evstack
diff --git a/‎apps/evm/based/cmd/run.go‎
Lines changed: 2 additions & 1 deletion b/‎apps/evm/based/cmd/run.go‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎apps/evm/single/cmd/run.go‎
Lines changed: 2 additions & 1 deletion b/‎apps/evm/single/cmd/run.go‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎apps/testapp/cmd/run.go‎
Lines changed: 2 additions & 1 deletion b/‎apps/testapp/cmd/run.go‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎block/manager.go‎
Lines changed: 73 additions & 58 deletions b/‎block/manager.go‎
Lines changed: 73 additions & 58 deletions
diff --git a/‎block/manager_test.go‎
Lines changed: 5 additions & 4 deletions b/‎block/manager_test.go‎
Lines changed: 5 additions & 4 deletions
diff --git a/‎block/publish_block_p2p_test.go‎
Lines changed: 1 addition & 1 deletion b/‎block/publish_block_p2p_test.go‎
Lines changed: 1 addition & 1 deletion
@@ -10,6 +10,7 @@ import (
 
 	coreda "github.com/rollkit/rollkit/core/da"
 	"github.com/rollkit/rollkit/execution/evm" // Import the evm flags package
+	"github.com/rollkit/rollkit/node"
 
 	"github.com/rollkit/rollkit/da/jsonrpc"
 	rollcmd "github.com/rollkit/rollkit/pkg/cmd"
@@ -172,7 +173,7 @@ func NewExtendedRunNodeCmd(ctx context.Context) *cobra.Command {
 			// StartNode might need adjustment if it strictly requires coreda.Client methods.
 			// For now, assume it can work with coreda.DA or will be adjusted later.
 			// We also need to pass the namespace config for rollDA.
-			return rollcmd.StartNode(logger, cmd, executor, sequencer, rollDA, p2pClient, datastore, nodeConfig, nil)
+			return rollcmd.StartNode(logger, cmd, executor, sequencer, rollDA, p2pClient, datastore, nodeConfig, node.NodeOptions{})
 		},
 	}
 
 
@@ -6,6 +6,7 @@ import (
 	"path/filepath"
 
 	"github.com/rollkit/rollkit/da/jsonrpc"
+	"github.com/rollkit/rollkit/node"
 	"github.com/rollkit/rollkit/sequencers/single"
 
 	"github.com/ethereum/go-ethereum/common"
@@ -77,7 +78,7 @@ var RunCmd = &cobra.Command{
 			return err
 		}
 
-		return rollcmd.StartNode(logger, cmd, executor, sequencer, &daJrpc.DA, p2pClient, datastore, nodeConfig, nil)
+		return rollcmd.StartNode(logger, cmd, executor, sequencer, &daJrpc.DA, p2pClient, datastore, nodeConfig, node.NodeOptions{})
 	},
 }
 
 
@@ -9,6 +9,7 @@ import (
 
 	kvexecutor "github.com/rollkit/rollkit/apps/testapp/kv"
 	"github.com/rollkit/rollkit/da/jsonrpc"
+	"github.com/rollkit/rollkit/node"
 	rollcmd "github.com/rollkit/rollkit/pkg/cmd"
 	"github.com/rollkit/rollkit/pkg/p2p"
 	"github.com/rollkit/rollkit/pkg/p2p/key"
@@ -93,6 +94,6 @@ var RunCmd = &cobra.Command{
 			return err
 		}
 
-		return rollcmd.StartNode(logger, cmd, executor, sequencer, &daJrpc.DA, p2pClient, datastore, nodeConfig, nil)
+		return rollcmd.StartNode(logger, cmd, executor, sequencer, &daJrpc.DA, p2pClient, datastore, nodeConfig, node.NodeOptions{})
 	},
 }
@@ -70,10 +70,6 @@ type MetricsRecorder interface {
 	RecordMetrics(gasPrice float64, blobSize uint64, statusCode coreda.StatusCode, numPendingBlocks uint64, includedBlockHeight uint64)
 }
 
-func defaultSignaturePayloadProvider(header *types.Header) ([]byte, error) {
-	return header.MarshalBinary()
-}
-
 // NewHeaderEvent is used to pass header and DA height to headerInCh
 type NewHeaderEvent struct {
 	Header   *types.SignedHeader
@@ -168,14 +164,14 @@ type Manager struct {
 	// signaturePayloadProvider is used to provide a signature payload for the header.
 	// It is used to sign the header with the provided signer.
 	signaturePayloadProvider types.SignaturePayloadProvider
+
+	// validatorHasherProvider is used to provide the validator hash for the header.
+	// It is used to set the validator hash in the header.
+	validatorHasherProvider types.ValidatorHasherProvider
 }
 
 // getInitialState tries to load lastState from Store, and if it's not available it reads genesis.
-func getInitialState(ctx context.Context, genesis genesis.Genesis, signer signer.Signer, store storepkg.Store, exec coreexecutor.Executor, logger logging.EventLogger, signaturePayloadProvider types.SignaturePayloadProvider) (types.State, error) {
-	if signaturePayloadProvider == nil {
-		signaturePayloadProvider = defaultSignaturePayloadProvider
-	}
-
+func getInitialState(ctx context.Context, genesis genesis.Genesis, signer signer.Signer, store storepkg.Store, exec coreexecutor.Executor, logger logging.EventLogger, managerOpts ManagerOptions) (types.State, error) {
 	// Load the state from store.
 	s, err := store.GetState(ctx)
 
@@ -201,9 +197,12 @@ func getInitialState(ctx context.Context, genesis genesis.Genesis, signer signer
 			},
 		}
 
-		var signature types.Signature
+		var (
+			data      = &types.Data{}
+			signature types.Signature
+			pubKey    crypto.PubKey
+		)
 
-		var pubKey crypto.PubKey
 		// The signer is only provided in aggregator nodes. This enables the creation of a signed genesis header,
 		// which includes a public key and a cryptographic signature for the header.
 		// In a full node (non-aggregator), the signer will be nil, and only an unsigned genesis header will be initialized locally.
@@ -213,11 +212,12 @@ func getInitialState(ctx context.Context, genesis genesis.Genesis, signer signer
 				return types.State{}, fmt.Errorf("failed to get public key: %w", err)
 			}
 
-			b, err := signaturePayloadProvider(&header)
+			bz, err := managerOpts.SignaturePayloadProvider(&header)
 			if err != nil {
 				return types.State{}, fmt.Errorf("failed to get signature payload: %w", err)
 			}
-			signature, err = signer.Sign(b)
+
+			signature, err = signer.Sign(bz)
 			if err != nil {
 				return types.State{}, fmt.Errorf("failed to get header signature: %w", err)
 			}
@@ -232,14 +232,7 @@ func getInitialState(ctx context.Context, genesis genesis.Genesis, signer signer
 			Signature: signature,
 		}
 
-		// Set the same custom verifier used during normal block validation
-		if err := genesisHeader.SetCustomVerifier(func(h *types.Header) ([]byte, error) {
-			return signaturePayloadProvider(h)
-		}); err != nil {
-			return types.State{}, fmt.Errorf("failed to set custom verifier for genesis header: %w", err)
-		}
-
-		err = store.SaveBlockData(ctx, genesisHeader, &types.Data{}, &signature)
+		err = store.SaveBlockData(ctx, genesisHeader, data, &signature)
 		if err != nil {
 			return types.State{}, fmt.Errorf("failed to save genesis block: %w", err)
 		}
@@ -269,6 +262,31 @@ func getInitialState(ctx context.Context, genesis genesis.Genesis, signer signer
 	return s, nil
 }
 
+// ManagerOptions defines the options for creating a new block Manager.
+type ManagerOptions struct {
+	SignaturePayloadProvider types.SignaturePayloadProvider
+	ValidatorHasherProvider  types.ValidatorHasherProvider
+}
+
+func (opts *ManagerOptions) Validate() error {
+	if opts.SignaturePayloadProvider == nil {
+		return fmt.Errorf("signature payload provider cannot be nil")
+	}
+	if opts.ValidatorHasherProvider == nil {
+		return fmt.Errorf("validator hasher provider cannot be nil")
+	}
+
+	return nil
+}
+
+// DefaultManagerOptions returns the default options for creating a new block Manager.
+func DefaultManagerOptions() ManagerOptions {
+	return ManagerOptions{
+		SignaturePayloadProvider: types.DefaultSignaturePayloadProvider,
+		ValidatorHasherProvider:  types.DefaultValidatorHasherProvider,
+	}
+}
+
 // NewManager creates new block Manager.
 func NewManager(
 	ctx context.Context,
@@ -287,13 +305,9 @@ func NewManager(
 	seqMetrics *Metrics,
 	gasPrice float64,
 	gasMultiplier float64,
-	signaturePayloadProvider types.SignaturePayloadProvider,
+	managerOpts ManagerOptions,
 ) (*Manager, error) {
-	if signaturePayloadProvider == nil {
-		signaturePayloadProvider = defaultSignaturePayloadProvider
-	}
-
-	s, err := getInitialState(ctx, genesis, signer, store, exec, logger, signaturePayloadProvider)
+	s, err := getInitialState(ctx, genesis, signer, store, exec, logger, managerOpts)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get initial state: %w", err)
 	}
@@ -384,7 +398,8 @@ func NewManager(
 		gasPrice:                 gasPrice,
 		gasMultiplier:            gasMultiplier,
 		txNotifyCh:               make(chan struct{}, 1), // Non-blocking channel
-		signaturePayloadProvider: signaturePayloadProvider,
+		signaturePayloadProvider: managerOpts.SignaturePayloadProvider,
+		validatorHasherProvider:  managerOpts.ValidatorHasherProvider,
 	}
 
 	// initialize da included height
@@ -659,33 +674,12 @@ func (m *Manager) publishBlockInternal(ctx context.Context) error {
 			return err
 		}
 
-		if err = m.store.SaveBlockData(ctx, header, data, &signature); err != nil {
+		if err = m.store.SaveBlockData(ctx, header, data, &signature); err != nil { // saved early for crash recovery, will be overwritten later with the final signature
 			return fmt.Errorf("failed to save block: %w", err)
 		}
 	}
 
-	signature, err = m.getHeaderSignature(header.Header)
-	if err != nil {
-		return err
-	}
-
-	// set the signature to current block's signed header
-	header.Signature = signature
-
-	// Set the custom verifier to ensure proper signature validation (if not already set by executor)
-	// Note: The executor may have already set a custom verifier during transaction execution
-	if err := header.SetCustomVerifier(func(h *types.Header) ([]byte, error) {
-		return m.signaturePayloadProvider(h)
-	}); err != nil {
-		return fmt.Errorf("failed to set custom verifier: %w", err)
-	}
-
-	if err := header.ValidateBasic(); err != nil {
-		// If this ever happens, for recovery, check for a mismatch between the configured signing key and the proposer address in the genesis file
-		return fmt.Errorf("header validation error: %w", err)
-	}
-
-	newState, err := m.applyBlock(ctx, header, data)
+	newState, err := m.applyBlock(ctx, header.Header, data)
 	if err != nil {
 		return fmt.Errorf("error applying block: %w", err)
 	}
@@ -697,13 +691,24 @@ func (m *Manager) publishBlockInternal(ctx context.Context) error {
 		Time:         header.BaseHeader.Time,
 		LastDataHash: lastDataHash,
 	}
+
+	// we sign the header after executing the block, as a signature payload provider could depend on the block's data
+	signature, err = m.getHeaderSignature(header.Header)
+	if err != nil {
+		return err
+	}
+
+	// set the signature to current block's signed header
+	header.Signature = signature
+
+	// set the custom verifier to ensure proper signature validation
+	header.SetCustomVerifier(m.signaturePayloadProvider)
+
 	// Validate the created block before storing
 	if err := m.Validate(ctx, header, data); err != nil {
 		return fmt.Errorf("failed to validate block: %w", err)
 	}
 
-	headerHeight := header.Height()
-
 	headerHash := header.Hash().String()
 	m.headerCache.SetSeen(headerHash)
 
@@ -714,6 +719,7 @@ func (m *Manager) publishBlockInternal(ctx context.Context) error {
 	}
 
 	// Update the store height before submitting to the DA layer but after committing to the DB
+	headerHeight := header.Height()
 	if err = m.store.SetHeight(ctx, headerHeight); err != nil {
 		return err
 	}
@@ -773,7 +779,7 @@ func (m *Manager) createBlock(ctx context.Context, height uint64, lastSignature
 	return m.execCreateBlock(ctx, height, lastSignature, lastHeaderHash, m.lastState, batchData)
 }
 
-func (m *Manager) applyBlock(ctx context.Context, header *types.SignedHeader, data *types.Data) (types.State, error) {
+func (m *Manager) applyBlock(ctx context.Context, header types.Header, data *types.Data) (types.State, error) {
 	m.lastStateMtx.RLock()
 	defer m.lastStateMtx.RUnlock()
 	return m.execApplyBlock(ctx, m.lastState, header, data)
@@ -845,9 +851,15 @@ func (m *Manager) execCreateBlock(_ context.Context, height uint64, lastSignatur
 		return nil, nil, fmt.Errorf("proposer address is not the same as the genesis proposer address %x != %x", address, m.genesis.ProposerAddress)
 	}
 
-	// Determine if this is an empty block
+	// determine if this is an empty block
 	isEmpty := batchData.Batch == nil || len(batchData.Transactions) == 0
 
+	// build validator hash
+	validatorHash, err := m.validatorHasherProvider(m.genesis.ProposerAddress, key)
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to get validator hash: %w", err)
+	}
+
 	header := &types.SignedHeader{
 		Header: types.Header{
 			Version: types.Version{
@@ -857,13 +869,14 @@ func (m *Manager) execCreateBlock(_ context.Context, height uint64, lastSignatur
 			BaseHeader: types.BaseHeader{
 				ChainID: m.lastState.ChainID,
 				Height:  height,
-				Time:    uint64(batchData.UnixNano()), //nolint:gosec // why is time unix? (tac0turtle)
+				Time:    uint64(batchData.UnixNano()),
 			},
 			LastHeaderHash: lastHeaderHash,
 			// DataHash is set at the end of the function
 			ConsensusHash:   make(types.Hash, 32),
 			AppHash:         m.lastState.AppHash,
 			ProposerAddress: m.genesis.ProposerAddress,
+			ValidatorHash:   validatorHash,
 		},
 		Signature: *lastSignature,
 		Signer: types.Signer{
@@ -891,13 +904,13 @@ func (m *Manager) execCreateBlock(_ context.Context, height uint64, lastSignatur
 	return header, blockData, nil
 }
 
-func (m *Manager) execApplyBlock(ctx context.Context, lastState types.State, header *types.SignedHeader, data *types.Data) (types.State, error) {
+func (m *Manager) execApplyBlock(ctx context.Context, lastState types.State, header types.Header, data *types.Data) (types.State, error) {
 	rawTxs := make([][]byte, len(data.Txs))
 	for i := range data.Txs {
 		rawTxs[i] = data.Txs[i]
 	}
 
-	ctx = context.WithValue(ctx, types.SignedHeaderContextKey, header)
+	ctx = context.WithValue(ctx, types.HeaderContextKey, header)
 	newStateRoot, _, err := m.exec.ExecuteTxs(ctx, rawTxs, header.Height(), header.Time(), lastState.AppHash)
 	if err != nil {
 		return types.State{}, fmt.Errorf("failed to execute transactions: %w", err)
@@ -985,9 +998,11 @@ func (m *Manager) getHeaderSignature(header types.Header) (types.Signature, erro
 	if err != nil {
 		return nil, err
 	}
+
 	if m.signer == nil {
 		return nil, fmt.Errorf("signer is nil; cannot sign header")
 	}
+
 	return m.signer.Sign(b)
 }
 
 
@@ -53,7 +53,8 @@ func getManager(t *testing.T, da da.DA, gasPrice float64, gasMultiplier float64)
 		metrics:                  NopMetrics(),
 		store:                    mockStore,
 		txNotifyCh:               make(chan struct{}, 1),
-		signaturePayloadProvider: defaultSignaturePayloadProvider,
+		signaturePayloadProvider: types.DefaultSignaturePayloadProvider,
+		validatorHasherProvider:  types.DefaultValidatorHasherProvider,
 	}
 
 	m.publishBlock = m.publishBlockInternal
@@ -77,7 +78,7 @@ func TestInitialStateClean(t *testing.T) {
 	mockExecutor.On("InitChain", ctx, genesisData.GenesisDAStartTime, genesisData.InitialHeight, genesisData.ChainID).
 		Return([]byte("mockAppHash"), uint64(1000), nil).Once()
 
-	s, err := getInitialState(ctx, genesisData, nil, emptyStore, mockExecutor, logger, nil /* uses default signature verification */)
+	s, err := getInitialState(ctx, genesisData, nil, emptyStore, mockExecutor, logger, DefaultManagerOptions())
 	require.NoError(err)
 	initialHeight := genesisData.InitialHeight
 	require.Equal(initialHeight-1, s.LastBlockHeight)
@@ -108,7 +109,7 @@ func TestInitialStateStored(t *testing.T) {
 	mockExecutor := mocks.NewMockExecutor(t)
 
 	// getInitialState should not call InitChain if state exists
-	s, err := getInitialState(ctx, genesisData, nil, store, mockExecutor, logger, nil /* uses default signature verification */)
+	s, err := getInitialState(ctx, genesisData, nil, store, mockExecutor, logger, DefaultManagerOptions())
 	require.NoError(err)
 	require.Equal(s.LastBlockHeight, uint64(100))
 	require.Equal(s.InitialHeight, uint64(1))
@@ -143,7 +144,7 @@ func TestInitialStateUnexpectedHigherGenesis(t *testing.T) {
 	require.NoError(err)
 	mockExecutor := mocks.NewMockExecutor(t)
 
-	_, err = getInitialState(ctx, genesis, nil, store, mockExecutor, logger, nil /* uses default signature verification */)
+	_, err = getInitialState(ctx, genesis, nil, store, mockExecutor, logger, DefaultManagerOptions())
 	require.EqualError(err, "genesis.InitialHeight (2) is greater than last stored state's LastBlockHeight (0)")
 
 	// Assert mock expectations (InitChain should not have been called)
 
@@ -217,7 +217,7 @@ func setupBlockManager(t *testing.T, ctx context.Context, workDir string, mainKV
 		NopMetrics(),
 		1.,
 		1.,
-		nil, // using default signature verification
+		DefaultManagerOptions(),
 	)
 	require.NoError(t, err)
 	return result, headerSyncService, dataSyncService
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@ import (`
`6`	`6`	`"path/filepath"`
`7`	`7`
`8`	`8`	`"github.com/rollkit/rollkit/da/jsonrpc"`
	`9`	`+ "github.com/rollkit/rollkit/node"`
`9`	`10`	`"github.com/rollkit/rollkit/sequencers/single"`
`10`	`11`
`11`	`12`	`"github.com/ethereum/go-ethereum/common"`
`@@ -77,7 +78,7 @@ var RunCmd = &cobra.Command{`
`77`	`78`	`return err`
`78`	`79`	`}`
`79`	`80`
`80`		`- return rollcmd.StartNode(logger, cmd, executor, sequencer, &daJrpc.DA, p2pClient, datastore, nodeConfig, nil)`
	`81`	`+ return rollcmd.StartNode(logger, cmd, executor, sequencer, &daJrpc.DA, p2pClient, datastore, nodeConfig, node.NodeOptions{})`
`81`	`82`	`},`
`82`	`83`	`}`
`83`	`84`
Original file line number	Diff line number	Diff line change
`@@ -9,6 +9,7 @@ import (`
`9`	`9`
`10`	`10`	`kvexecutor "github.com/rollkit/rollkit/apps/testapp/kv"`
`11`	`11`	`"github.com/rollkit/rollkit/da/jsonrpc"`
	`12`	`+ "github.com/rollkit/rollkit/node"`
`12`	`13`	`rollcmd "github.com/rollkit/rollkit/pkg/cmd"`
`13`	`14`	`"github.com/rollkit/rollkit/pkg/p2p"`
`14`	`15`	`"github.com/rollkit/rollkit/pkg/p2p/key"`
`@@ -93,6 +94,6 @@ var RunCmd = &cobra.Command{`
`93`	`94`	`return err`
`94`	`95`	`}`
`95`	`96`
`96`		`- return rollcmd.StartNode(logger, cmd, executor, sequencer, &daJrpc.DA, p2pClient, datastore, nodeConfig, nil)`
	`97`	`+ return rollcmd.StartNode(logger, cmd, executor, sequencer, &daJrpc.DA, p2pClient, datastore, nodeConfig, node.NodeOptions{})`
`97`	`98`	`},`
`98`	`99`	`}`
Original file line number	Diff line number	Diff line change
`@@ -217,7 +217,7 @@ func setupBlockManager(t *testing.T, ctx context.Context, workDir string, mainKV`
`217`	`217`	`NopMetrics(),`
`218`	`218`	`1.,`
`219`	`219`	`1.,`
`220`		`- nil, // using default signature verification`
	`220`	`+ DefaultManagerOptions(),`
`221`	`221`	`)`
`222`	`222`	`require.NoError(t, err)`
`223`	`223`	`return result, headerSyncService, dataSyncService`