@aztec/validator-ha-signer 0.0.1-commit.7d4e6cd → 0.0.1-commit.7ffbba4

package/src/validator_ha_signer.ts

@@ -6,13 +6,26 @@
  * node will sign for a given duty (slot + duty type).
  */
 import type { Buffer32 } from '@aztec/foundation/buffer';
-import type { EthAddress } from '@aztec/foundation/eth-address';
+import { EthAddress } from '@aztec/foundation/eth-address';
 import type { Signature } from '@aztec/foundation/eth-signature';
 import { type Logger, createLogger } from '@aztec/foundation/log';
+import type { DateProvider } from '@aztec/foundation/timer';
+import {
+  type BaseSignerConfig,
+  DutyType,
+  type HAProtectedSigningContext,
+  getBlockNumberFromSigningContext,
+} from '@aztec/stdlib/ha-signing';
 
-import type { CreateHASignerConfig } from './config.js';
+import type { DutyIdentifier } from './db/types.js';
+import type { HASignerMetrics } from './metrics.js';
 import { SlashingProtectionService } from './slashing_protection_service.js';
-import type { SigningContext, SlashingProtectionDatabase } from './types.js';
+import type { SlashingProtectionDatabase } from './types.js';
+
+export interface ValidatorHASignerDeps {
+  metrics: HASignerMetrics;
+  dateProvider: DateProvider;
+}
 
 /**
  * Validator High Availability Signer
@@ -35,25 +48,33 @@ import type { SigningContext, SlashingProtectionDatabase } from './types.js';
  */
 export class ValidatorHASigner {
   private readonly log: Logger;
-  private readonly slashingProtection: SlashingProtectionService | undefined;
+  private readonly slashingProtection: SlashingProtectionService;
+  private readonly rollupAddress: EthAddress;
+
+  private readonly dateProvider: DateProvider;
+  private readonly metrics: HASignerMetrics;
 
   constructor(
     db: SlashingProtectionDatabase,
-    private readonly config: CreateHASignerConfig,
+    private readonly config: BaseSignerConfig,
+    deps: ValidatorHASignerDeps,
   ) {
     this.log = createLogger('validator-ha-signer');
 
-    if (!config.enabled) {
-      // this shouldn't happen, the validator should use different signer for non-HA setups
-      throw new Error('Validator HA Signer is not enabled in config');
-    }
+    this.metrics = deps.metrics;
+    this.dateProvider = deps.dateProvider;
 
     if (!config.nodeId || config.nodeId === '') {
       throw new Error('NODE_ID is required for high-availability setups');
     }
-    this.slashingProtection = new SlashingProtectionService(db, config);
+    this.rollupAddress = config.l1Contracts.rollupAddress;
+    this.slashingProtection = new SlashingProtectionService(db, config, {
+      metrics: deps.metrics,
+      dateProvider: deps.dateProvider,
+    });
     this.log.info('Validator HA Signer initialized with slashing protection', {
       nodeId: config.nodeId,
+      rollupAddress: this.rollupAddress.toString(),
     });
   }
 
@@ -67,7 +88,7 @@ export class ValidatorHASigner {
    *
    * @param validatorAddress - The validator's Ethereum address
    * @param messageHash - The hash to be signed
-   * @param context - The signing context (slot, block number, duty type)
+   * @param context - The signing context (HA-protected duty types only)
    * @param signFn - Function that performs the actual signing
    * @returns The signature
    *
@@ -77,29 +98,36 @@ export class ValidatorHASigner {
   async signWithProtection(
     validatorAddress: EthAddress,
     messageHash: Buffer32,
-    context: SigningContext,
+    context: HAProtectedSigningContext,
     signFn: (messageHash: Buffer32) => Promise<Signature>,
   ): Promise<Signature> {
-    // If slashing protection is disabled, just sign directly
-    if (!this.slashingProtection) {
-      this.log.info('Signing without slashing protection enabled', {
-        validatorAddress: validatorAddress.toString(),
-        nodeId: this.config.nodeId,
+    const startTime = this.dateProvider.now();
+    const dutyType = context.dutyType;
+
+    let dutyIdentifier: DutyIdentifier;
+    if (context.dutyType === DutyType.BLOCK_PROPOSAL) {
+      dutyIdentifier = {
+        rollupAddress: this.rollupAddress,
+        validatorAddress,
+        slot: context.slot,
+        blockIndexWithinCheckpoint: context.blockIndexWithinCheckpoint,
         dutyType: context.dutyType,
+      };
+    } else {
+      dutyIdentifier = {
+        rollupAddress: this.rollupAddress,
+        validatorAddress,
         slot: context.slot,
-        blockNumber: context.blockNumber,
-      });
-      return await signFn(messageHash);
+        dutyType: context.dutyType,
+      };
     }
 
-    const { slot, blockNumber, dutyType } = context;
-
     // Acquire lock and get the token for ownership verification
+    // DutyAlreadySignedError and SlashingProtectionError may be thrown here and are recorded in the service
+    const blockNumber = getBlockNumberFromSigningContext(context);
     const lockToken = await this.slashingProtection.checkAndRecord({
-      validatorAddress,
-      slot,
+      ...dutyIdentifier,
       blockNumber,
-      dutyType,
       messageHash: messageHash.toString(),
       nodeId: this.config.nodeId,
     });
@@ -110,33 +138,23 @@ export class ValidatorHASigner {
       signature = await signFn(messageHash);
     } catch (error: any) {
       // Delete duty to allow retry (only succeeds if we own the lock)
-      await this.slashingProtection.deleteDuty({
-        validatorAddress,
-        slot,
-        dutyType,
-        lockToken,
-      });
+      await this.slashingProtection.deleteDuty({ ...dutyIdentifier, lockToken });
+      this.metrics.recordSigningError(dutyType);
       throw error;
     }
 
     // Record success (only succeeds if we own the lock)
     await this.slashingProtection.recordSuccess({
-      validatorAddress,
-      slot,
-      dutyType,
+      ...dutyIdentifier,
       signature,
       nodeId: this.config.nodeId,
       lockToken,
     });
 
-    return signature;
-  }
+    const duration = this.dateProvider.now() - startTime;
+    this.metrics.recordSigningSuccess(dutyType, duration);
 
-  /**
-   * Check if slashing protection is enabled
-   */
-  get isEnabled(): boolean {
-    return this.slashingProtection !== undefined;
+    return signature;
   }
 
   /**
@@ -150,15 +168,16 @@ export class ValidatorHASigner {
    * Start the HA signer background tasks (cleanup of stuck duties).
    * Should be called after construction and before signing operations.
    */
-  start() {
-    this.slashingProtection?.start();
+  async start() {
+    await this.slashingProtection.start();
   }
 
   /**
-   * Stop the HA signer background tasks.
+   * Stop the HA signer background tasks and close database connection.
    * Should be called during graceful shutdown.
    */
   async stop() {
-    await this.slashingProtection?.stop();
+    await this.slashingProtection.stop();
+    await this.slashingProtection.close();
   }
 }

package/dest/config.d.ts

@@ -1,47 +0,0 @@
-import { type ConfigMappingsType } from '@aztec/foundation/config';
-/**
- * Configuration for the slashing protection service
- */
-export interface SlashingProtectionConfig {
-    /** Whether slashing protection is enabled */
-    enabled: boolean;
-    /** Unique identifier for this node */
-    nodeId: string;
-    /** How long to wait between polls when a duty is being signed (ms) */
-    pollingIntervalMs: number;
-    /** Maximum time to wait for a duty being signed to complete (ms) */
-    signingTimeoutMs: number;
-    /** Maximum age of a stuck duty in ms */
-    maxStuckDutiesAgeMs: number;
-}
-export declare const slashingProtectionConfigMappings: ConfigMappingsType<SlashingProtectionConfig>;
-export declare const defaultSlashingProtectionConfig: SlashingProtectionConfig;
-/**
- * Configuration for creating an HA signer with PostgreSQL backend
- */
-export interface CreateHASignerConfig extends SlashingProtectionConfig {
-    /**
-     * PostgreSQL connection string
-     * Format: postgresql://user:password@host:port/database
-     */
-    databaseUrl: string;
-    /**
-     * PostgreSQL connection pool configuration
-     */
-    /** Maximum number of clients in the pool (default: 10) */
-    poolMaxCount?: number;
-    /** Minimum number of clients in the pool (default: 0) */
-    poolMinCount?: number;
-    /** Idle timeout in milliseconds (default: 10000) */
-    poolIdleTimeoutMs?: number;
-    /** Connection timeout in milliseconds (default: 0, no timeout) */
-    poolConnectionTimeoutMs?: number;
-}
-export declare const createHASignerConfigMappings: ConfigMappingsType<CreateHASignerConfig>;
-/**
- * Returns the validator HA signer configuration from environment variables.
- * Note: If an environment variable is not set, the default value is used.
- * @returns The validator HA signer configuration.
- */
-export declare function getConfigEnvVars(): CreateHASignerConfig;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29uZmlnLmQudHMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvY29uZmlnLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFDTCxLQUFLLGtCQUFrQixFQUt4QixNQUFNLDBCQUEwQixDQUFDO0FBRWxDOztHQUVHO0FBQ0gsTUFBTSxXQUFXLHdCQUF3QjtJQUN2Qyw2Q0FBNkM7SUFDN0MsT0FBTyxFQUFFLE9BQU8sQ0FBQztJQUNqQixzQ0FBc0M7SUFDdEMsTUFBTSxFQUFFLE1BQU0sQ0FBQztJQUNmLHNFQUFzRTtJQUN0RSxpQkFBaUIsRUFBRSxNQUFNLENBQUM7SUFDMUIsb0VBQW9FO0lBQ3BFLGdCQUFnQixFQUFFLE1BQU0sQ0FBQztJQUN6Qix3Q0FBd0M7SUFDeEMsbUJBQW1CLEVBQUUsTUFBTSxDQUFDO0NBQzdCO0FBRUQsZUFBTyxNQUFNLGdDQUFnQyxFQUFFLGtCQUFrQixDQUFDLHdCQUF3QixDQTJCekYsQ0FBQztBQUVGLGVBQU8sTUFBTSwrQkFBK0IsRUFBRSx3QkFFN0MsQ0FBQztBQUVGOztHQUVHO0FBQ0gsTUFBTSxXQUFXLG9CQUFxQixTQUFRLHdCQUF3QjtJQUNwRTs7O09BR0c7SUFDSCxXQUFXLEVBQUUsTUFBTSxDQUFDO0lBQ3BCOztPQUVHO0lBQ0gsMERBQTBEO0lBQzFELFlBQVksQ0FBQyxFQUFFLE1BQU0sQ0FBQztJQUN0Qix5REFBeUQ7SUFDekQsWUFBWSxDQUFDLEVBQUUsTUFBTSxDQUFDO0lBQ3RCLG9EQUFvRDtJQUNwRCxpQkFBaUIsQ0FBQyxFQUFFLE1BQU0sQ0FBQztJQUMzQixrRUFBa0U7SUFDbEUsdUJBQXVCLENBQUMsRUFBRSxNQUFNLENBQUM7Q0FDbEM7QUFFRCxlQUFPLE1BQU0sNEJBQTRCLEVBQUUsa0JBQWtCLENBQUMsb0JBQW9CLENBMkJqRixDQUFDO0FBRUY7Ozs7R0FJRztBQUNILHdCQUFnQixnQkFBZ0IsSUFBSSxvQkFBb0IsQ0FFdkQifQ==

package/dest/config.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,kBAAkB,EAKxB,MAAM,0BAA0B,CAAC;AAElC;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,6CAA6C;IAC7C,OAAO,EAAE,OAAO,CAAC;IACjB,sCAAsC;IACtC,MAAM,EAAE,MAAM,CAAC;IACf,sEAAsE;IACtE,iBAAiB,EAAE,MAAM,CAAC;IAC1B,oEAAoE;IACpE,gBAAgB,EAAE,MAAM,CAAC;IACzB,wCAAwC;IACxC,mBAAmB,EAAE,MAAM,CAAC;CAC7B;AAED,eAAO,MAAM,gCAAgC,EAAE,kBAAkB,CAAC,wBAAwB,CA2BzF,CAAC;AAEF,eAAO,MAAM,+BAA+B,EAAE,wBAE7C,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,oBAAqB,SAAQ,wBAAwB;IACpE;;;OAGG;IACH,WAAW,EAAE,MAAM,CAAC;IACpB;;OAEG;IACH,0DAA0D;IAC1D,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,yDAAyD;IACzD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,oDAAoD;IACpD,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,kEAAkE;IAClE,uBAAuB,CAAC,EAAE,MAAM,CAAC;CAClC;AAED,eAAO,MAAM,4BAA4B,EAAE,kBAAkB,CAAC,oBAAoB,CA2BjF,CAAC;AAEF;;;;GAIG;AACH,wBAAgB,gBAAgB,IAAI,oBAAoB,CAEvD"}

package/dest/config.js

@@ -1,64 +0,0 @@
-import { booleanConfigHelper, getConfigFromMappings, getDefaultConfig, numberConfigHelper } from '@aztec/foundation/config';
-export const slashingProtectionConfigMappings = {
-    enabled: {
-        env: 'SLASHING_PROTECTION_ENABLED',
-        description: 'Whether slashing protection is enabled',
-        ...booleanConfigHelper(true)
-    },
-    nodeId: {
-        env: 'SLASHING_PROTECTION_NODE_ID',
-        description: 'The unique identifier for this node',
-        defaultValue: ''
-    },
-    pollingIntervalMs: {
-        env: 'SLASHING_PROTECTION_POLLING_INTERVAL_MS',
-        description: 'The number of ms to wait between polls when a duty is being signed',
-        ...numberConfigHelper(100)
-    },
-    signingTimeoutMs: {
-        env: 'SLASHING_PROTECTION_SIGNING_TIMEOUT_MS',
-        description: 'The maximum time to wait for a duty being signed to complete',
-        ...numberConfigHelper(3_000)
-    },
-    maxStuckDutiesAgeMs: {
-        env: 'SLASHING_PROTECTION_MAX_STUCK_DUTIES_AGE_MS',
-        description: 'The maximum age of a stuck duty in ms',
-        // hard-coding at current 2 slot duration. This should be set by the validator on init
-        ...numberConfigHelper(72_000)
-    }
-};
-export const defaultSlashingProtectionConfig = getDefaultConfig(slashingProtectionConfigMappings);
-export const createHASignerConfigMappings = {
-    ...slashingProtectionConfigMappings,
-    databaseUrl: {
-        env: 'VALIDATOR_HA_DATABASE_URL',
-        description: 'PostgreSQL connection string for validator HA signer (format: postgresql://user:password@host:port/database)'
-    },
-    poolMaxCount: {
-        env: 'VALIDATOR_HA_POOL_MAX',
-        description: 'Maximum number of clients in the pool',
-        ...numberConfigHelper(10)
-    },
-    poolMinCount: {
-        env: 'VALIDATOR_HA_POOL_MIN',
-        description: 'Minimum number of clients in the pool',
-        ...numberConfigHelper(0)
-    },
-    poolIdleTimeoutMs: {
-        env: 'VALIDATOR_HA_POOL_IDLE_TIMEOUT_MS',
-        description: 'Idle timeout in milliseconds',
-        ...numberConfigHelper(10_000)
-    },
-    poolConnectionTimeoutMs: {
-        env: 'VALIDATOR_HA_POOL_CONNECTION_TIMEOUT_MS',
-        description: 'Connection timeout in milliseconds (0 means no timeout)',
-        ...numberConfigHelper(0)
-    }
-};
-/**
- * Returns the validator HA signer configuration from environment variables.
- * Note: If an environment variable is not set, the default value is used.
- * @returns The validator HA signer configuration.
- */ export function getConfigEnvVars() {
-    return getConfigFromMappings(createHASignerConfigMappings);
-}

package/src/config.ts

@@ -1,116 +0,0 @@
-import {
-  type ConfigMappingsType,
-  booleanConfigHelper,
-  getConfigFromMappings,
-  getDefaultConfig,
-  numberConfigHelper,
-} from '@aztec/foundation/config';
-
-/**
- * Configuration for the slashing protection service
- */
-export interface SlashingProtectionConfig {
-  /** Whether slashing protection is enabled */
-  enabled: boolean;
-  /** Unique identifier for this node */
-  nodeId: string;
-  /** How long to wait between polls when a duty is being signed (ms) */
-  pollingIntervalMs: number;
-  /** Maximum time to wait for a duty being signed to complete (ms) */
-  signingTimeoutMs: number;
-  /** Maximum age of a stuck duty in ms */
-  maxStuckDutiesAgeMs: number;
-}
-
-export const slashingProtectionConfigMappings: ConfigMappingsType<SlashingProtectionConfig> = {
-  enabled: {
-    env: 'SLASHING_PROTECTION_ENABLED',
-    description: 'Whether slashing protection is enabled',
-    ...booleanConfigHelper(true),
-  },
-  nodeId: {
-    env: 'SLASHING_PROTECTION_NODE_ID',
-    description: 'The unique identifier for this node',
-    defaultValue: '',
-  },
-  pollingIntervalMs: {
-    env: 'SLASHING_PROTECTION_POLLING_INTERVAL_MS',
-    description: 'The number of ms to wait between polls when a duty is being signed',
-    ...numberConfigHelper(100),
-  },
-  signingTimeoutMs: {
-    env: 'SLASHING_PROTECTION_SIGNING_TIMEOUT_MS',
-    description: 'The maximum time to wait for a duty being signed to complete',
-    ...numberConfigHelper(3_000),
-  },
-  maxStuckDutiesAgeMs: {
-    env: 'SLASHING_PROTECTION_MAX_STUCK_DUTIES_AGE_MS',
-    description: 'The maximum age of a stuck duty in ms',
-    // hard-coding at current 2 slot duration. This should be set by the validator on init
-    ...numberConfigHelper(72_000),
-  },
-};
-
-export const defaultSlashingProtectionConfig: SlashingProtectionConfig = getDefaultConfig(
-  slashingProtectionConfigMappings,
-);
-
-/**
- * Configuration for creating an HA signer with PostgreSQL backend
- */
-export interface CreateHASignerConfig extends SlashingProtectionConfig {
-  /**
-   * PostgreSQL connection string
-   * Format: postgresql://user:password@host:port/database
-   */
-  databaseUrl: string;
-  /**
-   * PostgreSQL connection pool configuration
-   */
-  /** Maximum number of clients in the pool (default: 10) */
-  poolMaxCount?: number;
-  /** Minimum number of clients in the pool (default: 0) */
-  poolMinCount?: number;
-  /** Idle timeout in milliseconds (default: 10000) */
-  poolIdleTimeoutMs?: number;
-  /** Connection timeout in milliseconds (default: 0, no timeout) */
-  poolConnectionTimeoutMs?: number;
-}
-
-export const createHASignerConfigMappings: ConfigMappingsType<CreateHASignerConfig> = {
-  ...slashingProtectionConfigMappings,
-  databaseUrl: {
-    env: 'VALIDATOR_HA_DATABASE_URL',
-    description:
-      'PostgreSQL connection string for validator HA signer (format: postgresql://user:password@host:port/database)',
-  },
-  poolMaxCount: {
-    env: 'VALIDATOR_HA_POOL_MAX',
-    description: 'Maximum number of clients in the pool',
-    ...numberConfigHelper(10),
-  },
-  poolMinCount: {
-    env: 'VALIDATOR_HA_POOL_MIN',
-    description: 'Minimum number of clients in the pool',
-    ...numberConfigHelper(0),
-  },
-  poolIdleTimeoutMs: {
-    env: 'VALIDATOR_HA_POOL_IDLE_TIMEOUT_MS',
-    description: 'Idle timeout in milliseconds',
-    ...numberConfigHelper(10_000),
-  },
-  poolConnectionTimeoutMs: {
-    env: 'VALIDATOR_HA_POOL_CONNECTION_TIMEOUT_MS',
-    description: 'Connection timeout in milliseconds (0 means no timeout)',
-    ...numberConfigHelper(0),
-  },
-};
-
-/**
- * Returns the validator HA signer configuration from environment variables.
- * Note: If an environment variable is not set, the default value is used.
- * @returns The validator HA signer configuration.
- */
-export function getConfigEnvVars(): CreateHASignerConfig {
-  return getConfigFromMappings<CreateHASignerConfig>(createHASignerConfigMappings);
-}