@aztec/validator-ha-signer 0.0.1-commit.001888fc

package/dest/metrics.js

@@ -0,0 +1,103 @@
+import { Attributes, Metrics, createUpDownCounterWithDefault } from '@aztec/telemetry-client';
+/**
+ * Metrics for HA signer tracking signing operations, lock acquisition, and cleanup.
+ */ export class HASignerMetrics {
+    nodeId;
+    // Signing lifecycle metrics
+    signingDuration;
+    signingSuccessCount;
+    dutyAlreadySignedCount;
+    slashingProtectionCount;
+    signingErrorCount;
+    // Lock acquisition metrics
+    lockAcquiredCount;
+    // Cleanup metrics
+    cleanupStuckDutiesCount;
+    cleanupOldDutiesCount;
+    cleanupOutdatedRollupDutiesCount;
+    constructor(client, nodeId, name = 'HASignerMetrics'){
+        this.nodeId = nodeId;
+        const meter = client.getMeter(name);
+        // Signing lifecycle
+        this.signingDuration = meter.createHistogram(Metrics.HA_SIGNER_SIGNING_DURATION);
+        this.signingSuccessCount = createUpDownCounterWithDefault(meter, Metrics.HA_SIGNER_SIGNING_SUCCESS_COUNT);
+        this.dutyAlreadySignedCount = createUpDownCounterWithDefault(meter, Metrics.HA_SIGNER_DUTY_ALREADY_SIGNED_COUNT);
+        this.slashingProtectionCount = createUpDownCounterWithDefault(meter, Metrics.HA_SIGNER_SLASHING_PROTECTION_COUNT);
+        this.signingErrorCount = createUpDownCounterWithDefault(meter, Metrics.HA_SIGNER_SIGNING_ERROR_COUNT);
+        // Lock acquisition
+        this.lockAcquiredCount = createUpDownCounterWithDefault(meter, Metrics.HA_SIGNER_LOCK_ACQUIRED_COUNT);
+        // Cleanup
+        this.cleanupStuckDutiesCount = createUpDownCounterWithDefault(meter, Metrics.HA_SIGNER_CLEANUP_STUCK_DUTIES_COUNT);
+        this.cleanupOldDutiesCount = createUpDownCounterWithDefault(meter, Metrics.HA_SIGNER_CLEANUP_OLD_DUTIES_COUNT);
+        this.cleanupOutdatedRollupDutiesCount = createUpDownCounterWithDefault(meter, Metrics.HA_SIGNER_CLEANUP_OUTDATED_ROLLUP_DUTIES_COUNT);
+    }
+    /**
+   * Record a successful signing operation.
+   * @param dutyType - The type of duty signed
+   * @param durationMs - Duration from start of signWithProtection to completion
+   */ recordSigningSuccess(dutyType, durationMs) {
+        const attributes = {
+            [Attributes.HA_DUTY_TYPE]: dutyType,
+            [Attributes.HA_NODE_ID]: this.nodeId
+        };
+        this.signingSuccessCount.add(1, attributes);
+        this.signingDuration.record(durationMs, attributes);
+    }
+    /**
+   * Record a DutyAlreadySignedError (expected in HA; another node signed first).
+   * @param dutyType - The type of duty
+   */ recordDutyAlreadySigned(dutyType) {
+        const attributes = {
+            [Attributes.HA_DUTY_TYPE]: dutyType,
+            [Attributes.HA_NODE_ID]: this.nodeId
+        };
+        this.dutyAlreadySignedCount.add(1, attributes);
+    }
+    /**
+   * Record a SlashingProtectionError (attempted to sign different data for same duty).
+   * @param dutyType - The type of duty
+   */ recordSlashingProtection(dutyType) {
+        const attributes = {
+            [Attributes.HA_DUTY_TYPE]: dutyType,
+            [Attributes.HA_NODE_ID]: this.nodeId
+        };
+        this.slashingProtectionCount.add(1, attributes);
+    }
+    /**
+   * Record a signing function failure (lock will be deleted for retry).
+   * @param dutyType - The type of duty
+   */ recordSigningError(dutyType) {
+        const attributes = {
+            [Attributes.HA_DUTY_TYPE]: dutyType,
+            [Attributes.HA_NODE_ID]: this.nodeId
+        };
+        this.signingErrorCount.add(1, attributes);
+    }
+    /**
+   * Record lock acquisition.
+   * @param acquired - Whether a new lock was acquired (true) or existing record found (false)
+   */ recordLockAcquire(acquired) {
+        if (acquired) {
+            const attributes = {
+                [Attributes.HA_NODE_ID]: this.nodeId
+            };
+            this.lockAcquiredCount.add(1, attributes);
+        }
+    }
+    /**
+   * Record cleanup metrics.
+   * @param type - Type of cleanup
+   * @param count - Number of duties cleaned up
+   */ recordCleanup(type, count) {
+        const attributes = {
+            [Attributes.HA_NODE_ID]: this.nodeId
+        };
+        if (type === 'stuck') {
+            this.cleanupStuckDutiesCount.add(count, attributes);
+        } else if (type === 'old') {
+            this.cleanupOldDutiesCount.add(count, attributes);
+        } else if (type === 'outdated_rollup') {
+            this.cleanupOutdatedRollupDutiesCount.add(count, attributes);
+        }
+    }
+}

package/dest/migrations.d.ts

@@ -0,0 +1,15 @@
+export interface RunMigrationsOptions {
+    /** Migration direction ('up' to apply, 'down' to rollback). Defaults to 'up'. */
+    direction?: 'up' | 'down';
+    /** Enable verbose output. Defaults to false. */
+    verbose?: boolean;
+}
+/**
+ * Run database migrations programmatically
+ *
+ * @param databaseUrl - PostgreSQL connection string
+ * @param options - Migration options (direction, verbose)
+ * @returns Array of applied migration names
+ */
+export declare function runMigrations(databaseUrl: string, options?: RunMigrationsOptions): Promise<string[]>;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibWlncmF0aW9ucy5kLnRzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL21pZ3JhdGlvbnMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBYUEsTUFBTSxXQUFXLG9CQUFvQjtJQUNuQyxpRkFBaUY7SUFDakYsU0FBUyxDQUFDLEVBQUUsSUFBSSxHQUFHLE1BQU0sQ0FBQztJQUMxQixnREFBZ0Q7SUFDaEQsT0FBTyxDQUFDLEVBQUUsT0FBTyxDQUFDO0NBQ25CO0FBRUQ7Ozs7OztHQU1HO0FBQ0gsd0JBQXNCLGFBQWEsQ0FBQyxXQUFXLEVBQUUsTUFBTSxFQUFFLE9BQU8sR0FBRSxvQkFBeUIsR0FBRyxPQUFPLENBQUMsTUFBTSxFQUFFLENBQUMsQ0ErQzlHIn0=

package/dest/migrations.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"migrations.d.ts","sourceRoot":"","sources":["../src/migrations.ts"],"names":[],"mappings":"AAaA,MAAM,WAAW,oBAAoB;IACnC,iFAAiF;IACjF,SAAS,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC;IAC1B,gDAAgD;IAChD,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;;;;;GAMG;AACH,wBAAsB,aAAa,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,GAAE,oBAAyB,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CA+C9G"}

package/dest/migrations.js

@@ -0,0 +1,53 @@
+/**
+ * Programmatic migration runner
+ */ import { createLogger } from '@aztec/foundation/log';
+import { readdirSync } from 'fs';
+import { runner } from 'node-pg-migrate';
+import { dirname, join } from 'path';
+import { fileURLToPath } from 'url';
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+/**
+ * Run database migrations programmatically
+ *
+ * @param databaseUrl - PostgreSQL connection string
+ * @param options - Migration options (direction, verbose)
+ * @returns Array of applied migration names
+ */ export async function runMigrations(databaseUrl, options = {}) {
+    const direction = options.direction ?? 'up';
+    const verbose = options.verbose ?? false;
+    const log = createLogger('validator-ha-signer:migrations');
+    const migrationsDir = join(__dirname, 'db', 'migrations');
+    try {
+        log.info(`Running migrations ${direction}...`);
+        // Filter out .d.ts and .d.ts.map files - node-pg-migrate only needs .js files
+        const migrationFiles = readdirSync(migrationsDir);
+        const jsMigrationFiles = migrationFiles.filter((file)=>file.endsWith('.js') && !file.endsWith('.d.ts') && !file.endsWith('.d.ts.map'));
+        if (jsMigrationFiles.length === 0) {
+            log.info('No migration files found');
+            return [];
+        }
+        const appliedMigrations = await runner({
+            databaseUrl,
+            dir: migrationsDir,
+            direction,
+            migrationsTable: 'pgmigrations',
+            count: direction === 'down' ? 1 : Infinity,
+            verbose,
+            log: (msg)=>verbose ? log.info(msg) : log.debug(msg),
+            // Ignore TypeScript declaration files - node-pg-migrate will try to import them otherwise
+            ignorePattern: '.*\\.d\\.(ts|js)$|.*\\.d\\.ts\\.map$'
+        });
+        if (appliedMigrations.length === 0) {
+            log.info('No migrations to apply - schema is up to date');
+        } else {
+            log.info(`Applied ${appliedMigrations.length} migration(s)`, {
+                migrations: appliedMigrations.map((m)=>m.name)
+            });
+        }
+        return appliedMigrations.map((m)=>m.name);
+    } catch (error) {
+        log.error('Migration failed', error);
+        throw error;
+    }
+}

package/dest/slashing_protection_service.d.ts

@@ -0,0 +1,93 @@
+import type { DateProvider } from '@aztec/foundation/timer';
+import type { BaseSignerConfig } from '@aztec/stdlib/ha-signing';
+import { type CheckAndRecordParams, type DeleteDutyParams, type RecordSuccessParams } from './db/types.js';
+import type { HASignerMetrics } from './metrics.js';
+import type { SlashingProtectionDatabase } from './types.js';
+export interface SlashingProtectionServiceDeps {
+    metrics: HASignerMetrics;
+    dateProvider: DateProvider;
+}
+/**
+ * Slashing Protection Service
+ *
+ * This service ensures that a validator only signs one block/attestation per slot,
+ * even when running multiple redundant nodes (HA setup).
+ *
+ * All nodes in the HA setup try to sign - the first one wins, others get
+ * DutyAlreadySignedError (normal) or SlashingProtectionError (if different data).
+ *
+ * Flow:
+ * 1. checkAndRecord() - Atomically try to acquire lock via tryInsertOrGetExisting
+ * 2. Caller performs the signing operation
+ * 3. recordSuccess() - Update to 'signed' status with signature
+ *    OR deleteDuty() - Delete the record to allow retry
+ */
+export declare class SlashingProtectionService {
+    private readonly db;
+    private readonly config;
+    private readonly log;
+    private readonly pollingIntervalMs;
+    private readonly signingTimeoutMs;
+    private readonly maxStuckDutiesAgeMs;
+    private readonly metrics;
+    private readonly dateProvider;
+    private cleanupRunningPromise;
+    private lastOldDutiesCleanupAtMs?;
+    constructor(db: SlashingProtectionDatabase, config: BaseSignerConfig, deps: SlashingProtectionServiceDeps);
+    /**
+     * Check if a duty can be performed and acquire the lock if so.
+     *
+     * This method uses an atomic insert-or-get operation.
+     * It will:
+     * 1. Try to insert a new record with 'signing' status
+     * 2. If insert succeeds, we acquired the lock - return the lockToken
+     * 3. If a record exists, handle based on status:
+     *    - SIGNED: Throw appropriate error (already signed or slashing protection)
+     *    - SIGNING: Wait and poll until status changes, then handle result
+     *
+     * @returns The lockToken that must be used for recordSuccess/deleteDuty
+     * @throws DutyAlreadySignedError if the duty was already completed
+     * @throws SlashingProtectionError if attempting to sign different data for same slot/duty
+     */
+    checkAndRecord(params: CheckAndRecordParams): Promise<string>;
+    /**
+     * Record a successful signing operation.
+     * Updates the duty status to 'signed' and stores the signature.
+     * Only succeeds if the lockToken matches (caller must be the one who created the duty).
+     *
+     * @returns true if the update succeeded, false if token didn't match
+     */
+    recordSuccess(params: RecordSuccessParams): Promise<boolean>;
+    /**
+     * Delete a duty record after a failed signing operation.
+     * Removes the record to allow another node/attempt to retry.
+     * Only succeeds if the lockToken matches (caller must be the one who created the duty).
+     *
+     * @returns true if the delete succeeded, false if token didn't match
+     */
+    deleteDuty(params: DeleteDutyParams): Promise<boolean>;
+    /**
+     * Get the node ID for this service
+     */
+    get nodeId(): string;
+    /**
+     * Start running tasks.
+     * Cleanup runs immediately on start to recover from any previous crashes.
+     */
+    /**
+     * Start the background cleanup task.
+     * Also performs one-time cleanup of duties with outdated rollup addresses.
+     */
+    start(): Promise<void>;
+    /**
+     * Stop the background cleanup task.
+     */
+    stop(): Promise<void>;
+    /**
+     * Close the database connection.
+     * Should be called after stop() during graceful shutdown.
+     */
+    close(): Promise<void>;
+    private cleanup;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2xhc2hpbmdfcHJvdGVjdGlvbl9zZXJ2aWNlLmQudHMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvc2xhc2hpbmdfcHJvdGVjdGlvbl9zZXJ2aWNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQVNBLE9BQU8sS0FBSyxFQUFFLFlBQVksRUFBRSxNQUFNLHlCQUF5QixDQUFDO0FBQzVELE9BQU8sS0FBSyxFQUFFLGdCQUFnQixFQUFFLE1BQU0sMEJBQTBCLENBQUM7QUFFakUsT0FBTyxFQUNMLEtBQUssb0JBQW9CLEVBQ3pCLEtBQUssZ0JBQWdCLEVBRXJCLEtBQUssbUJBQW1CLEVBRXpCLE1BQU0sZUFBZSxDQUFDO0FBRXZCLE9BQU8sS0FBSyxFQUFFLGVBQWUsRUFBRSxNQUFNLGNBQWMsQ0FBQztBQUNwRCxPQUFPLEtBQUssRUFBRSwwQkFBMEIsRUFBRSxNQUFNLFlBQVksQ0FBQztBQUU3RCxNQUFNLFdBQVcsNkJBQTZCO0lBQzVDLE9BQU8sRUFBRSxlQUFlLENBQUM7SUFDekIsWUFBWSxFQUFFLFlBQVksQ0FBQztDQUM1QjtBQUVEOzs7Ozs7Ozs7Ozs7OztHQWNHO0FBQ0gscUJBQWEseUJBQXlCO0lBYWxDLE9BQU8sQ0FBQyxRQUFRLENBQUMsRUFBRTtJQUNuQixPQUFPLENBQUMsUUFBUSxDQUFDLE1BQU07SUFiekIsT0FBTyxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQVM7SUFDN0IsT0FBTyxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsQ0FBUztJQUMzQyxPQUFPLENBQUMsUUFBUSxDQUFDLGdCQUFnQixDQUFTO0lBQzFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsbUJBQW1CLENBQVM7SUFFN0MsT0FBTyxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQWtCO0lBQzFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsWUFBWSxDQUFlO0lBRTVDLE9BQU8sQ0FBQyxxQkFBcUIsQ0FBaUI7SUFDOUMsT0FBTyxDQUFDLHdCQUF3QixDQUFDLENBQVM7SUFFMUMsWUFDbUIsRUFBRSxFQUFFLDBCQUEwQixFQUM5QixNQUFNLEVBQUUsZ0JBQWdCLEVBQ3pDLElBQUksRUFBRSw2QkFBNkIsRUFXcEM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7T0FjRztJQUNHLGNBQWMsQ0FBQyxNQUFNLEVBQUUsb0JBQW9CLEdBQUcsT0FBTyxDQUFDLE1BQU0sQ0FBQyxDQXFFbEU7SUFFRDs7Ozs7O09BTUc7SUFDRyxhQUFhLENBQUMsTUFBTSxFQUFFLG1CQUFtQixHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsQ0EyQmpFO0lBRUQ7Ozs7OztPQU1HO0lBQ0csVUFBVSxDQUFDLE1BQU0sRUFBRSxnQkFBZ0IsR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDLENBd0IzRDtJQUVEOztPQUVHO0lBQ0gsSUFBSSxNQUFNLElBQUksTUFBTSxDQUVuQjtJQUVEOzs7T0FHRztJQUNIOzs7T0FHRztJQUNHLEtBQUssa0JBWVY7SUFFRDs7T0FFRztJQUNHLElBQUksa0JBR1Q7SUFFRDs7O09BR0c7SUFDRyxLQUFLLGtCQUdWO1lBTWEsT0FBTztDQStCdEIifQ==

package/dest/slashing_protection_service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"slashing_protection_service.d.ts","sourceRoot":"","sources":["../src/slashing_protection_service.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAEjE,OAAO,EACL,KAAK,oBAAoB,EACzB,KAAK,gBAAgB,EAErB,KAAK,mBAAmB,EAEzB,MAAM,eAAe,CAAC;AAEvB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,YAAY,CAAC;AAE7D,MAAM,WAAW,6BAA6B;IAC5C,OAAO,EAAE,eAAe,CAAC;IACzB,YAAY,EAAE,YAAY,CAAC;CAC5B;AAED;;;;;;;;;;;;;;GAcG;AACH,qBAAa,yBAAyB;IAalC,OAAO,CAAC,QAAQ,CAAC,EAAE;IACnB,OAAO,CAAC,QAAQ,CAAC,MAAM;IAbzB,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAS;IAC7B,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAS;IAC3C,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAS;IAC1C,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAS;IAE7C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAkB;IAC1C,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAe;IAE5C,OAAO,CAAC,qBAAqB,CAAiB;IAC9C,OAAO,CAAC,wBAAwB,CAAC,CAAS;IAE1C,YACmB,EAAE,EAAE,0BAA0B,EAC9B,MAAM,EAAE,gBAAgB,EACzC,IAAI,EAAE,6BAA6B,EAWpC;IAED;;;;;;;;;;;;;;OAcG;IACG,cAAc,CAAC,MAAM,EAAE,oBAAoB,GAAG,OAAO,CAAC,MAAM,CAAC,CAqElE;IAED;;;;;;OAMG;IACG,aAAa,CAAC,MAAM,EAAE,mBAAmB,GAAG,OAAO,CAAC,OAAO,CAAC,CA2BjE;IAED;;;;;;OAMG;IACG,UAAU,CAAC,MAAM,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC,CAwB3D;IAED;;OAEG;IACH,IAAI,MAAM,IAAI,MAAM,CAEnB;IAED;;;OAGG;IACH;;;OAGG;IACG,KAAK,kBAYV;IAED;;OAEG;IACG,IAAI,kBAGT;IAED;;;OAGG;IACG,KAAK,kBAGV;YAMa,OAAO;CA+BtB"}

package/dest/slashing_protection_service.js

@@ -0,0 +1,236 @@
+/**
+ * Slashing Protection Service
+ *
+ * Provides distributed locking and slashing protection for validator duties.
+ * Uses an external database to coordinate across multiple validator nodes.
+ */ import { createLogger } from '@aztec/foundation/log';
+import { RunningPromise } from '@aztec/foundation/promise';
+import { sleep } from '@aztec/foundation/sleep';
+import { DutyStatus, getBlockIndexFromDutyIdentifier } from './db/types.js';
+import { DutyAlreadySignedError, SlashingProtectionError } from './errors.js';
+/**
+ * Slashing Protection Service
+ *
+ * This service ensures that a validator only signs one block/attestation per slot,
+ * even when running multiple redundant nodes (HA setup).
+ *
+ * All nodes in the HA setup try to sign - the first one wins, others get
+ * DutyAlreadySignedError (normal) or SlashingProtectionError (if different data).
+ *
+ * Flow:
+ * 1. checkAndRecord() - Atomically try to acquire lock via tryInsertOrGetExisting
+ * 2. Caller performs the signing operation
+ * 3. recordSuccess() - Update to 'signed' status with signature
+ *    OR deleteDuty() - Delete the record to allow retry
+ */ export class SlashingProtectionService {
+    db;
+    config;
+    log;
+    pollingIntervalMs;
+    signingTimeoutMs;
+    maxStuckDutiesAgeMs;
+    metrics;
+    dateProvider;
+    cleanupRunningPromise;
+    lastOldDutiesCleanupAtMs;
+    constructor(db, config, deps){
+        this.db = db;
+        this.config = config;
+        this.log = createLogger('slashing-protection');
+        this.pollingIntervalMs = config.pollingIntervalMs;
+        this.signingTimeoutMs = config.signingTimeoutMs;
+        // Default to 144s (2x 72s Aztec slot duration) if not explicitly configured
+        this.maxStuckDutiesAgeMs = config.maxStuckDutiesAgeMs ?? 144_000;
+        this.cleanupRunningPromise = new RunningPromise(this.cleanup.bind(this), this.log, this.maxStuckDutiesAgeMs);
+        this.metrics = deps.metrics;
+        this.dateProvider = deps.dateProvider;
+    }
+    /**
+   * Check if a duty can be performed and acquire the lock if so.
+   *
+   * This method uses an atomic insert-or-get operation.
+   * It will:
+   * 1. Try to insert a new record with 'signing' status
+   * 2. If insert succeeds, we acquired the lock - return the lockToken
+   * 3. If a record exists, handle based on status:
+   *    - SIGNED: Throw appropriate error (already signed or slashing protection)
+   *    - SIGNING: Wait and poll until status changes, then handle result
+   *
+   * @returns The lockToken that must be used for recordSuccess/deleteDuty
+   * @throws DutyAlreadySignedError if the duty was already completed
+   * @throws SlashingProtectionError if attempting to sign different data for same slot/duty
+   */ async checkAndRecord(params) {
+        const { validatorAddress, slot, dutyType, messageHash, nodeId } = params;
+        const startTime = this.dateProvider.now();
+        this.log.debug(`Checking duty: ${dutyType} for slot ${slot}`, {
+            validatorAddress: validatorAddress.toString(),
+            nodeId
+        });
+        while(true){
+            // insert if not present, get existing if present
+            const { isNew, record } = await this.db.tryInsertOrGetExisting(params);
+            if (isNew) {
+                // We successfully acquired the lock
+                this.log.verbose(`Acquired lock for duty ${dutyType} at slot ${slot}`, {
+                    validatorAddress: validatorAddress.toString(),
+                    nodeId
+                });
+                this.metrics.recordLockAcquire(true);
+                return record.lockToken;
+            }
+            // Record already exists - handle based on status
+            if (record.status === DutyStatus.SIGNED) {
+                // Duty was already signed - check if same or different data
+                if (record.messageHash !== messageHash) {
+                    this.log.verbose(`Slashing protection triggered for duty ${dutyType} at slot ${slot}`, {
+                        validatorAddress: validatorAddress.toString(),
+                        existingMessageHash: record.messageHash,
+                        attemptedMessageHash: messageHash,
+                        existingNodeId: record.nodeId,
+                        attemptingNodeId: nodeId
+                    });
+                    this.metrics.recordSlashingProtection(dutyType);
+                    throw new SlashingProtectionError(slot, dutyType, record.blockIndexWithinCheckpoint, record.messageHash, messageHash, record.nodeId);
+                }
+                this.metrics.recordDutyAlreadySigned(dutyType);
+                throw new DutyAlreadySignedError(slot, dutyType, record.blockIndexWithinCheckpoint, record.nodeId);
+            } else if (record.status === DutyStatus.SIGNING) {
+                // Another node is currently signing - check for timeout
+                if (this.dateProvider.now() - startTime > this.signingTimeoutMs) {
+                    this.log.warn(`Timeout waiting for signing to complete for duty ${dutyType} at slot ${slot}`, {
+                        validatorAddress: validatorAddress.toString(),
+                        timeoutMs: this.signingTimeoutMs,
+                        signingNodeId: record.nodeId
+                    });
+                    this.metrics.recordDutyAlreadySigned(dutyType);
+                    throw new DutyAlreadySignedError(slot, dutyType, record.blockIndexWithinCheckpoint, 'unknown (timeout)');
+                }
+                // Wait and poll
+                this.log.debug(`Waiting for signing to complete for duty ${dutyType} at slot ${slot}`, {
+                    validatorAddress: validatorAddress.toString(),
+                    signingNodeId: record.nodeId
+                });
+                await sleep(this.pollingIntervalMs);
+            // Loop continues - next iteration will check status again
+            } else {
+                throw new Error(`Unknown duty status: ${record.status}`);
+            }
+        }
+    }
+    /**
+   * Record a successful signing operation.
+   * Updates the duty status to 'signed' and stores the signature.
+   * Only succeeds if the lockToken matches (caller must be the one who created the duty).
+   *
+   * @returns true if the update succeeded, false if token didn't match
+   */ async recordSuccess(params) {
+        const { rollupAddress, validatorAddress, slot, dutyType, signature, nodeId, lockToken } = params;
+        const blockIndexWithinCheckpoint = getBlockIndexFromDutyIdentifier(params);
+        const success = await this.db.updateDutySigned(rollupAddress, validatorAddress, slot, dutyType, signature.toString(), lockToken, blockIndexWithinCheckpoint);
+        if (success) {
+            this.log.verbose(`Recorded successful signing for duty ${dutyType} at slot ${slot}`, {
+                validatorAddress: validatorAddress.toString(),
+                nodeId
+            });
+        } else {
+            this.log.warn(`Failed to record successful signing for duty ${dutyType} at slot ${slot}: invalid token`, {
+                validatorAddress: validatorAddress.toString(),
+                nodeId
+            });
+        }
+        return success;
+    }
+    /**
+   * Delete a duty record after a failed signing operation.
+   * Removes the record to allow another node/attempt to retry.
+   * Only succeeds if the lockToken matches (caller must be the one who created the duty).
+   *
+   * @returns true if the delete succeeded, false if token didn't match
+   */ async deleteDuty(params) {
+        const { rollupAddress, validatorAddress, slot, dutyType, lockToken } = params;
+        const blockIndexWithinCheckpoint = getBlockIndexFromDutyIdentifier(params);
+        const success = await this.db.deleteDuty(rollupAddress, validatorAddress, slot, dutyType, lockToken, blockIndexWithinCheckpoint);
+        if (success) {
+            this.log.info(`Deleted duty ${dutyType} at slot ${slot} to allow retry`, {
+                validatorAddress: validatorAddress.toString()
+            });
+        } else {
+            this.log.warn(`Failed to delete duty ${dutyType} at slot ${slot}: invalid token`, {
+                validatorAddress: validatorAddress.toString()
+            });
+        }
+        return success;
+    }
+    /**
+   * Get the node ID for this service
+   */ get nodeId() {
+        return this.config.nodeId;
+    }
+    /**
+   * Start running tasks.
+   * Cleanup runs immediately on start to recover from any previous crashes.
+   */ /**
+   * Start the background cleanup task.
+   * Also performs one-time cleanup of duties with outdated rollup addresses.
+   */ async start() {
+        // One-time cleanup at startup: remove duties from previous rollup versions
+        const numOutdatedRollupDuties = await this.db.cleanupOutdatedRollupDuties(this.config.l1Contracts.rollupAddress);
+        if (numOutdatedRollupDuties > 0) {
+            this.log.info(`Cleaned up ${numOutdatedRollupDuties} duties with outdated rollup address at startup`, {
+                currentRollupAddress: this.config.l1Contracts.rollupAddress.toString()
+            });
+            this.metrics.recordCleanup('outdated_rollup', numOutdatedRollupDuties);
+        }
+        this.cleanupRunningPromise.start();
+        this.log.info('Slashing protection service started', {
+            nodeId: this.config.nodeId
+        });
+    }
+    /**
+   * Stop the background cleanup task.
+   */ async stop() {
+        await this.cleanupRunningPromise.stop();
+        this.log.info('Slashing protection service stopped', {
+            nodeId: this.config.nodeId
+        });
+    }
+    /**
+   * Close the database connection.
+   * Should be called after stop() during graceful shutdown.
+   */ async close() {
+        await this.db.close();
+        this.log.info('Slashing protection database connection closed');
+    }
+    /**
+   * Periodic cleanup of stuck duties and optionally old signed duties.
+   * Runs in the background via RunningPromise.
+   */ async cleanup() {
+        // 1. Clean up stuck duties (our own node's duties that got stuck in 'signing' status)
+        const numStuckDuties = await this.db.cleanupOwnStuckDuties(this.config.nodeId, this.maxStuckDutiesAgeMs);
+        if (numStuckDuties > 0) {
+            this.log.verbose(`Cleaned up ${numStuckDuties} stuck duties`, {
+                nodeId: this.config.nodeId,
+                maxStuckDutiesAgeMs: this.maxStuckDutiesAgeMs
+            });
+            this.metrics.recordCleanup('stuck', numStuckDuties);
+        }
+        // 2. Clean up old signed duties if configured
+        // we shouldn't run this as often as stuck duty cleanup.
+        if (this.config.cleanupOldDutiesAfterHours !== undefined) {
+            const maxAgeMs = this.config.cleanupOldDutiesAfterHours * 60 * 60 * 1000;
+            const nowMs = this.dateProvider.now();
+            const shouldRun = this.lastOldDutiesCleanupAtMs === undefined || nowMs - this.lastOldDutiesCleanupAtMs >= maxAgeMs;
+            if (shouldRun) {
+                const numOldDuties = await this.db.cleanupOldDuties(maxAgeMs);
+                this.lastOldDutiesCleanupAtMs = nowMs;
+                if (numOldDuties > 0) {
+                    this.log.verbose(`Cleaned up ${numOldDuties} old signed duties`, {
+                        cleanupOldDutiesAfterHours: this.config.cleanupOldDutiesAfterHours,
+                        maxAgeMs
+                    });
+                    this.metrics.recordCleanup('old', numOldDuties);
+                }
+            }
+        }
+    }
+}

package/dest/test/pglite_pool.d.ts

@@ -0,0 +1,92 @@
+/**
+ * Vendored pg-compatible Pool/Client wrapper for PGlite.
+ *
+ * Copied from @middle-management/pglite-pg-adapter v0.0.3
+ * https://www.npmjs.com/package/@middle-management/pglite-pg-adapter
+ *
+ * Modifications:
+ * - Converted to ESM and TypeScript
+ * - Uses PGliteInterface instead of PGlite class to avoid TypeScript
+ *   type mismatches from ESM/CJS dual package resolution with private fields
+ * - Simplified rowCount calculation to handle CTEs properly
+ */
+import type { PGliteInterface } from '@electric-sql/pglite';
+import { EventEmitter } from 'events';
+import type { QueryResult, QueryResultRow } from 'pg';
+import { Readable, Writable } from 'stream';
+export interface PoolConfig {
+    pglite: PGliteInterface;
+    max?: number;
+    min?: number;
+}
+interface ClientConfig {
+    pglite: PGliteInterface;
+    host?: string;
+    port?: number;
+    ssl?: boolean;
+}
+export declare class Client extends EventEmitter {
+    protected pglite: PGliteInterface;
+    protected _connected: boolean;
+    readonly host: string;
+    readonly port: number;
+    readonly ssl: boolean;
+    readonly connection: object;
+    readonly copyFrom: () => Writable;
+    readonly copyTo: () => Readable;
+    readonly pauseDrain: () => void;
+    readonly resumeDrain: () => void;
+    readonly escapeLiteral: (str: string) => string;
+    readonly escapeIdentifier: (str: string) => string;
+    readonly setTypeParser: () => void;
+    readonly getTypeParser: () => (value: string) => unknown;
+    constructor(config: ClientConfig);
+    connect(): Promise<void>;
+    end(): Promise<void>;
+    query<R extends QueryResultRow = any>(text: string, values?: any[]): Promise<QueryResult<R>>;
+    protected convertPGliteResult<R extends QueryResultRow>(result: {
+        rows: R[];
+        fields: Array<{
+            name: string;
+            dataTypeID: number;
+        }>;
+        affectedRows?: number;
+    }): QueryResult<R>;
+    get connected(): boolean;
+}
+export declare class Pool extends EventEmitter {
+    private clients;
+    private availableClients;
+    private waitingQueue;
+    private _ended;
+    private pglite;
+    private _config;
+    readonly expiredCount = 0;
+    readonly options: PoolConfig;
+    constructor(config: PoolConfig);
+    get totalCount(): number;
+    get idleCount(): number;
+    get waitingCount(): number;
+    get ending(): boolean;
+    get ended(): boolean;
+    connect(): Promise<PoolClient>;
+    query<R extends QueryResultRow = any>(text: string, values?: any[]): Promise<QueryResult<R>>;
+    releaseClient(client: PoolClient): void;
+    end(): Promise<void>;
+}
+export declare class PoolClient extends Client {
+    private pool;
+    private _released;
+    private _inUse;
+    private _userReleased;
+    constructor(pglite: PGliteInterface, pool: Pool);
+    query<R extends QueryResultRow = any>(text: string, values?: any[]): Promise<QueryResult<R>>;
+    release(): void;
+    end(): Promise<void>;
+    _markInUse(): void;
+    _markAvailable(): void;
+    _markReleased(): void;
+    get connected(): boolean;
+}
+export {};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGdsaXRlX3Bvb2wuZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy90ZXN0L3BnbGl0ZV9wb29sLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOzs7Ozs7Ozs7OztHQVdHO0FBQ0gsT0FBTyxLQUFLLEVBQUUsZUFBZSxFQUFFLE1BQU0sc0JBQXNCLENBQUM7QUFDNUQsT0FBTyxFQUFFLFlBQVksRUFBRSxNQUFNLFFBQVEsQ0FBQztBQUN0QyxPQUFPLEtBQUssRUFBRSxXQUFXLEVBQUUsY0FBYyxFQUFFLE1BQU0sSUFBSSxDQUFDO0FBQ3RELE9BQU8sRUFBRSxRQUFRLEVBQUUsUUFBUSxFQUFFLE1BQU0sUUFBUSxDQUFDO0FBRTVDLE1BQU0sV0FBVyxVQUFVO0lBQ3pCLE1BQU0sRUFBRSxlQUFlLENBQUM7SUFDeEIsR0FBRyxDQUFDLEVBQUUsTUFBTSxDQUFDO0lBQ2IsR0FBRyxDQUFDLEVBQUUsTUFBTSxDQUFDO0NBQ2Q7QUFFRCxVQUFVLFlBQVk7SUFDcEIsTUFBTSxFQUFFLGVBQWUsQ0FBQztJQUN4QixJQUFJLENBQUMsRUFBRSxNQUFNLENBQUM7SUFDZCxJQUFJLENBQUMsRUFBRSxNQUFNLENBQUM7SUFDZCxHQUFHLENBQUMsRUFBRSxPQUFPLENBQUM7Q0FDZjtBQUVELHFCQUFhLE1BQU8sU0FBUSxZQUFZO0lBQ3RDLFNBQVMsQ0FBQyxNQUFNLEVBQUUsZUFBZSxDQUFDO0lBQ2xDLFNBQVMsQ0FBQyxVQUFVLFVBQVM7SUFDN0IsUUFBUSxDQUFDLElBQUksRUFBRSxNQUFNLENBQUM7SUFDdEIsUUFBUSxDQUFDLElBQUksRUFBRSxNQUFNLENBQUM7SUFDdEIsUUFBUSxDQUFDLEdBQUcsRUFBRSxPQUFPLENBQUM7SUFDdEIsUUFBUSxDQUFDLFVBQVUsRUFBRSxNQUFNLENBQUM7SUFHNUIsUUFBUSxDQUFDLFFBQVEsaUJBQWtDO0lBQ25ELFFBQVEsQ0FBQyxNQUFNLGlCQUFrQztJQUNqRCxRQUFRLENBQUMsVUFBVSxhQUFrQjtJQUNyQyxRQUFRLENBQUMsV0FBVyxhQUFrQjtJQUN0QyxRQUFRLENBQUMsYUFBYSwwQkFBMkQ7SUFDakYsUUFBUSxDQUFDLGdCQUFnQiwwQkFBMkQ7SUFDcEYsUUFBUSxDQUFDLGFBQWEsYUFBa0I7SUFDeEMsUUFBUSxDQUFDLGFBQWEsbUNBQWdFO0lBRXRGLFlBQVksTUFBTSxFQUFFLFlBQVksRUFPL0I7SUFFRCxPQUFPLElBQUksT0FBTyxDQUFDLElBQUksQ0FBQyxDQU92QjtJQUVELEdBQUcsSUFBSSxPQUFPLENBQUMsSUFBSSxDQUFDLENBT25CO0lBRUssS0FBSyxDQUFDLENBQUMsU0FBUyxjQUFjLEdBQUcsR0FBRyxFQUFFLElBQUksRUFBRSxNQUFNLEVBQUUsTUFBTSxDQUFDLEVBQUUsR0FBRyxFQUFFLEdBQUcsT0FBTyxDQUFDLFdBQVcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQU1qRztJQUVELFNBQVMsQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDLFNBQVMsY0FBYyxFQUFFLE1BQU0sRUFBRTtRQUM5RCxJQUFJLEVBQUUsQ0FBQyxFQUFFLENBQUM7UUFDVixNQUFNLEVBQUUsS0FBSyxDQUFDO1lBQUUsSUFBSSxFQUFFLE1BQU0sQ0FBQztZQUFDLFVBQVUsRUFBRSxNQUFNLENBQUE7U0FBRSxDQUFDLENBQUM7UUFDcEQsWUFBWSxDQUFDLEVBQUUsTUFBTSxDQUFDO0tBQ3ZCLEdBQUcsV0FBVyxDQUFDLENBQUMsQ0FBQyxDQWdCakI7SUFFRCxJQUFJLFNBQVMsSUFBSSxPQUFPLENBRXZCO0NBQ0Y7QUFFRCxxQkFBYSxJQUFLLFNBQVEsWUFBWTtJQUNwQyxPQUFPLENBQUMsT0FBTyxDQUFvQjtJQUNuQyxPQUFPLENBQUMsZ0JBQWdCLENBQW9CO0lBQzVDLE9BQU8sQ0FBQyxZQUFZLENBQTJDO0lBQy9ELE9BQU8sQ0FBQyxNQUFNLENBQVM7SUFDdkIsT0FBTyxDQUFDLE1BQU0sQ0FBa0I7SUFDaEMsT0FBTyxDQUFDLE9BQU8sQ0FBYTtJQUU1QixRQUFRLENBQUMsWUFBWSxLQUFLO0lBQzFCLFFBQVEsQ0FBQyxPQUFPLEVBQUUsVUFBVSxDQUFDO0lBRTdCLFlBQVksTUFBTSxFQUFFLFVBQVUsRUFLN0I7SUFFRCxJQUFJLFVBQVUsSUFBSSxNQUFNLENBRXZCO0lBRUQsSUFBSSxTQUFTLElBQUksTUFBTSxDQUV0QjtJQUVELElBQUksWUFBWSxJQUFJLE1BQU0sQ0FFekI7SUFFRCxJQUFJLE1BQU0sSUFBSSxPQUFPLENBRXBCO0lBRUQsSUFBSSxLQUFLLElBQUksT0FBTyxDQUVuQjtJQUVELE9BQU8sSUFBSSxPQUFPLENBQUMsVUFBVSxDQUFDLENBb0I3QjtJQUVLLEtBQUssQ0FBQyxDQUFDLFNBQVMsY0FBYyxHQUFHLEdBQUcsRUFBRSxJQUFJLEVBQUUsTUFBTSxFQUFFLE1BQU0sQ0FBQyxFQUFFLEdBQUcsRUFBRSxHQUFHLE9BQU8sQ0FBQyxXQUFXLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FPakc7SUFFRCxhQUFhLENBQUMsTUFBTSxFQUFFLFVBQVUsR0FBRyxJQUFJLENBWXRDO0lBRUQsR0FBRyxJQUFJLE9BQU8sQ0FBQyxJQUFJLENBQUMsQ0FPbkI7Q0FDRjtBQUVELHFCQUFhLFVBQVcsU0FBUSxNQUFNO0lBQ3BDLE9BQU8sQ0FBQyxJQUFJLENBQU87SUFDbkIsT0FBTyxDQUFDLFNBQVMsQ0FBUztJQUMxQixPQUFPLENBQUMsTUFBTSxDQUFRO0lBQ3RCLE9BQU8sQ0FBQyxhQUFhLENBQVM7SUFFOUIsWUFBWSxNQUFNLEVBQUUsZUFBZSxFQUFFLElBQUksRUFBRSxJQUFJLEVBSTlDO0lBRWMsS0FBSyxDQUFDLENBQUMsU0FBUyxjQUFjLEdBQUcsR0FBRyxFQUFFLElBQUksRUFBRSxNQUFNLEVBQUUsTUFBTSxDQUFDLEVBQUUsR0FBRyxFQUFFLEdBQUcsT0FBTyxDQUFDLFdBQVcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQU0xRztJQUVELE9BQU8sSUFBSSxJQUFJLENBTWQ7SUFFUSxHQUFHLElBQUksT0FBTyxDQUFDLElBQUksQ0FBQyxDQUc1QjtJQUVELFVBQVUsSUFBSSxJQUFJLENBR2pCO0lBRUQsY0FBYyxJQUFJLElBQUksQ0FHckI7SUFFRCxhQUFhLElBQUksSUFBSSxDQUlwQjtJQUVELElBQWEsU0FBUyxJQUFJLE9BQU8sQ0FFaEM7Q0FDRiJ9

package/dest/test/pglite_pool.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pglite_pool.d.ts","sourceRoot":"","sources":["../../src/test/pglite_pool.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AACH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AACtC,OAAO,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,IAAI,CAAC;AACtD,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,QAAQ,CAAC;AAE5C,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,eAAe,CAAC;IACxB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,UAAU,YAAY;IACpB,MAAM,EAAE,eAAe,CAAC;IACxB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,OAAO,CAAC;CACf;AAED,qBAAa,MAAO,SAAQ,YAAY;IACtC,SAAS,CAAC,MAAM,EAAE,eAAe,CAAC;IAClC,SAAS,CAAC,UAAU,UAAS;IAC7B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC;IACtB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAG5B,QAAQ,CAAC,QAAQ,iBAAkC;IACnD,QAAQ,CAAC,MAAM,iBAAkC;IACjD,QAAQ,CAAC,UAAU,aAAkB;IACrC,QAAQ,CAAC,WAAW,aAAkB;IACtC,QAAQ,CAAC,aAAa,0BAA2D;IACjF,QAAQ,CAAC,gBAAgB,0BAA2D;IACpF,QAAQ,CAAC,aAAa,aAAkB;IACxC,QAAQ,CAAC,aAAa,mCAAgE;IAEtF,YAAY,MAAM,EAAE,YAAY,EAO/B;IAED,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,CAOvB;IAED,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC,CAOnB;IAEK,KAAK,CAAC,CAAC,SAAS,cAAc,GAAG,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAMjG;IAED,SAAS,CAAC,mBAAmB,CAAC,CAAC,SAAS,cAAc,EAAE,MAAM,EAAE;QAC9D,IAAI,EAAE,CAAC,EAAE,CAAC;QACV,MAAM,EAAE,KAAK,CAAC;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,UAAU,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;QACpD,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,GAAG,WAAW,CAAC,CAAC,CAAC,CAgBjB;IAED,IAAI,SAAS,IAAI,OAAO,CAEvB;CACF;AAED,qBAAa,IAAK,SAAQ,YAAY;IACpC,OAAO,CAAC,OAAO,CAAoB;IACnC,OAAO,CAAC,gBAAgB,CAAoB;IAC5C,OAAO,CAAC,YAAY,CAA2C;IAC/D,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,MAAM,CAAkB;IAChC,OAAO,CAAC,OAAO,CAAa;IAE5B,QAAQ,CAAC,YAAY,KAAK;IAC1B,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC;IAE7B,YAAY,MAAM,EAAE,UAAU,EAK7B;IAED,IAAI,UAAU,IAAI,MAAM,CAEvB;IAED,IAAI,SAAS,IAAI,MAAM,CAEtB;IAED,IAAI,YAAY,IAAI,MAAM,CAEzB;IAED,IAAI,MAAM,IAAI,OAAO,CAEpB;IAED,IAAI,KAAK,IAAI,OAAO,CAEnB;IAED,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,CAoB7B;IAEK,KAAK,CAAC,CAAC,SAAS,cAAc,GAAG,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAOjG;IAED,aAAa,CAAC,MAAM,EAAE,UAAU,GAAG,IAAI,CAYtC;IAED,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC,CAOnB;CACF;AAED,qBAAa,UAAW,SAAQ,MAAM;IACpC,OAAO,CAAC,IAAI,CAAO;IACnB,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,MAAM,CAAQ;IACtB,OAAO,CAAC,aAAa,CAAS;IAE9B,YAAY,MAAM,EAAE,eAAe,EAAE,IAAI,EAAE,IAAI,EAI9C;IAEc,KAAK,CAAC,CAAC,SAAS,cAAc,GAAG,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAM1G;IAED,OAAO,IAAI,IAAI,CAMd;IAEQ,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC,CAG5B;IAED,UAAU,IAAI,IAAI,CAGjB;IAED,cAAc,IAAI,IAAI,CAGrB;IAED,aAAa,IAAI,IAAI,CAIpB;IAED,IAAa,SAAS,IAAI,OAAO,CAEhC;CACF"}