@aztec/validator-ha-signer 0.0.1-commit.7cf39cb55 → 0.0.1-commit.7ffbba4

package/dest/types.js

@@ -1,21 +1,4 @@
-import { BlockNumber } from '@aztec/foundation/branded-types';
-import { DutyType } from './db/types.js';
+import { getBlockNumberFromSigningContext as getBlockNumberFromSigningContextFromStdlib, isHAProtectedContext } from '@aztec/stdlib/ha-signing';
 export { DutyStatus, DutyType, getBlockIndexFromDutyIdentifier, normalizeBlockIndex } from './db/types.js';
-/**
- * Type guard to check if a SigningContext requires HA protection.
- * Returns true for contexts that need HA protection, false for AUTH_REQUEST and TXS.
- */ export function isHAProtectedContext(context) {
-    return context.dutyType !== DutyType.AUTH_REQUEST && context.dutyType !== DutyType.TXS;
-}
-/**
- * Gets the block number from a signing context.
- * - Vote duties (GOVERNANCE_VOTE, SLASHING_VOTE): returns BlockNumber(0)
- * - Other duties: returns the blockNumber from the context
- */ export function getBlockNumberFromSigningContext(context) {
-    // Check for duty types that have blockNumber
-    if (context.dutyType === DutyType.BLOCK_PROPOSAL || context.dutyType === DutyType.CHECKPOINT_PROPOSAL || context.dutyType === DutyType.ATTESTATION || context.dutyType === DutyType.ATTESTATIONS_AND_SIGNERS) {
-        return context.blockNumber;
-    }
-    // Vote duties (GOVERNANCE_VOTE, SLASHING_VOTE) don't have blockNumber
-    return BlockNumber(0);
-}
+export { isHAProtectedContext };
+export { getBlockNumberFromSigningContextFromStdlib as getBlockNumberFromSigningContext };

package/dest/validator_ha_signer.d.ts

@@ -8,8 +8,14 @@
 import type { Buffer32 } from '@aztec/foundation/buffer';
 import { EthAddress } from '@aztec/foundation/eth-address';
 import type { Signature } from '@aztec/foundation/eth-signature';
-import type { ValidatorHASignerConfig } from './config.js';
-import { type HAProtectedSigningContext, type SlashingProtectionDatabase } from './types.js';
+import type { DateProvider } from '@aztec/foundation/timer';
+import { type BaseSignerConfig, type HAProtectedSigningContext } from '@aztec/stdlib/ha-signing';
+import type { HASignerMetrics } from './metrics.js';
+import type { SlashingProtectionDatabase } from './types.js';
+export interface ValidatorHASignerDeps {
+    metrics: HASignerMetrics;
+    dateProvider: DateProvider;
+}
 /**
  * Validator High Availability Signer
  *
@@ -34,7 +40,9 @@ export declare class ValidatorHASigner {
     private readonly log;
     private readonly slashingProtection;
     private readonly rollupAddress;
-    constructor(db: SlashingProtectionDatabase, config: ValidatorHASignerConfig);
+    private readonly dateProvider;
+    private readonly metrics;
+    constructor(db: SlashingProtectionDatabase, config: BaseSignerConfig, deps: ValidatorHASignerDeps);
     /**
      * Sign a message with slashing protection.
      *
@@ -68,4 +76,4 @@ export declare class ValidatorHASigner {
      */
     stop(): Promise<void>;
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidmFsaWRhdG9yX2hhX3NpZ25lci5kLnRzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL3ZhbGlkYXRvcl9oYV9zaWduZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7Ozs7OztHQU1HO0FBQ0gsT0FBTyxLQUFLLEVBQUUsUUFBUSxFQUFFLE1BQU0sMEJBQTBCLENBQUM7QUFDekQsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLCtCQUErQixDQUFDO0FBQzNELE9BQU8sS0FBSyxFQUFFLFNBQVMsRUFBRSxNQUFNLGlDQUFpQyxDQUFDO0FBR2pFLE9BQU8sS0FBSyxFQUFFLHVCQUF1QixFQUFFLE1BQU0sYUFBYSxDQUFDO0FBRzNELE9BQU8sRUFDTCxLQUFLLHlCQUF5QixFQUM5QixLQUFLLDBCQUEwQixFQUVoQyxNQUFNLFlBQVksQ0FBQztBQUVwQjs7Ozs7Ozs7Ozs7Ozs7Ozs7O0dBa0JHO0FBQ0gscUJBQWEsaUJBQWlCO0lBTzFCLE9BQU8sQ0FBQyxRQUFRLENBQUMsTUFBTTtJQU56QixPQUFPLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBUztJQUM3QixPQUFPLENBQUMsUUFBUSxDQUFDLGtCQUFrQixDQUE0QjtJQUMvRCxPQUFPLENBQUMsUUFBUSxDQUFDLGFBQWEsQ0FBYTtJQUUzQyxZQUNFLEVBQUUsRUFBRSwwQkFBMEIsRUFDYixNQUFNLEVBQUUsdUJBQXVCLEVBa0JqRDtJQUVEOzs7Ozs7Ozs7Ozs7Ozs7O09BZ0JHO0lBQ0csa0JBQWtCLENBQ3RCLGdCQUFnQixFQUFFLFVBQVUsRUFDNUIsV0FBVyxFQUFFLFFBQVEsRUFDckIsT0FBTyxFQUFFLHlCQUF5QixFQUNsQyxNQUFNLEVBQUUsQ0FBQyxXQUFXLEVBQUUsUUFBUSxLQUFLLE9BQU8sQ0FBQyxTQUFTLENBQUMsR0FDcEQsT0FBTyxDQUFDLFNBQVMsQ0FBQyxDQStDcEI7SUFFRDs7T0FFRztJQUNILElBQUksTUFBTSxJQUFJLE1BQU0sQ0FFbkI7SUFFRDs7O09BR0c7SUFDRyxLQUFLLGtCQUVWO0lBRUQ7OztPQUdHO0lBQ0csSUFBSSxrQkFHVDtDQUNGIn0=
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidmFsaWRhdG9yX2hhX3NpZ25lci5kLnRzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL3ZhbGlkYXRvcl9oYV9zaWduZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7Ozs7OztHQU1HO0FBQ0gsT0FBTyxLQUFLLEVBQUUsUUFBUSxFQUFFLE1BQU0sMEJBQTBCLENBQUM7QUFDekQsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLCtCQUErQixDQUFDO0FBQzNELE9BQU8sS0FBSyxFQUFFLFNBQVMsRUFBRSxNQUFNLGlDQUFpQyxDQUFDO0FBRWpFLE9BQU8sS0FBSyxFQUFFLFlBQVksRUFBRSxNQUFNLHlCQUF5QixDQUFDO0FBQzVELE9BQU8sRUFDTCxLQUFLLGdCQUFnQixFQUVyQixLQUFLLHlCQUF5QixFQUUvQixNQUFNLDBCQUEwQixDQUFDO0FBR2xDLE9BQU8sS0FBSyxFQUFFLGVBQWUsRUFBRSxNQUFNLGNBQWMsQ0FBQztBQUVwRCxPQUFPLEtBQUssRUFBRSwwQkFBMEIsRUFBRSxNQUFNLFlBQVksQ0FBQztBQUU3RCxNQUFNLFdBQVcscUJBQXFCO0lBQ3BDLE9BQU8sRUFBRSxlQUFlLENBQUM7SUFDekIsWUFBWSxFQUFFLFlBQVksQ0FBQztDQUM1QjtBQUVEOzs7Ozs7Ozs7Ozs7Ozs7Ozs7R0FrQkc7QUFDSCxxQkFBYSxpQkFBaUI7SUFVMUIsT0FBTyxDQUFDLFFBQVEsQ0FBQyxNQUFNO0lBVHpCLE9BQU8sQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFTO0lBQzdCLE9BQU8sQ0FBQyxRQUFRLENBQUMsa0JBQWtCLENBQTRCO0lBQy9ELE9BQU8sQ0FBQyxRQUFRLENBQUMsYUFBYSxDQUFhO0lBRTNDLE9BQU8sQ0FBQyxRQUFRLENBQUMsWUFBWSxDQUFlO0lBQzVDLE9BQU8sQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFrQjtJQUUxQyxZQUNFLEVBQUUsRUFBRSwwQkFBMEIsRUFDYixNQUFNLEVBQUUsZ0JBQWdCLEVBQ3pDLElBQUksRUFBRSxxQkFBcUIsRUFtQjVCO0lBRUQ7Ozs7Ozs7Ozs7Ozs7Ozs7T0FnQkc7SUFDRyxrQkFBa0IsQ0FDdEIsZ0JBQWdCLEVBQUUsVUFBVSxFQUM1QixXQUFXLEVBQUUsUUFBUSxFQUNyQixPQUFPLEVBQUUseUJBQXlCLEVBQ2xDLE1BQU0sRUFBRSxDQUFDLFdBQVcsRUFBRSxRQUFRLEtBQUssT0FBTyxDQUFDLFNBQVMsQ0FBQyxHQUNwRCxPQUFPLENBQUMsU0FBUyxDQUFDLENBdURwQjtJQUVEOztPQUVHO0lBQ0gsSUFBSSxNQUFNLElBQUksTUFBTSxDQUVuQjtJQUVEOzs7T0FHRztJQUNHLEtBQUssa0JBRVY7SUFFRDs7O09BR0c7SUFDRyxJQUFJLGtCQUdUO0NBQ0YifQ==

package/dest/validator_ha_signer.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"validator_ha_signer.d.ts","sourceRoot":"","sources":["../src/validator_ha_signer.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAC3D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iCAAiC,CAAC;AAGjE,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAC;AAG3D,OAAO,EACL,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,EAEhC,MAAM,YAAY,CAAC;AAEpB;;;;;;;;;;;;;;;;;;GAkBG;AACH,qBAAa,iBAAiB;IAO1B,OAAO,CAAC,QAAQ,CAAC,MAAM;IANzB,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAS;IAC7B,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAA4B;IAC/D,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAa;IAE3C,YACE,EAAE,EAAE,0BAA0B,EACb,MAAM,EAAE,uBAAuB,EAkBjD;IAED;;;;;;;;;;;;;;;;OAgBG;IACG,kBAAkB,CACtB,gBAAgB,EAAE,UAAU,EAC5B,WAAW,EAAE,QAAQ,EACrB,OAAO,EAAE,yBAAyB,EAClC,MAAM,EAAE,CAAC,WAAW,EAAE,QAAQ,KAAK,OAAO,CAAC,SAAS,CAAC,GACpD,OAAO,CAAC,SAAS,CAAC,CA+CpB;IAED;;OAEG;IACH,IAAI,MAAM,IAAI,MAAM,CAEnB;IAED;;;OAGG;IACG,KAAK,kBAEV;IAED;;;OAGG;IACG,IAAI,kBAGT;CACF"}
+{"version":3,"file":"validator_ha_signer.d.ts","sourceRoot":"","sources":["../src/validator_ha_signer.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAC3D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iCAAiC,CAAC;AAEjE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EACL,KAAK,gBAAgB,EAErB,KAAK,yBAAyB,EAE/B,MAAM,0BAA0B,CAAC;AAGlC,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAEpD,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,YAAY,CAAC;AAE7D,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,eAAe,CAAC;IACzB,YAAY,EAAE,YAAY,CAAC;CAC5B;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,qBAAa,iBAAiB;IAU1B,OAAO,CAAC,QAAQ,CAAC,MAAM;IATzB,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAS;IAC7B,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAA4B;IAC/D,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAa;IAE3C,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAe;IAC5C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAkB;IAE1C,YACE,EAAE,EAAE,0BAA0B,EACb,MAAM,EAAE,gBAAgB,EACzC,IAAI,EAAE,qBAAqB,EAmB5B;IAED;;;;;;;;;;;;;;;;OAgBG;IACG,kBAAkB,CACtB,gBAAgB,EAAE,UAAU,EAC5B,WAAW,EAAE,QAAQ,EACrB,OAAO,EAAE,yBAAyB,EAClC,MAAM,EAAE,CAAC,WAAW,EAAE,QAAQ,KAAK,OAAO,CAAC,SAAS,CAAC,GACpD,OAAO,CAAC,SAAS,CAAC,CAuDpB;IAED;;OAEG;IACH,IAAI,MAAM,IAAI,MAAM,CAEnB;IAED;;;OAGG;IACG,KAAK,kBAEV;IAED;;;OAGG;IACG,IAAI,kBAGT;CACF"}

package/dest/validator_ha_signer.js

@@ -5,9 +5,8 @@
  * This ensures that even with multiple validator nodes running, only one
  * node will sign for a given duty (slot + duty type).
  */ import { createLogger } from '@aztec/foundation/log';
-import { DutyType } from './db/types.js';
+import { DutyType, getBlockNumberFromSigningContext } from '@aztec/stdlib/ha-signing';
 import { SlashingProtectionService } from './slashing_protection_service.js';
-import { getBlockNumberFromSigningContext } from './types.js';
 /**
  * Validator High Availability Signer
  *
@@ -31,18 +30,21 @@ import { getBlockNumberFromSigningContext } from './types.js';
     log;
     slashingProtection;
     rollupAddress;
-    constructor(db, config){
+    dateProvider;
+    metrics;
+    constructor(db, config, deps){
         this.config = config;
         this.log = createLogger('validator-ha-signer');
-        if (!config.haSigningEnabled) {
-            // this shouldn't happen, the validator should use different signer for non-HA setups
-            throw new Error('Validator HA Signer is not enabled in config');
-        }
+        this.metrics = deps.metrics;
+        this.dateProvider = deps.dateProvider;
         if (!config.nodeId || config.nodeId === '') {
             throw new Error('NODE_ID is required for high-availability setups');
         }
         this.rollupAddress = config.l1Contracts.rollupAddress;
-        this.slashingProtection = new SlashingProtectionService(db, config);
+        this.slashingProtection = new SlashingProtectionService(db, config, {
+            metrics: deps.metrics,
+            dateProvider: deps.dateProvider
+        });
         this.log.info('Validator HA Signer initialized with slashing protection', {
             nodeId: config.nodeId,
             rollupAddress: this.rollupAddress.toString()
@@ -65,6 +67,8 @@ import { getBlockNumberFromSigningContext } from './types.js';
    * @throws DutyAlreadySignedError if the duty was already signed (expected in HA)
    * @throws SlashingProtectionError if attempting to sign different data for same slot (expected in HA)
    */ async signWithProtection(validatorAddress, messageHash, context, signFn) {
+        const startTime = this.dateProvider.now();
+        const dutyType = context.dutyType;
         let dutyIdentifier;
         if (context.dutyType === DutyType.BLOCK_PROPOSAL) {
             dutyIdentifier = {
@@ -83,6 +87,7 @@ import { getBlockNumberFromSigningContext } from './types.js';
             };
         }
         // Acquire lock and get the token for ownership verification
+        // DutyAlreadySignedError and SlashingProtectionError may be thrown here and are recorded in the service
         const blockNumber = getBlockNumberFromSigningContext(context);
         const lockToken = await this.slashingProtection.checkAndRecord({
             ...dutyIdentifier,
@@ -100,6 +105,7 @@ import { getBlockNumberFromSigningContext } from './types.js';
                 ...dutyIdentifier,
                 lockToken
             });
+            this.metrics.recordSigningError(dutyType);
             throw error;
         }
         // Record success (only succeeds if we own the lock)
@@ -109,6 +115,8 @@ import { getBlockNumberFromSigningContext } from './types.js';
             nodeId: this.config.nodeId,
             lockToken
         });
+        const duration = this.dateProvider.now() - startTime;
+        this.metrics.recordSigningSuccess(dutyType, duration);
         return signature;
     }
     /**

package/package.json

@@ -1,24 +1,25 @@
 {
   "name": "@aztec/validator-ha-signer",
-  "version": "0.0.1-commit.7cf39cb55",
+  "version": "0.0.1-commit.7ffbba4",
   "type": "module",
   "exports": {
-    "./config": "./dest/config.js",
     "./db": "./dest/db/index.js",
     "./errors": "./dest/errors.js",
     "./factory": "./dest/factory.js",
+    "./metrics": "./dest/metrics.js",
     "./migrations": "./dest/migrations.js",
     "./slashing-protection-service": "./dest/slashing_protection_service.js",
     "./types": "./dest/types.js",
     "./validator-ha-signer": "./dest/validator_ha_signer.js",
-    "./test": "./dest/test/pglite_pool.js"
+    "./test": "./dest/test/pglite_pool.js",
+    "./db/lmdb": "./dest/db/lmdb.js"
   },
   "typedocOptions": {
     "entryPoints": [
-      "./src/config.ts",
       "./src/db/index.ts",
       "./src/errors.ts",
       "./src/factory.ts",
+      "./src/metrics.ts",
       "./src/migrations.ts",
       "./src/slashing_protection_service.ts",
       "./src/types.ts",
@@ -74,8 +75,11 @@
     ]
   },
   "dependencies": {
-    "@aztec/ethereum": "0.0.1-commit.7cf39cb55",
-    "@aztec/foundation": "0.0.1-commit.7cf39cb55",
+    "@aztec/ethereum": "0.0.1-commit.7ffbba4",
+    "@aztec/foundation": "0.0.1-commit.7ffbba4",
+    "@aztec/kv-store": "0.0.1-commit.7ffbba4",
+    "@aztec/stdlib": "0.0.1-commit.7ffbba4",
+    "@aztec/telemetry-client": "0.0.1-commit.7ffbba4",
     "node-pg-migrate": "^8.0.4",
     "pg": "^8.11.3",
     "tslib": "^2.4.0",

package/src/db/index.ts

@@ -1,3 +1,4 @@
 export * from './types.js';
 export * from './schema.js';
 export * from './postgres.js';
+export * from './lmdb.js';

package/src/db/lmdb.ts

@@ -0,0 +1,264 @@
+/**
+ * LMDB implementation of SlashingProtectionDatabase
+ *
+ * Provides local (single-node) double-signing protection using LMDB as the backend.
+ * Suitable for nodes that do NOT run in a high-availability multi-node setup.
+ *
+ * The LMDB store is single-writer, making setIfNotExists inherently atomic.
+ * This means we get crash-restart protection without needing an external database.
+ */
+import { SlotNumber } from '@aztec/foundation/branded-types';
+import { randomBytes } from '@aztec/foundation/crypto/random';
+import { EthAddress } from '@aztec/foundation/eth-address';
+import { type Logger, createLogger } from '@aztec/foundation/log';
+import type { DateProvider } from '@aztec/foundation/timer';
+import type { AztecAsyncKVStore, AztecAsyncMap } from '@aztec/kv-store';
+
+import type { SlashingProtectionDatabase, TryInsertOrGetResult } from '../types.js';
+import {
+  type CheckAndRecordParams,
+  DutyStatus,
+  DutyType,
+  type StoredDutyRecord,
+  getBlockIndexFromDutyIdentifier,
+  recordFromFields,
+} from './types.js';
+
+function dutyKey(
+  rollupAddress: string,
+  validatorAddress: string,
+  slot: string,
+  dutyType: string,
+  blockIndexWithinCheckpoint: number,
+): string {
+  return `${rollupAddress}:${validatorAddress}:${slot}:${dutyType}:${blockIndexWithinCheckpoint}`;
+}
+
+/**
+ * LMDB-backed implementation of SlashingProtectionDatabase.
+ *
+ * Provides single-node double-signing protection that survives crashes and restarts.
+ * Does not provide cross-node coordination (that requires the PostgreSQL implementation).
+ */
+export class LmdbSlashingProtectionDatabase implements SlashingProtectionDatabase {
+  public static readonly SCHEMA_VERSION = 1;
+
+  private readonly duties: AztecAsyncMap<string, StoredDutyRecord>;
+  private readonly log: Logger;
+
+  constructor(
+    private readonly store: AztecAsyncKVStore,
+    private readonly dateProvider: DateProvider,
+  ) {
+    this.log = createLogger('slashing-protection:lmdb');
+    this.duties = store.openMap<string, StoredDutyRecord>('signing-protection-duties');
+  }
+
+  /**
+   * Atomically try to insert a new duty record, or get the existing one if present.
+   *
+   * LMDB is single-writer so the read-then-write inside transactionAsync is naturally atomic.
+   */
+  public async tryInsertOrGetExisting(params: CheckAndRecordParams): Promise<TryInsertOrGetResult> {
+    const blockIndexWithinCheckpoint = getBlockIndexFromDutyIdentifier(params);
+    const key = dutyKey(
+      params.rollupAddress.toString(),
+      params.validatorAddress.toString(),
+      params.slot.toString(),
+      params.dutyType,
+      blockIndexWithinCheckpoint,
+    );
+
+    const lockToken = randomBytes(16).toString('hex');
+    const now = this.dateProvider.now();
+
+    const result = await this.store.transactionAsync(async () => {
+      const existing = await this.duties.getAsync(key);
+      if (existing) {
+        return { isNew: false as const, record: { ...existing, lockToken: '' } };
+      }
+
+      const newRecord: StoredDutyRecord = {
+        rollupAddress: params.rollupAddress.toString(),
+        validatorAddress: params.validatorAddress.toString(),
+        slot: params.slot.toString(),
+        blockNumber: params.blockNumber.toString(),
+        blockIndexWithinCheckpoint,
+        dutyType: params.dutyType,
+        status: DutyStatus.SIGNING,
+        messageHash: params.messageHash,
+        nodeId: params.nodeId,
+        lockToken,
+        startedAtMs: now,
+      };
+      await this.duties.set(key, newRecord);
+      return { isNew: true as const, record: newRecord };
+    });
+
+    if (result.isNew) {
+      this.log.debug(`Acquired lock for duty ${params.dutyType} at slot ${params.slot}`, {
+        validatorAddress: params.validatorAddress.toString(),
+        nodeId: params.nodeId,
+      });
+    }
+
+    return { isNew: result.isNew, record: recordFromFields(result.record) };
+  }
+
+  /**
+   * Update a duty to 'signed' status with the signature.
+   * Only succeeds if the lockToken matches.
+   */
+  public updateDutySigned(
+    rollupAddress: EthAddress,
+    validatorAddress: EthAddress,
+    slot: SlotNumber,
+    dutyType: DutyType,
+    signature: string,
+    lockToken: string,
+    blockIndexWithinCheckpoint: number,
+  ): Promise<boolean> {
+    const key = dutyKey(
+      rollupAddress.toString(),
+      validatorAddress.toString(),
+      slot.toString(),
+      dutyType,
+      blockIndexWithinCheckpoint,
+    );
+
+    return this.store.transactionAsync(async () => {
+      const existing = await this.duties.getAsync(key);
+      if (!existing) {
+        this.log.warn('Failed to update duty to signed: duty not found', {
+          rollupAddress: rollupAddress.toString(),
+          validatorAddress: validatorAddress.toString(),
+          slot: slot.toString(),
+          dutyType,
+          blockIndexWithinCheckpoint,
+        });
+        return false;
+      }
+
+      if (existing.lockToken !== lockToken) {
+        this.log.warn('Failed to update duty to signed: invalid token', {
+          rollupAddress: rollupAddress.toString(),
+          validatorAddress: validatorAddress.toString(),
+          slot: slot.toString(),
+          dutyType,
+          blockIndexWithinCheckpoint,
+        });
+        return false;
+      }
+
+      await this.duties.set(key, {
+        ...existing,
+        status: DutyStatus.SIGNED,
+        signature,
+        completedAtMs: this.dateProvider.now(),
+      });
+
+      return true;
+    });
+  }
+
+  /**
+   * Delete a duty record.
+   * Only succeeds if the lockToken matches.
+   */
+  public deleteDuty(
+    rollupAddress: EthAddress,
+    validatorAddress: EthAddress,
+    slot: SlotNumber,
+    dutyType: DutyType,
+    lockToken: string,
+    blockIndexWithinCheckpoint: number,
+  ): Promise<boolean> {
+    const key = dutyKey(
+      rollupAddress.toString(),
+      validatorAddress.toString(),
+      slot.toString(),
+      dutyType,
+      blockIndexWithinCheckpoint,
+    );
+
+    return this.store.transactionAsync(async () => {
+      const existing = await this.duties.getAsync(key);
+      if (!existing || existing.lockToken !== lockToken) {
+        this.log.warn('Failed to delete duty: invalid token or duty not found', {
+          rollupAddress: rollupAddress.toString(),
+          validatorAddress: validatorAddress.toString(),
+          slot: slot.toString(),
+          dutyType,
+          blockIndexWithinCheckpoint,
+        });
+        return false;
+      }
+
+      await this.duties.delete(key);
+      return true;
+    });
+  }
+
+  /**
+   * Cleanup own stuck duties (SIGNING status older than maxAgeMs).
+   */
+  public cleanupOwnStuckDuties(nodeId: string, maxAgeMs: number): Promise<number> {
+    const cutoffMs = this.dateProvider.now() - maxAgeMs;
+
+    return this.store.transactionAsync(async () => {
+      const keysToDelete: string[] = [];
+      for await (const [key, record] of this.duties.entriesAsync()) {
+        if (record.nodeId === nodeId && record.status === DutyStatus.SIGNING && record.startedAtMs < cutoffMs) {
+          keysToDelete.push(key);
+        }
+      }
+      for (const key of keysToDelete) {
+        await this.duties.delete(key);
+      }
+      return keysToDelete.length;
+    });
+  }
+
+  /**
+   * Cleanup duties with outdated rollup address.
+   *
+   * This is always a no-op for the LMDB implementation: the underlying store is created via
+   * DatabaseVersionManager (in factory.ts), which already resets the entire data directory at
+   * startup whenever the rollup address changes.
+   */
+  public cleanupOutdatedRollupDuties(_currentRollupAddress: EthAddress): Promise<number> {
+    return Promise.resolve(0);
+  }
+
+  /**
+   * Cleanup old signed duties older than maxAgeMs.
+   */
+  public cleanupOldDuties(maxAgeMs: number): Promise<number> {
+    const cutoffMs = this.dateProvider.now() - maxAgeMs;
+
+    return this.store.transactionAsync(async () => {
+      const keysToDelete: string[] = [];
+      for await (const [key, record] of this.duties.entriesAsync()) {
+        if (
+          record.status === DutyStatus.SIGNED &&
+          record.completedAtMs !== undefined &&
+          record.completedAtMs < cutoffMs
+        ) {
+          keysToDelete.push(key);
+        }
+      }
+      for (const key of keysToDelete) {
+        await this.duties.delete(key);
+      }
+      return keysToDelete.length;
+    });
+  }
+
+  /**
+   * Close the underlying LMDB store.
+   */
+  public async close(): Promise<void> {
+    await this.store.close();
+    this.log.debug('LMDB slashing protection database closed');
+  }
+}

package/src/db/postgres.ts

@@ -1,7 +1,7 @@
 /**
  * PostgreSQL implementation of SlashingProtectionDatabase
  */
-import { BlockNumber, SlotNumber } from '@aztec/foundation/branded-types';
+import { SlotNumber } from '@aztec/foundation/branded-types';
 import { randomBytes } from '@aztec/foundation/crypto/random';
 import { EthAddress } from '@aztec/foundation/eth-address';
 import { type Logger, createLogger } from '@aztec/foundation/log';
@@ -20,7 +20,7 @@ import {
   UPDATE_DUTY_SIGNED,
 } from './schema.js';
 import type { CheckAndRecordParams, DutyRow, DutyType, InsertOrGetRow, ValidatorDutyRecord } from './types.js';
-import { getBlockIndexFromDutyIdentifier } from './types.js';
+import { getBlockIndexFromDutyIdentifier, recordFromFields } from './types.js';
 
 /**
  * Minimal pool interface for database operations.
@@ -220,14 +220,16 @@ export class PostgresSlashingProtectionDatabase implements SlashingProtectionDat
   }
 
   /**
-   * Convert a database row to a ValidatorDutyRecord
+   * Convert a database row to a ValidatorDutyRecord.
+   * Maps snake_case column names to StoredDutyRecord (camelCase, ms timestamps),
+   * then delegates to the shared recordFromFields() converter.
    */
   private rowToRecord(row: DutyRow): ValidatorDutyRecord {
-    return {
-      rollupAddress: EthAddress.fromString(row.rollup_address),
-      validatorAddress: EthAddress.fromString(row.validator_address),
-      slot: SlotNumber.fromString(row.slot),
-      blockNumber: BlockNumber.fromString(row.block_number),
+    return recordFromFields({
+      rollupAddress: row.rollup_address,
+      validatorAddress: row.validator_address,
+      slot: row.slot,
+      blockNumber: row.block_number,
       blockIndexWithinCheckpoint: row.block_index_within_checkpoint,
       dutyType: row.duty_type,
       status: row.status,
@@ -235,10 +237,10 @@ export class PostgresSlashingProtectionDatabase implements SlashingProtectionDat
       signature: row.signature ?? undefined,
       nodeId: row.node_id,
       lockToken: row.lock_token,
-      startedAt: row.started_at,
-      completedAt: row.completed_at ?? undefined,
+      startedAtMs: row.started_at.getTime(),
+      completedAtMs: row.completed_at?.getTime(),
       errorMessage: row.error_message ?? undefined,
-    };
+    });
   }
 
   /**
@@ -254,8 +256,7 @@ export class PostgresSlashingProtectionDatabase implements SlashingProtectionDat
    * @returns the number of duties cleaned up
    */
   async cleanupOwnStuckDuties(nodeId: string, maxAgeMs: number): Promise<number> {
-    const cutoff = new Date(Date.now() - maxAgeMs);
-    const result = await this.pool.query(CLEANUP_OWN_STUCK_DUTIES, [nodeId, cutoff]);
+    const result = await this.pool.query(CLEANUP_OWN_STUCK_DUTIES, [nodeId, maxAgeMs]);
     return result.rowCount ?? 0;
   }
 
@@ -277,8 +278,7 @@ export class PostgresSlashingProtectionDatabase implements SlashingProtectionDat
    * @returns the number of duties cleaned up
    */
   async cleanupOldDuties(maxAgeMs: number): Promise<number> {
-    const cutoff = new Date(Date.now() - maxAgeMs);
-    const result = await this.pool.query(CLEANUP_OLD_DUTIES, [cutoff]);
+    const result = await this.pool.query(CLEANUP_OLD_DUTIES, [maxAgeMs]);
     return result.rowCount ?? 0;
   }
 }

package/src/db/schema.ts

@@ -203,23 +203,24 @@ WHERE status = 'signed'
 
 /**
  * Query to clean up old duties (for maintenance)
- * Removes SIGNED duties older than a specified timestamp
+ * Removes SIGNED duties older than a specified age (in milliseconds)
  */
 export const CLEANUP_OLD_DUTIES = `
 DELETE FROM validator_duties
 WHERE status = 'signed'
-  AND started_at < $1;
+  AND started_at < CURRENT_TIMESTAMP - ($1 || ' milliseconds')::INTERVAL;
 `;
 
 /**
  * Query to cleanup own stuck duties
  * Removes duties in 'signing' status for a specific node that are older than maxAgeMs
+ * Uses DB's CURRENT_TIMESTAMP to avoid clock skew issues between nodes
  */
 export const CLEANUP_OWN_STUCK_DUTIES = `
 DELETE FROM validator_duties
 WHERE node_id = $1
   AND status = 'signing'
-  AND started_at < $2;
+  AND started_at < CURRENT_TIMESTAMP - ($2 || ' milliseconds')::INTERVAL;
 `;
 
 /**

package/src/db/types.ts

@@ -1,6 +1,12 @@
-import type { BlockNumber, CheckpointNumber, IndexWithinCheckpoint, SlotNumber } from '@aztec/foundation/branded-types';
-import type { EthAddress } from '@aztec/foundation/eth-address';
+import {
+  BlockNumber,
+  type CheckpointNumber,
+  type IndexWithinCheckpoint,
+  SlotNumber,
+} from '@aztec/foundation/branded-types';
+import { EthAddress } from '@aztec/foundation/eth-address';
 import type { Signature } from '@aztec/foundation/eth-signature';
+import { DutyType } from '@aztec/stdlib/ha-signing';
 
 /**
  * Row type from PostgreSQL query
@@ -23,24 +29,34 @@ export interface DutyRow {
 }
 
 /**
- * Row type from INSERT_OR_GET_DUTY query (includes is_new flag)
+ * Plain-primitive representation of a duty record suitable for serialization
+ * (e.g. msgpackr for LMDB). All domain types are stored as their string/number
+ * equivalents. Timestamps are Unix milliseconds.
  */
-export interface InsertOrGetRow extends DutyRow {
-  is_new: boolean;
+export interface StoredDutyRecord {
+  rollupAddress: string;
+  validatorAddress: string;
+  slot: string;
+  blockNumber: string;
+  blockIndexWithinCheckpoint: number;
+  dutyType: DutyType;
+  status: DutyStatus;
+  messageHash: string;
+  signature?: string;
+  nodeId: string;
+  lockToken: string;
+  /** Unix timestamp in milliseconds when signing started */
+  startedAtMs: number;
+  /** Unix timestamp in milliseconds when signing completed */
+  completedAtMs?: number;
+  errorMessage?: string;
 }
 
 /**
- * Type of validator duty being performed
+ * Row type from INSERT_OR_GET_DUTY query (includes is_new flag)
  */
-export enum DutyType {
-  BLOCK_PROPOSAL = 'BLOCK_PROPOSAL',
-  CHECKPOINT_PROPOSAL = 'CHECKPOINT_PROPOSAL',
-  ATTESTATION = 'ATTESTATION',
-  ATTESTATIONS_AND_SIGNERS = 'ATTESTATIONS_AND_SIGNERS',
-  GOVERNANCE_VOTE = 'GOVERNANCE_VOTE',
-  SLASHING_VOTE = 'SLASHING_VOTE',
-  AUTH_REQUEST = 'AUTH_REQUEST',
-  TXS = 'TXS',
+export interface InsertOrGetRow extends DutyRow {
+  is_new: boolean;
 }
 
 /**
@@ -51,8 +67,12 @@ export enum DutyStatus {
   SIGNED = 'signed',
 }
 
+// Re-export DutyType from stdlib
+export { DutyType };
+
 /**
- * Record of a validator duty in the database
+ * Rich representation of a validator duty, with branded types and Date objects.
+ * This is the common output type returned by all SlashingProtectionDatabase implementations.
  */
 export interface ValidatorDutyRecord {
   /** Ethereum address of the rollup contract */
@@ -85,6 +105,31 @@ export interface ValidatorDutyRecord {
   errorMessage?: string;
 }
 
+/**
+ * Convert a {@link StoredDutyRecord} (plain-primitive wire format) to a
+ * {@link ValidatorDutyRecord} (rich domain type).
+ *
+ * Shared by LMDB and any future non-Postgres backend implementations.
+ */
+export function recordFromFields(stored: StoredDutyRecord): ValidatorDutyRecord {
+  return {
+    rollupAddress: EthAddress.fromString(stored.rollupAddress),
+    validatorAddress: EthAddress.fromString(stored.validatorAddress),
+    slot: SlotNumber.fromString(stored.slot),
+    blockNumber: BlockNumber.fromString(stored.blockNumber),
+    blockIndexWithinCheckpoint: stored.blockIndexWithinCheckpoint,
+    dutyType: stored.dutyType,
+    status: stored.status,
+    messageHash: stored.messageHash,
+    signature: stored.signature,
+    nodeId: stored.nodeId,
+    lockToken: stored.lockToken,
+    startedAt: new Date(stored.startedAtMs),
+    completedAt: stored.completedAtMs !== undefined ? new Date(stored.completedAtMs) : undefined,
+    errorMessage: stored.errorMessage,
+  };
+}
+
 /**
  * Duty identifier for block proposals.
  * blockIndexWithinCheckpoint is REQUIRED and must be >= 0.