@aztec/stdlib 0.0.1-commit.7ac86ea28 → 0.0.1-commit.7b86788

package/dest/tx/tx_receipt.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"tx_receipt.d.ts","sourceRoot":"","sources":["../../src/tx/tx_receipt.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAqB,MAAM,iCAAiC,CAAC;AAIjF,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EAAE,KAAK,MAAM,EAAW,MAAM,uBAAuB,CAAC;AAC7D,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAEtC,2CAA2C;AAC3C,oBAAY,QAAQ;IAClB,OAAO,YAAY;IACnB,OAAO,YAAY;IACnB,QAAQ,aAAa;IACrB,YAAY,iBAAiB;IAC7B,MAAM,WAAW;IACjB,SAAS,cAAc;CACxB;AAED,iDAAiD;AACjD,eAAO,MAAM,gBAAgB,EAAE,QAAQ,EAOtC,CAAC;AAEF,yDAAyD;AACzD,oBAAY,iBAAiB;IAC3B,OAAO,YAAY;IACnB,kBAAkB,uBAAuB;IACzC,iBAAiB,sBAAsB;IACvC,aAAa,kBAAkB;CAChC;AAED;;;;;GAKG;AACH,qBAAa,SAAS;IAElB,6CAA6C;IACtC,MAAM,EAAE,MAAM;IACrB,mDAAmD;IAC5C,MAAM,EAAE,QAAQ;IACvB,+EAA+E;IACxE,eAAe,EAAE,iBAAiB,GAAG,SAAS;IACrD,gDAAgD;IACzC,KAAK,EAAE,MAAM,GAAG,SAAS;IAChC,oDAAoD;IAC7C,cAAc,CAAC;IACtB,wDAAwD;IACjD,SAAS,CAAC;IACjB,8DAA8D;IACvD,WAAW,CAAC;IAdrB;IACE,6CAA6C;IACtC,MAAM,EAAE,MAAM;IACrB,mDAAmD;IAC5C,MAAM,EAAE,QAAQ;IACvB,+EAA+E;IACxE,eAAe,EAAE,iBAAiB,GAAG,SAAS;IACrD,gDAAgD;IACzC,KAAK,EAAE,MAAM,GAAG,SAAS;IAChC,oDAAoD;IAC7C,cAAc,CAAC,oBAAQ;IAC9B,wDAAwD;IACjD,SAAS,CAAC,uBAAW;IAC5B,8DAA8D;IACvD,WAAW,CAAC,yBAAa,EAC9B;IAEJ,iEAAiE;IACjE,qBAAqB,IAAI,OAAO,CAE/B;IAED,0DAA0D;IAC1D,oBAAoB,IAAI,OAAO,CAE9B;IAED,mHAAmH;IACnH,OAAO,IAAI,OAAO,CAOjB;IAED,kDAAkD;IAClD,SAAS,IAAI,OAAO,CAEnB;IAED,mDAAmD;IACnD,SAAS,IAAI,OAAO,CAEnB;IAED,MAAM,CAAC,KAAK,cAEX;IAED,MAAM,KAAK,MAAM,IAAI,MAAM,CAAC,SAAS,CAAC,CAYrC;IAED,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE;QAClB,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,EAAE,QAAQ,CAAC;QACjB,eAAe,CAAC,EAAE,iBAAiB,CAAC;QACpC,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,SAAS,CAAC,EAAE,SAAS,CAAC;QACtB,WAAW,CAAC,EAAE,WAAW,CAAC;KAC3B,aAUA;IAED,OAAc,6BAA6B,CAAC,UAAU,EAAE,UAAU,GAAG,iBAAiB,CAYrF;CACF"}
+{"version":3,"file":"tx_receipt.d.ts","sourceRoot":"","sources":["../../src/tx/tx_receipt.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAqB,MAAM,iCAAiC,CAAC;AAIjF,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAChD,OAAO,EAAE,KAAK,MAAM,EAAW,MAAM,uBAAuB,CAAC;AAC7D,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAEtC,2CAA2C;AAC3C,oBAAY,QAAQ;IAClB,OAAO,YAAY;IACnB,OAAO,YAAY;IACnB,QAAQ,aAAa;IACrB,YAAY,iBAAiB;IAC7B,MAAM,WAAW;IACjB,SAAS,cAAc;CACxB;AAED,iDAAiD;AACjD,eAAO,MAAM,gBAAgB,EAAE,QAAQ,EAOtC,CAAC;AAEF,yDAAyD;AACzD,oBAAY,iBAAiB;IAC3B,OAAO,YAAY;IACnB,kBAAkB,uBAAuB;IACzC,iBAAiB,sBAAsB;IACvC,aAAa,kBAAkB;CAChC;AAED;;;;;GAKG;AACH,qBAAa,SAAS;IAElB,6CAA6C;IACtC,MAAM,EAAE,MAAM;IACrB,mDAAmD;IAC5C,MAAM,EAAE,QAAQ;IACvB,+EAA+E;IACxE,eAAe,EAAE,iBAAiB,GAAG,SAAS;IACrD,gDAAgD;IACzC,KAAK,EAAE,MAAM,GAAG,SAAS;IAChC,oDAAoD;IAC7C,cAAc,CAAC;IACtB,wDAAwD;IACjD,SAAS,CAAC;IACjB,8DAA8D;IACvD,WAAW,CAAC;IACnB;;;;OAIG;IACI,SAAS,CAAC;IApBnB;IACE,6CAA6C;IACtC,MAAM,EAAE,MAAM;IACrB,mDAAmD;IAC5C,MAAM,EAAE,QAAQ;IACvB,+EAA+E;IACxE,eAAe,EAAE,iBAAiB,GAAG,SAAS;IACrD,gDAAgD;IACzC,KAAK,EAAE,MAAM,GAAG,SAAS;IAChC,oDAAoD;IAC7C,cAAc,CAAC,oBAAQ;IAC9B,wDAAwD;IACjD,SAAS,CAAC,uBAAW;IAC5B,8DAA8D;IACvD,WAAW,CAAC,yBAAa;IAChC;;;;OAIG;IACI,SAAS,CAAC,wBAAY,EAC3B;IAEJ,iEAAiE;IACjE,qBAAqB,IAAI,OAAO,CAE/B;IAED,0DAA0D;IAC1D,oBAAoB,IAAI,OAAO,CAE9B;IAED,mHAAmH;IACnH,OAAO,IAAI,OAAO,CAOjB;IAED,kDAAkD;IAClD,SAAS,IAAI,OAAO,CAEnB;IAED,mDAAmD;IACnD,SAAS,IAAI,OAAO,CAEnB;IAED,MAAM,CAAC,KAAK,cAEX;IAED,MAAM,KAAK,MAAM,IAAI,MAAM,CAAC,SAAS,CAAC,CAarC;IAED,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE;QAClB,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,EAAE,QAAQ,CAAC;QACjB,eAAe,CAAC,EAAE,iBAAiB,CAAC;QACpC,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,SAAS,CAAC,EAAE,SAAS,CAAC;QACtB,WAAW,CAAC,EAAE,WAAW,CAAC;QAC1B,SAAS,CAAC,EAAE,QAAQ,EAAE,CAAC;KACxB,aAWA;IAED,OAAc,6BAA6B,CAAC,UAAU,EAAE,UAAU,GAAG,iBAAiB,CAYrF;CACF"}

package/dest/tx/tx_receipt.js

@@ -2,6 +2,7 @@ import { BlockNumberSchema } from '@aztec/foundation/branded-types';
 import { z } from 'zod';
 import { RevertCode } from '../avm/revert_code.js';
 import { BlockHash } from '../block/block_hash.js';
+import { DebugLog } from '../logs/debug_log.js';
 import { schemas } from '../schemas/schemas.js';
 import { TxHash } from './tx_hash.js';
 /** Block inclusion/finalization status. */ export var TxStatus = /*#__PURE__*/ function(TxStatus) {
@@ -41,7 +42,12 @@ import { TxHash } from './tx_hash.js';
     transactionFee;
     blockHash;
     blockNumber;
-    constructor(/** A unique identifier for a transaction. */ txHash, /** The transaction's block finalization status. */ status, /** The execution result of the transaction, only set when tx is in a block. */ executionResult, /** Description of transaction error, if any. */ error, /** The transaction fee paid for the transaction. */ transactionFee, /** The hash of the block containing the transaction. */ blockHash, /** The block number in which the transaction was included. */ blockNumber){
+    debugLogs;
+    constructor(/** A unique identifier for a transaction. */ txHash, /** The transaction's block finalization status. */ status, /** The execution result of the transaction, only set when tx is in a block. */ executionResult, /** Description of transaction error, if any. */ error, /** The transaction fee paid for the transaction. */ transactionFee, /** The hash of the block containing the transaction. */ blockHash, /** The block number in which the transaction was included. */ blockNumber, /**
+     * Debug logs collected during public function execution. Served only when the node is in test mode and placed on
+     * the receipt only because it's a convenient place for it (the logs are printed out by the wallet when a mined
+     * tx receipt is obtained).
+     */ debugLogs){
         this.txHash = txHash;
         this.status = status;
         this.executionResult = executionResult;
@@ -49,6 +55,7 @@ import { TxHash } from './tx_hash.js';
         this.transactionFee = transactionFee;
         this.blockHash = blockHash;
         this.blockNumber = blockNumber;
+        this.debugLogs = debugLogs;
     }
     /** Returns true if the transaction was executed successfully. */ hasExecutionSucceeded() {
         return this.executionResult === "success";
@@ -76,11 +83,12 @@ import { TxHash } from './tx_hash.js';
             error: z.string().optional(),
             blockHash: BlockHash.schema.optional(),
             blockNumber: BlockNumberSchema.optional(),
-            transactionFee: schemas.BigInt.optional()
+            transactionFee: schemas.BigInt.optional(),
+            debugLogs: z.array(DebugLog.schema).optional()
         }).transform((fields)=>TxReceipt.from(fields));
     }
     static from(fields) {
-        return new TxReceipt(fields.txHash, fields.status, fields.executionResult, fields.error, fields.transactionFee, fields.blockHash, fields.blockNumber);
+        return new TxReceipt(fields.txHash, fields.status, fields.executionResult, fields.error, fields.transactionFee, fields.blockHash, fields.blockNumber, fields.debugLogs);
     }
     static executionResultFromRevertCode(revertCode) {
         if (revertCode.equals(RevertCode.OK)) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aztec/stdlib",
-  "version": "0.0.1-commit.7ac86ea28",
+  "version": "0.0.1-commit.7b86788",
   "type": "module",
   "inherits": [
     "../package.common.json",
@@ -55,6 +55,7 @@
     "./database-version/version": "./dest/database-version/database_version.js",
     "./database-version/manager": "./dest/database-version/version_manager.js",
     "./validators": "./dest/validators/index.js",
+    "./ha-signing": "./dest/ha-signing/index.js",
     "./file-store": "./dest/file-store/index.js",
     "./snapshots": "./dest/snapshots/index.js",
     "./update-checker": "./dest/update-checker/index.js",
@@ -90,16 +91,15 @@
   },
   "dependencies": {
     "@aws-sdk/client-s3": "^3.892.0",
-    "@aztec/bb.js": "0.0.1-commit.7ac86ea28",
-    "@aztec/blob-lib": "0.0.1-commit.7ac86ea28",
-    "@aztec/constants": "0.0.1-commit.7ac86ea28",
-    "@aztec/ethereum": "0.0.1-commit.7ac86ea28",
-    "@aztec/foundation": "0.0.1-commit.7ac86ea28",
-    "@aztec/l1-artifacts": "0.0.1-commit.7ac86ea28",
-    "@aztec/noir-noirc_abi": "0.0.1-commit.7ac86ea28",
-    "@aztec/validator-ha-signer": "0.0.1-commit.7ac86ea28",
+    "@aztec/bb.js": "0.0.1-commit.7b86788",
+    "@aztec/blob-lib": "0.0.1-commit.7b86788",
+    "@aztec/constants": "0.0.1-commit.7b86788",
+    "@aztec/ethereum": "0.0.1-commit.7b86788",
+    "@aztec/foundation": "0.0.1-commit.7b86788",
+    "@aztec/l1-artifacts": "0.0.1-commit.7b86788",
+    "@aztec/noir-noirc_abi": "0.0.1-commit.7b86788",
     "@google-cloud/storage": "^7.15.0",
-    "axios": "^1.12.0",
+    "axios": "^1.13.5",
     "json-stringify-deterministic": "1.0.12",
     "lodash.chunk": "^4.2.0",
     "lodash.isequal": "^4.5.0",

package/src/abi/decoder.ts

@@ -135,10 +135,7 @@ export class FunctionSignatureDecoder {
       case 'field':
         return 'Field';
       case 'integer':
-        if (param.sign === 'signed') {
-          throw new Error('Unsupported type: signed integer');
-        }
-        return `u${param.width}`;
+        return param.sign === 'signed' ? `i${param.width}` : `u${param.width}`;
       case 'boolean':
         return 'bool';
       case 'array':

package/src/abi/encoder.ts

@@ -123,14 +123,17 @@ class ArgumentEncoder {
         }
         break;
       }
-      case 'integer':
-        if (typeof arg === 'string') {
-          const value = BigInt(arg);
-          this.flattened.push(new Fr(value));
+      case 'integer': {
+        const value = BigInt(arg);
+        if (abiType.sign === 'signed' && value < 0n) {
+          // Convert negative values to two's complement representation
+          const twosComplement = value + (1n << BigInt(abiType.width));
+          this.flattened.push(new Fr(twosComplement));
         } else {
-          this.flattened.push(new Fr(arg));
+          this.flattened.push(new Fr(value));
         }
         break;
+      }
       default:
         throw new Error(`Unsupported type: ${abiType.kind}`);
     }

package/src/avm/revert_code.ts

@@ -5,10 +5,25 @@ import { BufferReader, FieldReader } from '@aztec/foundation/serialize';
 import { inspect } from 'util';
 import { z } from 'zod';
 
+/**
+ * Tracks which revertible phases of a transaction's public execution reverted.
+ *
+ * A transaction executes in three sequential phases:
+ *   1. SETUP     – non-revertible; if this fails the entire transaction is rejected.
+ *   2. APP_LOGIC – revertible; its state changes are rolled back on failure.
+ *   3. TEARDOWN  – revertible; always runs (even after app-logic revert) so the fee-payment contract can clean up.
+ *
+ * Only APP_LOGIC and TEARDOWN can produce a revert code. SETUP failures throw instead and discard the transaction
+ * entirely.
+ */
 export enum RevertCodeEnum {
+  /** All phases completed successfully; no state was rolled back. */
   OK = 0,
+  /** APP_LOGIC reverted; its state changes were discarded. If present, TEARDOWN still ran and succeeded. */
   APP_LOGIC_REVERTED = 1,
+  /** TEARDOWN reverted; its state changes were discarded. APP_LOGIC succeeded. */
   TEARDOWN_REVERTED = 2,
+  /** Both APP_LOGIC and TEARDOWN reverted; only SETUP effects are kept. */
   BOTH_REVERTED = 3,
 }
 

package/src/block/l2_block_stream/l2_block_stream.ts

@@ -109,6 +109,27 @@ export class L2BlockStream {
 
       let nextBlockNumber = latestBlockNumber + 1;
       let nextCheckpointToEmit = CheckpointNumber(localTips.checkpointed.checkpoint.number + 1);
+
+      // When startingBlock is set, also skip ahead for checkpoints.
+      if (
+        this.opts.startingBlock !== undefined &&
+        this.opts.startingBlock >= 1 &&
+        nextCheckpointToEmit <= sourceTips.checkpointed.checkpoint.number
+      ) {
+        const startingBlockCheckpoints = await this.l2BlockSource.getCheckpointedBlocks(
+          BlockNumber(this.opts.startingBlock),
+          1,
+        );
+        if (startingBlockCheckpoints.length > 0) {
+          nextCheckpointToEmit = CheckpointNumber(
+            Math.max(nextCheckpointToEmit, startingBlockCheckpoints[0].checkpointNumber),
+          );
+        } else {
+          // startingBlock is past all checkpointed blocks; skip Loop 1 entirely.
+          nextCheckpointToEmit = CheckpointNumber(sourceTips.checkpointed.checkpoint.number + 1);
+        }
+      }
+
       if (this.opts.skipFinalized) {
         // When skipping finalized blocks we need to provide reliable reorg detection while fetching as few blocks as
         // possible. Finalized blocks cannot be reorged by definition, so we can skip most of them. We do need the very

package/src/ha-signing/config.ts

@@ -0,0 +1,149 @@
+import type { L1ContractAddresses } from '@aztec/ethereum/l1-contract-addresses';
+import {
+  type ConfigMappingsType,
+  booleanConfigHelper,
+  getConfigFromMappings,
+  getDefaultConfig,
+  numberConfigHelper,
+  optionalNumberConfigHelper,
+} from '@aztec/foundation/config';
+import { EthAddress } from '@aztec/foundation/eth-address';
+import type { ZodFor } from '@aztec/foundation/schemas';
+
+import { z } from 'zod';
+
+/**
+ * Configuration for the Validator HA Signer
+ *
+ * This config is used for distributed locking and slashing protection
+ * when running multiple validator nodes in a high-availability setup.
+ */
+export interface ValidatorHASignerConfig {
+  /** Whether HA signing / slashing protection is enabled */
+  haSigningEnabled: boolean;
+  /** L1 contract addresses (rollup address required) */
+  l1Contracts: Pick<L1ContractAddresses, 'rollupAddress'>;
+  /** Unique identifier for this node */
+  nodeId: string;
+  /** How long to wait between polls when a duty is being signed (ms) */
+  pollingIntervalMs: number;
+  /** Maximum time to wait for a duty being signed to complete (ms) */
+  signingTimeoutMs: number;
+  /** Maximum age of a stuck duty in ms (defaults to 2x hardcoded Aztec slot duration if not set) */
+  maxStuckDutiesAgeMs?: number;
+  /** Optional: clean up old duties after this many hours (disabled if not set) */
+  cleanupOldDutiesAfterHours?: number;
+  /**
+   * PostgreSQL connection string
+   * Format: postgresql://user:password@host:port/database
+   */
+  databaseUrl?: string;
+  /**
+   * PostgreSQL connection pool configuration
+   */
+  /** Maximum number of clients in the pool (default: 10) */
+  poolMaxCount?: number;
+  /** Minimum number of clients in the pool (default: 0) */
+  poolMinCount?: number;
+  /** Idle timeout in milliseconds (default: 10000) */
+  poolIdleTimeoutMs?: number;
+  /** Connection timeout in milliseconds (default: 0, no timeout) */
+  poolConnectionTimeoutMs?: number;
+}
+
+export const validatorHASignerConfigMappings: ConfigMappingsType<ValidatorHASignerConfig> = {
+  haSigningEnabled: {
+    env: 'VALIDATOR_HA_SIGNING_ENABLED',
+    description: 'Whether HA signing / slashing protection is enabled',
+    ...booleanConfigHelper(false),
+  },
+  l1Contracts: {
+    description: 'L1 contract addresses (rollup address required)',
+    nested: {
+      rollupAddress: {
+        description: 'The Ethereum address of the rollup contract (must be set programmatically)',
+        parseEnv: (val: string) => EthAddress.fromString(val),
+      },
+    },
+  },
+  nodeId: {
+    env: 'VALIDATOR_HA_NODE_ID',
+    description: 'The unique identifier for this node',
+    defaultValue: '',
+  },
+  pollingIntervalMs: {
+    env: 'VALIDATOR_HA_POLLING_INTERVAL_MS',
+    description: 'The number of ms to wait between polls when a duty is being signed',
+    ...numberConfigHelper(100),
+  },
+  signingTimeoutMs: {
+    env: 'VALIDATOR_HA_SIGNING_TIMEOUT_MS',
+    description: 'The maximum time to wait for a duty being signed to complete',
+    ...numberConfigHelper(3_000),
+  },
+  maxStuckDutiesAgeMs: {
+    env: 'VALIDATOR_HA_MAX_STUCK_DUTIES_AGE_MS',
+    description: 'The maximum age of a stuck duty in ms (defaults to 2x Aztec slot duration)',
+    ...optionalNumberConfigHelper(),
+  },
+  cleanupOldDutiesAfterHours: {
+    env: 'VALIDATOR_HA_OLD_DUTIES_MAX_AGE_H',
+    description: 'Optional: clean up old duties after this many hours (disabled if not set)',
+    ...optionalNumberConfigHelper(),
+  },
+  databaseUrl: {
+    env: 'VALIDATOR_HA_DATABASE_URL',
+    description:
+      'PostgreSQL connection string for validator HA signer (format: postgresql://user:password@host:port/database)',
+  },
+  poolMaxCount: {
+    env: 'VALIDATOR_HA_POOL_MAX',
+    description: 'Maximum number of clients in the pool',
+    ...numberConfigHelper(10),
+  },
+  poolMinCount: {
+    env: 'VALIDATOR_HA_POOL_MIN',
+    description: 'Minimum number of clients in the pool',
+    ...numberConfigHelper(0),
+  },
+  poolIdleTimeoutMs: {
+    env: 'VALIDATOR_HA_POOL_IDLE_TIMEOUT_MS',
+    description: 'Idle timeout in milliseconds',
+    ...numberConfigHelper(10_000),
+  },
+  poolConnectionTimeoutMs: {
+    env: 'VALIDATOR_HA_POOL_CONNECTION_TIMEOUT_MS',
+    description: 'Connection timeout in milliseconds (0 means no timeout)',
+    ...numberConfigHelper(0),
+  },
+};
+
+export const defaultValidatorHASignerConfig: ValidatorHASignerConfig = getDefaultConfig(
+  validatorHASignerConfigMappings,
+);
+
+/**
+ * Returns the validator HA signer configuration from environment variables.
+ * Note: If an environment variable is not set, the default value is used.
+ * @returns The validator HA signer configuration.
+ */
+export function getConfigEnvVars(): ValidatorHASignerConfig {
+  return getConfigFromMappings<ValidatorHASignerConfig>(validatorHASignerConfigMappings);
+}
+
+export const ValidatorHASignerConfigSchema = z.object({
+  haSigningEnabled: z.boolean(),
+  l1Contracts: z.object({
+    rollupAddress: z.instanceof(EthAddress),
+  }),
+  nodeId: z.string(),
+  pollingIntervalMs: z.number().min(0),
+  signingTimeoutMs: z.number().min(0),
+  maxStuckDutiesAgeMs: z.number().min(0).optional(),
+  cleanupOldDutiesAfterHours: z.number().min(0).optional(),
+  databaseUrl: z.string().optional(),
+  poolMaxCount: z.number().min(0).optional(),
+  poolMinCount: z.number().min(0).optional(),
+  poolIdleTimeoutMs: z.number().min(0).optional(),
+  poolConnectionTimeoutMs: z.number().min(0).optional(),
+}) satisfies ZodFor<ValidatorHASignerConfig>;

package/src/ha-signing/index.ts

@@ -0,0 +1,18 @@
+export {
+  type ValidatorHASignerConfig,
+  ValidatorHASignerConfigSchema,
+  defaultValidatorHASignerConfig,
+  getConfigEnvVars,
+  validatorHASignerConfigMappings,
+} from './config.js';
+export {
+  DutyType,
+  type BlockProposalSigningContext,
+  type HAProtectedSigningContext,
+  type NoHAProtectionSigningContext,
+  type OtherSigningContext,
+  type SigningContext,
+  type VoteSigningContext,
+  getBlockNumberFromSigningContext,
+  isHAProtectedContext,
+} from './types.js';

package/src/ha-signing/types.ts

@@ -0,0 +1,112 @@
+import {
+  BlockNumber,
+  type CheckpointNumber,
+  type IndexWithinCheckpoint,
+  type SlotNumber,
+} from '@aztec/foundation/branded-types';
+
+/**
+ * Type of validator duty being performed
+ */
+export enum DutyType {
+  BLOCK_PROPOSAL = 'BLOCK_PROPOSAL',
+  CHECKPOINT_PROPOSAL = 'CHECKPOINT_PROPOSAL',
+  ATTESTATION = 'ATTESTATION',
+  ATTESTATIONS_AND_SIGNERS = 'ATTESTATIONS_AND_SIGNERS',
+  GOVERNANCE_VOTE = 'GOVERNANCE_VOTE',
+  SLASHING_VOTE = 'SLASHING_VOTE',
+  AUTH_REQUEST = 'AUTH_REQUEST',
+  TXS = 'TXS',
+}
+
+/**
+ * Base context for signing operations
+ */
+interface BaseSigningContext {
+  /** Slot number for this duty */
+  slot: SlotNumber;
+  /**
+   * Block or checkpoint number for this duty.
+   * For block proposals, this is the block number.
+   * For checkpoint proposals, this is the checkpoint number.
+   */
+  blockNumber: BlockNumber | CheckpointNumber;
+}
+
+/**
+ * Signing context for block proposals.
+ * blockIndexWithinCheckpoint is REQUIRED and must be >= 0.
+ */
+export interface BlockProposalSigningContext extends BaseSigningContext {
+  /** Block index within checkpoint (0, 1, 2...). Required for block proposals. */
+  blockIndexWithinCheckpoint: IndexWithinCheckpoint;
+  dutyType: DutyType.BLOCK_PROPOSAL;
+}
+
+/**
+ * Signing context for non-block-proposal duties that require HA protection.
+ * blockIndexWithinCheckpoint is not applicable (internally always -1).
+ */
+export interface OtherSigningContext extends BaseSigningContext {
+  dutyType: DutyType.CHECKPOINT_PROPOSAL | DutyType.ATTESTATION | DutyType.ATTESTATIONS_AND_SIGNERS;
+}
+
+/**
+ * Signing context for governance/slashing votes which only need slot for HA protection.
+ * blockNumber is not applicable (internally always 0).
+ */
+export interface VoteSigningContext {
+  slot: SlotNumber;
+  dutyType: DutyType.GOVERNANCE_VOTE | DutyType.SLASHING_VOTE;
+}
+
+/**
+ * Signing context for duties which don't require slot/blockNumber
+ * as they don't need HA protection (AUTH_REQUEST, TXS).
+ */
+export interface NoHAProtectionSigningContext {
+  dutyType: DutyType.AUTH_REQUEST | DutyType.TXS;
+}
+
+/**
+ * Signing contexts that require HA protection (excludes AUTH_REQUEST).
+ * Used by the HA signer's signWithProtection method.
+ */
+export type HAProtectedSigningContext = BlockProposalSigningContext | OtherSigningContext | VoteSigningContext;
+
+/**
+ * Context required for slashing protection during signing operations.
+ * Uses discriminated union to enforce type safety:
+ * - BLOCK_PROPOSAL duties MUST have blockIndexWithinCheckpoint >= 0
+ * - Other duty types do NOT have blockIndexWithinCheckpoint (internally -1)
+ * - Vote duties only need slot (blockNumber is internally 0)
+ * - AUTH_REQUEST and TXS duties don't need slot/blockNumber (no HA protection needed)
+ */
+export type SigningContext = HAProtectedSigningContext | NoHAProtectionSigningContext;
+
+/**
+ * Type guard to check if a SigningContext requires HA protection.
+ * Returns true for contexts that need HA protection, false for AUTH_REQUEST and TXS.
+ */
+export function isHAProtectedContext(context: SigningContext): context is HAProtectedSigningContext {
+  return context.dutyType !== DutyType.AUTH_REQUEST && context.dutyType !== DutyType.TXS;
+}
+
+/**
+ * Gets the block number from a signing context.
+ * - Vote duties (GOVERNANCE_VOTE, SLASHING_VOTE): returns BlockNumber(0)
+ * - Other duties: returns the blockNumber from the context
+ */
+export function getBlockNumberFromSigningContext(context: HAProtectedSigningContext): BlockNumber | CheckpointNumber {
+  // Check for duty types that have blockNumber
+  if (
+    context.dutyType === DutyType.BLOCK_PROPOSAL ||
+    context.dutyType === DutyType.CHECKPOINT_PROPOSAL ||
+    context.dutyType === DutyType.ATTESTATION ||
+    context.dutyType === DutyType.ATTESTATIONS_AND_SIGNERS
+  ) {
+    return context.blockNumber;
+  }
+  // Vote duties (GOVERNANCE_VOTE, SLASHING_VOTE) don't have blockNumber
+  return BlockNumber(0);
+}

package/src/interfaces/p2p.ts

@@ -3,7 +3,6 @@ import type { SlotNumber } from '@aztec/foundation/branded-types';
 import { z } from 'zod';
 
 import { CheckpointAttestation } from '../p2p/checkpoint_attestation.js';
-import type { P2PClientType } from '../p2p/client_type.js';
 import { type ApiSchemaFor, optional, schemas } from '../schemas/index.js';
 import { Tx } from '../tx/tx.js';
 import { TxHash } from '../tx/tx_hash.js';
@@ -27,7 +26,7 @@ const PeerInfoSchema = z.discriminatedUnion('status', [
 ]);
 
 /** Exposed API to the P2P module. */
-export interface P2PApiWithoutAttestations {
+export interface P2PApi {
   /**
    * Returns all pending transactions in the transaction pool.
    * @param limit - The number of items to returns
@@ -48,9 +47,7 @@ export interface P2PApiWithoutAttestations {
    * Returns info for all connected, dialing, and cached peers.
    */
   getPeers(includePending?: boolean): Promise<PeerInfo[]>;
-}
 
-export interface P2PApiWithAttestations extends P2PApiWithoutAttestations {
   /**
    * Queries the Attestation pool for checkpoint attestations for the given slot
    *
@@ -61,19 +58,11 @@ export interface P2PApiWithAttestations extends P2PApiWithoutAttestations {
   getCheckpointAttestationsForSlot(slot: SlotNumber, proposalId?: string): Promise<CheckpointAttestation[]>;
 }
 
-export interface P2PClient extends P2PApiWithAttestations {
+export interface P2PClient extends P2PApi {
   /** Manually adds checkpoint attestations to the p2p client attestation pool. */
   addOwnCheckpointAttestations(attestations: CheckpointAttestation[]): Promise<void>;
 }
 
-export type P2PApi<T extends P2PClientType = P2PClientType.Full> = T extends P2PClientType.Full
-  ? P2PApiWithAttestations
-  : P2PApiWithoutAttestations;
-
-export type P2PApiFull<T extends P2PClientType = P2PClientType.Full> = T extends P2PClientType.Full
-  ? P2PApiWithAttestations & P2PClient
-  : P2PApiWithoutAttestations;
-
 export const P2PApiSchema: ApiSchemaFor<P2PApi> = {
   getCheckpointAttestationsForSlot: z
     .function()

package/src/interfaces/validator.ts

@@ -15,12 +15,12 @@ import type {
 } from '@aztec/stdlib/p2p';
 import type { CheckpointHeader } from '@aztec/stdlib/rollup';
 import type { BlockHeader, Tx } from '@aztec/stdlib/tx';
-import { type ValidatorHASignerConfig, ValidatorHASignerConfigSchema } from '@aztec/validator-ha-signer/config';
 
 import type { PeerId } from '@libp2p/interface';
 import { z } from 'zod';
 
 import type { CommitteeAttestationsAndSigners } from '../block/index.js';
+import { type ValidatorHASignerConfig, ValidatorHASignerConfigSchema } from '../ha-signing/index.js';
 import { AllowedElementSchema } from './allowed_element.js';
 
 /**

package/src/kernel/hints/build_note_hash_read_request_hints.ts

@@ -11,7 +11,6 @@ import type { ScopedNoteHash } from '../note_hash.js';
 import { NoteHashReadRequestHintsBuilder } from './note_hash_read_request_hints.js';
 import type { ScopedReadRequest } from './read_request.js';
 import { PendingReadHint, ReadRequestActionEnum, ReadRequestResetActions } from './read_request_hints.js';
-import { ScopedValueCache } from './scoped_value_cache.js';
 
 export function isValidNoteHashReadRequest(readRequest: ScopedReadRequest, noteHash: ScopedNoteHash) {
   return (
@@ -24,7 +23,6 @@ export function isValidNoteHashReadRequest(readRequest: ScopedReadRequest, noteH
 export function getNoteHashReadRequestResetActions(
   noteHashReadRequests: ClaimedLengthArray<ScopedReadRequest, typeof MAX_NOTE_HASH_READ_REQUESTS_PER_TX>,
   noteHashes: ClaimedLengthArray<ScopedNoteHash, typeof MAX_NOTE_HASHES_PER_TX>,
-  futureNoteHashes: ScopedNoteHash[],
 ): ReadRequestResetActions<typeof MAX_NOTE_HASH_READ_REQUESTS_PER_TX> {
   const resetActions = ReadRequestResetActions.empty(MAX_NOTE_HASH_READ_REQUESTS_PER_TX);
 
@@ -36,24 +34,23 @@ export function getNoteHashReadRequestResetActions(
     noteHashMap.set(value, arr);
   });
 
-  const futureNoteHashMap = new ScopedValueCache(futureNoteHashes);
-
   for (let i = 0; i < noteHashReadRequests.claimedLength; ++i) {
     const readRequest = noteHashReadRequests.array[i];
 
-    const pendingNoteHash = noteHashMap
-      .get(readRequest.value.toBigInt())
-      ?.find(n => isValidNoteHashReadRequest(readRequest, n.noteHash));
-
-    if (pendingNoteHash !== undefined) {
-      resetActions.actions[i] = ReadRequestActionEnum.READ_AS_PENDING;
-      resetActions.pendingReadHints.push(new PendingReadHint(i, pendingNoteHash.index));
-    } else if (
-      !futureNoteHashMap
-        .get(readRequest)
-        .find(futureNoteHash => isValidNoteHashReadRequest(readRequest, futureNoteHash))
-    ) {
+    if (readRequest.contractAddress.isZero()) {
+      // Settled read: empty contract address means resolve against the note hash tree.
       resetActions.actions[i] = ReadRequestActionEnum.READ_AS_SETTLED;
+    } else {
+      // Pending read: non-empty contract address means match against a pending note hash.
+      const pendingNoteHash = noteHashMap
+        .get(readRequest.value.toBigInt())
+        ?.find(n => isValidNoteHashReadRequest(readRequest, n.noteHash));
+
+      if (pendingNoteHash) {
+        resetActions.actions[i] = ReadRequestActionEnum.READ_AS_PENDING;
+        resetActions.pendingReadHints.push(new PendingReadHint(i, pendingNoteHash.index));
+      }
+      // Otherwise, the read request may be resolved by a future note hash. Leave as NOOP.
     }
   }
 
@@ -115,11 +112,10 @@ export async function buildNoteHashReadRequestHints<PENDING extends number, SETT
   },
   noteHashReadRequests: ClaimedLengthArray<ScopedReadRequest, typeof MAX_NOTE_HASH_READ_REQUESTS_PER_TX>,
   noteHashes: ClaimedLengthArray<ScopedNoteHash, typeof MAX_NOTE_HASHES_PER_TX>,
-  futureNoteHashes: ScopedNoteHash[],
   maxPending: PENDING = MAX_NOTE_HASH_READ_REQUESTS_PER_TX as PENDING,
   maxSettled: SETTLED = MAX_NOTE_HASH_READ_REQUESTS_PER_TX as SETTLED,
 ) {
-  const resetActions = getNoteHashReadRequestResetActions(noteHashReadRequests, noteHashes, futureNoteHashes);
+  const resetActions = getNoteHashReadRequestResetActions(noteHashReadRequests, noteHashes);
   return await buildNoteHashReadRequestHintsFromResetActions(
     oracle,
     noteHashReadRequests,

package/src/kernel/hints/build_nullifier_read_request_hints.ts

@@ -12,7 +12,6 @@ import type { ScopedNullifier } from '../nullifier.js';
 import { NullifierReadRequestHintsBuilder } from './nullifier_read_request_hints.js';
 import { ScopedReadRequest } from './read_request.js';
 import { PendingReadHint, ReadRequestActionEnum, ReadRequestResetActions } from './read_request_hints.js';
-import { ScopedValueCache } from './scoped_value_cache.js';
 
 export function isValidNullifierReadRequest(readRequest: ScopedReadRequest, nullifier: ScopedNullifier) {
   return (
@@ -30,7 +29,6 @@ interface NullifierMembershipWitnessWithPreimage {
 export function getNullifierReadRequestResetActions(
   nullifierReadRequests: ClaimedLengthArray<ScopedReadRequest, typeof MAX_NULLIFIER_READ_REQUESTS_PER_TX>,
   nullifiers: ClaimedLengthArray<ScopedNullifier, typeof MAX_NULLIFIERS_PER_TX>,
-  futureNullifiers: ScopedNullifier[],
 ): ReadRequestResetActions<typeof MAX_NULLIFIER_READ_REQUESTS_PER_TX> {
   const resetActions = ReadRequestResetActions.empty(MAX_NULLIFIER_READ_REQUESTS_PER_TX);
 
@@ -42,23 +40,23 @@ export function getNullifierReadRequestResetActions(
     nullifierMap.set(value, arr);
   });
 
-  const futureNullifiersMap = new ScopedValueCache(futureNullifiers);
-
   for (let i = 0; i < nullifierReadRequests.claimedLength; ++i) {
     const readRequest = nullifierReadRequests.array[i];
-    const pendingNullifier = nullifierMap
-      .get(readRequest.value.toBigInt())
-      ?.find(({ nullifier }) => isValidNullifierReadRequest(readRequest, nullifier));
-
-    if (pendingNullifier !== undefined) {
-      resetActions.actions[i] = ReadRequestActionEnum.READ_AS_PENDING;
-      resetActions.pendingReadHints.push(new PendingReadHint(i, pendingNullifier.index));
-    } else if (
-      !futureNullifiersMap
-        .get(readRequest)
-        .some(futureNullifier => isValidNullifierReadRequest(readRequest, futureNullifier))
-    ) {
+
+    if (readRequest.contractAddress.isZero()) {
+      // Settled read: empty contract address means resolve against the nullifier tree.
       resetActions.actions[i] = ReadRequestActionEnum.READ_AS_SETTLED;
+    } else {
+      // Pending read: non-empty contract address means match against a pending nullifier.
+      const pendingNullifier = nullifierMap
+        .get(readRequest.value.toBigInt())
+        ?.find(({ nullifier }) => isValidNullifierReadRequest(readRequest, nullifier));
+
+      if (pendingNullifier) {
+        resetActions.actions[i] = ReadRequestActionEnum.READ_AS_PENDING;
+        resetActions.pendingReadHints.push(new PendingReadHint(i, pendingNullifier.index));
+      }
+      // Otherwise, the read request may be resolved by a future nullifier. Leave as NOOP.
     }
   }
 
@@ -111,11 +109,10 @@ export async function buildNullifierReadRequestHints<PENDING extends number, SET
   },
   nullifierReadRequests: ClaimedLengthArray<ScopedReadRequest, typeof MAX_NULLIFIER_READ_REQUESTS_PER_TX>,
   nullifiers: ClaimedLengthArray<ScopedNullifier, typeof MAX_NULLIFIERS_PER_TX>,
-  futureNullifiers: ScopedNullifier[],
   maxPending: PENDING = MAX_NULLIFIER_READ_REQUESTS_PER_TX as PENDING,
   maxSettled: SETTLED = MAX_NULLIFIER_READ_REQUESTS_PER_TX as SETTLED,
 ) {
-  const resetActions = getNullifierReadRequestResetActions(nullifierReadRequests, nullifiers, futureNullifiers);
+  const resetActions = getNullifierReadRequestResetActions(nullifierReadRequests, nullifiers);
   return await buildNullifierReadRequestHintsFromResetActions(
     oracle,
     nullifierReadRequests,