Skip to content

Self-Hosting

Prerequisites

  • Docker on your local machine
  • Credentials for Narval's docker registry. Contact Narval support to get these.
  • Credentials for Narval's Gatekeeper descriptor & policy registry.

Overview

  • Pull the docker image
  • Set your configuration values in a .env file
  • Run the container

Run the container

docker run \
  -it --rm \
  --env-file ./.env \
  --platform linux/amd64 \
  --name gatekeeper \
  -p 3012:3012 \
  narval/gatekeeper:latest

Send a test transaction for evaluation

curl --location 'http://localhost:3012/v1/evaluate' \
--header 'Content-Type: application/json' \
--data '{
    "protocolPresets": ["aave_core"],
    "request": {
        "method": "eth_sendTransaction",
        "params": [
            {
                "chainId": "0x1",
                "from": "0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045",
                "to": "0x220866B1A2219f40e72f5c628B65D54268cA3A9D",
                "value": "0x1",
                "data": "0x0"
            }
        ]
    }
}'

Configuration File

Create a .env file with the following variables (Update with the credential values for the bundle registry)

# Gatekeeper - Default Environment Variables
# This file contains default values for development
# Copy to .env and customize for your environment
 
###################
# Data Source Configuration
###################
 
EVALUATION_DATA_SOURCE_TYPE=HTTP
 
# Remote URI to fetch the manifest from.
EVALUATION_DATA_SOURCE_BUNDLE_MANIFEST_URI="${NARVAL_BUNDLE_REGISTRY}/bundle_manifest.json"
 
###################
# Signature Verification Configuration
###################
 
# Public key for signature verification (choose ONE of the following):
 
# Option 1: Path to public key file (recommended for development)
# EVALUATION_DATA_SOURCE_PUBLIC_KEY_URI=./narval-demo-public.pem
 
# Option 2: Raw public key content (for production/CI with secrets)
EVALUATION_DATA_SOURCE_PUBLIC_KEY_RAW="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkIsCIyD4GchwwIOQkVry\nEmntq13V/OO4MeHM6nktvo5h9k1nbpWn1rxvTrNf2fwE7Txvzk62t0OQzpbG0+qw\nrp6PE2gFjbOaM3JlNrIrhUQWSrD9eRVDlpk5mnp+lec61e82I8vkJ82yWH2dRRkX\n62EEmmgMHInqfh4tZDSYTbs3kMad1NFzDCFgpy+7ZaWu99rZwKuB5Abb2mDtpW3K\ntKF2nmHdZ4LtAv5WIfbtDufvnomAwKJGObkfO3fIwC0NGZdYgOZ5lDtYn+8Kurv7\nFjRsC0jgNs3ZTLHk7Bx4cX312MDM0iXtLInsJCdPkc/Mmkyj1/w5Tzz61PwKhKc9\nHwIDAQAB\n-----END PUBLIC KEY-----"
 
###################
# Bundle polling
###################
# If set, determines the polling frequency for change detection on the bundle manifest
# Allows adding new Descriptors or Policy sets without re-deployment
EVALUATION_DATA_POLLING_INTERVAL_SECONDS=300
 
###################
# OpenTelemetry configuration
###################
 
# See https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/
OTEL_SDK_DISABLED=true
# OTEL Collector container HTTP port.
# OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:4318
# OTEL_EXPORTER_OTLP_PROTOCOL=http/protobuf
# OTEL_LOGS_EXPORTER=otlp
# OTEL_LOG_LEVEL=error
# OTEL_RESOURCE_ATTRIBUTES=deployment.environment=local