@aztec/validator-client 0.0.0-test.0 → 0.0.1-commit.023c3e5

package/dest/key_store/ha_key_store.d.ts

@@ -0,0 +1,99 @@
+/**
+ * High Availability Key Store
+ *
+ * A ValidatorKeyStore wrapper that adds slashing protection for HA validator setups.
+ * When multiple validator nodes are running, only one node will sign for a given duty.
+ */
+import { Buffer32 } from '@aztec/foundation/buffer';
+import type { EthAddress } from '@aztec/foundation/eth-address';
+import type { Signature } from '@aztec/foundation/eth-signature';
+import type { EthRemoteSignerConfig } from '@aztec/node-keystore';
+import type { AztecAddress } from '@aztec/stdlib/aztec-address';
+import { type SigningContext } from '@aztec/validator-ha-signer/types';
+import type { ValidatorHASigner } from '@aztec/validator-ha-signer/validator-ha-signer';
+import { type TypedDataDefinition } from 'viem';
+import type { ExtendedValidatorKeyStore } from './interface.js';
+/**
+ * High Availability Key Store
+ *
+ * Wraps a base ExtendedValidatorKeyStore and ValidatorHASigner to provide
+ * HA-protected signing operations (when context is provided).
+ *
+ * The extended interface methods (getAttesterAddresses, getCoinbaseAddress, etc.)
+ * are pure pass-through since they don't require HA coordination.
+ *
+ * Usage:
+ * ```typescript
+ * const baseKeyStore = NodeKeystoreAdapter.fromPrivateKeys(privateKeys);
+ * const haSigner = new ValidatorHASigner(db, config);
+ * const haKeyStore = new HAKeyStore(baseKeyStore, haSigner);
+ *
+ * // Without context - signs directly (no HA protection)
+ * const sig = await haKeyStore.signMessageWithAddress(addr, msg);
+ *
+ * // With context - HA protected, throws DutyAlreadySignedError if already signed
+ * const result = await haKeyStore.signMessageWithAddress(addr, msg, {
+ *   slot: 100n,
+ *   blockNumber: 50n,
+ *   dutyType: DutyType.BLOCK_PROPOSAL,
+ * });
+ * ```
+ */
+export declare class HAKeyStore implements ExtendedValidatorKeyStore {
+    private readonly baseKeyStore;
+    private readonly haSigner;
+    private readonly log;
+    constructor(baseKeyStore: ExtendedValidatorKeyStore, haSigner: ValidatorHASigner);
+    /**
+     * Sign typed data with all addresses.
+     * Coordinates across nodes to prevent double-signing for most duty types.
+     * AUTH_REQUEST and TXS duties bypass HA protection since signing multiple times is safe.
+     * Returns only signatures that were successfully claimed by this node.
+     */
+    signTypedData(typedData: TypedDataDefinition, context: SigningContext): Promise<Signature[]>;
+    /**
+     * Sign a message with all addresses.
+     * Coordinates across nodes to prevent double-signing for most duty types.
+     * AUTH_REQUEST and TXS duties bypass HA protection since signing multiple times is safe.
+     * Returns only signatures that were successfully claimed by this node.
+     */
+    signMessage(message: Buffer32, context: SigningContext): Promise<Signature[]>;
+    /**
+     * Sign typed data with a specific address.
+     * Coordinates across nodes to prevent double-signing for most duty types.
+     * AUTH_REQUEST and TXS duties bypass HA protection since signing multiple times is safe.
+     * @throws DutyAlreadySignedError if the duty was already signed by another node
+     * @throws SlashingProtectionError if attempting to sign different data for the same slot
+     */
+    signTypedDataWithAddress(address: EthAddress, typedData: TypedDataDefinition, context: SigningContext): Promise<Signature>;
+    /**
+     * Sign a message with a specific address.
+     * Coordinates across nodes to prevent double-signing for most duty types.
+     * AUTH_REQUEST and TXS duties bypass HA protection since signing multiple times is safe.
+     * @throws DutyAlreadySignedError if the duty was already signed by another node
+     * @throws SlashingProtectionError if attempting to sign different data for the same slot
+     */
+    signMessageWithAddress(address: EthAddress, message: Buffer32, context: SigningContext): Promise<Signature>;
+    getAddress(index: number): EthAddress;
+    getAddresses(): EthAddress[];
+    getAttesterAddresses(): EthAddress[];
+    getCoinbaseAddress(attesterAddress: EthAddress): EthAddress;
+    getPublisherAddresses(attesterAddress: EthAddress): EthAddress[];
+    getFeeRecipient(attesterAddress: EthAddress): AztecAddress;
+    getRemoteSignerConfig(attesterAddress: EthAddress): EthRemoteSignerConfig | undefined;
+    /**
+     * Process signing errors from the HA signer.
+     * Logs expected HA errors (already signed) at appropriate levels.
+     * Re-throws unexpected errors.
+     */
+    private processSigningError;
+    /**
+     * Start the high-availability key store
+     */
+    start(): Promise<void>;
+    /**
+     * Stop the high-availability key store
+     */
+    stop(): Promise<void>;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaGFfa2V5X3N0b3JlLmQudHMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMva2V5X3N0b3JlL2hhX2tleV9zdG9yZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQTs7Ozs7R0FLRztBQUNILE9BQU8sRUFBRSxRQUFRLEVBQUUsTUFBTSwwQkFBMEIsQ0FBQztBQUNwRCxPQUFPLEtBQUssRUFBRSxVQUFVLEVBQUUsTUFBTSwrQkFBK0IsQ0FBQztBQUNoRSxPQUFPLEtBQUssRUFBRSxTQUFTLEVBQUUsTUFBTSxpQ0FBaUMsQ0FBQztBQUVqRSxPQUFPLEtBQUssRUFBRSxxQkFBcUIsRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBQ2xFLE9BQU8sS0FBSyxFQUFFLFlBQVksRUFBRSxNQUFNLDZCQUE2QixDQUFDO0FBRWhFLE9BQU8sRUFFTCxLQUFLLGNBQWMsRUFFcEIsTUFBTSxrQ0FBa0MsQ0FBQztBQUMxQyxPQUFPLEtBQUssRUFBRSxpQkFBaUIsRUFBRSxNQUFNLGdEQUFnRCxDQUFDO0FBRXhGLE9BQU8sRUFBRSxLQUFLLG1CQUFtQixFQUFpQixNQUFNLE1BQU0sQ0FBQztBQUUvRCxPQUFPLEtBQUssRUFBRSx5QkFBeUIsRUFBRSxNQUFNLGdCQUFnQixDQUFDO0FBRWhFOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0dBeUJHO0FBQ0gscUJBQWEsVUFBVyxZQUFXLHlCQUF5QjtJQUl4RCxPQUFPLENBQUMsUUFBUSxDQUFDLFlBQVk7SUFDN0IsT0FBTyxDQUFDLFFBQVEsQ0FBQyxRQUFRO0lBSjNCLE9BQU8sQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFnQztJQUVwRCxZQUNtQixZQUFZLEVBQUUseUJBQXlCLEVBQ3ZDLFFBQVEsRUFBRSxpQkFBaUIsRUFLN0M7SUFFRDs7Ozs7T0FLRztJQUNHLGFBQWEsQ0FBQyxTQUFTLEVBQUUsbUJBQW1CLEVBQUUsT0FBTyxFQUFFLGNBQWMsR0FBRyxPQUFPLENBQUMsU0FBUyxFQUFFLENBQUMsQ0ErQmpHO0lBRUQ7Ozs7O09BS0c7SUFDRyxXQUFXLENBQUMsT0FBTyxFQUFFLFFBQVEsRUFBRSxPQUFPLEVBQUUsY0FBYyxHQUFHLE9BQU8sQ0FBQyxTQUFTLEVBQUUsQ0FBQyxDQStCbEY7SUFFRDs7Ozs7O09BTUc7SUFDRyx3QkFBd0IsQ0FDNUIsT0FBTyxFQUFFLFVBQVUsRUFDbkIsU0FBUyxFQUFFLG1CQUFtQixFQUM5QixPQUFPLEVBQUUsY0FBYyxHQUN0QixPQUFPLENBQUMsU0FBUyxDQUFDLENBa0JwQjtJQUVEOzs7Ozs7T0FNRztJQUNHLHNCQUFzQixDQUFDLE9BQU8sRUFBRSxVQUFVLEVBQUUsT0FBTyxFQUFFLFFBQVEsRUFBRSxPQUFPLEVBQUUsY0FBYyxHQUFHLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FjaEg7SUFNRCxVQUFVLENBQUMsS0FBSyxFQUFFLE1BQU0sR0FBRyxVQUFVLENBRXBDO0lBRUQsWUFBWSxJQUFJLFVBQVUsRUFBRSxDQUUzQjtJQUVELG9CQUFvQixJQUFJLFVBQVUsRUFBRSxDQUVuQztJQUVELGtCQUFrQixDQUFDLGVBQWUsRUFBRSxVQUFVLEdBQUcsVUFBVSxDQUUxRDtJQUVELHFCQUFxQixDQUFDLGVBQWUsRUFBRSxVQUFVLEdBQUcsVUFBVSxFQUFFLENBRS9EO0lBRUQsZUFBZSxDQUFDLGVBQWUsRUFBRSxVQUFVLEdBQUcsWUFBWSxDQUV6RDtJQUVELHFCQUFxQixDQUFDLGVBQWUsRUFBRSxVQUFVLEdBQUcscUJBQXFCLEdBQUcsU0FBUyxDQUVwRjtJQUVEOzs7O09BSUc7SUFDSCxPQUFPLENBQUMsbUJBQW1CO0lBd0IzQjs7T0FFRztJQUNJLEtBQUssSUFBSSxPQUFPLENBQUMsSUFBSSxDQUFDLENBRTVCO0lBRUQ7O09BRUc7SUFDVSxJQUFJLGtCQUVoQjtDQUNGIn0=

package/dest/key_store/ha_key_store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ha_key_store.d.ts","sourceRoot":"","sources":["../../src/key_store/ha_key_store.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACpD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAChE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iCAAiC,CAAC;AAEjE,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAClE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAEhE,OAAO,EAEL,KAAK,cAAc,EAEpB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gDAAgD,CAAC;AAExF,OAAO,EAAE,KAAK,mBAAmB,EAAiB,MAAM,MAAM,CAAC;AAE/D,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,gBAAgB,CAAC;AAEhE;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,qBAAa,UAAW,YAAW,yBAAyB;IAIxD,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,QAAQ;IAJ3B,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAgC;IAEpD,YACmB,YAAY,EAAE,yBAAyB,EACvC,QAAQ,EAAE,iBAAiB,EAK7C;IAED;;;;;OAKG;IACG,aAAa,CAAC,SAAS,EAAE,mBAAmB,EAAE,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC,CA+BjG;IAED;;;;;OAKG;IACG,WAAW,CAAC,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC,CA+BlF;IAED;;;;;;OAMG;IACG,wBAAwB,CAC5B,OAAO,EAAE,UAAU,EACnB,SAAS,EAAE,mBAAmB,EAC9B,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,SAAS,CAAC,CAkBpB;IAED;;;;;;OAMG;IACG,sBAAsB,CAAC,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,SAAS,CAAC,CAchH;IAMD,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,CAEpC;IAED,YAAY,IAAI,UAAU,EAAE,CAE3B;IAED,oBAAoB,IAAI,UAAU,EAAE,CAEnC;IAED,kBAAkB,CAAC,eAAe,EAAE,UAAU,GAAG,UAAU,CAE1D;IAED,qBAAqB,CAAC,eAAe,EAAE,UAAU,GAAG,UAAU,EAAE,CAE/D;IAED,eAAe,CAAC,eAAe,EAAE,UAAU,GAAG,YAAY,CAEzD;IAED,qBAAqB,CAAC,eAAe,EAAE,UAAU,GAAG,qBAAqB,GAAG,SAAS,CAEpF;IAED;;;;OAIG;IACH,OAAO,CAAC,mBAAmB;IAwB3B;;OAEG;IACI,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAE5B;IAED;;OAEG;IACU,IAAI,kBAEhB;CACF"}

package/dest/key_store/ha_key_store.js

@@ -0,0 +1,208 @@
+/**
+ * High Availability Key Store
+ *
+ * A ValidatorKeyStore wrapper that adds slashing protection for HA validator setups.
+ * When multiple validator nodes are running, only one node will sign for a given duty.
+ */ import { Buffer32 } from '@aztec/foundation/buffer';
+import { createLogger } from '@aztec/foundation/log';
+import { DutyAlreadySignedError, SlashingProtectionError } from '@aztec/validator-ha-signer/errors';
+import { isHAProtectedContext } from '@aztec/validator-ha-signer/types';
+import { hashTypedData } from 'viem';
+/**
+ * High Availability Key Store
+ *
+ * Wraps a base ExtendedValidatorKeyStore and ValidatorHASigner to provide
+ * HA-protected signing operations (when context is provided).
+ *
+ * The extended interface methods (getAttesterAddresses, getCoinbaseAddress, etc.)
+ * are pure pass-through since they don't require HA coordination.
+ *
+ * Usage:
+ * ```typescript
+ * const baseKeyStore = NodeKeystoreAdapter.fromPrivateKeys(privateKeys);
+ * const haSigner = new ValidatorHASigner(db, config);
+ * const haKeyStore = new HAKeyStore(baseKeyStore, haSigner);
+ *
+ * // Without context - signs directly (no HA protection)
+ * const sig = await haKeyStore.signMessageWithAddress(addr, msg);
+ *
+ * // With context - HA protected, throws DutyAlreadySignedError if already signed
+ * const result = await haKeyStore.signMessageWithAddress(addr, msg, {
+ *   slot: 100n,
+ *   blockNumber: 50n,
+ *   dutyType: DutyType.BLOCK_PROPOSAL,
+ * });
+ * ```
+ */ export class HAKeyStore {
+    baseKeyStore;
+    haSigner;
+    log;
+    constructor(baseKeyStore, haSigner){
+        this.baseKeyStore = baseKeyStore;
+        this.haSigner = haSigner;
+        this.log = createLogger('ha-key-store');
+        this.log.info('HAKeyStore initialized', {
+            nodeId: haSigner.nodeId
+        });
+    }
+    /**
+   * Sign typed data with all addresses.
+   * Coordinates across nodes to prevent double-signing for most duty types.
+   * AUTH_REQUEST and TXS duties bypass HA protection since signing multiple times is safe.
+   * Returns only signatures that were successfully claimed by this node.
+   */ async signTypedData(typedData, context) {
+        // no need for HA protection on auth request and txs signatures
+        if (!isHAProtectedContext(context)) {
+            return this.baseKeyStore.signTypedData(typedData, context);
+        }
+        // Sign each address with HA protection
+        const addresses = this.getAddresses();
+        const results = await Promise.allSettled(addresses.map((addr)=>this.signTypedDataWithAddress(addr, typedData, context)));
+        // Filter out failures (already signed by other nodes or other errors)
+        return results.filter((result)=>{
+            if (result.status === 'fulfilled') {
+                return true;
+            }
+            // Log expected HA errors (already signed) at debug level
+            if (result.reason instanceof DutyAlreadySignedError) {
+                this.log.debug(`Duty already signed by another node`, {
+                    dutyType: context.dutyType,
+                    slot: context.slot,
+                    signedByNode: result.reason.signedByNode
+                });
+                return false;
+            }
+            // Re-throw unexpected errors
+            throw result.reason;
+        }).map((result)=>result.value);
+    }
+    /**
+   * Sign a message with all addresses.
+   * Coordinates across nodes to prevent double-signing for most duty types.
+   * AUTH_REQUEST and TXS duties bypass HA protection since signing multiple times is safe.
+   * Returns only signatures that were successfully claimed by this node.
+   */ async signMessage(message, context) {
+        // no need for HA protection on auth request and txs signatures
+        if (!isHAProtectedContext(context)) {
+            return this.baseKeyStore.signMessage(message, context);
+        }
+        // Sign each address with HA protection
+        const addresses = this.getAddresses();
+        const results = await Promise.allSettled(addresses.map((addr)=>this.signMessageWithAddress(addr, message, context)));
+        // Filter out failures (already signed by other nodes or other errors)
+        return results.filter((result)=>{
+            if (result.status === 'fulfilled') {
+                return true;
+            }
+            // Log expected HA errors (already signed) at debug level
+            if (result.reason instanceof DutyAlreadySignedError) {
+                this.log.debug(`Duty already signed by another node`, {
+                    dutyType: context.dutyType,
+                    slot: context.slot,
+                    signedByNode: result.reason.signedByNode
+                });
+                return false;
+            }
+            // Re-throw unexpected errors
+            throw result.reason;
+        }).map((result)=>result.value);
+    }
+    /**
+   * Sign typed data with a specific address.
+   * Coordinates across nodes to prevent double-signing for most duty types.
+   * AUTH_REQUEST and TXS duties bypass HA protection since signing multiple times is safe.
+   * @throws DutyAlreadySignedError if the duty was already signed by another node
+   * @throws SlashingProtectionError if attempting to sign different data for the same slot
+   */ async signTypedDataWithAddress(address, typedData, context) {
+        // AUTH_REQUEST and TXS bypass HA protection - multiple signatures are safe
+        if (!isHAProtectedContext(context)) {
+            return this.baseKeyStore.signTypedDataWithAddress(address, typedData, context);
+        }
+        // Compute signing root from typed data for HA tracking
+        const digest = hashTypedData(typedData);
+        const messageHash = Buffer32.fromString(digest);
+        try {
+            return await this.haSigner.signWithProtection(address, messageHash, context, ()=>this.baseKeyStore.signTypedDataWithAddress(address, typedData, context));
+        } catch (error) {
+            this.processSigningError(error, context);
+            throw error;
+        }
+    }
+    /**
+   * Sign a message with a specific address.
+   * Coordinates across nodes to prevent double-signing for most duty types.
+   * AUTH_REQUEST and TXS duties bypass HA protection since signing multiple times is safe.
+   * @throws DutyAlreadySignedError if the duty was already signed by another node
+   * @throws SlashingProtectionError if attempting to sign different data for the same slot
+   */ async signMessageWithAddress(address, message, context) {
+        // no need for HA protection on auth request and txs signatures
+        if (!isHAProtectedContext(context)) {
+            return this.baseKeyStore.signMessageWithAddress(address, message, context);
+        }
+        try {
+            return await this.haSigner.signWithProtection(address, message, context, (messageHash)=>this.baseKeyStore.signMessageWithAddress(address, messageHash, context));
+        } catch (error) {
+            this.processSigningError(error, context);
+            throw error;
+        }
+    }
+    // ─────────────────────────────────────────────────────────────────────────────
+    // pass-through methods (no HA logic needed)
+    // ─────────────────────────────────────────────────────────────────────────────
+    getAddress(index) {
+        return this.baseKeyStore.getAddress(index);
+    }
+    getAddresses() {
+        return this.baseKeyStore.getAddresses();
+    }
+    getAttesterAddresses() {
+        return this.baseKeyStore.getAttesterAddresses();
+    }
+    getCoinbaseAddress(attesterAddress) {
+        return this.baseKeyStore.getCoinbaseAddress(attesterAddress);
+    }
+    getPublisherAddresses(attesterAddress) {
+        return this.baseKeyStore.getPublisherAddresses(attesterAddress);
+    }
+    getFeeRecipient(attesterAddress) {
+        return this.baseKeyStore.getFeeRecipient(attesterAddress);
+    }
+    getRemoteSignerConfig(attesterAddress) {
+        return this.baseKeyStore.getRemoteSignerConfig(attesterAddress);
+    }
+    /**
+   * Process signing errors from the HA signer.
+   * Logs expected HA errors (already signed) at appropriate levels.
+   * Re-throws unexpected errors.
+   */ processSigningError(error, context) {
+        if (error instanceof DutyAlreadySignedError) {
+            this.log.debug(`Duty already signed by another node with the same payload`, {
+                dutyType: context.dutyType,
+                slot: context.slot,
+                signedByNode: error.signedByNode
+            });
+            return;
+        }
+        if (error instanceof SlashingProtectionError) {
+            this.log.warn(`Duty already signed by another node with different payload`, {
+                dutyType: context.dutyType,
+                slot: context.slot,
+                existingMessageHash: error.existingMessageHash,
+                attemptedMessageHash: error.attemptedMessageHash
+            });
+            return;
+        }
+        // Re-throw errors
+        throw error;
+    }
+    /**
+   * Start the high-availability key store
+   */ start() {
+        return Promise.resolve(this.haSigner.start());
+    }
+    /**
+   * Stop the high-availability key store
+   */ async stop() {
+        await this.haSigner.stop();
+    }
+}

package/dest/key_store/index.d.ts

@@ -1,3 +1,6 @@
 export * from './interface.js';
 export * from './local_key_store.js';
-//# sourceMappingURL=index.d.ts.map
+export * from './node_keystore_adapter.js';
+export * from './web3signer_key_store.js';
+export * from './ha_key_store.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9rZXlfc3RvcmUvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsY0FBYyxnQkFBZ0IsQ0FBQztBQUMvQixjQUFjLHNCQUFzQixDQUFDO0FBQ3JDLGNBQWMsNEJBQTRCLENBQUM7QUFDM0MsY0FBYywyQkFBMkIsQ0FBQztBQUMxQyxjQUFjLG1CQUFtQixDQUFDIn0=

package/dest/key_store/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/key_store/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,sBAAsB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/key_store/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,sBAAsB,CAAC;AACrC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,2BAA2B,CAAC;AAC1C,cAAc,mBAAmB,CAAC"}

package/dest/key_store/index.js

@@ -1,2 +1,5 @@
 export * from './interface.js';
 export * from './local_key_store.js';
+export * from './node_keystore_adapter.js';
+export * from './web3signer_key_store.js';
+export * from './ha_key_store.js';

package/dest/key_store/interface.d.ts

@@ -1,25 +1,104 @@
 import type { Buffer32 } from '@aztec/foundation/buffer';
 import type { EthAddress } from '@aztec/foundation/eth-address';
 import type { Signature } from '@aztec/foundation/eth-signature';
+import type { EthRemoteSignerConfig } from '@aztec/node-keystore';
+import type { AztecAddress } from '@aztec/stdlib/aztec-address';
+import type { SigningContext } from '@aztec/validator-ha-signer/types';
+import type { TypedDataDefinition } from 'viem';
 /** Key Store
  *
  * A keystore interface that can be replaced with a local keystore / remote signer service
  */
 export interface ValidatorKeyStore {
     /**
-     * Get the address of the signer
+     * Get the address of a signer by index
      *
+     * @param index - The index of the signer
      * @returns the address
      */
-    getAddress(): EthAddress;
-    sign(message: Buffer32): Promise<Signature>;
+    getAddress(index: number): EthAddress;
+    /**
+     * Get all addresses
+     *
+     * @returns all addresses
+     */
+    getAddresses(): EthAddress[];
+    /**
+     * Sign typed data with all keystore private keys
+     * @param typedData - The complete EIP-712 typed data structure
+     * @param context - Signing context for HA slashing protection
+     * @returns signatures (when context provided with HA, only successfully claimed signatures are returned)
+     */
+    signTypedData(typedData: TypedDataDefinition, context: SigningContext): Promise<Signature[]>;
+    /**
+     * Sign typed data with a specific address's private key
+     * @param address - The address of the signer to use
+     * @param typedData - The complete EIP-712 typed data structure
+     * @param context - Signing context for HA slashing protection
+     * @returns signature
+     */
+    signTypedDataWithAddress(address: EthAddress, typedData: TypedDataDefinition, context: SigningContext): Promise<Signature>;
     /**
      * Flavor of sign message that followed EIP-712 eth signed message prefix
      * Note: this is only required when we are using ecdsa signatures over secp256k1
      *
      * @param message - The message to sign.
-     * @returns The signature.
+     * @param context - Signing context for HA slashing protection
+     * @returns The signatures (when context provided with HA, only successfully claimed signatures are returned).
+     */
+    signMessage(message: Buffer32, context: SigningContext): Promise<Signature[]>;
+    /**
+     * Sign a message with a specific address's private key
+     * @param address - The address of the signer to use
+     * @param message - The message to sign
+     * @param context - Signing context for HA slashing protection
+     * @returns signature
+     */
+    signMessageWithAddress(address: EthAddress, message: Buffer32, context: SigningContext): Promise<Signature>;
+}
+/**
+ * Extended ValidatorKeyStore interface that supports the new keystore configuration model
+ * with role-based address management (attester, coinbase, publisher, fee recipient)
+ */
+export interface ExtendedValidatorKeyStore extends ValidatorKeyStore {
+    /**
+     * Get all attester addresses (maps to existing getAddresses())
+     * @returns all attester addresses
+     */
+    getAttesterAddresses(): EthAddress[];
+    /**
+     * Get the coinbase address for a specific attester
+     * Falls back to the attester address if not set
+     * @param attesterAddress - The attester address to find the coinbase for
+     * @returns the coinbase address
+     */
+    getCoinbaseAddress(attesterAddress: EthAddress): EthAddress;
+    /**
+     * Get all publisher addresses for a specific attester (EOAs used for sending block proposal L1 txs)
+     * Falls back to the attester addresses if not set
+     * @param attesterAddress - The attester address to find the publishers for
+     * @returns all publisher addresses for this validator
+     */
+    getPublisherAddresses(attesterAddress: EthAddress): EthAddress[];
+    /**
+     * Get the fee recipient address for a specific attester
+     * @param attesterAddress - The attester address to find the fee recipient for
+     * @returns the fee recipient address
+     */
+    getFeeRecipient(attesterAddress: EthAddress): AztecAddress;
+    /**
+     * Get the remote signer configuration for a specific attester if available
+     * @param attesterAddress - The attester address to find the remote signer config for
+     * @returns the remote signer configuration or undefined
+     */
+    getRemoteSignerConfig(attesterAddress: EthAddress): EthRemoteSignerConfig | undefined;
+    /**
+     * Start the key store
+     */
+    start(): Promise<void>;
+    /**
+     * Stop the key store
      */
-    signMessage(message: Buffer32): Promise<Signature>;
+    stop(): Promise<void>;
 }
-//# sourceMappingURL=interface.d.ts.map
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW50ZXJmYWNlLmQudHMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMva2V5X3N0b3JlL2ludGVyZmFjZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssRUFBRSxRQUFRLEVBQUUsTUFBTSwwQkFBMEIsQ0FBQztBQUN6RCxPQUFPLEtBQUssRUFBRSxVQUFVLEVBQUUsTUFBTSwrQkFBK0IsQ0FBQztBQUNoRSxPQUFPLEtBQUssRUFBRSxTQUFTLEVBQUUsTUFBTSxpQ0FBaUMsQ0FBQztBQUNqRSxPQUFPLEtBQUssRUFBRSxxQkFBcUIsRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBQ2xFLE9BQU8sS0FBSyxFQUFFLFlBQVksRUFBRSxNQUFNLDZCQUE2QixDQUFDO0FBQ2hFLE9BQU8sS0FBSyxFQUFFLGNBQWMsRUFBRSxNQUFNLGtDQUFrQyxDQUFDO0FBRXZFLE9BQU8sS0FBSyxFQUFFLG1CQUFtQixFQUFFLE1BQU0sTUFBTSxDQUFDO0FBRWhEOzs7R0FHRztBQUNILE1BQU0sV0FBVyxpQkFBaUI7SUFDaEM7Ozs7O09BS0c7SUFDSCxVQUFVLENBQUMsS0FBSyxFQUFFLE1BQU0sR0FBRyxVQUFVLENBQUM7SUFFdEM7Ozs7T0FJRztJQUNILFlBQVksSUFBSSxVQUFVLEVBQUUsQ0FBQztJQUU3Qjs7Ozs7T0FLRztJQUNILGFBQWEsQ0FBQyxTQUFTLEVBQUUsbUJBQW1CLEVBQUUsT0FBTyxFQUFFLGNBQWMsR0FBRyxPQUFPLENBQUMsU0FBUyxFQUFFLENBQUMsQ0FBQztJQUU3Rjs7Ozs7O09BTUc7SUFDSCx3QkFBd0IsQ0FDdEIsT0FBTyxFQUFFLFVBQVUsRUFDbkIsU0FBUyxFQUFFLG1CQUFtQixFQUM5QixPQUFPLEVBQUUsY0FBYyxHQUN0QixPQUFPLENBQUMsU0FBUyxDQUFDLENBQUM7SUFFdEI7Ozs7Ozs7T0FPRztJQUNILFdBQVcsQ0FBQyxPQUFPLEVBQUUsUUFBUSxFQUFFLE9BQU8sRUFBRSxjQUFjLEdBQUcsT0FBTyxDQUFDLFNBQVMsRUFBRSxDQUFDLENBQUM7SUFFOUU7Ozs7OztPQU1HO0lBQ0gsc0JBQXNCLENBQUMsT0FBTyxFQUFFLFVBQVUsRUFBRSxPQUFPLEVBQUUsUUFBUSxFQUFFLE9BQU8sRUFBRSxjQUFjLEdBQUcsT0FBTyxDQUFDLFNBQVMsQ0FBQyxDQUFDO0NBQzdHO0FBRUQ7OztHQUdHO0FBQ0gsTUFBTSxXQUFXLHlCQUEwQixTQUFRLGlCQUFpQjtJQUNsRTs7O09BR0c7SUFDSCxvQkFBb0IsSUFBSSxVQUFVLEVBQUUsQ0FBQztJQUVyQzs7Ozs7T0FLRztJQUNILGtCQUFrQixDQUFDLGVBQWUsRUFBRSxVQUFVLEdBQUcsVUFBVSxDQUFDO0lBRTVEOzs7OztPQUtHO0lBQ0gscUJBQXFCLENBQUMsZUFBZSxFQUFFLFVBQVUsR0FBRyxVQUFVLEVBQUUsQ0FBQztJQUVqRTs7OztPQUlHO0lBQ0gsZUFBZSxDQUFDLGVBQWUsRUFBRSxVQUFVLEdBQUcsWUFBWSxDQUFDO0lBRTNEOzs7O09BSUc7SUFDSCxxQkFBcUIsQ0FBQyxlQUFlLEVBQUUsVUFBVSxHQUFHLHFCQUFxQixHQUFHLFNBQVMsQ0FBQztJQUV0Rjs7T0FFRztJQUNILEtBQUssSUFBSSxPQUFPLENBQUMsSUFBSSxDQUFDLENBQUM7SUFFdkI7O09BRUc7SUFDSCxJQUFJLElBQUksT0FBTyxDQUFDLElBQUksQ0FBQyxDQUFDO0NBQ3ZCIn0=

package/dest/key_store/interface.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"interface.d.ts","sourceRoot":"","sources":["../../src/key_store/interface.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAChE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iCAAiC,CAAC;AAEjE;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC;;;;OAIG;IACH,UAAU,IAAI,UAAU,CAAC;IAEzB,IAAI,CAAC,OAAO,EAAE,QAAQ,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IAC5C;;;;;;OAMG;IACH,WAAW,CAAC,OAAO,EAAE,QAAQ,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;CACpD"}
+{"version":3,"file":"interface.d.ts","sourceRoot":"","sources":["../../src/key_store/interface.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAChE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iCAAiC,CAAC;AACjE,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAClE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAChE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,kCAAkC,CAAC;AAEvE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,MAAM,CAAC;AAEhD;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC;;;;;OAKG;IACH,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,CAAC;IAEtC;;;;OAIG;IACH,YAAY,IAAI,UAAU,EAAE,CAAC;IAE7B;;;;;OAKG;IACH,aAAa,CAAC,SAAS,EAAE,mBAAmB,EAAE,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;IAE7F;;;;;;OAMG;IACH,wBAAwB,CACtB,OAAO,EAAE,UAAU,EACnB,SAAS,EAAE,mBAAmB,EAC9B,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,SAAS,CAAC,CAAC;IAEtB;;;;;;;OAOG;IACH,WAAW,CAAC,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;IAE9E;;;;;;OAMG;IACH,sBAAsB,CAAC,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;CAC7G;AAED;;;GAGG;AACH,MAAM,WAAW,yBAA0B,SAAQ,iBAAiB;IAClE;;;OAGG;IACH,oBAAoB,IAAI,UAAU,EAAE,CAAC;IAErC;;;;;OAKG;IACH,kBAAkB,CAAC,eAAe,EAAE,UAAU,GAAG,UAAU,CAAC;IAE5D;;;;;OAKG;IACH,qBAAqB,CAAC,eAAe,EAAE,UAAU,GAAG,UAAU,EAAE,CAAC;IAEjE;;;;OAIG;IACH,eAAe,CAAC,eAAe,EAAE,UAAU,GAAG,YAAY,CAAC;IAE3D;;;;OAIG;IACH,qBAAqB,CAAC,eAAe,EAAE,UAAU,GAAG,qBAAqB,GAAG,SAAS,CAAC;IAEtF;;OAEG;IACH,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAEvB;;OAEG;IACH,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACvB"}

package/dest/key_store/interface.js

@@ -1,4 +1,4 @@
-/** Key Store
- *
- * A keystore interface that can be replaced with a local keystore / remote signer service
+/**
+ * Extended ValidatorKeyStore interface that supports the new keystore configuration model
+ * with role-based address management (attester, coinbase, publisher, fee recipient)
  */ export { };

package/dest/key_store/local_key_store.d.ts

@@ -1,28 +1,63 @@
-import type { Buffer32 } from '@aztec/foundation/buffer';
+import { Buffer32 } from '@aztec/foundation/buffer';
 import type { EthAddress } from '@aztec/foundation/eth-address';
 import type { Signature } from '@aztec/foundation/eth-signature';
+import type { SigningContext } from '@aztec/validator-ha-signer/types';
+import { type TypedDataDefinition } from 'viem';
 import type { ValidatorKeyStore } from './interface.js';
 /**
  * Local Key Store
  *
- * An implementation of the Key store using an in memory private key.
+ * An implementation of the Key store using in memory private keys.
  */
 export declare class LocalKeyStore implements ValidatorKeyStore {
-    private signer;
-    constructor(privateKey: Buffer32);
+    private signers;
+    private signersByAddress;
+    constructor(privateKeys: Buffer32[]);
     /**
-     * Get the address of the signer
+     * Get the address of a signer by index
      *
+     * @param index - The index of the signer
      * @returns the address
      */
-    getAddress(): EthAddress;
+    getAddress(index: number): EthAddress;
     /**
-     * Sign a message with the keystore private key
+     * Get the addresses of all signers
      *
-     * @param messageBuffer - The message buffer to sign
+     * @returns the addresses
+     */
+    getAddresses(): EthAddress[];
+    /**
+     * Sign a message with all keystore private keys
+     * @param typedData - The complete EIP-712 typed data structure (domain, types, primaryType, message)
+     * @param _context - Signing context (ignored by LocalKeyStore, used for HA protection)
      * @return signature
      */
-    sign(digest: Buffer32): Promise<Signature>;
-    signMessage(message: Buffer32): Promise<Signature>;
+    signTypedData(typedData: TypedDataDefinition, _context: SigningContext): Promise<Signature[]>;
+    /**
+     * Sign a message with a specific address's private key
+     * @param address - The address of the signer to use
+     * @param typedData - The complete EIP-712 typed data structure (domain, types, primaryType, message)
+     * @param _context - Signing context (ignored by LocalKeyStore, used for HA protection)
+     * @returns signature for the specified address
+     * @throws Error if the address is not found in the keystore
+     */
+    signTypedDataWithAddress(address: EthAddress, typedData: TypedDataDefinition, _context: SigningContext): Promise<Signature>;
+    /**
+     * Sign a message using eth_sign with all keystore private keys
+     *
+     * @param message - The message to sign
+     * @param _context - Signing context (ignored by LocalKeyStore, used for HA protection)
+     * @return signatures
+     */
+    signMessage(message: Buffer32, _context: SigningContext): Promise<Signature[]>;
+    /**
+     * Sign a message using eth_sign with a specific address's private key
+     * @param address - The address of the signer to use
+     * @param message - The message to sign
+     * @param _context - Signing context (ignored by LocalKeyStore, used for HA protection)
+     * @returns signature for the specified address
+     * @throws Error if the address is not found in the keystore
+     */
+    signMessageWithAddress(address: EthAddress, message: Buffer32, _context: SigningContext): Promise<Signature>;
 }
-//# sourceMappingURL=local_key_store.d.ts.map
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibG9jYWxfa2V5X3N0b3JlLmQudHMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMva2V5X3N0b3JlL2xvY2FsX2tleV9zdG9yZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsUUFBUSxFQUFFLE1BQU0sMEJBQTBCLENBQUM7QUFFcEQsT0FBTyxLQUFLLEVBQUUsVUFBVSxFQUFFLE1BQU0sK0JBQStCLENBQUM7QUFDaEUsT0FBTyxLQUFLLEVBQUUsU0FBUyxFQUFFLE1BQU0saUNBQWlDLENBQUM7QUFDakUsT0FBTyxLQUFLLEVBQUUsY0FBYyxFQUFFLE1BQU0sa0NBQWtDLENBQUM7QUFFdkUsT0FBTyxFQUFFLEtBQUssbUJBQW1CLEVBQWlCLE1BQU0sTUFBTSxDQUFDO0FBRS9ELE9BQU8sS0FBSyxFQUFFLGlCQUFpQixFQUFFLE1BQU0sZ0JBQWdCLENBQUM7QUFFeEQ7Ozs7R0FJRztBQUNILHFCQUFhLGFBQWMsWUFBVyxpQkFBaUI7SUFDckQsT0FBTyxDQUFDLE9BQU8sQ0FBb0I7SUFDbkMsT0FBTyxDQUFDLGdCQUFnQixDQUFzQztJQUU5RCxZQUFZLFdBQVcsRUFBRSxRQUFRLEVBQUUsRUFHbEM7SUFFRDs7Ozs7T0FLRztJQUNJLFVBQVUsQ0FBQyxLQUFLLEVBQUUsTUFBTSxHQUFHLFVBQVUsQ0FLM0M7SUFFRDs7OztPQUlHO0lBQ0ksWUFBWSxJQUFJLFVBQVUsRUFBRSxDQUVsQztJQUVEOzs7OztPQUtHO0lBQ0ksYUFBYSxDQUFDLFNBQVMsRUFBRSxtQkFBbUIsRUFBRSxRQUFRLEVBQUUsY0FBYyxHQUFHLE9BQU8sQ0FBQyxTQUFTLEVBQUUsQ0FBQyxDQUduRztJQUVEOzs7Ozs7O09BT0c7SUFDSSx3QkFBd0IsQ0FDN0IsT0FBTyxFQUFFLFVBQVUsRUFDbkIsU0FBUyxFQUFFLG1CQUFtQixFQUM5QixRQUFRLEVBQUUsY0FBYyxHQUN2QixPQUFPLENBQUMsU0FBUyxDQUFDLENBT3BCO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksV0FBVyxDQUFDLE9BQU8sRUFBRSxRQUFRLEVBQUUsUUFBUSxFQUFFLGNBQWMsR0FBRyxPQUFPLENBQUMsU0FBUyxFQUFFLENBQUMsQ0FFcEY7SUFFRDs7Ozs7OztPQU9HO0lBQ0ksc0JBQXNCLENBQUMsT0FBTyxFQUFFLFVBQVUsRUFBRSxPQUFPLEVBQUUsUUFBUSxFQUFFLFFBQVEsRUFBRSxjQUFjLEdBQUcsT0FBTyxDQUFDLFNBQVMsQ0FBQyxDQU1sSDtDQUNGIn0=

package/dest/key_store/local_key_store.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"local_key_store.d.ts","sourceRoot":"","sources":["../../src/key_store/local_key_store.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAEzD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAChE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iCAAiC,CAAC;AAEjE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAExD;;;;GAIG;AACH,qBAAa,aAAc,YAAW,iBAAiB;IACrD,OAAO,CAAC,MAAM,CAAkB;gBAEpB,UAAU,EAAE,QAAQ;IAIhC;;;;OAIG;IACI,UAAU,IAAI,UAAU;IAI/B;;;;;OAKG;IACI,IAAI,CAAC,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC,SAAS,CAAC;IAM1C,WAAW,CAAC,OAAO,EAAE,QAAQ,GAAG,OAAO,CAAC,SAAS,CAAC;CAK1D"}
+{"version":3,"file":"local_key_store.d.ts","sourceRoot":"","sources":["../../src/key_store/local_key_store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAEpD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAChE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iCAAiC,CAAC;AACjE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,kCAAkC,CAAC;AAEvE,OAAO,EAAE,KAAK,mBAAmB,EAAiB,MAAM,MAAM,CAAC;AAE/D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAExD;;;;GAIG;AACH,qBAAa,aAAc,YAAW,iBAAiB;IACrD,OAAO,CAAC,OAAO,CAAoB;IACnC,OAAO,CAAC,gBAAgB,CAAsC;IAE9D,YAAY,WAAW,EAAE,QAAQ,EAAE,EAGlC;IAED;;;;;OAKG;IACI,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,CAK3C;IAED;;;;OAIG;IACI,YAAY,IAAI,UAAU,EAAE,CAElC;IAED;;;;;OAKG;IACI,aAAa,CAAC,SAAS,EAAE,mBAAmB,EAAE,QAAQ,EAAE,cAAc,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC,CAGnG;IAED;;;;;;;OAOG;IACI,wBAAwB,CAC7B,OAAO,EAAE,UAAU,EACnB,SAAS,EAAE,mBAAmB,EAC9B,QAAQ,EAAE,cAAc,GACvB,OAAO,CAAC,SAAS,CAAC,CAOpB;IAED;;;;;;OAMG;IACI,WAAW,CAAC,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,cAAc,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC,CAEpF;IAED;;;;;;;OAOG;IACI,sBAAsB,CAAC,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,cAAc,GAAG,OAAO,CAAC,SAAS,CAAC,CAMlH;CACF"}

package/dest/key_store/local_key_store.js

@@ -1,32 +1,83 @@
-import { Secp256k1Signer } from '@aztec/foundation/crypto';
+import { Buffer32 } from '@aztec/foundation/buffer';
+import { Secp256k1Signer } from '@aztec/foundation/crypto/secp256k1-signer';
+import { hashTypedData } from 'viem';
 /**
  * Local Key Store
  *
- * An implementation of the Key store using an in memory private key.
+ * An implementation of the Key store using in memory private keys.
  */ export class LocalKeyStore {
-    signer;
-    constructor(privateKey){
-        this.signer = new Secp256k1Signer(privateKey);
+    signers;
+    signersByAddress;
+    constructor(privateKeys){
+        this.signers = privateKeys.map((privateKey)=>new Secp256k1Signer(privateKey));
+        this.signersByAddress = new Map(this.signers.map((signer)=>[
+                signer.address.toString(),
+                signer
+            ]));
     }
     /**
-   * Get the address of the signer
+   * Get the address of a signer by index
    *
+   * @param index - The index of the signer
    * @returns the address
-   */ getAddress() {
-        return this.signer.address;
+   */ getAddress(index) {
+        if (index >= this.signers.length) {
+            throw new Error(`Index ${index} is out of bounds.`);
+        }
+        return this.signers[index].address;
     }
     /**
-   * Sign a message with the keystore private key
+   * Get the addresses of all signers
    *
-   * @param messageBuffer - The message buffer to sign
+   * @returns the addresses
+   */ getAddresses() {
+        return this.signers.map((signer)=>signer.address);
+    }
+    /**
+   * Sign a message with all keystore private keys
+   * @param typedData - The complete EIP-712 typed data structure (domain, types, primaryType, message)
+   * @param _context - Signing context (ignored by LocalKeyStore, used for HA protection)
    * @return signature
-   */ sign(digest) {
-        const signature = this.signer.sign(digest);
-        return Promise.resolve(signature);
+   */ signTypedData(typedData, _context) {
+        const digest = hashTypedData(typedData);
+        return Promise.all(this.signers.map((signer)=>signer.sign(Buffer32.fromString(digest))));
+    }
+    /**
+   * Sign a message with a specific address's private key
+   * @param address - The address of the signer to use
+   * @param typedData - The complete EIP-712 typed data structure (domain, types, primaryType, message)
+   * @param _context - Signing context (ignored by LocalKeyStore, used for HA protection)
+   * @returns signature for the specified address
+   * @throws Error if the address is not found in the keystore
+   */ signTypedDataWithAddress(address, typedData, _context) {
+        const signer = this.signersByAddress.get(address.toString());
+        if (!signer) {
+            throw new Error(`No signer found for address ${address.toString()}`);
+        }
+        const digest = hashTypedData(typedData);
+        return Promise.resolve(signer.sign(Buffer32.fromString(digest)));
     }
-    signMessage(message) {
-        // Sign message adds eth sign prefix and hashes before signing
-        const signature = this.signer.signMessage(message);
-        return Promise.resolve(signature);
+    /**
+   * Sign a message using eth_sign with all keystore private keys
+   *
+   * @param message - The message to sign
+   * @param _context - Signing context (ignored by LocalKeyStore, used for HA protection)
+   * @return signatures
+   */ signMessage(message, _context) {
+        return Promise.all(this.signers.map((signer)=>signer.signMessage(message)));
+    }
+    /**
+   * Sign a message using eth_sign with a specific address's private key
+   * @param address - The address of the signer to use
+   * @param message - The message to sign
+   * @param _context - Signing context (ignored by LocalKeyStore, used for HA protection)
+   * @returns signature for the specified address
+   * @throws Error if the address is not found in the keystore
+   */ signMessageWithAddress(address, message, _context) {
+        const signer = this.signersByAddress.get(address.toString());
+        if (!signer) {
+            throw new Error(`No signer found for address ${address.toString()}`);
+        }
+        return Promise.resolve(signer.signMessage(message));
     }
 }