@aztec/validator-ha-signer 0.0.1-commit.023c3e5

package/dest/factory.d.ts

@@ -0,0 +1,42 @@
+import type { ValidatorHASignerConfig } from './config.js';
+import type { CreateHASignerDeps, SlashingProtectionDatabase } from './types.js';
+import { ValidatorHASigner } from './validator_ha_signer.js';
+/**
+ * Create a validator HA signer with PostgreSQL backend
+ *
+ * After creating the signer, call `signer.start()` to begin background
+ * cleanup tasks. Call `signer.stop()` during graceful shutdown.
+ *
+ * Example with manual migrations (recommended for production):
+ * ```bash
+ * # Run migrations separately
+ * yarn migrate:up
+ * ```
+ *
+ * ```typescript
+ * const { signer, db } = await createHASigner({
+ *   databaseUrl: process.env.DATABASE_URL,
+ *   haSigningEnabled: true,
+ *   nodeId: 'validator-node-1',
+ *   pollingIntervalMs: 100,
+ *   signingTimeoutMs: 3000,
+ * });
+ * signer.start(); // Start background cleanup
+ *
+ * // ... use signer ...
+ *
+ * await signer.stop(); // On shutdown
+ * ```
+ *
+ * Note: Migrations must be run separately using `aztec migrate-ha-db up` before
+ * creating the signer. The factory will verify the schema is initialized via `db.initialize()`.
+ *
+ * @param config - Configuration for the HA signer
+ * @param deps - Optional dependencies (e.g., for testing)
+ * @returns An object containing the signer and database instances
+ */
+export declare function createHASigner(config: ValidatorHASignerConfig, deps?: CreateHASignerDeps): Promise<{
+    signer: ValidatorHASigner;
+    db: SlashingProtectionDatabase;
+}>;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZmFjdG9yeS5kLnRzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL2ZhY3RvcnkudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBS0EsT0FBTyxLQUFLLEVBQUUsdUJBQXVCLEVBQUUsTUFBTSxhQUFhLENBQUM7QUFFM0QsT0FBTyxLQUFLLEVBQUUsa0JBQWtCLEVBQUUsMEJBQTBCLEVBQUUsTUFBTSxZQUFZLENBQUM7QUFDakYsT0FBTyxFQUFFLGlCQUFpQixFQUFFLE1BQU0sMEJBQTBCLENBQUM7QUFFN0Q7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztHQWlDRztBQUNILHdCQUFzQixjQUFjLENBQ2xDLE1BQU0sRUFBRSx1QkFBdUIsRUFDL0IsSUFBSSxDQUFDLEVBQUUsa0JBQWtCLEdBQ3hCLE9BQU8sQ0FBQztJQUNULE1BQU0sRUFBRSxpQkFBaUIsQ0FBQztJQUMxQixFQUFFLEVBQUUsMEJBQTBCLENBQUM7Q0FDaEMsQ0FBQyxDQStCRCJ9

package/dest/factory.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"factory.d.ts","sourceRoot":"","sources":["../src/factory.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAC;AAE3D,OAAO,KAAK,EAAE,kBAAkB,EAAE,0BAA0B,EAAE,MAAM,YAAY,CAAC;AACjF,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAE7D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,wBAAsB,cAAc,CAClC,MAAM,EAAE,uBAAuB,EAC/B,IAAI,CAAC,EAAE,kBAAkB,GACxB,OAAO,CAAC;IACT,MAAM,EAAE,iBAAiB,CAAC;IAC1B,EAAE,EAAE,0BAA0B,CAAC;CAChC,CAAC,CA+BD"}

package/dest/factory.js

@@ -0,0 +1,70 @@
+/**
+ * Factory functions for creating validator HA signers
+ */ import { Pool } from 'pg';
+import { PostgresSlashingProtectionDatabase } from './db/postgres.js';
+import { ValidatorHASigner } from './validator_ha_signer.js';
+/**
+ * Create a validator HA signer with PostgreSQL backend
+ *
+ * After creating the signer, call `signer.start()` to begin background
+ * cleanup tasks. Call `signer.stop()` during graceful shutdown.
+ *
+ * Example with manual migrations (recommended for production):
+ * ```bash
+ * # Run migrations separately
+ * yarn migrate:up
+ * ```
+ *
+ * ```typescript
+ * const { signer, db } = await createHASigner({
+ *   databaseUrl: process.env.DATABASE_URL,
+ *   haSigningEnabled: true,
+ *   nodeId: 'validator-node-1',
+ *   pollingIntervalMs: 100,
+ *   signingTimeoutMs: 3000,
+ * });
+ * signer.start(); // Start background cleanup
+ *
+ * // ... use signer ...
+ *
+ * await signer.stop(); // On shutdown
+ * ```
+ *
+ * Note: Migrations must be run separately using `aztec migrate-ha-db up` before
+ * creating the signer. The factory will verify the schema is initialized via `db.initialize()`.
+ *
+ * @param config - Configuration for the HA signer
+ * @param deps - Optional dependencies (e.g., for testing)
+ * @returns An object containing the signer and database instances
+ */ export async function createHASigner(config, deps) {
+    const { databaseUrl, poolMaxCount, poolMinCount, poolIdleTimeoutMs, poolConnectionTimeoutMs, ...signerConfig } = config;
+    if (!databaseUrl) {
+        throw new Error('databaseUrl is required for createHASigner');
+    }
+    // Create connection pool (or use provided pool)
+    let pool;
+    if (!deps?.pool) {
+        pool = new Pool({
+            connectionString: databaseUrl,
+            max: poolMaxCount ?? 10,
+            min: poolMinCount ?? 0,
+            idleTimeoutMillis: poolIdleTimeoutMs ?? 10_000,
+            connectionTimeoutMillis: poolConnectionTimeoutMs ?? 0
+        });
+    } else {
+        pool = deps.pool;
+    }
+    // Create database instance
+    const db = new PostgresSlashingProtectionDatabase(pool);
+    // Verify database schema is initialized and version matches
+    await db.initialize();
+    // Create signer
+    const signer = new ValidatorHASigner(db, {
+        ...signerConfig,
+        databaseUrl
+    });
+    return {
+        signer,
+        db
+    };
+}

package/dest/migrations.d.ts

@@ -0,0 +1,15 @@
+export interface RunMigrationsOptions {
+    /** Migration direction ('up' to apply, 'down' to rollback). Defaults to 'up'. */
+    direction?: 'up' | 'down';
+    /** Enable verbose output. Defaults to false. */
+    verbose?: boolean;
+}
+/**
+ * Run database migrations programmatically
+ *
+ * @param databaseUrl - PostgreSQL connection string
+ * @param options - Migration options (direction, verbose)
+ * @returns Array of applied migration names
+ */
+export declare function runMigrations(databaseUrl: string, options?: RunMigrationsOptions): Promise<string[]>;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibWlncmF0aW9ucy5kLnRzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL21pZ3JhdGlvbnMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBYUEsTUFBTSxXQUFXLG9CQUFvQjtJQUNuQyxpRkFBaUY7SUFDakYsU0FBUyxDQUFDLEVBQUUsSUFBSSxHQUFHLE1BQU0sQ0FBQztJQUMxQixnREFBZ0Q7SUFDaEQsT0FBTyxDQUFDLEVBQUUsT0FBTyxDQUFDO0NBQ25CO0FBRUQ7Ozs7OztHQU1HO0FBQ0gsd0JBQXNCLGFBQWEsQ0FBQyxXQUFXLEVBQUUsTUFBTSxFQUFFLE9BQU8sR0FBRSxvQkFBeUIsR0FBRyxPQUFPLENBQUMsTUFBTSxFQUFFLENBQUMsQ0ErQzlHIn0=

package/dest/migrations.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"migrations.d.ts","sourceRoot":"","sources":["../src/migrations.ts"],"names":[],"mappings":"AAaA,MAAM,WAAW,oBAAoB;IACnC,iFAAiF;IACjF,SAAS,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC;IAC1B,gDAAgD;IAChD,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;;;;;GAMG;AACH,wBAAsB,aAAa,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,GAAE,oBAAyB,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CA+C9G"}

package/dest/migrations.js

@@ -0,0 +1,53 @@
+/**
+ * Programmatic migration runner
+ */ import { createLogger } from '@aztec/foundation/log';
+import { readdirSync } from 'fs';
+import { runner } from 'node-pg-migrate';
+import { dirname, join } from 'path';
+import { fileURLToPath } from 'url';
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+/**
+ * Run database migrations programmatically
+ *
+ * @param databaseUrl - PostgreSQL connection string
+ * @param options - Migration options (direction, verbose)
+ * @returns Array of applied migration names
+ */ export async function runMigrations(databaseUrl, options = {}) {
+    const direction = options.direction ?? 'up';
+    const verbose = options.verbose ?? false;
+    const log = createLogger('validator-ha-signer:migrations');
+    const migrationsDir = join(__dirname, 'db', 'migrations');
+    try {
+        log.info(`Running migrations ${direction}...`);
+        // Filter out .d.ts and .d.ts.map files - node-pg-migrate only needs .js files
+        const migrationFiles = readdirSync(migrationsDir);
+        const jsMigrationFiles = migrationFiles.filter((file)=>file.endsWith('.js') && !file.endsWith('.d.ts') && !file.endsWith('.d.ts.map'));
+        if (jsMigrationFiles.length === 0) {
+            log.info('No migration files found');
+            return [];
+        }
+        const appliedMigrations = await runner({
+            databaseUrl,
+            dir: migrationsDir,
+            direction,
+            migrationsTable: 'pgmigrations',
+            count: direction === 'down' ? 1 : Infinity,
+            verbose,
+            log: (msg)=>verbose ? log.info(msg) : log.debug(msg),
+            // Ignore TypeScript declaration files - node-pg-migrate will try to import them otherwise
+            ignorePattern: '.*\\.d\\.(ts|js)$|.*\\.d\\.ts\\.map$'
+        });
+        if (appliedMigrations.length === 0) {
+            log.info('No migrations to apply - schema is up to date');
+        } else {
+            log.info(`Applied ${appliedMigrations.length} migration(s)`, {
+                migrations: appliedMigrations.map((m)=>m.name)
+            });
+        }
+        return appliedMigrations.map((m)=>m.name);
+    } catch (error) {
+        log.error('Migration failed', error);
+        throw error;
+    }
+}

package/dest/slashing_protection_service.d.ts

@@ -0,0 +1,80 @@
+import { type CheckAndRecordParams, type DeleteDutyParams, type RecordSuccessParams } from './db/types.js';
+import type { SlashingProtectionDatabase, ValidatorHASignerConfig } from './types.js';
+/**
+ * Slashing Protection Service
+ *
+ * This service ensures that a validator only signs one block/attestation per slot,
+ * even when running multiple redundant nodes (HA setup).
+ *
+ * All nodes in the HA setup try to sign - the first one wins, others get
+ * DutyAlreadySignedError (normal) or SlashingProtectionError (if different data).
+ *
+ * Flow:
+ * 1. checkAndRecord() - Atomically try to acquire lock via tryInsertOrGetExisting
+ * 2. Caller performs the signing operation
+ * 3. recordSuccess() - Update to 'signed' status with signature
+ *    OR deleteDuty() - Delete the record to allow retry
+ */
+export declare class SlashingProtectionService {
+    private readonly db;
+    private readonly config;
+    private readonly log;
+    private readonly pollingIntervalMs;
+    private readonly signingTimeoutMs;
+    private readonly maxStuckDutiesAgeMs;
+    private cleanupRunningPromise;
+    constructor(db: SlashingProtectionDatabase, config: ValidatorHASignerConfig);
+    /**
+     * Check if a duty can be performed and acquire the lock if so.
+     *
+     * This method uses an atomic insert-or-get operation.
+     * It will:
+     * 1. Try to insert a new record with 'signing' status
+     * 2. If insert succeeds, we acquired the lock - return the lockToken
+     * 3. If a record exists, handle based on status:
+     *    - SIGNED: Throw appropriate error (already signed or slashing protection)
+     *    - FAILED: Delete the failed record
+     *    - SIGNING: Wait and poll until status changes, then handle result
+     *
+     * @returns The lockToken that must be used for recordSuccess/deleteDuty
+     * @throws DutyAlreadySignedError if the duty was already completed
+     * @throws SlashingProtectionError if attempting to sign different data for same slot/duty
+     */
+    checkAndRecord(params: CheckAndRecordParams): Promise<string>;
+    /**
+     * Record a successful signing operation.
+     * Updates the duty status to 'signed' and stores the signature.
+     * Only succeeds if the lockToken matches (caller must be the one who created the duty).
+     *
+     * @returns true if the update succeeded, false if token didn't match
+     */
+    recordSuccess(params: RecordSuccessParams): Promise<boolean>;
+    /**
+     * Delete a duty record after a failed signing operation.
+     * Removes the record to allow another node/attempt to retry.
+     * Only succeeds if the lockToken matches (caller must be the one who created the duty).
+     *
+     * @returns true if the delete succeeded, false if token didn't match
+     */
+    deleteDuty(params: DeleteDutyParams): Promise<boolean>;
+    /**
+     * Get the node ID for this service
+     */
+    get nodeId(): string;
+    /**
+     * Start running tasks.
+     * Cleanup runs immediately on start to recover from any previous crashes.
+     */
+    start(): void;
+    /**
+     * Stop the background cleanup task.
+     */
+    stop(): Promise<void>;
+    /**
+     * Close the database connection.
+     * Should be called after stop() during graceful shutdown.
+     */
+    close(): Promise<void>;
+    private cleanupStuckDuties;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2xhc2hpbmdfcHJvdGVjdGlvbl9zZXJ2aWNlLmQudHMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvc2xhc2hpbmdfcHJvdGVjdGlvbl9zZXJ2aWNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQVVBLE9BQU8sRUFDTCxLQUFLLG9CQUFvQixFQUN6QixLQUFLLGdCQUFnQixFQUVyQixLQUFLLG1CQUFtQixFQUV6QixNQUFNLGVBQWUsQ0FBQztBQUV2QixPQUFPLEtBQUssRUFBRSwwQkFBMEIsRUFBRSx1QkFBdUIsRUFBRSxNQUFNLFlBQVksQ0FBQztBQUV0Rjs7Ozs7Ozs7Ozs7Ozs7R0FjRztBQUNILHFCQUFhLHlCQUF5QjtJQVNsQyxPQUFPLENBQUMsUUFBUSxDQUFDLEVBQUU7SUFDbkIsT0FBTyxDQUFDLFFBQVEsQ0FBQyxNQUFNO0lBVHpCLE9BQU8sQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFTO0lBQzdCLE9BQU8sQ0FBQyxRQUFRLENBQUMsaUJBQWlCLENBQVM7SUFDM0MsT0FBTyxDQUFDLFFBQVEsQ0FBQyxnQkFBZ0IsQ0FBUztJQUMxQyxPQUFPLENBQUMsUUFBUSxDQUFDLG1CQUFtQixDQUFTO0lBRTdDLE9BQU8sQ0FBQyxxQkFBcUIsQ0FBaUI7SUFFOUMsWUFDbUIsRUFBRSxFQUFFLDBCQUEwQixFQUM5QixNQUFNLEVBQUUsdUJBQXVCLEVBYWpEO0lBRUQ7Ozs7Ozs7Ozs7Ozs7OztPQWVHO0lBQ0csY0FBYyxDQUFDLE1BQU0sRUFBRSxvQkFBb0IsR0FBRyxPQUFPLENBQUMsTUFBTSxDQUFDLENBaUVsRTtJQUVEOzs7Ozs7T0FNRztJQUNHLGFBQWEsQ0FBQyxNQUFNLEVBQUUsbUJBQW1CLEdBQUcsT0FBTyxDQUFDLE9BQU8sQ0FBQyxDQTBCakU7SUFFRDs7Ozs7O09BTUc7SUFDRyxVQUFVLENBQUMsTUFBTSxFQUFFLGdCQUFnQixHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsQ0FpQjNEO0lBRUQ7O09BRUc7SUFDSCxJQUFJLE1BQU0sSUFBSSxNQUFNLENBRW5CO0lBRUQ7OztPQUdHO0lBQ0gsS0FBSyxTQUdKO0lBRUQ7O09BRUc7SUFDRyxJQUFJLGtCQUdUO0lBRUQ7OztPQUdHO0lBQ0csS0FBSyxrQkFHVjtZQUthLGtCQUFrQjtDQVNqQyJ9

package/dest/slashing_protection_service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"slashing_protection_service.d.ts","sourceRoot":"","sources":["../src/slashing_protection_service.ts"],"names":[],"mappings":"AAUA,OAAO,EACL,KAAK,oBAAoB,EACzB,KAAK,gBAAgB,EAErB,KAAK,mBAAmB,EAEzB,MAAM,eAAe,CAAC;AAEvB,OAAO,KAAK,EAAE,0BAA0B,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAEtF;;;;;;;;;;;;;;GAcG;AACH,qBAAa,yBAAyB;IASlC,OAAO,CAAC,QAAQ,CAAC,EAAE;IACnB,OAAO,CAAC,QAAQ,CAAC,MAAM;IATzB,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAS;IAC7B,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAS;IAC3C,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAS;IAC1C,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAS;IAE7C,OAAO,CAAC,qBAAqB,CAAiB;IAE9C,YACmB,EAAE,EAAE,0BAA0B,EAC9B,MAAM,EAAE,uBAAuB,EAajD;IAED;;;;;;;;;;;;;;;OAeG;IACG,cAAc,CAAC,MAAM,EAAE,oBAAoB,GAAG,OAAO,CAAC,MAAM,CAAC,CAiElE;IAED;;;;;;OAMG;IACG,aAAa,CAAC,MAAM,EAAE,mBAAmB,GAAG,OAAO,CAAC,OAAO,CAAC,CA0BjE;IAED;;;;;;OAMG;IACG,UAAU,CAAC,MAAM,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC,CAiB3D;IAED;;OAEG;IACH,IAAI,MAAM,IAAI,MAAM,CAEnB;IAED;;;OAGG;IACH,KAAK,SAGJ;IAED;;OAEG;IACG,IAAI,kBAGT;IAED;;;OAGG;IACG,KAAK,kBAGV;YAKa,kBAAkB;CASjC"}

package/dest/slashing_protection_service.js

@@ -0,0 +1,196 @@
+/**
+ * Slashing Protection Service
+ *
+ * Provides distributed locking and slashing protection for validator duties.
+ * Uses an external database to coordinate across multiple validator nodes.
+ */ import { createLogger } from '@aztec/foundation/log';
+import { RunningPromise } from '@aztec/foundation/promise';
+import { sleep } from '@aztec/foundation/sleep';
+import { DutyStatus, getBlockIndexFromDutyIdentifier } from './db/types.js';
+import { DutyAlreadySignedError, SlashingProtectionError } from './errors.js';
+/**
+ * Slashing Protection Service
+ *
+ * This service ensures that a validator only signs one block/attestation per slot,
+ * even when running multiple redundant nodes (HA setup).
+ *
+ * All nodes in the HA setup try to sign - the first one wins, others get
+ * DutyAlreadySignedError (normal) or SlashingProtectionError (if different data).
+ *
+ * Flow:
+ * 1. checkAndRecord() - Atomically try to acquire lock via tryInsertOrGetExisting
+ * 2. Caller performs the signing operation
+ * 3. recordSuccess() - Update to 'signed' status with signature
+ *    OR deleteDuty() - Delete the record to allow retry
+ */ export class SlashingProtectionService {
+    db;
+    config;
+    log;
+    pollingIntervalMs;
+    signingTimeoutMs;
+    maxStuckDutiesAgeMs;
+    cleanupRunningPromise;
+    constructor(db, config){
+        this.db = db;
+        this.config = config;
+        this.log = createLogger('slashing-protection');
+        this.pollingIntervalMs = config.pollingIntervalMs;
+        this.signingTimeoutMs = config.signingTimeoutMs;
+        // Default to 144s (2x 72s Aztec slot duration) if not explicitly configured
+        this.maxStuckDutiesAgeMs = config.maxStuckDutiesAgeMs ?? 144_000;
+        this.cleanupRunningPromise = new RunningPromise(this.cleanupStuckDuties.bind(this), this.log, this.maxStuckDutiesAgeMs);
+    }
+    /**
+   * Check if a duty can be performed and acquire the lock if so.
+   *
+   * This method uses an atomic insert-or-get operation.
+   * It will:
+   * 1. Try to insert a new record with 'signing' status
+   * 2. If insert succeeds, we acquired the lock - return the lockToken
+   * 3. If a record exists, handle based on status:
+   *    - SIGNED: Throw appropriate error (already signed or slashing protection)
+   *    - FAILED: Delete the failed record
+   *    - SIGNING: Wait and poll until status changes, then handle result
+   *
+   * @returns The lockToken that must be used for recordSuccess/deleteDuty
+   * @throws DutyAlreadySignedError if the duty was already completed
+   * @throws SlashingProtectionError if attempting to sign different data for same slot/duty
+   */ async checkAndRecord(params) {
+        const { validatorAddress, slot, dutyType, messageHash, nodeId } = params;
+        const startTime = Date.now();
+        this.log.debug(`Checking duty: ${dutyType} for slot ${slot}`, {
+            validatorAddress: validatorAddress.toString(),
+            nodeId
+        });
+        while(true){
+            // insert if not present, get existing if present
+            const { isNew, record } = await this.db.tryInsertOrGetExisting(params);
+            if (isNew) {
+                // We successfully acquired the lock
+                this.log.info(`Acquired lock for duty ${dutyType} at slot ${slot}`, {
+                    validatorAddress: validatorAddress.toString(),
+                    nodeId
+                });
+                return record.lockToken;
+            }
+            // Record already exists - handle based on status
+            if (record.status === DutyStatus.SIGNED) {
+                // Duty was already signed - check if same or different data
+                if (record.messageHash !== messageHash) {
+                    this.log.verbose(`Slashing protection triggered for duty ${dutyType} at slot ${slot}`, {
+                        validatorAddress: validatorAddress.toString(),
+                        existingMessageHash: record.messageHash,
+                        attemptedMessageHash: messageHash,
+                        existingNodeId: record.nodeId,
+                        attemptingNodeId: nodeId
+                    });
+                    throw new SlashingProtectionError(slot, dutyType, record.blockIndexWithinCheckpoint, record.messageHash, messageHash, record.nodeId);
+                }
+                throw new DutyAlreadySignedError(slot, dutyType, record.blockIndexWithinCheckpoint, record.nodeId);
+            } else if (record.status === DutyStatus.SIGNING) {
+                // Another node is currently signing - check for timeout
+                if (Date.now() - startTime > this.signingTimeoutMs) {
+                    this.log.warn(`Timeout waiting for signing to complete for duty ${dutyType} at slot ${slot}`, {
+                        validatorAddress: validatorAddress.toString(),
+                        timeoutMs: this.signingTimeoutMs,
+                        signingNodeId: record.nodeId
+                    });
+                    throw new DutyAlreadySignedError(slot, dutyType, record.blockIndexWithinCheckpoint, 'unknown (timeout)');
+                }
+                // Wait and poll
+                this.log.debug(`Waiting for signing to complete for duty ${dutyType} at slot ${slot}`, {
+                    validatorAddress: validatorAddress.toString(),
+                    signingNodeId: record.nodeId
+                });
+                await sleep(this.pollingIntervalMs);
+            // Loop continues - next iteration will check status again
+            } else {
+                throw new Error(`Unknown duty status: ${record.status}`);
+            }
+        }
+    }
+    /**
+   * Record a successful signing operation.
+   * Updates the duty status to 'signed' and stores the signature.
+   * Only succeeds if the lockToken matches (caller must be the one who created the duty).
+   *
+   * @returns true if the update succeeded, false if token didn't match
+   */ async recordSuccess(params) {
+        const { validatorAddress, slot, dutyType, signature, nodeId, lockToken } = params;
+        const blockIndexWithinCheckpoint = getBlockIndexFromDutyIdentifier(params);
+        const success = await this.db.updateDutySigned(validatorAddress, slot, dutyType, signature.toString(), lockToken, blockIndexWithinCheckpoint);
+        if (success) {
+            this.log.info(`Recorded successful signing for duty ${dutyType} at slot ${slot}`, {
+                validatorAddress: validatorAddress.toString(),
+                nodeId
+            });
+        } else {
+            this.log.warn(`Failed to record successful signing for duty ${dutyType} at slot ${slot}: invalid token`, {
+                validatorAddress: validatorAddress.toString(),
+                nodeId
+            });
+        }
+        return success;
+    }
+    /**
+   * Delete a duty record after a failed signing operation.
+   * Removes the record to allow another node/attempt to retry.
+   * Only succeeds if the lockToken matches (caller must be the one who created the duty).
+   *
+   * @returns true if the delete succeeded, false if token didn't match
+   */ async deleteDuty(params) {
+        const { validatorAddress, slot, dutyType, lockToken } = params;
+        const blockIndexWithinCheckpoint = getBlockIndexFromDutyIdentifier(params);
+        const success = await this.db.deleteDuty(validatorAddress, slot, dutyType, lockToken, blockIndexWithinCheckpoint);
+        if (success) {
+            this.log.info(`Deleted duty ${dutyType} at slot ${slot} to allow retry`, {
+                validatorAddress: validatorAddress.toString()
+            });
+        } else {
+            this.log.warn(`Failed to delete duty ${dutyType} at slot ${slot}: invalid token`, {
+                validatorAddress: validatorAddress.toString()
+            });
+        }
+        return success;
+    }
+    /**
+   * Get the node ID for this service
+   */ get nodeId() {
+        return this.config.nodeId;
+    }
+    /**
+   * Start running tasks.
+   * Cleanup runs immediately on start to recover from any previous crashes.
+   */ start() {
+        this.cleanupRunningPromise.start();
+        this.log.info('Slashing protection service started', {
+            nodeId: this.config.nodeId
+        });
+    }
+    /**
+   * Stop the background cleanup task.
+   */ async stop() {
+        await this.cleanupRunningPromise.stop();
+        this.log.info('Slashing protection service stopped', {
+            nodeId: this.config.nodeId
+        });
+    }
+    /**
+   * Close the database connection.
+   * Should be called after stop() during graceful shutdown.
+   */ async close() {
+        await this.db.close();
+        this.log.info('Slashing protection database connection closed');
+    }
+    /**
+   * Cleanup own stuck duties
+   */ async cleanupStuckDuties() {
+        const numDuties = await this.db.cleanupOwnStuckDuties(this.config.nodeId, this.maxStuckDutiesAgeMs);
+        if (numDuties > 0) {
+            this.log.info(`Cleaned up ${numDuties} stuck duties`, {
+                nodeId: this.config.nodeId,
+                maxStuckDutiesAgeMs: this.maxStuckDutiesAgeMs
+            });
+        }
+    }
+}

package/dest/test/pglite_pool.d.ts

@@ -0,0 +1,92 @@
+/**
+ * Vendored pg-compatible Pool/Client wrapper for PGlite.
+ *
+ * Copied from @middle-management/pglite-pg-adapter v0.0.3
+ * https://www.npmjs.com/package/@middle-management/pglite-pg-adapter
+ *
+ * Modifications:
+ * - Converted to ESM and TypeScript
+ * - Uses PGliteInterface instead of PGlite class to avoid TypeScript
+ *   type mismatches from ESM/CJS dual package resolution with private fields
+ * - Simplified rowCount calculation to handle CTEs properly
+ */
+import type { PGliteInterface } from '@electric-sql/pglite';
+import { EventEmitter } from 'events';
+import type { QueryResult, QueryResultRow } from 'pg';
+import { Readable, Writable } from 'stream';
+export interface PoolConfig {
+    pglite: PGliteInterface;
+    max?: number;
+    min?: number;
+}
+interface ClientConfig {
+    pglite: PGliteInterface;
+    host?: string;
+    port?: number;
+    ssl?: boolean;
+}
+export declare class Client extends EventEmitter {
+    protected pglite: PGliteInterface;
+    protected _connected: boolean;
+    readonly host: string;
+    readonly port: number;
+    readonly ssl: boolean;
+    readonly connection: object;
+    readonly copyFrom: () => Writable;
+    readonly copyTo: () => Readable;
+    readonly pauseDrain: () => void;
+    readonly resumeDrain: () => void;
+    readonly escapeLiteral: (str: string) => string;
+    readonly escapeIdentifier: (str: string) => string;
+    readonly setTypeParser: () => void;
+    readonly getTypeParser: () => (value: string) => unknown;
+    constructor(config: ClientConfig);
+    connect(): Promise<void>;
+    end(): Promise<void>;
+    query<R extends QueryResultRow = any>(text: string, values?: any[]): Promise<QueryResult<R>>;
+    protected convertPGliteResult<R extends QueryResultRow>(result: {
+        rows: R[];
+        fields: Array<{
+            name: string;
+            dataTypeID: number;
+        }>;
+        affectedRows?: number;
+    }): QueryResult<R>;
+    get connected(): boolean;
+}
+export declare class Pool extends EventEmitter {
+    private clients;
+    private availableClients;
+    private waitingQueue;
+    private _ended;
+    private pglite;
+    private _config;
+    readonly expiredCount = 0;
+    readonly options: PoolConfig;
+    constructor(config: PoolConfig);
+    get totalCount(): number;
+    get idleCount(): number;
+    get waitingCount(): number;
+    get ending(): boolean;
+    get ended(): boolean;
+    connect(): Promise<PoolClient>;
+    query<R extends QueryResultRow = any>(text: string, values?: any[]): Promise<QueryResult<R>>;
+    releaseClient(client: PoolClient): void;
+    end(): Promise<void>;
+}
+export declare class PoolClient extends Client {
+    private pool;
+    private _released;
+    private _inUse;
+    private _userReleased;
+    constructor(pglite: PGliteInterface, pool: Pool);
+    query<R extends QueryResultRow = any>(text: string, values?: any[]): Promise<QueryResult<R>>;
+    release(): void;
+    end(): Promise<void>;
+    _markInUse(): void;
+    _markAvailable(): void;
+    _markReleased(): void;
+    get connected(): boolean;
+}
+export {};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGdsaXRlX3Bvb2wuZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy90ZXN0L3BnbGl0ZV9wb29sLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOzs7Ozs7Ozs7OztHQVdHO0FBQ0gsT0FBTyxLQUFLLEVBQUUsZUFBZSxFQUFFLE1BQU0sc0JBQXNCLENBQUM7QUFDNUQsT0FBTyxFQUFFLFlBQVksRUFBRSxNQUFNLFFBQVEsQ0FBQztBQUN0QyxPQUFPLEtBQUssRUFBRSxXQUFXLEVBQUUsY0FBYyxFQUFFLE1BQU0sSUFBSSxDQUFDO0FBQ3RELE9BQU8sRUFBRSxRQUFRLEVBQUUsUUFBUSxFQUFFLE1BQU0sUUFBUSxDQUFDO0FBRTVDLE1BQU0sV0FBVyxVQUFVO0lBQ3pCLE1BQU0sRUFBRSxlQUFlLENBQUM7SUFDeEIsR0FBRyxDQUFDLEVBQUUsTUFBTSxDQUFDO0lBQ2IsR0FBRyxDQUFDLEVBQUUsTUFBTSxDQUFDO0NBQ2Q7QUFFRCxVQUFVLFlBQVk7SUFDcEIsTUFBTSxFQUFFLGVBQWUsQ0FBQztJQUN4QixJQUFJLENBQUMsRUFBRSxNQUFNLENBQUM7SUFDZCxJQUFJLENBQUMsRUFBRSxNQUFNLENBQUM7SUFDZCxHQUFHLENBQUMsRUFBRSxPQUFPLENBQUM7Q0FDZjtBQUVELHFCQUFhLE1BQU8sU0FBUSxZQUFZO0lBQ3RDLFNBQVMsQ0FBQyxNQUFNLEVBQUUsZUFBZSxDQUFDO0lBQ2xDLFNBQVMsQ0FBQyxVQUFVLFVBQVM7SUFDN0IsUUFBUSxDQUFDLElBQUksRUFBRSxNQUFNLENBQUM7SUFDdEIsUUFBUSxDQUFDLElBQUksRUFBRSxNQUFNLENBQUM7SUFDdEIsUUFBUSxDQUFDLEdBQUcsRUFBRSxPQUFPLENBQUM7SUFDdEIsUUFBUSxDQUFDLFVBQVUsRUFBRSxNQUFNLENBQUM7SUFHNUIsUUFBUSxDQUFDLFFBQVEsaUJBQWtDO0lBQ25ELFFBQVEsQ0FBQyxNQUFNLGlCQUFrQztJQUNqRCxRQUFRLENBQUMsVUFBVSxhQUFrQjtJQUNyQyxRQUFRLENBQUMsV0FBVyxhQUFrQjtJQUN0QyxRQUFRLENBQUMsYUFBYSwwQkFBMkQ7SUFDakYsUUFBUSxDQUFDLGdCQUFnQiwwQkFBMkQ7SUFDcEYsUUFBUSxDQUFDLGFBQWEsYUFBa0I7SUFDeEMsUUFBUSxDQUFDLGFBQWEsbUNBQWdFO0lBRXRGLFlBQVksTUFBTSxFQUFFLFlBQVksRUFPL0I7SUFFRCxPQUFPLElBQUksT0FBTyxDQUFDLElBQUksQ0FBQyxDQU92QjtJQUVELEdBQUcsSUFBSSxPQUFPLENBQUMsSUFBSSxDQUFDLENBT25CO0lBRUssS0FBSyxDQUFDLENBQUMsU0FBUyxjQUFjLEdBQUcsR0FBRyxFQUFFLElBQUksRUFBRSxNQUFNLEVBQUUsTUFBTSxDQUFDLEVBQUUsR0FBRyxFQUFFLEdBQUcsT0FBTyxDQUFDLFdBQVcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQU1qRztJQUVELFNBQVMsQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDLFNBQVMsY0FBYyxFQUFFLE1BQU0sRUFBRTtRQUM5RCxJQUFJLEVBQUUsQ0FBQyxFQUFFLENBQUM7UUFDVixNQUFNLEVBQUUsS0FBSyxDQUFDO1lBQUUsSUFBSSxFQUFFLE1BQU0sQ0FBQztZQUFDLFVBQVUsRUFBRSxNQUFNLENBQUE7U0FBRSxDQUFDLENBQUM7UUFDcEQsWUFBWSxDQUFDLEVBQUUsTUFBTSxDQUFDO0tBQ3ZCLEdBQUcsV0FBVyxDQUFDLENBQUMsQ0FBQyxDQWdCakI7SUFFRCxJQUFJLFNBQVMsSUFBSSxPQUFPLENBRXZCO0NBQ0Y7QUFFRCxxQkFBYSxJQUFLLFNBQVEsWUFBWTtJQUNwQyxPQUFPLENBQUMsT0FBTyxDQUFvQjtJQUNuQyxPQUFPLENBQUMsZ0JBQWdCLENBQW9CO0lBQzVDLE9BQU8sQ0FBQyxZQUFZLENBQTJDO0lBQy9ELE9BQU8sQ0FBQyxNQUFNLENBQVM7SUFDdkIsT0FBTyxDQUFDLE1BQU0sQ0FBa0I7SUFDaEMsT0FBTyxDQUFDLE9BQU8sQ0FBYTtJQUU1QixRQUFRLENBQUMsWUFBWSxLQUFLO0lBQzFCLFFBQVEsQ0FBQyxPQUFPLEVBQUUsVUFBVSxDQUFDO0lBRTdCLFlBQVksTUFBTSxFQUFFLFVBQVUsRUFLN0I7SUFFRCxJQUFJLFVBQVUsSUFBSSxNQUFNLENBRXZCO0lBRUQsSUFBSSxTQUFTLElBQUksTUFBTSxDQUV0QjtJQUVELElBQUksWUFBWSxJQUFJLE1BQU0sQ0FFekI7SUFFRCxJQUFJLE1BQU0sSUFBSSxPQUFPLENBRXBCO0lBRUQsSUFBSSxLQUFLLElBQUksT0FBTyxDQUVuQjtJQUVELE9BQU8sSUFBSSxPQUFPLENBQUMsVUFBVSxDQUFDLENBb0I3QjtJQUVLLEtBQUssQ0FBQyxDQUFDLFNBQVMsY0FBYyxHQUFHLEdBQUcsRUFBRSxJQUFJLEVBQUUsTUFBTSxFQUFFLE1BQU0sQ0FBQyxFQUFFLEdBQUcsRUFBRSxHQUFHLE9BQU8sQ0FBQyxXQUFXLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FPakc7SUFFRCxhQUFhLENBQUMsTUFBTSxFQUFFLFVBQVUsR0FBRyxJQUFJLENBWXRDO0lBRUQsR0FBRyxJQUFJLE9BQU8sQ0FBQyxJQUFJLENBQUMsQ0FPbkI7Q0FDRjtBQUVELHFCQUFhLFVBQVcsU0FBUSxNQUFNO0lBQ3BDLE9BQU8sQ0FBQyxJQUFJLENBQU87SUFDbkIsT0FBTyxDQUFDLFNBQVMsQ0FBUztJQUMxQixPQUFPLENBQUMsTUFBTSxDQUFRO0lBQ3RCLE9BQU8sQ0FBQyxhQUFhLENBQVM7SUFFOUIsWUFBWSxNQUFNLEVBQUUsZUFBZSxFQUFFLElBQUksRUFBRSxJQUFJLEVBSTlDO0lBRWMsS0FBSyxDQUFDLENBQUMsU0FBUyxjQUFjLEdBQUcsR0FBRyxFQUFFLElBQUksRUFBRSxNQUFNLEVBQUUsTUFBTSxDQUFDLEVBQUUsR0FBRyxFQUFFLEdBQUcsT0FBTyxDQUFDLFdBQVcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQU0xRztJQUVELE9BQU8sSUFBSSxJQUFJLENBTWQ7SUFFUSxHQUFHLElBQUksT0FBTyxDQUFDLElBQUksQ0FBQyxDQUc1QjtJQUVELFVBQVUsSUFBSSxJQUFJLENBR2pCO0lBRUQsY0FBYyxJQUFJLElBQUksQ0FHckI7SUFFRCxhQUFhLElBQUksSUFBSSxDQUlwQjtJQUVELElBQWEsU0FBUyxJQUFJLE9BQU8sQ0FFaEM7Q0FDRiJ9

package/dest/test/pglite_pool.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pglite_pool.d.ts","sourceRoot":"","sources":["../../src/test/pglite_pool.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AACH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AACtC,OAAO,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,IAAI,CAAC;AACtD,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,QAAQ,CAAC;AAE5C,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,eAAe,CAAC;IACxB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,UAAU,YAAY;IACpB,MAAM,EAAE,eAAe,CAAC;IACxB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,OAAO,CAAC;CACf;AAED,qBAAa,MAAO,SAAQ,YAAY;IACtC,SAAS,CAAC,MAAM,EAAE,eAAe,CAAC;IAClC,SAAS,CAAC,UAAU,UAAS;IAC7B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC;IACtB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAG5B,QAAQ,CAAC,QAAQ,iBAAkC;IACnD,QAAQ,CAAC,MAAM,iBAAkC;IACjD,QAAQ,CAAC,UAAU,aAAkB;IACrC,QAAQ,CAAC,WAAW,aAAkB;IACtC,QAAQ,CAAC,aAAa,0BAA2D;IACjF,QAAQ,CAAC,gBAAgB,0BAA2D;IACpF,QAAQ,CAAC,aAAa,aAAkB;IACxC,QAAQ,CAAC,aAAa,mCAAgE;IAEtF,YAAY,MAAM,EAAE,YAAY,EAO/B;IAED,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,CAOvB;IAED,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC,CAOnB;IAEK,KAAK,CAAC,CAAC,SAAS,cAAc,GAAG,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAMjG;IAED,SAAS,CAAC,mBAAmB,CAAC,CAAC,SAAS,cAAc,EAAE,MAAM,EAAE;QAC9D,IAAI,EAAE,CAAC,EAAE,CAAC;QACV,MAAM,EAAE,KAAK,CAAC;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,UAAU,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;QACpD,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,GAAG,WAAW,CAAC,CAAC,CAAC,CAgBjB;IAED,IAAI,SAAS,IAAI,OAAO,CAEvB;CACF;AAED,qBAAa,IAAK,SAAQ,YAAY;IACpC,OAAO,CAAC,OAAO,CAAoB;IACnC,OAAO,CAAC,gBAAgB,CAAoB;IAC5C,OAAO,CAAC,YAAY,CAA2C;IAC/D,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,MAAM,CAAkB;IAChC,OAAO,CAAC,OAAO,CAAa;IAE5B,QAAQ,CAAC,YAAY,KAAK;IAC1B,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC;IAE7B,YAAY,MAAM,EAAE,UAAU,EAK7B;IAED,IAAI,UAAU,IAAI,MAAM,CAEvB;IAED,IAAI,SAAS,IAAI,MAAM,CAEtB;IAED,IAAI,YAAY,IAAI,MAAM,CAEzB;IAED,IAAI,MAAM,IAAI,OAAO,CAEpB;IAED,IAAI,KAAK,IAAI,OAAO,CAEnB;IAED,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,CAoB7B;IAEK,KAAK,CAAC,CAAC,SAAS,cAAc,GAAG,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAOjG;IAED,aAAa,CAAC,MAAM,EAAE,UAAU,GAAG,IAAI,CAYtC;IAED,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC,CAOnB;CACF;AAED,qBAAa,UAAW,SAAQ,MAAM;IACpC,OAAO,CAAC,IAAI,CAAO;IACnB,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,MAAM,CAAQ;IACtB,OAAO,CAAC,aAAa,CAAS;IAE9B,YAAY,MAAM,EAAE,eAAe,EAAE,IAAI,EAAE,IAAI,EAI9C;IAEc,KAAK,CAAC,CAAC,SAAS,cAAc,GAAG,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAM1G;IAED,OAAO,IAAI,IAAI,CAMd;IAEQ,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC,CAG5B;IAED,UAAU,IAAI,IAAI,CAGjB;IAED,cAAc,IAAI,IAAI,CAGrB;IAED,aAAa,IAAI,IAAI,CAIpB;IAED,IAAa,SAAS,IAAI,OAAO,CAEhC;CACF"}