ShieldFlowShieldFlow/Docs

Deployment

This guide covers deploying ShieldFlow contracts and services. The system uses Foundry for contract deployment and Docker Compose for service orchestration.

Infrastructure Overview

Prerequisites

Node.js 18+

Required for service dependencies and build tooling

Foundry

Forge, Cast, and Anvil for contract compilation, deployment, and interaction

Docker + Docker Compose

Container runtime for running ASP and Relayer services

Alchemy / Infura RPC

Reliable JSON-RPC endpoint for the target chain

Deployer wallet with ETH

Funded account for contract deployment and role configuration

Contract Deployment

Deploy the ShieldFlow contracts using Foundry's scripting system. The deployment script handles deploying the Entrypoint, Privacy Pools, and Verifier contracts in the correct order.

Step 1: Install Dependencies

terminal
cd packages/contracts && forge install

Step 2: Deploy Contracts

Run the deployment script targeting your network. The --verify flag automatically verifies contracts on Etherscan.

terminal
forge script script/Deploy.s.sol:EthereumSepolia \
  --rpc-url $RPC_URL --account DEPLOYER --broadcast --verify

Step 3: Grant Roles

After deployment, grant the ASP_POSTMAN role to the postman address so the ASP service can publish compliance data on-chain.

terminal
cast send $ENTRYPOINT \
  "grantRole(bytes32,address)" \
  $ASP_POSTMAN_ROLE $POSTMAN_ADDRESS

Service Configuration

ASP Service

The ASP (Association Set Provider) service indexes on-chain events, performs compliance screening via Nominis, and publishes association sets to IPFS. Configure it with the deployed contract addresses, pool start blocks, and compliance provider credentials.

config.sepolia.json
{
  "entrypoint": "0x...",
  "pools": {
    "ETH": "0x...",
    "USDC": "0x..."
  },
  "startBlocks": {
    "ETH": 5000000,
    "USDC": 5000000
  },
  "compliance": {
    "chainalysis": {
      "apiKey": "$CHAINALYSIS_API_KEY",
      "endpoint": "https://api.chainalysis.com"
    },
    "trmLabs": {
      "apiKey": "$TRM_LABS_API_KEY",
      "endpoint": "https://api.trmlabs.com"
    }
  },
  "ipfs": {
    "pinataJwt": "$PINATA_JWT",
    "gateway": "https://gateway.pinata.cloud"
  }
}

Relayer

The Relayer quotes withdrawal fees and broadcasts transactions on behalf of users. Configure it with a funded signer key, per-chain settings, and supported asset fee parameters.

config.json
{
  "feeReceiver": "0x...",
  "signerKey": "$RELAYER_SIGNER_KEY",
  "chains": {
    "11155111": {
      "rpcUrl": "$RPC_URL",
      "entrypoint": "0x...",
      "supportedAssets": ["ETH", "USDC"],
      "baseFeeBPS": { "ETH": 200, "USDC": 150 }
    }
  }
}

Docker Compose

Start both services using Docker Compose. The compose file handles networking, volume mounts, and environment variable injection.

terminal
docker compose -f docker-compose.sepolia.yml up -d

Protect Sensitive Values

Never commit private keys to version control. Use environment variables or secure key management for all sensitive values including signer keys, API keys, and RPC endpoints.

Service Ports

ServicePortDescription
ASP Service:4000Compliance screening, event indexing, IPFS publishing
Relayer:3001Fee quoting and withdrawal transaction relay

Verification Checklist

After deployment, verify each component is functioning correctly before directing user traffic to the system.

1

Contracts deployed and verified on Etherscan

2

ASP_POSTMAN role granted to postman address

3

Pools registered at Entrypoint

4

ASP service syncing events

5

Relayer quoting fees correctly

6

Health endpoints returning 200

Health Checks

Both services expose health endpoints. Use GET /relayer/health and GET /asp/health for uptime monitoring and alerting.