It's possible to do the access-control hack without dynamic
initialization, using friend injection:

    class X {
        int secret = 42;
    };

    struct extractor {
        friend constexpr auto extract(extractor, const X&);
    };

    template<auto F>
    struct injector {
        friend constexpr auto extract(extractor, const X& x) {
            return F(x);
        }
    };

    private void X::infiltrator() {
        injector<[](const X& x) {
            // actual function goes here
            return x.secret;
        }>{};
    }

    static_assert(extract(extractor{}, X{}) == 42);

It might be possible to counter these hacks by requiring private
extension methods to be referenced, directly or indirectly, from regular
class members/friends, but nailing down the wording can be tricky and
violation is probably IFNDR at best.



On Tuesday, April 28th, 2026 at 11:48 PM, André Offringa via Std-Proposals <std-proposals_at_[hidden]> wrote:

> Hi all,
>
> In follow-up on the discussion about private extension methods, I
> updated the original draft from 2013 with results from discussion then
> and now and placed it here:
>
> https://github.com/aroffringa/stdcxx-privext-2026/blob/main/proposal/draft.md
>
> Feedback welcome.
>
> I've sent a mail to the original author notifying them about this
> discussion.
>
> Regards,
> André