@aztec/validator-ha-signer 0.0.1-commit.023c3e5

package/dest/test/pglite_pool.js

@@ -0,0 +1,210 @@
+/**
+ * Vendored pg-compatible Pool/Client wrapper for PGlite.
+ *
+ * Copied from @middle-management/pglite-pg-adapter v0.0.3
+ * https://www.npmjs.com/package/@middle-management/pglite-pg-adapter
+ *
+ * Modifications:
+ * - Converted to ESM and TypeScript
+ * - Uses PGliteInterface instead of PGlite class to avoid TypeScript
+ *   type mismatches from ESM/CJS dual package resolution with private fields
+ * - Simplified rowCount calculation to handle CTEs properly
+ */ import { EventEmitter } from 'events';
+import { Readable, Writable } from 'stream';
+export class Client extends EventEmitter {
+    pglite;
+    _connected = false;
+    host;
+    port;
+    ssl;
+    connection;
+    // Stub implementations for pg compatibility
+    copyFrom = ()=>new Writable();
+    copyTo = ()=>new Readable();
+    pauseDrain = ()=>{};
+    resumeDrain = ()=>{};
+    escapeLiteral = (str)=>`'${str.replace(/'/g, "''")}'`;
+    escapeIdentifier = (str)=>`"${str.replace(/"/g, '""')}"`;
+    setTypeParser = ()=>{};
+    getTypeParser = ()=>(value)=>value;
+    constructor(config){
+        super();
+        this.pglite = config.pglite;
+        this.host = config.host || 'localhost';
+        this.port = config.port || 5432;
+        this.ssl = typeof config.ssl === 'boolean' ? config.ssl : !!config.ssl;
+        this.connection = {};
+    }
+    connect() {
+        if (this._connected) {
+            return Promise.resolve();
+        }
+        this._connected = true;
+        this.emit('connect');
+        return Promise.resolve();
+    }
+    end() {
+        if (!this._connected) {
+            return Promise.resolve();
+        }
+        this._connected = false;
+        this.emit('end');
+        return Promise.resolve();
+    }
+    async query(text, values) {
+        if (!this._connected) {
+            throw new Error('Client is not connected');
+        }
+        const result = await this.pglite.query(text, values);
+        return this.convertPGliteResult(result);
+    }
+    convertPGliteResult(result) {
+        return {
+            command: '',
+            rowCount: 'affectedRows' in result ? result.affectedRows ?? 0 : result.rows.length,
+            oid: 0,
+            fields: result.fields.map((field)=>({
+                    name: field.name,
+                    tableID: 0,
+                    columnID: 0,
+                    dataTypeID: field.dataTypeID,
+                    dataTypeSize: -1,
+                    dataTypeModifier: -1,
+                    format: 'text'
+                })),
+            rows: result.rows
+        };
+    }
+    get connected() {
+        return this._connected;
+    }
+}
+export class Pool extends EventEmitter {
+    clients = [];
+    availableClients = [];
+    waitingQueue = [];
+    _ended = false;
+    pglite;
+    _config;
+    expiredCount = 0;
+    options;
+    constructor(config){
+        super();
+        this._config = {
+            max: 10,
+            min: 0,
+            ...config
+        };
+        this.pglite = config.pglite;
+        this.options = config;
+    }
+    get totalCount() {
+        return this.clients.length;
+    }
+    get idleCount() {
+        return this.availableClients.length;
+    }
+    get waitingCount() {
+        return this.waitingQueue.length;
+    }
+    get ending() {
+        return this._ended;
+    }
+    get ended() {
+        return this._ended;
+    }
+    connect() {
+        if (this._ended) {
+            return Promise.reject(new Error('Pool is ended'));
+        }
+        if (this.availableClients.length > 0) {
+            const client = this.availableClients.pop();
+            client._markInUse();
+            return Promise.resolve(client);
+        }
+        if (this.clients.length < (this._config.max || 10)) {
+            const client = new PoolClient(this.pglite, this);
+            this.clients.push(client);
+            return Promise.resolve(client);
+        }
+        return new Promise((resolve)=>{
+            this.waitingQueue.push(resolve);
+        });
+    }
+    async query(text, values) {
+        const client = await this.connect();
+        try {
+            return await client.query(text, values);
+        } finally{
+            client.release();
+        }
+    }
+    releaseClient(client) {
+        const index = this.clients.indexOf(client);
+        if (index !== -1) {
+            client._markAvailable();
+            if (this.waitingQueue.length > 0) {
+                const resolve = this.waitingQueue.shift();
+                client._markInUse();
+                resolve(client);
+            } else {
+                this.availableClients.push(client);
+            }
+        }
+    }
+    end() {
+        this._ended = true;
+        this.clients.forEach((client)=>client._markReleased());
+        this.clients = [];
+        this.availableClients = [];
+        this.emit('end');
+        return Promise.resolve();
+    }
+}
+export class PoolClient extends Client {
+    pool;
+    _released = false;
+    _inUse = true;
+    _userReleased = false;
+    constructor(pglite, pool){
+        super({
+            pglite
+        });
+        this.pool = pool;
+        this._connected = true;
+    }
+    async query(text, values) {
+        if (this._userReleased && !this._inUse) {
+            throw new Error('Client has been released back to the pool');
+        }
+        const result = await this.pglite.query(text, values);
+        return this.convertPGliteResult(result);
+    }
+    release() {
+        if (this._released || this._userReleased) {
+            return;
+        }
+        this._userReleased = true;
+        this.pool.releaseClient(this);
+    }
+    end() {
+        this.release();
+        return Promise.resolve();
+    }
+    _markInUse() {
+        this._inUse = true;
+        this._userReleased = false;
+    }
+    _markAvailable() {
+        this._inUse = false;
+        this._userReleased = false;
+    }
+    _markReleased() {
+        this._released = true;
+        this._inUse = false;
+        this._userReleased = true;
+    }
+    get connected() {
+        return this._connected && !this._released;
+    }
+}

package/dest/types.d.ts

@@ -0,0 +1,139 @@
+import { BlockNumber, type CheckpointNumber, type IndexWithinCheckpoint, type SlotNumber } from '@aztec/foundation/branded-types';
+import type { EthAddress } from '@aztec/foundation/eth-address';
+import type { Pool } from 'pg';
+import type { ValidatorHASignerConfig } from './config.js';
+import { type BlockProposalDutyIdentifier, type CheckAndRecordParams, type DeleteDutyParams, type DutyIdentifier, DutyType, type OtherDutyIdentifier, type RecordSuccessParams, type ValidatorDutyRecord } from './db/types.js';
+export type { BlockProposalDutyIdentifier, CheckAndRecordParams, DeleteDutyParams, DutyIdentifier, OtherDutyIdentifier, RecordSuccessParams, ValidatorDutyRecord, ValidatorHASignerConfig, };
+export { DutyStatus, DutyType, getBlockIndexFromDutyIdentifier, normalizeBlockIndex } from './db/types.js';
+/**
+ * Result of tryInsertOrGetExisting operation
+ */
+export interface TryInsertOrGetResult {
+    /** True if we inserted a new record, false if we got an existing record */
+    isNew: boolean;
+    /** The record (either newly inserted or existing) */
+    record: ValidatorDutyRecord;
+}
+/**
+ * deps for creating an HA signer
+ */
+export interface CreateHASignerDeps {
+    /**
+     * Optional PostgreSQL connection pool
+     * If provided, databaseUrl and poolConfig are ignored
+     */
+    pool?: Pool;
+}
+/**
+ * Base context for signing operations
+ */
+interface BaseSigningContext {
+    /** Slot number for this duty */
+    slot: SlotNumber;
+    /**
+     * Block or checkpoint number for this duty.
+     * For block proposals, this is the block number.
+     * For checkpoint proposals, this is the checkpoint number.
+     */
+    blockNumber: BlockNumber | CheckpointNumber;
+}
+/**
+ * Signing context for block proposals.
+ * blockIndexWithinCheckpoint is REQUIRED and must be >= 0.
+ */
+export interface BlockProposalSigningContext extends BaseSigningContext {
+    /** Block index within checkpoint (0, 1, 2...). Required for block proposals. */
+    blockIndexWithinCheckpoint: IndexWithinCheckpoint;
+    dutyType: DutyType.BLOCK_PROPOSAL;
+}
+/**
+ * Signing context for non-block-proposal duties that require HA protection.
+ * blockIndexWithinCheckpoint is not applicable (internally always -1).
+ */
+export interface OtherSigningContext extends BaseSigningContext {
+    dutyType: DutyType.CHECKPOINT_PROPOSAL | DutyType.ATTESTATION | DutyType.ATTESTATIONS_AND_SIGNERS;
+}
+/**
+ * Signing context for governance/slashing votes which only need slot for HA protection.
+ * blockNumber is not applicable (internally always 0).
+ */
+export interface VoteSigningContext {
+    slot: SlotNumber;
+    dutyType: DutyType.GOVERNANCE_VOTE | DutyType.SLASHING_VOTE;
+}
+/**
+ * Signing context for duties which don't require slot/blockNumber
+ * as they don't need HA protection (AUTH_REQUEST, TXS).
+ */
+export interface NoHAProtectionSigningContext {
+    dutyType: DutyType.AUTH_REQUEST | DutyType.TXS;
+}
+/**
+ * Signing contexts that require HA protection (excludes AUTH_REQUEST).
+ * Used by the HA signer's signWithProtection method.
+ */
+export type HAProtectedSigningContext = BlockProposalSigningContext | OtherSigningContext | VoteSigningContext;
+/**
+ * Type guard to check if a SigningContext requires HA protection.
+ * Returns true for contexts that need HA protection, false for AUTH_REQUEST and TXS.
+ */
+export declare function isHAProtectedContext(context: SigningContext): context is HAProtectedSigningContext;
+/**
+ * Gets the block number from a signing context.
+ * - Vote duties (GOVERNANCE_VOTE, SLASHING_VOTE): returns BlockNumber(0)
+ * - Other duties: returns the blockNumber from the context
+ */
+export declare function getBlockNumberFromSigningContext(context: HAProtectedSigningContext): BlockNumber | CheckpointNumber;
+/**
+ * Context required for slashing protection during signing operations.
+ * Uses discriminated union to enforce type safety:
+ * - BLOCK_PROPOSAL duties MUST have blockIndexWithinCheckpoint >= 0
+ * - Other duty types do NOT have blockIndexWithinCheckpoint (internally -1)
+ * - Vote duties only need slot (blockNumber is internally 0)
+ * - AUTH_REQUEST and TXS duties don't need slot/blockNumber (no HA protection needed)
+ */
+export type SigningContext = HAProtectedSigningContext | NoHAProtectionSigningContext;
+/**
+ * Database interface for slashing protection operations
+ * This abstraction allows for different database implementations (PostgreSQL, SQLite, etc.)
+ *
+ * The interface is designed around 3 core operations:
+ * 1. tryInsertOrGetExisting - Atomically insert or get existing record (eliminates race conditions)
+ * 2. updateDutySigned - Update to signed status on success
+ * 3. deleteDuty - Delete a duty record on failure
+ */
+export interface SlashingProtectionDatabase {
+    /**
+     * Atomically try to insert a new duty record, or get the existing one if present.
+     *
+     * @returns { isNew: true, record } if we successfully inserted and acquired the lock
+     * @returns { isNew: false, record } if a record already exists (caller should handle based on status)
+     */
+    tryInsertOrGetExisting(params: CheckAndRecordParams): Promise<TryInsertOrGetResult>;
+    /**
+     * Update a duty to 'signed' status with the signature.
+     * Only succeeds if the lockToken matches (caller must be the one who created the duty).
+     *
+     * @returns true if the update succeeded, false if token didn't match or duty not found
+     */
+    updateDutySigned(validatorAddress: EthAddress, slot: SlotNumber, dutyType: DutyType, signature: string, lockToken: string, blockIndexWithinCheckpoint: number): Promise<boolean>;
+    /**
+     * Delete a duty record.
+     * Only succeeds if the lockToken matches (caller must be the one who created the duty).
+     * Used when signing fails to allow another node/attempt to retry.
+     *
+     * @returns true if the delete succeeded, false if token didn't match or duty not found
+     */
+    deleteDuty(validatorAddress: EthAddress, slot: SlotNumber, dutyType: DutyType, lockToken: string, blockIndexWithinCheckpoint: number): Promise<boolean>;
+    /**
+     * Cleanup own stuck duties
+     * @returns the number of duties cleaned up
+     */
+    cleanupOwnStuckDuties(nodeId: string, maxAgeMs: number): Promise<number>;
+    /**
+     * Close the database connection.
+     * Should be called during graceful shutdown.
+     */
+    close(): Promise<void>;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidHlwZXMuZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy90eXBlcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQ0wsV0FBVyxFQUNYLEtBQUssZ0JBQWdCLEVBQ3JCLEtBQUsscUJBQXFCLEVBQzFCLEtBQUssVUFBVSxFQUNoQixNQUFNLGlDQUFpQyxDQUFDO0FBQ3pDLE9BQU8sS0FBSyxFQUFFLFVBQVUsRUFBRSxNQUFNLCtCQUErQixDQUFDO0FBRWhFLE9BQU8sS0FBSyxFQUFFLElBQUksRUFBRSxNQUFNLElBQUksQ0FBQztBQUUvQixPQUFPLEtBQUssRUFBRSx1QkFBdUIsRUFBRSxNQUFNLGFBQWEsQ0FBQztBQUMzRCxPQUFPLEVBQ0wsS0FBSywyQkFBMkIsRUFDaEMsS0FBSyxvQkFBb0IsRUFDekIsS0FBSyxnQkFBZ0IsRUFDckIsS0FBSyxjQUFjLEVBQ25CLFFBQVEsRUFDUixLQUFLLG1CQUFtQixFQUN4QixLQUFLLG1CQUFtQixFQUN4QixLQUFLLG1CQUFtQixFQUN6QixNQUFNLGVBQWUsQ0FBQztBQUV2QixZQUFZLEVBQ1YsMkJBQTJCLEVBQzNCLG9CQUFvQixFQUNwQixnQkFBZ0IsRUFDaEIsY0FBYyxFQUNkLG1CQUFtQixFQUNuQixtQkFBbUIsRUFDbkIsbUJBQW1CLEVBQ25CLHVCQUF1QixHQUN4QixDQUFDO0FBQ0YsT0FBTyxFQUFFLFVBQVUsRUFBRSxRQUFRLEVBQUUsK0JBQStCLEVBQUUsbUJBQW1CLEVBQUUsTUFBTSxlQUFlLENBQUM7QUFFM0c7O0dBRUc7QUFDSCxNQUFNLFdBQVcsb0JBQW9CO0lBQ25DLDJFQUEyRTtJQUMzRSxLQUFLLEVBQUUsT0FBTyxDQUFDO0lBQ2YscURBQXFEO0lBQ3JELE1BQU0sRUFBRSxtQkFBbUIsQ0FBQztDQUM3QjtBQUVEOztHQUVHO0FBQ0gsTUFBTSxXQUFXLGtCQUFrQjtJQUNqQzs7O09BR0c7SUFDSCxJQUFJLENBQUMsRUFBRSxJQUFJLENBQUM7Q0FDYjtBQUVEOztHQUVHO0FBQ0gsVUFBVSxrQkFBa0I7SUFDMUIsZ0NBQWdDO0lBQ2hDLElBQUksRUFBRSxVQUFVLENBQUM7SUFDakI7Ozs7T0FJRztJQUNILFdBQVcsRUFBRSxXQUFXLEdBQUcsZ0JBQWdCLENBQUM7Q0FDN0M7QUFFRDs7O0dBR0c7QUFDSCxNQUFNLFdBQVcsMkJBQTRCLFNBQVEsa0JBQWtCO0lBQ3JFLGdGQUFnRjtJQUNoRiwwQkFBMEIsRUFBRSxxQkFBcUIsQ0FBQztJQUNsRCxRQUFRLEVBQUUsUUFBUSxDQUFDLGNBQWMsQ0FBQztDQUNuQztBQUVEOzs7R0FHRztBQUNILE1BQU0sV0FBVyxtQkFBb0IsU0FBUSxrQkFBa0I7SUFDN0QsUUFBUSxFQUFFLFFBQVEsQ0FBQyxtQkFBbUIsR0FBRyxRQUFRLENBQUMsV0FBVyxHQUFHLFFBQVEsQ0FBQyx3QkFBd0IsQ0FBQztDQUNuRztBQUVEOzs7R0FHRztBQUNILE1BQU0sV0FBVyxrQkFBa0I7SUFDakMsSUFBSSxFQUFFLFVBQVUsQ0FBQztJQUNqQixRQUFRLEVBQUUsUUFBUSxDQUFDLGVBQWUsR0FBRyxRQUFRLENBQUMsYUFBYSxDQUFDO0NBQzdEO0FBRUQ7OztHQUdHO0FBQ0gsTUFBTSxXQUFXLDRCQUE0QjtJQUMzQyxRQUFRLEVBQUUsUUFBUSxDQUFDLFlBQVksR0FBRyxRQUFRLENBQUMsR0FBRyxDQUFDO0NBQ2hEO0FBRUQ7OztHQUdHO0FBQ0gsTUFBTSxNQUFNLHlCQUF5QixHQUFHLDJCQUEyQixHQUFHLG1CQUFtQixHQUFHLGtCQUFrQixDQUFDO0FBRS9HOzs7R0FHRztBQUNILHdCQUFnQixvQkFBb0IsQ0FBQyxPQUFPLEVBQUUsY0FBYyxHQUFHLE9BQU8sSUFBSSx5QkFBeUIsQ0FFbEc7QUFFRDs7OztHQUlHO0FBQ0gsd0JBQWdCLGdDQUFnQyxDQUFDLE9BQU8sRUFBRSx5QkFBeUIsR0FBRyxXQUFXLEdBQUcsZ0JBQWdCLENBWW5IO0FBRUQ7Ozs7Ozs7R0FPRztBQUNILE1BQU0sTUFBTSxjQUFjLEdBQUcseUJBQXlCLEdBQUcsNEJBQTRCLENBQUM7QUFFdEY7Ozs7Ozs7O0dBUUc7QUFDSCxNQUFNLFdBQVcsMEJBQTBCO0lBQ3pDOzs7OztPQUtHO0lBQ0gsc0JBQXNCLENBQUMsTUFBTSxFQUFFLG9CQUFvQixHQUFHLE9BQU8sQ0FBQyxvQkFBb0IsQ0FBQyxDQUFDO0lBRXBGOzs7OztPQUtHO0lBQ0gsZ0JBQWdCLENBQ2QsZ0JBQWdCLEVBQUUsVUFBVSxFQUM1QixJQUFJLEVBQUUsVUFBVSxFQUNoQixRQUFRLEVBQUUsUUFBUSxFQUNsQixTQUFTLEVBQUUsTUFBTSxFQUNqQixTQUFTLEVBQUUsTUFBTSxFQUNqQiwwQkFBMEIsRUFBRSxNQUFNLEdBQ2pDLE9BQU8sQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUVwQjs7Ozs7O09BTUc7SUFDSCxVQUFVLENBQ1IsZ0JBQWdCLEVBQUUsVUFBVSxFQUM1QixJQUFJLEVBQUUsVUFBVSxFQUNoQixRQUFRLEVBQUUsUUFBUSxFQUNsQixTQUFTLEVBQUUsTUFBTSxFQUNqQiwwQkFBMEIsRUFBRSxNQUFNLEdBQ2pDLE9BQU8sQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUVwQjs7O09BR0c7SUFDSCxxQkFBcUIsQ0FBQyxNQUFNLEVBQUUsTUFBTSxFQUFFLFFBQVEsRUFBRSxNQUFNLEdBQUcsT0FBTyxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBRXpFOzs7T0FHRztJQUNILEtBQUssSUFBSSxPQUFPLENBQUMsSUFBSSxDQUFDLENBQUM7Q0FDeEIifQ==

package/dest/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,WAAW,EACX,KAAK,gBAAgB,EACrB,KAAK,qBAAqB,EAC1B,KAAK,UAAU,EAChB,MAAM,iCAAiC,CAAC;AACzC,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAEhE,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,IAAI,CAAC;AAE/B,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAC;AAC3D,OAAO,EACL,KAAK,2BAA2B,EAChC,KAAK,oBAAoB,EACzB,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,QAAQ,EACR,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EACzB,MAAM,eAAe,CAAC;AAEvB,YAAY,EACV,2BAA2B,EAC3B,oBAAoB,EACpB,gBAAgB,EAChB,cAAc,EACd,mBAAmB,EACnB,mBAAmB,EACnB,mBAAmB,EACnB,uBAAuB,GACxB,CAAC;AACF,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,+BAA+B,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AAE3G;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,2EAA2E;IAC3E,KAAK,EAAE,OAAO,CAAC;IACf,qDAAqD;IACrD,MAAM,EAAE,mBAAmB,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC;;;OAGG;IACH,IAAI,CAAC,EAAE,IAAI,CAAC;CACb;AAED;;GAEG;AACH,UAAU,kBAAkB;IAC1B,gCAAgC;IAChC,IAAI,EAAE,UAAU,CAAC;IACjB;;;;OAIG;IACH,WAAW,EAAE,WAAW,GAAG,gBAAgB,CAAC;CAC7C;AAED;;;GAGG;AACH,MAAM,WAAW,2BAA4B,SAAQ,kBAAkB;IACrE,gFAAgF;IAChF,0BAA0B,EAAE,qBAAqB,CAAC;IAClD,QAAQ,EAAE,QAAQ,CAAC,cAAc,CAAC;CACnC;AAED;;;GAGG;AACH,MAAM,WAAW,mBAAoB,SAAQ,kBAAkB;IAC7D,QAAQ,EAAE,QAAQ,CAAC,mBAAmB,GAAG,QAAQ,CAAC,WAAW,GAAG,QAAQ,CAAC,wBAAwB,CAAC;CACnG;AAED;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,UAAU,CAAC;IACjB,QAAQ,EAAE,QAAQ,CAAC,eAAe,GAAG,QAAQ,CAAC,aAAa,CAAC;CAC7D;AAED;;;GAGG;AACH,MAAM,WAAW,4BAA4B;IAC3C,QAAQ,EAAE,QAAQ,CAAC,YAAY,GAAG,QAAQ,CAAC,GAAG,CAAC;CAChD;AAED;;;GAGG;AACH,MAAM,MAAM,yBAAyB,GAAG,2BAA2B,GAAG,mBAAmB,GAAG,kBAAkB,CAAC;AAE/G;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,IAAI,yBAAyB,CAElG;AAED;;;;GAIG;AACH,wBAAgB,gCAAgC,CAAC,OAAO,EAAE,yBAAyB,GAAG,WAAW,GAAG,gBAAgB,CAYnH;AAED;;;;;;;GAOG;AACH,MAAM,MAAM,cAAc,GAAG,yBAAyB,GAAG,4BAA4B,CAAC;AAEtF;;;;;;;;GAQG;AACH,MAAM,WAAW,0BAA0B;IACzC;;;;;OAKG;IACH,sBAAsB,CAAC,MAAM,EAAE,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAEpF;;;;;OAKG;IACH,gBAAgB,CACd,gBAAgB,EAAE,UAAU,EAC5B,IAAI,EAAE,UAAU,EAChB,QAAQ,EAAE,QAAQ,EAClB,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,EACjB,0BAA0B,EAAE,MAAM,GACjC,OAAO,CAAC,OAAO,CAAC,CAAC;IAEpB;;;;;;OAMG;IACH,UAAU,CACR,gBAAgB,EAAE,UAAU,EAC5B,IAAI,EAAE,UAAU,EAChB,QAAQ,EAAE,QAAQ,EAClB,SAAS,EAAE,MAAM,EACjB,0BAA0B,EAAE,MAAM,GACjC,OAAO,CAAC,OAAO,CAAC,CAAC;IAEpB;;;OAGG;IACH,qBAAqB,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEzE;;;OAGG;IACH,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACxB"}

package/dest/types.js

@@ -0,0 +1,21 @@
+import { BlockNumber } from '@aztec/foundation/branded-types';
+import { DutyType } from './db/types.js';
+export { DutyStatus, DutyType, getBlockIndexFromDutyIdentifier, normalizeBlockIndex } from './db/types.js';
+/**
+ * Type guard to check if a SigningContext requires HA protection.
+ * Returns true for contexts that need HA protection, false for AUTH_REQUEST and TXS.
+ */ export function isHAProtectedContext(context) {
+    return context.dutyType !== DutyType.AUTH_REQUEST && context.dutyType !== DutyType.TXS;
+}
+/**
+ * Gets the block number from a signing context.
+ * - Vote duties (GOVERNANCE_VOTE, SLASHING_VOTE): returns BlockNumber(0)
+ * - Other duties: returns the blockNumber from the context
+ */ export function getBlockNumberFromSigningContext(context) {
+    // Check for duty types that have blockNumber
+    if (context.dutyType === DutyType.BLOCK_PROPOSAL || context.dutyType === DutyType.CHECKPOINT_PROPOSAL || context.dutyType === DutyType.ATTESTATION || context.dutyType === DutyType.ATTESTATIONS_AND_SIGNERS) {
+        return context.blockNumber;
+    }
+    // Vote duties (GOVERNANCE_VOTE, SLASHING_VOTE) don't have blockNumber
+    return BlockNumber(0);
+}

package/dest/validator_ha_signer.d.ts

@@ -0,0 +1,70 @@
+/**
+ * Validator High Availability Signer
+ *
+ * Wraps signing operations with distributed locking and slashing protection.
+ * This ensures that even with multiple validator nodes running, only one
+ * node will sign for a given duty (slot + duty type).
+ */
+import type { Buffer32 } from '@aztec/foundation/buffer';
+import type { EthAddress } from '@aztec/foundation/eth-address';
+import type { Signature } from '@aztec/foundation/eth-signature';
+import type { ValidatorHASignerConfig } from './config.js';
+import { type HAProtectedSigningContext, type SlashingProtectionDatabase } from './types.js';
+/**
+ * Validator High Availability Signer
+ *
+ * Provides signing capabilities with distributed locking for validators
+ * in a high-availability setup.
+ *
+ * Usage:
+ * ```
+ * const signer = new ValidatorHASigner(db, config);
+ *
+ * // Sign with slashing protection
+ * const signature = await signer.signWithProtection(
+ *   validatorAddress,
+ *   messageHash,
+ *   { slot: 100n, blockNumber: 50n, dutyType: 'BLOCK_PROPOSAL' },
+ *   async (root) => localSigner.signMessage(root),
+ * );
+ * ```
+ */
+export declare class ValidatorHASigner {
+    private readonly config;
+    private readonly log;
+    private readonly slashingProtection;
+    constructor(db: SlashingProtectionDatabase, config: ValidatorHASignerConfig);
+    /**
+     * Sign a message with slashing protection.
+     *
+     * This method:
+     * 1. Acquires a distributed lock for (validator, slot, dutyType)
+     * 2. Calls the provided signing function
+     * 3. Records the result (success or failure)
+     *
+     * @param validatorAddress - The validator's Ethereum address
+     * @param messageHash - The hash to be signed
+     * @param context - The signing context (HA-protected duty types only)
+     * @param signFn - Function that performs the actual signing
+     * @returns The signature
+     *
+     * @throws DutyAlreadySignedError if the duty was already signed (expected in HA)
+     * @throws SlashingProtectionError if attempting to sign different data for same slot (expected in HA)
+     */
+    signWithProtection(validatorAddress: EthAddress, messageHash: Buffer32, context: HAProtectedSigningContext, signFn: (messageHash: Buffer32) => Promise<Signature>): Promise<Signature>;
+    /**
+     * Get the node ID for this signer
+     */
+    get nodeId(): string;
+    /**
+     * Start the HA signer background tasks (cleanup of stuck duties).
+     * Should be called after construction and before signing operations.
+     */
+    start(): void;
+    /**
+     * Stop the HA signer background tasks and close database connection.
+     * Should be called during graceful shutdown.
+     */
+    stop(): Promise<void>;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidmFsaWRhdG9yX2hhX3NpZ25lci5kLnRzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL3ZhbGlkYXRvcl9oYV9zaWduZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7Ozs7OztHQU1HO0FBQ0gsT0FBTyxLQUFLLEVBQUUsUUFBUSxFQUFFLE1BQU0sMEJBQTBCLENBQUM7QUFDekQsT0FBTyxLQUFLLEVBQUUsVUFBVSxFQUFFLE1BQU0sK0JBQStCLENBQUM7QUFDaEUsT0FBTyxLQUFLLEVBQUUsU0FBUyxFQUFFLE1BQU0saUNBQWlDLENBQUM7QUFHakUsT0FBTyxLQUFLLEVBQUUsdUJBQXVCLEVBQUUsTUFBTSxhQUFhLENBQUM7QUFHM0QsT0FBTyxFQUNMLEtBQUsseUJBQXlCLEVBQzlCLEtBQUssMEJBQTBCLEVBRWhDLE1BQU0sWUFBWSxDQUFDO0FBRXBCOzs7Ozs7Ozs7Ozs7Ozs7Ozs7R0FrQkc7QUFDSCxxQkFBYSxpQkFBaUI7SUFNMUIsT0FBTyxDQUFDLFFBQVEsQ0FBQyxNQUFNO0lBTHpCLE9BQU8sQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFTO0lBQzdCLE9BQU8sQ0FBQyxRQUFRLENBQUMsa0JBQWtCLENBQTRCO0lBRS9ELFlBQ0UsRUFBRSxFQUFFLDBCQUEwQixFQUNiLE1BQU0sRUFBRSx1QkFBdUIsRUFnQmpEO0lBRUQ7Ozs7Ozs7Ozs7Ozs7Ozs7T0FnQkc7SUFDRyxrQkFBa0IsQ0FDdEIsZ0JBQWdCLEVBQUUsVUFBVSxFQUM1QixXQUFXLEVBQUUsUUFBUSxFQUNyQixPQUFPLEVBQUUseUJBQXlCLEVBQ2xDLE1BQU0sRUFBRSxDQUFDLFdBQVcsRUFBRSxRQUFRLEtBQUssT0FBTyxDQUFDLFNBQVMsQ0FBQyxHQUNwRCxPQUFPLENBQUMsU0FBUyxDQUFDLENBNkNwQjtJQUVEOztPQUVHO0lBQ0gsSUFBSSxNQUFNLElBQUksTUFBTSxDQUVuQjtJQUVEOzs7T0FHRztJQUNILEtBQUssU0FFSjtJQUVEOzs7T0FHRztJQUNHLElBQUksa0JBR1Q7Q0FDRiJ9

package/dest/validator_ha_signer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validator_ha_signer.d.ts","sourceRoot":"","sources":["../src/validator_ha_signer.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAChE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iCAAiC,CAAC;AAGjE,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAC;AAG3D,OAAO,EACL,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,EAEhC,MAAM,YAAY,CAAC;AAEpB;;;;;;;;;;;;;;;;;;GAkBG;AACH,qBAAa,iBAAiB;IAM1B,OAAO,CAAC,QAAQ,CAAC,MAAM;IALzB,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAS;IAC7B,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAA4B;IAE/D,YACE,EAAE,EAAE,0BAA0B,EACb,MAAM,EAAE,uBAAuB,EAgBjD;IAED;;;;;;;;;;;;;;;;OAgBG;IACG,kBAAkB,CACtB,gBAAgB,EAAE,UAAU,EAC5B,WAAW,EAAE,QAAQ,EACrB,OAAO,EAAE,yBAAyB,EAClC,MAAM,EAAE,CAAC,WAAW,EAAE,QAAQ,KAAK,OAAO,CAAC,SAAS,CAAC,GACpD,OAAO,CAAC,SAAS,CAAC,CA6CpB;IAED;;OAEG;IACH,IAAI,MAAM,IAAI,MAAM,CAEnB;IAED;;;OAGG;IACH,KAAK,SAEJ;IAED;;;OAGG;IACG,IAAI,kBAGT;CACF"}

package/dest/validator_ha_signer.js

@@ -0,0 +1,127 @@
+/**
+ * Validator High Availability Signer
+ *
+ * Wraps signing operations with distributed locking and slashing protection.
+ * This ensures that even with multiple validator nodes running, only one
+ * node will sign for a given duty (slot + duty type).
+ */ import { createLogger } from '@aztec/foundation/log';
+import { DutyType } from './db/types.js';
+import { SlashingProtectionService } from './slashing_protection_service.js';
+import { getBlockNumberFromSigningContext } from './types.js';
+/**
+ * Validator High Availability Signer
+ *
+ * Provides signing capabilities with distributed locking for validators
+ * in a high-availability setup.
+ *
+ * Usage:
+ * ```
+ * const signer = new ValidatorHASigner(db, config);
+ *
+ * // Sign with slashing protection
+ * const signature = await signer.signWithProtection(
+ *   validatorAddress,
+ *   messageHash,
+ *   { slot: 100n, blockNumber: 50n, dutyType: 'BLOCK_PROPOSAL' },
+ *   async (root) => localSigner.signMessage(root),
+ * );
+ * ```
+ */ export class ValidatorHASigner {
+    config;
+    log;
+    slashingProtection;
+    constructor(db, config){
+        this.config = config;
+        this.log = createLogger('validator-ha-signer');
+        if (!config.haSigningEnabled) {
+            // this shouldn't happen, the validator should use different signer for non-HA setups
+            throw new Error('Validator HA Signer is not enabled in config');
+        }
+        if (!config.nodeId || config.nodeId === '') {
+            throw new Error('NODE_ID is required for high-availability setups');
+        }
+        this.slashingProtection = new SlashingProtectionService(db, config);
+        this.log.info('Validator HA Signer initialized with slashing protection', {
+            nodeId: config.nodeId
+        });
+    }
+    /**
+   * Sign a message with slashing protection.
+   *
+   * This method:
+   * 1. Acquires a distributed lock for (validator, slot, dutyType)
+   * 2. Calls the provided signing function
+   * 3. Records the result (success or failure)
+   *
+   * @param validatorAddress - The validator's Ethereum address
+   * @param messageHash - The hash to be signed
+   * @param context - The signing context (HA-protected duty types only)
+   * @param signFn - Function that performs the actual signing
+   * @returns The signature
+   *
+   * @throws DutyAlreadySignedError if the duty was already signed (expected in HA)
+   * @throws SlashingProtectionError if attempting to sign different data for same slot (expected in HA)
+   */ async signWithProtection(validatorAddress, messageHash, context, signFn) {
+        let dutyIdentifier;
+        if (context.dutyType === DutyType.BLOCK_PROPOSAL) {
+            dutyIdentifier = {
+                validatorAddress,
+                slot: context.slot,
+                blockIndexWithinCheckpoint: context.blockIndexWithinCheckpoint,
+                dutyType: context.dutyType
+            };
+        } else {
+            dutyIdentifier = {
+                validatorAddress,
+                slot: context.slot,
+                dutyType: context.dutyType
+            };
+        }
+        // Acquire lock and get the token for ownership verification
+        const blockNumber = getBlockNumberFromSigningContext(context);
+        const lockToken = await this.slashingProtection.checkAndRecord({
+            ...dutyIdentifier,
+            blockNumber,
+            messageHash: messageHash.toString(),
+            nodeId: this.config.nodeId
+        });
+        // Perform signing
+        let signature;
+        try {
+            signature = await signFn(messageHash);
+        } catch (error) {
+            // Delete duty to allow retry (only succeeds if we own the lock)
+            await this.slashingProtection.deleteDuty({
+                ...dutyIdentifier,
+                lockToken
+            });
+            throw error;
+        }
+        // Record success (only succeeds if we own the lock)
+        await this.slashingProtection.recordSuccess({
+            ...dutyIdentifier,
+            signature,
+            nodeId: this.config.nodeId,
+            lockToken
+        });
+        return signature;
+    }
+    /**
+   * Get the node ID for this signer
+   */ get nodeId() {
+        return this.config.nodeId;
+    }
+    /**
+   * Start the HA signer background tasks (cleanup of stuck duties).
+   * Should be called after construction and before signing operations.
+   */ start() {
+        this.slashingProtection.start();
+    }
+    /**
+   * Stop the HA signer background tasks and close database connection.
+   * Should be called during graceful shutdown.
+   */ async stop() {
+        await this.slashingProtection.stop();
+        await this.slashingProtection.close();
+    }
+}