d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
master
proxmox/rpc-translator-138/DEPLOY_SMART_INTERCEPTION.md
defiQUG cb47cce074 Complete markdown files cleanup and organization 
- Organized 252 files across project
- Root directory: 187 → 2 files (98.9% reduction)
- Moved configuration guides to docs/04-configuration/
- Moved troubleshooting guides to docs/09-troubleshooting/
- Moved quick start guides to docs/01-getting-started/
- Moved reports to reports/ directory
- Archived temporary files
- Generated comprehensive reports and documentation
- Created maintenance scripts and guides

All files organized according to established standards.
2026-01-06 01:46:25 -08:00

171 lines
4.1 KiB
Markdown
Raw Permalink Blame History

# Deploy Smart Interception - Quick Guide
**Status**: ✅ **Code implemented, ready to deploy**
---
## 🚀 Quick Deploy
```bash
cd /home/intlc/projects/proxmox/rpc-translator-138
./scripts/deploy-smart-interception.sh
```
---
## 📋 What Was Implemented
### Code Changes
1. **`src/clients/web3signer-client.ts`**
- Added `hasKey(address: string): Promise<boolean>` method
- Queries Web3Signer API to check if address has key
2. **`src/handlers/rpc-handler.ts`**
- Added `web3SignerClient` parameter to constructor
- Modified `handleInterceptedMethod()` to check for key before intercepting
- If no key: Pass through to Besu (user wallet)
- If key exists: Intercept and sign (service wallet)
3. **`src/main.ts`**
- Pass `web3SignerClient` to `RpcHandler` constructor
---
## 🔄 How It Works
### Before (Old Behavior)
```
eth_sendTransaction → Always intercepted → Try to sign via Web3Signer → ❌ Fails if no key
```
### After (Smart Interception)
```
eth_sendTransaction
Check: Has key in Web3Signer?
├─→ NO → Pass through to Besu (user wallet) ✅
└─→ YES → Intercept and sign via Web3Signer (service wallet) ✅
```
---
## ✅ Benefits
1. **MetaMask wallets work automatically** - No allowlist needed
2. **Service wallets still get signed** - Web3Signer integration preserved
3. **Automatic detection** - No manual configuration
4. **Backward compatible** - Existing allowlist still works
5. **Fail-safe** - If check fails, defaults to pass-through
---
## 🧪 Testing After Deployment
### Test User Wallet (MetaMask)
```bash
# Should pass through to Besu
curl -X POST http://192.168.11.240:9545 \
-H 'Content-Type: application/json' \
-d '{
"jsonrpc": "2.0",
"method": "eth_sendTransaction",
"params": [{
"from": "0x71e81eaec98e507f68bbcf5e2005f179db851603",
"to": "0x0000000000000000000000000000000000000000",
"value": "0x0"
}],
"id": 1
}'
```
**Check logs for**: `"Address ... has no key in Web3Signer, passing through to Besu"`
### Test Service Wallet
```bash
# Get service wallet address
ADDRESS=$(curl -s http://192.168.11.111:9000/api/v1/eth1/publicKeys | jq -r '.[0]')
# Should be intercepted and signed
curl -X POST http://192.168.11.240:9545 \
-H 'Content-Type: application/json' \
-d "{
\"jsonrpc\": \"2.0\",
\"method\": \"eth_sendTransaction\",
\"params\": [{
\"from\": \"$ADDRESS\",
\"to\": \"0x0000000000000000000000000000000000000000\",
\"value\": \"0x0\"
}],
\"id\": 1
}"
```
**Check logs for**: `"Address ... has key in Web3Signer, intercepting and signing"`
---
## 📊 Verification
```bash
# Check logs for smart interception messages
for IP in 192.168.11.240 192.168.11.241 192.168.11.242; do
echo "=== $IP ==="
ssh -i ~/.ssh/proxmox_translator root@$IP \
"journalctl -u rpc-translator-138.service -n 30 --no-pager | grep -i 'has.*key\|pass.*through\|intercepting' | tail -5"
done
```
---
## 🎯 Integration with Thirdweb
### MetaMask Users
**No changes needed!** Smart interception automatically:
1. Detects MetaMask wallet (no key in Web3Signer)
2. Passes through `eth_sendTransaction` to Besu
3. OR MetaMask signs locally and uses `eth_sendRawTransaction` (already works)
### Service Wallets
**Works automatically:**
1. Service wallet has key in Web3Signer
2. Translator detects key
3. Intercepts and signs via Web3Signer
4. Submits to Besu
---
## 📝 Configuration Notes
### Allowlist (Now Optional for User Wallets)
- **Empty allowlist**: All addresses can send (not recommended for production)
- **Populated allowlist**: Additional security layer (only listed addresses)
**Recommendation:**
- Keep allowlist with service wallet addresses only
- User wallets don't need to be in allowlist (smart interception handles it)
---
## 🚀 Deploy Now
```bash
cd /home/intlc/projects/proxmox/rpc-translator-138
./scripts/deploy-smart-interception.sh
```
This will:
1. Build the TypeScript code
2. Deploy to all translator VMIDs (2400, 2401, 2402)
3. Restart services
4. Verify deployment
---
**Status**: ✅ **Ready to deploy!**
Reference in New Issue View Git Blame Copy Permalink