d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
cb47cce074da46f3ce5910b752d435c4a3ee87d0
proxmox/rpc-translator-138/SMART_INTERCEPTION_SUMMARY.md
defiQUG cb47cce074 Complete markdown files cleanup and organization 
- Organized 252 files across project
- Root directory: 187 → 2 files (98.9% reduction)
- Moved configuration guides to docs/04-configuration/
- Moved troubleshooting guides to docs/09-troubleshooting/
- Moved quick start guides to docs/01-getting-started/
- Moved reports to reports/ directory
- Archived temporary files
- Generated comprehensive reports and documentation
- Created maintenance scripts and guides

All files organized according to established standards.
2026-01-06 01:46:25 -08:00

4.7 KiB
Raw Blame History

Smart Interception - Implementation Summary

Date: 2026-01-06
Status: IMPLEMENTED

What Was Changed

1. Web3SignerClient - Added hasKey() Method

File: src/clients/web3signer-client.ts

async hasKey(address: string): Promise<boolean> {
  // Queries Web3Signer API for all loaded keys
  // Checks if the address is in the list
  // Returns false if check fails (allows pass-through)
}

2. RPC Handler - Smart Interception Logic

File: src/handlers/rpc-handler.ts

Before: All eth_sendTransaction calls were intercepted

After:

  • Check if address has key in Web3Signer
  • No key → Pass through to Besu (user wallet)
  • Has key → Intercept and sign via Web3Signer (service wallet)

3. Main Entry Point - Pass Web3Signer Client

File: src/main.ts

  • Pass web3SignerClient to RpcHandler constructor
  • Enables smart interception functionality

How It Works Now

Flow for User Wallets (MetaMask)

eth_sendTransaction from 0x71e81eaec98e507f68bbcf5e2005f179db851603
    ↓
Translator checks: Has key in Web3Signer? NO
    ↓
Pass through to Besu ✅
    ↓
Besu handles (or returns error if unsigned)

Flow for Service Wallets

eth_sendTransaction from 0xServiceWallet (has key in Web3Signer)
    ↓
Translator checks: Has key in Web3Signer? YES
    ↓
Intercept and sign via Web3Signer ✅
    ↓
Convert to eth_sendRawTransaction
    ↓
Submit to Besu ✅

Benefits

  1. Automatic: No manual configuration needed
  2. MetaMask Compatible: User wallets work automatically
  3. Service Wallet Support: Still signs via Web3Signer
  4. Backward Compatible: Existing allowlist still works
  5. Fail-Safe: If check fails, defaults to pass-through

Deployment

Quick Deploy

cd /home/intlc/projects/proxmox/rpc-translator-138
./scripts/deploy-smart-interception.sh

Manual Deploy

# 1. Build
pnpm run build

# 2. Deploy to all VMIDs
./scripts/deploy-all-vmids.sh

# 3. Verify
./scripts/check-all-status.sh

Testing

Test User Wallet (Should Pass Through)

curl -X POST http://192.168.11.240:9545 \
  -H 'Content-Type: application/json' \
  -d '{
    "jsonrpc": "2.0",
    "method": "eth_sendTransaction",
    "params": [{
      "from": "0x71e81eaec98e507f68bbcf5e2005f179db851603",
      "to": "0x0000000000000000000000000000000000000000",
      "value": "0x0"
    }],
    "id": 1
  }'

Expected: Passes through to Besu (may get error from Besu, but that's expected)

Test Service Wallet (Should Intercept)

# Get service wallet address
ADDRESS=$(curl -s http://192.168.11.111:9000/api/v1/eth1/publicKeys | jq -r '.[0]')

# Send transaction
curl -X POST http://192.168.11.240:9545 \
  -H 'Content-Type: application/json' \
  -d "{
    \"jsonrpc\": \"2.0\",
    \"method\": \"eth_sendTransaction\",
    \"params\": [{
      \"from\": \"$ADDRESS\",
      \"to\": \"0x0000000000000000000000000000000000000000\",
      \"value\": \"0x0\"
    }],
    \"id\": 1
  }"

Expected: Intercepted, signed via Web3Signer, submitted to Besu

Check Logs

# Look for smart interception messages
ssh -i ~/.ssh/proxmox_translator root@192.168.11.240 \
  "journalctl -u rpc-translator-138.service -n 50 --no-pager | grep -i 'has.*key\|pass.*through\|intercepting'"

Configuration

Allowlist (Optional Now)

With smart interception, allowlist is optional for user wallets:

  • Empty allowlist: All addresses can send (not recommended for production)
  • Populated allowlist: Only listed addresses can send (additional security layer)

Recommended:

  • Keep allowlist with only service wallet addresses
  • User wallets don't need to be in allowlist

Integration with Thirdweb

MetaMask Users

Already works! No changes needed:

  1. User connects MetaMask
  2. Thirdweb SDK detects wallet
  3. User signs transaction locally
  4. Thirdweb sends eth_sendRawTransaction (passes through )

OR if Thirdweb uses eth_sendTransaction:

  1. Translator checks: No key in Web3Signer
  2. Translator passes through to Besu

Service Wallets

Works with smart interception:

  1. Service wallet has key in Web3Signer
  2. Thirdweb calls eth_sendTransaction (unsigned)
  3. Translator checks: Has key in Web3Signer
  4. Translator intercepts and signs via Web3Signer
  5. Transaction submitted to Besu

Summary

Smart interception implemented User wallets (MetaMask) automatically pass through Service wallets still get signed via Web3Signer No configuration changes needed Backward compatible

Next Step: Deploy using ./scripts/deploy-smart-interception.sh

Reference in New Issue View Git Blame Copy Permalink