docs: proposal — AAStar relay service (drop deployer private key, bill aPNTs)#405
Merged
Conversation
…rvice Analyze the DEPLOYER_PRIVATE_KEY problem (users don't have keys; operators won't embed one; blocks zero-backend) and propose an AAStar-operated relay endpoint (extend SuperRelay / relay.aastar.io) that deploys passkey accounts on the user's behalf: API-key auth (same model as KMS/bundler), billed in aPNTs, with first-deploy-sponsored / online-payment auto-provision / community-sponsor options for the aPNTs chicken-and-egg. Phased rollout matching the beta plan; open questions for the KMS/SuperRelay/SuperPaymaster teams. Also answers the config-page ask (extend app/settings; endpoints+API-key only, never keys).
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
clestons
approved these changes
Jul 2, 2026
clestons
left a comment
There was a problem hiding this comment.
Review: #405 — docs: relay service proposal
纯文档 PR,无代码变更。
提案质量评估:
- 问题诊断准确:
DEPLOYER_PRIVATE_KEY是账户创建路径上阻塞 zero-backend 的最后一个 server-only secret,与 KMS/bundler 已走 API-key 模型形成对比 ✓ - Relay-as-a-Service 方案合理:deployer key 留在 AAStar infra,app 侧改为 POST
RELAY_URL,无私钥泄露面 ✓ - Chicken-and-egg 三选项(A 首次免费 / B 在线付款 / C 社区赞助)覆盖消费者 / 付费 / 社区三个场景,A 推荐为默认合理 ✓
- Config page 边界正确:只存 endpoints + user API key,绝不存私钥;现有
app/kms-apiserver secret 通过 relay 消除,而非搬进 UI ✓ - Open questions 指向了真正待确认的技术点:SuperRelay
deploy-account能力、off-UserOp aPNTs debit 会计支持、API-key 在账户创建前的认证 + 额度防滥用 ✓ - 分阶段落地与 beta 计划对齐,不改变当前 beta 的
DEPLOYER_PRIVATE_KEY路径 ✓
无问题项。
APPROVE
| 轮次 | 执行者 | 裁决 |
|---|---|---|
| R1 | Sonnet 4.6 | APPROVE(纯文档,提案完整) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Analysis + proposal for your KMS-relay question: remove the app-side
DEPLOYER_PRIVATE_KEYand move account-deploy to an AAStar-operated relay service (API URL) — API-key auth (same model as KMS/bundler), billed in aPNTs, with first-deploy-sponsored / online-payment auto-provision (admin) / community-sponsor options for the aPNTs chicken-and-egg. Phased rollout matching the beta plan; open questions for the KMS/SuperRelay/SuperPaymaster teams. Also answers the config-page ask (extendapp/settings; hold endpoints + API key only, never private keys). Seedocs/RELAY_SERVICE_PROPOSAL.md. No code changes.