@aztec/validator-client 1.2.0 → 2.0.0-nightly.20250813

package/dest/validator.js

@@ -6,10 +6,11 @@ import { retryUntil } from '@aztec/foundation/retry';
 import { RunningPromise } from '@aztec/foundation/running-promise';
 import { sleep } from '@aztec/foundation/sleep';
 import { DateProvider, Timer } from '@aztec/foundation/timer';
-import { TxCollector } from '@aztec/p2p';
+import { AuthRequest, AuthResponse, ReqRespSubProtocol } from '@aztec/p2p';
 import { BlockProposalValidator } from '@aztec/p2p/msg_validators';
 import { computeInHashFromL1ToL2Messages } from '@aztec/prover-client/helpers';
-import { Offense, WANT_TO_SLASH_EVENT } from '@aztec/slasher/config';
+import { Offense } from '@aztec/slasher';
+import { WANT_TO_SLASH_EVENT } from '@aztec/slasher/config';
 import { getTimestampForSlot } from '@aztec/stdlib/epoch-helpers';
 import { GlobalVariables } from '@aztec/stdlib/tx';
 import { AttestationTimeoutError, InvalidValidatorPrivateKeyError, ReExFailedTxsError, ReExStateMismatchError, ReExTimeoutError, TransactionsNotAvailableError } from '@aztec/stdlib/validators';
@@ -17,6 +18,7 @@ import { getTelemetryClient } from '@aztec/telemetry-client';
 import { EventEmitter } from 'events';
 import { ValidationService } from './duties/validation_service.js';
 import { LocalKeyStore } from './key_store/local_key_store.js';
+import { Web3SignerKeyStore } from './key_store/web3signer_key_store.js';
 import { ValidatorMetrics } from './metrics.js';
 // We maintain a set of proposers who have proposed invalid blocks.
 // Just cap the set to avoid unbounded growth.
@@ -30,6 +32,7 @@ const MAX_PROPOSERS_OF_INVALID_BLOCKS = 1000;
     p2pClient;
     blockSource;
     l1ToL2MessageSource;
+    txProvider;
     config;
     dateProvider;
     log;
@@ -39,18 +42,16 @@ const MAX_PROPOSERS_OF_INVALID_BLOCKS = 1000;
     // Used to check if we are sending the same proposal twice
     previousProposal;
     myAddresses;
-    lastEpoch;
+    lastEpochForCommitteeUpdateLoop;
     epochCacheUpdateLoop;
     blockProposalValidator;
-    txCollector;
     proposersOfInvalidBlocks;
-    constructor(blockBuilder, keyStore, epochCache, p2pClient, blockSource, l1ToL2MessageSource, config, dateProvider = new DateProvider(), telemetry = getTelemetryClient(), log = createLogger('validator')){
-        super(), this.blockBuilder = blockBuilder, this.keyStore = keyStore, this.epochCache = epochCache, this.p2pClient = p2pClient, this.blockSource = blockSource, this.l1ToL2MessageSource = l1ToL2MessageSource, this.config = config, this.dateProvider = dateProvider, this.log = log, this.proposersOfInvalidBlocks = new Set();
+    constructor(blockBuilder, keyStore, epochCache, p2pClient, blockSource, l1ToL2MessageSource, txProvider, config, dateProvider = new DateProvider(), telemetry = getTelemetryClient(), log = createLogger('validator')){
+        super(), this.blockBuilder = blockBuilder, this.keyStore = keyStore, this.epochCache = epochCache, this.p2pClient = p2pClient, this.blockSource = blockSource, this.l1ToL2MessageSource = l1ToL2MessageSource, this.txProvider = txProvider, this.config = config, this.dateProvider = dateProvider, this.log = log, this.proposersOfInvalidBlocks = new Set();
         this.tracer = telemetry.getTracer('Validator');
         this.metrics = new ValidatorMetrics(telemetry);
         this.validationService = new ValidationService(keyStore);
         this.blockProposalValidator = new BlockProposalValidator(epochCache);
-        this.txCollector = new TxCollector(p2pClient, this.log);
         // Refresh epoch cache every second to trigger alert if participation in committee changes
         this.myAddresses = this.keyStore.getAddresses();
         this.epochCacheUpdateLoop = new RunningPromise(this.handleEpochCommitteeUpdate.bind(this), log, 1000);
@@ -58,12 +59,12 @@ const MAX_PROPOSERS_OF_INVALID_BLOCKS = 1000;
     }
     async handleEpochCommitteeUpdate() {
         try {
-            const { committee, epoch } = await this.epochCache.getCommittee('now');
+            const { committee, epoch } = await this.epochCache.getCommittee('next');
             if (!committee) {
                 this.log.trace(`No committee found for slot`);
                 return;
             }
-            if (epoch !== this.lastEpoch) {
+            if (epoch !== this.lastEpochForCommitteeUpdateLoop) {
                 const me = this.myAddresses;
                 const committeeSet = new Set(committee.map((v)=>v.toString()));
                 const inCommittee = me.filter((a)=>committeeSet.has(a.toString()));
@@ -72,19 +73,29 @@ const MAX_PROPOSERS_OF_INVALID_BLOCKS = 1000;
                 } else {
                     this.log.verbose(`Validators ${me.map((a)=>a.toString()).join(', ')} are not on the validator committee for epoch ${epoch}`);
                 }
-                this.lastEpoch = epoch;
+                this.lastEpochForCommitteeUpdateLoop = epoch;
             }
         } catch (err) {
             this.log.error(`Error updating epoch committee`, err);
         }
     }
-    static new(config, blockBuilder, epochCache, p2pClient, blockSource, l1ToL2MessageSource, dateProvider = new DateProvider(), telemetry = getTelemetryClient()) {
-        if (!config.validatorPrivateKeys.getValue().length) {
-            throw new InvalidValidatorPrivateKeyError();
+    static new(config, blockBuilder, epochCache, p2pClient, blockSource, l1ToL2MessageSource, txProvider, dateProvider = new DateProvider(), telemetry = getTelemetryClient()) {
+        let keyStore;
+        if (config.web3SignerUrl) {
+            const addresses = config.web3SignerAddresses;
+            if (!addresses?.length) {
+                throw new Error('web3SignerAddresses is required when web3SignerUrl is provided');
+            }
+            keyStore = new Web3SignerKeyStore(addresses, config.web3SignerUrl);
+        } else {
+            const privateKeys = config.validatorPrivateKeys?.getValue().map(validatePrivateKey);
+            if (!privateKeys?.length) {
+                throw new InvalidValidatorPrivateKeyError();
+            }
+            keyStore = new LocalKeyStore(privateKeys);
         }
-        const privateKeys = config.validatorPrivateKeys.getValue().map(validatePrivateKey);
-        const localKeyStore = new LocalKeyStore(privateKeys);
-        const validator = new ValidatorClient(blockBuilder, localKeyStore, epochCache, p2pClient, blockSource, l1ToL2MessageSource, config, dateProvider, telemetry);
+        const validator = new ValidatorClient(blockBuilder, keyStore, epochCache, p2pClient, blockSource, l1ToL2MessageSource, txProvider, config, dateProvider, telemetry);
+        // TODO(PhilWindle): This seems like it could/should be done inside start()
         validator.registerBlockProposalHandler();
         return validator;
     }
@@ -92,7 +103,7 @@ const MAX_PROPOSERS_OF_INVALID_BLOCKS = 1000;
         return this.keyStore.getAddresses();
     }
     signWithAddress(addr, msg) {
-        return this.keyStore.signWithAddress(addr, msg);
+        return this.keyStore.signTypedDataWithAddress(addr, msg);
     }
     configureSlashing(config) {
         this.config.slashInvalidBlockEnabled = config.slashInvalidBlockEnabled ?? this.config.slashInvalidBlockEnabled;
@@ -103,45 +114,55 @@ const MAX_PROPOSERS_OF_INVALID_BLOCKS = 1000;
         // Sync the committee from the smart contract
         // https://github.com/AztecProtocol/aztec-packages/issues/7962
         const myAddresses = this.keyStore.getAddresses();
-        const inCommittee = await this.epochCache.filterInCommittee(myAddresses);
+        const inCommittee = await this.epochCache.filterInCommittee('now', myAddresses);
         if (inCommittee.length > 0) {
             this.log.info(`Started validator with addresses in current validator committee: ${inCommittee.map((a)=>a.toString()).join(', ')}`);
         } else {
             this.log.info(`Started validator with addresses: ${myAddresses.map((a)=>a.toString()).join(', ')}`);
         }
         this.epochCacheUpdateLoop.start();
+        this.p2pClient.registerThisValidatorAddresses(myAddresses);
+        await this.p2pClient.addReqRespSubProtocol(ReqRespSubProtocol.AUTH, this.handleAuthRequest.bind(this));
         return Promise.resolve();
     }
     async stop() {
         await this.epochCacheUpdateLoop.stop();
     }
     registerBlockProposalHandler() {
-        const handler = (block, proposalSender)=>{
-            return this.attestToProposal(block, proposalSender);
-        };
+        const handler = (block, proposalSender)=>this.attestToProposal(block, proposalSender);
         this.p2pClient.registerBlockProposalHandler(handler);
     }
     async attestToProposal(proposal, proposalSender) {
-        const slotNumber = proposal.slotNumber.toNumber();
+        const slotNumber = proposal.slotNumber.toBigInt();
         const blockNumber = proposal.blockNumber;
         const proposer = proposal.getSender();
         // Check that I have any address in current committee before attesting
-        const inCommittee = await this.epochCache.filterInCommittee(this.keyStore.getAddresses());
+        const inCommittee = await this.epochCache.filterInCommittee(slotNumber, this.keyStore.getAddresses());
         const partOfCommittee = inCommittee.length > 0;
         const proposalInfo = {
-            slotNumber,
-            blockNumber,
-            proposer: proposer.toString(),
-            archive: proposal.payload.archive.toString(),
-            txCount: proposal.payload.txHashes.length,
-            txHashes: proposal.payload.txHashes.map((txHash)=>txHash.toString())
+            ...proposal.toBlockInfo(),
+            proposer: proposer.toString()
         };
-        this.log.info(`Received request to attest for slot ${slotNumber}`, proposalInfo);
+        this.log.info(`Received proposal for slot ${slotNumber}`, {
+            ...proposalInfo,
+            txHashes: proposal.txHashes.map((txHash)=>txHash.toString())
+        });
+        // Collect txs from the proposal. Note that we do this before checking if we have an address in the
+        // current committee, since we want to collect txs anyway to facilitate propagation.
+        const { txs, missingTxs } = await this.txProvider.getTxsForBlockProposal(proposal, {
+            pinnedPeer: proposalSender,
+            deadline: this.getReexecutionDeadline(proposal, this.blockBuilder.getConfig())
+        });
+        // Check that I have any address in current committee before attesting
+        if (!partOfCommittee) {
+            this.log.verbose(`No validator in the current committee, skipping attestation`, proposalInfo);
+            return undefined;
+        }
         // Check that the proposal is from the current proposer, or the next proposer.
         // Q: Should this be moved to the block proposal validator, so we disregard proposals from anyone?
         const invalidProposal = await this.blockProposalValidator.validate(proposal);
         if (invalidProposal) {
-            this.log.warn(`Proposal is not valid, skipping attestation`);
+            this.log.warn(`Proposal is not valid, skipping attestation`, proposalInfo);
             if (partOfCommittee) {
                 this.metrics.incFailedAttestations(1, 'invalid_proposal');
             }
@@ -166,7 +187,7 @@ const MAX_PROPOSERS_OF_INVALID_BLOCKS = 1000;
                 return await this.blockSource.getBlock(blockNumber - 1);
             }, 'Force Archiver Sync', timeoutDurationMs / 1000, 0.5);
             if (parentBlock === undefined) {
-                this.log.warn(`Parent block for ${blockNumber} not found, skipping attestation`);
+                this.log.warn(`Parent block for ${blockNumber} not found, skipping attestation`, proposalInfo);
                 if (partOfCommittee) {
                     this.metrics.incFailedAttestations(1, 'parent_block_not_found');
                 }
@@ -184,20 +205,8 @@ const MAX_PROPOSERS_OF_INVALID_BLOCKS = 1000;
                 return undefined;
             }
         }
-        // Collect txs from the proposal
-        const { missing, txs } = await this.txCollector.collectForBlockProposal(proposal, proposalSender);
-        // Check that all of the transactions in the proposal are available in the tx pool before attesting
-        if (missing && missing.length > 0) {
-            this.log.warn(`Missing ${missing.length}/${proposal.payload.txHashes.length} txs to attest to proposal`, {
-                ...proposalInfo,
-                missing
-            });
-            if (partOfCommittee) {
-                this.metrics.incFailedAttestations(1, 'tx_not_available');
-            }
-            return undefined;
-        }
         // Check that I have the same set of l1ToL2Messages as the proposal
+        // Q: Same as above, should this be part of p2p validation?
         const l1ToL2Messages = await this.l1ToL2MessageSource.getL1ToL2Messages(blockNumber);
         const computedInHash = await computeInHashFromL1ToL2Messages(l1ToL2Messages);
         const proposalInHash = proposal.payload.header.contentCommitment.inHash;
@@ -212,8 +221,15 @@ const MAX_PROPOSERS_OF_INVALID_BLOCKS = 1000;
             }
             return undefined;
         }
-        if (!partOfCommittee) {
-            this.log.verbose(`No validator in the committee, skipping attestation`);
+        // Check that all of the transactions in the proposal are available in the tx pool before attesting
+        if (missingTxs.length > 0) {
+            this.log.warn(`Missing ${missingTxs.length} txs to attest to proposal`, {
+                ...proposalInfo,
+                missingTxs
+            });
+            if (partOfCommittee) {
+                this.metrics.incFailedAttestations(1, 'TransactionsNotAvailableError');
+            }
             return undefined;
         }
         // Try re-executing the transactions in the proposal
@@ -247,10 +263,11 @@ const MAX_PROPOSERS_OF_INVALID_BLOCKS = 1000;
    * Re-execute the transactions in the proposal and check that the state updates match the header state
    * @param proposal - The proposal to re-execute
    */ async reExecuteTransactions(proposal, txs, l1ToL2Messages) {
-        const { header, txHashes } = proposal.payload;
+        const { header } = proposal.payload;
+        const { txHashes } = proposal;
         // If we do not have all of the transactions, then we should fail
         if (txs.length !== txHashes.length) {
-            const foundTxHashes = await Promise.all(txs.map(async (tx)=>await tx.getTxHash()));
+            const foundTxHashes = txs.map((tx)=>tx.getTxHash());
             const missingTxHashes = txHashes.filter((txHash)=>!foundTxHashes.includes(txHash));
             throw new TransactionsNotAvailableError(missingTxHashes);
         }
@@ -291,12 +308,12 @@ const MAX_PROPOSERS_OF_INVALID_BLOCKS = 1000;
             // remove oldest proposer. `values` is guaranteed to be in insertion order.
             this.proposersOfInvalidBlocks.delete(this.proposersOfInvalidBlocks.values().next().value);
         }
-        this.proposersOfInvalidBlocks.add(proposer);
+        this.proposersOfInvalidBlocks.add(proposer.toString());
         this.emit(WANT_TO_SLASH_EVENT, [
             {
                 validator: proposer,
                 amount: this.config.slashInvalidBlockPenalty,
-                offense: Offense.INVALID_BLOCK
+                offense: Offense.BROADCASTED_INVALID_BLOCK_PROPOSAL
             }
         ]);
     }
@@ -313,7 +330,7 @@ const MAX_PROPOSERS_OF_INVALID_BLOCKS = 1000;
    * i.e. either we just created the slashing payload, or someone else did and we saw the event on L1.
    */ shouldSlash(args) {
         // note we don't check the offence here: we know this person is bad and we're willing to slash up to the max penalty.
-        return Promise.resolve(args.amount <= this.config.slashInvalidBlockMaxPenalty && this.proposersOfInvalidBlocks.has(args.validator));
+        return Promise.resolve(args.amount <= this.config.slashInvalidBlockMaxPenalty && this.proposersOfInvalidBlocks.has(args.validator.toString()));
     }
     async createBlockProposal(blockNumber, header, archive, stateReference, txs, proposerAddress, options) {
         if (this.previousProposal?.slotNumber.equals(header.slotNumber)) {
@@ -327,6 +344,14 @@ const MAX_PROPOSERS_OF_INVALID_BLOCKS = 1000;
     async broadcastBlockProposal(proposal) {
         await this.p2pClient.broadcastProposal(proposal);
     }
+    async collectOwnAttestations(proposal) {
+        const slot = proposal.payload.header.slotNumber.toBigInt();
+        const inCommittee = await this.epochCache.filterInCommittee(slot, this.keyStore.getAddresses());
+        this.log.debug(`Collecting ${inCommittee.length} self-attestations for slot ${slot}`, {
+            inCommittee
+        });
+        return this.doAttestToProposal(proposal, inCommittee);
+    }
     async collectAttestations(proposal, required, deadline) {
         // Wait and poll the p2pClient's attestation pool for this block until we have enough attestations
         const slot = proposal.payload.header.slotNumber.toBigInt();
@@ -335,10 +360,8 @@ const MAX_PROPOSERS_OF_INVALID_BLOCKS = 1000;
             this.log.error(`Deadline ${deadline.toISOString()} for collecting ${required} attestations for slot ${slot} is in the past`);
             throw new AttestationTimeoutError(0, required, slot);
         }
+        await this.collectOwnAttestations(proposal);
         const proposalId = proposal.archive.toString();
-        // adds attestations for all of my addresses locally
-        const inCommittee = await this.epochCache.filterInCommittee(this.keyStore.getAddresses());
-        await this.doAttestToProposal(proposal, inCommittee);
         const myAddresses = this.keyStore.getAddresses();
         let attestations = [];
         while(true){
@@ -368,6 +391,24 @@ const MAX_PROPOSERS_OF_INVALID_BLOCKS = 1000;
         await this.p2pClient.addAttestations(attestations);
         return attestations;
     }
+    async handleAuthRequest(peer, msg) {
+        const authRequest = AuthRequest.fromBuffer(msg);
+        const statusMessage = await this.p2pClient.handleAuthRequestFromPeer(authRequest, peer).catch((_)=>undefined);
+        if (statusMessage === undefined) {
+            return Buffer.alloc(0);
+        }
+        // Find a validator address that is in the set
+        const allRegisteredValidators = await this.epochCache.getRegisteredValidators();
+        const addressToUse = this.getValidatorAddresses().find((address)=>allRegisteredValidators.find((v)=>v.equals(address)) !== undefined);
+        if (addressToUse === undefined) {
+            // We don't have a registered address
+            return Buffer.alloc(0);
+        }
+        const payloadToSign = authRequest.getPayloadToSign();
+        const signature = await this.keyStore.signMessageWithAddress(addressToUse, payloadToSign);
+        const authResponse = new AuthResponse(statusMessage, signature);
+        return authResponse.toBuffer();
+    }
 }
 function validatePrivateKey(privateKey) {
     try {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aztec/validator-client",
-  "version": "1.2.0",
+  "version": "2.0.0-nightly.20250813",
   "main": "dest/index.js",
   "type": "module",
   "exports": {
@@ -64,15 +64,15 @@
     ]
   },
   "dependencies": {
-    "@aztec/constants": "1.2.0",
-    "@aztec/epoch-cache": "1.2.0",
-    "@aztec/ethereum": "1.2.0",
-    "@aztec/foundation": "1.2.0",
-    "@aztec/p2p": "1.2.0",
-    "@aztec/prover-client": "1.2.0",
-    "@aztec/slasher": "1.2.0",
-    "@aztec/stdlib": "1.2.0",
-    "@aztec/telemetry-client": "1.2.0",
+    "@aztec/constants": "2.0.0-nightly.20250813",
+    "@aztec/epoch-cache": "2.0.0-nightly.20250813",
+    "@aztec/ethereum": "2.0.0-nightly.20250813",
+    "@aztec/foundation": "2.0.0-nightly.20250813",
+    "@aztec/p2p": "2.0.0-nightly.20250813",
+    "@aztec/prover-client": "2.0.0-nightly.20250813",
+    "@aztec/slasher": "2.0.0-nightly.20250813",
+    "@aztec/stdlib": "2.0.0-nightly.20250813",
+    "@aztec/telemetry-client": "2.0.0-nightly.20250813",
     "koa": "^2.16.1",
     "koa-router": "^12.0.0",
     "tslib": "^2.4.0",

package/src/config.ts

@@ -6,13 +6,14 @@ import {
   numberConfigHelper,
   secretValueConfigHelper,
 } from '@aztec/foundation/config';
+import { EthAddress } from '@aztec/foundation/eth-address';
 
 /**
  * The Validator Configuration
  */
 export interface ValidatorClientConfig {
   /** The private keys of the validators participating in attestation duties */
-  validatorPrivateKeys: SecretValue<`0x${string}`[]>;
+  validatorPrivateKeys?: SecretValue<`0x${string}`[]>;
 
   /** Do not run the validator */
   disableValidator: boolean;
@@ -25,6 +26,12 @@ export interface ValidatorClientConfig {
 
   /** Will re-execute until this many milliseconds are left in the slot */
   validatorReexecuteDeadlineMs: number;
+
+  /** URL of the Web3Signer instance */
+  web3SignerUrl?: string;
+
+  /** List of addresses of remote signers */
+  web3SignerAddresses?: EthAddress[];
 }
 
 export const validatorClientConfigMappings: ConfigMappingsType<ValidatorClientConfig> = {
@@ -56,6 +63,16 @@ export const validatorClientConfigMappings: ConfigMappingsType<ValidatorClientCo
     description: 'Will re-execute until this many milliseconds are left in the slot',
     ...numberConfigHelper(6000),
   },
+  web3SignerUrl: {
+    env: 'WEB3_SIGNER_URL',
+    description: 'URL of the Web3Signer instance',
+    parseEnv: (val: string) => val.trim(),
+  },
+  web3SignerAddresses: {
+    env: 'WEB3_SIGNER_ADDRESSES',
+    description: 'List of addresses of remote signers',
+    parseEnv: (val: string) => val.split(',').map(address => EthAddress.fromString(address)),
+  },
 };
 
 /**

package/src/duties/validation_service.ts

@@ -49,7 +49,8 @@ export class ValidationService {
 
     return BlockProposal.createProposalFromSigner(
       blockNumber,
-      new ConsensusPayload(header, archive, stateReference, txHashes),
+      new ConsensusPayload(header, archive, stateReference),
+      txHashes,
       options.publishFullTxs ? txs : undefined,
       payloadSigner,
     );

package/src/factory.ts

@@ -1,10 +1,9 @@
 import type { EpochCache } from '@aztec/epoch-cache';
 import { SecretValue } from '@aztec/foundation/config';
 import type { DateProvider } from '@aztec/foundation/timer';
-import type { P2P } from '@aztec/p2p';
-import type { SlasherConfig } from '@aztec/slasher/config';
+import type { P2PClient } from '@aztec/p2p';
 import type { L2BlockSource } from '@aztec/stdlib/block';
-import type { IFullNodeBlockBuilder } from '@aztec/stdlib/interfaces/server';
+import type { IFullNodeBlockBuilder, SlasherConfig } from '@aztec/stdlib/interfaces/server';
 import type { L1ToL2MessageSource } from '@aztec/stdlib/messaging';
 import type { TelemetryClient } from '@aztec/telemetry-client';
 
@@ -18,7 +17,7 @@ export function createValidatorClient(
     Pick<SlasherConfig, 'slashInvalidBlockEnabled' | 'slashInvalidBlockPenalty' | 'slashInvalidBlockMaxPenalty'>,
   deps: {
     blockBuilder: IFullNodeBlockBuilder;
-    p2pClient: P2P;
+    p2pClient: P2PClient;
     blockSource: L2BlockSource;
     l1ToL2MessageSource: L1ToL2MessageSource;
     telemetry: TelemetryClient;
@@ -29,10 +28,14 @@ export function createValidatorClient(
   if (config.disableValidator) {
     return undefined;
   }
-  if (config.validatorPrivateKeys === undefined || !config.validatorPrivateKeys.getValue().length) {
+  if (
+    (config.validatorPrivateKeys === undefined || !config.validatorPrivateKeys.getValue().length) &&
+    !config.web3SignerUrl
+  ) {
     config.validatorPrivateKeys = new SecretValue([generatePrivateKey()]);
   }
 
+  const txProvider = deps.p2pClient.getTxProvider();
   return ValidatorClient.new(
     config,
     deps.blockBuilder,
@@ -40,6 +43,7 @@ export function createValidatorClient(
     deps.p2pClient,
     deps.blockSource,
     deps.l1ToL2MessageSource,
+    txProvider,
     deps.dateProvider,
     deps.telemetry,
   );

package/src/key_store/index.ts

@@ -1,2 +1,3 @@
 export * from './interface.js';
 export * from './local_key_store.js';
+export * from './web3signer_key_store.js';

package/src/key_store/interface.ts

@@ -2,6 +2,8 @@ import type { Buffer32 } from '@aztec/foundation/buffer';
 import type { EthAddress } from '@aztec/foundation/eth-address';
 import type { Signature } from '@aztec/foundation/eth-signature';
 
+import type { TypedDataDefinition } from 'viem';
+
 /** Key Store
  *
  * A keystore interface that can be replaced with a local keystore / remote signer service
@@ -22,8 +24,8 @@ export interface ValidatorKeyStore {
    */
   getAddresses(): EthAddress[];
 
-  sign(message: Buffer32): Promise<Signature[]>;
-  signWithAddress(address: EthAddress, message: Buffer32): Promise<Signature>;
+  signTypedData(typedData: TypedDataDefinition): Promise<Signature[]>;
+  signTypedDataWithAddress(address: EthAddress, typedData: TypedDataDefinition): Promise<Signature>;
   /**
    * Flavor of sign message that followed EIP-712 eth signed message prefix
    * Note: this is only required when we are using ecdsa signatures over secp256k1

package/src/key_store/local_key_store.ts

@@ -1,8 +1,10 @@
-import type { Buffer32 } from '@aztec/foundation/buffer';
+import { Buffer32 } from '@aztec/foundation/buffer';
 import { Secp256k1Signer } from '@aztec/foundation/crypto';
 import type { EthAddress } from '@aztec/foundation/eth-address';
 import type { Signature } from '@aztec/foundation/eth-signature';
 
+import { type TypedDataDefinition, hashTypedData } from 'viem';
+
 import type { ValidatorKeyStore } from './interface.js';
 
 /**
@@ -43,30 +45,32 @@ export class LocalKeyStore implements ValidatorKeyStore {
 
   /**
    * Sign a message with all keystore private keys
-   * @param digest - The message buffer to sign
+   * @param typedData - The complete EIP-712 typed data structure (domain, types, primaryType, message)
    * @return signature
    */
-  public sign(digest: Buffer32): Promise<Signature[]> {
-    return Promise.all(this.signers.map(signer => signer.sign(digest)));
+  public signTypedData(typedData: TypedDataDefinition): Promise<Signature[]> {
+    const digest = hashTypedData(typedData);
+    return Promise.all(this.signers.map(signer => signer.sign(Buffer32.fromString(digest))));
   }
 
   /**
    * Sign a message with a specific address's private key
    * @param address - The address of the signer to use
-   * @param digest - The message buffer to sign
+   * @param typedData - The complete EIP-712 typed data structure (domain, types, primaryType, message)
    * @returns signature for the specified address
    * @throws Error if the address is not found in the keystore
    */
-  public signWithAddress(address: EthAddress, digest: Buffer32): Promise<Signature> {
+  public signTypedDataWithAddress(address: EthAddress, typedData: TypedDataDefinition): Promise<Signature> {
     const signer = this.signersByAddress.get(address.toString());
     if (!signer) {
       throw new Error(`No signer found for address ${address.toString()}`);
     }
-    return Promise.resolve(signer.sign(digest));
+    const digest = hashTypedData(typedData);
+    return Promise.resolve(signer.sign(Buffer32.fromString(digest)));
   }
 
   /**
-   * Sign a message with all keystore private keys
+   * Sign a message using eth_sign with all keystore private keys
    *
    * @param message - The message to sign
    * @return signatures
@@ -76,7 +80,7 @@ export class LocalKeyStore implements ValidatorKeyStore {
   }
 
   /**
-   * Sign a message with a specific address's private key
+   * Sign a message using eth_sign with a specific address's private key
    * @param address - The address of the signer to use
    * @param message - The message to sign
    * @returns signature for the specified address