@aztec/validator-ha-signer 0.0.1-commit.7ac86ea28 → 0.0.1-commit.7b86788

package/dest/validator_ha_signer.d.ts

@@ -8,8 +8,14 @@
 import type { Buffer32 } from '@aztec/foundation/buffer';
 import { EthAddress } from '@aztec/foundation/eth-address';
 import type { Signature } from '@aztec/foundation/eth-signature';
-import type { ValidatorHASignerConfig } from './config.js';
-import { type HAProtectedSigningContext, type SlashingProtectionDatabase } from './types.js';
+import type { DateProvider } from '@aztec/foundation/timer';
+import { type HAProtectedSigningContext, type ValidatorHASignerConfig } from '@aztec/stdlib/ha-signing';
+import type { HASignerMetrics } from './metrics.js';
+import type { SlashingProtectionDatabase } from './types.js';
+export interface ValidatorHASignerDeps {
+    metrics: HASignerMetrics;
+    dateProvider: DateProvider;
+}
 /**
  * Validator High Availability Signer
  *
@@ -34,7 +40,9 @@ export declare class ValidatorHASigner {
     private readonly log;
     private readonly slashingProtection;
     private readonly rollupAddress;
-    constructor(db: SlashingProtectionDatabase, config: ValidatorHASignerConfig);
+    private readonly dateProvider;
+    private readonly metrics;
+    constructor(db: SlashingProtectionDatabase, config: ValidatorHASignerConfig, deps: ValidatorHASignerDeps);
     /**
      * Sign a message with slashing protection.
      *
@@ -68,4 +76,4 @@ export declare class ValidatorHASigner {
      */
     stop(): Promise<void>;
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidmFsaWRhdG9yX2hhX3NpZ25lci5kLnRzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL3ZhbGlkYXRvcl9oYV9zaWduZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7Ozs7OztHQU1HO0FBQ0gsT0FBTyxLQUFLLEVBQUUsUUFBUSxFQUFFLE1BQU0sMEJBQTBCLENBQUM7QUFDekQsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLCtCQUErQixDQUFDO0FBQzNELE9BQU8sS0FBSyxFQUFFLFNBQVMsRUFBRSxNQUFNLGlDQUFpQyxDQUFDO0FBR2pFLE9BQU8sS0FBSyxFQUFFLHVCQUF1QixFQUFFLE1BQU0sYUFBYSxDQUFDO0FBRzNELE9BQU8sRUFDTCxLQUFLLHlCQUF5QixFQUM5QixLQUFLLDBCQUEwQixFQUVoQyxNQUFNLFlBQVksQ0FBQztBQUVwQjs7Ozs7Ozs7Ozs7Ozs7Ozs7O0dBa0JHO0FBQ0gscUJBQWEsaUJBQWlCO0lBTzFCLE9BQU8sQ0FBQyxRQUFRLENBQUMsTUFBTTtJQU56QixPQUFPLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBUztJQUM3QixPQUFPLENBQUMsUUFBUSxDQUFDLGtCQUFrQixDQUE0QjtJQUMvRCxPQUFPLENBQUMsUUFBUSxDQUFDLGFBQWEsQ0FBYTtJQUUzQyxZQUNFLEVBQUUsRUFBRSwwQkFBMEIsRUFDYixNQUFNLEVBQUUsdUJBQXVCLEVBa0JqRDtJQUVEOzs7Ozs7Ozs7Ozs7Ozs7O09BZ0JHO0lBQ0csa0JBQWtCLENBQ3RCLGdCQUFnQixFQUFFLFVBQVUsRUFDNUIsV0FBVyxFQUFFLFFBQVEsRUFDckIsT0FBTyxFQUFFLHlCQUF5QixFQUNsQyxNQUFNLEVBQUUsQ0FBQyxXQUFXLEVBQUUsUUFBUSxLQUFLLE9BQU8sQ0FBQyxTQUFTLENBQUMsR0FDcEQsT0FBTyxDQUFDLFNBQVMsQ0FBQyxDQStDcEI7SUFFRDs7T0FFRztJQUNILElBQUksTUFBTSxJQUFJLE1BQU0sQ0FFbkI7SUFFRDs7O09BR0c7SUFDRyxLQUFLLGtCQUVWO0lBRUQ7OztPQUdHO0lBQ0csSUFBSSxrQkFHVDtDQUNGIn0=
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidmFsaWRhdG9yX2hhX3NpZ25lci5kLnRzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL3ZhbGlkYXRvcl9oYV9zaWduZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7Ozs7OztHQU1HO0FBQ0gsT0FBTyxLQUFLLEVBQUUsUUFBUSxFQUFFLE1BQU0sMEJBQTBCLENBQUM7QUFDekQsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLCtCQUErQixDQUFDO0FBQzNELE9BQU8sS0FBSyxFQUFFLFNBQVMsRUFBRSxNQUFNLGlDQUFpQyxDQUFDO0FBRWpFLE9BQU8sS0FBSyxFQUFFLFlBQVksRUFBRSxNQUFNLHlCQUF5QixDQUFDO0FBQzVELE9BQU8sRUFFTCxLQUFLLHlCQUF5QixFQUM5QixLQUFLLHVCQUF1QixFQUU3QixNQUFNLDBCQUEwQixDQUFDO0FBR2xDLE9BQU8sS0FBSyxFQUFFLGVBQWUsRUFBRSxNQUFNLGNBQWMsQ0FBQztBQUVwRCxPQUFPLEtBQUssRUFBRSwwQkFBMEIsRUFBRSxNQUFNLFlBQVksQ0FBQztBQUU3RCxNQUFNLFdBQVcscUJBQXFCO0lBQ3BDLE9BQU8sRUFBRSxlQUFlLENBQUM7SUFDekIsWUFBWSxFQUFFLFlBQVksQ0FBQztDQUM1QjtBQUVEOzs7Ozs7Ozs7Ozs7Ozs7Ozs7R0FrQkc7QUFDSCxxQkFBYSxpQkFBaUI7SUFVMUIsT0FBTyxDQUFDLFFBQVEsQ0FBQyxNQUFNO0lBVHpCLE9BQU8sQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFTO0lBQzdCLE9BQU8sQ0FBQyxRQUFRLENBQUMsa0JBQWtCLENBQTRCO0lBQy9ELE9BQU8sQ0FBQyxRQUFRLENBQUMsYUFBYSxDQUFhO0lBRTNDLE9BQU8sQ0FBQyxRQUFRLENBQUMsWUFBWSxDQUFlO0lBQzVDLE9BQU8sQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFrQjtJQUUxQyxZQUNFLEVBQUUsRUFBRSwwQkFBMEIsRUFDYixNQUFNLEVBQUUsdUJBQXVCLEVBQ2hELElBQUksRUFBRSxxQkFBcUIsRUF3QjVCO0lBRUQ7Ozs7Ozs7Ozs7Ozs7Ozs7T0FnQkc7SUFDRyxrQkFBa0IsQ0FDdEIsZ0JBQWdCLEVBQUUsVUFBVSxFQUM1QixXQUFXLEVBQUUsUUFBUSxFQUNyQixPQUFPLEVBQUUseUJBQXlCLEVBQ2xDLE1BQU0sRUFBRSxDQUFDLFdBQVcsRUFBRSxRQUFRLEtBQUssT0FBTyxDQUFDLFNBQVMsQ0FBQyxHQUNwRCxPQUFPLENBQUMsU0FBUyxDQUFDLENBdURwQjtJQUVEOztPQUVHO0lBQ0gsSUFBSSxNQUFNLElBQUksTUFBTSxDQUVuQjtJQUVEOzs7T0FHRztJQUNHLEtBQUssa0JBRVY7SUFFRDs7O09BR0c7SUFDRyxJQUFJLGtCQUdUO0NBQ0YifQ==

package/dest/validator_ha_signer.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"validator_ha_signer.d.ts","sourceRoot":"","sources":["../src/validator_ha_signer.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAC3D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iCAAiC,CAAC;AAGjE,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAC;AAG3D,OAAO,EACL,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,EAEhC,MAAM,YAAY,CAAC;AAEpB;;;;;;;;;;;;;;;;;;GAkBG;AACH,qBAAa,iBAAiB;IAO1B,OAAO,CAAC,QAAQ,CAAC,MAAM;IANzB,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAS;IAC7B,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAA4B;IAC/D,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAa;IAE3C,YACE,EAAE,EAAE,0BAA0B,EACb,MAAM,EAAE,uBAAuB,EAkBjD;IAED;;;;;;;;;;;;;;;;OAgBG;IACG,kBAAkB,CACtB,gBAAgB,EAAE,UAAU,EAC5B,WAAW,EAAE,QAAQ,EACrB,OAAO,EAAE,yBAAyB,EAClC,MAAM,EAAE,CAAC,WAAW,EAAE,QAAQ,KAAK,OAAO,CAAC,SAAS,CAAC,GACpD,OAAO,CAAC,SAAS,CAAC,CA+CpB;IAED;;OAEG;IACH,IAAI,MAAM,IAAI,MAAM,CAEnB;IAED;;;OAGG;IACG,KAAK,kBAEV;IAED;;;OAGG;IACG,IAAI,kBAGT;CACF"}
+{"version":3,"file":"validator_ha_signer.d.ts","sourceRoot":"","sources":["../src/validator_ha_signer.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAC3D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iCAAiC,CAAC;AAEjE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAEL,KAAK,yBAAyB,EAC9B,KAAK,uBAAuB,EAE7B,MAAM,0BAA0B,CAAC;AAGlC,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAEpD,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,YAAY,CAAC;AAE7D,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,eAAe,CAAC;IACzB,YAAY,EAAE,YAAY,CAAC;CAC5B;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,qBAAa,iBAAiB;IAU1B,OAAO,CAAC,QAAQ,CAAC,MAAM;IATzB,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAS;IAC7B,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAA4B;IAC/D,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAa;IAE3C,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAe;IAC5C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAkB;IAE1C,YACE,EAAE,EAAE,0BAA0B,EACb,MAAM,EAAE,uBAAuB,EAChD,IAAI,EAAE,qBAAqB,EAwB5B;IAED;;;;;;;;;;;;;;;;OAgBG;IACG,kBAAkB,CACtB,gBAAgB,EAAE,UAAU,EAC5B,WAAW,EAAE,QAAQ,EACrB,OAAO,EAAE,yBAAyB,EAClC,MAAM,EAAE,CAAC,WAAW,EAAE,QAAQ,KAAK,OAAO,CAAC,SAAS,CAAC,GACpD,OAAO,CAAC,SAAS,CAAC,CAuDpB;IAED;;OAEG;IACH,IAAI,MAAM,IAAI,MAAM,CAEnB;IAED;;;OAGG;IACG,KAAK,kBAEV;IAED;;;OAGG;IACG,IAAI,kBAGT;CACF"}

package/dest/validator_ha_signer.js

@@ -5,9 +5,8 @@
  * This ensures that even with multiple validator nodes running, only one
  * node will sign for a given duty (slot + duty type).
  */ import { createLogger } from '@aztec/foundation/log';
-import { DutyType } from './db/types.js';
+import { DutyType, getBlockNumberFromSigningContext } from '@aztec/stdlib/ha-signing';
 import { SlashingProtectionService } from './slashing_protection_service.js';
-import { getBlockNumberFromSigningContext } from './types.js';
 /**
  * Validator High Availability Signer
  *
@@ -31,9 +30,13 @@ import { getBlockNumberFromSigningContext } from './types.js';
     log;
     slashingProtection;
     rollupAddress;
-    constructor(db, config){
+    dateProvider;
+    metrics;
+    constructor(db, config, deps){
         this.config = config;
         this.log = createLogger('validator-ha-signer');
+        this.metrics = deps.metrics;
+        this.dateProvider = deps.dateProvider;
         if (!config.haSigningEnabled) {
             // this shouldn't happen, the validator should use different signer for non-HA setups
             throw new Error('Validator HA Signer is not enabled in config');
@@ -42,7 +45,10 @@ import { getBlockNumberFromSigningContext } from './types.js';
             throw new Error('NODE_ID is required for high-availability setups');
         }
         this.rollupAddress = config.l1Contracts.rollupAddress;
-        this.slashingProtection = new SlashingProtectionService(db, config);
+        this.slashingProtection = new SlashingProtectionService(db, config, {
+            metrics: deps.metrics,
+            dateProvider: deps.dateProvider
+        });
         this.log.info('Validator HA Signer initialized with slashing protection', {
             nodeId: config.nodeId,
             rollupAddress: this.rollupAddress.toString()
@@ -65,6 +71,8 @@ import { getBlockNumberFromSigningContext } from './types.js';
    * @throws DutyAlreadySignedError if the duty was already signed (expected in HA)
    * @throws SlashingProtectionError if attempting to sign different data for same slot (expected in HA)
    */ async signWithProtection(validatorAddress, messageHash, context, signFn) {
+        const startTime = this.dateProvider.now();
+        const dutyType = context.dutyType;
         let dutyIdentifier;
         if (context.dutyType === DutyType.BLOCK_PROPOSAL) {
             dutyIdentifier = {
@@ -83,6 +91,7 @@ import { getBlockNumberFromSigningContext } from './types.js';
             };
         }
         // Acquire lock and get the token for ownership verification
+        // DutyAlreadySignedError and SlashingProtectionError may be thrown here and are recorded in the service
         const blockNumber = getBlockNumberFromSigningContext(context);
         const lockToken = await this.slashingProtection.checkAndRecord({
             ...dutyIdentifier,
@@ -100,6 +109,7 @@ import { getBlockNumberFromSigningContext } from './types.js';
                 ...dutyIdentifier,
                 lockToken
             });
+            this.metrics.recordSigningError(dutyType);
             throw error;
         }
         // Record success (only succeeds if we own the lock)
@@ -109,6 +119,8 @@ import { getBlockNumberFromSigningContext } from './types.js';
             nodeId: this.config.nodeId,
             lockToken
         });
+        const duration = this.dateProvider.now() - startTime;
+        this.metrics.recordSigningSuccess(dutyType, duration);
         return signature;
     }
     /**

package/package.json

@@ -1,12 +1,12 @@
 {
   "name": "@aztec/validator-ha-signer",
-  "version": "0.0.1-commit.7ac86ea28",
+  "version": "0.0.1-commit.7b86788",
   "type": "module",
   "exports": {
-    "./config": "./dest/config.js",
     "./db": "./dest/db/index.js",
     "./errors": "./dest/errors.js",
     "./factory": "./dest/factory.js",
+    "./metrics": "./dest/metrics.js",
     "./migrations": "./dest/migrations.js",
     "./slashing-protection-service": "./dest/slashing_protection_service.js",
     "./types": "./dest/types.js",
@@ -15,10 +15,10 @@
   },
   "typedocOptions": {
     "entryPoints": [
-      "./src/config.ts",
       "./src/db/index.ts",
       "./src/errors.ts",
       "./src/factory.ts",
+      "./src/metrics.ts",
       "./src/migrations.ts",
       "./src/slashing_protection_service.ts",
       "./src/types.ts",
@@ -74,8 +74,10 @@
     ]
   },
   "dependencies": {
-    "@aztec/ethereum": "0.0.1-commit.7ac86ea28",
-    "@aztec/foundation": "0.0.1-commit.7ac86ea28",
+    "@aztec/ethereum": "0.0.1-commit.7b86788",
+    "@aztec/foundation": "0.0.1-commit.7b86788",
+    "@aztec/stdlib": "0.0.1-commit.7b86788",
+    "@aztec/telemetry-client": "0.0.1-commit.7b86788",
     "node-pg-migrate": "^8.0.4",
     "pg": "^8.11.3",
     "tslib": "^2.4.0",

package/src/db/types.ts

@@ -1,6 +1,7 @@
 import type { BlockNumber, CheckpointNumber, IndexWithinCheckpoint, SlotNumber } from '@aztec/foundation/branded-types';
 import type { EthAddress } from '@aztec/foundation/eth-address';
 import type { Signature } from '@aztec/foundation/eth-signature';
+import { DutyType } from '@aztec/stdlib/ha-signing';
 
 /**
  * Row type from PostgreSQL query
@@ -29,20 +30,6 @@ export interface InsertOrGetRow extends DutyRow {
   is_new: boolean;
 }
 
-/**
- * Type of validator duty being performed
- */
-export enum DutyType {
-  BLOCK_PROPOSAL = 'BLOCK_PROPOSAL',
-  CHECKPOINT_PROPOSAL = 'CHECKPOINT_PROPOSAL',
-  ATTESTATION = 'ATTESTATION',
-  ATTESTATIONS_AND_SIGNERS = 'ATTESTATIONS_AND_SIGNERS',
-  GOVERNANCE_VOTE = 'GOVERNANCE_VOTE',
-  SLASHING_VOTE = 'SLASHING_VOTE',
-  AUTH_REQUEST = 'AUTH_REQUEST',
-  TXS = 'TXS',
-}
-
 /**
  * Status of a duty in the database
  */
@@ -51,6 +38,9 @@ export enum DutyStatus {
   SIGNED = 'signed',
 }
 
+// Re-export DutyType from stdlib
+export { DutyType };
+
 /**
  * Record of a validator duty in the database
  */

package/src/factory.ts

@@ -1,10 +1,14 @@
 /**
  * Factory functions for creating validator HA signers
  */
+import { DateProvider } from '@aztec/foundation/timer';
+import type { ValidatorHASignerConfig } from '@aztec/stdlib/ha-signing';
+import { getTelemetryClient } from '@aztec/telemetry-client';
+
 import { Pool } from 'pg';
 
-import type { ValidatorHASignerConfig } from './config.js';
 import { PostgresSlashingProtectionDatabase } from './db/postgres.js';
+import { HASignerMetrics } from './metrics.js';
 import type { CreateHASignerDeps, SlashingProtectionDatabase } from './types.js';
 import { ValidatorHASigner } from './validator_ha_signer.js';
 
@@ -55,6 +59,10 @@ export async function createHASigner(
   if (!databaseUrl) {
     throw new Error('databaseUrl is required for createHASigner');
   }
+
+  const telemetryClient = deps?.telemetryClient ?? getTelemetryClient();
+  const dateProvider = deps?.dateProvider ?? new DateProvider();
+
   // Create connection pool (or use provided pool)
   let pool: Pool;
   if (!deps?.pool) {
@@ -75,8 +83,11 @@ export async function createHASigner(
   // Verify database schema is initialized and version matches
   await db.initialize();
 
+  // Create metrics
+  const metrics = new HASignerMetrics(telemetryClient, signerConfig.nodeId);
+
   // Create signer
-  const signer = new ValidatorHASigner(db, { ...signerConfig, databaseUrl });
+  const signer = new ValidatorHASigner(db, { ...signerConfig, databaseUrl }, { metrics, dateProvider });
 
   return { signer, db };
 }

package/src/metrics.ts

@@ -0,0 +1,138 @@
+import {
+  Attributes,
+  type Histogram,
+  Metrics,
+  type TelemetryClient,
+  type UpDownCounter,
+  createUpDownCounterWithDefault,
+} from '@aztec/telemetry-client';
+
+export type HACleanupType = 'stuck' | 'old' | 'outdated_rollup';
+
+/**
+ * Metrics for HA signer tracking signing operations, lock acquisition, and cleanup.
+ */
+export class HASignerMetrics {
+  // Signing lifecycle metrics
+  private signingDuration: Histogram;
+  private signingSuccessCount: UpDownCounter;
+  private dutyAlreadySignedCount: UpDownCounter;
+  private slashingProtectionCount: UpDownCounter;
+  private signingErrorCount: UpDownCounter;
+
+  // Lock acquisition metrics
+  private lockAcquiredCount: UpDownCounter;
+
+  // Cleanup metrics
+  private cleanupStuckDutiesCount: UpDownCounter;
+  private cleanupOldDutiesCount: UpDownCounter;
+  private cleanupOutdatedRollupDutiesCount: UpDownCounter;
+
+  constructor(
+    client: TelemetryClient,
+    private nodeId: string,
+    name = 'HASignerMetrics',
+  ) {
+    const meter = client.getMeter(name);
+
+    // Signing lifecycle
+    this.signingDuration = meter.createHistogram(Metrics.HA_SIGNER_SIGNING_DURATION);
+    this.signingSuccessCount = createUpDownCounterWithDefault(meter, Metrics.HA_SIGNER_SIGNING_SUCCESS_COUNT);
+    this.dutyAlreadySignedCount = createUpDownCounterWithDefault(meter, Metrics.HA_SIGNER_DUTY_ALREADY_SIGNED_COUNT);
+    this.slashingProtectionCount = createUpDownCounterWithDefault(meter, Metrics.HA_SIGNER_SLASHING_PROTECTION_COUNT);
+    this.signingErrorCount = createUpDownCounterWithDefault(meter, Metrics.HA_SIGNER_SIGNING_ERROR_COUNT);
+
+    // Lock acquisition
+    this.lockAcquiredCount = createUpDownCounterWithDefault(meter, Metrics.HA_SIGNER_LOCK_ACQUIRED_COUNT);
+
+    // Cleanup
+    this.cleanupStuckDutiesCount = createUpDownCounterWithDefault(meter, Metrics.HA_SIGNER_CLEANUP_STUCK_DUTIES_COUNT);
+    this.cleanupOldDutiesCount = createUpDownCounterWithDefault(meter, Metrics.HA_SIGNER_CLEANUP_OLD_DUTIES_COUNT);
+    this.cleanupOutdatedRollupDutiesCount = createUpDownCounterWithDefault(
+      meter,
+      Metrics.HA_SIGNER_CLEANUP_OUTDATED_ROLLUP_DUTIES_COUNT,
+    );
+  }
+
+  /**
+   * Record a successful signing operation.
+   * @param dutyType - The type of duty signed
+   * @param durationMs - Duration from start of signWithProtection to completion
+   */
+  public recordSigningSuccess(dutyType: string, durationMs: number): void {
+    const attributes = {
+      [Attributes.HA_DUTY_TYPE]: dutyType,
+      [Attributes.HA_NODE_ID]: this.nodeId,
+    };
+    this.signingSuccessCount.add(1, attributes);
+    this.signingDuration.record(durationMs, attributes);
+  }
+
+  /**
+   * Record a DutyAlreadySignedError (expected in HA; another node signed first).
+   * @param dutyType - The type of duty
+   */
+  public recordDutyAlreadySigned(dutyType: string): void {
+    const attributes = {
+      [Attributes.HA_DUTY_TYPE]: dutyType,
+      [Attributes.HA_NODE_ID]: this.nodeId,
+    };
+    this.dutyAlreadySignedCount.add(1, attributes);
+  }
+
+  /**
+   * Record a SlashingProtectionError (attempted to sign different data for same duty).
+   * @param dutyType - The type of duty
+   */
+  public recordSlashingProtection(dutyType: string): void {
+    const attributes = {
+      [Attributes.HA_DUTY_TYPE]: dutyType,
+      [Attributes.HA_NODE_ID]: this.nodeId,
+    };
+    this.slashingProtectionCount.add(1, attributes);
+  }
+
+  /**
+   * Record a signing function failure (lock will be deleted for retry).
+   * @param dutyType - The type of duty
+   */
+  public recordSigningError(dutyType: string): void {
+    const attributes = {
+      [Attributes.HA_DUTY_TYPE]: dutyType,
+      [Attributes.HA_NODE_ID]: this.nodeId,
+    };
+    this.signingErrorCount.add(1, attributes);
+  }
+
+  /**
+   * Record lock acquisition.
+   * @param acquired - Whether a new lock was acquired (true) or existing record found (false)
+   */
+  public recordLockAcquire(acquired: boolean): void {
+    if (acquired) {
+      const attributes = {
+        [Attributes.HA_NODE_ID]: this.nodeId,
+      };
+      this.lockAcquiredCount.add(1, attributes);
+    }
+  }
+
+  /**
+   * Record cleanup metrics.
+   * @param type - Type of cleanup
+   * @param count - Number of duties cleaned up
+   */
+  public recordCleanup(type: HACleanupType, count: number): void {
+    const attributes = {
+      [Attributes.HA_NODE_ID]: this.nodeId,
+    };
+
+    if (type === 'stuck') {
+      this.cleanupStuckDutiesCount.add(count, attributes);
+    } else if (type === 'old') {
+      this.cleanupOldDutiesCount.add(count, attributes);
+    } else if (type === 'outdated_rollup') {
+      this.cleanupOutdatedRollupDutiesCount.add(count, attributes);
+    }
+  }
+}

package/src/slashing_protection_service.ts

@@ -7,6 +7,8 @@
 import { type Logger, createLogger } from '@aztec/foundation/log';
 import { RunningPromise } from '@aztec/foundation/promise';
 import { sleep } from '@aztec/foundation/sleep';
+import type { DateProvider } from '@aztec/foundation/timer';
+import type { ValidatorHASignerConfig } from '@aztec/stdlib/ha-signing';
 
 import {
   type CheckAndRecordParams,
@@ -16,7 +18,13 @@ import {
   getBlockIndexFromDutyIdentifier,
 } from './db/types.js';
 import { DutyAlreadySignedError, SlashingProtectionError } from './errors.js';
-import type { SlashingProtectionDatabase, ValidatorHASignerConfig } from './types.js';
+import type { HASignerMetrics } from './metrics.js';
+import type { SlashingProtectionDatabase } from './types.js';
+
+export interface SlashingProtectionServiceDeps {
+  metrics: HASignerMetrics;
+  dateProvider: DateProvider;
+}
 
 /**
  * Slashing Protection Service
@@ -39,12 +47,16 @@ export class SlashingProtectionService {
   private readonly signingTimeoutMs: number;
   private readonly maxStuckDutiesAgeMs: number;
 
+  private readonly metrics: HASignerMetrics;
+  private readonly dateProvider: DateProvider;
+
   private cleanupRunningPromise: RunningPromise;
   private lastOldDutiesCleanupAtMs?: number;
 
   constructor(
     private readonly db: SlashingProtectionDatabase,
     private readonly config: ValidatorHASignerConfig,
+    deps: SlashingProtectionServiceDeps,
   ) {
     this.log = createLogger('slashing-protection');
     this.pollingIntervalMs = config.pollingIntervalMs;
@@ -53,6 +65,8 @@ export class SlashingProtectionService {
     this.maxStuckDutiesAgeMs = config.maxStuckDutiesAgeMs ?? 144_000;
 
     this.cleanupRunningPromise = new RunningPromise(this.cleanup.bind(this), this.log, this.maxStuckDutiesAgeMs);
+    this.metrics = deps.metrics;
+    this.dateProvider = deps.dateProvider;
   }
 
   /**
@@ -72,7 +86,7 @@ export class SlashingProtectionService {
    */
   async checkAndRecord(params: CheckAndRecordParams): Promise<string> {
     const { validatorAddress, slot, dutyType, messageHash, nodeId } = params;
-    const startTime = Date.now();
+    const startTime = this.dateProvider.now();
 
     this.log.debug(`Checking duty: ${dutyType} for slot ${slot}`, {
       validatorAddress: validatorAddress.toString(),
@@ -89,6 +103,7 @@ export class SlashingProtectionService {
           validatorAddress: validatorAddress.toString(),
           nodeId,
         });
+        this.metrics.recordLockAcquire(true);
         return record.lockToken;
       }
 
@@ -103,6 +118,7 @@ export class SlashingProtectionService {
             existingNodeId: record.nodeId,
             attemptingNodeId: nodeId,
           });
+          this.metrics.recordSlashingProtection(dutyType);
           throw new SlashingProtectionError(
             slot,
             dutyType,
@@ -112,15 +128,17 @@ export class SlashingProtectionService {
             record.nodeId,
           );
         }
+        this.metrics.recordDutyAlreadySigned(dutyType);
         throw new DutyAlreadySignedError(slot, dutyType, record.blockIndexWithinCheckpoint, record.nodeId);
       } else if (record.status === DutyStatus.SIGNING) {
         // Another node is currently signing - check for timeout
-        if (Date.now() - startTime > this.signingTimeoutMs) {
+        if (this.dateProvider.now() - startTime > this.signingTimeoutMs) {
           this.log.warn(`Timeout waiting for signing to complete for duty ${dutyType} at slot ${slot}`, {
             validatorAddress: validatorAddress.toString(),
             timeoutMs: this.signingTimeoutMs,
             signingNodeId: record.nodeId,
           });
+          this.metrics.recordDutyAlreadySigned(dutyType);
           throw new DutyAlreadySignedError(slot, dutyType, record.blockIndexWithinCheckpoint, 'unknown (timeout)');
         }
 
@@ -228,6 +246,7 @@ export class SlashingProtectionService {
       this.log.info(`Cleaned up ${numOutdatedRollupDuties} duties with outdated rollup address at startup`, {
         currentRollupAddress: this.config.l1Contracts.rollupAddress.toString(),
       });
+      this.metrics.recordCleanup('outdated_rollup', numOutdatedRollupDuties);
     }
 
     this.cleanupRunningPromise.start();
@@ -263,13 +282,14 @@ export class SlashingProtectionService {
         nodeId: this.config.nodeId,
         maxStuckDutiesAgeMs: this.maxStuckDutiesAgeMs,
       });
+      this.metrics.recordCleanup('stuck', numStuckDuties);
     }
 
     // 2. Clean up old signed duties if configured
     // we shouldn't run this as often as stuck duty cleanup.
     if (this.config.cleanupOldDutiesAfterHours !== undefined) {
       const maxAgeMs = this.config.cleanupOldDutiesAfterHours * 60 * 60 * 1000;
-      const nowMs = Date.now();
+      const nowMs = this.dateProvider.now();
       const shouldRun =
         this.lastOldDutiesCleanupAtMs === undefined || nowMs - this.lastOldDutiesCleanupAtMs >= maxAgeMs;
       if (shouldRun) {
@@ -280,6 +300,7 @@ export class SlashingProtectionService {
             cleanupOldDutiesAfterHours: this.config.cleanupOldDutiesAfterHours,
             maxAgeMs,
           });
+          this.metrics.recordCleanup('old', numOldDuties);
         }
       }
     }

package/src/types.ts

@@ -1,24 +1,27 @@
-import {
-  BlockNumber,
-  type CheckpointNumber,
-  type IndexWithinCheckpoint,
-  type SlotNumber,
-} from '@aztec/foundation/branded-types';
+import { SlotNumber } from '@aztec/foundation/branded-types';
 import type { EthAddress } from '@aztec/foundation/eth-address';
+import { DateProvider } from '@aztec/foundation/timer';
+import {
+  DutyType,
+  type HAProtectedSigningContext,
+  type SigningContext,
+  type ValidatorHASignerConfig,
+  getBlockNumberFromSigningContext as getBlockNumberFromSigningContextFromStdlib,
+  isHAProtectedContext,
+} from '@aztec/stdlib/ha-signing';
+import type { TelemetryClient } from '@aztec/telemetry-client';
 
 import type { Pool } from 'pg';
 
-import type { ValidatorHASignerConfig } from './config.js';
-import {
-  type BlockProposalDutyIdentifier,
-  type CheckAndRecordParams,
-  type DeleteDutyParams,
-  type DutyIdentifier,
-  type DutyRow,
-  DutyType,
-  type OtherDutyIdentifier,
-  type RecordSuccessParams,
-  type ValidatorDutyRecord,
+import type {
+  BlockProposalDutyIdentifier,
+  CheckAndRecordParams,
+  DeleteDutyParams,
+  DutyIdentifier,
+  DutyRow,
+  OtherDutyIdentifier,
+  RecordSuccessParams,
+  ValidatorDutyRecord,
 } from './db/types.js';
 
 export type {
@@ -27,12 +30,16 @@ export type {
   DeleteDutyParams,
   DutyIdentifier,
   DutyRow,
+  HAProtectedSigningContext,
   OtherDutyIdentifier,
   RecordSuccessParams,
+  SigningContext,
   ValidatorDutyRecord,
   ValidatorHASignerConfig,
 };
 export { DutyStatus, DutyType, getBlockIndexFromDutyIdentifier, normalizeBlockIndex } from './db/types.js';
+export { isHAProtectedContext };
+export { getBlockNumberFromSigningContextFromStdlib as getBlockNumberFromSigningContext };
 
 /**
  * Result of tryInsertOrGetExisting operation
@@ -53,100 +60,16 @@ export interface CreateHASignerDeps {
    * If provided, databaseUrl and poolConfig are ignored
    */
   pool?: Pool;
-}
-
-/**
- * Base context for signing operations
- */
-interface BaseSigningContext {
-  /** Slot number for this duty */
-  slot: SlotNumber;
   /**
-   * Block or checkpoint number for this duty.
-   * For block proposals, this is the block number.
-   * For checkpoint proposals, this is the checkpoint number.
+   * Optional telemetry client for metrics
    */
-  blockNumber: BlockNumber | CheckpointNumber;
-}
-
-/**
- * Signing context for block proposals.
- * blockIndexWithinCheckpoint is REQUIRED and must be >= 0.
- */
-export interface BlockProposalSigningContext extends BaseSigningContext {
-  /** Block index within checkpoint (0, 1, 2...). Required for block proposals. */
-  blockIndexWithinCheckpoint: IndexWithinCheckpoint;
-  dutyType: DutyType.BLOCK_PROPOSAL;
-}
-
-/**
- * Signing context for non-block-proposal duties that require HA protection.
- * blockIndexWithinCheckpoint is not applicable (internally always -1).
- */
-export interface OtherSigningContext extends BaseSigningContext {
-  dutyType: DutyType.CHECKPOINT_PROPOSAL | DutyType.ATTESTATION | DutyType.ATTESTATIONS_AND_SIGNERS;
-}
-
-/**
- * Signing context for governance/slashing votes which only need slot for HA protection.
- * blockNumber is not applicable (internally always 0).
- */
-export interface VoteSigningContext {
-  slot: SlotNumber;
-  dutyType: DutyType.GOVERNANCE_VOTE | DutyType.SLASHING_VOTE;
-}
-
-/**
- * Signing context for duties which don't require slot/blockNumber
- * as they don't need HA protection (AUTH_REQUEST, TXS).
- */
-export interface NoHAProtectionSigningContext {
-  dutyType: DutyType.AUTH_REQUEST | DutyType.TXS;
-}
-
-/**
- * Signing contexts that require HA protection (excludes AUTH_REQUEST).
- * Used by the HA signer's signWithProtection method.
- */
-export type HAProtectedSigningContext = BlockProposalSigningContext | OtherSigningContext | VoteSigningContext;
-
-/**
- * Type guard to check if a SigningContext requires HA protection.
- * Returns true for contexts that need HA protection, false for AUTH_REQUEST and TXS.
- */
-export function isHAProtectedContext(context: SigningContext): context is HAProtectedSigningContext {
-  return context.dutyType !== DutyType.AUTH_REQUEST && context.dutyType !== DutyType.TXS;
-}
-
-/**
- * Gets the block number from a signing context.
- * - Vote duties (GOVERNANCE_VOTE, SLASHING_VOTE): returns BlockNumber(0)
- * - Other duties: returns the blockNumber from the context
- */
-export function getBlockNumberFromSigningContext(context: HAProtectedSigningContext): BlockNumber | CheckpointNumber {
-  // Check for duty types that have blockNumber
-  if (
-    context.dutyType === DutyType.BLOCK_PROPOSAL ||
-    context.dutyType === DutyType.CHECKPOINT_PROPOSAL ||
-    context.dutyType === DutyType.ATTESTATION ||
-    context.dutyType === DutyType.ATTESTATIONS_AND_SIGNERS
-  ) {
-    return context.blockNumber;
-  }
-  // Vote duties (GOVERNANCE_VOTE, SLASHING_VOTE) don't have blockNumber
-  return BlockNumber(0);
+  telemetryClient?: TelemetryClient;
+  /**
+   * Optional date provider for timestamps
+   */
+  dateProvider?: DateProvider;
 }
 
-/**
- * Context required for slashing protection during signing operations.
- * Uses discriminated union to enforce type safety:
- * - BLOCK_PROPOSAL duties MUST have blockIndexWithinCheckpoint >= 0
- * - Other duty types do NOT have blockIndexWithinCheckpoint (internally -1)
- * - Vote duties only need slot (blockNumber is internally 0)
- * - AUTH_REQUEST and TXS duties don't need slot/blockNumber (no HA protection needed)
- */
-export type SigningContext = HAProtectedSigningContext | NoHAProtectionSigningContext;
-
 /**
  * Database interface for slashing protection operations
  * This abstraction allows for different database implementations (PostgreSQL, SQLite, etc.)