feat: enable attestation signing with validator key

[MicBun]

Add ValidatorSigner for signing attestation payloads with validator's key. Returns EVM-compatible 65-byte signatures verifiable by smart contracts.

• Thread-safe singleton pattern
• Keccak256 hashing + secp256k1 ECDSA signing
• Initialize from node key file in engineReadyHook
• tests 100% pass

resolves: #1206

Summary by CodeRabbit

• New Features

  • Adds validator signing using the node’s secp256k1 key with Ethereum-compatible keccak256 signatures.
  • Shows the validator address during startup when initialization succeeds.
  • More resilient startup with informative warnings/errors if keys or configuration are missing.

• Tests

  • Adds comprehensive tests for signer lifecycle, signature correctness and recovery, deterministic and concurrent signing, singleton behavior, and readiness-hook scenarios.

[coderabbitai]

Walkthrough

Adds a thread-safe singleton ValidatorSigner for secp256k1 signing, exposes public key/address accessors, provides initialization and test-reset helpers, integrates signer initialization into tn_attestation's engineReadyHook (loading node key), and adds unit tests for signer and engine readiness behaviors.

Changes

Cohort / File(s)	Summary
Signer component extensions/tn_attestation/signer.go	Adds ValidatorSigner (private key + RWMutex), NewValidatorSigner, SignKeccak256, PublicKey, Address, and singleton lifecycle helpers (InitializeValidatorSigner, GetValidatorSigner, ResetValidatorSignerForTesting). Ensures keccak256 hashing and 65-byte R
Signer tests extensions/tn_attestation/signer_test.go	Adds tests for constructor validation, keccak256 signing, deterministic and concurrent signing, EVM-style signature recovery/verification, public key/address accessors, key-type rejection, and singleton behavior.
Engine readiness integration extensions/tn_attestation/tn_attestation.go	Extends engineReadyHook to obtain root dir, build node key path, load node private key, initialize the global ValidatorSigner, and log readiness or errors/warnings accordingly.
Engine readiness tests extensions/tn_attestation/tn_attestation_test.go	Adds TestEngineReadyHook with subtests for nil app/service and missing root dir scenarios, asserting signer initialization state and correct error/warn handling.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Node as Node Startup
  participant Conf as App Config
  participant Key as Key Loader
  participant VS as ValidatorSigner (singleton)
  participant Ext as tn_attestation

  Node->>Ext: engineReadyHook(app, service)
  Ext->>Conf: RootDir()
  alt Root dir available
    Ext->>Key: LoadNodeKey(NodeKeyFilePath(rootDir))
    alt Key loaded
      Ext->>VS: InitializeValidatorSigner(privateKey)
      alt Init ok
        Ext->>VS: GetValidatorSigner()
        VS-->>Ext: signer (address)
        Ext-->>Node: ready (logs validator address)
      else Init error
        Ext-->>Node: error
      end
    else Load error
      Ext-->>Node: warn and return
    end
  else No root dir
    Ext-->>Node: warn and return
  end

Loading

sequenceDiagram
  autonumber
  participant Caller as Attestation Flow
  participant VS as ValidatorSigner
  participant Eth as go-ethereum crypto

  Caller->>VS: SignKeccak256(payload)
  alt Signer initialized and payload non-empty
    VS->>Eth: keccak256(payload)
    Eth-->>VS: hash
    VS->>Eth: Sign(hash)
    Eth-->>VS: 65-byte signature (R||S||V)
    VS-->>Caller: signature
  else Error
    VS-->>Caller: error
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• feat: enable attestation queue for validator signing workflow #1204 — Adjusts tn_attestation initialization/startup and may overlap with signer initialization and engineReadyHook changes.

Suggested reviewers

• outerlook

Poem

I twitch my whiskers, keys in paw,
Keccak winds hum and straw the law,
R-S-V tied neat and slight,
I stamp the chain with moonlit byte.
Hoppity—validator ready! 🐇✨

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Linked Issues Check	⚠️ Warning	The pull request introduces a ValidatorSigner that uses secp256k1 keys and produces 65-byte EVM-compatible signatures, satisfying several objectives of issue [#1206], but it diverges by applying Keccak256 hashing instead of the specified SHA256 over the concatenated fields version|algo|block_height|data_provider|stream_id|action_id|args|result.	Update the implementation to compute a SHA256 hash over the specified concatenated payload fields before signing or adjust issue #1206 to accept Keccak256 hashing.
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title concisely describes the main new feature of enabling attestation signing with the validator’s key and directly reflects the core change implemented in the pull request.
Out of Scope Changes Check	✅ Passed	All changes—including the signer implementation, singleton initialization in engineReadyHook, and associated tests—directly support the validator signing feature defined in the linked issue and do not introduce functionality outside that scope.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch validatorSigning

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 355e3b3 and 310284b.

📒 Files selected for processing (2)

• extensions/tn_attestation/signer.go (1 hunks)
• extensions/tn_attestation/signer_test.go (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• extensions/tn_attestation/signer.go
• extensions/tn_attestation/signer_test.go

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: acceptance-test

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[holdex]

Time Submission Status

Member	Status	Time	Action	Last Update
MicBun	✅ Submitted	4h 30min	Update time	Oct 10, 2025, 1:33 PM
outerlook	✅ Submitted	15min	Update time	Oct 10, 2025, 1:39 PM

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (2)

extensions/tn_attestation/signer_test.go (1)

255-272: Optional: assert V byte is EVM-compatible (27 or 28) to harden the test

Strengthen the EVM compatibility check by validating signature[64] ∈ {27, 28}. This catches accidental normalization to 0/1 that many Solidity ecrecover helpers don’t accept.

Example:

require.Equal(t, 65, len(signature))
v := signature[64]
assert.True(t, v == 27 || v == 28, "V must be 27 or 28, got %d", v)

extensions/tn_attestation/signer.go (1)

45-50: Fix V-byte documentation (geth returns 27/28), keep code as-is

go-ethereum’s crypto.Sign returns [R||S||V] where V is 27 or 28 (not 0/1). Ecrecover expects 27/28 in most Solidity helpers.

Apply:

-// - V: 1 byte (recovery ID, 27 or 28 for legacy compatibility)
+// - V: 1 byte (recovery ID, 27 or 28 for EVM compatibility)
...
-// V is already in the correct format (0 or 1, internally adjusted to 27/28 by ecrecover)
+// V is returned as 27 or 28 by go-ethereum's crypto.Sign and is EVM-compatible.

Also applies to: 71-73

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9c8e016 and 355e3b3.

📒 Files selected for processing (4)

• extensions/tn_attestation/signer.go (1 hunks)
• extensions/tn_attestation/signer_test.go (1 hunks)
• extensions/tn_attestation/tn_attestation.go (2 hunks)
• extensions/tn_attestation/tn_attestation_test.go (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (3)

extensions/tn_attestation/tn_attestation.go (3)

extensions/tn_attestation/constants.go (1)

• ExtensionName (3-3)

extensions/tn_attestation/queue.go (1)

• GetAttestationQueue (115-120)

extensions/tn_attestation/signer.go (2)

• InitializeValidatorSigner (103-109)
• GetValidatorSigner (113-115)

extensions/tn_attestation/tn_attestation_test.go (1)

extensions/tn_attestation/signer.go (2)

• ResetValidatorSignerForTesting (119-122)
• GetValidatorSigner (113-115)

extensions/tn_attestation/signer_test.go (1)

extensions/tn_attestation/signer.go (4)

• NewValidatorSigner (26-43)
• ResetValidatorSignerForTesting (119-122)
• InitializeValidatorSigner (103-109)
• GetValidatorSigner (113-115)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: lint
• GitHub Check: acceptance-test

🔇 Additional comments (1)

extensions/tn_attestation/tn_attestation_test.go (1)

113-121: Integer range loops are supported under Go 1.24.1
go.mod declares go 1.24.1, so for i := range 10, for range 100, and similar loops compile without change.