIDV or self-declaration)
  • Cumulative volume tracking and threshold checks
  • Auto-routing pause/resume based on verification status

Event indexing:

  • Multi-chain polling loops
  • Per-chain cursor management
  • Chain config table
  • Alerting integration
  • Dashboard staleness indicator
  • Fallback RPC endpoints

Weeks 7-8: Hardening and Expansion

Section titled “Weeks 7-8: Hardening and Expansion”

Production hardening and advanced features.

Cross-chain bridging (employee routing):

  • Extend routing rules to include chain_wallet destination type
  • Session key scope extension for bridge contracts
  • On-claim trigger with parallel off-ramp + bridge + retain
  • Employee UI for cross-chain wallet management

Cross-chain bridging (security):

  • Hyperbridge adapter for EVM corridors
  • Routing logic: Hyperbridge for EVM, deBridge for non-EVM
  • Refund automation

Identity verification:

  • Verification expiry and re-verification
  • Tier 3 enhanced verification (if needed)
  • Compliance audit views

Financial document layer:

  • Full compliance tier (Level 3 KYC gating)
  • Claim receipt period attribution
  • Amendment workflow UI

Smart account infrastructure:

  • Guardian setup: Capxul as Guardian 1, org as optional Guardian 2
  • Zodiac Roles configuration UI
  • CapxulRouter mainnet deployment (when value thresholds warrant)

Post-Launch: Independence and Scale

Section titled “Post-Launch: Independence and Scale”

Openfort independence:

  • Phase 2: Self-host OpenSigner + Shield
  • Phase 3: Replace hosted API with Convex actions + viem + permissionless.js

Cross-chain (inbound):

  • Inbound architecture decision (Option A, B, or C)
  • Implementation of selected pattern
  • Multi-asset treasury support in dashboard metrics

Scale:

  • Event indexing: circuit breaker, reorg detection, backfill tooling
  • Multi-provider fiat routing
  • LI.FI addition for rate optimization
  • Purchase order workflow
  • Bulk export and reporting tools

Layer Dependencies

Section titled “Layer Dependencies”
On-Chain Infrastructure (Ch 2) -- no dependencies, build first
    |
    v
Smart Account Infrastructure (Ch 3) -- depends on on-chain contracts
    |
    v
Event Indexing (Ch 8) -- depends on contract events
    |
    +-- Financial Document Layer (Ch 7) -- depends on indexer for status transitions
    |     |
    |     +-- Dashboard (Ch 9) -- depends on documents and indexer
    |     |
    |     +-- Payments and Streaming (Ch 4) -- depends on documents for approval flows
    |
    +-- Fiat Ramps (Ch 5) -- depends on session keys and indexer
    |
    +-- Cross-Chain (Ch 6) -- depends on session keys and indexer
    |
    +-- Identity Verification (Ch 10) -- gates fiat ramps and bridge

The on-chain infrastructure and event indexer are the critical path. Everything else can be built in parallel once those foundations are in place.