npm - @aztec/validator-ha-signer - Versions diffs - 0.0.1-commit.96bb3f7 → 0.0.1-commit.96dac018d - Mend

@aztec/validator-ha-signer 0.0.1-commit.96bb3f7 → 0.0.1-commit.96dac018d

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (50) hide show

package/README.md +52 -37
package/dest/db/postgres.d.ts +34 -5
package/dest/db/postgres.d.ts.map +1 -1
package/dest/db/postgres.js +80 -22
package/dest/db/schema.d.ts +21 -10
package/dest/db/schema.d.ts.map +1 -1
package/dest/db/schema.js +49 -20
package/dest/db/types.d.ts +76 -31
package/dest/db/types.d.ts.map +1 -1
package/dest/db/types.js +32 -8
package/dest/errors.d.ts +9 -5
package/dest/errors.d.ts.map +1 -1
package/dest/errors.js +7 -4
package/dest/factory.d.ts +6 -14
package/dest/factory.d.ts.map +1 -1
package/dest/factory.js +17 -12
package/dest/metrics.d.ts +51 -0
package/dest/metrics.d.ts.map +1 -0
package/dest/metrics.js +103 -0
package/dest/migrations.d.ts +1 -1
package/dest/migrations.d.ts.map +1 -1
package/dest/migrations.js +13 -2
package/dest/slashing_protection_service.d.ts +25 -6
package/dest/slashing_protection_service.d.ts.map +1 -1
package/dest/slashing_protection_service.js +72 -20
package/dest/test/pglite_pool.d.ts +92 -0
package/dest/test/pglite_pool.d.ts.map +1 -0
package/dest/test/pglite_pool.js +210 -0
package/dest/types.d.ts +38 -18
package/dest/types.d.ts.map +1 -1
package/dest/types.js +4 -1
package/dest/validator_ha_signer.d.ts +18 -13
package/dest/validator_ha_signer.d.ts.map +1 -1
package/dest/validator_ha_signer.js +46 -33
package/package.json +13 -10
package/src/db/postgres.ts +101 -21
package/src/db/schema.ts +51 -20
package/src/db/types.ts +110 -31
package/src/errors.ts +7 -2
package/src/factory.ts +20 -14
package/src/metrics.ts +138 -0
package/src/migrations.ts +17 -1
package/src/slashing_protection_service.ts +117 -25
package/src/test/pglite_pool.ts +256 -0
package/src/types.ts +63 -19
package/src/validator_ha_signer.ts +66 -42
package/dest/config.d.ts +0 -47
package/dest/config.d.ts.map +0 -1
package/dest/config.js +0 -64
package/src/config.ts +0 -116

package/README.md CHANGED Viewed

@@ -9,39 +9,21 @@ Distributed locking and slashing protection for Aztec validators running in high
 - **Automatic Retry**: Failed signing attempts are cleared, allowing other nodes to retry
 - **PostgreSQL Backend**: Shared database for coordination across nodes
-## Quick Start
+## Integration with Validator Client
-### Option 1: Automatic Migrations (Simplest)
+The HA signer is automatically integrated into the validator client when `VALIDATOR_HA_SIGNING_ENABLED=true` is set. The validator client will:
-```typescript
-import { createHASigner } from '@aztec/validator-ha-signer/factory';
-// Migrations run automatically on startup
-const { signer, db } = await createHASigner({
-  databaseUrl: process.env.DATABASE_URL,
-  enabled: true,
-  nodeId: 'validator-node-1',
-  pollingIntervalMs: 100,
-  signingTimeoutMs: 3000,
-});
+1. Create the HA signer using `createHASigner()` from the factory
+2. Wrap the base keystore with `HAKeyStore` to provide HA-protected signing
+3. Automatically start/stop the signer lifecycle
-// Start background cleanup tasks
-signer.start();
+No manual integration is required when using the validator client.
-// Sign with protection
-const signature = await signer.signWithProtection(
-  validatorAddress,
-  messageHash,
-  { slot: 100n, blockNumber: 50n, dutyType: 'BLOCK_PROPOSAL' },
-  async root => localSigner.signMessage(root),
-);
+## Manual Usage
-// Cleanup on shutdown
-await signer.stop();
-await db.close();
-```
+For advanced use cases or testing, you can use the HA signer directly. **Note**: Database migrations must be run separately before creating the signer (see [Database Migrations](#database-migrations) below).
-### Option 2: Manual Migrations (Recommended for Production)
+### Basic Usage
 ```bash
 # 1. Run migrations separately (once per deployment)
@@ -54,7 +36,7 @@ import { createHASigner } from '@aztec/validator-ha-signer/factory';
 const { signer, db } = await createHASigner({
   databaseUrl: process.env.DATABASE_URL,
-  enabled: true,
+  haSigningEnabled: true,
   nodeId: 'validator-node-1',
   pollingIntervalMs: 100,
   signingTimeoutMs: 3000,
@@ -63,6 +45,14 @@ const { signer, db } = await createHASigner({
 // Start background cleanup tasks
 signer.start();
+// Sign with protection
+const signature = await signer.signWithProtection(
+  validatorAddress,
+  messageHash,
+  { slot: 100n, blockNumber: 50n, blockIndexWithinCheckpoint: 0, dutyType: 'BLOCK_PROPOSAL' },
+  async root => localSigner.signMessage(root),
+);
 // On shutdown
 await signer.stop();
 await db.close();
@@ -73,7 +63,7 @@ await db.close();
 If you need custom pool configuration (e.g., max connections, idle timeout) or want to share a connection pool across multiple components:
 > **Note**: You still need to run migrations separately before using this approach.
-> See [Option 2](#option-2-manual-migrations-recommended-for-production) above.
+> See [Database Migrations](#database-migrations) below.
 ```typescript
 import { PostgresSlashingProtectionDatabase } from '@aztec/validator-ha-signer/db';
@@ -91,11 +81,11 @@ const db = new PostgresSlashingProtectionDatabase(pool);
 await db.initialize();
 const signer = new ValidatorHASigner(db, {
-  enabled: true,
+  haSigningEnabled: true,
   nodeId: 'validator-node-1',
   pollingIntervalMs: 100,
   signingTimeoutMs: 3000,
-  maxStuckDutiesAgeMs: 72000,
+  maxStuckDutiesAgeMs: 144000,
 });
 // Start background cleanup tasks
@@ -111,11 +101,15 @@ await pool.end(); // You manage the pool lifecycle
 Set via environment variables or config object:
 - `VALIDATOR_HA_DATABASE_URL`: PostgreSQL connection string (e.g., `postgresql://user:pass@host:port/db`)
-- `SLASHING_PROTECTION_ENABLED`: Whether slashing protection is enabled (default: true)
-- `SLASHING_PROTECTION_NODE_ID`: Unique identifier for this validator node
-- `SLASHING_PROTECTION_POLLING_INTERVAL_MS`: How often to check duty status (default: 100)
-- `SLASHING_PROTECTION_SIGNING_TIMEOUT_MS`: Max wait for in-progress signing (default: 3000)
-- `SLASHING_PROTECTION_MAX_STUCK_DUTIES_AGE_MS`: Max age of stuck duties before cleanup (default: 72000)
+- `VALIDATOR_HA_SIGNING_ENABLED`: Whether HA signing / slashing protection is enabled (default: false)
+- `VALIDATOR_HA_NODE_ID`: Unique identifier for this validator node (required when enabled)
+- `VALIDATOR_HA_POLLING_INTERVAL_MS`: How often to check duty status (default: 100)
+- `VALIDATOR_HA_SIGNING_TIMEOUT_MS`: Max wait for in-progress signing (default: 3000)
+- `VALIDATOR_HA_MAX_STUCK_DUTIES_AGE_MS`: Max age of stuck duties before cleanup (default: 2 \* aztecSlotDuration)
+- `VALIDATOR_HA_POOL_MAX`: Maximum number of connections in the pool (default: 10)
+- `VALIDATOR_HA_POOL_MIN`: Minimum number of connections in the pool (default: 0)
+- `VALIDATOR_HA_POOL_IDLE_TIMEOUT_MS`: Idle timeout for pool connections (default: 10000)
+- `VALIDATOR_HA_POOL_CONNECTION_TIMEOUT_MS`: Connection timeout (default: 0, no timeout)
 ## Database Migrations
@@ -170,9 +164,30 @@ When multiple validator nodes attempt to sign:
 1. First node acquires lock and signs
 2. Other nodes receive `DutyAlreadySignedError` (expected)
-3. If different data detected: `SlashingProtectionError` (likely for block builder signing)
+3. If different data detected: `SlashingProtectionError` (prevents slashing)
 4. Failed attempts are auto-cleaned, allowing retry
+### Signing Context
+All signing operations require a `SigningContext` that includes:
+- `slot`: The slot number
+- `blockNumber`: The block number within the checkpoint
+- `blockIndexWithinCheckpoint`: The index of the block within the checkpoint (use `-1` for N/A contexts)
+- `dutyType`: The type of duty (e.g., `BLOCK_PROPOSAL`, `CHECKPOINT_ATTESTATION`, `AUTH_REQUEST`)
+Note: `AUTH_REQUEST` duties bypass HA protection since signing multiple times is safe for authentication requests.
+## Important Limitations
+### Database Isolation Per Rollup Version
+**You cannot use the same database to provide slashing protection for validator nodes running on different rollup versions** (e.g., current rollup and old rollup simultaneously).
+When the HA signer performs background cleanup via `cleanupOutdatedRollupDuties()`, it removes all duties where the rollup address doesn't match the current rollup address. If two validators running on different rollup versions share the same database, they will delete each other's duties during cleanup.
+**Solution**: Use separate databases for validators running on different rollup versions. Each rollup version requires its own isolated slashing protection database.
 ## Development
 ```bash

package/dest/db/postgres.d.ts CHANGED Viewed

@@ -1,14 +1,26 @@
+/**
+ * PostgreSQL implementation of SlashingProtectionDatabase
+ */
+import { SlotNumber } from '@aztec/foundation/branded-types';
 import { EthAddress } from '@aztec/foundation/eth-address';
-import type { Pool } from 'pg';
+import type { QueryResult, QueryResultRow } from 'pg';
 import type { SlashingProtectionDatabase, TryInsertOrGetResult } from '../types.js';
 import type { CheckAndRecordParams, DutyType } from './types.js';
+/**
+ * Minimal pool interface for database operations.
+ * Both pg.Pool and test adapters (e.g., PGlite) satisfy this interface.
+ */
+export interface QueryablePool {
+    query<R extends QueryResultRow = any>(text: string, values?: any[]): Promise<QueryResult<R>>;
+    end(): Promise<void>;
+}
 /**
  * PostgreSQL implementation of the slashing protection database
  */
 export declare class PostgresSlashingProtectionDatabase implements SlashingProtectionDatabase {
     private readonly pool;
     private readonly log;
-    constructor(pool: Pool);
+    constructor(pool: QueryablePool);
     /**
      * Verify that database migrations have been run and schema version matches.
      * Should be called once at startup.
@@ -21,6 +33,9 @@ export declare class PostgresSlashingProtectionDatabase implements SlashingProte
      *
      * @returns { isNew: true, record } if we successfully inserted and acquired the lock
      * @returns { isNew: false, record } if a record already exists. lock_token is empty if the record already exists.
+     *
+     * Retries if no rows are returned, which can happen under high concurrency
+     * when another transaction just committed the row but it's not yet visible.
      */
     tryInsertOrGetExisting(params: CheckAndRecordParams): Promise<TryInsertOrGetResult>;
     /**
@@ -29,7 +44,7 @@ export declare class PostgresSlashingProtectionDatabase implements SlashingProte
      *
      * @returns true if the update succeeded, false if token didn't match or duty not found
      */
-    updateDutySigned(validatorAddress: EthAddress, slot: bigint, dutyType: DutyType, signature: string, lockToken: string): Promise<boolean>;
+    updateDutySigned(rollupAddress: EthAddress, validatorAddress: EthAddress, slot: SlotNumber, dutyType: DutyType, signature: string, lockToken: string, blockIndexWithinCheckpoint: number): Promise<boolean>;
     /**
      * Delete a duty record.
      * Only succeeds if the lockToken matches (caller must be the one who created the duty).
@@ -37,7 +52,7 @@ export declare class PostgresSlashingProtectionDatabase implements SlashingProte
      *
      * @returns true if the delete succeeded, false if token didn't match or duty not found
      */
-    deleteDuty(validatorAddress: EthAddress, slot: bigint, dutyType: DutyType, lockToken: string): Promise<boolean>;
+    deleteDuty(rollupAddress: EthAddress, validatorAddress: EthAddress, slot: SlotNumber, dutyType: DutyType, lockToken: string, blockIndexWithinCheckpoint: number): Promise<boolean>;
     /**
      * Convert a database row to a ValidatorDutyRecord
      */
@@ -51,5 +66,19 @@ export declare class PostgresSlashingProtectionDatabase implements SlashingProte
      * @returns the number of duties cleaned up
      */
     cleanupOwnStuckDuties(nodeId: string, maxAgeMs: number): Promise<number>;
+    /**
+     * Cleanup duties with outdated rollup address.
+     * Removes all duties where the rollup address doesn't match the current one.
+     * Used after a rollup upgrade to clean up duties for the old rollup.
+     * @returns the number of duties cleaned up
+     */
+    cleanupOutdatedRollupDuties(currentRollupAddress: EthAddress): Promise<number>;
+    /**
+     * Cleanup old signed duties.
+     * Removes only signed duties older than the specified age.
+     * Does not remove 'signing' duties as they may be in progress.
+     * @returns the number of duties cleaned up
+     */
+    cleanupOldDuties(maxAgeMs: number): Promise<number>;
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicG9zdGdyZXMuZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9kYi9wb3N0Z3Jlcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFJQSxPQUFPLEVBQUUsVUFBVSxFQUFFLE1BQU0sK0JBQStCLENBQUM7QUFHM0QsT0FBTyxLQUFLLEVBQUUsSUFBSSxFQUFlLE1BQU0sSUFBSSxDQUFDO0FBRTVDLE9BQU8sS0FBSyxFQUFFLDBCQUEwQixFQUFFLG9CQUFvQixFQUFFLE1BQU0sYUFBYSxDQUFDO0FBUXBGLE9BQU8sS0FBSyxFQUFFLG9CQUFvQixFQUFXLFFBQVEsRUFBdUMsTUFBTSxZQUFZLENBQUM7QUFFL0c7O0dBRUc7QUFDSCxxQkFBYSxrQ0FBbUMsWUFBVywwQkFBMEI7SUFHdkUsT0FBTyxDQUFDLFFBQVEsQ0FBQyxJQUFJO0lBRmpDLE9BQU8sQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFTO0lBRTdCLFlBQTZCLElBQUksRUFBRSxJQUFJLEVBRXRDO0lBRUQ7Ozs7O09BS0c7SUFDRyxVQUFVLElBQUksT0FBTyxDQUFDLElBQUksQ0FBQyxDQWdDaEM7SUFFRDs7Ozs7T0FLRztJQUNHLHNCQUFzQixDQUFDLE1BQU0sRUFBRSxvQkFBb0IsR0FBRyxPQUFPLENBQUMsb0JBQW9CLENBQUMsQ0F3QnhGO0lBRUQ7Ozs7O09BS0c7SUFDRyxnQkFBZ0IsQ0FDcEIsZ0JBQWdCLEVBQUUsVUFBVSxFQUM1QixJQUFJLEVBQUUsTUFBTSxFQUNaLFFBQVEsRUFBRSxRQUFRLEVBQ2xCLFNBQVMsRUFBRSxNQUFNLEVBQ2pCLFNBQVMsRUFBRSxNQUFNLEdBQ2hCLE9BQU8sQ0FBQyxPQUFPLENBQUMsQ0FrQmxCO0lBRUQ7Ozs7OztPQU1HO0lBQ0csVUFBVSxDQUNkLGdCQUFnQixFQUFFLFVBQVUsRUFDNUIsSUFBSSxFQUFFLE1BQU0sRUFDWixRQUFRLEVBQUUsUUFBUSxFQUNsQixTQUFTLEVBQUUsTUFBTSxHQUNoQixPQUFPLENBQUMsT0FBTyxDQUFDLENBaUJsQjtJQUVEOztPQUVHO0lBQ0gsT0FBTyxDQUFDLFdBQVc7SUFpQm5COztPQUVHO0lBQ0csS0FBSyxJQUFJLE9BQU8sQ0FBQyxJQUFJLENBQUMsQ0FHM0I7SUFFRDs7O09BR0c7SUFDRyxxQkFBcUIsQ0FBQyxNQUFNLEVBQUUsTUFBTSxFQUFFLFFBQVEsRUFBRSxNQUFNLEdBQUcsT0FBTyxDQUFDLE1BQU0sQ0FBQyxDQUk3RTtDQUNGIn0=
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicG9zdGdyZXMuZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9kYi9wb3N0Z3Jlcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQTs7R0FFRztBQUNILE9BQU8sRUFBZSxVQUFVLEVBQUUsTUFBTSxpQ0FBaUMsQ0FBQztBQUUxRSxPQUFPLEVBQUUsVUFBVSxFQUFFLE1BQU0sK0JBQStCLENBQUM7QUFJM0QsT0FBTyxLQUFLLEVBQUUsV0FBVyxFQUFFLGNBQWMsRUFBRSxNQUFNLElBQUksQ0FBQztBQUV0RCxPQUFPLEtBQUssRUFBRSwwQkFBMEIsRUFBRSxvQkFBb0IsRUFBRSxNQUFNLGFBQWEsQ0FBQztBQVVwRixPQUFPLEtBQUssRUFBRSxvQkFBb0IsRUFBVyxRQUFRLEVBQXVDLE1BQU0sWUFBWSxDQUFDO0FBRy9HOzs7R0FHRztBQUNILE1BQU0sV0FBVyxhQUFhO0lBQzVCLEtBQUssQ0FBQyxDQUFDLFNBQVMsY0FBYyxHQUFHLEdBQUcsRUFBRSxJQUFJLEVBQUUsTUFBTSxFQUFFLE1BQU0sQ0FBQyxFQUFFLEdBQUcsRUFBRSxHQUFHLE9BQU8sQ0FBQyxXQUFXLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztJQUM3RixHQUFHLElBQUksT0FBTyxDQUFDLElBQUksQ0FBQyxDQUFDO0NBQ3RCO0FBRUQ7O0dBRUc7QUFDSCxxQkFBYSxrQ0FBbUMsWUFBVywwQkFBMEI7SUFHdkUsT0FBTyxDQUFDLFFBQVEsQ0FBQyxJQUFJO0lBRmpDLE9BQU8sQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFTO0lBRTdCLFlBQTZCLElBQUksRUFBRSxhQUFhLEVBRS9DO0lBRUQ7Ozs7O09BS0c7SUFDRyxVQUFVLElBQUksT0FBTyxDQUFDLElBQUksQ0FBQyxDQWdDaEM7SUFFRDs7Ozs7Ozs7T0FRRztJQUNHLHNCQUFzQixDQUFDLE1BQU0sRUFBRSxvQkFBb0IsR0FBRyxPQUFPLENBQUMsb0JBQW9CLENBQUMsQ0FvRHhGO0lBRUQ7Ozs7O09BS0c7SUFDRyxnQkFBZ0IsQ0FDcEIsYUFBYSxFQUFFLFVBQVUsRUFDekIsZ0JBQWdCLEVBQUUsVUFBVSxFQUM1QixJQUFJLEVBQUUsVUFBVSxFQUNoQixRQUFRLEVBQUUsUUFBUSxFQUNsQixTQUFTLEVBQUUsTUFBTSxFQUNqQixTQUFTLEVBQUUsTUFBTSxFQUNqQiwwQkFBMEIsRUFBRSxNQUFNLEdBQ2pDLE9BQU8sQ0FBQyxPQUFPLENBQUMsQ0FzQmxCO0lBRUQ7Ozs7OztPQU1HO0lBQ0csVUFBVSxDQUNkLGFBQWEsRUFBRSxVQUFVLEVBQ3pCLGdCQUFnQixFQUFFLFVBQVUsRUFDNUIsSUFBSSxFQUFFLFVBQVUsRUFDaEIsUUFBUSxFQUFFLFFBQVEsRUFDbEIsU0FBUyxFQUFFLE1BQU0sRUFDakIsMEJBQTBCLEVBQUUsTUFBTSxHQUNqQyxPQUFPLENBQUMsT0FBTyxDQUFDLENBcUJsQjtJQUVEOztPQUVHO0lBQ0gsT0FBTyxDQUFDLFdBQVc7SUFtQm5COztPQUVHO0lBQ0csS0FBSyxJQUFJLE9BQU8sQ0FBQyxJQUFJLENBQUMsQ0FHM0I7SUFFRDs7O09BR0c7SUFDRyxxQkFBcUIsQ0FBQyxNQUFNLEVBQUUsTUFBTSxFQUFFLFFBQVEsRUFBRSxNQUFNLEdBQUcsT0FBTyxDQUFDLE1BQU0sQ0FBQyxDQUc3RTtJQUVEOzs7OztPQUtHO0lBQ0csMkJBQTJCLENBQUMsb0JBQW9CLEVBQUUsVUFBVSxHQUFHLE9BQU8sQ0FBQyxNQUFNLENBQUMsQ0FHbkY7SUFFRDs7Ozs7T0FLRztJQUNHLGdCQUFnQixDQUFDLFFBQVEsRUFBRSxNQUFNLEdBQUcsT0FBTyxDQUFDLE1BQU0sQ0FBQyxDQUd4RDtDQUNGIn0=

package/dest/db/postgres.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"postgres.d.ts","sourceRoot":"","sources":["../../src/db/postgres.ts"],"names":[],"mappings":"~~AAIA~~,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;~~AAG3D~~,OAAO,KAAK,EAAE,~~IAAI~~,~~EAAe~~,MAAM,IAAI,CAAC;~~AAE5C~~,OAAO,KAAK,EAAE,0BAA0B,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;~~AAQpF~~,OAAO,KAAK,EAAE,oBAAoB,EAAW,QAAQ,EAAuC,MAAM,YAAY,CAAC;~~AAE~~/G;;GAEG;AACH,qBAAa,kCAAmC,YAAW,0BAA0B;IAGvE,OAAO,CAAC,QAAQ,CAAC,IAAI;IAFjC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAS;IAE7B,YAA6B,IAAI,EAAE,~~IAAI~~,~~EAEtC~~;IAED;;;;;OAKG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC,CAgChC;IAED~~;;;;;OAKG~~;IACG,sBAAsB,CAAC,MAAM,EAAE,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,CAAC,~~CAwBxF~~;IAED;;;;;OAKG;IACG,gBAAgB,CACpB,gBAAgB,EAAE,UAAU,EAC5B,IAAI,EAAE,~~MAAM~~,~~EACZ~~,QAAQ,EAAE,QAAQ,EAClB,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,~~GAChB~~,OAAO,CAAC,OAAO,CAAC,~~CAkBlB~~;IAED;;;;;;OAMG;IACG,UAAU,CACd,gBAAgB,EAAE,UAAU,EAC5B,IAAI,EAAE,~~MAAM~~,~~EACZ~~,QAAQ,EAAE,QAAQ,EAClB,SAAS,EAAE,MAAM,~~GAChB~~,OAAO,CAAC,OAAO,CAAC,~~CAiBlB~~;IAED;;OAEG;IACH,OAAO,CAAC,WAAW;~~IAiBnB~~;;OAEG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAG3B;IAED;;;OAGG;IACG,qBAAqB,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,~~CAI7E~~;CACF"}
1	+ {"version":3,"file":"postgres.d.ts","sourceRoot":"","sources":["../../src/db/postgres.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAe,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAE1E,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAI3D,OAAO,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,IAAI,CAAC;AAEtD,OAAO,KAAK,EAAE,0BAA0B,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAUpF,OAAO,KAAK,EAAE,oBAAoB,EAAW,QAAQ,EAAuC,MAAM,YAAY,CAAC;AAG/G;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B,KAAK,CAAC,CAAC,SAAS,cAAc,GAAG,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7F,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACtB;AAED;;GAEG;AACH,qBAAa,kCAAmC,YAAW,0BAA0B;IAGvE,OAAO,CAAC,QAAQ,CAAC,IAAI;IAFjC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAS;IAE7B,YAA6B,IAAI,EAAE,aAAa,EAE/C;IAED;;;;;OAKG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC,CAgChC;IAED;;;;;;;;OAQG;IACG,sBAAsB,CAAC,MAAM,EAAE,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAoDxF;IAED;;;;;OAKG;IACG,gBAAgB,CACpB,aAAa,EAAE,UAAU,EACzB,gBAAgB,EAAE,UAAU,EAC5B,IAAI,EAAE,UAAU,EAChB,QAAQ,EAAE,QAAQ,EAClB,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,EACjB,0BAA0B,EAAE,MAAM,GACjC,OAAO,CAAC,OAAO,CAAC,CAsBlB;IAED;;;;;;OAMG;IACG,UAAU,CACd,aAAa,EAAE,UAAU,EACzB,gBAAgB,EAAE,UAAU,EAC5B,IAAI,EAAE,UAAU,EAChB,QAAQ,EAAE,QAAQ,EAClB,SAAS,EAAE,MAAM,EACjB,0BAA0B,EAAE,MAAM,GACjC,OAAO,CAAC,OAAO,CAAC,CAqBlB;IAED;;OAEG;IACH,OAAO,CAAC,WAAW;IAmBnB;;OAEG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAG3B;IAED;;;OAGG;IACG,qBAAqB,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAG7E;IAED;;;;;OAKG;IACG,2BAA2B,CAAC,oBAAoB,EAAE,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAGnF;IAED;;;;;OAKG;IACG,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAGxD;CACF"}

package/dest/db/postgres.js CHANGED Viewed

@@ -1,9 +1,12 @@
 /**
  * PostgreSQL implementation of SlashingProtectionDatabase
- */ import { randomBytes } from '@aztec/foundation/crypto/random';
+ */ import { BlockNumber, SlotNumber } from '@aztec/foundation/branded-types';
+import { randomBytes } from '@aztec/foundation/crypto/random';
 import { EthAddress } from '@aztec/foundation/eth-address';
 import { createLogger } from '@aztec/foundation/log';
-import { CLEANUP_OWN_STUCK_DUTIES, DELETE_DUTY, INSERT_OR_GET_DUTY, SCHEMA_VERSION, UPDATE_DUTY_SIGNED } from './schema.js';
+import { makeBackoff, retry } from '@aztec/foundation/retry';
+import { CLEANUP_OLD_DUTIES, CLEANUP_OUTDATED_ROLLUP_DUTIES, CLEANUP_OWN_STUCK_DUTIES, DELETE_DUTY, INSERT_OR_GET_DUTY, SCHEMA_VERSION, UPDATE_DUTY_SIGNED } from './schema.js';
+import { getBlockIndexFromDutyIdentifier } from './types.js';
 /**
  * PostgreSQL implementation of the slashing protection database
  */ export class PostgresSlashingProtectionDatabase {
@@ -27,10 +30,10 @@ import { CLEANUP_OWN_STUCK_DUTIES, DELETE_DUTY, INSERT_OR_GET_DUTY, SCHEMA_VERSI
             }
             dbVersion = result.rows[0].version;
         } catch  {
-            throw new Error('Database schema not initialized. Please run migrations first: aztec migrate up --database-url <url>');
+            throw new Error('Database schema not initialized. Please run migrations first: aztec migrate-ha-db up --database-url <url>');
         }
         if (dbVersion < SCHEMA_VERSION) {
-            throw new Error(`Database schema version ${dbVersion} is outdated (expected ${SCHEMA_VERSION}). Please run migrations: aztec migrate up --database-url <url>`);
+            throw new Error(`Database schema version ${dbVersion} is outdated (expected ${SCHEMA_VERSION}). Please run migrations: aztec migrate-ha-db up --database-url <url>`);
         }
         if (dbVersion > SCHEMA_VERSION) {
             throw new Error(`Database schema version ${dbVersion} is newer than expected (${SCHEMA_VERSION}). Please update your application.`);
@@ -44,21 +47,45 @@ import { CLEANUP_OWN_STUCK_DUTIES, DELETE_DUTY, INSERT_OR_GET_DUTY, SCHEMA_VERSI
    *
    * @returns { isNew: true, record } if we successfully inserted and acquired the lock
    * @returns { isNew: false, record } if a record already exists. lock_token is empty if the record already exists.
+   *
+   * Retries if no rows are returned, which can happen under high concurrency
+   * when another transaction just committed the row but it's not yet visible.
    */ async tryInsertOrGetExisting(params) {
         // create a token for ownership verification
         const lockToken = randomBytes(16).toString('hex');
-        const result = await this.pool.query(INSERT_OR_GET_DUTY, [
-            params.validatorAddress.toString(),
-            params.slot.toString(),
-            params.blockNumber.toString(),
-            params.dutyType,
-            params.messageHash,
-            params.nodeId,
-            lockToken
+        // Use fast retries with custom backoff: 10ms, 20ms, 30ms (then stop)
+        const fastBackoff = makeBackoff([
+            0.01,
+            0.02,
+            0.03
         ]);
+        // Get the normalized block index using type-safe helper
+        const blockIndexWithinCheckpoint = getBlockIndexFromDutyIdentifier(params);
+        const result = await retry(async ()=>{
+            const queryResult = await this.pool.query(INSERT_OR_GET_DUTY, [
+                params.rollupAddress.toString(),
+                params.validatorAddress.toString(),
+                params.slot.toString(),
+                params.blockNumber.toString(),
+                blockIndexWithinCheckpoint,
+                params.dutyType,
+                params.messageHash,
+                params.nodeId,
+                lockToken
+            ]);
+            // Throw error if no rows to trigger retry
+            if (queryResult.rows.length === 0) {
+                throw new Error('INSERT_OR_GET_DUTY returned no rows');
+            }
+            return queryResult;
+        }, `INSERT_OR_GET_DUTY for node ${params.nodeId}`, fastBackoff, this.log, true);
         if (result.rows.length === 0) {
-            // This shouldn't happen - the query always returns either the inserted or existing row
-            throw new Error('INSERT_OR_GET_DUTY returned no rows');
+            // this should never happen as the retry function should throw if it still fails after retries
+            throw new Error('INSERT_OR_GET_DUTY returned no rows after retries');
+        }
+        if (result.rows.length > 1) {
+            // this should never happen if database constraints are correct (PRIMARY KEY should prevent duplicates)
+            throw new Error(`INSERT_OR_GET_DUTY returned ${result.rows.length} rows (expected exactly 1).`);
         }
         const row = result.rows[0];
         return {
@@ -71,19 +98,23 @@ import { CLEANUP_OWN_STUCK_DUTIES, DELETE_DUTY, INSERT_OR_GET_DUTY, SCHEMA_VERSI
    * Only succeeds if the lockToken matches (caller must be the one who created the duty).
    *
    * @returns true if the update succeeded, false if token didn't match or duty not found
-   */ async updateDutySigned(validatorAddress, slot, dutyType, signature, lockToken) {
+   */ async updateDutySigned(rollupAddress, validatorAddress, slot, dutyType, signature, lockToken, blockIndexWithinCheckpoint) {
         const result = await this.pool.query(UPDATE_DUTY_SIGNED, [
             signature,
+            rollupAddress.toString(),
             validatorAddress.toString(),
             slot.toString(),
             dutyType,
+            blockIndexWithinCheckpoint,
             lockToken
         ]);
         if (result.rowCount === 0) {
             this.log.warn('Failed to update duty to signed status: invalid token or duty not found', {
+                rollupAddress: rollupAddress.toString(),
                 validatorAddress: validatorAddress.toString(),
                 slot: slot.toString(),
-                dutyType
+                dutyType,
+                blockIndexWithinCheckpoint
             });
             return false;
         }
@@ -95,18 +126,22 @@ import { CLEANUP_OWN_STUCK_DUTIES, DELETE_DUTY, INSERT_OR_GET_DUTY, SCHEMA_VERSI
    * Used when signing fails to allow another node/attempt to retry.
    *
    * @returns true if the delete succeeded, false if token didn't match or duty not found
-   */ async deleteDuty(validatorAddress, slot, dutyType, lockToken) {
+   */ async deleteDuty(rollupAddress, validatorAddress, slot, dutyType, lockToken, blockIndexWithinCheckpoint) {
         const result = await this.pool.query(DELETE_DUTY, [
+            rollupAddress.toString(),
             validatorAddress.toString(),
             slot.toString(),
             dutyType,
+            blockIndexWithinCheckpoint,
             lockToken
         ]);
         if (result.rowCount === 0) {
             this.log.warn('Failed to delete duty: invalid token or duty not found', {
+                rollupAddress: rollupAddress.toString(),
                 validatorAddress: validatorAddress.toString(),
                 slot: slot.toString(),
-                dutyType
+                dutyType,
+                blockIndexWithinCheckpoint
             });
             return false;
         }
@@ -116,9 +151,11 @@ import { CLEANUP_OWN_STUCK_DUTIES, DELETE_DUTY, INSERT_OR_GET_DUTY, SCHEMA_VERSI
    * Convert a database row to a ValidatorDutyRecord
    */ rowToRecord(row) {
         return {
+            rollupAddress: EthAddress.fromString(row.rollup_address),
             validatorAddress: EthAddress.fromString(row.validator_address),
-            slot: BigInt(row.slot),
-            blockNumber: BigInt(row.block_number),
+            slot: SlotNumber.fromString(row.slot),
+            blockNumber: BlockNumber.fromString(row.block_number),
+            blockIndexWithinCheckpoint: row.block_index_within_checkpoint,
             dutyType: row.duty_type,
             status: row.status,
             messageHash: row.message_hash,
@@ -140,10 +177,31 @@ import { CLEANUP_OWN_STUCK_DUTIES, DELETE_DUTY, INSERT_OR_GET_DUTY, SCHEMA_VERSI
    * Cleanup own stuck duties
    * @returns the number of duties cleaned up
    */ async cleanupOwnStuckDuties(nodeId, maxAgeMs) {
-        const cutoff = new Date(Date.now() - maxAgeMs);
         const result = await this.pool.query(CLEANUP_OWN_STUCK_DUTIES, [
             nodeId,
-            cutoff
+            maxAgeMs
+        ]);
+        return result.rowCount ?? 0;
+    }
+    /**
+   * Cleanup duties with outdated rollup address.
+   * Removes all duties where the rollup address doesn't match the current one.
+   * Used after a rollup upgrade to clean up duties for the old rollup.
+   * @returns the number of duties cleaned up
+   */ async cleanupOutdatedRollupDuties(currentRollupAddress) {
+        const result = await this.pool.query(CLEANUP_OUTDATED_ROLLUP_DUTIES, [
+            currentRollupAddress.toString()
+        ]);
+        return result.rowCount ?? 0;
+    }
+    /**
+   * Cleanup old signed duties.
+   * Removes only signed duties older than the specified age.
+   * Does not remove 'signing' duties as they may be in progress.
+   * @returns the number of duties cleaned up
+   */ async cleanupOldDuties(maxAgeMs) {
+        const result = await this.pool.query(CLEANUP_OLD_DUTIES, [
+            maxAgeMs
         ]);
         return result.rowCount ?? 0;
     }

package/dest/db/schema.d.ts CHANGED Viewed

@@ -12,7 +12,7 @@ export declare const SCHEMA_VERSION = 1;
 /**
  * SQL to create the validator_duties table
  */
-export declare const CREATE_VALIDATOR_DUTIES_TABLE = "\nCREATE TABLE IF NOT EXISTS validator_duties (\n  validator_address VARCHAR(42) NOT NULL,\n  slot BIGINT NOT NULL,\n  block_number BIGINT NOT NULL,\n  duty_type VARCHAR(30) NOT NULL CHECK (duty_type IN ('BLOCK_PROPOSAL', 'ATTESTATION', 'ATTESTATIONS_AND_SIGNERS')),\n  status VARCHAR(20) NOT NULL CHECK (status IN ('signing', 'signed', 'failed')),\n  message_hash VARCHAR(66) NOT NULL,\n  signature VARCHAR(132),\n  node_id VARCHAR(255) NOT NULL,\n  lock_token VARCHAR(64) NOT NULL,\n  started_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,\n  completed_at TIMESTAMP,\n  error_message TEXT,\n\n  PRIMARY KEY (validator_address, slot, duty_type),\n  CHECK (completed_at IS NULL OR completed_at >= started_at)\n);\n";
+export declare const CREATE_VALIDATOR_DUTIES_TABLE = "\nCREATE TABLE IF NOT EXISTS validator_duties (\n  rollup_address VARCHAR(42) NOT NULL,\n  validator_address VARCHAR(42) NOT NULL,\n  slot BIGINT NOT NULL,\n  block_number BIGINT NOT NULL,\n  block_index_within_checkpoint INTEGER NOT NULL DEFAULT 0,\n  duty_type VARCHAR(30) NOT NULL CHECK (duty_type IN ('BLOCK_PROPOSAL', 'CHECKPOINT_PROPOSAL', 'ATTESTATION', 'ATTESTATIONS_AND_SIGNERS', 'GOVERNANCE_VOTE', 'SLASHING_VOTE')),\n  status VARCHAR(20) NOT NULL CHECK (status IN ('signing', 'signed')),\n  message_hash VARCHAR(66) NOT NULL,\n  signature VARCHAR(132),\n  node_id VARCHAR(255) NOT NULL,\n  lock_token VARCHAR(64) NOT NULL,\n  started_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,\n  completed_at TIMESTAMP,\n  error_message TEXT,\n\n  PRIMARY KEY (rollup_address, validator_address, slot, duty_type, block_index_within_checkpoint),\n  CHECK (completed_at IS NULL OR completed_at >= started_at)\n);\n";
 /**
  * SQL to create index on status and started_at for cleanup queries
  */
@@ -32,7 +32,7 @@ export declare const INSERT_SCHEMA_VERSION = "\nINSERT INTO schema_version (vers
 /**
  * Complete schema setup - all statements in order
  */
-export declare const SCHEMA_SETUP: readonly ["\nCREATE TABLE IF NOT EXISTS schema_version (\n  version INTEGER PRIMARY KEY,\n  applied_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP\n);\n", "\nCREATE TABLE IF NOT EXISTS validator_duties (\n  validator_address VARCHAR(42) NOT NULL,\n  slot BIGINT NOT NULL,\n  block_number BIGINT NOT NULL,\n  duty_type VARCHAR(30) NOT NULL CHECK (duty_type IN ('BLOCK_PROPOSAL', 'ATTESTATION', 'ATTESTATIONS_AND_SIGNERS')),\n  status VARCHAR(20) NOT NULL CHECK (status IN ('signing', 'signed', 'failed')),\n  message_hash VARCHAR(66) NOT NULL,\n  signature VARCHAR(132),\n  node_id VARCHAR(255) NOT NULL,\n  lock_token VARCHAR(64) NOT NULL,\n  started_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,\n  completed_at TIMESTAMP,\n  error_message TEXT,\n\n  PRIMARY KEY (validator_address, slot, duty_type),\n  CHECK (completed_at IS NULL OR completed_at >= started_at)\n);\n", "\nCREATE INDEX IF NOT EXISTS idx_validator_duties_status\nON validator_duties(status, started_at);\n", "\nCREATE INDEX IF NOT EXISTS idx_validator_duties_node\nON validator_duties(node_id, started_at);\n"];
+export declare const SCHEMA_SETUP: readonly ["\nCREATE TABLE IF NOT EXISTS schema_version (\n  version INTEGER PRIMARY KEY,\n  applied_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP\n);\n", "\nCREATE TABLE IF NOT EXISTS validator_duties (\n  rollup_address VARCHAR(42) NOT NULL,\n  validator_address VARCHAR(42) NOT NULL,\n  slot BIGINT NOT NULL,\n  block_number BIGINT NOT NULL,\n  block_index_within_checkpoint INTEGER NOT NULL DEFAULT 0,\n  duty_type VARCHAR(30) NOT NULL CHECK (duty_type IN ('BLOCK_PROPOSAL', 'CHECKPOINT_PROPOSAL', 'ATTESTATION', 'ATTESTATIONS_AND_SIGNERS', 'GOVERNANCE_VOTE', 'SLASHING_VOTE')),\n  status VARCHAR(20) NOT NULL CHECK (status IN ('signing', 'signed')),\n  message_hash VARCHAR(66) NOT NULL,\n  signature VARCHAR(132),\n  node_id VARCHAR(255) NOT NULL,\n  lock_token VARCHAR(64) NOT NULL,\n  started_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,\n  completed_at TIMESTAMP,\n  error_message TEXT,\n\n  PRIMARY KEY (rollup_address, validator_address, slot, duty_type, block_index_within_checkpoint),\n  CHECK (completed_at IS NULL OR completed_at >= started_at)\n);\n", "\nCREATE INDEX IF NOT EXISTS idx_validator_duties_status\nON validator_duties(status, started_at);\n", "\nCREATE INDEX IF NOT EXISTS idx_validator_duties_node\nON validator_duties(node_id, started_at);\n"];
 /**
  * Query to get current schema version
  */
@@ -43,17 +43,21 @@ export declare const GET_SCHEMA_VERSION = "\nSELECT version FROM schema_version
  * returns the existing record instead.
  *
  * Returns the record with an `is_new` flag indicating whether we inserted or got existing.
+ *
+ * Note: In high concurrency scenarios, if the INSERT conflicts and another transaction
+ * just committed the row, there's a small window where the SELECT might not see it yet.
+ * The application layer should retry if no rows are returned.
  */
-export declare const INSERT_OR_GET_DUTY = "\nWITH inserted AS (\n  INSERT INTO validator_duties (\n    validator_address,\n    slot,\n    block_number,\n    duty_type,\n    status,\n    message_hash,\n    node_id,\n    lock_token,\n    started_at\n  ) VALUES ($1, $2, $3, $4, 'signing', $5, $6, $7, CURRENT_TIMESTAMP)\n  ON CONFLICT (validator_address, slot, duty_type) DO NOTHING\n  RETURNING\n    validator_address,\n    slot,\n    block_number,\n    duty_type,\n    status,\n    message_hash,\n    signature,\n    node_id,\n    lock_token,\n    started_at,\n    completed_at,\n    error_message,\n    TRUE as is_new\n)\nSELECT * FROM inserted\nUNION ALL\nSELECT\n  validator_address,\n  slot,\n  block_number,\n  duty_type,\n  status,\n  message_hash,\n  signature,\n  node_id,\n  '' as lock_token,\n  started_at,\n  completed_at,\n  error_message,\n  FALSE as is_new\nFROM validator_duties\nWHERE validator_address = $1\n  AND slot = $2\n  AND duty_type = $4\n  AND NOT EXISTS (SELECT 1 FROM inserted);\n";
+export declare const INSERT_OR_GET_DUTY = "\nWITH inserted AS (\n  INSERT INTO validator_duties (\n    rollup_address,\n    validator_address,\n    slot,\n    block_number,\n    block_index_within_checkpoint,\n    duty_type,\n    status,\n    message_hash,\n    node_id,\n    lock_token,\n    started_at\n  ) VALUES ($1, $2, $3, $4, $5, $6, 'signing', $7, $8, $9, CURRENT_TIMESTAMP)\n  ON CONFLICT (rollup_address, validator_address, slot, duty_type, block_index_within_checkpoint) DO NOTHING\n  RETURNING\n    rollup_address,\n    validator_address,\n    slot,\n    block_number,\n    block_index_within_checkpoint,\n    duty_type,\n    status,\n    message_hash,\n    signature,\n    node_id,\n    lock_token,\n    started_at,\n    completed_at,\n    error_message,\n    TRUE as is_new\n)\nSELECT * FROM inserted\nUNION ALL\nSELECT\n  rollup_address,\n  validator_address,\n  slot,\n  block_number,\n  block_index_within_checkpoint,\n  duty_type,\n  status,\n  message_hash,\n  signature,\n  node_id,\n  '' as lock_token,\n  started_at,\n  completed_at,\n  error_message,\n  FALSE as is_new\nFROM validator_duties\nWHERE rollup_address = $1\n  AND validator_address = $2\n  AND slot = $3\n  AND duty_type = $6\n  AND block_index_within_checkpoint = $5\n  AND NOT EXISTS (SELECT 1 FROM inserted);\n";
 /**
  * Query to update a duty to 'signed' status
  */
-export declare const UPDATE_DUTY_SIGNED = "\nUPDATE validator_duties\nSET status = 'signed',\n    signature = $1,\n    completed_at = CURRENT_TIMESTAMP\nWHERE validator_address = $2\n  AND slot = $3\n  AND duty_type = $4\n  AND status = 'signing'\n  AND lock_token = $5;\n";
+export declare const UPDATE_DUTY_SIGNED = "\nUPDATE validator_duties\nSET status = 'signed',\n    signature = $1,\n    completed_at = CURRENT_TIMESTAMP\nWHERE rollup_address = $2\n  AND validator_address = $3\n  AND slot = $4\n  AND duty_type = $5\n  AND block_index_within_checkpoint = $6\n  AND status = 'signing'\n  AND lock_token = $7;\n";
 /**
  * Query to delete a duty
  * Only deletes if the lockToken matches
  */
-export declare const DELETE_DUTY = "\nDELETE FROM validator_duties\nWHERE validator_address = $1\n  AND slot = $2\n  AND duty_type = $3\n  AND status = 'signing'\n  AND lock_token = $4;\n";
+export declare const DELETE_DUTY = "\nDELETE FROM validator_duties\nWHERE rollup_address = $1\n  AND validator_address = $2\n  AND slot = $3\n  AND duty_type = $4\n  AND block_index_within_checkpoint = $5\n  AND status = 'signing'\n  AND lock_token = $6;\n";
 /**
  * Query to clean up old signed duties (for maintenance)
  * Removes signed duties older than a specified timestamp
@@ -61,14 +65,21 @@ export declare const DELETE_DUTY = "\nDELETE FROM validator_duties\nWHERE valida
 export declare const CLEANUP_OLD_SIGNED_DUTIES = "\nDELETE FROM validator_duties\nWHERE status = 'signed'\n  AND completed_at < $1;\n";
 /**
  * Query to clean up old duties (for maintenance)
- * Removes duties older than a specified timestamp
+ * Removes SIGNED duties older than a specified age (in milliseconds)
  */
-export declare const CLEANUP_OLD_DUTIES = "\nDELETE FROM validator_duties\nWHERE status IN ('signing', 'signed', 'failed')\n  AND started_at < $1;\n";
+export declare const CLEANUP_OLD_DUTIES = "\nDELETE FROM validator_duties\nWHERE status = 'signed'\n  AND started_at < CURRENT_TIMESTAMP - ($1 || ' milliseconds')::INTERVAL;\n";
 /**
  * Query to cleanup own stuck duties
  * Removes duties in 'signing' status for a specific node that are older than maxAgeMs
+ * Uses DB's CURRENT_TIMESTAMP to avoid clock skew issues between nodes
+ */
+export declare const CLEANUP_OWN_STUCK_DUTIES = "\nDELETE FROM validator_duties\nWHERE node_id = $1\n  AND status = 'signing'\n  AND started_at < CURRENT_TIMESTAMP - ($2 || ' milliseconds')::INTERVAL;\n";
+/**
+ * Query to cleanup duties with outdated rollup address
+ * Removes all duties where the rollup address doesn't match the current one
+ * Used after a rollup upgrade to clean up duties for the old rollup
  */
-export declare const CLEANUP_OWN_STUCK_DUTIES = "\nDELETE FROM validator_duties\nWHERE node_id = $1\n  AND status = 'signing'\n  AND started_at < $2;\n";
+export declare const CLEANUP_OUTDATED_ROLLUP_DUTIES = "\nDELETE FROM validator_duties\nWHERE rollup_address != $1;\n";
 /**
  * SQL to drop the validator_duties table
  */
@@ -81,5 +92,5 @@ export declare const DROP_SCHEMA_VERSION_TABLE = "DROP TABLE IF EXISTS schema_ve
  * Query to get stuck duties (for monitoring/alerting)
  * Returns duties in 'signing' status that have been stuck for too long
  */
-export declare const GET_STUCK_DUTIES = "\nSELECT\n  validator_address,\n  slot,\n  block_number,\n  duty_type,\n  status,\n  message_hash,\n  node_id,\n  started_at,\n  EXTRACT(EPOCH FROM (CURRENT_TIMESTAMP - started_at)) as age_seconds\nFROM validator_duties\nWHERE status = 'signing'\n  AND started_at < $1\nORDER BY started_at ASC;\n";
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2NoZW1hLmQudHMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvZGIvc2NoZW1hLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOzs7Ozs7R0FNRztBQUVIOztHQUVHO0FBQ0gsZUFBTyxNQUFNLGNBQWMsSUFBSSxDQUFDO0FBRWhDOztHQUVHO0FBQ0gsZUFBTyxNQUFNLDZCQUE2QixpdEJBa0J6QyxDQUFDO0FBRUY7O0dBRUc7QUFDSCxlQUFPLE1BQU0sbUJBQW1CLHlHQUcvQixDQUFDO0FBRUY7O0dBRUc7QUFDSCxlQUFPLE1BQU0saUJBQWlCLHdHQUc3QixDQUFDO0FBRUY7O0dBRUc7QUFDSCxlQUFPLE1BQU0sMkJBQTJCLG1KQUt2QyxDQUFDO0FBRUY7O0dBRUc7QUFDSCxlQUFPLE1BQU0scUJBQXFCLDZGQUlqQyxDQUFDO0FBRUY7O0dBRUc7QUFDSCxlQUFPLE1BQU0sWUFBWSw0akNBS2YsQ0FBQztBQUVYOztHQUVHO0FBQ0gsZUFBTyxNQUFNLGtCQUFrQiwwRUFFOUIsQ0FBQztBQUVGOzs7Ozs7R0FNRztBQUNILGVBQU8sTUFBTSxrQkFBa0IsMDhCQWtEOUIsQ0FBQztBQUVGOztHQUVHO0FBQ0gsZUFBTyxNQUFNLGtCQUFrQiwwT0FVOUIsQ0FBQztBQUVGOzs7R0FHRztBQUNILGVBQU8sTUFBTSxXQUFXLDRKQU92QixDQUFDO0FBRUY7OztHQUdHO0FBQ0gsZUFBTyxNQUFNLHlCQUF5Qix3RkFJckMsQ0FBQztBQUVGOzs7R0FHRztBQUNILGVBQU8sTUFBTSxrQkFBa0IsOEdBSTlCLENBQUM7QUFFRjs7O0dBR0c7QUFDSCxlQUFPLE1BQU0sd0JBQXdCLDJHQUtwQyxDQUFDO0FBRUY7O0dBRUc7QUFDSCxlQUFPLE1BQU0sMkJBQTJCLDJDQUEyQyxDQUFDO0FBRXBGOztHQUVHO0FBQ0gsZUFBTyxNQUFNLHlCQUF5Qix5Q0FBeUMsQ0FBQztBQUVoRjs7O0dBR0c7QUFDSCxlQUFPLE1BQU0sZ0JBQWdCLDZTQWU1QixDQUFDIn0=
+export declare const GET_STUCK_DUTIES = "\nSELECT\n  rollup_address,\n  validator_address,\n  slot,\n  block_number,\n  block_index_within_checkpoint,\n  duty_type,\n  status,\n  message_hash,\n  node_id,\n  started_at,\n  EXTRACT(EPOCH FROM (CURRENT_TIMESTAMP - started_at)) as age_seconds\nFROM validator_duties\nWHERE status = 'signing'\n  AND started_at < $1\nORDER BY started_at ASC;\n";
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2NoZW1hLmQudHMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvZGIvc2NoZW1hLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOzs7Ozs7R0FNRztBQUVIOztHQUVHO0FBQ0gsZUFBTyxNQUFNLGNBQWMsSUFBSSxDQUFDO0FBRWhDOztHQUVHO0FBQ0gsZUFBTyxNQUFNLDZCQUE2QixzNUJBb0J6QyxDQUFDO0FBRUY7O0dBRUc7QUFDSCxlQUFPLE1BQU0sbUJBQW1CLHlHQUcvQixDQUFDO0FBRUY7O0dBRUc7QUFDSCxlQUFPLE1BQU0saUJBQWlCLHdHQUc3QixDQUFDO0FBRUY7O0dBRUc7QUFDSCxlQUFPLE1BQU0sMkJBQTJCLG1KQUt2QyxDQUFDO0FBRUY7O0dBRUc7QUFDSCxlQUFPLE1BQU0scUJBQXFCLDZGQUlqQyxDQUFDO0FBRUY7O0dBRUc7QUFDSCxlQUFPLE1BQU0sWUFBWSxpd0NBS2YsQ0FBQztBQUVYOztHQUVHO0FBQ0gsZUFBTyxNQUFNLGtCQUFrQiwwRUFFOUIsQ0FBQztBQUVGOzs7Ozs7Ozs7O0dBVUc7QUFDSCxlQUFPLE1BQU0sa0JBQWtCLDZ1Q0EwRDlCLENBQUM7QUFFRjs7R0FFRztBQUNILGVBQU8sTUFBTSxrQkFBa0IsK1NBWTlCLENBQUM7QUFFRjs7O0dBR0c7QUFDSCxlQUFPLE1BQU0sV0FBVyxpT0FTdkIsQ0FBQztBQUVGOzs7R0FHRztBQUNILGVBQU8sTUFBTSx5QkFBeUIsd0ZBSXJDLENBQUM7QUFFRjs7O0dBR0c7QUFDSCxlQUFPLE1BQU0sa0JBQWtCLHlJQUk5QixDQUFDO0FBRUY7Ozs7R0FJRztBQUNILGVBQU8sTUFBTSx3QkFBd0IsOEpBS3BDLENBQUM7QUFFRjs7OztHQUlHO0FBQ0gsZUFBTyxNQUFNLDhCQUE4QixrRUFHMUMsQ0FBQztBQUVGOztHQUVHO0FBQ0gsZUFBTyxNQUFNLDJCQUEyQiwyQ0FBMkMsQ0FBQztBQUVwRjs7R0FFRztBQUNILGVBQU8sTUFBTSx5QkFBeUIseUNBQXlDLENBQUM7QUFFaEY7OztHQUdHO0FBQ0gsZUFBTyxNQUFNLGdCQUFnQixrV0FpQjVCLENBQUMifQ==

package/dest/db/schema.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../src/db/schema.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;GAEG;AACH,eAAO,MAAM,cAAc,IAAI,CAAC;AAEhC;;GAEG;AACH,eAAO,MAAM,6BAA6B,~~itBAkBzC~~,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,mBAAmB,yGAG/B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,iBAAiB,wGAG7B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,2BAA2B,mJAKvC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,6FAIjC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,YAAY,~~4jCAKf~~,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,kBAAkB,0EAE9B,CAAC;AAEF~~;;;;;;GAMG~~;AACH,eAAO,MAAM,kBAAkB,~~08BAkD9B~~,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,kBAAkB,~~0OAU9B,~~CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,WAAW,~~4JAOvB~~,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,yBAAyB,wFAIrC,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,kBAAkB,~~8GAI9B~~,CAAC;AAEF~~;;;GAGG~~;AACH,eAAO,MAAM,wBAAwB,~~2GAKpC~~,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,2BAA2B,2CAA2C,CAAC;AAEpF;;GAEG;AACH,eAAO,MAAM,yBAAyB,yCAAyC,CAAC;AAEhF;;;GAGG;AACH,eAAO,MAAM,gBAAgB,~~6SAe5B~~,CAAC"}
1	+ {"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../src/db/schema.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;GAEG;AACH,eAAO,MAAM,cAAc,IAAI,CAAC;AAEhC;;GAEG;AACH,eAAO,MAAM,6BAA6B,s5BAoBzC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,mBAAmB,yGAG/B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,iBAAiB,wGAG7B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,2BAA2B,mJAKvC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,6FAIjC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,YAAY,iwCAKf,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,kBAAkB,0EAE9B,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,kBAAkB,6uCA0D9B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,kBAAkB,+SAY9B,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,WAAW,iOASvB,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,yBAAyB,wFAIrC,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,kBAAkB,yIAI9B,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,wBAAwB,8JAKpC,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,8BAA8B,kEAG1C,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,2BAA2B,2CAA2C,CAAC;AAEpF;;GAEG;AACH,eAAO,MAAM,yBAAyB,yCAAyC,CAAC;AAEhF;;;GAGG;AACH,eAAO,MAAM,gBAAgB,kWAiB5B,CAAC"}