@aztec/node-keystore 0.0.1-commit.023c3e5

package/dest/keystore_manager.js

@@ -0,0 +1,594 @@
+/**
+ * Keystore Manager
+ *
+ * Manages keystore configuration and delegates signing operations to appropriate signers.
+ */ import { Buffer32 } from '@aztec/foundation/buffer';
+import { Wallet } from '@ethersproject/wallet';
+import { readFileSync, readdirSync, statSync } from 'fs';
+import { extname, join } from 'path';
+import { mnemonicToAccount } from 'viem/accounts';
+import { ethPrivateKeySchema } from './schemas.js';
+import { LocalSigner, RemoteSigner } from './signer.js';
+/**
+ * Error thrown when keystore operations fail
+ */ export class KeystoreError extends Error {
+    cause;
+    constructor(message, cause){
+        super(message), this.cause = cause;
+        this.name = 'KeystoreError';
+    }
+}
+/**
+ * Keystore Manager - coordinates signing operations based on keystore configuration
+ */ export class KeystoreManager {
+    keystore;
+    /**
+   * Create a keystore manager from a parsed configuration.
+   * Performs a lightweight duplicate-attester check without decrypting JSON V3 or deriving mnemonics.
+   * @param keystore Parsed keystore configuration
+   */ constructor(keystore){
+        this.keystore = keystore;
+        this.validateUniqueAttesterAddresses();
+    }
+    /**
+   * Validates all remote signers in the keystore are accessible and have the required addresses.
+   * Should be called after construction if validation is needed.
+   */ async validateSigners() {
+        // Collect all remote signers with their addresses grouped by URL
+        const remoteSignersByUrl = new Map();
+        // Helper to extract remote signer URL from config
+        const getUrl = (config)=>{
+            return typeof config === 'string' ? config : config.remoteSignerUrl;
+        };
+        // Helper to collect remote signers from accounts
+        const collectRemoteSigners = (accounts, defaultRemoteSigner)=>{
+            const processAccount = (account)=>{
+                if (typeof account === 'object' && !('path' in account) && !('mnemonic' in account)) {
+                    // This is a remote signer account
+                    const remoteSigner = account;
+                    const address = 'address' in remoteSigner ? remoteSigner.address : remoteSigner;
+                    let url;
+                    if ('remoteSignerUrl' in remoteSigner && remoteSigner.remoteSignerUrl) {
+                        url = remoteSigner.remoteSignerUrl;
+                    } else if (defaultRemoteSigner) {
+                        url = getUrl(defaultRemoteSigner);
+                    } else {
+                        return; // No remote signer URL available
+                    }
+                    if (!remoteSignersByUrl.has(url)) {
+                        remoteSignersByUrl.set(url, new Set());
+                    }
+                    remoteSignersByUrl.get(url).add(address.toString());
+                }
+            };
+            if (Array.isArray(accounts)) {
+                accounts.forEach((account)=>collectRemoteSigners(account, defaultRemoteSigner));
+            } else if (typeof accounts === 'object' && 'mnemonic' in accounts) {
+            // Skip mnemonic configs
+            } else {
+                processAccount(accounts);
+            }
+        };
+        // Collect from validators
+        const validatorCount = this.getValidatorCount();
+        for(let i = 0; i < validatorCount; i++){
+            const validator = this.getValidator(i);
+            const remoteSigner = validator.remoteSigner || this.keystore.remoteSigner;
+            collectRemoteSigners(this.extractEthAccountsFromAttester(validator.attester), remoteSigner);
+            if (validator.publisher) {
+                collectRemoteSigners(validator.publisher, remoteSigner);
+            }
+        }
+        // Collect from slasher
+        if (this.keystore.slasher) {
+            collectRemoteSigners(this.keystore.slasher, this.keystore.remoteSigner);
+        }
+        // Collect from prover
+        if (this.keystore.prover && typeof this.keystore.prover === 'object' && 'publisher' in this.keystore.prover) {
+            collectRemoteSigners(this.keystore.prover.publisher, this.keystore.remoteSigner);
+        }
+        // Validate each remote signer URL with all its addresses
+        for (const [url, addresses] of remoteSignersByUrl.entries()){
+            if (addresses.size > 0) {
+                await RemoteSigner.validateAccess(url, Array.from(addresses));
+            }
+        }
+    }
+    /**
+   * Validates that attester addresses are unique across all validators
+   * Only checks simple private key attesters, not JSON-V3 or mnemonic attesters,
+   * these are validated when decrypting the JSON-V3 keystore files
+   * @throws KeystoreError if duplicate attester addresses are found
+   */ validateUniqueAttesterAddresses() {
+        const seenAddresses = new Set();
+        const validatorCount = this.getValidatorCount();
+        for(let validatorIndex = 0; validatorIndex < validatorCount; validatorIndex++){
+            const validator = this.getValidator(validatorIndex);
+            const addresses = this.extractAddressesWithoutSensitiveOperations(validator.attester);
+            for (const addr of addresses){
+                const address = addr.toString().toLowerCase();
+                if (seenAddresses.has(address)) {
+                    throw new KeystoreError(`Duplicate attester address found: ${addr.toString()}. An attester address may only appear once across all configuration blocks.`);
+                }
+                seenAddresses.add(address);
+            }
+        }
+    }
+    /**
+   * Best-effort address extraction that avoids decryption/derivation (no JSON-V3 or mnemonic processing).
+   * This is used at construction time to check for obvious duplicates without throwing for invalid inputs.
+   */ extractAddressesWithoutSensitiveOperations(accounts) {
+        const ethAccounts = this.extractEthAccountsFromAttester(accounts);
+        return this.extractAddressesFromEthAccountsNonSensitive(ethAccounts);
+    }
+    /**
+   * Extract addresses from EthAccounts without sensitive operations (no decryption/derivation).
+   */ extractAddressesFromEthAccountsNonSensitive(accounts) {
+        const results = [];
+        const handleAccount = (account)=>{
+            if (typeof account === 'string') {
+                if (account.startsWith('0x') && account.length === 66) {
+                    try {
+                        const signer = new LocalSigner(Buffer32.fromString(ethPrivateKeySchema.parse(account)));
+                        results.push(signer.address);
+                    } catch  {
+                    // ignore invalid private key at construction time
+                    }
+                }
+                return;
+            }
+            if ('path' in account) {
+                return;
+            }
+            if ('mnemonic' in account) {
+                return;
+            }
+            const remoteSigner = account;
+            if ('address' in remoteSigner) {
+                results.push(remoteSigner.address);
+                return;
+            }
+            results.push(remoteSigner);
+        };
+        if (Array.isArray(accounts)) {
+            for (const account of accounts){
+                handleAccount(account);
+            }
+            return results;
+        }
+        if (typeof accounts === 'object' && accounts !== null && 'mnemonic' in accounts) {
+            return results;
+        }
+        handleAccount(accounts);
+        return results;
+    }
+    /**
+   * Create signers for validator attester accounts
+   */ createAttesterSigners(validatorIndex) {
+        const validator = this.getValidator(validatorIndex);
+        const ethAccounts = this.extractEthAccountsFromAttester(validator.attester);
+        return this.createSignersFromEthAccounts(ethAccounts, validator.remoteSigner || this.keystore.remoteSigner);
+    }
+    /**
+   * Create signers for validator publisher accounts (falls back to keystore-level publisher, then to attester if not specified)
+   */ createPublisherSigners(validatorIndex) {
+        const validator = this.getValidator(validatorIndex);
+        if (validator.publisher) {
+            return this.createSignersFromEthAccounts(validator.publisher, validator.remoteSigner || this.keystore.remoteSigner);
+        }
+        // Fall back to keystore-level publisher
+        if (this.keystore.publisher) {
+            return this.createSignersFromEthAccounts(this.keystore.publisher, validator.remoteSigner || this.keystore.remoteSigner);
+        }
+        // Fall back to attester signers
+        return this.createAttesterSigners(validatorIndex);
+    }
+    createAllValidatorPublisherSigners() {
+        const numValidators = this.getValidatorCount();
+        const allPublishers = [];
+        for(let i = 0; i < numValidators; i++){
+            allPublishers.push(...this.createPublisherSigners(i));
+        }
+        return allPublishers;
+    }
+    /**
+   * Create signers for slasher accounts
+   */ createSlasherSigners() {
+        if (!this.keystore.slasher) {
+            return [];
+        }
+        return this.createSignersFromEthAccounts(this.keystore.slasher, this.keystore.remoteSigner);
+    }
+    /**
+   * Create signers for prover accounts
+   */ createProverSigners() {
+        if (!this.keystore.prover) {
+            return undefined;
+        }
+        // Handle prover being a private key, JSON key store or remote signer with nested address
+        if (typeof this.keystore.prover === 'string' || 'path' in this.keystore.prover || 'address' in this.keystore.prover) {
+            const signers = this.createSignersFromEthAccounts(this.keystore.prover, this.keystore.remoteSigner);
+            return {
+                id: undefined,
+                signers
+            };
+        }
+        // Handle prover as Id and specified publishers
+        if ('id' in this.keystore.prover) {
+            const id = this.keystore.prover.id;
+            const signers = this.createSignersFromEthAccounts(this.keystore.prover.publisher, this.keystore.remoteSigner);
+            return {
+                id,
+                signers
+            };
+        }
+        // Here, prover is just an EthAddress for a remote signer
+        const signers = this.createSignersFromEthAccounts(this.keystore.prover, this.keystore.remoteSigner);
+        return {
+            id: undefined,
+            signers
+        };
+    }
+    /**
+   * Get validator configuration by index
+   */ getValidator(index) {
+        if (!this.keystore.validators || index >= this.keystore.validators.length || index < 0) {
+            throw new KeystoreError(`Validator index ${index} out of bounds`);
+        }
+        return this.keystore.validators[index];
+    }
+    /**
+   * Get validator count
+   */ getValidatorCount() {
+        return this.keystore.validators?.length || 0;
+    }
+    /**
+   * Get coinbase address for validator (falls back to keystore-level coinbase, then to the specific attester address)
+   */ getCoinbaseAddress(validatorIndex, attesterAddress) {
+        const validator = this.getValidator(validatorIndex);
+        if (validator.coinbase) {
+            return validator.coinbase;
+        }
+        // Fall back to keystore-level coinbase
+        if (this.keystore.coinbase) {
+            return this.keystore.coinbase;
+        }
+        // Fall back to the specific attester address
+        return attesterAddress;
+    }
+    /**
+   * Get fee recipient for validator (falls back to keystore-level feeRecipient)
+   */ getFeeRecipient(validatorIndex) {
+        const validator = this.getValidator(validatorIndex);
+        if (validator.feeRecipient) {
+            return validator.feeRecipient;
+        }
+        // Fall back to keystore-level feeRecipient
+        if (this.keystore.feeRecipient) {
+            return this.keystore.feeRecipient;
+        }
+        throw new KeystoreError(`No feeRecipient configured for validator ${validatorIndex}. You can set it at validator or keystore level.`);
+    }
+    /**
+   * Get the raw slasher configuration as provided in the keystore file.
+   * @returns The slasher accounts configuration or undefined if not set
+   */ getSlasherAccounts() {
+        return this.keystore.slasher;
+    }
+    /**
+   * Get the raw prover configuration as provided in the keystore file.
+   * @returns The prover configuration or undefined if not set
+   */ getProverConfig() {
+        return this.keystore.prover;
+    }
+    /**
+   * Resolves attester accounts (including JSON V3 and mnemonic) and checks for duplicate addresses across validators.
+   * Throws if the same resolved address appears in more than one validator configuration.
+   */ validateResolvedUniqueAttesterAddresses() {
+        const seenAddresses = new Set();
+        const validatorCount = this.getValidatorCount();
+        for(let validatorIndex = 0; validatorIndex < validatorCount; validatorIndex++){
+            const validator = this.getValidator(validatorIndex);
+            const signers = this.createSignersFromEthAccounts(this.extractEthAccountsFromAttester(validator.attester), validator.remoteSigner || this.keystore.remoteSigner);
+            for (const signer of signers){
+                const address = signer.address.toString().toLowerCase();
+                if (seenAddresses.has(address)) {
+                    throw new KeystoreError(`Duplicate attester address found after resolving accounts: ${address}. An attester address may only appear once across all configuration blocks.`);
+                }
+                seenAddresses.add(address);
+            }
+        }
+    }
+    /**
+   * Create signers from EthAccounts configuration
+   */ createSignersFromEthAccounts(accounts, defaultRemoteSigner) {
+        if (typeof accounts === 'string') {
+            return [
+                this.createSignerFromEthAccount(accounts, defaultRemoteSigner)
+            ];
+        }
+        if (Array.isArray(accounts)) {
+            const signers = [];
+            for (const account of accounts){
+                const accountSigners = this.createSignersFromEthAccounts(account, defaultRemoteSigner);
+                signers.push(...accountSigners);
+            }
+            return signers;
+        }
+        // Mnemonic configuration
+        if ('mnemonic' in accounts) {
+            return this.createSignersFromMnemonic(accounts);
+        }
+        // Single account object - handle JSON V3 directory case
+        if ('path' in accounts) {
+            const result = this.createSignerFromJsonV3(accounts);
+            return result;
+        }
+        return [
+            this.createSignerFromEthAccount(accounts, defaultRemoteSigner)
+        ];
+    }
+    /**
+   * Create a signer from a single EthAccount configuration
+   */ createSignerFromEthAccount(account, defaultRemoteSigner) {
+        // Private key (hex string)
+        if (typeof account === 'string') {
+            if (account.startsWith('0x') && account.length === 66) {
+                // Private key
+                return new LocalSigner(Buffer32.fromString(ethPrivateKeySchema.parse(account)));
+            } else {
+                throw new Error(`Invalid private key`);
+            }
+        }
+        // JSON V3 keystore
+        if ('path' in account) {
+            const result = this.createSignerFromJsonV3(account);
+            return result[0];
+        }
+        // Remote signer account
+        const remoteSigner = account;
+        if ('address' in remoteSigner) {
+            // Remote signer with config
+            const config = remoteSigner.remoteSignerUrl ? {
+                remoteSignerUrl: remoteSigner.remoteSignerUrl,
+                certPath: remoteSigner.certPath,
+                certPass: remoteSigner.certPass
+            } : defaultRemoteSigner;
+            if (!config) {
+                throw new KeystoreError(`No remote signer configuration found for address ${remoteSigner.address}`);
+            }
+            return new RemoteSigner(remoteSigner.address, config);
+        }
+        // Just an address - use default config
+        if (!defaultRemoteSigner) {
+            throw new KeystoreError(`No remote signer configuration found for address ${remoteSigner}`);
+        }
+        return new RemoteSigner(remoteSigner, defaultRemoteSigner);
+    }
+    /**
+   * Create signer from JSON V3 keystore file or directory
+   */ createSignerFromJsonV3(config) {
+        try {
+            const stats = statSync(config.path);
+            if (stats.isDirectory()) {
+                // Handle directory - load all JSON files
+                const files = readdirSync(config.path);
+                const signers = [];
+                const seenAddresses = new Map(); // address -> file name
+                for (const file of files){
+                    // Only process .json files
+                    if (extname(file).toLowerCase() !== '.json') {
+                        continue;
+                    }
+                    const filePath = join(config.path, file);
+                    try {
+                        const signer = this.createSignerFromSingleJsonV3File(filePath, config.password);
+                        const addressString = signer.address.toString().toLowerCase();
+                        const existingFile = seenAddresses.get(addressString);
+                        if (existingFile) {
+                            throw new KeystoreError(`Duplicate JSON V3 keystore address ${addressString} found in directory ${config.path} (files: ${existingFile} and ${file}). Each keystore must have a unique address.`);
+                        }
+                        seenAddresses.set(addressString, file);
+                        signers.push(signer);
+                    } catch (error) {
+                        // Re-throw with file context
+                        throw new KeystoreError(`Failed to load keystore file ${file}: ${error}`, error);
+                    }
+                }
+                if (signers.length === 0) {
+                    throw new KeystoreError(`No JSON keystore files found in directory ${config.path}`);
+                }
+                return signers;
+            } else {
+                // Single file
+                return [
+                    this.createSignerFromSingleJsonV3File(config.path, config.password)
+                ];
+            }
+        } catch (error) {
+            if (error instanceof KeystoreError) {
+                throw error;
+            }
+            throw new KeystoreError(`Failed to access JSON V3 keystore ${config.path}: ${error}`, error);
+        }
+    }
+    /**
+   * Create signer from a single JSON V3 keystore file
+   */ createSignerFromSingleJsonV3File(filePath, password) {
+        try {
+            // Read the keystore file
+            const keystoreJson = readFileSync(filePath, 'utf8');
+            // Get password - prompt for it if not provided
+            const resolvedPassword = password;
+            if (!resolvedPassword) {
+                throw new KeystoreError(`No password provided for keystore ${filePath}. Provide password in config.`);
+            }
+            // Use @ethersproject/wallet to decrypt the JSON V3 keystore synchronously
+            const ethersWallet = Wallet.fromEncryptedJsonSync(keystoreJson, resolvedPassword);
+            // Convert the private key to our format
+            const privateKey = Buffer32.fromString(ethersWallet.privateKey);
+            return new LocalSigner(privateKey);
+        } catch (error) {
+            const err = error;
+            throw new KeystoreError(`Failed to decrypt JSON V3 keystore ${filePath}: ${err.message}`, err);
+        }
+    }
+    /**
+   * Create signers from mnemonic configuration using BIP44 derivation
+   */ createSignersFromMnemonic(config) {
+        const { mnemonic, addressIndex = 0, accountIndex = 0, addressCount = 1, accountCount = 1 } = config;
+        const signers = [];
+        try {
+            // Use viem's mnemonic derivation (imported at top of file)
+            // Normalize mnemonic by trimming whitespace
+            const normalizedMnemonic = mnemonic.trim();
+            for(let accIdx = accountIndex; accIdx < accountIndex + accountCount; accIdx++){
+                for(let addrIdx = addressIndex; addrIdx < addressIndex + addressCount; addrIdx++){
+                    const viemAccount = mnemonicToAccount(normalizedMnemonic, {
+                        accountIndex: accIdx,
+                        addressIndex: addrIdx
+                    });
+                    // Extract the private key from the viem account
+                    const privateKeyBytes = viemAccount.getHdKey().privateKey;
+                    const privateKey = Buffer32.fromBuffer(Buffer.from(privateKeyBytes));
+                    signers.push(new LocalSigner(privateKey));
+                }
+            }
+            return signers;
+        } catch (error) {
+            throw new KeystoreError(`Failed to derive accounts from mnemonic: ${error}`, error);
+        }
+    }
+    /**
+   * Sign message with a specific signer
+   */ async signMessage(signer, message) {
+        return await signer.signMessage(message);
+    }
+    /**
+   * Sign typed data with a specific signer
+   */ async signTypedData(signer, typedData) {
+        return await signer.signTypedData(typedData);
+    }
+    /**
+   * Get the effective remote signer configuration for a specific attester address
+   * Precedence: account-level override > validator-level config > file-level default
+   */ getEffectiveRemoteSignerConfig(validatorIndex, attesterAddress) {
+        const validator = this.getValidator(validatorIndex);
+        // Helper to get address from an account configuration
+        const getAddressFromAccount = (account)=>{
+            if (typeof account === 'string') {
+                if (account.startsWith('0x') && account.length === 66) {
+                    // This is a private key - derive the address
+                    try {
+                        const signer = new LocalSigner(Buffer32.fromString(ethPrivateKeySchema.parse(account)));
+                        return signer.address;
+                    } catch  {
+                        return undefined;
+                    }
+                }
+                return undefined;
+            }
+            // JSON V3 keystore
+            if ('path' in account) {
+                try {
+                    const signers = this.createSignerFromJsonV3(account);
+                    return signers.map((s)=>s.address);
+                } catch  {
+                    return undefined;
+                }
+            }
+            // Remote signer account, either it is an address or the address is nested
+            const remoteSigner = account;
+            if ('address' in remoteSigner) {
+                return remoteSigner.address;
+            }
+            return remoteSigner;
+        };
+        // Helper to check if account matches and get its remote signer config
+        const checkAccount = (account)=>{
+            const addresses = getAddressFromAccount(account);
+            if (!addresses) {
+                return undefined;
+            }
+            const addressArray = Array.isArray(addresses) ? addresses : [
+                addresses
+            ];
+            const matches = addressArray.some((addr)=>addr.equals(attesterAddress));
+            if (!matches) {
+                return undefined;
+            }
+            // Found a match - determine the config to return
+            if (typeof account === 'string') {
+                return undefined;
+            }
+            // JSON V3 - local signer, no remote config
+            if ('path' in account) {
+                return undefined;
+            }
+            // Remote signer account with potential override
+            const remoteSigner = account;
+            if ('address' in remoteSigner) {
+                // Has inline config
+                if (remoteSigner.remoteSignerUrl) {
+                    return {
+                        remoteSignerUrl: remoteSigner.remoteSignerUrl,
+                        certPath: remoteSigner.certPath,
+                        certPass: remoteSigner.certPass
+                    };
+                } else {
+                    // No URL specified, use defaults
+                    return validator.remoteSigner || this.keystore.remoteSigner;
+                }
+            }
+            // Just an address, use defaults
+            return validator.remoteSigner || this.keystore.remoteSigner;
+        };
+        // Normalize attester to EthAccounts and search
+        const normalized = this.extractEthAccountsFromAttester(validator.attester);
+        const findInEthAccounts = (accs)=>{
+            if (typeof accs === 'string') {
+                return checkAccount(accs);
+            }
+            if (Array.isArray(accs)) {
+                for (const a of accs){
+                    const res = checkAccount(a);
+                    if (res !== undefined) {
+                        return res;
+                    }
+                }
+                return undefined;
+            }
+            if (typeof accs === 'object' && accs !== null && 'mnemonic' in accs) {
+                // mnemonic-derived keys are local signers; no remote signer config
+                return undefined;
+            }
+            return checkAccount(accs);
+        };
+        return findInEthAccounts(normalized);
+    }
+    /** Extract ETH accounts from AttesterAccounts */ extractEthAccountsFromAttester(attester) {
+        if (typeof attester === 'string') {
+            return attester;
+        }
+        if (Array.isArray(attester)) {
+            const out = [];
+            for (const item of attester){
+                if (typeof item === 'string') {
+                    out.push(item);
+                } else if ('eth' in item) {
+                    out.push(item.eth);
+                } else if (!('mnemonic' in item)) {
+                    out.push(item);
+                }
+            }
+            return out;
+        }
+        if ('mnemonic' in attester) {
+            return attester;
+        }
+        if ('eth' in attester) {
+            return attester.eth;
+        }
+        return attester;
+    }
+}

package/dest/loader.d.ts

@@ -0,0 +1,62 @@
+import type { KeyStore } from './types.js';
+/**
+ * Error thrown when keystore loading fails
+ */
+export declare class KeyStoreLoadError extends Error {
+    filePath: string;
+    cause?: Error | undefined;
+    constructor(message: string, filePath: string, cause?: Error | undefined);
+}
+/**
+ * Loads and validates a single keystore JSON file.
+ *
+ * @param filePath Absolute or relative path to a keystore JSON file.
+ * @returns Parsed keystore object adhering to the schema.
+ * @throws KeyStoreLoadError When JSON is invalid, schema validation fails, or other IO/parse errors occur.
+ */
+export declare function loadKeystoreFile(filePath: string): KeyStore;
+/**
+ * Loads keystore files from a directory (only .json files).
+ *
+ * @param dirPath Absolute or relative path to a directory containing keystore files.
+ * @returns Array of parsed keystores loaded from all .json files in the directory.
+ * @throws KeyStoreLoadError When the directory can't be read or contains no valid keystore files.
+ */
+export declare function loadKeystoreDirectory(dirPath: string): KeyStore[];
+/**
+ * Loads keystore(s) from a path (file or directory).
+ *
+ * If a file is provided, loads a single keystore. If a directory is provided,
+ * loads all keystore files within that directory.
+ *
+ * @param path File or directory path.
+ * @returns Array of parsed keystores.
+ * @throws KeyStoreLoadError When the path is invalid or cannot be accessed.
+ */
+export declare function loadKeystores(path: string): KeyStore[];
+/**
+ * Loads keystore(s) from multiple paths (comma-separated string or array).
+ *
+ * @param paths Comma-separated string or array of file/directory paths.
+ * @returns Flattened array of all parsed keystores from all paths.
+ * @throws KeyStoreLoadError When any path fails to load; includes context for which path list was used.
+ */
+export declare function loadMultipleKeystores(paths: string | string[]): KeyStore[];
+/**
+ * Merges multiple keystores into a single configuration.
+ *
+ * - Concatenates validator arrays and enforces unique attester addresses by simple structural keys
+ * - Accumulates all slasher accounts across inputs
+ * - Applies last-one-wins semantics for file-level remote signer defaults
+ * - Requires at most one prover configuration across inputs
+ *
+ * Note: Full duplicate detection (e.g., after resolving JSON V3 or mnemonics) is
+ * performed downstream by the validator client.
+ *
+ * @param keystores Array of keystores to merge.
+ * @returns A merged keystore object.
+ * @throws Error When keystore list is empty.
+ * @throws KeyStoreLoadError When duplicate attester keys are found or multiple prover configs exist.
+ */
+export declare function mergeKeystores(keystores: KeyStore[]): KeyStore;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibG9hZGVyLmQudHMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvbG9hZGVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQWNBLE9BQU8sS0FBSyxFQUFlLFFBQVEsRUFBRSxNQUFNLFlBQVksQ0FBQztBQUl4RDs7R0FFRztBQUNILHFCQUFhLGlCQUFrQixTQUFRLEtBQUs7SUFHakMsUUFBUSxFQUFFLE1BQU07SUFDUCxLQUFLLENBQUM7SUFIeEIsWUFDRSxPQUFPLEVBQUUsTUFBTSxFQUNSLFFBQVEsRUFBRSxNQUFNLEVBQ1AsS0FBSyxDQUFDLG1CQUFPLEVBSTlCO0NBQ0Y7QUFFRDs7Ozs7O0dBTUc7QUFDSCx3QkFBZ0IsZ0JBQWdCLENBQUMsUUFBUSxFQUFFLE1BQU0sR0FBRyxRQUFRLENBdUIzRDtBQUVEOzs7Ozs7R0FNRztBQUNILHdCQUFnQixxQkFBcUIsQ0FBQyxPQUFPLEVBQUUsTUFBTSxHQUFHLFFBQVEsRUFBRSxDQW1DakU7QUFFRDs7Ozs7Ozs7O0dBU0c7QUFDSCx3QkFBZ0IsYUFBYSxDQUFDLElBQUksRUFBRSxNQUFNLEdBQUcsUUFBUSxFQUFFLENBdUJ0RDtBQUVEOzs7Ozs7R0FNRztBQUNILHdCQUFnQixxQkFBcUIsQ0FBQyxLQUFLLEVBQUUsTUFBTSxHQUFHLE1BQU0sRUFBRSxHQUFHLFFBQVEsRUFBRSxDQThCMUU7QUFFRDs7Ozs7Ozs7Ozs7Ozs7O0dBZUc7QUFDSCx3QkFBZ0IsY0FBYyxDQUFDLFNBQVMsRUFBRSxRQUFRLEVBQUUsR0FBRyxRQUFRLENBdUk5RCJ9

package/dest/loader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"loader.d.ts","sourceRoot":"","sources":["../src/loader.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAe,QAAQ,EAAE,MAAM,YAAY,CAAC;AAIxD;;GAEG;AACH,qBAAa,iBAAkB,SAAQ,KAAK;IAGjC,QAAQ,EAAE,MAAM;IACP,KAAK,CAAC;IAHxB,YACE,OAAO,EAAE,MAAM,EACR,QAAQ,EAAE,MAAM,EACP,KAAK,CAAC,mBAAO,EAI9B;CACF;AAED;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,QAAQ,CAuB3D;AAED;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,MAAM,GAAG,QAAQ,EAAE,CAmCjE;AAED;;;;;;;;;GASG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,QAAQ,EAAE,CAuBtD;AAED;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,QAAQ,EAAE,CA8B1E;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,cAAc,CAAC,SAAS,EAAE,QAAQ,EAAE,GAAG,QAAQ,CAuI9D"}