diff --git a/.env-mock b/.env-mock
index 1c72a32..1f4c35c 100644
--- a/.env-mock
+++ b/.env-mock
@@ -11,11 +11,11 @@ DEXORDER_RPC_URL_42161=http://localhost:8545
 # Mockchain
 DEXORDER_DEPLOYMENT_31337=latest
 DEXORDER_RPC_URL_31337=http://localhost:8545
-# dev account #2
-DEXORDER_ACCOUNTS_31337=0x5de4111afa1a4b94908f83103eb1f1706367c2e68ca870fc3fb9a804cdab365a
 
 # Devchain
 DEXORDER_DEPLOYMENT_1337=latest
 DEXORDER_RPC_URL_1337=http://localhost:8545
-# dev account #2
-DEXORDER_ACCOUNTS_1337=0x5de4111afa1a4b94908f83103eb1f1706367c2e68ca870fc3fb9a804cdab365a
+
+# use this in the URL to bypass IP country check for development / debug
+# http://localhost:3000/...?approval=...
+DEXORDER_REGION_APPROVAL=6ehWWH98diqv39gWZcPo
diff --git a/approval.js b/approval.js
index 344ffd9..49f2ab2 100644
--- a/approval.js
+++ b/approval.js
@@ -29,6 +29,7 @@ function approveIP(ipAddress) {
         if (!approved)
             // todo log ban & report
             console.warn(`IP ${ipAddress} from ${country} is banned`)
+        console.debug(`IP ${ipAddress} from ${country} is ${approved ? 'approved' : 'rejected'}`)
         return approved
     }
     catch (e) {
@@ -40,7 +41,9 @@ function approveIP(ipAddress) {
 
 export function approveRegion(socket, bypass) {
     const ipAddress = socket.handshake.address
-    const approved = bypass === '6ehWWH98diqv39gWZcPo' || approveIP(ipAddress)
+    const debug = bypass === process.env.DEXORDER_REGION_APPROVAL;
+    const approved = debug || approveIP(ipAddress)
     socket.emit('approvedRegion', approved)
+    if(debug)
+        console.info(`approved admin at ${ipAddress}`)
 }
-
diff --git a/db.js b/db.js
index 713af59..3269e97 100644
--- a/db.js
+++ b/db.js
@@ -22,6 +22,11 @@ export async function withDb(cb) {
 }
 
 
+export function dbAddr(addr) {
+    // format an 0x-style address into postgres bytes
+    return '\\' + addr.slice(1)
+}
+
 export async function sql(query) {
     return await withDb(async (db)=>await db.query(query) )
 }
diff --git a/main.js b/main.js
index 6f62dd1..97851d9 100644
--- a/main.js
+++ b/main.js
@@ -1,29 +1,11 @@
 import 'dotenv/config'
-
-import {lookupToken} from "./token.js";
-import {httpServer, io} from "./io.js";
-import {ensureVault, loginAddress} from "./vault.js";
-import {subOHLCs, subPools, unsubOHLCs, unsubPools} from "./pool.js";
-import {gib} from "./faucet.js";
-import {approveRegion} from "./approval.js";
+import {httpServer} from "./io.js";
+import {initIO} from "./route.js";
 
 
 // setup socket.io
 
-io.on("connection", (socket) => {
-    socket.on('lookupToken', (chainId, address, callback) => {
-        lookupToken(chainId, address).then((result)=>callback(result)).catch(()=>callback(null))
-    })
-    socket.on('address', (chainId, address) => loginAddress(socket, chainId, address) )
-    socket.on('subPools', (chainId, addresses) => subPools(socket, chainId, addresses) )
-    socket.on('unsubPools', (chainId, addresses) => unsubPools(socket, chainId, addresses) )
-    socket.on('subOHLCs', async (chainId, poolPeriods) => await subOHLCs(socket, chainId, poolPeriods) )
-    socket.on('unsubOHLCs', (chainId, poolPeriods) => unsubOHLCs(socket, chainId, poolPeriods) )
-    socket.on('ensureVault', (chainId,owner,num) => ensureVault(socket, chainId, owner, num) )
-    socket.on('gib', async (chainId, owner, vault, tokenAmounts) => await gib(chainId, owner, vault, tokenAmounts))
-    socket.on('approveRegion', (bypass) => approveRegion(socket, bypass))
-    socket.join('public')
-});
+initIO();
 
 // io.on("disconnection", (socket)=>{
 //     socket.leave('public') // todo isn't this automatic?
diff --git a/maxmind.js b/maxmind.js
index fc28203..6c5ca9a 100644
--- a/maxmind.js
+++ b/maxmind.js
@@ -176,5 +176,3 @@ export function countryForIP(ipAddress) {
     }
 }
 
-const ip = '64.178.217.35'
-console.log(`ip: ${ip}`, countryForIP(ip))
diff --git a/pool.js b/pool.js
index 6bef5df..0ced68b 100644
--- a/pool.js
+++ b/pool.js
@@ -1,6 +1,6 @@
 import {ohlcs, prices} from "./cache.js";
 
-export function subPools( socket, chainId, addresses) {
+export function subPools( socket, chainId, addresses ) {
     for(const address of addresses) {
         const room = `${chainId}|${address}`;
         socket.join(room)
diff --git a/route.js b/route.js
new file mode 100644
index 0000000..f4dabe9
--- /dev/null
+++ b/route.js
@@ -0,0 +1,25 @@
+import {io} from "./io.js";
+import {lookupToken} from "./token.js";
+import {requestVault, loginAddress} from "./vault.js";
+import {subOHLCs, subPools, unsubOHLCs, unsubPools} from "./pool.js";
+import {gib} from "./faucet.js";
+import {approveRegion} from "./approval.js";
+
+// Server route handling
+
+export function initIO() {
+    io.on("connection", (socket) => {
+        socket.on('lookupToken', (chainId, address, callback) => {
+            lookupToken(chainId, address).then((result) => callback(result)).catch(() => callback(null))
+        })
+        socket.on('address', (chainId, address) => loginAddress(socket, chainId, address))
+        socket.on('subPools', (chainId, addresses) => subPools(socket, chainId, addresses))
+        socket.on('unsubPools', (chainId, addresses) => unsubPools(socket, chainId, addresses))
+        socket.on('subOHLCs', async (chainId, poolPeriods) => await subOHLCs(socket, chainId, poolPeriods))
+        socket.on('unsubOHLCs', (chainId, poolPeriods) => unsubOHLCs(socket, chainId, poolPeriods))
+        socket.on('ensureVault', (chainId, owner, num) => requestVault(socket, chainId, owner, num))
+        socket.on('gib', async (chainId, owner, vault, tokenAmounts) => await gib(chainId, owner, vault, tokenAmounts))
+        socket.on('approveRegion', (bypass) => approveRegion(socket, bypass))
+        socket.join('public')
+    });
+}
diff --git a/vault.js b/vault.js
index fd85812..2369b76 100644
--- a/vault.js
+++ b/vault.js
@@ -5,6 +5,7 @@ import {chainInfo} from "./chain.js";
 import {sendVaultOrders} from "./order.js";
 import {newContract} from "./contract.js";
 import {approveWallet} from "./approval.js";
+import {sql} from "./db.js";
 
 
 export function vaultAddress(chainId, owner, num=0) {
@@ -48,8 +49,10 @@ async function sendVaultInfo(socket, chainId, owner) {
 }
 
 export async function loginAddress(socket, chainId, address) {
-    if( socket.user_room !== undefined)
+    if( socket.user_room !== undefined) {
         socket.leave(socket.user_room)
+        console.log('left user room', socket.user_room)
+    }
     if( address ) {
         const approved = approveWallet(address)
         socket.emit('approvedWallet', approved)
@@ -64,7 +67,7 @@ export async function loginAddress(socket, chainId, address) {
 
 const ensuring = {}
 
-export async function ensureVault(socket, chainId, owner, num) {
+export async function ensureVault_OLD(socket, chainId, owner, num) {
     if (!approveWallet(owner))
         return
     const key = [chainId, owner, num]
@@ -103,6 +106,7 @@ async function createVault(chainId, owner, num) {
         return
     const signer = getSigner(chainId);
     const factory = chainInfo[chainId].factory;
+    owner = ethers.getAddress(owner);
     console.log('createVault', chainId, owner, num, factory, chainInfo[chainId].vaultInitCodeHash )
     const deployer = await newContract(factory, 'IVaultFactory', signer)
     const vaultAddr = vaultAddress(chainId, owner, num)
@@ -129,3 +133,13 @@ async function createVault(chainId, owner, num) {
     }
     return vaultAddr
 }
+
+
+export async function requestVault(socket, chainId, owner, num) {
+    const ipAddress = socket.handshake.address
+    const time = new Date().toISOString();
+    const query = `insert into vaultcreationrequest (chain, owner, num, time, ipaddr) values (${chainId}, '${owner}', ${num}, '${time}', '${ipAddress}') ON CONFLICT DO NOTHING`;
+    console.log('query:', query)
+    await sql(query)
+}
+