Milestone 5.2b — Custodial checkout deposit addresses
Status: Preview shipped
Tracking: ehx-web#4 · ehx-kb#12
Shipped
| Piece | Behavior |
|---|---|
EHX_CHECKOUT_DEPOSIT_* | Per-chain treasury 0x address; when set, sessions use settlement_mode: custodial |
settlement_mode | custodial or stub_address on session + quote |
| RPC verify | Custodial sessions always verify recipient + quoted amount |
EHX_CHECKOUT_VERIFY_AMOUNT | Optional strict amount check for stub sessions too |
Web /checkout | Custodial vs stub callouts and deposit labels |
Configuration
# API — one treasury address per chain (ETH and USDC to same EOA)
EHX_CHECKOUT_DEPOSIT_ETHEREUM=0x...
EHX_CHECKOUT_DEPOSIT_BASE=0x...
EHX_CHECKOUT_DEPOSIT_ARBITRUM_ONE=0x...
# Optional: strict checks on stub sessions too
EHX_CHECKOUT_VERIFY_RECIPIENT=1
EHX_CHECKOUT_VERIFY_AMOUNT=1
Without deposit env vars, behavior is unchanged (synthetic stub addresses).
Still open
- Payment processor webhooks
- Finance exports and refund policy (partial — admin CSV shipped)
Shipped
| Piece | Behavior |
|---|---|
EHX_CHECKOUT_HD_* | Unique BIP44 address per session when enabled — see milestone-5-2c-hd-wallet-deposits.md |