@aztec/node-keystore 2.1.0-rc.1 → 2.1.0-rc.2

package/dest/keystore_manager.d.ts

@@ -45,6 +45,10 @@ export declare class KeystoreManager {
      * This is used at construction time to check for obvious duplicates without throwing for invalid inputs.
      */
     private extractAddressesWithoutSensitiveOperations;
+    /**
+     * Extract addresses from EthAccounts without sensitive operations (no decryption/derivation).
+     */
+    private extractAddressesFromEthAccountsNonSensitive;
     /**
      * Create signers for validator attester accounts
      */
@@ -129,5 +133,7 @@ export declare class KeystoreManager {
      * Precedence: account-level override > validator-level config > file-level default
      */
     getEffectiveRemoteSignerConfig(validatorIndex: number, attesterAddress: EthAddress): EthRemoteSignerConfig | undefined;
+    /** Extract ETH accounts from AttesterAccounts */
+    private extractEthAccountsFromAttester;
 }
 //# sourceMappingURL=keystore_manager.d.ts.map

package/dest/keystore_manager.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"keystore_manager.d.ts","sourceRoot":"","sources":["../src/keystore_manager.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAC3D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iCAAiC,CAAC;AACjE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAKhE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,MAAM,CAAC;AAKhD,OAAO,KAAK,EAEV,WAAW,EAIX,qBAAqB,EACrB,QAAQ,EACR,cAAc,EACd,iBAAiB,IAAI,uBAAuB,EAC7C,MAAM,YAAY,CAAC;AAEpB;;GAEG;AACH,qBAAa,aAAc,SAAQ,KAAK;IAGpB,KAAK,CAAC,EAAE,KAAK;gBAD7B,OAAO,EAAE,MAAM,EACC,KAAK,CAAC,EAAE,KAAK,YAAA;CAKhC;AAED;;GAEG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAW;IAEpC;;;;OAIG;gBACS,QAAQ,EAAE,QAAQ;IAK9B;;;OAGG;IACG,eAAe,IAAI,OAAO,CAAC,IAAI,CAAC;IAwEtC;;;;;OAKG;IACH,OAAO,CAAC,+BAA+B;IAkBvC;;;OAGG;IACH,OAAO,CAAC,0CAA0C;IAoDlD;;OAEG;IACH,qBAAqB,CAAC,cAAc,EAAE,MAAM,GAAG,SAAS,EAAE;IAK1D;;OAEG;IACH,sBAAsB,CAAC,cAAc,EAAE,MAAM,GAAG,SAAS,EAAE;IAc3D,kCAAkC,IAAI,SAAS,EAAE;IAWjD;;OAEG;IACH,oBAAoB,IAAI,SAAS,EAAE;IAQnC;;OAEG;IACH,mBAAmB,IAAI;QAAE,EAAE,EAAE,UAAU,GAAG,SAAS,CAAC;QAAC,OAAO,EAAE,SAAS,EAAE,CAAA;KAAE,GAAG,SAAS;IAkCvF;;OAEG;IACH,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,uBAAuB;IAOpD;;OAEG;IACH,iBAAiB,IAAI,MAAM;IAI3B;;OAEG;IACH,kBAAkB,CAAC,cAAc,EAAE,MAAM,GAAG,UAAU;IAgBtD;;OAEG;IACH,eAAe,CAAC,cAAc,EAAE,MAAM,GAAG,YAAY;IAKrD;;;OAGG;IACH,kBAAkB,IAAI,WAAW,GAAG,SAAS;IAI7C;;;OAGG;IACH,eAAe,IAAI,cAAc,GAAG,SAAS;IAI7C;;;OAGG;IACH,uCAAuC,IAAI,IAAI;IAqB/C;;OAEG;IACH,OAAO,CAAC,4BAA4B;IA+BpC;;OAEG;IACH,OAAO,CAAC,0BAA0B;IA2ClC;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAkD9B;;OAEG;IACH,OAAO,CAAC,gCAAgC;IAwBxC;;OAEG;IACH,OAAO,CAAC,yBAAyB;IA8BjC;;OAEG;IACG,WAAW,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,GAAG,OAAO,CAAC,SAAS,CAAC;IAI3E;;OAEG;IACG,aAAa,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,mBAAmB,GAAG,OAAO,CAAC,SAAS,CAAC;IAI1F;;;OAGG;IACH,8BAA8B,CAC5B,cAAc,EAAE,MAAM,EACtB,eAAe,EAAE,UAAU,GAC1B,qBAAqB,GAAG,SAAS;CAkHrC"}
+{"version":3,"file":"keystore_manager.d.ts","sourceRoot":"","sources":["../src/keystore_manager.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAC3D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iCAAiC,CAAC;AACjE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAKhE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,MAAM,CAAC;AAKhD,OAAO,KAAK,EAGV,WAAW,EAEX,qBAAqB,EAErB,QAAQ,EAER,cAAc,EACd,iBAAiB,IAAI,uBAAuB,EAC7C,MAAM,YAAY,CAAC;AAEpB;;GAEG;AACH,qBAAa,aAAc,SAAQ,KAAK;IAGpB,KAAK,CAAC,EAAE,KAAK;gBAD7B,OAAO,EAAE,MAAM,EACC,KAAK,CAAC,EAAE,KAAK,YAAA;CAKhC;AAED;;GAEG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAW;IAEpC;;;;OAIG;gBACS,QAAQ,EAAE,QAAQ;IAK9B;;;OAGG;IACG,eAAe,IAAI,OAAO,CAAC,IAAI,CAAC;IAwEtC;;;;;OAKG;IACH,OAAO,CAAC,+BAA+B;IAkBvC;;;OAGG;IACH,OAAO,CAAC,0CAA0C;IAKlD;;OAEG;IACH,OAAO,CAAC,2CAA2C;IA+CnD;;OAEG;IACH,qBAAqB,CAAC,cAAc,EAAE,MAAM,GAAG,SAAS,EAAE;IAM1D;;OAEG;IACH,sBAAsB,CAAC,cAAc,EAAE,MAAM,GAAG,SAAS,EAAE;IAc3D,kCAAkC,IAAI,SAAS,EAAE;IAWjD;;OAEG;IACH,oBAAoB,IAAI,SAAS,EAAE;IAQnC;;OAEG;IACH,mBAAmB,IAAI;QAAE,EAAE,EAAE,UAAU,GAAG,SAAS,CAAC;QAAC,OAAO,EAAE,SAAS,EAAE,CAAA;KAAE,GAAG,SAAS;IAiCvF;;OAEG;IACH,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,uBAAuB;IAOpD;;OAEG;IACH,iBAAiB,IAAI,MAAM;IAI3B;;OAEG;IACH,kBAAkB,CAAC,cAAc,EAAE,MAAM,GAAG,UAAU;IAgBtD;;OAEG;IACH,eAAe,CAAC,cAAc,EAAE,MAAM,GAAG,YAAY;IAKrD;;;OAGG;IACH,kBAAkB,IAAI,WAAW,GAAG,SAAS;IAI7C;;;OAGG;IACH,eAAe,IAAI,cAAc,GAAG,SAAS;IAI7C;;;OAGG;IACH,uCAAuC,IAAI,IAAI;IAqB/C;;OAEG;IACH,OAAO,CAAC,4BAA4B;IA+BpC;;OAEG;IACH,OAAO,CAAC,0BAA0B;IA2ClC;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAkD9B;;OAEG;IACH,OAAO,CAAC,gCAAgC;IAwBxC;;OAEG;IACH,OAAO,CAAC,yBAAyB;IA8BjC;;OAEG;IACG,WAAW,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,GAAG,OAAO,CAAC,SAAS,CAAC;IAI3E;;OAEG;IACG,aAAa,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,mBAAmB,GAAG,OAAO,CAAC,SAAS,CAAC;IAI1F;;;OAGG;IACH,8BAA8B,CAC5B,cAAc,EAAE,MAAM,EACtB,eAAe,EAAE,UAAU,GAC1B,qBAAqB,GAAG,SAAS;IA0GpC,iDAAiD;IACjD,OAAO,CAAC,8BAA8B;CAyBvC"}

package/dest/keystore_manager.js

@@ -74,7 +74,7 @@ import { LocalSigner, RemoteSigner } from './signer.js';
         for(let i = 0; i < validatorCount; i++){
             const validator = this.getValidator(i);
             const remoteSigner = validator.remoteSigner || this.keystore.remoteSigner;
-            collectRemoteSigners(validator.attester, remoteSigner);
+            collectRemoteSigners(this.extractEthAccountsFromAttester(validator.attester), remoteSigner);
             if (validator.publisher) {
                 collectRemoteSigners(validator.publisher, remoteSigner);
             }
@@ -118,32 +118,31 @@ import { LocalSigner, RemoteSigner } from './signer.js';
    * Best-effort address extraction that avoids decryption/derivation (no JSON-V3 or mnemonic processing).
    * This is used at construction time to check for obvious duplicates without throwing for invalid inputs.
    */ extractAddressesWithoutSensitiveOperations(accounts) {
+        const ethAccounts = this.extractEthAccountsFromAttester(accounts);
+        return this.extractAddressesFromEthAccountsNonSensitive(ethAccounts);
+    }
+    /**
+   * Extract addresses from EthAccounts without sensitive operations (no decryption/derivation).
+   */ extractAddressesFromEthAccountsNonSensitive(accounts) {
         const results = [];
         const handleAccount = (account)=>{
-            // String cases: private key or address or remote signer address
             if (typeof account === 'string') {
                 if (account.startsWith('0x') && account.length === 66) {
-                    // Private key -> derive address locally without external deps
                     try {
                         const signer = new LocalSigner(Buffer32.fromString(ethPrivateKeySchema.parse(account)));
                         results.push(signer.address);
                     } catch  {
-                    // Ignore invalid private key at construction time
+                    // ignore invalid private key at construction time
                     }
-                    return;
                 }
-                // Any other string cannot be confidently resolved here
                 return;
             }
-            // JSON V3 keystore: skip (requires decryption)
             if ('path' in account) {
                 return;
             }
-            // Mnemonic: skip (requires derivation and may throw on invalid mnemonics)
             if ('mnemonic' in account) {
                 return;
             }
-            // Remote signer account. If it contains 'address' then extract, otherwise it IS the address
             const remoteSigner = account;
             if ('address' in remoteSigner) {
                 results.push(remoteSigner.address);
@@ -153,11 +152,13 @@ import { LocalSigner, RemoteSigner } from './signer.js';
         };
         if (Array.isArray(accounts)) {
             for (const account of accounts){
-                const subResults = this.extractAddressesWithoutSensitiveOperations(account);
-                results.push(...subResults);
+                handleAccount(account);
             }
             return results;
         }
+        if (typeof accounts === 'object' && accounts !== null && 'mnemonic' in accounts) {
+            return results;
+        }
         handleAccount(accounts);
         return results;
     }
@@ -165,7 +166,8 @@ import { LocalSigner, RemoteSigner } from './signer.js';
    * Create signers for validator attester accounts
    */ createAttesterSigners(validatorIndex) {
         const validator = this.getValidator(validatorIndex);
-        return this.createSignersFromEthAccounts(validator.attester, validator.remoteSigner || this.keystore.remoteSigner);
+        const ethAccounts = this.extractEthAccountsFromAttester(validator.attester);
+        return this.createSignersFromEthAccounts(ethAccounts, validator.remoteSigner || this.keystore.remoteSigner);
     }
     /**
    * Create signers for validator publisher accounts (falls back to attester if not specified)
@@ -276,7 +278,7 @@ import { LocalSigner, RemoteSigner } from './signer.js';
         const validatorCount = this.getValidatorCount();
         for(let validatorIndex = 0; validatorIndex < validatorCount; validatorIndex++){
             const validator = this.getValidator(validatorIndex);
-            const signers = this.createSignersFromEthAccounts(validator.attester, validator.remoteSigner || this.keystore.remoteSigner);
+            const signers = this.createSignersFromEthAccounts(this.extractEthAccountsFromAttester(validator.attester), validator.remoteSigner || this.keystore.remoteSigner);
             for (const signer of signers){
                 const address = signer.address.toString().toLowerCase();
                 if (seenAddresses.has(address)) {
@@ -530,34 +532,52 @@ import { LocalSigner, RemoteSigner } from './signer.js';
             // Just an address, use defaults
             return validator.remoteSigner || this.keystore.remoteSigner;
         };
-        // Check the attester configuration
-        const { attester } = validator;
+        // Normalize attester to EthAccounts and search
+        const normalized = this.extractEthAccountsFromAttester(validator.attester);
+        const findInEthAccounts = (accs)=>{
+            if (typeof accs === 'string') {
+                return checkAccount(accs);
+            }
+            if (Array.isArray(accs)) {
+                for (const a of accs){
+                    const res = checkAccount(a);
+                    if (res !== undefined) {
+                        return res;
+                    }
+                }
+                return undefined;
+            }
+            if (typeof accs === 'object' && accs !== null && 'mnemonic' in accs) {
+                // mnemonic-derived keys are local signers; no remote signer config
+                return undefined;
+            }
+            return checkAccount(accs);
+        };
+        return findInEthAccounts(normalized);
+    }
+    /** Extract ETH accounts from AttesterAccounts */ extractEthAccountsFromAttester(attester) {
         if (typeof attester === 'string') {
-            const result = checkAccount(attester);
-            return result === undefined ? undefined : result;
+            return attester;
         }
         if (Array.isArray(attester)) {
-            for (const account of attester){
-                const result = checkAccount(account);
-                if (result !== undefined) {
-                    return result;
+            const out = [];
+            for (const item of attester){
+                if (typeof item === 'string') {
+                    out.push(item);
+                } else if ('eth' in item) {
+                    out.push(item.eth);
+                } else if (!('mnemonic' in item)) {
+                    out.push(item);
                 }
             }
-            return undefined;
+            return out;
         }
-        // Mnemonic configuration
         if ('mnemonic' in attester) {
-            try {
-                const signers = this.createSignersFromMnemonic(attester);
-                const matches = signers.some((s)=>s.address.equals(attesterAddress));
-                // Mnemonic-derived keys are local signers
-                return matches ? undefined : undefined;
-            } catch  {
-                return undefined;
-            }
+            return attester;
+        }
+        if ('eth' in attester) {
+            return attester.eth;
         }
-        // Single account object
-        const result = checkAccount(attester);
-        return result === undefined ? undefined : result;
+        return attester;
     }
 }

package/dest/loader.js

@@ -236,19 +236,38 @@ const logger = createLogger('node-keystore:loader');
  * @param attester The attester configuration in any supported shape.
  * @returns Array of string keys used to detect duplicates.
  */ function extractAttesterKeys(attester) {
+    // String forms (private key or other) - return as-is for coarse uniqueness
     if (typeof attester === 'string') {
         return [
             attester
         ];
     }
+    // Arrays of attester items
     if (Array.isArray(attester)) {
-        return attester.map((a)=>typeof a === 'string' ? a : JSON.stringify(a));
+        const keys = [];
+        for (const item of attester){
+            keys.push(...extractAttesterKeys(item));
+        }
+        return keys;
     }
-    if (attester && typeof attester === 'object' && 'address' in attester) {
+    if (attester && typeof attester === 'object') {
+        const obj = attester;
+        // New shape: { eth: EthAccount, bls?: BLSAccount }
+        if ('eth' in obj) {
+            return extractAttesterKeys(obj.eth);
+        }
+        // Remote signer account object shape: { address, remoteSignerUrl?, ... }
+        if ('address' in obj) {
+            return [
+                String(obj.address)
+            ];
+        }
+        // Mnemonic or other object shapes: stringify
         return [
-            attester.address
+            JSON.stringify(attester)
         ];
     }
+    // Fallback stringify for anything else (null/undefined)
     return [
         JSON.stringify(attester)
     ];