@aztec/cli 2.1.2 → 2.1.3

package/src/cmds/validator_keys/staker.ts

@@ -0,0 +1,298 @@
+import { prettyPrintJSON } from '@aztec/cli/utils';
+import { GSEContract, createEthereumChain } from '@aztec/ethereum';
+import { computeBn254G1PublicKey, computeBn254G2PublicKey } from '@aztec/foundation/crypto';
+import { decryptBn254Keystore } from '@aztec/foundation/crypto/bls/bn254_keystore';
+import type { EthAddress } from '@aztec/foundation/eth-address';
+import { Fr } from '@aztec/foundation/fields';
+import type { LogFn } from '@aztec/foundation/log';
+import { loadKeystoreFile } from '@aztec/node-keystore/loader';
+import type {
+  AttesterAccount,
+  AttesterAccounts,
+  BLSAccount,
+  EncryptedKeyFileConfig,
+  EthAccount,
+  MnemonicConfig,
+} from '@aztec/node-keystore/types';
+
+import { Wallet } from '@ethersproject/wallet';
+import { readFileSync, writeFileSync } from 'fs';
+import { createPublicClient, fallback, http } from 'viem';
+import { privateKeyToAddress } from 'viem/accounts';
+
+export type StakerOptions = {
+  from: string;
+  password?: string;
+  output?: string;
+  gseAddress: EthAddress;
+  l1RpcUrls: string[];
+  l1ChainId: number;
+};
+
+export type StakerOutput = {
+  attester: string;
+  publicKeyG1: {
+    x: string;
+    y: string;
+  };
+  publicKeyG2: {
+    x0: string;
+    x1: string;
+    y0: string;
+    y1: string;
+  };
+  proofOfPossession: {
+    x: string;
+    y: string;
+  };
+};
+
+/**
+ * Check if an object is a MnemonicConfig
+ */
+function isMnemonicConfig(obj: unknown): obj is MnemonicConfig {
+  return typeof obj === 'object' && obj !== null && 'mnemonic' in obj;
+}
+
+/**
+ * Check if a value is an encrypted keystore file config
+ */
+function isEncryptedKeyFileConfig(value: unknown): value is EncryptedKeyFileConfig {
+  return typeof value === 'object' && value !== null && 'path' in value;
+}
+
+/**
+ * Check if a BLSAccount is a private key string (not an encrypted keystore file)
+ */
+function isBlsPrivateKey(bls: unknown): bls is string {
+  return typeof bls === 'string' && bls.startsWith('0x');
+}
+
+/**
+ * Check if an EthAccount is a private key string (66 chars: 0x + 64 hex)
+ */
+function isEthPrivateKey(eth: unknown): eth is string {
+  return typeof eth === 'string' && eth.startsWith('0x') && eth.length === 66;
+}
+
+/**
+ * Check if a string is an Ethereum address (42 chars: 0x + 40 hex)
+ */
+function isEthAddress(value: unknown): value is string {
+  return typeof value === 'string' && /^0x[0-9a-fA-F]{40}$/.test(value);
+}
+
+/**
+ * Decrypt a BLS private key from an encrypted keystore file
+ */
+function decryptBlsKey(bls: BLSAccount, password?: string): string | undefined {
+  if (isBlsPrivateKey(bls)) {
+    return bls;
+  }
+
+  if (isEncryptedKeyFileConfig(bls)) {
+    if (!password && !bls.password) {
+      return undefined; // Can't decrypt without password
+    }
+    const pwd = password ?? bls.password!;
+    return decryptBn254Keystore(bls.path, pwd);
+  }
+
+  return undefined;
+}
+
+/**
+ * Decrypt an Ethereum private key from an encrypted keystore file
+ */
+async function decryptEthKey(eth: EthAccount, password?: string): Promise<string | undefined> {
+  if (isEthPrivateKey(eth)) {
+    return eth;
+  }
+
+  if (isEncryptedKeyFileConfig(eth)) {
+    if (!password && !eth.password) {
+      return undefined; // Can't decrypt without password
+    }
+    const pwd = password ?? eth.password!;
+    const json = readFileSync(eth.path, 'utf-8');
+    const wallet = await Wallet.fromEncryptedJson(json, pwd);
+    return wallet.privateKey as string;
+  }
+
+  return undefined;
+}
+
+/**
+ * Extract Ethereum address from an EthAccount (or private key)
+ */
+async function getEthAddress(eth: EthAccount | string, password?: string): Promise<EthAddress | undefined> {
+  // Case 1: It's a private key string - derive the address
+  if (isEthPrivateKey(eth)) {
+    return privateKeyToAddress(eth as `0x${string}`) as unknown as EthAddress;
+  }
+
+  // Case 2: It's just an address string directly (EthRemoteSignerAccount can be just EthAddress)
+  if (isEthAddress(eth)) {
+    return eth as unknown as EthAddress;
+  }
+
+  // Case 3: It's an object with an address property (remote signer config)
+  if (typeof eth === 'object' && eth !== null && 'address' in eth) {
+    return (eth as any).address as EthAddress;
+  }
+
+  // Case 4: It's an encrypted keystore file - decrypt and derive address
+  if (isEncryptedKeyFileConfig(eth)) {
+    const privateKey = await decryptEthKey(eth, password);
+    if (privateKey) {
+      return privateKeyToAddress(privateKey as `0x${string}`) as unknown as EthAddress;
+    }
+    return undefined;
+  }
+
+  return undefined;
+}
+
+/**
+ * Extract BLS private key and Ethereum address from an AttesterAccount
+ */
+async function extractAttesterInfo(
+  attester: AttesterAccount,
+  password?: string,
+): Promise<{ blsPrivateKey?: string; ethAddress?: EthAddress }> {
+  // Case 1: attester is { eth: EthAccount, bls?: BLSAccount }
+  if (typeof attester === 'object' && attester !== null && 'eth' in attester) {
+    const ethAddress = await getEthAddress(attester.eth, password);
+    const blsPrivateKey = attester.bls ? decryptBlsKey(attester.bls, password) : undefined;
+    return { blsPrivateKey, ethAddress };
+  }
+
+  // Case 2: attester is just an EthAccount directly (no BLS key)
+  return {
+    blsPrivateKey: undefined,
+    ethAddress: await getEthAddress(attester as EthAccount, password),
+  };
+}
+
+/**
+ * Process a single attester entry and output staking JSON
+ */
+async function processAttester(
+  attester: AttesterAccount,
+  gse: GSEContract,
+  password?: string,
+): Promise<StakerOutput | undefined> {
+  const { blsPrivateKey, ethAddress } = await extractAttesterInfo(attester, password);
+
+  // Skip if no BLS private key or no Ethereum address
+  if (!blsPrivateKey || !ethAddress) {
+    return undefined;
+  }
+
+  // Derive G1 and G2 public keys
+  const g1PublicKey = await computeBn254G1PublicKey(blsPrivateKey);
+  const g2PublicKey = await computeBn254G2PublicKey(blsPrivateKey);
+
+  // Generate proof of possession
+  const bn254SecretKeyFieldElement = Fr.fromString(blsPrivateKey);
+  const registrationTuple = await gse.makeRegistrationTuple(bn254SecretKeyFieldElement.toBigInt());
+
+  return {
+    attester: String(ethAddress),
+    publicKeyG1: {
+      x: '0x' + g1PublicKey.x.toString(16).padStart(64, '0'),
+      y: '0x' + g1PublicKey.y.toString(16).padStart(64, '0'),
+    },
+    publicKeyG2: {
+      x0: '0x' + g2PublicKey.x.c0.toString(16).padStart(64, '0'),
+      x1: '0x' + g2PublicKey.x.c1.toString(16).padStart(64, '0'),
+      y0: '0x' + g2PublicKey.y.c0.toString(16).padStart(64, '0'),
+      y1: '0x' + g2PublicKey.y.c1.toString(16).padStart(64, '0'),
+    },
+    proofOfPossession: {
+      x: '0x' + registrationTuple.proofOfPossession.x.toString(16),
+      y: '0x' + registrationTuple.proofOfPossession.y.toString(16),
+    },
+  };
+}
+
+/**
+ * Process AttesterAccounts (which can be a single attester, array, or mnemonic)
+ */
+export async function processAttesterAccounts(
+  attesterAccounts: AttesterAccounts,
+  gse: GSEContract,
+  password?: string,
+): Promise<StakerOutput[]> {
+  // Skip mnemonic configs
+  if (isMnemonicConfig(attesterAccounts)) {
+    return [];
+  }
+
+  // Handle array of attesters
+  if (Array.isArray(attesterAccounts)) {
+    const results: StakerOutput[] = [];
+    for (const attester of attesterAccounts) {
+      const result = await processAttester(attester, gse, password);
+      if (result) {
+        results.push(result);
+      }
+    }
+    return results;
+  }
+
+  // Handle single attester
+  const result = await processAttester(attesterAccounts, gse, password);
+  return result ? [result] : [];
+}
+
+/**
+ * Main staker command function
+ */
+export async function generateStakerJson(options: StakerOptions, log: LogFn): Promise<void> {
+  const { from, password, gseAddress, l1RpcUrls, l1ChainId, output } = options;
+
+  // Load the keystore file
+  const keystore = loadKeystoreFile(from);
+
+  if (!gseAddress) {
+    throw new Error('GSE contract address is required');
+  }
+  log(`Calling GSE contract ${gseAddress} on chain ${l1ChainId}, using ${l1RpcUrls.join(', ')} to get staker outputs`);
+
+  if (!keystore.validators || keystore.validators.length === 0) {
+    log('No validators found in keystore');
+    return;
+  }
+
+  const allOutputs: StakerOutput[] = [];
+
+  // L1 client for proof of possession
+  const chain = createEthereumChain(l1RpcUrls, l1ChainId);
+  const publicClient = createPublicClient({
+    chain: chain.chainInfo,
+    transport: fallback(l1RpcUrls.map(url => http(url))),
+  });
+  const gse = new GSEContract(publicClient, gseAddress);
+
+  // Process each validator
+  for (const validator of keystore.validators) {
+    const outputs = await processAttesterAccounts(validator.attester, gse, password);
+    allOutputs.push(...outputs);
+  }
+
+  if (allOutputs.length === 0) {
+    log('No attesters with BLS keys found (skipping mnemonics and encrypted keystores without password)');
+    return;
+  }
+
+  const jsonOutput = prettyPrintJSON(allOutputs);
+
+  // Write to file if output is specified, otherwise log to stdout
+  if (output) {
+    writeFileSync(output, jsonOutput, 'utf-8');
+    log(`Wrote staking data to ${output}`);
+  } else {
+    log(jsonOutput);
+  }
+}

package/src/config/chain_l2_config.ts

@@ -30,6 +30,7 @@ export type L2ChainConfig = L1ContractsConfig &
     autoUpdate: SharedNodeConfig['autoUpdate'];
     autoUpdateUrl?: string;
     maxTxPoolSize: number;
+    publicMetricsOptOut: boolean;
     publicIncludeMetrics?: string[];
     publicMetricsCollectorUrl?: string;
     publicMetricsCollectFrom?: string[];
@@ -107,7 +108,8 @@ export const stagingIgnitionL2ChainConfig: L2ChainConfig = {
   snapshotsUrls: [`${SNAPSHOTS_URL}/staging-ignition/`],
   autoUpdate: 'config-and-version',
   autoUpdateUrl: 'https://storage.googleapis.com/aztec-testnet/auto-update/staging-ignition.json',
-  maxTxPoolSize: 100_000_000, // 100MB
+  maxTxPoolSize: 0,
+  publicMetricsOptOut: false,
   publicIncludeMetrics,
   publicMetricsCollectorUrl: 'https://telemetry.alpha-testnet.aztec-labs.com/v1/metrics',
   publicMetricsCollectFrom: ['sequencer'],
@@ -138,7 +140,7 @@ export const stagingIgnitionL2ChainConfig: L2ChainConfig = {
   slashAmountLarge: 50_000n * 10n ** 18n,
   slashingOffsetInRounds: 2,
   slasherFlavor: 'tally',
-  slashingVetoer: EthAddress.ZERO, // TODO TMNT-329
+  slashingVetoer: EthAddress.ZERO,
 
   /** The mana target for the rollup */
   manaTarget: 0n,
@@ -189,6 +191,7 @@ export const stagingPublicL2ChainConfig: L2ChainConfig = {
   snapshotsUrls: [`${SNAPSHOTS_URL}/staging-public/`],
   autoUpdate: 'config-and-version',
   autoUpdateUrl: 'https://storage.googleapis.com/aztec-testnet/auto-update/staging-public.json',
+  publicMetricsOptOut: false,
   publicIncludeMetrics,
   publicMetricsCollectorUrl: 'https://telemetry.alpha-testnet.aztec-labs.com/v1/metrics',
   publicMetricsCollectFrom: ['sequencer'],
@@ -230,6 +233,61 @@ export const stagingPublicL2ChainConfig: L2ChainConfig = {
   ...DefaultNetworkDBMapSizeConfig,
 };
 
+export const nextNetL2ChainConfig: L2ChainConfig = {
+  l1ChainId: 11155111,
+  testAccounts: true,
+  sponsoredFPC: true,
+  p2pEnabled: true,
+  disableTransactions: false,
+  p2pBootstrapNodes: [],
+  seqMinTxsPerBlock: 0,
+  seqMaxTxsPerBlock: 8,
+  realProofs: true,
+  snapshotsUrls: [],
+  autoUpdate: 'config-and-version',
+  autoUpdateUrl: '',
+  publicMetricsOptOut: true,
+  publicIncludeMetrics,
+  publicMetricsCollectorUrl: '',
+  publicMetricsCollectFrom: [''],
+  maxTxPoolSize: 100_000_000, // 100MB
+  txPoolDeleteTxsAfterReorg: false,
+
+  // Deployment stuff
+  /** How many seconds an L1 slot lasts. */
+  ethereumSlotDuration: 12,
+  /** How many seconds an L2 slots lasts (must be multiple of ethereum slot duration). */
+  aztecSlotDuration: 36,
+  /** How many L2 slots an epoch lasts. */
+  aztecEpochDuration: 32,
+  /** The target validator committee size. */
+  aztecTargetCommitteeSize: 48,
+  /** The number of epochs to lag behind the current epoch for validator selection. */
+  lagInEpochs: DefaultL1ContractsConfig.lagInEpochs,
+  /** The local ejection threshold for a validator. Stricter than ejectionThreshold but local to a specific rollup */
+  localEjectionThreshold: DefaultL1ContractsConfig.localEjectionThreshold,
+  /** The number of epochs after an epoch ends that proofs are still accepted. */
+  aztecProofSubmissionEpochs: 1,
+  /** The deposit amount for a validator */
+  activationThreshold: DefaultL1ContractsConfig.activationThreshold,
+  /** The minimum stake for a validator. */
+  ejectionThreshold: DefaultL1ContractsConfig.ejectionThreshold,
+  /** The slashing round size */
+  slashingRoundSizeInEpochs: DefaultL1ContractsConfig.slashingRoundSizeInEpochs,
+  /** Governance proposing round size */
+  governanceProposerRoundSize: DefaultL1ContractsConfig.governanceProposerRoundSize,
+  /** The mana target for the rollup */
+  manaTarget: DefaultL1ContractsConfig.manaTarget,
+  /** The proving cost per mana */
+  provingCostPerMana: DefaultL1ContractsConfig.provingCostPerMana,
+  /** Exit delay for stakers */
+  exitDelaySeconds: DefaultL1ContractsConfig.exitDelaySeconds,
+
+  ...DefaultSlashConfig,
+
+  ...DefaultNetworkDBMapSizeConfig,
+};
+
 export const testnetL2ChainConfig: L2ChainConfig = {
   l1ChainId: 11155111,
   testAccounts: false,
@@ -244,6 +302,7 @@ export const testnetL2ChainConfig: L2ChainConfig = {
   autoUpdate: 'config-and-version',
   autoUpdateUrl: 'https://storage.googleapis.com/aztec-testnet/auto-update/testnet.json',
   maxTxPoolSize: 100_000_000, // 100MB
+  publicMetricsOptOut: false,
   publicIncludeMetrics,
   publicMetricsCollectorUrl: 'https://telemetry.alpha-testnet.aztec-labs.com/v1/metrics',
   publicMetricsCollectFrom: ['sequencer'],
@@ -333,10 +392,12 @@ export const mainnetL2ChainConfig: L2ChainConfig = {
   snapshotsUrls: [`${SNAPSHOTS_URL}/mainnet/`],
   autoUpdate: 'notify',
   autoUpdateUrl: 'https://storage.googleapis.com/aztec-mainnet/auto-update/mainnet.json',
-  maxTxPoolSize: 100_000_000, // 100MB
+  maxTxPoolSize: 0,
+  publicMetricsOptOut: true,
   publicIncludeMetrics,
   publicMetricsCollectorUrl: 'https://telemetry.alpha-testnet.aztec-labs.com/v1/metrics',
   publicMetricsCollectFrom: ['sequencer'],
+  blobAllowEmptySources: true,
 
   /** How many seconds an L1 slot lasts. */
   ethereumSlotDuration: 12,
@@ -357,7 +418,7 @@ export const mainnetL2ChainConfig: L2ChainConfig = {
   slashingRoundSizeInEpochs: 4,
   slashingExecutionDelayInRounds: 28,
   slashingLifetimeInRounds: 34,
-  slashingVetoer: EthAddress.ZERO, // TODO TMNT-329
+  slashingVetoer: EthAddress.fromString('0xBbB4aF368d02827945748b28CD4b2D42e4A37480'),
   slashingOffsetInRounds: 2,
 
   slashingDisableDuration: 259_200, // 3 days
@@ -404,6 +465,61 @@ export const mainnetL2ChainConfig: L2ChainConfig = {
   ...DefaultNetworkDBMapSizeConfig,
 };
 
+export const devnetL2ChainConfig: L2ChainConfig = {
+  l1ChainId: 11155111,
+  testAccounts: true,
+  sponsoredFPC: true,
+  p2pEnabled: true,
+  disableTransactions: false,
+  p2pBootstrapNodes: [],
+  seqMinTxsPerBlock: 0,
+  seqMaxTxsPerBlock: 8,
+  realProofs: false,
+  snapshotsUrls: [],
+  autoUpdate: 'config-and-version',
+  autoUpdateUrl: '',
+  publicMetricsOptOut: true,
+  publicIncludeMetrics,
+  publicMetricsCollectorUrl: '',
+  publicMetricsCollectFrom: [''],
+  maxTxPoolSize: 100_000_000, // 100MB
+  txPoolDeleteTxsAfterReorg: true,
+
+  // Deployment stuff
+  /** How many seconds an L1 slot lasts. */
+  ethereumSlotDuration: 12,
+  /** How many seconds an L2 slots lasts (must be multiple of ethereum slot duration). */
+  aztecSlotDuration: 36,
+  /** How many L2 slots an epoch lasts. */
+  aztecEpochDuration: 8,
+  /** The target validator committee size. */
+  aztecTargetCommitteeSize: 1,
+  /** The number of epochs to lag behind the current epoch for validator selection. */
+  lagInEpochs: 1,
+  /** The local ejection threshold for a validator. Stricter than ejectionThreshold but local to a specific rollup */
+  localEjectionThreshold: DefaultL1ContractsConfig.localEjectionThreshold,
+  /** The number of epochs after an epoch ends that proofs are still accepted. */
+  aztecProofSubmissionEpochs: 1,
+  /** The deposit amount for a validator */
+  activationThreshold: DefaultL1ContractsConfig.activationThreshold,
+  /** The minimum stake for a validator. */
+  ejectionThreshold: DefaultL1ContractsConfig.ejectionThreshold,
+  /** The slashing round size */
+  slashingRoundSizeInEpochs: DefaultL1ContractsConfig.slashingRoundSizeInEpochs,
+  /** Governance proposing round size */
+  governanceProposerRoundSize: DefaultL1ContractsConfig.governanceProposerRoundSize,
+  /** The mana target for the rollup */
+  manaTarget: DefaultL1ContractsConfig.manaTarget,
+  /** The proving cost per mana */
+  provingCostPerMana: DefaultL1ContractsConfig.provingCostPerMana,
+  /** Exit delay for stakers */
+  exitDelaySeconds: DefaultL1ContractsConfig.exitDelaySeconds,
+
+  ...DefaultSlashConfig,
+
+  ...DefaultNetworkDBMapSizeConfig,
+};
+
 export function getL2ChainConfig(networkName: NetworkNames): L2ChainConfig | undefined {
   let config: L2ChainConfig | undefined;
   if (networkName === 'staging-public') {
@@ -480,6 +596,8 @@ export function enrichEnvironmentWithChainConfig(networkName: NetworkNames) {
     enrichVar('PUBLIC_OTEL_COLLECT_FROM', config.publicMetricsCollectFrom.join(','));
   }
 
+  enrichVar('PUBLIC_OTEL_OPT_OUT', config.publicMetricsOptOut.toString());
+
   // Deployment stuff
   enrichVar('ETHEREUM_SLOT_DURATION', config.ethereumSlotDuration.toString());
   enrichVar('AZTEC_SLOT_DURATION', config.aztecSlotDuration.toString());