@aztec/validator-ha-signer 0.0.1-commit.fffb133c → 0.0.2-commit.217f559981

package/dest/validator_ha_signer.js

@@ -5,9 +5,8 @@
  * This ensures that even with multiple validator nodes running, only one
  * node will sign for a given duty (slot + duty type).
  */ import { createLogger } from '@aztec/foundation/log';
-import { DutyType } from './db/types.js';
+import { DutyType, getBlockNumberFromSigningContext } from '@aztec/stdlib/ha-signing';
 import { SlashingProtectionService } from './slashing_protection_service.js';
-import { getBlockNumberFromSigningContext } from './types.js';
 /**
  * Validator High Availability Signer
  *
@@ -30,9 +29,14 @@ import { getBlockNumberFromSigningContext } from './types.js';
     config;
     log;
     slashingProtection;
-    constructor(db, config){
+    rollupAddress;
+    dateProvider;
+    metrics;
+    constructor(db, config, deps){
         this.config = config;
         this.log = createLogger('validator-ha-signer');
+        this.metrics = deps.metrics;
+        this.dateProvider = deps.dateProvider;
         if (!config.haSigningEnabled) {
             // this shouldn't happen, the validator should use different signer for non-HA setups
             throw new Error('Validator HA Signer is not enabled in config');
@@ -40,9 +44,14 @@ import { getBlockNumberFromSigningContext } from './types.js';
         if (!config.nodeId || config.nodeId === '') {
             throw new Error('NODE_ID is required for high-availability setups');
         }
-        this.slashingProtection = new SlashingProtectionService(db, config);
+        this.rollupAddress = config.l1Contracts.rollupAddress;
+        this.slashingProtection = new SlashingProtectionService(db, config, {
+            metrics: deps.metrics,
+            dateProvider: deps.dateProvider
+        });
         this.log.info('Validator HA Signer initialized with slashing protection', {
-            nodeId: config.nodeId
+            nodeId: config.nodeId,
+            rollupAddress: this.rollupAddress.toString()
         });
     }
     /**
@@ -62,9 +71,12 @@ import { getBlockNumberFromSigningContext } from './types.js';
    * @throws DutyAlreadySignedError if the duty was already signed (expected in HA)
    * @throws SlashingProtectionError if attempting to sign different data for same slot (expected in HA)
    */ async signWithProtection(validatorAddress, messageHash, context, signFn) {
+        const startTime = this.dateProvider.now();
+        const dutyType = context.dutyType;
         let dutyIdentifier;
         if (context.dutyType === DutyType.BLOCK_PROPOSAL) {
             dutyIdentifier = {
+                rollupAddress: this.rollupAddress,
                 validatorAddress,
                 slot: context.slot,
                 blockIndexWithinCheckpoint: context.blockIndexWithinCheckpoint,
@@ -72,12 +84,14 @@ import { getBlockNumberFromSigningContext } from './types.js';
             };
         } else {
             dutyIdentifier = {
+                rollupAddress: this.rollupAddress,
                 validatorAddress,
                 slot: context.slot,
                 dutyType: context.dutyType
             };
         }
         // Acquire lock and get the token for ownership verification
+        // DutyAlreadySignedError and SlashingProtectionError may be thrown here and are recorded in the service
         const blockNumber = getBlockNumberFromSigningContext(context);
         const lockToken = await this.slashingProtection.checkAndRecord({
             ...dutyIdentifier,
@@ -95,6 +109,7 @@ import { getBlockNumberFromSigningContext } from './types.js';
                 ...dutyIdentifier,
                 lockToken
             });
+            this.metrics.recordSigningError(dutyType);
             throw error;
         }
         // Record success (only succeeds if we own the lock)
@@ -104,6 +119,8 @@ import { getBlockNumberFromSigningContext } from './types.js';
             nodeId: this.config.nodeId,
             lockToken
         });
+        const duration = this.dateProvider.now() - startTime;
+        this.metrics.recordSigningSuccess(dutyType, duration);
         return signature;
     }
     /**
@@ -114,8 +131,8 @@ import { getBlockNumberFromSigningContext } from './types.js';
     /**
    * Start the HA signer background tasks (cleanup of stuck duties).
    * Should be called after construction and before signing operations.
-   */ start() {
-        this.slashingProtection.start();
+   */ async start() {
+        await this.slashingProtection.start();
     }
     /**
    * Stop the HA signer background tasks and close database connection.

package/package.json

@@ -1,12 +1,12 @@
 {
   "name": "@aztec/validator-ha-signer",
-  "version": "0.0.1-commit.fffb133c",
+  "version": "0.0.2-commit.217f559981",
   "type": "module",
   "exports": {
-    "./config": "./dest/config.js",
     "./db": "./dest/db/index.js",
     "./errors": "./dest/errors.js",
     "./factory": "./dest/factory.js",
+    "./metrics": "./dest/metrics.js",
     "./migrations": "./dest/migrations.js",
     "./slashing-protection-service": "./dest/slashing_protection_service.js",
     "./types": "./dest/types.js",
@@ -15,10 +15,10 @@
   },
   "typedocOptions": {
     "entryPoints": [
-      "./src/config.ts",
       "./src/db/index.ts",
       "./src/errors.ts",
       "./src/factory.ts",
+      "./src/metrics.ts",
       "./src/migrations.ts",
       "./src/slashing_protection_service.ts",
       "./src/types.ts",
@@ -74,7 +74,10 @@
     ]
   },
   "dependencies": {
-    "@aztec/foundation": "0.0.1-commit.fffb133c",
+    "@aztec/ethereum": "0.0.2-commit.217f559981",
+    "@aztec/foundation": "0.0.2-commit.217f559981",
+    "@aztec/stdlib": "0.0.2-commit.217f559981",
+    "@aztec/telemetry-client": "0.0.2-commit.217f559981",
     "node-pg-migrate": "^8.0.4",
     "pg": "^8.11.3",
     "tslib": "^2.4.0",

package/src/db/postgres.ts

@@ -11,6 +11,8 @@ import type { QueryResult, QueryResultRow } from 'pg';
 
 import type { SlashingProtectionDatabase, TryInsertOrGetResult } from '../types.js';
 import {
+  CLEANUP_OLD_DUTIES,
+  CLEANUP_OUTDATED_ROLLUP_DUTIES,
   CLEANUP_OWN_STUCK_DUTIES,
   DELETE_DUTY,
   INSERT_OR_GET_DUTY,
@@ -101,6 +103,7 @@ export class PostgresSlashingProtectionDatabase implements SlashingProtectionDat
     const result = await retry<QueryResult<InsertOrGetRow>>(
       async () => {
         const queryResult: QueryResult<InsertOrGetRow> = await this.pool.query(INSERT_OR_GET_DUTY, [
+          params.rollupAddress.toString(),
           params.validatorAddress.toString(),
           params.slot.toString(),
           params.blockNumber.toString(),
@@ -148,6 +151,7 @@ export class PostgresSlashingProtectionDatabase implements SlashingProtectionDat
    * @returns true if the update succeeded, false if token didn't match or duty not found
    */
   async updateDutySigned(
+    rollupAddress: EthAddress,
     validatorAddress: EthAddress,
     slot: SlotNumber,
     dutyType: DutyType,
@@ -157,6 +161,7 @@ export class PostgresSlashingProtectionDatabase implements SlashingProtectionDat
   ): Promise<boolean> {
     const result = await this.pool.query(UPDATE_DUTY_SIGNED, [
       signature,
+      rollupAddress.toString(),
       validatorAddress.toString(),
       slot.toString(),
       dutyType,
@@ -166,6 +171,7 @@ export class PostgresSlashingProtectionDatabase implements SlashingProtectionDat
 
     if (result.rowCount === 0) {
       this.log.warn('Failed to update duty to signed status: invalid token or duty not found', {
+        rollupAddress: rollupAddress.toString(),
         validatorAddress: validatorAddress.toString(),
         slot: slot.toString(),
         dutyType,
@@ -184,6 +190,7 @@ export class PostgresSlashingProtectionDatabase implements SlashingProtectionDat
    * @returns true if the delete succeeded, false if token didn't match or duty not found
    */
   async deleteDuty(
+    rollupAddress: EthAddress,
     validatorAddress: EthAddress,
     slot: SlotNumber,
     dutyType: DutyType,
@@ -191,6 +198,7 @@ export class PostgresSlashingProtectionDatabase implements SlashingProtectionDat
     blockIndexWithinCheckpoint: number,
   ): Promise<boolean> {
     const result = await this.pool.query(DELETE_DUTY, [
+      rollupAddress.toString(),
       validatorAddress.toString(),
       slot.toString(),
       dutyType,
@@ -200,6 +208,7 @@ export class PostgresSlashingProtectionDatabase implements SlashingProtectionDat
 
     if (result.rowCount === 0) {
       this.log.warn('Failed to delete duty: invalid token or duty not found', {
+        rollupAddress: rollupAddress.toString(),
         validatorAddress: validatorAddress.toString(),
         slot: slot.toString(),
         dutyType,
@@ -215,6 +224,7 @@ export class PostgresSlashingProtectionDatabase implements SlashingProtectionDat
    */
   private rowToRecord(row: DutyRow): ValidatorDutyRecord {
     return {
+      rollupAddress: EthAddress.fromString(row.rollup_address),
       validatorAddress: EthAddress.fromString(row.validator_address),
       slot: SlotNumber.fromString(row.slot),
       blockNumber: BlockNumber.fromString(row.block_number),
@@ -244,8 +254,29 @@ export class PostgresSlashingProtectionDatabase implements SlashingProtectionDat
    * @returns the number of duties cleaned up
    */
   async cleanupOwnStuckDuties(nodeId: string, maxAgeMs: number): Promise<number> {
-    const cutoff = new Date(Date.now() - maxAgeMs);
-    const result = await this.pool.query(CLEANUP_OWN_STUCK_DUTIES, [nodeId, cutoff]);
+    const result = await this.pool.query(CLEANUP_OWN_STUCK_DUTIES, [nodeId, maxAgeMs]);
+    return result.rowCount ?? 0;
+  }
+
+  /**
+   * Cleanup duties with outdated rollup address.
+   * Removes all duties where the rollup address doesn't match the current one.
+   * Used after a rollup upgrade to clean up duties for the old rollup.
+   * @returns the number of duties cleaned up
+   */
+  async cleanupOutdatedRollupDuties(currentRollupAddress: EthAddress): Promise<number> {
+    const result = await this.pool.query(CLEANUP_OUTDATED_ROLLUP_DUTIES, [currentRollupAddress.toString()]);
+    return result.rowCount ?? 0;
+  }
+
+  /**
+   * Cleanup old signed duties.
+   * Removes only signed duties older than the specified age.
+   * Does not remove 'signing' duties as they may be in progress.
+   * @returns the number of duties cleaned up
+   */
+  async cleanupOldDuties(maxAgeMs: number): Promise<number> {
+    const result = await this.pool.query(CLEANUP_OLD_DUTIES, [maxAgeMs]);
     return result.rowCount ?? 0;
   }
 }

package/src/db/schema.ts

@@ -16,12 +16,13 @@ export const SCHEMA_VERSION = 1;
  */
 export const CREATE_VALIDATOR_DUTIES_TABLE = `
 CREATE TABLE IF NOT EXISTS validator_duties (
+  rollup_address VARCHAR(42) NOT NULL,
   validator_address VARCHAR(42) NOT NULL,
   slot BIGINT NOT NULL,
   block_number BIGINT NOT NULL,
   block_index_within_checkpoint INTEGER NOT NULL DEFAULT 0,
   duty_type VARCHAR(30) NOT NULL CHECK (duty_type IN ('BLOCK_PROPOSAL', 'CHECKPOINT_PROPOSAL', 'ATTESTATION', 'ATTESTATIONS_AND_SIGNERS', 'GOVERNANCE_VOTE', 'SLASHING_VOTE')),
-  status VARCHAR(20) NOT NULL CHECK (status IN ('signing', 'signed', 'failed')),
+  status VARCHAR(20) NOT NULL CHECK (status IN ('signing', 'signed')),
   message_hash VARCHAR(66) NOT NULL,
   signature VARCHAR(132),
   node_id VARCHAR(255) NOT NULL,
@@ -30,7 +31,7 @@ CREATE TABLE IF NOT EXISTS validator_duties (
   completed_at TIMESTAMP,
   error_message TEXT,
 
-  PRIMARY KEY (validator_address, slot, duty_type, block_index_within_checkpoint),
+  PRIMARY KEY (rollup_address, validator_address, slot, duty_type, block_index_within_checkpoint),
   CHECK (completed_at IS NULL OR completed_at >= started_at)
 );
 `;
@@ -101,6 +102,7 @@ SELECT version FROM schema_version ORDER BY version DESC LIMIT 1;
 export const INSERT_OR_GET_DUTY = `
 WITH inserted AS (
   INSERT INTO validator_duties (
+    rollup_address,
     validator_address,
     slot,
     block_number,
@@ -111,9 +113,10 @@ WITH inserted AS (
     node_id,
     lock_token,
     started_at
-  ) VALUES ($1, $2, $3, $4, $5, 'signing', $6, $7, $8, CURRENT_TIMESTAMP)
-  ON CONFLICT (validator_address, slot, duty_type, block_index_within_checkpoint) DO NOTHING
+  ) VALUES ($1, $2, $3, $4, $5, $6, 'signing', $7, $8, $9, CURRENT_TIMESTAMP)
+  ON CONFLICT (rollup_address, validator_address, slot, duty_type, block_index_within_checkpoint) DO NOTHING
   RETURNING
+    rollup_address,
     validator_address,
     slot,
     block_number,
@@ -132,6 +135,7 @@ WITH inserted AS (
 SELECT * FROM inserted
 UNION ALL
 SELECT
+  rollup_address,
   validator_address,
   slot,
   block_number,
@@ -147,10 +151,11 @@ SELECT
   error_message,
   FALSE as is_new
 FROM validator_duties
-WHERE validator_address = $1
-  AND slot = $2
-  AND duty_type = $5
-  AND block_index_within_checkpoint = $4
+WHERE rollup_address = $1
+  AND validator_address = $2
+  AND slot = $3
+  AND duty_type = $6
+  AND block_index_within_checkpoint = $5
   AND NOT EXISTS (SELECT 1 FROM inserted);
 `;
 
@@ -162,12 +167,13 @@ UPDATE validator_duties
 SET status = 'signed',
     signature = $1,
     completed_at = CURRENT_TIMESTAMP
-WHERE validator_address = $2
-  AND slot = $3
-  AND duty_type = $4
-  AND block_index_within_checkpoint = $5
+WHERE rollup_address = $2
+  AND validator_address = $3
+  AND slot = $4
+  AND duty_type = $5
+  AND block_index_within_checkpoint = $6
   AND status = 'signing'
-  AND lock_token = $6;
+  AND lock_token = $7;
 `;
 
 /**
@@ -176,12 +182,13 @@ WHERE validator_address = $2
  */
 export const DELETE_DUTY = `
 DELETE FROM validator_duties
-WHERE validator_address = $1
-  AND slot = $2
-  AND duty_type = $3
-  AND block_index_within_checkpoint = $4
+WHERE rollup_address = $1
+  AND validator_address = $2
+  AND slot = $3
+  AND duty_type = $4
+  AND block_index_within_checkpoint = $5
   AND status = 'signing'
-  AND lock_token = $5;
+  AND lock_token = $6;
 `;
 
 /**
@@ -196,23 +203,34 @@ WHERE status = 'signed'
 
 /**
  * Query to clean up old duties (for maintenance)
- * Removes duties older than a specified timestamp
+ * Removes SIGNED duties older than a specified age (in milliseconds)
  */
 export const CLEANUP_OLD_DUTIES = `
 DELETE FROM validator_duties
-WHERE status IN ('signing', 'signed', 'failed')
-  AND started_at < $1;
+WHERE status = 'signed'
+  AND started_at < CURRENT_TIMESTAMP - ($1 || ' milliseconds')::INTERVAL;
 `;
 
 /**
  * Query to cleanup own stuck duties
  * Removes duties in 'signing' status for a specific node that are older than maxAgeMs
+ * Uses DB's CURRENT_TIMESTAMP to avoid clock skew issues between nodes
  */
 export const CLEANUP_OWN_STUCK_DUTIES = `
 DELETE FROM validator_duties
 WHERE node_id = $1
   AND status = 'signing'
-  AND started_at < $2;
+  AND started_at < CURRENT_TIMESTAMP - ($2 || ' milliseconds')::INTERVAL;
+`;
+
+/**
+ * Query to cleanup duties with outdated rollup address
+ * Removes all duties where the rollup address doesn't match the current one
+ * Used after a rollup upgrade to clean up duties for the old rollup
+ */
+export const CLEANUP_OUTDATED_ROLLUP_DUTIES = `
+DELETE FROM validator_duties
+WHERE rollup_address != $1;
 `;
 
 /**
@@ -231,6 +249,7 @@ export const DROP_SCHEMA_VERSION_TABLE = `DROP TABLE IF EXISTS schema_version;`;
  */
 export const GET_STUCK_DUTIES = `
 SELECT
+  rollup_address,
   validator_address,
   slot,
   block_number,

package/src/db/types.ts

@@ -1,11 +1,13 @@
 import type { BlockNumber, CheckpointNumber, IndexWithinCheckpoint, SlotNumber } from '@aztec/foundation/branded-types';
 import type { EthAddress } from '@aztec/foundation/eth-address';
 import type { Signature } from '@aztec/foundation/eth-signature';
+import { DutyType } from '@aztec/stdlib/ha-signing';
 
 /**
  * Row type from PostgreSQL query
  */
 export interface DutyRow {
+  rollup_address: string;
   validator_address: string;
   slot: string;
   block_number: string;
@@ -28,20 +30,6 @@ export interface InsertOrGetRow extends DutyRow {
   is_new: boolean;
 }
 
-/**
- * Type of validator duty being performed
- */
-export enum DutyType {
-  BLOCK_PROPOSAL = 'BLOCK_PROPOSAL',
-  CHECKPOINT_PROPOSAL = 'CHECKPOINT_PROPOSAL',
-  ATTESTATION = 'ATTESTATION',
-  ATTESTATIONS_AND_SIGNERS = 'ATTESTATIONS_AND_SIGNERS',
-  GOVERNANCE_VOTE = 'GOVERNANCE_VOTE',
-  SLASHING_VOTE = 'SLASHING_VOTE',
-  AUTH_REQUEST = 'AUTH_REQUEST',
-  TXS = 'TXS',
-}
-
 /**
  * Status of a duty in the database
  */
@@ -50,10 +38,15 @@ export enum DutyStatus {
   SIGNED = 'signed',
 }
 
+// Re-export DutyType from stdlib
+export { DutyType };
+
 /**
  * Record of a validator duty in the database
  */
 export interface ValidatorDutyRecord {
+  /** Ethereum address of the rollup contract */
+  rollupAddress: EthAddress;
   /** Ethereum address of the validator */
   validatorAddress: EthAddress;
   /** Slot number for this duty */
@@ -78,7 +71,7 @@ export interface ValidatorDutyRecord {
   startedAt: Date;
   /** When the duty signing was completed (success or failure) */
   completedAt?: Date;
-  /** Error message if status is 'failed' */
+  /** Error message (currently unused) */
   errorMessage?: string;
 }
 
@@ -87,6 +80,7 @@ export interface ValidatorDutyRecord {
  * blockIndexWithinCheckpoint is REQUIRED and must be >= 0.
  */
 export interface BlockProposalDutyIdentifier {
+  rollupAddress: EthAddress;
   validatorAddress: EthAddress;
   slot: SlotNumber;
   /** Block index within checkpoint (0, 1, 2...). Required for block proposals. */
@@ -99,6 +93,7 @@ export interface BlockProposalDutyIdentifier {
  * blockIndexWithinCheckpoint is not applicable (internally stored as -1).
  */
 export interface OtherDutyIdentifier {
+  rollupAddress: EthAddress;
   validatorAddress: EthAddress;
   slot: SlotNumber;
   dutyType:

package/src/factory.ts

@@ -1,10 +1,14 @@
 /**
  * Factory functions for creating validator HA signers
  */
+import { DateProvider } from '@aztec/foundation/timer';
+import type { ValidatorHASignerConfig } from '@aztec/stdlib/ha-signing';
+import { getTelemetryClient } from '@aztec/telemetry-client';
+
 import { Pool } from 'pg';
 
-import type { ValidatorHASignerConfig } from './config.js';
 import { PostgresSlashingProtectionDatabase } from './db/postgres.js';
+import { HASignerMetrics } from './metrics.js';
 import type { CreateHASignerDeps, SlashingProtectionDatabase } from './types.js';
 import { ValidatorHASigner } from './validator_ha_signer.js';
 
@@ -55,6 +59,10 @@ export async function createHASigner(
   if (!databaseUrl) {
     throw new Error('databaseUrl is required for createHASigner');
   }
+
+  const telemetryClient = deps?.telemetryClient ?? getTelemetryClient();
+  const dateProvider = deps?.dateProvider ?? new DateProvider();
+
   // Create connection pool (or use provided pool)
   let pool: Pool;
   if (!deps?.pool) {
@@ -75,8 +83,11 @@ export async function createHASigner(
   // Verify database schema is initialized and version matches
   await db.initialize();
 
+  // Create metrics
+  const metrics = new HASignerMetrics(telemetryClient, signerConfig.nodeId);
+
   // Create signer
-  const signer = new ValidatorHASigner(db, { ...signerConfig, databaseUrl });
+  const signer = new ValidatorHASigner(db, { ...signerConfig, databaseUrl }, { metrics, dateProvider });
 
   return { signer, db };
 }

package/src/metrics.ts

@@ -0,0 +1,138 @@
+import {
+  Attributes,
+  type Histogram,
+  Metrics,
+  type TelemetryClient,
+  type UpDownCounter,
+  createUpDownCounterWithDefault,
+} from '@aztec/telemetry-client';
+
+export type HACleanupType = 'stuck' | 'old' | 'outdated_rollup';
+
+/**
+ * Metrics for HA signer tracking signing operations, lock acquisition, and cleanup.
+ */
+export class HASignerMetrics {
+  // Signing lifecycle metrics
+  private signingDuration: Histogram;
+  private signingSuccessCount: UpDownCounter;
+  private dutyAlreadySignedCount: UpDownCounter;
+  private slashingProtectionCount: UpDownCounter;
+  private signingErrorCount: UpDownCounter;
+
+  // Lock acquisition metrics
+  private lockAcquiredCount: UpDownCounter;
+
+  // Cleanup metrics
+  private cleanupStuckDutiesCount: UpDownCounter;
+  private cleanupOldDutiesCount: UpDownCounter;
+  private cleanupOutdatedRollupDutiesCount: UpDownCounter;
+
+  constructor(
+    client: TelemetryClient,
+    private nodeId: string,
+    name = 'HASignerMetrics',
+  ) {
+    const meter = client.getMeter(name);
+
+    // Signing lifecycle
+    this.signingDuration = meter.createHistogram(Metrics.HA_SIGNER_SIGNING_DURATION);
+    this.signingSuccessCount = createUpDownCounterWithDefault(meter, Metrics.HA_SIGNER_SIGNING_SUCCESS_COUNT);
+    this.dutyAlreadySignedCount = createUpDownCounterWithDefault(meter, Metrics.HA_SIGNER_DUTY_ALREADY_SIGNED_COUNT);
+    this.slashingProtectionCount = createUpDownCounterWithDefault(meter, Metrics.HA_SIGNER_SLASHING_PROTECTION_COUNT);
+    this.signingErrorCount = createUpDownCounterWithDefault(meter, Metrics.HA_SIGNER_SIGNING_ERROR_COUNT);
+
+    // Lock acquisition
+    this.lockAcquiredCount = createUpDownCounterWithDefault(meter, Metrics.HA_SIGNER_LOCK_ACQUIRED_COUNT);
+
+    // Cleanup
+    this.cleanupStuckDutiesCount = createUpDownCounterWithDefault(meter, Metrics.HA_SIGNER_CLEANUP_STUCK_DUTIES_COUNT);
+    this.cleanupOldDutiesCount = createUpDownCounterWithDefault(meter, Metrics.HA_SIGNER_CLEANUP_OLD_DUTIES_COUNT);
+    this.cleanupOutdatedRollupDutiesCount = createUpDownCounterWithDefault(
+      meter,
+      Metrics.HA_SIGNER_CLEANUP_OUTDATED_ROLLUP_DUTIES_COUNT,
+    );
+  }
+
+  /**
+   * Record a successful signing operation.
+   * @param dutyType - The type of duty signed
+   * @param durationMs - Duration from start of signWithProtection to completion
+   */
+  public recordSigningSuccess(dutyType: string, durationMs: number): void {
+    const attributes = {
+      [Attributes.HA_DUTY_TYPE]: dutyType,
+      [Attributes.HA_NODE_ID]: this.nodeId,
+    };
+    this.signingSuccessCount.add(1, attributes);
+    this.signingDuration.record(durationMs, attributes);
+  }
+
+  /**
+   * Record a DutyAlreadySignedError (expected in HA; another node signed first).
+   * @param dutyType - The type of duty
+   */
+  public recordDutyAlreadySigned(dutyType: string): void {
+    const attributes = {
+      [Attributes.HA_DUTY_TYPE]: dutyType,
+      [Attributes.HA_NODE_ID]: this.nodeId,
+    };
+    this.dutyAlreadySignedCount.add(1, attributes);
+  }
+
+  /**
+   * Record a SlashingProtectionError (attempted to sign different data for same duty).
+   * @param dutyType - The type of duty
+   */
+  public recordSlashingProtection(dutyType: string): void {
+    const attributes = {
+      [Attributes.HA_DUTY_TYPE]: dutyType,
+      [Attributes.HA_NODE_ID]: this.nodeId,
+    };
+    this.slashingProtectionCount.add(1, attributes);
+  }
+
+  /**
+   * Record a signing function failure (lock will be deleted for retry).
+   * @param dutyType - The type of duty
+   */
+  public recordSigningError(dutyType: string): void {
+    const attributes = {
+      [Attributes.HA_DUTY_TYPE]: dutyType,
+      [Attributes.HA_NODE_ID]: this.nodeId,
+    };
+    this.signingErrorCount.add(1, attributes);
+  }
+
+  /**
+   * Record lock acquisition.
+   * @param acquired - Whether a new lock was acquired (true) or existing record found (false)
+   */
+  public recordLockAcquire(acquired: boolean): void {
+    if (acquired) {
+      const attributes = {
+        [Attributes.HA_NODE_ID]: this.nodeId,
+      };
+      this.lockAcquiredCount.add(1, attributes);
+    }
+  }
+
+  /**
+   * Record cleanup metrics.
+   * @param type - Type of cleanup
+   * @param count - Number of duties cleaned up
+   */
+  public recordCleanup(type: HACleanupType, count: number): void {
+    const attributes = {
+      [Attributes.HA_NODE_ID]: this.nodeId,
+    };
+
+    if (type === 'stuck') {
+      this.cleanupStuckDutiesCount.add(count, attributes);
+    } else if (type === 'old') {
+      this.cleanupOldDutiesCount.add(count, attributes);
+    } else if (type === 'outdated_rollup') {
+      this.cleanupOutdatedRollupDutiesCount.add(count, attributes);
+    }
+  }
+}