Skip to main content

Objectives & Scope

Purpose and audience

This document defines what the platform exists to achieve, the boundaries of what it does and does not do, and the architectural commitments that make those outcomes durable. It is written for engineers, product leaders, and security reviewers who need a precise, technology‑grounded description of the system and its guarantees.

Product objectives

The platform sustains high‑quality journalism by aligning incentives among readers, journalists, and sources while preserving a familiar, low‑friction user experience. It does this by combining per‑story payments and subscriptions with transparent revenue sharing, editorially curated prediction markets, privacy‑preserving sourcing and bounty workflows, and resilient distribution that continues to function under adverse network conditions.

Architectural objectives

  • Chain‑first economic state and attribution on Sui, with purpose‑built Move modules for content licensing (Kiosk), access entitlements, bounty escrow, and reputation.
  • Decentralized storage via Walrus with CDN primary and Walrus aggregators as a built‑in fallback; request paths avoid a traditional web2 backend.
  • Identity and UX through wallets and zkLogin, with sponsored transactions absorbing gas to provide web2‑grade onboarding.
  • Confidential and verifiable AI via AWS Nitro Enclaves (Nautilus‑style), privacy‑preserving computation with Seal, and verifiable web evidence using zkTLS, producing receipts anchored on Sui.
  • Security by design: end‑to‑end encryption for sensitive exchanges, minimal off‑chain metadata, and no doxable PII on‑chain.

Functional scope by user type

Reader capabilities

Authentication and access

  • Seamless zkLogin via Google, Apple, Facebook—no wallet setup required
  • Sponsored transactions eliminate gas fees for content purchases
  • Client‑side entitlement verification for instant access
  • Optional anonymous browsing without authentication

Content consumption

  • Per‑article micropayments with familiar UX
  • Subscription tiers (basic, premium, unlimited)
  • Multi‑device access with session continuity
  • Offline reading capability with encrypted local storage

Discovery and engagement

  • Personalized recommendations based on local preferences
  • Trending content and editorial curation
  • Prediction market participation on story outcomes
  • Social sharing with privacy controls

Journalist capabilities

Publishing and monetization

  • Direct content NFT minting via Kiosk v2
  • Configurable royalty splits with co‑authors
  • Perpetual royalty enforcement on‑chain
  • Embargo scheduling for timed releases

Investigation management

  • Bounty creation with escrow deposits
  • Secure communication channels with sources
  • Multi‑party review workflows
  • Nautilus oracle integration for verification

Revenue operations

  • Real‑time earnings dashboard
  • Automatic royalty distribution
  • Time‑locked withdrawal security
  • Multi‑currency support (SUI, stablecoins)

Analytics and insights

  • Reader engagement metrics
  • Revenue performance tracking
  • Source submission analytics
  • Market prediction outcomes

Source capabilities

Anonymous participation

  • Tor‑compatible access paths
  • No identity requirements
  • Ephemeral session management
  • Plausible deniability features

Secure submission

  • Threshold encryption via Seal (no single point of failure)
  • Metadata sanitization and decoy traffic
  • Dead man's switch for automatic revelation
  • Encrypted local evidence preparation

Reputation and rewards

  • Pseudonymous reputation building
  • Anonymous payout mechanisms
  • Privacy‑preserving mixer integration
  • Transferable reputation tokens (future)

Protection mechanisms

  • Duress codes for emergency situations
  • Time‑delayed revelation options
  • Multi‑hop submission routing
  • Canary tokens for leak detection

Cross‑user capabilities

Bounty marketplace

  • Journalists post investigations with clear requirements
  • Sources browse and assess opportunities anonymously
  • Automated escrow and resolution
  • Reputation‑based trust scoring

Content marketplace

  • Readers discover and purchase content
  • Journalists earn from direct sales and royalties
  • Transparent pricing and revenue sharing
  • Prediction markets on story outcomes

Trust and safety

  • Graduated security based on user type
  • Auditable moderation with appeals
  • Decentralized content availability
  • Censorship‑resistant architecture

Non‑functional scope (quality attributes)

Performance and UX

  • Fast initial render and interaction on median devices and networks; sponsored transactions settle quickly enough to preserve conversational flows.

Availability and durability

  • Content and economic state remain available despite CDN degradations; Walrus aggregator paths maintain read access; on‑chain state ensures attribution durability.

Security and privacy

  • E2EE for sensitive media exchanges; least‑privilege key handling; no plaintext secrets in public artifacts; no PII on‑chain.

Accessibility and internationalization

  • Mobile‑first layouts with accessible semantics; copy and currency formats adapt to locale.

Compliance and policy

  • KYC gating is enforced for regulated actions where applicable via standards‑based providers; takedown and redress processes are documented and auditable.

Boundaries and intentional exclusions

  • No traditional web2 backend in the reader request path; no centralized relational datastore for core product operations.
  • No custodial key management; users retain control of signing keys.
  • No doxable PII written on‑chain; off‑chain metadata is minimized and encrypted where sensitive.
  • No opaque, ML‑only moderation; human‑in‑the‑loop with auditable criteria is preserved.

Success criteria

  • Entitlement verification is purely client‑side and deterministically consistent with on‑chain state.
  • Content retrieval functions via CDN and via Walrus aggregators without configuration changes for the user.
  • Bounty lifecycle (open → submit → resolve → payout/slash) is fully recorded, with reputation changes traceable to verifiable events.
  • Oracle‑produced receipts are verifiable (enclave attestation and/or zk proof) and consumable by on‑chain logic without trusting an off‑chain party.

How to use this document

The sections that follow describe the system in increasing detail: the overall architecture, on‑chain modules, storage and delivery, identity and UX, security and privacy, and the operational profile. Architecture Decision Records (ADRs) capture the rationale behind choices with long‑term consequences. Cross‑references link each requirement to its design element and to the diagrams that depict its behavior in context.