design: #5 Pattern 4 audit submission — design doc

[hanwencheng]

Summary

Draft design doc for issue #5 — TEE-as-paymaster per-read sponsored audit.

What's locked

• Pattern 4 is the chosen architecture (~50 ms serve, ~6 s audit lag, signer ≠ payer, paymaster-funded).
• Option A fee funding (AgentKeys operators fund a Substrate treasury account). Options B (protocol-free-calls) and C (user USDC) filed for future reconsideration.

Hard prerequisite

Issue #4 (per-session read rate limit) MUST land before Pattern 4. Otherwise the treasury drains within seconds under abuse. Documented as a blocker in the design doc.

Unresolved (blocker for implementation)

3 deferred decisions need sign-off before coding starts:

1. Offer --sync-audit opt-out flag?
2. Per-user audit-fee budget cap on top of rate limit?
3. Audit-submission failure strategy — retry/backoff, pending queue, circuit-break, local-log-flush — pick one and write up before implementation.

Review ask

• @Kailai-Wang @BillyWooo — feasibility of the custom SignedExtension / meta-tx pattern on Heima's current substrate runtime.
• Project lead — resolve Deferred Decision 3 (failure strategy) and decide on hosted vs self-hosted paymaster parameterisation.

Test plan

Docs-only.

Issue

Tracks #5. Implementation blocked on sign-off + #4 shipping + failure-strategy decision.

🤖 Generated with Claude Code

• Codex reviewer: approved (no actionable findings)

---

Codex review (2026-04-14): ✅ Approved — no actionable findings. See the codex comment above for details.

[hanwencheng]

Codex review (via gstack /codex skill, GPT-5.4 codex-high reasoning against origin/main)

Verdict

The patch only adds a design document and does not change executable code or existing behavior. I did not find any discrete, actionable issues in the added document that would make the patch incorrect on its own.

— codex review --base main + -c 'model_reasoning_effort=\"high\"'. Design-doc-only PR; no code change to flag.