@chainsafe/lodestar 1.35.0-dev.8cacf063da → 1.35.0-dev.901d719660

package/src/cmds/validator/handler.ts

@@ -0,0 +1,300 @@
+import {setMaxListeners} from "node:events";
+import path from "node:path";
+import {WireFormat, routes} from "@lodestar/api";
+import {
+  MonitoringService,
+  RegistryMetricCreator,
+  collectNodeJSMetrics,
+  getHttpMetricsServer,
+} from "@lodestar/beacon-node";
+import {LevelDbController} from "@lodestar/db/controller/level";
+import {getNodeLogger} from "@lodestar/logger/node";
+import {
+  ProcessShutdownCallback,
+  SlashingProtection,
+  Validator,
+  ValidatorProposerConfig,
+  defaultOptions,
+  getMetrics,
+} from "@lodestar/validator";
+import {getBeaconConfigFromArgs} from "../../config/index.js";
+import {GlobalArgs} from "../../options/index.js";
+import {
+  YargsError,
+  cleanOldLogFiles,
+  mkdir,
+  onGracefulShutdown,
+  parseFeeRecipient,
+  parseLoggerArgs,
+  parseProposerConfig,
+} from "../../util/index.js";
+import {parseBuilderBoostFactor, parseBuilderSelection} from "../../util/proposerConfig.js";
+import {getVersionData} from "../../util/version.js";
+import {KeymanagerApi} from "./keymanager/impl.js";
+import {IPersistedKeysBackend} from "./keymanager/interface.js";
+import {PersistedKeysBackend} from "./keymanager/persistedKeys.js";
+import {KeymanagerRestApiServer} from "./keymanager/server.js";
+import {IValidatorCliArgs, validatorMetricsDefaultOptions, validatorMonitoringDefaultOptions} from "./options.js";
+import {getAccountPaths, getValidatorPaths} from "./paths.js";
+import {getSignersFromArgs} from "./signers/index.js";
+import {logSigners, warnOrExitNoSigners} from "./signers/logSigners.js";
+
+/**
+ * Runs a validator client.
+ */
+export async function validatorHandler(args: IValidatorCliArgs & GlobalArgs): Promise<void> {
+  const {config, network} = getBeaconConfigFromArgs(args);
+
+  const {doppelgangerProtection} = args;
+
+  const validatorPaths = getValidatorPaths(args, network);
+  const accountPaths = getAccountPaths(args, network);
+
+  const defaultLogFilepath = path.join(validatorPaths.dataDir, "validator.log");
+  const logger = getNodeLogger(parseLoggerArgs(args, {defaultLogFilepath}, config));
+  try {
+    cleanOldLogFiles(args, {defaultLogFilepath});
+  } catch (e) {
+    logger.debug("Not able to delete log files", {}, e as Error);
+  }
+
+  const persistedKeysBackend = new PersistedKeysBackend(accountPaths);
+  const valProposerConfig = getProposerConfigFromArgs(args, {persistedKeysBackend, accountPaths});
+
+  const {version, commit} = getVersionData();
+  logger.info("Lodestar", {network, version, commit});
+  if (args.distributed) logger.info("Client is configured to run as part of a distributed validator cluster");
+  logger.info("Connecting to LevelDB database", {path: validatorPaths.validatorsDbDir});
+
+  const dbPath = validatorPaths.validatorsDbDir;
+  mkdir(dbPath);
+
+  const onGracefulShutdownCbs: (() => Promise<void> | void)[] = [];
+  onGracefulShutdown(async () => {
+    for (const cb of onGracefulShutdownCbs) await cb();
+  }, logger.info.bind(logger));
+
+  // Callback for validator to request forced exit, in case of doppelganger detection
+  const processShutdownCallback: ProcessShutdownCallback = (err) => {
+    logger.error("Process shutdown requested", {}, err);
+    process.kill(process.pid, "SIGINT");
+  };
+
+  // This AbortController interrupts various validators ops: genesis req, clients call, clock etc
+  const abortController = new AbortController();
+
+  // We set infinity for abort controller used for validator operations,
+  // to prevent MaxListenersExceededWarning which get logged when listeners > 10
+  // Since it is perfectly fine to have listeners > 10
+  setMaxListeners(Infinity, abortController.signal);
+
+  onGracefulShutdownCbs.push(async () => abortController.abort());
+
+  /**
+   * For rationale and documentation of how signers are loaded from args and disk,
+   * see {@link PersistedKeysBackend} and {@link getSignersFromArgs}
+   *
+   * Note: local signers are already locked once returned from this function.
+   */
+  const signers = await getSignersFromArgs(args, network, {logger, signal: abortController.signal});
+
+  // Ensure the validator has at least one key
+  if (signers.length === 0) {
+    warnOrExitNoSigners(args, logger);
+  }
+
+  logSigners(logger, signers);
+
+  const db = await LevelDbController.create({name: dbPath}, {metrics: null, logger});
+  onGracefulShutdownCbs.push(() => db.close());
+
+  const slashingProtection = new SlashingProtection(db);
+
+  // Create metrics registry if metrics are enabled or monitoring endpoint is configured
+  // Send version and network data for static registries
+
+  const register = args.metrics || args["monitoring.endpoint"] ? new RegistryMetricCreator() : null;
+  const metrics = register && getMetrics(register, {version, commit, network});
+
+  // Start metrics server if metrics are enabled.
+  // Collect NodeJS metrics defined in the Lodestar repo
+
+  if (metrics) {
+    const closeMetrics = collectNodeJSMetrics(register);
+    onGracefulShutdownCbs.push(() => closeMetrics());
+
+    // only start server if metrics are explicitly enabled
+    if (args.metrics) {
+      const port = args["metrics.port"] ?? validatorMetricsDefaultOptions.port;
+      const address = args["metrics.address"] ?? validatorMetricsDefaultOptions.address;
+      const metricsServer = await getHttpMetricsServer({port, address}, {register, logger});
+
+      onGracefulShutdownCbs.push(() => metricsServer.close());
+    }
+  }
+
+  if (args["monitoring.endpoint"]) {
+    const {interval, initialDelay, requestTimeout, collectSystemStats} = validatorMonitoringDefaultOptions;
+
+    const monitoring = new MonitoringService(
+      "validator",
+      {
+        endpoint: args["monitoring.endpoint"],
+        interval: args["monitoring.interval"] ?? interval,
+        initialDelay: args["monitoring.initialDelay"] ?? initialDelay,
+        requestTimeout: args["monitoring.requestTimeout"] ?? requestTimeout,
+        collectSystemStats: args["monitoring.collectSystemStats"] ?? collectSystemStats,
+      },
+      {register: register as RegistryMetricCreator, logger}
+    );
+
+    onGracefulShutdownCbs.push(() => monitoring.close());
+  }
+
+  // This promise resolves once genesis is available.
+  // It will wait for genesis, so this promise can be potentially very long
+
+  const validator = await Validator.initializeFromBeaconNode(
+    {
+      db,
+      config,
+      slashingProtection,
+      api: {
+        clientOrUrls: args.beaconNodes,
+        globalInit: {
+          requestWireFormat: parseWireFormat(args, "http.requestWireFormat"),
+          responseWireFormat: parseWireFormat(args, "http.responseWireFormat"),
+          headers: {"User-Agent": `Lodestar/${version}`},
+        },
+      },
+      logger,
+      processShutdownCallback,
+      signers,
+      abortController,
+      doppelgangerProtection,
+      afterBlockDelaySlotFraction: args.afterBlockDelaySlotFraction,
+      scAfterBlockDelaySlotFraction: args.scAfterBlockDelaySlotFraction,
+      valProposerConfig,
+      distributed: args.distributed,
+      broadcastValidation: parseBroadcastValidation(args.broadcastValidation),
+      blindedLocal: args.blindedLocal,
+      externalSigner: {
+        url: args["externalSigner.url"],
+        fetch: args["externalSigner.fetch"],
+        fetchInterval: args["externalSigner.fetchInterval"],
+      },
+    },
+    metrics
+  );
+
+  onGracefulShutdownCbs.push(() => validator.close());
+
+  // Start keymanager API backend
+  // Only if keymanagerEnabled flag is set to true
+  if (args.keymanager) {
+    // if proposerSettingsFile provided disable the key proposerConfigWrite in keymanager
+    const proposerConfigWriteDisabled = args.proposerSettingsFile !== undefined;
+    if (proposerConfigWriteDisabled) {
+      logger.warn(
+        "Proposer data updates (feeRecipient/gasLimit etc) will not be available via Keymanager API as proposerSettingsFile has been set"
+      );
+    }
+
+    const keymanagerApi = new KeymanagerApi(
+      validator,
+      persistedKeysBackend,
+      abortController.signal,
+      proposerConfigWriteDisabled
+    );
+    const keymanagerServer = new KeymanagerRestApiServer(
+      {
+        address: args["keymanager.address"],
+        port: args["keymanager.port"],
+        cors: args["keymanager.cors"],
+        isAuthEnabled: args["keymanager.auth"],
+        headerLimit: args["keymanager.headerLimit"],
+        bodyLimit: args["keymanager.bodyLimit"],
+        stacktraces: args["keymanager.stacktraces"],
+        tokenFile: args["keymanager.tokenFile"],
+        tokenDir: dbPath,
+      },
+      {config, logger, api: keymanagerApi, metrics: metrics ? metrics.keymanagerApiRest : null}
+    );
+    onGracefulShutdownCbs.push(() => keymanagerServer.close());
+    await keymanagerServer.listen();
+  }
+}
+
+function getProposerConfigFromArgs(
+  args: IValidatorCliArgs,
+  {
+    persistedKeysBackend,
+    accountPaths,
+  }: {persistedKeysBackend: IPersistedKeysBackend; accountPaths: {proposerDir: string}}
+): ValidatorProposerConfig {
+  const defaultConfig = {
+    graffiti: args.graffiti,
+    strictFeeRecipientCheck: args.strictFeeRecipientCheck,
+    feeRecipient: args.suggestedFeeRecipient ? parseFeeRecipient(args.suggestedFeeRecipient) : undefined,
+    builder: {
+      gasLimit: args.defaultGasLimit,
+      selection: parseBuilderSelection(
+        args["builder.selection"] ?? (args.builder ? defaultOptions.builderAliasSelection : undefined)
+      ),
+      boostFactor: parseBuilderBoostFactor(args["builder.boostFactor"]),
+    },
+  };
+
+  let valProposerConfig: ValidatorProposerConfig;
+  const proposerConfigFromKeymanager = persistedKeysBackend.readProposerConfigs();
+
+  if (Object.keys(proposerConfigFromKeymanager).length > 0) {
+    // from persistedBackend
+    if (args.proposerSettingsFile) {
+      throw new YargsError(
+        `Cannot accept --proposerSettingsFile since it conflicts with proposer configs previously persisted via the keymanager api. Delete directory ${accountPaths.proposerDir} to discard them`
+      );
+    }
+    valProposerConfig = {proposerConfig: proposerConfigFromKeymanager, defaultConfig};
+  } else {
+    // from Proposer Settings File
+    if (args.proposerSettingsFile) {
+      // parseProposerConfig will override the defaults with the arg created defaultConfig
+      valProposerConfig = parseProposerConfig(args.proposerSettingsFile, defaultConfig);
+    } else {
+      valProposerConfig = {defaultConfig} as ValidatorProposerConfig;
+    }
+  }
+  return valProposerConfig;
+}
+
+function parseBroadcastValidation(broadcastValidation?: string): routes.beacon.BroadcastValidation | undefined {
+  if (broadcastValidation) {
+    switch (broadcastValidation) {
+      case "gossip":
+      case "consensus":
+      case "consensus_and_equivocation":
+        break;
+      default:
+        throw new YargsError("Invalid input for broadcastValidation, check help");
+    }
+  }
+
+  return broadcastValidation as routes.beacon.BroadcastValidation;
+}
+
+function parseWireFormat(args: IValidatorCliArgs, key: keyof IValidatorCliArgs): WireFormat | undefined {
+  const wireFormat = args[key];
+
+  if (wireFormat !== undefined) {
+    switch (wireFormat) {
+      case WireFormat.json:
+      case WireFormat.ssz:
+        break;
+      default:
+        throw new YargsError(`Invalid input for ${key}, must be one of "${WireFormat.json}" or "${WireFormat.ssz}"`);
+    }
+  }
+
+  return wireFormat;
+}

package/src/cmds/validator/import.ts

@@ -0,0 +1,111 @@
+import fs from "node:fs";
+import {Keystore} from "@chainsafe/bls-keystore";
+import {CliCommand} from "@lodestar/utils";
+import {getBeaconConfigFromArgs} from "../../config/beaconParams.js";
+import {GlobalArgs} from "../../options/index.js";
+import {YargsError, getPubkeyHexFromKeystore} from "../../util/index.js";
+import {PersistedKeysBackend} from "./keymanager/persistedKeys.js";
+import {IValidatorCliArgs, validatorOptions} from "./options.js";
+import {getAccountPaths} from "./paths.js";
+import {importKeystoreDefinitionsFromExternalDir, readPassphraseOrPrompt} from "./signers/importExternalKeystores.js";
+
+type ValidatorImportArgs = Pick<IValidatorCliArgs, "importKeystores" | "importKeystoresPassword">;
+
+const {importKeystores, importKeystoresPassword} = validatorOptions;
+
+export const importCmd: CliCommand<ValidatorImportArgs, IValidatorCliArgs & GlobalArgs> = {
+  command: "import",
+
+  describe:
+    "Imports one or more EIP-2335 keystores into a Lodestar validator client directory, \
+requesting passwords interactively. The directory flag provides a convenient \
+method for importing a directory of keys generated by the eth2-deposit-cli \
+Ethereum Foundation utility.",
+
+  examples: [
+    {
+      command: "validator import --network hoodi --importKeystores $HOME/staking-deposit-cli/validator_keys",
+      description: "Import validator keystores generated with the Ethereum Foundation Staking Launchpad",
+    },
+  ],
+
+  // Note: re-uses `--importKeystores` and `--importKeystoresPassword` from root validator command options
+
+  options: {
+    importKeystores: {
+      ...importKeystores,
+      requiresArg: true,
+    },
+    importKeystoresPassword,
+  },
+
+  handler: async (args) => {
+    const {network} = getBeaconConfigFromArgs(args);
+
+    // This command takes: importKeystores, importKeystoresPassword
+    //
+    // - recursively finds keystores in importKeystores
+    // - validates keystores can decrypt
+    // - writes them in persisted form - do not lock
+
+    if (!args.importKeystores) {
+      throw new YargsError("Must set importKeystores");
+    }
+
+    // Collect same password for all keystores
+    // If importKeystoresPassword is not provided, interactive prompt for it
+
+    const keystoreDefinitions = importKeystoreDefinitionsFromExternalDir({
+      keystoresPath: args.importKeystores,
+      password: await readPassphraseOrPrompt(args),
+    });
+
+    if (keystoreDefinitions.length === 0) {
+      throw new YargsError("No keystores found");
+    }
+
+    console.log(
+      `Importing ${keystoreDefinitions.length} keystores:\n ${keystoreDefinitions
+        .map((def) => def.keystorePath)
+        .join("\n")}`
+    );
+
+    const accountPaths = getAccountPaths(args, network);
+    const persistedKeystoresBackend = new PersistedKeysBackend(accountPaths);
+    let importedCount = 0;
+
+    for (const {keystorePath, password} of keystoreDefinitions) {
+      const keystoreStr = fs.readFileSync(keystorePath, "utf8");
+      const keystore = Keystore.parse(keystoreStr);
+      const pubkeyHex = getPubkeyHexFromKeystore(keystore);
+
+      // Check if keystore can decrypt
+      if (!(await keystore.verifyPassword(password))) {
+        throw Error(`Invalid password for keystore ${keystorePath}`);
+      }
+
+      const didImportKey = persistedKeystoresBackend.writeKeystore({
+        keystoreStr,
+        password,
+        // Not used immediately
+        lockBeforeWrite: false,
+        // Return duplicate status if already found
+        persistIfDuplicate: false,
+      });
+
+      if (didImportKey) {
+        console.log(`Imported keystore ${pubkeyHex} ${keystorePath}`);
+        importedCount++;
+      } else {
+        console.log(`Duplicate keystore ${pubkeyHex} ${keystorePath}`);
+      }
+    }
+
+    console.log(`\nSuccessfully imported ${importedCount}/${keystoreDefinitions.length} keystores`);
+
+    console.log(`
+  DO NOT USE THE ORIGINAL KEYSTORES TO VALIDATE WITH
+  ANOTHER CLIENT, OR YOU WILL GET SLASHED.
+  `);
+  },
+};

package/src/cmds/validator/index.ts

@@ -0,0 +1,28 @@
+import {CliCommand} from "@lodestar/utils";
+import {GlobalArgs} from "../../options/index.js";
+import {blsToExecutionChange} from "./blsToExecutionChange.js";
+import {validatorHandler} from "./handler.js";
+import {importCmd} from "./import.js";
+import {list} from "./list.js";
+import {IValidatorCliArgs, validatorOptions} from "./options.js";
+import {getAccountPaths} from "./paths.js";
+import {slashingProtection} from "./slashingProtection/index.js";
+import {voluntaryExit} from "./voluntaryExit.js";
+
+export const validator: CliCommand<IValidatorCliArgs, GlobalArgs> = {
+  command: "validator",
+  describe: "Run one or multiple validator clients",
+  docsFolder: "run/validator-management",
+  examples: [
+    {
+      command: "validator --network hoodi",
+      title: "Base `validator` command",
+      description:
+        "Run one validator client with all the keystores available in the directory" +
+        ` ${getAccountPaths({dataDir: ".hoodi"}, "hoodi").keystoresDir}`,
+    },
+  ],
+  options: validatorOptions,
+  handler: validatorHandler,
+  subcommands: [slashingProtection, importCmd, list, voluntaryExit, blsToExecutionChange],
+};

package/src/cmds/validator/keymanager/decryptKeystoreDefinitions.ts

@@ -0,0 +1,189 @@
+import fs from "node:fs";
+import path from "node:path";
+import {Keystore} from "@chainsafe/bls-keystore";
+import {SecretKey} from "@chainsafe/blst";
+import {LogLevel, Logger} from "@lodestar/utils";
+import {SignerLocal, SignerType} from "@lodestar/validator";
+import {lockFilepath, unlockFilepath} from "../../../util/lockfile.js";
+import {DecryptKeystoresThreadPool} from "./decryptKeystores/index.js";
+import {LocalKeystoreDefinition} from "./interface.js";
+import {clearKeystoreCache, loadKeystoreCache, writeKeystoreCache} from "./keystoreCache.js";
+
+export type KeystoreDecryptOptions = {
+  ignoreLockFile?: boolean;
+  onDecrypt?: (index: number) => void;
+  // Try to use the cache file if it exists
+  cacheFilePath?: string;
+  /** Use main thread to decrypt keystores */
+  disableThreadPool?: boolean;
+  logger: Pick<Logger, LogLevel.info | LogLevel.warn | LogLevel.debug>;
+  signal: AbortSignal;
+};
+
+type KeystoreDecryptError = {
+  keystoreFile: string;
+  error: Error;
+};
+
+/**
+ * Decrypt keystore definitions using a thread pool
+ */
+export async function decryptKeystoreDefinitions(
+  keystoreDefinitions: LocalKeystoreDefinition[],
+  opts: KeystoreDecryptOptions
+): Promise<SignerLocal[]> {
+  if (keystoreDefinitions.length === 0) {
+    return [];
+  }
+
+  if (opts.cacheFilePath) {
+    try {
+      const signers = await loadKeystoreCache(opts.cacheFilePath, keystoreDefinitions);
+
+      for (const {keystorePath} of keystoreDefinitions) {
+        lockKeystore(keystorePath, opts);
+      }
+
+      if (opts?.onDecrypt) {
+        opts?.onDecrypt(signers.length - 1);
+      }
+
+      opts.logger.debug("Loaded keystores via keystore cache");
+
+      return signers;
+    } catch (_e) {
+      // Some error loading the cache, ignore and invalidate cache
+      await clearKeystoreCache(opts.cacheFilePath);
+    }
+  }
+
+  const keystoreCount = keystoreDefinitions.length;
+  const signers = new Array<SignerLocal>(keystoreCount);
+  const passwords = new Array<string>(keystoreCount);
+  const errors: KeystoreDecryptError[] = [];
+
+  if (!opts.disableThreadPool) {
+    const decryptKeystores = new DecryptKeystoresThreadPool(keystoreCount, opts.signal);
+
+    for (const [index, definition] of keystoreDefinitions.entries()) {
+      lockKeystore(definition.keystorePath, opts);
+
+      decryptKeystores.queue(
+        definition,
+        (secretKeyBytes: Uint8Array) => {
+          const signer: SignerLocal = {
+            type: SignerType.Local,
+            secretKey: SecretKey.fromBytes(secretKeyBytes),
+          };
+
+          signers[index] = signer;
+          passwords[index] = definition.password;
+
+          if (opts?.onDecrypt) {
+            opts?.onDecrypt(index);
+          }
+        },
+        (error: Error) => {
+          // In-progress tasks can't be canceled, so there's a chance that multiple errors may be caught
+          // add to the list of errors
+          errors.push({keystoreFile: path.basename(definition.keystorePath), error});
+          // cancel all pending tasks, no need to continue decrypting after we hit one error
+          decryptKeystores.cancel();
+        }
+      );
+    }
+
+    await decryptKeystores.completed();
+  } else {
+    // Decrypt keystores in main thread
+    for (const [index, definition] of keystoreDefinitions.entries()) {
+      lockKeystore(definition.keystorePath, opts);
+
+      try {
+        const keystore = Keystore.parse(fs.readFileSync(definition.keystorePath, "utf8"));
+
+        // Memory-hogging function
+        const secretKeyBytes = await keystore.decrypt(definition.password);
+
+        const signer: SignerLocal = {
+          type: SignerType.Local,
+          secretKey: SecretKey.fromBytes(secretKeyBytes),
+        };
+
+        signers[index] = signer;
+        passwords[index] = definition.password;
+
+        if (opts?.onDecrypt) {
+          opts?.onDecrypt(index);
+        }
+      } catch (e) {
+        errors.push({keystoreFile: path.basename(definition.keystorePath), error: e as Error});
+        // stop processing, no need to continue decrypting after we hit one error
+        break;
+      }
+    }
+  }
+
+  if (errors.length > 0) {
+    // If an error occurs, the program isn't going to be running,
+    // so we should unlock all lockfiles we created
+    for (const {keystorePath} of keystoreDefinitions) {
+      unlockFilepath(keystorePath);
+    }
+
+    throw formattedError(errors, signers, keystoreCount);
+  }
+
+  if (opts.cacheFilePath) {
+    await writeKeystoreCache(opts.cacheFilePath, signers, passwords);
+    opts.logger.debug("Written keystores to keystore cache");
+  }
+
+  return signers;
+}
+
+function lockKeystore(keystorePath: string, opts: KeystoreDecryptOptions): void {
+  try {
+    lockFilepath(keystorePath);
+  } catch (e) {
+    if (opts.ignoreLockFile) {
+      opts.logger.warn("Keystore forcefully loaded even though lockfile exists", {
+        path: keystorePath,
+      });
+    } else {
+      throw e;
+    }
+  }
+}
+
+function formattedError(errors: KeystoreDecryptError[], signers: SignerLocal[], keystoreCount: number): Error {
+  // Filter out errors due to terminating the thread pool
+  // https://github.com/ChainSafe/threads.js/blob/df351552cb7d08b8465f5d1e7c543c952d74ac67/src/master/pool.ts#L244
+  const decryptErrors = errors.filter(({error}) => !error.message.startsWith("Pool has been terminated"));
+
+  const errorCount = decryptErrors.length;
+  const decryptedCount = signers.filter(Boolean).length;
+  const abortedCount = keystoreCount - errorCount - decryptedCount;
+
+  let message = "Error importing keystores";
+
+  if (errorCount === 1) {
+    const {keystoreFile, error} = decryptErrors[0];
+    message = `Error importing keystore\n\n${keystoreFile}: ${error.message}`;
+  } else if (errorCount > 1) {
+    message =
+      "Multiple errors importing keystores\n\n" +
+      decryptErrors.map(({keystoreFile, error}) => `${keystoreFile}: ${error.message}`).join("\n");
+  }
+
+  if (abortedCount > 0) {
+    message += `\n\nAborted ${abortedCount} pending keystore import${abortedCount > 1 ? "s" : ""}`;
+  }
+
+  const error = new Error(message);
+
+  // Don't print out stack trace
+  error.stack = message;
+
+  return error;
+}

package/src/cmds/validator/keymanager/decryptKeystores/index.ts

@@ -0,0 +1 @@
+export {DecryptKeystoresThreadPool} from "./threadPool.js";

package/src/cmds/validator/keymanager/decryptKeystores/poolSize.ts

@@ -0,0 +1,16 @@
+let maxPoolSize: number;
+
+try {
+  if (typeof navigator !== "undefined") {
+    maxPoolSize = navigator.hardwareConcurrency ?? 4;
+  } else {
+    maxPoolSize = (await import("node:os")).availableParallelism();
+  }
+} catch (_e) {
+  maxPoolSize = 8;
+}
+
+/**
+ * Cross-platform approx number of logical cores
+ */
+export {maxPoolSize};