@aztec/validator-ha-signer 0.0.1-commit.ffe5b04ea → 0.0.1-commit.fff30aa

package/src/slashing_protection_service.ts

@@ -7,8 +7,6 @@
 import { type Logger, createLogger } from '@aztec/foundation/log';
 import { RunningPromise } from '@aztec/foundation/promise';
 import { sleep } from '@aztec/foundation/sleep';
-import type { DateProvider } from '@aztec/foundation/timer';
-import type { BaseSignerConfig } from '@aztec/stdlib/ha-signing';
 
 import {
   type CheckAndRecordParams,
@@ -18,13 +16,7 @@ import {
   getBlockIndexFromDutyIdentifier,
 } from './db/types.js';
 import { DutyAlreadySignedError, SlashingProtectionError } from './errors.js';
-import type { HASignerMetrics } from './metrics.js';
-import type { SlashingProtectionDatabase } from './types.js';
-
-export interface SlashingProtectionServiceDeps {
-  metrics: HASignerMetrics;
-  dateProvider: DateProvider;
-}
+import type { SlashingProtectionDatabase, ValidatorHASignerConfig } from './types.js';
 
 /**
  * Slashing Protection Service
@@ -47,16 +39,12 @@ export class SlashingProtectionService {
   private readonly signingTimeoutMs: number;
   private readonly maxStuckDutiesAgeMs: number;
 
-  private readonly metrics: HASignerMetrics;
-  private readonly dateProvider: DateProvider;
-
   private cleanupRunningPromise: RunningPromise;
   private lastOldDutiesCleanupAtMs?: number;
 
   constructor(
     private readonly db: SlashingProtectionDatabase,
-    private readonly config: BaseSignerConfig,
-    deps: SlashingProtectionServiceDeps,
+    private readonly config: ValidatorHASignerConfig,
   ) {
     this.log = createLogger('slashing-protection');
     this.pollingIntervalMs = config.pollingIntervalMs;
@@ -65,8 +53,6 @@ export class SlashingProtectionService {
     this.maxStuckDutiesAgeMs = config.maxStuckDutiesAgeMs ?? 144_000;
 
     this.cleanupRunningPromise = new RunningPromise(this.cleanup.bind(this), this.log, this.maxStuckDutiesAgeMs);
-    this.metrics = deps.metrics;
-    this.dateProvider = deps.dateProvider;
   }
 
   /**
@@ -86,7 +72,7 @@ export class SlashingProtectionService {
    */
   async checkAndRecord(params: CheckAndRecordParams): Promise<string> {
     const { validatorAddress, slot, dutyType, messageHash, nodeId } = params;
-    const startTime = this.dateProvider.now();
+    const startTime = Date.now();
 
     this.log.debug(`Checking duty: ${dutyType} for slot ${slot}`, {
       validatorAddress: validatorAddress.toString(),
@@ -99,11 +85,10 @@ export class SlashingProtectionService {
 
       if (isNew) {
         // We successfully acquired the lock
-        this.log.info(`Acquired lock for duty ${dutyType} at slot ${slot}`, {
+        this.log.verbose(`Acquired lock for duty ${dutyType} at slot ${slot}`, {
           validatorAddress: validatorAddress.toString(),
           nodeId,
         });
-        this.metrics.recordLockAcquire(true);
         return record.lockToken;
       }
 
@@ -118,7 +103,6 @@ export class SlashingProtectionService {
             existingNodeId: record.nodeId,
             attemptingNodeId: nodeId,
           });
-          this.metrics.recordSlashingProtection(dutyType);
           throw new SlashingProtectionError(
             slot,
             dutyType,
@@ -128,17 +112,15 @@ export class SlashingProtectionService {
             record.nodeId,
           );
         }
-        this.metrics.recordDutyAlreadySigned(dutyType);
         throw new DutyAlreadySignedError(slot, dutyType, record.blockIndexWithinCheckpoint, record.nodeId);
       } else if (record.status === DutyStatus.SIGNING) {
         // Another node is currently signing - check for timeout
-        if (this.dateProvider.now() - startTime > this.signingTimeoutMs) {
+        if (Date.now() - startTime > this.signingTimeoutMs) {
           this.log.warn(`Timeout waiting for signing to complete for duty ${dutyType} at slot ${slot}`, {
             validatorAddress: validatorAddress.toString(),
             timeoutMs: this.signingTimeoutMs,
             signingNodeId: record.nodeId,
           });
-          this.metrics.recordDutyAlreadySigned(dutyType);
           throw new DutyAlreadySignedError(slot, dutyType, record.blockIndexWithinCheckpoint, 'unknown (timeout)');
         }
 
@@ -177,7 +159,7 @@ export class SlashingProtectionService {
     );
 
     if (success) {
-      this.log.info(`Recorded successful signing for duty ${dutyType} at slot ${slot}`, {
+      this.log.verbose(`Recorded successful signing for duty ${dutyType} at slot ${slot}`, {
         validatorAddress: validatorAddress.toString(),
         nodeId,
       });
@@ -246,7 +228,6 @@ export class SlashingProtectionService {
       this.log.info(`Cleaned up ${numOutdatedRollupDuties} duties with outdated rollup address at startup`, {
         currentRollupAddress: this.config.l1Contracts.rollupAddress.toString(),
       });
-      this.metrics.recordCleanup('outdated_rollup', numOutdatedRollupDuties);
     }
 
     this.cleanupRunningPromise.start();
@@ -282,14 +263,13 @@ export class SlashingProtectionService {
         nodeId: this.config.nodeId,
         maxStuckDutiesAgeMs: this.maxStuckDutiesAgeMs,
       });
-      this.metrics.recordCleanup('stuck', numStuckDuties);
     }
 
     // 2. Clean up old signed duties if configured
     // we shouldn't run this as often as stuck duty cleanup.
     if (this.config.cleanupOldDutiesAfterHours !== undefined) {
       const maxAgeMs = this.config.cleanupOldDutiesAfterHours * 60 * 60 * 1000;
-      const nowMs = this.dateProvider.now();
+      const nowMs = Date.now();
       const shouldRun =
         this.lastOldDutiesCleanupAtMs === undefined || nowMs - this.lastOldDutiesCleanupAtMs >= maxAgeMs;
       if (shouldRun) {
@@ -300,7 +280,6 @@ export class SlashingProtectionService {
             cleanupOldDutiesAfterHours: this.config.cleanupOldDutiesAfterHours,
             maxAgeMs,
           });
-          this.metrics.recordCleanup('old', numOldDuties);
         }
       }
     }

package/src/types.ts

@@ -1,27 +1,24 @@
-import { SlotNumber } from '@aztec/foundation/branded-types';
-import type { EthAddress } from '@aztec/foundation/eth-address';
-import { DateProvider } from '@aztec/foundation/timer';
 import {
-  DutyType,
-  type HAProtectedSigningContext,
-  type SigningContext,
-  type ValidatorHASignerConfig,
-  getBlockNumberFromSigningContext as getBlockNumberFromSigningContextFromStdlib,
-  isHAProtectedContext,
-} from '@aztec/stdlib/ha-signing';
-import type { TelemetryClient } from '@aztec/telemetry-client';
+  BlockNumber,
+  type CheckpointNumber,
+  type IndexWithinCheckpoint,
+  type SlotNumber,
+} from '@aztec/foundation/branded-types';
+import type { EthAddress } from '@aztec/foundation/eth-address';
 
 import type { Pool } from 'pg';
 
-import type {
-  BlockProposalDutyIdentifier,
-  CheckAndRecordParams,
-  DeleteDutyParams,
-  DutyIdentifier,
-  DutyRow,
-  OtherDutyIdentifier,
-  RecordSuccessParams,
-  ValidatorDutyRecord,
+import type { ValidatorHASignerConfig } from './config.js';
+import {
+  type BlockProposalDutyIdentifier,
+  type CheckAndRecordParams,
+  type DeleteDutyParams,
+  type DutyIdentifier,
+  type DutyRow,
+  DutyType,
+  type OtherDutyIdentifier,
+  type RecordSuccessParams,
+  type ValidatorDutyRecord,
 } from './db/types.js';
 
 export type {
@@ -30,16 +27,12 @@ export type {
   DeleteDutyParams,
   DutyIdentifier,
   DutyRow,
-  HAProtectedSigningContext,
   OtherDutyIdentifier,
   RecordSuccessParams,
-  SigningContext,
   ValidatorDutyRecord,
   ValidatorHASignerConfig,
 };
 export { DutyStatus, DutyType, getBlockIndexFromDutyIdentifier, normalizeBlockIndex } from './db/types.js';
-export { isHAProtectedContext };
-export { getBlockNumberFromSigningContextFromStdlib as getBlockNumberFromSigningContext };
 
 /**
  * Result of tryInsertOrGetExisting operation
@@ -60,20 +53,99 @@ export interface CreateHASignerDeps {
    * If provided, databaseUrl and poolConfig are ignored
    */
   pool?: Pool;
+}
+
+/**
+ * Base context for signing operations
+ */
+interface BaseSigningContext {
+  /** Slot number for this duty */
+  slot: SlotNumber;
   /**
-   * Optional telemetry client for metrics
-   */
-  telemetryClient?: TelemetryClient;
-  /**
-   * Optional date provider for timestamps
+   * Block or checkpoint number for this duty.
+   * For block proposals, this is the block number.
+   * For checkpoint proposals, this is the checkpoint number.
    */
-  dateProvider?: DateProvider;
+  blockNumber: BlockNumber | CheckpointNumber;
+}
+
+/**
+ * Signing context for block proposals.
+ * blockIndexWithinCheckpoint is REQUIRED and must be >= 0.
+ */
+export interface BlockProposalSigningContext extends BaseSigningContext {
+  /** Block index within checkpoint (0, 1, 2...). Required for block proposals. */
+  blockIndexWithinCheckpoint: IndexWithinCheckpoint;
+  dutyType: DutyType.BLOCK_PROPOSAL;
+}
+
+/**
+ * Signing context for non-block-proposal duties that require HA protection.
+ * blockIndexWithinCheckpoint is not applicable (internally always -1).
+ */
+export interface OtherSigningContext extends BaseSigningContext {
+  dutyType: DutyType.CHECKPOINT_PROPOSAL | DutyType.ATTESTATION | DutyType.ATTESTATIONS_AND_SIGNERS;
+}
+
+/**
+ * Signing context for governance/slashing votes which only need slot for HA protection.
+ * blockNumber is not applicable (internally always 0).
+ */
+export interface VoteSigningContext {
+  slot: SlotNumber;
+  dutyType: DutyType.GOVERNANCE_VOTE | DutyType.SLASHING_VOTE;
+}
+
+/**
+ * Signing context for duties which don't require slot/blockNumber
+ * as they don't need HA protection (AUTH_REQUEST, TXS).
+ */
+export interface NoHAProtectionSigningContext {
+  dutyType: DutyType.AUTH_REQUEST | DutyType.TXS;
+}
+
+/**
+ * Signing contexts that require HA protection (excludes AUTH_REQUEST).
+ * Used by the HA signer's signWithProtection method.
+ */
+export type HAProtectedSigningContext = BlockProposalSigningContext | OtherSigningContext | VoteSigningContext;
+
+/**
+ * Type guard to check if a SigningContext requires HA protection.
+ * Returns true for contexts that need HA protection, false for AUTH_REQUEST and TXS.
+ */
+export function isHAProtectedContext(context: SigningContext): context is HAProtectedSigningContext {
+  return context.dutyType !== DutyType.AUTH_REQUEST && context.dutyType !== DutyType.TXS;
+}
+
+/**
+ * Gets the block number from a signing context.
+ * - Vote duties (GOVERNANCE_VOTE, SLASHING_VOTE): returns BlockNumber(0)
+ * - Other duties: returns the blockNumber from the context
+ */
+export function getBlockNumberFromSigningContext(context: HAProtectedSigningContext): BlockNumber | CheckpointNumber {
+  // Check for duty types that have blockNumber
+  if (
+    context.dutyType === DutyType.BLOCK_PROPOSAL ||
+    context.dutyType === DutyType.CHECKPOINT_PROPOSAL ||
+    context.dutyType === DutyType.ATTESTATION ||
+    context.dutyType === DutyType.ATTESTATIONS_AND_SIGNERS
+  ) {
+    return context.blockNumber;
+  }
+  // Vote duties (GOVERNANCE_VOTE, SLASHING_VOTE) don't have blockNumber
+  return BlockNumber(0);
 }
 
 /**
- * deps for creating a local signing protection signer
+ * Context required for slashing protection during signing operations.
+ * Uses discriminated union to enforce type safety:
+ * - BLOCK_PROPOSAL duties MUST have blockIndexWithinCheckpoint >= 0
+ * - Other duty types do NOT have blockIndexWithinCheckpoint (internally -1)
+ * - Vote duties only need slot (blockNumber is internally 0)
+ * - AUTH_REQUEST and TXS duties don't need slot/blockNumber (no HA protection needed)
  */
-export type CreateLocalSignerWithProtectionDeps = Omit<CreateHASignerDeps, 'pool'>;
+export type SigningContext = HAProtectedSigningContext | NoHAProtectionSigningContext;
 
 /**
  * Database interface for slashing protection operations

package/src/validator_ha_signer.ts

@@ -9,23 +9,15 @@ import type { Buffer32 } from '@aztec/foundation/buffer';
 import { EthAddress } from '@aztec/foundation/eth-address';
 import type { Signature } from '@aztec/foundation/eth-signature';
 import { type Logger, createLogger } from '@aztec/foundation/log';
-import type { DateProvider } from '@aztec/foundation/timer';
+
+import type { ValidatorHASignerConfig } from './config.js';
+import { type DutyIdentifier, DutyType } from './db/types.js';
+import { SlashingProtectionService } from './slashing_protection_service.js';
 import {
-  type BaseSignerConfig,
-  DutyType,
   type HAProtectedSigningContext,
+  type SlashingProtectionDatabase,
   getBlockNumberFromSigningContext,
-} from '@aztec/stdlib/ha-signing';
-
-import type { DutyIdentifier } from './db/types.js';
-import type { HASignerMetrics } from './metrics.js';
-import { SlashingProtectionService } from './slashing_protection_service.js';
-import type { SlashingProtectionDatabase } from './types.js';
-
-export interface ValidatorHASignerDeps {
-  metrics: HASignerMetrics;
-  dateProvider: DateProvider;
-}
+} from './types.js';
 
 /**
  * Validator High Availability Signer
@@ -51,27 +43,22 @@ export class ValidatorHASigner {
   private readonly slashingProtection: SlashingProtectionService;
   private readonly rollupAddress: EthAddress;
 
-  private readonly dateProvider: DateProvider;
-  private readonly metrics: HASignerMetrics;
-
   constructor(
     db: SlashingProtectionDatabase,
-    private readonly config: BaseSignerConfig,
-    deps: ValidatorHASignerDeps,
+    private readonly config: ValidatorHASignerConfig,
   ) {
     this.log = createLogger('validator-ha-signer');
 
-    this.metrics = deps.metrics;
-    this.dateProvider = deps.dateProvider;
+    if (!config.haSigningEnabled) {
+      // this shouldn't happen, the validator should use different signer for non-HA setups
+      throw new Error('Validator HA Signer is not enabled in config');
+    }
 
     if (!config.nodeId || config.nodeId === '') {
       throw new Error('NODE_ID is required for high-availability setups');
     }
     this.rollupAddress = config.l1Contracts.rollupAddress;
-    this.slashingProtection = new SlashingProtectionService(db, config, {
-      metrics: deps.metrics,
-      dateProvider: deps.dateProvider,
-    });
+    this.slashingProtection = new SlashingProtectionService(db, config);
     this.log.info('Validator HA Signer initialized with slashing protection', {
       nodeId: config.nodeId,
       rollupAddress: this.rollupAddress.toString(),
@@ -101,9 +88,6 @@ export class ValidatorHASigner {
     context: HAProtectedSigningContext,
     signFn: (messageHash: Buffer32) => Promise<Signature>,
   ): Promise<Signature> {
-    const startTime = this.dateProvider.now();
-    const dutyType = context.dutyType;
-
     let dutyIdentifier: DutyIdentifier;
     if (context.dutyType === DutyType.BLOCK_PROPOSAL) {
       dutyIdentifier = {
@@ -123,7 +107,6 @@ export class ValidatorHASigner {
     }
 
     // Acquire lock and get the token for ownership verification
-    // DutyAlreadySignedError and SlashingProtectionError may be thrown here and are recorded in the service
     const blockNumber = getBlockNumberFromSigningContext(context);
     const lockToken = await this.slashingProtection.checkAndRecord({
       ...dutyIdentifier,
@@ -139,7 +122,6 @@ export class ValidatorHASigner {
     } catch (error: any) {
       // Delete duty to allow retry (only succeeds if we own the lock)
       await this.slashingProtection.deleteDuty({ ...dutyIdentifier, lockToken });
-      this.metrics.recordSigningError(dutyType);
       throw error;
     }
 
@@ -151,9 +133,6 @@ export class ValidatorHASigner {
       lockToken,
     });
 
-    const duration = this.dateProvider.now() - startTime;
-    this.metrics.recordSigningSuccess(dutyType, duration);
-
     return signature;
   }
 

package/dest/db/lmdb.d.ts

@@ -1,66 +0,0 @@
-/**
- * LMDB implementation of SlashingProtectionDatabase
- *
- * Provides local (single-node) double-signing protection using LMDB as the backend.
- * Suitable for nodes that do NOT run in a high-availability multi-node setup.
- *
- * The LMDB store is single-writer, making setIfNotExists inherently atomic.
- * This means we get crash-restart protection without needing an external database.
- */
-import { SlotNumber } from '@aztec/foundation/branded-types';
-import { EthAddress } from '@aztec/foundation/eth-address';
-import type { DateProvider } from '@aztec/foundation/timer';
-import type { AztecAsyncKVStore } from '@aztec/kv-store';
-import type { SlashingProtectionDatabase, TryInsertOrGetResult } from '../types.js';
-import { type CheckAndRecordParams, DutyType } from './types.js';
-/**
- * LMDB-backed implementation of SlashingProtectionDatabase.
- *
- * Provides single-node double-signing protection that survives crashes and restarts.
- * Does not provide cross-node coordination (that requires the PostgreSQL implementation).
- */
-export declare class LmdbSlashingProtectionDatabase implements SlashingProtectionDatabase {
-    private readonly store;
-    private readonly dateProvider;
-    static readonly SCHEMA_VERSION = 1;
-    private readonly duties;
-    private readonly log;
-    constructor(store: AztecAsyncKVStore, dateProvider: DateProvider);
-    /**
-     * Atomically try to insert a new duty record, or get the existing one if present.
-     *
-     * LMDB is single-writer so the read-then-write inside transactionAsync is naturally atomic.
-     */
-    tryInsertOrGetExisting(params: CheckAndRecordParams): Promise<TryInsertOrGetResult>;
-    /**
-     * Update a duty to 'signed' status with the signature.
-     * Only succeeds if the lockToken matches.
-     */
-    updateDutySigned(rollupAddress: EthAddress, validatorAddress: EthAddress, slot: SlotNumber, dutyType: DutyType, signature: string, lockToken: string, blockIndexWithinCheckpoint: number): Promise<boolean>;
-    /**
-     * Delete a duty record.
-     * Only succeeds if the lockToken matches.
-     */
-    deleteDuty(rollupAddress: EthAddress, validatorAddress: EthAddress, slot: SlotNumber, dutyType: DutyType, lockToken: string, blockIndexWithinCheckpoint: number): Promise<boolean>;
-    /**
-     * Cleanup own stuck duties (SIGNING status older than maxAgeMs).
-     */
-    cleanupOwnStuckDuties(nodeId: string, maxAgeMs: number): Promise<number>;
-    /**
-     * Cleanup duties with outdated rollup address.
-     *
-     * This is always a no-op for the LMDB implementation: the underlying store is created via
-     * DatabaseVersionManager (in factory.ts), which already resets the entire data directory at
-     * startup whenever the rollup address changes.
-     */
-    cleanupOutdatedRollupDuties(_currentRollupAddress: EthAddress): Promise<number>;
-    /**
-     * Cleanup old signed duties older than maxAgeMs.
-     */
-    cleanupOldDuties(maxAgeMs: number): Promise<number>;
-    /**
-     * Close the underlying LMDB store.
-     */
-    close(): Promise<void>;
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibG1kYi5kLnRzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL2RiL2xtZGIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7Ozs7Ozs7O0dBUUc7QUFDSCxPQUFPLEVBQUUsVUFBVSxFQUFFLE1BQU0saUNBQWlDLENBQUM7QUFFN0QsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLCtCQUErQixDQUFDO0FBRTNELE9BQU8sS0FBSyxFQUFFLFlBQVksRUFBRSxNQUFNLHlCQUF5QixDQUFDO0FBQzVELE9BQU8sS0FBSyxFQUFFLGlCQUFpQixFQUFpQixNQUFNLGlCQUFpQixDQUFDO0FBRXhFLE9BQU8sS0FBSyxFQUFFLDBCQUEwQixFQUFFLG9CQUFvQixFQUFFLE1BQU0sYUFBYSxDQUFDO0FBQ3BGLE9BQU8sRUFDTCxLQUFLLG9CQUFvQixFQUV6QixRQUFRLEVBSVQsTUFBTSxZQUFZLENBQUM7QUFZcEI7Ozs7O0dBS0c7QUFDSCxxQkFBYSw4QkFBK0IsWUFBVywwQkFBMEI7SUFPN0UsT0FBTyxDQUFDLFFBQVEsQ0FBQyxLQUFLO0lBQ3RCLE9BQU8sQ0FBQyxRQUFRLENBQUMsWUFBWTtJQVAvQixnQkFBdUIsY0FBYyxLQUFLO0lBRTFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUEwQztJQUNqRSxPQUFPLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBUztJQUU3QixZQUNtQixLQUFLLEVBQUUsaUJBQWlCLEVBQ3hCLFlBQVksRUFBRSxZQUFZLEVBSTVDO0lBRUQ7Ozs7T0FJRztJQUNVLHNCQUFzQixDQUFDLE1BQU0sRUFBRSxvQkFBb0IsR0FBRyxPQUFPLENBQUMsb0JBQW9CLENBQUMsQ0E0Qy9GO0lBRUQ7OztPQUdHO0lBQ0ksZ0JBQWdCLENBQ3JCLGFBQWEsRUFBRSxVQUFVLEVBQ3pCLGdCQUFnQixFQUFFLFVBQVUsRUFDNUIsSUFBSSxFQUFFLFVBQVUsRUFDaEIsUUFBUSxFQUFFLFFBQVEsRUFDbEIsU0FBUyxFQUFFLE1BQU0sRUFDakIsU0FBUyxFQUFFLE1BQU0sRUFDakIsMEJBQTBCLEVBQUUsTUFBTSxHQUNqQyxPQUFPLENBQUMsT0FBTyxDQUFDLENBMENsQjtJQUVEOzs7T0FHRztJQUNJLFVBQVUsQ0FDZixhQUFhLEVBQUUsVUFBVSxFQUN6QixnQkFBZ0IsRUFBRSxVQUFVLEVBQzVCLElBQUksRUFBRSxVQUFVLEVBQ2hCLFFBQVEsRUFBRSxRQUFRLEVBQ2xCLFNBQVMsRUFBRSxNQUFNLEVBQ2pCLDBCQUEwQixFQUFFLE1BQU0sR0FDakMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxDQXlCbEI7SUFFRDs7T0FFRztJQUNJLHFCQUFxQixDQUFDLE1BQU0sRUFBRSxNQUFNLEVBQUUsUUFBUSxFQUFFLE1BQU0sR0FBRyxPQUFPLENBQUMsTUFBTSxDQUFDLENBZTlFO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksMkJBQTJCLENBQUMscUJBQXFCLEVBQUUsVUFBVSxHQUFHLE9BQU8sQ0FBQyxNQUFNLENBQUMsQ0FFckY7SUFFRDs7T0FFRztJQUNJLGdCQUFnQixDQUFDLFFBQVEsRUFBRSxNQUFNLEdBQUcsT0FBTyxDQUFDLE1BQU0sQ0FBQyxDQW1CekQ7SUFFRDs7T0FFRztJQUNVLEtBQUssSUFBSSxPQUFPLENBQUMsSUFBSSxDQUFDLENBR2xDO0NBQ0YifQ==

package/dest/db/lmdb.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"lmdb.d.ts","sourceRoot":"","sources":["../../src/db/lmdb.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AACH,OAAO,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAE7D,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAE3D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,KAAK,EAAE,iBAAiB,EAAiB,MAAM,iBAAiB,CAAC;AAExE,OAAO,KAAK,EAAE,0BAA0B,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACpF,OAAO,EACL,KAAK,oBAAoB,EAEzB,QAAQ,EAIT,MAAM,YAAY,CAAC;AAYpB;;;;;GAKG;AACH,qBAAa,8BAA+B,YAAW,0BAA0B;IAO7E,OAAO,CAAC,QAAQ,CAAC,KAAK;IACtB,OAAO,CAAC,QAAQ,CAAC,YAAY;IAP/B,gBAAuB,cAAc,KAAK;IAE1C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA0C;IACjE,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAS;IAE7B,YACmB,KAAK,EAAE,iBAAiB,EACxB,YAAY,EAAE,YAAY,EAI5C;IAED;;;;OAIG;IACU,sBAAsB,CAAC,MAAM,EAAE,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,CAAC,CA4C/F;IAED;;;OAGG;IACI,gBAAgB,CACrB,aAAa,EAAE,UAAU,EACzB,gBAAgB,EAAE,UAAU,EAC5B,IAAI,EAAE,UAAU,EAChB,QAAQ,EAAE,QAAQ,EAClB,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,EACjB,0BAA0B,EAAE,MAAM,GACjC,OAAO,CAAC,OAAO,CAAC,CA0ClB;IAED;;;OAGG;IACI,UAAU,CACf,aAAa,EAAE,UAAU,EACzB,gBAAgB,EAAE,UAAU,EAC5B,IAAI,EAAE,UAAU,EAChB,QAAQ,EAAE,QAAQ,EAClB,SAAS,EAAE,MAAM,EACjB,0BAA0B,EAAE,MAAM,GACjC,OAAO,CAAC,OAAO,CAAC,CAyBlB;IAED;;OAEG;IACI,qBAAqB,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAe9E;IAED;;;;;;OAMG;IACI,2BAA2B,CAAC,qBAAqB,EAAE,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAErF;IAED;;OAEG;IACI,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAmBzD;IAED;;OAEG;IACU,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAGlC;CACF"}

package/dest/db/lmdb.js

@@ -1,188 +0,0 @@
-/**
- * LMDB implementation of SlashingProtectionDatabase
- *
- * Provides local (single-node) double-signing protection using LMDB as the backend.
- * Suitable for nodes that do NOT run in a high-availability multi-node setup.
- *
- * The LMDB store is single-writer, making setIfNotExists inherently atomic.
- * This means we get crash-restart protection without needing an external database.
- */ import { randomBytes } from '@aztec/foundation/crypto/random';
-import { createLogger } from '@aztec/foundation/log';
-import { DutyStatus, getBlockIndexFromDutyIdentifier, recordFromFields } from './types.js';
-function dutyKey(rollupAddress, validatorAddress, slot, dutyType, blockIndexWithinCheckpoint) {
-    return `${rollupAddress}:${validatorAddress}:${slot}:${dutyType}:${blockIndexWithinCheckpoint}`;
-}
-/**
- * LMDB-backed implementation of SlashingProtectionDatabase.
- *
- * Provides single-node double-signing protection that survives crashes and restarts.
- * Does not provide cross-node coordination (that requires the PostgreSQL implementation).
- */ export class LmdbSlashingProtectionDatabase {
-    store;
-    dateProvider;
-    static SCHEMA_VERSION = 1;
-    duties;
-    log;
-    constructor(store, dateProvider){
-        this.store = store;
-        this.dateProvider = dateProvider;
-        this.log = createLogger('slashing-protection:lmdb');
-        this.duties = store.openMap('signing-protection-duties');
-    }
-    /**
-   * Atomically try to insert a new duty record, or get the existing one if present.
-   *
-   * LMDB is single-writer so the read-then-write inside transactionAsync is naturally atomic.
-   */ async tryInsertOrGetExisting(params) {
-        const blockIndexWithinCheckpoint = getBlockIndexFromDutyIdentifier(params);
-        const key = dutyKey(params.rollupAddress.toString(), params.validatorAddress.toString(), params.slot.toString(), params.dutyType, blockIndexWithinCheckpoint);
-        const lockToken = randomBytes(16).toString('hex');
-        const now = this.dateProvider.now();
-        const result = await this.store.transactionAsync(async ()=>{
-            const existing = await this.duties.getAsync(key);
-            if (existing) {
-                return {
-                    isNew: false,
-                    record: {
-                        ...existing,
-                        lockToken: ''
-                    }
-                };
-            }
-            const newRecord = {
-                rollupAddress: params.rollupAddress.toString(),
-                validatorAddress: params.validatorAddress.toString(),
-                slot: params.slot.toString(),
-                blockNumber: params.blockNumber.toString(),
-                blockIndexWithinCheckpoint,
-                dutyType: params.dutyType,
-                status: DutyStatus.SIGNING,
-                messageHash: params.messageHash,
-                nodeId: params.nodeId,
-                lockToken,
-                startedAtMs: now
-            };
-            await this.duties.set(key, newRecord);
-            return {
-                isNew: true,
-                record: newRecord
-            };
-        });
-        if (result.isNew) {
-            this.log.debug(`Acquired lock for duty ${params.dutyType} at slot ${params.slot}`, {
-                validatorAddress: params.validatorAddress.toString(),
-                nodeId: params.nodeId
-            });
-        }
-        return {
-            isNew: result.isNew,
-            record: recordFromFields(result.record)
-        };
-    }
-    /**
-   * Update a duty to 'signed' status with the signature.
-   * Only succeeds if the lockToken matches.
-   */ updateDutySigned(rollupAddress, validatorAddress, slot, dutyType, signature, lockToken, blockIndexWithinCheckpoint) {
-        const key = dutyKey(rollupAddress.toString(), validatorAddress.toString(), slot.toString(), dutyType, blockIndexWithinCheckpoint);
-        return this.store.transactionAsync(async ()=>{
-            const existing = await this.duties.getAsync(key);
-            if (!existing) {
-                this.log.warn('Failed to update duty to signed: duty not found', {
-                    rollupAddress: rollupAddress.toString(),
-                    validatorAddress: validatorAddress.toString(),
-                    slot: slot.toString(),
-                    dutyType,
-                    blockIndexWithinCheckpoint
-                });
-                return false;
-            }
-            if (existing.lockToken !== lockToken) {
-                this.log.warn('Failed to update duty to signed: invalid token', {
-                    rollupAddress: rollupAddress.toString(),
-                    validatorAddress: validatorAddress.toString(),
-                    slot: slot.toString(),
-                    dutyType,
-                    blockIndexWithinCheckpoint
-                });
-                return false;
-            }
-            await this.duties.set(key, {
-                ...existing,
-                status: DutyStatus.SIGNED,
-                signature,
-                completedAtMs: this.dateProvider.now()
-            });
-            return true;
-        });
-    }
-    /**
-   * Delete a duty record.
-   * Only succeeds if the lockToken matches.
-   */ deleteDuty(rollupAddress, validatorAddress, slot, dutyType, lockToken, blockIndexWithinCheckpoint) {
-        const key = dutyKey(rollupAddress.toString(), validatorAddress.toString(), slot.toString(), dutyType, blockIndexWithinCheckpoint);
-        return this.store.transactionAsync(async ()=>{
-            const existing = await this.duties.getAsync(key);
-            if (!existing || existing.lockToken !== lockToken) {
-                this.log.warn('Failed to delete duty: invalid token or duty not found', {
-                    rollupAddress: rollupAddress.toString(),
-                    validatorAddress: validatorAddress.toString(),
-                    slot: slot.toString(),
-                    dutyType,
-                    blockIndexWithinCheckpoint
-                });
-                return false;
-            }
-            await this.duties.delete(key);
-            return true;
-        });
-    }
-    /**
-   * Cleanup own stuck duties (SIGNING status older than maxAgeMs).
-   */ cleanupOwnStuckDuties(nodeId, maxAgeMs) {
-        const cutoffMs = this.dateProvider.now() - maxAgeMs;
-        return this.store.transactionAsync(async ()=>{
-            const keysToDelete = [];
-            for await (const [key, record] of this.duties.entriesAsync()){
-                if (record.nodeId === nodeId && record.status === DutyStatus.SIGNING && record.startedAtMs < cutoffMs) {
-                    keysToDelete.push(key);
-                }
-            }
-            for (const key of keysToDelete){
-                await this.duties.delete(key);
-            }
-            return keysToDelete.length;
-        });
-    }
-    /**
-   * Cleanup duties with outdated rollup address.
-   *
-   * This is always a no-op for the LMDB implementation: the underlying store is created via
-   * DatabaseVersionManager (in factory.ts), which already resets the entire data directory at
-   * startup whenever the rollup address changes.
-   */ cleanupOutdatedRollupDuties(_currentRollupAddress) {
-        return Promise.resolve(0);
-    }
-    /**
-   * Cleanup old signed duties older than maxAgeMs.
-   */ cleanupOldDuties(maxAgeMs) {
-        const cutoffMs = this.dateProvider.now() - maxAgeMs;
-        return this.store.transactionAsync(async ()=>{
-            const keysToDelete = [];
-            for await (const [key, record] of this.duties.entriesAsync()){
-                if (record.status === DutyStatus.SIGNED && record.completedAtMs !== undefined && record.completedAtMs < cutoffMs) {
-                    keysToDelete.push(key);
-                }
-            }
-            for (const key of keysToDelete){
-                await this.duties.delete(key);
-            }
-            return keysToDelete.length;
-        });
-    }
-    /**
-   * Close the underlying LMDB store.
-   */ async close() {
-        await this.store.close();
-        this.log.debug('LMDB slashing protection database closed');
-    }
-}