From 32f1a2760621bbdb1b6d6f17fc94dd753be86f23 Mon Sep 17 00:00:00 2001 From: UfukNode <208284577+UfukNode@users.noreply.github.com> Date: Tue, 14 Jul 2026 22:00:43 +0300 Subject: [PATCH 1/2] docs: clarify public-api warning behavior --- docs/running-an-arc-node.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/running-an-arc-node.md b/docs/running-an-arc-node.md index 93f04f9..807c212 100644 --- a/docs/running-an-arc-node.md +++ b/docs/running-an-arc-node.md @@ -448,9 +448,10 @@ prohibited: `txpool`, `debug`, `trace`, `admin`, `flashbots`, `mev`, `ots`. --public-api ``` -The `--public-api` flag enforces these restrictions at runtime: it hides -pending-transaction RPCs and warns at startup if `--http.api` or `--ws.api` -exposes namespaces outside the safe set. +The `--public-api` flag enforces pending-transaction hiding, but it does not +rewrite or reject `--http.api` / `--ws.api` selections. It warns at startup if +either selection exposes namespaces outside the safe set, so operators must +still configure public endpoints with only the safe namespaces above. To verify, call `rpc_modules`: From fb8f73d7c2c0d30fda0db4aaee5fb98d694cb722 Mon Sep 17 00:00:00 2001 From: UfukNode <208284577+UfukNode@users.noreply.github.com> Date: Tue, 14 Jul 2026 23:13:43 +0300 Subject: [PATCH 2/2] docs: note public-api warnings are non-fatal --- docs/running-an-arc-node.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/running-an-arc-node.md b/docs/running-an-arc-node.md index 807c212..c85019a 100644 --- a/docs/running-an-arc-node.md +++ b/docs/running-an-arc-node.md @@ -450,8 +450,9 @@ prohibited: `txpool`, `debug`, `trace`, `admin`, `flashbots`, `mev`, `ots`. The `--public-api` flag enforces pending-transaction hiding, but it does not rewrite or reject `--http.api` / `--ws.api` selections. It warns at startup if -either selection exposes namespaces outside the safe set, so operators must -still configure public endpoints with only the safe namespaces above. +either selection exposes namespaces outside the safe set, and the node continues +to serve those namespaces. Operators must still configure public endpoints with +only the safe namespaces above. To verify, call `rpc_modules`: