@aztec/validator-ha-signer 4.0.0-nightly.20260110

package/dest/db/schema.js

@@ -0,0 +1,201 @@
+/**
+ * SQL schema for the validator_duties table
+ *
+ * This table is used for distributed locking and slashing protection across multiple validator nodes.
+ * The PRIMARY KEY constraint ensures that only one node can acquire the lock for a given validator,
+ * slot, and duty type combination.
+ */ /**
+ * Current schema version
+ */ export const SCHEMA_VERSION = 1;
+/**
+ * SQL to create the validator_duties table
+ */ export const CREATE_VALIDATOR_DUTIES_TABLE = `
+CREATE TABLE IF NOT EXISTS validator_duties (
+  validator_address VARCHAR(42) NOT NULL,
+  slot BIGINT NOT NULL,
+  block_number BIGINT NOT NULL,
+  duty_type VARCHAR(30) NOT NULL CHECK (duty_type IN ('BLOCK_PROPOSAL', 'ATTESTATION', 'ATTESTATIONS_AND_SIGNERS')),
+  status VARCHAR(20) NOT NULL CHECK (status IN ('signing', 'signed', 'failed')),
+  message_hash VARCHAR(66) NOT NULL,
+  signature VARCHAR(132),
+  node_id VARCHAR(255) NOT NULL,
+  lock_token VARCHAR(64) NOT NULL,
+  started_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  completed_at TIMESTAMP,
+  error_message TEXT,
+
+  PRIMARY KEY (validator_address, slot, duty_type),
+  CHECK (completed_at IS NULL OR completed_at >= started_at)
+);
+`;
+/**
+ * SQL to create index on status and started_at for cleanup queries
+ */ export const CREATE_STATUS_INDEX = `
+CREATE INDEX IF NOT EXISTS idx_validator_duties_status
+ON validator_duties(status, started_at);
+`;
+/**
+ * SQL to create index for querying duties by node
+ */ export const CREATE_NODE_INDEX = `
+CREATE INDEX IF NOT EXISTS idx_validator_duties_node
+ON validator_duties(node_id, started_at);
+`;
+/**
+ * SQL to create the schema_version table for tracking migrations
+ */ export const CREATE_SCHEMA_VERSION_TABLE = `
+CREATE TABLE IF NOT EXISTS schema_version (
+  version INTEGER PRIMARY KEY,
+  applied_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+`;
+/**
+ * SQL to initialize schema version
+ */ export const INSERT_SCHEMA_VERSION = `
+INSERT INTO schema_version (version)
+VALUES ($1)
+ON CONFLICT (version) DO NOTHING;
+`;
+/**
+ * Complete schema setup - all statements in order
+ */ export const SCHEMA_SETUP = [
+    CREATE_SCHEMA_VERSION_TABLE,
+    CREATE_VALIDATOR_DUTIES_TABLE,
+    CREATE_STATUS_INDEX,
+    CREATE_NODE_INDEX
+];
+/**
+ * Query to get current schema version
+ */ export const GET_SCHEMA_VERSION = `
+SELECT version FROM schema_version ORDER BY version DESC LIMIT 1;
+`;
+/**
+ * Atomic insert-or-get query.
+ * Tries to insert a new duty record. If a record already exists (conflict),
+ * returns the existing record instead.
+ *
+ * Returns the record with an `is_new` flag indicating whether we inserted or got existing.
+ */ export const INSERT_OR_GET_DUTY = `
+WITH inserted AS (
+  INSERT INTO validator_duties (
+    validator_address,
+    slot,
+    block_number,
+    duty_type,
+    status,
+    message_hash,
+    node_id,
+    lock_token,
+    started_at
+  ) VALUES ($1, $2, $3, $4, 'signing', $5, $6, $7, CURRENT_TIMESTAMP)
+  ON CONFLICT (validator_address, slot, duty_type) DO NOTHING
+  RETURNING
+    validator_address,
+    slot,
+    block_number,
+    duty_type,
+    status,
+    message_hash,
+    signature,
+    node_id,
+    lock_token,
+    started_at,
+    completed_at,
+    error_message,
+    TRUE as is_new
+)
+SELECT * FROM inserted
+UNION ALL
+SELECT
+  validator_address,
+  slot,
+  block_number,
+  duty_type,
+  status,
+  message_hash,
+  signature,
+  node_id,
+  '' as lock_token,
+  started_at,
+  completed_at,
+  error_message,
+  FALSE as is_new
+FROM validator_duties
+WHERE validator_address = $1
+  AND slot = $2
+  AND duty_type = $4
+  AND NOT EXISTS (SELECT 1 FROM inserted);
+`;
+/**
+ * Query to update a duty to 'signed' status
+ */ export const UPDATE_DUTY_SIGNED = `
+UPDATE validator_duties
+SET status = 'signed',
+    signature = $1,
+    completed_at = CURRENT_TIMESTAMP
+WHERE validator_address = $2
+  AND slot = $3
+  AND duty_type = $4
+  AND status = 'signing'
+  AND lock_token = $5;
+`;
+/**
+ * Query to delete a duty
+ * Only deletes if the lockToken matches
+ */ export const DELETE_DUTY = `
+DELETE FROM validator_duties
+WHERE validator_address = $1
+  AND slot = $2
+  AND duty_type = $3
+  AND status = 'signing'
+  AND lock_token = $4;
+`;
+/**
+ * Query to clean up old signed duties (for maintenance)
+ * Removes signed duties older than a specified timestamp
+ */ export const CLEANUP_OLD_SIGNED_DUTIES = `
+DELETE FROM validator_duties
+WHERE status = 'signed'
+  AND completed_at < $1;
+`;
+/**
+ * Query to clean up old duties (for maintenance)
+ * Removes duties older than a specified timestamp
+ */ export const CLEANUP_OLD_DUTIES = `
+DELETE FROM validator_duties
+WHERE status IN ('signing', 'signed', 'failed')
+  AND started_at < $1;
+`;
+/**
+ * Query to cleanup own stuck duties
+ * Removes duties in 'signing' status for a specific node that are older than maxAgeMs
+ */ export const CLEANUP_OWN_STUCK_DUTIES = `
+DELETE FROM validator_duties
+WHERE node_id = $1
+  AND status = 'signing'
+  AND started_at < $2;
+`;
+/**
+ * SQL to drop the validator_duties table
+ */ export const DROP_VALIDATOR_DUTIES_TABLE = `DROP TABLE IF EXISTS validator_duties;`;
+/**
+ * SQL to drop the schema_version table
+ */ export const DROP_SCHEMA_VERSION_TABLE = `DROP TABLE IF EXISTS schema_version;`;
+/**
+ * Query to get stuck duties (for monitoring/alerting)
+ * Returns duties in 'signing' status that have been stuck for too long
+ */ export const GET_STUCK_DUTIES = `
+SELECT
+  validator_address,
+  slot,
+  block_number,
+  duty_type,
+  status,
+  message_hash,
+  node_id,
+  started_at,
+  EXTRACT(EPOCH FROM (CURRENT_TIMESTAMP - started_at)) as age_seconds
+FROM validator_duties
+WHERE status = 'signing'
+  AND started_at < $1
+ORDER BY started_at ASC;
+`;

package/dest/db/test_helper.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Test helpers for database setup
+ */
+import type { PGlite } from '@electric-sql/pglite';
+/**
+ * Set up the database schema for testing.
+ * This runs the same SQL that migrations would apply.
+ */
+export declare function setupTestSchema(pglite: PGlite): Promise<void>;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidGVzdF9oZWxwZXIuZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9kYi90ZXN0X2hlbHBlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQTs7R0FFRztBQUNILE9BQU8sS0FBSyxFQUFFLE1BQU0sRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBSW5EOzs7R0FHRztBQUNILHdCQUFzQixlQUFlLENBQUMsTUFBTSxFQUFFLE1BQU0sR0FBRyxPQUFPLENBQUMsSUFBSSxDQUFDLENBS25FIn0=

package/dest/db/test_helper.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"test_helper.d.ts","sourceRoot":"","sources":["../../src/db/test_helper.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAInD;;;GAGG;AACH,wBAAsB,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAKnE"}

package/dest/db/test_helper.js

@@ -0,0 +1,14 @@
+/**
+ * Test helpers for database setup
+ */ import { INSERT_SCHEMA_VERSION, SCHEMA_SETUP, SCHEMA_VERSION } from './schema.js';
+/**
+ * Set up the database schema for testing.
+ * This runs the same SQL that migrations would apply.
+ */ export async function setupTestSchema(pglite) {
+    for (const statement of SCHEMA_SETUP){
+        await pglite.query(statement);
+    }
+    await pglite.query(INSERT_SCHEMA_VERSION, [
+        SCHEMA_VERSION
+    ]);
+}

package/dest/db/types.d.ts

@@ -0,0 +1,109 @@
+import type { EthAddress } from '@aztec/foundation/eth-address';
+import type { Signature } from '@aztec/foundation/eth-signature';
+/**
+ * Row type from PostgreSQL query
+ */
+export interface DutyRow {
+    validator_address: string;
+    slot: string;
+    block_number: string;
+    duty_type: DutyType;
+    status: DutyStatus;
+    message_hash: string;
+    signature: string | null;
+    node_id: string;
+    lock_token: string;
+    started_at: Date;
+    completed_at: Date | null;
+    error_message: string | null;
+}
+/**
+ * Row type from INSERT_OR_GET_DUTY query (includes is_new flag)
+ */
+export interface InsertOrGetRow extends DutyRow {
+    is_new: boolean;
+}
+/**
+ * Type of validator duty being performed
+ */
+export declare enum DutyType {
+    BLOCK_PROPOSAL = "BLOCK_PROPOSAL",
+    ATTESTATION = "ATTESTATION",
+    ATTESTATIONS_AND_SIGNERS = "ATTESTATIONS_AND_SIGNERS"
+}
+/**
+ * Status of a duty in the database
+ */
+export declare enum DutyStatus {
+    SIGNING = "signing",
+    SIGNED = "signed"
+}
+/**
+ * Record of a validator duty in the database
+ */
+export interface ValidatorDutyRecord {
+    /** Ethereum address of the validator */
+    validatorAddress: EthAddress;
+    /** Slot number for this duty */
+    slot: bigint;
+    /** Block number for this duty */
+    blockNumber: bigint;
+    /** Type of duty being performed */
+    dutyType: DutyType;
+    /** Current status of the duty */
+    status: DutyStatus;
+    /** The signing root (hash) for this duty */
+    messageHash: string;
+    /** The signature (populated after successful signing) */
+    signature?: string;
+    /** Unique identifier for the node that acquired the lock */
+    nodeId: string;
+    /** Secret token for verifying ownership of the duty lock */
+    lockToken: string;
+    /** When the duty signing was started */
+    startedAt: Date;
+    /** When the duty signing was completed (success or failure) */
+    completedAt?: Date;
+    /** Error message if status is 'failed' */
+    errorMessage?: string;
+}
+/**
+ * Minimal info needed to identify a unique duty
+ */
+export interface DutyIdentifier {
+    validatorAddress: EthAddress;
+    slot: bigint;
+    dutyType: DutyType;
+}
+/**
+ * Parameters for checking and recording a new duty
+ */
+export interface CheckAndRecordParams {
+    validatorAddress: EthAddress;
+    slot: bigint;
+    blockNumber: bigint;
+    dutyType: DutyType;
+    messageHash: string;
+    nodeId: string;
+}
+/**
+ * Parameters for recording a successful signing
+ */
+export interface RecordSuccessParams {
+    validatorAddress: EthAddress;
+    slot: bigint;
+    dutyType: DutyType;
+    signature: Signature;
+    nodeId: string;
+    lockToken: string;
+}
+/**
+ * Parameters for deleting a duty
+ */
+export interface DeleteDutyParams {
+    validatorAddress: EthAddress;
+    slot: bigint;
+    dutyType: DutyType;
+    lockToken: string;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidHlwZXMuZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9kYi90eXBlcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssRUFBRSxVQUFVLEVBQUUsTUFBTSwrQkFBK0IsQ0FBQztBQUNoRSxPQUFPLEtBQUssRUFBRSxTQUFTLEVBQUUsTUFBTSxpQ0FBaUMsQ0FBQztBQUVqRTs7R0FFRztBQUNILE1BQU0sV0FBVyxPQUFPO0lBQ3RCLGlCQUFpQixFQUFFLE1BQU0sQ0FBQztJQUMxQixJQUFJLEVBQUUsTUFBTSxDQUFDO0lBQ2IsWUFBWSxFQUFFLE1BQU0sQ0FBQztJQUNyQixTQUFTLEVBQUUsUUFBUSxDQUFDO0lBQ3BCLE1BQU0sRUFBRSxVQUFVLENBQUM7SUFDbkIsWUFBWSxFQUFFLE1BQU0sQ0FBQztJQUNyQixTQUFTLEVBQUUsTUFBTSxHQUFHLElBQUksQ0FBQztJQUN6QixPQUFPLEVBQUUsTUFBTSxDQUFDO0lBQ2hCLFVBQVUsRUFBRSxNQUFNLENBQUM7SUFDbkIsVUFBVSxFQUFFLElBQUksQ0FBQztJQUNqQixZQUFZLEVBQUUsSUFBSSxHQUFHLElBQUksQ0FBQztJQUMxQixhQUFhLEVBQUUsTUFBTSxHQUFHLElBQUksQ0FBQztDQUM5QjtBQUVEOztHQUVHO0FBQ0gsTUFBTSxXQUFXLGNBQWUsU0FBUSxPQUFPO0lBQzdDLE1BQU0sRUFBRSxPQUFPLENBQUM7Q0FDakI7QUFFRDs7R0FFRztBQUNILG9CQUFZLFFBQVE7SUFDbEIsY0FBYyxtQkFBbUI7SUFDakMsV0FBVyxnQkFBZ0I7SUFDM0Isd0JBQXdCLDZCQUE2QjtDQUN0RDtBQUVEOztHQUVHO0FBQ0gsb0JBQVksVUFBVTtJQUNwQixPQUFPLFlBQVk7SUFDbkIsTUFBTSxXQUFXO0NBQ2xCO0FBRUQ7O0dBRUc7QUFDSCxNQUFNLFdBQVcsbUJBQW1CO0lBQ2xDLHdDQUF3QztJQUN4QyxnQkFBZ0IsRUFBRSxVQUFVLENBQUM7SUFDN0IsZ0NBQWdDO0lBQ2hDLElBQUksRUFBRSxNQUFNLENBQUM7SUFDYixpQ0FBaUM7SUFDakMsV0FBVyxFQUFFLE1BQU0sQ0FBQztJQUNwQixtQ0FBbUM7SUFDbkMsUUFBUSxFQUFFLFFBQVEsQ0FBQztJQUNuQixpQ0FBaUM7SUFDakMsTUFBTSxFQUFFLFVBQVUsQ0FBQztJQUNuQiw0Q0FBNEM7SUFDNUMsV0FBVyxFQUFFLE1BQU0sQ0FBQztJQUNwQix5REFBeUQ7SUFDekQsU0FBUyxDQUFDLEVBQUUsTUFBTSxDQUFDO0lBQ25CLDREQUE0RDtJQUM1RCxNQUFNLEVBQUUsTUFBTSxDQUFDO0lBQ2YsNERBQTREO0lBQzVELFNBQVMsRUFBRSxNQUFNLENBQUM7SUFDbEIsd0NBQXdDO0lBQ3hDLFNBQVMsRUFBRSxJQUFJLENBQUM7SUFDaEIsK0RBQStEO0lBQy9ELFdBQVcsQ0FBQyxFQUFFLElBQUksQ0FBQztJQUNuQiwwQ0FBMEM7SUFDMUMsWUFBWSxDQUFDLEVBQUUsTUFBTSxDQUFDO0NBQ3ZCO0FBRUQ7O0dBRUc7QUFDSCxNQUFNLFdBQVcsY0FBYztJQUM3QixnQkFBZ0IsRUFBRSxVQUFVLENBQUM7SUFDN0IsSUFBSSxFQUFFLE1BQU0sQ0FBQztJQUNiLFFBQVEsRUFBRSxRQUFRLENBQUM7Q0FDcEI7QUFFRDs7R0FFRztBQUNILE1BQU0sV0FBVyxvQkFBb0I7SUFDbkMsZ0JBQWdCLEVBQUUsVUFBVSxDQUFDO0lBQzdCLElBQUksRUFBRSxNQUFNLENBQUM7SUFDYixXQUFXLEVBQUUsTUFBTSxDQUFDO0lBQ3BCLFFBQVEsRUFBRSxRQUFRLENBQUM7SUFDbkIsV0FBVyxFQUFFLE1BQU0sQ0FBQztJQUNwQixNQUFNLEVBQUUsTUFBTSxDQUFDO0NBQ2hCO0FBRUQ7O0dBRUc7QUFDSCxNQUFNLFdBQVcsbUJBQW1CO0lBQ2xDLGdCQUFnQixFQUFFLFVBQVUsQ0FBQztJQUM3QixJQUFJLEVBQUUsTUFBTSxDQUFDO0lBQ2IsUUFBUSxFQUFFLFFBQVEsQ0FBQztJQUNuQixTQUFTLEVBQUUsU0FBUyxDQUFDO0lBQ3JCLE1BQU0sRUFBRSxNQUFNLENBQUM7SUFDZixTQUFTLEVBQUUsTUFBTSxDQUFDO0NBQ25CO0FBRUQ7O0dBRUc7QUFDSCxNQUFNLFdBQVcsZ0JBQWdCO0lBQy9CLGdCQUFnQixFQUFFLFVBQVUsQ0FBQztJQUM3QixJQUFJLEVBQUUsTUFBTSxDQUFDO0lBQ2IsUUFBUSxFQUFFLFFBQVEsQ0FBQztJQUNuQixTQUFTLEVBQUUsTUFBTSxDQUFDO0NBQ25CIn0=

package/dest/db/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/db/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAChE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iCAAiC,CAAC;AAEjE;;GAEG;AACH,MAAM,WAAW,OAAO;IACtB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,QAAQ,CAAC;IACpB,MAAM,EAAE,UAAU,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,IAAI,CAAC;IACjB,YAAY,EAAE,IAAI,GAAG,IAAI,CAAC;IAC1B,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;CAC9B;AAED;;GAEG;AACH,MAAM,WAAW,cAAe,SAAQ,OAAO;IAC7C,MAAM,EAAE,OAAO,CAAC;CACjB;AAED;;GAEG;AACH,oBAAY,QAAQ;IAClB,cAAc,mBAAmB;IACjC,WAAW,gBAAgB;IAC3B,wBAAwB,6BAA6B;CACtD;AAED;;GAEG;AACH,oBAAY,UAAU;IACpB,OAAO,YAAY;IACnB,MAAM,WAAW;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,wCAAwC;IACxC,gBAAgB,EAAE,UAAU,CAAC;IAC7B,gCAAgC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,iCAAiC;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,mCAAmC;IACnC,QAAQ,EAAE,QAAQ,CAAC;IACnB,iCAAiC;IACjC,MAAM,EAAE,UAAU,CAAC;IACnB,4CAA4C;IAC5C,WAAW,EAAE,MAAM,CAAC;IACpB,yDAAyD;IACzD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,4DAA4D;IAC5D,MAAM,EAAE,MAAM,CAAC;IACf,4DAA4D;IAC5D,SAAS,EAAE,MAAM,CAAC;IAClB,wCAAwC;IACxC,SAAS,EAAE,IAAI,CAAC;IAChB,+DAA+D;IAC/D,WAAW,CAAC,EAAE,IAAI,CAAC;IACnB,0CAA0C;IAC1C,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,gBAAgB,EAAE,UAAU,CAAC;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,QAAQ,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,gBAAgB,EAAE,UAAU,CAAC;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,QAAQ,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,gBAAgB,EAAE,UAAU,CAAC;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,QAAQ,CAAC;IACnB,SAAS,EAAE,SAAS,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,gBAAgB,EAAE,UAAU,CAAC;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,QAAQ,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB"}

package/dest/db/types.js

@@ -0,0 +1,15 @@
+/**
+ * Type of validator duty being performed
+ */ export var DutyType = /*#__PURE__*/ function(DutyType) {
+    DutyType["BLOCK_PROPOSAL"] = "BLOCK_PROPOSAL";
+    DutyType["ATTESTATION"] = "ATTESTATION";
+    DutyType["ATTESTATIONS_AND_SIGNERS"] = "ATTESTATIONS_AND_SIGNERS";
+    return DutyType;
+}({});
+/**
+ * Status of a duty in the database
+ */ export var DutyStatus = /*#__PURE__*/ function(DutyStatus) {
+    DutyStatus["SIGNING"] = "signing";
+    DutyStatus["SIGNED"] = "signed";
+    return DutyStatus;
+}({});

package/dest/errors.d.ts

@@ -0,0 +1,30 @@
+/**
+ * Custom errors for the validator HA signer
+ */
+import type { DutyType } from './db/types.js';
+/**
+ * Thrown when a duty has already been signed (by any node).
+ * This is expected behavior in an HA setup - all nodes try to sign,
+ * the first one wins, and subsequent attempts get this error.
+ */
+export declare class DutyAlreadySignedError extends Error {
+    readonly slot: bigint;
+    readonly dutyType: DutyType;
+    readonly signedByNode: string;
+    constructor(slot: bigint, dutyType: DutyType, signedByNode: string);
+}
+/**
+ * Thrown when attempting to sign data that conflicts with an already-signed duty.
+ * This means the same validator tried to sign DIFFERENT data for the same slot.
+ *
+ * This is expected in HA setups where nodes may build different blocks
+ * (e.g., different transaction ordering) - the protection prevents double-signing.
+ */
+export declare class SlashingProtectionError extends Error {
+    readonly slot: bigint;
+    readonly dutyType: DutyType;
+    readonly existingMessageHash: string;
+    readonly attemptedMessageHash: string;
+    constructor(slot: bigint, dutyType: DutyType, existingMessageHash: string, attemptedMessageHash: string);
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXJyb3JzLmQudHMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvZXJyb3JzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOztHQUVHO0FBQ0gsT0FBTyxLQUFLLEVBQUUsUUFBUSxFQUFFLE1BQU0sZUFBZSxDQUFDO0FBRTlDOzs7O0dBSUc7QUFDSCxxQkFBYSxzQkFBdUIsU0FBUSxLQUFLO2FBRTdCLElBQUksRUFBRSxNQUFNO2FBQ1osUUFBUSxFQUFFLFFBQVE7YUFDbEIsWUFBWSxFQUFFLE1BQU07SUFIdEMsWUFDa0IsSUFBSSxFQUFFLE1BQU0sRUFDWixRQUFRLEVBQUUsUUFBUSxFQUNsQixZQUFZLEVBQUUsTUFBTSxFQUlyQztDQUNGO0FBRUQ7Ozs7OztHQU1HO0FBQ0gscUJBQWEsdUJBQXdCLFNBQVEsS0FBSzthQUU5QixJQUFJLEVBQUUsTUFBTTthQUNaLFFBQVEsRUFBRSxRQUFRO2FBQ2xCLG1CQUFtQixFQUFFLE1BQU07YUFDM0Isb0JBQW9CLEVBQUUsTUFBTTtJQUo5QyxZQUNrQixJQUFJLEVBQUUsTUFBTSxFQUNaLFFBQVEsRUFBRSxRQUFRLEVBQ2xCLG1CQUFtQixFQUFFLE1BQU0sRUFDM0Isb0JBQW9CLEVBQUUsTUFBTSxFQU83QztDQUNGIn0=

package/dest/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAE9C;;;;GAIG;AACH,qBAAa,sBAAuB,SAAQ,KAAK;aAE7B,IAAI,EAAE,MAAM;aACZ,QAAQ,EAAE,QAAQ;aAClB,YAAY,EAAE,MAAM;IAHtC,YACkB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,QAAQ,EAClB,YAAY,EAAE,MAAM,EAIrC;CACF;AAED;;;;;;GAMG;AACH,qBAAa,uBAAwB,SAAQ,KAAK;aAE9B,IAAI,EAAE,MAAM;aACZ,QAAQ,EAAE,QAAQ;aAClB,mBAAmB,EAAE,MAAM;aAC3B,oBAAoB,EAAE,MAAM;IAJ9C,YACkB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,QAAQ,EAClB,mBAAmB,EAAE,MAAM,EAC3B,oBAAoB,EAAE,MAAM,EAO7C;CACF"}

package/dest/errors.js

@@ -0,0 +1,31 @@
+/**
+ * Custom errors for the validator HA signer
+ */ /**
+ * Thrown when a duty has already been signed (by any node).
+ * This is expected behavior in an HA setup - all nodes try to sign,
+ * the first one wins, and subsequent attempts get this error.
+ */ export class DutyAlreadySignedError extends Error {
+    slot;
+    dutyType;
+    signedByNode;
+    constructor(slot, dutyType, signedByNode){
+        super(`Duty ${dutyType} for slot ${slot} already signed by node ${signedByNode}`), this.slot = slot, this.dutyType = dutyType, this.signedByNode = signedByNode;
+        this.name = 'DutyAlreadySignedError';
+    }
+}
+/**
+ * Thrown when attempting to sign data that conflicts with an already-signed duty.
+ * This means the same validator tried to sign DIFFERENT data for the same slot.
+ *
+ * This is expected in HA setups where nodes may build different blocks
+ * (e.g., different transaction ordering) - the protection prevents double-signing.
+ */ export class SlashingProtectionError extends Error {
+    slot;
+    dutyType;
+    existingMessageHash;
+    attemptedMessageHash;
+    constructor(slot, dutyType, existingMessageHash, attemptedMessageHash){
+        super(`Slashing protection: ${dutyType} for slot ${slot} was already signed with different data. ` + `Existing: ${existingMessageHash.slice(0, 10)}..., Attempted: ${attemptedMessageHash.slice(0, 10)}...`), this.slot = slot, this.dutyType = dutyType, this.existingMessageHash = existingMessageHash, this.attemptedMessageHash = attemptedMessageHash;
+        this.name = 'SlashingProtectionError';
+    }
+}

package/dest/factory.d.ts

@@ -0,0 +1,50 @@
+import type { CreateHASignerConfig } from './config.js';
+import type { CreateHASignerDeps, SlashingProtectionDatabase } from './types.js';
+import { ValidatorHASigner } from './validator_ha_signer.js';
+/**
+ * Create a validator HA signer with PostgreSQL backend
+ *
+ * After creating the signer, call `signer.start()` to begin background
+ * cleanup tasks. Call `signer.stop()` during graceful shutdown.
+ *
+ * Example with manual migrations (recommended for production):
+ * ```bash
+ * # Run migrations separately
+ * yarn migrate:up
+ * ```
+ *
+ * ```typescript
+ * const { signer, db } = await createHASigner({
+ *   databaseUrl: process.env.DATABASE_URL,
+ *   enabled: true,
+ *   nodeId: 'validator-node-1',
+ *   pollingIntervalMs: 100,
+ *   signingTimeoutMs: 3000,
+ * });
+ * signer.start(); // Start background cleanup
+ *
+ * // ... use signer ...
+ *
+ * await signer.stop(); // On shutdown
+ * ```
+ *
+ * Example with automatic migrations (simpler for dev/testing):
+ * ```typescript
+ * const { signer, db } = await createHASigner({
+ *   databaseUrl: process.env.DATABASE_URL,
+ *   enabled: true,
+ *   nodeId: 'validator-node-1',
+ *   runMigrations: true, // Auto-run migrations on startup
+ * });
+ * signer.start();
+ * ```
+ *
+ * @param config - Configuration for the HA signer
+ * @param deps - Optional dependencies (e.g., for testing)
+ * @returns An object containing the signer and database instances
+ */
+export declare function createHASigner(config: CreateHASignerConfig, deps?: CreateHASignerDeps): Promise<{
+    signer: ValidatorHASigner;
+    db: SlashingProtectionDatabase;
+}>;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZmFjdG9yeS5kLnRzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL2ZhY3RvcnkudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBS0EsT0FBTyxLQUFLLEVBQUUsb0JBQW9CLEVBQUUsTUFBTSxhQUFhLENBQUM7QUFFeEQsT0FBTyxLQUFLLEVBQUUsa0JBQWtCLEVBQUUsMEJBQTBCLEVBQUUsTUFBTSxZQUFZLENBQUM7QUFDakYsT0FBTyxFQUFFLGlCQUFpQixFQUFFLE1BQU0sMEJBQTBCLENBQUM7QUFFN0Q7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0dBeUNHO0FBQ0gsd0JBQXNCLGNBQWMsQ0FDbEMsTUFBTSxFQUFFLG9CQUFvQixFQUM1QixJQUFJLENBQUMsRUFBRSxrQkFBa0IsR0FDeEIsT0FBTyxDQUFDO0lBQ1QsTUFBTSxFQUFFLGlCQUFpQixDQUFDO0lBQzFCLEVBQUUsRUFBRSwwQkFBMEIsQ0FBQztDQUNoQyxDQUFDLENBNEJEIn0=

package/dest/factory.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"factory.d.ts","sourceRoot":"","sources":["../src/factory.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAExD,OAAO,KAAK,EAAE,kBAAkB,EAAE,0BAA0B,EAAE,MAAM,YAAY,CAAC;AACjF,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAE7D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyCG;AACH,wBAAsB,cAAc,CAClC,MAAM,EAAE,oBAAoB,EAC5B,IAAI,CAAC,EAAE,kBAAkB,GACxB,OAAO,CAAC;IACT,MAAM,EAAE,iBAAiB,CAAC;IAC1B,EAAE,EAAE,0BAA0B,CAAC;CAChC,CAAC,CA4BD"}

package/dest/factory.js

@@ -0,0 +1,75 @@
+/**
+ * Factory functions for creating validator HA signers
+ */ import { Pool } from 'pg';
+import { PostgresSlashingProtectionDatabase } from './db/postgres.js';
+import { ValidatorHASigner } from './validator_ha_signer.js';
+/**
+ * Create a validator HA signer with PostgreSQL backend
+ *
+ * After creating the signer, call `signer.start()` to begin background
+ * cleanup tasks. Call `signer.stop()` during graceful shutdown.
+ *
+ * Example with manual migrations (recommended for production):
+ * ```bash
+ * # Run migrations separately
+ * yarn migrate:up
+ * ```
+ *
+ * ```typescript
+ * const { signer, db } = await createHASigner({
+ *   databaseUrl: process.env.DATABASE_URL,
+ *   enabled: true,
+ *   nodeId: 'validator-node-1',
+ *   pollingIntervalMs: 100,
+ *   signingTimeoutMs: 3000,
+ * });
+ * signer.start(); // Start background cleanup
+ *
+ * // ... use signer ...
+ *
+ * await signer.stop(); // On shutdown
+ * ```
+ *
+ * Example with automatic migrations (simpler for dev/testing):
+ * ```typescript
+ * const { signer, db } = await createHASigner({
+ *   databaseUrl: process.env.DATABASE_URL,
+ *   enabled: true,
+ *   nodeId: 'validator-node-1',
+ *   runMigrations: true, // Auto-run migrations on startup
+ * });
+ * signer.start();
+ * ```
+ *
+ * @param config - Configuration for the HA signer
+ * @param deps - Optional dependencies (e.g., for testing)
+ * @returns An object containing the signer and database instances
+ */ export async function createHASigner(config, deps) {
+    const { databaseUrl, poolMaxCount, poolMinCount, poolIdleTimeoutMs, poolConnectionTimeoutMs, ...signerConfig } = config;
+    // Create connection pool (or use provided pool)
+    let pool;
+    if (!deps?.pool) {
+        pool = new Pool({
+            connectionString: databaseUrl,
+            max: poolMaxCount ?? 10,
+            min: poolMinCount ?? 0,
+            idleTimeoutMillis: poolIdleTimeoutMs ?? 10_000,
+            connectionTimeoutMillis: poolConnectionTimeoutMs ?? 0
+        });
+    } else {
+        pool = deps.pool;
+    }
+    // Create database instance
+    const db = new PostgresSlashingProtectionDatabase(pool);
+    // Verify database schema is initialized and version matches
+    await db.initialize();
+    // Create signer
+    const signer = new ValidatorHASigner(db, {
+        ...signerConfig,
+        databaseUrl
+    });
+    return {
+        signer,
+        db
+    };
+}

package/dest/migrations.d.ts

@@ -0,0 +1,15 @@
+export interface RunMigrationsOptions {
+    /** Migration direction ('up' to apply, 'down' to rollback). Defaults to 'up'. */
+    direction?: 'up' | 'down';
+    /** Enable verbose output. Defaults to false. */
+    verbose?: boolean;
+}
+/**
+ * Run database migrations programmatically
+ *
+ * @param databaseUrl - PostgreSQL connection string
+ * @param options - Migration options (direction, verbose)
+ * @returns Array of applied migration names
+ */
+export declare function runMigrations(databaseUrl: string, options?: RunMigrationsOptions): Promise<string[]>;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibWlncmF0aW9ucy5kLnRzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL21pZ3JhdGlvbnMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBWUEsTUFBTSxXQUFXLG9CQUFvQjtJQUNuQyxpRkFBaUY7SUFDakYsU0FBUyxDQUFDLEVBQUUsSUFBSSxHQUFHLE1BQU0sQ0FBQztJQUMxQixnREFBZ0Q7SUFDaEQsT0FBTyxDQUFDLEVBQUUsT0FBTyxDQUFDO0NBQ25CO0FBRUQ7Ozs7OztHQU1HO0FBQ0gsd0JBQXNCLGFBQWEsQ0FBQyxXQUFXLEVBQUUsTUFBTSxFQUFFLE9BQU8sR0FBRSxvQkFBeUIsR0FBRyxPQUFPLENBQUMsTUFBTSxFQUFFLENBQUMsQ0FnQzlHIn0=

package/dest/migrations.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"migrations.d.ts","sourceRoot":"","sources":["../src/migrations.ts"],"names":[],"mappings":"AAYA,MAAM,WAAW,oBAAoB;IACnC,iFAAiF;IACjF,SAAS,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC;IAC1B,gDAAgD;IAChD,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;;;;;GAMG;AACH,wBAAsB,aAAa,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,GAAE,oBAAyB,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAgC9G"}

package/dest/migrations.js

@@ -0,0 +1,42 @@
+/**
+ * Programmatic migration runner
+ */ import { createLogger } from '@aztec/foundation/log';
+import { runner } from 'node-pg-migrate';
+import { dirname, join } from 'path';
+import { fileURLToPath } from 'url';
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+/**
+ * Run database migrations programmatically
+ *
+ * @param databaseUrl - PostgreSQL connection string
+ * @param options - Migration options (direction, verbose)
+ * @returns Array of applied migration names
+ */ export async function runMigrations(databaseUrl, options = {}) {
+    const direction = options.direction ?? 'up';
+    const verbose = options.verbose ?? false;
+    const log = createLogger('validator-ha-signer:migrations');
+    try {
+        log.info(`Running migrations ${direction}...`);
+        const appliedMigrations = await runner({
+            databaseUrl,
+            dir: join(__dirname, 'db', 'migrations'),
+            direction,
+            migrationsTable: 'pgmigrations',
+            count: direction === 'down' ? 1 : Infinity,
+            verbose,
+            log: (msg)=>verbose ? log.info(msg) : log.debug(msg)
+        });
+        if (appliedMigrations.length === 0) {
+            log.info('No migrations to apply - schema is up to date');
+        } else {
+            log.info(`Applied ${appliedMigrations.length} migration(s)`, {
+                migrations: appliedMigrations.map((m)=>m.name)
+            });
+        }
+        return appliedMigrations.map((m)=>m.name);
+    } catch (error) {
+        log.error('Migration failed', error);
+        throw error;
+    }
+}