@aztec/validator-client 0.0.0-test.1 → 0.0.1-commit.0208eb9

package/dest/key_store/node_keystore_adapter.d.ts

@@ -0,0 +1,151 @@
+import type { Buffer32 } from '@aztec/foundation/buffer';
+import { EthAddress } from '@aztec/foundation/eth-address';
+import type { Signature } from '@aztec/foundation/eth-signature';
+import { KeystoreManager } from '@aztec/node-keystore';
+import type { EthRemoteSignerConfig } from '@aztec/node-keystore';
+import { AztecAddress } from '@aztec/stdlib/aztec-address';
+import type { SigningContext } from '@aztec/validator-ha-signer/types';
+import type { TypedDataDefinition } from 'viem';
+import type { ExtendedValidatorKeyStore } from './interface.js';
+export declare class NodeKeystoreAdapter implements ExtendedValidatorKeyStore {
+    private readonly keystoreManager;
+    private readonly validators;
+    private readonly addressIndex;
+    private constructor();
+    /**
+     * Create an adapter from a keystore JSON file on disk.
+     * @param keystoreFilePath Absolute or relative path to a keystore JSON file
+     * @returns A configured NodeKeystoreAdapter instance
+     * @throws Error when the file fails schema validation or cannot be read
+     */
+    static fromKeystoreFile(keystoreFilePath: string): NodeKeystoreAdapter;
+    /**
+     * Create an adapter from an in-memory keystore-like object.
+     * Validates resolved duplicate attester addresses across validators and sources.
+     * @param keystoreConfig Parsed config object (typically result of loadKeystoreFile)
+     * @returns A configured NodeKeystoreAdapter instance
+     * @throws Error when resolved duplicate attester addresses are detected
+     */
+    static fromKeystoreConfig(keystoreConfig: unknown): NodeKeystoreAdapter;
+    /**
+     * Build an adapter directly from a list of validator private keys.
+     * Each key becomes a separate validator using the same key for attester and publisher,
+     * coinbase defaults to the derived EOA address, and feeRecipient is a 32-byte padded address.
+     * Note: Fee recipient is a temporary placeholder, replace with actual fee recipient when implemented.
+     */
+    static fromPrivateKeys(privateKeys: string[]): NodeKeystoreAdapter;
+    /**
+     * Build an adapter for a Web3Signer setup by providing the signer URL and the EOA addresses.
+     * Each address becomes a separate validator; attester and publisher point to the same remote signer entry.
+     * Note: Fee recipient is a temporary placeholder, replace with actual fee recipient when implemented.
+     */
+    static fromWeb3Signer(web3SignerUrl: string, addresses: EthAddress[]): NodeKeystoreAdapter;
+    static fromKeyStoreManager(manager: KeystoreManager): NodeKeystoreAdapter;
+    /**
+     * Normalize address keys to lowercase hex strings for map/set usage.
+     */
+    private static key;
+    /**
+     * Ensure per-validator signer cache exists; build it by creating
+     * attester/publisher signers and populating indices when missing.
+     * @param validatorIndex Index of the validator in the keystore
+     * @returns The cached validator entry
+     */
+    private ensureValidator;
+    /**
+     * Iterate all validator indices in the keystore manager.
+     */
+    private validatorIndices;
+    /**
+     * Find the validator index that contains the given attester address.
+     * @param attesterAddress Address to locate
+     * @returns Validator index
+     * @throws Error when no validator contains the attester
+     */
+    private findValidatorIndexForAttester;
+    /**
+     * Get attester address by flat index across all validators' attester sets.
+     * @param index Zero-based flat index across all attesters
+     * @returns EthAddress for the indexed attester
+     * @throws Error when index is out of bounds
+     */
+    getAddress(index: number): EthAddress;
+    /**
+     * Get all attester addresses across validators (legacy-compatible view).
+     */
+    getAddresses(): EthAddress[];
+    /**
+     * Sign typed data with all attester signers across validators.
+     * @param typedData EIP-712 typed data
+     * @param _context Signing context (ignored by NodeKeystoreAdapter, used for HA protection)
+     * @returns Array of signatures in validator order, flattened
+     */
+    signTypedData(typedData: TypedDataDefinition, _context: SigningContext): Promise<Signature[]>;
+    /**
+     * Sign a message with all attester signers across validators.
+     * @param message 32-byte message (already hashed/padded as needed)
+     * @param _context Signing context (ignored by NodeKeystoreAdapter, used for HA protection)
+     * @returns Array of signatures in validator order, flattened
+     */
+    signMessage(message: Buffer32, _context: SigningContext): Promise<Signature[]>;
+    /**
+     * Sign typed data with a signer identified by address (any role).
+     * Hydrates caches on-demand when the address is first seen.
+     * @param address Address to sign with
+     * @param typedData EIP-712 typed data
+     * @param _context Signing context (ignored by NodeKeystoreAdapter, used for HA protection)
+     * @returns Signature from the signer matching the address
+     * @throws Error when no signer exists for the address
+     */
+    signTypedDataWithAddress(address: EthAddress, typedData: TypedDataDefinition, _context: SigningContext): Promise<Signature>;
+    /**
+     * Sign a message with a signer identified by address (any role).
+     * Hydrates caches on-demand when the address is first seen.
+     * @param address Address to sign with
+     * @param message 32-byte message
+     * @param _context Signing context (ignored by NodeKeystoreAdapter, used for HA protection)
+     * @returns Signature from the signer matching the address
+     * @throws Error when no signer exists for the address
+     */
+    signMessageWithAddress(address: EthAddress, message: Buffer32, _context: SigningContext): Promise<Signature>;
+    /**
+     * Get all attester addresses across validators (alias of getAddresses).
+     */
+    getAttesterAddresses(): EthAddress[];
+    /**
+     * Get the effective coinbase address for the validator that contains the given attester.
+     * @param attesterAddress Address of an attester belonging to the validator
+     * @returns Coinbase EthAddress
+     */
+    getCoinbaseAddress(attesterAddress: EthAddress): EthAddress;
+    /**
+     * Get the publisher addresses for the validator that contains the given attester.
+     * @param attesterAddress Address of an attester belonging to the validator
+     * @returns Array of publisher addresses
+     */
+    getPublisherAddresses(attesterAddress: EthAddress): EthAddress[];
+    getAttestorForPublisher(publisherAddress: EthAddress): EthAddress;
+    /**
+     * Get the fee recipient for the validator that contains the given attester.
+     * @param attesterAddress Address of an attester belonging to the validator
+     * @returns Fee recipient as AztecAddress
+     */
+    getFeeRecipient(attesterAddress: EthAddress): AztecAddress;
+    /**
+     * Get the effective remote signer configuration for the attester.
+     * Precedence: account-level override > validator-level override > file-level default.
+     * Returns undefined for local signers (private key / JSON-V3 / mnemonic).
+     * @param attesterAddress Address of an attester belonging to the validator
+     * @returns Effective remote signer configuration or undefined
+     */
+    getRemoteSignerConfig(attesterAddress: EthAddress): EthRemoteSignerConfig | undefined;
+    /**
+     * Start the key store - no-op
+     */
+    start(): Promise<void>;
+    /**
+     * Stop the key store - no-op
+     */
+    stop(): Promise<void>;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibm9kZV9rZXlzdG9yZV9hZGFwdGVyLmQudHMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMva2V5X3N0b3JlL25vZGVfa2V5c3RvcmVfYWRhcHRlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFDQSxPQUFPLEtBQUssRUFBRSxRQUFRLEVBQUUsTUFBTSwwQkFBMEIsQ0FBQztBQUN6RCxPQUFPLEVBQUUsVUFBVSxFQUFFLE1BQU0sK0JBQStCLENBQUM7QUFDM0QsT0FBTyxLQUFLLEVBQUUsU0FBUyxFQUFFLE1BQU0saUNBQWlDLENBQUM7QUFDakUsT0FBTyxFQUFFLGVBQWUsRUFBb0IsTUFBTSxzQkFBc0IsQ0FBQztBQUN6RSxPQUFPLEtBQUssRUFBRSxxQkFBcUIsRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBQ2xFLE9BQU8sRUFBRSxZQUFZLEVBQUUsTUFBTSw2QkFBNkIsQ0FBQztBQUUzRCxPQUFPLEtBQUssRUFBRSxjQUFjLEVBQUUsTUFBTSxrQ0FBa0MsQ0FBQztBQUV2RSxPQUFPLEtBQUssRUFBRSxtQkFBbUIsRUFBRSxNQUFNLE1BQU0sQ0FBQztBQUdoRCxPQUFPLEtBQUssRUFBRSx5QkFBeUIsRUFBRSxNQUFNLGdCQUFnQixDQUFDO0FBYWhFLHFCQUFhLG1CQUFvQixZQUFXLHlCQUF5QjtJQUNuRSxPQUFPLENBQUMsUUFBUSxDQUFDLGVBQWUsQ0FBa0I7SUFHbEQsT0FBTyxDQUFDLFFBQVEsQ0FBQyxVQUFVLENBQTZDO0lBRXhFLE9BQU8sQ0FBQyxRQUFRLENBQUMsWUFBWSxDQUFnRjtJQUU3RyxPQUFPLGVBRU47SUFFRDs7Ozs7T0FLRztJQUNILE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQyxnQkFBZ0IsRUFBRSxNQUFNLEdBQUcsbUJBQW1CLENBR3JFO0lBRUQ7Ozs7OztPQU1HO0lBQ0gsTUFBTSxDQUFDLGtCQUFrQixDQUFDLGNBQWMsRUFBRSxPQUFPLEdBQUcsbUJBQW1CLENBS3RFO0lBRUQ7Ozs7O09BS0c7SUFDSCxNQUFNLENBQUMsZUFBZSxDQUFDLFdBQVcsRUFBRSxNQUFNLEVBQUUsR0FBRyxtQkFBbUIsQ0F3QmpFO0lBRUQ7Ozs7T0FJRztJQUNILE1BQU0sQ0FBQyxjQUFjLENBQUMsYUFBYSxFQUFFLE1BQU0sRUFBRSxTQUFTLEVBQUUsVUFBVSxFQUFFLEdBQUcsbUJBQW1CLENBZXpGO0lBRUQsTUFBTSxDQUFDLG1CQUFtQixDQUFDLE9BQU8sRUFBRSxlQUFlLEdBQUcsbUJBQW1CLENBRXhFO0lBRUQ7O09BRUc7SUFDSCxPQUFPLENBQUMsTUFBTSxDQUFDLEdBQUc7SUFJbEI7Ozs7O09BS0c7SUFDSCxPQUFPLENBQUMsZUFBZTtJQXFDdkI7O09BRUc7SUFDSCxPQUFPLENBQUUsZ0JBQWdCO0lBT3pCOzs7OztPQUtHO0lBQ0gsT0FBTyxDQUFDLDZCQUE2QjtJQWNyQzs7Ozs7T0FLRztJQUNILFVBQVUsQ0FBQyxLQUFLLEVBQUUsTUFBTSxHQUFHLFVBQVUsQ0FNcEM7SUFFRDs7T0FFRztJQUNILFlBQVksSUFBSSxVQUFVLEVBQUUsQ0FVM0I7SUFFRDs7Ozs7T0FLRztJQUNHLGFBQWEsQ0FBQyxTQUFTLEVBQUUsbUJBQW1CLEVBQUUsUUFBUSxFQUFFLGNBQWMsR0FBRyxPQUFPLENBQUMsU0FBUyxFQUFFLENBQUMsQ0FTbEc7SUFFRDs7Ozs7T0FLRztJQUNHLFdBQVcsQ0FBQyxPQUFPLEVBQUUsUUFBUSxFQUFFLFFBQVEsRUFBRSxjQUFjLEdBQUcsT0FBTyxDQUFDLFNBQVMsRUFBRSxDQUFDLENBU25GO0lBRUQ7Ozs7Ozs7O09BUUc7SUFDRyx3QkFBd0IsQ0FDNUIsT0FBTyxFQUFFLFVBQVUsRUFDbkIsU0FBUyxFQUFFLG1CQUFtQixFQUM5QixRQUFRLEVBQUUsY0FBYyxHQUN2QixPQUFPLENBQUMsU0FBUyxDQUFDLENBZ0JwQjtJQUVEOzs7Ozs7OztPQVFHO0lBQ0csc0JBQXNCLENBQUMsT0FBTyxFQUFFLFVBQVUsRUFBRSxPQUFPLEVBQUUsUUFBUSxFQUFFLFFBQVEsRUFBRSxjQUFjLEdBQUcsT0FBTyxDQUFDLFNBQVMsQ0FBQyxDQWVqSDtJQUVEOztPQUVHO0lBQ0gsb0JBQW9CLElBQUksVUFBVSxFQUFFLENBRW5DO0lBRUQ7Ozs7T0FJRztJQUNILGtCQUFrQixDQUFDLGVBQWUsRUFBRSxVQUFVLEdBQUcsVUFBVSxDQUcxRDtJQUVEOzs7O09BSUc7SUFDSCxxQkFBcUIsQ0FBQyxlQUFlLEVBQUUsVUFBVSxHQUFHLFVBQVUsRUFBRSxDQUkvRDtJQUVELHVCQUF1QixDQUFDLGdCQUFnQixFQUFFLFVBQVUsR0FBRyxVQUFVLENBV2hFO0lBRUQ7Ozs7T0FJRztJQUNILGVBQWUsQ0FBQyxlQUFlLEVBQUUsVUFBVSxHQUFHLFlBQVksQ0FHekQ7SUFFRDs7Ozs7O09BTUc7SUFDSCxxQkFBcUIsQ0FBQyxlQUFlLEVBQUUsVUFBVSxHQUFHLHFCQUFxQixHQUFHLFNBQVMsQ0FHcEY7SUFFRDs7T0FFRztJQUNILEtBQUssSUFBSSxPQUFPLENBQUMsSUFBSSxDQUFDLENBRXJCO0lBRUQ7O09BRUc7SUFDSCxJQUFJLElBQUksT0FBTyxDQUFDLElBQUksQ0FBQyxDQUVwQjtDQUNGIn0=

package/dest/key_store/node_keystore_adapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"node_keystore_adapter.d.ts","sourceRoot":"","sources":["../../src/key_store/node_keystore_adapter.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAC3D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iCAAiC,CAAC;AACjE,OAAO,EAAE,eAAe,EAAoB,MAAM,sBAAsB,CAAC;AACzE,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAClE,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAE3D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,kCAAkC,CAAC;AAEvE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,MAAM,CAAC;AAGhD,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,gBAAgB,CAAC;AAahE,qBAAa,mBAAoB,YAAW,yBAAyB;IACnE,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAkB;IAGlD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAA6C;IAExE,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAgF;IAE7G,OAAO,eAEN;IAED;;;;;OAKG;IACH,MAAM,CAAC,gBAAgB,CAAC,gBAAgB,EAAE,MAAM,GAAG,mBAAmB,CAGrE;IAED;;;;;;OAMG;IACH,MAAM,CAAC,kBAAkB,CAAC,cAAc,EAAE,OAAO,GAAG,mBAAmB,CAKtE;IAED;;;;;OAKG;IACH,MAAM,CAAC,eAAe,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,mBAAmB,CAwBjE;IAED;;;;OAIG;IACH,MAAM,CAAC,cAAc,CAAC,aAAa,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,mBAAmB,CAezF;IAED,MAAM,CAAC,mBAAmB,CAAC,OAAO,EAAE,eAAe,GAAG,mBAAmB,CAExE;IAED;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,GAAG;IAIlB;;;;;OAKG;IACH,OAAO,CAAC,eAAe;IAqCvB;;OAEG;IACH,OAAO,CAAE,gBAAgB;IAOzB;;;;;OAKG;IACH,OAAO,CAAC,6BAA6B;IAcrC;;;;;OAKG;IACH,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,CAMpC;IAED;;OAEG;IACH,YAAY,IAAI,UAAU,EAAE,CAU3B;IAED;;;;;OAKG;IACG,aAAa,CAAC,SAAS,EAAE,mBAAmB,EAAE,QAAQ,EAAE,cAAc,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC,CASlG;IAED;;;;;OAKG;IACG,WAAW,CAAC,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,cAAc,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC,CASnF;IAED;;;;;;;;OAQG;IACG,wBAAwB,CAC5B,OAAO,EAAE,UAAU,EACnB,SAAS,EAAE,mBAAmB,EAC9B,QAAQ,EAAE,cAAc,GACvB,OAAO,CAAC,SAAS,CAAC,CAgBpB;IAED;;;;;;;;OAQG;IACG,sBAAsB,CAAC,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,cAAc,GAAG,OAAO,CAAC,SAAS,CAAC,CAejH;IAED;;OAEG;IACH,oBAAoB,IAAI,UAAU,EAAE,CAEnC;IAED;;;;OAIG;IACH,kBAAkB,CAAC,eAAe,EAAE,UAAU,GAAG,UAAU,CAG1D;IAED;;;;OAIG;IACH,qBAAqB,CAAC,eAAe,EAAE,UAAU,GAAG,UAAU,EAAE,CAI/D;IAED,uBAAuB,CAAC,gBAAgB,EAAE,UAAU,GAAG,UAAU,CAWhE;IAED;;;;OAIG;IACH,eAAe,CAAC,eAAe,EAAE,UAAU,GAAG,YAAY,CAGzD;IAED;;;;;;OAMG;IACH,qBAAqB,CAAC,eAAe,EAAE,UAAU,GAAG,qBAAqB,GAAG,SAAS,CAGpF;IAED;;OAEG;IACH,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAErB;IAED;;OAEG;IACH,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAEpB;CACF"}

package/dest/key_store/node_keystore_adapter.js

@@ -0,0 +1,330 @@
+import { KeystoreManager, loadKeystoreFile } from '@aztec/node-keystore';
+import { InvalidValidatorPrivateKeyError } from '@aztec/stdlib/validators';
+import { privateKeyToAccount } from 'viem/accounts';
+export class NodeKeystoreAdapter {
+    keystoreManager;
+    // Per-validator cache (lazy)
+    validators = new Map();
+    addressIndex = new Map();
+    constructor(keystoreManager){
+        this.keystoreManager = keystoreManager;
+    }
+    /**
+   * Create an adapter from a keystore JSON file on disk.
+   * @param keystoreFilePath Absolute or relative path to a keystore JSON file
+   * @returns A configured NodeKeystoreAdapter instance
+   * @throws Error when the file fails schema validation or cannot be read
+   */ static fromKeystoreFile(keystoreFilePath) {
+        const keystoreConfig = loadKeystoreFile(keystoreFilePath);
+        return NodeKeystoreAdapter.fromKeystoreConfig(keystoreConfig);
+    }
+    /**
+   * Create an adapter from an in-memory keystore-like object.
+   * Validates resolved duplicate attester addresses across validators and sources.
+   * @param keystoreConfig Parsed config object (typically result of loadKeystoreFile)
+   * @returns A configured NodeKeystoreAdapter instance
+   * @throws Error when resolved duplicate attester addresses are detected
+   */ static fromKeystoreConfig(keystoreConfig) {
+        const keystoreManager = new KeystoreManager(keystoreConfig);
+        // Validate resolved attester addresses (covers JSON V3 and mnemonic duplicates across validators)
+        keystoreManager.validateResolvedUniqueAttesterAddresses();
+        return new NodeKeystoreAdapter(keystoreManager);
+    }
+    /**
+   * Build an adapter directly from a list of validator private keys.
+   * Each key becomes a separate validator using the same key for attester and publisher,
+   * coinbase defaults to the derived EOA address, and feeRecipient is a 32-byte padded address.
+   * Note: Fee recipient is a temporary placeholder, replace with actual fee recipient when implemented.
+   */ static fromPrivateKeys(privateKeys) {
+        // Minimal validation: 0x + 64 hex
+        const isPk = (s)=>/^0x[0-9a-fA-F]{64}$/.test(s);
+        for (const pk of privateKeys){
+            if (!isPk(pk)) {
+                throw new InvalidValidatorPrivateKeyError();
+            }
+        }
+        const validators = privateKeys.map((pk)=>{
+            const account = privateKeyToAccount(pk);
+            const ethAddress = account.address;
+            // TODO: Temporary fee recipient, replace with actual fee recipient when implemented
+            const feeRecipient = `0x${ethAddress.slice(2).padStart(64, '0')}`;
+            return {
+                attester: pk,
+                publisher: pk,
+                coinbase: ethAddress,
+                feeRecipient
+            };
+        });
+        const cfg = {
+            schemaVersion: 1,
+            validators
+        };
+        return NodeKeystoreAdapter.fromKeystoreConfig(cfg);
+    }
+    /**
+   * Build an adapter for a Web3Signer setup by providing the signer URL and the EOA addresses.
+   * Each address becomes a separate validator; attester and publisher point to the same remote signer entry.
+   * Note: Fee recipient is a temporary placeholder, replace with actual fee recipient when implemented.
+   */ static fromWeb3Signer(web3SignerUrl, addresses) {
+        const validators = addresses.map((address)=>{
+            const ethAddress = address.toString();
+            // TODO: Temporary fee recipient, replace with actual fee recipient when implemented
+            const feeRecipient = `0x${ethAddress.slice(2).padStart(64, '0')}`;
+            return {
+                attester: {
+                    address: ethAddress,
+                    remoteSignerUrl: web3SignerUrl
+                },
+                publisher: {
+                    address: ethAddress,
+                    remoteSignerUrl: web3SignerUrl
+                },
+                coinbase: ethAddress,
+                feeRecipient
+            };
+        });
+        const cfg = {
+            schemaVersion: 1,
+            validators
+        };
+        return NodeKeystoreAdapter.fromKeystoreConfig(cfg);
+    }
+    static fromKeyStoreManager(manager) {
+        return new NodeKeystoreAdapter(manager);
+    }
+    /**
+   * Normalize address keys to lowercase hex strings for map/set usage.
+   */ static key(addr) {
+        return typeof addr === 'string' ? addr.toLowerCase() : addr.toString().toLowerCase();
+    }
+    /**
+   * Ensure per-validator signer cache exists; build it by creating
+   * attester/publisher signers and populating indices when missing.
+   * @param validatorIndex Index of the validator in the keystore
+   * @returns The cached validator entry
+   */ ensureValidator(validatorIndex) {
+        const cached = this.validators.get(validatorIndex);
+        if (cached) {
+            return cached;
+        }
+        const attesters = this.keystoreManager.createAttesterSigners(validatorIndex);
+        const publishers = this.keystoreManager.createPublisherSigners(validatorIndex);
+        // Build 'all' + indices
+        const byAddress = new Map();
+        const attesterSet = new Set();
+        for (const s of attesters){
+            const k = NodeKeystoreAdapter.key(s.address);
+            byAddress.set(k, s);
+            attesterSet.add(k);
+        }
+        for (const s of publishers){
+            const k = NodeKeystoreAdapter.key(s.address);
+            if (!byAddress.has(k)) {
+                byAddress.set(k, s);
+            }
+        }
+        const all = Array.from(byAddress.values());
+        // Populate global index
+        for (const [k, signer] of byAddress.entries()){
+            this.addressIndex.set(k, {
+                signer,
+                validatorIndex
+            });
+        }
+        const built = {
+            attesters,
+            publishers,
+            all,
+            byAddress,
+            attesterSet
+        };
+        this.validators.set(validatorIndex, built);
+        return built;
+    }
+    /**
+   * Iterate all validator indices in the keystore manager.
+   */ *validatorIndices() {
+        const n = this.keystoreManager.getValidatorCount();
+        for(let i = 0; i < n; i++){
+            yield i;
+        }
+    }
+    /**
+   * Find the validator index that contains the given attester address.
+   * @param attesterAddress Address to locate
+   * @returns Validator index
+   * @throws Error when no validator contains the attester
+   */ findValidatorIndexForAttester(attesterAddress) {
+        const key = NodeKeystoreAdapter.key(attesterAddress);
+        // Fast path: if we’ve already cached any validator that includes this as attester
+        for (const i of this.validatorIndices()){
+            const v = this.ensureValidator(i);
+            if (v.attesterSet.has(key)) {
+                return i;
+            }
+        }
+        throw new Error(`Attester address ${attesterAddress.toString()} not found in any validator configuration`);
+    }
+    /**
+   * Get attester address by flat index across all validators' attester sets.
+   * @param index Zero-based flat index across all attesters
+   * @returns EthAddress for the indexed attester
+   * @throws Error when index is out of bounds
+   */ getAddress(index) {
+        const all = this.getAddresses();
+        if (index < 0 || index >= all.length) {
+            throw new Error(`Index ${index} is out of bounds (0..${all.length - 1}).`);
+        }
+        return all[index];
+    }
+    /**
+   * Get all attester addresses across validators (legacy-compatible view).
+   */ getAddresses() {
+        const out = [];
+        for (const i of this.validatorIndices()){
+            const v = this.ensureValidator(i);
+            // attester addresses only for backward compatibility
+            for (const s of v.attesters){
+                out.push(s.address);
+            }
+        }
+        return out;
+    }
+    /**
+   * Sign typed data with all attester signers across validators.
+   * @param typedData EIP-712 typed data
+   * @param _context Signing context (ignored by NodeKeystoreAdapter, used for HA protection)
+   * @returns Array of signatures in validator order, flattened
+   */ async signTypedData(typedData, _context) {
+        const jobs = [];
+        for (const i of this.validatorIndices()){
+            const v = this.ensureValidator(i);
+            for (const s of v.attesters){
+                jobs.push(this.keystoreManager.signTypedData(s, typedData));
+            }
+        }
+        return await Promise.all(jobs);
+    }
+    /**
+   * Sign a message with all attester signers across validators.
+   * @param message 32-byte message (already hashed/padded as needed)
+   * @param _context Signing context (ignored by NodeKeystoreAdapter, used for HA protection)
+   * @returns Array of signatures in validator order, flattened
+   */ async signMessage(message, _context) {
+        const jobs = [];
+        for (const i of this.validatorIndices()){
+            const v = this.ensureValidator(i);
+            for (const s of v.attesters){
+                jobs.push(this.keystoreManager.signMessage(s, message));
+            }
+        }
+        return await Promise.all(jobs);
+    }
+    /**
+   * Sign typed data with a signer identified by address (any role).
+   * Hydrates caches on-demand when the address is first seen.
+   * @param address Address to sign with
+   * @param typedData EIP-712 typed data
+   * @param _context Signing context (ignored by NodeKeystoreAdapter, used for HA protection)
+   * @returns Signature from the signer matching the address
+   * @throws Error when no signer exists for the address
+   */ async signTypedDataWithAddress(address, typedData, _context) {
+        const entry = this.addressIndex.get(NodeKeystoreAdapter.key(address));
+        if (entry) {
+            return await this.keystoreManager.signTypedData(entry.signer, typedData);
+        }
+        // If not in global index yet, lazily hydrate all validators once and retry
+        for (const i of this.validatorIndices()){
+            this.ensureValidator(i);
+        }
+        const second = this.addressIndex.get(NodeKeystoreAdapter.key(address));
+        if (second) {
+            return await this.keystoreManager.signTypedData(second.signer, typedData);
+        }
+        throw new Error(`No signer found for address ${address.toString()}`);
+    }
+    /**
+   * Sign a message with a signer identified by address (any role).
+   * Hydrates caches on-demand when the address is first seen.
+   * @param address Address to sign with
+   * @param message 32-byte message
+   * @param _context Signing context (ignored by NodeKeystoreAdapter, used for HA protection)
+   * @returns Signature from the signer matching the address
+   * @throws Error when no signer exists for the address
+   */ async signMessageWithAddress(address, message, _context) {
+        const entry = this.addressIndex.get(NodeKeystoreAdapter.key(address));
+        if (entry) {
+            return await this.keystoreManager.signMessage(entry.signer, message);
+        }
+        for (const i of this.validatorIndices()){
+            this.ensureValidator(i);
+        }
+        const second = this.addressIndex.get(NodeKeystoreAdapter.key(address));
+        if (second) {
+            return await this.keystoreManager.signMessage(second.signer, message);
+        }
+        throw new Error(`No signer found for address ${address.toString()}`);
+    }
+    /**
+   * Get all attester addresses across validators (alias of getAddresses).
+   */ getAttesterAddresses() {
+        return this.getAddresses();
+    }
+    /**
+   * Get the effective coinbase address for the validator that contains the given attester.
+   * @param attesterAddress Address of an attester belonging to the validator
+   * @returns Coinbase EthAddress
+   */ getCoinbaseAddress(attesterAddress) {
+        const validatorIndex = this.findValidatorIndexForAttester(attesterAddress);
+        return this.keystoreManager.getCoinbaseAddress(validatorIndex, attesterAddress);
+    }
+    /**
+   * Get the publisher addresses for the validator that contains the given attester.
+   * @param attesterAddress Address of an attester belonging to the validator
+   * @returns Array of publisher addresses
+   */ getPublisherAddresses(attesterAddress) {
+        const validatorIndex = this.findValidatorIndexForAttester(attesterAddress);
+        const v = this.ensureValidator(validatorIndex);
+        return v.publishers.map((s)=>s.address);
+    }
+    getAttestorForPublisher(publisherAddress) {
+        const attestorAddresses = this.getAttesterAddresses();
+        for (const attestor of attestorAddresses){
+            const publishers = this.getPublisherAddresses(attestor);
+            const found = publishers.some((publisher)=>publisher.equals(publisherAddress));
+            if (found) {
+                return attestor;
+            }
+        }
+        // Could not find an attestor for this publisher
+        throw new Error(`Failed to find attestor for publisher ${publisherAddress.toString()}`);
+    }
+    /**
+   * Get the fee recipient for the validator that contains the given attester.
+   * @param attesterAddress Address of an attester belonging to the validator
+   * @returns Fee recipient as AztecAddress
+   */ getFeeRecipient(attesterAddress) {
+        const validatorIndex = this.findValidatorIndexForAttester(attesterAddress);
+        return this.keystoreManager.getFeeRecipient(validatorIndex);
+    }
+    /**
+   * Get the effective remote signer configuration for the attester.
+   * Precedence: account-level override > validator-level override > file-level default.
+   * Returns undefined for local signers (private key / JSON-V3 / mnemonic).
+   * @param attesterAddress Address of an attester belonging to the validator
+   * @returns Effective remote signer configuration or undefined
+   */ getRemoteSignerConfig(attesterAddress) {
+        const validatorIndex = this.findValidatorIndexForAttester(attesterAddress);
+        return this.keystoreManager.getEffectiveRemoteSignerConfig(validatorIndex, attesterAddress);
+    }
+    /**
+   * Start the key store - no-op
+   */ start() {
+        return Promise.resolve();
+    }
+    /**
+   * Stop the key store - no-op
+   */ stop() {
+        return Promise.resolve();
+    }
+}

package/dest/key_store/web3signer_key_store.d.ts

@@ -0,0 +1,66 @@
+import type { Buffer32 } from '@aztec/foundation/buffer';
+import { EthAddress } from '@aztec/foundation/eth-address';
+import { Signature } from '@aztec/foundation/eth-signature';
+import type { SigningContext } from '@aztec/validator-ha-signer/types';
+import type { TypedDataDefinition } from 'viem';
+import type { ValidatorKeyStore } from './interface.js';
+/**
+ * Web3Signer Key Store
+ *
+ * An implementation of the Key store using Web3Signer remote signing service.
+ * This implementation uses the Web3Signer JSON-RPC API for secp256k1 signatures.
+ */
+export declare class Web3SignerKeyStore implements ValidatorKeyStore {
+    private addresses;
+    private baseUrl;
+    constructor(addresses: EthAddress[], baseUrl: string);
+    /**
+     * Get the address of a signer by index
+     *
+     * @param index - The index of the signer
+     * @returns the address
+     */
+    getAddress(index: number): EthAddress;
+    /**
+     * Get all addresses
+     *
+     * @returns all addresses
+     */
+    getAddresses(): EthAddress[];
+    /**
+     * Sign EIP-712 typed data with all keystore addresses
+     * @param typedData - The complete EIP-712 typed data structure (domain, types, primaryType, message)
+     * @param _context - Signing context (ignored by Web3SignerKeyStore, used for HA protection)
+     * @return signatures
+     */
+    signTypedData(typedData: TypedDataDefinition, _context: SigningContext): Promise<Signature[]>;
+    /**
+     * Sign EIP-712 typed data with a specific address
+     * @param address - The address of the signer to use
+     * @param typedData - The complete EIP-712 typed data structure (domain, types, primaryType, message)
+     * @param _context - Signing context (ignored by Web3SignerKeyStore, used for HA protection)
+     * @returns signature for the specified address
+     * @throws Error if the address is not found in the keystore or signing fails
+     */
+    signTypedDataWithAddress(address: EthAddress, typedData: TypedDataDefinition, _context: SigningContext): Promise<Signature>;
+    /**
+     * Sign a message with all keystore addresses using EIP-191 prefix
+     *
+     * @param message - The message to sign
+     * @param _context - Signing context (ignored by Web3SignerKeyStore, used for HA protection)
+     * @return signatures
+     */
+    signMessage(message: Buffer32, _context: SigningContext): Promise<Signature[]>;
+    /**
+     * Sign a message with a specific address using EIP-191 prefix
+     * @param address - The address of the signer to use
+     * @param message - The message to sign
+     * @param _context - Signing context (ignored by Web3SignerKeyStore, used for HA protection)
+     * @returns signature for the specified address
+     * @throws Error if the address is not found in the keystore or signing fails
+     */
+    signMessageWithAddress(address: EthAddress, message: Buffer32, _context: SigningContext): Promise<Signature>;
+    private makeJsonRpcSignRequest;
+    private makeJsonRpcSignTypedDataRequest;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoid2ViM3NpZ25lcl9rZXlfc3RvcmUuZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9rZXlfc3RvcmUvd2ViM3NpZ25lcl9rZXlfc3RvcmUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLEVBQUUsUUFBUSxFQUFFLE1BQU0sMEJBQTBCLENBQUM7QUFFekQsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLCtCQUErQixDQUFDO0FBQzNELE9BQU8sRUFBRSxTQUFTLEVBQUUsTUFBTSxpQ0FBaUMsQ0FBQztBQUM1RCxPQUFPLEtBQUssRUFBRSxjQUFjLEVBQUUsTUFBTSxrQ0FBa0MsQ0FBQztBQUV2RSxPQUFPLEtBQUssRUFBRSxtQkFBbUIsRUFBRSxNQUFNLE1BQU0sQ0FBQztBQUVoRCxPQUFPLEtBQUssRUFBRSxpQkFBaUIsRUFBRSxNQUFNLGdCQUFnQixDQUFDO0FBRXhEOzs7OztHQUtHO0FBQ0gscUJBQWEsa0JBQW1CLFlBQVcsaUJBQWlCO0lBRXhELE9BQU8sQ0FBQyxTQUFTO0lBQ2pCLE9BQU8sQ0FBQyxPQUFPO0lBRmpCLFlBQ1UsU0FBUyxFQUFFLFVBQVUsRUFBRSxFQUN2QixPQUFPLEVBQUUsTUFBTSxFQUNyQjtJQUVKOzs7OztPQUtHO0lBQ0ksVUFBVSxDQUFDLEtBQUssRUFBRSxNQUFNLEdBQUcsVUFBVSxDQUszQztJQUVEOzs7O09BSUc7SUFDSSxZQUFZLElBQUksVUFBVSxFQUFFLENBRWxDO0lBRUQ7Ozs7O09BS0c7SUFDSSxhQUFhLENBQUMsU0FBUyxFQUFFLG1CQUFtQixFQUFFLFFBQVEsRUFBRSxjQUFjLEdBQUcsT0FBTyxDQUFDLFNBQVMsRUFBRSxDQUFDLENBRW5HO0lBRUQ7Ozs7Ozs7T0FPRztJQUNVLHdCQUF3QixDQUNuQyxPQUFPLEVBQUUsVUFBVSxFQUNuQixTQUFTLEVBQUUsbUJBQW1CLEVBQzlCLFFBQVEsRUFBRSxjQUFjLEdBQ3ZCLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FNcEI7SUFFRDs7Ozs7O09BTUc7SUFDSSxXQUFXLENBQUMsT0FBTyxFQUFFLFFBQVEsRUFBRSxRQUFRLEVBQUUsY0FBYyxHQUFHLE9BQU8sQ0FBQyxTQUFTLEVBQUUsQ0FBQyxDQUVwRjtJQUVEOzs7Ozs7O09BT0c7SUFDVSxzQkFBc0IsQ0FDakMsT0FBTyxFQUFFLFVBQVUsRUFDbkIsT0FBTyxFQUFFLFFBQVEsRUFDakIsUUFBUSxFQUFFLGNBQWMsR0FDdkIsT0FBTyxDQUFDLFNBQVMsQ0FBQyxDQUtwQjtZQVFhLHNCQUFzQjtZQWlEdEIsK0JBQStCO0NBNkM5QyJ9

package/dest/key_store/web3signer_key_store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"web3signer_key_store.d.ts","sourceRoot":"","sources":["../../src/key_store/web3signer_key_store.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAEzD,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAC3D,OAAO,EAAE,SAAS,EAAE,MAAM,iCAAiC,CAAC;AAC5D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,kCAAkC,CAAC;AAEvE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,MAAM,CAAC;AAEhD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAExD;;;;;GAKG;AACH,qBAAa,kBAAmB,YAAW,iBAAiB;IAExD,OAAO,CAAC,SAAS;IACjB,OAAO,CAAC,OAAO;IAFjB,YACU,SAAS,EAAE,UAAU,EAAE,EACvB,OAAO,EAAE,MAAM,EACrB;IAEJ;;;;;OAKG;IACI,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,CAK3C;IAED;;;;OAIG;IACI,YAAY,IAAI,UAAU,EAAE,CAElC;IAED;;;;;OAKG;IACI,aAAa,CAAC,SAAS,EAAE,mBAAmB,EAAE,QAAQ,EAAE,cAAc,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC,CAEnG;IAED;;;;;;;OAOG;IACU,wBAAwB,CACnC,OAAO,EAAE,UAAU,EACnB,SAAS,EAAE,mBAAmB,EAC9B,QAAQ,EAAE,cAAc,GACvB,OAAO,CAAC,SAAS,CAAC,CAMpB;IAED;;;;;;OAMG;IACI,WAAW,CAAC,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,cAAc,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC,CAEpF;IAED;;;;;;;OAOG;IACU,sBAAsB,CACjC,OAAO,EAAE,UAAU,EACnB,OAAO,EAAE,QAAQ,EACjB,QAAQ,EAAE,cAAc,GACvB,OAAO,CAAC,SAAS,CAAC,CAKpB;YAQa,sBAAsB;YAiDtB,+BAA+B;CA6C9C"}