This document defines all failure paths and refund guarantees for XSTRP intents across all non-terminal states.
No executable logic is defined here. This document assigns mandatory outcomes only.
All failures in XSTRP MUST result in one of the following:
- Refund to sender
- Terminal invalidation
- No state change (safe rejection)
There is no failure mode in which funds remain stranded.
- Malformed intent detected
- Receiver never acknowledges
- Intent expires
- Malformed intent → Invalid (terminal)
- No acknowledgment before expiry → Refund to sender
- Expiry reached → Refund to sender
- Sender never commits
- Proof contradiction detected
- Intent expires
- No sender action before expiry → Refund to sender
- Proof contradiction → Invalid (terminal)
- Expiry reached → Refund to sender
- Settlement proof invalid
- Settlement never completes
- Conflicting settlement evidence
- Intent expires
- Invalid settlement proof → Invalid (terminal)
- No settlement before expiry → Refund to sender
- Conflicting evidence → Invalid (terminal)
- Expiry reached → Refund to sender
- No failure handling required
- Terminal and immutable
- Terminal and immutable
- Refund path preserved if applicable
- Refunds are mandatory outcomes, not best-effort
- Refunds must be deterministic and unambiguous
- Refund logic is external to Phase C3
- Refund execution mechanism is not defined here
The following invariants MUST always hold:
- Funds cannot move without authorization
- Funds cannot remain locked indefinitely
- Invalid actions cannot advance state
- Terminal states cannot be exited
This document completes failure handling and refund guarantees for Phase C3.