Pretty cool, seems its locked to an address. I studied the base math behind ecash, but haven't read this detail. I wonder how this is achieved.

Just verified myself. Sender (my laptop) can't clawback the payment because I went out of my way to lock the ecash to the public key of the recipient (my phone). My phone (offline) has a "later" button when receiving offline. It shows up in my offline phone's transaction history when press the receive "later" button. But you can see at the time how much the ecash token is worth and the fact that it is locked to your public key (can't be redeemed by anyone else before you can get to WiFi). Offline instantaneous receiving of sats that are tied to your public key. Amazing.

I test it too. I works except if you lock the ecash to a key the sending phone needs to be online to bring up the barcode?

It does not matter really unless the mint punishes the sender for double-spending afterwards but imagine: Alice has a million bucks with a mint, represented as Chaumian tokens. She now clones her device and walks into the desert to meet Bob. Bob shares his public key with Alice. Alice signs the million bucks over to Bob's pubkey. Now if Alice destroys her device and uses her pre-transaction-clone of it, to send the funds to a different receiver before Bob could talk to the mint, what magic other than later punishment for a provable double-spend could there be to prevent this claw-back?