@aztec/foundation 0.0.1-commit.bf2612ae → 0.0.1-commit.c0b82b2

package/src/config/env_var.ts

@@ -12,6 +12,9 @@ export type EnvVar =
   | 'ARCHIVER_VIEM_POLLING_INTERVAL_MS'
   | 'ARCHIVER_BATCH_SIZE'
   | 'AZTEC_ADMIN_PORT'
+  | 'AZTEC_ADMIN_API_KEY_HASH'
+  | 'AZTEC_DISABLE_ADMIN_API_KEY'
+  | 'AZTEC_RESET_ADMIN_API_KEY'
   | 'AZTEC_NODE_ADMIN_URL'
   | 'AZTEC_NODE_URL'
   | 'AZTEC_PORT'
@@ -47,7 +50,10 @@ export type EnvVar =
   | 'BOT_TX_MINED_WAIT_SECONDS'
   | 'BOT_MAX_CONSECUTIVE_ERRORS'
   | 'BOT_STOP_WHEN_UNHEALTHY'
-  | 'BOT_AMM_TXS'
+  | 'BOT_MODE'
+  | 'BOT_L2_TO_L1_MESSAGES_PER_TX'
+  | 'BOT_L1_TO_L2_SEED_COUNT'
+  | 'BOT_L1_TO_L2_SEED_INTERVAL'
   | 'COINBASE'
   | 'CRS_PATH'
   | 'DATA_DIRECTORY'
@@ -64,6 +70,7 @@ export type EnvVar =
   | 'PUBLIC_DATA_TREE_MAP_SIZE_KB'
   | 'DEBUG'
   | 'DEBUG_P2P_DISABLE_COLOCATION_PENALTY'
+  | 'ENABLE_PROVER_NODE'
   | 'ETHEREUM_HOSTS'
   | 'ETHEREUM_DEBUG_HOSTS'
   | 'ETHEREUM_ALLOW_NO_DEBUG_HOSTS'
@@ -75,8 +82,10 @@ export type EnvVar =
   | 'L1_CONSENSUS_HOST_URLS'
   | 'L1_CONSENSUS_HOST_API_KEYS'
   | 'L1_CONSENSUS_HOST_API_KEY_HEADERS'
+  | 'L1_TX_FAILED_STORE'
   | 'LOG_JSON'
   | 'LOG_MULTILINE'
+  | 'LOG_NO_COLOR_PER_ACTOR'
   | 'LOG_LEVEL'
   | 'MNEMONIC'
   | 'NETWORK'
@@ -94,7 +103,12 @@ export type EnvVar =
   | 'PUBLIC_OTEL_INCLUDE_METRICS'
   | 'PUBLIC_OTEL_COLLECT_FROM'
   | 'PUBLIC_OTEL_OPT_OUT'
+  | 'P2P_BATCH_TX_REQUESTER_SMART_PARALLEL_WORKER_COUNT'
+  | 'P2P_BATCH_TX_REQUESTER_DUMB_PARALLEL_WORKER_COUNT'
+  | 'P2P_BATCH_TX_REQUESTER_TX_BATCH_SIZE'
+  | 'P2P_BATCH_TX_REQUESTER_BAD_PEER_THRESHOLD'
   | 'P2P_BLOCK_CHECK_INTERVAL_MS'
+  | 'P2P_SLOT_CHECK_INTERVAL_MS'
   | 'P2P_BLOCK_REQUEST_BATCH_SIZE'
   | 'P2P_BOOTSTRAP_NODE_ENR_VERSION_CHECK'
   | 'P2P_BOOTSTRAP_NODES_AS_FULL_PEERS'
@@ -135,9 +149,9 @@ export type EnvVar =
   | 'P2P_PREFERRED_PEERS'
   | 'P2P_MAX_PENDING_TX_COUNT'
   | 'P2P_SEEN_MSG_CACHE_SIZE'
-  | 'P2P_DROP_TX'
   | 'P2P_DROP_TX_CHANCE'
   | 'P2P_TX_POOL_DELETE_TXS_AFTER_REORG'
+  | 'P2P_MIN_TX_POOL_AGE_MS'
   | 'DEBUG_P2P_INSTRUMENT_MESSAGES'
   | 'PEER_ID_PRIVATE_KEY'
   | 'PEER_ID_PRIVATE_KEY_PATH'
@@ -151,8 +165,10 @@ export type EnvVar =
   | 'PROVER_BROKER_BATCH_INTERVAL_MS'
   | 'PROVER_BROKER_BATCH_SIZE'
   | 'PROVER_BROKER_MAX_EPOCHS_TO_KEEP_RESULTS_FOR'
+  | 'PROVER_BROKER_DEBUG_REPLAY_ENABLED'
   | 'PROVER_CANCEL_JOBS_ON_STOP'
   | 'PROVER_COORDINATION_NODE_URLS'
+  | 'PROVER_PROOF_STORE'
   | 'PROVER_FAILED_PROOF_STORE'
   | 'PROVER_NODE_FAILED_EPOCH_STORE'
   | 'PROVER_NODE_DISABLE_PROOF_PUBLISH'
@@ -200,9 +216,11 @@ export type EnvVar =
   | 'SEQ_L1_PUBLISHING_TIME_ALLOWANCE_IN_SLOT'
   | 'SEQ_ATTESTATION_PROPAGATION_TIME'
   | 'SEQ_BLOCK_DURATION_MS'
+  | 'SEQ_EXPECTED_BLOCK_PROPOSALS_PER_SLOT'
   | 'SEQ_BUILD_CHECKPOINT_IF_EMPTY'
   | 'SEQ_SECONDS_BEFORE_INVALIDATING_BLOCK_AS_COMMITTEE_MEMBER'
   | 'SEQ_SECONDS_BEFORE_INVALIDATING_BLOCK_AS_NON_COMMITTEE_MEMBER'
+  | 'SEQ_SKIP_CHECKPOINT_PUBLISH_PERCENT'
   | 'SLASH_MIN_PENALTY_PERCENTAGE'
   | 'SLASH_MAX_PENALTY_PERCENTAGE'
   | 'SLASH_VALIDATORS_ALWAYS'
@@ -213,6 +231,8 @@ export type EnvVar =
   | 'SLASH_INACTIVITY_TARGET_PERCENTAGE'
   | 'SLASH_INACTIVITY_CONSECUTIVE_EPOCH_THRESHOLD'
   | 'SLASH_INVALID_BLOCK_PENALTY'
+  | 'SLASH_DUPLICATE_PROPOSAL_PENALTY'
+  | 'SLASH_DUPLICATE_ATTESTATION_PENALTY'
   | 'SLASH_OVERRIDE_PAYLOAD'
   | 'SLASH_PROPOSE_INVALID_ATTESTATIONS_PENALTY'
   | 'SLASH_ATTEST_DESCENDANT_OF_INVALID_PENALTY'
@@ -237,6 +257,20 @@ export type EnvVar =
   | 'TX_COLLECTION_FAST_MAX_PARALLEL_REQUESTS_PER_NODE'
   | 'TX_COLLECTION_NODE_RPC_MAX_BATCH_SIZE'
   | 'TX_COLLECTION_NODE_RPC_URLS'
+  | 'TX_COLLECTION_MISSING_TXS_COLLECTOR_TYPE'
+  | 'TX_COLLECTION_FILE_STORE_URLS'
+  | 'TX_COLLECTION_FILE_STORE_SLOW_DELAY_MS'
+  | 'TX_COLLECTION_FILE_STORE_FAST_DELAY_MS'
+  | 'TX_COLLECTION_FILE_STORE_FAST_WORKER_COUNT'
+  | 'TX_COLLECTION_FILE_STORE_SLOW_WORKER_COUNT'
+  | 'TX_COLLECTION_FILE_STORE_FAST_BACKOFF_BASE_MS'
+  | 'TX_COLLECTION_FILE_STORE_SLOW_BACKOFF_BASE_MS'
+  | 'TX_COLLECTION_FILE_STORE_FAST_BACKOFF_MAX_MS'
+  | 'TX_COLLECTION_FILE_STORE_SLOW_BACKOFF_MAX_MS'
+  | 'TX_FILE_STORE_URL'
+  | 'TX_FILE_STORE_UPLOAD_CONCURRENCY'
+  | 'TX_FILE_STORE_MAX_QUEUE_SIZE'
+  | 'TX_FILE_STORE_ENABLED'
   | 'TX_PUBLIC_SETUP_ALLOWLIST'
   | 'TXE_PORT'
   | 'TRANSACTIONS_DISABLED'
@@ -251,6 +285,7 @@ export type EnvVar =
   | 'WS_BLOCK_REQUEST_BATCH_SIZE'
   | 'L1_READER_VIEM_POLLING_INTERVAL_MS'
   | 'WS_DATA_DIRECTORY'
+  | 'WS_NUM_HISTORIC_CHECKPOINTS'
   | 'WS_NUM_HISTORIC_BLOCKS'
   | 'ETHEREUM_SLOT_DURATION'
   | 'AZTEC_SLOT_DURATION'
@@ -320,6 +355,7 @@ export type EnvVar =
   | 'VALIDATOR_HA_POLLING_INTERVAL_MS'
   | 'VALIDATOR_HA_SIGNING_TIMEOUT_MS'
   | 'VALIDATOR_HA_MAX_STUCK_DUTIES_AGE_MS'
+  | 'VALIDATOR_HA_OLD_DUTIES_MAX_AGE_H'
   | 'VALIDATOR_HA_DATABASE_URL'
   | 'VALIDATOR_HA_RUN_MIGRATIONS'
   | 'VALIDATOR_HA_POOL_MAX'

package/src/config/network_name.ts

@@ -5,7 +5,8 @@ export type NetworkNames =
   | 'testnet'
   | 'mainnet'
   | 'next-net'
-  | 'devnet';
+  | 'devnet'
+  | `v${number}-devnet-${number}`;
 
 export function getActiveNetworkName(name?: string): NetworkNames {
   const network = name || process.env.NETWORK;
@@ -23,6 +24,8 @@ export function getActiveNetworkName(name?: string): NetworkNames {
     return 'next-net';
   } else if (network === 'devnet') {
     return 'devnet';
+  } else if (/^v\d+-devnet-\d+$/.test(network)) {
+    return network as `v${number}-devnet-${number}`;
   }
   throw new Error(`Unknown network: ${network}`);
 }

package/src/crypto/poseidon/index.ts

@@ -1,4 +1,4 @@
-import { BarretenbergSync } from '@aztec/bb.js';
+import { Barretenberg } from '@aztec/bb.js';
 
 import { Fr } from '../../curves/bn254/field.js';
 import { type Fieldable, serializeToFields } from '../../serialize/serialize.js';
@@ -10,9 +10,9 @@ import { type Fieldable, serializeToFields } from '../../serialize/serialize.js'
  */
 export async function poseidon2Hash(input: Fieldable[]): Promise<Fr> {
   const inputFields = serializeToFields(input);
-  await BarretenbergSync.initSingleton();
-  const api = BarretenbergSync.getSingleton();
-  const response = api.poseidon2Hash({
+  await Barretenberg.initSingleton();
+  const api = Barretenberg.getSingleton();
+  const response = await api.poseidon2Hash({
     inputs: inputFields.map(i => i.toBuffer()),
   });
   return Fr.fromBuffer(Buffer.from(response.hash));
@@ -27,9 +27,9 @@ export async function poseidon2Hash(input: Fieldable[]): Promise<Fr> {
 export async function poseidon2HashWithSeparator(input: Fieldable[], separator: number): Promise<Fr> {
   const inputFields = serializeToFields(input);
   inputFields.unshift(new Fr(separator));
-  await BarretenbergSync.initSingleton();
-  const api = BarretenbergSync.getSingleton();
-  const response = api.poseidon2Hash({
+  await Barretenberg.initSingleton();
+  const api = Barretenberg.getSingleton();
+  const response = await api.poseidon2Hash({
     inputs: inputFields.map(i => i.toBuffer()),
   });
   return Fr.fromBuffer(Buffer.from(response.hash));
@@ -44,9 +44,9 @@ export async function poseidon2Permutation(input: Fieldable[]): Promise<Fr[]> {
   const inputFields = serializeToFields(input);
   // We'd like this assertion but it's not possible to use it in the browser.
   // assert(input.length === 4, 'Input state must be of size 4');
-  await BarretenbergSync.initSingleton();
-  const api = BarretenbergSync.getSingleton();
-  const response = api.poseidon2Permutation({
+  await Barretenberg.initSingleton();
+  const api = Barretenberg.getSingleton();
+  const response = await api.poseidon2Permutation({
     inputs: inputFields.map(i => i.toBuffer()),
   });
   // We'd like this assertion but it's not possible to use it in the browser.
@@ -65,9 +65,9 @@ export async function poseidon2HashBytes(input: Buffer): Promise<Fr> {
     inputFields.push(Fr.fromBuffer(fieldBytes));
   }
 
-  await BarretenbergSync.initSingleton();
-  const api = BarretenbergSync.getSingleton();
-  const response = api.poseidon2Hash({
+  await Barretenberg.initSingleton();
+  const api = Barretenberg.getSingleton();
+  const response = await api.poseidon2Hash({
     inputs: inputFields.map(i => i.toBuffer()),
   });
 

package/src/crypto/random/randomness_singleton.ts

@@ -1,4 +1,4 @@
-import { createLogger } from '../../log/pino-logger.js';
+import { type Logger, type LoggerBindings, createLogger } from '../../log/pino-logger.js';
 
 /**
  * A number generator which is used as a source of randomness in the system. If the SEED env variable is set, the
@@ -12,9 +12,13 @@ export class RandomnessSingleton {
   private static instance: RandomnessSingleton;
 
   private counter = 0;
-  private readonly log = createLogger('foundation:randomness_singleton');
+  private log: Logger;
 
-  private constructor(private readonly seed?: number) {
+  private constructor(
+    private readonly seed?: number,
+    bindings?: LoggerBindings,
+  ) {
+    this.log = createLogger('foundation:randomness_singleton', bindings);
     if (seed !== undefined) {
       this.log.debug(`Using pseudo-randomness with seed: ${seed}`);
       this.counter = seed;
@@ -23,10 +27,10 @@ export class RandomnessSingleton {
     }
   }
 
-  public static getInstance(): RandomnessSingleton {
+  public static getInstance(bindings?: LoggerBindings): RandomnessSingleton {
     if (!RandomnessSingleton.instance) {
       const seed = process.env.SEED ? Number(process.env.SEED) : undefined;
-      RandomnessSingleton.instance = new RandomnessSingleton(seed);
+      RandomnessSingleton.instance = new RandomnessSingleton(seed, bindings);
     }
 
     return RandomnessSingleton.instance;

package/src/curves/bn254/field.ts

@@ -118,14 +118,18 @@ abstract class BaseField {
   }
 
   cmp(rhs: BaseField): -1 | 0 | 1 {
-    const rhsBigInt = rhs.asBigInt;
-    return this.asBigInt === rhsBigInt ? 0 : this.asBigInt < rhsBigInt ? -1 : 1;
+    return BaseField.cmpAsBigInt(this.asBigInt, rhs.asBigInt);
   }
 
   static cmp(lhs: BaseField, rhs: BaseField): -1 | 0 | 1 {
     return lhs.cmp(rhs);
   }
 
+  // Actual bigint comparison. Arguments must have been validated previously.
+  static cmpAsBigInt(lhs: bigint, rhs: bigint): -1 | 0 | 1 {
+    return lhs === rhs ? 0 : lhs < rhs ? -1 : 1;
+  }
+
   isZero(): boolean {
     return this.asBigInt === 0n;
   }

package/src/jest/setup.mjs

@@ -1,3 +1,4 @@
+import { parseBooleanEnv } from '@aztec/foundation/config';
 import { overwriteLoggingStream, pinoPrettyOpts } from '@aztec/foundation/log';
 
 import pretty from 'pino-pretty';
@@ -6,4 +7,33 @@ import pretty from 'pino-pretty';
 // file so we don't mess up with dependencies in non-testing environments,
 // since pino-pretty messes up with browser bundles.
 // See also https://www.npmjs.com/package/pino-pretty?activeTab=readme#user-content-usage-with-jest
-overwriteLoggingStream(pretty(pinoPrettyOpts));
+if (!parseBooleanEnv(process.env.LOG_JSON)) {
+  overwriteLoggingStream(pretty(pinoPrettyOpts));
+}
+
+// Prevent timers from keeping the process alive after tests complete.
+// Libraries like viem create internal polling loops (via setTimeout) that
+// reschedule themselves indefinitely. In test environments we never want a
+// timer to be the reason the process can't exit. We also unref stdout/stderr
+// which, when they are pipes (as in Jest workers), remain ref'd by default.
+{
+  const origSetTimeout = globalThis.setTimeout;
+  const origSetInterval = globalThis.setInterval;
+  globalThis.setTimeout = function unrefSetTimeout(...args) {
+    const id = origSetTimeout.apply(this, args);
+    id?.unref?.();
+    return id;
+  };
+  // Preserve .unref, .__promisify__ etc. that may exist on the original
+  Object.setPrototypeOf(globalThis.setTimeout, origSetTimeout);
+
+  globalThis.setInterval = function unrefSetInterval(...args) {
+    const id = origSetInterval.apply(this, args);
+    id?.unref?.();
+    return id;
+  };
+  Object.setPrototypeOf(globalThis.setInterval, origSetInterval);
+
+  if (process.stdout?._handle?.unref) process.stdout._handle.unref();
+  if (process.stderr?._handle?.unref) process.stderr._handle.unref();
+}

package/src/json-rpc/client/safe_json_rpc_client.ts

@@ -24,6 +24,7 @@ export type SafeJsonRpcClientOptions = {
   batchWindowMS?: number;
   maxBatchSize?: number;
   maxRequestBodySize?: number;
+  extraHeaders?: Record<string, string>;
   onResponse?: (res: {
     response: any;
     headers: { get: (header: string) => string | null | undefined };
@@ -129,6 +130,7 @@ export function createSafeJsonRpcClient<T extends object>(
       const { response, headers } = await fetch(
         host,
         rpcCalls.map(({ request }) => request),
+        config.extraHeaders,
       );
 
       if (config.onResponse) {

package/src/json-rpc/server/api_key_auth.ts

@@ -0,0 +1,63 @@
+import { timingSafeEqual } from 'crypto';
+import type Koa from 'koa';
+
+import { sha256 } from '../../crypto/sha256/index.js';
+import { createLogger } from '../../log/index.js';
+
+const log = createLogger('json-rpc:api-key-auth');
+
+/**
+ * Computes the SHA-256 hash of a string and returns it as a Buffer.
+ * @param input - The input string to hash.
+ * @returns The SHA-256 hash as a Buffer.
+ */
+export function sha256Hash(input: string): Buffer {
+  return sha256(Buffer.from(input));
+}
+
+/**
+ * Creates a Koa middleware that enforces API key authentication on all requests
+ * except the health check endpoint (GET /status).
+ *
+ * The API key can be provided via the `x-api-key` header or the `Authorization: Bearer <key>` header.
+ * Comparison is done by hashing the provided key with SHA-256 and comparing against the stored hash.
+ *
+ * @param apiKeyHash - The SHA-256 hash of the expected API key as a Buffer.
+ * @returns A Koa middleware that rejects requests without a valid API key.
+ */
+export function getApiKeyAuthMiddleware(
+  apiKeyHash: Buffer,
+): (ctx: Koa.Context, next: () => Promise<void>) => Promise<void> {
+  return async (ctx: Koa.Context, next: () => Promise<void>) => {
+    // Allow health check through without auth
+    if (ctx.path === '/status' && ctx.method === 'GET') {
+      return next();
+    }
+
+    const providedKey = ctx.get('x-api-key') || ctx.get('authorization')?.replace(/^Bearer\s+/i, '');
+    if (!providedKey) {
+      log.warn(`Rejected admin RPC request from ${ctx.ip}: missing API key`);
+      ctx.status = 401;
+      ctx.body = {
+        jsonrpc: '2.0',
+        id: null,
+        error: { code: -32000, message: 'Unauthorized: invalid or missing API key' },
+      };
+      return;
+    }
+
+    const providedHashBuf = sha256Hash(providedKey);
+    if (!timingSafeEqual(apiKeyHash, providedHashBuf)) {
+      log.warn(`Rejected admin RPC request from ${ctx.ip}: invalid API key`);
+      ctx.status = 401;
+      ctx.body = {
+        jsonrpc: '2.0',
+        id: null,
+        error: { code: -32000, message: 'Unauthorized: invalid or missing API key' },
+      };
+      return;
+    }
+
+    await next();
+  };
+}

package/src/json-rpc/server/index.ts

@@ -1 +1,2 @@
+export * from './api_key_auth.js';
 export * from './safe_json_rpc_server.js';

package/src/log/bigint-utils.ts

@@ -0,0 +1,22 @@
+/**
+ * Converts bigint values to strings recursively in a log object to avoid serialization issues.
+ */
+export function convertBigintsToStrings(obj: unknown): unknown {
+  if (typeof obj === 'bigint') {
+    return String(obj);
+  }
+
+  if (Array.isArray(obj)) {
+    return obj.map(item => convertBigintsToStrings(item));
+  }
+
+  if (obj !== null && typeof obj === 'object') {
+    const result: Record<string, unknown> = {};
+    for (const key in obj) {
+      result[key] = convertBigintsToStrings((obj as Record<string, unknown>)[key]);
+    }
+    return result;
+  }
+
+  return obj;
+}

package/src/log/gcloud-logger-config.ts

@@ -1,5 +1,7 @@
 import type { pino } from 'pino';
 
+import { convertBigintsToStrings } from './bigint-utils.js';
+
 /* eslint-disable camelcase */
 
 const GOOGLE_CLOUD_TRACE_ID = 'logging.googleapis.com/trace';
@@ -15,6 +17,9 @@ export const GoogleCloudLoggerConfig = {
   messageKey: 'message',
   formatters: {
     log(object: Record<string, unknown>): Record<string, unknown> {
+      // Convert bigints to strings recursively to avoid serialization issues
+      object = convertBigintsToStrings(object) as Record<string, unknown>;
+
       // Add trace context attributes following Cloud Logging structured log format described
       // in https://cloud.google.com/logging/docs/structured-logging#special-payload-fields
       const { trace_id, span_id, trace_flags, ...rest } = object;

package/src/log/libp2p_logger.ts

@@ -2,15 +2,17 @@ import type { ComponentLogger, Logger } from '@libp2p/interface';
 
 import { getLogLevelFromFilters } from './log-filters.js';
 import type { LogLevel } from './log-levels.js';
-import { logFilters, logger } from './pino-logger.js';
+import { type LoggerBindings, logFilters, logger } from './pino-logger.js';
 
 /**
  * Creates a libp2p compatible logger that wraps our pino logger.
  * This adapter implements the ComponentLogger interface required by libp2p.
+ * @param namespace - Base namespace for the logger
+ * @param bindings - Optional bindings to pass to the logger (actor, instanceId)
  */
-export function createLibp2pComponentLogger(namespace: string): ComponentLogger {
+export function createLibp2pComponentLogger(namespace: string, bindings?: LoggerBindings): ComponentLogger {
   return {
-    forComponent: (component: string) => createLibp2pLogger(`${namespace}:${component}`),
+    forComponent: (component: string) => createLibp2pLogger(`${namespace}:${component}`, bindings),
   };
 }
 
@@ -24,9 +26,14 @@ function replaceFormatting(message: string) {
   return message.replace(/(%p|%a)/g, '%s');
 }
 
-function createLibp2pLogger(component: string): Logger {
+function createLibp2pLogger(component: string, bindings?: LoggerBindings): Logger {
   // Create a direct pino logger instance for libp2p that supports string interpolation
-  const log = logger.child({ module: component }, { level: getLogLevelFromFilters(logFilters, component) });
+  const actor = bindings?.actor;
+  const instanceId = bindings?.instanceId;
+  const log = logger.child(
+    { module: component, ...(actor && { actor }), ...(instanceId && { instanceId }) },
+    { level: getLogLevelFromFilters(logFilters, component) },
+  );
 
   const logIfEnabled = (level: LogLevel, message: string, ...args: unknown[]) => {
     if (!log.isLevelEnabled(level)) {

package/src/log/log-filters.ts

@@ -19,22 +19,40 @@ export function getLogLevelFromFilters(filters: LogFilters, module: string): Log
   return undefined;
 }
 
-export function assertLogLevel(level: string): asserts level is LogLevel {
-  if (!LogLevels.includes(level as LogLevel)) {
-    throw new Error(`Invalid log level: ${level}`);
+/**
+ * Parses the LOG_LEVEL env string into a default level and per-module filter overrides.
+ *
+ * Format: `<default_level>;<level>:<module1>,<module2>;<level>:<module3>;...`
+ * - First segment (before the first `;`) is the default log level for all modules.
+ * - Remaining segments are `level:module` pairs: apply the given level to the listed modules (comma-separated).
+ * - Later filters override earlier ones for overlapping module matches.
+ * - The `aztec:` prefix is stripped from module names; spaces are trimmed.
+ *
+ * @example
+ * ```ts
+ * parseLogLevel('debug;warn:module1,module2;error:module3', 'info')
+ * // => ['debug', [['module3', 'error'], ['module2', 'warn'], ['module1', 'warn']]]
+ * ```
+ */
+export function parseLogLevelEnvVar(
+  logLevelEnvVar: string | undefined,
+  defaultLevel: LogLevel,
+): [LogLevel, LogFilters] {
+  if (!logLevelEnvVar) {
+    return [defaultLevel, []];
   }
+  const [level] = logLevelEnvVar.split(';', 1);
+  assertValidLogLevel(level);
+  return [level, parseFilters(logLevelEnvVar.slice(level.length + 1))];
 }
 
-export function parseEnv(env: string | undefined, defaultLevel: LogLevel): [LogLevel, LogFilters] {
-  if (!env) {
-    return [defaultLevel, []];
+function assertValidLogLevel(level: string): asserts level is LogLevel {
+  if (!LogLevels.includes(level as LogLevel)) {
+    throw new Error(`Invalid log level: ${level}`);
   }
-  const [level] = env.split(';', 1);
-  assertLogLevel(level);
-  return [level, parseFilters(env.slice(level.length + 1))];
 }
 
-export function parseFilters(definition: string | undefined): LogFilters {
+function parseFilters(definition: string | undefined): LogFilters {
   if (!definition) {
     return [];
   }
@@ -48,7 +66,7 @@ export function parseFilters(definition: string | undefined): LogFilters {
       throw new Error(`Invalid log filter statement: ${statement}`);
     }
     const sanitizedLevel = level.trim().toLowerCase();
-    assertLogLevel(sanitizedLevel);
+    assertValidLogLevel(sanitizedLevel);
     for (const module of modules.split(',')) {
       filters.push([
         module

package/src/log/pino-logger-server.ts

@@ -0,0 +1,25 @@
+import { AsyncLocalStorage } from 'node:async_hooks';
+
+import { type LoggerBindings, addLogBindingsHandler, removeLogBindingsHandler } from './pino-logger.js';
+
+/** AsyncLocalStorage for logger bindings context propagation (Node.js only). */
+const bindingsStorage = new AsyncLocalStorage<LoggerBindings>();
+
+/** Returns the current bindings from AsyncLocalStorage, if any. */
+export function getBindings(): LoggerBindings | undefined {
+  return bindingsStorage.getStore();
+}
+
+/**
+ * Runs a callback within a bindings context. All loggers created within the callback
+ * will automatically inherit the bindings (actor, instanceId) via the log bindings handler.
+ */
+export async function withLoggerBindings<T>(bindings: LoggerBindings, callback: () => Promise<T>): Promise<T> {
+  const handler = () => bindingsStorage.getStore();
+  addLogBindingsHandler(handler);
+  try {
+    return await bindingsStorage.run(bindings, callback);
+  } finally {
+    removeLogBindingsHandler(handler);
+  }
+}