HypertronHypertron
Back to user guide

Technical docs

End to end

End to end flows

Payment attribution, private withdrawal, USDC bridge, and compliance analysis.

The four core flows below cover collecting a private payment, withdrawing from the pool, bridging USDC across chains, and running an AI compliance analysis.

1. Payment link & private attribution

Flowchart: collect a payment
Business creates payment link

Link stored

amount, currency, unique memo, pool address

Customer opens /pay/[id]

connects Freighter

Fee sponsor configured?

Yes, sponsored

prepare-pay → SHA-256 memo hash

Payer signs inner tx

Sponsor fee bumps & submits

sponsor pays network fee

No, classic

Payer signs & submits

Classic payment to pool

memo attributes the link

Horizon event detected

relayer / status poll

PoolManager.commit(secret, nullifier, amount)

Poseidon leaf stored

Virtual balance updated

Dashboard shows Paid ✓
Sequence: payment attribution
CustomerPay pageAPIPoolSorobanDashboard
  1. 1
    CustomerPay page

    Open link, connect Freighter

  2. 2
    Pay pageAPI

    POST prepare-pay → memo hash

  3. 3
    Pay pagePool

    Submit XLM/USDC payment (memo)

  4. 4
    APIAPI

    Detect Horizon payment, match memo

  5. 5
    APISoroban

    commit(secret, nullifier, amount, token)

  6. 6
    SorobanAPI

    CommitResult { leaf, root }

  7. 7
    APIDashboard

    Update virtual balance → Paid ✓

2. Private withdrawal

Sequence: withdraw from pool
BusinessAPISorobanRelayerRecipient
  1. 1
    BusinessAPI

    Request withdrawal (amount, recipient)

  2. 2
    APIAPI

    Validate virtual balance, select nullifiers

  3. 3
    APISoroban

    withdraw(recipient, nullifiers, proof, root)

  4. 4
    SorobanSoroban

    Mark nullifiers spent (double spend guard)

  5. 5
    SorobanAPI

    ok

  6. 6
    APIRelayer

    Route payout via ephemeral wallet(s)

  7. 7
    RelayerRecipient

    Final transfer (unlinkable, jittered)

The on chain ZK proof is currently a stub (rejects empty proofs only). ASP approval + the nullifier registry are the active security controls until the Groth16 / BN254 verifier lands. See Privacy payments for the full privacy model, Nethermind reference, and migration plan.

3. Cross chain USDC bridge (CCTP)

Sequence: burn & mint
UserSource chainCircleDest chain
  1. 1
    UserSource chain

    Approve USDC spend

  2. 2
    UserSource chain

    Burn USDC → emit message

  3. 3
    Source chainCircle

    Message observed

  4. 4
    CircleSource chain

    Attestation (~1 to 5 min)

  5. 5
    UserDest chain

    Submit attestation → mint native USDC

  6. 6
    Dest chainUser

    USDC received

4. AI compliance analysis

Sequence: compliance agent
DashboardAPIAgent workflowOpenAIMongoDB
  1. 1
    DashboardAPI

    Upload context → /api/compliance-agent/analyze

  2. 2
    APIAgent workflow

    Proxy multipart with session guard

  3. 3
    Agent workflowMongoDB

    Retrieve RegIntel chunks (RAG)

  4. 4
    Agent workflowOpenAI

    Analyze with gpt-4o / gpt-4o-mini

  5. 5
    OpenAIAgent workflow

    Roadmap, licenses, controls

  6. 6
    Agent workflowDashboard

    Structured compliance report

Data modelPrivacy payments
Hypertron
Onboard
000