@aztec/node-keystore 0.0.1-commit.b655e406 → 0.0.1-commit.d1f2d6c

package/src/schemas.ts

@@ -22,38 +22,46 @@ const urlSchema = z.string().url('Invalid URL');
 // Remote signer config schema
 const remoteSignerConfigSchema = z.union([
   urlSchema,
-  z.object({
-    remoteSignerUrl: urlSchema,
-    certPath: optional(z.string()),
-    certPass: optional(z.string()),
-  }),
+  z
+    .object({
+      remoteSignerUrl: urlSchema,
+      certPath: optional(z.string()),
+      certPass: optional(z.string()),
+    })
+    .strict(),
 ]);
 
 // Remote signer account schema
 const remoteSignerAccountSchema = z.union([
   schemas.EthAddress,
-  z.object({
-    address: schemas.EthAddress,
-    remoteSignerUrl: urlSchema,
-    certPath: optional(z.string()),
-    certPass: optional(z.string()),
-  }),
+  z
+    .object({
+      address: schemas.EthAddress,
+      remoteSignerUrl: urlSchema,
+      certPath: optional(z.string()),
+      certPass: optional(z.string()),
+    })
+    .strict(),
 ]);
 
 // Encrypted keystore file schema (used for both JSON V3 ETH keys and EIP-2335 BLS keys)
-const encryptedKeyFileSchema = z.object({
-  path: z.string(),
-  password: optional(z.string()),
-});
+const encryptedKeyFileSchema = z
+  .object({
+    path: z.string(),
+    password: optional(z.string()),
+  })
+  .strict();
 
 // Mnemonic config schema
-const mnemonicConfigSchema = z.object({
-  mnemonic: z.string().min(1, 'Mnemonic cannot be empty'),
-  addressIndex: z.number().int().min(0).default(0),
-  accountIndex: z.number().int().min(0).default(0),
-  addressCount: z.number().int().min(1).default(1),
-  accountCount: z.number().int().min(1).default(1),
-});
+const mnemonicConfigSchema = z
+  .object({
+    mnemonic: z.string().min(1, 'Mnemonic cannot be empty'),
+    addressIndex: z.number().int().min(0).default(0),
+    accountIndex: z.number().int().min(0).default(0),
+    addressCount: z.number().int().min(1).default(1),
+    accountCount: z.number().int().min(1).default(1),
+  })
+  .strict();
 
 // EthAccount schema
 const ethAccountSchema = z.union([ethPrivateKeySchema, remoteSignerAccountSchema, encryptedKeyFileSchema]);
@@ -67,10 +75,12 @@ const blsAccountSchema = z.union([blsPrivateKeySchema, encryptedKeyFileSchema]);
 // AttesterAccount schema: either EthAccount or { eth: EthAccount, bls?: BLSAccount }
 const attesterAccountSchema = z.union([
   ethAccountSchema,
-  z.object({
-    eth: ethAccountSchema,
-    bls: optional(blsAccountSchema),
-  }),
+  z
+    .object({
+      eth: ethAccountSchema,
+      bls: optional(blsAccountSchema),
+    })
+    .strict(),
 ]);
 
 // AttesterAccounts schema: AttesterAccount | AttesterAccount[] | MnemonicConfig
@@ -79,33 +89,87 @@ const attesterAccountsSchema = z.union([attesterAccountSchema, z.array(attesterA
 // Prover keystore schema
 const proverKeyStoreSchema = z.union([
   ethAccountSchema,
-  z.object({
-    id: schemas.EthAddress,
-    publisher: ethAccountsSchema,
-  }),
+  z
+    .object({
+      id: schemas.EthAddress,
+      publisher: ethAccountsSchema,
+    })
+    .strict(),
 ]);
 
-// Validator keystore schema
-const validatorKeyStoreSchema = z.object({
-  attester: attesterAccountsSchema,
-  coinbase: optional(schemas.EthAddress),
-  publisher: optional(ethAccountsSchema),
-  feeRecipient: AztecAddress.schema,
-  remoteSigner: optional(remoteSignerConfigSchema),
-  fundingAccount: optional(ethAccountSchema),
-});
-
-// Main keystore schema
-export const keystoreSchema = z
+// Validator keystore schema for v1 (feeRecipient required)
+const validatorKeyStoreSchemaV1 = z
+  .object({
+    attester: attesterAccountsSchema,
+    coinbase: optional(schemas.EthAddress),
+    publisher: optional(ethAccountsSchema),
+    feeRecipient: AztecAddress.schema,
+    remoteSigner: optional(remoteSignerConfigSchema),
+    fundingAccount: optional(ethAccountSchema),
+  })
+  .strict();
+
+// Validator keystore schema for v2 (feeRecipient optional, can fall back to top-level)
+const validatorKeyStoreSchemaV2 = z
+  .object({
+    attester: attesterAccountsSchema,
+    coinbase: optional(schemas.EthAddress),
+    publisher: optional(ethAccountsSchema),
+    feeRecipient: optional(AztecAddress.schema),
+    remoteSigner: optional(remoteSignerConfigSchema),
+    fundingAccount: optional(ethAccountSchema),
+  })
+  .strict();
+
+// Schema v1 - original format
+const keystoreSchemaV1 = z
   .object({
     schemaVersion: z.literal(1),
-    validators: optional(z.array(validatorKeyStoreSchema)),
+    validators: optional(z.array(validatorKeyStoreSchemaV1)),
     slasher: optional(ethAccountsSchema),
     remoteSigner: optional(remoteSignerConfigSchema),
     prover: optional(proverKeyStoreSchema),
     fundingAccount: optional(ethAccountSchema),
   })
+  .strict()
   .refine(data => data.validators || data.prover, {
     message: 'Keystore must have at least validators or prover configuration',
     path: ['root'],
   });
+
+// Schema v2 - adds top-level publisher, coinbase, feeRecipient
+const keystoreSchemaV2 = z
+  .object({
+    schemaVersion: z.literal(2),
+    validators: optional(z.array(validatorKeyStoreSchemaV2)),
+    slasher: optional(ethAccountsSchema),
+    remoteSigner: optional(remoteSignerConfigSchema),
+    prover: optional(proverKeyStoreSchema),
+    fundingAccount: optional(ethAccountSchema),
+    publisher: optional(ethAccountsSchema),
+    coinbase: optional(schemas.EthAddress),
+    feeRecipient: optional(AztecAddress.schema),
+  })
+  .strict()
+  .refine(data => data.validators || data.prover, {
+    message: 'Keystore must have at least validators or prover configuration',
+    path: ['root'],
+  })
+  .refine(
+    data => {
+      // If validators are present, ensure each validator has a feeRecipient or there's a top-level feeRecipient
+      if (data.validators) {
+        const hasTopLevelFeeRecipient = !!data.feeRecipient;
+        const allValidatorsHaveFeeRecipient = data.validators.every(v => v.feeRecipient);
+        return hasTopLevelFeeRecipient || allValidatorsHaveFeeRecipient;
+      }
+      return true;
+    },
+    {
+      message: 'Each validator must have a feeRecipient, or a top-level feeRecipient must be set for all validators',
+      path: ['feeRecipient'],
+    },
+  );
+
+// Main keystore schema - accepts both v1 and v2
+export const keystoreSchema = z.union([keystoreSchemaV1, keystoreSchemaV2]);

package/src/signer.ts

@@ -3,13 +3,14 @@
  *
  * Common interface for different signing backends (local, remote, encrypted)
  */
-import type { EthSigner } from '@aztec/ethereum';
+import type { EthSigner } from '@aztec/ethereum/eth-signer';
 import { Buffer32 } from '@aztec/foundation/buffer';
-import { Secp256k1Signer, randomBytes, toRecoveryBit } from '@aztec/foundation/crypto';
+import { randomBytes } from '@aztec/foundation/crypto/random';
+import { Secp256k1Signer, toRecoveryBit } from '@aztec/foundation/crypto/secp256k1-signer';
 import type { EthAddress } from '@aztec/foundation/eth-address';
 import { Signature, type ViemTransactionSignature } from '@aztec/foundation/eth-signature';
 import { jsonStringify } from '@aztec/foundation/json-rpc';
-import { withHexPrefix } from '@aztec/foundation/string';
+import { bufferToHex, withHexPrefix } from '@aztec/foundation/string';
 
 import {
   type TransactionSerializable,
@@ -243,10 +244,6 @@ export class RemoteSigner implements EthSigner {
    * Make a JSON-RPC eth_signTransaction request.
    */
   private async makeJsonRpcSignTransactionRequest(tx: TransactionSerializable): Promise<Signature> {
-    if (tx.type !== 'eip1559') {
-      throw new Error('This signer does not support tx type: ' + tx.type);
-    }
-
     const txObject: RemoteSignerTxObject = {
       from: this.address.toString(),
       to: tx.to ?? null,
@@ -260,10 +257,10 @@ export class RemoteSigner implements EthSigner {
           ? withHexPrefix(tx.maxPriorityFeePerGas.toString(16))
           : undefined,
 
-      // maxFeePerBlobGas:
-      //   typeof tx.maxFeePerBlobGas !== 'undefined' ? withHexPrefix(tx.maxFeePerBlobGas.toString(16)) : undefined,
-      // blobVersionedHashes: tx.blobVersionedHashes,
-      // blobs: tx.blobs?.map(blob => (typeof blob === 'string' ? blob : bufferToHex(Buffer.from(blob)))),
+      maxFeePerBlobGas:
+        typeof tx.maxFeePerBlobGas !== 'undefined' ? withHexPrefix(tx.maxFeePerBlobGas.toString(16)) : undefined,
+      blobVersionedHashes: tx.blobVersionedHashes,
+      blobs: tx.blobs?.map(blob => (typeof blob === 'string' ? blob : bufferToHex(Buffer.from(blob)))),
     };
 
     let rawTxHex = await this.makeJsonRpcRequest('eth_signTransaction', txObject);

package/src/types.ts

@@ -91,18 +91,19 @@ export type ValidatorKeyStore = {
   attester: AttesterAccounts;
   /**
    * Coinbase address to use when proposing an L2 block as any of the validators in this configuration block.
-   * Falls back to the attester address if not set.
+   * Falls back to the keystore-level coinbase, then to the attester address if not set.
    */
   coinbase?: EthAddress;
   /**
    * One or more EOAs used for sending block proposal L1 txs for all validators in this configuration block.
-   * Falls back to the attester account if not set.
+   * Falls back to the keystore-level publisher, then to the attester account if not set.
    */
   publisher?: EthAccounts;
   /**
    * Fee recipient address to use when proposing an L2 block as any of the validators in this configuration block.
+   * Falls back to the keystore-level feeRecipient if not set.
    */
-  feeRecipient: AztecAddress;
+  feeRecipient?: AztecAddress;
   /**
    * Default remote signer for all accounts in this block.
    */
@@ -114,8 +115,8 @@ export type ValidatorKeyStore = {
 };
 
 export type KeyStore = {
-  /** Schema version of this keystore file (initially 1). */
-  schemaVersion: number;
+  /** Schema version of this keystore file (1 or 2). */
+  schemaVersion: 1 | 2;
   /** Validator configurations. */
   validators?: ValidatorKeyStore[];
   /** One or more accounts used for creating slash payloads on L1. Does not create slash payloads if not set. */
@@ -126,4 +127,10 @@ export type KeyStore = {
   prover?: ProverKeyStore;
   /** Used for automatically funding publisher accounts if there is none defined in the corresponding  ValidatorKeyStore*/
   fundingAccount?: EthAccount;
+  /** Default publisher accounts for all validators in this keystore. Can be overridden by individual validator configs. */
+  publisher?: EthAccounts;
+  /** Default coinbase address for all validators in this keystore. Can be overridden by individual validator configs. */
+  coinbase?: EthAddress;
+  /** Default fee recipient address for all validators in this keystore. Can be overridden by individual validator configs. */
+  feeRecipient?: AztecAddress;
 };