2. Core Concepts and Architecture

On-Chain Components

Node Provider Registry/Store: Smart contracts where Node Providers register and deposit TON to increase their node limit. These contracts track each provider’s deposit and node details.
VPN Provider Registry/Store: Smart contracts that handle:
- Registration of VPN Providers.
- Payment logic for monthly subscriptions.
- Payment logic for user-limit expansions (MAU).
- The monthly reward pool distribution.

apivpn-cli: A Go-based command-line tool that interacts with on-chain contracts (via TON) and manages local node/VPN server operations. It handles:
- Node deployment & updates (Node Provider side).
- VPN server hosting & ticket issuance (VPN Provider side).
- User connections (VPN User side), automatically configuring V2Ray.
Tickets: Signed off-chain by a VPN Provider’s private key. Each ticket includes:
- The Provider’s address.
- The User’s address.
- Plan type (time-based).
- Expiry timestamp.

Users present these tickets to nodes for connection authorization, ensuring only paying Users under an active subscription can connect.

Node Provider:
- Registers on-chain, deposits TON to stake.
- Deploys multiple VPN nodes (VPS-based).
- Runs a local node server providing heartbeat signals and verifying user tickets.
VPN Provider:
- Registers on-chain and pays a monthly subscription (renewed 1st of each month).
- Purchases user-limit (MAU) capacity so they can serve more paying users.
- Issues signed tickets to end-users.
VPN User:
- Buys or receives the VPN service from a chosen VPN Provider (off-chain).
- Obtains the ticket (signed by the provider).
- Uses apivpn-cli user connect (or a custom client) to connect to nodes.

A simplified flow:

Node Provider stakes -> Node is added to the network.
VPN Provider pays monthly fee + user-limits -> Gains ability to issue tickets.
VPN User obtains a ticket -> Connects to node -> Node logs usage -> Receives monthly reward from the provider’s deposit (based on quality factors).