This page is called an API page because builders need an implementation-shaped mental model. It is not a generated reference for local functions in this website repository. The current repo can prove the docs loader, Markdown renderer, route structure, verification scripts, and corpus content. The protocol API families below are corpus-backed architecture: they describe the surfaces a real implementation must keep separate.
The core design starts from a no-account premise. Public settlement should not become a reusable balance table. Wallets can know ownership, prepare packages, and interpret private rights locally; public state should see committed objects, typed paths, replay artifacts, and checkpoint evidence.
The API Families
A future core implementation should expose API boundaries around seven families:
| Family | Developer job | Evidence source |
|---|---|---|
| Objects | Represent Asset, Voucher, Right, and live settlement leaves without collapsing their meanings |
Main Whitepaper section 3, Assets/Rights/Vouchers sections 3-9 |
| Commitments | Bind confidential amounts, ownership metadata, policy hashes, and action roots | Main Whitepaper section 3 and appendix B |
| Roots | Track canonical state under settlement paths and checkpoint roots | Main Whitepaper sections 3-4 |
| Checkpoints | Turn ordered packages into replay-safe settlement truth | Main Whitepaper sections 3-4 |
| Validation | Reject malformed packages, duplicate replay artifacts, policy mismatches, and invalid proof surfaces | Main Whitepaper section 3, Smart Cash sections 5-6 |
| Policy | Classify cash, voucher, right, action, and fee-support rules without inventing a universal hidden VM | Assets/Rights/Vouchers sections 4-9 |
| Disclosure | Keep public evidence, wallet-local secrets, selective audit, and liability reveal separate | Privacy and Legal authority pages |
None of those families should become one giant doEverything() API. Z00Z’s safety comes from making boundaries explicit.
Conceptual Surface Diagram
The diagram is deliberately conceptual. It teaches the boundary between wallet preparation, package validation, checkpoint finality, and state roots. It does not assert that these exact module names are exported by this website repository.
For implementation planning, read each box as a responsibility seam. A concrete project might choose different package names, modules, or crate boundaries, but it still needs a way to keep wallet-local possession, package transport, validation, checkpoint evidence, and state roots from collapsing into one ambiguous API.
Object Model
The object model is the first API boundary. Asset is final value. Voucher is conditional value. Right is authority without value. The terminology paper also names live structural settlement terms such as AssetLeaf, RightLeaf, VoucherLeaf, SettlementLeaf, and SettlementPath. A developer API should preserve those distinctions because each object answers a different question.
| Object | Must mean | Must not become |
|---|---|---|
Asset |
Final spendable value, especially clean native cash under a fixed cash policy | Arbitrary programmable cash with hidden restrictions |
Voucher |
Conditional value with backing, lifecycle, redeem, refund, partial redeem, or expiry semantics | Dirty cash or an authority object that secretly carries value |
Right |
Bounded authority over an object, action, or scope | A hidden value container |
SettlementLeaf |
Structural committed state family under one settlement root contract | A second public account tree |
This is where many fake API designs fail. They start by asking for account balances and token transfer endpoints. Z00Z needs object inventory, possession, package construction, policy classification, and checkpoint evidence instead.
Commitments And Roots
Commitments are the API layer that keeps public state narrow. A committed amount is not a plaintext balance. A policy hash is not a mutable rule document. An action root is not an off-chain operator promise. A settlement path is the place where committed state lives or disappears under a checkpointed transition.
The root boundary is equally important. A public root is useful only because it binds a precise state view and can be checked against typed deltas and checkpoint artifacts. It is not a marketing anchor. It is not proof that every local wallet story is true. Developers should design root APIs so callers can ask specific questions: what root was used, which paths were consumed, which leaves were created, which proof bytes were checked, and which replay artifacts were accepted or rejected.
Checkpoints And Validation
Checkpoints are the public finality boundary. A wallet-prepared package can be useful before settlement, but it is not final state. An aggregator can admit or order work, but admission is not settlement. A validation API should make those states impossible to confuse.
At minimum, a checkpoint-facing implementation needs to separate:
| State | Correct meaning |
|---|---|
| Wallet-prepared | A local package or request exists |
| Published or admitted | A service path has seen or accepted the candidate |
| Checkpoint candidate | The transition is part of a candidate execution input |
| Final checkpoint artifact | Public replay-safe evidence has been sealed |
| Settled state | The accepted root and deltas make the object live, consumed, or replaced |
When a docs page says “payment sent” or “right accepted,” it should be clear which state is meant. User experience can be friendly, but developer APIs need precise states.
Policy And Action APIs
The Assets/Rights/Vouchers paper gives the cleanest policy split. Native cash should have a fixed CashPolicy. Vouchers may carry a bounded VoucherPolicy and committed ActionPool. Rights may carry a RightPolicy or dedicated policy commitments for transition, revocation, challenge, disclosure, and retention behavior. Those policy names are semantic contract surfaces; the page must not imply that every current crate or local file already exports exactly those type names.
The API lesson is that policy should compile into verifiable evidence. A wallet can assemble a package and gather signatures. A validator can check state inclusion, policy commitments, action membership, value conservation, and delta correctness. An external service can attest or maintain a registry only when that trust boundary is explicit.
Disclosure And Evidence
The core API should not make privacy depend on silence or vibes. It needs evidence channels. Ordinary public settlement should expose roots, deltas, proofs, and replay artifacts. Wallet-local possession should hold secrets, decrypted payloads, labels, and private decision history. Selective audit should export a bounded evidence package for a specific reviewer. Liability reveal should stay tied to a fraud or dispute domain, not become public transparency by default.
This is why a future developer API should distinguish “export settlement evidence” from “export wallet history.” They are not the same operation, and conflating them would undo the protocol’s privacy story.
Live Repo Boundary
In this website repo, you can inspect and change the docs that explain these API families. You can verify the site with npm run verify. You can trace how docs render through src/lib/content/docs.ts and src/lib/content/markdown.ts. You cannot prove a full protocol API surface by pointing only to this page. The correct local claim is that this page is the conceptual map used by developer docs and future references.
Read Next
Continue to Crypto Facade for cryptographic boundaries, Wallet SDK for wallet-local possession, and Payment Requests for receiver intent flows.
Evidence and Further Reading
Use the source bullets below as an audit checklist, not decoration: when reusing this page, preserve the named section scope, the responsible actor, and the split between live repository evidence, target architecture, and open design work.
- Main Whitepaper sections 3 and 4 define canonical state objects, cryptographic proof discipline, checkpoints, rollup ordering, publication, and verification boundaries.
- Assets, Rights, And Vouchers Whitepaper sections 3 through 9 define the
Asset,Voucher, andRighttriad, policies, action semantics, receiver safety, and settlement storage split. - Corpus Terminology And Abbreviations Reference section 3 defines canonical protocol and wallet terms such as
SettlementLeaf,SettlementPath,Checkpoint,TxPackage,ReceiverCard, andPaymentRequest. src/lib/content/docs.ts,src/lib/content/markdown.ts, andscripts/verify.share the local repo anchors for the website docs surface, not proof of a shipped full core protocol API.