feat: ValidatorKeystore implementation for high-availability signer #19094
+2,543
−412
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
spypsy
force-pushed
the
spy/ha-keystore
branch
from
ab1a508 to
662e326
Compare
spypsy
requested review from
a team,
IlyasRidhuan,
LHerskind,
LeilaWang,
Maddiaa0,
charlielye,
dbanks12,
fcarreiro,
jeanmon,
just-mitch and
sirasistant
as code owners
spypsy
force-pushed
the
spy/ha-keystore
branch
from
662e326 to
9c10b83
Compare
spypsy
removed request for
IlyasRidhuan,
LHerskind,
LeilaWang,
Maddiaa0,
charlielye,
dbanks12,
fcarreiro,
jeanmon,
just-mitch and
sirasistant
AztecBot
force-pushed
the
spy/ha-keystore
branch
from
d716b2c to
1882379
Compare
AztecBot
force-pushed
the
spy/ha-keystore
branch
from
1882379 to
7e10af7
Compare
Fixes [A-352](https://linear.app/aztec-labs/issue/A-352/add-postgresql-integration-for-recording-signed-duties) [A-353](https://linear.app/aztec-labs/issue/A-353/implement-core-slash-protection-logic) Introduces High-Availability validator signer. The signer uses a Postgres DB that will be used by multiple sequencer nodes, running with the same set of validator keys, in order to ensure that only one payload per duty is signed.
spypsy
force-pushed
the
spy/ha-keystore
branch
from
250ec79 to
b1c57a9
Compare
PhilWindle
reviewed
Jan 9, 2026
| return undefined; | ||
| } | ||
| if (err instanceof SlashingProtectionError) { | ||
| this.log.warn( |
Collaborator
There was a problem hiding this comment.
If we are defining this as normal, it shouldn't be a warning should it? This will scare people.
PhilWindle
reviewed
Jan 9, 2026
| return undefined; | ||
| } | ||
| if (err instanceof SlashingProtectionError) { | ||
| this.log.warn(`Attestations signature for slot ${this.slot} blocked by slashing protection`, { |
PhilWindle
reviewed
Jan 9, 2026
| ? { | ||
| slot: proposal.slotNumber, | ||
| blockNumber, | ||
| blockIndexWithinCheckpoint: -1, // -1 indicates not applicable (attestation, not a block proposal) |
Collaborator
There was a problem hiding this comment.
I'm wondering if this should be optional rather than set to -1 whenevre it's not a block proposal being signed.
Member
Author
There was a problem hiding this comment.
yeah would actually make sense to make it optional in SigningContext and just use -1 at the bottom DB layer
PhilWindle
requested changes
Jan 9, 2026
| this.log.info(`Assembling checkpoint proposal for slot ${header.slotNumber}`); | ||
| return this.createBlockProposal(0 as BlockNumber, header, archive, txs, proposerAddress, options); | ||
| // Derive checkpoint number from the header's slot | ||
| const checkpointNumber = header.slotNumber as unknown as CheckpointNumber; |
Collaborator
There was a problem hiding this comment.
This isn't right. Slot number !== Checkpoint number.
Member
Author
There was a problem hiding this comment.
nope, missed this one. fixing
| public readonly slot: bigint, | ||
| public readonly slot: SlotNumber, | ||
| public readonly dutyType: DutyType, | ||
| public readonly blockIndexWithinCheckpoint: number, |
Collaborator
There was a problem hiding this comment.
I'm wondering if we should make a new branded type.
Member
Author
There was a problem hiding this comment.
might need @spalladino input on this, I know he has more work on checkpoints in progress
Contributor
There was a problem hiding this comment.
I have a TODO for that, heh
Collaborator
Flakey Tests🤖 says: This CI run detected 1 tests that failed, but were tolerated due to a .test_patterns.yml entry. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes A-354
Implements
ExtendedValidatorKeyStoreutilizingValidatorHASigner.Updated interfaces to return
nullwhen the signature isn't acquired & updated handling of signing fornullresults.Also some cleanup on previous HA work like consolidating config