@aztec/validator-client 0.0.1-commit.1142ef1 → 0.0.1-commit.1bea0213

package/dest/duties/validation_service.d.ts

@@ -1,3 +1,4 @@
+import { BlockNumber, type CheckpointNumber, IndexWithinCheckpoint, type SlotNumber } from '@aztec/foundation/branded-types';
 import { Fr } from '@aztec/foundation/curves/bn254';
 import type { EthAddress } from '@aztec/foundation/eth-address';
 import type { Signature } from '@aztec/foundation/eth-signature';
@@ -15,15 +16,18 @@ export declare class ValidationService {
      * Create a block proposal with the given header, archive, and transactions
      *
      * @param blockHeader - The block header
-     * @param indexWithinCheckpoint - Index of this block within the checkpoint (0-indexed)
+     * @param blockIndexWithinCheckpoint - The block index within checkpoint for HA signing context
      * @param inHash - Hash of L1 to L2 messages for this checkpoint
      * @param archive - The archive of the current block
-     * @param txs - TxHash[] ordered list of transactions
+     * @param txs - Ordered list of transactions (Tx[])
+     * @param proposerAttesterAddress - The address of the proposer/attester, or undefined
      * @param options - Block proposal options (including broadcastInvalidBlockProposal for testing)
      *
      * @returns A block proposal signing the above information
+     * @throws DutyAlreadySignedError if HA signer indicates duty already signed by another node
+     * @throws SlashingProtectionError if attempting to sign different data for same slot
      */
-    createBlockProposal(blockHeader: BlockHeader, indexWithinCheckpoint: number, inHash: Fr, archive: Fr, txs: Tx[], proposerAttesterAddress: EthAddress | undefined, options: BlockProposalOptions): Promise<BlockProposal>;
+    createBlockProposal(blockHeader: BlockHeader, blockIndexWithinCheckpoint: IndexWithinCheckpoint, inHash: Fr, archive: Fr, txs: Tx[], proposerAttesterAddress: EthAddress | undefined, options: BlockProposalOptions): Promise<BlockProposal>;
     /**
      * Create a checkpoint proposal with the last block header and checkpoint header
      *
@@ -36,7 +40,6 @@ export declare class ValidationService {
      * @returns A checkpoint proposal signing the above information
      */
     createCheckpointProposal(checkpointHeader: CheckpointHeader, archive: Fr, lastBlockInfo: CreateCheckpointProposalLastBlockData | undefined, proposerAttesterAddress: EthAddress | undefined, options: CheckpointProposalOptions): Promise<CheckpointProposal>;
-    private getPayloadSigner;
     /**
      * Attest with selection of validators to the given checkpoint proposal
      *
@@ -48,6 +51,16 @@ export declare class ValidationService {
      * @returns checkpoint attestations
      */
     attestToCheckpointProposal(proposal: CheckpointProposalCore, attestors: EthAddress[]): Promise<CheckpointAttestation[]>;
-    signAttestationsAndSigners(attestationsAndSigners: CommitteeAttestationsAndSigners, proposer: EthAddress): Promise<Signature>;
+    /**
+     * Sign attestations and signers payload
+     * @param attestationsAndSigners - The attestations and signers to sign
+     * @param proposer - The proposer address to sign with
+     * @param slot - The slot number for HA signing context
+     * @param blockNumber - The block or checkpoint number for HA signing context
+     * @returns signature
+     * @throws DutyAlreadySignedError if already signed by another HA node
+     * @throws SlashingProtectionError if attempting to sign different data for same slot
+     */
+    signAttestationsAndSigners(attestationsAndSigners: CommitteeAttestationsAndSigners, proposer: EthAddress, slot: SlotNumber, blockNumber: BlockNumber | CheckpointNumber): Promise<Signature>;
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidmFsaWRhdGlvbl9zZXJ2aWNlLmQudHMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvZHV0aWVzL3ZhbGlkYXRpb25fc2VydmljZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFFQSxPQUFPLEVBQUUsRUFBRSxFQUFFLE1BQU0sZ0NBQWdDLENBQUM7QUFDcEQsT0FBTyxLQUFLLEVBQUUsVUFBVSxFQUFFLE1BQU0sK0JBQStCLENBQUM7QUFDaEUsT0FBTyxLQUFLLEVBQUUsU0FBUyxFQUFFLE1BQU0saUNBQWlDLENBQUM7QUFFakUsT0FBTyxLQUFLLEVBQUUsK0JBQStCLEVBQUUsTUFBTSxxQkFBcUIsQ0FBQztBQUMzRSxPQUFPLEtBQUssRUFBRSxxQ0FBcUMsRUFBRSxNQUFNLGlDQUFpQyxDQUFDO0FBQzdGLE9BQU8sRUFDTCxhQUFhLEVBQ2IsS0FBSyxvQkFBb0IsRUFDekIscUJBQXFCLEVBQ3JCLGtCQUFrQixFQUNsQixLQUFLLHNCQUFzQixFQUMzQixLQUFLLHlCQUF5QixFQUcvQixNQUFNLG1CQUFtQixDQUFDO0FBQzNCLE9BQU8sS0FBSyxFQUFFLGdCQUFnQixFQUFFLE1BQU0sc0JBQXNCLENBQUM7QUFDN0QsT0FBTyxLQUFLLEVBQUUsV0FBVyxFQUFFLEVBQUUsRUFBRSxNQUFNLGtCQUFrQixDQUFDO0FBRXhELE9BQU8sS0FBSyxFQUFFLGlCQUFpQixFQUFFLE1BQU0sMkJBQTJCLENBQUM7QUFFbkUscUJBQWEsaUJBQWlCO0lBRTFCLE9BQU8sQ0FBQyxRQUFRO0lBQ2hCLE9BQU8sQ0FBQyxHQUFHO0lBRmIsWUFDVSxRQUFRLEVBQUUsaUJBQWlCLEVBQzNCLEdBQUcseUNBQStDLEVBQ3hEO0lBRUo7Ozs7Ozs7Ozs7O09BV0c7SUFDSSxtQkFBbUIsQ0FDeEIsV0FBVyxFQUFFLFdBQVcsRUFDeEIscUJBQXFCLEVBQUUsTUFBTSxFQUM3QixNQUFNLEVBQUUsRUFBRSxFQUNWLE9BQU8sRUFBRSxFQUFFLEVBQ1gsR0FBRyxFQUFFLEVBQUUsRUFBRSxFQUNULHVCQUF1QixFQUFFLFVBQVUsR0FBRyxTQUFTLEVBQy9DLE9BQU8sRUFBRSxvQkFBb0IsR0FDNUIsT0FBTyxDQUFDLGFBQWEsQ0FBQyxDQWtCeEI7SUFFRDs7Ozs7Ozs7OztPQVVHO0lBQ0ksd0JBQXdCLENBQzdCLGdCQUFnQixFQUFFLGdCQUFnQixFQUNsQyxPQUFPLEVBQUUsRUFBRSxFQUNYLGFBQWEsRUFBRSxxQ0FBcUMsR0FBRyxTQUFTLEVBQ2hFLHVCQUF1QixFQUFFLFVBQVUsR0FBRyxTQUFTLEVBQy9DLE9BQU8sRUFBRSx5QkFBeUIsR0FDakMsT0FBTyxDQUFDLGtCQUFrQixDQUFDLENBa0I3QjtJQUVELE9BQU8sQ0FBQyxnQkFBZ0I7SUFVeEI7Ozs7Ozs7OztPQVNHO0lBQ0csMEJBQTBCLENBQzlCLFFBQVEsRUFBRSxzQkFBc0IsRUFDaEMsU0FBUyxFQUFFLFVBQVUsRUFBRSxHQUN0QixPQUFPLENBQUMscUJBQXFCLEVBQUUsQ0FBQyxDQVVsQztJQUVLLDBCQUEwQixDQUM5QixzQkFBc0IsRUFBRSwrQkFBK0IsRUFDdkQsUUFBUSxFQUFFLFVBQVUsR0FDbkIsT0FBTyxDQUFDLFNBQVMsQ0FBQyxDQUtwQjtDQUNGIn0=
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidmFsaWRhdGlvbl9zZXJ2aWNlLmQudHMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvZHV0aWVzL3ZhbGlkYXRpb25fc2VydmljZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQ0wsV0FBVyxFQUNYLEtBQUssZ0JBQWdCLEVBQ3JCLHFCQUFxQixFQUNyQixLQUFLLFVBQVUsRUFDaEIsTUFBTSxpQ0FBaUMsQ0FBQztBQUd6QyxPQUFPLEVBQUUsRUFBRSxFQUFFLE1BQU0sZ0NBQWdDLENBQUM7QUFDcEQsT0FBTyxLQUFLLEVBQUUsVUFBVSxFQUFFLE1BQU0sK0JBQStCLENBQUM7QUFDaEUsT0FBTyxLQUFLLEVBQUUsU0FBUyxFQUFFLE1BQU0saUNBQWlDLENBQUM7QUFFakUsT0FBTyxLQUFLLEVBQUUsK0JBQStCLEVBQUUsTUFBTSxxQkFBcUIsQ0FBQztBQUMzRSxPQUFPLEtBQUssRUFBRSxxQ0FBcUMsRUFBRSxNQUFNLGlDQUFpQyxDQUFDO0FBQzdGLE9BQU8sRUFDTCxhQUFhLEVBQ2IsS0FBSyxvQkFBb0IsRUFDekIscUJBQXFCLEVBQ3JCLGtCQUFrQixFQUNsQixLQUFLLHNCQUFzQixFQUMzQixLQUFLLHlCQUF5QixFQUcvQixNQUFNLG1CQUFtQixDQUFDO0FBQzNCLE9BQU8sS0FBSyxFQUFFLGdCQUFnQixFQUFFLE1BQU0sc0JBQXNCLENBQUM7QUFDN0QsT0FBTyxLQUFLLEVBQUUsV0FBVyxFQUFFLEVBQUUsRUFBRSxNQUFNLGtCQUFrQixDQUFDO0FBSXhELE9BQU8sS0FBSyxFQUFFLGlCQUFpQixFQUFFLE1BQU0sMkJBQTJCLENBQUM7QUFFbkUscUJBQWEsaUJBQWlCO0lBRTFCLE9BQU8sQ0FBQyxRQUFRO0lBQ2hCLE9BQU8sQ0FBQyxHQUFHO0lBRmIsWUFDVSxRQUFRLEVBQUUsaUJBQWlCLEVBQzNCLEdBQUcseUNBQStDLEVBQ3hEO0lBRUo7Ozs7Ozs7Ozs7Ozs7O09BY0c7SUFDSSxtQkFBbUIsQ0FDeEIsV0FBVyxFQUFFLFdBQVcsRUFDeEIsMEJBQTBCLEVBQUUscUJBQXFCLEVBQ2pELE1BQU0sRUFBRSxFQUFFLEVBQ1YsT0FBTyxFQUFFLEVBQUUsRUFDWCxHQUFHLEVBQUUsRUFBRSxFQUFFLEVBQ1QsdUJBQXVCLEVBQUUsVUFBVSxHQUFHLFNBQVMsRUFDL0MsT0FBTyxFQUFFLG9CQUFvQixHQUM1QixPQUFPLENBQUMsYUFBYSxDQUFDLENBcUJ4QjtJQUVEOzs7Ozs7Ozs7O09BVUc7SUFDSSx3QkFBd0IsQ0FDN0IsZ0JBQWdCLEVBQUUsZ0JBQWdCLEVBQ2xDLE9BQU8sRUFBRSxFQUFFLEVBQ1gsYUFBYSxFQUFFLHFDQUFxQyxHQUFHLFNBQVMsRUFDaEUsdUJBQXVCLEVBQUUsVUFBVSxHQUFHLFNBQVMsRUFDL0MsT0FBTyxFQUFFLHlCQUF5QixHQUNqQyxPQUFPLENBQUMsa0JBQWtCLENBQUMsQ0FzQjdCO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0csMEJBQTBCLENBQzlCLFFBQVEsRUFBRSxzQkFBc0IsRUFDaEMsU0FBUyxFQUFFLFVBQVUsRUFBRSxHQUN0QixPQUFPLENBQUMscUJBQXFCLEVBQUUsQ0FBQyxDQW9EbEM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSCwwQkFBMEIsQ0FDeEIsc0JBQXNCLEVBQUUsK0JBQStCLEVBQ3ZELFFBQVEsRUFBRSxVQUFVLEVBQ3BCLElBQUksRUFBRSxVQUFVLEVBQ2hCLFdBQVcsRUFBRSxXQUFXLEdBQUcsZ0JBQWdCLEdBQzFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FXcEI7Q0FDRiJ9

package/dest/duties/validation_service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"validation_service.d.ts","sourceRoot":"","sources":["../../src/duties/validation_service.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,EAAE,EAAE,MAAM,gCAAgC,CAAC;AACpD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAChE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iCAAiC,CAAC;AAEjE,OAAO,KAAK,EAAE,+BAA+B,EAAE,MAAM,qBAAqB,CAAC;AAC3E,OAAO,KAAK,EAAE,qCAAqC,EAAE,MAAM,iCAAiC,CAAC;AAC7F,OAAO,EACL,aAAa,EACb,KAAK,oBAAoB,EACzB,qBAAqB,EACrB,kBAAkB,EAClB,KAAK,sBAAsB,EAC3B,KAAK,yBAAyB,EAG/B,MAAM,mBAAmB,CAAC;AAC3B,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,KAAK,EAAE,WAAW,EAAE,EAAE,EAAE,MAAM,kBAAkB,CAAC;AAExD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAEnE,qBAAa,iBAAiB;IAE1B,OAAO,CAAC,QAAQ;IAChB,OAAO,CAAC,GAAG;IAFb,YACU,QAAQ,EAAE,iBAAiB,EAC3B,GAAG,yCAA+C,EACxD;IAEJ;;;;;;;;;;;OAWG;IACI,mBAAmB,CACxB,WAAW,EAAE,WAAW,EACxB,qBAAqB,EAAE,MAAM,EAC7B,MAAM,EAAE,EAAE,EACV,OAAO,EAAE,EAAE,EACX,GAAG,EAAE,EAAE,EAAE,EACT,uBAAuB,EAAE,UAAU,GAAG,SAAS,EAC/C,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC,aAAa,CAAC,CAkBxB;IAED;;;;;;;;;;OAUG;IACI,wBAAwB,CAC7B,gBAAgB,EAAE,gBAAgB,EAClC,OAAO,EAAE,EAAE,EACX,aAAa,EAAE,qCAAqC,GAAG,SAAS,EAChE,uBAAuB,EAAE,UAAU,GAAG,SAAS,EAC/C,OAAO,EAAE,yBAAyB,GACjC,OAAO,CAAC,kBAAkB,CAAC,CAkB7B;IAED,OAAO,CAAC,gBAAgB;IAUxB;;;;;;;;;OASG;IACG,0BAA0B,CAC9B,QAAQ,EAAE,sBAAsB,EAChC,SAAS,EAAE,UAAU,EAAE,GACtB,OAAO,CAAC,qBAAqB,EAAE,CAAC,CAUlC;IAEK,0BAA0B,CAC9B,sBAAsB,EAAE,+BAA+B,EACvD,QAAQ,EAAE,UAAU,GACnB,OAAO,CAAC,SAAS,CAAC,CAKpB;CACF"}
+{"version":3,"file":"validation_service.d.ts","sourceRoot":"","sources":["../../src/duties/validation_service.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,WAAW,EACX,KAAK,gBAAgB,EACrB,qBAAqB,EACrB,KAAK,UAAU,EAChB,MAAM,iCAAiC,CAAC;AAGzC,OAAO,EAAE,EAAE,EAAE,MAAM,gCAAgC,CAAC;AACpD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAChE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iCAAiC,CAAC;AAEjE,OAAO,KAAK,EAAE,+BAA+B,EAAE,MAAM,qBAAqB,CAAC;AAC3E,OAAO,KAAK,EAAE,qCAAqC,EAAE,MAAM,iCAAiC,CAAC;AAC7F,OAAO,EACL,aAAa,EACb,KAAK,oBAAoB,EACzB,qBAAqB,EACrB,kBAAkB,EAClB,KAAK,sBAAsB,EAC3B,KAAK,yBAAyB,EAG/B,MAAM,mBAAmB,CAAC;AAC3B,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,KAAK,EAAE,WAAW,EAAE,EAAE,EAAE,MAAM,kBAAkB,CAAC;AAIxD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAEnE,qBAAa,iBAAiB;IAE1B,OAAO,CAAC,QAAQ;IAChB,OAAO,CAAC,GAAG;IAFb,YACU,QAAQ,EAAE,iBAAiB,EAC3B,GAAG,yCAA+C,EACxD;IAEJ;;;;;;;;;;;;;;OAcG;IACI,mBAAmB,CACxB,WAAW,EAAE,WAAW,EACxB,0BAA0B,EAAE,qBAAqB,EACjD,MAAM,EAAE,EAAE,EACV,OAAO,EAAE,EAAE,EACX,GAAG,EAAE,EAAE,EAAE,EACT,uBAAuB,EAAE,UAAU,GAAG,SAAS,EAC/C,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC,aAAa,CAAC,CAqBxB;IAED;;;;;;;;;;OAUG;IACI,wBAAwB,CAC7B,gBAAgB,EAAE,gBAAgB,EAClC,OAAO,EAAE,EAAE,EACX,aAAa,EAAE,qCAAqC,GAAG,SAAS,EAChE,uBAAuB,EAAE,UAAU,GAAG,SAAS,EAC/C,OAAO,EAAE,yBAAyB,GACjC,OAAO,CAAC,kBAAkB,CAAC,CAsB7B;IAED;;;;;;;;;OASG;IACG,0BAA0B,CAC9B,QAAQ,EAAE,sBAAsB,EAChC,SAAS,EAAE,UAAU,EAAE,GACtB,OAAO,CAAC,qBAAqB,EAAE,CAAC,CAoDlC;IAED;;;;;;;;;OASG;IACH,0BAA0B,CACxB,sBAAsB,EAAE,+BAA+B,EACvD,QAAQ,EAAE,UAAU,EACpB,IAAI,EAAE,UAAU,EAChB,WAAW,EAAE,WAAW,GAAG,gBAAgB,GAC1C,OAAO,CAAC,SAAS,CAAC,CAWpB;CACF"}

package/dest/duties/validation_service.js

@@ -1,8 +1,11 @@
+import { BlockNumber } from '@aztec/foundation/branded-types';
 import { Buffer32 } from '@aztec/foundation/buffer';
 import { keccak256 } from '@aztec/foundation/crypto/keccak';
 import { Fr } from '@aztec/foundation/curves/bn254';
 import { createLogger } from '@aztec/foundation/log';
 import { BlockProposal, CheckpointAttestation, CheckpointProposal, ConsensusPayload, SignatureDomainSeparator } from '@aztec/stdlib/p2p';
+import { DutyAlreadySignedError, SlashingProtectionError } from '@aztec/validator-ha-signer/errors';
+import { DutyType } from '@aztec/validator-ha-signer/types';
 export class ValidationService {
     keyStore;
     log;
@@ -14,21 +17,26 @@ export class ValidationService {
    * Create a block proposal with the given header, archive, and transactions
    *
    * @param blockHeader - The block header
-   * @param indexWithinCheckpoint - Index of this block within the checkpoint (0-indexed)
+   * @param blockIndexWithinCheckpoint - The block index within checkpoint for HA signing context
    * @param inHash - Hash of L1 to L2 messages for this checkpoint
    * @param archive - The archive of the current block
-   * @param txs - TxHash[] ordered list of transactions
+   * @param txs - Ordered list of transactions (Tx[])
+   * @param proposerAttesterAddress - The address of the proposer/attester, or undefined
    * @param options - Block proposal options (including broadcastInvalidBlockProposal for testing)
    *
    * @returns A block proposal signing the above information
-   */ createBlockProposal(blockHeader, indexWithinCheckpoint, inHash, archive, txs, proposerAttesterAddress, options) {
-        const payloadSigner = this.getPayloadSigner(proposerAttesterAddress);
+   * @throws DutyAlreadySignedError if HA signer indicates duty already signed by another node
+   * @throws SlashingProtectionError if attempting to sign different data for same slot
+   */ createBlockProposal(blockHeader, blockIndexWithinCheckpoint, inHash, archive, txs, proposerAttesterAddress, options) {
         // For testing: change the new archive to trigger state_mismatch validation failure
         if (options.broadcastInvalidBlockProposal) {
             archive = Fr.random();
             this.log.warn(`Creating INVALID block proposal for slot ${blockHeader.globalVariables.slotNumber}`);
         }
-        return BlockProposal.createProposalFromSigner(blockHeader, indexWithinCheckpoint, inHash, archive, txs.map((tx)=>tx.getTxHash()), options.publishFullTxs ? txs : undefined, payloadSigner);
+        // Create a signer that uses the appropriate address
+        const address = proposerAttesterAddress ?? this.keyStore.getAddress(0);
+        const payloadSigner = (payload, context)=>this.keyStore.signMessageWithAddress(address, payload, context);
+        return BlockProposal.createProposalFromSigner(blockHeader, blockIndexWithinCheckpoint, inHash, archive, txs.map((tx)=>tx.getTxHash()), options.publishFullTxs ? txs : undefined, payloadSigner);
     }
     /**
    * Create a checkpoint proposal with the last block header and checkpoint header
@@ -41,12 +49,16 @@ export class ValidationService {
    *
    * @returns A checkpoint proposal signing the above information
    */ createCheckpointProposal(checkpointHeader, archive, lastBlockInfo, proposerAttesterAddress, options) {
-        const payloadSigner = this.getPayloadSigner(proposerAttesterAddress);
         // For testing: change the archive to trigger state_mismatch validation failure
         if (options.broadcastInvalidCheckpointProposal) {
             archive = Fr.random();
             this.log.warn(`Creating INVALID checkpoint proposal for slot ${checkpointHeader.slotNumber}`);
         }
+        // Create a signer that takes payload and context, and uses the appropriate address
+        const payloadSigner = (payload, context)=>{
+            const address = proposerAttesterAddress ?? this.keyStore.getAddress(0);
+            return this.keyStore.signMessageWithAddress(address, payload, context);
+        };
         // Last block to include in the proposal
         const lastBlock = lastBlockInfo && {
             blockHeader: lastBlockInfo.blockHeader,
@@ -56,15 +68,6 @@ export class ValidationService {
         };
         return CheckpointProposal.createProposalFromSigner(checkpointHeader, archive, lastBlock, payloadSigner);
     }
-    getPayloadSigner(proposerAttesterAddress) {
-        if (proposerAttesterAddress !== undefined) {
-            return (payload)=>this.keyStore.signMessageWithAddress(proposerAttesterAddress, payload);
-        } else {
-            // if there is no proposer attester address, just use the first signer
-            const signer = this.keyStore.getAddress(0);
-            return (payload)=>this.keyStore.signMessageWithAddress(signer, payload);
-        }
-    }
     /**
    * Attest with selection of validators to the given checkpoint proposal
    *
@@ -78,11 +81,61 @@ export class ValidationService {
         // Create the attestation payload from the checkpoint proposal
         const payload = new ConsensusPayload(proposal.checkpointHeader, proposal.archive);
         const buf = Buffer32.fromBuffer(keccak256(payload.getPayloadToSign(SignatureDomainSeparator.checkpointAttestation)));
-        const signatures = await Promise.all(attestors.map((attestor)=>this.keyStore.signMessageWithAddress(attestor, buf)));
-        return signatures.map((sig)=>new CheckpointAttestation(payload, sig, proposal.signature));
+        // TODO(spy/ha): Use checkpointNumber instead of blockNumber once CheckpointHeader includes it.
+        // Currently using lastBlock.blockNumber as a proxy for checkpoint identification in HA signing.
+        // blockNumber is NOT used for the primary key so it's safe to use here.
+        // See CheckpointHeader TODO and SigningContext types documentation.
+        let blockNumber;
+        try {
+            blockNumber = proposal.blockNumber;
+        } catch  {
+            // Checkpoint proposal may not have lastBlock, use 0 as fallback
+            blockNumber = BlockNumber(0);
+        }
+        const context = {
+            slot: proposal.slotNumber,
+            blockNumber,
+            dutyType: DutyType.ATTESTATION
+        };
+        // Sign each attestor in parallel, catching HA errors per-attestor
+        const results = await Promise.allSettled(attestors.map(async (attestor)=>{
+            const sig = await this.keyStore.signMessageWithAddress(attestor, buf, context);
+            // return new BlockAttestation(proposal.payload, sig, proposal.signature);
+            return new CheckpointAttestation(payload, sig, proposal.signature);
+        }));
+        const attestations = [];
+        for(let i = 0; i < results.length; i++){
+            const result = results[i];
+            if (result.status === 'fulfilled') {
+                attestations.push(result.value);
+            } else {
+                const error = result.reason;
+                if (error instanceof DutyAlreadySignedError || error instanceof SlashingProtectionError) {
+                    this.log.info(`Attestation for slot ${proposal.slotNumber} by ${attestors[i]} already signed by another High-Availability node`);
+                // Continue with remaining attestors
+                } else {
+                    throw error;
+                }
+            }
+        }
+        return attestations;
     }
-    async signAttestationsAndSigners(attestationsAndSigners, proposer) {
+    /**
+   * Sign attestations and signers payload
+   * @param attestationsAndSigners - The attestations and signers to sign
+   * @param proposer - The proposer address to sign with
+   * @param slot - The slot number for HA signing context
+   * @param blockNumber - The block or checkpoint number for HA signing context
+   * @returns signature
+   * @throws DutyAlreadySignedError if already signed by another HA node
+   * @throws SlashingProtectionError if attempting to sign different data for same slot
+   */ signAttestationsAndSigners(attestationsAndSigners, proposer, slot, blockNumber) {
+        const context = {
+            slot,
+            blockNumber,
+            dutyType: DutyType.ATTESTATIONS_AND_SIGNERS
+        };
         const buf = Buffer32.fromBuffer(keccak256(attestationsAndSigners.getPayloadToSign(SignatureDomainSeparator.attestationsAndSigners)));
-        return await this.keyStore.signMessageWithAddress(proposer, buf);
+        return this.keyStore.signMessageWithAddress(proposer, buf, context);
     }
 }

package/dest/factory.d.ts

@@ -31,5 +31,5 @@ export declare function createValidatorClient(config: ValidatorClientFullConfig,
     epochCache: EpochCache;
     keyStoreManager: KeystoreManager | undefined;
     blobClient: BlobClientInterface;
-}): ValidatorClient | undefined;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZmFjdG9yeS5kLnRzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL2ZhY3RvcnkudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLEVBQUUsbUJBQW1CLEVBQUUsTUFBTSwyQkFBMkIsQ0FBQztBQUNyRSxPQUFPLEtBQUssRUFBRSxVQUFVLEVBQUUsTUFBTSxvQkFBb0IsQ0FBQztBQUNyRCxPQUFPLEtBQUssRUFBRSxZQUFZLEVBQUUsTUFBTSx5QkFBeUIsQ0FBQztBQUM1RCxPQUFPLEtBQUssRUFBRSxlQUFlLEVBQUUsTUFBTSxzQkFBc0IsQ0FBQztBQUM1RCxPQUFPLEVBQTBCLEtBQUssU0FBUyxFQUFFLE1BQU0sWUFBWSxDQUFDO0FBQ3BFLE9BQU8sS0FBSyxFQUFFLFdBQVcsRUFBRSxhQUFhLEVBQUUsTUFBTSxxQkFBcUIsQ0FBQztBQUN0RSxPQUFPLEtBQUssRUFBRSx5QkFBeUIsRUFBRSxzQkFBc0IsRUFBRSxNQUFNLGlDQUFpQyxDQUFDO0FBQ3pHLE9BQU8sS0FBSyxFQUFFLG1CQUFtQixFQUFFLE1BQU0seUJBQXlCLENBQUM7QUFDbkUsT0FBTyxLQUFLLEVBQUUsZUFBZSxFQUFFLE1BQU0seUJBQXlCLENBQUM7QUFFL0QsT0FBTyxFQUFFLG9CQUFvQixFQUFFLE1BQU0sNkJBQTZCLENBQUM7QUFDbkUsT0FBTyxLQUFLLEVBQUUsMEJBQTBCLEVBQUUsTUFBTSx5QkFBeUIsQ0FBQztBQUUxRSxPQUFPLEVBQUUsZUFBZSxFQUFFLE1BQU0sZ0JBQWdCLENBQUM7QUFFakQsd0JBQWdCLDBCQUEwQixDQUN4QyxNQUFNLEVBQUUseUJBQXlCLEVBQ2pDLElBQUksRUFBRTtJQUNKLGtCQUFrQixFQUFFLDBCQUEwQixDQUFDO0lBQy9DLFVBQVUsRUFBRSxzQkFBc0IsQ0FBQztJQUNuQyxXQUFXLEVBQUUsYUFBYSxHQUFHLFdBQVcsQ0FBQztJQUN6QyxtQkFBbUIsRUFBRSxtQkFBbUIsQ0FBQztJQUN6QyxTQUFTLEVBQUUsU0FBUyxDQUFDO0lBQ3JCLFVBQVUsRUFBRSxVQUFVLENBQUM7SUFDdkIsWUFBWSxFQUFFLFlBQVksQ0FBQztJQUMzQixTQUFTLEVBQUUsZUFBZSxDQUFDO0NBQzVCLHdCQWtCRjtBQUVELHdCQUFnQixxQkFBcUIsQ0FDbkMsTUFBTSxFQUFFLHlCQUF5QixFQUNqQyxJQUFJLEVBQUU7SUFDSixrQkFBa0IsRUFBRSwwQkFBMEIsQ0FBQztJQUMvQyxVQUFVLEVBQUUsc0JBQXNCLENBQUM7SUFDbkMsU0FBUyxFQUFFLFNBQVMsQ0FBQztJQUNyQixXQUFXLEVBQUUsYUFBYSxHQUFHLFdBQVcsQ0FBQztJQUN6QyxtQkFBbUIsRUFBRSxtQkFBbUIsQ0FBQztJQUN6QyxTQUFTLEVBQUUsZUFBZSxDQUFDO0lBQzNCLFlBQVksRUFBRSxZQUFZLENBQUM7SUFDM0IsVUFBVSxFQUFFLFVBQVUsQ0FBQztJQUN2QixlQUFlLEVBQUUsZUFBZSxHQUFHLFNBQVMsQ0FBQztJQUM3QyxVQUFVLEVBQUUsbUJBQW1CLENBQUM7Q0FDakMsK0JBcUJGIn0=
+}): Promise<ValidatorClient> | undefined;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZmFjdG9yeS5kLnRzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL2ZhY3RvcnkudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLEVBQUUsbUJBQW1CLEVBQUUsTUFBTSwyQkFBMkIsQ0FBQztBQUNyRSxPQUFPLEtBQUssRUFBRSxVQUFVLEVBQUUsTUFBTSxvQkFBb0IsQ0FBQztBQUNyRCxPQUFPLEtBQUssRUFBRSxZQUFZLEVBQUUsTUFBTSx5QkFBeUIsQ0FBQztBQUM1RCxPQUFPLEtBQUssRUFBRSxlQUFlLEVBQUUsTUFBTSxzQkFBc0IsQ0FBQztBQUM1RCxPQUFPLEVBQTBCLEtBQUssU0FBUyxFQUFFLE1BQU0sWUFBWSxDQUFDO0FBQ3BFLE9BQU8sS0FBSyxFQUFFLFdBQVcsRUFBRSxhQUFhLEVBQUUsTUFBTSxxQkFBcUIsQ0FBQztBQUN0RSxPQUFPLEtBQUssRUFBRSx5QkFBeUIsRUFBRSxzQkFBc0IsRUFBRSxNQUFNLGlDQUFpQyxDQUFDO0FBQ3pHLE9BQU8sS0FBSyxFQUFFLG1CQUFtQixFQUFFLE1BQU0seUJBQXlCLENBQUM7QUFDbkUsT0FBTyxLQUFLLEVBQUUsZUFBZSxFQUFFLE1BQU0seUJBQXlCLENBQUM7QUFFL0QsT0FBTyxFQUFFLG9CQUFvQixFQUFFLE1BQU0sNkJBQTZCLENBQUM7QUFDbkUsT0FBTyxLQUFLLEVBQUUsMEJBQTBCLEVBQUUsTUFBTSx5QkFBeUIsQ0FBQztBQUUxRSxPQUFPLEVBQUUsZUFBZSxFQUFFLE1BQU0sZ0JBQWdCLENBQUM7QUFFakQsd0JBQWdCLDBCQUEwQixDQUN4QyxNQUFNLEVBQUUseUJBQXlCLEVBQ2pDLElBQUksRUFBRTtJQUNKLGtCQUFrQixFQUFFLDBCQUEwQixDQUFDO0lBQy9DLFVBQVUsRUFBRSxzQkFBc0IsQ0FBQztJQUNuQyxXQUFXLEVBQUUsYUFBYSxHQUFHLFdBQVcsQ0FBQztJQUN6QyxtQkFBbUIsRUFBRSxtQkFBbUIsQ0FBQztJQUN6QyxTQUFTLEVBQUUsU0FBUyxDQUFDO0lBQ3JCLFVBQVUsRUFBRSxVQUFVLENBQUM7SUFDdkIsWUFBWSxFQUFFLFlBQVksQ0FBQztJQUMzQixTQUFTLEVBQUUsZUFBZSxDQUFDO0NBQzVCLHdCQW1CRjtBQUVELHdCQUFnQixxQkFBcUIsQ0FDbkMsTUFBTSxFQUFFLHlCQUF5QixFQUNqQyxJQUFJLEVBQUU7SUFDSixrQkFBa0IsRUFBRSwwQkFBMEIsQ0FBQztJQUMvQyxVQUFVLEVBQUUsc0JBQXNCLENBQUM7SUFDbkMsU0FBUyxFQUFFLFNBQVMsQ0FBQztJQUNyQixXQUFXLEVBQUUsYUFBYSxHQUFHLFdBQVcsQ0FBQztJQUN6QyxtQkFBbUIsRUFBRSxtQkFBbUIsQ0FBQztJQUN6QyxTQUFTLEVBQUUsZUFBZSxDQUFDO0lBQzNCLFlBQVksRUFBRSxZQUFZLENBQUM7SUFDM0IsVUFBVSxFQUFFLFVBQVUsQ0FBQztJQUN2QixlQUFlLEVBQUUsZUFBZSxHQUFHLFNBQVMsQ0FBQztJQUM3QyxVQUFVLEVBQUUsbUJBQW1CLENBQUM7Q0FDakMsd0NBcUJGIn0=

package/dest/factory.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"factory.d.ts","sourceRoot":"","sources":["../src/factory.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AACrE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,EAA0B,KAAK,SAAS,EAAE,MAAM,YAAY,CAAC;AACpE,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACtE,OAAO,KAAK,EAAE,yBAAyB,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AACzG,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAE/D,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,yBAAyB,CAAC;AAE1E,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAEjD,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,yBAAyB,EACjC,IAAI,EAAE;IACJ,kBAAkB,EAAE,0BAA0B,CAAC;IAC/C,UAAU,EAAE,sBAAsB,CAAC;IACnC,WAAW,EAAE,aAAa,GAAG,WAAW,CAAC;IACzC,mBAAmB,EAAE,mBAAmB,CAAC;IACzC,SAAS,EAAE,SAAS,CAAC;IACrB,UAAU,EAAE,UAAU,CAAC;IACvB,YAAY,EAAE,YAAY,CAAC;IAC3B,SAAS,EAAE,eAAe,CAAC;CAC5B,wBAkBF;AAED,wBAAgB,qBAAqB,CACnC,MAAM,EAAE,yBAAyB,EACjC,IAAI,EAAE;IACJ,kBAAkB,EAAE,0BAA0B,CAAC;IAC/C,UAAU,EAAE,sBAAsB,CAAC;IACnC,SAAS,EAAE,SAAS,CAAC;IACrB,WAAW,EAAE,aAAa,GAAG,WAAW,CAAC;IACzC,mBAAmB,EAAE,mBAAmB,CAAC;IACzC,SAAS,EAAE,eAAe,CAAC;IAC3B,YAAY,EAAE,YAAY,CAAC;IAC3B,UAAU,EAAE,UAAU,CAAC;IACvB,eAAe,EAAE,eAAe,GAAG,SAAS,CAAC;IAC7C,UAAU,EAAE,mBAAmB,CAAC;CACjC,+BAqBF"}
+{"version":3,"file":"factory.d.ts","sourceRoot":"","sources":["../src/factory.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AACrE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,EAA0B,KAAK,SAAS,EAAE,MAAM,YAAY,CAAC;AACpE,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACtE,OAAO,KAAK,EAAE,yBAAyB,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AACzG,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAE/D,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,yBAAyB,CAAC;AAE1E,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAEjD,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,yBAAyB,EACjC,IAAI,EAAE;IACJ,kBAAkB,EAAE,0BAA0B,CAAC;IAC/C,UAAU,EAAE,sBAAsB,CAAC;IACnC,WAAW,EAAE,aAAa,GAAG,WAAW,CAAC;IACzC,mBAAmB,EAAE,mBAAmB,CAAC;IACzC,SAAS,EAAE,SAAS,CAAC;IACrB,UAAU,EAAE,UAAU,CAAC;IACvB,YAAY,EAAE,YAAY,CAAC;IAC3B,SAAS,EAAE,eAAe,CAAC;CAC5B,wBAmBF;AAED,wBAAgB,qBAAqB,CACnC,MAAM,EAAE,yBAAyB,EACjC,IAAI,EAAE;IACJ,kBAAkB,EAAE,0BAA0B,CAAC;IAC/C,UAAU,EAAE,sBAAsB,CAAC;IACnC,SAAS,EAAE,SAAS,CAAC;IACrB,WAAW,EAAE,aAAa,GAAG,WAAW,CAAC;IACzC,mBAAmB,EAAE,mBAAmB,CAAC;IACzC,SAAS,EAAE,eAAe,CAAC;IAC3B,YAAY,EAAE,YAAY,CAAC;IAC3B,UAAU,EAAE,UAAU,CAAC;IACvB,eAAe,EAAE,eAAe,GAAG,SAAS,CAAC;IAC7C,UAAU,EAAE,mBAAmB,CAAC;CACjC,wCAqBF"}

package/dest/factory.js

@@ -7,7 +7,7 @@ export function createBlockProposalHandler(config, deps) {
     const blockProposalValidator = new BlockProposalValidator(deps.epochCache, {
         txsPermitted: !config.disableTransactions
     });
-    return new BlockProposalHandler(deps.checkpointsBuilder, deps.worldState, deps.blockSource, deps.l1ToL2MessageSource, deps.p2pClient.getTxProvider(), blockProposalValidator, config, metrics, deps.dateProvider, deps.telemetry);
+    return new BlockProposalHandler(deps.checkpointsBuilder, deps.worldState, deps.blockSource, deps.l1ToL2MessageSource, deps.p2pClient.getTxProvider(), blockProposalValidator, deps.epochCache, config, metrics, deps.dateProvider, deps.telemetry);
 }
 export function createValidatorClient(config, deps) {
     if (config.disableValidator || !deps.keyStoreManager) {

package/dest/key_store/ha_key_store.d.ts

@@ -0,0 +1,99 @@
+/**
+ * High Availability Key Store
+ *
+ * A ValidatorKeyStore wrapper that adds slashing protection for HA validator setups.
+ * When multiple validator nodes are running, only one node will sign for a given duty.
+ */
+import { Buffer32 } from '@aztec/foundation/buffer';
+import type { EthAddress } from '@aztec/foundation/eth-address';
+import type { Signature } from '@aztec/foundation/eth-signature';
+import type { EthRemoteSignerConfig } from '@aztec/node-keystore';
+import type { AztecAddress } from '@aztec/stdlib/aztec-address';
+import { type SigningContext } from '@aztec/validator-ha-signer/types';
+import type { ValidatorHASigner } from '@aztec/validator-ha-signer/validator-ha-signer';
+import { type TypedDataDefinition } from 'viem';
+import type { ExtendedValidatorKeyStore } from './interface.js';
+/**
+ * High Availability Key Store
+ *
+ * Wraps a base ExtendedValidatorKeyStore and ValidatorHASigner to provide
+ * HA-protected signing operations (when context is provided).
+ *
+ * The extended interface methods (getAttesterAddresses, getCoinbaseAddress, etc.)
+ * are pure pass-through since they don't require HA coordination.
+ *
+ * Usage:
+ * ```typescript
+ * const baseKeyStore = NodeKeystoreAdapter.fromPrivateKeys(privateKeys);
+ * const haSigner = new ValidatorHASigner(db, config);
+ * const haKeyStore = new HAKeyStore(baseKeyStore, haSigner);
+ *
+ * // Without context - signs directly (no HA protection)
+ * const sig = await haKeyStore.signMessageWithAddress(addr, msg);
+ *
+ * // With context - HA protected, throws DutyAlreadySignedError if already signed
+ * const result = await haKeyStore.signMessageWithAddress(addr, msg, {
+ *   slot: 100n,
+ *   blockNumber: 50n,
+ *   dutyType: DutyType.BLOCK_PROPOSAL,
+ * });
+ * ```
+ */
+export declare class HAKeyStore implements ExtendedValidatorKeyStore {
+    private readonly baseKeyStore;
+    private readonly haSigner;
+    private readonly log;
+    constructor(baseKeyStore: ExtendedValidatorKeyStore, haSigner: ValidatorHASigner);
+    /**
+     * Sign typed data with all addresses.
+     * Coordinates across nodes to prevent double-signing for most duty types.
+     * AUTH_REQUEST and TXS duties bypass HA protection since signing multiple times is safe.
+     * Returns only signatures that were successfully claimed by this node.
+     */
+    signTypedData(typedData: TypedDataDefinition, context: SigningContext): Promise<Signature[]>;
+    /**
+     * Sign a message with all addresses.
+     * Coordinates across nodes to prevent double-signing for most duty types.
+     * AUTH_REQUEST and TXS duties bypass HA protection since signing multiple times is safe.
+     * Returns only signatures that were successfully claimed by this node.
+     */
+    signMessage(message: Buffer32, context: SigningContext): Promise<Signature[]>;
+    /**
+     * Sign typed data with a specific address.
+     * Coordinates across nodes to prevent double-signing for most duty types.
+     * AUTH_REQUEST and TXS duties bypass HA protection since signing multiple times is safe.
+     * @throws DutyAlreadySignedError if the duty was already signed by another node
+     * @throws SlashingProtectionError if attempting to sign different data for the same slot
+     */
+    signTypedDataWithAddress(address: EthAddress, typedData: TypedDataDefinition, context: SigningContext): Promise<Signature>;
+    /**
+     * Sign a message with a specific address.
+     * Coordinates across nodes to prevent double-signing for most duty types.
+     * AUTH_REQUEST and TXS duties bypass HA protection since signing multiple times is safe.
+     * @throws DutyAlreadySignedError if the duty was already signed by another node
+     * @throws SlashingProtectionError if attempting to sign different data for the same slot
+     */
+    signMessageWithAddress(address: EthAddress, message: Buffer32, context: SigningContext): Promise<Signature>;
+    getAddress(index: number): EthAddress;
+    getAddresses(): EthAddress[];
+    getAttesterAddresses(): EthAddress[];
+    getCoinbaseAddress(attesterAddress: EthAddress): EthAddress;
+    getPublisherAddresses(attesterAddress: EthAddress): EthAddress[];
+    getFeeRecipient(attesterAddress: EthAddress): AztecAddress;
+    getRemoteSignerConfig(attesterAddress: EthAddress): EthRemoteSignerConfig | undefined;
+    /**
+     * Process signing errors from the HA signer.
+     * Logs expected HA errors (already signed) at appropriate levels.
+     * Re-throws unexpected errors.
+     */
+    private processSigningError;
+    /**
+     * Start the high-availability key store
+     */
+    start(): Promise<void>;
+    /**
+     * Stop the high-availability key store
+     */
+    stop(): Promise<void>;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaGFfa2V5X3N0b3JlLmQudHMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMva2V5X3N0b3JlL2hhX2tleV9zdG9yZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQTs7Ozs7R0FLRztBQUNILE9BQU8sRUFBRSxRQUFRLEVBQUUsTUFBTSwwQkFBMEIsQ0FBQztBQUNwRCxPQUFPLEtBQUssRUFBRSxVQUFVLEVBQUUsTUFBTSwrQkFBK0IsQ0FBQztBQUNoRSxPQUFPLEtBQUssRUFBRSxTQUFTLEVBQUUsTUFBTSxpQ0FBaUMsQ0FBQztBQUVqRSxPQUFPLEtBQUssRUFBRSxxQkFBcUIsRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBQ2xFLE9BQU8sS0FBSyxFQUFFLFlBQVksRUFBRSxNQUFNLDZCQUE2QixDQUFDO0FBRWhFLE9BQU8sRUFFTCxLQUFLLGNBQWMsRUFFcEIsTUFBTSxrQ0FBa0MsQ0FBQztBQUMxQyxPQUFPLEtBQUssRUFBRSxpQkFBaUIsRUFBRSxNQUFNLGdEQUFnRCxDQUFDO0FBRXhGLE9BQU8sRUFBRSxLQUFLLG1CQUFtQixFQUFpQixNQUFNLE1BQU0sQ0FBQztBQUUvRCxPQUFPLEtBQUssRUFBRSx5QkFBeUIsRUFBRSxNQUFNLGdCQUFnQixDQUFDO0FBRWhFOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0dBeUJHO0FBQ0gscUJBQWEsVUFBVyxZQUFXLHlCQUF5QjtJQUl4RCxPQUFPLENBQUMsUUFBUSxDQUFDLFlBQVk7SUFDN0IsT0FBTyxDQUFDLFFBQVEsQ0FBQyxRQUFRO0lBSjNCLE9BQU8sQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFnQztJQUVwRCxZQUNtQixZQUFZLEVBQUUseUJBQXlCLEVBQ3ZDLFFBQVEsRUFBRSxpQkFBaUIsRUFLN0M7SUFFRDs7Ozs7T0FLRztJQUNHLGFBQWEsQ0FBQyxTQUFTLEVBQUUsbUJBQW1CLEVBQUUsT0FBTyxFQUFFLGNBQWMsR0FBRyxPQUFPLENBQUMsU0FBUyxFQUFFLENBQUMsQ0ErQmpHO0lBRUQ7Ozs7O09BS0c7SUFDRyxXQUFXLENBQUMsT0FBTyxFQUFFLFFBQVEsRUFBRSxPQUFPLEVBQUUsY0FBYyxHQUFHLE9BQU8sQ0FBQyxTQUFTLEVBQUUsQ0FBQyxDQStCbEY7SUFFRDs7Ozs7O09BTUc7SUFDRyx3QkFBd0IsQ0FDNUIsT0FBTyxFQUFFLFVBQVUsRUFDbkIsU0FBUyxFQUFFLG1CQUFtQixFQUM5QixPQUFPLEVBQUUsY0FBYyxHQUN0QixPQUFPLENBQUMsU0FBUyxDQUFDLENBa0JwQjtJQUVEOzs7Ozs7T0FNRztJQUNHLHNCQUFzQixDQUFDLE9BQU8sRUFBRSxVQUFVLEVBQUUsT0FBTyxFQUFFLFFBQVEsRUFBRSxPQUFPLEVBQUUsY0FBYyxHQUFHLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FjaEg7SUFNRCxVQUFVLENBQUMsS0FBSyxFQUFFLE1BQU0sR0FBRyxVQUFVLENBRXBDO0lBRUQsWUFBWSxJQUFJLFVBQVUsRUFBRSxDQUUzQjtJQUVELG9CQUFvQixJQUFJLFVBQVUsRUFBRSxDQUVuQztJQUVELGtCQUFrQixDQUFDLGVBQWUsRUFBRSxVQUFVLEdBQUcsVUFBVSxDQUUxRDtJQUVELHFCQUFxQixDQUFDLGVBQWUsRUFBRSxVQUFVLEdBQUcsVUFBVSxFQUFFLENBRS9EO0lBRUQsZUFBZSxDQUFDLGVBQWUsRUFBRSxVQUFVLEdBQUcsWUFBWSxDQUV6RDtJQUVELHFCQUFxQixDQUFDLGVBQWUsRUFBRSxVQUFVLEdBQUcscUJBQXFCLEdBQUcsU0FBUyxDQUVwRjtJQUVEOzs7O09BSUc7SUFDSCxPQUFPLENBQUMsbUJBQW1CO0lBd0IzQjs7T0FFRztJQUNJLEtBQUssSUFBSSxPQUFPLENBQUMsSUFBSSxDQUFDLENBRTVCO0lBRUQ7O09BRUc7SUFDVSxJQUFJLGtCQUVoQjtDQUNGIn0=

package/dest/key_store/ha_key_store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ha_key_store.d.ts","sourceRoot":"","sources":["../../src/key_store/ha_key_store.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACpD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAChE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iCAAiC,CAAC;AAEjE,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAClE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAEhE,OAAO,EAEL,KAAK,cAAc,EAEpB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gDAAgD,CAAC;AAExF,OAAO,EAAE,KAAK,mBAAmB,EAAiB,MAAM,MAAM,CAAC;AAE/D,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,gBAAgB,CAAC;AAEhE;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,qBAAa,UAAW,YAAW,yBAAyB;IAIxD,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,QAAQ;IAJ3B,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAgC;IAEpD,YACmB,YAAY,EAAE,yBAAyB,EACvC,QAAQ,EAAE,iBAAiB,EAK7C;IAED;;;;;OAKG;IACG,aAAa,CAAC,SAAS,EAAE,mBAAmB,EAAE,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC,CA+BjG;IAED;;;;;OAKG;IACG,WAAW,CAAC,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC,CA+BlF;IAED;;;;;;OAMG;IACG,wBAAwB,CAC5B,OAAO,EAAE,UAAU,EACnB,SAAS,EAAE,mBAAmB,EAC9B,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,SAAS,CAAC,CAkBpB;IAED;;;;;;OAMG;IACG,sBAAsB,CAAC,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,SAAS,CAAC,CAchH;IAMD,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,CAEpC;IAED,YAAY,IAAI,UAAU,EAAE,CAE3B;IAED,oBAAoB,IAAI,UAAU,EAAE,CAEnC;IAED,kBAAkB,CAAC,eAAe,EAAE,UAAU,GAAG,UAAU,CAE1D;IAED,qBAAqB,CAAC,eAAe,EAAE,UAAU,GAAG,UAAU,EAAE,CAE/D;IAED,eAAe,CAAC,eAAe,EAAE,UAAU,GAAG,YAAY,CAEzD;IAED,qBAAqB,CAAC,eAAe,EAAE,UAAU,GAAG,qBAAqB,GAAG,SAAS,CAEpF;IAED;;;;OAIG;IACH,OAAO,CAAC,mBAAmB;IAwB3B;;OAEG;IACI,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAE5B;IAED;;OAEG;IACU,IAAI,kBAEhB;CACF"}

package/dest/key_store/ha_key_store.js

@@ -0,0 +1,208 @@
+/**
+ * High Availability Key Store
+ *
+ * A ValidatorKeyStore wrapper that adds slashing protection for HA validator setups.
+ * When multiple validator nodes are running, only one node will sign for a given duty.
+ */ import { Buffer32 } from '@aztec/foundation/buffer';
+import { createLogger } from '@aztec/foundation/log';
+import { DutyAlreadySignedError, SlashingProtectionError } from '@aztec/validator-ha-signer/errors';
+import { isHAProtectedContext } from '@aztec/validator-ha-signer/types';
+import { hashTypedData } from 'viem';
+/**
+ * High Availability Key Store
+ *
+ * Wraps a base ExtendedValidatorKeyStore and ValidatorHASigner to provide
+ * HA-protected signing operations (when context is provided).
+ *
+ * The extended interface methods (getAttesterAddresses, getCoinbaseAddress, etc.)
+ * are pure pass-through since they don't require HA coordination.
+ *
+ * Usage:
+ * ```typescript
+ * const baseKeyStore = NodeKeystoreAdapter.fromPrivateKeys(privateKeys);
+ * const haSigner = new ValidatorHASigner(db, config);
+ * const haKeyStore = new HAKeyStore(baseKeyStore, haSigner);
+ *
+ * // Without context - signs directly (no HA protection)
+ * const sig = await haKeyStore.signMessageWithAddress(addr, msg);
+ *
+ * // With context - HA protected, throws DutyAlreadySignedError if already signed
+ * const result = await haKeyStore.signMessageWithAddress(addr, msg, {
+ *   slot: 100n,
+ *   blockNumber: 50n,
+ *   dutyType: DutyType.BLOCK_PROPOSAL,
+ * });
+ * ```
+ */ export class HAKeyStore {
+    baseKeyStore;
+    haSigner;
+    log;
+    constructor(baseKeyStore, haSigner){
+        this.baseKeyStore = baseKeyStore;
+        this.haSigner = haSigner;
+        this.log = createLogger('ha-key-store');
+        this.log.info('HAKeyStore initialized', {
+            nodeId: haSigner.nodeId
+        });
+    }
+    /**
+   * Sign typed data with all addresses.
+   * Coordinates across nodes to prevent double-signing for most duty types.
+   * AUTH_REQUEST and TXS duties bypass HA protection since signing multiple times is safe.
+   * Returns only signatures that were successfully claimed by this node.
+   */ async signTypedData(typedData, context) {
+        // no need for HA protection on auth request and txs signatures
+        if (!isHAProtectedContext(context)) {
+            return this.baseKeyStore.signTypedData(typedData, context);
+        }
+        // Sign each address with HA protection
+        const addresses = this.getAddresses();
+        const results = await Promise.allSettled(addresses.map((addr)=>this.signTypedDataWithAddress(addr, typedData, context)));
+        // Filter out failures (already signed by other nodes or other errors)
+        return results.filter((result)=>{
+            if (result.status === 'fulfilled') {
+                return true;
+            }
+            // Log expected HA errors (already signed) at debug level
+            if (result.reason instanceof DutyAlreadySignedError) {
+                this.log.debug(`Duty already signed by another node`, {
+                    dutyType: context.dutyType,
+                    slot: context.slot,
+                    signedByNode: result.reason.signedByNode
+                });
+                return false;
+            }
+            // Re-throw unexpected errors
+            throw result.reason;
+        }).map((result)=>result.value);
+    }
+    /**
+   * Sign a message with all addresses.
+   * Coordinates across nodes to prevent double-signing for most duty types.
+   * AUTH_REQUEST and TXS duties bypass HA protection since signing multiple times is safe.
+   * Returns only signatures that were successfully claimed by this node.
+   */ async signMessage(message, context) {
+        // no need for HA protection on auth request and txs signatures
+        if (!isHAProtectedContext(context)) {
+            return this.baseKeyStore.signMessage(message, context);
+        }
+        // Sign each address with HA protection
+        const addresses = this.getAddresses();
+        const results = await Promise.allSettled(addresses.map((addr)=>this.signMessageWithAddress(addr, message, context)));
+        // Filter out failures (already signed by other nodes or other errors)
+        return results.filter((result)=>{
+            if (result.status === 'fulfilled') {
+                return true;
+            }
+            // Log expected HA errors (already signed) at debug level
+            if (result.reason instanceof DutyAlreadySignedError) {
+                this.log.debug(`Duty already signed by another node`, {
+                    dutyType: context.dutyType,
+                    slot: context.slot,
+                    signedByNode: result.reason.signedByNode
+                });
+                return false;
+            }
+            // Re-throw unexpected errors
+            throw result.reason;
+        }).map((result)=>result.value);
+    }
+    /**
+   * Sign typed data with a specific address.
+   * Coordinates across nodes to prevent double-signing for most duty types.
+   * AUTH_REQUEST and TXS duties bypass HA protection since signing multiple times is safe.
+   * @throws DutyAlreadySignedError if the duty was already signed by another node
+   * @throws SlashingProtectionError if attempting to sign different data for the same slot
+   */ async signTypedDataWithAddress(address, typedData, context) {
+        // AUTH_REQUEST and TXS bypass HA protection - multiple signatures are safe
+        if (!isHAProtectedContext(context)) {
+            return this.baseKeyStore.signTypedDataWithAddress(address, typedData, context);
+        }
+        // Compute signing root from typed data for HA tracking
+        const digest = hashTypedData(typedData);
+        const messageHash = Buffer32.fromString(digest);
+        try {
+            return await this.haSigner.signWithProtection(address, messageHash, context, ()=>this.baseKeyStore.signTypedDataWithAddress(address, typedData, context));
+        } catch (error) {
+            this.processSigningError(error, context);
+            throw error;
+        }
+    }
+    /**
+   * Sign a message with a specific address.
+   * Coordinates across nodes to prevent double-signing for most duty types.
+   * AUTH_REQUEST and TXS duties bypass HA protection since signing multiple times is safe.
+   * @throws DutyAlreadySignedError if the duty was already signed by another node
+   * @throws SlashingProtectionError if attempting to sign different data for the same slot
+   */ async signMessageWithAddress(address, message, context) {
+        // no need for HA protection on auth request and txs signatures
+        if (!isHAProtectedContext(context)) {
+            return this.baseKeyStore.signMessageWithAddress(address, message, context);
+        }
+        try {
+            return await this.haSigner.signWithProtection(address, message, context, (messageHash)=>this.baseKeyStore.signMessageWithAddress(address, messageHash, context));
+        } catch (error) {
+            this.processSigningError(error, context);
+            throw error;
+        }
+    }
+    // ─────────────────────────────────────────────────────────────────────────────
+    // pass-through methods (no HA logic needed)
+    // ─────────────────────────────────────────────────────────────────────────────
+    getAddress(index) {
+        return this.baseKeyStore.getAddress(index);
+    }
+    getAddresses() {
+        return this.baseKeyStore.getAddresses();
+    }
+    getAttesterAddresses() {
+        return this.baseKeyStore.getAttesterAddresses();
+    }
+    getCoinbaseAddress(attesterAddress) {
+        return this.baseKeyStore.getCoinbaseAddress(attesterAddress);
+    }
+    getPublisherAddresses(attesterAddress) {
+        return this.baseKeyStore.getPublisherAddresses(attesterAddress);
+    }
+    getFeeRecipient(attesterAddress) {
+        return this.baseKeyStore.getFeeRecipient(attesterAddress);
+    }
+    getRemoteSignerConfig(attesterAddress) {
+        return this.baseKeyStore.getRemoteSignerConfig(attesterAddress);
+    }
+    /**
+   * Process signing errors from the HA signer.
+   * Logs expected HA errors (already signed) at appropriate levels.
+   * Re-throws unexpected errors.
+   */ processSigningError(error, context) {
+        if (error instanceof DutyAlreadySignedError) {
+            this.log.debug(`Duty already signed by another node with the same payload`, {
+                dutyType: context.dutyType,
+                slot: context.slot,
+                signedByNode: error.signedByNode
+            });
+            return;
+        }
+        if (error instanceof SlashingProtectionError) {
+            this.log.warn(`Duty already signed by another node with different payload`, {
+                dutyType: context.dutyType,
+                slot: context.slot,
+                existingMessageHash: error.existingMessageHash,
+                attemptedMessageHash: error.attemptedMessageHash
+            });
+            return;
+        }
+        // Re-throw errors
+        throw error;
+    }
+    /**
+   * Start the high-availability key store
+   */ start() {
+        return Promise.resolve(this.haSigner.start());
+    }
+    /**
+   * Stop the high-availability key store
+   */ async stop() {
+        await this.haSigner.stop();
+    }
+}

package/dest/key_store/index.d.ts

@@ -2,4 +2,5 @@ export * from './interface.js';
 export * from './local_key_store.js';
 export * from './node_keystore_adapter.js';
 export * from './web3signer_key_store.js';
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9rZXlfc3RvcmUvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsY0FBYyxnQkFBZ0IsQ0FBQztBQUMvQixjQUFjLHNCQUFzQixDQUFDO0FBQ3JDLGNBQWMsNEJBQTRCLENBQUM7QUFDM0MsY0FBYywyQkFBMkIsQ0FBQyJ9
+export * from './ha_key_store.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9rZXlfc3RvcmUvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsY0FBYyxnQkFBZ0IsQ0FBQztBQUMvQixjQUFjLHNCQUFzQixDQUFDO0FBQ3JDLGNBQWMsNEJBQTRCLENBQUM7QUFDM0MsY0FBYywyQkFBMkIsQ0FBQztBQUMxQyxjQUFjLG1CQUFtQixDQUFDIn0=

package/dest/key_store/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/key_store/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,sBAAsB,CAAC;AACrC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,2BAA2B,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/key_store/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,sBAAsB,CAAC;AACrC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,2BAA2B,CAAC;AAC1C,cAAc,mBAAmB,CAAC"}

package/dest/key_store/index.js

@@ -2,3 +2,4 @@ export * from './interface.js';
 export * from './local_key_store.js';
 export * from './node_keystore_adapter.js';
 export * from './web3signer_key_store.js';
+export * from './ha_key_store.js';