Skip to docs content
Fusion Docs
Book a Call
Home
What Is Fusion?How Fusion WorksStandard vs Shielded RoutesAtomic Settlement Guarantee
QuickstartWallet App Integration
Solver OverviewCoordinator Overview
Supported Chains Overview
Security ModelTrust AssumptionsThreat Model
Intent SchemaChains and TimelocksAPI and WebSocket OverviewWebSocket Events
Whitepaper and Research
Home
Run Fusion

Coordinator Overview

What the coordinator does, where its authority ends, and which parts are still operationally heavy.

The coordinator is the orchestration service in Fusion.

It is an Express and TypeScript backend that handles:

  • intent submission and validation
  • solver matching
  • proof workflow orchestration
  • HTLC lifecycle tracking
  • refund monitoring
  • WebSocket status broadcasts
  • route-specific session APIs for cross-family integrations
Apps & wallets - sign EIP-712 intents - POST /api/intents/submit - subscribe over WS - request Permit2 helpers Coordinator Express + TypeScript backend - intake & schema validation - solver matching - proof workflow orchestration - HTLC lifecycle tracking - refund monitoring - WS status broadcasts - cross-family session APIs NEVER CUSTODIAN OF USER FUNDS Source chain IntentValidator + HTLC Destination chain IntentValidator + HTLC Solver liquidity SolverRegistry-backed Operational dependencies RPC providers · Proof generator · External chain sidecars · Indexers REST WS stream match depends on
The coordinator orchestrates intake, matching, proofs, HTLC lifecycle, and refunds. It calls into chain contracts and depends on operational services, but it is never the custodian of user funds.

What the coordinator is not

The coordinator is not supposed to be the normal custodian of user funds.

That distinction matters. The public model is:

  • users or route-specific flows create the source lock
  • solvers create the destination lock
  • contracts hold the funds during execution

The coordinator is still important, but its importance is operational and control-plane-oriented, not pooled-custody-oriented.

What the coordinator does in practice

Intake and validation

The backend validates intent schema, deadline, route direction, and chain support before queuing the route.

Matching

It matches eligible solvers to eligible intents.

Proof lifecycle

It tracks proof status and only advances the EVM contract path when the required proof state is ready.

HTLC orchestration

It observes source HTLC creation, helps trigger destination execution, and tracks the route state used by both REST and WebSocket clients.

Destination withdrawal

Coordinator-driven destination withdrawal helpers exist for gasless UX. Those helpers still send funds to the HTLC receiver, not to the coordinator.

Refund monitoring

The backend also tracks refund attempts and exposes refund-related fields in status responses when available.

Operational dependencies

The public operator story should stay honest about this layer.

Today the coordinator can depend on:

  • chain RPC and WebSocket providers
  • contract address configuration
  • proof generation infrastructure
  • solver availability
  • chain-specific sidecars and proof servers for cross-family routes
  • environment profile and secret configuration

Runtime profiles

Fusion supports multiple runtime profiles, selected via APP_PROFILE, ranging from relaxed testing configurations used for local development up to hardened production configurations for public-facing deployments. Stricter enforcement of security controls — callback authentication, secret management, endpoint gating — applies as you move toward production.

A public reader should not confuse "a hardening path exists" with "every deployment is already forced into that hardening path". If you are evaluating a coordinator deployment, verify the actual runtime profile and environment, not just the presence of a feature.

Extra work for cross-family routes

Cross-family routes put more operational weight on the coordinator than same-family routes do. Specifically:

  • source-lock session management
  • attestation handling
  • chain-specific indexer and wallet readiness checks
  • route-specific liveness handling

Those responsibilities are visible in the API surface and are part of why cross-family support carries more operational weight than the same-family corridor.

Public-safe takeaway

The coordinator is central to the protocol's current runtime behavior.

That does not mean Fusion collapses into "trust the coordinator with your assets." It means:

  • the coordinator is the orchestrator
  • the contracts remain the settlement rail
  • the protocol still depends on a healthy operational backend

Related docs: