Q markBridgeProduct Journey

Live-chain product

Bridge Product Surface

A caller asks for controlled passage or a host-native asset path. Bridge classifies the actual payment, quotes the route, sources inventory when policy allows, records proof, assigns host-vault evidence, and hands off a receiver acknowledgement. The receiving chain still decides local meaning.

Bridge product promise

The product is not an open-ended bridge-across slogan or wrapped-token conveyor. It is a bounded acquisition, passage, and evidence loop.

Ask

Caller, payment denom, amount, target host asset, destination boundary, and receiver class are explicit.

Classify

Bridge records whether the actual denom is admitted, refused, quarantined, host-native, or representation-only.

Quote

Asset cost, host execution cost, proof and memory cost, Bridge service margin, and risk buffer stay separated.

Source

Inventory can be used only inside policy. Shortfall may defer, refuse, quarantine, or require fresh sourcing.

Handoff

Bridge records receiver acknowledgement. Receiver admission and accounting remain receiver-owned.

Current product state

Bridge is live as its own chain. Public movement remains gated by lane status, receipt quality, finality, receiver acknowledgement, and boundary law.

Product classasset passage

Quote-first source-pool inventory with receiver-owned admission at the far side.

Owner receiverQUAD/Core paths

Completed USDC and PAXG slices have receiver acknowledgements; local meaning remains Core-owned.

Source poolsBTC / ETH / USDC / PAXG / POL / ZEPH / INJ / Cosmos assets

Bridge publishes asset-first source-pool evidence without turning inventory labels into a public trading desk.

Readiness resultlane-specific

Readiness joins quote, finality, source-pool inventory, host fee posture, and receiver acknowledgement per lane.

Receiver ackUSDC and PAXG

Receiver acknowledgements are evidence of Bridge handoff, not destination-chain admission by default.

Public movementquote-gated

No host execution, wrapper mint, sell/redeem/swap, public exit, reserve backing, or destination admission opens without lane-specific receipts.

Receipt trail

The product page explains what the receipts mean. The ledger is the only public page that publishes current pool amounts.

Source-pool receiptShows that Bridge has source-backed inventory evidence for a lane or asset class.
Quote receiptBinds source asset, target output, amount, receiver, expiry, and route law before movement.
Finality receiptShows the source-side transfer or packet met the lane's finality rule.
Receiver handoffShows Bridge handoff evidence without claiming destination-chain accounting.

For current pool amounts, use the Pools and Reserve Ledger. Raw denom traces and receipt provenance remain in bridge-pool-value.json.

Product surfaces

The product is inspectable through stable receipt, readiness, data, and refusal surfaces.

Failure is part of the product

Bridge should stop cleanly when evidence is not strong enough.

RefusedMissing fields, bad denom, wrong factory, expired quote, disabled signer, or insufficient authority can close the path.
QuarantinedBridge can hold a suspect state label without turning it into destination admission or spend authority.
PendingReceiver acknowledgement can be visible while local receiver admission remains unknown.
RecoveredRecovery is a dated receipt path. It must not rewrite the original terminal fact.

What this does not open

The product is useful because each lane says exactly what it permits and what it refuses.

  • No ungated bridge-across service. A live chain is not the same thing as every route being open. Lane status controls what can be claimed.
  • No destination admission claim. Receiver-local admission, accounting, custody, treasury meaning, and protocol credit remain outside Bridge authority.
  • No wrapper mint or sell desk. Bridge does not silently turn gold native posture into silver representation, redemption, swap, public exit, or market-making authority.
  • No private route logic. Public pages may show receipt classes, proof identifiers, and boundary labels, not private operator timing, keys, provider URLs, caps, or exploit-sensitive procedure.