@aztec/node-keystore 3.0.0-canary.a9708bd → 3.0.0-devnet.2

package/src/schemas.ts

@@ -1,17 +1,22 @@
 /**
  * Zod schemas for keystore validation using Aztec's validation functions
  */
-import { EthAddress } from '@aztec/foundation/eth-address';
+import { optional, schemas } from '@aztec/foundation/schemas';
 import { AztecAddress } from '@aztec/stdlib/aztec-address';
 
 import { z } from 'zod';
 
+import type { BLSPrivateKey, EthPrivateKey } from './types.js';
+
 // Use Aztec's validation functions but return string types to match our TypeScript interfaces
-const ethAddressSchema = z.string().refine(EthAddress.isAddress, 'Invalid Ethereum address');
-const ethPrivateKeySchema = z
+export const ethPrivateKeySchema = z
+  .string()
+  .regex(/^0x[0-9a-fA-F]{64}$/, 'Invalid private key (must be 32 bytes with 0x prefix)')
+  .transform(s => s as EthPrivateKey);
+export const blsPrivateKeySchema = z
   .string()
-  .regex(/^0x[0-9a-fA-F]{64}$/, 'Invalid private key (must be 32 bytes with 0x prefix)');
-const aztecAddressSchema = z.string().refine(AztecAddress.isAddress, 'Invalid Aztec address');
+  .regex(/^0x[0-9a-fA-F]{64}$/, 'Invalid BLS private key (must be 32 bytes with 0x prefix)')
+  .transform(s => s as BLSPrivateKey);
 const urlSchema = z.string().url('Invalid URL');
 
 // Remote signer config schema
@@ -19,26 +24,26 @@ const remoteSignerConfigSchema = z.union([
   urlSchema,
   z.object({
     remoteSignerUrl: urlSchema,
-    certPath: z.string().nullish(),
-    certPass: z.string().nullish(),
+    certPath: optional(z.string()),
+    certPass: optional(z.string()),
   }),
 ]);
 
 // Remote signer account schema
 const remoteSignerAccountSchema = z.union([
-  ethAddressSchema,
+  schemas.EthAddress,
   z.object({
-    address: ethAddressSchema,
-    remoteSignerUrl: urlSchema.nullish(),
-    certPath: z.string().nullish(),
-    certPass: z.string().nullish(),
+    address: schemas.EthAddress,
+    remoteSignerUrl: urlSchema,
+    certPath: optional(z.string()),
+    certPass: optional(z.string()),
   }),
 ]);
 
 // JSON V3 keystore schema
 const jsonKeyFileV3Schema = z.object({
   path: z.string(),
-  password: z.string().nullish(),
+  password: optional(z.string()),
 });
 
 // Mnemonic config schema
@@ -51,46 +56,56 @@ const mnemonicConfigSchema = z.object({
 });
 
 // EthAccount schema
-const ethAccountSchema = z.union([
-  ethPrivateKeySchema,
-  remoteSignerAccountSchema,
-  jsonKeyFileV3Schema,
-  mnemonicConfigSchema,
-]);
+const ethAccountSchema = z.union([ethPrivateKeySchema, remoteSignerAccountSchema, jsonKeyFileV3Schema]);
 
 // EthAccounts schema
-const ethAccountsSchema = z.union([ethAccountSchema, z.array(ethAccountSchema)]);
+const ethAccountsSchema = z.union([ethAccountSchema, z.array(ethAccountSchema), mnemonicConfigSchema]);
+
+// BLSAccount schema
+const blsAccountSchema = z.union([blsPrivateKeySchema, jsonKeyFileV3Schema]);
+
+// AttesterAccount schema: either EthAccount or { eth: EthAccount, bls?: BLSAccount }
+const attesterAccountSchema = z.union([
+  ethAccountSchema,
+  z.object({
+    eth: ethAccountSchema,
+    bls: optional(blsAccountSchema),
+  }),
+]);
+
+// AttesterAccounts schema: AttesterAccount | AttesterAccount[] | MnemonicConfig
+const attesterAccountsSchema = z.union([attesterAccountSchema, z.array(attesterAccountSchema), mnemonicConfigSchema]);
 
 // Prover keystore schema
 const proverKeyStoreSchema = z.union([
   ethAccountSchema,
   z.object({
-    id: ethAddressSchema,
+    id: schemas.EthAddress,
     publisher: ethAccountsSchema,
   }),
 ]);
 
 // Validator keystore schema
 const validatorKeyStoreSchema = z.object({
-  attester: ethAccountsSchema,
-  coinbase: ethAddressSchema.nullish(),
-  publisher: ethAccountsSchema.nullish(),
-  feeRecipient: aztecAddressSchema,
-  remoteSigner: remoteSignerConfigSchema.nullish(),
+  attester: attesterAccountsSchema,
+  coinbase: optional(schemas.EthAddress),
+  publisher: optional(ethAccountsSchema),
+  feeRecipient: AztecAddress.schema,
+  remoteSigner: optional(remoteSignerConfigSchema),
+  fundingAccount: optional(ethAccountSchema),
 });
 
 // Main keystore schema
 export const keystoreSchema = z
   .object({
     schemaVersion: z.literal(1),
-    validators: z.array(validatorKeyStoreSchema).nullish(),
-    slasher: ethAccountsSchema.nullish(),
-    remoteSigner: remoteSignerConfigSchema.nullish(),
-    prover: proverKeyStoreSchema.nullish(),
+    validators: optional(z.array(validatorKeyStoreSchema)),
+    slasher: optional(ethAccountsSchema),
+    remoteSigner: optional(remoteSignerConfigSchema),
+    prover: optional(proverKeyStoreSchema),
+    fundingAccount: optional(ethAccountSchema),
   })
   .refine(data => data.validators || data.prover, {
     message: 'Keystore must have at least validators or prover configuration',
     path: ['root'],
   });
-
-export type KeyStoreSchema = z.infer<typeof keystoreSchema>;

package/src/signer.ts

@@ -104,6 +104,82 @@ export class RemoteSigner implements EthSigner {
     private fetch: typeof globalThis.fetch = globalThis.fetch,
   ) {}
 
+  /**
+   * Validates that a web3signer is accessible and that the given addresses are available.
+   * @param remoteSignerUrl - The URL of the web3signer (can be string or EthRemoteSignerConfig)
+   * @param addresses - The addresses to check for availability
+   * @param fetch - Optional fetch implementation for testing
+   * @throws Error if the web3signer is not accessible or if any address is not available
+   */
+  static async validateAccess(
+    remoteSignerUrl: EthRemoteSignerConfig,
+    addresses: string[],
+    fetch: typeof globalThis.fetch = globalThis.fetch,
+  ): Promise<void> {
+    const url = typeof remoteSignerUrl === 'string' ? remoteSignerUrl : remoteSignerUrl.remoteSignerUrl;
+
+    try {
+      // Check if the web3signer is reachable by calling eth_accounts
+      const response = await fetch(url, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+        },
+        body: JSON.stringify({
+          jsonrpc: '2.0',
+          method: 'eth_accounts',
+          params: [],
+          id: 1,
+        }),
+      });
+
+      if (!response.ok) {
+        const errorText = await response.text();
+        throw new SignerError(
+          `Web3Signer validation failed: ${response.status} ${response.statusText} - ${errorText}`,
+          'eth_accounts',
+          url,
+          response.status,
+        );
+      }
+
+      const result = await response.json();
+
+      if (result.error) {
+        throw new SignerError(
+          `Web3Signer JSON-RPC error during validation: ${result.error.code} - ${result.error.message}`,
+          'eth_accounts',
+          url,
+          200,
+          result.error.code,
+        );
+      }
+
+      if (!result.result || !Array.isArray(result.result)) {
+        throw new Error('Invalid response from Web3Signer: expected array of accounts');
+      }
+
+      // Normalize addresses to lowercase for comparison
+      const availableAccounts: string[] = result.result.map((addr: string) => addr.toLowerCase());
+      const requestedAddresses = addresses.map(addr => addr.toLowerCase());
+
+      // Check if all requested addresses are available
+      const missingAddresses = requestedAddresses.filter(addr => !availableAccounts.includes(addr));
+
+      if (missingAddresses.length > 0) {
+        throw new Error(`The following addresses are not available in the web3signer: ${missingAddresses.join(', ')}`);
+      }
+    } catch (error: any) {
+      if (error instanceof SignerError) {
+        throw error;
+      }
+      if (error.code === 'ECONNREFUSED' || error.cause?.code === 'ECONNREFUSED') {
+        throw new Error(`Unable to connect to web3signer at ${url}. Please ensure it is running and accessible.`);
+      }
+      throw error;
+    }
+  }
+
   /**
    * Sign a message using eth_sign via remote JSON-RPC.
    */

package/src/types.ts

@@ -5,21 +5,20 @@
  * These types define the JSON structure for configuring validators, provers, and
  * their associated keys and addresses.
  */
+import type { EthAddress } from '@aztec/foundation/eth-address';
+import type { AztecAddress } from '@aztec/stdlib/aztec-address';
 
 /** Parameterized hex string type for specific byte lengths */
 export type Hex<TByteLength extends number> = `0x${string}` & { readonly _length: TByteLength };
 
 /** A json keystore config points to a local file with the encrypted private key, and may require a password for decrypting it */
-export type EthJsonKeyFileV3Config = { path: string; password?: string };
+export type JsonKeyFileV3Config = { path: string; password?: string };
 
 /** A private key is a 32-byte 0x-prefixed hex */
 export type EthPrivateKey = Hex<32>;
 
-/** An address is a 20-byte 0x-prefixed hex */
-export type EthAddressHex = Hex<20>;
-
-/** An Aztec address is a 32-byte 0x-prefixed hex */
-export type AztecAddressHex = Hex<32>;
+/** A BLS private key is a 32-byte 0x-prefixed hex */
+export type BLSPrivateKey = Hex<32>;
 
 /** URL type for remote signers */
 export type Url = string;
@@ -40,19 +39,19 @@ export type EthRemoteSignerConfig =
  * If only the address is set, then the default remote signer config from the parent config is used.
  */
 export type EthRemoteSignerAccount =
-  | EthAddressHex
+  | EthAddress
   | {
-      address: EthAddressHex;
-      remoteSignerUrl?: Url;
+      address: EthAddress;
+      remoteSignerUrl: Url;
       certPath?: string;
       certPass?: string;
     };
 
 /** An L1 account is a private key, a remote signer configuration, or a standard json key store file */
-export type EthAccount = EthPrivateKey | EthRemoteSignerAccount | EthJsonKeyFileV3Config;
+export type EthAccount = EthPrivateKey | EthRemoteSignerAccount | JsonKeyFileV3Config;
 
 /** A mnemonic can be used to define a set of accounts */
-export type EthMnemonicConfig = {
+export type MnemonicConfig = {
   mnemonic: string;
   addressIndex?: number;
   accountIndex?: number;
@@ -61,28 +60,37 @@ export type EthMnemonicConfig = {
 };
 
 /** One or more L1 accounts */
-export type EthAccounts = EthAccount | EthAccount[] | EthMnemonicConfig;
+export type EthAccounts = EthAccount | EthAccount[] | MnemonicConfig;
 
-export type ProverKeyStore =
-  | {
-      /** Address that identifies the prover. This address will receive the rewards. */
-      id: EthAddressHex;
-      /** One or more EOAs used for sending proof L1 txs. */
-      publisher: EthAccounts;
-    }
-  | EthAccount;
+export type ProverKeyStoreWithId = {
+  /** Address that identifies the prover. This address will receive the rewards. */
+  id: EthAddress;
+  /** One or more EOAs used for sending proof L1 txs. */
+  publisher: EthAccounts;
+};
+
+export type ProverKeyStore = ProverKeyStoreWithId | EthAccount;
+
+/** A BLS account is either a private key, or a standard json key store file */
+export type BLSAccount = BLSPrivateKey | JsonKeyFileV3Config;
+
+/** An AttesterAccount is a combined EthAccount and optional BLSAccount */
+export type AttesterAccount = { eth: EthAccount; bls?: BLSAccount } | EthAccount;
+
+/** One or more attester accounts combining ETH and BLS keys */
+export type AttesterAccounts = AttesterAccount | AttesterAccount[] | MnemonicConfig;
 
 export type ValidatorKeyStore = {
   /**
    * One or more validator attester keys to handle in this configuration block.
    * An attester address may only appear once across all configuration blocks across all keystore files.
    */
-  attester: EthAccounts;
+  attester: AttesterAccounts;
   /**
    * Coinbase address to use when proposing an L2 block as any of the validators in this configuration block.
    * Falls back to the attester address if not set.
    */
-  coinbase?: EthAddressHex;
+  coinbase?: EthAddress;
   /**
    * One or more EOAs used for sending block proposal L1 txs for all validators in this configuration block.
    * Falls back to the attester account if not set.
@@ -91,11 +99,15 @@ export type ValidatorKeyStore = {
   /**
    * Fee recipient address to use when proposing an L2 block as any of the validators in this configuration block.
    */
-  feeRecipient: AztecAddressHex;
+  feeRecipient: AztecAddress;
   /**
    * Default remote signer for all accounts in this block.
    */
   remoteSigner?: EthRemoteSignerConfig;
+  /**
+   * Used for automatically funding publisher accounts in this block.
+   */
+  fundingAccount?: EthAccount;
 };
 
 export type KeyStore = {
@@ -109,4 +121,6 @@ export type KeyStore = {
   remoteSigner?: EthRemoteSignerConfig;
   /** Prover configuration. Only one prover configuration is allowed. */
   prover?: ProverKeyStore;
+  /** Used for automatically funding publisher accounts if there is none defined in the corresponding  ValidatorKeyStore*/
+  fundingAccount?: EthAccount;
 };