Settings

Listen websocket on same port, allow direct connections and more helpful logging
Update tag-service.yml (#62 )
2024-10-20 06:41:36 +00:00 · 2024-10-20 06:41:35 +00:00 · 2024-10-17 09:34:35 -04:00 · 2024-10-07 14:19:14 -04:00 · 2024-09-30 13:43:34 -07:00 · 2024-09-10 16:12:10 -04:00
89 changed files with 5263 additions and 129 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -16,6 +16,8 @@ workflows:
          # <regex path-to-test> <parameter-to-set> <value-of-pipeline-parameter>
          mapping: |
            op-conductor-mon/.* run-build-op-conductor-mon true
+            op-signer/.* run-build-op-signer true
+            op-txproxy/.* run-build-op-txproxy true
            op-ufm/.* run-build-op-ufm true
            proxyd/.* run-build-proxyd true
            .circleci/.* run-all true
--- a/.circleci/continue_config.yml
+++ b/.circleci/continue_config.yml
@ -10,6 +10,12 @@ parameters:
  run-build-op-conductor-mon:
    type: boolean
    default: false
+  run-build-op-signer:
+    type: boolean
+    default: false
+  run-build-op-txproxy:
+    type: boolean
+    default: false
  run-build-op-ufm:
    type: boolean
    default: false
@ -76,6 +82,7 @@ jobs:
          command: |
            echo "Configuration Results:"
            echo "run-build-op-conductor-mon: << pipeline.parameters.run-build-op-conductor-mon >>"
+            echo "run-build-op-signer: << pipeline.parameters.run-build-op-signer >>"
            echo "run-build-op-ufm: << pipeline.parameters.run-build-op-ufm >>"
            echo "run-build-proxyd: << pipeline.parameters.run-build-proxyd >>"
            echo "run-all: << pipeline.parameters.run-all >>"
@ -100,6 +107,12 @@ jobs:
              echo "op-conductor-mon tag regex match: false"
            fi

+            if [[ $CURRENT_TAG =~ ^op-signer/v.* ]]; then
+              echo "op-signer tag regex match: true"
+            else
+              echo "op-signer tag regex match: false"
+            fi
+
            if [[ $CURRENT_TAG =~ ^op-ufm/v.* ]]; then
              echo "op-ufm tag regex match: true"
            else
@ -408,6 +421,38 @@ workflows:
          docker_name: op-conductor-mon
          docker_tags: <<pipeline.git.revision>>,<<pipeline.git.branch>>
          docker_context: .
+  op-signer:
+    when:
+      or: [<< pipeline.parameters.run-build-op-signer >>, << pipeline.parameters.run-all >>]
+    jobs:
+      - go-lint:
+          name: op-signer-lint
+          module: op-signer
+      - go-test:
+          name: op-signer-tests
+          module: op-signer
+      - docker-build:
+          name: op-signer-docker-build
+          docker_file: op-signer/Dockerfile
+          docker_name: op-signer
+          docker_tags: <<pipeline.git.revision>>,<<pipeline.git.branch>>
+          docker_context: .
+  op-txproxy:
+    when:
+      or: [<< pipeline.parameters.run-build-op-txproxy >>, << pipeline.parameters.run-all >>]
+    jobs:
+      - go-lint:
+          name: op-txproxy-lint
+          module: op-txproxy
+      - go-test:
+          name: op-txproxy-tests
+          module: op-txproxy
+      - docker-build:
+          name: op-txproxy-docker-build
+          docker_file: op-txproxy/Dockerfile
+          docker_name: op-txproxy
+          docker_tags: <<pipeline.git.revision>>,<<pipeline.git.branch>>
+          docker_context: .
  op-ufm:
    when:
      or: [<< pipeline.parameters.run-build-op-ufm >>, << pipeline.parameters.run-all >>]
@ -455,6 +500,41 @@ workflows:
              only: /^(proxyd|ufm-[a-z0-9\-]*|op-[a-z0-9\-]*)\/v.*/
            branches:
              ignore: /.*/
+      - docker-build:
+          name: op-signer-docker-build
+          filters:
+            tags:
+              only: /^op-signer\/v.*/
+          docker_name: op-signer
+          docker_tags: <<pipeline.git.revision>>
+          docker_context: .
+          docker_file: op-signer/Dockerfile
+          context:
+            - oplabs-gcr-release
+          requires:
+            - hold
+      - docker-publish:
+          name: op-signer-docker-publish
+          filters:
+            tags:
+              only: /^op-signer\/v.*/
+          docker_name: op-signer
+          docker_tags: <<pipeline.git.revision>>
+          context:
+            - oplabs-gcr-release
+          requires:
+            - op-signer-docker-build
+      - docker-tag-op-stack-release:
+          name: op-signer-docker-tag
+          filters:
+            tags:
+              only: /^op-signer\/v.*/
+            branches:
+              ignore: /.*/
+          context:
+            - oplabs-gcr-release
+          requires:
+            - op-signer-docker-publish
      - docker-build:
          name: op-ufm-docker-build
          filters:
@ -470,6 +550,9 @@ workflows:
            - hold
      - docker-publish:
          name: op-ufm-docker-publish
+          filters:
+            tags:
+              only: /^op-ufm\/v.*/
          docker_name: op-ufm
          docker_tags: <<pipeline.git.revision>>
          context:
@ -477,7 +560,7 @@ workflows:
          requires:
            - op-ufm-docker-build
      - docker-tag-op-stack-release:
-          name: docker-tag-op-ufm-release
+          name: op-ufm-docker-tag
          filters:
            tags:
              only: /^op-ufm\/v.*/
@ -501,7 +584,7 @@ workflows:
          requires:
            - hold
      - docker-publish:
-          name: proxyd-docker-release
+          name: proxyd-docker-publish
          filters:
            tags:
              only: /^proxyd\/v.*/
@ -512,7 +595,7 @@ workflows:
          requires:
            - proxyd-docker-build
      - docker-tag-op-stack-release:
-          name: docker-tag-op-stack-release
+          name: proxyd-docker-tag
          filters:
            tags:
              only: /^proxyd\/v.*/
@ -521,7 +604,7 @@ workflows:
          context:
            - oplabs-gcr-release
          requires:
-            - proxyd-docker-release
+            - proxyd-docker-publish
      - docker-build:
          name: op-conductor-mon-docker-build
          filters:
@ -537,6 +620,9 @@ workflows:
            - hold
      - docker-publish:
          name: op-conductor-mon-docker-publish
+          filters:
+            tags:
+              only: /^op-conductor-mon\/v.*/
          docker_name: op-conductor-mon
          docker_tags: <<pipeline.git.revision>>,<<pipeline.git.branch>>
          context:
@ -544,7 +630,7 @@ workflows:
          requires:
            - op-conductor-mon-docker-build
      - docker-tag-op-stack-release:
-          name: docker-tag-op-stack-release
+          name: op-conductor-mon-docker-tag
          filters:
            tags:
              only: /^op-conductor-mon\/v.*/
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@ -1 +1,3 @@
 * @ethereum-optimism/infra-reviewers
+
+/op-txproxy @ethereum-optimism/devxpod
--- a/.github/workflows/tag-service.yml
+++ b/.github/workflows/tag-service.yml
@ -1,5 +1,8 @@
 name: Tag Service

+permissions:
+  contents: write
+
 on:
  workflow_dispatch:
    inputs:
@ -18,7 +21,9 @@ on:
        required: true
        type: choice
        options:
+          - op-signer
          - op-ufm
+          - op-txproxy
          - proxyd
      prerelease:
        description: Increment major/minor/patch as prerelease?
--- a/README.md
+++ b/README.md
@ -4,4 +4,5 @@ This repository is an extension of the [Optimism monorepo](https://github.com/et

 ## Components
 - op-conductor-mon: Monitors multiple op-conductor instances and provides a unified interface for reporting metrics.
+- op-signer: Thin gateway that supports `eth_signTransaction` RPC endpoint to sign ethereum tx payloads using private key stored in KMS
 - op-ufm: User facing monitoring creates transactions at regular intervals and observe transaction propagation across different RPC providers.
--- a/op-conductor-ops/README.md
+++ b/op-conductor-ops/README.md
@ -0,0 +1,51 @@
+# op-conductor-ops
+
+op-conductor-ops is a CLI tool for managing op-conductor sequencer clusters.
+
+**WARNING!!! This tool can cause a network outage if used improperly. Please consult #pod-devinfra before using.**
+
+## Setup
+
+Requires [poetry](https://github.com/python-poetry/poetry).
+
+Install python dependencies with `poetry install`.
+
+Recommended updates to your .bashrc/zshrc:
+
+1. `export PATH="export PATH="<path-to-infra-repo>/op-conductor-ops:$PATH""`
+2. `export CONDUCTOR_CONFIG="<path-to-op-conductor-ops-config.toml>"`
+
+## Usage
+
+After installing dependencies with `poetry`, the tool can be invoked with `./op-conductor-ops`,
+which just calls `poetry run python main.py` and passes on any arguments.
+
+### Example Usage
+
+* Example usage with implicit config file with lookup at ./config.toml
+```./op-conductor-ops status <network-name>```
+
+* Usage with explicit path to config and certificate
+```./op-conductor-ops  -c ./<path>/config.toml --cert ./<path>/cacert.pem  <command> <network-name>```
+
+## Example Configuration File: example.config.toml
+
+This configuration file is used to set up the networks and sequencers for your application.
+
+### Structure
+
+The configuration file is divided into two main sections:
+
+1. **Networks**: This section defines the networks that your application will use. There is an example network configuration (`op-network-1`) and a blank network configuration (`op-network-N`) for you to fill out.
+
+2. **Sequencers**: This section defines the sequencers for each network. Again, there is an example sequencer configuration for `op-network-1` and a blank sequencer configuration for `op-network-N`.
+
+Is is recommended to update the network name and sequencer names for your specifc configuration in the toml object declaration
+
+### Config Usage
+
+1. Copy this file to `config.toml` in your application's root directory.
+2. Modify the example configurations or fill out the blank configurations as needed for your application.
+3. Save the `config.toml` file and use it to configure your application's networks and sequencers.
+
+Remember, the example configurations are provided for your convenience, but you should review and update them to match your specific requirements.
--- a/op-conductor-ops/config.py
+++ b/op-conductor-ops/config.py
@ -0,0 +1,32 @@
+from network import Network
+from sequencer import Sequencer
+import toml
+
+
+def read_config(config_path: str) -> tuple[dict[str, Sequencer], str]:
+    config = toml.load(config_path)
+
+    cert_path = config.get('cert_path', "")
+    # if cert path is relative, pre-pend the config path
+    if not cert_path.startswith('/'):
+        cert_path = f"{config_path.rsplit('/', 1)[0]}/{cert_path}"
+
+    # load sequencers into a map
+    sequencers = {}
+    for name, seq_config in config['sequencers'].items():
+        sequencers[name] = Sequencer(
+            sequencer_id=name,
+            raft_addr=seq_config['raft_addr'],
+            conductor_rpc_url=seq_config['conductor_rpc_url'],
+            node_rpc_url=seq_config['node_rpc_url'],
+            voting=seq_config['voting']
+        )
+
+    # Initialize network, with list of sequencers
+    networks = {}
+    for network_name, network_config in config['networks'].items():
+        network_sequencers = [sequencers[seq_name]
+                              for seq_name in network_config['sequencers']]
+        networks[network_name] = Network(network_name, network_sequencers)
+
+    return networks, cert_path
--- a/op-conductor-ops/example.config.toml
+++ b/op-conductor-ops/example.config.toml
@ -0,0 +1,62 @@
+# Path to the SSL/TLS certificate file
+cert_path = "./cacert.pem"
+
+# Network configurations
+[networks]
+
+# Example network configuration
+[networks.op-network-1]
+sequencers = [
+    "op-network-1-sequencer-0",
+    "op-network-1-sequencer-1",
+    "op-network-1-sequencer-2",
+]
+
+# Blank network configuration
+[networks.op-network-N]
+sequencers = [
+    "op-network-N-sequencer-0",
+    "op-network-N-sequencer-1",
+    "op-network-N-sequencer-2",
+]
+
+# Sequencer configurations
+[sequencers]
+
+# Example sequencer configuration for op-network-1 with three sequencers
+[sequencers.op-network-1-sequencer-0]
+raft_addr = "op-network-1-sequencer-0-op-conductor-raft:50050"
+conductor_rpc_url = "https://op-network-1-sequencer-0-op-conductor"
+node_rpc_url = "https://op-network-1-sequencer-0-op-node"
+voting = true
+
+[sequencers.op-network-1-sequencer-1]
+raft_addr = "op-network-1-sequencer-1-op-conductor-raft.50050"
+conductor_rpc_url = "https://op-network-1-sequencer-1-op-conductor"
+node_rpc_url = "https://op-network-1-sequencer-1-op-node"
+voting = false
+
+[sequencers.op-network-1-sequencer-2]
+raft_addr = "op-network-1-sequencer-2-op-conductor-raft:50050"
+conductor_rpc_url = "https://op-network-1-sequencer-2-op-conductor"
+node_rpc_url = "https://op-network-1-sequencer-2-op-node"
+voting = true
+
+# Blank sequencer configuration for op-network-N with three blank sequencers
+[sequencers.op-network-N-sequencer-0]
+raft_addr = ""
+conductor_rpc_url = ""
+node_rpc_url = ""
+voting = true
+
+[sequencers.op-network-N-sequencer-1]
+raft_addr = ""
+conductor_rpc_url = ""
+node_rpc_url = ""
+voting = true
+
+[sequencers.op-network-N-sequencer-2]
+raft_addr = ""
+conductor_rpc_url = ""
+node_rpc_url = ""
+voting = true
--- a/op-conductor-ops/network.py
+++ b/op-conductor-ops/network.py
@ -0,0 +1,35 @@
+import concurrent.futures
+
+
+class Network:
+    def __init__(self, name, sequencers):
+        self.name = name
+        self.sequencers = sequencers
+
+    def update(self):
+        def _update(sequencer):
+            sequencer.update()
+        with concurrent.futures.ThreadPoolExecutor() as executor:
+            list(executor.map(_update, self.sequencers))
+
+    def get_sequencer_by_id(self, sequencer_id: str):
+        return next(
+            (
+                sequencer
+                for sequencer in self.sequencers
+                if sequencer.sequencer_id == sequencer_id
+            ),
+            None,
+        )
+
+    def find_conductor_leader(self):
+        return next(
+            (sequencer for sequencer in self.sequencers if sequencer.conductor_leader),
+            None,
+        )
+
+    def find_active_sequencer(self):
+        return next(
+            (sequencer for sequencer in self.sequencers if sequencer.sequencer_active),
+            None,
+        )
--- a/op-conductor-ops/op-conductor-ops
+++ b/op-conductor-ops/op-conductor-ops
@ -0,0 +1,7 @@
+#!/bin/sh
+set -e
+
+# cd to the directory of the script
+cd "$(dirname "$0")"
+poetry install --no-interaction --quiet
+poetry run python op-conductor-ops.py "${@}"
--- a/op-conductor-ops/op-conductor-ops.py
+++ b/op-conductor-ops/op-conductor-ops.py
@ -0,0 +1,372 @@
+#!/usr/bin/env python
+
+import os
+import time
+import requests
+from rich.console import Console
+from rich.table import Table
+import typer
+from typing_extensions import Annotated
+
+from config import read_config
+from utils import make_rpc_payload, print_boolean, print_warn, print_error
+
+
+app = typer.Typer(
+    help="CLI for managing OP Conductor sequencers. WARNING: This tool can cause a network outage if used improperly. Please consult #pod-devinfra before using."
+)
+
+console = Console()
+
+
+@app.callback()
+def load_config(
+    cert: Annotated[str, typer.Option(
+        "--cert",
+        help="[Optional] Certificate file path for https. Takes precedece over cert_path config",
+        envvar="CONDUCTOR_CERT",
+    )] = "",
+    config_path: Annotated[str, typer.Option(
+        "--config", "-c",
+        help="Path to config file.",
+        envvar="CONDUCTOR_CONFIG",
+    )] = "./config.toml",
+):
+    networks, config_cert_path = read_config(config_path)
+    global NETWORKS
+    NETWORKS = networks
+
+    # Use the cert path from the command line if provided,
+    # otherwise use the one from the config
+    # Export the certificate for https connections
+    cert_path = cert or config_cert_path
+    if cert_path:
+        os.environ["REQUESTS_CA_BUNDLE"] = cert_path
+        os.environ["SSL_CERT_FILE"] = cert_path
+
+
+def get_network(network: str):
+    if network not in NETWORKS:
+        typer.echo(f"Network must be one of {', '.join(NETWORKS.keys())}")
+        raise typer.Exit(code=1)
+    network_obj = NETWORKS[network]
+    network_obj.update()
+    return network_obj
+
+
+@app.command()
+def status(network: str):
+    """Print the status of all sequencers in a network."""
+    network_obj = get_network(network)
+    sequencers = network_obj.sequencers
+    table = Table(
+        "Sequencer ID",
+        "Conductor Active",
+        "Sequencer Healthy",
+        "Conductor Leader",
+        "Active Sequencer",
+        "Unsafe Number",
+        "Unsafe Hash",
+    )
+    for sequencer in sequencers:
+        table.add_row(
+            sequencer.sequencer_id,
+            print_boolean(sequencer.conductor_active),
+            print_boolean(sequencer.sequencer_healthy),
+            print_boolean(sequencer.conductor_leader),
+            print_boolean(sequencer.sequencer_active),
+            str(sequencer.unsafe_l2_number),
+            str(sequencer.unsafe_l2_hash),
+        )
+    console.print(table)
+
+    leader = network_obj.find_conductor_leader()
+    if leader is None:
+        print_warn(f"Could not find current leader in network {network}")
+    else:
+        display_correction = False
+        membership = {x["id"]: x for x in leader.cluster_membership()}
+        for sequencer in sequencers:
+            if sequencer.sequencer_id in membership:
+                if (
+                    int(not sequencer.voting)
+                    != membership[sequencer.sequencer_id]["suffrage"]
+                ):
+                    print_error(
+                        f": {sequencer.sequencer_id} does not have the correct voting status.")
+                    display_correction = True
+            else:
+                print_warn(
+                    f": {sequencer.sequencer_id} is not in the cluster")
+                display_correction = True
+        if display_correction:
+            print_warn(
+                "Run 'update-cluster-membership' to correct membership issues")
+
+
+@app.command()
+def transfer_leader(network: str, sequencer_id: str):
+    """Transfer leadership to a specific sequencer."""
+    network_obj = get_network(network)
+
+    sequencer = network_obj.get_sequencer_by_id(sequencer_id)
+    if sequencer is None:
+        print_error(
+            f"Sequencer ID {sequencer_id} not found in network {network}")
+        raise typer.Exit(code=1)
+    if sequencer.voting is False:
+        print_error(f"Sequencer {sequencer_id} is not a voter")
+        raise typer.Exit(code=1)
+
+    healthy = sequencer.sequencer_healthy
+    if not healthy:
+        print_error(f"Target sequencer {sequencer_id} is not healthy")
+        raise typer.Exit(code=1)
+
+    leader = network_obj.find_conductor_leader()
+    if leader is None:
+        print_error(f"Could not find current leader in network {network}")
+        raise typer.Exit(code=1)
+
+    resp = requests.post(
+        leader.conductor_rpc_url,
+        json=make_rpc_payload(
+            "conductor_transferLeaderToServer",
+            params=[sequencer.sequencer_id, sequencer.raft_addr],
+        ),
+    )
+    resp.raise_for_status()
+    if "error" in resp.json():
+        print_error(
+            f"Failed to transfer leader to {sequencer_id}: {resp.json()['error']}"
+        )
+        raise typer.Exit(code=1)
+
+    typer.echo(f"Successfully transferred leader to {sequencer_id}")
+
+
+@app.command()
+def pause(network: str, sequencer_id: str = None):
+    """Pause all conductors.
+    If --sequencer-id is provided, only pause conductor for that sequencer.
+    """
+    network_obj = get_network(network)
+    sequencers = network_obj.sequencers
+
+    if sequencer_id is not None:
+        sequencer = network_obj.get_sequencer_by_id(sequencer_id)
+        if sequencer is None:
+            print_error(
+                f"Sequencer ID {sequencer_id} not found in network {network}")
+            raise typer.Exit(code=1)
+        sequencers = [sequencer]
+
+    error = False
+    for sequencer in sequencers:
+        resp = requests.post(
+            sequencer.conductor_rpc_url,
+            json=make_rpc_payload("conductor_pause"),
+        )
+        try:
+            resp.raise_for_status()
+            if "error" in resp.json():
+                raise Exception(resp.json()["error"])
+            typer.echo(f"Successfully paused {sequencer.sequencer_id}")
+        except Exception as e:
+            typer.echo(f"Failed to pause {sequencer.sequencer_id}: {e}")
+    if error:
+        raise typer.Exit(code=1)
+
+
+@app.command()
+def resume(network: str, sequencer_id: str = None):
+    """Resume all conductors.
+    If --sequencer-id is provided, only resume conductor for that sequencer.
+    """
+    network_obj = get_network(network)
+    sequencers = network_obj.sequencers
+
+    if sequencer_id is not None:
+        sequencer = network_obj.get_sequencer_by_id(sequencer_id)
+        if sequencer is None:
+            print_error(
+                f"sequencer ID {sequencer_id} not found in network {network}")
+            raise typer.Exit(code=1)
+        sequencers = [sequencer]
+
+    error = False
+    for sequencer in sequencers:
+        resp = requests.post(
+            sequencer.conductor_rpc_url,
+            json=make_rpc_payload("conductor_resume"),
+        )
+        try:
+            resp.raise_for_status()
+            if "error" in resp.json():
+                raise Exception(resp.json()["error"])
+            typer.echo(f"Successfully resumed {sequencer.sequencer_id}")
+        except Exception as e:
+            print_error(f"Failed to resume {sequencer.sequencer_id}: {e}")
+    if error:
+        raise typer.Exit(code=1)
+
+
+@app.command()
+def override_leader(network: str, sequencer_id: str):
+    """Override the conductor_leader response for a sequencer to True.
+    Note that this does not affect consensus and it should only be used for disaster recovery purposes.
+    """
+    network_obj = get_network(network)
+    sequencer = network_obj.get_sequencer_by_id(sequencer_id)
+    if sequencer is None:
+        print_error(
+            f"sequencer ID {sequencer_id} not found in network {network}")
+        raise typer.Exit(code=1)
+
+    resp = requests.post(
+        sequencer.conductor_rpc_url,
+        json=make_rpc_payload("conductor_overrideLeader"),
+    )
+    resp.raise_for_status()
+    if "error" in resp.json():
+        print_error(
+            f"Failed to override conductor leader status for {sequencer_id}: {resp.json()['error']}"
+        )
+        raise typer.Exit(code=1)
+
+    resp = requests.post(
+        sequencer.node_rpc_url,
+        json=make_rpc_payload("admin_overrideLeader"),
+    )
+    resp.raise_for_status()
+    if "error" in resp.json():
+        print_error(
+            f"Failed to override sequencer leader status for {sequencer_id}: {resp.json()['error']}"
+        )
+        raise typer.Exit(code=1)
+
+    typer.echo(f"Successfully overrode leader for {sequencer_id}")
+
+
+@app.command()
+def remove_server(network: str, sequencer_id: str):
+    """Remove a sequencer from the cluster."""
+    network_obj = get_network(network)
+    sequencer = network_obj.get_sequencer_by_id(sequencer_id)
+    if sequencer is None:
+        print_error(
+            f"sequencer ID {sequencer_id} not found in network {network}")
+        raise typer.Exit(code=1)
+
+    leader = network_obj.find_conductor_leader()
+
+    resp = requests.post(
+        leader.conductor_rpc_url,
+        json=make_rpc_payload("conductor_removeServer",
+                              params=[sequencer_id, 0]),
+    )
+    resp.raise_for_status()
+    if "error" in resp.json():
+        print_error(f"Failed to remove {sequencer_id}: {resp.json()['error']}")
+        raise typer.Exit(code=1)
+
+    typer.echo(f"Successfully removed {sequencer_id}")
+
+
+@app.command()
+def update_cluster_membership(network: str):
+    """Update the cluster membership to match the sequencer configuration."""
+    network_obj = get_network(network)
+
+    sequencers = network_obj.sequencers
+
+    leader = network_obj.find_conductor_leader()
+    if leader is None:
+        print_error(f"Could not find current leader in network {network}")
+        raise typer.Exit(code=1)
+
+    membership = {x["id"]: x for x in leader.cluster_membership()}
+
+    error = False
+    for sequencer in sequencers:
+        if sequencer.sequencer_id in membership:
+            if (
+                int(not sequencer.voting)
+                != membership[sequencer.sequencer_id]["suffrage"]
+            ):
+                typer.echo(
+                    f"Removing {sequencer.sequencer_id} from cluster to update voting status"
+                )
+                remove_server(network, sequencer.sequencer_id)
+        method = (
+            "conductor_addServerAsVoter"
+            if sequencer.voting
+            else "conductor_addServerAsNonvoter"
+        )
+        resp = requests.post(
+            leader.conductor_rpc_url,
+            json=make_rpc_payload(
+                method,
+                params=[sequencer.sequencer_id, sequencer.raft_addr, 0],
+            ),
+        )
+        try:
+            resp.raise_for_status()
+            if "error" in resp.json():
+                raise Exception(resp.json()["error"])
+            typer.echo(
+                f"Successfully added {sequencer.sequencer_id} as {'voter' if sequencer.voting else 'non-voter'}"
+            )
+        except Exception as e:
+            print_warn(f"Failed to add {sequencer.sequencer_id} as voter: {e}")
+    if error:
+        raise typer.Exit(code=1)
+
+
+@app.command()
+def force_active_sequencer(network: str, sequencer_id: str):
+    """Forces a sequencer to become active using stop/start."""
+    network_obj = get_network(network)
+    sequencer = network_obj.get_sequencer_by_id(sequencer_id)
+    if sequencer is None:
+        typer.echo(f"sequencer ID {sequencer_id} not found in network {network}")
+        raise typer.Exit(code=1)
+
+    hash = sequencer.unsafe_l2_hash
+
+    active_sequencer = network_obj.find_active_sequencer()
+    if active_sequencer:
+      typer.echo(f"Stopping {active_sequencer.sequencer_id}")
+      resp = requests.post(
+          active_sequencer.node_rpc_url,
+          json=make_rpc_payload("admin_stopSequencer", params=[]),
+      )
+      resp.raise_for_status()
+      if "error" in resp.json():
+          typer.echo(f"Failed to stop {active_sequencer.sequencer_id}: {resp.json()['error']}")
+          raise typer.Exit(code=1)
+      hash = resp.json()["result"]
+
+    if not hash:
+        typer.echo(f"Failed to get a hash to start sequencer")
+        raise typer.Exit(code=1)
+
+    # sleep for a bit to allow sequencer to catch up
+    time.sleep(1)
+
+    # start sequencer
+    typer.echo(f"Starting {sequencer_id} with hash {hash}")
+    resp = requests.post(
+        sequencer.node_rpc_url,
+        json=make_rpc_payload("admin_startSequencer", params=[hash]),
+    )
+    resp.raise_for_status()
+    if "error" in resp.json():
+        typer.echo(f"Failed to start {sequencer_id}: {resp.json()['error']}")
+        raise typer.Exit(code=1)
+
+    typer.echo(f"Successfully forced {sequencer_id} to become active")
+
+
+if __name__ == "__main__":
+    app()
--- a/op-conductor-ops/poetry.lock
+++ b/op-conductor-ops/poetry.lock
@ -0,0 +1,307 @@
+# This file is automatically @generated by Poetry 1.8.3 and should not be changed by hand.
+
+[[package]]
+name = "certifi"
+version = "2024.7.4"
+description = "Python package for providing Mozilla's CA Bundle."
+optional = false
+python-versions = ">=3.6"
+files = [
+    {file = "certifi-2024.7.4-py3-none-any.whl", hash = "sha256:c198e21b1289c2ab85ee4e67bb4b4ef3ead0892059901a8d5b622f24a1101e90"},
+    {file = "certifi-2024.7.4.tar.gz", hash = "sha256:5a1e7645bc0ec61a09e26c36f6106dd4cf40c6db3a1fb6352b0244e7fb057c7b"},
+]
+
+[[package]]
+name = "charset-normalizer"
+version = "3.3.2"
+description = "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet."
+optional = false
+python-versions = ">=3.7.0"
+files = [
+    {file = "charset-normalizer-3.3.2.tar.gz", hash = "sha256:f30c3cb33b24454a82faecaf01b19c18562b1e89558fb6c56de4d9118a032fd5"},
+    {file = "charset_normalizer-3.3.2-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:25baf083bf6f6b341f4121c2f3c548875ee6f5339300e08be3f2b2ba1721cdd3"},
+    {file = "charset_normalizer-3.3.2-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:06435b539f889b1f6f4ac1758871aae42dc3a8c0e24ac9e60c2384973ad73027"},
+    {file = "charset_normalizer-3.3.2-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:9063e24fdb1e498ab71cb7419e24622516c4a04476b17a2dab57e8baa30d6e03"},
+    {file = "charset_normalizer-3.3.2-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:6897af51655e3691ff853668779c7bad41579facacf5fd7253b0133308cf000d"},
+    {file = "charset_normalizer-3.3.2-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:1d3193f4a680c64b4b6a9115943538edb896edc190f0b222e73761716519268e"},
+    {file = "charset_normalizer-3.3.2-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:cd70574b12bb8a4d2aaa0094515df2463cb429d8536cfb6c7ce983246983e5a6"},
+    {file = "charset_normalizer-3.3.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:8465322196c8b4d7ab6d1e049e4c5cb460d0394da4a27d23cc242fbf0034b6b5"},
+    {file = "charset_normalizer-3.3.2-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:a9a8e9031d613fd2009c182b69c7b2c1ef8239a0efb1df3f7c8da66d5dd3d537"},
+    {file = "charset_normalizer-3.3.2-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:beb58fe5cdb101e3a055192ac291b7a21e3b7ef4f67fa1d74e331a7f2124341c"},
+    {file = "charset_normalizer-3.3.2-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:e06ed3eb3218bc64786f7db41917d4e686cc4856944f53d5bdf83a6884432e12"},
+    {file = "charset_normalizer-3.3.2-cp310-cp310-musllinux_1_1_ppc64le.whl", hash = "sha256:2e81c7b9c8979ce92ed306c249d46894776a909505d8f5a4ba55b14206e3222f"},
+    {file = "charset_normalizer-3.3.2-cp310-cp310-musllinux_1_1_s390x.whl", hash = "sha256:572c3763a264ba47b3cf708a44ce965d98555f618ca42c926a9c1616d8f34269"},
+    {file = "charset_normalizer-3.3.2-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:fd1abc0d89e30cc4e02e4064dc67fcc51bd941eb395c502aac3ec19fab46b519"},
+    {file = "charset_normalizer-3.3.2-cp310-cp310-win32.whl", hash = "sha256:3d47fa203a7bd9c5b6cee4736ee84ca03b8ef23193c0d1ca99b5089f72645c73"},
+    {file = "charset_normalizer-3.3.2-cp310-cp310-win_amd64.whl", hash = "sha256:10955842570876604d404661fbccbc9c7e684caf432c09c715ec38fbae45ae09"},
+    {file = "charset_normalizer-3.3.2-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:802fe99cca7457642125a8a88a084cef28ff0cf9407060f7b93dca5aa25480db"},
+    {file = "charset_normalizer-3.3.2-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:573f6eac48f4769d667c4442081b1794f52919e7edada77495aaed9236d13a96"},
+    {file = "charset_normalizer-3.3.2-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:549a3a73da901d5bc3ce8d24e0600d1fa85524c10287f6004fbab87672bf3e1e"},
+    {file = "charset_normalizer-3.3.2-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f27273b60488abe721a075bcca6d7f3964f9f6f067c8c4c605743023d7d3944f"},
+    {file = "charset_normalizer-3.3.2-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:1ceae2f17a9c33cb48e3263960dc5fc8005351ee19db217e9b1bb15d28c02574"},
+    {file = "charset_normalizer-3.3.2-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:65f6f63034100ead094b8744b3b97965785388f308a64cf8d7c34f2f2e5be0c4"},
+    {file = "charset_normalizer-3.3.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:753f10e867343b4511128c6ed8c82f7bec3bd026875576dfd88483c5c73b2fd8"},
+    {file = "charset_normalizer-3.3.2-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:4a78b2b446bd7c934f5dcedc588903fb2f5eec172f3d29e52a9096a43722adfc"},
+    {file = "charset_normalizer-3.3.2-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:e537484df0d8f426ce2afb2d0f8e1c3d0b114b83f8850e5f2fbea0e797bd82ae"},
+    {file = "charset_normalizer-3.3.2-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:eb6904c354526e758fda7167b33005998fb68c46fbc10e013ca97f21ca5c8887"},
+    {file = "charset_normalizer-3.3.2-cp311-cp311-musllinux_1_1_ppc64le.whl", hash = "sha256:deb6be0ac38ece9ba87dea880e438f25ca3eddfac8b002a2ec3d9183a454e8ae"},
+    {file = "charset_normalizer-3.3.2-cp311-cp311-musllinux_1_1_s390x.whl", hash = "sha256:4ab2fe47fae9e0f9dee8c04187ce5d09f48eabe611be8259444906793ab7cbce"},
+    {file = "charset_normalizer-3.3.2-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:80402cd6ee291dcb72644d6eac93785fe2c8b9cb30893c1af5b8fdd753b9d40f"},
+    {file = "charset_normalizer-3.3.2-cp311-cp311-win32.whl", hash = "sha256:7cd13a2e3ddeed6913a65e66e94b51d80a041145a026c27e6bb76c31a853c6ab"},
+    {file = "charset_normalizer-3.3.2-cp311-cp311-win_amd64.whl", hash = "sha256:663946639d296df6a2bb2aa51b60a2454ca1cb29835324c640dafb5ff2131a77"},
+    {file = "charset_normalizer-3.3.2-cp312-cp312-macosx_10_9_universal2.whl", hash = "sha256:0b2b64d2bb6d3fb9112bafa732def486049e63de9618b5843bcdd081d8144cd8"},
+    {file = "charset_normalizer-3.3.2-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:ddbb2551d7e0102e7252db79ba445cdab71b26640817ab1e3e3648dad515003b"},
+    {file = "charset_normalizer-3.3.2-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:55086ee1064215781fff39a1af09518bc9255b50d6333f2e4c74ca09fac6a8f6"},
+    {file = "charset_normalizer-3.3.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:8f4a014bc36d3c57402e2977dada34f9c12300af536839dc38c0beab8878f38a"},
+    {file = "charset_normalizer-3.3.2-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:a10af20b82360ab00827f916a6058451b723b4e65030c5a18577c8b2de5b3389"},
+    {file = "charset_normalizer-3.3.2-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:8d756e44e94489e49571086ef83b2bb8ce311e730092d2c34ca8f7d925cb20aa"},
+    {file = "charset_normalizer-3.3.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:90d558489962fd4918143277a773316e56c72da56ec7aa3dc3dbbe20fdfed15b"},
+    {file = "charset_normalizer-3.3.2-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:6ac7ffc7ad6d040517be39eb591cac5ff87416c2537df6ba3cba3bae290c0fed"},
+    {file = "charset_normalizer-3.3.2-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:7ed9e526742851e8d5cc9e6cf41427dfc6068d4f5a3bb03659444b4cabf6bc26"},
+    {file = "charset_normalizer-3.3.2-cp312-cp312-musllinux_1_1_i686.whl", hash = "sha256:8bdb58ff7ba23002a4c5808d608e4e6c687175724f54a5dade5fa8c67b604e4d"},
+    {file = "charset_normalizer-3.3.2-cp312-cp312-musllinux_1_1_ppc64le.whl", hash = "sha256:6b3251890fff30ee142c44144871185dbe13b11bab478a88887a639655be1068"},
+    {file = "charset_normalizer-3.3.2-cp312-cp312-musllinux_1_1_s390x.whl", hash = "sha256:b4a23f61ce87adf89be746c8a8974fe1c823c891d8f86eb218bb957c924bb143"},
+    {file = "charset_normalizer-3.3.2-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:efcb3f6676480691518c177e3b465bcddf57cea040302f9f4e6e191af91174d4"},
+    {file = "charset_normalizer-3.3.2-cp312-cp312-win32.whl", hash = "sha256:d965bba47ddeec8cd560687584e88cf699fd28f192ceb452d1d7ee807c5597b7"},
+    {file = "charset_normalizer-3.3.2-cp312-cp312-win_amd64.whl", hash = "sha256:96b02a3dc4381e5494fad39be677abcb5e6634bf7b4fa83a6dd3112607547001"},
+    {file = "charset_normalizer-3.3.2-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:95f2a5796329323b8f0512e09dbb7a1860c46a39da62ecb2324f116fa8fdc85c"},
+    {file = "charset_normalizer-3.3.2-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:c002b4ffc0be611f0d9da932eb0f704fe2602a9a949d1f738e4c34c75b0863d5"},
+    {file = "charset_normalizer-3.3.2-cp37-cp37m-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:a981a536974bbc7a512cf44ed14938cf01030a99e9b3a06dd59578882f06f985"},
+    {file = "charset_normalizer-3.3.2-cp37-cp37m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:3287761bc4ee9e33561a7e058c72ac0938c4f57fe49a09eae428fd88aafe7bb6"},
+    {file = "charset_normalizer-3.3.2-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:42cb296636fcc8b0644486d15c12376cb9fa75443e00fb25de0b8602e64c1714"},
+    {file = "charset_normalizer-3.3.2-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:0a55554a2fa0d408816b3b5cedf0045f4b8e1a6065aec45849de2d6f3f8e9786"},
+    {file = "charset_normalizer-3.3.2-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:c083af607d2515612056a31f0a8d9e0fcb5876b7bfc0abad3ecd275bc4ebc2d5"},
+    {file = "charset_normalizer-3.3.2-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:87d1351268731db79e0f8e745d92493ee2841c974128ef629dc518b937d9194c"},
+    {file = "charset_normalizer-3.3.2-cp37-cp37m-musllinux_1_1_ppc64le.whl", hash = "sha256:bd8f7df7d12c2db9fab40bdd87a7c09b1530128315d047a086fa3ae3435cb3a8"},
+    {file = "charset_normalizer-3.3.2-cp37-cp37m-musllinux_1_1_s390x.whl", hash = "sha256:c180f51afb394e165eafe4ac2936a14bee3eb10debc9d9e4db8958fe36afe711"},
+    {file = "charset_normalizer-3.3.2-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:8c622a5fe39a48f78944a87d4fb8a53ee07344641b0562c540d840748571b811"},
+    {file = "charset_normalizer-3.3.2-cp37-cp37m-win32.whl", hash = "sha256:db364eca23f876da6f9e16c9da0df51aa4f104a972735574842618b8c6d999d4"},
+    {file = "charset_normalizer-3.3.2-cp37-cp37m-win_amd64.whl", hash = "sha256:86216b5cee4b06df986d214f664305142d9c76df9b6512be2738aa72a2048f99"},
+    {file = "charset_normalizer-3.3.2-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:6463effa3186ea09411d50efc7d85360b38d5f09b870c48e4600f63af490e56a"},
+    {file = "charset_normalizer-3.3.2-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:6c4caeef8fa63d06bd437cd4bdcf3ffefe6738fb1b25951440d80dc7df8c03ac"},
+    {file = "charset_normalizer-3.3.2-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:37e55c8e51c236f95b033f6fb391d7d7970ba5fe7ff453dad675e88cf303377a"},
+    {file = "charset_normalizer-3.3.2-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:fb69256e180cb6c8a894fee62b3afebae785babc1ee98b81cdf68bbca1987f33"},
+    {file = "charset_normalizer-3.3.2-cp38-cp38-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:ae5f4161f18c61806f411a13b0310bea87f987c7d2ecdbdaad0e94eb2e404238"},
+    {file = "charset_normalizer-3.3.2-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:b2b0a0c0517616b6869869f8c581d4eb2dd83a4d79e0ebcb7d373ef9956aeb0a"},
+    {file = "charset_normalizer-3.3.2-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:45485e01ff4d3630ec0d9617310448a8702f70e9c01906b0d0118bdf9d124cf2"},
+    {file = "charset_normalizer-3.3.2-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:eb00ed941194665c332bf8e078baf037d6c35d7c4f3102ea2d4f16ca94a26dc8"},
+    {file = "charset_normalizer-3.3.2-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:2127566c664442652f024c837091890cb1942c30937add288223dc895793f898"},
+    {file = "charset_normalizer-3.3.2-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:a50aebfa173e157099939b17f18600f72f84eed3049e743b68ad15bd69b6bf99"},
+    {file = "charset_normalizer-3.3.2-cp38-cp38-musllinux_1_1_ppc64le.whl", hash = "sha256:4d0d1650369165a14e14e1e47b372cfcb31d6ab44e6e33cb2d4e57265290044d"},
+    {file = "charset_normalizer-3.3.2-cp38-cp38-musllinux_1_1_s390x.whl", hash = "sha256:923c0c831b7cfcb071580d3f46c4baf50f174be571576556269530f4bbd79d04"},
+    {file = "charset_normalizer-3.3.2-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:06a81e93cd441c56a9b65d8e1d043daeb97a3d0856d177d5c90ba85acb3db087"},
+    {file = "charset_normalizer-3.3.2-cp38-cp38-win32.whl", hash = "sha256:6ef1d82a3af9d3eecdba2321dc1b3c238245d890843e040e41e470ffa64c3e25"},
+    {file = "charset_normalizer-3.3.2-cp38-cp38-win_amd64.whl", hash = "sha256:eb8821e09e916165e160797a6c17edda0679379a4be5c716c260e836e122f54b"},
+    {file = "charset_normalizer-3.3.2-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:c235ebd9baae02f1b77bcea61bce332cb4331dc3617d254df3323aa01ab47bd4"},
+    {file = "charset_normalizer-3.3.2-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:5b4c145409bef602a690e7cfad0a15a55c13320ff7a3ad7ca59c13bb8ba4d45d"},
+    {file = "charset_normalizer-3.3.2-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:68d1f8a9e9e37c1223b656399be5d6b448dea850bed7d0f87a8311f1ff3dabb0"},
+    {file = "charset_normalizer-3.3.2-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:22afcb9f253dac0696b5a4be4a1c0f8762f8239e21b99680099abd9b2b1b2269"},
+    {file = "charset_normalizer-3.3.2-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:e27ad930a842b4c5eb8ac0016b0a54f5aebbe679340c26101df33424142c143c"},
+    {file = "charset_normalizer-3.3.2-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:1f79682fbe303db92bc2b1136016a38a42e835d932bab5b3b1bfcfbf0640e519"},
+    {file = "charset_normalizer-3.3.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b261ccdec7821281dade748d088bb6e9b69e6d15b30652b74cbbac25e280b796"},
+    {file = "charset_normalizer-3.3.2-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:122c7fa62b130ed55f8f285bfd56d5f4b4a5b503609d181f9ad85e55c89f4185"},
+    {file = "charset_normalizer-3.3.2-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:d0eccceffcb53201b5bfebb52600a5fb483a20b61da9dbc885f8b103cbe7598c"},
+    {file = "charset_normalizer-3.3.2-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:9f96df6923e21816da7e0ad3fd47dd8f94b2a5ce594e00677c0013018b813458"},
+    {file = "charset_normalizer-3.3.2-cp39-cp39-musllinux_1_1_ppc64le.whl", hash = "sha256:7f04c839ed0b6b98b1a7501a002144b76c18fb1c1850c8b98d458ac269e26ed2"},
+    {file = "charset_normalizer-3.3.2-cp39-cp39-musllinux_1_1_s390x.whl", hash = "sha256:34d1c8da1e78d2e001f363791c98a272bb734000fcef47a491c1e3b0505657a8"},
+    {file = "charset_normalizer-3.3.2-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:ff8fa367d09b717b2a17a052544193ad76cd49979c805768879cb63d9ca50561"},
+    {file = "charset_normalizer-3.3.2-cp39-cp39-win32.whl", hash = "sha256:aed38f6e4fb3f5d6bf81bfa990a07806be9d83cf7bacef998ab1a9bd660a581f"},
+    {file = "charset_normalizer-3.3.2-cp39-cp39-win_amd64.whl", hash = "sha256:b01b88d45a6fcb69667cd6d2f7a9aeb4bf53760d7fc536bf679ec94fe9f3ff3d"},
+    {file = "charset_normalizer-3.3.2-py3-none-any.whl", hash = "sha256:3e4d1f6587322d2788836a99c69062fbb091331ec940e02d12d179c1d53e25fc"},
+]
+
+[[package]]
+name = "click"
+version = "8.1.7"
+description = "Composable command line interface toolkit"
+optional = false
+python-versions = ">=3.7"
+files = [
+    {file = "click-8.1.7-py3-none-any.whl", hash = "sha256:ae74fb96c20a0277a1d615f1e4d73c8414f5a98db8b799a7931d1582f3390c28"},
+    {file = "click-8.1.7.tar.gz", hash = "sha256:ca9853ad459e787e2192211578cc907e7594e294c7ccc834310722b41b9ca6de"},
+]
+
+[package.dependencies]
+colorama = {version = "*", markers = "platform_system == \"Windows\""}
+
+[[package]]
+name = "colorama"
+version = "0.4.6"
+description = "Cross-platform colored terminal text."
+optional = false
+python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,!=3.6.*,>=2.7"
+files = [
+    {file = "colorama-0.4.6-py2.py3-none-any.whl", hash = "sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6"},
+    {file = "colorama-0.4.6.tar.gz", hash = "sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44"},
+]
+
+[[package]]
+name = "idna"
+version = "3.7"
+description = "Internationalized Domain Names in Applications (IDNA)"
+optional = false
+python-versions = ">=3.5"
+files = [
+    {file = "idna-3.7-py3-none-any.whl", hash = "sha256:82fee1fc78add43492d3a1898bfa6d8a904cc97d8427f683ed8e798d07761aa0"},
+    {file = "idna-3.7.tar.gz", hash = "sha256:028ff3aadf0609c1fd278d8ea3089299412a7a8b9bd005dd08b9f8285bcb5cfc"},
+]
+
+[[package]]
+name = "markdown-it-py"
+version = "3.0.0"
+description = "Python port of markdown-it. Markdown parsing, done right!"
+optional = false
+python-versions = ">=3.8"
+files = [
+    {file = "markdown-it-py-3.0.0.tar.gz", hash = "sha256:e3f60a94fa066dc52ec76661e37c851cb232d92f9886b15cb560aaada2df8feb"},
+    {file = "markdown_it_py-3.0.0-py3-none-any.whl", hash = "sha256:355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1"},
+]
+
+[package.dependencies]
+mdurl = ">=0.1,<1.0"
+
+[package.extras]
+benchmarking = ["psutil", "pytest", "pytest-benchmark"]
+code-style = ["pre-commit (>=3.0,<4.0)"]
+compare = ["commonmark (>=0.9,<1.0)", "markdown (>=3.4,<4.0)", "mistletoe (>=1.0,<2.0)", "mistune (>=2.0,<3.0)", "panflute (>=2.3,<3.0)"]
+linkify = ["linkify-it-py (>=1,<3)"]
+plugins = ["mdit-py-plugins"]
+profiling = ["gprof2dot"]
+rtd = ["jupyter_sphinx", "mdit-py-plugins", "myst-parser", "pyyaml", "sphinx", "sphinx-copybutton", "sphinx-design", "sphinx_book_theme"]
+testing = ["coverage", "pytest", "pytest-cov", "pytest-regressions"]
+
+[[package]]
+name = "mdurl"
+version = "0.1.2"
+description = "Markdown URL utilities"
+optional = false
+python-versions = ">=3.7"
+files = [
+    {file = "mdurl-0.1.2-py3-none-any.whl", hash = "sha256:84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8"},
+    {file = "mdurl-0.1.2.tar.gz", hash = "sha256:bb413d29f5eea38f31dd4754dd7377d4465116fb207585f97bf925588687c1ba"},
+]
+
+[[package]]
+name = "pygments"
+version = "2.18.0"
+description = "Pygments is a syntax highlighting package written in Python."
+optional = false
+python-versions = ">=3.8"
+files = [
+    {file = "pygments-2.18.0-py3-none-any.whl", hash = "sha256:b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a"},
+    {file = "pygments-2.18.0.tar.gz", hash = "sha256:786ff802f32e91311bff3889f6e9a86e81505fe99f2735bb6d60ae0c5004f199"},
+]
+
+[package.extras]
+windows-terminal = ["colorama (>=0.4.6)"]
+
+[[package]]
+name = "requests"
+version = "2.32.3"
+description = "Python HTTP for Humans."
+optional = false
+python-versions = ">=3.8"
+files = [
+    {file = "requests-2.32.3-py3-none-any.whl", hash = "sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6"},
+    {file = "requests-2.32.3.tar.gz", hash = "sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760"},
+]
+
+[package.dependencies]
+certifi = ">=2017.4.17"
+charset-normalizer = ">=2,<4"
+idna = ">=2.5,<4"
+urllib3 = ">=1.21.1,<3"
+
+[package.extras]
+socks = ["PySocks (>=1.5.6,!=1.5.7)"]
+use-chardet-on-py3 = ["chardet (>=3.0.2,<6)"]
+
+[[package]]
+name = "rich"
+version = "13.7.1"
+description = "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal"
+optional = false
+python-versions = ">=3.7.0"
+files = [
+    {file = "rich-13.7.1-py3-none-any.whl", hash = "sha256:4edbae314f59eb482f54e9e30bf00d33350aaa94f4bfcd4e9e3110e64d0d7222"},
+    {file = "rich-13.7.1.tar.gz", hash = "sha256:9be308cb1fe2f1f57d67ce99e95af38a1e2bc71ad9813b0e247cf7ffbcc3a432"},
+]
+
+[package.dependencies]
+markdown-it-py = ">=2.2.0"
+pygments = ">=2.13.0,<3.0.0"
+
+[package.extras]
+jupyter = ["ipywidgets (>=7.5.1,<9)"]
+
+[[package]]
+name = "shellingham"
+version = "1.5.4"
+description = "Tool to Detect Surrounding Shell"
+optional = false
+python-versions = ">=3.7"
+files = [
+    {file = "shellingham-1.5.4-py2.py3-none-any.whl", hash = "sha256:7ecfff8f2fd72616f7481040475a65b2bf8af90a56c89140852d1120324e8686"},
+    {file = "shellingham-1.5.4.tar.gz", hash = "sha256:8dbca0739d487e5bd35ab3ca4b36e11c4078f3a234bfce294b0a0291363404de"},
+]
+
+[[package]]
+name = "toml"
+version = "0.10.2"
+description = "Python Library for Tom's Obvious, Minimal Language"
+optional = false
+python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*"
+files = [
+    {file = "toml-0.10.2-py2.py3-none-any.whl", hash = "sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"},
+    {file = "toml-0.10.2.tar.gz", hash = "sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f"},
+]
+
+[[package]]
+name = "typer"
+version = "0.12.3"
+description = "Typer, build great CLIs. Easy to code. Based on Python type hints."
+optional = false
+python-versions = ">=3.7"
+files = [
+    {file = "typer-0.12.3-py3-none-any.whl", hash = "sha256:070d7ca53f785acbccba8e7d28b08dcd88f79f1fbda035ade0aecec71ca5c914"},
+    {file = "typer-0.12.3.tar.gz", hash = "sha256:49e73131481d804288ef62598d97a1ceef3058905aa536a1134f90891ba35482"},
+]
+
+[package.dependencies]
+click = ">=8.0.0"
+rich = ">=10.11.0"
+shellingham = ">=1.3.0"
+typing-extensions = ">=3.7.4.3"
+
+[[package]]
+name = "typing-extensions"
+version = "4.12.2"
+description = "Backported and Experimental Type Hints for Python 3.8+"
+optional = false
+python-versions = ">=3.8"
+files = [
+    {file = "typing_extensions-4.12.2-py3-none-any.whl", hash = "sha256:04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d"},
+    {file = "typing_extensions-4.12.2.tar.gz", hash = "sha256:1a7ead55c7e559dd4dee8856e3a88b41225abfe1ce8df57b7c13915fe121ffb8"},
+]
+
+[[package]]
+name = "urllib3"
+version = "2.2.2"
+description = "HTTP library with thread-safe connection pooling, file post, and more."
+optional = false
+python-versions = ">=3.8"
+files = [
+    {file = "urllib3-2.2.2-py3-none-any.whl", hash = "sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472"},
+    {file = "urllib3-2.2.2.tar.gz", hash = "sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168"},
+]
+
+[package.extras]
+brotli = ["brotli (>=1.0.9)", "brotlicffi (>=0.8.0)"]
+h2 = ["h2 (>=4,<5)"]
+socks = ["pysocks (>=1.5.6,!=1.5.7,<2.0)"]
+zstd = ["zstandard (>=0.18.0)"]
+
+[metadata]
+lock-version = "2.0"
+python-versions = "^3.12"
+content-hash = "b56021bf3dca52508e895f8746030fedc8d5d4a7b5e91cd9e25874ed1970f580"
--- a/op-conductor-ops/pyproject.toml
+++ b/op-conductor-ops/pyproject.toml
@ -0,0 +1,17 @@
+[tool.poetry]
+name = "op-conductor-ops"
+description = "CLI tool for managing op-conductor sequencer clusters"
+authors = ["Zach Howard <zach@oplabs.co>"]
+license = "MIT"
+readme = "README.md"
+package-mode = false
+
+[tool.poetry.dependencies]
+python = "^3.12"
+typer = "^0.12.3"
+requests = "^2.31.0"
+toml = "^0.10.2"
+
+[build-system]
+requires = ["poetry-core"]
+build-backend = "poetry.core.masonry.api"
--- a/op-conductor-ops/sequencer.py
+++ b/op-conductor-ops/sequencer.py
@ -0,0 +1,105 @@
+import concurrent.futures
+
+import requests
+import typer
+
+from utils import make_rpc_payload
+
+
+class Sequencer:
+    def __init__(
+        self, sequencer_id, raft_addr, conductor_rpc_url, node_rpc_url, voting
+    ):
+        self.sequencer_id = sequencer_id
+        self.raft_addr = raft_addr
+        self.conductor_rpc_url = conductor_rpc_url
+        self.node_rpc_url = node_rpc_url
+        self.voting = voting
+        self.conductor_active = None
+        self.conductor_leader = None
+        self.sequencer_healthy = None
+        self.sequencer_active = None
+        self.unsafe_l2_hash = None
+        self.unsafe_l2_number = None
+
+    def _get_sequencer_active(self):
+        resp = requests.post(
+            self.node_rpc_url,
+            json=make_rpc_payload("admin_sequencerActive"),
+        )
+        try:
+            resp.raise_for_status()
+        except Exception as e:
+            return None
+        self.sequencer_active = resp.json()["result"]
+
+    def _get_sequencer_healthy(self):
+        resp = requests.post(
+            self.conductor_rpc_url,
+            json=make_rpc_payload("conductor_sequencerHealthy"),
+        )
+        try:
+            resp.raise_for_status()
+        except Exception as e:
+            return None
+        self.sequencer_healthy = resp.json()["result"]
+
+    def _get_conductor_active(self):
+        resp = requests.post(
+            self.conductor_rpc_url,
+            json=make_rpc_payload("conductor_active"),
+        )
+        try:
+            resp.raise_for_status()
+        except Exception as e:
+            return None
+        self.conductor_active = resp.json()["result"]
+
+    def _get_conductor_leader(self):
+        resp = requests.post(
+            self.conductor_rpc_url,
+            json=make_rpc_payload("conductor_leader"),
+        )
+        try:
+            resp.raise_for_status()
+        except Exception as e:
+            return None
+        self.conductor_leader = resp.json()["result"]
+
+    def _get_unsafe_l2(self):
+        resp = requests.post(
+            self.node_rpc_url,
+            json=make_rpc_payload("optimism_syncStatus"),
+        )
+        try:
+            resp.raise_for_status()
+        except Exception as e:
+            return None
+        result = resp.json()["result"]
+        self.unsafe_l2_number = result["unsafe_l2"]["number"]
+        self.unsafe_l2_hash = result["unsafe_l2"]["hash"]
+
+    def cluster_membership(self):
+        resp = requests.post(
+            self.conductor_rpc_url,
+            json=make_rpc_payload("conductor_clusterMembership"),
+        )
+        resp.raise_for_status()
+        return resp.json()["result"]["servers"]
+
+    def update(self):
+        functions = [
+            self._get_conductor_active,
+            self._get_conductor_leader,
+            self._get_sequencer_healthy,
+            self._get_sequencer_active,
+            self._get_unsafe_l2,
+        ]
+        with concurrent.futures.ThreadPoolExecutor() as executor:
+            futures = {executor.submit(func): func for func in functions}
+            for future in concurrent.futures.as_completed(futures):
+                func = futures[future]
+                try:
+                    result = future.result()
+                except Exception as e:
+                    typer.echo(f"{func.__name__} raised an exception: {e}")
--- a/op-conductor-ops/utils.py
+++ b/op-conductor-ops/utils.py
@ -0,0 +1,26 @@
+from rich import print
+
+
+def print_boolean(value):
+    if value is None:
+        return "❓"
+    return "✅" if value else "❌"
+
+
+def make_rpc_payload(method: str, params: list = None):
+    if params is None:
+        params = []
+    return {
+        "id": 1,
+        "jsonrpc": "2.0",
+        "method": method,
+        "params": params,
+    }
+
+
+def print_error(msg: str):
+    print(f"[bold red]ERROR![/bold red] {msg}")
+
+
+def print_warn(msg: str):
+    print(f"[bold yellow]WARNING![/bold yellow] {msg}")
--- a/op-signer/.air.toml
+++ b/op-signer/.air.toml
@ -0,0 +1,37 @@
+root = "."
+testdata_dir = "testdata"
+tmp_dir = "bin"
+
+[build]
+  args_bin = []
+  bin = "./bin/op-signer"
+  cmd = "make build"
+  delay = 1000
+  exclude_dir = ["bin"]
+  exclude_file = []
+  exclude_regex = ["_test.go"]
+  exclude_unchanged = false
+  follow_symlink = false
+  full_bin = ""
+  include_dir = []
+  include_ext = ["go", "tpl", "tmpl", "html"]
+  kill_delay = "0s"
+  log = "build-errors.log"
+  send_interrupt = false
+  stop_on_error = true
+
+[color]
+  app = ""
+  build = "yellow"
+  main = "magenta"
+  runner = "green"
+  watcher = "cyan"
+
+[log]
+  time = false
+
+[misc]
+  clean_on_exit = false
+
+[screen]
+  clear_on_rebuild = false
--- a/op-signer/.envrc
+++ b/op-signer/.envrc
@ -0,0 +1,4 @@
+export OP_SIGNER_LOG_LEVEL=debug
+export OP_SIGNER_LOG_COLOR=true
+export OP_SIGNER_RPC_PORT=8080
+export OP_SIGNER_METRICS_ENABLED=true
--- a/op-signer/.gitignore
+++ b/op-signer/.gitignore
@ -0,0 +1,2 @@
+bin/
+tls/
--- a/op-signer/CHANGELOG.md
+++ b/op-signer/CHANGELOG.md
@ -0,0 +1 @@
+# @eth-optimism/signer
--- a/op-signer/Dockerfile
+++ b/op-signer/Dockerfile
@ -0,0 +1,18 @@
+FROM golang:1.21.3-alpine3.18 as builder
+
+COPY ./op-signer /app
+
+WORKDIR /app
+RUN apk --no-cache add make jq bash git alpine-sdk
+RUN make build
+
+FROM alpine:3.18
+RUN apk --no-cache add ca-certificates
+
+RUN addgroup -S app && adduser -S app -G app
+USER app
+WORKDIR /app
+
+COPY --from=builder /app/bin/op-signer /app
+
+ENTRYPOINT ["/app/op-signer"]
--- a/op-signer/Makefile
+++ b/op-signer/Makefile
@ -0,0 +1,37 @@
+GITCOMMIT := $(shell git rev-parse HEAD)
+GITDATE := $(shell git show -s --format='%ct')
+VERSION := v0.0.0
+
+LDFLAGSSTRING +=-X main.GitCommit=$(GITCOMMIT)
+LDFLAGSSTRING +=-X main.GitDate=$(GITDATE)
+LDFLAGSSTRING +=-X main.Version=$(VERSION)
+LDFLAGS := -ldflags "$(LDFLAGSSTRING)"
+
+all: build
+
+docker:
+	docker build ../ -f Dockerfile -t op-signer:latest
+
+build:
+	env GO111MODULE=on go build -v $(LDFLAGS) -o ./bin/op-signer ./cmd
+
+clean:
+	rm ./bin/op-signer
+
+generate:
+	[ '$(shell mockgen --version)' = 'v1.6.0' ] || go install github.com/golang/mock/mockgen@v1.6.0
+	go generate ./...
+
+test: generate
+	go test -v ./...
+
+lint:
+	golangci-lint run ./...
+
+.PHONY: \
+	build \
+	clean \
+	test \
+	generate \
+	lint \
+	docker
--- a/op-signer/README.md
+++ b/op-signer/README.md
@ -0,0 +1,14 @@
+# @eth-optimism/signer
+
+Signer service and client library
+
+## Setup
+
+Install go1.18
+
+```bash
+make build
+
+source .env.example # (or copy to .envrc if using direnv)
+./bin/signer
+```
--- a/op-signer/app.go
+++ b/op-signer/app.go
@ -0,0 +1,239 @@
+package app
+
+import (
+	"context"
+	"crypto/tls"
+	"crypto/x509"
+	"errors"
+	"fmt"
+	"os"
+	"sync/atomic"
+
+	"github.com/prometheus/client_golang/prometheus"
+	"github.com/urfave/cli/v2"
+
+	"github.com/ethereum/go-ethereum/common/hexutil"
+	"github.com/ethereum/go-ethereum/core/types"
+	"github.com/ethereum/go-ethereum/log"
+
+	"github.com/ethereum-optimism/optimism/op-service/cliapp"
+	"github.com/ethereum-optimism/optimism/op-service/httputil"
+	oplog "github.com/ethereum-optimism/optimism/op-service/log"
+	opmetrics "github.com/ethereum-optimism/optimism/op-service/metrics"
+	"github.com/ethereum-optimism/optimism/op-service/oppprof"
+	oprpc "github.com/ethereum-optimism/optimism/op-service/rpc"
+	"github.com/ethereum-optimism/optimism/op-service/tls/certman"
+
+	"github.com/ethereum-optimism/infra/op-signer/client"
+	"github.com/ethereum-optimism/infra/op-signer/service"
+)
+
+type SignerApp struct {
+	log log.Logger
+
+	version string
+
+	pprofServer   *oppprof.Service
+	metricsServer *httputil.HTTPServer
+	registry      *prometheus.Registry
+
+	signer *service.SignerService
+
+	rpc *oprpc.Server
+
+	stopped atomic.Bool
+}
+
+func InitFromConfig(ctx context.Context, log log.Logger, cfg *Config, version string) (*SignerApp, error) {
+	if err := cfg.Check(); err != nil {
+		return nil, fmt.Errorf("invalid config: %w", err)
+	}
+	app := &SignerApp{log: log, version: version}
+	if err := app.init(cfg); err != nil {
+		return nil, errors.Join(err, app.Stop(ctx)) // clean up the failed init attempt
+	}
+	return app, nil
+}
+
+func (s *SignerApp) init(cfg *Config) error {
+	if err := s.initPprof(cfg); err != nil {
+		return fmt.Errorf("pprof error: %w", err)
+	}
+	if err := s.initMetrics(cfg); err != nil {
+		return fmt.Errorf("metrics error: %w", err)
+	}
+	if err := s.initRPC(cfg); err != nil {
+		return fmt.Errorf("metrics error: %w", err)
+	}
+	return nil
+}
+
+func (s *SignerApp) initPprof(cfg *Config) error {
+	if !cfg.PprofConfig.ListenEnabled {
+		return nil
+	}
+	s.pprofServer = oppprof.New(
+		cfg.PprofConfig.ListenEnabled,
+		cfg.PprofConfig.ListenAddr,
+		cfg.PprofConfig.ListenPort,
+		cfg.PprofConfig.ProfileType,
+		cfg.PprofConfig.ProfileDir,
+		cfg.PprofConfig.ProfileFilename,
+	)
+	s.log.Info("Starting pprof server", "addr", cfg.PprofConfig.ListenAddr, "port", cfg.PprofConfig.ListenPort)
+	if err := s.pprofServer.Start(); err != nil {
+		return fmt.Errorf("failed to start pprof server: %w", err)
+	}
+	return nil
+}
+
+func (s *SignerApp) initMetrics(cfg *Config) error {
+	registry := opmetrics.NewRegistry()
+	registry.MustRegister(service.MetricSignTransactionTotal)
+	s.registry = registry // some things require metrics registry
+
+	if !cfg.MetricsConfig.Enabled {
+		return nil
+	}
+
+	metricsCfg := cfg.MetricsConfig
+	s.log.Info("Starting metrics server", "addr", metricsCfg.ListenAddr, "port", metricsCfg.ListenPort)
+	metricsServer, err := opmetrics.StartServer(registry, metricsCfg.ListenAddr, metricsCfg.ListenPort)
+	if err != nil {
+		return fmt.Errorf("failed to start metrics server: %w", err)
+	}
+	s.log.Info("Started metrics server", "endpoint", metricsServer.Addr())
+	s.metricsServer = metricsServer
+	return nil
+}
+
+func (s *SignerApp) initRPC(cfg *Config) error {
+	caCert, err := os.ReadFile(cfg.TLSConfig.TLSCaCert)
+	if err != nil {
+		return fmt.Errorf("failed to read tls ca cert: %s", string(caCert))
+	}
+	caCertPool := x509.NewCertPool()
+	caCertPool.AppendCertsFromPEM(caCert)
+
+	cm, err := certman.New(s.log, cfg.TLSConfig.TLSCert, cfg.TLSConfig.TLSKey)
+	if err != nil {
+		return fmt.Errorf("failed to read tls cert or key: %w", err)
+	}
+	if err := cm.Watch(); err != nil {
+		return fmt.Errorf("failed to start certman watcher: %w", err)
+	}
+
+	tlsConfig := &tls.Config{
+		GetCertificate: cm.GetCertificate,
+		ClientCAs:      caCertPool,
+		ClientAuth:     tls.VerifyClientCertIfGiven, // necessary for k8s healthz probes, but we check the cert in service/auth.go
+	}
+	serverTlsConfig := &oprpc.ServerTLSConfig{
+		Config:    tlsConfig,
+		CLIConfig: &cfg.TLSConfig,
+	}
+
+	rpcCfg := cfg.RPCConfig
+	s.rpc = oprpc.NewServer(
+		rpcCfg.ListenAddr,
+		rpcCfg.ListenPort,
+		s.version,
+		oprpc.WithLogger(s.log),
+		oprpc.WithTLSConfig(serverTlsConfig),
+		oprpc.WithMiddleware(service.NewAuthMiddleware()),
+		oprpc.WithHTTPRecorder(opmetrics.NewPromHTTPRecorder(s.registry, "signer")),
+	)
+
+	serviceCfg, err := service.ReadConfig(cfg.ServiceConfigPath)
+	if err != nil {
+		return fmt.Errorf("failed to read service config: %w", err)
+	}
+	s.signer = service.NewSignerService(s.log, serviceCfg)
+	s.signer.RegisterAPIs(s.rpc)
+
+	if err := s.rpc.Start(); err != nil {
+		return fmt.Errorf("error starting RPC server: %w", err)
+	}
+	s.log.Info("Started op-signer RPC server", "addr", s.rpc.Endpoint())
+
+	return nil
+}
+
+func (s *SignerApp) Start(ctx context.Context) error {
+	return nil
+}
+
+func (s *SignerApp) Stop(ctx context.Context) error {
+	var result error
+	if s.rpc != nil {
+		if err := s.rpc.Stop(); err != nil {
+			result = errors.Join(result, fmt.Errorf("failed to stop RPC server: %w", err))
+		}
+	}
+	if s.pprofServer != nil {
+		if err := s.pprofServer.Stop(ctx); err != nil {
+			result = errors.Join(result, fmt.Errorf("failed to stop pprof server: %w", err))
+		}
+	}
+	if s.metricsServer != nil {
+		if err := s.metricsServer.Stop(ctx); err != nil {
+			result = errors.Join(result, fmt.Errorf("failed to stop metrics server: %w", err))
+		}
+	}
+	return result
+}
+
+func (s *SignerApp) Stopped() bool {
+	return s.stopped.Load()
+}
+
+var _ cliapp.Lifecycle = (*SignerApp)(nil)
+
+func MainAppAction(version string) cliapp.LifecycleAction {
+	return func(cliCtx *cli.Context, _ context.CancelCauseFunc) (cliapp.Lifecycle, error) {
+		cfg := NewConfig(cliCtx)
+		logger := oplog.NewLogger(cliCtx.App.Writer, cfg.LogConfig)
+		return InitFromConfig(cliCtx.Context, logger, cfg, version)
+	}
+}
+
+func ClientSign(version string) func(cliCtx *cli.Context) error {
+	return func(cliCtx *cli.Context) error {
+		cfg := NewConfig(cliCtx)
+		if err := cfg.Check(); err != nil {
+			return fmt.Errorf("invalid CLI flags: %w", err)
+		}
+
+		l := oplog.NewLogger(os.Stdout, cfg.LogConfig)
+		log.Root().SetHandler(l.GetHandler())
+
+		txarg := cliCtx.Args().First()
+		if txarg == "" {
+			return errors.New("no transaction argument was provided")
+		}
+		txraw, err := hexutil.Decode(txarg)
+		if err != nil {
+			return errors.New("failed to decode transaction argument")
+		}
+
+		client, err := client.NewSignerClient(l, cfg.ClientEndpoint, cfg.TLSConfig)
+		if err != nil {
+			return err
+		}
+
+		tx := &types.Transaction{}
+		if err := tx.UnmarshalBinary(txraw); err != nil {
+			return fmt.Errorf("failed to unmarshal transaction argument: %w", err)
+		}
+
+		tx, err = client.SignTransaction(context.Background(), tx)
+		if err != nil {
+			return err
+		}
+
+		result, _ := tx.MarshalJSON()
+		fmt.Println(string(result))
+
+		return nil
+	}
+}
--- a/op-signer/client/client.go
+++ b/op-signer/client/client.go
@ -0,0 +1,91 @@
+package client
+
+import (
+	"context"
+	"crypto/tls"
+	"crypto/x509"
+	"fmt"
+	"net/http"
+	"os"
+
+	"github.com/ethereum/go-ethereum/common/hexutil"
+	"github.com/ethereum/go-ethereum/core/types"
+	"github.com/ethereum/go-ethereum/log"
+	"github.com/ethereum/go-ethereum/rpc"
+
+	"github.com/ethereum-optimism/optimism/op-service/signer"
+	optls "github.com/ethereum-optimism/optimism/op-service/tls"
+)
+
+type SignerClient struct {
+	client *rpc.Client
+	status string
+	logger log.Logger
+}
+
+func NewSignerClient(logger log.Logger, endpoint string, tlsConfig optls.CLIConfig) (*SignerClient, error) {
+
+	caCert, err := os.ReadFile(tlsConfig.TLSCaCert)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read tls.ca: %w", err)
+	}
+	caCertPool := x509.NewCertPool()
+	caCertPool.AppendCertsFromPEM(caCert)
+
+	cert, err := tls.LoadX509KeyPair(tlsConfig.TLSCert, tlsConfig.TLSKey)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read tls.cert or tls.key: %w", err)
+	}
+
+	httpClient := &http.Client{
+		Transport: &http.Transport{
+			TLSClientConfig: &tls.Config{
+				RootCAs:      caCertPool,
+				Certificates: []tls.Certificate{cert},
+			},
+		},
+	}
+
+	rpcClient, err := rpc.DialOptions(context.Background(), endpoint, rpc.WithHTTPClient(httpClient))
+	if err != nil {
+		return nil, err
+	}
+
+	signerClient := &SignerClient{logger: logger, client: rpcClient}
+	// Check if reachable
+	version, err := signerClient.pingVersion()
+	if err != nil {
+		return nil, err
+	}
+	signerClient.status = fmt.Sprintf("ok [version=%v]", version)
+	return signerClient, nil
+}
+
+func (s *SignerClient) pingVersion() (string, error) {
+	var v string
+	if err := s.client.Call(&v, "health_status"); err != nil {
+		return "", err
+	}
+	return v, nil
+}
+
+func (s *SignerClient) SignTransaction(
+	ctx context.Context,
+	tx *types.Transaction,
+) (*types.Transaction, error) {
+
+	args := signer.NewTransactionArgsFromTransaction(tx.ChainId(), nil, tx)
+
+	var result hexutil.Bytes
+
+	if err := s.client.Call(&result, "eth_signTransaction", args); err != nil {
+		return nil, fmt.Errorf("eth_signTransaction failed: %w", err)
+	}
+
+	signed := &types.Transaction{}
+	if err := signed.UnmarshalBinary(result); err != nil {
+		return nil, err
+	}
+
+	return signed, nil
+}
--- a/op-signer/cmd/main.go
+++ b/op-signer/cmd/main.go
@ -0,0 +1,51 @@
+package main
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/urfave/cli/v2"
+
+	"github.com/ethereum/go-ethereum/log"
+
+	signer "github.com/ethereum-optimism/infra/op-signer"
+	"github.com/ethereum-optimism/optimism/op-service/cliapp"
+	oplog "github.com/ethereum-optimism/optimism/op-service/log"
+)
+
+var (
+	Version   = ""
+	GitCommit = ""
+	GitDate   = ""
+)
+
+func main() {
+	oplog.SetupDefaults()
+
+	app := cli.NewApp()
+	app.Flags = cliapp.ProtectFlags(signer.CLIFlags("OP_SIGNER"))
+	app.Version = fmt.Sprintf("%s-%s-%s", Version, GitCommit, GitDate)
+	app.Name = "op-signer"
+	app.Usage = "OP Signing Service"
+	app.Description = ""
+	app.Commands = []*cli.Command{
+		{
+			Name:  "client",
+			Usage: "test client for signer service",
+			Subcommands: []*cli.Command{
+				{
+					Name:   "sign",
+					Usage:  "sign a transaction",
+					Action: signer.ClientSign(Version),
+					Flags:  cliapp.ProtectFlags(signer.ClientSignCLIFlags("SIGNER")),
+				},
+			},
+		},
+	}
+
+	app.Action = cliapp.LifecycleCmd(signer.MainAppAction(Version))
+	err := app.Run(os.Args)
+	if err != nil {
+		log.Crit("Application failed", "message", err)
+	}
+}
--- a/op-signer/config.go
+++ b/op-signer/config.go
@ -0,0 +1,85 @@
+package app
+
+import (
+	"github.com/urfave/cli/v2"
+
+	opservice "github.com/ethereum-optimism/optimism/op-service"
+	oplog "github.com/ethereum-optimism/optimism/op-service/log"
+	opmetrics "github.com/ethereum-optimism/optimism/op-service/metrics"
+	"github.com/ethereum-optimism/optimism/op-service/oppprof"
+	oprpc "github.com/ethereum-optimism/optimism/op-service/rpc"
+	optls "github.com/ethereum-optimism/optimism/op-service/tls"
+)
+
+const (
+	ServiceConfigPathFlagName = "config"
+	ClientEndpointFlagName    = "endpoint"
+)
+
+func CLIFlags(envPrefix string) []cli.Flag {
+	flags := []cli.Flag{
+		&cli.StringFlag{
+			Name:    ServiceConfigPathFlagName,
+			Usage:   "Signer service configuration file path",
+			Value:   "config.yaml",
+			EnvVars: opservice.PrefixEnvVar(envPrefix, "SERVICE_CONFIG"),
+		},
+	}
+	flags = append(flags, oprpc.CLIFlags(envPrefix)...)
+	flags = append(flags, oplog.CLIFlags(envPrefix)...)
+	flags = append(flags, opmetrics.CLIFlags(envPrefix)...)
+	flags = append(flags, oppprof.CLIFlags(envPrefix)...)
+	flags = append(flags, optls.CLIFlags(envPrefix)...)
+	return flags
+}
+
+func ClientSignCLIFlags(envPrefix string) []cli.Flag {
+	flags := []cli.Flag{
+		&cli.StringFlag{
+			Name:    ClientEndpointFlagName,
+			Usage:   "Signer endpoint the client will connect to",
+			Value:   "http://localhost:8080",
+			EnvVars: opservice.PrefixEnvVar(envPrefix, "CLIENT_ENDPOINT"),
+		},
+	}
+	return flags
+}
+
+type Config struct {
+	ClientEndpoint    string
+	ServiceConfigPath string
+
+	TLSConfig     optls.CLIConfig
+	RPCConfig     oprpc.CLIConfig
+	LogConfig     oplog.CLIConfig
+	MetricsConfig opmetrics.CLIConfig
+	PprofConfig   oppprof.CLIConfig
+}
+
+func (c Config) Check() error {
+	if err := c.RPCConfig.Check(); err != nil {
+		return err
+	}
+	if err := c.MetricsConfig.Check(); err != nil {
+		return err
+	}
+	if err := c.PprofConfig.Check(); err != nil {
+		return err
+	}
+	if err := c.TLSConfig.Check(); err != nil {
+		return err
+	}
+	return nil
+}
+
+func NewConfig(ctx *cli.Context) *Config {
+	return &Config{
+		ClientEndpoint:    ctx.String(ClientEndpointFlagName),
+		ServiceConfigPath: ctx.String(ServiceConfigPathFlagName),
+		TLSConfig:         optls.ReadCLIConfig(ctx),
+		RPCConfig:         oprpc.ReadCLIConfig(ctx),
+		LogConfig:         oplog.ReadCLIConfig(ctx),
+		MetricsConfig:     opmetrics.ReadCLIConfig(ctx),
+		PprofConfig:       oppprof.ReadCLIConfig(ctx),
+	}
+}
--- a/op-signer/config.yaml
+++ b/op-signer/config.yaml
@ -0,0 +1,3 @@
+auth:
+  - name: localhost
+    key: projects/my-gcp-project/locations/my-region/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1
--- a/op-signer/gen-local-tls.sh
+++ b/op-signer/gen-local-tls.sh
@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+TLS_DIR=$SCRIPT_DIR/tls
+
+version=$(openssl version)
+
+if [[ "$version" != "LibreSSL"* ]] && [[ "$version" != "OpenSSL 1.1"* ]]; then
+  echo "openssl version: $version"
+  echo "script only works with LibreSSL (darwin) or OpenSSL 1.1*"
+  exit 1
+fi
+
+echo "Generating mTLS credentials for local development..."
+echo ""
+
+mkdir -p "$TLS_DIR"
+
+if [ ! -f "$TLS_DIR/ca.crt" ]; then
+  echo 'Generating CA'
+  openssl req -newkey rsa:2048 \
+    -new -nodes -x509 \
+    -days 365 \
+    -sha256 \
+    -out "$TLS_DIR/ca.crt" \
+    -keyout "$TLS_DIR/ca.key" \
+    -subj "/O=OP Labs/CN=root"
+fi
+
+echo 'Generating TLS certificate request'
+openssl genrsa -out "$TLS_DIR/tls.key" 2048
+openssl req -new -key "$TLS_DIR/tls.key" \
+  -days 1 \
+  -sha256 \
+  -out "$TLS_DIR/tls.csr" \
+  -keyout "$TLS_DIR/tls.key" \
+  -subj "/O=OP Labs/CN=localhost" \
+  -extensions san \
+  -config <(echo '[req]'; echo 'distinguished_name=req'; \
+            echo '[san]'; echo 'subjectAltName=DNS:localhost')
+
+openssl x509 -req -in "$TLS_DIR/tls.csr" \
+  -sha256 \
+  -CA "$TLS_DIR/ca.crt" \
+  -CAkey "$TLS_DIR/ca.key" \
+  -CAcreateserial \
+  -out "$TLS_DIR/tls.crt" \
+  -days 3 \
+  -extfile <(echo 'subjectAltName=DNS:localhost')
--- a/op-signer/go.mod
+++ b/op-signer/go.mod
@ -0,0 +1,115 @@
+module github.com/ethereum-optimism/infra/op-signer
+
+go 1.21
+
+require (
+	cloud.google.com/go/kms v1.10.1
+	github.com/ethereum-optimism/optimism v1.4.3-0.20240125020216-6a3b1ec12399
+	github.com/ethereum/go-ethereum v1.13.5
+	github.com/golang/mock v1.6.0
+	github.com/googleapis/gax-go v1.0.3
+	github.com/googleapis/gax-go/v2 v2.11.0
+	github.com/holiman/uint256 v1.2.3
+	github.com/prometheus/client_golang v1.18.0
+	github.com/stretchr/testify v1.8.4
+	github.com/urfave/cli/v2 v2.27.1
+	google.golang.org/protobuf v1.33.0
+	gopkg.in/yaml.v3 v3.0.1
+)
+
+require (
+	cloud.google.com/go/compute v1.20.1 // indirect
+	cloud.google.com/go/compute/metadata v0.2.3 // indirect
+	cloud.google.com/go/iam v0.13.0 // indirect
+	github.com/BurntSushi/toml v1.3.2 // indirect
+	github.com/DataDog/zstd v1.5.2 // indirect
+	github.com/Microsoft/go-winio v0.6.1 // indirect
+	github.com/VictoriaMetrics/fastcache v1.12.1 // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/bits-and-blooms/bitset v1.7.0 // indirect
+	github.com/btcsuite/btcd/btcec/v2 v2.2.0 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/cockroachdb/errors v1.11.1 // indirect
+	github.com/cockroachdb/logtags v0.0.0-20230118201751-21c54148d20b // indirect
+	github.com/cockroachdb/pebble v0.0.0-20231018212520-f6cde3fc2fa4 // indirect
+	github.com/cockroachdb/redact v1.1.5 // indirect
+	github.com/cockroachdb/tokenbucket v0.0.0-20230807174530-cc333fc44b06 // indirect
+	github.com/consensys/bavard v0.1.13 // indirect
+	github.com/consensys/gnark-crypto v0.12.1 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
+	github.com/crate-crypto/go-kzg-4844 v0.7.0 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/deckarep/golang-set/v2 v2.1.0 // indirect
+	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
+	github.com/ethereum-optimism/superchain-registry/superchain v0.0.0-20240123193359-a5fc767e225a // indirect
+	github.com/ethereum/c-kzg-4844 v0.4.0 // indirect
+	github.com/fjl/memsize v0.0.1 // indirect
+	github.com/fsnotify/fsnotify v1.7.0 // indirect
+	github.com/getsentry/sentry-go v0.18.0 // indirect
+	github.com/go-ole/go-ole v1.2.6 // indirect
+	github.com/go-stack/stack v1.8.1 // indirect
+	github.com/gofrs/flock v0.8.1 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/golang/snappy v0.0.5-0.20220116011046-fa5810519dcb // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/s2a-go v0.1.4 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
+	github.com/gorilla/websocket v1.5.0 // indirect
+	github.com/hashicorp/go-bexpr v0.1.11 // indirect
+	github.com/huin/goupnp v1.3.0 // indirect
+	github.com/jackpal/go-nat-pmp v1.0.2 // indirect
+	github.com/klauspost/compress v1.17.2 // indirect
+	github.com/kr/pretty v0.3.1 // indirect
+	github.com/kr/text v0.2.0 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-runewidth v0.0.14 // indirect
+	github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/mitchellh/pointerstructure v1.2.1 // indirect
+	github.com/mmcloughlin/addchain v0.4.0 // indirect
+	github.com/olekukonko/tablewriter v0.0.5 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/prometheus/client_model v0.5.0 // indirect
+	github.com/prometheus/common v0.45.0 // indirect
+	github.com/prometheus/procfs v0.12.0 // indirect
+	github.com/rivo/uniseg v0.4.3 // indirect
+	github.com/rogpeppe/go-internal v1.10.0 // indirect
+	github.com/rs/cors v1.9.0 // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/shirou/gopsutil v3.21.11+incompatible // indirect
+	github.com/supranational/blst v0.3.11 // indirect
+	github.com/syndtr/goleveldb v1.0.1-0.20220614013038-64ee5596c38a // indirect
+	github.com/tklauser/go-sysconf v0.3.12 // indirect
+	github.com/tklauser/numcpus v0.6.1 // indirect
+	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
+	github.com/yusufpapurcu/wmi v1.2.2 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	golang.org/x/crypto v0.18.0 // indirect
+	golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
+	golang.org/x/lint v0.0.0-20200302205851-738671d3881b // indirect
+	golang.org/x/mod v0.14.0 // indirect
+	golang.org/x/net v0.19.0 // indirect
+	golang.org/x/oauth2 v0.12.0 // indirect
+	golang.org/x/sync v0.6.0 // indirect
+	golang.org/x/sys v0.16.0 // indirect
+	golang.org/x/term v0.16.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/tools v0.16.1 // indirect
+	google.golang.org/api v0.126.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc // indirect
+	google.golang.org/grpc v1.55.0 // indirect
+	gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect
+	honnef.co/go/tools v0.0.1-2020.1.4 // indirect
+	rsc.io/tmplfunc v0.0.3 // indirect
+)
+
+replace github.com/ethereum/go-ethereum v1.13.5 => github.com/ethereum-optimism/op-geth v1.101305.3-rc.1.0.20240124221225-5c6f10d449ab
--- a/op-signer/go.sum
+++ b/op-signer/go.sum
@ -0,0 +1,496 @@
+cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.110.2 h1:sdFPBr6xG9/wkBbfhmUz/JmZC7X6LavQgcrVINrKiVA=
+cloud.google.com/go v0.110.2/go.mod h1:k04UEeEtb6ZBRTv3dZz4CeJC3jKGxyhl0sAiVVquxiw=
+cloud.google.com/go/compute v1.20.1 h1:6aKEtlUiwEpJzM001l0yFkpXmUVXaN8W+fbkb2AZNbg=
+cloud.google.com/go/compute v1.20.1/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
+cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
+cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
+cloud.google.com/go/iam v0.13.0 h1:+CmB+K0J/33d0zSQ9SlFWUeCCEn5XJA0ZMZ3pHE9u8k=
+cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0=
+cloud.google.com/go/kms v1.10.1 h1:7hm1bRqGCA1GBRQUrp831TwJ9TWhP+tvLuP497CQS2g=
+cloud.google.com/go/kms v1.10.1/go.mod h1:rIWk/TryCkR59GMC3YtHtXeLzd634lBbKenvyySAyYI=
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8=
+github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
+github.com/DataDog/zstd v1.5.2 h1:vUG4lAyuPCXO0TLbXvPv7EB7cNK1QV/luu55UHLrrn8=
+github.com/DataDog/zstd v1.5.2/go.mod h1:g4AWEaM3yOg3HYfnJ3YIawPnVdXJh9QME85blwSAmyw=
+github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
+github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
+github.com/VictoriaMetrics/fastcache v1.12.1 h1:i0mICQuojGDL3KblA7wUNlY5lOK6a4bwt3uRKnkZU40=
+github.com/VictoriaMetrics/fastcache v1.12.1/go.mod h1:tX04vaqcNoQeGLD+ra5pU5sWkuxnzWhEzLwhP9w653o=
+github.com/allegro/bigcache v1.2.1-0.20190218064605-e24eb225f156/go.mod h1:Cb/ax3seSYIx7SuZdm2G2xzfwmv3TPSk2ucNfQESPXM=
+github.com/allegro/bigcache v1.2.1 h1:hg1sY1raCwic3Vnsvje6TT7/pnZba83LeFck5NrFKSc=
+github.com/allegro/bigcache v1.2.1/go.mod h1:Cb/ax3seSYIx7SuZdm2G2xzfwmv3TPSk2ucNfQESPXM=
+github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
+github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
+github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/bits-and-blooms/bitset v1.7.0 h1:YjAGVd3XmtK9ktAbX8Zg2g2PwLIMjGREZJHlV4j7NEo=
+github.com/bits-and-blooms/bitset v1.7.0/go.mod h1:gIdJ4wp64HaoK2YrL1Q5/N7Y16edYb8uY+O0FJTyyDA=
+github.com/btcsuite/btcd v0.24.0 h1:gL3uHE/IaFj6fcZSu03SvqPMSx7s/dPzfpG/atRwWdo=
+github.com/btcsuite/btcd/btcec/v2 v2.2.0 h1:fzn1qaOt32TuLjFlkzYSsBC35Q3KUjT1SwPxiMSCF5k=
+github.com/btcsuite/btcd/btcec/v2 v2.2.0/go.mod h1:U7MHm051Al6XmscBQ0BoNydpOTsFAn707034b5nY8zU=
+github.com/btcsuite/btcd/chaincfg/chainhash v1.1.0 h1:59Kx4K6lzOW5w6nFlA0v5+lk/6sjybR934QNHSJZPTQ=
+github.com/btcsuite/btcd/chaincfg/chainhash v1.1.0/go.mod h1:7SFka0XMvUgj3hfZtydOrQY2mwhPclbT2snogU7SQQc=
+github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/cespare/cp v0.1.0 h1:SE+dxFebS7Iik5LK0tsi1k9ZCxEaFX4AjQmoyA+1dJk=
+github.com/cespare/cp v0.1.0/go.mod h1:SOGHArjBr4JWaSDEVpWpo/hNg6RoKrls6Oh40hiwW+s=
+github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
+github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
+github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
+github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
+github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cockroachdb/datadriven v1.0.3-0.20230413201302-be42291fc80f h1:otljaYPt5hWxV3MUfO5dFPFiOXg9CyG5/kCfayTqsJ4=
+github.com/cockroachdb/datadriven v1.0.3-0.20230413201302-be42291fc80f/go.mod h1:a9RdTaap04u637JoCzcUoIcDmvwSUtcUFtT/C3kJlTU=
+github.com/cockroachdb/errors v1.11.1 h1:xSEW75zKaKCWzR3OfxXUxgrk/NtT4G1MiOv5lWZazG8=
+github.com/cockroachdb/errors v1.11.1/go.mod h1:8MUxA3Gi6b25tYlFEBGLf+D8aISL+M4MIpiWMSNRfxw=
+github.com/cockroachdb/logtags v0.0.0-20230118201751-21c54148d20b h1:r6VH0faHjZeQy818SGhaone5OnYfxFR/+AzdY3sf5aE=
+github.com/cockroachdb/logtags v0.0.0-20230118201751-21c54148d20b/go.mod h1:Vz9DsVWQQhf3vs21MhPMZpMGSht7O/2vFW2xusFUVOs=
+github.com/cockroachdb/pebble v0.0.0-20231018212520-f6cde3fc2fa4 h1:PuHFhOUMnD62r80dN+Ik5qco2drekgsUSVdcHsvllec=
+github.com/cockroachdb/pebble v0.0.0-20231018212520-f6cde3fc2fa4/go.mod h1:sEHm5NOXxyiAoKWhoFxT8xMgd/f3RA6qUqQ1BXKrh2E=
+github.com/cockroachdb/redact v1.1.5 h1:u1PMllDkdFfPWaNGMyLD1+so+aq3uUItthCFqzwPJ30=
+github.com/cockroachdb/redact v1.1.5/go.mod h1:BVNblN9mBWFyMyqK1k3AAiSxhvhfK2oOZZ2lK+dpvRg=
+github.com/cockroachdb/tokenbucket v0.0.0-20230807174530-cc333fc44b06 h1:zuQyyAKVxetITBuuhv3BI9cMrmStnpT18zmgmTxunpo=
+github.com/cockroachdb/tokenbucket v0.0.0-20230807174530-cc333fc44b06/go.mod h1:7nc4anLGjupUW/PeY5qiNYsdNXj7zopG+eqsS7To5IQ=
+github.com/consensys/bavard v0.1.13 h1:oLhMLOFGTLdlda/kma4VOJazblc7IM5y5QPd2A/YjhQ=
+github.com/consensys/bavard v0.1.13/go.mod h1:9ItSMtA/dXMAiL7BG6bqW2m3NdSEObYWoH223nGHukI=
+github.com/consensys/gnark-crypto v0.12.1 h1:lHH39WuuFgVHONRl3J0LRBtuYdQTumFSDtJF7HpyG8M=
+github.com/consensys/gnark-crypto v0.12.1/go.mod h1:v2Gy7L/4ZRosZ7Ivs+9SfUDr0f5UlG+EM5t7MPHiLuY=
+github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
+github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/crate-crypto/go-kzg-4844 v0.7.0 h1:C0vgZRk4q4EZ/JgPfzuSoxdCq3C3mOZMBShovmncxvA=
+github.com/crate-crypto/go-kzg-4844 v0.7.0/go.mod h1:1kMhvPgI0Ky3yIa+9lFySEBUBXkYxeOi8ZF1sYioxhc=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/deckarep/golang-set/v2 v2.1.0 h1:g47V4Or+DUdzbs8FxCCmgb6VYd+ptPAngjM6dtGktsI=
+github.com/deckarep/golang-set/v2 v2.1.0/go.mod h1:VAky9rY/yGXJOLEDv3OMci+7wtDpOF4IN+y82NBOac4=
+github.com/decred/dcrd/crypto/blake256 v1.0.1 h1:7PltbUIQB7u/FfZ39+DGa/ShuMyJ5ilcvdfma9wOH6Y=
+github.com/decred/dcrd/crypto/blake256 v1.0.1/go.mod h1:2OfgNZ5wDpcsFmHmCK5gZTPcCXqlm2ArzUIkw9czNJo=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 h1:8UrgZ3GkP4i/CLijOJx79Yu+etlyjdBU4sfcs2WYQMs=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
+github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
+github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
+github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/ethereum-optimism/op-geth v1.101305.3-rc.1.0.20240124221225-5c6f10d449ab h1:SpoQiEG5mteZnaPCo5Pm5QrberdODUefwLjdAtL9LAE=
+github.com/ethereum-optimism/op-geth v1.101305.3-rc.1.0.20240124221225-5c6f10d449ab/go.mod h1:/0cPafbmmt3JR0yiuoBJWTRCx8briXUd/mtXr+GJ3Zw=
+github.com/ethereum-optimism/optimism v1.4.3-0.20240125020216-6a3b1ec12399 h1:b3I8SKmsLaAJn4TzGpKLzCGBIRsB82f1B7trMZk2+qU=
+github.com/ethereum-optimism/optimism v1.4.3-0.20240125020216-6a3b1ec12399/go.mod h1:VGQGQ38ORldOlb3ifKYacmaCLQuVToCj3jax7RjeXys=
+github.com/ethereum-optimism/superchain-registry/superchain v0.0.0-20240123193359-a5fc767e225a h1:mWIRpGyrAlWHUznUHKgAJUafkNGfO7VmeLjilhVhB80=
+github.com/ethereum-optimism/superchain-registry/superchain v0.0.0-20240123193359-a5fc767e225a/go.mod h1:/70H/KqrtKcvWvNGVj6S3rAcLC+kUPr3t2aDmYIS+Xk=
+github.com/ethereum/c-kzg-4844 v0.4.0 h1:3MS1s4JtA868KpJxroZoepdV0ZKBp3u/O5HcZ7R3nlY=
+github.com/ethereum/c-kzg-4844 v0.4.0/go.mod h1:VewdlzQmpT5QSrVhbBuGoCdFJkpaJlO1aQputP83wc0=
+github.com/fjl/memsize v0.0.1 h1:+zhkb+dhUgx0/e+M8sF0QqiouvMQUiKR+QYvdxIOKcQ=
+github.com/fjl/memsize v0.0.1/go.mod h1:VvhXpOYNQvB+uIk2RvXzuaQtkQJzzIx6lSBe1xv7hi0=
+github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
+github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU=
+github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
+github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
+github.com/gballet/go-libpcsclite v0.0.0-20191108122812-4678299bea08 h1:f6D9Hr8xV8uYKlyuj8XIruxlh9WjVjdh1gIicAS7ays=
+github.com/gballet/go-libpcsclite v0.0.0-20191108122812-4678299bea08/go.mod h1:x7DCsMOv1taUwEWCzT4cmDeAkigA5/QCwUodaVOe8Ww=
+github.com/getsentry/sentry-go v0.18.0 h1:MtBW5H9QgdcJabtZcuJG80BMOwaBpkRDZkxRkNC1sN0=
+github.com/getsentry/sentry-go v0.18.0/go.mod h1:Kgon4Mby+FJ7ZWHFUAZgVaIa8sxHtnRJRLTXZr51aKQ=
+github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
+github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
+github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY=
+github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
+github.com/go-stack/stack v1.8.1 h1:ntEHSVwIt7PNXNpgPmVfMrNhLtgjlmnZha2kOpuRiDw=
+github.com/go-stack/stack v1.8.1/go.mod h1:dcoOX6HbPZSZptuspn9bctJ+N/CnF5gGygcUP3XYfe4=
+github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
+github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw=
+github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
+github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
+github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
+github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
+github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
+github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
+github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/golang/snappy v0.0.5-0.20220116011046-fa5810519dcb h1:PBC98N2aIaM3XXiurYmW7fx4GZkL8feAMVq7nEjURHk=
+github.com/golang/snappy v0.0.5-0.20220116011046-fa5810519dcb/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/s2a-go v0.1.4 h1:1kZ/sQM3srePvKs3tXAvQzo66XfcReoqFpIpIccE7Oc=
+github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
+github.com/google/subcommands v1.2.0/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk=
+github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/enterprise-certificate-proxy v0.2.3 h1:yk9/cqRKtT9wXZSsRH9aurXEpJX+U6FLtpYTdC3R06k=
+github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k=
+github.com/googleapis/gax-go v1.0.3 h1:9dMLqhaibYONnDRcnHdUs9P8Mw64jLlZTYlDe3leBtQ=
+github.com/googleapis/gax-go v1.0.3/go.mod h1:QyXYajJFdARxGzjwUfbDFIse7Spkw81SJ4LrBJXtlQ8=
+github.com/googleapis/gax-go/v2 v2.0.2/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg=
+github.com/googleapis/gax-go/v2 v2.11.0 h1:9V9PWXEsWnPpQhu/PeQIkS4eGzMlTLGgt80cUUI8Ki4=
+github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5iydzRfb3peWZJI=
+github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
+github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
+github.com/hashicorp/go-bexpr v0.1.11 h1:6DqdA/KBjurGby9yTY0bmkathya0lfwF2SeuubCI7dY=
+github.com/hashicorp/go-bexpr v0.1.11/go.mod h1:f03lAo0duBlDIUMGCuad8oLcgejw4m7U+N8T+6Kz1AE=
+github.com/holiman/billy v0.0.0-20230718173358-1c7e68d277a7 h1:3JQNjnMRil1yD0IfZKHF9GxxWKDJGj8I0IqOUol//sw=
+github.com/holiman/billy v0.0.0-20230718173358-1c7e68d277a7/go.mod h1:5GuXa7vkL8u9FkFuWdVvfR5ix8hRB7DbOAaYULamFpc=
+github.com/holiman/bloomfilter/v2 v2.0.3 h1:73e0e/V0tCydx14a0SCYS/EWCxgwLZ18CZcZKVu0fao=
+github.com/holiman/bloomfilter/v2 v2.0.3/go.mod h1:zpoh+gs7qcpqrHr3dB55AMiJwo0iURXE7ZOP9L9hSkA=
+github.com/holiman/uint256 v1.2.3 h1:K8UWO1HUJpRMXBxbmaY1Y8IAMZC/RsKB+ArEnnK4l5o=
+github.com/holiman/uint256 v1.2.3/go.mod h1:SC8Ryt4n+UBbPbIBKaG9zbbDlp4jOru9xFZmPzLUTxw=
+github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
+github.com/huin/goupnp v1.3.0 h1:UvLUlWDNpoUdYzb2TCn+MuTWtcjXKSza2n6CBdQ0xXc=
+github.com/huin/goupnp v1.3.0/go.mod h1:gnGPsThkYa7bFi/KWmEysQRf48l2dvR5bxr2OFckNX8=
+github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/jackpal/go-nat-pmp v1.0.2 h1:KzKSgb7qkJvOUTqYl9/Hg/me3pWgBmERKrTGD7BdWus=
+github.com/jackpal/go-nat-pmp v1.0.2/go.mod h1:QPH045xvCAeXUZOxsnwmrtiCoxIr9eob+4orBN1SBKc=
+github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/compress v1.17.2 h1:RlWWUY/Dr4fL8qk9YG7DTZ7PDgME2V4csBXA8L/ixi4=
+github.com/klauspost/compress v1.17.2/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
+github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
+github.com/leanovate/gopter v0.2.9 h1:fQjYxZaynp97ozCzfOyOuAGOU4aU/z37zf/tOujFk7c=
+github.com/leanovate/gopter v0.2.9/go.mod h1:U2L/78B+KVFIx2VmW6onHJQzXtFb+p5y3y2Sh+Jxxv8=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
+github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
+github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU=
+github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg=
+github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k=
+github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
+github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/mitchellh/pointerstructure v1.2.1 h1:ZhBBeX8tSlRpu/FFhXH4RC4OJzFlqsQhoHZAz4x7TIw=
+github.com/mitchellh/pointerstructure v1.2.1/go.mod h1:BRAsLI5zgXmw97Lf6s25bs8ohIXc3tViBH44KcwB2g4=
+github.com/mmcloughlin/addchain v0.4.0 h1:SobOdjm2xLj1KkXN5/n0xTIWyZA2+s99UCY1iPfkHRY=
+github.com/mmcloughlin/addchain v0.4.0/go.mod h1:A86O+tHqZLMNO4w6ZZ4FlVQEadcoqkyU72HC5wJ4RlU=
+github.com/mmcloughlin/profile v0.1.1/go.mod h1:IhHD7q1ooxgwTgjxQYkACGA77oFTDdFVejUS1/tS/qU=
+github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
+github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
+github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
+github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
+github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
+github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
+github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
+github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
+github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
+github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
+github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
+github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
+github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
+github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro=
+github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo=
+github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0=
+github.com/pingcap/errors v0.11.4 h1:lFuQV/oaUMGcD2tqt+01ROSmJs75VG1ToEOkZIZ4nE4=
+github.com/pingcap/errors v0.11.4/go.mod h1:Oi8TUi2kEtXXLMJk9l1cGmz20kV3TaQ0usTwv5KuLY8=
+github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk=
+github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA=
+github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw=
+github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
+github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM=
+github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY=
+github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
+github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
+github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
+github.com/rivo/uniseg v0.4.3 h1:utMvzDsuh3suAEnhH0RdHmoPbU648o6CvXxTx4SBMOw=
+github.com/rivo/uniseg v0.4.3/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
+github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
+github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
+github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
+github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
+github.com/rs/cors v1.9.0 h1:l9HGsTsHJcvW14Nk7J9KFz8bzeAWXn3CG6bgt7LsrAE=
+github.com/rs/cors v1.9.0/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
+github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/shirou/gopsutil v3.21.11+incompatible h1:+1+c1VGhc88SSonWP6foOcLhvnKlUeu/erjjvaPEYiI=
+github.com/shirou/gopsutil v3.21.11+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
+github.com/status-im/keycard-go v0.2.0 h1:QDLFswOQu1r5jsycloeQh3bVU8n/NatHHaZobtDnDzA=
+github.com/status-im/keycard-go v0.2.0/go.mod h1:wlp8ZLbsmrF6g6WjugPAx+IzoLrkdf9+mHxBEeo3Hbg=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/supranational/blst v0.3.11 h1:LyU6FolezeWAhvQk0k6O/d49jqgO52MSDDfYgbeoEm4=
+github.com/supranational/blst v0.3.11/go.mod h1:jZJtfjgudtNl4en1tzwPIV3KjUnQUvG3/j+w+fVonLw=
+github.com/syndtr/goleveldb v1.0.1-0.20220614013038-64ee5596c38a h1:1ur3QoCqvE5fl+nylMaIr9PVV1w343YRDtsy+Rwu7XI=
+github.com/syndtr/goleveldb v1.0.1-0.20220614013038-64ee5596c38a/go.mod h1:RRCYJbIwD5jmqPI9XoAFR0OcDxqUctll6zUj/+B4S48=
+github.com/tklauser/go-sysconf v0.3.12 h1:0QaGUFOdQaIVdPgfITYzaTegZvdCjmYO52cSFAEVmqU=
+github.com/tklauser/go-sysconf v0.3.12/go.mod h1:Ho14jnntGE1fpdOqQEEaiKRpvIavV0hSfmBq8nJbHYI=
+github.com/tklauser/numcpus v0.6.1 h1:ng9scYS7az0Bk4OZLvrNXNSAO2Pxr1XXRAPyjhIx+Fk=
+github.com/tklauser/numcpus v0.6.1/go.mod h1:1XfjsgE2zo8GVw7POkMbHENHzVg3GzmoZ9fESEdAacY=
+github.com/tyler-smith/go-bip39 v1.1.0 h1:5eUemwrMargf3BSLRRCalXT93Ns6pQJIjYQN2nyfOP8=
+github.com/tyler-smith/go-bip39 v1.1.0/go.mod h1:gUYDtqQw1JS3ZJ8UWVcGTGqqr6YIN3CWg+kkNaLt55U=
+github.com/urfave/cli/v2 v2.27.1 h1:8xSQ6szndafKVRmfyeUMxkNUJQMjL1F2zmsZ+qHpfho=
+github.com/urfave/cli/v2 v2.27.1/go.mod h1:8qnjx1vcq5s2/wpsqoZFndg2CE5tNFyrTvS6SinrnYQ=
+github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=
+github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+github.com/yusufpapurcu/wmi v1.2.2 h1:KBNDSne4vP5mbSWnJbO+51IMOXJB67QiYCSBrubbPRg=
+github.com/yusufpapurcu/wmi v1.2.2/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
+go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
+go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
+go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
+golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
+golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190221220918-438050ddec5e/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
+golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20200302205851-738671d3881b h1:Wh+f8QHJXR411sJR8/vRBTZ7YapZaRvUcLFFJhusH0k=
+golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
+golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0=
+golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
+golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c=
+golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.12.0 h1:smVPGxink+n1ZI5pkQa8y6fZT0RW0MgCO5bFpepy4B4=
+golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
+golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
+golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE=
+golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
+golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
+golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA=
+golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
+google.golang.org/api v0.126.0 h1:q4GJq+cAdMAC7XP7njvQ4tvohGLiSlytuL4BQxbIZ+o=
+google.golang.org/api v0.126.0/go.mod h1:mBwVAtz+87bEN6CbA1GtZPDOqY2R5ONPqJeIlvyo4Aw=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
+google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
+google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc h1:8DyZCyvI8mE1IdLy/60bS+52xfymkE72wv1asokgtao=
+google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:xZnkP7mREFX5MORlOPEzLMr+90PPZQ2QWzrVTWfAq64=
+google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc h1:kVKPf/IiYSBWEWtkIn6wZXwWGCnLKcC8oWfZvXjsGnM=
+google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc h1:XSJ8Vk1SWuNr8S18z1NZSziL0CPIXLCCMDOEFtHBOFc=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA=
+google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
+google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
+google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
+google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
+google.golang.org/grpc v1.55.0 h1:3Oj82/tFSCeUrRTg/5E/7d/W5A1tj6Ky1ABAuZuv5ag=
+google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
+google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
+gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8=
+gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.1-2020.1.4 h1:UoveltGrhghAA7ePc+e+QYDHXrBps2PqFZiHkGR/xK8=
+honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+rsc.io/tmplfunc v0.0.3 h1:53XFQh69AfOa8Tw0Jm7t+GV7KZhOi6jzsCzTtKbMvzU=
+rsc.io/tmplfunc v0.0.3/go.mod h1:AG3sTPzElb1Io3Yg4voV9AGZJuleGAwaVRxL9M49PhA=
--- a/op-signer/service/auth.go
+++ b/op-signer/service/auth.go
@ -0,0 +1,44 @@
+package service
+
+import (
+	"context"
+	"net/http"
+
+	oprpc "github.com/ethereum-optimism/optimism/op-service/rpc"
+	optls "github.com/ethereum-optimism/optimism/op-service/tls"
+)
+
+type ClientInfo struct {
+	ClientName string
+}
+
+type clientInfoContextKey struct{}
+
+func NewAuthMiddleware() oprpc.Middleware {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			clientInfo := ClientInfo{}
+
+			// PeerTLSInfo is attached to context by upstream op-service middleware
+			peerTlsInfo := optls.PeerTLSInfoFromContext(r.Context())
+			if peerTlsInfo.LeafCertificate == nil {
+				http.Error(w, "client certificate was not provided", 401)
+				return
+			}
+			// Note that the certificate is already verified by http server if we get here
+			if len(peerTlsInfo.LeafCertificate.DNSNames) < 1 {
+				http.Error(w, "client certificate verified but did not contain DNS SAN extension", 401)
+				return
+			}
+			clientInfo.ClientName = peerTlsInfo.LeafCertificate.DNSNames[0]
+
+			ctx := context.WithValue(r.Context(), clientInfoContextKey{}, clientInfo)
+			next.ServeHTTP(w, r.WithContext(ctx))
+		})
+	}
+}
+
+func ClientInfoFromContext(ctx context.Context) ClientInfo {
+	info, _ := ctx.Value(clientInfoContextKey{}).(ClientInfo)
+	return info
+}
--- a/op-signer/service/auth_test.go
+++ b/op-signer/service/auth_test.go
@ -0,0 +1,63 @@
+package service
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	optls "github.com/ethereum-optimism/optimism/op-service/tls"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAuthMiddleware_NoCertificate(t *testing.T) {
+	var handler http.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		assert.NotNil(t, nil, "handler should not have been invoked")
+	})
+	handler = NewAuthMiddleware()(handler)
+	handler = optls.NewPeerTLSMiddleware(handler)
+	assert.HTTPStatusCode(t, handler.ServeHTTP, "GET", "/", nil, 401)
+}
+
+func TestAuthMiddleware_CertificateMissingDNS(t *testing.T) {
+	req, _ := http.NewRequest("GET", "/", nil)
+	req.TLS = &tls.ConnectionState{PeerCertificates: []*x509.Certificate{}}
+
+	var handler http.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		assert.NotNil(t, nil, "handler should not have been invoked")
+	})
+
+	handler = NewAuthMiddleware()(handler)
+	handler = optls.NewPeerTLSMiddleware(handler)
+
+	rr := httptest.NewRecorder()
+	handler.ServeHTTP(rr, req)
+	result := rr.Result()
+	defer result.Body.Close()
+	assert.Equal(t, 401, result.StatusCode)
+}
+
+func TestAuthMiddleware_HappyPath(t *testing.T) {
+	req, _ := http.NewRequest("GET", "/", nil)
+	req.TLS = &tls.ConnectionState{
+		PeerCertificates: []*x509.Certificate{{DNSNames: []string{"client.oplabs.co"}}},
+	}
+
+	handlerInvoked := false
+	var handler http.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		clientInfo := ClientInfoFromContext(r.Context())
+		assert.Equal(t, "client.oplabs.co", clientInfo.ClientName)
+		handlerInvoked = true
+	})
+
+	handler = NewAuthMiddleware()(handler)
+	handler = optls.NewPeerTLSMiddleware(handler)
+
+	rr := httptest.NewRecorder()
+	handler.ServeHTTP(rr, req)
+	result := rr.Result()
+	defer result.Body.Close()
+	assert.Equal(t, 200, result.StatusCode)
+	assert.True(t, handlerInvoked)
+}
--- a/op-signer/service/config.go
+++ b/op-signer/service/config.go
@ -0,0 +1,62 @@
+package service
+
+import (
+	"errors"
+	"fmt"
+	"math/big"
+	"os"
+
+	"github.com/ethereum/go-ethereum/common/hexutil"
+	"gopkg.in/yaml.v3"
+)
+
+type AuthConfig struct {
+	ClientName  string   `yaml:"name"`
+	KeyName     string   `yaml:"key"`
+	ToAddresses []string `yaml:"toAddresses"`
+	MaxValue    string   `yaml:"maxValue"`
+}
+
+func (c AuthConfig) MaxValueToInt() *big.Int {
+	return hexutil.MustDecodeBig(c.MaxValue)
+}
+
+type SignerServiceConfig struct {
+	Auth []AuthConfig `yaml:"auth"`
+}
+
+func ReadConfig(path string) (SignerServiceConfig, error) {
+	config := SignerServiceConfig{}
+	data, err := os.ReadFile(path)
+	if err != nil {
+		return config, err
+	}
+	if err := yaml.Unmarshal(data, &config); err != nil {
+		return config, err
+	}
+	for _, authConfig := range config.Auth {
+		for _, toAddress := range authConfig.ToAddresses {
+			if _, err := hexutil.Decode(toAddress); err != nil {
+				return config, fmt.Errorf("invalid toAddress '%s' in auth config: %w", toAddress, err)
+			}
+			if authConfig.MaxValue != "" {
+				if _, err := hexutil.DecodeBig(authConfig.MaxValue); err != nil {
+					return config, fmt.Errorf("invalid maxValue '%s' in auth config: %w", toAddress, err)
+				}
+			}
+		}
+	}
+	return config, err
+}
+
+func (s SignerServiceConfig) GetAuthConfigForClient(clientName string) (*AuthConfig, error) {
+	if clientName == "" {
+		return nil, errors.New("client name is empty")
+	}
+	for _, ac := range s.Auth {
+		if ac.ClientName == clientName {
+			return &ac, nil
+		}
+	}
+	return nil, fmt.Errorf("client '%s' is not authorized to use any keys", clientName)
+}
--- a/op-signer/service/errors.go
+++ b/op-signer/service/errors.go
@ -0,0 +1,11 @@
+package service
+
+type InvalidTransactionError struct{ message string }
+
+func (e *InvalidTransactionError) Error() string  { return e.message }
+func (e *InvalidTransactionError) ErrorCode() int { return -32010 }
+
+type UnauthorizedTransactionError struct{ message string }
+
+func (e *UnauthorizedTransactionError) Error() string  { return e.message }
+func (e *UnauthorizedTransactionError) ErrorCode() int { return -32011 }
--- a/op-signer/service/metrics.go
+++ b/op-signer/service/metrics.go
@ -0,0 +1,12 @@
+package service
+
+import "github.com/prometheus/client_golang/prometheus"
+
+var (
+	MetricSignTransactionTotal = prometheus.NewCounterVec(
+		prometheus.CounterOpts{
+			Name: "signer_signtransaction_total",
+			Help: ""},
+		[]string{"client", "status", "error"},
+	)
+)
--- a/op-signer/service/provider/cloudkms.go
+++ b/op-signer/service/provider/cloudkms.go
@ -0,0 +1,275 @@
+//go:generate mockgen -destination=mock_kms.go -package=provider github.com/ethereum-optimism/infra/op-signer/service/provider CloudKMSClient
+package provider
+
+import (
+	"bytes"
+	"context"
+	"crypto/x509/pkix"
+	"encoding/asn1"
+	"encoding/pem"
+	"errors"
+	"fmt"
+	"hash/crc32"
+	"math/big"
+
+	kms "cloud.google.com/go/kms/apiv1"
+	"cloud.google.com/go/kms/apiv1/kmspb"
+	"github.com/ethereum/go-ethereum/common/hexutil"
+	"github.com/ethereum/go-ethereum/crypto/secp256k1"
+	"github.com/ethereum/go-ethereum/log"
+	gax "github.com/googleapis/gax-go"
+	"google.golang.org/protobuf/types/known/wrapperspb"
+)
+
+var (
+	oidPublicKeyECDSA      = asn1.ObjectIdentifier{1, 2, 840, 10045, 2, 1}
+	oidNamedCurveSECP256K1 = asn1.ObjectIdentifier{1, 3, 132, 0, 10}
+)
+
+type publicKeyInfo struct {
+	Raw       asn1.RawContent
+	Algorithm pkix.AlgorithmIdentifier
+	PublicKey asn1.BitString
+}
+
+type CloudKMSClient interface {
+	GetPublicKey(ctx context.Context, req *kmspb.GetPublicKeyRequest, opts ...gax.CallOption) (*kmspb.PublicKey, error)
+	AsymmetricSign(context context.Context, req *kmspb.AsymmetricSignRequest, opts ...gax.CallOption) (*kmspb.AsymmetricSignResponse, error)
+}
+
+type CloudKMSSignatureProvider struct {
+	logger log.Logger
+	client CloudKMSClient
+}
+
+func NewCloudKMSSignatureProvider(logger log.Logger) SignatureProvider {
+	ctx := context.Background()
+	client, err := kms.NewKeyManagementClient(ctx)
+	if err != nil {
+		logger.Error("failed to initialize kms client", "error", err)
+		panic(err)
+	}
+	return &CloudKMSSignatureProvider{logger, client}
+}
+
+func NewCloudKMSSignatureProviderWithClient(logger log.Logger, client CloudKMSClient) SignatureProvider {
+	return &CloudKMSSignatureProvider{logger, client}
+}
+
+func crc32c(data []byte) uint32 {
+	t := crc32.MakeTable(crc32.Castagnoli)
+	return crc32.Checksum(data, t)
+}
+
+func createSignRequestFromDigest(keyName string, digest []byte) *kmspb.AsymmetricSignRequest {
+	digestCRC32C := crc32c(digest)
+	return &kmspb.AsymmetricSignRequest{
+		Name: keyName,
+		Digest: &kmspb.Digest{
+			Digest: &kmspb.Digest_Sha256{
+				Sha256: digest,
+			},
+		},
+		DigestCrc32C: wrapperspb.Int64(int64(digestCRC32C)),
+	}
+}
+
+// SignDigest signs the digest with a given Cloud KMS keyname and returns a compact recoverable signature.
+// If the keyName provided is not a EC_SIGN_SECP256K1_SHA256 key, the result will be an error.
+func (c *CloudKMSSignatureProvider) SignDigest(
+	ctx context.Context,
+	keyName string,
+	digest []byte,
+) ([]byte, error) {
+	publicKey, err := c.GetPublicKey(ctx, keyName)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get public key: %w", err)
+	}
+
+	request := createSignRequestFromDigest(keyName, digest)
+	result, err := c.client.AsymmetricSign(ctx, request)
+	if err != nil {
+		return nil, fmt.Errorf("cloud kms sign request failed: %w", err)
+	}
+	if result.Name != request.Name {
+		return nil, errors.New("cloud kms sign request corrupted in transit")
+	}
+	if !result.VerifiedDigestCrc32C {
+		return nil, errors.New("cloud kms sign request corrupted in transit")
+	}
+	if int64(crc32c(result.Signature)) != result.SignatureCrc32C.Value {
+		return nil, errors.New("cloud kms sign response corrupted in transit")
+	}
+
+	c.logger.Debug(fmt.Sprintf("der signature: %s", hexutil.Encode(result.Signature)))
+
+	return convertToCompactRecoverableSignature(result.Signature, digest, publicKey)
+}
+
+func convertToCompactRecoverableSignature(derSignature, digest, publicKey []byte) ([]byte, error) {
+	signature, err := convertToCompactSignature(derSignature)
+	if err != nil {
+		// should never happen
+		return nil, fmt.Errorf("failed to convert to compact signature: %w", err)
+	}
+
+	// NOTE: so far I haven't seen CloudKMS produce a malleable signature
+	// but if it does happen, this can be handled as a retryable error by the client
+	if err := compactSignatureMalleabilityCheck(signature); err != nil {
+		// should never happen
+		return nil, fmt.Errorf("signature failed malleability check: %w", err)
+	}
+
+	if !secp256k1.VerifySignature(publicKey, digest, signature) {
+		// should never happen
+		return nil, errors.New("signature could not be verified with public key")
+	}
+
+	recId, err := calculateRecoveryID(signature, digest, publicKey)
+	if err != nil {
+		// should never happen
+		return nil, fmt.Errorf("failed to calculate recovery id: %w", err)
+	}
+
+	signature = append(signature, byte(recId))
+
+	return signature, nil
+}
+
+// convertToCompactSignature compacts a DER signature output from kms (>70 bytes) into 64 bytes
+func convertToCompactSignature(derSignature []byte) ([]byte, error) {
+	var parsedSig struct{ R, S *big.Int }
+	if _, err := asn1.Unmarshal(derSignature, &parsedSig); err != nil {
+		return nil, fmt.Errorf("asn1.Unmarshal error: %w", err)
+	}
+
+	curveOrderLen := 32
+	signature := make([]byte, 2*curveOrderLen)
+
+	// if S is non-canonical, lower it
+	curveOrder := secp256k1.S256().Params().Params().N
+	if parsedSig.S.Cmp(new(big.Int).Div(curveOrder, big.NewInt(2))) > 0 {
+		parsedSig.S = new(big.Int).Sub(curveOrder, parsedSig.S)
+	}
+
+	// left pad R and S with zeroes
+	rBytes := parsedSig.R.Bytes()
+	sBytes := parsedSig.S.Bytes()
+	copy(signature[curveOrderLen-len(rBytes):], rBytes)
+	copy(signature[len(signature)-len(sBytes):], sBytes)
+
+	return signature, nil
+}
+
+// calculateRecoveryID calculates the signature recovery id (65th byte, [0-3])
+func calculateRecoveryID(signature, digest, pubKey []byte) (int, error) {
+	recId := -1
+	var errorRes error
+
+	for i := 0; i < 4; i++ {
+		recSig := append(signature, byte(i))
+		publicKey, err := secp256k1.RecoverPubkey(digest, recSig)
+		if err != nil {
+			errorRes = err
+			continue
+		}
+		if bytes.Equal(publicKey, pubKey) {
+			recId = i
+			break
+		}
+	}
+
+	if recId == -1 {
+		return recId, fmt.Errorf("failed to calculate recovery id, should never happen: %w", errorRes)
+	}
+	return recId, nil
+}
+
+// compactSignatureMalleabilityCheck checks if signature can be used to produce a new valid signature
+// pulled from go-ethereum/crypto/secp256k1/secp256_test.go
+// see: http://coders-errand.com/malleability-ecdsa-signatures/
+func compactSignatureMalleabilityCheck(sig []byte) error {
+	b := int(sig[32])
+	if b < 0 {
+		return fmt.Errorf("highest bit is negative: %d", b)
+	}
+	if ((b >> 7) == 1) != ((b & 0x80) == 0x80) {
+		return fmt.Errorf("highest bit: %d bit >> 7: %d", b, b>>7)
+	}
+	if (b & 0x80) == 0x80 {
+		return fmt.Errorf("highest bit: %d bit & 0x80: %d", b, b&0x80)
+	}
+	return nil
+}
+
+// GetPublicKey returns a decoded secp256k1 public key.
+func (c *CloudKMSSignatureProvider) GetPublicKey(
+	ctx context.Context,
+	keyName string,
+) ([]byte, error) {
+	request := kmspb.GetPublicKeyRequest{
+		Name: keyName,
+	}
+
+	result, err := c.client.GetPublicKey(ctx, &request)
+	if err != nil {
+		return nil, fmt.Errorf("kms get public key request failed: %w", err)
+	}
+
+	key := []byte(result.Pem)
+	if int64(crc32c(key)) != result.PemCrc32C.Value {
+		return nil, errors.New("cloud kms public key response corrupted in transit")
+	}
+
+	return decodePublicKeyPEM(key)
+}
+
+// decodePublicKeyPEM decodes a PEM ECDSA public key with secp256k1 curve
+func decodePublicKeyPEM(key []byte) ([]byte, error) {
+	block, rest := pem.Decode([]byte(key))
+	if len(rest) > 0 {
+		return nil, fmt.Errorf("crypto: failed to parse PEM string, not all bytes in PEM key were decoded: %x", rest)
+	}
+
+	pkBytes, err := x509ParseECDSAPublicKey(block.Bytes)
+	if err != nil {
+		return nil, fmt.Errorf("crypto: failed to parse PEM string: %w", err)
+	}
+
+	return pkBytes, err
+}
+
+// x509ParseECDSAPublicKey parses a DER-encoded public key and ensures secp256k1 curve
+func x509ParseECDSAPublicKey(derBytes []byte) ([]byte, error) {
+	var pki publicKeyInfo
+	if rest, err := asn1.Unmarshal(derBytes, &pki); err != nil {
+		return nil, err
+	} else if len(rest) != 0 {
+		return nil, errors.New("x509: trailing data after ASN.1 of public-key")
+	}
+
+	if !pki.Algorithm.Algorithm.Equal(oidPublicKeyECDSA) {
+		return nil, errors.New("x509: unknown public key algorithm")
+	}
+
+	asn1Data := pki.PublicKey.RightAlign()
+	paramsData := pki.Algorithm.Parameters.FullBytes
+	namedCurveOID := new(asn1.ObjectIdentifier)
+	rest, err := asn1.Unmarshal(paramsData, namedCurveOID)
+	if err != nil {
+		return nil, fmt.Errorf("x509: failed to parse ECDSA parameters as named curve: %w", err)
+	}
+	if len(rest) != 0 {
+		return nil, errors.New("x509: trailing data after ECDSA parameters")
+	}
+
+	if !namedCurveOID.Equal(oidNamedCurveSECP256K1) {
+		return nil, errors.New("x509: unsupported elliptic curve")
+	}
+
+	if asn1Data[0] != 4 { // uncompressed form
+		return nil, errors.New("x509: only uncompressed keys are supported")
+	}
+
+	return asn1Data, nil
+}
--- a/op-signer/service/provider/cloudkms_test.go
+++ b/op-signer/service/provider/cloudkms_test.go
@ -0,0 +1,194 @@
+package provider
+
+import (
+	"context"
+	"crypto/ecdsa"
+	"crypto/rand"
+	"io"
+	"testing"
+
+	gomock "github.com/golang/mock/gomock"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"cloud.google.com/go/kms/apiv1/kmspb"
+	"google.golang.org/protobuf/types/known/wrapperspb"
+
+	"github.com/ethereum/go-ethereum/common/hexutil"
+	"github.com/ethereum/go-ethereum/crypto"
+	"github.com/ethereum/go-ethereum/crypto/secp256k1"
+	"github.com/ethereum/go-ethereum/log"
+)
+
+const (
+	CloudKMSPemPublicKey = `-----BEGIN PUBLIC KEY-----
+MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEQpdToIk9lwjBdl0VcqXl7AwqhB9NwRf+
+IHRNqIUNa8vAH/5l5MGXO/qVT5D/4sOTfpd29BQAkDVOgTAneA2Vrg==
+-----END PUBLIC KEY-----`
+)
+
+func generateKey() *ecdsa.PrivateKey {
+	key, err := ecdsa.GenerateKey(secp256k1.S256(), rand.Reader)
+	if err != nil {
+		panic(err)
+	}
+	return key
+}
+
+// pulled from go-ethereum/crypto/secp256k1/secp256_test.go
+func csprngEntropy(n int) []byte {
+	buf := make([]byte, n)
+	if _, err := io.ReadFull(rand.Reader, buf); err != nil {
+		panic("reading from crypto/rand failed: " + err.Error())
+	}
+	return buf
+}
+
+func TestCloudKMS_SignDigest(t *testing.T) {
+	ctrl := gomock.NewController(t)
+	defer ctrl.Finish()
+
+	mockClient := NewMockCloudKMSClient(ctrl)
+	provider := NewCloudKMSSignatureProviderWithClient(log.Root(), mockClient)
+
+	keyName := "keyName"
+	digest, _ := hexutil.Decode("0x8dabbae6d856bb7ab93bc35b74c1303975a3f70f942d033e8591a9f8c897ae42")
+	derSignature, _ := hexutil.Decode("0x30450221008680faa49fd6653d273fb34393a47efac44b8f4a4de62bbe11a65ee53739e9bb0220350897677c32d67dc1e520d7458c5cca4a7fe49a3e9d74bdef1ec96836148661")
+	pemPublicKey := []byte(CloudKMSPemPublicKey)
+
+	var tests = []struct {
+		testName                 string
+		keyName                  string
+		digest                   []byte
+		respError                error
+		respVerifiedDigestCrc32C bool
+		respSignatureCrc32       uint32
+		wantErr                  bool
+	}{
+		{"happy path", keyName, digest, nil, true, crc32c(derSignature), false},
+		{"req failure", keyName, digest, assert.AnError, true, crc32c(derSignature), true},
+		{"invalid req keyName", "wrongKeyName", digest, nil, true, crc32c(derSignature), true},
+		{"invalid req crc32", keyName, digest, nil, false, crc32c(derSignature), true},
+		{"invalid resp crc32", keyName, digest, nil, true, crc32c([]byte("")), true},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.testName, func(t *testing.T) {
+			signRequest := createSignRequestFromDigest(tt.keyName, tt.digest)
+			mockClient.EXPECT().AsymmetricSign(gomock.Any(), signRequest).Return(
+				&kmspb.AsymmetricSignResponse{
+					Name:                 keyName,
+					Signature:            derSignature,
+					VerifiedDigestCrc32C: tt.respVerifiedDigestCrc32C,
+					SignatureCrc32C:      wrapperspb.Int64(int64(tt.respSignatureCrc32)),
+				},
+				tt.respError,
+			)
+
+			getPublicKeyRequest := &kmspb.GetPublicKeyRequest{Name: tt.keyName}
+			mockClient.EXPECT().GetPublicKey(gomock.Any(), getPublicKeyRequest).Return(
+				&kmspb.PublicKey{
+					Pem:       string(pemPublicKey),
+					PemCrc32C: wrapperspb.Int64(int64(crc32c(pemPublicKey))),
+				},
+				nil,
+			)
+			publicKey, _ := decodePublicKeyPEM(pemPublicKey)
+			wantSignature, _ := convertToCompactRecoverableSignature(derSignature, tt.digest, publicKey)
+
+			signature, err := provider.SignDigest(context.TODO(), tt.keyName, tt.digest)
+			if !tt.wantErr {
+				assert.Nil(t, err)
+				assert.Equal(t, wantSignature, signature)
+				// make sure recoverable pubkey is as expected
+				recoveredPublicKey, err := crypto.Ecrecover(tt.digest, signature)
+				assert.Nil(t, err)
+				assert.Equal(t, publicKey, recoveredPublicKey)
+			} else {
+				assert.Error(t, err)
+				assert.Nil(t, signature)
+			}
+		})
+	}
+}
+
+func TestCloudKMS_GetPublicKey(t *testing.T) {
+	ctrl := gomock.NewController(t)
+	defer ctrl.Finish()
+
+	mockClient := NewMockCloudKMSClient(ctrl)
+	provider := NewCloudKMSSignatureProviderWithClient(log.Root(), mockClient)
+
+	keyName := "keyName"
+	pemPublicKey := []byte(CloudKMSPemPublicKey)
+	wantPublicKey, _ := hexutil.Decode("0x04429753a0893d9708c1765d1572a5e5ec0c2a841f4dc117fe20744da8850d6bcbc01ffe65e4c1973bfa954f90ffe2c3937e9776f4140090354e813027780d95ae")
+
+	var tests = []struct {
+		testName     string
+		keyName      string
+		respError    error
+		respPemCrc32 uint32
+		wantErr      bool
+	}{
+		{"happy path", keyName, nil, crc32c(pemPublicKey), false},
+		{"req failure", keyName, assert.AnError, crc32c(pemPublicKey), false},
+		{"invalid resp crc32", keyName, assert.AnError, crc32c([]byte("")), true},
+	}
+	for _, tt := range tests {
+		t.Run(tt.testName, func(t *testing.T) {
+			request := &kmspb.GetPublicKeyRequest{Name: tt.keyName}
+			mockClient.EXPECT().GetPublicKey(gomock.Any(), request).Return(
+				&kmspb.PublicKey{
+					Pem:       string(pemPublicKey),
+					PemCrc32C: wrapperspb.Int64(int64(tt.respPemCrc32)),
+				},
+				nil,
+			)
+			publicKey, err := provider.GetPublicKey(context.TODO(), tt.keyName)
+			if !tt.wantErr {
+				assert.Nil(t, err)
+				assert.Equal(t, wantPublicKey, publicKey)
+			} else {
+				assert.Error(t, err)
+				assert.Nil(t, publicKey)
+			}
+		})
+	}
+}
+
+// TestVerifySignatureFromRecoveredPublicKey tests that the compact signature can
+// recover a publicKey that can be used to verify the original DER signature.
+// Since all other reference implementations produce compact, recoverable signatures already,
+// this serves as the test that converToCompactSignture and calculateRecoveryID produce expected results,
+func TestVerifySignatureFromRecoveredPublicKey(t *testing.T) {
+	key := generateKey()
+	pubKey := crypto.FromECDSAPub(&key.PublicKey)
+
+	const TestCount = 1000
+	for i := 0; i < TestCount; i++ {
+		digest := csprngEntropy(32)
+		derSig, err := ecdsa.SignASN1(rand.Reader, key, digest)
+		if err != nil {
+			panic(err)
+		}
+
+		sig, err := convertToCompactSignature(derSig)
+		assert.Nil(t, err)
+		assert.Len(t, sig, 64)
+		assert.Nil(t, compactSignatureMalleabilityCheck(sig))
+
+		recId, err := calculateRecoveryID(sig, digest, pubKey)
+		assert.Nil(t, err)
+		assert.GreaterOrEqual(t, recId, 0)
+		assert.Less(t, recId, 4)
+
+		sig = append(sig, byte(recId))
+		recoveredRawPubKey, err := secp256k1.RecoverPubkey(digest, sig)
+		assert.Nil(t, err)
+
+		recoveredPubKey, err := crypto.UnmarshalPubkey(recoveredRawPubKey)
+		require.NoError(t, err)
+
+		assert.True(t, ecdsa.VerifyASN1(recoveredPubKey, digest, derSig))
+	}
+}
--- a/op-signer/service/provider/mock_kms.go
+++ b/op-signer/service/provider/mock_kms.go
@ -0,0 +1,77 @@
+// Code generated by MockGen. DO NOT EDIT.
+// Source: github.com/ethereum-optimism/infra/op-signer/service/provider (interfaces: CloudKMSClient)
+
+// Package provider is a generated GoMock package.
+package provider
+
+import (
+	context "context"
+	reflect "reflect"
+
+	kmspb "cloud.google.com/go/kms/apiv1/kmspb"
+	gomock "github.com/golang/mock/gomock"
+	gax "github.com/googleapis/gax-go/v2"
+)
+
+// MockCloudKMSClient is a mock of CloudKMSClient interface.
+type MockCloudKMSClient struct {
+	ctrl     *gomock.Controller
+	recorder *MockCloudKMSClientMockRecorder
+}
+
+// MockCloudKMSClientMockRecorder is the mock recorder for MockCloudKMSClient.
+type MockCloudKMSClientMockRecorder struct {
+	mock *MockCloudKMSClient
+}
+
+// NewMockCloudKMSClient creates a new mock instance.
+func NewMockCloudKMSClient(ctrl *gomock.Controller) *MockCloudKMSClient {
+	mock := &MockCloudKMSClient{ctrl: ctrl}
+	mock.recorder = &MockCloudKMSClientMockRecorder{mock}
+	return mock
+}
+
+// EXPECT returns an object that allows the caller to indicate expected use.
+func (m *MockCloudKMSClient) EXPECT() *MockCloudKMSClientMockRecorder {
+	return m.recorder
+}
+
+// AsymmetricSign mocks base method.
+func (m *MockCloudKMSClient) AsymmetricSign(arg0 context.Context, arg1 *kmspb.AsymmetricSignRequest, arg2 ...gax.CallOption) (*kmspb.AsymmetricSignResponse, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "AsymmetricSign", varargs...)
+	ret0, _ := ret[0].(*kmspb.AsymmetricSignResponse)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// AsymmetricSign indicates an expected call of AsymmetricSign.
+func (mr *MockCloudKMSClientMockRecorder) AsymmetricSign(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AsymmetricSign", reflect.TypeOf((*MockCloudKMSClient)(nil).AsymmetricSign), varargs...)
+}
+
+// GetPublicKey mocks base method.
+func (m *MockCloudKMSClient) GetPublicKey(arg0 context.Context, arg1 *kmspb.GetPublicKeyRequest, arg2 ...gax.CallOption) (*kmspb.PublicKey, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "GetPublicKey", varargs...)
+	ret0, _ := ret[0].(*kmspb.PublicKey)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// GetPublicKey indicates an expected call of GetPublicKey.
+func (mr *MockCloudKMSClientMockRecorder) GetPublicKey(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetPublicKey", reflect.TypeOf((*MockCloudKMSClient)(nil).GetPublicKey), varargs...)
+}
--- a/op-signer/service/provider/mock_provider.go
+++ b/op-signer/service/provider/mock_provider.go
@ -0,0 +1,65 @@
+// Code generated by MockGen. DO NOT EDIT.
+// Source: github.com/ethereum-optimism/infra/op-signer/service/provider (interfaces: SignatureProvider)
+
+// Package provider is a generated GoMock package.
+package provider
+
+import (
+	context "context"
+	reflect "reflect"
+
+	gomock "github.com/golang/mock/gomock"
+)
+
+// MockSignatureProvider is a mock of SignatureProvider interface.
+type MockSignatureProvider struct {
+	ctrl     *gomock.Controller
+	recorder *MockSignatureProviderMockRecorder
+}
+
+// MockSignatureProviderMockRecorder is the mock recorder for MockSignatureProvider.
+type MockSignatureProviderMockRecorder struct {
+	mock *MockSignatureProvider
+}
+
+// NewMockSignatureProvider creates a new mock instance.
+func NewMockSignatureProvider(ctrl *gomock.Controller) *MockSignatureProvider {
+	mock := &MockSignatureProvider{ctrl: ctrl}
+	mock.recorder = &MockSignatureProviderMockRecorder{mock}
+	return mock
+}
+
+// EXPECT returns an object that allows the caller to indicate expected use.
+func (m *MockSignatureProvider) EXPECT() *MockSignatureProviderMockRecorder {
+	return m.recorder
+}
+
+// GetPublicKey mocks base method.
+func (m *MockSignatureProvider) GetPublicKey(arg0 context.Context, arg1 string) ([]byte, error) {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "GetPublicKey", arg0, arg1)
+	ret0, _ := ret[0].([]byte)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// GetPublicKey indicates an expected call of GetPublicKey.
+func (mr *MockSignatureProviderMockRecorder) GetPublicKey(arg0, arg1 interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetPublicKey", reflect.TypeOf((*MockSignatureProvider)(nil).GetPublicKey), arg0, arg1)
+}
+
+// SignDigest mocks base method.
+func (m *MockSignatureProvider) SignDigest(arg0 context.Context, arg1 string, arg2 []byte) ([]byte, error) {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "SignDigest", arg0, arg1, arg2)
+	ret0, _ := ret[0].([]byte)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// SignDigest indicates an expected call of SignDigest.
+func (mr *MockSignatureProviderMockRecorder) SignDigest(arg0, arg1, arg2 interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SignDigest", reflect.TypeOf((*MockSignatureProvider)(nil).SignDigest), arg0, arg1, arg2)
+}
--- a/op-signer/service/provider/provider.go
+++ b/op-signer/service/provider/provider.go
@ -0,0 +1,9 @@
+//go:generate mockgen -destination=mock_provider.go -package=provider github.com/ethereum-optimism/infra/op-signer/service/provider SignatureProvider
+package provider
+
+import "context"
+
+type SignatureProvider interface {
+	SignDigest(ctx context.Context, keyName string, digest []byte) ([]byte, error)
+	GetPublicKey(ctx context.Context, keyName string) ([]byte, error)
+}
--- a/op-signer/service/service.go
+++ b/op-signer/service/service.go
@ -0,0 +1,148 @@
+package service
+
+import (
+	"context"
+	"strings"
+
+	"github.com/ethereum/go-ethereum/common/hexutil"
+	"github.com/ethereum/go-ethereum/core/types"
+	"github.com/ethereum/go-ethereum/log"
+	"github.com/ethereum/go-ethereum/rpc"
+	"github.com/prometheus/client_golang/prometheus"
+
+	"github.com/ethereum-optimism/infra/op-signer/service/provider"
+	oprpc "github.com/ethereum-optimism/optimism/op-service/rpc"
+	"github.com/ethereum-optimism/optimism/op-service/signer"
+)
+
+type SignerService struct {
+	logger   log.Logger
+	config   SignerServiceConfig
+	provider provider.SignatureProvider
+}
+
+func NewSignerService(logger log.Logger, config SignerServiceConfig) *SignerService {
+	return NewSignerServiceWithProvider(logger, config, provider.NewCloudKMSSignatureProvider(logger))
+}
+
+func NewSignerServiceWithProvider(
+	logger log.Logger,
+	config SignerServiceConfig,
+	provider provider.SignatureProvider,
+) *SignerService {
+	return &SignerService{logger, config, provider}
+}
+
+func (s *SignerService) RegisterAPIs(server *oprpc.Server) {
+	server.AddAPI(rpc.API{
+		Namespace: "eth",
+		Service:   s,
+	})
+}
+
+func containsNormalized(s []string, e string) bool {
+	for _, a := range s {
+		if strings.EqualFold(a, e) {
+			return true
+		}
+	}
+	return false
+}
+
+// SignTransaction will sign the given transaction with the key configured for the authenticated client
+func (s *SignerService) SignTransaction(ctx context.Context, args signer.TransactionArgs) (hexutil.Bytes, error) {
+	clientInfo := ClientInfoFromContext(ctx)
+	authConfig, err := s.config.GetAuthConfigForClient(clientInfo.ClientName)
+	if err != nil {
+		return nil, rpc.HTTPError{StatusCode: 403, Status: "Forbidden", Body: []byte(err.Error())}
+	}
+
+	labels := prometheus.Labels{"client": clientInfo.ClientName, "status": "error", "error": ""}
+	defer func() {
+		MetricSignTransactionTotal.With(labels).Inc()
+	}()
+
+	if err := args.Check(); err != nil {
+		s.logger.Warn("invalid signing arguments", "err", err)
+		labels["error"] = "invalid_transaction"
+		return nil, &InvalidTransactionError{message: err.Error()}
+	}
+
+	if len(authConfig.ToAddresses) > 0 && !containsNormalized(authConfig.ToAddresses, args.To.Hex()) {
+		return nil, &UnauthorizedTransactionError{"to address not authorized"}
+	}
+	if len(authConfig.MaxValue) > 0 && args.Value.ToInt().Cmp(authConfig.MaxValueToInt()) > 0 {
+		return nil, &UnauthorizedTransactionError{"value exceeds maximum"}
+	}
+
+	txData, err := args.ToTransactionData()
+	if err != nil {
+		labels["error"] = "transaction_args_error"
+		return nil, &InvalidTransactionError{err.Error()}
+	}
+	tx := types.NewTx(txData)
+
+	txSigner := types.LatestSignerForChainID(tx.ChainId())
+	digest := txSigner.Hash(tx)
+
+	signature, err := s.provider.SignDigest(ctx, authConfig.KeyName, digest.Bytes())
+	if err != nil {
+		labels["error"] = "sign_error"
+		return nil, &InvalidTransactionError{err.Error()}
+	}
+
+	signed, err := tx.WithSignature(txSigner, signature)
+	if err != nil {
+		labels["error"] = "invalid_transaction_error"
+		return nil, &InvalidTransactionError{err.Error()}
+	}
+	signerFrom, err := txSigner.Sender(signed)
+	if err != nil {
+		labels["error"] = "sign_error"
+		return nil, &InvalidTransactionError{err.Error()}
+	}
+
+	// sanity check that we used the right account
+	if args.From != nil && *args.From != signerFrom {
+		s.logger.Warn("user is trying to sign with different account than actual signer-provider",
+			"provider", signerFrom, "request", *args.From)
+		labels["error"] = "sign_error"
+		return nil, &InvalidTransactionError{"unexpected from address"}
+	}
+
+	txraw, err := signed.MarshalBinary()
+	if err != nil {
+		labels["error"] = "transaction_marshal_error"
+		return nil, &InvalidTransactionError{err.Error()}
+	}
+
+	labels["status"] = "success"
+	txTo := ""
+	if tx.To() != nil {
+		txTo = tx.To().Hex()
+	}
+
+	s.logger.Info(
+		"Signed transaction",
+		"digest", hexutil.Encode(digest.Bytes()),
+		"client.name", clientInfo.ClientName,
+		"client.keyname", authConfig.KeyName,
+		"tx.type", tx.Type(),
+		"tx.raw", hexutil.Encode(txraw),
+		"tx.value", tx.Value(),
+		"tx.to", txTo,
+		"tx.nonce", tx.Nonce(),
+		"tx.gas", tx.Gas(),
+		"tx.gasprice", tx.GasPrice(),
+		"tx.gastipcap", tx.GasTipCap(),
+		"tx.gasfeecap", tx.GasFeeCap(),
+		"tx.type", tx.Type(),
+		"tx.hash", tx.Hash().Hex(),
+		"tx.chainid", tx.ChainId(),
+		"tx.blobhashes", tx.BlobHashes(),
+		"tx.blobfeecap", tx.BlobGasFeeCap(),
+		"signature", hexutil.Encode(signature),
+	)
+
+	return hexutil.Bytes(txraw), nil
+}
--- a/op-signer/service/service_test.go
+++ b/op-signer/service/service_test.go
@ -0,0 +1,182 @@
+package service
+
+import (
+	"context"
+	"errors"
+	"math/big"
+	"testing"
+
+	"github.com/golang/mock/gomock"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/holiman/uint256"
+
+	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/common/hexutil"
+	"github.com/ethereum/go-ethereum/core/types"
+	"github.com/ethereum/go-ethereum/crypto"
+	"github.com/ethereum/go-ethereum/log"
+	"github.com/ethereum/go-ethereum/params"
+	"github.com/ethereum/go-ethereum/rpc"
+
+	"github.com/ethereum-optimism/infra/op-signer/service/provider"
+	clientSigner "github.com/ethereum-optimism/optimism/op-service/signer"
+)
+
+func createEIP1559Tx() *types.Transaction {
+	aa := common.HexToAddress("0x000000000000000000000000000000000000aaaa")
+	accesses := types.AccessList{types.AccessTuple{
+		Address:     aa,
+		StorageKeys: []common.Hash{{0}},
+	}}
+	txdata := &types.DynamicFeeTx{
+		ChainID:    params.AllEthashProtocolChanges.ChainID,
+		Nonce:      0,
+		To:         &aa,
+		Gas:        30000,
+		GasFeeCap:  big.NewInt(1),
+		GasTipCap:  big.NewInt(1),
+		AccessList: accesses,
+		Data:       []byte{},
+		Value:      big.NewInt(1),
+	}
+	tx := types.NewTx(txdata)
+	return tx
+}
+
+func createBlobTx() *types.Transaction {
+	aa := common.HexToAddress("0x000000000000000000000000000000000000aaaa")
+	accesses := types.AccessList{types.AccessTuple{
+		Address:     aa,
+		StorageKeys: []common.Hash{{0}},
+	}}
+
+	txdata := &types.BlobTx{
+		ChainID:    uint256.MustFromBig(params.AllEthashProtocolChanges.ChainID),
+		Nonce:      0,
+		To:         aa,
+		Gas:        30000,
+		GasFeeCap:  uint256.NewInt(1),
+		GasTipCap:  uint256.NewInt(1),
+		AccessList: accesses,
+		Data:       []byte{},
+		Value:      uint256.NewInt(1),
+		BlobFeeCap: uint256.NewInt(1),
+		BlobHashes: []common.Hash{common.HexToHash("c0ffee")},
+	}
+	tx := types.NewTx(txdata)
+	return tx
+}
+
+var config = SignerServiceConfig{
+	Auth: []AuthConfig{
+		{ClientName: "client.oplabs.co", KeyName: "keyName"},
+		{ClientName: "alt-client.oplabs.co", KeyName: "altKeyName"},
+		{ClientName: "authorized-to.oplabs.co", KeyName: "keyName", ToAddresses: []string{"0x000000000000000000000000000000000000Aaaa"}},
+		{ClientName: "unauthorized-to.oplabs.co", KeyName: "keyName", ToAddresses: []string{"0x000000000000000000000000000000000000bbbb"}},
+		{ClientName: "within-max-value.oplabs.co", KeyName: "keyName", MaxValue: hexutil.EncodeBig(big.NewInt(2))},
+		{ClientName: "exceeds-max-value.oplabs.co", KeyName: "keyName", MaxValue: hexutil.EncodeBig(big.NewInt(0))},
+	},
+}
+
+type testCase struct {
+	name     string
+	template func() *types.Transaction
+}
+
+var testTxs = []testCase{
+	{"regular", createEIP1559Tx},
+	{"blob-tx", createBlobTx},
+}
+
+func TestSignTransaction(t *testing.T) {
+	for _, tc := range testTxs {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			testSignTransaction(t, tc.template())
+		})
+	}
+}
+
+func testSignTransaction(t *testing.T, tx *types.Transaction) {
+	ctrl := gomock.NewController(t)
+	defer ctrl.Finish()
+
+	signer := types.LatestSignerForChainID(tx.ChainId())
+	digest := signer.Hash(tx).Bytes()
+
+	priv, err := crypto.GenerateKey()
+	require.NoError(t, err)
+
+	sender := crypto.PubkeyToAddress(priv.PublicKey)
+
+	signature, err := crypto.Sign(digest, priv)
+	require.NoError(t, err)
+
+	args := clientSigner.NewTransactionArgsFromTransaction(tx.ChainId(), nil, tx)
+	missingNonce := clientSigner.NewTransactionArgsFromTransaction(tx.ChainId(), nil, tx)
+	missingNonce.Nonce = nil
+
+	validFrom := clientSigner.NewTransactionArgsFromTransaction(tx.ChainId(), nil, tx)
+	validFrom.From = &sender
+
+	invalidFrom := clientSigner.NewTransactionArgsFromTransaction(tx.ChainId(), nil, tx)
+	random := common.HexToAddress("1234")
+	invalidFrom.From = &random
+
+	// signature, _ := hexutil.Decode("0x5392c93b50eb9e3412ab43d378048d4f7d644f3cea02acb529f07e2babba1d3a332377f4abe24a40030b3ff6bff3413a44364aad4665f4e24117466328ce8d3600")
+
+	tests := []struct {
+		testName    string
+		args        clientSigner.TransactionArgs
+		digest      []byte
+		clientName  string
+		wantKeyName string
+		wantErrCode int
+	}{
+		{"happy path", *args, digest, "client.oplabs.co", "keyName", 0},
+		{"nonce not specified", *missingNonce, digest, "client.oplabs.co", "keyName", -32010},
+		{"happy path - different client and key", *args, digest, "alt-client.oplabs.co", "altKeyName", 0},
+		{"client not authorized", *args, digest, "forbidden-client.oplabs.co", "keyName", 403},
+		{"client empty", *args, digest, "", "", 403},
+		{"authorized to address", *args, digest, "authorized-to.oplabs.co", "keyName", 0},
+		{"unauthorized to address", *args, digest, "unauthorized-to.oplabs.co", "keyName", -32011},
+		{"within max value", *args, digest, "within-max-value.oplabs.co", "keyName", 0},
+		{"exceeds max value", *args, digest, "exceeds-max-value.oplabs.co", "keyName", -32011},
+		{"valid from", *validFrom, digest, "client.oplabs.co", "keyName", 0},
+		{"invalid from", *invalidFrom, digest, "client.oplabs.co", "keyName", -32010},
+	}
+	for _, tt := range tests {
+		t.Run(tt.testName, func(t *testing.T) {
+			mockSignatureProvider := provider.NewMockSignatureProvider(ctrl)
+			service := NewSignerServiceWithProvider(log.Root(), config, mockSignatureProvider)
+
+			ctx := context.WithValue(context.TODO(), clientInfoContextKey{}, ClientInfo{ClientName: tt.clientName})
+			if tt.wantErrCode == 0 || tt.testName == "invalid from" {
+				mockSignatureProvider.EXPECT().
+					SignDigest(ctx, tt.wantKeyName, tt.digest).
+					Return(signature, nil)
+			}
+			resp, err := service.SignTransaction(ctx, tt.args)
+			if tt.wantErrCode == 0 {
+				assert.Nil(t, err)
+				if assert.NotNil(t, resp) {
+					assert.NotEmpty(t, resp)
+				}
+			} else {
+				assert.NotNil(t, err)
+				assert.Nil(t, resp)
+				var rpcErr rpc.Error
+				var httpErr rpc.HTTPError
+				if errors.As(err, &rpcErr) {
+					assert.Equal(t, tt.wantErrCode, rpcErr.ErrorCode())
+				} else if errors.As(err, &httpErr) {
+					assert.Equal(t, tt.wantErrCode, httpErr.StatusCode)
+				} else {
+					assert.Fail(t, "returned error is not an rpc.Error or rpc.HTTPError")
+				}
+			}
+		})
+	}
+}
--- a/op-signer/test-rpc.json
+++ b/op-signer/test-rpc.json
@ -0,0 +1,53 @@
+[
+  {
+    "id": "1",
+    "jsonrpc": "2.0",
+    "method": "eth_signTransaction",
+    "params": [
+      {
+        "to": "0x000000000000000000000000000000000000aaaa",
+        "gas": "0x7530",
+        "gasPrice": null,
+        "maxFeePerGas": "0x1",
+        "maxPriorityFeePerGas": "0x1",
+        "value": "0x1",
+        "nonce": "0x0",
+        "data": "0x",
+        "accessList": [
+          {
+            "address": "0x000000000000000000000000000000000000aaaa",
+            "storageKeys": [
+              "0x0000000000000000000000000000000000000000000000000000000000000000"
+            ]
+          }
+        ],
+        "chainId": "0x539"
+      }
+    ]
+  },
+  {
+    "id": "1",
+    "jsonrpc": "2.0",
+    "method": "eth_signTransaction",
+    "params": [
+      {
+        "to": "0x000000000000000000000000000000000000aaaa",
+        "gas": "0x7530",
+        "gasPrice": null,
+        "maxFeePerGas": "0x1",
+        "maxPriorityFeePerGas": "0x1",
+        "value": "0x1",
+        "data": "0x",
+        "accessList": [
+          {
+            "address": "0x000000000000000000000000000000000000aaaa",
+            "storageKeys": [
+              "0x0000000000000000000000000000000000000000000000000000000000000000"
+            ]
+          }
+        ],
+        "chainId": "0x539"
+      }
+    ]
+  }
+]
--- a/op-txproxy/.gitignore
+++ b/op-txproxy/.gitignore
@ -0,0 +1 @@
+bin
--- a/op-txproxy/Dockerfile
+++ b/op-txproxy/Dockerfile
@ -0,0 +1,18 @@
+FROM golang:1.21.3-alpine3.18 as builder
+
+COPY ./op-txproxy /app
+
+WORKDIR /app
+RUN apk --no-cache add make jq bash git alpine-sdk
+RUN make build
+
+FROM alpine:3.18
+RUN apk --no-cache add ca-certificates
+
+RUN addgroup -S app && adduser -S app -G app
+USER app
+WORKDIR /app
+
+COPY --from=builder /app/bin/op-txproxy /app
+
+ENTRYPOINT ["/app/op-txproxy"]
--- a/op-txproxy/Makefile
+++ b/op-txproxy/Makefile
@ -0,0 +1,28 @@
+GIT_COMMIT := $(shell git rev-parse HEAD)
+GIT_DATE := $(shell git show -s --format='%ct')
+
+LDFLAGSSTRING +=-X main.GitCommit=$(GIT_COMMIT)
+LDFLAGSSTRING +=-X main.GitDate=$(GITDGIT_DATEATE)
+LDFLAGSSTRING +=-X main.Version=$(OP_CONDUCTOR_MON_VERSION)
+LDFLAGS := -ldflags "$(LDFLAGSSTRING)"
+
+
+all: build
+
+build:
+	env GO111MODULE=on go build -v $(LDFLAGS) -o ./bin/op-txproxy ./cmd
+
+clean:
+	rm ./bin/op-txproxy
+
+test:
+	go test -v ./...
+
+lint:
+	golangci-lint run ./...
+
+.PHONY: \
+	build \
+	clean \
+	test \
+	lint
--- a/op-txproxy/README.md
+++ b/op-txproxy/README.md
@ -0,0 +1,36 @@
+# op-txproxy
+
+A supplemental passthrough proxy for some execution engine endpoints. This proxy does not forward all rpc traffic and only exposes a specific set of endpoints.
+Operationally, the public ingress proxy should  only re-route requests for these endpoints.
+
+```mermaid
+stateDiagram-v2
+    proxyd --> txproxy: intercepted methods
+    proxyd --> backend: unintercepted methods
+    txproxy --> backend
+```
+
+## Setup
+Install go 1.21
+```
+make build
+./bin/op-txproxy --help
+```
+
+## Endpoints
+
+### eth_sendRawTransactionConditional
+
+An outcome of how to integrate this [spec](https://notes.ethereum.org/@yoav/SkaX2lS9j) safely for permissionless 4337 bundler participation. This solution in the design doc [proposal](https://github.com/ethereum-optimism/design-docs/blob/main/ecosystem/sendRawTransactionConditional/proposal.md)
+requires a validating proxy that can be horizontally scaled and pre-emptively reject invalid conditional transaction. The implemented endpoint covers
+these objectives:
+1. **Auth**. preemptively put in place to enable a variety of auth policies (allowlist, rate limits, etc).
+
+    The caller authenticates themselves with any valid ECDSA-secp256k1 key, like an Ethereum key. The computed signature is over the [EIP-191](https://eips.ethereum.org/EIPS/eip-191) hash of the request body (up to the 5MB request body limit).
+
+    With the signature and signing address, the request is authenticated via the `X-Optimism-Signature` header of the request with the value `<public key address>: <signature>`.
+
+2. **Rate Limits**. global rate limits on the endpoint are applied here.
+2. **Rejection Switch**. this proxy can be rolled with a flag/env switch to reject conditional transaction without needing to interrupt the execution engine.
+3. **Basic Validation**. stateless validation is done in the endpoint to reject invalid conditional transactions and apply additional restricts on the usage (only 4337 entrypoint tx target support).
+4. **Metrics**. performance of this endpoint can be observed in order to inform adjustments to rate limits, shutoff, or auth policies to implement.
--- a/op-txproxy/auth_handler.go
+++ b/op-txproxy/auth_handler.go
@ -0,0 +1,101 @@
+package op_txproxy
+
+import (
+	"bytes"
+	"context"
+	"io"
+	"net/http"
+	"strings"
+
+	"github.com/ethereum/go-ethereum/accounts"
+	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/crypto"
+)
+
+var (
+	defaultBodyLimit = 5 * 1024 * 1024 // default in op-geth
+
+	DefaultAuthHeaderKey = "X-Optimism-Signature"
+)
+
+type authHandler struct {
+	headerKey string
+	next      http.Handler
+}
+
+// This middleware detects when authentication information is present on the request. If
+// so, it will validate and set the caller in the request context. It does not reject
+// if authentication information is missing. It is up to the request handler to do so via
+// the missing `AuthContext`
+//   - NOTE: only up to the default body limit (5MB) is read when constructing the text hash
+//     that is signed over by the caller
+func AuthMiddleware(headerKey string) func(next http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return &authHandler{headerKey, next}
+	}
+}
+
+type authContextKey struct{}
+
+type AuthContext struct {
+	Caller common.Address
+}
+
+// ServeHTTP serves JSON-RPC requests over HTTP, implements http.Handler
+func (h *authHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	authHeader := r.Header.Get(h.headerKey)
+	if authHeader == "" {
+		h.next.ServeHTTP(w, r)
+		return
+	}
+	authElems := strings.Split(authHeader, ":")
+	if len(authElems) != 2 {
+		http.Error(w, "misformatted auth header", http.StatusBadRequest)
+		return
+	}
+
+	if r.Body == nil {
+		// edge case from unit tests
+		r.Body = io.NopCloser(bytes.NewBuffer(nil))
+	}
+
+	// Since this middleware runs prior to the server, we need to manually apply the body limit when reading.
+	bodyBytes, err := io.ReadAll(io.LimitReader(r.Body, int64(defaultBodyLimit)))
+	if err != nil {
+		http.Error(w, "unable to parse request body", http.StatusInternalServerError)
+		return
+	}
+
+	r.Body = struct {
+		io.Reader
+		io.Closer
+	}{
+		io.MultiReader(bytes.NewReader(bodyBytes), r.Body),
+		r.Body,
+	}
+
+	txtHash := accounts.TextHash(bodyBytes)
+	caller, signature := common.HexToAddress(authElems[0]), common.FromHex(authElems[1])
+	sigPubKey, err := crypto.SigToPub(txtHash, signature)
+	if err != nil {
+		http.Error(w, "invalid authentication signature", http.StatusBadRequest)
+		return
+	}
+
+	if caller != crypto.PubkeyToAddress(*sigPubKey) {
+		http.Error(w, "mismatched recovered signer", http.StatusBadRequest)
+		return
+	}
+
+	// Set the authenticated caller in the context
+	newCtx := context.WithValue(r.Context(), authContextKey{}, &AuthContext{caller})
+	h.next.ServeHTTP(w, r.WithContext(newCtx))
+}
+
+func AuthFromContext(ctx context.Context) *AuthContext {
+	auth, ok := ctx.Value(authContextKey{}).(*AuthContext)
+	if !ok {
+		return nil
+	}
+	return auth
+}
--- a/op-txproxy/auth_handler_test.go
+++ b/op-txproxy/auth_handler_test.go
@ -0,0 +1,148 @@
+package op_txproxy
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+
+	oprpc "github.com/ethereum-optimism/optimism/op-service/rpc"
+
+	"github.com/ethereum/go-ethereum/accounts"
+	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/crypto"
+	"github.com/ethereum/go-ethereum/rpc"
+
+	"github.com/stretchr/testify/require"
+)
+
+var pingHandler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	fmt.Fprintf(w, "ping")
+})
+
+func TestAuthHandlerMissingAuth(t *testing.T) {
+	handler := authHandler{next: pingHandler}
+
+	rr := httptest.NewRecorder()
+	r, _ := http.NewRequest("GET", "/", nil)
+	handler.ServeHTTP(rr, r)
+
+	// simply forwards the request
+	require.Equal(t, http.StatusOK, rr.Code)
+	require.Equal(t, "ping", rr.Body.String())
+}
+
+func TestAuthHandlerBadHeader(t *testing.T) {
+	handler := authHandler{headerKey: "auth", next: pingHandler}
+
+	rr := httptest.NewRecorder()
+	r, _ := http.NewRequest("GET", "/", nil)
+	r.Header.Set("auth", "foobarbaz")
+
+	handler.ServeHTTP(rr, r)
+	require.Equal(t, http.StatusBadRequest, rr.Code)
+}
+
+func TestAuthHandlerBadSignature(t *testing.T) {
+	handler := authHandler{headerKey: "auth", next: pingHandler}
+
+	rr := httptest.NewRecorder()
+	r, _ := http.NewRequest("GET", "/", nil)
+	r.Header.Set("auth", fmt.Sprintf("%s:%s", common.HexToAddress("0xa"), "foobar"))
+
+	handler.ServeHTTP(rr, r)
+	require.Equal(t, http.StatusBadRequest, rr.Code)
+}
+
+func TestAuthHandlerMismatchedCaller(t *testing.T) {
+	handler := authHandler{headerKey: "auth", next: pingHandler}
+
+	rr := httptest.NewRecorder()
+	r, _ := http.NewRequest("GET", "/", strings.NewReader("body"))
+
+	privKey, _ := crypto.GenerateKey()
+	sig, _ := crypto.Sign(accounts.TextHash([]byte("body")), privKey)
+	r.Header.Set("auth", fmt.Sprintf("%s:%s", common.HexToAddress("0xa"), sig))
+
+	handler.ServeHTTP(rr, r)
+	require.Equal(t, http.StatusBadRequest, rr.Code)
+}
+
+func TestAuthHandlerSetContext(t *testing.T) {
+	var ctx *AuthContext
+	ctxHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		ctx = AuthFromContext(r.Context())
+		w.WriteHeader(http.StatusOK)
+	})
+
+	handler := authHandler{headerKey: "auth", next: ctxHandler}
+
+	rr := httptest.NewRecorder()
+	body := bytes.NewBufferString("body")
+	r, _ := http.NewRequest("GET", "/", body)
+
+	privKey, _ := crypto.GenerateKey()
+	sig, _ := crypto.Sign(accounts.TextHash(body.Bytes()), privKey)
+	addr := crypto.PubkeyToAddress(privKey.PublicKey)
+	r.Header.Set("auth", fmt.Sprintf("%s:%s", addr, common.Bytes2Hex(sig)))
+
+	handler.ServeHTTP(rr, r)
+	require.Equal(t, http.StatusOK, rr.Code)
+
+	require.NotNil(t, ctx)
+	require.Equal(t, addr, ctx.Caller)
+}
+
+func TestAuthHandlerRpcMiddleware(t *testing.T) {
+	rpcServer := oprpc.NewServer("127.0.0.1", 0, "", oprpc.WithMiddleware(AuthMiddleware("auth")))
+	require.NoError(t, rpcServer.Start())
+	t.Cleanup(func() { _ = rpcServer.Stop() })
+
+	url := fmt.Sprintf("http://%s", rpcServer.Endpoint())
+	clnt, err := rpc.Dial(url)
+	require.NoError(t, err)
+	defer clnt.Close()
+
+	// pass without auth (default handler does not deny)
+	err = clnt.CallContext(context.Background(), nil, "rpc_modules")
+	require.Nil(t, err)
+
+	// denied with bad auth header
+	clnt.SetHeader("auth", "foobar")
+	err = clnt.CallContext(context.Background(), nil, "rpc_modules")
+	require.NotNil(t, err)
+}
+
+func TestAuthHandlerRequestBodyLimit(t *testing.T) {
+	var body []byte
+	bodyHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		body, _ = io.ReadAll(r.Body)
+		w.WriteHeader(http.StatusOK)
+	})
+
+	handler := authHandler{headerKey: "auth", next: bodyHandler}
+
+	// only up to limit is read when validating the request body
+	authBody := strings.Repeat("*", defaultBodyLimit)
+	excess := strings.Repeat("-", 10)
+
+	rr := httptest.NewRecorder()
+	r, _ := http.NewRequest("GET", "/", strings.NewReader(authBody+excess))
+
+	// sign over just the auth body
+	privKey, _ := crypto.GenerateKey()
+	sig, _ := crypto.Sign(accounts.TextHash([]byte(authBody)), privKey)
+	addr := crypto.PubkeyToAddress(privKey.PublicKey)
+	r.Header.Set("auth", fmt.Sprintf("%s:%s", addr, common.Bytes2Hex(sig)))
+
+	// Auth handler successfully only parses through the max body limit
+	handler.ServeHTTP(rr, r)
+	require.Equal(t, http.StatusOK, rr.Code, rr.Body)
+
+	// The next handler has the full request body present
+	require.Len(t, body, len(authBody)+len(excess))
+}
--- a/op-txproxy/cli.go
+++ b/op-txproxy/cli.go
@ -0,0 +1,49 @@
+package op_txproxy
+
+import (
+	opservice "github.com/ethereum-optimism/optimism/op-service"
+
+	"github.com/urfave/cli/v2"
+)
+
+const (
+	SendRawTransactionConditionalEnabledFlagName   = "sendRawTxConditional.enabled"
+	SendRawTransactionConditionalBackendFlagName   = "sendRawTxConditional.backend"
+	SendRawTransactionConditionalRateLimitFlagName = "sendRawTxConditional.ratelimit"
+)
+
+type CLIConfig struct {
+	SendRawTransactionConditionalEnabled   bool
+	SendRawTransactionConditionalBackend   string
+	SendRawTransactionConditionalRateLimit uint64
+}
+
+func CLIFlags(envPrefix string) []cli.Flag {
+	return []cli.Flag{
+		&cli.BoolFlag{
+			Name:    SendRawTransactionConditionalEnabledFlagName,
+			Usage:   "Decider if eth_sendRawTransactionConditional requests should passthrough or be rejected",
+			Value:   true,
+			EnvVars: opservice.PrefixEnvVar(envPrefix, "SENDRAWTXCONDITIONAL_ENABLED"),
+		},
+		&cli.StringSliceFlag{
+			Name:    SendRawTransactionConditionalBackendFlagName,
+			Usage:   "block builder to broadcast conditional transactions",
+			EnvVars: opservice.PrefixEnvVar(envPrefix, "SENDRAWTXCONDITIONAL_BACKENDS"),
+		},
+		&cli.Uint64Flag{
+			Name:    SendRawTransactionConditionalRateLimitFlagName,
+			Usage:   "Maximum cost -- storage lookups -- allowed for conditional transactions in a given second",
+			Value:   5000,
+			EnvVars: opservice.PrefixEnvVar(envPrefix, "SENDRAWTXCONDITIONAL_RATELIMIT"),
+		},
+	}
+}
+
+func ReadCLIConfig(ctx *cli.Context) CLIConfig {
+	return CLIConfig{
+		SendRawTransactionConditionalEnabled:   ctx.Bool(SendRawTransactionConditionalEnabledFlagName),
+		SendRawTransactionConditionalBackend:   ctx.String(SendRawTransactionConditionalBackendFlagName),
+		SendRawTransactionConditionalRateLimit: ctx.Uint64(SendRawTransactionConditionalRateLimitFlagName),
+	}
+}
--- a/op-txproxy/cmd/main.go
+++ b/op-txproxy/cmd/main.go
@ -0,0 +1,68 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+
+	optxproxy "github.com/ethereum-optimism/infra/op-txproxy"
+
+	"github.com/ethereum-optimism/optimism/op-service/cliapp"
+	oplog "github.com/ethereum-optimism/optimism/op-service/log"
+	"github.com/ethereum-optimism/optimism/op-service/metrics"
+	"github.com/ethereum-optimism/optimism/op-service/opio"
+	"github.com/ethereum-optimism/optimism/op-service/rpc"
+
+	"github.com/ethereum/go-ethereum/log"
+	"github.com/ethereum/go-ethereum/params"
+
+	"github.com/urfave/cli/v2"
+)
+
+var (
+	GitCommit    = ""
+	GitDate      = ""
+	EnvVarPrefix = "OP_TXPROXY"
+)
+
+func main() {
+	oplog.SetupDefaults()
+
+	app := cli.NewApp()
+	app.Version = params.VersionWithCommit(GitCommit, GitDate)
+	app.Name = "op-txproxy"
+	app.Usage = "Optimism TxProxy Service"
+	app.Description = "Auxiliary service to supplement op-stack transaction pool management"
+	app.Action = cliapp.LifecycleCmd(TxProxyMain)
+
+	logFlags := oplog.CLIFlags(EnvVarPrefix)
+	rpcFlags := rpc.CLIFlags(EnvVarPrefix)
+	backendFlags := optxproxy.CLIFlags(EnvVarPrefix)
+	app.Flags = append(append(backendFlags, rpcFlags...), logFlags...)
+
+	ctx := opio.WithInterruptBlocker(context.Background())
+	if err := app.RunContext(ctx, os.Args); err != nil {
+		log.Crit("Application Failed", "err", err)
+	}
+}
+
+func TxProxyMain(ctx *cli.Context, closeApp context.CancelCauseFunc) (cliapp.Lifecycle, error) {
+	log := oplog.NewLogger(oplog.AppOut(ctx), oplog.ReadCLIConfig(ctx))
+	m := metrics.With(metrics.NewRegistry())
+
+	cfg := optxproxy.ReadCLIConfig(ctx)
+	txproxy, err := optxproxy.NewTxProxy(ctx.Context, log, m, &cfg)
+	if err != nil {
+		return nil, fmt.Errorf("unable to start superchain backend: %w", err)
+	}
+
+	rpcConfig := rpc.ReadCLIConfig(ctx)
+	rpcOpts := []rpc.ServerOption{
+		rpc.WithAPIs(txproxy.GetAPIs()),
+		rpc.WithLogger(log),
+		rpc.WithMiddleware(optxproxy.AuthMiddleware(optxproxy.DefaultAuthHeaderKey)),
+	}
+
+	rpcServer := rpc.NewServer(rpcConfig.ListenAddr, rpcConfig.ListenPort, ctx.App.Version, rpcOpts...)
+	return rpc.NewService(log, rpcServer), nil
+}
--- a/op-txproxy/conditional_txs.go
+++ b/op-txproxy/conditional_txs.go
@ -0,0 +1,140 @@
+package op_txproxy
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/ethereum-optimism/optimism/op-service/client"
+	"github.com/ethereum-optimism/optimism/op-service/metrics"
+	"github.com/ethereum-optimism/optimism/op-service/predeploys"
+
+	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/common/hexutil"
+	"github.com/ethereum/go-ethereum/core/types"
+	"github.com/ethereum/go-ethereum/log"
+	"github.com/ethereum/go-ethereum/params"
+	"github.com/ethereum/go-ethereum/rpc"
+
+	"github.com/prometheus/client_golang/prometheus"
+
+	"golang.org/x/time/rate"
+)
+
+var (
+	// errs
+	rateLimitErr             = &rpc.JsonError{Message: "rate limited", Code: params.TransactionConditionalCostExceededMaxErrCode}
+	endpointDisabledErr      = &rpc.JsonError{Message: "endpoint disabled", Code: params.TransactionConditionalRejectedErrCode}
+	missingAuthenticationErr = &rpc.JsonError{Message: "missing authentication", Code: params.TransactionConditionalRejectedErrCode}
+	entrypointSupportErr     = &rpc.JsonError{Message: "only 4337 Entrypoint contract support", Code: params.TransactionConditionalRejectedErrCode}
+)
+
+type ConditionalTxService struct {
+	log log.Logger
+	cfg *CLIConfig
+
+	limiter             *rate.Limiter
+	backend             client.RPC
+	entrypointAddresses map[common.Address]bool
+
+	costSummary prometheus.Summary
+	requests    prometheus.Counter
+	failures    *prometheus.CounterVec
+}
+
+func NewConditionalTxService(ctx context.Context, log log.Logger, m metrics.Factory, cfg *CLIConfig) (*ConditionalTxService, error) {
+	rpc, err := client.NewRPC(ctx, log, cfg.SendRawTransactionConditionalBackend)
+	if err != nil {
+		return nil, fmt.Errorf("failed to dial backend %s: %w", cfg.SendRawTransactionConditionalBackend, err)
+	}
+
+	rpcMetrics := metrics.MakeRPCClientMetrics("backend", m)
+	backend := client.NewInstrumentedRPC(rpc, &rpcMetrics)
+
+	limiter := rate.NewLimiter(rate.Limit(cfg.SendRawTransactionConditionalRateLimit), params.TransactionConditionalMaxCost)
+	entrypointAddresses := map[common.Address]bool{predeploys.EntryPoint_v060Addr: true, predeploys.EntryPoint_v070Addr: true}
+
+	return &ConditionalTxService{
+		log: log,
+		cfg: cfg,
+
+		limiter:             limiter,
+		backend:             backend,
+		entrypointAddresses: entrypointAddresses,
+
+		costSummary: m.NewSummary(prometheus.SummaryOpts{
+			Namespace: MetricsNameSpace,
+			Name:      "txconditional_cost",
+			Help:      "summary of cost observed by *accepted* conditional txs",
+		}),
+		requests: m.NewCounter(prometheus.CounterOpts{
+			Namespace: MetricsNameSpace,
+			Name:      "txconditional_requests",
+			Help:      "number of conditional transaction requests",
+		}),
+		failures: m.NewCounterVec(prometheus.CounterOpts{
+			Namespace: MetricsNameSpace,
+			Name:      "txconditional_failures",
+			Help:      "number of conditional transaction failures",
+		}, []string{"err"}),
+	}, nil
+}
+
+func (s *ConditionalTxService) SendRawTransactionConditional(ctx context.Context, txBytes hexutil.Bytes, cond types.TransactionConditional) (common.Hash, error) {
+	s.requests.Inc()
+	if !s.cfg.SendRawTransactionConditionalEnabled {
+		s.failures.WithLabelValues("disabled").Inc()
+		return common.Hash{}, endpointDisabledErr
+	}
+
+	// Ensure the request is authenticated
+	authInfo := AuthFromContext(ctx)
+	if authInfo == nil {
+		s.failures.WithLabelValues("missing auth").Inc()
+		return common.Hash{}, missingAuthenticationErr
+	}
+
+	// Handle the request. For now, we do nothing with the authenticated signer
+	hash, err := s.sendCondTx(ctx, authInfo.Caller, txBytes, &cond)
+	if err != nil {
+		s.failures.WithLabelValues(err.Error()).Inc()
+		s.log.Error("failed transaction conditional", "caller", authInfo.Caller.String(), "hash", hash.String(), "err", err)
+		return common.Hash{}, err
+	}
+
+	return hash, err
+}
+
+func (s *ConditionalTxService) sendCondTx(ctx context.Context, caller common.Address, txBytes hexutil.Bytes, cond *types.TransactionConditional) (common.Hash, error) {
+	tx := new(types.Transaction)
+	if err := tx.UnmarshalBinary(txBytes); err != nil {
+		return common.Hash{}, fmt.Errorf("failed to unmarshal tx: %w", err)
+	}
+
+	txHash, cost := tx.Hash(), cond.Cost()
+
+	// external checks (tx target, conditional cost & validation)
+	if tx.To() == nil || !s.entrypointAddresses[*tx.To()] {
+		return txHash, entrypointSupportErr
+	}
+	if err := cond.Validate(); err != nil {
+		return txHash, &rpc.JsonError{
+			Message: fmt.Sprintf("failed conditional validation: %s", err),
+			Code:    params.TransactionConditionalRejectedErrCode,
+		}
+	}
+	if cost > params.TransactionConditionalMaxCost {
+		return txHash, &rpc.JsonError{
+			Message: fmt.Sprintf("conditional cost, %d, exceeded max: %d", cost, params.TransactionConditionalMaxCost),
+			Code:    params.TransactionConditionalCostExceededMaxErrCode,
+		}
+	}
+
+	// enforce rate limit on the cost to be observed
+	if err := s.limiter.WaitN(ctx, cost); err != nil {
+		return txHash, rateLimitErr
+	}
+
+	s.costSummary.Observe(float64(cost))
+	s.log.Info("broadcasting conditional transaction", "caller", caller.String(), "hash", txHash.String())
+	return txHash, s.backend.CallContext(ctx, nil, "eth_sendRawTransactionConditional", txBytes, cond)
+}
--- a/op-txproxy/conditional_txs_test.go
+++ b/op-txproxy/conditional_txs_test.go
@ -0,0 +1,135 @@
+package op_txproxy
+
+import (
+	"context"
+	"math/big"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/ethereum-optimism/optimism/op-service/metrics"
+	"github.com/ethereum-optimism/optimism/op-service/predeploys"
+	"github.com/ethereum-optimism/optimism/op-service/testlog"
+
+	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/common/hexutil"
+	"github.com/ethereum/go-ethereum/core/types"
+	"github.com/ethereum/go-ethereum/log"
+	"github.com/ethereum/go-ethereum/params"
+	"github.com/ethereum/go-ethereum/rlp"
+	"github.com/ethereum/go-ethereum/rpc"
+
+	"github.com/stretchr/testify/require"
+)
+
+type testBackend struct{}
+
+func (b *testBackend) SendRawTransactionConditional(ctx context.Context, txBytes hexutil.Bytes, cond types.TransactionConditional) (common.Hash, error) {
+	return common.Hash{}, nil
+}
+
+func setupSvc(t *testing.T) *ConditionalTxService {
+	// setup no-op backend
+	srv := rpc.NewServer()
+	t.Cleanup(func() { srv.Stop() })
+	require.NoError(t, srv.RegisterName("eth", new(testBackend)))
+
+	httpSrv := httptest.NewServer(srv)
+	t.Cleanup(func() { httpSrv.Close() })
+
+	log := testlog.Logger(t, log.LevelInfo)
+	cfg := &CLIConfig{
+		SendRawTransactionConditionalEnabled:   true,
+		SendRawTransactionConditionalBackend:   httpSrv.URL,
+		SendRawTransactionConditionalRateLimit: 10_000,
+	}
+
+	svc, err := NewConditionalTxService(context.Background(), log, metrics.With(metrics.NewRegistry()), cfg)
+	require.NoError(t, err)
+
+	return svc
+}
+
+func TestSendRawTransactionConditionalDisabled(t *testing.T) {
+	svc := setupSvc(t)
+	svc.cfg.SendRawTransactionConditionalEnabled = false
+	hash, err := svc.SendRawTransactionConditional(context.Background(), nil, types.TransactionConditional{})
+	require.Zero(t, hash)
+	require.Equal(t, endpointDisabledErr, err)
+}
+
+func TestSendRawTransactionConditionalMissingAuth(t *testing.T) {
+	svc := setupSvc(t)
+	hash, err := svc.SendRawTransactionConditional(context.Background(), nil, types.TransactionConditional{})
+	require.Zero(t, hash)
+	require.Equal(t, missingAuthenticationErr, err)
+}
+
+func TestSendRawTransactionConditionalInvalidTxTarget(t *testing.T) {
+	svc := setupSvc(t)
+
+	txBytes, err := rlp.EncodeToBytes(types.NewTransaction(0, common.Address{19: 1}, big.NewInt(0), 0, big.NewInt(0), nil))
+	require.NoError(t, err)
+
+	// setup auth
+	ctx := context.WithValue(context.Background(), authContextKey{}, &AuthContext{Caller: common.HexToAddress("0xa")})
+	hash, err := svc.SendRawTransactionConditional(ctx, txBytes, types.TransactionConditional{})
+	require.Zero(t, hash)
+	require.Equal(t, entrypointSupportErr, err)
+}
+
+func TestSendRawTransactionConditionals(t *testing.T) {
+	costExcessiveCond := types.TransactionConditional{KnownAccounts: make(types.KnownAccounts)}
+	for i := 0; i < (params.TransactionConditionalMaxCost + 1); i++ {
+		iBig := big.NewInt(int64(i))
+		root := common.BigToHash(iBig)
+		costExcessiveCond.KnownAccounts[common.BigToAddress(iBig)] = types.KnownAccount{StorageRoot: &root}
+	}
+
+	uint64Ptr := func(num uint64) *uint64 { return &num }
+	tests := []struct {
+		name     string
+		cond     types.TransactionConditional
+		mustFail bool
+	}{
+
+		{
+			name:     "passes",
+			cond:     types.TransactionConditional{BlockNumberMin: big.NewInt(1), BlockNumberMax: big.NewInt(2), TimestampMin: uint64Ptr(1), TimestampMax: uint64Ptr(2)},
+			mustFail: false,
+		},
+		{
+			name:     "validation. block min greater than max",
+			cond:     types.TransactionConditional{BlockNumberMin: big.NewInt(2), BlockNumberMax: big.NewInt(1)},
+			mustFail: true,
+		},
+		{
+			name:     "validation. timestamp min greater than max",
+			cond:     types.TransactionConditional{TimestampMin: uint64Ptr(2), TimestampMax: uint64Ptr(1)},
+			mustFail: true,
+		},
+		{
+			name:     "excessive cost",
+			cond:     costExcessiveCond,
+			mustFail: true,
+		},
+	}
+
+	svc := setupSvc(t)
+	txBytes, err := rlp.EncodeToBytes(types.NewTransaction(0, predeploys.EntryPoint_v060Addr, big.NewInt(0), 0, big.NewInt(0), nil))
+	require.NoError(t, err)
+
+	for _, test := range tests {
+		ctx := context.Background()
+		if !test.mustFail {
+			ctx = context.WithValue(ctx, authContextKey{}, &AuthContext{Caller: common.HexToAddress("0xa")})
+		}
+
+		_, err := svc.SendRawTransactionConditional(ctx, txBytes, test.cond)
+		if test.mustFail && err == nil {
+			t.Errorf("Test %s should fail", test.name)
+		}
+		if !test.mustFail && err != nil {
+			t.Errorf("Test %s should pass but got err: %v", test.name, err)
+		}
+	}
+}
--- a/op-txproxy/go.mod
+++ b/op-txproxy/go.mod
@ -0,0 +1,92 @@
+module github.com/ethereum-optimism/infra/op-txproxy
+
+go 1.21
+
+require (
+	github.com/ethereum-optimism/optimism v1.9.1-0.20240827163921-45e129c8ca4b
+	github.com/ethereum/go-ethereum v1.14.8
+	github.com/prometheus/client_golang v1.20.2
+	github.com/stretchr/testify v1.9.0
+	github.com/urfave/cli/v2 v2.27.4
+	golang.org/x/time v0.6.0
+)
+
+require (
+	github.com/BurntSushi/toml v1.4.0 // indirect
+	github.com/DataDog/zstd v1.5.6-0.20230824185856-869dae002e5e // indirect
+	github.com/Microsoft/go-winio v0.6.2 // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/bits-and-blooms/bitset v1.10.0 // indirect
+	github.com/btcsuite/btcd/btcec/v2 v2.3.4 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/cockroachdb/errors v1.11.3 // indirect
+	github.com/cockroachdb/fifo v0.0.0-20240606204812-0bbfbd93a7ce // indirect
+	github.com/cockroachdb/logtags v0.0.0-20230118201751-21c54148d20b // indirect
+	github.com/cockroachdb/pebble v1.1.2 // indirect
+	github.com/cockroachdb/redact v1.1.5 // indirect
+	github.com/cockroachdb/tokenbucket v0.0.0-20230807174530-cc333fc44b06 // indirect
+	github.com/consensys/bavard v0.1.13 // indirect
+	github.com/consensys/gnark-crypto v0.12.1 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
+	github.com/crate-crypto/go-ipa v0.0.0-20240223125850-b1e8a79f509c // indirect
+	github.com/crate-crypto/go-kzg-4844 v1.0.0 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/deckarep/golang-set/v2 v2.6.0 // indirect
+	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 // indirect
+	github.com/ethereum-optimism/superchain-registry/superchain v0.0.0-20240828144951-4e6edcb7d36c // indirect
+	github.com/ethereum/c-kzg-4844 v1.0.0 // indirect
+	github.com/ethereum/go-verkle v0.1.1-0.20240306133620-7d920df305f0 // indirect
+	github.com/getsentry/sentry-go v0.27.0 // indirect
+	github.com/go-ole/go-ole v1.3.0 // indirect
+	github.com/gofrs/flock v0.8.1 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
+	github.com/golang/snappy v0.0.5-0.20220116011046-fa5810519dcb // indirect
+	github.com/gorilla/websocket v1.5.3 // indirect
+	github.com/hashicorp/go-bexpr v0.1.11 // indirect
+	github.com/holiman/uint256 v1.3.1 // indirect
+	github.com/huin/goupnp v1.3.0 // indirect
+	github.com/jackpal/go-nat-pmp v1.0.2 // indirect
+	github.com/klauspost/compress v1.17.9 // indirect
+	github.com/kr/pretty v0.3.1 // indirect
+	github.com/kr/text v0.2.0 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-runewidth v0.0.14 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/mitchellh/pointerstructure v1.2.1 // indirect
+	github.com/mmcloughlin/addchain v0.4.0 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/olekukonko/tablewriter v0.0.5 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/prometheus/client_model v0.6.1 // indirect
+	github.com/prometheus/common v0.55.0 // indirect
+	github.com/prometheus/procfs v0.15.1 // indirect
+	github.com/rivo/uniseg v0.4.4 // indirect
+	github.com/rogpeppe/go-internal v1.10.0 // indirect
+	github.com/rs/cors v1.11.0 // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/shirou/gopsutil v3.21.11+incompatible // indirect
+	github.com/supranational/blst v0.3.11 // indirect
+	github.com/syndtr/goleveldb v1.0.1-0.20220614013038-64ee5596c38a // indirect
+	github.com/tklauser/go-sysconf v0.3.12 // indirect
+	github.com/tklauser/numcpus v0.6.1 // indirect
+	github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
+	github.com/yusufpapurcu/wmi v1.2.3 // indirect
+	golang.org/x/crypto v0.26.0 // indirect
+	golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa // indirect
+	golang.org/x/mod v0.20.0 // indirect
+	golang.org/x/sync v0.8.0 // indirect
+	golang.org/x/sys v0.24.0 // indirect
+	golang.org/x/term v0.23.0 // indirect
+	golang.org/x/text v0.17.0 // indirect
+	google.golang.org/protobuf v1.34.2 // indirect
+	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	rsc.io/tmplfunc v0.0.3 // indirect
+)
+
+replace github.com/ethereum/go-ethereum => github.com/ethereum-optimism/op-geth v1.101408.1-dev.1
+
+//replace github.com/ethereum/go-ethereum => ../../op-geth
--- a/op-txproxy/go.sum
+++ b/op-txproxy/go.sum
@ -0,0 +1,334 @@
+github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0=
+github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
+github.com/DataDog/zstd v1.5.6-0.20230824185856-869dae002e5e h1:ZIWapoIRN1VqT8GR8jAwb1Ie9GyehWjVcGh32Y2MznE=
+github.com/DataDog/zstd v1.5.6-0.20230824185856-869dae002e5e/go.mod h1:g4AWEaM3yOg3HYfnJ3YIawPnVdXJh9QME85blwSAmyw=
+github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
+github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
+github.com/VictoriaMetrics/fastcache v1.12.2 h1:N0y9ASrJ0F6h0QaC3o6uJb3NIZ9VKLjCM7NQbSmF7WI=
+github.com/VictoriaMetrics/fastcache v1.12.2/go.mod h1:AmC+Nzz1+3G2eCPapF6UcsnkThDcMsQicp4xDukwJYI=
+github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
+github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/bits-and-blooms/bitset v1.10.0 h1:ePXTeiPEazB5+opbv5fr8umg2R/1NlzgDsyepwsSr88=
+github.com/bits-and-blooms/bitset v1.10.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8=
+github.com/btcsuite/btcd v0.24.2 h1:aLmxPguqxza+4ag8R1I2nnJjSu2iFn/kqtHTIImswcY=
+github.com/btcsuite/btcd/btcec/v2 v2.3.4 h1:3EJjcN70HCu/mwqlUsGK8GcNVyLVxFDlWurTXGPFfiQ=
+github.com/btcsuite/btcd/btcec/v2 v2.3.4/go.mod h1:zYzJ8etWJQIv1Ogk7OzpWjowwOdXY1W/17j2MW85J04=
+github.com/btcsuite/btcd/chaincfg/chainhash v1.1.0 h1:59Kx4K6lzOW5w6nFlA0v5+lk/6sjybR934QNHSJZPTQ=
+github.com/btcsuite/btcd/chaincfg/chainhash v1.1.0/go.mod h1:7SFka0XMvUgj3hfZtydOrQY2mwhPclbT2snogU7SQQc=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
+github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
+github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
+github.com/cockroachdb/datadriven v1.0.3-0.20230413201302-be42291fc80f h1:otljaYPt5hWxV3MUfO5dFPFiOXg9CyG5/kCfayTqsJ4=
+github.com/cockroachdb/datadriven v1.0.3-0.20230413201302-be42291fc80f/go.mod h1:a9RdTaap04u637JoCzcUoIcDmvwSUtcUFtT/C3kJlTU=
+github.com/cockroachdb/errors v1.11.3 h1:5bA+k2Y6r+oz/6Z/RFlNeVCesGARKuC6YymtcDrbC/I=
+github.com/cockroachdb/errors v1.11.3/go.mod h1:m4UIW4CDjx+R5cybPsNrRbreomiFqt8o1h1wUVazSd8=
+github.com/cockroachdb/fifo v0.0.0-20240606204812-0bbfbd93a7ce h1:giXvy4KSc/6g/esnpM7Geqxka4WSqI1SZc7sMJFd3y4=
+github.com/cockroachdb/fifo v0.0.0-20240606204812-0bbfbd93a7ce/go.mod h1:9/y3cnZ5GKakj/H4y9r9GTjCvAFta7KLgSHPJJYc52M=
+github.com/cockroachdb/logtags v0.0.0-20230118201751-21c54148d20b h1:r6VH0faHjZeQy818SGhaone5OnYfxFR/+AzdY3sf5aE=
+github.com/cockroachdb/logtags v0.0.0-20230118201751-21c54148d20b/go.mod h1:Vz9DsVWQQhf3vs21MhPMZpMGSht7O/2vFW2xusFUVOs=
+github.com/cockroachdb/pebble v1.1.2 h1:CUh2IPtR4swHlEj48Rhfzw6l/d0qA31fItcIszQVIsA=
+github.com/cockroachdb/pebble v1.1.2/go.mod h1:4exszw1r40423ZsmkG/09AFEG83I0uDgfujJdbL6kYU=
+github.com/cockroachdb/redact v1.1.5 h1:u1PMllDkdFfPWaNGMyLD1+so+aq3uUItthCFqzwPJ30=
+github.com/cockroachdb/redact v1.1.5/go.mod h1:BVNblN9mBWFyMyqK1k3AAiSxhvhfK2oOZZ2lK+dpvRg=
+github.com/cockroachdb/tokenbucket v0.0.0-20230807174530-cc333fc44b06 h1:zuQyyAKVxetITBuuhv3BI9cMrmStnpT18zmgmTxunpo=
+github.com/cockroachdb/tokenbucket v0.0.0-20230807174530-cc333fc44b06/go.mod h1:7nc4anLGjupUW/PeY5qiNYsdNXj7zopG+eqsS7To5IQ=
+github.com/consensys/bavard v0.1.13 h1:oLhMLOFGTLdlda/kma4VOJazblc7IM5y5QPd2A/YjhQ=
+github.com/consensys/bavard v0.1.13/go.mod h1:9ItSMtA/dXMAiL7BG6bqW2m3NdSEObYWoH223nGHukI=
+github.com/consensys/gnark-crypto v0.12.1 h1:lHH39WuuFgVHONRl3J0LRBtuYdQTumFSDtJF7HpyG8M=
+github.com/consensys/gnark-crypto v0.12.1/go.mod h1:v2Gy7L/4ZRosZ7Ivs+9SfUDr0f5UlG+EM5t7MPHiLuY=
+github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
+github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/crate-crypto/go-ipa v0.0.0-20240223125850-b1e8a79f509c h1:uQYC5Z1mdLRPrZhHjHxufI8+2UG/i25QG92j0Er9p6I=
+github.com/crate-crypto/go-ipa v0.0.0-20240223125850-b1e8a79f509c/go.mod h1:geZJZH3SzKCqnz5VT0q/DyIG/tvu/dZk+VIfXicupJs=
+github.com/crate-crypto/go-kzg-4844 v1.0.0 h1:TsSgHwrkTKecKJ4kadtHi4b3xHW5dCFUDFnUp1TsawI=
+github.com/crate-crypto/go-kzg-4844 v1.0.0/go.mod h1:1kMhvPgI0Ky3yIa+9lFySEBUBXkYxeOi8ZF1sYioxhc=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/deckarep/golang-set/v2 v2.6.0 h1:XfcQbWM1LlMB8BsJ8N9vW5ehnnPVIw0je80NsVHagjM=
+github.com/deckarep/golang-set/v2 v2.6.0/go.mod h1:VAky9rY/yGXJOLEDv3OMci+7wtDpOF4IN+y82NBOac4=
+github.com/decred/dcrd/crypto/blake256 v1.0.1 h1:7PltbUIQB7u/FfZ39+DGa/ShuMyJ5ilcvdfma9wOH6Y=
+github.com/decred/dcrd/crypto/blake256 v1.0.1/go.mod h1:2OfgNZ5wDpcsFmHmCK5gZTPcCXqlm2ArzUIkw9czNJo=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 h1:rpfIENRNNilwHwZeG5+P150SMrnNEcHYvcCuK6dPZSg=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
+github.com/ethereum-optimism/op-geth v1.101408.1-dev.1 h1:cFJevJXLnTMRLeX7vP4ykbFNnk6sZ6WncEzg3nkz2tM=
+github.com/ethereum-optimism/op-geth v1.101408.1-dev.1/go.mod h1:boCyfYcCK/lDcL1JA5daLc2qgvULU1zKcVtUJ605eGc=
+github.com/ethereum-optimism/optimism v1.9.1-0.20240827163921-45e129c8ca4b h1:w7aA6V7bDr2Vbe8p4llG0/FkF7nsfASb3wMq63/qaz0=
+github.com/ethereum-optimism/optimism v1.9.1-0.20240827163921-45e129c8ca4b/go.mod h1:pn4QCTrtpBnYySBLTPwJz+985qbTday98bnLCkx76K4=
+github.com/ethereum-optimism/superchain-registry/superchain v0.0.0-20240828144951-4e6edcb7d36c h1:wI6W6CimquWKoD6eZ0GhULXmiZynynzLBCPnsFKt+Y0=
+github.com/ethereum-optimism/superchain-registry/superchain v0.0.0-20240828144951-4e6edcb7d36c/go.mod h1:XaVXL9jg8BcyOeugECgIUGa9Y3DjYJj71RHmb5qon6M=
+github.com/ethereum/c-kzg-4844 v1.0.0 h1:0X1LBXxaEtYD9xsyj9B9ctQEZIpnvVDeoBx8aHEwTNA=
+github.com/ethereum/c-kzg-4844 v1.0.0/go.mod h1:VewdlzQmpT5QSrVhbBuGoCdFJkpaJlO1aQputP83wc0=
+github.com/ethereum/go-verkle v0.1.1-0.20240306133620-7d920df305f0 h1:KrE8I4reeVvf7C1tm8elRjj4BdscTYzz/WAbYyf/JI4=
+github.com/ethereum/go-verkle v0.1.1-0.20240306133620-7d920df305f0/go.mod h1:D9AJLVXSyZQXJQVk8oh1EwjISE+sJTn2duYIZC0dy3w=
+github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
+github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU=
+github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
+github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
+github.com/gballet/go-libpcsclite v0.0.0-20191108122812-4678299bea08 h1:f6D9Hr8xV8uYKlyuj8XIruxlh9WjVjdh1gIicAS7ays=
+github.com/gballet/go-libpcsclite v0.0.0-20191108122812-4678299bea08/go.mod h1:x7DCsMOv1taUwEWCzT4cmDeAkigA5/QCwUodaVOe8Ww=
+github.com/getsentry/sentry-go v0.27.0 h1:Pv98CIbtB3LkMWmXi4Joa5OOcwbmnX88sF5qbK3r3Ps=
+github.com/getsentry/sentry-go v0.27.0/go.mod h1:lc76E2QywIyW8WuBnwl8Lc4bkmQH4+w1gwTf25trprY=
+github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
+github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
+github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
+github.com/go-ole/go-ole v1.3.0 h1:Dt6ye7+vXGIKZ7Xtk4s6/xVdGDQynvom7xCFEdWr6uE=
+github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW6zv78=
+github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
+github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw=
+github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
+github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
+github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
+github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/golang/snappy v0.0.5-0.20220116011046-fa5810519dcb h1:PBC98N2aIaM3XXiurYmW7fx4GZkL8feAMVq7nEjURHk=
+github.com/golang/snappy v0.0.5-0.20220116011046-fa5810519dcb/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/gofuzz v1.2.1-0.20220503160820-4a35382e8fc8 h1:Ep/joEub9YwcjRY6ND3+Y/w0ncE540RtGatVhtZL0/Q=
+github.com/google/gofuzz v1.2.1-0.20220503160820-4a35382e8fc8/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/subcommands v1.2.0/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
+github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/hashicorp/go-bexpr v0.1.11 h1:6DqdA/KBjurGby9yTY0bmkathya0lfwF2SeuubCI7dY=
+github.com/hashicorp/go-bexpr v0.1.11/go.mod h1:f03lAo0duBlDIUMGCuad8oLcgejw4m7U+N8T+6Kz1AE=
+github.com/holiman/billy v0.0.0-20240216141850-2abb0c79d3c4 h1:X4egAf/gcS1zATw6wn4Ej8vjuVGxeHdan+bRb2ebyv4=
+github.com/holiman/billy v0.0.0-20240216141850-2abb0c79d3c4/go.mod h1:5GuXa7vkL8u9FkFuWdVvfR5ix8hRB7DbOAaYULamFpc=
+github.com/holiman/bloomfilter/v2 v2.0.3 h1:73e0e/V0tCydx14a0SCYS/EWCxgwLZ18CZcZKVu0fao=
+github.com/holiman/bloomfilter/v2 v2.0.3/go.mod h1:zpoh+gs7qcpqrHr3dB55AMiJwo0iURXE7ZOP9L9hSkA=
+github.com/holiman/uint256 v1.3.1 h1:JfTzmih28bittyHM8z360dCjIA9dbPIBlcTI6lmctQs=
+github.com/holiman/uint256 v1.3.1/go.mod h1:EOMSn4q6Nyt9P6efbI3bueV4e1b3dGlUCXeiRV4ng7E=
+github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
+github.com/huin/goupnp v1.3.0 h1:UvLUlWDNpoUdYzb2TCn+MuTWtcjXKSza2n6CBdQ0xXc=
+github.com/huin/goupnp v1.3.0/go.mod h1:gnGPsThkYa7bFi/KWmEysQRf48l2dvR5bxr2OFckNX8=
+github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/jackpal/go-nat-pmp v1.0.2 h1:KzKSgb7qkJvOUTqYl9/Hg/me3pWgBmERKrTGD7BdWus=
+github.com/jackpal/go-nat-pmp v1.0.2/go.mod h1:QPH045xvCAeXUZOxsnwmrtiCoxIr9eob+4orBN1SBKc=
+github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA=
+github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
+github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
+github.com/leanovate/gopter v0.2.9 h1:fQjYxZaynp97ozCzfOyOuAGOU4aU/z37zf/tOujFk7c=
+github.com/leanovate/gopter v0.2.9/go.mod h1:U2L/78B+KVFIx2VmW6onHJQzXtFb+p5y3y2Sh+Jxxv8=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
+github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
+github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU=
+github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
+github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/mitchellh/pointerstructure v1.2.1 h1:ZhBBeX8tSlRpu/FFhXH4RC4OJzFlqsQhoHZAz4x7TIw=
+github.com/mitchellh/pointerstructure v1.2.1/go.mod h1:BRAsLI5zgXmw97Lf6s25bs8ohIXc3tViBH44KcwB2g4=
+github.com/mmcloughlin/addchain v0.4.0 h1:SobOdjm2xLj1KkXN5/n0xTIWyZA2+s99UCY1iPfkHRY=
+github.com/mmcloughlin/addchain v0.4.0/go.mod h1:A86O+tHqZLMNO4w6ZZ4FlVQEadcoqkyU72HC5wJ4RlU=
+github.com/mmcloughlin/profile v0.1.1/go.mod h1:IhHD7q1ooxgwTgjxQYkACGA77oFTDdFVejUS1/tS/qU=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
+github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
+github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
+github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
+github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
+github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
+github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
+github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
+github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
+github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
+github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
+github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
+github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
+github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro=
+github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k=
+github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY=
+github.com/pingcap/errors v0.11.4 h1:lFuQV/oaUMGcD2tqt+01ROSmJs75VG1ToEOkZIZ4nE4=
+github.com/pingcap/errors v0.11.4/go.mod h1:Oi8TUi2kEtXXLMJk9l1cGmz20kV3TaQ0usTwv5KuLY8=
+github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_golang v1.20.2 h1:5ctymQzZlyOON1666svgwn3s6IKWgfbjsejTMiXIyjg=
+github.com/prometheus/client_golang v1.20.2/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
+github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
+github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
+github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc=
+github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8=
+github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
+github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
+github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
+github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=
+github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
+github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
+github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
+github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
+github.com/rs/cors v1.11.0 h1:0B9GE/r9Bc2UxRMMtymBkHTenPkHDv0CW4Y98GBY+po=
+github.com/rs/cors v1.11.0/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
+github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/shirou/gopsutil v3.21.11+incompatible h1:+1+c1VGhc88SSonWP6foOcLhvnKlUeu/erjjvaPEYiI=
+github.com/shirou/gopsutil v3.21.11+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
+github.com/status-im/keycard-go v0.2.0 h1:QDLFswOQu1r5jsycloeQh3bVU8n/NatHHaZobtDnDzA=
+github.com/status-im/keycard-go v0.2.0/go.mod h1:wlp8ZLbsmrF6g6WjugPAx+IzoLrkdf9+mHxBEeo3Hbg=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/supranational/blst v0.3.11 h1:LyU6FolezeWAhvQk0k6O/d49jqgO52MSDDfYgbeoEm4=
+github.com/supranational/blst v0.3.11/go.mod h1:jZJtfjgudtNl4en1tzwPIV3KjUnQUvG3/j+w+fVonLw=
+github.com/syndtr/goleveldb v1.0.1-0.20220614013038-64ee5596c38a h1:1ur3QoCqvE5fl+nylMaIr9PVV1w343YRDtsy+Rwu7XI=
+github.com/syndtr/goleveldb v1.0.1-0.20220614013038-64ee5596c38a/go.mod h1:RRCYJbIwD5jmqPI9XoAFR0OcDxqUctll6zUj/+B4S48=
+github.com/tklauser/go-sysconf v0.3.12 h1:0QaGUFOdQaIVdPgfITYzaTegZvdCjmYO52cSFAEVmqU=
+github.com/tklauser/go-sysconf v0.3.12/go.mod h1:Ho14jnntGE1fpdOqQEEaiKRpvIavV0hSfmBq8nJbHYI=
+github.com/tklauser/numcpus v0.6.1 h1:ng9scYS7az0Bk4OZLvrNXNSAO2Pxr1XXRAPyjhIx+Fk=
+github.com/tklauser/numcpus v0.6.1/go.mod h1:1XfjsgE2zo8GVw7POkMbHENHzVg3GzmoZ9fESEdAacY=
+github.com/tyler-smith/go-bip39 v1.1.0 h1:5eUemwrMargf3BSLRRCalXT93Ns6pQJIjYQN2nyfOP8=
+github.com/tyler-smith/go-bip39 v1.1.0/go.mod h1:gUYDtqQw1JS3ZJ8UWVcGTGqqr6YIN3CWg+kkNaLt55U=
+github.com/urfave/cli/v2 v2.27.4 h1:o1owoI+02Eb+K107p27wEX9Bb8eqIoZCfLXloLUSWJ8=
+github.com/urfave/cli/v2 v2.27.4/go.mod h1:m4QzxcD2qpra4z7WhzEGn74WZLViBnMpb1ToCAKdGRQ=
+github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 h1:gEOO8jv9F4OT7lGCjxCBTO/36wtF6j2nSip77qHd4x4=
+github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yusufpapurcu/wmi v1.2.3 h1:E1ctvB7uKFMOJw3fdOW32DwGE9I7t++CRUEMKvFoFiw=
+github.com/yusufpapurcu/wmi v1.2.3/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
+golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
+golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa h1:ELnwvuAXPNtPk1TJRuGkI9fDTwym6AYBu0qzT8AcHdI=
+golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa/go.mod h1:akd2r19cwCdwSwWeIdzYQGa/EZZyqcOdwWiwj5L5eKQ=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0=
+golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
+golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
+golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
+golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
+golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU=
+golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
+golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U=
+golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
+google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
+gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc=
+gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+rsc.io/tmplfunc v0.0.3 h1:53XFQh69AfOa8Tw0Jm7t+GV7KZhOi6jzsCzTtKbMvzU=
+rsc.io/tmplfunc v0.0.3/go.mod h1:AG3sTPzElb1Io3Yg4voV9AGZJuleGAwaVRxL9M49PhA=
--- a/op-txproxy/txproxy.go
+++ b/op-txproxy/txproxy.go
@ -0,0 +1,32 @@
+package op_txproxy
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/ethereum-optimism/optimism/op-service/metrics"
+
+	"github.com/ethereum/go-ethereum/log"
+	gethrpc "github.com/ethereum/go-ethereum/rpc"
+)
+
+var (
+	MetricsNameSpace = "op_txproxy"
+)
+
+type TxProxy struct {
+	conditionalTxService *ConditionalTxService
+}
+
+func NewTxProxy(ctx context.Context, log log.Logger, m metrics.Factory, cfg *CLIConfig) (*TxProxy, error) {
+	conditionalTxService, err := NewConditionalTxService(ctx, log, m, cfg)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create conditional tx service: %w", err)
+	}
+
+	return &TxProxy{conditionalTxService}, nil
+}
+
+func (txp *TxProxy) GetAPIs() []gethrpc.API {
+	return []gethrpc.API{{Namespace: "eth", Service: txp.conditionalTxService}}
+}
--- a/ops/tag-service/tag-service.py
+++ b/ops/tag-service/tag-service.py
@ -11,6 +11,7 @@ import semver
 # Minimum version numbers for packages migrating from legacy versioning.
 MIN_VERSIONS = {
    'proxyd': '4.6.1',
+    'op-signer': '0.0.1',
 }

 VALID_BUMPS = ('major', 'minor', 'patch', 'prerelease', 'finalize-prerelease')
--- a/ops/tag-service/tag-tool.py
+++ b/ops/tag-service/tag-tool.py
@ -6,7 +6,9 @@ import semver
 SERVICES  = [
    'proxyd',
    'op-ufm',
+    'op-signer',
    'op-conductor-mon',
+    'op-txproxy',
 ]
 VERSION_PATTERN = '^{service}/v\\d+\\.\\d+\\.\\d+(-rc\\.\\d+)?$'
 GIT_TAG_COMMAND = 'git tag -a {tag} -m "{message}"'
--- a/proxyd/Dockerfile
+++ b/proxyd/Dockerfile
@ -6,7 +6,7 @@ ARG GITVERSION=docker

 RUN apk add make jq git gcc musl-dev linux-headers

-COPY ./proxyd /app
+COPY . /app

 WORKDIR /app

@ -16,7 +16,7 @@ FROM alpine:3.18

 RUN apk add bind-tools jq curl bash git redis

-COPY ./proxyd/entrypoint.sh /bin/entrypoint.sh
+COPY ./entrypoint.sh /bin/entrypoint.sh

 RUN apk update && \
    apk add ca-certificates && \
@ -24,9 +24,11 @@ RUN apk update && \

 EXPOSE 8080

-VOLUME /etc/proxyd
+# VOLUME /etc/proxyd
+
+ADD ./docker.toml /proxyd.toml

 COPY --from=builder /app/bin/proxyd /bin/proxyd

 ENTRYPOINT ["/bin/entrypoint.sh"]
-CMD ["/bin/proxyd", "/etc/proxyd/proxyd.toml"]
+CMD ["/bin/proxyd", "/proxyd.toml"]
--- a/proxyd/backend.go
+++ b/proxyd/backend.go
@ -17,7 +17,7 @@ import (
 	"sync"
 	"time"

-	sw "github.com/ethereum-optimism/optimism/proxyd/pkg/avg-sliding-window"
+	sw "github.com/ethereum-optimism/infra/proxyd/pkg/avg-sliding-window"
 	"github.com/ethereum/go-ethereum/common"
 	"github.com/ethereum/go-ethereum/log"
 	"github.com/ethereum/go-ethereum/rpc"
@ -56,7 +56,7 @@ var (
 	}
 	ErrNoBackends = &RPCErr{
 		Code:          JSONRPCErrorInternal - 11,
-		Message:       "no backends available for method",
+		Message:       "no backend is currently healthy to serve traffic",
 		HTTPErrorCode: 503,
 	}
 	ErrBackendOverCapacity = &RPCErr{
--- a/proxyd/cache.go
+++ b/proxyd/cache.go
@ -45,13 +45,14 @@ func (c *cache) Put(ctx context.Context, key string, value string) error {
 }

 type redisCache struct {
-	rdb    *redis.Client
-	prefix string
-	ttl    time.Duration
+	redisClient     *redis.Client
+	redisReadClient *redis.Client
+	prefix          string
+	ttl             time.Duration
 }

-func newRedisCache(rdb *redis.Client, prefix string, ttl time.Duration) *redisCache {
-	return &redisCache{rdb, prefix, ttl}
+func newRedisCache(redisClient *redis.Client, redisReadClient *redis.Client, prefix string, ttl time.Duration) *redisCache {
+	return &redisCache{redisClient, redisReadClient, prefix, ttl}
 }

 func (c *redisCache) namespaced(key string) string {
@ -63,7 +64,7 @@ func (c *redisCache) namespaced(key string) string {

 func (c *redisCache) Get(ctx context.Context, key string) (string, error) {
 	start := time.Now()
-	val, err := c.rdb.Get(ctx, c.namespaced(key)).Result()
+	val, err := c.redisReadClient.Get(ctx, c.namespaced(key)).Result()
 	redisCacheDurationSumm.WithLabelValues("GET").Observe(float64(time.Since(start).Milliseconds()))

 	if err == redis.Nil {
@ -77,7 +78,7 @@ func (c *redisCache) Get(ctx context.Context, key string) (string, error) {

 func (c *redisCache) Put(ctx context.Context, key string, value string) error {
 	start := time.Now()
-	err := c.rdb.SetEx(ctx, c.namespaced(key), value, c.ttl).Err()
+	err := c.redisClient.SetEx(ctx, c.namespaced(key), value, c.ttl).Err()
 	redisCacheDurationSumm.WithLabelValues("SETEX").Observe(float64(time.Since(start).Milliseconds()))

 	if err != nil {
--- a/proxyd/cmd/proxyd/main.go
+++ b/proxyd/cmd/proxyd/main.go
@ -16,7 +16,7 @@ import (

 	"github.com/ethereum/go-ethereum/log"

-	"github.com/ethereum-optimism/optimism/proxyd"
+	"github.com/ethereum-optimism/infra/proxyd"
 )

 var (
--- a/proxyd/config.go
+++ b/proxyd/config.go
@ -13,12 +13,16 @@ import (
 type ServerConfig struct {
 	RPCHost           string `toml:"rpc_host"`
 	RPCPort           int    `toml:"rpc_port"`
+	EnableWS          bool   `toml:"enable_ws"`
 	WSHost            string `toml:"ws_host"`
 	WSPort            int    `toml:"ws_port"`
 	MaxBodySizeBytes  int64  `toml:"max_body_size_bytes"`
 	MaxConcurrentRPCs int64  `toml:"max_concurrent_rpcs"`
 	LogLevel          string `toml:"log_level"`

+	// Allow direct client connection without x_forwarded_for header for local tests
+	AllowDirect       bool   `toml:"allow_direct"`
+
 	// TimeoutSeconds specifies the maximum time spent serving an HTTP request. Note that isn't used for websocket connections
 	TimeoutSeconds int `toml:"timeout_seconds"`

@ -39,6 +43,7 @@ type CacheConfig struct {
 type RedisConfig struct {
 	URL       string `toml:"url"`
 	Namespace string `toml:"namespace"`
+	ReadURL   string `toml:"read_url"`
 }

 type MetricsConfig struct {
--- a/proxyd/docker-compose.yml
+++ b/proxyd/docker-compose.yml
@ -0,0 +1,20 @@
+services:
+  redis:
+    container_name: redis
+    image: redis:6.2-alpine
+    restart: always
+    #networks:
+    #  - tornado_net
+    command: ["redis-server"]
+  proxyd:
+    container_name: proxyd
+    image: proxyd
+    restart: always
+    #networks:
+    #  - tornado_net
+    environment:
+      - REDIS_URL=redis://redis:6379
+      - RPC_URL=
+      - WS_URL=
+    ports:
+      - '127.0.0.1:8544:8544'
--- a/proxyd/docker.toml
+++ b/proxyd/docker.toml
@ -0,0 +1,171 @@
+ws_method_whitelist = [
+  "eth_subscribe",
+  "eth_unsubscribe",
+  "eth_blobBaseFee",
+  "eth_blockNumber",
+  "eth_call",
+  "eth_chainId",
+  "eth_estimateGas",
+  "eth_feeHistory",
+  "eth_gasPrice",
+  "eth_getAccount",
+  "eth_getBalance",
+  "eth_getBlockByHash",
+  "eth_getBlockByNumber",
+  "eth_getBlockReceipts",
+  "eth_getBlockTransactionCountByHash",
+  "eth_getBlockTransactionCountByNumber",
+  "eth_getCode",
+  "eth_getFilterChanges",
+  "eth_getFilterLogs",
+  "eth_getLogs",
+  "eth_getProof",
+  "eth_getStorageAt",
+  "eth_getTransactionByBlockHashAndIndex",
+  "eth_getTransactionByBlockNumberAndIndex",
+  "eth_getTransactionByHash",
+  "eth_getTransactionCount",
+  "eth_getTransactionReceipt",
+  "eth_getUncleCountByBlockHash",
+  "eth_getUncleCountByBlockNumber",
+  "eth_maxPriorityFeePerGas",
+  "eth_newBlockFilter",
+  "eth_newFilter",
+  "eth_newPendingTransactionFilter",
+  "eth_syncing",
+  "eth_uninstallFilter",
+  "eth_sendRawTransaction",
+  "net_version",
+  "web3_clientVersion",
+  "web3_sha3",
+  # tracers for archive nodes
+  "trace_block",
+  "trace_call",
+  "trace_callMany",
+  "trace_filter",
+  "trace_rawTransaction",
+  "trace_replayBlockTransactions",
+  "trace_replayTransaction",
+  "trace_transaction",
+  "debug_getBadBlocks",
+  "debug_storageRangeAt",
+  "debug_getTrieFlushInterval",
+  "debug_traceBlock",
+  "debug_traceBlockByHash",
+  "debug_traceBlockByNumber",
+  "debug_traceCall",
+  "debug_traceTransaction",
+]
+ws_backend_group = "main"
+
+[rpc_method_mappings]
+eth_blobBaseFee = "main"
+eth_blockNumber = "main"
+eth_call = "main"
+eth_chainId = "main"
+eth_estimateGas = "main"
+eth_feeHistory = "main"
+eth_gasPrice = "main"
+eth_getAccount = "main"
+eth_getBalance = "main"
+eth_getBlockByHash = "main"
+eth_getBlockByNumber = "main"
+eth_getBlockReceipts = "main"
+eth_getBlockTransactionCountByHash = "main"
+eth_getBlockTransactionCountByNumber = "main"
+eth_getCode = "main"
+eth_getFilterChanges = "main"
+eth_getFilterLogs = "main"
+eth_getLogs = "main"
+eth_getProof = "main"
+eth_getStorageAt = "main"
+eth_getTransactionByBlockHashAndIndex = "main"
+eth_getTransactionByBlockNumberAndIndex = "main"
+eth_getTransactionByHash = "main"
+eth_getTransactionCount = "main"
+eth_getTransactionReceipt = "main"
+eth_getUncleCountByBlockHash = "main"
+eth_getUncleCountByBlockNumber = "main"
+eth_maxPriorityFeePerGas = "main"
+eth_newBlockFilter = "main"
+eth_newFilter = "main"
+eth_newPendingTransactionFilter = "main"
+eth_syncing = "main"
+eth_uninstallFilter = "main"
+eth_sendRawTransaction = "main"
+net_version = "main"
+web3_clientVersion = "main"
+web3_sha3 = "main"
+trace_block = "main"
+trace_call = "main"
+trace_callMany = "main"
+trace_filter = "main"
+trace_rawTransaction = "main"
+trace_replayBlockTransactions = "main"
+trace_replayTransaction = "main"
+trace_transaction = "main"
+debug_getBadBlocks = "main"
+debug_storageRangeAt = "main"
+debug_getTrieFlushInterval = "main"
+debug_traceBlock = "main"
+debug_traceBlockByHash = "main"
+debug_traceBlockByNumber = "main"
+debug_traceCall = "main"
+debug_traceTransaction = "main"
+
+[server]
+rpc_host = "0.0.0.0"
+rpc_port = 8544
+enable_ws = true
+max_body_size_bytes = 10485760
+max_concurrent_rpcs = 1000
+log_level = "info"
+allow_direct = true
+
+[cache]
+enabled = true
+ttl = "14s"
+
+[redis]
+url = "$REDIS_URL"
+
+[metrics]
+enabled = true
+host = "0.0.0.0"
+port = 9761
+
+[rate_limit]
+use_redis = true
+base_rate = 2000
+base_interval = "60s"
+
+[backend]
+response_timeout_seconds = 120
+max_response_size_bytes = 5242880
+max_retries = 3
+out_of_service_seconds = 600
+max_latency_threshold = "30s"
+max_degraded_latency_threshold = "10s"
+max_error_rate_threshold = 0.3
+
+[backends]
+[backends.main]
+rpc_url = "$RPC_URL"
+ws_url = "$WS_URL"
+max_rps = 100
+max_ws_conns = 100
+consensus_skip_peer_count = true
+consensus_receipts_target = "eth_getBlockReceipts"
+
+[backend_groups]
+[backend_groups.main]
+backends = ["main"]
+consensus_aware = false
+# consensus_aware = true
+consensus_ban_period = "1m"
+consensus_max_update_threshold = "20s"
+consensus_max_block_lag = 16
+# Maximum block range (for eth_getLogs method), no default
+# consensus_max_block_range = 20000
+# Minimum peer count, default 3
+# consensus_min_peer_count = 4
--- a/proxyd/go.mod
+++ b/proxyd/go.mod
@ -1,4 +1,4 @@
-module github.com/ethereum-optimism/optimism/proxyd
+module github.com/ethereum-optimism/infra/proxyd

 go 1.21

@ -15,7 +15,7 @@ require (
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.17.0
 	github.com/redis/go-redis/v9 v9.2.1
-	github.com/rs/cors v1.10.1
+	github.com/rs/cors v1.11.0
 	github.com/stretchr/testify v1.8.4
 	github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7
 	github.com/xaionaro-go/weightedshuffle v0.0.0-20211213010739-6a74fbc7d24a
--- a/proxyd/go.sum
+++ b/proxyd/go.sum
@ -179,8 +179,8 @@ github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUc
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
 github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
-github.com/rs/cors v1.10.1 h1:L0uuZVXIKlI1SShY2nhFfo44TYvDPQ1w4oFkUJNfhyo=
-github.com/rs/cors v1.10.1/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
+github.com/rs/cors v1.11.0 h1:0B9GE/r9Bc2UxRMMtymBkHTenPkHDv0CW4Y98GBY+po=
+github.com/rs/cors v1.11.0/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
 github.com/shirou/gopsutil v3.21.11+incompatible h1:+1+c1VGhc88SSonWP6foOcLhvnKlUeu/erjjvaPEYiI=
 github.com/shirou/gopsutil v3.21.11+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
--- a/proxyd/integration_tests/batch_timeout_test.go
+++ b/proxyd/integration_tests/batch_timeout_test.go
@ -6,7 +6,7 @@ import (
 	"testing"
 	"time"

-	"github.com/ethereum-optimism/optimism/proxyd"
+	"github.com/ethereum-optimism/infra/proxyd"
 	"github.com/stretchr/testify/require"
 )

--- a/proxyd/integration_tests/batching_test.go
+++ b/proxyd/integration_tests/batching_test.go
@ -5,7 +5,7 @@ import (
 	"os"
 	"testing"

-	"github.com/ethereum-optimism/optimism/proxyd"
+	"github.com/ethereum-optimism/infra/proxyd"
 	"github.com/stretchr/testify/require"
 )

@ -66,8 +66,8 @@ func TestBatching(t *testing.T) {
 				NewRPCReq("2", "eth_chainId", nil),
 			},
 			expectedRes: asArray(
-				`{"error":{"code":-32011,"message":"no backends available for method"},"id":1,"jsonrpc":"2.0"}`,
-				`{"error":{"code":-32011,"message":"no backends available for method"},"id":2,"jsonrpc":"2.0"}`,
+				`{"error":{"code":-32011,"message":"no backend is currently healthy to serve traffic"},"id":1,"jsonrpc":"2.0"}`,
+				`{"error":{"code":-32011,"message":"no backend is currently healthy to serve traffic"},"id":2,"jsonrpc":"2.0"}`,
 			),
 			maxUpstreamBatchSize: 10,
 			numExpectedForwards:  1,
@ -80,8 +80,8 @@ func TestBatching(t *testing.T) {
 				NewRPCReq("2", "eth_chainId", nil),
 			},
 			expectedRes: asArray(
-				`{"error":{"code":-32011,"message":"no backends available for method"},"id":1,"jsonrpc":"2.0"}`,
-				`{"error":{"code":-32011,"message":"no backends available for method"},"id":2,"jsonrpc":"2.0"}`,
+				`{"error":{"code":-32011,"message":"no backend is currently healthy to serve traffic"},"id":1,"jsonrpc":"2.0"}`,
+				`{"error":{"code":-32011,"message":"no backend is currently healthy to serve traffic"},"id":2,"jsonrpc":"2.0"}`,
 			),
 			maxUpstreamBatchSize: 1,
 			numExpectedForwards:  2,
--- a/proxyd/integration_tests/block_height_zero_and_network_errors_test.go
+++ b/proxyd/integration_tests/block_height_zero_and_network_errors_test.go
@ -9,9 +9,9 @@ import (

 	"time"

-	"github.com/ethereum-optimism/optimism/proxyd"
-	sw "github.com/ethereum-optimism/optimism/proxyd/pkg/avg-sliding-window"
-	ms "github.com/ethereum-optimism/optimism/proxyd/tools/mockserver/handler"
+	"github.com/ethereum-optimism/infra/proxyd"
+	sw "github.com/ethereum-optimism/infra/proxyd/pkg/avg-sliding-window"
+	ms "github.com/ethereum-optimism/infra/proxyd/tools/mockserver/handler"
 	"github.com/ethereum/go-ethereum/common/hexutil"
 	"github.com/stretchr/testify/require"
 )
--- a/proxyd/integration_tests/caching_test.go
+++ b/proxyd/integration_tests/caching_test.go
@ -8,7 +8,7 @@ import (
 	"time"

 	"github.com/alicebob/miniredis"
-	"github.com/ethereum-optimism/optimism/proxyd"
+	"github.com/ethereum-optimism/infra/proxyd"
 	"github.com/stretchr/testify/require"
 )

@ -264,6 +264,63 @@ func TestBatchCaching(t *testing.T) {
 	require.Equal(t, 1, countRequests(backend, "eth_call"))
 }

+func TestCachingWithReadReplica(t *testing.T) {
+	primary, err := miniredis.Run()
+	require.NoError(t, err)
+	defer primary.Close()
+
+	replica, err := miniredis.Run()
+	require.NoError(t, err)
+	defer replica.Close()
+
+	hdlr := NewBatchRPCResponseRouter()
+	hdlr.SetRoute("eth_getBlockByHash", "999", "eth_getBlockByHash")
+
+	backend := NewMockBackend(hdlr)
+	defer backend.Close()
+
+	require.NoError(t, os.Setenv("GOOD_BACKEND_RPC_URL", backend.URL()))
+	require.NoError(t, os.Setenv("REDIS_URL", fmt.Sprintf("redis://%s", primary.Addr())))
+	require.NoError(t, os.Setenv("REDIS_READ_URL", fmt.Sprintf("redis://%s", replica.Addr())))
+
+	config := ReadConfig("caching_replica")
+	client := NewProxydClient("http://127.0.0.1:8545")
+	_, shutdown, err := proxyd.Start(config)
+	require.NoError(t, err)
+	defer shutdown()
+
+	// allow time for the block number fetcher to fire
+	time.Sleep(1500 * time.Millisecond)
+
+	params := []interface{}{"0xc6ef2fc5426d6ad6fd9e2a26abeab0aa2411b7ab17f30a99d3cb96aed1d1055b", "false"}
+	response := "{\"jsonrpc\": \"2.0\", \"result\": \"eth_getBlockByHash\", \"id\": 999}"
+	resRaw, _, err := client.SendRPC("eth_getBlockByHash", params)
+	require.NoError(t, err)
+
+	// because the cache is not replicated to the replica, count request must be increased
+	resCache, _, err := client.SendRPC("eth_getBlockByHash", params)
+	require.NoError(t, err)
+	RequireEqualJSON(t, []byte(response), resCache)
+	RequireEqualJSON(t, resRaw, resCache)
+	require.Equal(t, 2, countRequests(backend, "eth_getBlockByHash"))
+
+	// replicate cache data
+	for _, key := range primary.Keys() {
+		value, err := primary.Get(key)
+		require.NoError(t, err)
+
+		err = replica.Set(key, value)
+		require.NoError(t, err)
+	}
+
+	// now cache hit. count request must be same
+	resCache, _, err = client.SendRPC("eth_getBlockByHash", params)
+	require.NoError(t, err)
+	RequireEqualJSON(t, []byte(response), resCache)
+	RequireEqualJSON(t, resRaw, resCache)
+	require.Equal(t, 2, countRequests(backend, "eth_getBlockByHash"))
+}
+
 func countRequests(backend *MockBackend, name string) int {
 	var count int
 	for _, req := range backend.Requests() {
--- a/proxyd/integration_tests/consensus_test.go
+++ b/proxyd/integration_tests/consensus_test.go
@ -12,8 +12,8 @@ import (

 	"github.com/ethereum/go-ethereum/common/hexutil"

-	"github.com/ethereum-optimism/optimism/proxyd"
-	ms "github.com/ethereum-optimism/optimism/proxyd/tools/mockserver/handler"
+	"github.com/ethereum-optimism/infra/proxyd"
+	ms "github.com/ethereum-optimism/infra/proxyd/tools/mockserver/handler"
 	"github.com/stretchr/testify/require"
 )

--- a/proxyd/integration_tests/failover_test.go
+++ b/proxyd/integration_tests/failover_test.go
@ -9,13 +9,13 @@ import (
 	"time"

 	"github.com/alicebob/miniredis"
-	"github.com/ethereum-optimism/optimism/proxyd"
+	"github.com/ethereum-optimism/infra/proxyd"
 	"github.com/stretchr/testify/require"
 )

 const (
 	goodResponse       = `{"jsonrpc": "2.0", "result": "hello", "id": 999}`
-	noBackendsResponse = `{"error":{"code":-32011,"message":"no backends available for method"},"id":999,"jsonrpc":"2.0"}`
+	noBackendsResponse = `{"error":{"code":-32011,"message":"no backend is currently healthy to serve traffic"},"id":999,"jsonrpc":"2.0"}`
 	unexpectedResponse = `{"error":{"code":-32011,"message":"some error"},"id":999,"jsonrpc":"2.0"}`
 )

@ -110,7 +110,7 @@ func TestFailover(t *testing.T) {
 		}))
 		res, statusCode, _ := client.SendRPC("eth_chainId", nil)
 		require.Equal(t, 503, statusCode)
-		RequireEqualJSON(t, []byte(noBackendsResponse), res) // return no backend available since both failed
+		RequireEqualJSON(t, []byte(noBackendsResponse), res) // return currently not healthy since both failed
 		require.Equal(t, 1, len(goodBackend.Requests()))
 		require.Equal(t, 1, len(badBackend.Requests())) // bad backend is still called
 		goodBackend.Reset()
--- a/proxyd/integration_tests/fallback_test.go
+++ b/proxyd/integration_tests/fallback_test.go
@ -11,8 +11,8 @@ import (

 	"github.com/ethereum/go-ethereum/common/hexutil"

-	"github.com/ethereum-optimism/optimism/proxyd"
-	ms "github.com/ethereum-optimism/optimism/proxyd/tools/mockserver/handler"
+	"github.com/ethereum-optimism/infra/proxyd"
+	ms "github.com/ethereum-optimism/infra/proxyd/tools/mockserver/handler"
 	"github.com/stretchr/testify/require"
 )

--- a/proxyd/integration_tests/max_rpc_conns_test.go
+++ b/proxyd/integration_tests/max_rpc_conns_test.go
@ -8,7 +8,7 @@ import (
 	"testing"
 	"time"

-	"github.com/ethereum-optimism/optimism/proxyd"
+	"github.com/ethereum-optimism/infra/proxyd"
 	"github.com/stretchr/testify/require"
 )

--- a/proxyd/integration_tests/mock_backend_test.go
+++ b/proxyd/integration_tests/mock_backend_test.go
@ -10,7 +10,7 @@ import (
 	"strings"
 	"sync"

-	"github.com/ethereum-optimism/optimism/proxyd"
+	"github.com/ethereum-optimism/infra/proxyd"
 	"github.com/gorilla/websocket"
 )

--- a/proxyd/integration_tests/multicall_test.go
+++ b/proxyd/integration_tests/multicall_test.go
@ -3,7 +3,6 @@ package integration_tests
 import (
 	"bytes"
 	"encoding/json"
-	"fmt"
 	"net/http"
 	"net/http/httptest"
 	"os"
@ -12,8 +11,8 @@ import (
 	"testing"
 	"time"

-	"github.com/ethereum-optimism/optimism/proxyd"
-	ms "github.com/ethereum-optimism/optimism/proxyd/tools/mockserver/handler"
+	"github.com/ethereum-optimism/infra/proxyd"
+	ms "github.com/ethereum-optimism/infra/proxyd/tools/mockserver/handler"
 	"github.com/stretchr/testify/require"
 )

@ -58,7 +57,6 @@ func setupMulticall(t *testing.T) (map[string]nodeContext, *proxyd.BackendGroup,

 	// setup proxyd
 	config := ReadConfig("multicall")
-	fmt.Printf("[SetupMulticall] Using Timeout of %d \n", config.Server.TimeoutSeconds)
 	svr, shutdown, err := proxyd.Start(config)
 	require.NoError(t, err)

@ -93,6 +91,7 @@ func setupMulticall(t *testing.T) (map[string]nodeContext, *proxyd.BackendGroup,

 	handlers := []*ms.MockedHandler{&h1, &h2, &h3}

+	// Default Handler configurations
 	nodes["node1"].mockBackend.SetHandler(SingleResponseHandler(200, txAccepted))
 	nodes["node2"].mockBackend.SetHandler(http.HandlerFunc(handlers[1].Handler))
 	//Node 3 has no handler empty handler never respondes should always context timeout
@ -194,16 +193,30 @@ func TestMulticall(t *testing.T) {
 		defer nodes["node3"].mockBackend.Close()
 		defer shutdown()

-		nodes["node1"].mockBackend.SetHandler(SingleResponseHandlerWithSleep(200, txAccepted, 3*time.Second))
-		nodes["node2"].mockBackend.SetHandler(SingleResponseHandler(200, txAccepted))
+		triggerBackend1 := make(chan struct{})
+		triggerBackend2 := make(chan struct{})
+		triggerBackend3 := make(chan struct{})
+
+		nodes["node1"].mockBackend.SetHandler(TriggerResponseHandler(200, txAccepted, triggerBackend1))
+		nodes["node2"].mockBackend.SetHandler(TriggerResponseHandler(200, txAccepted, triggerBackend2))
+		nodes["node3"].mockBackend.SetHandler(TriggerResponseHandler(200, txAccepted, triggerBackend3))

 		localSvr := setServerBackend(svr, nodes)
-
 		body := makeSendRawTransaction(txHex1)
 		req, _ := http.NewRequest("POST", "https://1.1.1.1:8080", bytes.NewReader(body))
 		req.Header.Set("X-Forwarded-For", "203.0.113.1")
 		rr := httptest.NewRecorder()

+		var wg sync.WaitGroup
+		wg.Add(1)
+		go func() {
+			triggerBackend2 <- struct{}{}
+			time.Sleep(2 * time.Second)
+			triggerBackend1 <- struct{}{}
+			triggerBackend3 <- struct{}{}
+			wg.Done()
+		}()
+
 		localSvr.HandleRPC(rr, req)

 		resp := rr.Result()
@ -219,6 +232,7 @@ func TestMulticall(t *testing.T) {
 		require.Equal(t, resp.Header["X-Served-By"], []string{"node/node2"})
 		require.False(t, rpcRes.IsError())

+		wg.Wait()
 		require.Equal(t, 1, nodeBackendRequestCount(nodes, "node1"))
 		require.Equal(t, 1, nodeBackendRequestCount(nodes, "node2"))
 		require.Equal(t, 1, nodeBackendRequestCount(nodes, "node3"))
@ -232,21 +246,13 @@ func TestMulticall(t *testing.T) {

 		defer shutdown()

-		shutdownChan1 := make(chan struct{})
-		shutdownChan2 := make(chan struct{})
+		triggerBackend1 := make(chan struct{})
+		triggerBackend2 := make(chan struct{})

-		nodes["node1"].mockBackend.SetHandler(SingleResponseHandlerWithSleepShutdown(200, nonceErrorResponse, shutdownChan1, 4*time.Second))
-		nodes["node2"].mockBackend.SetHandler(SingleResponseHandlerWithSleepShutdown(200, nonceErrorResponse, shutdownChan2, 1*time.Second))
+		nodes["node1"].mockBackend.SetHandler(TriggerResponseHandler(200, nonceErrorResponse, triggerBackend1))
+		nodes["node2"].mockBackend.SetHandler(TriggerResponseHandler(200, nonceErrorResponse, triggerBackend2))
 		nodes["node3"].mockBackend.SetHandler(SingleResponseHandler(403, dummyRes))

-		var wg sync.WaitGroup
-		wg.Add(1)
-		go func() {
-			shutdownChan2 <- struct{}{}
-			shutdownChan1 <- struct{}{}
-			wg.Done()
-		}()
-
 		localSvr := setServerBackend(svr, nodes)

 		body := makeSendRawTransaction(txHex1)
@ -254,6 +260,15 @@ func TestMulticall(t *testing.T) {
 		req.Header.Set("X-Forwarded-For", "203.0.113.1")
 		rr := httptest.NewRecorder()

+		var wg sync.WaitGroup
+		wg.Add(1)
+		go func() {
+			triggerBackend2 <- struct{}{}
+			time.Sleep(3 * time.Second)
+			triggerBackend1 <- struct{}{}
+			wg.Done()
+		}()
+
 		localSvr.HandleRPC(rr, req)

 		resp := rr.Result()
@ -281,8 +296,10 @@ func TestMulticall(t *testing.T) {
 		defer nodes["node3"].mockBackend.Close()
 		defer shutdown()

+		triggerBackend1 := make(chan struct{})
+
 		// We should ignore node2 first response cause 429, and return node 1 because 200
-		nodes["node1"].mockBackend.SetHandler(SingleResponseHandlerWithSleep(200, txAccepted, 3*time.Second))
+		nodes["node1"].mockBackend.SetHandler(TriggerResponseHandler(200, txAccepted, triggerBackend1))
 		nodes["node2"].mockBackend.SetHandler(SingleResponseHandler(429, txAccepted))

 		localSvr := setServerBackend(svr, nodes)
@ -292,6 +309,14 @@ func TestMulticall(t *testing.T) {
 		req.Header.Set("X-Forwarded-For", "203.0.113.1")
 		rr := httptest.NewRecorder()

+		var wg sync.WaitGroup
+		wg.Add(1)
+		go func() {
+			time.Sleep(2 * time.Second)
+			triggerBackend1 <- struct{}{}
+			wg.Done()
+		}()
+
 		localSvr.HandleRPC(rr, req)

 		resp := rr.Result()
@ -305,6 +330,7 @@ func TestMulticall(t *testing.T) {
 		require.Equal(t, "2.0", rpcRes.JSONRPC)

 		require.Equal(t, resp.Header["X-Served-By"], []string{"node/node1"})
+		wg.Wait()
 		require.Equal(t, 1, nodeBackendRequestCount(nodes, "node1"))
 		require.Equal(t, 1, nodeBackendRequestCount(nodes, "node2"))
 		require.Equal(t, 1, nodeBackendRequestCount(nodes, "node3"))
@ -317,9 +343,9 @@ func TestMulticall(t *testing.T) {
 		defer nodes["node3"].mockBackend.Close()
 		defer shutdown()

-		shutdownChan := make(chan struct{})
+		triggerBackend := make(chan struct{})
 		nodes["node1"].mockBackend.SetHandler(SingleResponseHandler(200, dummyRes))
-		nodes["node2"].mockBackend.SetHandler(SingleResponseHandlerWithSleepShutdown(200, dummyRes, shutdownChan, 7*time.Second))
+		nodes["node2"].mockBackend.SetHandler(TriggerResponseHandler(200, dummyRes, triggerBackend))

 		localSvr := setServerBackend(svr, nodes)

@ -329,8 +355,14 @@ func TestMulticall(t *testing.T) {
 		rr := httptest.NewRecorder()

 		localSvr.HandleRPC(rr, req)
+		var wg sync.WaitGroup
+		wg.Add(1)
+		go func() {
+			time.Sleep(7 * time.Second)
+			triggerBackend <- struct{}{}
+			wg.Done()
+		}()
 		resp := rr.Result()
-		shutdownChan <- struct{}{}
 		defer resp.Body.Close()

 		require.NotNil(t, resp.Body)
@ -342,6 +374,7 @@ func TestMulticall(t *testing.T) {
 		require.NoError(t, json.NewDecoder(resp.Body).Decode(rpcRes))
 		require.False(t, rpcRes.IsError())

+		wg.Wait()
 		require.Equal(t, 1, nodeBackendRequestCount(nodes, "node1"))
 		require.Equal(t, 1, nodeBackendRequestCount(nodes, "node2"))
 		require.Equal(t, 1, nodeBackendRequestCount(nodes, "node3"))
@ -355,10 +388,10 @@ func TestMulticall(t *testing.T) {
 		defer nodes["node3"].mockBackend.Close()
 		defer shutdown()

-		shutdownChan1 := make(chan struct{})
-		shutdownChan2 := make(chan struct{})
-		nodes["node1"].mockBackend.SetHandler(SingleResponseHandlerWithSleepShutdown(200, dummyRes, shutdownChan1, 7*time.Second))
-		nodes["node2"].mockBackend.SetHandler(SingleResponseHandlerWithSleepShutdown(200, dummyRes, shutdownChan2, 7*time.Second))
+		triggerBackend1 := make(chan struct{})
+		triggerBackend2 := make(chan struct{})
+		nodes["node1"].mockBackend.SetHandler(TriggerResponseHandler(200, dummyRes, triggerBackend1))
+		nodes["node2"].mockBackend.SetHandler(TriggerResponseHandler(200, dummyRes, triggerBackend2))

 		localSvr := setServerBackend(svr, nodes)

@ -370,12 +403,12 @@ func TestMulticall(t *testing.T) {
 		var wg sync.WaitGroup
 		wg.Add(1)
 		go func() {
-			shutdownChan1 <- struct{}{}
-			shutdownChan2 <- struct{}{}
+			time.Sleep(7 * time.Second)
+			triggerBackend1 <- struct{}{}
+			triggerBackend2 <- struct{}{}
 			wg.Done()
 		}()

-		fmt.Println("sending request")
 		localSvr.HandleRPC(rr, req)

 		resp := rr.Result()
@ -388,7 +421,6 @@ func TestMulticall(t *testing.T) {
 		require.True(t, rpcRes.IsError())
 		require.Equal(t, rpcRes.Error.Code, proxyd.ErrNoBackends.Code)

-		// Wait for test response to complete before checking query count
 		wg.Wait()
 		require.Equal(t, 1, nodeBackendRequestCount(nodes, "node1"))
 		require.Equal(t, 1, nodeBackendRequestCount(nodes, "node2"))
@ -403,24 +435,24 @@ func TestMulticall(t *testing.T) {
 		defer shutdown()

 		for i := 1; i < 4; i++ {
-			shutdownChan1 := make(chan struct{})
-			shutdownChan2 := make(chan struct{})
-			shutdownChan3 := make(chan struct{})
+			triggerBackend1 := make(chan struct{})
+			triggerBackend2 := make(chan struct{})
+			triggerBackend3 := make(chan struct{})

 			switch {
 			case i == 1:
-				nodes["node1"].mockBackend.SetHandler(SingleResponseHandlerWithSleepShutdown(200, txAccepted, shutdownChan1, 1*time.Second))
-				nodes["node2"].mockBackend.SetHandler(SingleResponseHandlerWithSleepShutdown(429, dummyRes, shutdownChan2, 1*time.Second))
-				nodes["node3"].mockBackend.SetHandler(SingleResponseHandlerWithSleepShutdown(503, dummyRes, shutdownChan3, 1*time.Second))
+				nodes["node1"].mockBackend.SetHandler(TriggerResponseHandler(200, txAccepted, triggerBackend1))
+				nodes["node2"].mockBackend.SetHandler(TriggerResponseHandler(429, dummyRes, triggerBackend2))
+				nodes["node3"].mockBackend.SetHandler(TriggerResponseHandler(503, dummyRes, triggerBackend3))
 			case i == 2:
-				nodes["node1"].mockBackend.SetHandler(SingleResponseHandlerWithSleepShutdown(404, dummyRes, shutdownChan1, 1*time.Second))
-				nodes["node2"].mockBackend.SetHandler(SingleResponseHandlerWithSleepShutdown(200, nonceErrorResponse, shutdownChan2, 1*time.Second))
-				nodes["node3"].mockBackend.SetHandler(SingleResponseHandlerWithSleepShutdown(405, dummyRes, shutdownChan3, 1*time.Second))
+				nodes["node1"].mockBackend.SetHandler(TriggerResponseHandler(404, dummyRes, triggerBackend1))
+				nodes["node2"].mockBackend.SetHandler(TriggerResponseHandler(200, nonceErrorResponse, triggerBackend2))
+				nodes["node3"].mockBackend.SetHandler(TriggerResponseHandler(405, dummyRes, triggerBackend3))
 			case i == 3:
 				// Return the quickest response
-				nodes["node1"].mockBackend.SetHandler(SingleResponseHandlerWithSleepShutdown(404, dummyRes, shutdownChan1, 1*time.Second))
-				nodes["node2"].mockBackend.SetHandler(SingleResponseHandlerWithSleepShutdown(500, dummyRes, shutdownChan2, 1*time.Second))
-				nodes["node3"].mockBackend.SetHandler(SingleResponseHandlerWithSleepShutdown(200, nonceErrorResponse, shutdownChan3, 1*time.Second))
+				nodes["node1"].mockBackend.SetHandler(TriggerResponseHandler(404, dummyRes, triggerBackend1))
+				nodes["node2"].mockBackend.SetHandler(TriggerResponseHandler(500, dummyRes, triggerBackend2))
+				nodes["node3"].mockBackend.SetHandler(TriggerResponseHandler(200, nonceErrorResponse, triggerBackend3))
 			}

 			localSvr := setServerBackend(svr, nodes)
@ -433,9 +465,9 @@ func TestMulticall(t *testing.T) {
 			var wg sync.WaitGroup
 			wg.Add(1)
 			go func() {
-				shutdownChan1 <- struct{}{}
-				shutdownChan2 <- struct{}{}
-				shutdownChan3 <- struct{}{}
+				triggerBackend1 <- struct{}{}
+				triggerBackend2 <- struct{}{}
+				triggerBackend3 <- struct{}{}
 				wg.Done()
 			}()

@ -475,25 +507,13 @@ func TestMulticall(t *testing.T) {
 			require.Equal(t, i, nodeBackendRequestCount(nodes, "node3"))
 		}
 	})
-
 }

-func SingleResponseHandlerWithSleep(code int, response string, duration time.Duration) http.HandlerFunc {
+// TriggerResponseHandler uses a channel to control when a backend returns
+// test cases can add an element to the triggerResponse channel to control the when a specific backend returns
+func TriggerResponseHandler(code int, response string, triggerResponse chan struct{}) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		fmt.Println("sleeping")
-		time.Sleep(duration)
-		fmt.Println("Shutting down Single Response Handler")
-		w.WriteHeader(code)
-		_, _ = w.Write([]byte(response))
-	}
-}
-
-func SingleResponseHandlerWithSleepShutdown(code int, response string, shutdownServer chan struct{}, duration time.Duration) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		fmt.Println("sleeping")
-		time.Sleep(duration)
-		<-shutdownServer
-		fmt.Println("Shutting down Single Response Handler")
+		<-triggerResponse
 		w.WriteHeader(code)
 		_, _ = w.Write([]byte(response))
 	}
--- a/proxyd/integration_tests/rate_limit_test.go
+++ b/proxyd/integration_tests/rate_limit_test.go
@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/ethereum-optimism/optimism/proxyd"
+	"github.com/ethereum-optimism/infra/proxyd"
 	"github.com/stretchr/testify/require"
 )

--- a/proxyd/integration_tests/sender_rate_limit_test.go
+++ b/proxyd/integration_tests/sender_rate_limit_test.go
@ -9,7 +9,7 @@ import (
 	"testing"
 	"time"

-	"github.com/ethereum-optimism/optimism/proxyd"
+	"github.com/ethereum-optimism/infra/proxyd"
 	"github.com/stretchr/testify/require"
 )

--- a/proxyd/integration_tests/smoke_test.go
+++ b/proxyd/integration_tests/smoke_test.go
@ -7,7 +7,7 @@ import (
 	"strings"
 	"testing"

-	"github.com/ethereum-optimism/optimism/proxyd"
+	"github.com/ethereum-optimism/infra/proxyd"
 	"github.com/ethereum/go-ethereum/log"
 	"github.com/stretchr/testify/require"
 )
--- a/proxyd/integration_tests/testdata/caching_replica.toml
+++ b/proxyd/integration_tests/testdata/caching_replica.toml
@ -0,0 +1,37 @@
+[server]
+rpc_port = 8545
+
+[backend]
+response_timeout_seconds = 1
+
+[redis]
+url = "$REDIS_URL"
+read_url = "$REDIS_READ_URL"
+namespace = "proxyd"
+
+[cache]
+enabled = true
+
+[backends]
+[backends.good]
+rpc_url = "$GOOD_BACKEND_RPC_URL"
+ws_url = "$GOOD_BACKEND_RPC_URL"
+
+[backend_groups]
+[backend_groups.main]
+backends = ["good"]
+
+[rpc_method_mappings]
+eth_chainId = "main"
+net_version = "main"
+eth_getBlockByNumber = "main"
+eth_blockNumber = "main"
+eth_call = "main"
+eth_getBlockTransactionCountByHash = "main"
+eth_getUncleCountByBlockHash = "main"
+eth_getBlockByHash = "main"
+eth_getTransactionByHash = "main"
+eth_getTransactionByBlockHashAndIndex = "main"
+eth_getUncleByBlockHashAndIndex = "main"
+eth_getTransactionReceipt = "main"
+debug_getRawReceipts = "main"
--- a/proxyd/integration_tests/util_test.go
+++ b/proxyd/integration_tests/util_test.go
@ -17,7 +17,7 @@ import (

 	"github.com/ethereum/go-ethereum/log"

-	"github.com/ethereum-optimism/optimism/proxyd"
+	"github.com/ethereum-optimism/infra/proxyd"
 )

 type ProxydHTTPClient struct {
--- a/proxyd/integration_tests/validation_test.go
+++ b/proxyd/integration_tests/validation_test.go
@ -6,7 +6,7 @@ import (
 	"strings"
 	"testing"

-	"github.com/ethereum-optimism/optimism/proxyd"
+	"github.com/ethereum-optimism/infra/proxyd"
 	"github.com/stretchr/testify/require"
 )

--- a/proxyd/integration_tests/ws_test.go
+++ b/proxyd/integration_tests/ws_test.go
@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/ethereum-optimism/optimism/proxyd"
+	"github.com/ethereum-optimism/infra/proxyd"
 	"github.com/gorilla/websocket"
 	"github.com/stretchr/testify/require"
 )
--- a/proxyd/proxyd.go
+++ b/proxyd/proxyd.go
@ -39,6 +39,7 @@ func Start(config *Config) (*Server, func(), error) {
 		}
 	}

+	// redis primary client
 	var redisClient *redis.Client
 	if config.Redis.URL != "" {
 		rURL, err := ReadFromEnvOrConfig(config.Redis.URL)
@ -51,6 +52,23 @@ func Start(config *Config) (*Server, func(), error) {
 		}
 	}

+	// redis read replica client
+	// if read endpoint is not set, use primary endpoint
+	var redisReadClient = redisClient
+	if config.Redis.ReadURL != "" {
+		if redisClient == nil {
+			return nil, nil, errors.New("must specify a Redis primary URL. only read endpoint is set")
+		}
+		rURL, err := ReadFromEnvOrConfig(config.Redis.ReadURL)
+		if err != nil {
+			return nil, nil, err
+		}
+		redisReadClient, err = NewRedisClient(rURL)
+		if err != nil {
+			return nil, nil, err
+		}
+	}
+
 	if redisClient == nil && config.RateLimit.UseRedis {
 		return nil, nil, errors.New("must specify a Redis URL if UseRedis is true in rate limit config")
 	}
@ -276,7 +294,7 @@ func Start(config *Config) (*Server, func(), error) {
 			if config.Cache.TTL != 0 {
 				ttl = time.Duration(config.Cache.TTL)
 			}
-			cache = newRedisCache(redisClient, config.Redis.Namespace, ttl)
+			cache = newRedisCache(redisClient, redisReadClient, config.Redis.Namespace, ttl)
 		}
 		rpcCache = newRPCCache(newCacheWithCompression(cache))
 	}
@ -328,7 +346,7 @@ func Start(config *Config) (*Server, func(), error) {

 	if config.Server.RPCPort != 0 {
 		go func() {
-			if err := srv.RPCListenAndServe(config.Server.RPCHost, config.Server.RPCPort); err != nil {
+			if err := srv.RPCListenAndServe(config.Server); err != nil {
 				if errors.Is(err, http.ErrServerClosed) {
 					log.Info("RPC server shut down")
 					return
@ -348,7 +366,7 @@ func Start(config *Config) (*Server, func(), error) {
 				log.Crit("error starting WS server", "err", err)
 			}
 		}()
-	} else {
+	} else if !config.Server.EnableWS {
 		log.Info("WS server not enabled (ws_port is set to 0)")
 	}

--- a/proxyd/rewriter.go
+++ b/proxyd/rewriter.go
@ -64,7 +64,9 @@ func RewriteRequest(rctx RewriteContext, req *RPCReq, res *RPCRes) (RewriteResul
 	switch req.Method {
 	case "eth_getLogs",
 		"eth_newFilter":
-		return rewriteRange(rctx, req, res, 0)
+		// return rewriteRange(rctx, req, res, 0)
+		// Tornado: disable range check unti the UI is fixed
+		return RewriteNone, nil
 	case "debug_getRawReceipts", "consensus_getReceipts":
 		return rewriteParam(rctx, req, res, 0, true, false)
 	case "eth_getBalance",
@ -307,4 +309,4 @@ func rewriteTagBlockNumberOrHash(rctx RewriteContext, current *rpc.BlockNumberOr
 	}

 	return current, false, nil
-}
+}
--- a/proxyd/server.go
+++ b/proxyd/server.go
@ -200,12 +200,23 @@ func NewServer(
 	}, nil
 }

-func (s *Server) RPCListenAndServe(host string, port int) error {
+func (s *Server) RPCListenAndServe(serverConfig ServerConfig) error {
+	host := serverConfig.RPCHost
+	port := serverConfig.RPCPort
+	enableWS := serverConfig.EnableWS
+
+	var handleRpc ReqHandle = s.GetRPCHandle(serverConfig)
+
 	s.srvMu.Lock()
 	hdlr := mux.NewRouter()
 	hdlr.HandleFunc("/healthz", s.HandleHealthz).Methods("GET")
-	hdlr.HandleFunc("/", s.HandleRPC).Methods("POST")
-	hdlr.HandleFunc("/{authorization}", s.HandleRPC).Methods("POST")
+	hdlr.HandleFunc("/", handleRpc).Methods("POST")
+	hdlr.HandleFunc("/{authorization}", handleRpc).Methods("POST")
+	if enableWS {
+		var handleWS ReqHandle = s.GetWSHandle(true)
+		hdlr.HandleFunc("/", handleWS)
+		hdlr.HandleFunc("/{authorization}", handleWS)
+	}
 	c := cors.New(cors.Options{
 		AllowedOrigins: []string{"*"},
 	})
@ -215,15 +226,20 @@ func (s *Server) RPCListenAndServe(host string, port int) error {
 		Addr:    addr,
 	}
 	log.Info("starting HTTP server", "addr", addr)
+	if enableWS {
+		log.Info("starting WS server", "addr", addr)
+	}
 	s.srvMu.Unlock()
 	return s.rpcServer.ListenAndServe()
 }

 func (s *Server) WSListenAndServe(host string, port int) error {
 	s.srvMu.Lock()
+	var handleWS ReqHandle = s.GetWSHandle(false)
+
 	hdlr := mux.NewRouter()
-	hdlr.HandleFunc("/", s.HandleWS)
-	hdlr.HandleFunc("/{authorization}", s.HandleWS)
+	hdlr.HandleFunc("/", handleWS)
+	hdlr.HandleFunc("/{authorization}", handleWS)
 	c := cors.New(cors.Options{
 		AllowedOrigins: []string{"*"},
 	})
@ -255,7 +271,15 @@ func (s *Server) HandleHealthz(w http.ResponseWriter, r *http.Request) {
 	_, _ = w.Write([]byte("OK"))
 }

-func (s *Server) HandleRPC(w http.ResponseWriter, r *http.Request) {
+type ReqHandle func(http.ResponseWriter, *http.Request)
+
+func (s *Server) GetRPCHandle(serverConfig ServerConfig) ReqHandle {
+	return func(w http.ResponseWriter, r *http.Request) {
+		s.HandleRPC(w, r, serverConfig)
+	}
+}
+
+func (s *Server) HandleRPC(w http.ResponseWriter, r *http.Request, serverConfig ServerConfig) {
 	ctx := s.populateContext(w, r)
 	if ctx == nil {
 		return
@ -272,8 +296,13 @@ func (s *Server) HandleRPC(w http.ResponseWriter, r *http.Request) {
 	isUnlimitedUserAgent := s.isUnlimitedUserAgent(userAgent)

 	if xff == "" {
-		writeRPCError(ctx, w, nil, ErrInvalidRequest("request does not include a remote IP"))
-		return
+		// Just use remote addr from socket when the request doesn't have x_forwarded_for header
+		if (serverConfig.AllowDirect) {
+			xff = r.RemoteAddr
+		} else {
+			writeRPCError(ctx, w, nil, ErrInvalidRequest("request does not include a remote IP"))
+			return
+		}
 	}

 	isLimited := func(method string) bool {
@ -354,7 +383,7 @@ func (s *Server) HandleRPC(w http.ResponseWriter, r *http.Request) {
 			return
 		}

-		batchRes, batchContainsCached, servedBy, err := s.handleBatchRPC(ctx, reqs, isLimited, true)
+		batchRes, batchContainsCached, servedBy, err := s.handleBatchRPC(xff, r, ctx, reqs, isLimited, true)
 		if err == context.DeadlineExceeded {
 			writeRPCError(ctx, w, nil, ErrGatewayTimeout)
 			return
@ -377,7 +406,7 @@ func (s *Server) HandleRPC(w http.ResponseWriter, r *http.Request) {
 	}

 	rawBody := json.RawMessage(body)
-	backendRes, cached, servedBy, err := s.handleBatchRPC(ctx, []json.RawMessage{rawBody}, isLimited, false)
+	backendRes, cached, servedBy, err := s.handleBatchRPC(xff, r, ctx, []json.RawMessage{rawBody}, isLimited, false)
 	if err != nil {
 		if errors.Is(err, ErrConsensusGetReceiptsCantBeBatched) ||
 			errors.Is(err, ErrConsensusGetReceiptsInvalidTarget) {
@ -394,7 +423,7 @@ func (s *Server) HandleRPC(w http.ResponseWriter, r *http.Request) {
 	writeRPCRes(ctx, w, backendRes[0])
 }

-func (s *Server) handleBatchRPC(ctx context.Context, reqs []json.RawMessage, isLimited limiterFunc, isBatch bool) ([]*RPCRes, bool, string, error) {
+func (s *Server) handleBatchRPC(xff string, r *http.Request, ctx context.Context, reqs []json.RawMessage, isLimited limiterFunc, isBatch bool) ([]*RPCRes, bool, string, error) {
 	// A request set is transformed into groups of batches.
 	// Each batch group maps to a forwarded JSON-RPC batch request (subject to maxUpstreamBatchSize constraints)
 	// A groupID is used to decouple Requests that have duplicate ID so they're not part of the same batch that's
@ -406,6 +435,10 @@ func (s *Server) handleBatchRPC(ctx context.Context, reqs []json.RawMessage, isL
 		backendGroup string
 	}

+	// Retrieve info from header
+	origin := r.Header.Get("Origin")
+	userAgent := r.Header.Get("User-Agent")
+
 	responses := make([]*RPCRes, len(reqs))
 	batches := make(map[batchGroup][]batchElem)
 	ids := make(map[string]int, len(reqs))
@ -418,6 +451,15 @@ func (s *Server) handleBatchRPC(ctx context.Context, reqs []json.RawMessage, isL
 			continue
 		}

+		log.Debug(
+			"received RPC method",
+			"req_id", GetReqID(ctx),
+			"method", parsedReq.Method,
+			"user_agent", userAgent,
+			"origin", origin,
+			"remote_ip", xff,
+		)
+
 		// Simple health check
 		if len(reqs) == 1 && parsedReq.Method == proxydHealthzMethod {
 			res := &RPCRes{
@ -449,6 +491,9 @@ func (s *Server) handleBatchRPC(ctx context.Context, reqs []json.RawMessage, isL
 				"source", "rpc",
 				"req_id", GetReqID(ctx),
 				"method", parsedReq.Method,
+				"user_agent", userAgent,
+				"origin", origin,
+				"remote_ip", xff,
 			)
 			RecordRPCError(ctx, BackendProxyd, MethodUnknown, ErrMethodNotWhitelisted)
 			responses[i] = NewRPCErrorRes(parsedReq.ID, ErrMethodNotWhitelisted)
@ -475,6 +520,9 @@ func (s *Server) handleBatchRPC(ctx context.Context, reqs []json.RawMessage, isL
 				"source", "rpc",
 				"req_id", GetReqID(ctx),
 				"method", parsedReq.Method,
+				"user_agent", userAgent,
+				"origin", origin,
+				"remote_ip", xff,
 			)
 			RecordRPCError(ctx, BackendProxyd, parsedReq.Method, ErrOverRateLimit)
 			responses[i] = NewRPCErrorRes(parsedReq.ID, ErrOverRateLimit)
@ -579,12 +627,31 @@ func (s *Server) handleBatchRPC(ctx context.Context, reqs []json.RawMessage, isL
 	return responses, cached, servedByString, nil
 }

-func (s *Server) HandleWS(w http.ResponseWriter, r *http.Request) {
+func (s *Server) GetWSHandle(fromRpc bool) ReqHandle {
+	return func(w http.ResponseWriter, r *http.Request) {
+		s.HandleWS(w, r, fromRpc)
+	}
+}
+
+func (s *Server) HandleWS(w http.ResponseWriter, r *http.Request, fromRpc bool) {
 	ctx := s.populateContext(w, r)
 	if ctx == nil {
 		return
 	}

+	// Handle upgrade header request
+	upgrade := false
+	for _, header := range r.Header["Upgrade"] {
+		if header == "websocket" {
+			upgrade = true
+			break
+		}
+	}
+	// Filter out non websocket requests
+	if fromRpc && !upgrade {
+		return
+	}
+
 	log.Info("received WS connection", "req_id", GetReqID(ctx))

 	clientConn, err := s.upgrader.Upgrade(w, r, nil)
--- a/proxyd/tools/mockserver/handler/handler.go
+++ b/proxyd/tools/mockserver/handler/handler.go
@ -8,7 +8,7 @@ import (
 	"os"
 	"strings"

-	"github.com/ethereum-optimism/optimism/proxyd"
+	"github.com/ethereum-optimism/infra/proxyd"

 	"github.com/gorilla/mux"
 	"github.com/pkg/errors"
--- a/proxyd/tools/mockserver/main.go
+++ b/proxyd/tools/mockserver/main.go
@ -6,7 +6,7 @@ import (
 	"path"
 	"strconv"

-	"github.com/ethereum-optimism/optimism/proxyd/tools/mockserver/handler"
+	"github.com/ethereum-optimism/infra/proxyd/tools/mockserver/handler"
 )

 func main() {
Author	SHA1	Message	Date
tornadocontrib	ca4e4b24e0	Settings	2024-10-20 06:41:36 +00:00
tornadocontrib	1ad517098a	Listen websocket on same port, allow direct connections and more helpful logging	2024-10-20 06:41:35 +00:00
smartcontracts	d8cec08bd9	Update tag-service.yml (#62 )	2024-10-17 09:34:35 -04:00
Hamdi Allam	ac9ae52d52	op-txproxy: capitalize the env var prefix (#58 ) * env var prefix * tag-service workflow	2024-10-07 14:19:14 -04:00
Hamdi Allam	dff24e9fca	op-txproxy: external validating proxy for conditional transactions (#42 ) * txpool svc * change mod github path * tag-tool * codeowners	2024-09-30 13:43:34 -07:00
Sam Stokes	88521bef29	circleci: fix release job deps (#55 )	2024-09-10 16:12:10 -04:00
Sam Stokes	75b02dff3d	op-signer: add to this repo (#51 ) * op-signer: add to this repo * circleci: add op-signer jobs/workflows * ops: update tag service to include op-signer * readme: add op-signer one sentence description * ci: add op-signer option to github action * ops: add op-signer min version	2024-09-10 15:01:09 -04:00
Zach Howard	7f8095c9ad	op-conductor-ops: adds force-active-sequencer command (#50 )	2024-09-04 17:34:03 -04:00
dependabot[bot]	bfdc66fa28	chore(deps): bump certifi from 2024.6.2 to 2024.7.4 in /op-conductor-ops (#47 ) Bumps [certifi](https://github.com/certifi/python-certifi) from 2024.6.2 to 2024.7.4. - [Commits](https://github.com/certifi/python-certifi/compare/2024.06.02...2024.07.04) --- updated-dependencies: - dependency-name: certifi dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-09-03 11:55:05 -05:00
Zach Howard	3b420a5c41	Couple of usability improvements and cert config path fix (#49 )	2024-08-22 17:08:06 -04:00
Jacob Elias	c03568e408	Multicall testcase improvements (#39 ) * feat: improve the multicall test suite to use channels to explictly control the response flow, rather than sleep functions	2024-08-22 12:46:43 -05:00
Jacob Elias	88c767e316	feat: update proxyd references to infra repo (#48 )	2024-08-22 12:19:26 -05:00
Jacob Elias	ad47122943	feat: add op-conductor-ops script with updated readme and example config file (#44 )	2024-08-21 18:47:16 -05:00
dependabot[bot]	9a36d674b5	chore(deps): bump github.com/rs/cors from 1.10.1 to 1.11.0 in /proxyd (#25 ) Bumps [github.com/rs/cors](https://github.com/rs/cors) from 1.10.1 to 1.11.0. - [Commits](https://github.com/rs/cors/compare/v1.10.1...v1.11.0) --- updated-dependencies: - dependency-name: github.com/rs/cors dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-08-21 10:15:16 -05:00
cody-wang-cb	1cacaab6b5	Use not healthy as error msg (#41 ) * use not healthy as error msg * update wording only	2024-08-20 08:20:15 -07:00
Tei Im	98e261e7f9	proxyd: Support Redis read endpoint for caching (#45 )	2024-08-19 14:23:09 -06:00