@aztec/stdlib 0.0.1-commit.8f9871590 → 0.0.1-commit.9117c5f5a

package/src/block/l2_block_source.ts

@@ -13,6 +13,7 @@ import type { TypedEventEmitter } from '@aztec/foundation/types';
 import { z } from 'zod';
 
 import type { Checkpoint } from '../checkpoint/checkpoint.js';
+import type { CheckpointData } from '../checkpoint/checkpoint_data.js';
 import type { PublishedCheckpoint } from '../checkpoint/published_checkpoint.js';
 import type { L1RollupConstants } from '../epoch-helpers/index.js';
 import { CheckpointHeader } from '../rollup/checkpoint_header.js';
@@ -20,6 +21,7 @@ import type { BlockHeader } from '../tx/block_header.js';
 import type { IndexedTxEffect } from '../tx/indexed_tx_effect.js';
 import type { TxHash } from '../tx/tx_hash.js';
 import type { TxReceipt } from '../tx/tx_receipt.js';
+import type { BlockData } from './block_data.js';
 import type { BlockHash } from './block_hash.js';
 import type { CheckpointedL2Block } from './checkpointed_l2_block.js';
 import type { L2Block } from './l2_block.js';
@@ -98,6 +100,12 @@ export interface L2BlockSource {
    */
   getCheckpointsForEpoch(epochNumber: EpochNumber): Promise<Checkpoint[]>;
 
+  /**
+   * Gets lightweight checkpoint metadata for a given epoch, without fetching full block data.
+   * @param epochNumber - Epoch for which we want checkpoint data
+   */
+  getCheckpointsDataForEpoch(epochNumber: EpochNumber): Promise<CheckpointData[]>;
+
   /**
    * Gets a block header by its hash.
    * @param blockHash - The block hash to retrieve.
@@ -112,6 +120,20 @@ export interface L2BlockSource {
    */
   getBlockHeaderByArchive(archive: Fr): Promise<BlockHeader | undefined>;
 
+  /**
+   * Gets block metadata (without tx data) by block number.
+   * @param number - The block number to retrieve.
+   * @returns The requested block data (or undefined if not found).
+   */
+  getBlockData(number: BlockNumber): Promise<BlockData | undefined>;
+
+  /**
+   * Gets block metadata (without tx data) by archive root.
+   * @param archive - The archive root to retrieve.
+   * @returns The requested block data (or undefined if not found).
+   */
+  getBlockDataByArchive(archive: Fr): Promise<BlockData | undefined>;
+
   /**
    * Gets an L2 block by block number.
    * @param number - The block number to return.

package/src/block/l2_block_stream/l2_block_stream.ts

@@ -109,6 +109,27 @@ export class L2BlockStream {
 
       let nextBlockNumber = latestBlockNumber + 1;
       let nextCheckpointToEmit = CheckpointNumber(localTips.checkpointed.checkpoint.number + 1);
+
+      // When startingBlock is set, also skip ahead for checkpoints.
+      if (
+        this.opts.startingBlock !== undefined &&
+        this.opts.startingBlock >= 1 &&
+        nextCheckpointToEmit <= sourceTips.checkpointed.checkpoint.number
+      ) {
+        const startingBlockCheckpoints = await this.l2BlockSource.getCheckpointedBlocks(
+          BlockNumber(this.opts.startingBlock),
+          1,
+        );
+        if (startingBlockCheckpoints.length > 0) {
+          nextCheckpointToEmit = CheckpointNumber(
+            Math.max(nextCheckpointToEmit, startingBlockCheckpoints[0].checkpointNumber),
+          );
+        } else {
+          // startingBlock is past all checkpointed blocks; skip Loop 1 entirely.
+          nextCheckpointToEmit = CheckpointNumber(sourceTips.checkpointed.checkpoint.number + 1);
+        }
+      }
+
       if (this.opts.skipFinalized) {
         // When skipping finalized blocks we need to provide reliable reorg detection while fetching as few blocks as
         // possible. Finalized blocks cannot be reorged by definition, so we can skip most of them. We do need the very

package/src/checkpoint/checkpoint.ts

@@ -94,9 +94,11 @@ export class Checkpoint {
     return this.header.hash();
   }
 
-  // Returns the out hash computed from all l2-to-l1 messages in this checkpoint.
-  // Note: This value is different from the out hash in the header, which is the **accumulated** out hash over all
-  // checkpoints up to and including this one in the epoch.
+  /**
+   * Returns the out hash computed from all l2-to-l1 messages in this checkpoint.
+   * Note: This value is different from the out hash in the header, which is the **accumulated** out hash over all
+   * checkpoints up to and including this one in the epoch.
+   */
   public getCheckpointOutHash(): Fr {
     const msgs = this.blocks.map(block => block.body.txEffects.map(txEffect => txEffect.l2ToL1Msgs));
     return computeCheckpointOutHash(msgs);

package/src/checkpoint/checkpoint_data.ts

@@ -0,0 +1,51 @@
+import {
+  BlockNumber,
+  BlockNumberSchema,
+  CheckpointNumber,
+  CheckpointNumberSchema,
+} from '@aztec/foundation/branded-types';
+import { Fr } from '@aztec/foundation/curves/bn254';
+import { schemas } from '@aztec/foundation/schemas';
+
+import { z } from 'zod';
+
+import { CommitteeAttestation } from '../block/proposal/committee_attestation.js';
+import { CheckpointHeader } from '../rollup/checkpoint_header.js';
+import { AppendOnlyTreeSnapshot } from '../trees/append_only_tree_snapshot.js';
+import { L1PublishedData } from './published_checkpoint.js';
+
+/** Lightweight checkpoint metadata without full block data. */
+export type CheckpointData = {
+  checkpointNumber: CheckpointNumber;
+  header: CheckpointHeader;
+  archive: AppendOnlyTreeSnapshot;
+  checkpointOutHash: Fr;
+  startBlock: BlockNumber;
+  blockCount: number;
+  attestations: CommitteeAttestation[];
+  l1: L1PublishedData;
+};
+
+export const CheckpointDataSchema = z
+  .object({
+    checkpointNumber: CheckpointNumberSchema,
+    header: CheckpointHeader.schema,
+    archive: AppendOnlyTreeSnapshot.schema,
+    checkpointOutHash: schemas.Fr,
+    startBlock: BlockNumberSchema,
+    blockCount: schemas.Integer,
+    attestations: z.array(CommitteeAttestation.schema),
+    l1: L1PublishedData.schema,
+  })
+  .transform(
+    (obj): CheckpointData => ({
+      checkpointNumber: obj.checkpointNumber,
+      header: obj.header,
+      archive: obj.archive,
+      checkpointOutHash: obj.checkpointOutHash,
+      startBlock: obj.startBlock,
+      blockCount: obj.blockCount,
+      attestations: obj.attestations,
+      l1: obj.l1,
+    }),
+  );

package/src/checkpoint/index.ts

@@ -1,3 +1,4 @@
 export * from './checkpoint.js';
+export * from './checkpoint_data.js';
 export * from './checkpoint_info.js';
 export * from './published_checkpoint.js';

package/src/checkpoint/published_checkpoint.ts

@@ -55,9 +55,11 @@ export class L1PublishedData {
 
 export class PublishedCheckpoint {
   constructor(
+    /** The checkpoint itself. */
     public checkpoint: Checkpoint,
+    /** Info on when this checkpoint was published on L1. */
     public l1: L1PublishedData,
-    // The attestations for the last block in the checkpoint.
+    /** The attestations for the last block in the checkpoint. */
     public attestations: CommitteeAttestation[],
   ) {}
 

package/src/config/sequencer-config.ts

@@ -8,7 +8,9 @@ import type { SequencerConfig } from '../interfaces/configs.js';
  * (like blockDurationMs needed by both p2p and sequencer-client) are defined here
  * to avoid duplication.
  */
-export const sharedSequencerConfigMappings: ConfigMappingsType<Pick<SequencerConfig, 'blockDurationMs'>> = {
+export const sharedSequencerConfigMappings: ConfigMappingsType<
+  Pick<SequencerConfig, 'blockDurationMs' | 'expectedBlockProposalsPerSlot'>
+> = {
   blockDurationMs: {
     env: 'SEQ_BLOCK_DURATION_MS',
     description:
@@ -16,4 +18,12 @@ export const sharedSequencerConfigMappings: ConfigMappingsType<Pick<SequencerCon
       'If undefined (default), builds a single block per slot using the full slot duration.',
     parseEnv: (val: string) => (val ? parseInt(val, 10) : undefined),
   },
+  expectedBlockProposalsPerSlot: {
+    env: 'SEQ_EXPECTED_BLOCK_PROPOSALS_PER_SLOT',
+    description:
+      'Expected number of block proposals per slot for P2P peer scoring. ' +
+      '0 (default) disables block proposal scoring. Set to a positive value to enable.',
+    parseEnv: (val: string) => (val ? parseInt(val, 10) : 0),
+    defaultValue: 0,
+  },
 };

package/src/contract/contract_address.ts

@@ -1,4 +1,4 @@
-import { GeneratorIndex } from '@aztec/constants';
+import { DomainSeparator } from '@aztec/constants';
 import { poseidon2HashWithSeparator } from '@aztec/foundation/crypto/poseidon';
 import { Fr } from '@aztec/foundation/curves/bn254';
 
@@ -44,7 +44,7 @@ export async function computePartialAddress(
 
   return poseidon2HashWithSeparator(
     [instance.originalContractClassId, saltedInitializationHash],
-    GeneratorIndex.PARTIAL_ADDRESS,
+    DomainSeparator.PARTIAL_ADDRESS,
   );
 }
 
@@ -57,7 +57,7 @@ export function computeSaltedInitializationHash(
 ): Promise<Fr> {
   return poseidon2HashWithSeparator(
     [instance.salt, instance.initializationHash, instance.deployer],
-    GeneratorIndex.PARTIAL_ADDRESS,
+    DomainSeparator.PARTIAL_ADDRESS,
   );
 }
 
@@ -87,5 +87,5 @@ export async function computeInitializationHashFromEncodedArgs(
   encodedArgs: Fr[],
 ): Promise<Fr> {
   const argsHash = await computeVarArgsHash(encodedArgs);
-  return poseidon2HashWithSeparator([initFn, argsHash], GeneratorIndex.INITIALIZER);
+  return poseidon2HashWithSeparator([initFn, argsHash], DomainSeparator.INITIALIZER);
 }

package/src/contract/contract_class.ts

@@ -8,7 +8,7 @@ import { type ContractClassIdPreimage, computeContractClassIdWithPreimage } from
 import type { ContractClass, ContractClassWithId } from './interfaces/index.js';
 
 /** Contract artifact including its artifact hash */
-type ContractArtifactWithHash = ContractArtifact & { artifactHash: Fr };
+export type ContractArtifactWithHash = ContractArtifact & { artifactHash: Fr };
 
 const cmpFunctionArtifacts = <T extends { selector: FunctionSelector }>(a: T, b: T) =>
   a.selector.toField().cmp(b.selector.toField());
@@ -35,8 +35,8 @@ export async function getContractClassFromArtifact(
 
   privateArtifactFunctions.sort(cmpFunctionArtifacts);
 
-  const contractClass: ContractClass = {
-    version: 1,
+  const contractClass = {
+    version: 1 as const,
     artifactHash,
     packedBytecode,
     privateFunctions: privateArtifactFunctions,

package/src/contract/contract_class_id.ts

@@ -1,4 +1,4 @@
-import { GeneratorIndex, MAX_PACKED_PUBLIC_BYTECODE_SIZE_IN_FIELDS } from '@aztec/constants';
+import { DomainSeparator, MAX_PACKED_PUBLIC_BYTECODE_SIZE_IN_FIELDS } from '@aztec/constants';
 import { poseidon2HashWithSeparator } from '@aztec/foundation/crypto/poseidon';
 import { Fr } from '@aztec/foundation/curves/bn254';
 
@@ -40,7 +40,7 @@ export async function computeContractClassIdWithPreimage(
       : await computePublicBytecodeCommitment(contractClass.packedBytecode);
   const id = await poseidon2HashWithSeparator(
     [artifactHash, privateFunctionsRoot, publicBytecodeCommitment],
-    GeneratorIndex.CONTRACT_CLASS_ID,
+    DomainSeparator.CONTRACT_CLASS_ID,
   );
   return { id, artifactHash, privateFunctionsRoot, publicBytecodeCommitment };
 }
@@ -72,6 +72,6 @@ export async function computePublicBytecodeCommitment(packedBytecode: Buffer) {
 
   // NOTE: hash the bytecode here only up to the actual length of the bytecode.
   // We do not hash the entire max bytecode length!
-  const sep = BigInt(GeneratorIndex.PUBLIC_BYTECODE) + (bytecodeLengthAsField.toBigInt() << 32n);
+  const sep = BigInt(DomainSeparator.PUBLIC_BYTECODE) + (bytecodeLengthAsField.toBigInt() << 32n);
   return await poseidon2HashWithSeparator(bytecodeAsFields.slice(0, bytecodeLength), new Fr(sep).toNumber());
 }

package/src/contract/private_function.ts

@@ -1,4 +1,4 @@
-import { FUNCTION_TREE_HEIGHT, GeneratorIndex } from '@aztec/constants';
+import { DomainSeparator, FUNCTION_TREE_HEIGHT } from '@aztec/constants';
 import { poseidon2Hash, poseidon2HashWithSeparator } from '@aztec/foundation/crypto/poseidon';
 import { Fr } from '@aztec/foundation/curves/bn254';
 import { type MerkleTree, MerkleTreeCalculator } from '@aztec/foundation/trees';
@@ -31,7 +31,7 @@ function computePrivateFunctionLeaves(fns: PrivateFunction[]): Promise<Buffer[]>
 
 /** Returns the leaf for a given private function. */
 export async function computePrivateFunctionLeaf(fn: PrivateFunction): Promise<Buffer> {
-  return (await poseidon2HashWithSeparator([fn.selector, fn.vkHash], GeneratorIndex.PRIVATE_FUNCTION_LEAF)).toBuffer();
+  return (await poseidon2HashWithSeparator([fn.selector, fn.vkHash], DomainSeparator.PRIVATE_FUNCTION_LEAF)).toBuffer();
 }
 
 async function getPrivateFunctionTreeCalculator(): Promise<MerkleTreeCalculator> {

package/src/file-store/local.ts

@@ -1,15 +1,21 @@
 import { access, mkdir, readFile, writeFile } from 'fs/promises';
 import { dirname, resolve } from 'path';
+import { promisify } from 'util';
+import { gunzip as gunzipCb, gzip as gzipCb } from 'zlib';
 
-import type { FileStore } from './interface.js';
+import type { FileStore, FileStoreSaveOptions } from './interface.js';
+
+const gzip = promisify(gzipCb);
+const gunzip = promisify(gunzipCb);
 
 export class LocalFileStore implements FileStore {
   constructor(private readonly basePath: string) {}
 
-  public async save(path: string, data: Buffer): Promise<string> {
+  public async save(path: string, data: Buffer, opts?: FileStoreSaveOptions): Promise<string> {
     const fullPath = this.getFullPath(path);
     await mkdir(dirname(fullPath), { recursive: true });
-    await writeFile(fullPath, data);
+    const toWrite = opts?.compress ? await gzip(data) : data;
+    await writeFile(fullPath, toWrite);
     return `file://${fullPath}`;
   }
 
@@ -18,9 +24,13 @@ export class LocalFileStore implements FileStore {
     return this.save(destPath, data);
   }
 
-  public read(pathOrUrlStr: string): Promise<Buffer> {
+  public async read(pathOrUrlStr: string): Promise<Buffer> {
     const fullPath = this.getFullPath(pathOrUrlStr);
-    return readFile(fullPath);
+    const data = await readFile(fullPath);
+    if (data.length >= 2 && data[0] === 0x1f && data[1] === 0x8b) {
+      return await gunzip(data);
+    }
+    return data;
   }
 
   public async download(pathOrUrlStr: string, destPath: string): Promise<void> {

package/src/file-store/s3.ts

@@ -13,10 +13,14 @@ import { tmpdir } from 'os';
 import { basename, dirname, join } from 'path';
 import { Readable } from 'stream';
 import { pipeline } from 'stream/promises';
-import { createGzip } from 'zlib';
+import { promisify } from 'util';
+import { createGzip, gunzip as gunzipCb, gzip as gzipCb } from 'zlib';
 
 import type { FileStore, FileStoreSaveOptions } from './interface.js';
 
+const gzip = promisify(gzipCb);
+const gunzip = promisify(gunzipCb);
+
 function normalizeBasePath(path: string): string {
   return path?.replace(/^\/+|\/+$/g, '') ?? '';
 }
@@ -52,7 +56,7 @@ export class S3FileStore implements FileStore {
     const key = this.getFullPath(path);
     const shouldCompress = !!opts.compress;
 
-    const body = shouldCompress ? (await import('zlib')).gzipSync(data) : data;
+    const body = shouldCompress ? await gzip(data) : data;
     const contentLength = body.length;
     const contentType = this.detectContentType(key, shouldCompress);
     const put = new PutObjectCommand({
@@ -60,6 +64,7 @@ export class S3FileStore implements FileStore {
       Key: key,
       Body: body,
       ContentType: contentType,
+      ContentEncoding: shouldCompress ? 'gzip' : undefined,
       CacheControl: opts.metadata?.['Cache-control'],
       Metadata: this.extractUserMetadata(opts.metadata),
       ContentLength: contentLength,
@@ -134,7 +139,11 @@ export class S3FileStore implements FileStore {
     for await (const chunk of stream) {
       chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
     }
-    return Buffer.concat(chunks);
+    const buffer = Buffer.concat(chunks);
+    if (out.ContentEncoding === 'gzip') {
+      return await gunzip(buffer);
+    }
+    return buffer;
   }
 
   public async download(pathOrUrlStr: string, destPath: string): Promise<void> {

package/src/ha-signing/config.ts

@@ -0,0 +1,149 @@
+import type { L1ContractAddresses } from '@aztec/ethereum/l1-contract-addresses';
+import {
+  type ConfigMappingsType,
+  booleanConfigHelper,
+  getConfigFromMappings,
+  getDefaultConfig,
+  numberConfigHelper,
+  optionalNumberConfigHelper,
+} from '@aztec/foundation/config';
+import { EthAddress } from '@aztec/foundation/eth-address';
+import type { ZodFor } from '@aztec/foundation/schemas';
+
+import { z } from 'zod';
+
+/**
+ * Configuration for the Validator HA Signer
+ *
+ * This config is used for distributed locking and slashing protection
+ * when running multiple validator nodes in a high-availability setup.
+ */
+export interface ValidatorHASignerConfig {
+  /** Whether HA signing / slashing protection is enabled */
+  haSigningEnabled: boolean;
+  /** L1 contract addresses (rollup address required) */
+  l1Contracts: Pick<L1ContractAddresses, 'rollupAddress'>;
+  /** Unique identifier for this node */
+  nodeId: string;
+  /** How long to wait between polls when a duty is being signed (ms) */
+  pollingIntervalMs: number;
+  /** Maximum time to wait for a duty being signed to complete (ms) */
+  signingTimeoutMs: number;
+  /** Maximum age of a stuck duty in ms (defaults to 2x hardcoded Aztec slot duration if not set) */
+  maxStuckDutiesAgeMs?: number;
+  /** Optional: clean up old duties after this many hours (disabled if not set) */
+  cleanupOldDutiesAfterHours?: number;
+  /**
+   * PostgreSQL connection string
+   * Format: postgresql://user:password@host:port/database
+   */
+  databaseUrl?: string;
+  /**
+   * PostgreSQL connection pool configuration
+   */
+  /** Maximum number of clients in the pool (default: 10) */
+  poolMaxCount?: number;
+  /** Minimum number of clients in the pool (default: 0) */
+  poolMinCount?: number;
+  /** Idle timeout in milliseconds (default: 10000) */
+  poolIdleTimeoutMs?: number;
+  /** Connection timeout in milliseconds (default: 0, no timeout) */
+  poolConnectionTimeoutMs?: number;
+}
+
+export const validatorHASignerConfigMappings: ConfigMappingsType<ValidatorHASignerConfig> = {
+  haSigningEnabled: {
+    env: 'VALIDATOR_HA_SIGNING_ENABLED',
+    description: 'Whether HA signing / slashing protection is enabled',
+    ...booleanConfigHelper(false),
+  },
+  l1Contracts: {
+    description: 'L1 contract addresses (rollup address required)',
+    nested: {
+      rollupAddress: {
+        description: 'The Ethereum address of the rollup contract (must be set programmatically)',
+        parseEnv: (val: string) => EthAddress.fromString(val),
+      },
+    },
+  },
+  nodeId: {
+    env: 'VALIDATOR_HA_NODE_ID',
+    description: 'The unique identifier for this node',
+    defaultValue: '',
+  },
+  pollingIntervalMs: {
+    env: 'VALIDATOR_HA_POLLING_INTERVAL_MS',
+    description: 'The number of ms to wait between polls when a duty is being signed',
+    ...numberConfigHelper(100),
+  },
+  signingTimeoutMs: {
+    env: 'VALIDATOR_HA_SIGNING_TIMEOUT_MS',
+    description: 'The maximum time to wait for a duty being signed to complete',
+    ...numberConfigHelper(3_000),
+  },
+  maxStuckDutiesAgeMs: {
+    env: 'VALIDATOR_HA_MAX_STUCK_DUTIES_AGE_MS',
+    description: 'The maximum age of a stuck duty in ms (defaults to 2x Aztec slot duration)',
+    ...optionalNumberConfigHelper(),
+  },
+  cleanupOldDutiesAfterHours: {
+    env: 'VALIDATOR_HA_OLD_DUTIES_MAX_AGE_H',
+    description: 'Optional: clean up old duties after this many hours (disabled if not set)',
+    ...optionalNumberConfigHelper(),
+  },
+  databaseUrl: {
+    env: 'VALIDATOR_HA_DATABASE_URL',
+    description:
+      'PostgreSQL connection string for validator HA signer (format: postgresql://user:password@host:port/database)',
+  },
+  poolMaxCount: {
+    env: 'VALIDATOR_HA_POOL_MAX',
+    description: 'Maximum number of clients in the pool',
+    ...numberConfigHelper(10),
+  },
+  poolMinCount: {
+    env: 'VALIDATOR_HA_POOL_MIN',
+    description: 'Minimum number of clients in the pool',
+    ...numberConfigHelper(0),
+  },
+  poolIdleTimeoutMs: {
+    env: 'VALIDATOR_HA_POOL_IDLE_TIMEOUT_MS',
+    description: 'Idle timeout in milliseconds',
+    ...numberConfigHelper(10_000),
+  },
+  poolConnectionTimeoutMs: {
+    env: 'VALIDATOR_HA_POOL_CONNECTION_TIMEOUT_MS',
+    description: 'Connection timeout in milliseconds (0 means no timeout)',
+    ...numberConfigHelper(0),
+  },
+};
+
+export const defaultValidatorHASignerConfig: ValidatorHASignerConfig = getDefaultConfig(
+  validatorHASignerConfigMappings,
+);
+
+/**
+ * Returns the validator HA signer configuration from environment variables.
+ * Note: If an environment variable is not set, the default value is used.
+ * @returns The validator HA signer configuration.
+ */
+export function getConfigEnvVars(): ValidatorHASignerConfig {
+  return getConfigFromMappings<ValidatorHASignerConfig>(validatorHASignerConfigMappings);
+}
+
+export const ValidatorHASignerConfigSchema = z.object({
+  haSigningEnabled: z.boolean(),
+  l1Contracts: z.object({
+    rollupAddress: z.instanceof(EthAddress),
+  }),
+  nodeId: z.string(),
+  pollingIntervalMs: z.number().min(0),
+  signingTimeoutMs: z.number().min(0),
+  maxStuckDutiesAgeMs: z.number().min(0).optional(),
+  cleanupOldDutiesAfterHours: z.number().min(0).optional(),
+  databaseUrl: z.string().optional(),
+  poolMaxCount: z.number().min(0).optional(),
+  poolMinCount: z.number().min(0).optional(),
+  poolIdleTimeoutMs: z.number().min(0).optional(),
+  poolConnectionTimeoutMs: z.number().min(0).optional(),
+}) satisfies ZodFor<ValidatorHASignerConfig>;

package/src/ha-signing/index.ts

@@ -0,0 +1,18 @@
+export {
+  type ValidatorHASignerConfig,
+  ValidatorHASignerConfigSchema,
+  defaultValidatorHASignerConfig,
+  getConfigEnvVars,
+  validatorHASignerConfigMappings,
+} from './config.js';
+export {
+  DutyType,
+  type BlockProposalSigningContext,
+  type HAProtectedSigningContext,
+  type NoHAProtectionSigningContext,
+  type OtherSigningContext,
+  type SigningContext,
+  type VoteSigningContext,
+  getBlockNumberFromSigningContext,
+  isHAProtectedContext,
+} from './types.js';

package/src/ha-signing/types.ts

@@ -0,0 +1,112 @@
+import {
+  BlockNumber,
+  type CheckpointNumber,
+  type IndexWithinCheckpoint,
+  type SlotNumber,
+} from '@aztec/foundation/branded-types';
+
+/**
+ * Type of validator duty being performed
+ */
+export enum DutyType {
+  BLOCK_PROPOSAL = 'BLOCK_PROPOSAL',
+  CHECKPOINT_PROPOSAL = 'CHECKPOINT_PROPOSAL',
+  ATTESTATION = 'ATTESTATION',
+  ATTESTATIONS_AND_SIGNERS = 'ATTESTATIONS_AND_SIGNERS',
+  GOVERNANCE_VOTE = 'GOVERNANCE_VOTE',
+  SLASHING_VOTE = 'SLASHING_VOTE',
+  AUTH_REQUEST = 'AUTH_REQUEST',
+  TXS = 'TXS',
+}
+
+/**
+ * Base context for signing operations
+ */
+interface BaseSigningContext {
+  /** Slot number for this duty */
+  slot: SlotNumber;
+  /**
+   * Block or checkpoint number for this duty.
+   * For block proposals, this is the block number.
+   * For checkpoint proposals, this is the checkpoint number.
+   */
+  blockNumber: BlockNumber | CheckpointNumber;
+}
+
+/**
+ * Signing context for block proposals.
+ * blockIndexWithinCheckpoint is REQUIRED and must be >= 0.
+ */
+export interface BlockProposalSigningContext extends BaseSigningContext {
+  /** Block index within checkpoint (0, 1, 2...). Required for block proposals. */
+  blockIndexWithinCheckpoint: IndexWithinCheckpoint;
+  dutyType: DutyType.BLOCK_PROPOSAL;
+}
+
+/**
+ * Signing context for non-block-proposal duties that require HA protection.
+ * blockIndexWithinCheckpoint is not applicable (internally always -1).
+ */
+export interface OtherSigningContext extends BaseSigningContext {
+  dutyType: DutyType.CHECKPOINT_PROPOSAL | DutyType.ATTESTATION | DutyType.ATTESTATIONS_AND_SIGNERS;
+}
+
+/**
+ * Signing context for governance/slashing votes which only need slot for HA protection.
+ * blockNumber is not applicable (internally always 0).
+ */
+export interface VoteSigningContext {
+  slot: SlotNumber;
+  dutyType: DutyType.GOVERNANCE_VOTE | DutyType.SLASHING_VOTE;
+}
+
+/**
+ * Signing context for duties which don't require slot/blockNumber
+ * as they don't need HA protection (AUTH_REQUEST, TXS).
+ */
+export interface NoHAProtectionSigningContext {
+  dutyType: DutyType.AUTH_REQUEST | DutyType.TXS;
+}
+
+/**
+ * Signing contexts that require HA protection (excludes AUTH_REQUEST).
+ * Used by the HA signer's signWithProtection method.
+ */
+export type HAProtectedSigningContext = BlockProposalSigningContext | OtherSigningContext | VoteSigningContext;
+
+/**
+ * Context required for slashing protection during signing operations.
+ * Uses discriminated union to enforce type safety:
+ * - BLOCK_PROPOSAL duties MUST have blockIndexWithinCheckpoint >= 0
+ * - Other duty types do NOT have blockIndexWithinCheckpoint (internally -1)
+ * - Vote duties only need slot (blockNumber is internally 0)
+ * - AUTH_REQUEST and TXS duties don't need slot/blockNumber (no HA protection needed)
+ */
+export type SigningContext = HAProtectedSigningContext | NoHAProtectionSigningContext;
+
+/**
+ * Type guard to check if a SigningContext requires HA protection.
+ * Returns true for contexts that need HA protection, false for AUTH_REQUEST and TXS.
+ */
+export function isHAProtectedContext(context: SigningContext): context is HAProtectedSigningContext {
+  return context.dutyType !== DutyType.AUTH_REQUEST && context.dutyType !== DutyType.TXS;
+}
+
+/**
+ * Gets the block number from a signing context.
+ * - Vote duties (GOVERNANCE_VOTE, SLASHING_VOTE): returns BlockNumber(0)
+ * - Other duties: returns the blockNumber from the context
+ */
+export function getBlockNumberFromSigningContext(context: HAProtectedSigningContext): BlockNumber | CheckpointNumber {
+  // Check for duty types that have blockNumber
+  if (
+    context.dutyType === DutyType.BLOCK_PROPOSAL ||
+    context.dutyType === DutyType.CHECKPOINT_PROPOSAL ||
+    context.dutyType === DutyType.ATTESTATION ||
+    context.dutyType === DutyType.ATTESTATIONS_AND_SIGNERS
+  ) {
+    return context.blockNumber;
+  }
+  // Vote duties (GOVERNANCE_VOTE, SLASHING_VOTE) don't have blockNumber
+  return BlockNumber(0);
+}