@aztec/p2p 1.2.1 → 2.0.0-nightly.20250813

package/dest/services/libp2p/libp2p_service.js

@@ -4,6 +4,7 @@ function _ts_decorate(decorators, target, key, desc) {
     else for(var i = decorators.length - 1; i >= 0; i--)if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
     return c > 3 && r && Object.defineProperty(target, key, r), r;
 }
+import { randomInt } from '@aztec/foundation/crypto';
 import { createLibp2pComponentLogger, createLogger } from '@aztec/foundation/log';
 import { SerialQueue } from '@aztec/foundation/queue';
 import { RunningPromise } from '@aztec/foundation/running-promise';
@@ -15,6 +16,7 @@ import { MerkleTreeId } from '@aztec/stdlib/trees';
 import { Tx } from '@aztec/stdlib/tx';
 import { compressComponentVersions } from '@aztec/stdlib/versioning';
 import { Attributes, OtelMetricsAdapter, WithTracer, trackSpan } from '@aztec/telemetry-client';
+import { ENR } from '@chainsafe/enr';
 import { gossipsub } from '@chainsafe/libp2p-gossipsub';
 import { createPeerScoreParams, createTopicScoreParams } from '@chainsafe/libp2p-gossipsub/score';
 import { SignaturePolicy } from '@chainsafe/libp2p-gossipsub/types';
@@ -41,7 +43,8 @@ import { SnappyTransform, fastMsgIdFn, getMsgIdFn, msgIdToStrFn } from '../encod
 import { gossipScoreThresholds } from '../gossipsub/scoring.js';
 import { PeerManager } from '../peer-manager/peer_manager.js';
 import { PeerScoring } from '../peer-manager/peer_scoring.js';
-import { DEFAULT_SUB_PROTOCOL_VALIDATORS, ReqRespSubProtocol } from '../reqresp/interface.js';
+import { DEFAULT_SUB_PROTOCOL_VALIDATORS, ReqRespSubProtocol, ValidationError } from '../reqresp/interface.js';
+import { reqRespBlockTxsHandler } from '../reqresp/protocols/block_txs/block_txs_handler.js';
 import { reqGoodbyeHandler } from '../reqresp/protocols/goodbye.js';
 import { pingHandler, reqRespBlockHandler, reqRespStatusHandler, reqRespTxHandler } from '../reqresp/protocols/index.js';
 import { ReqResp } from '../reqresp/reqresp.js';
@@ -114,10 +117,11 @@ import { P2PInstrumentation } from './instrumentation.js';
         const datastore = new AztecDatastore(peerStore);
         const otelMetricsAdapter = new OtelMetricsAdapter(telemetry);
         const peerDiscoveryService = new DiscV5Service(peerId, config, packageVersion, telemetry, createLogger(`${logger.module}:discv5_service`));
-        const bootstrapNodes = peerDiscoveryService.bootstrapNodeEnrs.map((enr)=>enr.encodeTxt());
-        // If trusted peers are provided, also provide them to the p2p service
-        bootstrapNodes.push(...config.trustedPeers);
-        // If bootstrap nodes are provided, also provide them to the p2p service
+        // Seed libp2p's bootstrap discovery with private and trusted peers
+        const bootstrapNodes = [
+            ...config.privatePeers,
+            ...config.trustedPeers
+        ];
         const peerDiscovery = [];
         if (bootstrapNodes.length > 0) {
             peerDiscovery.push(bootstrap({
@@ -129,6 +133,23 @@ import { P2PInstrumentation } from './instrumentation.js';
         const txTopic = createTopicString(TopicType.tx, protocolVersion);
         const blockProposalTopic = createTopicString(TopicType.block_proposal, protocolVersion);
         const blockAttestationTopic = createTopicString(TopicType.block_attestation, protocolVersion);
+        const preferredPeersEnrs = config.preferredPeers.map((enr)=>ENR.decodeTxt(enr));
+        const directPeers = (await Promise.all(preferredPeersEnrs.map(async (enr)=>{
+            const peerId = await enr.peerId();
+            const address = enr.getLocationMultiaddr('tcp');
+            if (address === undefined) {
+                throw new Error(`Direct peer ${peerId.toString()} has no TCP address, ENR: ${enr.encodeTxt()}`);
+            }
+            return {
+                id: peerId,
+                addrs: [
+                    address
+                ]
+            };
+        }))).filter((peer)=>peer !== undefined);
+        const announceTcpMultiaddr = config.p2pIp ? [
+            convertToMultiaddr(config.p2pIp, p2pPort, 'tcp')
+        ] : [];
         const node = await createLibp2p({
             start: false,
             peerId,
@@ -136,18 +157,27 @@ import { P2PInstrumentation } from './instrumentation.js';
                 listen: [
                     bindAddrTcp
                 ],
-                announce: []
+                announce: announceTcpMultiaddr
             },
             transports: [
                 tcp({
-                    maxConnections: config.maxPeerCount,
+                    // It's better to have this number a bit higher than our maxPeerCount because it's sets the limit on transport (TCP) layer
+                    // The connection attempts to the node on TCP layer are not necessarily valid Aztec peers so we want to have a bit of leeway here
+                    // If we hit the limit, the connection will be temporarily accepted and immediately dropped.
+                    // Docs: https://nodejs.org/api/net.html#servermaxconnections
+                    maxConnections: Math.ceil(maxPeerCount * 1.5),
                     // socket option: the maximum length of the queue of pending connections
                     // https://nodejs.org/dist/latest-v22.x/docs/api/net.html#serverlisten
                     // it's not safe if we increase this number
                     backlog: 5,
                     closeServerOnMaxConnections: {
-                        closeAbove: maxPeerCount ?? Infinity,
-                        listenBelow: maxPeerCount ?? Infinity
+                        // The property `maxConnections` will protect us against the most DDOS attack
+                        // This property protects us in case of burst of new connections where server is not able to close them quickly enough
+                        // In case closeAbove is reached, the server stops listening altogether
+                        // It's important that there is enough difference between closeAbove and listenAbove,
+                        // otherwise the server.listener will flap between being closed and open potentially degrading perf even more
+                        closeAbove: maxPeerCount * 2,
+                        listenBelow: Math.floor(maxPeerCount * 0.9)
                     }
                 })
             ],
@@ -162,16 +192,39 @@ import { P2PInstrumentation } from './instrumentation.js';
             ],
             connectionManager: {
                 minConnections: 0,
+                maxConnections: maxPeerCount,
                 maxParallelDials: 100,
                 dialTimeout: 30_000,
                 maxPeerAddrsToDial: 5,
                 maxIncomingPendingConnections: 5
             },
+            connectionGater: {
+                denyInboundConnection: (maConn)=>{
+                    const allowed = peerManager.isNodeAllowedToConnect(maConn.remoteAddr.nodeAddress().address);
+                    if (allowed) {
+                        return false;
+                    }
+                    logger.debug(`Connection gater: Denying inbound connection from ${maConn.remoteAddr.toString()}`);
+                    return true;
+                },
+                denyInboundEncryptedConnection: (peerId, _maConn)=>{
+                    //NOTE: it is not necessary to check address here because this was already done by
+                    // denyInboundConnection
+                    const allowed = peerManager.isNodeAllowedToConnect(peerId);
+                    if (allowed) {
+                        return false;
+                    }
+                    logger.debug(`Connection gater: Denying inbound encrypted connection from ${peerId.toString()}`);
+                    return true;
+                }
+            },
             services: {
                 identify: identify({
-                    protocolPrefix: 'aztec'
+                    protocolPrefix: 'aztec',
+                    runOnConnectionOpen: true
                 }),
                 pubsub: gossipsub({
+                    directPeers,
                     debugName: 'gossipsub',
                     globalSignaturePolicy: SignaturePolicy.StrictNoSign,
                     allowPublishToZeroTopicPeers: true,
@@ -222,10 +275,10 @@ import { P2PInstrumentation } from './instrumentation.js';
         });
         const peerScoring = new PeerScoring(config);
         const reqresp = new ReqResp(config, node, peerScoring, createLogger(`${logger.module}:reqresp`));
-        const peerManager = new PeerManager(node, peerDiscoveryService, config, telemetry, createLogger(`${logger.module}:peer_manager`), peerScoring, reqresp, worldStateSynchronizer, protocolVersion);
+        const peerManager = new PeerManager(node, peerDiscoveryService, config, telemetry, createLogger(`${logger.module}:peer_manager`), peerScoring, reqresp, worldStateSynchronizer, protocolVersion, epochCache);
         // Update gossipsub score params
         node.services.pubsub.score.params.appSpecificWeight = 10;
-        node.services.pubsub.score.params.appSpecificScore = (peerId)=>peerManager.getPeerScore(peerId);
+        node.services.pubsub.score.params.appSpecificScore = (peerId)=>peerManager.shouldDisableP2PGossip(peerId) ? -Infinity : peerManager.getPeerScore(peerId);
         return new LibP2PService(clientType, config, node, peerDiscoveryService, reqresp, peerManager, mempools, l2BlockSource, epochCache, proofVerifier, worldStateSynchronizer, telemetry, logger);
     }
     /**
@@ -245,7 +298,9 @@ import { P2PInstrumentation } from './instrumentation.js';
         // Start job queue, peer discovery service and libp2p node
         this.jobQueue.start();
         await this.peerManager.initializePeers();
-        await this.peerDiscoveryService.start();
+        if (!this.config.p2pDiscoveryDisabled) {
+            await this.peerDiscoveryService.start();
+        }
         await this.node.start();
         // Subscribe to standard GossipSub topics by default
         for (const topic of getTopicTypeForClientType(this.clientType)){
@@ -256,6 +311,10 @@ import { P2PInstrumentation } from './instrumentation.js';
         const goodbyeHandler = reqGoodbyeHandler(this.peerManager);
         const blockHandler = reqRespBlockHandler(this.archiver);
         const statusHandler = reqRespStatusHandler(this.protocolVersion, this.worldStateSynchronizer, this.logger);
+        // In case P2P client doesnt'have attestation pool,
+        // const blockTxsHandler = this.mempools.attestationPool
+        //   ? reqRespBlockTxsHandler(this.mempools.attestationPool, this.mempools.txPool)
+        //   : def;
         const requestResponseHandlers = {
             [ReqRespSubProtocol.PING]: pingHandler,
             [ReqRespSubProtocol.STATUS]: statusHandler.bind(this),
@@ -263,6 +322,11 @@ import { P2PInstrumentation } from './instrumentation.js';
             [ReqRespSubProtocol.GOODBYE]: goodbyeHandler.bind(this),
             [ReqRespSubProtocol.BLOCK]: blockHandler.bind(this)
         };
+        // Only handle block transactions request if attestation pool is available to the client
+        if (this.mempools.attestationPool) {
+            const blockTxsHandler = reqRespBlockTxsHandler(this.mempools.attestationPool, this.mempools.txPool);
+            requestResponseHandlers[ReqRespSubProtocol.BLOCK_TXS] = blockTxsHandler.bind(this);
+        }
         // add GossipSub listener
         this.node.services.pubsub.addEventListener(GossipSubEvent.MESSAGE, this.gossipSubEventHandler);
         // Start running promise for peer discovery
@@ -303,6 +367,12 @@ import { P2PInstrumentation } from './instrumentation.js';
         await this.stopLibP2P();
         this.logger.info('LibP2P service stopped');
     }
+    addReqRespSubProtocol(subProtocol, handler, validator) {
+        return this.reqresp.addSubProtocol(subProtocol, handler, validator);
+    }
+    registerThisValidatorAddresses(address) {
+        this.peerManager.registerThisValidatorAddresses(address);
+    }
     getPeers(includePending) {
         return this.peerManager.getPeers(includePending);
     }
@@ -318,18 +388,6 @@ import { P2PInstrumentation } from './instrumentation.js';
         setImmediate(()=>void safeJob());
     }
     /**
-   * Send Request via the ReqResp service
-   * The subprotocol defined will determine the request and response types
-   *
-   * See the subProtocolMap for the mapping of subprotocols to request/response types in `interface.ts`
-   *
-   * @param protocol The request response protocol to use
-   * @param request The request type to send
-   * @returns
-   */ sendRequest(protocol, request) {
-        return this.reqresp.sendRequest(protocol, request);
-    }
-    /**
    * Send a batch of requests to peers, and return the responses
    * @param protocol - The request response protocol to use
    * @param requests - The requests to send to the peers
@@ -466,12 +524,16 @@ import { P2PInstrumentation } from './instrumentation.js';
         if (!result || !tx) {
             return;
         }
-        const txHash = await tx.getTxHash();
+        const txHash = tx.getTxHash();
         const txHashString = txHash.toString();
         this.logger.verbose(`Received tx ${txHashString} from external peer ${source.toString()} via gossip`, {
             source: source.toString(),
             txHash: txHashString
         });
+        if (this.config.dropTransactions && randomInt(1000) < this.config.dropTransactionsProbability * 1000) {
+            this.logger.debug(`Intentionally dropping tx ${txHashString} (probability rule)`);
+            return;
+        }
         await this.mempools.txPool.addTxs([
             tx
         ]);
@@ -545,7 +607,8 @@ import { P2PInstrumentation } from './instrumentation.js';
             this.logger.verbose(`Received ${attestationsForPreviousSlot.length} attestations for slot ${previousSlot}`);
         }
         // Mark the txs in this proposal as non-evictable
-        await this.mempools.txPool.markTxsAsNonEvictable(block.payload.txHashes);
+        await this.mempools.txPool.markTxsAsNonEvictable(block.txHashes);
+        await this.mempools.attestationPool?.addBlockProposal(block);
         const attestations = await this.blockReceivedCallback(block, sender);
         // TODO: fix up this pattern - the abstraction is not nice
         // The attestation can be undefined if no handler is registered / the validator deems the block invalid
@@ -584,33 +647,44 @@ import { P2PInstrumentation } from './instrumentation.js';
         });
     }
     /**
-   * Validate a tx that has been requested from a peer.
+   * Validate a collection of txs that has been requested from a peer.
    *
-   * The core component of this validator is that the tx hash MUST match the requested tx hash,
+   * The core component of this validator is that each tx hash MUST match the requested tx hash,
    * In order to perform this check, the tx proof must be verified.
    *
    * Note: This function is called from within `ReqResp.sendRequest` as part of the
    * ReqRespSubProtocol.TX subprotocol validation.
    *
-   * @param requestedTxHash - The hash of the tx that was requested.
-   * @param responseTx - The tx that was received as a response to the request.
+   * @param requestedTxHash - The collection of the txs that was requested.
+   * @param responseTx - The collectin of txs that was received as a response to the request.
    * @param peerId - The peer ID of the peer that sent the tx.
-   * @returns True if the tx is valid, false otherwise.
-   */ async validateRequestedTx(requestedTxHash, responseTx, peerId) {
+   * @returns True if the whole collection of txs is valid, false otherwise.
+   */ //TODO: (mralj) - this is somewhat naive implementation, if single tx is invlid we consider the whole response invalid.
+    // I think we should still extract the valid txs and return them, so that we can still use the response.
+    async validateRequestedTx(requestedTxHash, responseTx, peerId) {
+        const requested = new Set(requestedTxHash.map((h)=>h.toString()));
         const proofValidator = new TxProofValidator(this.proofVerifier);
-        const validProof = await proofValidator.validateTx(responseTx);
-        // If the node returns the wrong data, we penalize it
-        if (!requestedTxHash.equals(await responseTx.getTxHash())) {
-            // Returning the wrong data is a low tolerance error
-            this.peerManager.penalizePeer(peerId, PeerErrorSeverity.MidToleranceError);
-            return false;
-        }
-        if (validProof.result === 'invalid') {
-            // If the proof is invalid, but the txHash is correct, then this is an active attack and we severly punish
-            this.peerManager.penalizePeer(peerId, PeerErrorSeverity.LowToleranceError);
+        try {
+            await Promise.all(responseTx.map(async (tx)=>{
+                if (!requested.has(tx.getTxHash().toString())) {
+                    this.peerManager.penalizePeer(peerId, PeerErrorSeverity.MidToleranceError);
+                    throw new ValidationError(`Received tx with hash ${tx.getTxHash().toString()} that was not requested.`);
+                }
+                const { result } = await proofValidator.validateTx(tx);
+                if (result === 'invalid') {
+                    this.peerManager.penalizePeer(peerId, PeerErrorSeverity.LowToleranceError);
+                    throw new ValidationError(`Received tx with hash ${tx.getTxHash().toString()} that is invalid.`);
+                }
+            }));
+            return true;
+        } catch (e) {
+            if (e instanceof ValidationError) {
+                this.logger.debug(`Failed to validate requested txs from peer ${peerId.toString()}, reason ${e.message}`);
+            } else {
+                this.logger.warn(`Error during validation of requested txs`, e);
+            }
             return false;
         }
-        return true;
     }
     async validatePropagatedTx(tx, peerId) {
         const currentBlockNumber = await this.archiver.getBlockNumber();
@@ -773,6 +847,9 @@ import { P2PInstrumentation } from './instrumentation.js';
     getPeerScore(peerId) {
         return this.node.services.pubsub.score.score(peerId.toString());
     }
+    handleAuthRequestFromPeer(authRequest, peerId) {
+        return this.peerManager.handleAuthRequestFromPeer(authRequest, peerId);
+    }
     async sendToPeers(message) {
         const parent = message.constructor;
         const identifier = await message.p2pMessageIdentifier().then((i)=>i.toString());
@@ -824,8 +901,8 @@ _ts_decorate([
         }))
 ], LibP2PService.prototype, "validateRequestedTx", null);
 _ts_decorate([
-    trackSpan('Libp2pService.validatePropagatedTx', async (tx)=>({
-            [Attributes.TX_HASH]: (await tx.getTxHash()).toString()
+    trackSpan('Libp2pService.validatePropagatedTx', (tx)=>({
+            [Attributes.TX_HASH]: tx.getTxHash().toString()
         }))
 ], LibP2PService.prototype, "validatePropagatedTx", null);
 _ts_decorate([

package/dest/services/peer-manager/interface.d.ts

@@ -1,16 +1,23 @@
+import type { EthAddress } from '@aztec/foundation/eth-address';
 import type { PeerInfo } from '@aztec/stdlib/interfaces/server';
 import type { PeerErrorSeverity } from '@aztec/stdlib/p2p';
 import type { PeerId } from '@libp2p/interface';
+import type { AuthRequest, StatusMessage } from '../reqresp/index.js';
 import type { GoodByeReason } from '../reqresp/protocols/goodbye.js';
 export interface PeerManagerInterface {
     getPeers(_includePending?: boolean): PeerInfo[];
     initializePeers(): Promise<void>;
-    heartbeat(): void;
+    heartbeat(): Promise<void>;
     addTrustedPeer(peerId: PeerId): void;
     addPrivatePeer(peerId: PeerId): void;
+    addPreferredPeer(peerId: PeerId): void;
     goodbyeReceived(peerId: PeerId, reason: GoodByeReason): void;
     penalizePeer(peerId: PeerId, penalty: PeerErrorSeverity): void;
+    handleAuthRequestFromPeer(authRequest: AuthRequest, peerId: PeerId): Promise<StatusMessage>;
     getPeerScore(peerId: string): number;
+    shouldDisableP2PGossip(peerId: string): boolean;
     stop(): Promise<void>;
+    /** If node running this P2P stack is validator, passes in validator address to P2P layer */
+    registerThisValidatorAddresses(address: EthAddress[]): void;
 }
 //# sourceMappingURL=interface.d.ts.map

package/dest/services/peer-manager/interface.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"interface.d.ts","sourceRoot":"","sources":["../../../src/services/peer-manager/interface.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,iCAAiC,CAAC;AAChE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAEhD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AAErE,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,eAAe,CAAC,EAAE,OAAO,GAAG,QAAQ,EAAE,CAAC;IAEhD,eAAe,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACjC,SAAS,IAAI,IAAI,CAAC;IAClB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACrC,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACrC,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,GAAG,IAAI,CAAC;IAC7D,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,iBAAiB,GAAG,IAAI,CAAC;IAE/D,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;IACrC,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACvB"}
+{"version":3,"file":"interface.d.ts","sourceRoot":"","sources":["../../../src/services/peer-manager/interface.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAChE,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,iCAAiC,CAAC;AAChE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAEhD,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACtE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AAErE,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,eAAe,CAAC,EAAE,OAAO,GAAG,QAAQ,EAAE,CAAC;IAEhD,eAAe,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACjC,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3B,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACrC,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACrC,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACvC,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,GAAG,IAAI,CAAC;IAC7D,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,iBAAiB,GAAG,IAAI,CAAC;IAC/D,yBAAyB,CAAC,WAAW,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IAE5F,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;IACrC,sBAAsB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;IAEhD,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAEtB,4FAA4F;IAC5F,8BAA8B,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC;CAC7D"}

package/dest/services/peer-manager/peer_manager.d.ts

@@ -1,10 +1,15 @@
+import type { EpochCacheInterface } from '@aztec/epoch-cache';
+import type { EthAddress } from '@aztec/foundation/eth-address';
+import { DateProvider } from '@aztec/foundation/timer';
 import type { PeerInfo, WorldStateSynchronizer } from '@aztec/stdlib/interfaces/server';
 import type { PeerErrorSeverity } from '@aztec/stdlib/p2p';
 import { type TelemetryClient } from '@aztec/telemetry-client';
 import type { PeerId } from '@libp2p/interface';
-import type { Libp2p } from 'libp2p';
 import type { P2PConfig } from '../../config.js';
+import type { FullLibp2p } from '../../util.js';
+import { AuthRequest } from '../reqresp/protocols/auth.js';
 import { GoodByeReason } from '../reqresp/protocols/goodbye.js';
+import { StatusMessage } from '../reqresp/protocols/status.js';
 import type { ReqResp } from '../reqresp/reqresp.js';
 import type { PeerDiscoveryService } from '../service.js';
 import type { PeerManagerInterface } from './interface.js';
@@ -18,6 +23,8 @@ export declare class PeerManager implements PeerManagerInterface {
     private reqresp;
     private readonly worldStateSynchronizer;
     private readonly protocolVersion;
+    private readonly epochCache;
+    private readonly dateProvider;
     private cachedPeers;
     private heartbeatCounter;
     private displayPeerCountsPeerHeartbeat;
@@ -26,9 +33,16 @@ export declare class PeerManager implements PeerManagerInterface {
     private trustedPeersInitialized;
     private privatePeers;
     private privatePeersInitialized;
+    private preferredPeers;
+    private authenticatedPeerIdToValidatorAddress;
+    private authenticatedValidatorAddressToPeerId;
+    private peersToBeDisconnected;
+    private failedAuthHandshakes;
+    private validatorAddresses;
+    private initializedPreferredPeers;
     private metrics;
     private handlers;
-    constructor(libP2PNode: Libp2p, peerDiscoveryService: PeerDiscoveryService, config: P2PConfig, telemetryClient: TelemetryClient, logger: import("@aztec/foundation/log").Logger | undefined, peerScoring: PeerScoring, reqresp: ReqResp, worldStateSynchronizer: WorldStateSynchronizer, protocolVersion: string);
+    constructor(libP2PNode: FullLibp2p, peerDiscoveryService: PeerDiscoveryService, config: P2PConfig, telemetryClient: TelemetryClient, logger: import("@aztec/foundation/log").Logger | undefined, peerScoring: PeerScoring, reqresp: ReqResp, worldStateSynchronizer: WorldStateSynchronizer, protocolVersion: string, epochCache: EpochCacheInterface, dateProvider?: DateProvider);
     /**
      * Initializes the trusted peers.
      *
@@ -36,7 +50,8 @@ export declare class PeerManager implements PeerManagerInterface {
      */
     initializePeers(): Promise<void>;
     get tracer(): import("@aztec/telemetry-client").Tracer;
-    heartbeat(): void;
+    heartbeat(): Promise<void>;
+    setupDirectPeersIfValidator(): Promise<void>;
     /**
      * Cleans up expired timeouts.
      *
@@ -45,6 +60,13 @@ export declare class PeerManager implements PeerManagerInterface {
      * To give them a chance to reconnect.
      */
     private cleanupExpiredTimeouts;
+    /**
+     * Processes scheduled disconnects during heartbeat.
+     *
+     * This batch processes all peers that have been marked for disconnect.
+     * preventing immediate disconnects that could cause libp2p state corruption.
+     */
+    private processScheduledDisconnects;
     /**
      * Performs Status Handshake with a connected peer.
      * @param e - The connected peer event.
@@ -55,6 +77,7 @@ export declare class PeerManager implements PeerManagerInterface {
      * @param e - The disconnected peer event.
      */
     private handleDisconnectedPeerEvent;
+    registerThisValidatorAddresses(address: EthAddress[]): void;
     /**
      * Checks if a peer is trusted.
      * @param peerId - The peer ID.
@@ -78,6 +101,17 @@ export declare class PeerManager implements PeerManagerInterface {
      * @returns True if the peer is private, false otherwise.
      */
     private isPrivatePeer;
+    /**
+     * Adds a peer to the preferred peers set.
+     * @param peerId - The peer ID to add to preferred peers.
+     */
+    addPreferredPeer(peerId: PeerId): void;
+    /**
+     * Checks if a peer is preferred.
+     * @param peerId - The peer ID.
+     * @returns True if the peer is preferred, false otherwise.
+     */
+    private isPreferredPeer;
     /**
      * Checks if a peer is protected (either trusted or private).
      * @param peerId - The peer ID.
@@ -94,12 +128,16 @@ export declare class PeerManager implements PeerManagerInterface {
     goodbyeReceived(peerId: PeerId, reason: GoodByeReason): void;
     penalizePeer(peerId: PeerId, penalty: PeerErrorSeverity): void;
     getPeerScore(peerId: string): number;
+    shouldDisableP2PGossip(peerId: string): boolean;
     getPeers(includePending?: boolean): PeerInfo[];
+    isAuthenticatedPeer(peerId: PeerId): boolean;
+    isNodeAllowedToConnect(id: string | PeerId): boolean;
     /**
      * Discovers peers.
      */
     private discover;
     private getNonProtectedPeers;
+    private getProtectedPeerCount;
     private pruneUnhealthyPeers;
     /**
      * If the max peer count is reached, the lowest scoring peers will be pruned to satisfy the max peer count.
@@ -119,6 +157,13 @@ export declare class PeerManager implements PeerManagerInterface {
      */
     private pruneDuplicatePeers;
     private goodbyeAndDisconnectPeer;
+    private markPeerForDisconnect;
+    /**
+     * Performs the actual disconnection of a peer.
+     * This is called during heartbeat processing to avoid immediate disconnections.
+     *
+     * @returns True if peer was disconnect, otherwise false
+     */
     private disconnectPeer;
     /**
      *  Handles a discovered peer.
@@ -128,6 +173,7 @@ export declare class PeerManager implements PeerManagerInterface {
     private dialPeer;
     private shouldDialPeer;
     private pruneCachedPeers;
+    private createStatusMessage;
     /**
      * Performs status Handshake with the Peer
      * The way the protocol is designed is that each peer will call this method on newly established p2p connection.
@@ -139,10 +185,31 @@ export declare class PeerManager implements PeerManagerInterface {
      * @param: peerId The Id of the peer to request the Status from.
      * */
     private exchangeStatusHandshake;
+    /**
+     * Performs auth Handshake with the Peer
+     * A superset of the status handshake. Also includes a challenge that needs to be signed by the peer's validator key.
+     * @param: peerId The Id of the peer to request the Status from.
+     * */
+    private exchangeAuthHandshake;
+    private markAuthHandshakeFailed;
+    private markAuthHandshakeSuccess;
     /**
      * Stops the peer manager.
      * Removing all event listeners.
      */
     stop(): Promise<void>;
+    private shouldTrustWithIdentity;
+    /**
+     * Performs auth request verification from peer. An auth request is valid if requested by an authorized peer (a peer we trust).
+     *
+     * @param: _authRequest - Auth request (unused)
+     * @param: peerId - The ID of the peer that requested the auth handshake
+     *
+     * @returns: StatusMessage if peer is trusted
+     *
+     * @throws: If peer is unauthorized
+     * */
+    handleAuthRequestFromPeer(_authRequest: AuthRequest, peerId: PeerId): Promise<StatusMessage>;
+    private updateAuthenticatedPeers;
 }
 //# sourceMappingURL=peer_manager.d.ts.map

package/dest/services/peer-manager/peer_manager.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"peer_manager.d.ts","sourceRoot":"","sources":["../../../src/services/peer-manager/peer_manager.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,QAAQ,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AACxF,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAC3D,OAAO,EAAE,KAAK,eAAe,EAAa,MAAM,yBAAyB,CAAC;AAG1E,OAAO,KAAK,EAAc,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAE5D,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAGrC,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAGjD,OAAO,EAAE,aAAa,EAAuB,MAAM,iCAAiC,CAAC;AAErF,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAErD,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AAC1D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AAE3D,OAAO,EAAkB,KAAK,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAqBrE,qBAAa,WAAY,YAAW,oBAAoB;IAkBpD,OAAO,CAAC,UAAU;IAClB,OAAO,CAAC,oBAAoB;IAC5B,OAAO,CAAC,MAAM;IAEd,OAAO,CAAC,MAAM;IACd,OAAO,CAAC,WAAW;IACnB,OAAO,CAAC,OAAO;IACf,OAAO,CAAC,QAAQ,CAAC,sBAAsB;IACvC,OAAO,CAAC,QAAQ,CAAC,eAAe;IAzBlC,OAAO,CAAC,WAAW,CAAsC;IACzD,OAAO,CAAC,gBAAgB,CAAa;IACrC,OAAO,CAAC,8BAA8B,CAAa;IACnD,OAAO,CAAC,aAAa,CAAwC;IAC7D,OAAO,CAAC,YAAY,CAA0B;IAC9C,OAAO,CAAC,uBAAuB,CAAkB;IACjD,OAAO,CAAC,YAAY,CAA0B;IAC9C,OAAO,CAAC,uBAAuB,CAAkB;IAEjD,OAAO,CAAC,OAAO,CAAqB;IACpC,OAAO,CAAC,QAAQ,CAId;gBAGQ,UAAU,EAAE,MAAM,EAClB,oBAAoB,EAAE,oBAAoB,EAC1C,MAAM,EAAE,SAAS,EACzB,eAAe,EAAE,eAAe,EACxB,MAAM,oDAAmC,EACzC,WAAW,EAAE,WAAW,EACxB,OAAO,EAAE,OAAO,EACP,sBAAsB,EAAE,sBAAsB,EAC9C,eAAe,EAAE,MAAM;IAwB1C;;;;OAIG;IACG,eAAe;IA8BrB,IAAI,MAAM,6CAET;IAGM,SAAS;IAShB;;;;;;OAMG;IACH,OAAO,CAAC,sBAAsB;IAU9B;;;OAGG;IACH,OAAO,CAAC,wBAAwB;IAYhC;;;OAGG;IACH,OAAO,CAAC,2BAA2B;IASnC;;;;;OAKG;IACH,OAAO,CAAC,aAAa;IAQrB;;;OAGG;IACI,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAQ3C;;;OAGG;IACI,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAU3C;;;;OAIG;IACH,OAAO,CAAC,aAAa;IAQrB;;;;OAIG;IACH,OAAO,CAAC,eAAe;IAIvB;;;;;;OAMG;IACI,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa;IAQrD,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,iBAAiB;IAIvD,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM;IAIpC,QAAQ,CAAC,cAAc,UAAQ,GAAG,QAAQ,EAAE;IAiCnD;;OAEG;IACH,OAAO,CAAC,QAAQ;IAkEhB,OAAO,CAAC,oBAAoB;IAI5B,OAAO,CAAC,mBAAmB;IAoB3B;;;;;OAKG;IACH,OAAO,CAAC,eAAe;IAwBvB;;;;;;;;OAQG;IACH,OAAO,CAAC,mBAAmB;YAuBb,wBAAwB;YA6BxB,cAAc;IAQ5B;;;OAGG;YACW,oBAAoB;YA8DpB,QAAQ;IA2BtB,OAAO,CAAC,cAAc;IAWtB,OAAO,CAAC,gBAAgB;IAsBxB;;;;;;;;;SASK;YACS,uBAAuB;IAsCrC;;;OAGG;IACU,IAAI;CAYlB"}
+{"version":3,"file":"peer_manager.d.ts","sourceRoot":"","sources":["../../../src/services/peer-manager/peer_manager.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAE9D,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAIhE,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,KAAK,EAAE,QAAQ,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AACxF,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAC3D,OAAO,EAAE,KAAK,eAAe,EAAa,MAAM,yBAAyB,CAAC;AAG1E,OAAO,KAAK,EAAc,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAK5D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAEjD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAEhD,OAAO,EAAE,WAAW,EAAgB,MAAM,8BAA8B,CAAC;AACzE,OAAO,EAAE,aAAa,EAAuB,MAAM,iCAAiC,CAAC;AACrF,OAAO,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AAC/D,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAErD,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AAC1D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AAE3D,OAAO,EAAkB,KAAK,WAAW,EAAE,MAAM,mBAAmB,CAAC;AA2BrE,qBAAa,WAAY,YAAW,oBAAoB;IAyBpD,OAAO,CAAC,UAAU;IAClB,OAAO,CAAC,oBAAoB;IAC5B,OAAO,CAAC,MAAM;IAEd,OAAO,CAAC,MAAM;IACd,OAAO,CAAC,WAAW;IACnB,OAAO,CAAC,OAAO;IACf,OAAO,CAAC,QAAQ,CAAC,sBAAsB;IACvC,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,YAAY;IAlC/B,OAAO,CAAC,WAAW,CAAsC;IACzD,OAAO,CAAC,gBAAgB,CAAa;IACrC,OAAO,CAAC,8BAA8B,CAAa;IACnD,OAAO,CAAC,aAAa,CAAwC;IAC7D,OAAO,CAAC,YAAY,CAA0B;IAC9C,OAAO,CAAC,uBAAuB,CAAkB;IACjD,OAAO,CAAC,YAAY,CAA0B;IAC9C,OAAO,CAAC,uBAAuB,CAAkB;IACjD,OAAO,CAAC,cAAc,CAA0B;IAChD,OAAO,CAAC,qCAAqC,CAAsC;IACnF,OAAO,CAAC,qCAAqC,CAAkC;IAC/E,OAAO,CAAC,qBAAqB,CAA0B;IACvD,OAAO,CAAC,oBAAoB,CAAoD;IAChF,OAAO,CAAC,kBAAkB,CAAoB;IAC9C,OAAO,CAAC,yBAAyB,CAAkB;IAEnD,OAAO,CAAC,OAAO,CAAqB;IACpC,OAAO,CAAC,QAAQ,CAId;gBAGQ,UAAU,EAAE,UAAU,EACtB,oBAAoB,EAAE,oBAAoB,EAC1C,MAAM,EAAE,SAAS,EACzB,eAAe,EAAE,eAAe,EACxB,MAAM,oDAAmC,EACzC,WAAW,EAAE,WAAW,EACxB,OAAO,EAAE,OAAO,EACP,sBAAsB,EAAE,sBAAsB,EAC9C,eAAe,EAAE,MAAM,EACvB,UAAU,EAAE,mBAAmB,EAC/B,YAAY,GAAE,YAAiC;IA0BlE;;;;OAIG;IACG,eAAe;IAqCrB,IAAI,MAAM,6CAET;IAGY,SAAS;IAchB,2BAA2B;IAkDjC;;;;;;OAMG;IACH,OAAO,CAAC,sBAAsB;IAU9B;;;;;OAKG;YACW,2BAA2B;IAsBzC;;;OAGG;IACH,OAAO,CAAC,wBAAwB;IAsBhC;;;OAGG;IACH,OAAO,CAAC,2BAA2B;IAa5B,8BAA8B,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,IAAI;IAIlE;;;;;OAKG;IACH,OAAO,CAAC,aAAa;IAQrB;;;OAGG;IACI,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAQ3C;;;OAGG;IACI,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAU3C;;;;OAIG;IACH,OAAO,CAAC,aAAa;IAQrB;;;OAGG;IACI,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAO7C;;;;OAIG;IACH,OAAO,CAAC,eAAe;IAIvB;;;;OAIG;IACH,OAAO,CAAC,eAAe;IAIvB;;;;;;OAMG;IACI,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa;IAQrD,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,iBAAiB;IAIvD,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM;IAIpC,sBAAsB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAK/C,QAAQ,CAAC,cAAc,UAAQ,GAAG,QAAQ,EAAE;IAiC5C,mBAAmB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAiB5C,sBAAsB,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO;IAe3D;;OAEG;IACH,OAAO,CAAC,QAAQ;IAoEhB,OAAO,CAAC,oBAAoB;IAI5B,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,mBAAmB;IAoB3B;;;;;OAKG;IACH,OAAO,CAAC,eAAe;IAyBvB;;;;;;;;OAQG;IACH,OAAO,CAAC,mBAAmB;YAuBb,wBAAwB;IAgCtC,OAAO,CAAC,qBAAqB;IAM7B;;;;;OAKG;YACW,cAAc;IAc5B;;;OAGG;YACW,oBAAoB;YAoEpB,QAAQ;IA2BtB,OAAO,CAAC,cAAc;IAWtB,OAAO,CAAC,gBAAgB;YAsBV,mBAAmB;IAKjC;;;;;;;;;SASK;YACS,uBAAuB;IAsCrC;;;;SAIK;YACS,qBAAqB;IAmFnC,OAAO,CAAC,uBAAuB;IA0B/B,OAAO,CAAC,wBAAwB;IAUhC;;;OAGG;IACU,IAAI;IAajB,OAAO,CAAC,uBAAuB;IAI/B;;;;;;;;;SASK;IACQ,yBAAyB,CAAC,YAAY,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;YAS3F,wBAAwB;CAwBvC"}