@aztec/pxe 0.0.1-commit.f5d02921e → 0.0.1-commit.f7ea82942

package/src/contract_sync/contract_sync_service.ts

@@ -1,15 +1,18 @@
 import type { Logger } from '@aztec/foundation/log';
+import { Semaphore } from '@aztec/foundation/queue';
 import type { FunctionCall, FunctionSelector } from '@aztec/stdlib/abi';
 import type { AztecAddress } from '@aztec/stdlib/aztec-address';
 import type { AztecNode } from '@aztec/stdlib/interfaces/client';
 import type { BlockHeader } from '@aztec/stdlib/tx';
 
-import type { AccessScopes } from '../access_scopes.js';
 import type { StagedStore } from '../job_coordinator/job_coordinator.js';
 import type { ContractStore } from '../storage/contract_store/contract_store.js';
 import type { NoteStore } from '../storage/note_store/note_store.js';
 import { syncState, verifyCurrentClassId } from './helpers.js';
 
+/** Maximum number of scope syncs running concurrently across the PXE. */
+const MAX_CONCURRENT_SCOPE_SYNCS = 5;
+
 /**
  * Service for syncing the private state of contracts and verifying that the PXE holds the current class artifact.
  * It uses a cache to avoid redundant sync operations - the cache is wiped when the anchor block changes.
@@ -27,11 +30,15 @@ export class ContractSyncService implements StagedStore {
   // Per-job excluded contract addresses - these contracts should not be synced.
   private excludedFromSync: Map<string, Set<string>> = new Map();
 
+  // Bounds the number of scope syncs running concurrently. Scopes beyond this limit queue here. Sized to trade off
+  // parallelism on non-ACIR work (node RPC, note store reads) against memory pressure from concurrent circuit
+  // execution.
+  #syncSlot = new Semaphore(MAX_CONCURRENT_SCOPE_SYNCS);
+
   constructor(
     private aztecNode: AztecNode,
     private contractStore: ContractStore,
     private noteStore: NoteStore,
-    private getRegisteredAccounts: () => Promise<AztecAddress[]>,
     private log: Logger,
   ) {}
 
@@ -52,72 +59,42 @@ export class ContractSyncService implements StagedStore {
   async ensureContractSynced(
     contractAddress: AztecAddress,
     functionToInvokeAfterSync: FunctionSelector | null,
-    utilityExecutor: (call: FunctionCall, scopes: AccessScopes) => Promise<any>,
+    utilityExecutor: (call: FunctionCall, scopes: AztecAddress[]) => Promise<any>,
     anchorBlockHeader: BlockHeader,
     jobId: string,
-    scopes: AccessScopes,
+    scopes: AztecAddress[],
   ): Promise<void> {
     if (this.#shouldSkipSync(jobId, contractAddress)) {
       return;
     }
 
-    this.#startSyncIfNeeded(contractAddress, scopes, scopesToSync =>
-      this.#syncContract(
-        contractAddress,
-        functionToInvokeAfterSync,
-        utilityExecutor,
-        anchorBlockHeader,
-        jobId,
-        scopesToSync,
-      ),
+    this.#startSyncIfNeeded(
+      contractAddress,
+      scopes,
+      () => verifyCurrentClassId(contractAddress, this.aztecNode, this.contractStore, anchorBlockHeader),
+      scope =>
+        syncState(
+          contractAddress,
+          this.contractStore,
+          functionToInvokeAfterSync,
+          utilityExecutor,
+          this.noteStore,
+          this.aztecNode,
+          anchorBlockHeader,
+          jobId,
+          scope,
+        ),
     );
 
     await this.#awaitSync(contractAddress, scopes);
   }
 
-  /** Clears sync cache entries for the given scopes of a contract. Also clears the ALL_SCOPES entry. */
+  /** Clears sync cache entries for the given scopes of a contract. */
   invalidateContractForScopes(contractAddress: AztecAddress, scopes: AztecAddress[]): void {
     if (scopes.length === 0) {
       return;
     }
     scopes.forEach(scope => this.syncedContracts.delete(toKey(contractAddress, scope)));
-    this.syncedContracts.delete(toKey(contractAddress, 'ALL_SCOPES'));
-  }
-
-  async #syncContract(
-    contractAddress: AztecAddress,
-    functionToInvokeAfterSync: FunctionSelector | null,
-    utilityExecutor: (call: FunctionCall, scopes: AccessScopes) => Promise<any>,
-    anchorBlockHeader: BlockHeader,
-    jobId: string,
-    scopes: AccessScopes,
-  ): Promise<void> {
-    this.log.debug(`Syncing contract ${contractAddress}`);
-
-    // Resolve ALL_SCOPES to actual registered accounts, since sync_state must be called once per account.
-    const scopeAddresses = scopes === 'ALL_SCOPES' ? await this.getRegisteredAccounts() : scopes;
-
-    await Promise.all([
-      // Call sync_state sequentially for each scope address — each invocation synchronizes one account's private
-      // state using scoped capsule arrays.
-      (async () => {
-        for (const scope of scopeAddresses) {
-          await syncState(
-            contractAddress,
-            this.contractStore,
-            functionToInvokeAfterSync,
-            utilityExecutor,
-            this.noteStore,
-            this.aztecNode,
-            anchorBlockHeader,
-            jobId,
-            scope,
-          );
-        }
-      })(),
-      verifyCurrentClassId(contractAddress, this.aztecNode, this.contractStore, anchorBlockHeader),
-    ]);
-    this.log.debug(`Contract ${contractAddress} synced`);
   }
 
   /** Clears sync cache. Called by BlockSynchronizer when anchor block changes. */
@@ -144,49 +121,56 @@ export class ContractSyncService implements StagedStore {
     return !!this.excludedFromSync.get(jobId)?.has(contractAddress.toString());
   }
 
-  /** If there are unsynced scopes, starts sync and stores the promise in cache with error cleanup. */
+  /**
+   * If there are unsynced scopes, starts one sync per scope (bounded by #syncSlot) and stores each promise in the
+   * cache with per-scope error cleanup. The verifyFn runs once for the whole fan-out and is awaited by every new
+   * scope's promise, matching the pre-parallelization invariant that a cache-miss batch re-verifies the class id.
+   */
   #startSyncIfNeeded(
     contractAddress: AztecAddress,
-    scopes: AccessScopes,
-    syncFn: (scopesToSync: AccessScopes) => Promise<void>,
+    scopes: AztecAddress[],
+    verifyFn: () => Promise<void>,
+    syncScopeFn: (scope: AztecAddress) => Promise<void>,
   ): void {
-    const scopesToSync = this.#getScopesToSync(contractAddress, scopes);
-    const keys = toKeys(contractAddress, scopesToSync);
-    if (keys.length === 0) {
+    const scopesToSync = scopes.filter(scope => !this.syncedContracts.has(toKey(contractAddress, scope)));
+    if (scopesToSync.length === 0) {
       return;
     }
-    const promise = syncFn(scopesToSync).catch(err => {
-      keys.forEach(key => this.syncedContracts.delete(key));
-      throw err;
-    });
-    keys.forEach(key => this.syncedContracts.set(key, promise));
-  }
 
-  /** Filters out scopes that are already cached, returning only those that still need syncing. */
-  #getScopesToSync(contractAddress: AztecAddress, scopes: AccessScopes): AccessScopes {
-    if (this.syncedContracts.has(toKey(contractAddress, 'ALL_SCOPES'))) {
-      // If we are already syncing all scopes, then return an empty list
-      return [];
+    this.log.debug(`Syncing contract ${contractAddress} for ${scopesToSync.length} scope(s)`);
+    const verifyPromise = verifyFn();
+
+    for (const scope of scopesToSync) {
+      const key = toKey(contractAddress, scope);
+      const promise = Promise.all([verifyPromise, this.#runBounded(() => syncScopeFn(scope))])
+        .then(() => {})
+        .catch(err => {
+          this.syncedContracts.delete(key);
+          throw err;
+        });
+      this.syncedContracts.set(key, promise);
     }
-    if (scopes === 'ALL_SCOPES') {
-      return 'ALL_SCOPES';
+  }
+
+  /** Runs fn while holding a slot in #syncSlot, bounding total concurrent scope syncs. */
+  async #runBounded<T>(fn: () => Promise<T>): Promise<T> {
+    await this.#syncSlot.acquire();
+    try {
+      return await fn();
+    } finally {
+      this.#syncSlot.release();
     }
-    return scopes.filter(scope => !this.syncedContracts.has(toKey(contractAddress, scope)));
   }
 
   /** Collects all relevant scope promises (including in-flight ones from concurrent calls) and awaits them. */
-  async #awaitSync(contractAddress: AztecAddress, scopes: AccessScopes): Promise<void> {
-    const promises = toKeys(contractAddress, scopes)
-      .map(key => this.syncedContracts.get(key))
+  async #awaitSync(contractAddress: AztecAddress, scopes: AztecAddress[]): Promise<void> {
+    const promises = scopes
+      .map(scope => this.syncedContracts.get(toKey(contractAddress, scope)))
       .filter(p => p !== undefined);
     await Promise.all(promises);
   }
 }
 
-function toKeys(contract: AztecAddress, scopes: AccessScopes) {
-  return scopes === 'ALL_SCOPES' ? [toKey(contract, scopes)] : scopes.map(scope => toKey(contract, scope));
-}
-
-function toKey(contract: AztecAddress, scope: AztecAddress | 'ALL_SCOPES') {
-  return scope === 'ALL_SCOPES' ? `${contract.toString()}:*` : `${contract.toString()}:${scope.toString()}`;
+function toKey(contract: AztecAddress, scope: AztecAddress) {
+  return `${contract.toString()}:${scope.toString()}`;
 }

package/src/contract_sync/helpers.ts

@@ -6,7 +6,6 @@ import { DelayedPublicMutableValues, DelayedPublicMutableValuesWithHash } from '
 import type { AztecNode } from '@aztec/stdlib/interfaces/client';
 import type { BlockHeader } from '@aztec/stdlib/tx';
 
-import type { AccessScopes } from '../access_scopes.js';
 import { NoteService } from '../notes/note_service.js';
 import type { ContractStore } from '../storage/contract_store/contract_store.js';
 import type { NoteStore } from '../storage/note_store/note_store.js';
@@ -43,7 +42,7 @@ export async function syncState(
   contractAddress: AztecAddress,
   contractStore: ContractStore,
   functionToInvokeAfterSync: FunctionSelector | null,
-  utilityExecutor: (privateSyncCall: FunctionCall, scopes: AccessScopes) => Promise<any>,
+  utilityExecutor: (privateSyncCall: FunctionCall, scopes: AztecAddress[]) => Promise<any>,
   noteStore: NoteStore,
   aztecNode: AztecNode,
   anchorBlockHeader: BlockHeader,
@@ -60,7 +59,7 @@ export async function syncState(
     }
 
     const noteService = new NoteService(noteStore, aztecNode, anchorBlockHeader, jobId);
-    const scopes: AccessScopes = [scope];
+    const scopes: AztecAddress[] = [scope];
 
     // Both sync_state and syncNoteNullifiers interact with the note store, but running them in parallel is safe
     // because note store is designed to handle concurrent operations.

package/src/debug/pxe_debug_utils.ts

@@ -1,9 +1,9 @@
 import type { FunctionCall } from '@aztec/stdlib/abi';
 import type { AuthWitness } from '@aztec/stdlib/auth-witness';
+import type { AztecAddress } from '@aztec/stdlib/aztec-address';
 import type { NoteDao } from '@aztec/stdlib/note';
 import type { ContractOverrides } from '@aztec/stdlib/tx';
 
-import type { AccessScopes } from '../access_scopes.js';
 import type { BlockSynchronizer } from '../block_synchronizer/block_synchronizer.js';
 import type { ContractFunctionSimulator } from '../contract_function_simulator/contract_function_simulator.js';
 import type { ContractSyncService } from '../contract_sync/contract_sync_service.js';
@@ -22,7 +22,7 @@ export class PXEDebugUtils {
     contractFunctionSimulator: ContractFunctionSimulator,
     call: FunctionCall,
     authWitnesses: AuthWitness[] | undefined,
-    scopes: AccessScopes,
+    scopes: AztecAddress[],
     jobId: string,
   ) => Promise<any>;
 
@@ -41,7 +41,7 @@ export class PXEDebugUtils {
       contractFunctionSimulator: ContractFunctionSimulator,
       call: FunctionCall,
       authWitnesses: AuthWitness[] | undefined,
-      scopes: AccessScopes,
+      scopes: AztecAddress[],
       jobId: string,
     ) => Promise<any>,
   ) {

package/src/entrypoints/client/bundle/index.ts

@@ -1,4 +1,3 @@
-export * from '../../../access_scopes.js';
 export * from '../../../notes_filter.js';
 export * from '../../../pxe.js';
 export * from '../../../config/index.js';

package/src/entrypoints/client/bundle/utils.ts

@@ -1,4 +1,3 @@
-import { BBPrivateKernelProver } from '@aztec/bb-prover/client';
 import { BBBundlePrivateKernelProver } from '@aztec/bb-prover/client/bundle';
 import { createLogger } from '@aztec/foundation/log';
 import { createStore } from '@aztec/kv-store/indexeddb';
@@ -9,7 +8,7 @@ import type { AztecNode } from '@aztec/stdlib/interfaces/client';
 import type { PXEConfig } from '../../../config/index.js';
 import { PXE } from '../../../pxe.js';
 import { PXE_DATA_SCHEMA_VERSION } from '../../../storage/metadata.js';
-import type { PXECreationOptions } from '../../pxe_creation_options.js';
+import { type PXECreationOptions, isPrivateKernelProver } from '../../pxe_creation_options.js';
 
 /**
  * Create and start an PXE instance with the given AztecNode.
@@ -44,7 +43,7 @@ export async function createPXE(
   const proverLogger = loggers.prover ?? createLogger('pxe:bb:wasm:bundle', { actor });
 
   let prover;
-  if (options.proverOrOptions instanceof BBPrivateKernelProver) {
+  if (isPrivateKernelProver(options.proverOrOptions)) {
     prover = options.proverOrOptions;
   } else {
     prover = new BBBundlePrivateKernelProver(simulator, { ...options.proverOrOptions, logger: proverLogger });

package/src/entrypoints/client/lazy/index.ts

@@ -1,4 +1,3 @@
-export * from '../../../access_scopes.js';
 export * from '../../../notes_filter.js';
 export * from '../../../pxe.js';
 export * from '../../../config/index.js';

package/src/entrypoints/client/lazy/utils.ts

@@ -1,4 +1,3 @@
-import { BBPrivateKernelProver } from '@aztec/bb-prover/client';
 import { BBLazyPrivateKernelProver } from '@aztec/bb-prover/client/lazy';
 import { createLogger } from '@aztec/foundation/log';
 import { createStore } from '@aztec/kv-store/indexeddb';
@@ -9,7 +8,7 @@ import type { AztecNode } from '@aztec/stdlib/interfaces/client';
 import type { PXEConfig } from '../../../config/index.js';
 import { PXE } from '../../../pxe.js';
 import { PXE_DATA_SCHEMA_VERSION } from '../../../storage/metadata.js';
-import type { PXECreationOptions } from '../../pxe_creation_options.js';
+import { type PXECreationOptions, isPrivateKernelProver } from '../../pxe_creation_options.js';
 
 /**
  * Create and start an PXE instance with the given AztecNode.
@@ -44,7 +43,7 @@ export async function createPXE(
   const proverLogger = loggers.prover ?? createLogger('pxe:bb:wasm:bundle', { actor });
 
   let prover;
-  if (options.proverOrOptions instanceof BBPrivateKernelProver) {
+  if (isPrivateKernelProver(options.proverOrOptions)) {
     prover = options.proverOrOptions;
   } else {
     prover = new BBLazyPrivateKernelProver(simulator, { ...options.proverOrOptions, logger: proverLogger });

package/src/entrypoints/pxe_creation_options.ts

@@ -12,3 +12,10 @@ export type PXECreationOptions = {
   store?: AztecAsyncKVStore;
   simulator?: CircuitSimulator;
 };
+
+/** Checks if the given value implements the PrivateKernelProver interface via duck-typing. */
+export function isPrivateKernelProver(value: unknown): value is PrivateKernelProver {
+  return (
+    typeof value === 'object' && value !== null && typeof (value as PrivateKernelProver).createChonkProof === 'function'
+  );
+}

package/src/entrypoints/server/index.ts

@@ -1,4 +1,3 @@
-export * from '../../access_scopes.js';
 export * from '../../notes_filter.js';
 export * from '../../pxe.js';
 export * from '../../config/index.js';
@@ -6,7 +5,7 @@ export * from '../../error_enriching.js';
 export * from '../../storage/index.js';
 export * from './utils.js';
 export { NoteService } from '../../notes/note_service.js';
-export { ORACLE_VERSION } from '../../oracle_version.js';
+export { ORACLE_VERSION_MAJOR, ORACLE_VERSION_MINOR } from '../../oracle_version.js';
 export { type PXECreationOptions } from '../pxe_creation_options.js';
 export { JobCoordinator } from '../../job_coordinator/job_coordinator.js';
 export { ContractSyncService } from '../../contract_sync/contract_sync_service.js';

package/src/entrypoints/server/utils.ts

@@ -1,4 +1,3 @@
-import { BBPrivateKernelProver } from '@aztec/bb-prover/client';
 import { BBBundlePrivateKernelProver } from '@aztec/bb-prover/client/bundle';
 import { createLogger } from '@aztec/foundation/log';
 import { createStore } from '@aztec/kv-store/lmdb-v2';
@@ -10,7 +9,7 @@ import type { AztecNode } from '@aztec/stdlib/interfaces/client';
 import type { PXEConfig } from '../../config/index.js';
 import { PXE } from '../../pxe.js';
 import { PXE_DATA_SCHEMA_VERSION } from '../../storage/index.js';
-import type { PXECreationOptions } from '../pxe_creation_options.js';
+import { type PXECreationOptions, isPrivateKernelProver } from '../pxe_creation_options.js';
 
 type PXEConfigWithoutDefaults = Omit<PXEConfig, 'l1Contracts' | 'l1ChainId' | 'l2BlockBatchSize' | 'rollupVersion'>;
 
@@ -49,7 +48,7 @@ export async function createPXE(
   const proverLogger = loggers.prover ?? createLogger('pxe:bb:native', { actor });
 
   let prover;
-  if (options.proverOrOptions instanceof BBPrivateKernelProver) {
+  if (isPrivateKernelProver(options.proverOrOptions)) {
     prover = options.proverOrOptions;
   } else {
     prover = new BBBundlePrivateKernelProver(simulator, { ...options.proverOrOptions, logger: proverLogger });

package/src/events/event_service.ts

@@ -2,7 +2,7 @@ import type { Fr } from '@aztec/foundation/curves/bn254';
 import { createLogger } from '@aztec/foundation/log';
 import type { EventSelector } from '@aztec/stdlib/abi';
 import type { AztecAddress } from '@aztec/stdlib/aztec-address';
-import { siloNullifier } from '@aztec/stdlib/hash';
+import { computePrivateEventCommitment, siloNullifier } from '@aztec/stdlib/hash';
 import type { AztecNode } from '@aztec/stdlib/interfaces/server';
 import type { BlockHeader, TxHash } from '@aztec/stdlib/tx';
 
@@ -26,6 +26,18 @@ export class EventService {
     txHash: TxHash,
     scope: AztecAddress,
   ): Promise<void> {
+    // Defense-in-depth: the built-in private-event path derives this commitment from content before enqueueing, but
+    // unconstrained PXE-side code (e.g. a custom message handler) can reach this oracle with arbitrary
+    // (content, commitment) pairs. Without this check it could bind arbitrary content to a legitimate tx nullifier,
+    // causing PXE to surface fabricated event data.
+    const recomputedCommitment = await computePrivateEventCommitment(randomness, selector.toField(), content);
+    if (!recomputedCommitment.equals(eventCommitment)) {
+      this.log.warn(
+        `Skipping event whose content does not hash to the provided commitment. contract=${contractAddress}, selector=${selector}, eventCommitment=${eventCommitment}, txHash=${txHash}, recomputedCommitment=${recomputedCommitment}`,
+      );
+      return;
+    }
+
     // While using 'latest' block number would be fine for private events since they cannot be accessed from Aztec.nr
     // (and thus we're less concerned about being ahead of the synced block), we use the synced block number to
     // maintain consistent behavior in the PXE. Additionally, events should never be ahead of the synced block here

package/src/events/private_event_filter_validator.ts

@@ -1,11 +1,14 @@
 import type { PrivateEventFilter } from '@aztec/aztec.js/wallet';
 import { INITIAL_L2_BLOCK_NUM } from '@aztec/constants';
 import { BlockNumber } from '@aztec/foundation/branded-types';
+import { createLogger } from '@aztec/foundation/log';
 
 import type { PrivateEventStoreFilter } from '../storage/private_event_store/private_event_store.js';
 
 export class PrivateEventFilterValidator {
-  constructor(private lastBlock: BlockNumber) {}
+  private readonly log = createLogger('pxe:private_event_filter_validator');
+
+  constructor(private readonly lastBlock: BlockNumber) {}
 
   validate(filter: PrivateEventFilter): PrivateEventStoreFilter {
     let { fromBlock, toBlock } = filter;
@@ -35,6 +38,23 @@ export class PrivateEventFilterValidator {
       throw new Error('toBlock must be strictly greater than fromBlock');
     }
 
+    // Cap the requested range to the synced block range. Without this, callers that pass a large
+    // toBlock (e.g. Number.MAX_SAFE_INTEGER as a "give me everything" idiom) would silently receive
+    // only the events that happen to be synced and believe they have complete coverage.
+    // We warn + cap rather than throw so callers don't need to query the last synced block before
+    // every request (which would also be unreliable, as the block can advance between the two calls).
+    const syncedUpperBound = BlockNumber(this.lastBlock + 1);
+    if (fromBlock >= syncedUpperBound) {
+      this.log.warn(
+        `Requested fromBlock ${fromBlock} is past last synced block ${this.lastBlock}; no events will be returned until PXE syncs further.`,
+      );
+    } else if (toBlock > syncedUpperBound) {
+      this.log.warn(
+        `Requested toBlock ${toBlock} exceeds last synced block ${this.lastBlock}; capping to ${syncedUpperBound}. Retry once PXE is further synced for complete coverage.`,
+      );
+      toBlock = syncedUpperBound;
+    }
+
     return {
       contractAddress: filter.contractAddress,
       scopes: filter.scopes,

package/src/logs/log_service.ts

@@ -1,21 +1,14 @@
-import type { Fr } from '@aztec/foundation/curves/bn254';
 import { type Logger, type LoggerBindings, createLogger } from '@aztec/foundation/log';
 import type { KeyStore } from '@aztec/key-store';
 import { AztecAddress } from '@aztec/stdlib/aztec-address';
+import type { L2TipsProvider } from '@aztec/stdlib/block';
 import type { AztecNode } from '@aztec/stdlib/interfaces/server';
-import {
-  ExtendedDirectionalAppTaggingSecret,
-  PendingTaggedLog,
-  SiloedTag,
-  Tag,
-  TxScopedL2Log,
-} from '@aztec/stdlib/logs';
+import { ExtendedDirectionalAppTaggingSecret, PendingTaggedLog, SiloedTag, Tag } from '@aztec/stdlib/logs';
 import type { BlockHeader } from '@aztec/stdlib/tx';
 
 import type { LogRetrievalRequest } from '../contract_function_simulator/noir-structs/log_retrieval_request.js';
 import { LogRetrievalResponse } from '../contract_function_simulator/noir-structs/log_retrieval_response.js';
 import { AddressStore } from '../storage/address_store/address_store.js';
-import type { CapsuleService } from '../storage/capsule_store/capsule_service.js';
 import type { RecipientTaggingStore } from '../storage/tagging_store/recipient_tagging_store.js';
 import type { SenderAddressBookStore } from '../storage/tagging_store/sender_address_book_store.js';
 import {
@@ -30,8 +23,8 @@ export class LogService {
   constructor(
     private readonly aztecNode: AztecNode,
     private readonly anchorBlockHeader: BlockHeader,
+    private readonly l2TipsStore: L2TipsProvider,
     private readonly keyStore: KeyStore,
-    private readonly capsuleService: CapsuleService,
     private readonly recipientTaggingStore: RecipientTaggingStore,
     private readonly senderAddressBookStore: SenderAddressBookStore,
     private readonly addressStore: AddressStore,
@@ -120,17 +113,15 @@ export class LogService {
     );
   }
 
-  public async fetchTaggedLogs(
-    contractAddress: AztecAddress,
-    pendingTaggedLogArrayBaseSlot: Fr,
-    recipient: AztecAddress,
-  ) {
+  public async fetchTaggedLogs(contractAddress: AztecAddress, recipient: AztecAddress): Promise<PendingTaggedLog[]> {
     this.log.verbose(`Fetching tagged logs for ${contractAddress.toString()}`);
 
     // We only load logs from block up to and including the anchor block number
     const anchorBlockNumber = this.anchorBlockHeader.getBlockNumber();
     const anchorBlockHash = await this.anchorBlockHeader.hash();
 
+    const l2Tips = await this.l2TipsStore.getL2Tips();
+    const currentTimestamp = this.anchorBlockHeader.globalVariables.timestamp;
     // Get all secrets for this recipient (one per sender)
     const secrets = await this.#getSecretsForSenders(contractAddress, recipient);
 
@@ -143,17 +134,19 @@ export class LogService {
           this.recipientTaggingStore,
           anchorBlockNumber,
           anchorBlockHash,
+          currentTimestamp,
+          l2Tips.finalized.block.number,
           this.jobId,
         ),
       ),
     );
 
-    // Flatten all logs from all secrets
-    const allLogs = logArrays.flat();
-
-    if (allLogs.length > 0) {
-      await this.#storePendingTaggedLogs(contractAddress, pendingTaggedLogArrayBaseSlot, recipient, allLogs);
-    }
+    return logArrays
+      .flat()
+      .map(
+        scopedLog =>
+          new PendingTaggedLog(scopedLog.logData, scopedLog.txHash, scopedLog.noteHashes, scopedLog.firstNullifier),
+      );
   }
 
   async #getSecretsForSenders(
@@ -176,43 +169,24 @@ export class LogService {
     );
 
     return Promise.all(
-      deduplicatedSenders.map(sender => {
-        return ExtendedDirectionalAppTaggingSecret.compute(
+      deduplicatedSenders.map(async sender => {
+        const secret = await ExtendedDirectionalAppTaggingSecret.compute(
           recipientCompleteAddress,
           recipientIvsk,
           sender,
           contractAddress,
           recipient,
         );
-      }),
-    );
-  }
 
-  #storePendingTaggedLogs(
-    contractAddress: AztecAddress,
-    capsuleArrayBaseSlot: Fr,
-    recipient: AztecAddress,
-    privateLogs: TxScopedL2Log[],
-  ) {
-    // Build all pending tagged logs from the scoped logs
-    const pendingTaggedLogs = privateLogs.map(scopedLog => {
-      const pendingTaggedLog = new PendingTaggedLog(
-        scopedLog.logData,
-        scopedLog.txHash,
-        scopedLog.noteHashes,
-        scopedLog.firstNullifier,
-      );
-
-      return pendingTaggedLog.toFields();
-    });
+        if (!secret) {
+          // Note that all senders originate from either the SenderAddressBookStore or the KeyStore.
+          throw new Error(
+            `Failed to compute a tagging secret for sender ${sender} - this implies this is an invalid address, which should not happen as they have been previously registered in PXE.`,
+          );
+        }
 
-    // TODO: This looks like it could belong more at the oracle interface level
-    return this.capsuleService.appendToCapsuleArray(
-      contractAddress,
-      capsuleArrayBaseSlot,
-      pendingTaggedLogs,
-      this.jobId,
-      recipient,
+        return secret;
+      }),
     );
   }
 }

package/src/notes/note_service.ts

@@ -7,7 +7,6 @@ import { Note, NoteDao, NoteStatus } from '@aztec/stdlib/note';
 import { MerkleTreeId } from '@aztec/stdlib/trees';
 import type { BlockHeader, TxHash } from '@aztec/stdlib/tx';
 
-import type { AccessScopes } from '../access_scopes.js';
 import type { NoteStore } from '../storage/note_store/note_store.js';
 
 export class NoteService {
@@ -32,7 +31,7 @@ export class NoteService {
     owner: AztecAddress | undefined,
     storageSlot: Fr,
     status: NoteStatus,
-    scopes: AccessScopes,
+    scopes: AztecAddress[],
   ) {
     const noteDaos = await this.noteStore.getNotes(
       {
@@ -71,7 +70,7 @@ export class NoteService {
    *
    * @param contractAddress - The contract whose notes should be checked and nullified.
    */
-  public async syncNoteNullifiers(contractAddress: AztecAddress, scopes: AccessScopes): Promise<void> {
+  public async syncNoteNullifiers(contractAddress: AztecAddress, scopes: AztecAddress[]): Promise<void> {
     const anchorBlockHash = await this.anchorBlockHeader.hash();
 
     const contractNotes = await this.noteStore.getNotes({ contractAddress, scopes }, this.jobId);

package/src/notes_filter.ts

@@ -2,8 +2,6 @@ import type { Fr } from '@aztec/foundation/curves/bn254';
 import type { AztecAddress } from '@aztec/stdlib/aztec-address';
 import type { NoteStatus } from '@aztec/stdlib/note';
 
-import type { AccessScopes } from './access_scopes.js';
-
 /**
  * A filter used to fetch notes.
  * @remarks This filter is applied as an intersection of all its params.
@@ -22,5 +20,5 @@ export type NotesFilter = {
   status?: NoteStatus;
   /** The siloed nullifier for the note. */
   siloedNullifier?: Fr;
-  scopes: AccessScopes;
+  scopes: AztecAddress[];
 };