@aztec/node-keystore 2.0.0-rc.8 → 2.0.2-rc.1

package/dest/schemas.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"schemas.d.ts","sourceRoot":"","sources":["../src/schemas.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AA6ExB,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAYvB,CAAC;AAEL,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC"}
+{"version":3,"file":"schemas.d.ts","sourceRoot":"","sources":["../src/schemas.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAE3D,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAGhD,eAAO,MAAM,mBAAmB,kDAGK,CAAC;AAiEtC,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAYvB,CAAC"}

package/dest/schemas.js

@@ -1,36 +1,34 @@
 /**
  * Zod schemas for keystore validation using Aztec's validation functions
- */ import { EthAddress } from '@aztec/foundation/eth-address';
+ */ import { optional, schemas } from '@aztec/foundation/schemas';
 import { AztecAddress } from '@aztec/stdlib/aztec-address';
 import { z } from 'zod';
 // Use Aztec's validation functions but return string types to match our TypeScript interfaces
-const ethAddressSchema = z.string().refine(EthAddress.isAddress, 'Invalid Ethereum address');
-const ethPrivateKeySchema = z.string().regex(/^0x[0-9a-fA-F]{64}$/, 'Invalid private key (must be 32 bytes with 0x prefix)');
-const aztecAddressSchema = z.string().refine(AztecAddress.isAddress, 'Invalid Aztec address');
+export const ethPrivateKeySchema = z.string().regex(/^0x[0-9a-fA-F]{64}$/, 'Invalid private key (must be 32 bytes with 0x prefix)').transform((s)=>s);
 const urlSchema = z.string().url('Invalid URL');
 // Remote signer config schema
 const remoteSignerConfigSchema = z.union([
     urlSchema,
     z.object({
         remoteSignerUrl: urlSchema,
-        certPath: z.string().nullish(),
-        certPass: z.string().nullish()
+        certPath: optional(z.string()),
+        certPass: optional(z.string())
     })
 ]);
 // Remote signer account schema
 const remoteSignerAccountSchema = z.union([
-    ethAddressSchema,
+    schemas.EthAddress,
     z.object({
-        address: ethAddressSchema,
-        remoteSignerUrl: urlSchema.nullish(),
-        certPath: z.string().nullish(),
-        certPass: z.string().nullish()
+        address: schemas.EthAddress,
+        remoteSignerUrl: optional(urlSchema),
+        certPath: optional(z.string()),
+        certPass: optional(z.string())
     })
 ]);
 // JSON V3 keystore schema
 const jsonKeyFileV3Schema = z.object({
     path: z.string(),
-    password: z.string().nullish()
+    password: optional(z.string())
 });
 // Mnemonic config schema
 const mnemonicConfigSchema = z.object({
@@ -44,39 +42,39 @@ const mnemonicConfigSchema = z.object({
 const ethAccountSchema = z.union([
     ethPrivateKeySchema,
     remoteSignerAccountSchema,
-    jsonKeyFileV3Schema,
-    mnemonicConfigSchema
+    jsonKeyFileV3Schema
 ]);
 // EthAccounts schema
 const ethAccountsSchema = z.union([
     ethAccountSchema,
-    z.array(ethAccountSchema)
+    z.array(ethAccountSchema),
+    mnemonicConfigSchema
 ]);
 // Prover keystore schema
 const proverKeyStoreSchema = z.union([
     ethAccountSchema,
     z.object({
-        id: ethAddressSchema,
+        id: schemas.EthAddress,
         publisher: ethAccountsSchema
     })
 ]);
 // Validator keystore schema
 const validatorKeyStoreSchema = z.object({
     attester: ethAccountsSchema,
-    coinbase: ethAddressSchema.nullish(),
-    publisher: ethAccountsSchema.nullish(),
-    feeRecipient: aztecAddressSchema,
-    remoteSigner: remoteSignerConfigSchema.nullish(),
-    fundingAccount: ethAccountSchema.nullish()
+    coinbase: optional(schemas.EthAddress),
+    publisher: optional(ethAccountsSchema),
+    feeRecipient: AztecAddress.schema,
+    remoteSigner: optional(remoteSignerConfigSchema),
+    fundingAccount: optional(ethAccountSchema)
 });
 // Main keystore schema
 export const keystoreSchema = z.object({
     schemaVersion: z.literal(1),
-    validators: z.array(validatorKeyStoreSchema).nullish(),
-    slasher: ethAccountsSchema.nullish(),
-    remoteSigner: remoteSignerConfigSchema.nullish(),
-    prover: proverKeyStoreSchema.nullish(),
-    fundingAccount: ethAccountSchema.nullish()
+    validators: optional(z.array(validatorKeyStoreSchema)),
+    slasher: optional(ethAccountsSchema),
+    remoteSigner: optional(remoteSignerConfigSchema),
+    prover: optional(proverKeyStoreSchema),
+    fundingAccount: optional(ethAccountSchema)
 }).refine((data)=>data.validators || data.prover, {
     message: 'Keystore must have at least validators or prover configuration',
     path: [

package/dest/types.d.ts

@@ -5,6 +5,8 @@
  * These types define the JSON structure for configuring validators, provers, and
  * their associated keys and addresses.
  */
+import type { EthAddress } from '@aztec/foundation/eth-address';
+import type { AztecAddress } from '@aztec/stdlib/aztec-address';
 /** Parameterized hex string type for specific byte lengths */
 export type Hex<TByteLength extends number> = `0x${string}` & {
     readonly _length: TByteLength;
@@ -16,10 +18,6 @@ export type EthJsonKeyFileV3Config = {
 };
 /** A private key is a 32-byte 0x-prefixed hex */
 export type EthPrivateKey = Hex<32>;
-/** An address is a 20-byte 0x-prefixed hex */
-export type EthAddressHex = Hex<20>;
-/** An Aztec address is a 32-byte 0x-prefixed hex */
-export type AztecAddressHex = Hex<32>;
 /** URL type for remote signers */
 export type Url = string;
 /**
@@ -34,8 +32,8 @@ export type EthRemoteSignerConfig = Url | {
  * A remote signer account config is equal to the remote signer config, but requires an address to be specified.
  * If only the address is set, then the default remote signer config from the parent config is used.
  */
-export type EthRemoteSignerAccount = EthAddressHex | {
-    address: EthAddressHex;
+export type EthRemoteSignerAccount = EthAddress | {
+    address: EthAddress;
     remoteSignerUrl?: Url;
     certPath?: string;
     certPass?: string;
@@ -52,12 +50,13 @@ export type EthMnemonicConfig = {
 };
 /** One or more L1 accounts */
 export type EthAccounts = EthAccount | EthAccount[] | EthMnemonicConfig;
-export type ProverKeyStore = {
+export type ProverKeyStoreWithId = {
     /** Address that identifies the prover. This address will receive the rewards. */
-    id: EthAddressHex;
+    id: EthAddress;
     /** One or more EOAs used for sending proof L1 txs. */
     publisher: EthAccounts;
-} | EthAccount;
+};
+export type ProverKeyStore = ProverKeyStoreWithId | EthAccount;
 export type ValidatorKeyStore = {
     /**
      * One or more validator attester keys to handle in this configuration block.
@@ -68,7 +67,7 @@ export type ValidatorKeyStore = {
      * Coinbase address to use when proposing an L2 block as any of the validators in this configuration block.
      * Falls back to the attester address if not set.
      */
-    coinbase?: EthAddressHex;
+    coinbase?: EthAddress;
     /**
      * One or more EOAs used for sending block proposal L1 txs for all validators in this configuration block.
      * Falls back to the attester account if not set.
@@ -77,7 +76,7 @@ export type ValidatorKeyStore = {
     /**
      * Fee recipient address to use when proposing an L2 block as any of the validators in this configuration block.
      */
-    feeRecipient: AztecAddressHex;
+    feeRecipient: AztecAddress;
     /**
      * Default remote signer for all accounts in this block.
      */

package/dest/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,8DAA8D;AAC9D,MAAM,MAAM,GAAG,CAAC,WAAW,SAAS,MAAM,IAAI,KAAK,MAAM,EAAE,GAAG;IAAE,QAAQ,CAAC,OAAO,EAAE,WAAW,CAAA;CAAE,CAAC;AAEhG,iIAAiI;AACjI,MAAM,MAAM,sBAAsB,GAAG;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAEzE,iDAAiD;AACjD,MAAM,MAAM,aAAa,GAAG,GAAG,CAAC,EAAE,CAAC,CAAC;AAEpC,8CAA8C;AAC9C,MAAM,MAAM,aAAa,GAAG,GAAG,CAAC,EAAE,CAAC,CAAC;AAEpC,oDAAoD;AACpD,MAAM,MAAM,eAAe,GAAG,GAAG,CAAC,EAAE,CAAC,CAAC;AAEtC,kCAAkC;AAClC,MAAM,MAAM,GAAG,GAAG,MAAM,CAAC;AAEzB;;GAEG;AACH,MAAM,MAAM,qBAAqB,GAC7B,GAAG,GACH;IACE,eAAe,EAAE,GAAG,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEN;;;GAGG;AACH,MAAM,MAAM,sBAAsB,GAC9B,aAAa,GACb;IACE,OAAO,EAAE,aAAa,CAAC;IACvB,eAAe,CAAC,EAAE,GAAG,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEN,uGAAuG;AACvG,MAAM,MAAM,UAAU,GAAG,aAAa,GAAG,sBAAsB,GAAG,sBAAsB,CAAC;AAEzF,yDAAyD;AACzD,MAAM,MAAM,iBAAiB,GAAG;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,8BAA8B;AAC9B,MAAM,MAAM,WAAW,GAAG,UAAU,GAAG,UAAU,EAAE,GAAG,iBAAiB,CAAC;AAExE,MAAM,MAAM,cAAc,GACtB;IACE,iFAAiF;IACjF,EAAE,EAAE,aAAa,CAAC;IAClB,sDAAsD;IACtD,SAAS,EAAE,WAAW,CAAC;CACxB,GACD,UAAU,CAAC;AAEf,MAAM,MAAM,iBAAiB,GAAG;IAC9B;;;OAGG;IACH,QAAQ,EAAE,WAAW,CAAC;IACtB;;;OAGG;IACH,QAAQ,CAAC,EAAE,aAAa,CAAC;IACzB;;;OAGG;IACH,SAAS,CAAC,EAAE,WAAW,CAAC;IACxB;;OAEG;IACH,YAAY,EAAE,eAAe,CAAC;IAC9B;;OAEG;IACH,YAAY,CAAC,EAAE,qBAAqB,CAAC;IACrC;;OAEG;IACH,cAAc,CAAC,EAAE,UAAU,CAAC;CAC7B,CAAC;AAEF,MAAM,MAAM,QAAQ,GAAG;IACrB,0DAA0D;IAC1D,aAAa,EAAE,MAAM,CAAC;IACtB,gCAAgC;IAChC,UAAU,CAAC,EAAE,iBAAiB,EAAE,CAAC;IACjC,8GAA8G;IAC9G,OAAO,CAAC,EAAE,WAAW,CAAC;IACtB,0EAA0E;IAC1E,YAAY,CAAC,EAAE,qBAAqB,CAAC;IACrC,sEAAsE;IACtE,MAAM,CAAC,EAAE,cAAc,CAAC;IACxB,wHAAwH;IACxH,cAAc,CAAC,EAAE,UAAU,CAAC;CAC7B,CAAC"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAChE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAEhE,8DAA8D;AAC9D,MAAM,MAAM,GAAG,CAAC,WAAW,SAAS,MAAM,IAAI,KAAK,MAAM,EAAE,GAAG;IAAE,QAAQ,CAAC,OAAO,EAAE,WAAW,CAAA;CAAE,CAAC;AAEhG,iIAAiI;AACjI,MAAM,MAAM,sBAAsB,GAAG;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAEzE,iDAAiD;AACjD,MAAM,MAAM,aAAa,GAAG,GAAG,CAAC,EAAE,CAAC,CAAC;AAEpC,kCAAkC;AAClC,MAAM,MAAM,GAAG,GAAG,MAAM,CAAC;AAEzB;;GAEG;AACH,MAAM,MAAM,qBAAqB,GAC7B,GAAG,GACH;IACE,eAAe,EAAE,GAAG,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEN;;;GAGG;AACH,MAAM,MAAM,sBAAsB,GAC9B,UAAU,GACV;IACE,OAAO,EAAE,UAAU,CAAC;IACpB,eAAe,CAAC,EAAE,GAAG,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEN,uGAAuG;AACvG,MAAM,MAAM,UAAU,GAAG,aAAa,GAAG,sBAAsB,GAAG,sBAAsB,CAAC;AAEzF,yDAAyD;AACzD,MAAM,MAAM,iBAAiB,GAAG;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,8BAA8B;AAC9B,MAAM,MAAM,WAAW,GAAG,UAAU,GAAG,UAAU,EAAE,GAAG,iBAAiB,CAAC;AAExE,MAAM,MAAM,oBAAoB,GAAG;IACjC,iFAAiF;IACjF,EAAE,EAAE,UAAU,CAAC;IACf,sDAAsD;IACtD,SAAS,EAAE,WAAW,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG,oBAAoB,GAAG,UAAU,CAAC;AAE/D,MAAM,MAAM,iBAAiB,GAAG;IAC9B;;;OAGG;IACH,QAAQ,EAAE,WAAW,CAAC;IACtB;;;OAGG;IACH,QAAQ,CAAC,EAAE,UAAU,CAAC;IACtB;;;OAGG;IACH,SAAS,CAAC,EAAE,WAAW,CAAC;IACxB;;OAEG;IACH,YAAY,EAAE,YAAY,CAAC;IAC3B;;OAEG;IACH,YAAY,CAAC,EAAE,qBAAqB,CAAC;IACrC;;OAEG;IACH,cAAc,CAAC,EAAE,UAAU,CAAC;CAC7B,CAAC;AAEF,MAAM,MAAM,QAAQ,GAAG;IACrB,0DAA0D;IAC1D,aAAa,EAAE,MAAM,CAAC;IACtB,gCAAgC;IAChC,UAAU,CAAC,EAAE,iBAAiB,EAAE,CAAC;IACjC,8GAA8G;IAC9G,OAAO,CAAC,EAAE,WAAW,CAAC;IACtB,0EAA0E;IAC1E,YAAY,CAAC,EAAE,qBAAqB,CAAC;IACrC,sEAAsE;IACtE,MAAM,CAAC,EAAE,cAAc,CAAC;IACxB,wHAAwH;IACxH,cAAc,CAAC,EAAE,UAAU,CAAC;CAC7B,CAAC"}

package/dest/types.js

@@ -4,4 +4,4 @@
  * TypeScript definitions based on the specification for validator keystore files.
  * These types define the JSON structure for configuring validators, provers, and
  * their associated keys and addresses.
- */ /** Parameterized hex string type for specific byte lengths */ export { };
+ */ export { };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aztec/node-keystore",
-  "version": "2.0.0-rc.8",
+  "version": "2.0.2-rc.1",
   "type": "module",
   "exports": {
     ".": "./dest/index.js",
@@ -62,9 +62,9 @@
     ]
   },
   "dependencies": {
-    "@aztec/ethereum": "2.0.0-rc.8",
-    "@aztec/foundation": "2.0.0-rc.8",
-    "@aztec/stdlib": "2.0.0-rc.8",
+    "@aztec/ethereum": "2.0.2-rc.1",
+    "@aztec/foundation": "2.0.2-rc.1",
+    "@aztec/stdlib": "2.0.2-rc.1",
     "@ethersproject/wallet": "^5.7.0",
     "tslib": "^2.4.0",
     "viem": "2.23.7",

package/src/keystore_manager.ts

@@ -7,6 +7,7 @@ import type { EthSigner } from '@aztec/ethereum';
 import { Buffer32 } from '@aztec/foundation/buffer';
 import { EthAddress } from '@aztec/foundation/eth-address';
 import type { Signature } from '@aztec/foundation/eth-signature';
+import type { AztecAddress } from '@aztec/stdlib/aztec-address';
 
 import { Wallet } from '@ethersproject/wallet';
 import { readFileSync, readdirSync, statSync } from 'fs';
@@ -14,13 +15,13 @@ import { extname, join } from 'path';
 import type { TypedDataDefinition } from 'viem';
 import { mnemonicToAccount } from 'viem/accounts';
 
+import { ethPrivateKeySchema } from './schemas.js';
 import { LocalSigner, RemoteSigner } from './signer.js';
 import type {
   EthAccount,
   EthAccounts,
   EthJsonKeyFileV3Config,
   EthMnemonicConfig,
-  EthPrivateKey,
   EthRemoteSignerAccount,
   EthRemoteSignerConfig,
   KeyStore,
@@ -94,7 +95,7 @@ export class KeystoreManager {
         if (account.startsWith('0x') && account.length === 66) {
           // Private key -> derive address locally without external deps
           try {
-            const signer = new LocalSigner(Buffer32.fromString(account as EthPrivateKey));
+            const signer = new LocalSigner(Buffer32.fromString(ethPrivateKeySchema.parse(account)));
             results.push(signer.address);
           } catch {
             // Ignore invalid private key at construction time
@@ -102,16 +103,6 @@ export class KeystoreManager {
           return;
         }
 
-        if (account.startsWith('0x') && account.length === 42) {
-          // Address string
-          try {
-            results.push(EthAddress.fromString(account));
-          } catch {
-            // Ignore invalid address format at construction time
-          }
-          return;
-        }
-
         // Any other string cannot be confidently resolved here
         return;
       }
@@ -126,16 +117,13 @@ export class KeystoreManager {
         return;
       }
 
-      // Remote signer account (object form)
-      const remoteSigner = account as EthRemoteSignerAccount;
-      const address = typeof remoteSigner === 'string' ? remoteSigner : remoteSigner.address;
-      if (address) {
-        try {
-          results.push(EthAddress.fromString(address));
-        } catch {
-          // Ignore invalid address format at construction time
-        }
+      // Remote signer account. If it contains 'address' then extract, otherwise it IS the address
+      const remoteSigner: EthRemoteSignerAccount = account;
+      if ('address' in remoteSigner) {
+        results.push(remoteSigner.address);
+        return;
       }
+      results.push(remoteSigner);
     };
 
     if (Array.isArray(accounts)) {
@@ -205,7 +193,7 @@ export class KeystoreManager {
       return undefined;
     }
 
-    // Handle simple prover case (just a private key)
+    // Handle prover being a private key, JSON key store or remote signer with nested address
     if (
       typeof this.keystore.prover === 'string' ||
       'path' in this.keystore.prover ||
@@ -218,10 +206,20 @@ export class KeystoreManager {
       };
     }
 
-    const id = EthAddress.fromString(this.keystore.prover.id);
-    const signers = this.createSignersFromEthAccounts(this.keystore.prover.publisher, this.keystore.remoteSigner);
+    // Handle prover as Id and specified publishers
+    if ('id' in this.keystore.prover) {
+      const id = this.keystore.prover.id;
+      const signers = this.createSignersFromEthAccounts(this.keystore.prover.publisher, this.keystore.remoteSigner);
 
-    return { id, signers };
+      return { id, signers };
+    }
+
+    // Here, prover is just an EthAddress for a remote signer
+    const signers = this.createSignersFromEthAccounts(this.keystore.prover, this.keystore.remoteSigner);
+    return {
+      id: undefined,
+      signers,
+    };
   }
 
   /**
@@ -248,7 +246,7 @@ export class KeystoreManager {
     const validator = this.getValidator(validatorIndex);
 
     if (validator.coinbase) {
-      return EthAddress.fromString(validator.coinbase);
+      return validator.coinbase;
     }
 
     // Fall back to first attester address
@@ -263,7 +261,7 @@ export class KeystoreManager {
   /**
    * Get fee recipient for validator
    */
-  getFeeRecipient(validatorIndex: number): string {
+  getFeeRecipient(validatorIndex: number): AztecAddress {
     const validator = this.getValidator(validatorIndex);
     return validator.feeRecipient;
   }
@@ -351,13 +349,9 @@ export class KeystoreManager {
     if (typeof account === 'string') {
       if (account.startsWith('0x') && account.length === 66) {
         // Private key
-        return new LocalSigner(Buffer32.fromString(account as EthPrivateKey));
+        return new LocalSigner(Buffer32.fromString(ethPrivateKeySchema.parse(account)));
       } else {
-        // Remote signer address only - use default remote signer config
-        if (!defaultRemoteSigner) {
-          throw new KeystoreError(`No remote signer configuration found for address ${account}`);
-        }
-        return new RemoteSigner(EthAddress.fromString(account), defaultRemoteSigner);
+        throw new Error(`Invalid private key`);
       }
     }
 
@@ -368,29 +362,29 @@ export class KeystoreManager {
     }
 
     // Remote signer account
-    const remoteSigner = account as EthRemoteSignerAccount;
-    if (typeof remoteSigner === 'string') {
-      // Just an address - use default config
-      if (!defaultRemoteSigner) {
-        throw new KeystoreError(`No remote signer configuration found for address ${remoteSigner}`);
+    const remoteSigner: EthRemoteSignerAccount = account;
+
+    if ('address' in remoteSigner) {
+      // Remote signer with config
+      const config = remoteSigner.remoteSignerUrl
+        ? {
+            remoteSignerUrl: remoteSigner.remoteSignerUrl,
+            certPath: remoteSigner.certPath,
+            certPass: remoteSigner.certPass,
+          }
+        : defaultRemoteSigner;
+      if (!config) {
+        throw new KeystoreError(`No remote signer configuration found for address ${remoteSigner.address}`);
       }
-      return new RemoteSigner(EthAddress.fromString(remoteSigner), defaultRemoteSigner);
-    }
-
-    // Remote signer with config
-    const config = remoteSigner.remoteSignerUrl
-      ? {
-          remoteSignerUrl: remoteSigner.remoteSignerUrl,
-          certPath: remoteSigner.certPath,
-          certPass: remoteSigner.certPass,
-        }
-      : defaultRemoteSigner;
 
-    if (!config) {
-      throw new KeystoreError(`No remote signer configuration found for address ${remoteSigner.address}`);
+      return new RemoteSigner(remoteSigner.address, config);
     }
 
-    return new RemoteSigner(EthAddress.fromString(remoteSigner.address), config);
+    // Just an address - use default config
+    if (!defaultRemoteSigner) {
+      throw new KeystoreError(`No remote signer configuration found for address ${remoteSigner}`);
+    }
+    return new RemoteSigner(remoteSigner, defaultRemoteSigner);
   }
 
   /**
@@ -531,25 +525,18 @@ export class KeystoreManager {
     const validator = this.getValidator(validatorIndex);
 
     // Helper to get address from an account configuration
-    const getAddressFromAccount = (account: EthAccount): EthAddress | EthAddress[] | null => {
+    const getAddressFromAccount = (account: EthAccount): EthAddress | EthAddress[] | undefined => {
       if (typeof account === 'string') {
         if (account.startsWith('0x') && account.length === 66) {
           // This is a private key - derive the address
           try {
-            const signer = new LocalSigner(Buffer32.fromString(account as EthPrivateKey));
+            const signer = new LocalSigner(Buffer32.fromString(ethPrivateKeySchema.parse(account)));
             return signer.address;
           } catch {
-            return null;
-          }
-        } else if (account.startsWith('0x') && account.length === 42) {
-          // This is an address
-          try {
-            return EthAddress.fromString(account);
-          } catch {
-            return null;
+            return undefined;
           }
         }
-        return null;
+        return undefined;
       }
 
       // JSON V3 keystore
@@ -558,18 +545,16 @@ export class KeystoreManager {
           const signers = this.createSignerFromJsonV3(account);
           return signers.map(s => s.address);
         } catch {
-          return null;
+          return undefined;
         }
       }
 
-      // Remote signer account
-      const remoteSigner = account as EthRemoteSignerAccount;
-      const address = typeof remoteSigner === 'string' ? remoteSigner : remoteSigner.address;
-      try {
-        return EthAddress.fromString(address);
-      } catch {
-        return null;
+      // Remote signer account, either it is an address or the address is nested
+      const remoteSigner: EthRemoteSignerAccount = account;
+      if ('address' in remoteSigner) {
+        return remoteSigner.address;
       }
+      return remoteSigner;
     };
 
     // Helper to check if account matches and get its remote signer config
@@ -588,13 +573,7 @@ export class KeystoreManager {
 
       // Found a match - determine the config to return
       if (typeof account === 'string') {
-        if (account.startsWith('0x') && account.length === 66) {
-          // Private key - local signer, no remote config
-          return undefined;
-        } else {
-          // Address only - use defaults
-          return validator.remoteSigner || this.keystore.remoteSigner;
-        }
+        return undefined;
       }
 
       // JSON V3 - local signer, no remote config
@@ -603,23 +582,23 @@ export class KeystoreManager {
       }
 
       // Remote signer account with potential override
-      const remoteSigner = account as EthRemoteSignerAccount;
-      if (typeof remoteSigner === 'string') {
-        // Just an address - use defaults
-        return validator.remoteSigner || this.keystore.remoteSigner;
-      }
-
-      // Has inline config
-      if (remoteSigner.remoteSignerUrl) {
-        return {
-          remoteSignerUrl: remoteSigner.remoteSignerUrl,
-          certPath: remoteSigner.certPath,
-          certPass: remoteSigner.certPass,
-        };
-      } else {
-        // No URL specified, use defaults
-        return validator.remoteSigner || this.keystore.remoteSigner;
+      const remoteSigner: EthRemoteSignerAccount = account;
+
+      if ('address' in remoteSigner) {
+        // Has inline config
+        if (remoteSigner.remoteSignerUrl) {
+          return {
+            remoteSignerUrl: remoteSigner.remoteSignerUrl,
+            certPath: remoteSigner.certPath,
+            certPass: remoteSigner.certPass,
+          };
+        } else {
+          // No URL specified, use defaults
+          return validator.remoteSigner || this.keystore.remoteSigner;
+        }
       }
+      // Just an address, use defaults
+      return validator.remoteSigner || this.keystore.remoteSigner;
     };
 
     // Check the attester configuration

package/src/loader.ts

@@ -39,7 +39,7 @@ export function loadKeystoreFile(filePath: string): KeyStore {
     const content = readFileSync(filePath, 'utf-8');
 
     // Parse JSON and validate with Zod schema (following Aztec patterns)
-    return keystoreSchema.parse(JSON.parse(content)) as KeyStore;
+    return keystoreSchema.parse(JSON.parse(content));
   } catch (error) {
     if (error instanceof SyntaxError) {
       throw new KeyStoreLoadError('Invalid JSON format', filePath, error);

package/src/schemas.ts

@@ -1,17 +1,18 @@
 /**
  * Zod schemas for keystore validation using Aztec's validation functions
  */
-import { EthAddress } from '@aztec/foundation/eth-address';
+import { optional, schemas } from '@aztec/foundation/schemas';
 import { AztecAddress } from '@aztec/stdlib/aztec-address';
 
 import { z } from 'zod';
 
+import type { EthPrivateKey } from './types.js';
+
 // Use Aztec's validation functions but return string types to match our TypeScript interfaces
-const ethAddressSchema = z.string().refine(EthAddress.isAddress, 'Invalid Ethereum address');
-const ethPrivateKeySchema = z
+export const ethPrivateKeySchema = z
   .string()
-  .regex(/^0x[0-9a-fA-F]{64}$/, 'Invalid private key (must be 32 bytes with 0x prefix)');
-const aztecAddressSchema = z.string().refine(AztecAddress.isAddress, 'Invalid Aztec address');
+  .regex(/^0x[0-9a-fA-F]{64}$/, 'Invalid private key (must be 32 bytes with 0x prefix)')
+  .transform(s => s as EthPrivateKey);
 const urlSchema = z.string().url('Invalid URL');
 
 // Remote signer config schema
@@ -19,26 +20,26 @@ const remoteSignerConfigSchema = z.union([
   urlSchema,
   z.object({
     remoteSignerUrl: urlSchema,
-    certPath: z.string().nullish(),
-    certPass: z.string().nullish(),
+    certPath: optional(z.string()),
+    certPass: optional(z.string()),
   }),
 ]);
 
 // Remote signer account schema
 const remoteSignerAccountSchema = z.union([
-  ethAddressSchema,
+  schemas.EthAddress,
   z.object({
-    address: ethAddressSchema,
-    remoteSignerUrl: urlSchema.nullish(),
-    certPath: z.string().nullish(),
-    certPass: z.string().nullish(),
+    address: schemas.EthAddress,
+    remoteSignerUrl: optional(urlSchema),
+    certPath: optional(z.string()),
+    certPass: optional(z.string()),
   }),
 ]);
 
 // JSON V3 keystore schema
 const jsonKeyFileV3Schema = z.object({
   path: z.string(),
-  password: z.string().nullish(),
+  password: optional(z.string()),
 });
 
 // Mnemonic config schema
@@ -51,21 +52,16 @@ const mnemonicConfigSchema = z.object({
 });
 
 // EthAccount schema
-const ethAccountSchema = z.union([
-  ethPrivateKeySchema,
-  remoteSignerAccountSchema,
-  jsonKeyFileV3Schema,
-  mnemonicConfigSchema,
-]);
+const ethAccountSchema = z.union([ethPrivateKeySchema, remoteSignerAccountSchema, jsonKeyFileV3Schema]);
 
 // EthAccounts schema
-const ethAccountsSchema = z.union([ethAccountSchema, z.array(ethAccountSchema)]);
+const ethAccountsSchema = z.union([ethAccountSchema, z.array(ethAccountSchema), mnemonicConfigSchema]);
 
 // Prover keystore schema
 const proverKeyStoreSchema = z.union([
   ethAccountSchema,
   z.object({
-    id: ethAddressSchema,
+    id: schemas.EthAddress,
     publisher: ethAccountsSchema,
   }),
 ]);
@@ -73,26 +69,24 @@ const proverKeyStoreSchema = z.union([
 // Validator keystore schema
 const validatorKeyStoreSchema = z.object({
   attester: ethAccountsSchema,
-  coinbase: ethAddressSchema.nullish(),
-  publisher: ethAccountsSchema.nullish(),
-  feeRecipient: aztecAddressSchema,
-  remoteSigner: remoteSignerConfigSchema.nullish(),
-  fundingAccount: ethAccountSchema.nullish(),
+  coinbase: optional(schemas.EthAddress),
+  publisher: optional(ethAccountsSchema),
+  feeRecipient: AztecAddress.schema,
+  remoteSigner: optional(remoteSignerConfigSchema),
+  fundingAccount: optional(ethAccountSchema),
 });
 
 // Main keystore schema
 export const keystoreSchema = z
   .object({
     schemaVersion: z.literal(1),
-    validators: z.array(validatorKeyStoreSchema).nullish(),
-    slasher: ethAccountsSchema.nullish(),
-    remoteSigner: remoteSignerConfigSchema.nullish(),
-    prover: proverKeyStoreSchema.nullish(),
-    fundingAccount: ethAccountSchema.nullish(),
+    validators: optional(z.array(validatorKeyStoreSchema)),
+    slasher: optional(ethAccountsSchema),
+    remoteSigner: optional(remoteSignerConfigSchema),
+    prover: optional(proverKeyStoreSchema),
+    fundingAccount: optional(ethAccountSchema),
   })
   .refine(data => data.validators || data.prover, {
     message: 'Keystore must have at least validators or prover configuration',
     path: ['root'],
   });
-
-export type KeyStoreSchema = z.infer<typeof keystoreSchema>;