proxmox/rpc-translator-138/DEPLOY_SMART_INTERCEPTION.md

Deploy Smart Interception - Quick Guide

Status: ✅ Code implemented, ready to deploy

---

🚀 Quick Deploy

cd /home/intlc/projects/proxmox/rpc-translator-138
./scripts/deploy-smart-interception.sh

---

📋 What Was Implemented

Code Changes

1. src/clients/web3signer-client.ts

   • Added hasKey(address: string): Promise<boolean> method
   • Queries Web3Signer API to check if address has key

2. src/handlers/rpc-handler.ts

   • Added web3SignerClient parameter to constructor
   • Modified handleInterceptedMethod() to check for key before intercepting
   • If no key: Pass through to Besu (user wallet)
   • If key exists: Intercept and sign (service wallet)

3. src/main.ts

   • Pass web3SignerClient to RpcHandler constructor

---

🔄 How It Works

Before (Old Behavior)

eth_sendTransaction → Always intercepted → Try to sign via Web3Signer → ❌ Fails if no key

After (Smart Interception)

eth_sendTransaction
    ↓
Check: Has key in Web3Signer?
    ├─→ NO → Pass through to Besu (user wallet) ✅
    └─→ YES → Intercept and sign via Web3Signer (service wallet) ✅

---

✅ Benefits

1. MetaMask wallets work automatically - No allowlist needed
2. Service wallets still get signed - Web3Signer integration preserved
3. Automatic detection - No manual configuration
4. Backward compatible - Existing allowlist still works
5. Fail-safe - If check fails, defaults to pass-through

---

🧪 Testing After Deployment

Test User Wallet (MetaMask)

# Should pass through to Besu
curl -X POST http://192.168.11.240:9545 \
  -H 'Content-Type: application/json' \
  -d '{
    "jsonrpc": "2.0",
    "method": "eth_sendTransaction",
    "params": [{
      "from": "0x71e81eaec98e507f68bbcf5e2005f179db851603",
      "to": "0x0000000000000000000000000000000000000000",
      "value": "0x0"
    }],
    "id": 1
  }'

Check logs for: "Address ... has no key in Web3Signer, passing through to Besu"

Test Service Wallet

# Get service wallet address
ADDRESS=$(curl -s http://192.168.11.111:9000/api/v1/eth1/publicKeys | jq -r '.[0]')

# Should be intercepted and signed
curl -X POST http://192.168.11.240:9545 \
  -H 'Content-Type: application/json' \
  -d "{
    \"jsonrpc\": \"2.0\",
    \"method\": \"eth_sendTransaction\",
    \"params\": [{
      \"from\": \"$ADDRESS\",
      \"to\": \"0x0000000000000000000000000000000000000000\",
      \"value\": \"0x0\"
    }],
    \"id\": 1
  }"

Check logs for: "Address ... has key in Web3Signer, intercepting and signing"

---

📊 Verification

# Check logs for smart interception messages
for IP in 192.168.11.240 192.168.11.241 192.168.11.242; do
    echo "=== $IP ==="
    ssh -i ~/.ssh/proxmox_translator root@$IP \
      "journalctl -u rpc-translator-138.service -n 30 --no-pager | grep -i 'has.*key\|pass.*through\|intercepting' | tail -5"
done

---

🎯 Integration with Thirdweb

MetaMask Users

No changes needed! Smart interception automatically:

1. Detects MetaMask wallet (no key in Web3Signer)
2. Passes through eth_sendTransaction to Besu
3. OR MetaMask signs locally and uses eth_sendRawTransaction (already works)

Service Wallets

Works automatically:

1. Service wallet has key in Web3Signer
2. Translator detects key
3. Intercepts and signs via Web3Signer
4. Submits to Besu

---

📝 Configuration Notes

Allowlist (Now Optional for User Wallets)

• Empty allowlist: All addresses can send (not recommended for production)
• Populated allowlist: Additional security layer (only listed addresses)

Recommendation:

• Keep allowlist with service wallet addresses only
• User wallets don't need to be in allowlist (smart interception handles it)

---

🚀 Deploy Now

cd /home/intlc/projects/proxmox/rpc-translator-138
./scripts/deploy-smart-interception.sh

This will:

1. Build the TypeScript code
2. Deploy to all translator VMIDs (2400, 2401, 2402)
3. Restart services
4. Verify deployment

---

Status: ✅ Ready to deploy!