@aztec/foundation 0.0.1-commit.fce3e4f → 0.0.1-commit.ff7989d6c

package/src/curves/bn254/point.ts

@@ -0,0 +1,170 @@
+import {
+  BN254_G1_GENERATOR,
+  BN254_G2_GENERATOR,
+  BarretenbergSync,
+  type Bn254G1Point as BbApiBn254G1Point,
+  type Bn254G2Point as BbApiBn254G2Point,
+} from '@aztec/bb.js';
+
+import { Fq, Fr } from './field.js';
+
+/**
+ * BN254 G1 point using foundation field classes.
+ * Represents a point on the BN254 elliptic curve in affine coordinates.
+ */
+export class Bn254G1Point {
+  constructor(
+    public readonly x: Fq,
+    public readonly y: Fq,
+  ) {}
+
+  private toBbApiPoint(): BbApiBn254G1Point {
+    return {
+      x: this.x.toBuffer(),
+      y: this.y.toBuffer(),
+    };
+  }
+
+  private static fromBbApiPoint(point: BbApiBn254G1Point): Bn254G1Point {
+    return new Bn254G1Point(Fq.fromBuffer(Buffer.from(point.x)), Fq.fromBuffer(Buffer.from(point.y)));
+  }
+
+  async isOnCurve(): Promise<boolean> {
+    await BarretenbergSync.initSingleton();
+    const api = BarretenbergSync.getSingleton();
+
+    const apiPoint = this.toBbApiPoint();
+    const response = api.bn254G1IsOnCurve({ point: apiPoint });
+    return response.isOnCurve;
+  }
+
+  /**
+   * Get the generator point for BN254 G1, or perform scalar multiplication.
+   * When called without arguments, returns the base generator point.
+   * When called with a scalar, returns scalar * generator (useful for public key derivation).
+   */
+  static async generator(scalar?: Fr): Promise<Bn254G1Point> {
+    if (!scalar) {
+      return new Bn254G1Point(
+        Fq.fromBuffer(Buffer.from(BN254_G1_GENERATOR.x)),
+        Fq.fromBuffer(Buffer.from(BN254_G1_GENERATOR.y)),
+      );
+    }
+
+    await BarretenbergSync.initSingleton();
+    const api = BarretenbergSync.getSingleton();
+
+    const response = api.bn254G1Mul({
+      point: BN254_G1_GENERATOR,
+      scalar: scalar.toBuffer(),
+    });
+
+    return Bn254G1Point.fromBbApiPoint(response.point);
+  }
+
+  /**
+   * Decompress a BN254 G1 point from compressed form (32 bytes).
+   * The compressed format encodes the x-coordinate and the sign bit of the y-coordinate
+   * in the most significant bit.
+   */
+  static async fromCompressed(compressed: Buffer): Promise<Bn254G1Point> {
+    if (compressed.length !== 32) {
+      throw new Error('Invalid compressed point length');
+    }
+    await BarretenbergSync.initSingleton();
+    const api = BarretenbergSync.getSingleton();
+
+    const response = api.bn254G1FromCompressed({
+      compressed: new Uint8Array(compressed),
+    });
+
+    return Bn254G1Point.fromBbApiPoint(response.point);
+  }
+
+  /**
+   * Compress this BN254 G1 point to 32 bytes.
+   * The compressed format encodes the x-coordinate and the sign bit of the y-coordinate
+   * in the most significant bit (bit 255).
+   */
+  compress(): Buffer {
+    const xBytes = this.x.toBuffer();
+    // Get the least significant bit of y to determine the sign
+    const yLsb = this.y.toBigInt() & 1n;
+    // If y is odd, set the most significant bit (bit 255) of the output
+    if (yLsb === 1n) {
+      xBytes[0] |= 0x80;
+    }
+    return xBytes;
+  }
+
+  equals(other: Bn254G1Point): boolean {
+    return this.x.equals(other.x) && this.y.equals(other.y);
+  }
+
+  toString(): string {
+    return `Bn254G1Point(x: ${this.x.toString()}, y: ${this.y.toString()})`;
+  }
+}
+
+/**
+ * BN254 G2 point using foundation field classes.
+ * Represents a point on the BN254 G2 curve (twist curve) in affine coordinates.
+ * G2 points use extension field coordinates (Fq2).
+ */
+export class Bn254G2Point {
+  constructor(
+    public readonly x: [Fq, Fq],
+    public readonly y: [Fq, Fq],
+  ) {}
+
+  private toBbApiPoint(): BbApiBn254G2Point {
+    return {
+      x: [this.x[0].toBuffer(), this.x[1].toBuffer()],
+      y: [this.y[0].toBuffer(), this.y[1].toBuffer()],
+    };
+  }
+
+  private static fromBbApiPoint(point: BbApiBn254G2Point): Bn254G2Point {
+    return new Bn254G2Point(
+      [Fq.fromBuffer(Buffer.from(point.x[0])), Fq.fromBuffer(Buffer.from(point.x[1]))],
+      [Fq.fromBuffer(Buffer.from(point.y[0])), Fq.fromBuffer(Buffer.from(point.y[1]))],
+    );
+  }
+
+  /**
+   * Get the generator point for BN254 G2, or perform scalar multiplication.
+   * When called without arguments, returns the base generator point.
+   * When called with a scalar, returns scalar * generator.
+   */
+  static async generator(scalar?: Fr): Promise<Bn254G2Point> {
+    if (!scalar) {
+      return new Bn254G2Point(
+        [Fq.fromBuffer(Buffer.from(BN254_G2_GENERATOR.x[0])), Fq.fromBuffer(Buffer.from(BN254_G2_GENERATOR.x[1]))],
+        [Fq.fromBuffer(Buffer.from(BN254_G2_GENERATOR.y[0])), Fq.fromBuffer(Buffer.from(BN254_G2_GENERATOR.y[1]))],
+      );
+    }
+
+    await BarretenbergSync.initSingleton();
+    const api = BarretenbergSync.getSingleton();
+
+    const response = api.bn254G2Mul({
+      point: BN254_G2_GENERATOR as BbApiBn254G2Point,
+      scalar: scalar.toBuffer(),
+    });
+
+    return Bn254G2Point.fromBbApiPoint(response.point);
+  }
+
+  equals(other: Bn254G2Point): boolean {
+    return (
+      this.x[0].equals(other.x[0]) &&
+      this.x[1].equals(other.x[1]) &&
+      this.y[0].equals(other.y[0]) &&
+      this.y[1].equals(other.y[1])
+    );
+  }
+
+  toString(): string {
+    return `Bn254G2Point(x: (${this.x[0].toString()}, ${this.x[1].toString()}), y: (${this.y[0].toString()}, ${this.y[1].toString()}))`;
+  }
+}

package/src/curves/grumpkin/index.ts

@@ -0,0 +1,11 @@
+import { Fq } from '../bn254/field.js';
+
+export * from './point.js';
+
+/**
+ * GrumpkinScalar is an Fq.
+ * @remarks Called GrumpkinScalar because it is used to represent elements in Grumpkin's scalar field as defined in
+ *          the Aztec Protocol Specs.
+ */
+export type GrumpkinScalar = Fq;
+export const GrumpkinScalar = Fq;

package/src/{fields → curves/grumpkin}/point.ts

@@ -1,10 +1,10 @@
-import { toBigIntBE } from '../bigint-buffer/index.js';
-import { poseidon2Hash } from '../crypto/poseidon/index.js';
-import { randomBoolean } from '../crypto/random/index.js';
-import { hexSchemaFor } from '../schemas/utils.js';
-import { BufferReader, FieldReader, serializeToBuffer } from '../serialize/index.js';
-import { bufferToHex, hexToBuffer } from '../string/index.js';
-import { Fr } from './fields.js';
+import { toBigIntBE } from '../../bigint-buffer/index.js';
+import { poseidon2Hash } from '../../crypto/poseidon/index.js';
+import { randomBoolean } from '../../crypto/random/index.js';
+import { hexSchemaFor } from '../../schemas/utils.js';
+import { BufferReader, FieldReader, serializeToBuffer } from '../../serialize/index.js';
+import { bufferToHex, hexToBuffer } from '../../string/index.js';
+import { Fr } from '../bn254/field.js';
 
 /**
  * Represents a Point on an elliptic curve with x and y coordinates.

package/src/eth-address/index.ts

@@ -2,7 +2,7 @@ import { inspect } from 'util';
 
 import { keccak256String } from '../crypto/keccak/index.js';
 import { randomBytes } from '../crypto/random/index.js';
-import { Fr } from '../fields/index.js';
+import { Fr } from '../curves/bn254/index.js';
 import { hexSchemaFor } from '../schemas/utils.js';
 import { BufferReader, FieldReader } from '../serialize/index.js';
 import { TypeRegistry } from '../serialize/type_registry.js';
@@ -249,7 +249,7 @@ export class EthAddress {
   /** Converts a number into an address. Useful for testing. */
   static fromNumber(num: bigint | number): EthAddress {
     const buffer = Buffer.alloc(EthAddress.SIZE_IN_BYTES);
-    buffer.writeBigUInt64BE(BigInt(num), 0);
+    buffer.writeBigUInt64BE(BigInt(num), EthAddress.SIZE_IN_BYTES - 8);
     return new EthAddress(buffer);
   }
 
@@ -261,6 +261,12 @@ export class EthAddress {
     // Serialization from hex string.
     return hexSchemaFor(EthAddress, EthAddress.isAddress);
   }
+
+  static areEqual(a: EthAddress | string, b: EthAddress | string) {
+    const addrA = typeof a === 'string' ? EthAddress.fromString(a) : a;
+    const addrB = typeof b === 'string' ? EthAddress.fromString(b) : b;
+    return addrA.equals(addrB);
+  }
 }
 
 // For deserializing JSON.

package/src/iterator/filter.ts

@@ -0,0 +1,11 @@
+/** Wraps an async iterable iterator such that it filters values based on a predicate. */
+export async function* filter<T>(
+  iterator: AsyncIterableIterator<T>,
+  predicate: (item: T) => boolean | Promise<boolean>,
+): AsyncIterableIterator<T> {
+  for await (const item of iterator) {
+    if (await predicate(item)) {
+      yield item;
+    }
+  }
+}

package/src/iterator/index.ts

@@ -0,0 +1 @@
+export { filter } from './filter.js';

package/src/jest/setup.mjs

@@ -1,3 +1,4 @@
+import { parseBooleanEnv } from '@aztec/foundation/config';
 import { overwriteLoggingStream, pinoPrettyOpts } from '@aztec/foundation/log';
 
 import pretty from 'pino-pretty';
@@ -6,4 +7,6 @@ import pretty from 'pino-pretty';
 // file so we don't mess up with dependencies in non-testing environments,
 // since pino-pretty messes up with browser bundles.
 // See also https://www.npmjs.com/package/pino-pretty?activeTab=readme#user-content-usage-with-jest
-overwriteLoggingStream(pretty(pinoPrettyOpts));
+if (!parseBooleanEnv(process.env.LOG_JSON)) {
+  overwriteLoggingStream(pretty(pinoPrettyOpts));
+}

package/src/json-rpc/client/safe_json_rpc_client.ts

@@ -24,6 +24,7 @@ export type SafeJsonRpcClientOptions = {
   batchWindowMS?: number;
   maxBatchSize?: number;
   maxRequestBodySize?: number;
+  extraHeaders?: Record<string, string>;
   onResponse?: (res: {
     response: any;
     headers: { get: (header: string) => string | null | undefined };
@@ -129,6 +130,7 @@ export function createSafeJsonRpcClient<T extends object>(
       const { response, headers } = await fetch(
         host,
         rpcCalls.map(({ request }) => request),
+        config.extraHeaders,
       );
 
       if (config.onResponse) {

package/src/json-rpc/client/undici.ts

@@ -1,3 +1,5 @@
+import { promisify } from 'node:util';
+import { gunzip as gunzipCb, gzip as gzipCb } from 'node:zlib';
 import { Agent, type Dispatcher } from 'undici';
 
 import { createLogger } from '../../log/pino-logger.js';
@@ -5,8 +7,14 @@ import { NoRetryError } from '../../retry/index.js';
 import { jsonStringify } from '../convert.js';
 import type { JsonRpcFetch } from './fetch.js';
 
+const gzip = promisify(gzipCb);
+const gunzip = promisify(gunzipCb);
+
 const log = createLogger('json-rpc:json_rpc_client:undici');
 
+/** Minimum request size in bytes to trigger compression. */
+const COMPRESSION_THRESHOLD = 1024;
+
 export { Agent };
 
 export function makeUndiciFetch(client = new Agent()): JsonRpcFetch {
@@ -14,14 +22,18 @@ export function makeUndiciFetch(client = new Agent()): JsonRpcFetch {
     log.trace(`JsonRpcClient.fetch: ${host}`, { host, body });
     let resp: Dispatcher.ResponseData;
     try {
+      const jsonBody = Buffer.from(jsonStringify(body));
+      const shouldCompress = jsonBody.length >= COMPRESSION_THRESHOLD;
       resp = await client.request({
         method: 'POST',
         origin: new URL(host),
         path: '/',
-        body: jsonStringify(body),
+        body: shouldCompress ? await gzip(jsonBody) : jsonBody,
         headers: {
           ...extraHeaders,
           'content-type': 'application/json',
+          ...(shouldCompress && { 'content-encoding': 'gzip' }),
+          'accept-encoding': 'gzip',
         },
       });
     } catch (err) {
@@ -31,13 +43,19 @@ export function makeUndiciFetch(client = new Agent()): JsonRpcFetch {
 
     let responseJson: any;
     const responseOk = resp.statusCode >= 200 && resp.statusCode <= 299;
+    const contentEncoding = resp.headers['content-encoding'];
     try {
-      responseJson = await resp.body.json();
+      if (contentEncoding === 'gzip') {
+        const jsonBuffer = await gunzip(await resp.body.arrayBuffer());
+        responseJson = JSON.parse(jsonBuffer.toString('utf-8'));
+      } else {
+        responseJson = await resp.body.json();
+      }
     } catch {
       if (!responseOk) {
         throw new Error('HTTP ' + resp.statusCode);
       }
-      throw new Error(`Failed to parse body as JSON: ${await resp.body.text()}`);
+      throw new Error(`Failed to parse body as JSON. encoding: ${contentEncoding}, body: ${await resp.body.text()}`);
     }
 
     if (!responseOk) {

package/src/json-rpc/server/api_key_auth.ts

@@ -0,0 +1,63 @@
+import { timingSafeEqual } from 'crypto';
+import type Koa from 'koa';
+
+import { sha256 } from '../../crypto/sha256/index.js';
+import { createLogger } from '../../log/index.js';
+
+const log = createLogger('json-rpc:api-key-auth');
+
+/**
+ * Computes the SHA-256 hash of a string and returns it as a Buffer.
+ * @param input - The input string to hash.
+ * @returns The SHA-256 hash as a Buffer.
+ */
+export function sha256Hash(input: string): Buffer {
+  return sha256(Buffer.from(input));
+}
+
+/**
+ * Creates a Koa middleware that enforces API key authentication on all requests
+ * except the health check endpoint (GET /status).
+ *
+ * The API key can be provided via the `x-api-key` header or the `Authorization: Bearer <key>` header.
+ * Comparison is done by hashing the provided key with SHA-256 and comparing against the stored hash.
+ *
+ * @param apiKeyHash - The SHA-256 hash of the expected API key as a Buffer.
+ * @returns A Koa middleware that rejects requests without a valid API key.
+ */
+export function getApiKeyAuthMiddleware(
+  apiKeyHash: Buffer,
+): (ctx: Koa.Context, next: () => Promise<void>) => Promise<void> {
+  return async (ctx: Koa.Context, next: () => Promise<void>) => {
+    // Allow health check through without auth
+    if (ctx.path === '/status' && ctx.method === 'GET') {
+      return next();
+    }
+
+    const providedKey = ctx.get('x-api-key') || ctx.get('authorization')?.replace(/^Bearer\s+/i, '');
+    if (!providedKey) {
+      log.warn(`Rejected admin RPC request from ${ctx.ip}: missing API key`);
+      ctx.status = 401;
+      ctx.body = {
+        jsonrpc: '2.0',
+        id: null,
+        error: { code: -32000, message: 'Unauthorized: invalid or missing API key' },
+      };
+      return;
+    }
+
+    const providedHashBuf = sha256Hash(providedKey);
+    if (!timingSafeEqual(apiKeyHash, providedHashBuf)) {
+      log.warn(`Rejected admin RPC request from ${ctx.ip}: invalid API key`);
+      ctx.status = 401;
+      ctx.body = {
+        jsonrpc: '2.0',
+        id: null,
+        error: { code: -32000, message: 'Unauthorized: invalid or missing API key' },
+      };
+      return;
+    }
+
+    await next();
+  };
+}

package/src/json-rpc/server/index.ts

@@ -1 +1,2 @@
+export * from './api_key_auth.js';
 export * from './safe_json_rpc_server.js';

package/src/json-rpc/server/safe_json_rpc_server.ts

@@ -35,7 +35,7 @@ export type SafeJsonRpcServerConfig = {
 const defaultServerConfig: SafeJsonRpcServerConfig = {
   http200OnError: false,
   maxBatchSize: 100,
-  maxBodySizeBytes: '50mb',
+  maxBodySizeBytes: '1mb',
 };
 
 export class SafeJsonRpcServer {

package/src/log/bigint-utils.ts

@@ -0,0 +1,22 @@
+/**
+ * Converts bigint values to strings recursively in a log object to avoid serialization issues.
+ */
+export function convertBigintsToStrings(obj: unknown): unknown {
+  if (typeof obj === 'bigint') {
+    return String(obj);
+  }
+
+  if (Array.isArray(obj)) {
+    return obj.map(item => convertBigintsToStrings(item));
+  }
+
+  if (obj !== null && typeof obj === 'object') {
+    const result: Record<string, unknown> = {};
+    for (const key in obj) {
+      result[key] = convertBigintsToStrings((obj as Record<string, unknown>)[key]);
+    }
+    return result;
+  }
+
+  return obj;
+}

package/src/log/gcloud-logger-config.ts

@@ -1,5 +1,7 @@
 import type { pino } from 'pino';
 
+import { convertBigintsToStrings } from './bigint-utils.js';
+
 /* eslint-disable camelcase */
 
 const GOOGLE_CLOUD_TRACE_ID = 'logging.googleapis.com/trace';
@@ -15,6 +17,9 @@ export const GoogleCloudLoggerConfig = {
   messageKey: 'message',
   formatters: {
     log(object: Record<string, unknown>): Record<string, unknown> {
+      // Convert bigints to strings recursively to avoid serialization issues
+      object = convertBigintsToStrings(object) as Record<string, unknown>;
+
       // Add trace context attributes following Cloud Logging structured log format described
       // in https://cloud.google.com/logging/docs/structured-logging#special-payload-fields
       const { trace_id, span_id, trace_flags, ...rest } = object;

package/src/log/libp2p_logger.ts

@@ -2,15 +2,17 @@ import type { ComponentLogger, Logger } from '@libp2p/interface';
 
 import { getLogLevelFromFilters } from './log-filters.js';
 import type { LogLevel } from './log-levels.js';
-import { logFilters, logger } from './pino-logger.js';
+import { type LoggerBindings, logFilters, logger } from './pino-logger.js';
 
 /**
  * Creates a libp2p compatible logger that wraps our pino logger.
  * This adapter implements the ComponentLogger interface required by libp2p.
+ * @param namespace - Base namespace for the logger
+ * @param bindings - Optional bindings to pass to the logger (actor, instanceId)
  */
-export function createLibp2pComponentLogger(namespace: string): ComponentLogger {
+export function createLibp2pComponentLogger(namespace: string, bindings?: LoggerBindings): ComponentLogger {
   return {
-    forComponent: (component: string) => createLibp2pLogger(`${namespace}:${component}`),
+    forComponent: (component: string) => createLibp2pLogger(`${namespace}:${component}`, bindings),
   };
 }
 
@@ -24,9 +26,14 @@ function replaceFormatting(message: string) {
   return message.replace(/(%p|%a)/g, '%s');
 }
 
-function createLibp2pLogger(component: string): Logger {
+function createLibp2pLogger(component: string, bindings?: LoggerBindings): Logger {
   // Create a direct pino logger instance for libp2p that supports string interpolation
-  const log = logger.child({ module: component }, { level: getLogLevelFromFilters(logFilters, component) });
+  const actor = bindings?.actor;
+  const instanceId = bindings?.instanceId;
+  const log = logger.child(
+    { module: component, ...(actor && { actor }), ...(instanceId && { instanceId }) },
+    { level: getLogLevelFromFilters(logFilters, component) },
+  );
 
   const logIfEnabled = (level: LogLevel, message: string, ...args: unknown[]) => {
     if (!log.isLevelEnabled(level)) {

package/src/log/log-filters.ts

@@ -19,22 +19,40 @@ export function getLogLevelFromFilters(filters: LogFilters, module: string): Log
   return undefined;
 }
 
-export function assertLogLevel(level: string): asserts level is LogLevel {
-  if (!LogLevels.includes(level as LogLevel)) {
-    throw new Error(`Invalid log level: ${level}`);
+/**
+ * Parses the LOG_LEVEL env string into a default level and per-module filter overrides.
+ *
+ * Format: `<default_level>;<level>:<module1>,<module2>;<level>:<module3>;...`
+ * - First segment (before the first `;`) is the default log level for all modules.
+ * - Remaining segments are `level:module` pairs: apply the given level to the listed modules (comma-separated).
+ * - Later filters override earlier ones for overlapping module matches.
+ * - The `aztec:` prefix is stripped from module names; spaces are trimmed.
+ *
+ * @example
+ * ```ts
+ * parseLogLevel('debug;warn:module1,module2;error:module3', 'info')
+ * // => ['debug', [['module3', 'error'], ['module2', 'warn'], ['module1', 'warn']]]
+ * ```
+ */
+export function parseLogLevelEnvVar(
+  logLevelEnvVar: string | undefined,
+  defaultLevel: LogLevel,
+): [LogLevel, LogFilters] {
+  if (!logLevelEnvVar) {
+    return [defaultLevel, []];
   }
+  const [level] = logLevelEnvVar.split(';', 1);
+  assertValidLogLevel(level);
+  return [level, parseFilters(logLevelEnvVar.slice(level.length + 1))];
 }
 
-export function parseEnv(env: string | undefined, defaultLevel: LogLevel): [LogLevel, LogFilters] {
-  if (!env) {
-    return [defaultLevel, []];
+function assertValidLogLevel(level: string): asserts level is LogLevel {
+  if (!LogLevels.includes(level as LogLevel)) {
+    throw new Error(`Invalid log level: ${level}`);
   }
-  const [level] = env.split(';', 1);
-  assertLogLevel(level);
-  return [level, parseFilters(env.slice(level.length + 1))];
 }
 
-export function parseFilters(definition: string | undefined): LogFilters {
+function parseFilters(definition: string | undefined): LogFilters {
   if (!definition) {
     return [];
   }
@@ -48,7 +66,7 @@ export function parseFilters(definition: string | undefined): LogFilters {
       throw new Error(`Invalid log filter statement: ${statement}`);
     }
     const sanitizedLevel = level.trim().toLowerCase();
-    assertLogLevel(sanitizedLevel);
+    assertValidLogLevel(sanitizedLevel);
     for (const module of modules.split(',')) {
       filters.push([
         module

package/src/log/pino-logger-server.ts

@@ -0,0 +1,25 @@
+import { AsyncLocalStorage } from 'node:async_hooks';
+
+import { type LoggerBindings, addLogBindingsHandler, removeLogBindingsHandler } from './pino-logger.js';
+
+/** AsyncLocalStorage for logger bindings context propagation (Node.js only). */
+const bindingsStorage = new AsyncLocalStorage<LoggerBindings>();
+
+/** Returns the current bindings from AsyncLocalStorage, if any. */
+export function getBindings(): LoggerBindings | undefined {
+  return bindingsStorage.getStore();
+}
+
+/**
+ * Runs a callback within a bindings context. All loggers created within the callback
+ * will automatically inherit the bindings (actor, instanceId) via the log bindings handler.
+ */
+export async function withLoggerBindings<T>(bindings: LoggerBindings, callback: () => Promise<T>): Promise<T> {
+  const handler = () => bindingsStorage.getStore();
+  addLogBindingsHandler(handler);
+  try {
+    return await bindingsStorage.run(bindings, callback);
+  } finally {
+    removeLogBindingsHandler(handler);
+  }
+}