@aztec/validator-client 0.0.1-commit.fce3e4f → 0.0.1-commit.ffe5b04ea

package/dest/duties/validation_service.js

@@ -1,8 +1,11 @@
+import { BlockNumber } from '@aztec/foundation/branded-types';
 import { Buffer32 } from '@aztec/foundation/buffer';
-import { keccak256 } from '@aztec/foundation/crypto';
-import { Fr } from '@aztec/foundation/fields';
+import { keccak256 } from '@aztec/foundation/crypto/keccak';
+import { Fr } from '@aztec/foundation/curves/bn254';
 import { createLogger } from '@aztec/foundation/log';
-import { BlockAttestation, BlockProposal, ConsensusPayload, SignatureDomainSeparator } from '@aztec/stdlib/p2p';
+import { BlockProposal, CheckpointAttestation, CheckpointProposal, ConsensusPayload, SignatureDomainSeparator } from '@aztec/stdlib/p2p';
+import { DutyAlreadySignedError, SlashingProtectionError } from '@aztec/validator-ha-signer/errors';
+import { DutyType } from '@aztec/validator-ha-signer/types';
 export class ValidationService {
     keyStore;
     log;
@@ -13,46 +16,120 @@ export class ValidationService {
     /**
    * Create a block proposal with the given header, archive, and transactions
    *
-   * @param header - The block header
+   * @param blockHeader - The block header
+   * @param blockIndexWithinCheckpoint - The block index within checkpoint for HA signing context
+   * @param inHash - Hash of L1 to L2 messages for this checkpoint
    * @param archive - The archive of the current block
-   * @param txs - TxHash[] ordered list of transactions
+   * @param txs - Ordered list of transactions (Tx[])
+   * @param proposerAttesterAddress - The address of the proposer/attester, or undefined
    * @param options - Block proposal options (including broadcastInvalidBlockProposal for testing)
    *
-   * @returns A block proposal signing the above information (not the current implementation!!!)
-   */ async createBlockProposal(header, archive, txs, proposerAttesterAddress, options) {
-        let payloadSigner;
-        if (proposerAttesterAddress !== undefined) {
-            payloadSigner = (payload)=>this.keyStore.signMessageWithAddress(proposerAttesterAddress, payload);
-        } else {
-            // if there is no proposer attester address, just use the first signer
-            const signer = this.keyStore.getAddress(0);
-            payloadSigner = (payload)=>this.keyStore.signMessageWithAddress(signer, payload);
-        }
-        // TODO: check if this is calculated earlier / can not be recomputed
-        const txHashes = await Promise.all(txs.map((tx)=>tx.getTxHash()));
+   * @returns A block proposal signing the above information
+   * @throws DutyAlreadySignedError if HA signer indicates duty already signed by another node
+   * @throws SlashingProtectionError if attempting to sign different data for same slot
+   */ createBlockProposal(blockHeader, blockIndexWithinCheckpoint, inHash, archive, txs, proposerAttesterAddress, options) {
         // For testing: change the new archive to trigger state_mismatch validation failure
         if (options.broadcastInvalidBlockProposal) {
             archive = Fr.random();
-            this.log.warn(`Creating INVALID block proposal for slot ${header.slotNumber}`);
+            this.log.warn(`Creating INVALID block proposal for slot ${blockHeader.globalVariables.slotNumber}`);
         }
-        return BlockProposal.createProposalFromSigner(new ConsensusPayload(header, archive), txHashes, options.publishFullTxs ? txs : undefined, payloadSigner);
+        // Create a signer that uses the appropriate address
+        const address = proposerAttesterAddress ?? this.keyStore.getAddress(0);
+        const payloadSigner = (payload, context)=>this.keyStore.signMessageWithAddress(address, payload, context);
+        return BlockProposal.createProposalFromSigner(blockHeader, blockIndexWithinCheckpoint, inHash, archive, txs.map((tx)=>tx.getTxHash()), options.publishFullTxs ? txs : undefined, payloadSigner);
     }
     /**
-   * Attest with selection of validators to the given block proposal, constructed by the current sequencer
+   * Create a checkpoint proposal with the last block header and checkpoint header
+   *
+   * @param checkpointHeader - The checkpoint header containing aggregated data
+   * @param archive - The archive of the checkpoint
+   * @param lastBlockInfo - Info about the last block (header, index, txs) or undefined
+   * @param proposerAttesterAddress - The address of the proposer
+   * @param options - Checkpoint proposal options
+   *
+   * @returns A checkpoint proposal signing the above information
+   */ createCheckpointProposal(checkpointHeader, archive, feeAssetPriceModifier, lastBlockInfo, proposerAttesterAddress, options) {
+        // For testing: change the archive to trigger state_mismatch validation failure
+        if (options.broadcastInvalidCheckpointProposal) {
+            archive = Fr.random();
+            this.log.warn(`Creating INVALID checkpoint proposal for slot ${checkpointHeader.slotNumber}`);
+        }
+        // Create a signer that takes payload and context, and uses the appropriate address
+        const payloadSigner = (payload, context)=>{
+            const address = proposerAttesterAddress ?? this.keyStore.getAddress(0);
+            return this.keyStore.signMessageWithAddress(address, payload, context);
+        };
+        // Last block to include in the proposal
+        const lastBlock = lastBlockInfo && {
+            blockHeader: lastBlockInfo.blockHeader,
+            indexWithinCheckpoint: lastBlockInfo.indexWithinCheckpoint,
+            txHashes: lastBlockInfo.txs.map((tx)=>tx.getTxHash()),
+            txs: options.publishFullTxs ? lastBlockInfo.txs : undefined
+        };
+        return CheckpointProposal.createProposalFromSigner(checkpointHeader, archive, feeAssetPriceModifier, lastBlock, payloadSigner);
+    }
+    /**
+   * Attest with selection of validators to the given checkpoint proposal
    *
    * NOTE: This is just a blind signing.
    *       We assume that the proposal is valid and DA guarantees have been checked previously.
    *
-   * @param proposal - The proposal to attest to
+   * @param proposal - The checkpoint proposal (core version without lastBlock) to attest to
    * @param attestors - The validators to attest with
-   * @returns attestations
-   */ async attestToProposal(proposal, attestors) {
-        const buf = Buffer32.fromBuffer(keccak256(proposal.payload.getPayloadToSign(SignatureDomainSeparator.blockAttestation)));
-        const signatures = await Promise.all(attestors.map((attestor)=>this.keyStore.signMessageWithAddress(attestor, buf)));
-        return signatures.map((sig)=>new BlockAttestation(proposal.payload, sig, proposal.signature));
+   * @returns checkpoint attestations
+   */ async attestToCheckpointProposal(proposal, attestors) {
+        // Create the attestation payload from the checkpoint proposal
+        const payload = new ConsensusPayload(proposal.checkpointHeader, proposal.archive, proposal.feeAssetPriceModifier);
+        const buf = Buffer32.fromBuffer(keccak256(payload.getPayloadToSign(SignatureDomainSeparator.checkpointAttestation)));
+        // TODO(spy/ha): Use checkpointNumber instead of blockNumber once CheckpointHeader includes it.
+        // CheckpointProposalCore doesn't have lastBlock info, so use 0 as a proxy.
+        // blockNumber is NOT used for the primary key so it's safe to use here.
+        // See CheckpointHeader TODO and SigningContext types documentation.
+        const blockNumber = BlockNumber(0);
+        const context = {
+            slot: proposal.slotNumber,
+            blockNumber,
+            dutyType: DutyType.ATTESTATION
+        };
+        // Sign each attestor in parallel, catching HA errors per-attestor
+        const results = await Promise.allSettled(attestors.map(async (attestor)=>{
+            const sig = await this.keyStore.signMessageWithAddress(attestor, buf, context);
+            // return new BlockAttestation(proposal.payload, sig, proposal.signature);
+            return new CheckpointAttestation(payload, sig, proposal.signature);
+        }));
+        const attestations = [];
+        for(let i = 0; i < results.length; i++){
+            const result = results[i];
+            if (result.status === 'fulfilled') {
+                attestations.push(result.value);
+            } else {
+                const error = result.reason;
+                if (error instanceof DutyAlreadySignedError || error instanceof SlashingProtectionError) {
+                    this.log.info(`Attestation for slot ${proposal.slotNumber} by ${attestors[i]} already signed by another High-Availability node`);
+                // Continue with remaining attestors
+                } else {
+                    throw error;
+                }
+            }
+        }
+        return attestations;
     }
-    async signAttestationsAndSigners(attestationsAndSigners, proposer) {
+    /**
+   * Sign attestations and signers payload
+   * @param attestationsAndSigners - The attestations and signers to sign
+   * @param proposer - The proposer address to sign with
+   * @param slot - The slot number for HA signing context
+   * @param blockNumber - The block or checkpoint number for HA signing context
+   * @returns signature
+   * @throws DutyAlreadySignedError if already signed by another HA node
+   * @throws SlashingProtectionError if attempting to sign different data for same slot
+   */ signAttestationsAndSigners(attestationsAndSigners, proposer, slot, blockNumber) {
+        const context = {
+            slot,
+            blockNumber,
+            dutyType: DutyType.ATTESTATIONS_AND_SIGNERS
+        };
         const buf = Buffer32.fromBuffer(keccak256(attestationsAndSigners.getPayloadToSign(SignatureDomainSeparator.attestationsAndSigners)));
-        return await this.keyStore.signMessageWithAddress(proposer, buf);
+        return this.keyStore.signMessageWithAddress(proposer, buf, context);
     }
 }

package/dest/factory.d.ts

@@ -1,16 +1,19 @@
+import type { BlobClientInterface } from '@aztec/blob-client/client';
 import type { EpochCache } from '@aztec/epoch-cache';
 import type { DateProvider } from '@aztec/foundation/timer';
 import type { KeystoreManager } from '@aztec/node-keystore';
 import { type P2PClient } from '@aztec/p2p';
-import type { L2BlockSource } from '@aztec/stdlib/block';
-import type { IFullNodeBlockBuilder, ValidatorClientFullConfig } from '@aztec/stdlib/interfaces/server';
+import type { L2BlockSink, L2BlockSource } from '@aztec/stdlib/block';
+import type { ValidatorClientFullConfig, WorldStateSynchronizer } from '@aztec/stdlib/interfaces/server';
 import type { L1ToL2MessageSource } from '@aztec/stdlib/messaging';
 import type { TelemetryClient } from '@aztec/telemetry-client';
 import { BlockProposalHandler } from './block_proposal_handler.js';
+import type { FullNodeCheckpointsBuilder } from './checkpoint_builder.js';
 import { ValidatorClient } from './validator.js';
 export declare function createBlockProposalHandler(config: ValidatorClientFullConfig, deps: {
-    blockBuilder: IFullNodeBlockBuilder;
-    blockSource: L2BlockSource;
+    checkpointsBuilder: FullNodeCheckpointsBuilder;
+    worldState: WorldStateSynchronizer;
+    blockSource: L2BlockSource & L2BlockSink;
     l1ToL2MessageSource: L1ToL2MessageSource;
     p2pClient: P2PClient;
     epochCache: EpochCache;
@@ -18,13 +21,15 @@ export declare function createBlockProposalHandler(config: ValidatorClientFullCo
     telemetry: TelemetryClient;
 }): BlockProposalHandler;
 export declare function createValidatorClient(config: ValidatorClientFullConfig, deps: {
-    blockBuilder: IFullNodeBlockBuilder;
+    checkpointsBuilder: FullNodeCheckpointsBuilder;
+    worldState: WorldStateSynchronizer;
     p2pClient: P2PClient;
-    blockSource: L2BlockSource;
+    blockSource: L2BlockSource & L2BlockSink;
     l1ToL2MessageSource: L1ToL2MessageSource;
     telemetry: TelemetryClient;
     dateProvider: DateProvider;
     epochCache: EpochCache;
     keyStoreManager: KeystoreManager | undefined;
-}): ValidatorClient | undefined;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZmFjdG9yeS5kLnRzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL2ZhY3RvcnkudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLEVBQUUsVUFBVSxFQUFFLE1BQU0sb0JBQW9CLENBQUM7QUFDckQsT0FBTyxLQUFLLEVBQUUsWUFBWSxFQUFFLE1BQU0seUJBQXlCLENBQUM7QUFDNUQsT0FBTyxLQUFLLEVBQUUsZUFBZSxFQUFFLE1BQU0sc0JBQXNCLENBQUM7QUFDNUQsT0FBTyxFQUEwQixLQUFLLFNBQVMsRUFBRSxNQUFNLFlBQVksQ0FBQztBQUNwRSxPQUFPLEtBQUssRUFBRSxhQUFhLEVBQUUsTUFBTSxxQkFBcUIsQ0FBQztBQUN6RCxPQUFPLEtBQUssRUFBRSxxQkFBcUIsRUFBRSx5QkFBeUIsRUFBRSxNQUFNLGlDQUFpQyxDQUFDO0FBQ3hHLE9BQU8sS0FBSyxFQUFFLG1CQUFtQixFQUFFLE1BQU0seUJBQXlCLENBQUM7QUFDbkUsT0FBTyxLQUFLLEVBQUUsZUFBZSxFQUFFLE1BQU0seUJBQXlCLENBQUM7QUFFL0QsT0FBTyxFQUFFLG9CQUFvQixFQUFFLE1BQU0sNkJBQTZCLENBQUM7QUFFbkUsT0FBTyxFQUFFLGVBQWUsRUFBRSxNQUFNLGdCQUFnQixDQUFDO0FBRWpELHdCQUFnQiwwQkFBMEIsQ0FDeEMsTUFBTSxFQUFFLHlCQUF5QixFQUNqQyxJQUFJLEVBQUU7SUFDSixZQUFZLEVBQUUscUJBQXFCLENBQUM7SUFDcEMsV0FBVyxFQUFFLGFBQWEsQ0FBQztJQUMzQixtQkFBbUIsRUFBRSxtQkFBbUIsQ0FBQztJQUN6QyxTQUFTLEVBQUUsU0FBUyxDQUFDO0lBQ3JCLFVBQVUsRUFBRSxVQUFVLENBQUM7SUFDdkIsWUFBWSxFQUFFLFlBQVksQ0FBQztJQUMzQixTQUFTLEVBQUUsZUFBZSxDQUFDO0NBQzVCLHdCQWlCRjtBQUVELHdCQUFnQixxQkFBcUIsQ0FDbkMsTUFBTSxFQUFFLHlCQUF5QixFQUNqQyxJQUFJLEVBQUU7SUFDSixZQUFZLEVBQUUscUJBQXFCLENBQUM7SUFDcEMsU0FBUyxFQUFFLFNBQVMsQ0FBQztJQUNyQixXQUFXLEVBQUUsYUFBYSxDQUFDO0lBQzNCLG1CQUFtQixFQUFFLG1CQUFtQixDQUFDO0lBQ3pDLFNBQVMsRUFBRSxlQUFlLENBQUM7SUFDM0IsWUFBWSxFQUFFLFlBQVksQ0FBQztJQUMzQixVQUFVLEVBQUUsVUFBVSxDQUFDO0lBQ3ZCLGVBQWUsRUFBRSxlQUFlLEdBQUcsU0FBUyxDQUFDO0NBQzlDLCtCQW1CRiJ9
+    blobClient: BlobClientInterface;
+}): Promise<ValidatorClient> | undefined;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZmFjdG9yeS5kLnRzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL2ZhY3RvcnkudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLEVBQUUsbUJBQW1CLEVBQUUsTUFBTSwyQkFBMkIsQ0FBQztBQUNyRSxPQUFPLEtBQUssRUFBRSxVQUFVLEVBQUUsTUFBTSxvQkFBb0IsQ0FBQztBQUNyRCxPQUFPLEtBQUssRUFBRSxZQUFZLEVBQUUsTUFBTSx5QkFBeUIsQ0FBQztBQUM1RCxPQUFPLEtBQUssRUFBRSxlQUFlLEVBQUUsTUFBTSxzQkFBc0IsQ0FBQztBQUM1RCxPQUFPLEVBQTBCLEtBQUssU0FBUyxFQUFFLE1BQU0sWUFBWSxDQUFDO0FBQ3BFLE9BQU8sS0FBSyxFQUFFLFdBQVcsRUFBRSxhQUFhLEVBQUUsTUFBTSxxQkFBcUIsQ0FBQztBQUN0RSxPQUFPLEtBQUssRUFBRSx5QkFBeUIsRUFBRSxzQkFBc0IsRUFBRSxNQUFNLGlDQUFpQyxDQUFDO0FBQ3pHLE9BQU8sS0FBSyxFQUFFLG1CQUFtQixFQUFFLE1BQU0seUJBQXlCLENBQUM7QUFDbkUsT0FBTyxLQUFLLEVBQUUsZUFBZSxFQUFFLE1BQU0seUJBQXlCLENBQUM7QUFFL0QsT0FBTyxFQUFFLG9CQUFvQixFQUFFLE1BQU0sNkJBQTZCLENBQUM7QUFDbkUsT0FBTyxLQUFLLEVBQUUsMEJBQTBCLEVBQUUsTUFBTSx5QkFBeUIsQ0FBQztBQUUxRSxPQUFPLEVBQUUsZUFBZSxFQUFFLE1BQU0sZ0JBQWdCLENBQUM7QUFFakQsd0JBQWdCLDBCQUEwQixDQUN4QyxNQUFNLEVBQUUseUJBQXlCLEVBQ2pDLElBQUksRUFBRTtJQUNKLGtCQUFrQixFQUFFLDBCQUEwQixDQUFDO0lBQy9DLFVBQVUsRUFBRSxzQkFBc0IsQ0FBQztJQUNuQyxXQUFXLEVBQUUsYUFBYSxHQUFHLFdBQVcsQ0FBQztJQUN6QyxtQkFBbUIsRUFBRSxtQkFBbUIsQ0FBQztJQUN6QyxTQUFTLEVBQUUsU0FBUyxDQUFDO0lBQ3JCLFVBQVUsRUFBRSxVQUFVLENBQUM7SUFDdkIsWUFBWSxFQUFFLFlBQVksQ0FBQztJQUMzQixTQUFTLEVBQUUsZUFBZSxDQUFDO0NBQzVCLHdCQW9CRjtBQUVELHdCQUFnQixxQkFBcUIsQ0FDbkMsTUFBTSxFQUFFLHlCQUF5QixFQUNqQyxJQUFJLEVBQUU7SUFDSixrQkFBa0IsRUFBRSwwQkFBMEIsQ0FBQztJQUMvQyxVQUFVLEVBQUUsc0JBQXNCLENBQUM7SUFDbkMsU0FBUyxFQUFFLFNBQVMsQ0FBQztJQUNyQixXQUFXLEVBQUUsYUFBYSxHQUFHLFdBQVcsQ0FBQztJQUN6QyxtQkFBbUIsRUFBRSxtQkFBbUIsQ0FBQztJQUN6QyxTQUFTLEVBQUUsZUFBZSxDQUFDO0lBQzNCLFlBQVksRUFBRSxZQUFZLENBQUM7SUFDM0IsVUFBVSxFQUFFLFVBQVUsQ0FBQztJQUN2QixlQUFlLEVBQUUsZUFBZSxHQUFHLFNBQVMsQ0FBQztJQUM3QyxVQUFVLEVBQUUsbUJBQW1CLENBQUM7Q0FDakMsd0NBcUJGIn0=

package/dest/factory.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"factory.d.ts","sourceRoot":"","sources":["../src/factory.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,EAA0B,KAAK,SAAS,EAAE,MAAM,YAAY,CAAC;AACpE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,KAAK,EAAE,qBAAqB,EAAE,yBAAyB,EAAE,MAAM,iCAAiC,CAAC;AACxG,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAE/D,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AAEnE,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAEjD,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,yBAAyB,EACjC,IAAI,EAAE;IACJ,YAAY,EAAE,qBAAqB,CAAC;IACpC,WAAW,EAAE,aAAa,CAAC;IAC3B,mBAAmB,EAAE,mBAAmB,CAAC;IACzC,SAAS,EAAE,SAAS,CAAC;IACrB,UAAU,EAAE,UAAU,CAAC;IACvB,YAAY,EAAE,YAAY,CAAC;IAC3B,SAAS,EAAE,eAAe,CAAC;CAC5B,wBAiBF;AAED,wBAAgB,qBAAqB,CACnC,MAAM,EAAE,yBAAyB,EACjC,IAAI,EAAE;IACJ,YAAY,EAAE,qBAAqB,CAAC;IACpC,SAAS,EAAE,SAAS,CAAC;IACrB,WAAW,EAAE,aAAa,CAAC;IAC3B,mBAAmB,EAAE,mBAAmB,CAAC;IACzC,SAAS,EAAE,eAAe,CAAC;IAC3B,YAAY,EAAE,YAAY,CAAC;IAC3B,UAAU,EAAE,UAAU,CAAC;IACvB,eAAe,EAAE,eAAe,GAAG,SAAS,CAAC;CAC9C,+BAmBF"}
+{"version":3,"file":"factory.d.ts","sourceRoot":"","sources":["../src/factory.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AACrE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,EAA0B,KAAK,SAAS,EAAE,MAAM,YAAY,CAAC;AACpE,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACtE,OAAO,KAAK,EAAE,yBAAyB,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AACzG,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAE/D,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,yBAAyB,CAAC;AAE1E,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAEjD,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,yBAAyB,EACjC,IAAI,EAAE;IACJ,kBAAkB,EAAE,0BAA0B,CAAC;IAC/C,UAAU,EAAE,sBAAsB,CAAC;IACnC,WAAW,EAAE,aAAa,GAAG,WAAW,CAAC;IACzC,mBAAmB,EAAE,mBAAmB,CAAC;IACzC,SAAS,EAAE,SAAS,CAAC;IACrB,UAAU,EAAE,UAAU,CAAC;IACvB,YAAY,EAAE,YAAY,CAAC;IAC3B,SAAS,EAAE,eAAe,CAAC;CAC5B,wBAoBF;AAED,wBAAgB,qBAAqB,CACnC,MAAM,EAAE,yBAAyB,EACjC,IAAI,EAAE;IACJ,kBAAkB,EAAE,0BAA0B,CAAC;IAC/C,UAAU,EAAE,sBAAsB,CAAC;IACnC,SAAS,EAAE,SAAS,CAAC;IACrB,WAAW,EAAE,aAAa,GAAG,WAAW,CAAC;IACzC,mBAAmB,EAAE,mBAAmB,CAAC;IACzC,SAAS,EAAE,eAAe,CAAC;IAC3B,YAAY,EAAE,YAAY,CAAC;IAC3B,UAAU,EAAE,UAAU,CAAC;IACvB,eAAe,EAAE,eAAe,GAAG,SAAS,CAAC;IAC7C,UAAU,EAAE,mBAAmB,CAAC;CACjC,wCAqBF"}

package/dest/factory.js

@@ -5,14 +5,15 @@ import { ValidatorClient } from './validator.js';
 export function createBlockProposalHandler(config, deps) {
     const metrics = new ValidatorMetrics(deps.telemetry);
     const blockProposalValidator = new BlockProposalValidator(deps.epochCache, {
-        txsPermitted: !config.disableTransactions
+        txsPermitted: !config.disableTransactions,
+        maxTxsPerBlock: config.validateMaxTxsPerBlock
     });
-    return new BlockProposalHandler(deps.blockBuilder, deps.blockSource, deps.l1ToL2MessageSource, deps.p2pClient.getTxProvider(), blockProposalValidator, config, metrics, deps.dateProvider, deps.telemetry);
+    return new BlockProposalHandler(deps.checkpointsBuilder, deps.worldState, deps.blockSource, deps.l1ToL2MessageSource, deps.p2pClient.getTxProvider(), blockProposalValidator, deps.epochCache, config, metrics, deps.dateProvider, deps.telemetry);
 }
 export function createValidatorClient(config, deps) {
     if (config.disableValidator || !deps.keyStoreManager) {
         return undefined;
     }
     const txProvider = deps.p2pClient.getTxProvider();
-    return ValidatorClient.new(config, deps.blockBuilder, deps.epochCache, deps.p2pClient, deps.blockSource, deps.l1ToL2MessageSource, txProvider, deps.keyStoreManager, deps.dateProvider, deps.telemetry);
+    return ValidatorClient.new(config, deps.checkpointsBuilder, deps.worldState, deps.epochCache, deps.p2pClient, deps.blockSource, deps.l1ToL2MessageSource, txProvider, deps.keyStoreManager, deps.blobClient, deps.dateProvider, deps.telemetry);
 }

package/dest/index.d.ts

@@ -1,6 +1,7 @@
 export * from './block_proposal_handler.js';
+export * from './checkpoint_builder.js';
 export * from './config.js';
 export * from './factory.js';
 export * from './validator.js';
 export * from './key_store/index.js';
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy9pbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxjQUFjLDZCQUE2QixDQUFDO0FBQzVDLGNBQWMsYUFBYSxDQUFDO0FBQzVCLGNBQWMsY0FBYyxDQUFDO0FBQzdCLGNBQWMsZ0JBQWdCLENBQUM7QUFDL0IsY0FBYyxzQkFBc0IsQ0FBQyJ9
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy9pbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxjQUFjLDZCQUE2QixDQUFDO0FBQzVDLGNBQWMseUJBQXlCLENBQUM7QUFDeEMsY0FBYyxhQUFhLENBQUM7QUFDNUIsY0FBYyxjQUFjLENBQUM7QUFDN0IsY0FBYyxnQkFBZ0IsQ0FBQztBQUMvQixjQUFjLHNCQUFzQixDQUFDIn0=

package/dest/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,6BAA6B,CAAC;AAC5C,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC;AAC7B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,sBAAsB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,6BAA6B,CAAC;AAC5C,cAAc,yBAAyB,CAAC;AACxC,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC;AAC7B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,sBAAsB,CAAC"}

package/dest/index.js

@@ -1,4 +1,5 @@
 export * from './block_proposal_handler.js';
+export * from './checkpoint_builder.js';
 export * from './config.js';
 export * from './factory.js';
 export * from './validator.js';

package/dest/key_store/ha_key_store.d.ts

@@ -0,0 +1,99 @@
+/**
+ * High Availability Key Store
+ *
+ * A ValidatorKeyStore wrapper that adds slashing protection for HA validator setups.
+ * When multiple validator nodes are running, only one node will sign for a given duty.
+ */
+import { Buffer32 } from '@aztec/foundation/buffer';
+import type { EthAddress } from '@aztec/foundation/eth-address';
+import type { Signature } from '@aztec/foundation/eth-signature';
+import type { EthRemoteSignerConfig } from '@aztec/node-keystore';
+import type { AztecAddress } from '@aztec/stdlib/aztec-address';
+import { type SigningContext } from '@aztec/validator-ha-signer/types';
+import type { ValidatorHASigner } from '@aztec/validator-ha-signer/validator-ha-signer';
+import { type TypedDataDefinition } from 'viem';
+import type { ExtendedValidatorKeyStore } from './interface.js';
+/**
+ * High Availability Key Store
+ *
+ * Wraps a base ExtendedValidatorKeyStore and ValidatorHASigner to provide
+ * HA-protected signing operations (when context is provided).
+ *
+ * The extended interface methods (getAttesterAddresses, getCoinbaseAddress, etc.)
+ * are pure pass-through since they don't require HA coordination.
+ *
+ * Usage:
+ * ```typescript
+ * const baseKeyStore = NodeKeystoreAdapter.fromPrivateKeys(privateKeys);
+ * const haSigner = new ValidatorHASigner(db, config);
+ * const haKeyStore = new HAKeyStore(baseKeyStore, haSigner);
+ *
+ * // Without context - signs directly (no HA protection)
+ * const sig = await haKeyStore.signMessageWithAddress(addr, msg);
+ *
+ * // With context - HA protected, throws DutyAlreadySignedError if already signed
+ * const result = await haKeyStore.signMessageWithAddress(addr, msg, {
+ *   slot: 100n,
+ *   blockNumber: 50n,
+ *   dutyType: DutyType.BLOCK_PROPOSAL,
+ * });
+ * ```
+ */
+export declare class HAKeyStore implements ExtendedValidatorKeyStore {
+    private readonly baseKeyStore;
+    private readonly haSigner;
+    private readonly log;
+    constructor(baseKeyStore: ExtendedValidatorKeyStore, haSigner: ValidatorHASigner);
+    /**
+     * Sign typed data with all addresses.
+     * Coordinates across nodes to prevent double-signing for most duty types.
+     * AUTH_REQUEST and TXS duties bypass HA protection since signing multiple times is safe.
+     * Returns only signatures that were successfully claimed by this node.
+     */
+    signTypedData(typedData: TypedDataDefinition, context: SigningContext): Promise<Signature[]>;
+    /**
+     * Sign a message with all addresses.
+     * Coordinates across nodes to prevent double-signing for most duty types.
+     * AUTH_REQUEST and TXS duties bypass HA protection since signing multiple times is safe.
+     * Returns only signatures that were successfully claimed by this node.
+     */
+    signMessage(message: Buffer32, context: SigningContext): Promise<Signature[]>;
+    /**
+     * Sign typed data with a specific address.
+     * Coordinates across nodes to prevent double-signing for most duty types.
+     * AUTH_REQUEST and TXS duties bypass HA protection since signing multiple times is safe.
+     * @throws DutyAlreadySignedError if the duty was already signed by another node
+     * @throws SlashingProtectionError if attempting to sign different data for the same slot
+     */
+    signTypedDataWithAddress(address: EthAddress, typedData: TypedDataDefinition, context: SigningContext): Promise<Signature>;
+    /**
+     * Sign a message with a specific address.
+     * Coordinates across nodes to prevent double-signing for most duty types.
+     * AUTH_REQUEST and TXS duties bypass HA protection since signing multiple times is safe.
+     * @throws DutyAlreadySignedError if the duty was already signed by another node
+     * @throws SlashingProtectionError if attempting to sign different data for the same slot
+     */
+    signMessageWithAddress(address: EthAddress, message: Buffer32, context: SigningContext): Promise<Signature>;
+    getAddress(index: number): EthAddress;
+    getAddresses(): EthAddress[];
+    getAttesterAddresses(): EthAddress[];
+    getCoinbaseAddress(attesterAddress: EthAddress): EthAddress;
+    getPublisherAddresses(attesterAddress: EthAddress): EthAddress[];
+    getFeeRecipient(attesterAddress: EthAddress): AztecAddress;
+    getRemoteSignerConfig(attesterAddress: EthAddress): EthRemoteSignerConfig | undefined;
+    /**
+     * Process signing errors from the HA signer.
+     * Logs expected HA errors (already signed) at appropriate levels.
+     * Re-throws unexpected errors.
+     */
+    private processSigningError;
+    /**
+     * Start the high-availability key store
+     */
+    start(): Promise<void>;
+    /**
+     * Stop the high-availability key store
+     */
+    stop(): Promise<void>;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaGFfa2V5X3N0b3JlLmQudHMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMva2V5X3N0b3JlL2hhX2tleV9zdG9yZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQTs7Ozs7R0FLRztBQUNILE9BQU8sRUFBRSxRQUFRLEVBQUUsTUFBTSwwQkFBMEIsQ0FBQztBQUNwRCxPQUFPLEtBQUssRUFBRSxVQUFVLEVBQUUsTUFBTSwrQkFBK0IsQ0FBQztBQUNoRSxPQUFPLEtBQUssRUFBRSxTQUFTLEVBQUUsTUFBTSxpQ0FBaUMsQ0FBQztBQUVqRSxPQUFPLEtBQUssRUFBRSxxQkFBcUIsRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBQ2xFLE9BQU8sS0FBSyxFQUFFLFlBQVksRUFBRSxNQUFNLDZCQUE2QixDQUFDO0FBRWhFLE9BQU8sRUFFTCxLQUFLLGNBQWMsRUFFcEIsTUFBTSxrQ0FBa0MsQ0FBQztBQUMxQyxPQUFPLEtBQUssRUFBRSxpQkFBaUIsRUFBRSxNQUFNLGdEQUFnRCxDQUFDO0FBRXhGLE9BQU8sRUFBRSxLQUFLLG1CQUFtQixFQUFpQixNQUFNLE1BQU0sQ0FBQztBQUUvRCxPQUFPLEtBQUssRUFBRSx5QkFBeUIsRUFBRSxNQUFNLGdCQUFnQixDQUFDO0FBRWhFOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0dBeUJHO0FBQ0gscUJBQWEsVUFBVyxZQUFXLHlCQUF5QjtJQUl4RCxPQUFPLENBQUMsUUFBUSxDQUFDLFlBQVk7SUFDN0IsT0FBTyxDQUFDLFFBQVEsQ0FBQyxRQUFRO0lBSjNCLE9BQU8sQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFnQztJQUVwRCxZQUNtQixZQUFZLEVBQUUseUJBQXlCLEVBQ3ZDLFFBQVEsRUFBRSxpQkFBaUIsRUFLN0M7SUFFRDs7Ozs7T0FLRztJQUNHLGFBQWEsQ0FBQyxTQUFTLEVBQUUsbUJBQW1CLEVBQUUsT0FBTyxFQUFFLGNBQWMsR0FBRyxPQUFPLENBQUMsU0FBUyxFQUFFLENBQUMsQ0ErQmpHO0lBRUQ7Ozs7O09BS0c7SUFDRyxXQUFXLENBQUMsT0FBTyxFQUFFLFFBQVEsRUFBRSxPQUFPLEVBQUUsY0FBYyxHQUFHLE9BQU8sQ0FBQyxTQUFTLEVBQUUsQ0FBQyxDQStCbEY7SUFFRDs7Ozs7O09BTUc7SUFDRyx3QkFBd0IsQ0FDNUIsT0FBTyxFQUFFLFVBQVUsRUFDbkIsU0FBUyxFQUFFLG1CQUFtQixFQUM5QixPQUFPLEVBQUUsY0FBYyxHQUN0QixPQUFPLENBQUMsU0FBUyxDQUFDLENBa0JwQjtJQUVEOzs7Ozs7T0FNRztJQUNHLHNCQUFzQixDQUFDLE9BQU8sRUFBRSxVQUFVLEVBQUUsT0FBTyxFQUFFLFFBQVEsRUFBRSxPQUFPLEVBQUUsY0FBYyxHQUFHLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FjaEg7SUFNRCxVQUFVLENBQUMsS0FBSyxFQUFFLE1BQU0sR0FBRyxVQUFVLENBRXBDO0lBRUQsWUFBWSxJQUFJLFVBQVUsRUFBRSxDQUUzQjtJQUVELG9CQUFvQixJQUFJLFVBQVUsRUFBRSxDQUVuQztJQUVELGtCQUFrQixDQUFDLGVBQWUsRUFBRSxVQUFVLEdBQUcsVUFBVSxDQUUxRDtJQUVELHFCQUFxQixDQUFDLGVBQWUsRUFBRSxVQUFVLEdBQUcsVUFBVSxFQUFFLENBRS9EO0lBRUQsZUFBZSxDQUFDLGVBQWUsRUFBRSxVQUFVLEdBQUcsWUFBWSxDQUV6RDtJQUVELHFCQUFxQixDQUFDLGVBQWUsRUFBRSxVQUFVLEdBQUcscUJBQXFCLEdBQUcsU0FBUyxDQUVwRjtJQUVEOzs7O09BSUc7SUFDSCxPQUFPLENBQUMsbUJBQW1CO0lBd0IzQjs7T0FFRztJQUNVLEtBQUssa0JBRWpCO0lBRUQ7O09BRUc7SUFDVSxJQUFJLGtCQUVoQjtDQUNGIn0=

package/dest/key_store/ha_key_store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ha_key_store.d.ts","sourceRoot":"","sources":["../../src/key_store/ha_key_store.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACpD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAChE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iCAAiC,CAAC;AAEjE,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAClE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAEhE,OAAO,EAEL,KAAK,cAAc,EAEpB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gDAAgD,CAAC;AAExF,OAAO,EAAE,KAAK,mBAAmB,EAAiB,MAAM,MAAM,CAAC;AAE/D,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,gBAAgB,CAAC;AAEhE;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,qBAAa,UAAW,YAAW,yBAAyB;IAIxD,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,QAAQ;IAJ3B,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAgC;IAEpD,YACmB,YAAY,EAAE,yBAAyB,EACvC,QAAQ,EAAE,iBAAiB,EAK7C;IAED;;;;;OAKG;IACG,aAAa,CAAC,SAAS,EAAE,mBAAmB,EAAE,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC,CA+BjG;IAED;;;;;OAKG;IACG,WAAW,CAAC,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC,CA+BlF;IAED;;;;;;OAMG;IACG,wBAAwB,CAC5B,OAAO,EAAE,UAAU,EACnB,SAAS,EAAE,mBAAmB,EAC9B,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,SAAS,CAAC,CAkBpB;IAED;;;;;;OAMG;IACG,sBAAsB,CAAC,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,SAAS,CAAC,CAchH;IAMD,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,CAEpC;IAED,YAAY,IAAI,UAAU,EAAE,CAE3B;IAED,oBAAoB,IAAI,UAAU,EAAE,CAEnC;IAED,kBAAkB,CAAC,eAAe,EAAE,UAAU,GAAG,UAAU,CAE1D;IAED,qBAAqB,CAAC,eAAe,EAAE,UAAU,GAAG,UAAU,EAAE,CAE/D;IAED,eAAe,CAAC,eAAe,EAAE,UAAU,GAAG,YAAY,CAEzD;IAED,qBAAqB,CAAC,eAAe,EAAE,UAAU,GAAG,qBAAqB,GAAG,SAAS,CAEpF;IAED;;;;OAIG;IACH,OAAO,CAAC,mBAAmB;IAwB3B;;OAEG;IACU,KAAK,kBAEjB;IAED;;OAEG;IACU,IAAI,kBAEhB;CACF"}

package/dest/key_store/ha_key_store.js

@@ -0,0 +1,208 @@
+/**
+ * High Availability Key Store
+ *
+ * A ValidatorKeyStore wrapper that adds slashing protection for HA validator setups.
+ * When multiple validator nodes are running, only one node will sign for a given duty.
+ */ import { Buffer32 } from '@aztec/foundation/buffer';
+import { createLogger } from '@aztec/foundation/log';
+import { DutyAlreadySignedError, SlashingProtectionError } from '@aztec/validator-ha-signer/errors';
+import { isHAProtectedContext } from '@aztec/validator-ha-signer/types';
+import { hashTypedData } from 'viem';
+/**
+ * High Availability Key Store
+ *
+ * Wraps a base ExtendedValidatorKeyStore and ValidatorHASigner to provide
+ * HA-protected signing operations (when context is provided).
+ *
+ * The extended interface methods (getAttesterAddresses, getCoinbaseAddress, etc.)
+ * are pure pass-through since they don't require HA coordination.
+ *
+ * Usage:
+ * ```typescript
+ * const baseKeyStore = NodeKeystoreAdapter.fromPrivateKeys(privateKeys);
+ * const haSigner = new ValidatorHASigner(db, config);
+ * const haKeyStore = new HAKeyStore(baseKeyStore, haSigner);
+ *
+ * // Without context - signs directly (no HA protection)
+ * const sig = await haKeyStore.signMessageWithAddress(addr, msg);
+ *
+ * // With context - HA protected, throws DutyAlreadySignedError if already signed
+ * const result = await haKeyStore.signMessageWithAddress(addr, msg, {
+ *   slot: 100n,
+ *   blockNumber: 50n,
+ *   dutyType: DutyType.BLOCK_PROPOSAL,
+ * });
+ * ```
+ */ export class HAKeyStore {
+    baseKeyStore;
+    haSigner;
+    log;
+    constructor(baseKeyStore, haSigner){
+        this.baseKeyStore = baseKeyStore;
+        this.haSigner = haSigner;
+        this.log = createLogger('ha-key-store');
+        this.log.info('HAKeyStore initialized', {
+            nodeId: haSigner.nodeId
+        });
+    }
+    /**
+   * Sign typed data with all addresses.
+   * Coordinates across nodes to prevent double-signing for most duty types.
+   * AUTH_REQUEST and TXS duties bypass HA protection since signing multiple times is safe.
+   * Returns only signatures that were successfully claimed by this node.
+   */ async signTypedData(typedData, context) {
+        // no need for HA protection on auth request and txs signatures
+        if (!isHAProtectedContext(context)) {
+            return this.baseKeyStore.signTypedData(typedData, context);
+        }
+        // Sign each address with HA protection
+        const addresses = this.getAddresses();
+        const results = await Promise.allSettled(addresses.map((addr)=>this.signTypedDataWithAddress(addr, typedData, context)));
+        // Filter out failures (already signed by other nodes or other errors)
+        return results.filter((result)=>{
+            if (result.status === 'fulfilled') {
+                return true;
+            }
+            // Log expected HA errors (already signed) at debug level
+            if (result.reason instanceof DutyAlreadySignedError) {
+                this.log.debug(`Duty already signed by another node`, {
+                    dutyType: context.dutyType,
+                    slot: context.slot,
+                    signedByNode: result.reason.signedByNode
+                });
+                return false;
+            }
+            // Re-throw unexpected errors
+            throw result.reason;
+        }).map((result)=>result.value);
+    }
+    /**
+   * Sign a message with all addresses.
+   * Coordinates across nodes to prevent double-signing for most duty types.
+   * AUTH_REQUEST and TXS duties bypass HA protection since signing multiple times is safe.
+   * Returns only signatures that were successfully claimed by this node.
+   */ async signMessage(message, context) {
+        // no need for HA protection on auth request and txs signatures
+        if (!isHAProtectedContext(context)) {
+            return this.baseKeyStore.signMessage(message, context);
+        }
+        // Sign each address with HA protection
+        const addresses = this.getAddresses();
+        const results = await Promise.allSettled(addresses.map((addr)=>this.signMessageWithAddress(addr, message, context)));
+        // Filter out failures (already signed by other nodes or other errors)
+        return results.filter((result)=>{
+            if (result.status === 'fulfilled') {
+                return true;
+            }
+            // Log expected HA errors (already signed) at debug level
+            if (result.reason instanceof DutyAlreadySignedError) {
+                this.log.debug(`Duty already signed by another node`, {
+                    dutyType: context.dutyType,
+                    slot: context.slot,
+                    signedByNode: result.reason.signedByNode
+                });
+                return false;
+            }
+            // Re-throw unexpected errors
+            throw result.reason;
+        }).map((result)=>result.value);
+    }
+    /**
+   * Sign typed data with a specific address.
+   * Coordinates across nodes to prevent double-signing for most duty types.
+   * AUTH_REQUEST and TXS duties bypass HA protection since signing multiple times is safe.
+   * @throws DutyAlreadySignedError if the duty was already signed by another node
+   * @throws SlashingProtectionError if attempting to sign different data for the same slot
+   */ async signTypedDataWithAddress(address, typedData, context) {
+        // AUTH_REQUEST and TXS bypass HA protection - multiple signatures are safe
+        if (!isHAProtectedContext(context)) {
+            return this.baseKeyStore.signTypedDataWithAddress(address, typedData, context);
+        }
+        // Compute signing root from typed data for HA tracking
+        const digest = hashTypedData(typedData);
+        const messageHash = Buffer32.fromString(digest);
+        try {
+            return await this.haSigner.signWithProtection(address, messageHash, context, ()=>this.baseKeyStore.signTypedDataWithAddress(address, typedData, context));
+        } catch (error) {
+            this.processSigningError(error, context);
+            throw error;
+        }
+    }
+    /**
+   * Sign a message with a specific address.
+   * Coordinates across nodes to prevent double-signing for most duty types.
+   * AUTH_REQUEST and TXS duties bypass HA protection since signing multiple times is safe.
+   * @throws DutyAlreadySignedError if the duty was already signed by another node
+   * @throws SlashingProtectionError if attempting to sign different data for the same slot
+   */ async signMessageWithAddress(address, message, context) {
+        // no need for HA protection on auth request and txs signatures
+        if (!isHAProtectedContext(context)) {
+            return this.baseKeyStore.signMessageWithAddress(address, message, context);
+        }
+        try {
+            return await this.haSigner.signWithProtection(address, message, context, (messageHash)=>this.baseKeyStore.signMessageWithAddress(address, messageHash, context));
+        } catch (error) {
+            this.processSigningError(error, context);
+            throw error;
+        }
+    }
+    // ─────────────────────────────────────────────────────────────────────────────
+    // pass-through methods (no HA logic needed)
+    // ─────────────────────────────────────────────────────────────────────────────
+    getAddress(index) {
+        return this.baseKeyStore.getAddress(index);
+    }
+    getAddresses() {
+        return this.baseKeyStore.getAddresses();
+    }
+    getAttesterAddresses() {
+        return this.baseKeyStore.getAttesterAddresses();
+    }
+    getCoinbaseAddress(attesterAddress) {
+        return this.baseKeyStore.getCoinbaseAddress(attesterAddress);
+    }
+    getPublisherAddresses(attesterAddress) {
+        return this.baseKeyStore.getPublisherAddresses(attesterAddress);
+    }
+    getFeeRecipient(attesterAddress) {
+        return this.baseKeyStore.getFeeRecipient(attesterAddress);
+    }
+    getRemoteSignerConfig(attesterAddress) {
+        return this.baseKeyStore.getRemoteSignerConfig(attesterAddress);
+    }
+    /**
+   * Process signing errors from the HA signer.
+   * Logs expected HA errors (already signed) at appropriate levels.
+   * Re-throws unexpected errors.
+   */ processSigningError(error, context) {
+        if (error instanceof DutyAlreadySignedError) {
+            this.log.debug(`Duty already signed by another node with the same payload`, {
+                dutyType: context.dutyType,
+                slot: context.slot,
+                signedByNode: error.signedByNode
+            });
+            return;
+        }
+        if (error instanceof SlashingProtectionError) {
+            this.log.warn(`Duty already signed by another node with different payload`, {
+                dutyType: context.dutyType,
+                slot: context.slot,
+                existingMessageHash: error.existingMessageHash,
+                attemptedMessageHash: error.attemptedMessageHash
+            });
+            return;
+        }
+        // Re-throw errors
+        throw error;
+    }
+    /**
+   * Start the high-availability key store
+   */ async start() {
+        await this.haSigner.start();
+    }
+    /**
+   * Stop the high-availability key store
+   */ async stop() {
+        await this.haSigner.stop();
+    }
+}

package/dest/key_store/index.d.ts

@@ -2,4 +2,5 @@ export * from './interface.js';
 export * from './local_key_store.js';
 export * from './node_keystore_adapter.js';
 export * from './web3signer_key_store.js';
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9rZXlfc3RvcmUvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsY0FBYyxnQkFBZ0IsQ0FBQztBQUMvQixjQUFjLHNCQUFzQixDQUFDO0FBQ3JDLGNBQWMsNEJBQTRCLENBQUM7QUFDM0MsY0FBYywyQkFBMkIsQ0FBQyJ9
+export * from './ha_key_store.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9rZXlfc3RvcmUvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsY0FBYyxnQkFBZ0IsQ0FBQztBQUMvQixjQUFjLHNCQUFzQixDQUFDO0FBQ3JDLGNBQWMsNEJBQTRCLENBQUM7QUFDM0MsY0FBYywyQkFBMkIsQ0FBQztBQUMxQyxjQUFjLG1CQUFtQixDQUFDIn0=

package/dest/key_store/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/key_store/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,sBAAsB,CAAC;AACrC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,2BAA2B,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/key_store/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,sBAAsB,CAAC;AACrC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,2BAA2B,CAAC;AAC1C,cAAc,mBAAmB,CAAC"}

package/dest/key_store/index.js

@@ -2,3 +2,4 @@ export * from './interface.js';
 export * from './local_key_store.js';
 export * from './node_keystore_adapter.js';
 export * from './web3signer_key_store.js';
+export * from './ha_key_store.js';