Skip to content

Claim Gatekeeper Flow

Role Of CenturionClaimGatekeeper

Gatekeeper is policy engine for:

  • claim authorization
  • claim period enforcement
  • executor grant scope enforcement
  • risk/dust/claim-mode derivation
  • receipt classification by current claim and snapshot state

Pending Claim Lifecycle

  1. controller calls initiatePendingClaim
  2. gatekeeper checks caller authorization and caps
  3. pending claim stores amount, beneficiary, ready timestamp
  4. controller later calls finalizePendingClaim
  5. gatekeeper rechecks authorization/caps and returns payout tuple
  6. controller executes payout transfer via vault

Executor Grant Model

  • grants are vault-specific
  • grants have scope bitmask and expiration
  • global executor pause switch can disable all executor authorization immediately

Failure Modes

  • unauthorized executor
  • expired or invalid scope grant
  • per-period cap exhaustion
  • claim not yet ready
  • pending-claim collisions

Operational Detail

The gatekeeper is an authorization and rate-limit boundary. It does not prove that a reward exists; the controller supplies amount, beneficiary, executor scope, and consume/finalize intent after deriving economic state.

Required Checks

  • Verify source manifest and generated inventory if the claim path changed.
  • Read current risk observation, receipt ledger, reserve coverage, claim mode, pending claim, and gatekeeper caps.
  • Confirm the caller is the beneficiary or an authorized executor for the required scope.
  • Confirm no incident, stale oracle, slashing, exit, or settlement blocker changes the allowed path.

Failure Handling

A failed claim is not automatically a contract defect. Preserve revert data, current reads, and source evidence. Retry only after identifying whether the failure belongs to Upgrade governance, Deposit permissioning, Custody/readiness, or Economic/claim safety.

Operator Boundary

The gatekeeper should be treated as a policy enforcer, not the source of economic truth. If the controller passes a bad amount, the gatekeeper can enforce caps and scopes but cannot prove the amount was economically earned. Reviewers must therefore archive both the controller derivation evidence and the gatekeeper authorization result.