Add deposit snapshot to DownloadFinalizedData

* Use `SingleAttestation` for Fulu in p2p attestation map.

* Fix `TestExtractDataType`.

---------

Co-authored-by: Manu NALEPA <enalepa@offchainlabs.com>

.bazelrc

@@ -1,9 +1,16 @@
-# Print warnings for tests with inappropriate test size or timeout.
-test --test_verbose_timeout_warnings
+# Import bazelrc presets
+import %workspace%/build/bazelrc/convenience.bazelrc
+import %workspace%/build/bazelrc/correctness.bazelrc
+import %workspace%/build/bazelrc/cross.bazelrc
+import %workspace%/build/bazelrc/debug.bazelrc
+import %workspace%/build/bazelrc/hermetic-cc.bazelrc
+import %workspace%/build/bazelrc/performance.bazelrc
 
-# Only build test targets when running bazel test //...
-test --build_tests_only
-test --test_output=errors
+# hermetic_cc_toolchain v3.0.1 required changes.
+common --enable_platform_specific_config
+build:linux --sandbox_add_mount_pair=/tmp
+build:macos --sandbox_add_mount_pair=/var/tmp
+build:windows --sandbox_add_mount_pair=C:\Temp
 
 # E2E run with debug gotag
 test:e2e --define gotags=debug
@@ -11,26 +18,10 @@ test:e2e --define gotags=debug
 # Clearly indicate that coverage is enabled to disable certain nogo checks.
 coverage --define=coverage_enabled=1
 
-# Fix for rules_docker. See: https://github.com/bazelbuild/rules_docker/issues/842
-build --host_force_python=PY2
-test --host_force_python=PY2
-run --host_force_python=PY2
-
-# Networking is blocked for tests by default, add "requires-network" tag to your test if networking
-# is required within the sandbox. Network sandboxing only works on linux.
-build --sandbox_default_allow_network=false
-
 # Stamp binaries with git information
 build --workspace_status_command=./hack/workspace_status.sh
-build --stamp
-
-# Prevent PATH changes from rebuilding when switching from IDE to command line.
-build --incompatible_strict_action_env
-test --incompatible_strict_action_env
-run --incompatible_strict_action_env
 
 build --define blst_disabled=false
-test --define blst_disabled=false
 run --define blst_disabled=false
 
 build:blst_disabled --define blst_disabled=true
@@ -41,182 +32,25 @@ build:minimal --@io_bazel_rules_go//go/config:tags=minimal
 
 # Release flags
 build:release --compilation_mode=opt
-build:release --config=llvm
-
-# LLVM compiler for building C/C++ dependencies.
-build:llvm --crosstool_top=@llvm_toolchain//:toolchain
-build:llvm --define compiler=llvm
-build:llvm --copt -fno-sanitize=vptr,function
-build:llvm --linkopt -fno-sanitize=vptr,function
-
-build:asan --copt -fsanitize=address,undefined
-build:asan --copt -fno-omit-frame-pointer
-build:asan --linkopt -fsanitize=address,undefined
-build:asan --copt -fno-sanitize=vptr,function
-build:asan --linkopt -fno-sanitize=vptr,function
-build:asan --copt -DADDRESS_SANITIZER=1
-build:asan --copt -D__SANITIZE_ADDRESS__
-build:asan --linkopt -ldl
-
-build:llvm-asan --config=llvm
-build:llvm-asan --config=asan
-build:llvm-asan --linkopt -fuse-ld=ld.lld
-
-build:fuzz --@io_bazel_rules_go//go/config:tags=fuzz
+build:release --stamp
+build:release --define pgo_enabled=1
 
 # Build binary with cgo symbolizer for debugging / profiling.
-build:cgo_symbolizer --config=llvm
 build:cgo_symbolizer --copt=-g
 build:cgo_symbolizer --define=USE_CGO_SYMBOLIZER=true
 build:cgo_symbolizer -c dbg
 build:cgo_symbolizer --define=gotags=cgosymbolizer_enabled
 
-# multi-arch cross-compiling toolchain configs:
------------------------------------------------
-build:cross --crosstool_top=@prysm_toolchains//:multiarch_toolchain
-build:cross --host_platform=@io_bazel_rules_go//go/toolchain:linux_amd64
-build:cross --host_crosstool_top=@prysm_toolchains//:hostonly_toolchain
-
-# linux_amd64 config for cross compiler toolchain, not strictly necessary since host/exec env is amd64
-build:linux_amd64 --platforms=@io_bazel_rules_go//go/toolchain:linux_amd64_cgo
-
-# osx_amd64 config for cross compiler toolchain
-build:osx_amd64 --config=cross
-build:osx_amd64 --platforms=@io_bazel_rules_go//go/toolchain:darwin_amd64_cgo
-build:osx_amd64 --compiler=osxcross
-
-# windows
-build:windows_amd64 --config=cross
-build:windows_amd64  --platforms=@io_bazel_rules_go//go/toolchain:windows_amd64_cgo
-build:windows_amd64 --compiler=mingw-w64
-
-# linux_arm64 conifg for cross compiler toolchain
-build:linux_arm64 --config=cross
-build:linux_arm64 --platforms=@io_bazel_rules_go//go/toolchain:linux_arm64_cgo
-build:linux_arm64 --copt=-funsafe-math-optimizations
-build:linux_arm64 --copt=-ftree-vectorize
-build:linux_arm64 --copt=-fomit-frame-pointer
-build:linux_arm64 --cpu=aarch64
-build:linux_arm64 --compiler=clang
-build:linux_arm64 --copt=-march=armv8-a
-
-
 # toolchain build debug configs
 #------------------------------
 build:debug --sandbox_debug
-build:debug --toolchain_resolution_debug
+build:debug --toolchain_resolution_debug=".*"
 build:debug --verbose_failures
 build:debug -s
 
-# windows debug
-build:windows_amd64_debug --config=windows_amd64
-build:windows_amd64_debug --config=debug
-
-# osx_amd64 debug config
-build:osx_amd64_debug --config=debug
-build:osx_amd64_debug --config=osx_amd64
-
-# linux_arm64_debug
-build:linux_arm64_debug --config=linux_arm64
-build:linux_arm64_debug --config=debug
-
-# linux_amd64_debug
-build:linux_amd64_debug --config=linux_amd64
-build:linux_amd64_debug --config=debug
-
-
-# Docker Sandbox Configs
-#-----------------------
-# Note all docker sandbox configs must run from a linux x86_64 host
-# build:docker-sandbox --experimental_docker_image=gcr.io/prysmaticlabs/rbe-worker:latest
-build:docker-sandbox --spawn_strategy=docker --strategy=Javac=docker --genrule_strategy=docker
-build:docker-sandbox --define=EXECUTOR=remote
-build:docker-sandbox --experimental_docker_verbose
-build:docker-sandbox --experimental_enable_docker_sandbox
-build:docker-sandbox --crosstool_top=@rbe_ubuntu_clang//cc:toolchain 
-build:docker-sandbox --host_javabase=@rbe_ubuntu_clang//java:jdk 
-build:docker-sandbox --javabase=@rbe_ubuntu_clang//java:jdk 
-build:docker-sandbox --host_java_toolchain=@bazel_tools//tools/jdk:toolchain_hostjdk8 
-build:docker-sandbox --java_toolchain=@bazel_tools//tools/jdk:toolchain_hostjdk8 
-build:docker-sandbox --extra_execution_platforms=@rbe_ubuntu_clang//config:platform 
-build:docker-sandbox --host_platform=@rbe_ubuntu_clang//config:platform 
-build:docker-sandbox --platforms=@rbe_ubuntu_clang//config:platform
-build:docker-sandbox --extra_toolchains=@prysm_toolchains//:cc-toolchain-multiarch
-
-# windows_amd64 docker sandbox build config
-build:windows_amd64_docker --config=docker-sandbox --config=windows_amd64
-build:windows_amd64_docker_debug --config=windows_amd64_docker --config=debug
-
-# osx_amd64 docker sandbox build config
-build:osx_amd64_docker --config=docker-sandbox --config=osx_amd64
-build:osx_amd64_docker_debug --config=osx_amd64_docker --config=debug
-
-# linux_arm64 docker sandbox build config
-build:linux_arm64_docker --config=docker-sandbox --config=linux_arm64
-build:linux_arm64_docker_debug --config=linux_arm64_docker --config=debug
-
-# linux_amd64 docker sandbox build config
-build:linux_amd64_docker --config=docker-sandbox --config=linux_amd64
-build:linux_amd64_docker_debug --config=linux_amd64_docker --config=debug
-
-
-# Remote Build Execution
-#-----------------------
-# Originally from https://github.com/bazelbuild/bazel-toolchains/blob/master/bazelrc/bazel-2.0.0.bazelrc
-#
-# Depending on how many machines are in the remote execution instance, setting
-# this higher can make builds faster by allowing more jobs to run in parallel.
-# Setting it too high can result in jobs that timeout, however, while waiting
-# for a remote machine to execute them.
-build:remote --jobs=50
-
-# Set several flags related to specifying the platform, toolchain and java
-# properties.
-# These flags should only be used as is for the rbe-ubuntu16-04 container
-# and need to be adapted to work with other toolchain containers.
-build:remote --host_javabase=@rbe_ubuntu_clang//java:jdk
-build:remote --javabase=@rbe_ubuntu_clang//java:jdk
-build:remote --host_java_toolchain=@bazel_tools//tools/jdk:toolchain_hostjdk8
-build:remote --java_toolchain=@bazel_tools//tools/jdk:toolchain_hostjdk8
-build:remote --crosstool_top=@rbe_ubuntu_clang//cc:toolchain
-build:remote --action_env=BAZEL_DO_NOT_DETECT_CPP_TOOLCHAIN=1
-# Platform flags:
-# The toolchain container used for execution is defined in the target indicated
-# by "extra_execution_platforms", "host_platform" and "platforms".
-# More about platforms: https://docs.bazel.build/versions/master/platforms.html
-build:remote --extra_toolchains=@rbe_ubuntu_clang//config:cc-toolchain
-build:remote --extra_execution_platforms=@rbe_ubuntu_clang//config:platform
-build:remote --host_platform=@rbe_ubuntu_clang//config:platform
-build:remote --platforms=@rbe_ubuntu_clang//config:platform
-
-# Starting with Bazel 0.27.0 strategies do not need to be explicitly
-# defined. See https://github.com/bazelbuild/bazel/issues/7480
-build:remote --define=EXECUTOR=remote
-
-# Enable remote execution so actions are performed on the remote systems.
-# build:remote --remote_executor=grpcs://remotebuildexecution.googleapis.com
-
-# Enforce stricter environment rules, which eliminates some non-hermetic
-# behavior and therefore improves both the remote cache hit rate and the
-# correctness and repeatability of the build.
-build:remote --incompatible_strict_action_env=true
-
-# Set a higher timeout value, just in case.
-build:remote --remote_timeout=3600
-
-# Enable authentication. This will pick up application default credentials by
-# default. You can use --google_credentials=some_file.json to use a service
-# account credential instead.
-# build:remote --google_default_credentials=true
-
-# Enable build without the bytes
-# See: https://github.com/bazelbuild/bazel/issues/6862
-build:remote --experimental_remote_download_outputs=toplevel --experimental_inmemory_jdeps_files --experimental_inmemory_dotd_files
-
-build:remote --remote_local_fallback
-
-# Ignore GoStdLib with remote caching
-build --modify_execution_info='GoStdlib.*=+no-remote-cache'
-
 # Set bazel gotag
 build --define gotags=bazel
+
+# Abseil requires c++14 or greater.
+build --cxxopt=-std=c++20
+build --host_cxxopt=-std=c++20

.bazelversion

@@ -1 +1 @@
-5.0.0
+7.1.0

.buildkite-bazelrc

@@ -9,8 +9,8 @@
 #build:remote-cache --strategy=Genrule=standalone
 
 # Prysm specific remote-cache properties.
-#build:remote-cache --disk_cache=
 build:remote-cache --remote_download_minimal
+build:remote-cache --remote_build_event_upload=minimal
 build:remote-cache --remote_cache=grpc://bazel-remote-cache:9092
 build:remote-cache --experimental_remote_downloader=grpc://bazel-remote-cache:9092
 build:remote-cache --remote_local_fallback
@@ -28,7 +28,10 @@ build --experimental_use_hermetic_linux_sandbox
 # Import workspace options.
 import %workspace%/.bazelrc
 
-startup --host_jvm_args=-Xmx4g --host_jvm_args=-Xms2g
+# Enable blake3 once it is supported in remote cache. See: https://github.com/buchgr/bazel-remote/issues/710
+# startup --digest_function=blake3
+
+startup --host_jvm_args=-Xmx8g --host_jvm_args=-Xms4g
 build --experimental_strict_action_env
 build --sandbox_tmpfs_path=/tmp
 build --verbose_failures
@@ -38,9 +41,18 @@ build --curses=no --color=no
 build --keep_going
 build --test_output=errors
 build --flaky_test_attempts=5
+build --build_runfile_links=false # Only build runfile symlink forest when required by local action, test, or run command.
 # Disabled race detection due to unstable test results under constrained environment build kite
 # build --features=race
 
 # Better caching
 build:nostamp --nostamp
-build:nostamp --workspace_status_command=./hack/workspace_status_ci.sh
+
+# Build metadata
+build --build_metadata=ROLE=CI
+build --build_metadata=REPO_URL=https://github.com/prysmaticlabs/prysm.git
+build --workspace_status_command=./hack/workspace_status_ci.sh
+
+# Buildbuddy
+build --bes_results_url=https://app.buildbuddy.io/invocation/
+build --bes_backend=grpcs://remote.buildbuddy.io

.deepsource.toml

@@ -11,7 +11,7 @@ name = "go"
 enabled = true
 
 [analyzers.meta]
-import_paths = ["github.com/prysmaticlabs/prysm"]
+import_paths = ["github.com/prysmaticlabs/prysm/v5"]
 
 [[analyzers]]
 name = "test-coverage"

.github/CODEOWNERS

@@ -5,12 +5,4 @@
 *.bzl @prestonvanloon
 
 # Anyone on prylabs team can approve dependency updates.
-deps.bzl @prysmaticlabs/core-team
-
-# Radek and Nishant are responsible for changes that can affect the native state feature.
-# See https://www.notion.so/prysmaticlabs/Native-Beacon-State-Redesign-6cc9744b4ec1439bb34fa829b36a35c1
-/beacon-chain/state/fieldtrie/ @rkapka @nisdas
-/beacon-chain/state/v1/ @rkapka @nisdas
-/beacon-chain/state/v2/ @rkapka @nisdas
-/beacon-chain/state/v3/ @rkapka @nisdas
-/beacon-chain/state/state-native/ @rkapka @nisdas
+deps.bzl @prysmaticlabs/core-team

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,59 +0,0 @@
----
-name: "\U0001F41EBug report"
-about: Report a bug or problem with running Prysm
----
-<!--💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎
-
-Hellooo! 😄 
-
-To help us tend to your issue faster, please search our currently open issues before submitting a new one.
-Existing issues often contain information about workarounds, resolution, or progress updates.
-
-💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎💎-->
-
-# 🐞 Bug Report
-
-### Description
-
-<!-- ✍️--> A clear and concise description of the problem...
-
-### Has this worked before in a previous version?
-
-<!-- Did this behavior use to work in the previous version? -->
-<!-- ✍️--> Yes, the previous version in which this bug was not present was: ....
-
-## 🔬 Minimal Reproduction
-
-<!--
-Please let us know how we can reproduce this issue. Include the exact method you used to run Prysm along with any flags used in your beacon chain and/or validator. Make sure you don't upload any confidential files or private keys.
--->
-
-## 🔥 Error
-
-<pre><code>
-<!-- If the issue is accompanied by an error, please share the error logs with us below. If you have a lot of logs, place make a paste bin with your logs and share the link with us here: -->
-<!-- ✍️-->
-
-</code></pre>
-
-
-## 🌍  Your Environment
-
-**Operating System:**
-
-<pre>
-  <code>
-
-  </code>
-</pre>
-
-**What version of Prysm are you running? (Which release)**
-
-<pre>
-  <code>
-
-  </code>
-</pre>
-
-**Anything else relevant (validator index / public key)?**
-

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,66 @@
+name: 🐞 Bug report
+description: Report a bug or problem with running Prysm
+labels: ["Bug"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        To help us tend to your issue faster, please search our currently open issues before submitting a new one.
+        Existing issues often contain information about workarounds, resolution, or progress updates.
+  - type: textarea
+    id: what-happened
+    attributes:
+      label: Describe the bug
+      description: |
+        A clear and concise description of the problem...
+    validations:
+      required: true
+  - type: textarea
+    id: previous-version
+    attributes:
+      label: Has this worked before in a previous version?
+      description: Did this behavior use to work in the previous version?
+      render: text
+  - type: textarea
+    id: reproduction-steps
+    attributes:
+      label: 🔬 Minimal Reproduction
+      description: |
+        Please let us know how we can reproduce this issue. 
+        Include the exact method you used to run Prysm along with any flags used in your beacon chain and/or validator. 
+        Make sure you don't upload any confidential files or private keys.
+      placeholder: |
+        Steps to reproduce:
+        
+        1. Start '...'
+        2. Then '...'
+        3. Check '...'
+        4. See error
+  - type: textarea
+    id: errors
+    attributes:
+      label: Error
+      description: |
+        If the issue is accompanied by an error, please share the error logs with us below. 
+        If you have a lot of logs, place make a paste bin with your logs and share the link with us here:
+      render: text
+  - type: dropdown
+    id: platform
+    attributes:
+      label: Platform(s)
+      description: What platform(s) did this occur on?
+      multiple: true
+      options:
+        - Linux (x86)
+        - Linux (ARM)
+        - Mac (Intel)
+        - Mac (Apple Silicon)
+        - Windows (x86)
+        - Windows (ARM)
+  - type: input
+    attributes:
+      label: What version of Prysm are you running? (Which release)
+      description: You can check your Prysm version by running your beacon node or validator with the `--version` flag.
+  - type: textarea
+    attributes:
+      label: Anything else relevant (validator index / public key)?

.github/ISSUE_TEMPLATE/feature_request.md

@@ -16,12 +16,12 @@ Existing issues often contain information about workarounds, resolution, or prog
 
 ### Description
 
-<!-- ✍️--> A clear and concise description of the problem or missing capability...
+<!-- ✍️ A clear and concise description of the problem or missing capability... --> 
 
 ### Describe the solution you'd like
 
-<!-- ✍️--> If you have a solution in mind, please describe it.
+<!-- ✍️ If you have a solution in mind, please describe it. --> 
 
 ### Describe alternatives you've considered
 
-<!-- ✍️--> Have you considered any alternative solutions or workarounds?
+<!-- ✍️ Have you considered any alternative solutions or workarounds? --> 

.github/PULL_REQUEST_TEMPLATE.md

@@ -10,6 +10,7 @@
    in review.
 4. Note that PRs updating dependencies and new Go versions are not accepted.
    Please file an issue instead.
+5. A changelog entry is required for user facing issues.
 -->
 
 **What type of PR is this?**
@@ -28,3 +29,9 @@
 Fixes #
 
 **Other notes for review**
+
+**Acknowledgements**
+
+- [ ] I have read [CONTRIBUTING.md](https://github.com/prysmaticlabs/prysm/blob/develop/CONTRIBUTING.md).
+- [ ] I have included a uniquely named [changelog fragment file](https://github.com/prysmaticlabs/prysm/blob/develop/CONTRIBUTING.md#maintaining-changelogmd).
+- [ ] I have added a description to this PR with sufficient context for reviewers to understand this PR.

.github/actions/gofmt/Dockerfile

@@ -1,5 +0,0 @@
-FROM cytopia/gofmt
-
-COPY entrypoint.sh /entrypoint.sh
-
-ENTRYPOINT ["/entrypoint.sh"]

.github/actions/gofmt/action.yml

@@ -1,12 +0,0 @@
-name: 'Gofmt checker'
-description: 'Checks that all project files have been properly formatted.'
-inputs:
-  path:
-    description: 'Path to check'
-    required: true
-    default: './'
-runs:
-  using: 'docker'
-  image: 'Dockerfile'
-  args:
-    - ${{ inputs.path }}

.github/actions/gofmt/entrypoint.sh

@@ -1,15 +0,0 @@
-#!/bin/sh -l
-set -e
-
-cd $GITHUB_WORKSPACE
-
-# Check if any files are not formatted.
-nonformatted="$(gofmt -l $1 2>&1)"
-
-# Return if `go fmt` passes.
-[ -z "$nonformatted" ] && exit 0
-
-# Notify of issues with formatting.
-echo "Following files need to be properly formatted:"
-echo "$nonformatted"
-exit 1

.github/actions/gomodtidy/Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:alpine
+FROM golang:1.22-alpine
 
 COPY entrypoint.sh /entrypoint.sh
 

.github/workflows/changelog.yml

@@ -0,0 +1,34 @@
+# This workflow will build a golang project
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-go
+
+name: changelog
+
+on:
+  pull_request:
+    branches: [ "develop" ]
+
+jobs:
+  run-changelog-check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@v3
+
+      - name: Download unclog binary
+        uses: dsaltares/fetch-gh-release-asset@aa2ab1243d6e0d5b405b973c89fa4d06a2d0fff7 # 1.1.2
+        with:
+          repo: OffchainLabs/unclog
+          version: "tags/v0.1.3"
+          file: "unclog"
+
+      - name: Get new changelog files
+        id: new-changelog-files
+        uses: tj-actions/changed-files@v45
+        with:
+          files: |
+            changelog/**.md
+
+      - name: Run lint command
+        env:
+          ALL_ADDED_MARKDOWN: ${{ steps.new-changelog-files.outputs.added_files }}
+        run: chmod +x unclog && ./unclog check -fragment-env=ALL_ADDED_MARKDOWN

.github/workflows/fuzz.yml

@@ -0,0 +1,45 @@
+name: "fuzz"
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 12 * * *"
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  list:
+    runs-on: ubuntu-latest
+    timeout-minutes: 180
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v4
+        with:
+          go-version: '1.22.10'
+      - id: list
+        uses: shogo82148/actions-go-fuzz/list@v0
+        with:
+          tags: fuzz,develop
+    outputs:
+      fuzz-tests: ${{steps.list.outputs.fuzz-tests}}
+
+  fuzz:
+    runs-on: ubuntu-latest
+    timeout-minutes: 360
+    needs: list
+    strategy:
+      fail-fast: false
+      matrix:
+        include: ${{fromJson(needs.list.outputs.fuzz-tests)}}
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v4
+        with:
+          go-version: '1.22.10'
+      - uses: shogo82148/actions-go-fuzz/run@v0
+        with:
+          packages: ${{ matrix.package }}
+          fuzz-regexp: ${{ matrix.func }}
+          fuzz-time: "20m"
+          tags: fuzz,develop

.github/workflows/go.yml

@@ -5,6 +5,8 @@ on:
     branches: [ master ]
   pull_request:
     branches: [ '*' ]
+  merge_group:
+    types: [checks_requested]
 
 jobs:
   formatting:
@@ -12,24 +14,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Go mod tidy checker
         id: gomodtidy
         uses: ./.github/actions/gomodtidy
 
-      - name: Gofmt checker
-        id: gofmt
-        uses: ./.github/actions/gofmt
-        with:
-          path: ./
-
-      - name: GoImports checker
-        id: goimports
-        uses: Jerome1337/goimports-action@v1.0.2
-        with:
-          goimports-path: ./
-
   gosec:
     name: Gosec scan
     runs-on: ubuntu-latest
@@ -37,49 +27,48 @@ jobs:
       GO111MODULE: on
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
-      - name: Set up Go 1.18
-        uses: actions/setup-go@v3
+        uses: actions/checkout@v4
+      - name: Set up Go 1.22
+        uses: actions/setup-go@v4
         with:
-          go-version: 1.18
+          go-version: '1.22.10'
       - name: Run Gosec Security Scanner
         run: | # https://github.com/securego/gosec/issues/469
           export PATH=$PATH:$(go env GOPATH)/bin
-          go install github.com/securego/gosec/v2/cmd/gosec@latest
-          gosec -exclude=G307 -exclude-dir=crypto/bls/herumi ./...
+          go install github.com/securego/gosec/v2/cmd/gosec@v2.19.0
+          gosec -exclude-generated -exclude=G307 -exclude-dir=crypto/bls/herumi ./...
 
   lint:
     name: Lint
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
-      - name: Set up Go 1.18
-        uses: actions/setup-go@v3
+      - name: Set up Go 1.22
+        uses: actions/setup-go@v4
         with:
-          go-version: 1.18
+          go-version: '1.22.10'
           id: go
 
       - name: Golangci-lint
-        uses: golangci/golangci-lint-action@v2
+        uses: golangci/golangci-lint-action@v5
         with:
-          args: --print-issued-lines --sort-results --no-config --timeout=10m --disable-all -E deadcode  -E errcheck -E gosimple --skip-files=validator/web/site_data.go --skip-dirs=proto --go=1.18
-          version: v1.45.2
-          skip-go-installation: true
+          version: v1.56.1
+          args: --config=.golangci.yml --out-${NO_FUTURE}format colored-line-number
 
   build:
     name: Build
     runs-on: ubuntu-latest
     steps:
       - name: Set up Go 1.x
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v4
         with:
-          go-version: 1.18
+          go-version: '1.22.10'
         id: go
 
       - name: Check out code into the Go module directory
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Get dependencies
         run: |
@@ -88,11 +77,14 @@ jobs:
       - name: Build
         # Use blst tag to allow go and bazel builds for blst.
         run: go build -v ./...
-
-        # fuzz and blst_disabled leverage go tag based stubs at compile time.
-        # Building with these tags should be checked and enforced at pre-submit.
-      - name: Build for fuzzing
-        run: go build -tags=fuzz,blst_disabled ./... 
+        env:
+           CGO_CFLAGS: "-O2 -D__BLST_PORTABLE__"
+        # fuzz leverage go tag based stubs at compile time.
+        # Building and testing with these tags should be checked and enforced at pre-submit.
+      - name: Test for fuzzing
+        run: go test  -tags=fuzz,develop ./...  -test.run=^Fuzz
+        env:
+           CGO_CFLAGS: "-O2 -D__BLST_PORTABLE__"
 
 # Tests run via Bazel for now...
 #      - name: Test

.gitignore

@@ -35,3 +35,12 @@ bin
 
 # p2p metaData
 metaData
+
+# execution API authentication
+jwt.hex
+
+# manual testing
+tmp
+
+# spectest coverage reports
+report.txt

.golangci.yml

@@ -1,69 +1,94 @@
-linters-settings:
-  govet:
-    check-shadowing: true
-    settings:
-      printf:
-        funcs:
-          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Infof
-          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Warnf
-          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Errorf
-          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Fatalf
-  golint:
-    min-confidence: 0
-  gocyclo:
-    min-complexity: 10
-  maligned:
-    suggest-new: true
-  dupl:
-    threshold: 100
-  goconst:
-    min-len: 2
-    min-occurrences: 2
-  depguard:
-    list-type: blacklist
-    packages:
-      # logging is allowed only by logutils.Log, logrus
-      # is allowed to use only in logutils package
-      - github.com/sirupsen/logrus
-  misspell:
-    locale: US
-  lll:
-    line-length: 140
-  goimports:
-    local-prefixes: github.com/golangci/golangci-lint
-  gocritic:
-    enabled-tags:
-      - performance
-      - style
-      - experimental
-    disabled-checks:
-      - wrapperFunc
+run:
+  skip-files:
+    - validator/web/site_data.go
+    - .*_test.go
+  skip-dirs:
+    - proto
+    - tools/analyzers
+  timeout: 10m
+  go: '1.22.10'
 
 linters:
-  enable:
+  enable-all: true
+  disable:
+    # Deprecated linters:
     - deadcode
-    - goconst
-    - goimports
+    - exhaustivestruct
     - golint
-    - gosec
-    - misspell
+    - govet
+    - ifshort
+    - interfacer
+    - maligned
+    - nosnakecase
+    - scopelint
     - structcheck
-    - typecheck
-    - unparam
     - varcheck
-    - gofmt
-    - unused
-  disable-all: true
 
-run:
-  skip-dirs:
-    - proto/
-    - ^contracts/
-  deadline: 10m
+    # Disabled for now:
+    - asasalint
+    - bodyclose
+    - containedctx
+    - contextcheck
+    - cyclop
+    - depguard
+    - dogsled
+    - dupl
+    - durationcheck
+    - exhaustive
+    - exhaustruct
+    - forbidigo
+    - forcetypeassert
+    - funlen
+    - gci
+    - gochecknoglobals
+    - gochecknoinits
+    - goconst
+    - gocritic
+    - gocyclo
+    - godot
+    - godox
+    - goerr113
+    - gofumpt
+    - gomnd
+    - gomoddirectives
+    - gosec
+    - inamedparam
+    - interfacebloat
+    - ireturn
+    - lll
+    - maintidx
+    - makezero
+    - musttag
+    - nakedret
+    - nestif
+    - nilnil
+    - nlreturn
+    - noctx
+    - nolintlint
+    - nonamedreturns
+    - nosprintfhostport
+    - perfsprint
+    - prealloc
+    - predeclared
+    - promlinter
+    - protogetter
+    - revive
+    - spancheck
+    - staticcheck
+    - stylecheck
+    - tagalign
+    - tagliatelle
+    - thelper
+    - unparam
+    - varnamelen
+    - wrapcheck
+    - wsl
 
-# golangci.com configuration
-# https://github.com/golangci/golangci/wiki/Configuration
-service:
-  golangci-lint-version: 1.15.0 # use the fixed version to not introduce new linters unexpectedly
-  prepare:
-    - echo "here I can run custom commands, but no preparation needed for this repo"
+linters-settings:
+  gocognit:
+    # TODO: We should target for < 50
+    min-complexity: 65
+
+output:
+  print-issued-lines: true
+  sort-results: true

.policy.yml

@@ -26,7 +26,6 @@ approval_rules:
       only_changed_files:
         paths:
           - "*pb.go"
-          - "*pb.gw.go"
           - "*.bazel"
     options:
       ignore_commits_by:
@@ -69,7 +68,6 @@ approval_rules:
       changed_files:
         ignore:
           - "*pb.go"
-          - "*pb.gw.go"
           - "*.bazel"
     options:
       ignore_commits_by:

BUILD.bazel

@@ -3,8 +3,8 @@ load("@com_github_atlassian_bazel_tools//gometalinter:def.bzl", "gometalinter")
 load("@com_github_atlassian_bazel_tools//goimports:def.bzl", "goimports")
 load("@io_kubernetes_build//defs:run_in_workspace.bzl", "workspace_binary")
 load("@io_bazel_rules_go//go:def.bzl", "nogo")
-load("@vaticle_bazel_distribution//common:rules.bzl", "assemble_targz", "assemble_versioned")
 load("@bazel_skylib//rules:common_settings.bzl", "string_setting")
+load("@prysm//tools/nogo_config:def.bzl", "nogo_config_exclude")
 
 prefix = "github.com/prysmaticlabs/prysm"
 
@@ -12,7 +12,7 @@ exports_files([
     "LICENSE.md",
 ])
 
-# gazelle:prefix github.com/prysmaticlabs/prysm
+# gazelle:prefix github.com/prysmaticlabs/prysm/v5
 # gazelle:map_kind go_library go_library @prysm//tools/go:def.bzl
 # gazelle:map_kind go_test go_test @prysm//tools/go:def.bzl
 # gazelle:map_kind go_repository go_repository @prysm//tools/go:def.bzl
@@ -55,13 +55,6 @@ alias(
     visibility = ["//visibility:public"],
 )
 
-# Protobuf gRPC gateway compiler
-alias(
-    name = "grpc_gateway_proto_compiler",
-    actual = "@com_github_grpc_ecosystem_grpc_gateway_v2//protoc-gen-grpc-gateway:go_gen_grpc_gateway",
-    visibility = ["//visibility:public"],
-)
-
 gometalinter(
     name = "gometalinter",
     config = "//:.gometalinter.json",
@@ -83,38 +76,117 @@ workspace_binary(
     cmd = "@com_github_golang_lint//golint",
 )
 
+STATICCHECK_ANALYZERS = [
+    # Enabled static checks. See https://staticcheck.dev/docs/checks/
+    # Please. keep this list sorted. Don't be a bad person by inserting stuff randomly.
+    "sa1000",
+    "sa1001",
+    "sa1002",
+    "sa1003",
+    "sa1004",
+    "sa1005",
+    "sa1006",
+    "sa1007",
+    "sa1008",
+    "sa1010",
+    "sa1011",
+    "sa1012",
+    "sa1013",
+    "sa1014",
+    "sa1015",
+    "sa1016",
+    "sa1017",
+    "sa1018",
+    # "sa1019", # TODO: Fix all uses of deprecated things.
+    "sa1020",
+    "sa1021",
+    "sa1023",
+    "sa1024",
+    "sa1025",
+    "sa1026",
+    "sa1027",
+    "sa1028",
+    "sa1029",
+    "sa1030",
+    "sa2000",
+    "sa2001",
+    "sa2002",
+    "sa2003",
+    "sa3000",
+    "sa3001",
+    "sa4000",
+    "sa4001",
+    "sa4003",
+    "sa4004",
+    "sa4005",
+    "sa4006",
+    "sa4008",
+    "sa4009",
+    "sa4010",
+    "sa4011",
+    "sa4012",
+    "sa4013",
+    "sa4014",
+    "sa4015",
+    "sa4016",
+    "sa4017",
+    "sa4018",
+    "sa4019",
+    "sa4020",
+    "sa4021",
+    "sa4022",
+    "sa4023",
+    "sa4024",
+    "sa4025",
+    "sa4026",
+    "sa4027",
+    "sa4028",
+    "sa4029",
+    "sa4030",
+    "sa4031",
+    "sa4032",
+    "sa5000",
+    "sa5001",
+    "sa5002",
+    "sa5003",
+    "sa5004",
+    "sa5005",
+    "sa5007",
+    "sa5008",
+    "sa5009",
+    "sa5010",
+    "sa5011",
+    "sa5012",
+    "sa6000",
+    "sa6001",
+    "sa6002",
+    "sa6003",
+    "sa6005",
+    "sa6006",
+    "sa9001",
+    "sa9002",
+    #"sa9003", # Doesn't build. See https://github.com/dominikh/go-tools/pull/1483
+    "sa9004",
+    "sa9005",
+    "sa9006",
+    "sa9007",
+    "sa9008",
+]
+
+nogo_config_exclude(
+    name = "nogo_config_with_excludes",
+    checks = [sa.upper() for sa in STATICCHECK_ANALYZERS],
+    exclude_files = [
+        "external/.*",
+    ],
+    input = "nogo_config.json",
+)
+
 nogo(
     name = "nogo",
-    config = "nogo_config.json",
+    config = ":nogo_config_with_excludes",
     visibility = ["//visibility:public"],
     deps = [
-        "@org_golang_x_tools//go/analysis/passes/unsafeptr:go_default_library",
-        "@org_golang_x_tools//go/analysis/passes/unreachable:go_default_library",
-        "@org_golang_x_tools//go/analysis/passes/unmarshal:go_default_library",
-        "@org_golang_x_tools//go/analysis/passes/tests:go_default_library",
-        "@org_golang_x_tools//go/analysis/passes/structtag:go_default_library",
-        "@org_golang_x_tools//go/analysis/passes/stdmethods:go_default_library",
-        "@org_golang_x_tools//go/analysis/passes/shift:go_default_library",
-        # "@org_golang_x_tools//go/analysis/passes/shadow:go_default_library",
-        "@org_golang_x_tools//go/analysis/passes/printf:go_default_library",
-        "@org_golang_x_tools//go/analysis/passes/pkgfact:go_default_library",
-        "@org_golang_x_tools//go/analysis/passes/nilness:go_default_library",
-        "@org_golang_x_tools//go/analysis/passes/nilfunc:go_default_library",
-        "@org_golang_x_tools//go/analysis/passes/loopclosure:go_default_library",
-        "@org_golang_x_tools//go/analysis/passes/httpresponse:go_default_library",
-        "@org_golang_x_tools//go/analysis/passes/findcall:go_default_library",
-        "@org_golang_x_tools//go/analysis/passes/deepequalerrors:go_default_library",
-        "@org_golang_x_tools//go/analysis/passes/ctrlflow:go_default_library",
-        "@org_golang_x_tools//go/analysis/passes/copylock:go_default_library",
-        #  "@org_golang_x_tools//go/analysis/passes/cgocall:go_default_library",
-        "@org_golang_x_tools//go/analysis/passes/buildtag:go_default_library",
-        "@org_golang_x_tools//go/analysis/passes/buildssa:go_default_library",
-        "@org_golang_x_tools//go/analysis/passes/bools:go_default_library",
-        "@org_golang_x_tools//go/analysis/passes/atomicalign:go_default_library",
-        "@org_golang_x_tools//go/analysis/passes/atomic:go_default_library",
-        "@org_golang_x_tools//go/analysis/passes/assign:go_default_library",
-        "@org_golang_x_tools//go/analysis/passes/inspect:go_default_library",
-        "@org_golang_x_tools//go/analysis/passes/asmdecl:go_default_library",
         "//tools/analyzers/comparesame:go_default_library",
         "//tools/analyzers/cryptorand:go_default_library",
         "//tools/analyzers/errcheck:go_default_library",
@@ -122,6 +194,7 @@ nogo(
         "//tools/analyzers/gocognit:go_default_library",
         "//tools/analyzers/ineffassign:go_default_library",
         "//tools/analyzers/interfacechecker:go_default_library",
+        "//tools/analyzers/logruswitherror:go_default_library",
         "//tools/analyzers/maligned:go_default_library",
         "//tools/analyzers/nop:go_default_library",
         "//tools/analyzers/properpermissions:go_default_library",
@@ -129,14 +202,62 @@ nogo(
         "//tools/analyzers/shadowpredecl:go_default_library",
         "//tools/analyzers/slicedirect:go_default_library",
         "//tools/analyzers/uintcast:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/appends:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/asmdecl:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/assign:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/atomic:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/atomicalign:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/bools:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/buildssa:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/buildtag:go_default_library",
+        # cgocall disabled
+        #"@org_golang_x_tools//go/analysis/passes/cgocall:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/copylock:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/ctrlflow:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/deepequalerrors:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/defers:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/directive:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/errorsas:go_default_library",
+        # fieldalignment disabled
+        #"@org_golang_x_tools//go/analysis/passes/fieldalignment:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/findcall:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/framepointer:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/httpmux:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/httpresponse:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/ifaceassert:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/inspect:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/loopclosure:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/nilfunc:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/nilness:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/pkgfact:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/printf:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/reflectvaluecompare:go_default_library",
+        # shadow disabled
+        #"@org_golang_x_tools//go/analysis/passes/shadow:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/shift:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/sigchanyzer:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/slog:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/sortslice:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/stdmethods:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/stringintconv:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/structtag:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/testinggoroutine:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/tests:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/timeformat:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/unmarshal:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/unreachable:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/unsafeptr:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/unusedresult:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/unusedwrite:go_default_library",
+        "@org_golang_x_tools//go/analysis/passes/usesgenerics:go_default_library",
     ] + select({
         # nogo checks that fail with coverage enabled.
         ":coverage_enabled": [],
         "//conditions:default": [
-            "@org_golang_x_tools//go/analysis/passes/lostcancel:go_default_library",
             "@org_golang_x_tools//go/analysis/passes/composite:go_default_library",
+            "@org_golang_x_tools//go/analysis/passes/lostcancel:go_default_library",
         ],
-    }),
+    }) + ["@co_honnef_go_tools//staticcheck/%s:go_default_library" % c for c in STATICCHECK_ANALYZERS],
 )
 
 config_setting(
@@ -144,6 +265,11 @@ config_setting(
     values = {"define": "coverage_enabled=1"},
 )
 
+config_setting(
+    name = "pgo_enabled",
+    values = {"define": "pgo_enabled=1"},
+)
+
 common_files = {
     "//:LICENSE.md": "LICENSE.md",
     "//:README.md": "README.md",

CONTRIBUTING.md

@@ -1,18 +1,21 @@
 # Contribution Guidelines
 
-Note: The latest and most up to date documenation can be found on our [docs portal](https://docs.prylabs.network/docs/contribute/contribution-guidelines).
+Note: The latest and most up-to-date documentation can be found on our [docs portal](https://docs.prylabs.network/docs/contribute/contribution-guidelines).
 
 Excited by our work and want to get involved in building out our sharding releases? Or maybe you haven't learned as much about the Ethereum protocol but are a savvy developer? 
 
 You can explore our [Open Issues](https://github.com/prysmaticlabs/prysm/issues) in-the works for our different releases. Feel free to fork our repo and start creating PR’s after assigning yourself to an issue of interest. We are always chatting on [Discord](https://discord.gg/CTYGPUJ) drop us a line there if you want to get more involved or have any questions on our implementation!
 
+> [!IMPORTANT] 
+> Please, **do not send pull requests for trivial changes**, such as typos, these will be rejected. These types of pull requests incur a cost to reviewers and do not provide much value to the project. If you are unsure, please open an issue first to discuss the change.
+
 ## Contribution Steps
 
 **1. Set up Prysm following the instructions in README.md.**
 
-**2. Fork the prysm repo.**
+**2. Fork the Prysm repo.**
 
-Sign in to your Github account or create a new account if you do not have one already. Then navigate your browser to https://github.com/prysmaticlabs/prysm/. In the upper right hand corner of the page, click “fork”. This will create a copy of the Prysm repo in your account.
+Sign in to your GitHub account or create a new account if you do not have one already. Then navigate your browser to https://github.com/prysmaticlabs/prysm/. In the upper right hand corner of the page, click “fork”. This will create a copy of the Prysm repo in your account.
 
 **3. Create a local clone of Prysm.**
 
@@ -23,7 +26,7 @@ $ git clone https://github.com/prysmaticlabs/prysm.git
 $ cd $GOPATH/src/github.com/prysmaticlabs/prysm
 ```
 
-**4. Link your local clone to the fork on your Github repo.**
+**4. Link your local clone to the fork on your GitHub repo.**
 
 ```
 $ git remote add myprysmrepo https://github.com/<your_github_user_name>/prysm.git
@@ -68,7 +71,7 @@ $ go test <file_you_are_working_on>
 $ git add --all
 ```
 
-This command stages all of the files that you have changed. You can add individual files by specifying the file name or names and eliminating the “-- all”.
+This command stages all the files that you have changed. You can add individual files by specifying the file name or names and eliminating the “-- all”.
 
 **11. Commit the file or files.**
 
@@ -96,8 +99,7 @@ If there are conflicts between your edits and those made by others since you sta
 $ git status
 ```
 
-Open those files one at a time and you
-will see lines inserted by Git that identify the conflicts:
+Open those files one at a time, and you will see lines inserted by Git that identify the conflicts:
 
 ```
 <<<<<< HEAD
@@ -119,17 +121,21 @@ $ git push myrepo feature-in-progress-branch
 
 **15. Check to be sure your fork of the Prysm repo contains your feature branch with the latest edits.**
 
-Navigate to your fork of the repo on Github. On the upper left where the current branch is listed, change the branch to your feature-in-progress-branch. Open the files that you have worked on and check to make sure they include your changes.
+Navigate to your fork of the repo on GitHub. On the upper left where the current branch is listed, change the branch to your feature-in-progress-branch. Open the files that you have worked on and check to make sure they include your changes.
 
-**16. Create a pull request.**
+**16. Add an entry to CHANGELOG.md.**
 
-Navigate your browser to https://github.com/prysmaticlabs/prysm and click on the new pull request button. In the “base” box on the left, leave the default selection “base master”, the branch that you want your changes to be applied to. In the “compare” box on the right, select feature-in-progress-branch, the branch containing the changes you want to apply. You will then be asked to answer a few questions about your pull request. After you complete the questionnaire, the pull request will appear in the list of pull requests at https://github.com/prysmaticlabs/prysm/pulls.
+All PRs must must include a changelog fragment file in the `changelog` directory. If your change is not user-facing or should not be mentioned in the changelog for some other reason, you may use the `Ignored` changelog section in your fragment's header to satisfy this requirement without altering the final release changelog. See the [Maintaining CHANGELOG.md](#maintaining-changelogmd) section for more information.
 
-**17. Respond to comments by Core Contributors.**
+**17. Create a pull request.**
+
+Navigate your browser to https://github.com/prysmaticlabs/prysm and click on the new pull request button. In the “base” box on the left, leave the default selection “base develop”, the branch that you want your changes to be applied to. In the “compare” box on the right, select feature-in-progress-branch, the branch containing the changes you want to apply. You will then be asked to answer a few questions about your pull request. After you complete the questionnaire, the pull request will appear in the list of pull requests at https://github.com/prysmaticlabs/prysm/pulls. Ensure that you have added an entry to CHANGELOG.md if your PR is a user-facing change. See the [Maintaining CHANGELOG.md](#maintaining-changelogmd) section for more information.
+
+**18. Respond to comments by Core Contributors.**
 
 Core Contributors may ask questions and request that you make edits. If you set notifications at the top of the page to “not watching,” you will still be notified by email whenever someone comments on the page of a pull request you have created. If you are asked to modify your pull request, repeat steps 8 through 15, then leave a comment to notify the Core Contributors that the pull request is ready for further review.
 
-**18. If the number of commits becomes excessive, you may be asked to squash your commits.**
+**19. If the number of commits becomes excessive, you may be asked to squash your commits.**
 
  You can do this with an interactive rebase. Start by running the following command to determine the commit that is the base of your branch...
 
@@ -137,7 +143,7 @@ Core Contributors may ask questions and request that you make edits. If you set
 $ git merge-base feature-in-progress-branch prysm/master
 ```
 
-**19. The previous command will return a commit-hash that you should use in the following command.**
+**20. The previous command will return a commit-hash that you should use in the following command.**
 
 ```
 $ git rebase -i commit-hash
@@ -151,7 +157,7 @@ pick 	hash 	fix a bug
 pick 	hash 	add a feature
 ```
 
-Replace the word pick with the word “squash” for every line but the first so you end with ….
+Replace the word pick with the word “squash” for every line but the first, so you end with ….
 
 ```
 pick    hash	do some work
@@ -161,13 +167,24 @@ squash  hash 	add a feature
 
 Save and close the file, then a commit command will appear in the terminal that squashes the smaller commits into one. Check to be sure the commit message accurately reflects your changes and then hit enter to execute it.
 
-**20. Update your pull request with the following command.**
+**21. Update your pull request with the following command.**
 
 ```
 $ git push myrepo feature-in-progress-branch -f
 ```
 
-**21.  Finally, again leave a comment to the Core Contributors on the pull request to let them know that the pull request has been updated.**
+**22.  Finally, again leave a comment to the Core Contributors on the pull request to let them know that the pull request has been updated.**
+
+## Maintaining CHANGELOG.md
+
+This project follows the changelog guidelines from [keepachangelog.com](https://keepachangelog.com/en/1.1.0/). In order to minimize conflicts and workflow headaches, we chose to implement a changelog management
+strategy that uses changelog "fragment" files, managed by our changelog management tool called `unclog`. Each PR must include a new changelog fragment file in the `changelog` directory, as specified by unclog's
+[README.md](https://github.com/OffchainLabs/unclog?tab=readme-ov-file#what-is-a-changelog-fragment). As the `unclog` README suggests in the [Best Practices](https://github.com/OffchainLabs/unclog?tab=readme-ov-file#best-practices) section, 
+the standard naming convention for your PR's fragment file, to avoid conflicting with another fragment file, is `changelog/<github user name>_<PR branch name>.md`.
+
+### Releasing
+
+When a new release is made, the "Unreleased" section should be moved to a new section with the release version and the current date. Then a new "Unreleased" section is made at the top of the file with the categories listed above.
 
 ## Contributor Responsibilities
 
@@ -178,7 +195,7 @@ We consider two types of contributions to our repo and categorize them as follow
 Anyone can become a part-time contributor and help out on implementing Ethereum consensus. The responsibilities of a part-time contributor include:
 
 -   Engaging in Gitter conversations, asking the questions on how to begin contributing to the project
--   Opening up github issues to express interest in code to implement
+-   Opening up GitHub issues to express interest in code to implement
 -   Opening up PRs referencing any open issue in the repo. PRs should include:
     -   Detailed context of what would be required for merge
     -   Tests that are consistent with how other tests are written in our implementation
@@ -188,12 +205,12 @@ Anyone can become a part-time contributor and help out on implementing Ethereum
 
 ### Core Contributors
 
-Core contributors are remote contractors of Prysmatic Labs, LLC. and are considered critical team members of our organization. Core devs have all of the responsibilities of part-time contributors plus the majority of the following:
+Core contributors are remote contractors of Prysmatic Labs, LLC. and are considered critical team members of our organization. Core devs have all the responsibilities of part-time contributors plus the majority of the following:
 
 -   Stay up to date on the latest beacon chain specification
--   Monitor github issues and PR’s to make sure owner, labels, descriptions are correct
+-   Monitor GitHub issues and PR’s to make sure owner, labels, descriptions are correct
 -   Formulate independent ideas, suggest new work to do, point out improvements to existing approaches
--   Participate in code review, ensure code quality is excellent, and have ensure high code coverage
+-   Participate in code review, ensure code quality is excellent, and ensure high code coverage
 -   Help with social media presence, write bi-weekly development update
 -   Represent Prysmatic Labs at events to help spread the word on scalability research and solutions
 

DEPENDENCIES.md

@@ -1,4 +1,4 @@
-# Dependency Managagement in Prysm
+# Dependency Management in Prysm
 
 Prysm is go project with many complicated dependencies, including some c++ based libraries. There
 are two parts to Prysm's dependency management. Go modules and bazel managed dependencies. Be sure 
@@ -28,7 +28,7 @@ including complicated c++ dependencies.
 One key advantage of Bazel over vanilla `go build` is that Bazel automatically (re)builds generated
 pb.go files at build time when file changes are present in any protobuf definition file or after
 any updates to the protobuf compiler or other relevant dependencies. Vanilla go users should run
-the following scripts often to ensure their generated files are up to date. Further more, Prysm
+the following scripts often to ensure their generated files are up to date. Furthermore, Prysm
 generates SSZ marshal related code based on defined data structures. These generated files must
 also be updated and checked in as frequently.
 
@@ -55,7 +55,7 @@ bazel build //beacon-chain --config=release
 ## Adding / updating dependencies
 
 1. Add your dependency as you would with go modules. I.e. `go get ...`
-1. Run `gazelle update-repos -from_file=go.mod` to update the bazel managed dependencies.
+1. Run `bazel run //:gazelle -- update-repos -from_file=go.mod` to update the bazel managed dependencies.
 
 Example:
 

INTEROP.md

@@ -2,18 +2,21 @@
 
 This README details how to setup Prysm for interop testing for usage with other Ethereum consensus clients.
 
+> [!IMPORTANT]  
+> This guide is likely to be outdated. The Prysm team does not have capacity to troubleshoot
+> outdated interop guides or instructions. If you experience issues with this guide, please file an
+> issue for visibility and propose fixes, if possible.
+
 ## Installation & Setup
 
 1. Install [Bazel](https://docs.bazel.build/versions/master/install.html) **(Recommended)**
 2. `git clone https://github.com/prysmaticlabs/prysm && cd prysm`
-3. `bazel build //...`
+3. `bazel build //cmd/...`
 
 ## Starting from Genesis
 
-Prysm supports a few ways to quickly launch a beacon node from basic configurations:
-
-- `NumValidators + GenesisTime`: Launches a beacon node by deterministically generating a state from a num-validators flag along with a genesis time **(Recommended)**
-- `SSZ Genesis`: Launches a beacon node  from a .ssz file containing a SSZ-encoded, genesis beacon state
+Prysm can be started from a built-in mainnet genesis state, or started with a provided genesis state by
+using the `--genesis-state` flag and providing a path to the genesis.ssz file.
 
 ## Generating a Genesis State
 
@@ -21,21 +24,34 @@ To setup the necessary files for these quick starts, Prysm provides a tool to ge
 a deterministically generated set of validator private keys following the official interop YAML format 
 [here](https://github.com/ethereum/eth2.0-pm/blob/master/interop/mocked_start).
 
-You can use `bazel run //tools/genesis-state-gen` to create a deterministic genesis state for interop.
+You can use `prysmctl` to create a deterministic genesis state for interop.
 
-### Usage
-
-- **--genesis-time** uint: Unix timestamp used as the genesis time in the generated genesis state (defaults to now)
-- **--mainnet-config** bool: Select whether genesis state should be generated with mainnet or minimal (default) params
-- **--num-validators** int: Number of validators to deterministically include in the generated genesis state
-- **--output-ssz** string: Output filename of the SSZ marshaling of the generated genesis state
-
-The example below creates 64 validator keys, instantiates a genesis state with those 64 validators and with genesis unix timestamp 1567542540,
-and finally writes a ssz encoded output to ~/Desktop/genesis.ssz. This file can be used to kickstart the beacon chain in the next section.
+```sh
+# Download (or create) a chain config file.
+curl https://raw.githubusercontent.com/ethereum/consensus-specs/refs/heads/dev/configs/minimal.yaml -o /tmp/minimal.yaml
 
+# Run prysmctl to generate genesis with a 2 minute genesis delay and 256 validators. 
+bazel run //cmd/prysmctl --config=minimal -- \
+  testnet generate-genesis \
+  --genesis-time-delay=120 \
+  --num-validators=256 \
+  --output-ssz=/tmp/genesis.ssz \
+  --chain-config-file=/tmp/minimal.yaml
 ```
-bazel run //tools/genesis-state-gen -- --output-ssz ~/Desktop/genesis.ssz --num-validators 64 --genesis-time 1567542540
-```
+
+The flags are explained below:
+- `bazel run //cmd/prysmctl` is the bazel command to compile and run prysmctl.
+- `--config=minimal` is a bazel build time configuration flag to compile Prysm with minimal state constants.
+- `--` is an argument divider to tell bazel that everything after this divider should be passed as arguments to prysmctl. Without this divider, it isn't clear to bazel if the arguments are meant to be build time arguments or runtime arguments so the operation complains and fails to build without this divider.
+- `testnet` is the primary command argument for prysmctl.
+- `generate-genesis` is the subcommand to `testnet` in prysmctl.
+- `--genesis-time-delay` uint: The number of seconds in the future to define genesis. Example: a value of 60 will set the genesis time to 1 minute in the future. This should be sufficiently large enough to allow for you to start the beacon node before the genesis time. 
+- `--num-validators` int: Number of validators to deterministically include in the generated genesis state
+- `--output-ssz` string: Output filename of the SSZ marshaling of the generated genesis state
+- `--chain-config-file` string: Filepath to a chain config yaml file.
+
+Note: This guide saves items to the `/tmp/` directory which will not persist if your machine is
+restarted. Consider tweaking the arguments if persistence is needed.
 
 ## Launching a Beacon Node + Validator Client
 
@@ -44,41 +60,33 @@ bazel run //tools/genesis-state-gen -- --output-ssz ~/Desktop/genesis.ssz --num-
 Open up two terminal windows, run:
 
 ```
-bazel run //beacon-chain -- \
---bootstrap-node= \
---deposit-contract $(curl -s https://prylabs.net/contract) \
---force-clear-db \
---interop-num-validators 64 \
---interop-eth1data-votes
+bazel run //cmd/beacon-chain --config=minimal -- \
+  --minimal-config \
+  --bootstrap-node= \
+  --deposit-contract 0x8A04d14125D0FDCDc742F4A05C051De07232EDa4 \
+  --datadir=/tmp/beacon-chain-minimal-devnet \
+  --force-clear-db \
+  --min-sync-peers=0 \
+  --genesis-state=/tmp/genesis.ssz \
+  --chain-config-file=/tmp/minimal.yaml
 ```
 
-This will deterministically generate a beacon genesis state and start
-the system with 64 validators and the genesis time set to the current unix timestamp.
-Wait a bit until your beacon chain starts, and in the other window:
+This will start the system with 256 validators. The flags used can be explained as such:
+
+- `bazel run //cmd/beacon-chain --config=minimal` builds and runs the beacon node in minimal build configuration.
+- `--` is a flag divider to distinguish between bazel flags and flags that should be passed to the application. All flags and arguments after this divider are passed to the beacon chain.
+- `--minimal-config` tells the beacon node to use minimal network configuration. This is different from the compile time state configuration flag `--config=minimal` and both are required.
+- `--bootstrap-node=` disables the default bootstrap nodes. This prevents the client from attempting to peer with mainnet nodes.
+- `--datadir=/tmp/beacon-chain-minimal-devnet` sets the data directory in a temporary location. Change this to your preferred destination.
+- `--force-clear-db` will delete the beaconchain.db file without confirming with the user. This is helpful for iteratively running local devnets without changing the datadir, but less helpful for one off runs where there was no database in the data directory.
+- `--min-sync-peers=0` allows the beacon node to skip initial sync without peers. This is essential because Prysm expects at least a few peers to start the blockchain.
+- `--genesis-state=/tmp/genesis.ssz` defines the path to the generated genesis ssz file. The beacon node will use this as the initial genesis state.
+- `--chain-config-file=/tmp/minimal.yaml` defines the path to the yaml file with the chain configuration.
+
+As soon as the beacon node has started, start the validator in the other terminal window. 
 
 ```
-bazel run //validator -- --keymanager=interop --keymanageropts='{"keys":64}'
+bazel run //cmd/validator --config=minimal -- --datadir=/tmp/validator --interop-num-validators=256 --minimal-config --suggested-fee-recipient=0x8A04d14125D0FDCDc742F4A05C051De07232EDa4
 ```
 
-This will launch and kickstart the system with your 64 validators performing their duties accordingly.
-
-### Launching from `genesis.ssz`
-
-Assuming you generated a `genesis.ssz` file with 64 validators, open up two terminal windows, run:
-
-```
- bazel run //beacon-chain -- \
---bootstrap-node= \
---deposit-contract $(curl -s https://prylabs.net/contract) \
---force-clear-db \
---interop-genesis-state /path/to/genesis.ssz \
---interop-eth1data-votes
-```
-
-Wait a bit until your beacon chain starts, and in the other window:
-
-```
-bazel run //validator -- --keymanager=interop --keymanageropts='{"keys":64}'
-```
-
-This will launch and kickstart the system with your 64 validators performing their duties accordingly.
+This will launch and kickstart the system with your 256 validators performing their duties accordingly.

MODULE.bazel

@@ -0,0 +1,6 @@
+###############################################################################
+# Bazel now uses Bzlmod by default to manage external dependencies.
+# Please consider migrating your external dependencies from WORKSPACE to MODULE.bazel.
+#
+# For more details, please check https://github.com/bazelbuild/bazel/issues/18958
+###############################################################################

README.md

@@ -2,14 +2,16 @@
 
 [![Build status](https://badge.buildkite.com/b555891daf3614bae4284dcf365b2340cefc0089839526f096.svg?branch=master)](https://buildkite.com/prysmatic-labs/prysm)
 [![Go Report Card](https://goreportcard.com/badge/github.com/prysmaticlabs/prysm)](https://goreportcard.com/report/github.com/prysmaticlabs/prysm)
-[![Consensus_Spec_Version 1.1.10](https://img.shields.io/badge/Consensus%20Spec%20Version-v1.1.10-blue.svg)](https://github.com/ethereum/consensus-specs/tree/v1.1.10)
-[![Discord](https://user-images.githubusercontent.com/7288322/34471967-1df7808a-efbb-11e7-9088-ed0b04151291.png)](https://discord.gg/CTYGPUJ)
+[![Consensus_Spec_Version 1.4.0](https://img.shields.io/badge/Consensus%20Spec%20Version-v1.4.0-blue.svg)](https://github.com/ethereum/consensus-specs/tree/v1.4.0)
+[![Execution_API_Version 1.0.0-beta.2](https://img.shields.io/badge/Execution%20API%20Version-v1.0.0.beta.2-blue.svg)](https://github.com/ethereum/execution-apis/tree/v1.0.0-beta.2/src/engine)
+[![Discord](https://user-images.githubusercontent.com/7288322/34471967-1df7808a-efbb-11e7-9088-ed0b04151291.png)](https://discord.gg/prysmaticlabs)
+[![GitPOAP Badge](https://public-api.gitpoap.io/v1/repo/prysmaticlabs/prysm/badge)](https://www.gitpoap.io/gh/prysmaticlabs/prysm)
 
-This is the core repository for Prysm, a [Golang](https://golang.org/) implementation of the [Ethereum Consensus](https://ethereum.org/en/eth2/) specification, developed by [Prysmatic Labs](https://prysmaticlabs.com). See the [Changelog](https://github.com/prysmaticlabs/prysm/releases) for details of the latest releases and upcoming breaking changes.
+This is the core repository for Prysm, a [Golang](https://golang.org/) implementation of the [Ethereum Consensus](https://ethereum.org/en/developers/docs/consensus-mechanisms/#proof-of-stake) [specification](https://github.com/ethereum/consensus-specs), developed by [Offchain Labs](https://www.offchainlabs.com). See the [Changelog](https://github.com/prysmaticlabs/prysm/releases) for details of the latest releases and upcoming breaking changes.
 
 ### Getting Started
 
-A detailed set of installation and usage instructions as well as breakdowns of each individual component are available in the [official documentation portal](https://docs.prylabs.network). If you still have questions, feel free to stop by our [Discord](https://discord.gg/CTYGPUJ).
+A detailed set of installation and usage instructions as well as breakdowns of each individual component are available in the [official documentation portal](https://docs.prylabs.network). If you still have questions, feel free to stop by our [Discord](https://discord.gg/prysmaticlabs).
 
 ### Staking on Mainnet
 

TERMS_OF_SERVICE.md

@@ -1,45 +1,53 @@
-## Terms of Use
+# Terms of Use
+Effective as of November 2, 2023
 
-Effective as of Oct 14, 2020
+By downloading, accessing or using the Prysm implementation (“Prysm”), you (referenced herein as “you” or the “user”) certify that you have read and agreed to the terms and conditions below (the “Terms”) which form a binding contract between you and Offchain Labs, Inc. (as successor in interest to Prysmatic Labs LLC) (referenced herein as “Offchain Labs”, “we” or “us”). If you do not agree to the Terms, do not download or use Prysm.  Additionally, the Terms of Use available at https://arbitrum.io/tos (or any successor site, the “OCL Terms of Use”) are hereby incorporated by reference into these Terms.  In the event of any conflict between provisions set forth herein and those set forth in the OCL Terms of Use, the provisions set forth herein shall control.
 
-By downloading, accessing or using the Prysm implementation (“Prysm”), you (referenced herein as “you” or the “user”) certify that you have read and agreed to the terms and conditions below (the “Terms”) which form a binding contract between you and Prysmatic Labs (referenced herein as “we” or “us”). If you do not agree to the Terms, do not download or use Prysm.
+## About Prysm
 
-### About Prysm
-Prysm is a client implementation for Ethereum consensus protocol for a proof-of-stake blockchain. To participate in the network, a user must send ETH from the Eth1.0 chain into a validator deposit contract, which will queue in the user as a validator in the system. Validators participate in proposing and voting on blocks in the protocol, and the network applies rewards/penalties based on their behavior. A detailed set of installation and usage instructions as well as breakdowns of each individual component are available in the official documentation portal, however, we do not warrant the accuracy, completeness or usefulness of this documentation. Any reliance you place on such information is strictly at your own risk.
+Prysm is a client implementation for the Ethereum blockchain’s consensus protocol. To participate in the network, a user must send ETH from the Ethereum mainnet blockchain to a validator deposit smart contract on Ethereum mainnet. Validators participate in proposing and voting on blocks in the protocol, and the network applies rewards/penalties based on their behavior. A detailed set of installation and usage instructions as well as breakdowns of each individual component are available in the official documentation portal, however, we do not warrant the accuracy, completeness or usefulness of this documentation. Any reliance you place on such information is strictly at your own risk.
 
-### Licensing Terms
-Prysm is a fully open-source software program licensed pursuant to the GNU General Public License v3.0.
+## Licensing Terms
+Prysm is an open-source software program licensed pursuant to the GNU General Public License v3.0.
+The Offchain Labs name, the term “Prysm” and all related names, logos, product and service names, designs and slogans are trademarks of Offchain Labs or its affiliates and/or licensors. You must not use such marks without our prior written permission.
+PLEASE READ THESE TERMS CAREFULLY, AS THE OCL TERMS OF USE INCORPORATED BY REFERENCE HEREIN CONTAIN AN AGREEMENT TO ARBITRATE AND OTHER IMPORTANT INFORMATION REGARDING YOUR LEGAL RIGHTS, REMEDIES, AND OBLIGATIONS. THE AGREEMENT TO ARBITRATE REQUIRES (WITH LIMITED EXCEPTION) THAT YOU SUBMIT CLAIMS YOU HAVE AGAINST US TO BINDING AND FINAL ARBITRATION, AND FURTHER (1) YOU WILL ONLY BE PERMITTED TO PURSUE CLAIMS AGAINST OFFCHAIN LABS ON AN INDIVIDUAL BASIS, NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY CLASS OR REPRESENTATIVE ACTION OR PROCEEDING, (2) YOU WILL ONLY BE PERMITTED TO SEEK RELIEF (INCLUDING MONETARY, INJUNCTIVE, AND DECLARATORY RELIEF) ON AN INDIVIDUAL BASIS, AND (3) YOU MAY NOT BE ABLE TO HAVE ANY CLAIMS YOU HAVE AGAINST US RESOLVED BY A JURY OR IN A COURT OF LAW.
 
-The Prysmatic Labs name, the term “Prysm” and all related names, logos, product and service names, designs and slogans are trademarks of Prysmatic Labs or its affiliates and/or licensors. You must not use such marks without our prior written permission.
+## Risks of Operating Prysm
 
-### Risks of Operating Prysm
-The use of Prysm and acting as a validator on the Ethereum network can lead to loss of money. Ethereum is still an experimental system and ETH remains a risky investment. You alone are responsible for your actions on Prysm including the security of your ETH and meeting any applicable minimum system requirements.
+The use of Prysm and acting as a validator on the Ethereum network can lead to loss of money, tokens and value. Ethereum is still an experimental system and ETH remains a risky investment. You alone are responsible for your actions on Prysm, including the security of your ETH and meeting any applicable minimum system requirements.
 
 Use of Prysm and the ability to receive rewards or penalties may be affected at any time by mistakes made by the user or other users, software problems such as bugs, errors, incorrectly constructed transactions, unsafe cryptographic libraries or malware affecting the network, technical failures in the hardware of a user, security problems experienced by a user and/or actions or inactions of third parties and/or events experienced by third parties, among other risks. We cannot and do not guarantee that any user of Prysm will make money, that the Prysm network will operate in accordance with the documentation or that transactions will be effective or secure.
 
-We make no claims that Prysm is appropriate or permitted for use in any specific jurisdiction. Access to Prysm may not be legal by certain persons or in certain jurisdictions or countries. If you access Prysm, you do so on your own initiative and are responsible for compliance with local laws.
+YOU ACKNOWLEDGE THAT WE ARE NOT RESPONSIBLE FOR ANY RISKS ASSOCIATED WITH YOUR USE OF PRYSM, AND CANNOT BE HELD LIABLE FOR ANY RESULTING LOSSES THAT YOU EXPERIENCE WHILE ACCESSING OR USING PRYSM.
 
-Some Internet plans will charge an additional amount for any excess upload bandwidth used that isn’t included in the plan and may terminate your connection without warning because of overuse. We advise that you check whether your Internet connection is subjected to such limitations and monitor your bandwidth use so that you can stop Prysm before you reach your upload limit.
+BY ACCESSING AND USING PRYSM, YOU REPRESENT AND WARRANT THAT YOU UNDERSTAND THE INHERENT RISKS ASSOCIATED WITH USING CRYPTOGRAPHIC AND BLOCKCHAIN-BASED SYSTEMS, AND THAT YOU HAVE A WORKING KNOWLEDGE OF THE USAGE AND INTRICACIES OF DIGITAL ASSETS, SUCH AS THOSE FOLLOWING THE ETHEREUM TOKEN STANDARD (ERC-20). YOU FURTHER UNDERSTAND THAT THE MARKETS FOR DIGITAL ASSETS ARE HIGHLY VOLATILE DUE TO VARIOUS FACTORS, INCLUDING ADOPTION, SPECULATION, TECHNOLOGY, SECURITY, AND REGULATION. YOU ACKNOWLEDGE AND ACCEPT THAT THE COST AND SPEED OF TRANSACTING WITH CRYPTOGRAPHIC AND BLOCKCHAIN-BASED SYSTEMS SUCH AS ETHEREUM ARE VARIABLE AND MAY INCREASE DRAMATICALLY AT ANY TIME. YOU UNDERSTAND THAT ANYONE CAN CREATE A TOKEN, INCLUDING FAKE VERSIONS OF EXISTING TOKENS AND TOKENS THAT FALSELY CLAIM TO REPRESENT PROJECTS, AND ACKNOWLEDGE AND ACCEPT THE RISK THAT YOU MAY MISTAKENLY INTERACT WITH THOSE OR OTHER TOKENS. YOU FURTHER ACKNOWLEDGE THAT WE ARE NOT RESPONSIBLE FOR ANY OF THE VARIABLES OR RISKS DESCRIBED IN THESE TERMS. YOU UNDERSTAND AND AGREE TO ASSUME FULL RESPONSIBILITY FOR ALL OF THE RISKS OF ACCESSING AND USING PRYSM. YOU ARE SOLELY RESPONSIBLE FOR YOUR WALLETS, FOR SAFEGUARDING THE ASSOCIATED PRIVATE KEY AND FOR ANY ACTIVITY THAT OCCURS USING YOUR WALLET. WITHOUT LIMITING THE FOREGOING, YOU ALSO UNDERSTAND THAT THERE MAY BE TAX AND REGULATORY RISKS RELATED TO USING PRYSM. IT IS YOUR SOLE RESPONSIBILITY TO DETERMINE WHETHER, AND TO WHAT EXTENT, ANY TAXES APPLY TO ANY TRANSACTIONS YOU CONDUCT IN CONNECTION WITH YOUR USE OF PRYSM, AND TO WITHHOLD, COLLECT, REPORT AND REMIT THE CORRECT AMOUNTS OF TAXES TO THE APPROPRIATE TAX AUTHORITIES. DIGITAL ASSETS, BLOCKCHAIN TECHNOLOGY, AND ANY RELATED SOFTWARE AND SERVICES ARE ALSO SUBJECT TO LEGAL AND REGULATORY UNCERTAINTY IN THE UNITED STATES AND OTHER JURISDICTIONS. YOU UNDERSTAND THAT LEGISLATIVE AND REGULATORY CHANGES OR ACTIONS MAY ADVERSELY AFFECT THE USAGE, TRANSFERABILITY, TRANSACTABILITY AND ACCESSIBILITY RELATED TO PRYSM.
 
-### Warranty Disclaimer
-PRYSM IS PROVIDED ON AN “AS-IS” BASIS AND MAY INCLUDE ERRORS, OMISSIONS, OR OTHER INACCURACIES. PRYSMATIC LABS AND ITS CONTRIBUTORS MAKE NO REPRESENTATIONS OR WARRANTIES ABOUT PRYSM FOR ANY PURPOSE, AND HEREBY EXPRESSLY DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OR ANY OTHER IMPLIED WARRANTY UNDER THE UNIFORM COMPUTER INFORMATION TRANSACTIONS ACT AS ENACTED BY ANY STATE. WE ALSO MAKE NO REPRESENTATIONS OR WARRANTIES THAT PRYSM WILL OPERATE ERROR-FREE, UNINTERRUPTED, OR IN A MANNER THAT WILL MEET YOUR REQUIREMENTS AND/OR NEEDS. THEREFORE, YOU ASSUME THE ENTIRE RISK REGARDING THE QUALITY AND/OR PERFORMANCE OF PRYSM AND ANY TRANSACTIONS ENTERED INTO THEREON.
+We make no claims that Prysm is appropriate or permitted for use in any specific jurisdiction. Access to Prysm may not be legal by certain persons or in certain jurisdictions or countries. If you access Prysm, you do so on your own initiative and are responsible for compliance with all Applicable Law (as defined below), including, without limitation, for the avoidance of doubt, local laws.
 
-### Limitation of Liability
-In no event will Prysmatic Labs or any of its contributors be liable, whether in contract, warranty, tort (including negligence, whether active, passive or imputed), product liability, strict liability or other theory, breach of statutory duty or otherwise arising out of, or in connection with, your use of Prysm, for any direct, indirect, incidental, special or consequential damages (including any loss of profits or data, business interruption or other pecuniary loss, or damage, loss or other compromise of data, in each case whether direct, indirect, incidental, special or consequential) arising out of use Prysm, even if we or other users have been advised of the possibility of such damages. The foregoing limitations and disclaimers shall apply to the maximum extent permitted by applicable law, even if any remedy fails of its essential purpose. You acknowledge and agree that the limitations of liability afforded us hereunder constitute a material and actual inducement and condition to entering into these Terms, and are reasonable, fair and equitable in scope to protect our legitimate interests in light of the fact that we are not receiving consideration from you for providing Prysm.
+Some Internet plans will charge additional amounts for bandwidth or any excess upload bandwidth used that isn’t included in the plan and may terminate your connection without warning because of overuse. We advise that you check whether your Internet connection is subjected to any such limitations and monitor your bandwidth use and upload volumes.
 
-### Indemnification
-To the maximum extent permitted by law, you will defend, indemnify and hold Prysmatic Labs and its contributors harmless from and against any and all claims, actions, suits, investigations, or proceedings by any third party (including any party or purported party to or beneficiary or purported beneficiary of any transaction on Prysm), as well as any and all losses, liabilities,
-damages, costs, and expenses (including reasonable attorneys’ fees) arising out of, accruing from, or in any way related to (i) your breach of the terms of this Agreement, (ii) any transaction, or the failure to occur of any transaction on Prysm, and (iii) your negligence, fraud, or willful misconduct.
+## Warranty Disclaimer
 
-### Compliance with Laws and Tax Obligations
-Your use of Prysm is subject to all applicable laws of any governmental authority, including, without limitation, federal, state and foreign securities laws, tax laws, tariff and trade laws, ordinances, judgments, decrees, injunctions, writs and orders or like actions of any governmental authority and rules, regulations, orders, interpretations, licenses, and permits of any federal,
-regional, state, county, municipal or other governmental authority and you agree to comply with all such laws in your use of Prysm. The users of Prysm are solely responsible to determinate what, if any, taxes apply to their ETH transactions. The owners of, or contributors to, Prysm are not responsible for determining the taxes that apply to ETH transactions.
+PRYSM IS PROVIDED ON AN “AS-IS” BASIS AND MAY INCLUDE ERRORS, OMISSIONS, OR OTHER INACCURACIES. WITHOUT LIMITING ANYTHING SET FORTH ELSEWHERE IN THESE TERMS, OFFCHAIN LABS AND ITS CONTRIBUTORS MAKE NO REPRESENTATIONS OR WARRANTIES ABOUT PRYSM FOR ANY PURPOSE, AND HEREBY EXPRESSLY DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OR ANY OTHER IMPLIED WARRANTY UNDER THE UNIFORM COMPUTER INFORMATION TRANSACTIONS ACT AS ENACTED BY ANY STATE OR OTHER GOVERNMENTAL AUTHORITY. WE ALSO MAKE NO REPRESENTATIONS OR WARRANTIES THAT PRYSM WILL OPERATE ERROR-FREE, UNINTERRUPTED, OR IN A MANNER THAT WILL MEET YOUR REQUIREMENTS AND/OR NEEDS. THEREFORE, YOU ASSUME THE ENTIRE RISK REGARDING THE QUALITY AND/OR PERFORMANCE OF PRYSM AND ANY TRANSACTIONS ENTERED INTO THEREON.
 
-### Miscellaneous
-These Terms will be construed and enforced in accordance with the laws of the state of Illinois as applied to agreements entered into and completely performed in Illinois. You agree to the personal jurisdiction by and venue in Illinois and waive any objection to such jurisdiction or venue.
+## Limitation of Liability
 
-We reserve the right to revise these Terms, and your rights and obligations are at all times subject to the then-current Terms provided on Prysm. Your continued use of Prysm constitutes acceptance of such revised Terms.
+IN NO EVENT WILL OFFCHAIN LABS OR ANY OF ITS AFFILIATES OR ITS OR ANY SUCH AFFILIATE’S DIRECTORS, OFFICERS, EMPLOYEES, AGENTS, OR REPRESENTATIVES OR ANY CONTRIBUTORS (COLLECTIVELY, THE “OCL PARTIES”) BE LIABLE, WHETHER IN CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE, WHETHER ACTIVE, PASSIVE OR IMPUTED), PRODUCT LIABILITY, STRICT LIABILITY OR OTHER THEORY, BREACH OF STATUTORY DUTY OR OTHERWISE ARISING OUT OF, OR IN CONNECTION WITH, YOUR USE OF PRYSM, FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES (INCLUDING ANY LOSS OF PROFITS OR DATA, BUSINESS INTERRUPTION OR OTHER PECUNIARY LOSS, OR DAMAGE, LOSS OR OTHER COMPROMISE OF DATA, IN EACH CASE WHETHER DIRECT, INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL) ARISING OUT OF USE PRYSM, EVEN IF WE OR OTHER USERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. The foregoing limitations and disclaimers shall apply to the maximum extent permitted by Applicable Law, even if any remedy fails of its essential purpose. You acknowledge and agree that the limitations of liability afforded us hereunder constitute a material and actual inducement and condition to entering into these Terms, and are reasonable, fair and equitable in scope to protect our legitimate interests in light of the fact that we are not receiving consideration from you for providing Prysm.
 
-These Terms constitute the entire agreement between you and Prysmatic Labs regarding use of Prysm and will supersede all prior agreements whether, written or oral. No usage of trade or other regular practice or method of dealing between the parties will be used to modify, interpret, supplement, or alter the terms of these Terms.
+## Indemnification
+
+To the maximum extent permitted by Applicable Law, you will defend, indemnify and hold each OCL Party harmless from and against any and all claims, actions, suits, investigations, or proceedings by any third party (including any party or purported party to or beneficiary or purported beneficiary of any transaction or other activity on Prysm), as well as any and all losses, liabilities, damages, costs, and expenses (including reasonable attorneys’ fees and costs) arising out of, accruing from, or in any way related to (i) your breach of the terms of this Agreement, (ii) any transaction, or the failure to occur of any transaction on Prysm, and (iii) your negligence, fraud, or willful misconduct.
+
+## Compliance with Laws
+
+Your use of Prysm is subject to all applicable laws of any governmental authority, including, without limitation, federal, state and foreign securities laws, tax laws, tariff and trade laws, ordinances, judgments, decrees, injunctions, writs and orders or like actions of any governmental authority and rules, regulations, orders, interpretations, licenses, and permits of any federal, regional, state, county, municipal or other governmental authority (collectively, “Applicable Law”) and you agree to comply with all such Applicable Law in your use of Prysm. The users of Prysm are solely responsible to determinate what, if any, taxes apply to their ETH transactions. The owners of, or contributors to, Prysm are not responsible for determining the taxes that apply to ETH transactions.
+
+## Miscellaneous
+
+These Terms will be governed by the laws of the State of Delaware without regard to its conflict of law provisions. With respect to any disputes or claims not subject to arbitration, as set forth in the OCL Terms of Use, you and Offchain Labs submit to the personal and exclusive jurisdiction of the state and federal courts located within New York, New York and waive any objection to such jurisdiction and venue. The failure of Offchain Labs to exercise or enforce any right or provision of these Terms will not constitute a waiver of such right or provision.
+We reserve the right to revise these Terms, and your rights and obligations are at all times subject to the then-current Terms provided on Prysm. Your  use of Prysm following any such revision to these Terms constitutes acceptance of such revised Terms.
+
+These Terms constitute the entire agreement between you and Offchain Labs regarding use of Prysm and will supersede all prior agreements whether, written or oral. No usage of trade or other regular practice or method of dealing between the parties will be used to modify, interpret, supplement, or alter the terms of these Terms.
+
+If any portion of these Terms is held invalid or unenforceable, such invalidity or enforceability will not affect the other provisions of these Terms, which will remain in full force and effect, and the invalid or unenforceable portion will be given effect to the greatest extent possible. The failure of a party to require performance of any provision will not affect that party’s right to require performance at any time thereafter, nor will a waiver of any breach or default of these Terms or any provision of these Terms constitute a waiver of any subsequent breach or default or a waiver of the provision itself.
 
-If any portion of these Terms is held invalid or unenforceable, such invalidity or enforceability will not affect the other provisions of these Terms, which will remain in full force and effect, and the invalid or unenforceable portion will be given effect to the greatest extent possible. The failure of a party to require performance of any provision will not affect that party’s right to require performance at any time thereafter, nor will a waiver of any breach or default of these Terms or any provision of these Terms constitute a waiver of any subsequent breach or default or a waiver of the provision itself.

WORKSPACE

@@ -4,47 +4,54 @@ load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
 load("@bazel_tools//tools/build_defs/repo:git.bzl", "git_repository")
 
 http_archive(
-    name = "bazel_toolchains",
-    sha256 = "8e0633dfb59f704594f19ae996a35650747adc621ada5e8b9fb588f808c89cb0",
-    strip_prefix = "bazel-toolchains-3.7.0",
+    name = "rules_pkg",
+    sha256 = "8c20f74bca25d2d442b327ae26768c02cf3c99e93fad0381f32be9aab1967675",
     urls = [
-        "https://mirror.bazel.build/github.com/bazelbuild/bazel-toolchains/releases/download/3.7.0/bazel-toolchains-3.7.0.tar.gz",
-        "https://github.com/bazelbuild/bazel-toolchains/releases/download/3.7.0/bazel-toolchains-3.7.0.tar.gz",
+        "https://mirror.bazel.build/github.com/bazelbuild/rules_pkg/releases/download/0.8.1/rules_pkg-0.8.1.tar.gz",
+        "https://github.com/bazelbuild/rules_pkg/releases/download/0.8.1/rules_pkg-0.8.1.tar.gz",
     ],
 )
 
+load("@rules_pkg//:deps.bzl", "rules_pkg_dependencies")
+
+rules_pkg_dependencies()
+
+HERMETIC_CC_TOOLCHAIN_VERSION = "v3.0.1"
+
 http_archive(
-    name = "com_grail_bazel_toolchain",
-    sha256 = "040b9d00b8a03e8a28e38159ad0f2d0e0de625d93f453a9f226971a8c47e757b",
-    strip_prefix = "bazel-toolchain-5f82830f9d6a1941c3eb29683c1864ccf2862454",
-    urls = ["https://github.com/grailbio/bazel-toolchain/archive/5f82830f9d6a1941c3eb29683c1864ccf2862454.tar.gz"],
+    name = "hermetic_cc_toolchain",
+    sha256 = "3bc6ec127622fdceb4129cb06b6f7ab098c4d539124dde96a6318e7c32a53f7a",
+    urls = [
+        "https://mirror.bazel.build/github.com/uber/hermetic_cc_toolchain/releases/download/{0}/hermetic_cc_toolchain-{0}.tar.gz".format(HERMETIC_CC_TOOLCHAIN_VERSION),
+        "https://github.com/uber/hermetic_cc_toolchain/releases/download/{0}/hermetic_cc_toolchain-{0}.tar.gz".format(HERMETIC_CC_TOOLCHAIN_VERSION),
+    ],
 )
 
-load("@com_grail_bazel_toolchain//toolchain:deps.bzl", "bazel_toolchain_dependencies")
+load("@hermetic_cc_toolchain//toolchain:defs.bzl", zig_toolchains = "toolchains")
 
-bazel_toolchain_dependencies()
+zig_toolchains()
 
-load("@com_grail_bazel_toolchain//toolchain:rules.bzl", "llvm_toolchain")
-
-llvm_toolchain(
-    name = "llvm_toolchain",
-    llvm_version = "10.0.0",
+# Register zig sdk toolchains with support for Ubuntu 20.04 (Focal Fossa) which has an EOL date of April, 2025.
+# For ubuntu glibc support, see https://launchpad.net/ubuntu/+source/glibc
+register_toolchains(
+    "@zig_sdk//toolchain:linux_amd64_gnu.2.31",
+    "@zig_sdk//toolchain:linux_arm64_gnu.2.31",
+    # Hermetic cc toolchain is not yet supported on darwin. Sysroot needs to be provided.
+    # See https://github.com/uber/hermetic_cc_toolchain#osx-sysroot
+    #    "@zig_sdk//toolchain:darwin_amd64",
+    #    "@zig_sdk//toolchain:darwin_arm64",
+    # Windows builds are not supported yet.
+    #    "@zig_sdk//toolchain:windows_amd64",
 )
 
-load("@llvm_toolchain//:toolchains.bzl", "llvm_register_toolchains")
+load("@prysm//tools/cross-toolchain:darwin_cc_hack.bzl", "configure_nonhermetic_darwin")
 
-llvm_register_toolchains()
+configure_nonhermetic_darwin()
 
 load("@prysm//tools/cross-toolchain:prysm_toolchains.bzl", "configure_prysm_toolchains")
 
 configure_prysm_toolchains()
 
-load("@prysm//tools/cross-toolchain:rbe_toolchains_config.bzl", "rbe_toolchains_config")
-
-rbe_toolchains_config()
-
-load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
-
 http_archive(
     name = "bazel_skylib",
     sha256 = "1c531376ac7e5a180e0237938a2536de0c54d93f5c278634818e0efc952dd56c",
@@ -60,10 +67,10 @@ bazel_skylib_workspace()
 
 http_archive(
     name = "bazel_gazelle",
-    sha256 = "5982e5463f171da99e3bdaeff8c0f48283a7a5f396ec5282910b9e8a49c0dd7e",
+    integrity = "sha256-MpOL2hbmcABjA1R5Bj2dJMYO2o15/Uc5Vj9Q0zHLMgk=",
     urls = [
-        "https://mirror.bazel.build/github.com/bazelbuild/bazel-gazelle/releases/download/v0.25.0/bazel-gazelle-v0.25.0.tar.gz",
-        "https://github.com/bazelbuild/bazel-gazelle/releases/download/v0.25.0/bazel-gazelle-v0.25.0.tar.gz",
+        "https://mirror.bazel.build/github.com/bazelbuild/bazel-gazelle/releases/download/v0.35.0/bazel-gazelle-v0.35.0.tar.gz",
+        "https://github.com/bazelbuild/bazel-gazelle/releases/download/v0.35.0/bazel-gazelle-v0.35.0.tar.gz",
     ],
 )
 
@@ -75,10 +82,52 @@ http_archive(
 )
 
 http_archive(
-    name = "io_bazel_rules_docker",
-    sha256 = "1f4e59843b61981a96835dc4ac377ad4da9f8c334ebe5e0bb3f58f80c09735f4",
-    strip_prefix = "rules_docker-0.19.0",
-    urls = ["https://github.com/bazelbuild/rules_docker/releases/download/v0.19.0/rules_docker-v0.19.0.tar.gz"],
+    name = "rules_distroless",
+    sha256 = "e64f06e452cd153aeab81f752ccf4642955b3af319e64f7bc7a7c9252f76b10e",
+    strip_prefix = "rules_distroless-f5e678217b57ce3ad2f1c0204bd4e9d416255773",
+    url = "https://github.com/GoogleContainerTools/rules_distroless/archive/f5e678217b57ce3ad2f1c0204bd4e9d416255773.tar.gz",
+)
+
+load("@rules_distroless//distroless:dependencies.bzl", "rules_distroless_dependencies")
+
+rules_distroless_dependencies()
+
+http_archive(
+    name = "distroless",
+    integrity = "sha256-Cf00kUp1NyXA3LzbdyYy4Kda27wbkB8+A9MliTxq4jE=",
+    strip_prefix = "distroless-9dc924b9fe812eec2fa0061824dcad39eb09d0d6",
+    url = "https://github.com/GoogleContainerTools/distroless/archive/9dc924b9fe812eec2fa0061824dcad39eb09d0d6.tar.gz",  # 2024-01-24
+)
+
+http_archive(
+    name = "aspect_bazel_lib",
+    sha256 = "a272d79bb0ac6b6965aa199b1f84333413452e87f043b53eca7f347a23a478e8",
+    strip_prefix = "bazel-lib-2.9.3",
+    url = "https://github.com/bazel-contrib/bazel-lib/releases/download/v2.9.3/bazel-lib-v2.9.3.tar.gz",
+)
+
+load("@aspect_bazel_lib//lib:repositories.bzl", "aspect_bazel_lib_dependencies", "aspect_bazel_lib_register_toolchains")
+
+aspect_bazel_lib_dependencies()
+
+aspect_bazel_lib_register_toolchains()
+
+http_archive(
+    name = "rules_oci",
+    sha256 = "4a276e9566c03491649eef63f27c2816cc222f41ccdebd97d2c5159e84917c3b",
+    strip_prefix = "rules_oci-1.7.4",
+    url = "https://github.com/bazel-contrib/rules_oci/releases/download/v1.7.4/rules_oci-v1.7.4.tar.gz",
+)
+
+load("@rules_oci//oci:dependencies.bzl", "rules_oci_dependencies")
+
+rules_oci_dependencies()
+
+load("@rules_oci//oci:repositories.bzl", "LATEST_CRANE_VERSION", "oci_register_toolchains")
+
+oci_register_toolchains(
+    name = "oci",
+    crane_version = LATEST_CRANE_VERSION,
 )
 
 http_archive(
@@ -88,10 +137,10 @@ http_archive(
         # Expose internals of go_test for custom build transitions.
         "//third_party:io_bazel_rules_go_test.patch",
     ],
-    sha256 = "f2dcd210c7095febe54b804bb1cd3a58fe8435a909db2ec04e31542631cf715c",
+    sha256 = "80a98277ad1311dacd837f9b16db62887702e9f1d1c4c9f796d0121a46c8e184",
     urls = [
-        "https://mirror.bazel.build/github.com/bazelbuild/rules_go/releases/download/v0.31.0/rules_go-v0.31.0.zip",
-        "https://github.com/bazelbuild/rules_go/releases/download/v0.31.0/rules_go-v0.31.0.zip",
+        "https://mirror.bazel.build/github.com/bazelbuild/rules_go/releases/download/v0.46.0/rules_go-v0.46.0.zip",
+        "https://github.com/bazelbuild/rules_go/releases/download/v0.46.0/rules_go-v0.46.0.zip",
     ],
 )
 
@@ -110,88 +159,36 @@ git_repository(
     # gazelle args: -go_prefix github.com/gogo/protobuf -proto legacy
 )
 
-http_archive(
-    name = "fuzzit_linux",
-    build_file_content = "exports_files([\"fuzzit\"])",
-    sha256 = "9ca76ac1c22d9360936006efddf992977ebf8e4788ded8e5f9d511285c9ac774",
-    urls = ["https://github.com/fuzzitdev/fuzzit/releases/download/v2.4.76/fuzzit_Linux_x86_64.zip"],
+load("@rules_oci//oci:pull.bzl", "oci_pull")
+
+# A multi-arch base image
+oci_pull(
+    name = "linux_debian11_multiarch_base",  # Debian bullseye
+    digest = "sha256:b82f113425c5b5c714151aaacd8039bc141821cdcd3c65202d42bdf9c43ae60b",  # 2023-12-12
+    image = "gcr.io/prysmaticlabs/distroless/cc-debian11",
+    platforms = [
+        "linux/amd64",
+        "linux/arm64/v8",
+    ],
+    reproducible = True,
 )
 
-load(
-    "@io_bazel_rules_docker//repositories:repositories.bzl",
-    container_repositories = "repositories",
-)
+load("@prysm//tools:image_deps.bzl", "prysm_image_deps")
 
-container_repositories()
-
-load(
-    "@io_bazel_rules_docker//container:container.bzl",
-    "container_pull",
-)
-
-container_pull(
-    name = "cc_image_base",
-    digest = "sha256:2c4bb6b7236db0a55ec54ba8845e4031f5db2be957ac61867872bf42e56c4deb",
-    registry = "gcr.io",
-    repository = "distroless/cc",
-)
-
-container_pull(
-    name = "cc_debug_image_base",
-    digest = "sha256:3680c61e81f68fc00bfb5e1ec65e8e678aaafa7c5f056bc2681c29527ebbb30c",
-    registry = "gcr.io",
-    repository = "distroless/cc",
-)
-
-container_pull(
-    name = "go_image_base",
-    digest = "sha256:ba7a315f86771332e76fa9c3d423ecfdbb8265879c6f1c264d6fff7d4fa460a4",
-    registry = "gcr.io",
-    repository = "distroless/base",
-)
-
-container_pull(
-    name = "go_debug_image_base",
-    digest = "sha256:efd8711717d9e9b5d0dbb20ea10876dab0609c923bc05321b912f9239090ca80",
-    registry = "gcr.io",
-    repository = "distroless/base",
-)
-
-container_pull(
-    name = "alpine_cc_linux_amd64",
-    digest = "sha256:752aa0c9a88461ffc50c5267bb7497ef03a303e38b2c8f7f2ded9bebe5f1f00e",
-    registry = "index.docker.io",
-    repository = "pinglamb/alpine-glibc",
-)
-
-container_pull(
-    name = "fuzzit_base",
-    digest = "sha256:24a39a4360b07b8f0121eb55674a2e757ab09f0baff5569332fefd227ee4338f",
-    registry = "gcr.io",
-    repository = "fuzzit-public/stretch-llvm8",
-)
+prysm_image_deps()
 
 load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_dependencies")
 
 go_rules_dependencies()
 
 go_register_toolchains(
-    go_version = "1.18.1",
+    go_version = "1.22.10",
     nogo = "@//:nogo",
 )
 
-http_archive(
-    name = "prysm_testnet_site",
-    build_file_content = """
-proto_library(
-  name = "faucet_proto",
-  srcs = ["src/proto/faucet.proto"],
-  visibility = ["//visibility:public"],
-)""",
-    sha256 = "29742136ff9faf47343073c4569a7cf21b8ed138f726929e09e3c38ab83544f7",
-    strip_prefix = "prysm-testnet-site-5c711600f0a77fc553b18cf37b880eaffef4afdb",
-    url = "https://github.com/prestonvanloon/prysm-testnet-site/archive/5c711600f0a77fc553b18cf37b880eaffef4afdb.tar.gz",
-)
+load("//:distroless_deps.bzl", "distroless_deps")
+
+distroless_deps()
 
 http_archive(
     name = "io_kubernetes_build",
@@ -211,11 +208,26 @@ filegroup(
     visibility = ["//visibility:public"],
 )
     """,
-    sha256 = "91434d5fd5e1c6eb7b0174fed2afe25e09bddf00e1e4c431db931b2cee4e7773",
-    url = "https://github.com/eth-clients/slashing-protection-interchange-tests/archive/b8413ca42dc92308019d0d4db52c87e9e125c4e9.tar.gz",
+    sha256 = "516d551cfb3e50e4ac2f42db0992f4ceb573a7cb1616d727a725c8161485329f",
+    url = "https://github.com/eth-clients/slashing-protection-interchange-tests/archive/refs/tags/v5.3.0.tar.gz",
 )
 
-consensus_spec_version = "v1.1.10"
+http_archive(
+    name = "eip4881_spec_tests",
+    build_file_content = """
+filegroup(
+    name = "test_data",
+    srcs = glob([
+        "**/*.yaml",
+    ]),
+    visibility = ["//visibility:public"],
+)
+    """,
+    sha256 = "89cb659498c0d196fc9f957f8b849b2e1a5c041c3b2b3ae5432ac5c26944297e",
+    url = "https://github.com/ethereum/EIPs/archive/5480440fe51742ed23342b68cf106cefd427e39d.tar.gz",
+)
+
+consensus_spec_version = "v1.5.0-beta.0"
 
 bls_test_version = "v0.1.1"
 
@@ -231,7 +243,7 @@ filegroup(
     visibility = ["//visibility:public"],
 )
     """,
-    sha256 = "28043009cc2f6fc9804e73c8c1fc2cb27062f1591e6884f3015ae1dd7a276883",
+    integrity = "sha256-HdMlTN3wv+hUMCkIRPk+EHcLixY1cSZlvkx3obEp4AM=",
     url = "https://github.com/ethereum/consensus-spec-tests/releases/download/%s/general.tar.gz" % consensus_spec_version,
 )
 
@@ -247,7 +259,7 @@ filegroup(
     visibility = ["//visibility:public"],
 )
     """,
-    sha256 = "bc1a283ca068f310f04d70c4f6a8eaa0b8f7e9318073a8bdc2ee233111b4e339",
+    integrity = "sha256-eX/ihmHQ+OvfoGJxSMgy22yAU3SZ3xjsX0FU0EaZrSs=",
     url = "https://github.com/ethereum/consensus-spec-tests/releases/download/%s/minimal.tar.gz" % consensus_spec_version,
 )
 
@@ -263,7 +275,7 @@ filegroup(
     visibility = ["//visibility:public"],
 )
     """,
-    sha256 = "bbabb482c229ff9d4e2c7b77c992edb452f9d0af7c6d8dd4f922f06a7b101e81",
+    integrity = "sha256-k3Onf42vOzIqyddecR6G82sDy3mmDA+R8RN66QjB0GI=",
     url = "https://github.com/ethereum/consensus-spec-tests/releases/download/%s/mainnet.tar.gz" % consensus_spec_version,
 )
 
@@ -278,7 +290,7 @@ filegroup(
     visibility = ["//visibility:public"],
 )
     """,
-    sha256 = "408a5524548ad3fcf387f65ac7ec52781d9ee899499720bb12451b48a15818d4",
+    integrity = "sha256-N/d4AwdOSlb70Dr+2l20dfXxNSzJDj/qKA9Rkn8Gb5w=",
     strip_prefix = "consensus-specs-" + consensus_spec_version[1:],
     url = "https://github.com/ethereum/consensus-specs/archive/refs/tags/%s.tar.gz" % consensus_spec_version,
 )
@@ -309,43 +321,67 @@ filegroup(
     visibility = ["//visibility:public"],
 )
     """,
-    sha256 = "4e8a18b21d056c4032605621b1a6632198eabab57cb90c61e273f344c287f1b2",
-    strip_prefix = "eth2-networks-791a5369c5981e829698b17fbcdcdacbdaba97c8",
-    url = "https://github.com/eth-clients/eth2-networks/archive/791a5369c5981e829698b17fbcdcdacbdaba97c8.tar.gz",
+    sha256 = "77e7e3ed65e33b7bb19d30131f4c2bb39e4dfeb188ab9ae84651c3cc7600131d",
+    strip_prefix = "eth2-networks-934c948e69205dcf2deb87e4ae6cc140c335f94d",
+    url = "https://github.com/eth-clients/eth2-networks/archive/934c948e69205dcf2deb87e4ae6cc140c335f94d.tar.gz",
 )
 
 http_archive(
-    name = "com_github_bazelbuild_buildtools",
-    sha256 = "7a182df18df1debabd9e36ae07c8edfa1378b8424a04561b674d933b965372b3",
-    strip_prefix = "buildtools-f2aed9ee205d62d45c55cfabbfd26342f8526862",
-    url = "https://github.com/bazelbuild/buildtools/archive/f2aed9ee205d62d45c55cfabbfd26342f8526862.zip",
-)
-
-git_repository(
-    name = "com_google_protobuf",
-    commit = "436bd7880e458532901c58f4d9d1ea23fa7edd52",
-    remote = "https://github.com/protocolbuffers/protobuf",
-    shallow_since = "1617835118 -0700",
-)
-
-# Group the sources of the library so that CMake rule have access to it
-all_content = """filegroup(name = "all", srcs = glob(["**"]), visibility = ["//visibility:public"])"""
-
-# External dependencies
-
-http_archive(
-    name = "prysm_web_ui",
+    name = "holesky_testnet",
     build_file_content = """
 filegroup(
-    name = "site",
-    srcs = glob(["**/*"]),
+    name = "configs",
+    srcs = [
+        "metadata/config.yaml",
+    ],
     visibility = ["//visibility:public"],
 )
 """,
-    sha256 = "4797a7e594a5b1f4c1c8080701613f3ee451b01ec0861499ea7d9b60877a6b23",
-    urls = [
-        "https://github.com/prysmaticlabs/prysm-web-ui/releases/download/v1.0.3/prysm-web-ui.tar.gz",
+    integrity = "sha256-b7ZTT+olF+VXEJYNTV5jggNtCkt9dOejm1i2VE+zy+0=",
+    strip_prefix = "holesky-874c199423ccd180607320c38cbaca05d9a1573a",
+    url = "https://github.com/eth-clients/holesky/archive/874c199423ccd180607320c38cbaca05d9a1573a.tar.gz",  # 2024-06-18
+)
+
+http_archive(
+    name = "sepolia_testnet",
+    build_file_content = """
+filegroup(
+    name = "configs",
+    srcs = [
+        "metadata/config.yaml",
     ],
+    visibility = ["//visibility:public"],
+)
+""",
+    integrity = "sha256-cY/UgpCcYEhQf7JefD65FI8tn/A+rAvKhcm2/qiVdqY=",
+    strip_prefix = "sepolia-f2c219a93c4491cee3d90c18f2f8e82aed850eab",
+    url = "https://github.com/eth-clients/sepolia/archive/f2c219a93c4491cee3d90c18f2f8e82aed850eab.tar.gz",  # 2024-09-19
+)
+
+http_archive(
+    name = "com_google_protobuf",
+    sha256 = "9bd87b8280ef720d3240514f884e56a712f2218f0d693b48050c836028940a42",
+    strip_prefix = "protobuf-25.1",
+    urls = [
+        "https://github.com/protocolbuffers/protobuf/archive/v25.1.tar.gz",
+    ],
+)
+
+# External dependencies
+http_archive(
+    name = "googleapis",
+    sha256 = "9d1a930e767c93c825398b8f8692eca3fe353b9aaadedfbcf1fca2282c85df88",
+    strip_prefix = "googleapis-64926d52febbf298cb82a8f472ade4a3969ba922",
+    urls = [
+        "https://github.com/googleapis/googleapis/archive/64926d52febbf298cb82a8f472ade4a3969ba922.zip",
+    ],
+)
+
+load("@googleapis//:repository_rules.bzl", "switched_rules_by_language")
+
+switched_rules_by_language(
+    name = "com_google_googleapis_imports",
+    go = True,
 )
 
 load("//:deps.bzl", "prysm_deps")
@@ -361,28 +397,6 @@ load("@prysm//testing/endtoend:deps.bzl", "e2e_deps")
 
 e2e_deps()
 
-load(
-    "@io_bazel_rules_docker//go:image.bzl",
-    _go_image_repos = "repositories",
-)
-
-# Golang images
-# This is using gcr.io/distroless/base
-_go_image_repos()
-
-# CC images
-# This is using gcr.io/distroless/base
-load(
-    "@io_bazel_rules_docker//cc:image.bzl",
-    _cc_image_repos = "repositories",
-)
-
-_cc_image_repos()
-
-load("@io_bazel_rules_go//extras:embed_data_deps.bzl", "go_embed_data_dependencies")
-
-go_embed_data_dependencies()
-
 load("@com_github_atlassian_bazel_tools//gometalinter:deps.bzl", "gometalinter_dependencies")
 
 gometalinter_dependencies()
@@ -391,10 +405,6 @@ load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies")
 
 gazelle_dependencies()
 
-load("@com_github_bazelbuild_buildtools//buildifier:deps.bzl", "buildifier_dependencies")
-
-buildifier_dependencies()
-
 load("@com_google_protobuf//:protobuf_deps.bzl", "protobuf_deps")
 
 protobuf_deps()

api/BUILD.bazel

@@ -0,0 +1,24 @@
+load("@prysm//tools/go:def.bzl", "go_library", "go_test")
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "constants.go",
+        "headers.go",
+        "jwt.go",
+    ],
+    importpath = "github.com/prysmaticlabs/prysm/v5/api",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//crypto/rand:go_default_library",
+        "@com_github_ethereum_go_ethereum//common/hexutil:go_default_library",
+        "@com_github_pkg_errors//:go_default_library",
+    ],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = ["jwt_test.go"],
+    embed = [":go_default_library"],
+    deps = ["//testing/require:go_default_library"],
+)

api/client/BUILD.bazel

@@ -0,0 +1,20 @@
+load("@prysm//tools/go:def.bzl", "go_library", "go_test")
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "client.go",
+        "errors.go",
+        "options.go",
+    ],
+    importpath = "github.com/prysmaticlabs/prysm/v5/api/client",
+    visibility = ["//visibility:public"],
+    deps = ["@com_github_pkg_errors//:go_default_library"],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = ["client_test.go"],
+    embed = [":go_default_library"],
+    deps = ["//testing/require:go_default_library"],
+)

api/client/beacon/BUILD.bazel

@@ -6,13 +6,17 @@ go_library(
         "checkpoint.go",
         "client.go",
         "doc.go",
-        "errors.go",
+        "health.go",
+        "log.go",
     ],
-    importpath = "github.com/prysmaticlabs/prysm/api/client/beacon",
+    importpath = "github.com/prysmaticlabs/prysm/v5/api/client/beacon",
     visibility = ["//visibility:public"],
     deps = [
+        "//api/client:go_default_library",
+        "//api/client/beacon/iface:go_default_library",
+        "//api/server:go_default_library",
+        "//api/server/structs:go_default_library",
         "//beacon-chain/core/helpers:go_default_library",
-        "//beacon-chain/rpc/apimiddleware:go_default_library",
         "//beacon-chain/state:go_default_library",
         "//consensus-types/interfaces:go_default_library",
         "//consensus-types/primitives:go_default_library",
@@ -35,13 +39,17 @@ go_test(
     srcs = [
         "checkpoint_test.go",
         "client_test.go",
+        "health_test.go",
     ],
     embed = [":go_default_library"],
     deps = [
+        "//api/client:go_default_library",
+        "//api/client/beacon/testing:go_default_library",
         "//beacon-chain/state:go_default_library",
         "//config/params:go_default_library",
+        "//consensus-types/blocks:go_default_library",
+        "//consensus-types/blocks/testing:go_default_library",
         "//consensus-types/primitives:go_default_library",
-        "//consensus-types/wrapper:go_default_library",
         "//encoding/ssz/detect:go_default_library",
         "//network/forks:go_default_library",
         "//proto/prysm/v1alpha1:go_default_library",
@@ -50,5 +58,6 @@ go_test(
         "//testing/util:go_default_library",
         "//time/slots:go_default_library",
         "@com_github_pkg_errors//:go_default_library",
+        "@org_uber_go_mock//gomock:go_default_library",
     ],
 )

api/client/beacon/checkpoint.go

@@ -5,90 +5,190 @@ import (
 	"fmt"
 	"path"
 
+	"github.com/ethereum/go-ethereum/common/hexutil"
 	"github.com/pkg/errors"
-	"github.com/prysmaticlabs/prysm/beacon-chain/core/helpers"
-	"github.com/prysmaticlabs/prysm/beacon-chain/state"
-	"github.com/prysmaticlabs/prysm/consensus-types/interfaces"
-	types "github.com/prysmaticlabs/prysm/consensus-types/primitives"
-	"github.com/prysmaticlabs/prysm/encoding/ssz/detect"
-	"github.com/prysmaticlabs/prysm/io/file"
-	"github.com/prysmaticlabs/prysm/runtime/version"
-	"github.com/prysmaticlabs/prysm/time/slots"
-	log "github.com/sirupsen/logrus"
+	base "github.com/prysmaticlabs/prysm/v5/api/client"
+	"github.com/prysmaticlabs/prysm/v5/beacon-chain/core/helpers"
+	"github.com/prysmaticlabs/prysm/v5/beacon-chain/state"
+	"github.com/prysmaticlabs/prysm/v5/consensus-types/interfaces"
+	"github.com/prysmaticlabs/prysm/v5/consensus-types/primitives"
+	"github.com/prysmaticlabs/prysm/v5/encoding/bytesutil"
+	"github.com/prysmaticlabs/prysm/v5/encoding/ssz/detect"
+	"github.com/prysmaticlabs/prysm/v5/io/file"
+	"github.com/prysmaticlabs/prysm/v5/runtime/version"
+	"github.com/prysmaticlabs/prysm/v5/time/slots"
+	"github.com/sirupsen/logrus"
 	"golang.org/x/mod/semver"
 )
 
-// OriginData represents the BeaconState and SignedBeaconBlock necessary to start an empty Beacon Node
+var errCheckpointBlockMismatch = errors.New("mismatch between checkpoint sync state and block")
+
+// OriginData represents the BeaconState and ReadOnlySignedBeaconBlock necessary to start an empty Beacon Node
 // using Checkpoint Sync.
 type OriginData struct {
-	wsd *WeakSubjectivityData
 	sb  []byte
 	bb  []byte
+	dsb []byte // Deposit snapshot serialized bytes
 	st  state.BeaconState
-	b   interfaces.SignedBeaconBlock
-	cf  *detect.VersionedUnmarshaler
-}
-
-// CheckpointString returns the standard string representation of a Checkpoint for the block root and epoch for the
-// SignedBeaconBlock value found by DownloadOriginData.
-// The format is a a hex-encoded block root, followed by the epoch of the block, separated by a colon. For example:
-// "0x1c35540cac127315fabb6bf29181f2ae0de1a3fc909d2e76ba771e61312cc49a:74888"
-func (od *OriginData) CheckpointString() string {
-	return fmt.Sprintf("%#x:%d", od.wsd.BlockRoot, od.wsd.Epoch)
+	b   interfaces.ReadOnlySignedBeaconBlock
+	vu  *detect.VersionedUnmarshaler
+	br  [32]byte
+	sr  [32]byte
+	dr  [32]byte // Deposit snapshot root
 }
 
 // SaveBlock saves the downloaded block to a unique file in the given path.
 // For readability and collision avoidance, the file name includes: type, config name, slot and root
-func (od *OriginData) SaveBlock(dir string) (string, error) {
-	blockPath := path.Join(dir, fname("block", od.cf, od.b.Block().Slot(), od.wsd.BlockRoot))
-	return blockPath, file.WriteFile(blockPath, od.BlockBytes())
+func (o *OriginData) SaveBlock(dir string) (string, error) {
+	blockPath := path.Join(dir, fname("block", o.vu, o.b.Block().Slot(), o.br))
+	return blockPath, file.WriteFile(blockPath, o.BlockBytes())
 }
 
 // SaveState saves the downloaded state to a unique file in the given path.
 // For readability and collision avoidance, the file name includes: type, config name, slot and root
-func (od *OriginData) SaveState(dir string) (string, error) {
-	statePath := path.Join(dir, fname("state", od.cf, od.st.Slot(), od.wsd.StateRoot))
-	return statePath, file.WriteFile(statePath, od.StateBytes())
+func (o *OriginData) SaveState(dir string) (string, error) {
+	statePath := path.Join(dir, fname("state", o.vu, o.st.Slot(), o.sr))
+	return statePath, file.WriteFile(statePath, o.StateBytes())
+}
+
+// SaveDepositSnapshot saves the downloaded deposit snapshot to a unique file in the given path.
+func (o *OriginData) SaveDepositSnapshot(dir string) (string, error) {
+	depositPath := path.Join(dir, fname("deposit_snapshot", o.vu, o.st.Slot(), o.dr))
+	return depositPath, file.WriteFile(depositPath, o.DepositSnapshotBytes())
 }
 
 // StateBytes returns the ssz-encoded bytes of the downloaded BeaconState value.
-func (od *OriginData) StateBytes() []byte {
-	return od.sb
+func (o *OriginData) StateBytes() []byte {
+	return o.sb
 }
 
-// BlockBytes returns the ssz-encoded bytes of the downloaded SignedBeaconBlock value.
-func (od *OriginData) BlockBytes() []byte {
-	return od.bb
+// BlockBytes returns the ssz-encoded bytes of the downloaded ReadOnlySignedBeaconBlock value.
+func (o *OriginData) BlockBytes() []byte {
+	return o.bb
 }
 
-func fname(prefix string, cf *detect.VersionedUnmarshaler, slot types.Slot, root [32]byte) string {
-	return fmt.Sprintf("%s_%s_%s_%d-%#x.ssz", prefix, cf.Config.ConfigName, version.String(cf.Fork), slot, root)
+// DepositSnapshotBytes returns the serialized bytes of the downloaded DepositSnapshot value.
+func (o *OriginData) DepositSnapshotBytes() []byte {
+	return o.dsb
 }
 
-// this method downloads the head state, which can be used to find the correct chain config
-// and use prysm's helper methods to compute the latest weak subjectivity epoch.
-func getWeakSubjectivityEpochFromHead(ctx context.Context, client *Client) (types.Epoch, error) {
-	headBytes, err := client.GetState(ctx, IdHead)
+func fname(prefix string, vu *detect.VersionedUnmarshaler, slot primitives.Slot, root [32]byte) string {
+	return fmt.Sprintf("%s_%s_%s_%d-%#x.ssz", prefix, vu.Config.ConfigName, version.String(vu.Fork), slot, root)
+}
+
+// DownloadFinalizedData downloads the most recently finalized state, and the block most recently applied to that state.
+// This pair can be used to initialize a new beacon node via checkpoint sync.
+func DownloadFinalizedData(ctx context.Context, client *Client) (*OriginData, error) {
+	sb, err := client.GetState(ctx, IdFinalized)
 	if err != nil {
-		return 0, err
+		return nil, err
 	}
-	cf, err := detect.FromState(headBytes)
+	vu, err := detect.FromState(sb)
 	if err != nil {
-		return 0, errors.Wrap(err, "error detecting chain config for beacon state")
-	}
-	log.Printf("detected supported config in remote head state, name=%s, fork=%s", cf.Config.ConfigName, version.String(cf.Fork))
-	headState, err := cf.UnmarshalBeaconState(headBytes)
-	if err != nil {
-		return 0, errors.Wrap(err, "error unmarshaling state to correct version")
+		return nil, errors.Wrap(err, "error detecting chain config for finalized state")
 	}
 
-	epoch, err := helpers.LatestWeakSubjectivityEpoch(ctx, headState, cf.Config)
+	log.WithFields(logrus.Fields{
+		"name": vu.Config.ConfigName,
+		"fork": version.String(vu.Fork),
+	}).Info("Detected supported config in remote finalized state")
+
+	s, err := vu.UnmarshalBeaconState(sb)
 	if err != nil {
-		return 0, errors.Wrap(err, "error computing the weak subjectivity epoch from head state")
+		return nil, errors.Wrap(err, "error unmarshaling finalized state to correct version")
 	}
 
-	log.Printf("(computed client-side) weak subjectivity epoch = %d", epoch)
-	return epoch, nil
+	slot := s.LatestBlockHeader().Slot
+	bb, err := client.GetBlock(ctx, IdFromSlot(slot))
+	if err != nil {
+		return nil, errors.Wrapf(err, "error requesting block by slot = %d", slot)
+	}
+	b, err := vu.UnmarshalBeaconBlock(bb)
+	if err != nil {
+		return nil, errors.Wrap(err, "unable to unmarshal block to a supported type using the detected fork schedule")
+	}
+	br, err := b.Block().HashTreeRoot()
+	if err != nil {
+		return nil, errors.Wrap(err, "error computing hash_tree_root of retrieved block")
+	}
+	bodyRoot, err := b.Block().Body().HashTreeRoot()
+	if err != nil {
+		return nil, errors.Wrap(err, "error computing hash_tree_root of retrieved block body")
+	}
+
+	sbr := bytesutil.ToBytes32(s.LatestBlockHeader().BodyRoot)
+	if sbr != bodyRoot {
+		return nil, errors.Wrapf(errCheckpointBlockMismatch, "state body root = %#x, block body root = %#x", sbr, bodyRoot)
+	}
+	sr, err := s.HashTreeRoot(ctx)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to compute htr for finalized state at slot=%d", s.Slot())
+	}
+
+	// Download deposit snapshot
+	dsb, err := client.GetDepositSnapshot(ctx)
+	if err != nil {
+		return nil, errors.Wrap(err, "error retrieving deposit snapshot")
+	}
+
+	dr, err := helpers.ComputeDepositSnapshotRoot(dsb)
+	if err != nil {
+		return nil, errors.Wrap(err, "error computing deposit snapshot root")
+	}
+
+	log.WithFields(logrus.Fields{
+		"blockSlot":   b.Block().Slot(),
+		"stateSlot":   s.Slot(),
+		"stateRoot":   hexutil.Encode(sr[:]),
+		"blockRoot":   hexutil.Encode(br[:]),
+		"depositRoot": hexutil.Encode(dr[:]),
+	}).Info("Downloaded checkpoint sync state, block, and deposit snapshot.")
+
+	return &OriginData{
+		st:  s,
+		b:   b,
+		sb:  sb,
+		bb:  bb,
+		dsb: dsb,
+		vu:  vu,
+		br:  br,
+		sr:  sr,
+		dr:  dr,
+	}, nil
+}
+
+// WeakSubjectivityData represents the state root, block root and epoch of the BeaconState + ReadOnlySignedBeaconBlock
+// that falls at the beginning of the current weak subjectivity period. These values can be used to construct
+// a weak subjectivity checkpoint beacon node flag to be used for validation.
+type WeakSubjectivityData struct {
+	BlockRoot [32]byte
+	StateRoot [32]byte
+	Epoch     primitives.Epoch
+}
+
+// CheckpointString returns the standard string representation of a Checkpoint.
+// The format is a hex-encoded block root, followed by the epoch of the block, separated by a colon. For example:
+// "0x1c35540cac127315fabb6bf29181f2ae0de1a3fc909d2e76ba771e61312cc49a:74888"
+func (wsd *WeakSubjectivityData) CheckpointString() string {
+	return fmt.Sprintf("%#x:%d", wsd.BlockRoot, wsd.Epoch)
+}
+
+// ComputeWeakSubjectivityCheckpoint attempts to use the prysm weak_subjectivity api
+// to obtain the current weak_subjectivity checkpoint.
+// For non-prysm nodes, the same computation will be performed with extra steps,
+// using the head state downloaded from the beacon node api.
+func ComputeWeakSubjectivityCheckpoint(ctx context.Context, client *Client) (*WeakSubjectivityData, error) {
+	ws, err := client.GetWeakSubjectivity(ctx)
+	if err != nil {
+		// a 404/405 is expected if querying an endpoint that doesn't support the weak subjectivity checkpoint api
+		if !errors.Is(err, base.ErrNotOK) {
+			return nil, errors.Wrap(err, "unexpected API response for prysm-only weak subjectivity checkpoint API")
+		}
+		// fall back to vanilla Beacon Node API method
+		return computeBackwardsCompatible(ctx, client)
+	}
+	log.Printf("server weak subjectivity checkpoint response - epoch=%d, block_root=%#x, state_root=%#x", ws.Epoch, ws.BlockRoot, ws.StateRoot)
+	return ws, nil
 }
 
 const (
@@ -96,8 +196,8 @@ const (
 	prysmImplementationName = "Prysm"
 )
 
-// ErrUnsupportedPrysmCheckpointVersion indicates remote beacon node can't be used for checkpoint retrieval.
-var ErrUnsupportedPrysmCheckpointVersion = errors.New("node does not meet minimum version requirements for checkpoint retrieval")
+// errUnsupportedPrysmCheckpointVersion indicates remote beacon node can't be used for checkpoint retrieval.
+var errUnsupportedPrysmCheckpointVersion = errors.New("node does not meet minimum version requirements for checkpoint retrieval")
 
 // for older endpoints or clients that do not support the weak_subjectivity api method
 // we gather the necessary data for a checkpoint sync by:
@@ -105,14 +205,14 @@ var ErrUnsupportedPrysmCheckpointVersion = errors.New("node does not meet minimu
 // - requesting the state at the first slot of the epoch
 // - using hash_tree_root(state.latest_block_header) to compute the block the state integrates
 // - requesting that block by its root
-func downloadBackwardsCompatible(ctx context.Context, client *Client) (*OriginData, error) {
+func computeBackwardsCompatible(ctx context.Context, client *Client) (*WeakSubjectivityData, error) {
 	log.Print("falling back to generic checkpoint derivation, weak_subjectivity API not supported by server")
 	nv, err := client.GetNodeVersion(ctx)
 	if err != nil {
 		return nil, errors.Wrap(err, "unable to proceed with fallback method without confirming node version")
 	}
 	if nv.implementation == prysmImplementationName && semver.Compare(nv.semver, prysmMinimumVersion) < 0 {
-		return nil, errors.Wrapf(ErrUnsupportedPrysmCheckpointVersion, "%s < minimum (%s)", nv.semver, prysmMinimumVersion)
+		return nil, errors.Wrapf(errUnsupportedPrysmCheckpointVersion, "%s < minimum (%s)", nv.semver, prysmMinimumVersion)
 	}
 	epoch, err := getWeakSubjectivityEpochFromHead(ctx, client)
 	if err != nil {
@@ -127,136 +227,78 @@ func downloadBackwardsCompatible(ctx context.Context, client *Client) (*OriginDa
 
 	log.Printf("requesting checkpoint state at slot %d", slot)
 	// get the state at the first slot of the epoch
-	stateBytes, err := client.GetState(ctx, IdFromSlot(slot))
+	sb, err := client.GetState(ctx, IdFromSlot(slot))
 	if err != nil {
 		return nil, errors.Wrapf(err, "failed to request state by slot from api, slot=%d", slot)
 	}
 
 	// ConfigFork is used to unmarshal the BeaconState so we can read the block root in latest_block_header
-	cf, err := detect.FromState(stateBytes)
+	vu, err := detect.FromState(sb)
 	if err != nil {
 		return nil, errors.Wrap(err, "error detecting chain config for beacon state")
 	}
-	log.Printf("detected supported config in checkpoint state, name=%s, fork=%s", cf.Config.ConfigName, version.String(cf.Fork))
+	log.Printf("detected supported config in checkpoint state, name=%s, fork=%s", vu.Config.ConfigName, version.String(vu.Fork))
 
-	st, err := cf.UnmarshalBeaconState(stateBytes)
+	s, err := vu.UnmarshalBeaconState(sb)
 	if err != nil {
 		return nil, errors.Wrap(err, "error using detected config fork to unmarshal state bytes")
 	}
 
 	// compute state and block roots
-	stateRoot, err := st.HashTreeRoot(ctx)
+	sr, err := s.HashTreeRoot(ctx)
 	if err != nil {
 		return nil, errors.Wrap(err, "error computing hash_tree_root of state")
 	}
 
-	header := st.LatestBlockHeader()
-	header.StateRoot = stateRoot[:]
-	computedBlockRoot, err := header.HashTreeRoot()
+	h := s.LatestBlockHeader()
+	h.StateRoot = sr[:]
+	br, err := h.HashTreeRoot()
 	if err != nil {
 		return nil, errors.Wrap(err, "error while computing block root using state data")
 	}
 
-	blockBytes, err := client.GetBlock(ctx, IdFromRoot(computedBlockRoot))
+	bb, err := client.GetBlock(ctx, IdFromRoot(br))
 	if err != nil {
-		return nil, errors.Wrapf(err, "error requesting block by root = %d", computedBlockRoot)
+		return nil, errors.Wrapf(err, "error requesting block by root = %d", br)
 	}
-	block, err := cf.UnmarshalBeaconBlock(blockBytes)
+	b, err := vu.UnmarshalBeaconBlock(bb)
 	if err != nil {
 		return nil, errors.Wrap(err, "unable to unmarshal block to a supported type using the detected fork schedule")
 	}
-	blockRoot, err := block.Block().HashTreeRoot()
+	br, err = b.Block().HashTreeRoot()
 	if err != nil {
 		return nil, errors.Wrap(err, "error computing hash_tree_root for block obtained via root")
 	}
 
-	log.Printf("BeaconState slot=%d, Block slot=%d", st.Slot(), block.Block().Slot())
-	log.Printf("BeaconState htr=%#xd, Block state_root=%#x", stateRoot, block.Block().StateRoot())
-	log.Printf("BeaconBlock root computed from state=%#x, Block htr=%#x", computedBlockRoot, blockRoot)
-
-	return &OriginData{
-		wsd: &WeakSubjectivityData{
-			BlockRoot: blockRoot,
-			StateRoot: stateRoot,
-			Epoch:     epoch,
-		},
-		st: st,
-		sb: stateBytes,
-		b:  block,
-		bb: blockBytes,
-		cf: cf,
+	return &WeakSubjectivityData{
+		Epoch:     epoch,
+		BlockRoot: br,
+		StateRoot: sr,
 	}, nil
 }
 
-// DownloadOriginData attempts to use the proposed weak_subjectivity beacon node api
-// to obtain the weak_subjectivity metadata (epoch, block_root, state_root) needed to sync
-// a beacon node from the canonical weak subjectivity checkpoint. As this is a proposed API
-// that will only be supported by prysm at first, in the event of a 404 we fallback to using a
-// different technique where we first download the head state which can be used to compute the
-// weak subjectivity epoch on the client side.
-func DownloadOriginData(ctx context.Context, client *Client) (*OriginData, error) {
-	ws, err := client.GetWeakSubjectivity(ctx)
+// this method downloads the head state, which can be used to find the correct chain config
+// and use prysm's helper methods to compute the latest weak subjectivity epoch.
+func getWeakSubjectivityEpochFromHead(ctx context.Context, client *Client) (primitives.Epoch, error) {
+	headBytes, err := client.GetState(ctx, IdHead)
 	if err != nil {
-		// a 404/405 is expected if querying an endpoint that doesn't support the weak subjectivity checkpoint api
-		if !errors.Is(err, ErrNotOK) {
-			return nil, errors.Wrap(err, "unexpected API response for prysm-only weak subjectivity checkpoint API")
-		}
-		// fall back to vanilla Beacon Node API method
-		return downloadBackwardsCompatible(ctx, client)
+		return 0, err
 	}
-	log.Printf("server weak subjectivity checkpoint response - epoch=%d, block_root=%#x, state_root=%#x", ws.Epoch, ws.BlockRoot, ws.StateRoot)
-
-	// use first slot of the epoch for the block slot
-	slot, err := slots.EpochStart(ws.Epoch)
+	vu, err := detect.FromState(headBytes)
 	if err != nil {
-		return nil, errors.Wrapf(err, "error computing first slot of epoch=%d", ws.Epoch)
+		return 0, errors.Wrap(err, "error detecting chain config for beacon state")
 	}
-	log.Printf("requesting checkpoint state at slot %d", slot)
-
-	stateBytes, err := client.GetState(ctx, IdFromSlot(slot))
+	log.Printf("detected supported config in remote head state, name=%s, fork=%s", vu.Config.ConfigName, version.String(vu.Fork))
+	headState, err := vu.UnmarshalBeaconState(headBytes)
 	if err != nil {
-		return nil, errors.Wrapf(err, "failed to request state by slot from api, slot=%d", slot)
-	}
-	cf, err := detect.FromState(stateBytes)
-	if err != nil {
-		return nil, errors.Wrap(err, "error detecting chain config for beacon state")
-	}
-	log.Printf("detected supported config in checkpoint state, name=%s, fork=%s", cf.Config.ConfigName, version.String(cf.Fork))
-
-	state, err := cf.UnmarshalBeaconState(stateBytes)
-	if err != nil {
-		return nil, errors.Wrap(err, "error using detected config fork to unmarshal state bytes")
-	}
-	stateRoot, err := state.HashTreeRoot(ctx)
-	if err != nil {
-		return nil, errors.Wrapf(err, "failed to compute htr for state at slot=%d", slot)
+		return 0, errors.Wrap(err, "error unmarshaling state to correct version")
 	}
 
-	blockRoot, err := state.LatestBlockHeader().HashTreeRoot()
+	epoch, err := helpers.LatestWeakSubjectivityEpoch(ctx, headState, vu.Config)
 	if err != nil {
-		return nil, errors.Wrap(err, "error computing hash_tree_root of latest_block_header")
+		return 0, errors.Wrap(err, "error computing the weak subjectivity epoch from head state")
 	}
-	blockBytes, err := client.GetBlock(ctx, IdFromRoot(ws.BlockRoot))
-	if err != nil {
-		return nil, errors.Wrapf(err, "error requesting block by slot = %d", slot)
-	}
-	block, err := cf.UnmarshalBeaconBlock(blockBytes)
-	if err != nil {
-		return nil, errors.Wrap(err, "unable to unmarshal block to a supported type using the detected fork schedule")
-	}
-	realBlockRoot, err := block.Block().HashTreeRoot()
-	if err != nil {
-		return nil, errors.Wrap(err, "error computing hash_tree_root of retrieved block")
-	}
-	log.Printf("BeaconState slot=%d, Block slot=%d", state.Slot(), block.Block().Slot())
-	log.Printf("BeaconState htr=%#xd, Block state_root=%#x", stateRoot, block.Block().StateRoot())
-	log.Printf("BeaconState latest_block_header htr=%#xd, block htr=%#x", blockRoot, realBlockRoot)
-	return &OriginData{
-		wsd: ws,
-		st:  state,
-		b:   block,
-		sb:  stateBytes,
-		bb:  blockBytes,
-		cf:  cf,
-	}, nil
+
+	log.Printf("(computed client-side) weak subjectivity epoch = %d", epoch)
+	return epoch, nil
 }

api/client/beacon/checkpoint_test.go

@@ -7,24 +7,22 @@ import (
 	"fmt"
 	"io"
 	"net/http"
-	"net/url"
 	"testing"
 
-	"github.com/prysmaticlabs/prysm/consensus-types/wrapper"
-
-	"github.com/prysmaticlabs/prysm/beacon-chain/state"
-	"github.com/prysmaticlabs/prysm/network/forks"
-	ethpb "github.com/prysmaticlabs/prysm/proto/prysm/v1alpha1"
-	"github.com/prysmaticlabs/prysm/testing/util"
-	"github.com/prysmaticlabs/prysm/time/slots"
-
-	"github.com/prysmaticlabs/prysm/config/params"
-	types "github.com/prysmaticlabs/prysm/consensus-types/primitives"
-	"github.com/prysmaticlabs/prysm/encoding/ssz/detect"
-	"github.com/prysmaticlabs/prysm/runtime/version"
-
 	"github.com/pkg/errors"
-	"github.com/prysmaticlabs/prysm/testing/require"
+	"github.com/prysmaticlabs/prysm/v5/api/client"
+	"github.com/prysmaticlabs/prysm/v5/beacon-chain/state"
+	"github.com/prysmaticlabs/prysm/v5/config/params"
+	"github.com/prysmaticlabs/prysm/v5/consensus-types/blocks"
+	blocktest "github.com/prysmaticlabs/prysm/v5/consensus-types/blocks/testing"
+	"github.com/prysmaticlabs/prysm/v5/consensus-types/primitives"
+	"github.com/prysmaticlabs/prysm/v5/encoding/ssz/detect"
+	"github.com/prysmaticlabs/prysm/v5/network/forks"
+	ethpb "github.com/prysmaticlabs/prysm/v5/proto/prysm/v1alpha1"
+	"github.com/prysmaticlabs/prysm/v5/runtime/version"
+	"github.com/prysmaticlabs/prysm/v5/testing/require"
+	"github.com/prysmaticlabs/prysm/v5/testing/util"
+	"github.com/prysmaticlabs/prysm/v5/time/slots"
 )
 
 type testRT struct {
@@ -66,11 +64,7 @@ func TestMarshalToEnvelope(t *testing.T) {
 }
 
 func TestFallbackVersionCheck(t *testing.T) {
-	c := &Client{
-		hc:      &http.Client{},
-		baseURL: &url.URL{Host: "localhost:3500", Scheme: "http"},
-	}
-	c.hc.Transport = &testRT{rt: func(req *http.Request) (*http.Response, error) {
+	trans := &testRT{rt: func(req *http.Request) (*http.Response, error) {
 		res := &http.Response{Request: req}
 		switch req.URL.Path {
 		case getNodeVersionPath:
@@ -88,13 +82,14 @@ func TestFallbackVersionCheck(t *testing.T) {
 		case getWeakSubjectivityPath:
 			res.StatusCode = http.StatusNotFound
 		}
-
 		return res, nil
 	}}
 
+	c, err := NewClient("http://localhost:3500", client.WithRoundTripper(trans))
+	require.NoError(t, err)
 	ctx := context.Background()
-	_, err := DownloadOriginData(ctx, c)
-	require.ErrorIs(t, err, ErrUnsupportedPrysmCheckpointVersion)
+	_, err = ComputeWeakSubjectivityCheckpoint(ctx, c)
+	require.ErrorIs(t, err, errUnsupportedPrysmCheckpointVersion)
 }
 
 func TestFname(t *testing.T) {
@@ -102,7 +97,7 @@ func TestFname(t *testing.T) {
 		Config: params.MainnetConfig(),
 		Fork:   version.Phase0,
 	}
-	slot := types.Slot(23)
+	slot := primitives.Slot(23)
 	prefix := "block"
 	var root [32]byte
 	copy(root[:], []byte{0x23, 0x23, 0x23})
@@ -120,9 +115,9 @@ func TestFname(t *testing.T) {
 	require.Equal(t, expected, actual)
 }
 
-func TestDownloadOriginData(t *testing.T) {
+func TestDownloadWeakSubjectivityCheckpoint(t *testing.T) {
 	ctx := context.Background()
-	cfg := params.MainnetConfig()
+	cfg := params.MainnetConfig().Copy()
 
 	epoch := cfg.AltairForkEpoch - 1
 	// set up checkpoint state, using the epoch that will be computed as the ws checkpoint state based on the head state
@@ -131,13 +126,18 @@ func TestDownloadOriginData(t *testing.T) {
 	wst, err := util.NewBeaconState()
 	require.NoError(t, err)
 	fork, err := forkForEpoch(cfg, epoch)
+	require.NoError(t, err)
 	require.NoError(t, wst.SetFork(fork))
 
 	// set up checkpoint block
-	b, err := wrapper.WrappedSignedBeaconBlock(util.NewBeaconBlock())
-	require.NoError(t, wrapper.SetBlockParentRoot(b, cfg.ZeroHash))
-	require.NoError(t, wrapper.SetBlockSlot(b, wSlot))
-	require.NoError(t, wrapper.SetProposerIndex(b, 0))
+	b, err := blocks.NewSignedBeaconBlock(util.NewBeaconBlock())
+	require.NoError(t, err)
+	b, err = blocktest.SetBlockParentRoot(b, cfg.ZeroHash)
+	require.NoError(t, err)
+	b, err = blocktest.SetBlockSlot(b, wSlot)
+	require.NoError(t, err)
+	b, err = blocktest.SetProposerIndex(b, 0)
+	require.NoError(t, err)
 
 	// set up state header pointing at checkpoint block - this is how the block is downloaded by root
 	header, err := b.Header()
@@ -151,7 +151,8 @@ func TestDownloadOriginData(t *testing.T) {
 	wRoot, err := wst.HashTreeRoot(ctx)
 	require.NoError(t, err)
 
-	require.NoError(t, wrapper.SetBlockStateRoot(b, wRoot))
+	b, err = blocktest.SetBlockStateRoot(b, wRoot)
+	require.NoError(t, err)
 	serBlock, err := b.MarshalSSZ()
 	require.NoError(t, err)
 	bRoot, err := b.Block().HashTreeRoot()
@@ -165,58 +166,51 @@ func TestDownloadOriginData(t *testing.T) {
 		Epoch:     epoch,
 	}
 
-	hc := &http.Client{
-		Transport: &testRT{rt: func(req *http.Request) (*http.Response, error) {
-			res := &http.Response{Request: req}
-			switch req.URL.Path {
-			case getWeakSubjectivityPath:
-				res.StatusCode = http.StatusOK
-				cp := struct {
-					Epoch string `json:"epoch"`
-					Root  string `json:"root"`
-				}{
-					Epoch: fmt.Sprintf("%d", slots.ToEpoch(b.Block().Slot())),
-					Root:  fmt.Sprintf("%#x", bRoot),
-				}
-				wsr := struct {
-					Checkpoint interface{} `json:"ws_checkpoint"`
-					StateRoot  string      `json:"state_root"`
-				}{
-					Checkpoint: cp,
-					StateRoot:  fmt.Sprintf("%#x", wRoot),
-				}
-				rb, err := marshalToEnvelope(wsr)
-				require.NoError(t, err)
-				res.Body = io.NopCloser(bytes.NewBuffer(rb))
-			case renderGetStatePath(IdFromSlot(wSlot)):
-				res.StatusCode = http.StatusOK
-				res.Body = io.NopCloser(bytes.NewBuffer(wsSerialized))
-			case renderGetBlockPath(IdFromRoot(bRoot)):
-				res.StatusCode = http.StatusOK
-				res.Body = io.NopCloser(bytes.NewBuffer(serBlock))
+	trans := &testRT{rt: func(req *http.Request) (*http.Response, error) {
+		res := &http.Response{Request: req}
+		switch req.URL.Path {
+		case getWeakSubjectivityPath:
+			res.StatusCode = http.StatusOK
+			cp := struct {
+				Epoch string `json:"epoch"`
+				Root  string `json:"root"`
+			}{
+				Epoch: fmt.Sprintf("%d", slots.ToEpoch(b.Block().Slot())),
+				Root:  fmt.Sprintf("%#x", bRoot),
 			}
+			wsr := struct {
+				Checkpoint interface{} `json:"ws_checkpoint"`
+				StateRoot  string      `json:"state_root"`
+			}{
+				Checkpoint: cp,
+				StateRoot:  fmt.Sprintf("%#x", wRoot),
+			}
+			rb, err := marshalToEnvelope(wsr)
+			require.NoError(t, err)
+			res.Body = io.NopCloser(bytes.NewBuffer(rb))
+		case renderGetStatePath(IdFromSlot(wSlot)):
+			res.StatusCode = http.StatusOK
+			res.Body = io.NopCloser(bytes.NewBuffer(wsSerialized))
+		case renderGetBlockPath(IdFromRoot(bRoot)):
+			res.StatusCode = http.StatusOK
+			res.Body = io.NopCloser(bytes.NewBuffer(serBlock))
+		}
 
-			return res, nil
-		}},
-	}
-	c := &Client{
-		hc:      hc,
-		baseURL: &url.URL{Host: "localhost:3500", Scheme: "http"},
-	}
+		return res, nil
+	}}
 
-	od, err := DownloadOriginData(ctx, c)
+	c, err := NewClient("http://localhost:3500", client.WithRoundTripper(trans))
 	require.NoError(t, err)
-	require.Equal(t, expectedWSD.Epoch, od.wsd.Epoch)
-	require.Equal(t, expectedWSD.StateRoot, od.wsd.StateRoot)
-	require.Equal(t, expectedWSD.BlockRoot, od.wsd.BlockRoot)
-	require.DeepEqual(t, wsSerialized, od.sb)
-	require.DeepEqual(t, serBlock, od.bb)
-	require.DeepEqual(t, wst.Fork().CurrentVersion, od.cf.Version[:])
-	require.DeepEqual(t, version.Phase0, od.cf.Fork)
+
+	wsd, err := ComputeWeakSubjectivityCheckpoint(ctx, c)
+	require.NoError(t, err)
+	require.Equal(t, expectedWSD.Epoch, wsd.Epoch)
+	require.Equal(t, expectedWSD.StateRoot, wsd.StateRoot)
+	require.Equal(t, expectedWSD.BlockRoot, wsd.BlockRoot)
 }
 
-// runs downloadBackwardsCompatible directly
-// and via DownloadOriginData with a round tripper that triggers the backwards compatible code path
+// runs computeBackwardsCompatible directly
+// and via ComputeWeakSubjectivityCheckpoint with a round tripper that triggers the backwards compatible code path
 func TestDownloadBackwardsCompatibleCombined(t *testing.T) {
 	ctx := context.Background()
 	cfg := params.MainnetConfig()
@@ -231,13 +225,18 @@ func TestDownloadBackwardsCompatibleCombined(t *testing.T) {
 	wst, err := util.NewBeaconState()
 	require.NoError(t, err)
 	fork, err := forkForEpoch(cfg, cfg.GenesisEpoch)
+	require.NoError(t, err)
 	require.NoError(t, wst.SetFork(fork))
 
 	// set up checkpoint block
-	b, err := wrapper.WrappedSignedBeaconBlock(util.NewBeaconBlock())
-	require.NoError(t, wrapper.SetBlockParentRoot(b, cfg.ZeroHash))
-	require.NoError(t, wrapper.SetBlockSlot(b, wSlot))
-	require.NoError(t, wrapper.SetProposerIndex(b, 0))
+	b, err := blocks.NewSignedBeaconBlock(util.NewBeaconBlock())
+	require.NoError(t, err)
+	b, err = blocktest.SetBlockParentRoot(b, cfg.ZeroHash)
+	require.NoError(t, err)
+	b, err = blocktest.SetBlockSlot(b, wSlot)
+	require.NoError(t, err)
+	b, err = blocktest.SetProposerIndex(b, 0)
+	require.NoError(t, err)
 
 	// set up state header pointing at checkpoint block - this is how the block is downloaded by root
 	header, err := b.Header()
@@ -251,7 +250,8 @@ func TestDownloadBackwardsCompatibleCombined(t *testing.T) {
 	wRoot, err := wst.HashTreeRoot(ctx)
 	require.NoError(t, err)
 
-	require.NoError(t, wrapper.SetBlockStateRoot(b, wRoot))
+	b, err = blocktest.SetBlockStateRoot(b, wRoot)
+	require.NoError(t, err)
 	serBlock, err := b.MarshalSSZ()
 	require.NoError(t, err)
 	bRoot, err := b.Block().HashTreeRoot()
@@ -260,80 +260,68 @@ func TestDownloadBackwardsCompatibleCombined(t *testing.T) {
 	wsSerialized, err := wst.MarshalSSZ()
 	require.NoError(t, err)
 
-	hc := &http.Client{
-		Transport: &testRT{rt: func(req *http.Request) (*http.Response, error) {
-			res := &http.Response{Request: req}
-			switch req.URL.Path {
-			case getNodeVersionPath:
-				res.StatusCode = http.StatusOK
-				b := bytes.NewBuffer(nil)
-				d := struct {
-					Version string `json:"version"`
-				}{
-					Version: "Lighthouse/v0.1.5 (Linux x86_64)",
-				}
-				encoded, err := marshalToEnvelope(d)
-				require.NoError(t, err)
-				b.Write(encoded)
-				res.Body = io.NopCloser(b)
-			case getWeakSubjectivityPath:
-				res.StatusCode = http.StatusNotFound
-			case renderGetStatePath(IdHead):
-				res.StatusCode = http.StatusOK
-				res.Body = io.NopCloser(bytes.NewBuffer(serialized))
-			case renderGetStatePath(IdFromSlot(wSlot)):
-				res.StatusCode = http.StatusOK
-				res.Body = io.NopCloser(bytes.NewBuffer(wsSerialized))
-			case renderGetBlockPath(IdFromRoot(bRoot)):
-				res.StatusCode = http.StatusOK
-				res.Body = io.NopCloser(bytes.NewBuffer(serBlock))
+	trans := &testRT{rt: func(req *http.Request) (*http.Response, error) {
+		res := &http.Response{Request: req}
+		switch req.URL.Path {
+		case getNodeVersionPath:
+			res.StatusCode = http.StatusOK
+			b := bytes.NewBuffer(nil)
+			d := struct {
+				Version string `json:"version"`
+			}{
+				Version: "Lighthouse/v0.1.5 (Linux x86_64)",
 			}
+			encoded, err := marshalToEnvelope(d)
+			require.NoError(t, err)
+			b.Write(encoded)
+			res.Body = io.NopCloser(b)
+		case getWeakSubjectivityPath:
+			res.StatusCode = http.StatusNotFound
+		case renderGetStatePath(IdHead):
+			res.StatusCode = http.StatusOK
+			res.Body = io.NopCloser(bytes.NewBuffer(serialized))
+		case renderGetStatePath(IdFromSlot(wSlot)):
+			res.StatusCode = http.StatusOK
+			res.Body = io.NopCloser(bytes.NewBuffer(wsSerialized))
+		case renderGetBlockPath(IdFromRoot(bRoot)):
+			res.StatusCode = http.StatusOK
+			res.Body = io.NopCloser(bytes.NewBuffer(serBlock))
+		}
 
-			return res, nil
-		}},
-	}
-	c := &Client{
-		hc:      hc,
-		baseURL: &url.URL{Host: "localhost:3500", Scheme: "http"},
-	}
+		return res, nil
+	}}
 
-	odPub, err := DownloadOriginData(ctx, c)
+	c, err := NewClient("http://localhost:3500", client.WithRoundTripper(trans))
 	require.NoError(t, err)
 
-	odPriv, err := downloadBackwardsCompatible(ctx, c)
+	wsPub, err := ComputeWeakSubjectivityCheckpoint(ctx, c)
 	require.NoError(t, err)
-	require.DeepEqual(t, odPriv.wsd, odPub.wsd)
-	require.DeepEqual(t, odPriv.sb, odPub.sb)
-	require.DeepEqual(t, odPriv.bb, odPub.bb)
-	require.DeepEqual(t, odPriv.cf.Fork, odPub.cf.Fork)
-	require.DeepEqual(t, odPriv.cf.Version, odPub.cf.Version)
+
+	wsPriv, err := computeBackwardsCompatible(ctx, c)
+	require.NoError(t, err)
+	require.DeepEqual(t, wsPriv, wsPub)
 }
 
 func TestGetWeakSubjectivityEpochFromHead(t *testing.T) {
 	st, expectedEpoch := defaultTestHeadState(t, params.MainnetConfig())
 	serialized, err := st.MarshalSSZ()
 	require.NoError(t, err)
-	hc := &http.Client{
-		Transport: &testRT{rt: func(req *http.Request) (*http.Response, error) {
-			res := &http.Response{Request: req}
-			switch req.URL.Path {
-			case renderGetStatePath(IdHead):
-				res.StatusCode = http.StatusOK
-				res.Body = io.NopCloser(bytes.NewBuffer(serialized))
-			}
-			return res, nil
-		}},
-	}
-	c := &Client{
-		hc:      hc,
-		baseURL: &url.URL{Host: "localhost:3500", Scheme: "http"},
-	}
+	trans := &testRT{rt: func(req *http.Request) (*http.Response, error) {
+		res := &http.Response{Request: req}
+		if req.URL.Path == renderGetStatePath(IdHead) {
+			res.StatusCode = http.StatusOK
+			res.Body = io.NopCloser(bytes.NewBuffer(serialized))
+		}
+		return res, nil
+	}}
+	c, err := NewClient("http://localhost:3500", client.WithRoundTripper(trans))
+	require.NoError(t, err)
 	actualEpoch, err := getWeakSubjectivityEpochFromHead(context.Background(), c)
 	require.NoError(t, err)
 	require.Equal(t, expectedEpoch, actualEpoch)
 }
 
-func forkForEpoch(cfg *params.BeaconChainConfig, epoch types.Epoch) (*ethpb.Fork, error) {
+func forkForEpoch(cfg *params.BeaconChainConfig, epoch primitives.Epoch) (*ethpb.Fork, error) {
 	os := forks.NewOrderedSchedule(cfg)
 	currentVersion, err := os.VersionForEpoch(epoch)
 	if err != nil {
@@ -355,7 +343,7 @@ func forkForEpoch(cfg *params.BeaconChainConfig, epoch types.Epoch) (*ethpb.Fork
 	}, nil
 }
 
-func defaultTestHeadState(t *testing.T, cfg *params.BeaconChainConfig) (state.BeaconState, types.Epoch) {
+func defaultTestHeadState(t *testing.T, cfg *params.BeaconChainConfig) (state.BeaconState, primitives.Epoch) {
 	st, err := util.NewBeaconStateAltair()
 	require.NoError(t, err)
 
@@ -396,9 +384,98 @@ func populateValidators(cfg *params.BeaconChainConfig, st state.BeaconState, val
 	if err := st.SetValidators(validators); err != nil {
 		return err
 	}
-	if err := st.SetBalances(balances); err != nil {
-		return err
-	}
-
-	return nil
+	return st.SetBalances(balances)
+}
+
+func TestDownloadFinalizedData(t *testing.T) {
+	ctx := context.Background()
+	cfg := params.MainnetConfig().Copy()
+
+	// avoid the altair zone because genesis tests are easier to set up
+	epoch := cfg.AltairForkEpoch - 1
+	// set up checkpoint state, using the epoch that will be computed as the ws checkpoint state based on the head state
+	slot, err := slots.EpochStart(epoch)
+	require.NoError(t, err)
+	st, err := util.NewBeaconState()
+	require.NoError(t, err)
+	fork, err := forkForEpoch(cfg, epoch)
+	require.NoError(t, err)
+	require.NoError(t, st.SetFork(fork))
+	require.NoError(t, st.SetSlot(slot))
+
+	// set up checkpoint block
+	b, err := blocks.NewSignedBeaconBlock(util.NewBeaconBlock())
+	require.NoError(t, err)
+	b, err = blocktest.SetBlockParentRoot(b, cfg.ZeroHash)
+	require.NoError(t, err)
+	b, err = blocktest.SetBlockSlot(b, slot)
+	require.NoError(t, err)
+	b, err = blocktest.SetProposerIndex(b, 0)
+	require.NoError(t, err)
+
+	// set up state header pointing at checkpoint block - this is how the block is downloaded by root
+	header, err := b.Header()
+	require.NoError(t, err)
+	require.NoError(t, st.SetLatestBlockHeader(header.Header))
+
+	// order of operations can be confusing here:
+	// - when computing the state root, make sure block header is complete, EXCEPT the state root should be zero-value
+	// - before computing the block root (to match the request route), the block should include the state root
+	//   *computed from the state with a header that does not have a state root set yet*
+	sr, err := st.HashTreeRoot(ctx)
+	require.NoError(t, err)
+
+	b, err = blocktest.SetBlockStateRoot(b, sr)
+	require.NoError(t, err)
+	mb, err := b.MarshalSSZ()
+	require.NoError(t, err)
+	br, err := b.Block().HashTreeRoot()
+	require.NoError(t, err)
+
+	ms, err := st.MarshalSSZ()
+	require.NoError(t, err)
+
+	trans := &testRT{rt: func(req *http.Request) (*http.Response, error) {
+		res := &http.Response{Request: req}
+		switch req.URL.Path {
+		case renderGetStatePath(IdFinalized):
+			res.StatusCode = http.StatusOK
+			res.Body = io.NopCloser(bytes.NewBuffer(ms))
+		case renderGetBlockPath(IdFromSlot(b.Block().Slot())):
+			res.StatusCode = http.StatusOK
+			res.Body = io.NopCloser(bytes.NewBuffer(mb))
+		default:
+			res.StatusCode = http.StatusInternalServerError
+			res.Body = io.NopCloser(bytes.NewBufferString(""))
+		}
+
+		return res, nil
+	}}
+	c, err := NewClient("http://localhost:3500", client.WithRoundTripper(trans))
+	require.NoError(t, err)
+	// sanity check before we go through checkpoint
+	// make sure we can download the state and unmarshal it with the VersionedUnmarshaler
+	sb, err := c.GetState(ctx, IdFinalized)
+	require.NoError(t, err)
+	require.Equal(t, true, bytes.Equal(sb, ms))
+	vu, err := detect.FromState(sb)
+	require.NoError(t, err)
+	us, err := vu.UnmarshalBeaconState(sb)
+	require.NoError(t, err)
+	ushtr, err := us.HashTreeRoot(ctx)
+	require.NoError(t, err)
+	require.Equal(t, sr, ushtr)
+
+	expected := &OriginData{
+		sb: ms,
+		bb: mb,
+		br: br,
+		sr: sr,
+	}
+	od, err := DownloadFinalizedData(ctx, c)
+	require.NoError(t, err)
+	require.Equal(t, true, bytes.Equal(expected.sb, od.sb))
+	require.Equal(t, true, bytes.Equal(expected.bb, od.bb))
+	require.Equal(t, expected.br, od.br)
+	require.Equal(t, expected.sr, od.sr)
 }

api/client/beacon/client.go

@@ -5,8 +5,6 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io"
-	"net"
 	"net/http"
 	"net/url"
 	"path"
@@ -14,27 +12,30 @@ import (
 	"sort"
 	"strconv"
 	"text/template"
-	"time"
-
-	"github.com/prysmaticlabs/prysm/network/forks"
 
 	"github.com/ethereum/go-ethereum/common/hexutil"
 	"github.com/pkg/errors"
-	"github.com/prysmaticlabs/prysm/beacon-chain/rpc/apimiddleware"
-	types "github.com/prysmaticlabs/prysm/consensus-types/primitives"
-	"github.com/prysmaticlabs/prysm/encoding/bytesutil"
-	ethpb "github.com/prysmaticlabs/prysm/proto/prysm/v1alpha1"
-	log "github.com/sirupsen/logrus"
+	"github.com/prysmaticlabs/prysm/v5/api/client"
+	"github.com/prysmaticlabs/prysm/v5/api/server"
+	"github.com/prysmaticlabs/prysm/v5/api/server/structs"
+	"github.com/prysmaticlabs/prysm/v5/consensus-types/primitives"
+	"github.com/prysmaticlabs/prysm/v5/encoding/bytesutil"
+	"github.com/prysmaticlabs/prysm/v5/network/forks"
+	ethpb "github.com/prysmaticlabs/prysm/v5/proto/prysm/v1alpha1"
+	"github.com/sirupsen/logrus"
 )
 
 const (
-	getSignedBlockPath      = "/eth/v2/beacon/blocks"
-	getBlockRootPath        = "/eth/v1/beacon/blocks/{{.Id}}/root"
-	getForkForStatePath     = "/eth/v1/beacon/states/{{.Id}}/fork"
-	getWeakSubjectivityPath = "/eth/v1/beacon/weak_subjectivity"
-	getForkSchedulePath     = "/eth/v1/config/fork_schedule"
-	getStatePath            = "/eth/v2/debug/beacon/states"
-	getNodeVersionPath      = "/eth/v1/node/version"
+	getSignedBlockPath       = "/eth/v2/beacon/blocks"
+	getBlockRootPath         = "/eth/v1/beacon/blocks/{{.Id}}/root"
+	getForkForStatePath      = "/eth/v1/beacon/states/{{.Id}}/fork"
+	getWeakSubjectivityPath  = "/prysm/v1/beacon/weak_subjectivity"
+	getForkSchedulePath      = "/eth/v1/config/fork_schedule"
+	getConfigSpecPath        = "/eth/v1/config/spec"
+	getStatePath             = "/eth/v2/debug/beacon/states"
+	getNodeVersionPath       = "/eth/v1/node/version"
+	changeBLStoExecutionPath = "/eth/v1/beacon/pool/bls_to_execution_changes"
+	getDepositSnapshot       = "/eth/v1/beacon/deposit_snapshot"
 )
 
 // StateOrBlockId represents the block_id / state_id parameters that several of the Eth Beacon API methods accept.
@@ -46,23 +47,20 @@ const (
 type StateOrBlockId string
 
 const (
-	IdFinalized StateOrBlockId = "finalized"
 	IdGenesis   StateOrBlockId = "genesis"
 	IdHead      StateOrBlockId = "head"
-	IdJustified StateOrBlockId = "justified"
+	IdFinalized StateOrBlockId = "finalized"
 )
 
-var ErrMalformedHostname = errors.New("hostname must include port, separated by one colon, like example.com:3500")
-
 // IdFromRoot encodes a block root in the format expected by the API in places where a root can be used to identify
 // a BeaconState or SignedBeaconBlock.
 func IdFromRoot(r [32]byte) StateOrBlockId {
 	return StateOrBlockId(fmt.Sprintf("%#x", r))
 }
 
-// IdFromRoot encodes a Slot in the format expected by the API in places where a slot can be used to identify
+// IdFromSlot encodes a Slot in the format expected by the API in places where a slot can be used to identify
 // a BeaconState or SignedBeaconBlock.
-func IdFromSlot(s types.Slot) StateOrBlockId {
+func IdFromSlot(s primitives.Slot) StateOrBlockId {
 	return StateOrBlockId(strconv.FormatUint(uint64(s), 10))
 }
 
@@ -83,99 +81,22 @@ func idTemplate(ts string) func(StateOrBlockId) string {
 	return f
 }
 
-// ClientOpt is a functional option for the Client type (http.Client wrapper)
-type ClientOpt func(*Client)
-
-// WithTimeout sets the .Timeout attribute of the wrapped http.Client.
-func WithTimeout(timeout time.Duration) ClientOpt {
-	return func(c *Client) {
-		c.hc.Timeout = timeout
-	}
+func renderGetBlockPath(id StateOrBlockId) string {
+	return path.Join(getSignedBlockPath, string(id))
 }
 
 // Client provides a collection of helper methods for calling the Eth Beacon Node API endpoints.
 type Client struct {
-	hc      *http.Client
-	host    string
-	scheme  string
-	baseURL *url.URL
+	*client.Client
 }
 
-// NewClient constructs a new client with the provided options (ex WithTimeout).
-// `host` is the base host + port used to construct request urls. This value can be
-// a URL string, or NewClient will assume an http endpoint if just `host:port` is used.
-func NewClient(host string, opts ...ClientOpt) (*Client, error) {
-	u, err := urlForHost(host)
+// NewClient returns a new Client that includes functions for rest calls to Beacon API.
+func NewClient(host string, opts ...client.ClientOpt) (*Client, error) {
+	c, err := client.NewClient(host, opts...)
 	if err != nil {
 		return nil, err
 	}
-	c := &Client{
-		hc:      &http.Client{},
-		baseURL: u,
-	}
-	for _, o := range opts {
-		o(c)
-	}
-	return c, nil
-}
-
-func urlForHost(h string) (*url.URL, error) {
-	// try to parse as url (being permissive)
-	u, err := url.Parse(h)
-	if err == nil && u.Host != "" {
-		return u, nil
-	}
-	// try to parse as host:port
-	host, port, err := net.SplitHostPort(h)
-	if err != nil {
-		return nil, ErrMalformedHostname
-	}
-	return &url.URL{Host: fmt.Sprintf("%s:%s", host, port), Scheme: "http"}, nil
-}
-
-// NodeURL returns a human-readable string representation of the beacon node base url.
-func (c *Client) NodeURL() string {
-	return c.baseURL.String()
-}
-
-type reqOption func(*http.Request)
-
-func withSSZEncoding() reqOption {
-	return func(req *http.Request) {
-		req.Header.Set("Accept", "application/octet-stream")
-	}
-}
-
-// get is a generic, opinionated GET function to reduce boilerplate amongst the getters in this package.
-func (c *Client) get(ctx context.Context, path string, opts ...reqOption) ([]byte, error) {
-	u := c.baseURL.ResolveReference(&url.URL{Path: path})
-	log.Printf("requesting %s", u.String())
-	req, err := http.NewRequestWithContext(ctx, http.MethodGet, u.String(), nil)
-	if err != nil {
-		return nil, err
-	}
-	for _, o := range opts {
-		o(req)
-	}
-	r, err := c.hc.Do(req)
-	if err != nil {
-		return nil, err
-	}
-	defer func() {
-		err = r.Body.Close()
-	}()
-	if r.StatusCode != http.StatusOK {
-		return nil, non200Err(r)
-	}
-	b, err := io.ReadAll(r.Body)
-	if err != nil {
-		return nil, errors.Wrap(err, "error reading http response body from GetBlock")
-	}
-	return b, nil
-}
-
-func renderGetBlockPath(id StateOrBlockId) string {
-	return path.Join(getSignedBlockPath, string(id))
+	return &Client{c}, nil
 }
 
 // GetBlock retrieves the SignedBeaconBlock for the given block id.
@@ -185,7 +106,7 @@ func renderGetBlockPath(id StateOrBlockId) string {
 // The return value contains the ssz-encoded bytes.
 func (c *Client) GetBlock(ctx context.Context, blockId StateOrBlockId) ([]byte, error) {
 	blockPath := renderGetBlockPath(blockId)
-	b, err := c.get(ctx, blockPath, withSSZEncoding())
+	b, err := c.Get(ctx, blockPath, client.WithSSZEncoding())
 	if err != nil {
 		return nil, errors.Wrapf(err, "error requesting state by id = %s", blockId)
 	}
@@ -200,7 +121,7 @@ var getBlockRootTpl = idTemplate(getBlockRootPath)
 // for the named identifiers.
 func (c *Client) GetBlockRoot(ctx context.Context, blockId StateOrBlockId) ([32]byte, error) {
 	rootPath := getBlockRootTpl(blockId)
-	b, err := c.get(ctx, rootPath)
+	b, err := c.Get(ctx, rootPath)
 	if err != nil {
 		return [32]byte{}, errors.Wrapf(err, "error requesting block root by id = %s", blockId)
 	}
@@ -223,23 +144,23 @@ var getForkTpl = idTemplate(getForkForStatePath)
 // <slot>, <hex encoded blockRoot with 0x prefix>. Variables of type StateOrBlockId are exported by this package
 // for the named identifiers.
 func (c *Client) GetFork(ctx context.Context, stateId StateOrBlockId) (*ethpb.Fork, error) {
-	body, err := c.get(ctx, getForkTpl(stateId))
+	body, err := c.Get(ctx, getForkTpl(stateId))
 	if err != nil {
 		return nil, errors.Wrapf(err, "error requesting fork by state id = %s", stateId)
 	}
-	fr := &forkResponse{}
-	dataWrapper := &struct{ Data *forkResponse }{Data: fr}
+	fr := &structs.Fork{}
+	dataWrapper := &struct{ Data *structs.Fork }{Data: fr}
 	err = json.Unmarshal(body, dataWrapper)
 	if err != nil {
 		return nil, errors.Wrap(err, "error decoding json response in GetFork")
 	}
 
-	return fr.Fork()
+	return fr.ToConsensus()
 }
 
 // GetForkSchedule retrieve all forks, past present and future, of which this node is aware.
 func (c *Client) GetForkSchedule(ctx context.Context) (forks.OrderedSchedule, error) {
-	body, err := c.get(ctx, getForkSchedulePath)
+	body, err := c.Get(ctx, getForkSchedulePath)
 	if err != nil {
 		return nil, errors.Wrap(err, "error requesting fork schedule")
 	}
@@ -255,6 +176,20 @@ func (c *Client) GetForkSchedule(ctx context.Context) (forks.OrderedSchedule, er
 	return ofs, nil
 }
 
+// GetConfigSpec retrieve the current configs of the network used by the beacon node.
+func (c *Client) GetConfigSpec(ctx context.Context) (*structs.GetSpecResponse, error) {
+	body, err := c.Get(ctx, getConfigSpecPath)
+	if err != nil {
+		return nil, errors.Wrap(err, "error requesting configSpecPath")
+	}
+	fsr := &structs.GetSpecResponse{}
+	err = json.Unmarshal(body, fsr)
+	if err != nil {
+		return nil, err
+	}
+	return fsr, nil
+}
+
 type NodeVersion struct {
 	implementation string
 	semver         string
@@ -266,7 +201,7 @@ var versionRE = regexp.MustCompile(`^(\w+)/(v\d+\.\d+\.\d+[-a-zA-Z0-9]*)\s*/?(.*
 func parseNodeVersion(v string) (*NodeVersion, error) {
 	groups := versionRE.FindStringSubmatch(v)
 	if len(groups) != 4 {
-		return nil, errors.Wrapf(ErrInvalidNodeVersion, "could not be parsed: %s", v)
+		return nil, errors.Wrapf(client.ErrInvalidNodeVersion, "could not be parsed: %s", v)
 	}
 	return &NodeVersion{
 		implementation: groups[1],
@@ -278,7 +213,7 @@ func parseNodeVersion(v string) (*NodeVersion, error) {
 // GetNodeVersion requests that the beacon node identify information about its implementation in a format
 // similar to a HTTP User-Agent field. ex: Lighthouse/v0.1.5 (Linux x86_64)
 func (c *Client) GetNodeVersion(ctx context.Context) (*NodeVersion, error) {
-	b, err := c.get(ctx, getNodeVersionPath)
+	b, err := c.Get(ctx, getNodeVersionPath)
 	if err != nil {
 		return nil, errors.Wrap(err, "error requesting node version")
 	}
@@ -305,7 +240,7 @@ func renderGetStatePath(id StateOrBlockId) string {
 // The return value contains the ssz-encoded bytes.
 func (c *Client) GetState(ctx context.Context, stateId StateOrBlockId) ([]byte, error) {
 	statePath := path.Join(getStatePath, string(stateId))
-	b, err := c.get(ctx, statePath, withSSZEncoding())
+	b, err := c.Get(ctx, statePath, client.WithSSZEncoding())
 	if err != nil {
 		return nil, errors.Wrapf(err, "error requesting state by id = %s", stateId)
 	}
@@ -318,20 +253,20 @@ func (c *Client) GetState(ctx context.Context, stateId StateOrBlockId) ([]byte,
 // - finds the highest non-skipped block preceding the epoch
 // - returns the htr of the found block and returns this + the value of state_root from the block
 func (c *Client) GetWeakSubjectivity(ctx context.Context) (*WeakSubjectivityData, error) {
-	body, err := c.get(ctx, getWeakSubjectivityPath)
+	body, err := c.Get(ctx, getWeakSubjectivityPath)
 	if err != nil {
 		return nil, err
 	}
-	v := &apimiddleware.WeakSubjectivityResponse{}
+	v := &structs.GetWeakSubjectivityResponse{}
 	err = json.Unmarshal(body, v)
 	if err != nil {
 		return nil, err
 	}
-	epoch, err := strconv.ParseUint(v.Data.Checkpoint.Epoch, 10, 64)
+	epoch, err := strconv.ParseUint(v.Data.WsCheckpoint.Epoch, 10, 64)
 	if err != nil {
 		return nil, err
 	}
-	blockRoot, err := hexutil.Decode(v.Data.Checkpoint.Root)
+	blockRoot, err := hexutil.Decode(v.Data.WsCheckpoint.Root)
 	if err != nil {
 		return nil, err
 	}
@@ -340,81 +275,76 @@ func (c *Client) GetWeakSubjectivity(ctx context.Context) (*WeakSubjectivityData
 		return nil, err
 	}
 	return &WeakSubjectivityData{
-		Epoch:     types.Epoch(epoch),
+		Epoch:     primitives.Epoch(epoch),
 		BlockRoot: bytesutil.ToBytes32(blockRoot),
 		StateRoot: bytesutil.ToBytes32(stateRoot),
 	}, nil
 }
 
-// WeakSubjectivityData represents the state root, block root and epoch of the BeaconState + SignedBeaconBlock
-// that falls at the beginning of the current weak subjectivity period. These values can be used to construct
-// a weak subjectivity checkpoint, or to download a BeaconState+SignedBeaconBlock pair that can be used to bootstrap
-// a new Beacon Node using Checkpoint Sync.
-type WeakSubjectivityData struct {
-	BlockRoot [32]byte
-	StateRoot [32]byte
-	Epoch     types.Epoch
-}
-
-func non200Err(response *http.Response) error {
-	bodyBytes, err := io.ReadAll(response.Body)
-	var body string
+// SubmitChangeBLStoExecution calls a beacon API endpoint to set the withdrawal addresses based on the given signed messages.
+// If the API responds with something other than OK there will be failure messages associated to the corresponding request message.
+func (c *Client) SubmitChangeBLStoExecution(ctx context.Context, request []*structs.SignedBLSToExecutionChange) error {
+	u := c.BaseURL().ResolveReference(&url.URL{Path: changeBLStoExecutionPath})
+	body, err := json.Marshal(request)
 	if err != nil {
-		body = "(Unable to read response body.)"
-	} else {
-		body = "response body:\n" + string(bodyBytes)
+		return errors.Wrap(err, "failed to marshal JSON")
 	}
-	msg := fmt.Sprintf("code=%d, url=%s, body=%s", response.StatusCode, response.Request.URL, body)
-	switch response.StatusCode {
-	case 404:
-		return errors.Wrap(ErrNotFound, msg)
-	default:
-		return errors.Wrap(ErrNotOK, msg)
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, u.String(), bytes.NewBuffer(body))
+	if err != nil {
+		return errors.Wrap(err, "invalid format, failed to create new POST request object")
 	}
+	req.Header.Set("Content-Type", "application/json")
+	resp, err := c.Do(req)
+	if err != nil {
+		return err
+	}
+	defer func() {
+		err = resp.Body.Close()
+	}()
+	if resp.StatusCode != http.StatusOK {
+		decoder := json.NewDecoder(resp.Body)
+		decoder.DisallowUnknownFields()
+		errorJson := &server.IndexedVerificationFailureError{}
+		if err := decoder.Decode(errorJson); err != nil {
+			return errors.Wrapf(err, "failed to decode error JSON for %s", resp.Request.URL)
+		}
+		for _, failure := range errorJson.Failures {
+			w := request[failure.Index].Message
+			log.WithFields(logrus.Fields{
+				"validatorIndex":    w.ValidatorIndex,
+				"withdrawalAddress": w.ToExecutionAddress,
+			}).Error(failure.Message)
+		}
+		return errors.Errorf("POST error %d: %s", errorJson.Code, errorJson.Message)
+	}
+	return nil
 }
 
-type forkResponse struct {
-	PreviousVersion string `json:"previous_version"`
-	CurrentVersion  string `json:"current_version"`
-	Epoch           string `json:"epoch"`
-}
-
-func (f *forkResponse) Fork() (*ethpb.Fork, error) {
-	epoch, err := strconv.ParseUint(f.Epoch, 10, 64)
+// GetBLStoExecutionChanges gets all the set withdrawal messages in the node's operation pool.
+// Returns a struct representation of json response.
+func (c *Client) GetBLStoExecutionChanges(ctx context.Context) (*structs.BLSToExecutionChangesPoolResponse, error) {
+	body, err := c.Get(ctx, changeBLStoExecutionPath)
 	if err != nil {
 		return nil, err
 	}
-	cSlice, err := hexutil.Decode(f.CurrentVersion)
+	poolResponse := &structs.BLSToExecutionChangesPoolResponse{}
+	err = json.Unmarshal(body, poolResponse)
 	if err != nil {
 		return nil, err
 	}
-	if len(cSlice) != 4 {
-		return nil, fmt.Errorf("got %d byte version for CurrentVersion, expected 4 bytes. hex=%s", len(cSlice), f.CurrentVersion)
-	}
-	pSlice, err := hexutil.Decode(f.PreviousVersion)
-	if err != nil {
-		return nil, err
-	}
-	if len(pSlice) != 4 {
-		return nil, fmt.Errorf("got %d byte version, expected 4 bytes. version hex=%s", len(pSlice), f.PreviousVersion)
-	}
-	return &ethpb.Fork{
-		CurrentVersion:  cSlice,
-		PreviousVersion: pSlice,
-		Epoch:           types.Epoch(epoch),
-	}, nil
+	return poolResponse, nil
 }
 
 type forkScheduleResponse struct {
-	Data []forkResponse
+	Data []structs.Fork
 }
 
 func (fsr *forkScheduleResponse) OrderedForkSchedule() (forks.OrderedSchedule, error) {
 	ofs := make(forks.OrderedSchedule, 0)
 	for _, d := range fsr.Data {
-		epoch, err := strconv.Atoi(d.Epoch)
+		epoch, err := strconv.ParseUint(d.Epoch, 10, 64)
 		if err != nil {
-			return nil, err
+			return nil, errors.Wrapf(err, "error parsing epoch %s", d.Epoch)
 		}
 		vSlice, err := hexutil.Decode(d.CurrentVersion)
 		if err != nil {
@@ -426,9 +356,18 @@ func (fsr *forkScheduleResponse) OrderedForkSchedule() (forks.OrderedSchedule, e
 		version := bytesutil.ToBytes4(vSlice)
 		ofs = append(ofs, forks.ForkScheduleEntry{
 			Version: version,
-			Epoch:   types.Epoch(uint64(epoch)),
+			Epoch:   primitives.Epoch(epoch),
 		})
 	}
 	sort.Sort(ofs)
 	return ofs, nil
 }
+
+// GetDepositSnapshot calls a beacon API endpoint to retrieve the EIP-4881 Deposit Tree Snapshot.
+func (c *Client) GetDepositSnapshot(ctx context.Context) ([]byte, error) {
+	b, err := c.Get(ctx, getDepositSnapshot, client.WithSSZEncoding())
+	if err != nil {
+		return nil, err
+	}
+	return b, nil
+}

api/client/beacon/client_test.go

@@ -4,7 +4,8 @@ import (
 	"net/url"
 	"testing"
 
-	"github.com/prysmaticlabs/prysm/testing/require"
+	"github.com/prysmaticlabs/prysm/v5/api/client"
+	"github.com/prysmaticlabs/prysm/v5/testing/require"
 )
 
 func TestParseNodeVersion(t *testing.T) {
@@ -17,17 +18,17 @@ func TestParseNodeVersion(t *testing.T) {
 		{
 			name: "empty string",
 			v:    "",
-			err:  ErrInvalidNodeVersion,
+			err:  client.ErrInvalidNodeVersion,
 		},
 		{
 			name: "Prysm as the version string",
 			v:    "Prysm",
-			err:  ErrInvalidNodeVersion,
+			err:  client.ErrInvalidNodeVersion,
 		},
 		{
 			name: "semver only",
 			v:    "v2.0.6",
-			err:  ErrInvalidNodeVersion,
+			err:  client.ErrInvalidNodeVersion,
 		},
 		{
 			name: "complete version",
@@ -91,7 +92,7 @@ func TestValidHostname(t *testing.T) {
 		{
 			name:    "hostname without port",
 			hostArg: "mydomain.org",
-			err:     ErrMalformedHostname,
+			err:     client.ErrMalformedHostname,
 		},
 		{
 			name:    "hostname with port",
@@ -132,7 +133,7 @@ func TestValidHostname(t *testing.T) {
 				return
 			}
 			require.NoError(t, err)
-			require.Equal(t, c.joined, cl.baseURL.ResolveReference(&url.URL{Path: c.path}).String())
+			require.Equal(t, c.joined, cl.BaseURL().ResolveReference(&url.URL{Path: c.path}).String())
 		})
 	}
 }

api/client/beacon/doc.go

@@ -1,6 +1,5 @@
 /*
 Package beacon provides a client for interacting with the standard Eth Beacon Node API.
 Interactive swagger documentation for the API is available here: https://ethereum.github.io/beacon-APIs/
-
 */
 package beacon

api/client/beacon/errors.go

@@ -1,13 +0,0 @@
-package beacon
-
-import "github.com/pkg/errors"
-
-// ErrNotOK is used to indicate when an HTTP request to the Beacon Node API failed with any non-2xx response code.
-// More specific errors may be returned, but an error in reaction to a non-2xx response will always wrap ErrNotOK.
-var ErrNotOK = errors.New("did not receive 2xx response from API")
-
-// ErrNotFound specifically means that a '404 - NOT FOUND' response was received from the API.
-var ErrNotFound = errors.Wrap(ErrNotOK, "recv 404 NotFound response from API")
-
-// ErrInvalidNodeVersion indicates that the /eth/v1/node/version api response format was not recognized.
-var ErrInvalidNodeVersion = errors.New("invalid node version response")

api/client/beacon/health.go

@@ -0,0 +1,60 @@
+package beacon
+
+import (
+	"context"
+	"sync"
+
+	"github.com/prysmaticlabs/prysm/v5/api/client/beacon/iface"
+)
+
+type NodeHealthTracker struct {
+	isHealthy  *bool
+	healthChan chan bool
+	node       iface.HealthNode
+	sync.RWMutex
+}
+
+func NewNodeHealthTracker(node iface.HealthNode) *NodeHealthTracker {
+	return &NodeHealthTracker{
+		node:       node,
+		healthChan: make(chan bool, 1),
+	}
+}
+
+// HealthUpdates provides a read-only channel for health updates.
+func (n *NodeHealthTracker) HealthUpdates() <-chan bool {
+	return n.healthChan
+}
+
+func (n *NodeHealthTracker) IsHealthy() bool {
+	n.RLock()
+	defer n.RUnlock()
+	if n.isHealthy == nil {
+		return false
+	}
+	return *n.isHealthy
+}
+
+func (n *NodeHealthTracker) CheckHealth(ctx context.Context) bool {
+	n.Lock()
+	defer n.Unlock()
+
+	newStatus := n.node.IsHealthy(ctx)
+	if n.isHealthy == nil {
+		n.isHealthy = &newStatus
+	}
+
+	isStatusChanged := newStatus != *n.isHealthy
+	if isStatusChanged {
+		// Update the health status
+		n.isHealthy = &newStatus
+		// Send the new status to the health channel, potentially overwriting the existing value
+		select {
+		case <-n.healthChan:
+			n.healthChan <- newStatus
+		default:
+			n.healthChan <- newStatus
+		}
+	}
+	return newStatus
+}

api/client/beacon/health_test.go

@@ -0,0 +1,112 @@
+package beacon
+
+import (
+	"context"
+	"sync"
+	"testing"
+
+	healthTesting "github.com/prysmaticlabs/prysm/v5/api/client/beacon/testing"
+	"go.uber.org/mock/gomock"
+)
+
+func TestNodeHealth_IsHealthy(t *testing.T) {
+	tests := []struct {
+		name      string
+		isHealthy bool
+		want      bool
+	}{
+		{"initially healthy", true, true},
+		{"initially unhealthy", false, false},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			n := &NodeHealthTracker{
+				isHealthy:  &tt.isHealthy,
+				healthChan: make(chan bool, 1),
+			}
+			if got := n.IsHealthy(); got != tt.want {
+				t.Errorf("IsHealthy() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestNodeHealth_UpdateNodeHealth(t *testing.T) {
+	tests := []struct {
+		name       string
+		initial    bool // Initial health status
+		newStatus  bool // Status to update to
+		shouldSend bool // Should a message be sent through the channel
+	}{
+		{"healthy to unhealthy", true, false, true},
+		{"unhealthy to healthy", false, true, true},
+		{"remain healthy", true, true, false},
+		{"remain unhealthy", false, false, false},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			ctrl := gomock.NewController(t)
+			defer ctrl.Finish()
+			client := healthTesting.NewMockHealthClient(ctrl)
+			client.EXPECT().IsHealthy(gomock.Any()).Return(tt.newStatus)
+			n := &NodeHealthTracker{
+				isHealthy:  &tt.initial,
+				node:       client,
+				healthChan: make(chan bool, 1),
+			}
+
+			s := n.CheckHealth(context.Background())
+			// Check if health status was updated
+			if s != tt.newStatus {
+				t.Errorf("UpdateNodeHealth() failed to update isHealthy from %v to %v", tt.initial, tt.newStatus)
+			}
+
+			select {
+			case status := <-n.HealthUpdates():
+				if !tt.shouldSend {
+					t.Errorf("UpdateNodeHealth() unexpectedly sent status %v to HealthCh", status)
+				} else if status != tt.newStatus {
+					t.Errorf("UpdateNodeHealth() sent wrong status %v, want %v", status, tt.newStatus)
+				}
+			default:
+				if tt.shouldSend {
+					t.Error("UpdateNodeHealth() did not send any status to HealthCh when expected")
+				}
+			}
+		})
+	}
+}
+
+func TestNodeHealth_Concurrency(t *testing.T) {
+	ctrl := gomock.NewController(t)
+	defer ctrl.Finish()
+	client := healthTesting.NewMockHealthClient(ctrl)
+	n := NewNodeHealthTracker(client)
+	var wg sync.WaitGroup
+
+	// Number of goroutines to spawn for both reading and writing
+	numGoroutines := 6
+
+	wg.Add(numGoroutines * 2) // for readers and writers
+
+	// Concurrently update health status
+	for i := 0; i < numGoroutines; i++ {
+		go func() {
+			defer wg.Done()
+			client.EXPECT().IsHealthy(gomock.Any()).Return(false).Times(1)
+			n.CheckHealth(context.Background())
+			client.EXPECT().IsHealthy(gomock.Any()).Return(true).Times(1)
+			n.CheckHealth(context.Background())
+		}()
+	}
+
+	// Concurrently read health status
+	for i := 0; i < numGoroutines; i++ {
+		go func() {
+			defer wg.Done()
+			_ = n.IsHealthy() // Just read the value
+		}()
+	}
+
+	wg.Wait() // Wait for all goroutines to finish
+}

api/client/beacon/iface/BUILD.bazel

@@ -0,0 +1,8 @@
+load("@prysm//tools/go:def.bzl", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = ["health.go"],
+    importpath = "github.com/prysmaticlabs/prysm/v5/api/client/beacon/iface",
+    visibility = ["//visibility:public"],
+)

api/client/beacon/iface/health.go

@@ -0,0 +1,13 @@
+package iface
+
+import "context"
+
+type HealthTracker interface {
+	HealthUpdates() <-chan bool
+	IsHealthy() bool
+	CheckHealth(ctx context.Context) bool
+}
+
+type HealthNode interface {
+	IsHealthy(ctx context.Context) bool
+}

api/client/beacon/log.go

@@ -0,0 +1,5 @@
+package beacon
+
+import "github.com/sirupsen/logrus"
+
+var log = logrus.WithField("prefix", "beacon")

api/client/beacon/testing/BUILD.bazel

@@ -0,0 +1,12 @@
+load("@prysm//tools/go:def.bzl", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = ["mock.go"],
+    importpath = "github.com/prysmaticlabs/prysm/v5/api/client/beacon/testing",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//api/client/beacon/iface:go_default_library",
+        "@org_uber_go_mock//gomock:go_default_library",
+    ],
+)

api/client/beacon/testing/mock.go

@@ -0,0 +1,59 @@
+package testing
+
+import (
+	"context"
+	"reflect"
+	"sync"
+
+	"github.com/prysmaticlabs/prysm/v5/api/client/beacon/iface"
+	"go.uber.org/mock/gomock"
+)
+
+var (
+	_ = iface.HealthNode(&MockHealthClient{})
+)
+
+// MockHealthClient is a mock of HealthClient interface.
+type MockHealthClient struct {
+	ctrl     *gomock.Controller
+	recorder *MockHealthClientMockRecorder
+	sync.Mutex
+}
+
+// MockHealthClientMockRecorder is the mock recorder for MockHealthClient.
+type MockHealthClientMockRecorder struct {
+	mock *MockHealthClient
+}
+
+// IsHealthy mocks base method.
+func (m *MockHealthClient) IsHealthy(arg0 context.Context) bool {
+	m.Lock()
+	defer m.Unlock()
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "IsHealthy", arg0)
+	ret0, ok := ret[0].(bool)
+	if !ok {
+		return false
+	}
+	return ret0
+}
+
+// EXPECT returns an object that allows the caller to indicate expected use.
+func (m *MockHealthClient) EXPECT() *MockHealthClientMockRecorder {
+	return m.recorder
+}
+
+// IsHealthy indicates an expected call of IsHealthy.
+func (mr *MockHealthClientMockRecorder) IsHealthy(arg0 any) *gomock.Call {
+	mr.mock.Lock()
+	defer mr.mock.Unlock()
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "IsHealthy", reflect.TypeOf((*MockHealthClient)(nil).IsHealthy), arg0)
+}
+
+// NewMockHealthClient creates a new mock instance.
+func NewMockHealthClient(ctrl *gomock.Controller) *MockHealthClient {
+	mock := &MockHealthClient{ctrl: ctrl}
+	mock.recorder = &MockHealthClientMockRecorder{mock}
+	return mock
+}

api/client/builder/BUILD.bazel

@@ -0,0 +1,64 @@
+load("@prysm//tools/go:def.bzl", "go_library", "go_test")
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "bid.go",
+        "client.go",
+        "errors.go",
+        "types.go",
+    ],
+    importpath = "github.com/prysmaticlabs/prysm/v5/api/client/builder",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//api:go_default_library",
+        "//api/client:go_default_library",
+        "//api/server/structs:go_default_library",
+        "//config/fieldparams:go_default_library",
+        "//config/params:go_default_library",
+        "//consensus-types:go_default_library",
+        "//consensus-types/blocks:go_default_library",
+        "//consensus-types/interfaces:go_default_library",
+        "//consensus-types/primitives:go_default_library",
+        "//encoding/bytesutil:go_default_library",
+        "//math:go_default_library",
+        "//monitoring/tracing:go_default_library",
+        "//monitoring/tracing/trace:go_default_library",
+        "//proto/engine/v1:go_default_library",
+        "//proto/prysm/v1alpha1:go_default_library",
+        "//runtime/version:go_default_library",
+        "@com_github_ethereum_go_ethereum//common/hexutil:go_default_library",
+        "@com_github_pkg_errors//:go_default_library",
+        "@com_github_prysmaticlabs_fastssz//:go_default_library",
+        "@com_github_sirupsen_logrus//:go_default_library",
+        "@org_golang_google_protobuf//proto:go_default_library",
+    ],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = [
+        "client_test.go",
+        "types_test.go",
+    ],
+    data = glob(["testdata/**"]),
+    embed = [":go_default_library"],
+    deps = [
+        "//api/server/structs:go_default_library",
+        "//config/fieldparams:go_default_library",
+        "//config/params:go_default_library",
+        "//consensus-types/blocks:go_default_library",
+        "//consensus-types/primitives:go_default_library",
+        "//encoding/bytesutil:go_default_library",
+        "//math:go_default_library",
+        "//proto/engine/v1:go_default_library",
+        "//proto/prysm/v1alpha1:go_default_library",
+        "//runtime/version:go_default_library",
+        "//testing/assert:go_default_library",
+        "//testing/require:go_default_library",
+        "@com_github_ethereum_go_ethereum//common/hexutil:go_default_library",
+        "@com_github_pkg_errors//:go_default_library",
+        "@com_github_prysmaticlabs_go_bitfield//:go_default_library",
+        "@com_github_sirupsen_logrus//:go_default_library",
+    ],
+)

api/client/builder/bid.go

@@ -0,0 +1,292 @@
+package builder
+
+import (
+	"github.com/pkg/errors"
+	ssz "github.com/prysmaticlabs/fastssz"
+	consensus_types "github.com/prysmaticlabs/prysm/v5/consensus-types"
+	"github.com/prysmaticlabs/prysm/v5/consensus-types/blocks"
+	"github.com/prysmaticlabs/prysm/v5/consensus-types/interfaces"
+	"github.com/prysmaticlabs/prysm/v5/consensus-types/primitives"
+	ethpb "github.com/prysmaticlabs/prysm/v5/proto/prysm/v1alpha1"
+	"github.com/prysmaticlabs/prysm/v5/runtime/version"
+)
+
+// SignedBid is an interface describing the method set of a signed builder bid.
+type SignedBid interface {
+	Message() (Bid, error)
+	Signature() []byte
+	Version() int
+	IsNil() bool
+}
+
+// Bid is an interface describing the method set of a builder bid.
+type Bid interface {
+	Header() (interfaces.ExecutionData, error)
+	BlobKzgCommitments() ([][]byte, error)
+	Value() primitives.Wei
+	Pubkey() []byte
+	Version() int
+	IsNil() bool
+	HashTreeRoot() ([32]byte, error)
+	HashTreeRootWith(hh *ssz.Hasher) error
+}
+
+type signedBuilderBid struct {
+	p *ethpb.SignedBuilderBid
+}
+
+// WrappedSignedBuilderBid is a constructor which wraps a protobuf signed bit into an interface.
+func WrappedSignedBuilderBid(p *ethpb.SignedBuilderBid) (SignedBid, error) {
+	w := signedBuilderBid{p: p}
+	if w.IsNil() {
+		return nil, consensus_types.ErrNilObjectWrapped
+	}
+	return w, nil
+}
+
+// Message --
+func (b signedBuilderBid) Message() (Bid, error) {
+	return WrappedBuilderBid(b.p.Message)
+}
+
+// Signature --
+func (b signedBuilderBid) Signature() []byte {
+	return b.p.Signature
+}
+
+// Version --
+func (b signedBuilderBid) Version() int {
+	return version.Bellatrix
+}
+
+// IsNil --
+func (b signedBuilderBid) IsNil() bool {
+	return b.p == nil
+}
+
+type signedBuilderBidCapella struct {
+	p *ethpb.SignedBuilderBidCapella
+}
+
+// WrappedSignedBuilderBidCapella is a constructor which wraps a protobuf signed bit into an interface.
+func WrappedSignedBuilderBidCapella(p *ethpb.SignedBuilderBidCapella) (SignedBid, error) {
+	w := signedBuilderBidCapella{p: p}
+	if w.IsNil() {
+		return nil, consensus_types.ErrNilObjectWrapped
+	}
+	return w, nil
+}
+
+// Message --
+func (b signedBuilderBidCapella) Message() (Bid, error) {
+	return WrappedBuilderBidCapella(b.p.Message)
+}
+
+// Signature --
+func (b signedBuilderBidCapella) Signature() []byte {
+	return b.p.Signature
+}
+
+// Version --
+func (b signedBuilderBidCapella) Version() int {
+	return version.Capella
+}
+
+// IsNil --
+func (b signedBuilderBidCapella) IsNil() bool {
+	return b.p == nil
+}
+
+type builderBid struct {
+	p *ethpb.BuilderBid
+}
+
+// WrappedBuilderBid is a constructor which wraps a protobuf bid into an interface.
+func WrappedBuilderBid(p *ethpb.BuilderBid) (Bid, error) {
+	w := builderBid{p: p}
+	if w.IsNil() {
+		return nil, consensus_types.ErrNilObjectWrapped
+	}
+	return w, nil
+}
+
+// Header --
+func (b builderBid) Header() (interfaces.ExecutionData, error) {
+	return blocks.WrappedExecutionPayloadHeader(b.p.Header)
+}
+
+// BlobKzgCommitments --
+func (b builderBid) BlobKzgCommitments() ([][]byte, error) {
+	return [][]byte{}, errors.New("blob kzg commitments not available before Deneb")
+}
+
+// Version --
+func (b builderBid) Version() int {
+	return version.Bellatrix
+}
+
+// Value --
+func (b builderBid) Value() primitives.Wei {
+	return primitives.LittleEndianBytesToWei(b.p.Value)
+}
+
+// Pubkey --
+func (b builderBid) Pubkey() []byte {
+	return b.p.Pubkey
+}
+
+// IsNil --
+func (b builderBid) IsNil() bool {
+	return b.p == nil
+}
+
+// HashTreeRoot --
+func (b builderBid) HashTreeRoot() ([32]byte, error) {
+	return b.p.HashTreeRoot()
+}
+
+// HashTreeRootWith --
+func (b builderBid) HashTreeRootWith(hh *ssz.Hasher) error {
+	return b.p.HashTreeRootWith(hh)
+}
+
+type builderBidCapella struct {
+	p *ethpb.BuilderBidCapella
+}
+
+// WrappedBuilderBidCapella is a constructor which wraps a protobuf bid into an interface.
+func WrappedBuilderBidCapella(p *ethpb.BuilderBidCapella) (Bid, error) {
+	w := builderBidCapella{p: p}
+	if w.IsNil() {
+		return nil, consensus_types.ErrNilObjectWrapped
+	}
+	return w, nil
+}
+
+// Header returns the execution data interface.
+func (b builderBidCapella) Header() (interfaces.ExecutionData, error) {
+	// We have to convert big endian to little endian because the value is coming from the execution layer.
+	return blocks.WrappedExecutionPayloadHeaderCapella(b.p.Header)
+}
+
+// BlobKzgCommitments --
+func (b builderBidCapella) BlobKzgCommitments() ([][]byte, error) {
+	return [][]byte{}, errors.New("blob kzg commitments not available before Deneb")
+}
+
+// Version --
+func (b builderBidCapella) Version() int {
+	return version.Capella
+}
+
+// Value --
+func (b builderBidCapella) Value() primitives.Wei {
+	return primitives.LittleEndianBytesToWei(b.p.Value)
+}
+
+// Pubkey --
+func (b builderBidCapella) Pubkey() []byte {
+	return b.p.Pubkey
+}
+
+// IsNil --
+func (b builderBidCapella) IsNil() bool {
+	return b.p == nil
+}
+
+// HashTreeRoot --
+func (b builderBidCapella) HashTreeRoot() ([32]byte, error) {
+	return b.p.HashTreeRoot()
+}
+
+// HashTreeRootWith --
+func (b builderBidCapella) HashTreeRootWith(hh *ssz.Hasher) error {
+	return b.p.HashTreeRootWith(hh)
+}
+
+type builderBidDeneb struct {
+	p *ethpb.BuilderBidDeneb
+}
+
+// WrappedBuilderBidDeneb is a constructor which wraps a protobuf bid into an interface.
+func WrappedBuilderBidDeneb(p *ethpb.BuilderBidDeneb) (Bid, error) {
+	w := builderBidDeneb{p: p}
+	if w.IsNil() {
+		return nil, consensus_types.ErrNilObjectWrapped
+	}
+	return w, nil
+}
+
+// Version --
+func (b builderBidDeneb) Version() int {
+	return version.Deneb
+}
+
+// Value --
+func (b builderBidDeneb) Value() primitives.Wei {
+	return primitives.LittleEndianBytesToWei(b.p.Value)
+}
+
+// Pubkey --
+func (b builderBidDeneb) Pubkey() []byte {
+	return b.p.Pubkey
+}
+
+// IsNil --
+func (b builderBidDeneb) IsNil() bool {
+	return b.p == nil
+}
+
+// HashTreeRoot --
+func (b builderBidDeneb) HashTreeRoot() ([32]byte, error) {
+	return b.p.HashTreeRoot()
+}
+
+// HashTreeRootWith --
+func (b builderBidDeneb) HashTreeRootWith(hh *ssz.Hasher) error {
+	return b.p.HashTreeRootWith(hh)
+}
+
+// Header --
+func (b builderBidDeneb) Header() (interfaces.ExecutionData, error) {
+	// We have to convert big endian to little endian because the value is coming from the execution layer.
+	return blocks.WrappedExecutionPayloadHeaderDeneb(b.p.Header)
+}
+
+// BlobKzgCommitments --
+func (b builderBidDeneb) BlobKzgCommitments() ([][]byte, error) {
+	return b.p.BlobKzgCommitments, nil
+}
+
+type signedBuilderBidDeneb struct {
+	p *ethpb.SignedBuilderBidDeneb
+}
+
+// WrappedSignedBuilderBidDeneb is a constructor which wraps a protobuf signed bit into an interface.
+func WrappedSignedBuilderBidDeneb(p *ethpb.SignedBuilderBidDeneb) (SignedBid, error) {
+	w := signedBuilderBidDeneb{p: p}
+	if w.IsNil() {
+		return nil, consensus_types.ErrNilObjectWrapped
+	}
+	return w, nil
+}
+
+// Message --
+func (b signedBuilderBidDeneb) Message() (Bid, error) {
+	return WrappedBuilderBidDeneb(b.p.Message)
+}
+
+// Signature --
+func (b signedBuilderBidDeneb) Signature() []byte {
+	return b.p.Signature
+}
+
+// Version --
+func (b signedBuilderBidDeneb) Version() int {
+	return version.Deneb
+}
+
+// IsNil --
+func (b signedBuilderBidDeneb) IsNil() bool {
+	return b.p == nil
+}

api/client/builder/client.go

@@ -0,0 +1,397 @@
+package builder
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net"
+	"net/http"
+	"net/url"
+	"strings"
+	"text/template"
+
+	"github.com/pkg/errors"
+	"github.com/prysmaticlabs/prysm/v5/api"
+	"github.com/prysmaticlabs/prysm/v5/api/client"
+	"github.com/prysmaticlabs/prysm/v5/api/server/structs"
+	"github.com/prysmaticlabs/prysm/v5/consensus-types/blocks"
+	"github.com/prysmaticlabs/prysm/v5/consensus-types/interfaces"
+	"github.com/prysmaticlabs/prysm/v5/consensus-types/primitives"
+	"github.com/prysmaticlabs/prysm/v5/monitoring/tracing"
+	"github.com/prysmaticlabs/prysm/v5/monitoring/tracing/trace"
+	v1 "github.com/prysmaticlabs/prysm/v5/proto/engine/v1"
+	ethpb "github.com/prysmaticlabs/prysm/v5/proto/prysm/v1alpha1"
+	"github.com/prysmaticlabs/prysm/v5/runtime/version"
+	log "github.com/sirupsen/logrus"
+)
+
+const (
+	getExecHeaderPath          = "/eth/v1/builder/header/{{.Slot}}/{{.ParentHash}}/{{.Pubkey}}"
+	getStatus                  = "/eth/v1/builder/status"
+	postBlindedBeaconBlockPath = "/eth/v1/builder/blinded_blocks"
+	postRegisterValidatorPath  = "/eth/v1/builder/validators"
+)
+
+var errMalformedHostname = errors.New("hostname must include port, separated by one colon, like example.com:3500")
+var errMalformedRequest = errors.New("required request data are missing")
+var errNotBlinded = errors.New("submitted block is not blinded")
+
+// ClientOpt is a functional option for the Client type (http.Client wrapper)
+type ClientOpt func(*Client)
+
+type observer interface {
+	observe(r *http.Request) error
+}
+
+func WithObserver(m observer) ClientOpt {
+	return func(c *Client) {
+		c.obvs = append(c.obvs, m)
+	}
+}
+
+type requestLogger struct{}
+
+func (*requestLogger) observe(r *http.Request) (e error) {
+	b := bytes.NewBuffer(nil)
+	if r.Body == nil {
+		log.WithFields(log.Fields{
+			"bodyBase64": "(nil value)",
+			"url":        r.URL.String(),
+		}).Info("builder http request")
+		return nil
+	}
+	t := io.TeeReader(r.Body, b)
+	defer func() {
+		if r.Body != nil {
+			e = r.Body.Close()
+		}
+	}()
+	body, err := io.ReadAll(t)
+	if err != nil {
+		return err
+	}
+	r.Body = io.NopCloser(b)
+	log.WithFields(log.Fields{
+		"bodyBase64": string(body),
+		"url":        r.URL.String(),
+	}).Info("builder http request")
+
+	return nil
+}
+
+var _ observer = &requestLogger{}
+
+// BuilderClient provides a collection of helper methods for calling Builder API endpoints.
+type BuilderClient interface {
+	NodeURL() string
+	GetHeader(ctx context.Context, slot primitives.Slot, parentHash [32]byte, pubkey [48]byte) (SignedBid, error)
+	RegisterValidator(ctx context.Context, svr []*ethpb.SignedValidatorRegistrationV1) error
+	SubmitBlindedBlock(ctx context.Context, sb interfaces.ReadOnlySignedBeaconBlock) (interfaces.ExecutionData, *v1.BlobsBundle, error)
+	Status(ctx context.Context) error
+}
+
+// Client provides a collection of helper methods for calling Builder API endpoints.
+type Client struct {
+	hc      *http.Client
+	baseURL *url.URL
+	obvs    []observer
+}
+
+// NewClient constructs a new client with the provided options (ex WithTimeout).
+// `host` is the base host + port used to construct request urls. This value can be
+// a URL string, or NewClient will assume an http endpoint if just `host:port` is used.
+func NewClient(host string, opts ...ClientOpt) (*Client, error) {
+	u, err := urlForHost(host)
+	if err != nil {
+		return nil, err
+	}
+	c := &Client{
+		hc:      &http.Client{},
+		baseURL: u,
+	}
+	for _, o := range opts {
+		o(c)
+	}
+	return c, nil
+}
+
+func urlForHost(h string) (*url.URL, error) {
+	// try to parse as url (being permissive)
+	if u, err := url.Parse(h); err == nil && u.Host != "" {
+		return u, nil
+	}
+	// try to parse as host:port
+	host, port, err := net.SplitHostPort(h)
+	if err != nil {
+		return nil, errMalformedHostname
+	}
+	return &url.URL{Host: net.JoinHostPort(host, port), Scheme: "http"}, nil
+}
+
+// NodeURL returns a human-readable string representation of the beacon node base url.
+func (c *Client) NodeURL() string {
+	return c.baseURL.String()
+}
+
+type reqOption func(*http.Request)
+
+// do is a generic, opinionated request function to reduce boilerplate amongst the methods in this package api/client/builder.
+func (c *Client) do(ctx context.Context, method string, path string, body io.Reader, opts ...reqOption) (res []byte, err error) {
+	ctx, span := trace.StartSpan(ctx, "builder.client.do")
+	defer func() {
+		tracing.AnnotateError(span, err)
+		span.End()
+	}()
+
+	u := c.baseURL.ResolveReference(&url.URL{Path: path})
+
+	span.SetAttributes(trace.StringAttribute("url", u.String()),
+		trace.StringAttribute("method", method))
+
+	req, err := http.NewRequestWithContext(ctx, method, u.String(), body)
+	if err != nil {
+		return
+	}
+	req.Header.Add("User-Agent", version.BuildData())
+	for _, o := range opts {
+		o(req)
+	}
+	for _, o := range c.obvs {
+		if err = o.observe(req); err != nil {
+			return
+		}
+	}
+	r, err := c.hc.Do(req)
+	if err != nil {
+		return
+	}
+	defer func() {
+		closeErr := r.Body.Close()
+		if closeErr != nil {
+			log.WithError(closeErr).Error("Failed to close response body")
+		}
+	}()
+	if r.StatusCode != http.StatusOK {
+		err = non200Err(r)
+		return
+	}
+	res, err = io.ReadAll(io.LimitReader(r.Body, client.MaxBodySize))
+	if err != nil {
+		err = errors.Wrap(err, "error reading http response body from builder server")
+		return
+	}
+	return
+}
+
+var execHeaderTemplate = template.Must(template.New("").Parse(getExecHeaderPath))
+
+func execHeaderPath(slot primitives.Slot, parentHash [32]byte, pubkey [48]byte) (string, error) {
+	v := struct {
+		Slot       primitives.Slot
+		ParentHash string
+		Pubkey     string
+	}{
+		Slot:       slot,
+		ParentHash: fmt.Sprintf("%#x", parentHash),
+		Pubkey:     fmt.Sprintf("%#x", pubkey),
+	}
+	b := bytes.NewBuffer(nil)
+	err := execHeaderTemplate.Execute(b, v)
+	if err != nil {
+		return "", errors.Wrapf(err, "error rendering exec header template with slot=%d, parentHash=%#x, pubkey=%#x", slot, parentHash, pubkey)
+	}
+	return b.String(), nil
+}
+
+// GetHeader is used by a proposing validator to request an execution payload header from the Builder node.
+func (c *Client) GetHeader(ctx context.Context, slot primitives.Slot, parentHash [32]byte, pubkey [48]byte) (SignedBid, error) {
+	path, err := execHeaderPath(slot, parentHash, pubkey)
+	if err != nil {
+		return nil, err
+	}
+	hb, err := c.do(ctx, http.MethodGet, path, nil)
+	if err != nil {
+		return nil, err
+	}
+	v := &VersionResponse{}
+	if err := json.Unmarshal(hb, v); err != nil {
+		return nil, errors.Wrapf(err, "error unmarshaling the builder GetHeader response, using slot=%d, parentHash=%#x, pubkey=%#x", slot, parentHash, pubkey)
+	}
+	switch strings.ToLower(v.Version) {
+	case strings.ToLower(version.String(version.Deneb)):
+		hr := &ExecHeaderResponseDeneb{}
+		if err := json.Unmarshal(hb, hr); err != nil {
+			return nil, errors.Wrapf(err, "error unmarshaling the builder GetHeader response, using slot=%d, parentHash=%#x, pubkey=%#x", slot, parentHash, pubkey)
+		}
+		p, err := hr.ToProto()
+		if err != nil {
+			return nil, errors.Wrapf(err, "could not extract proto message from header")
+		}
+		return WrappedSignedBuilderBidDeneb(p)
+	case strings.ToLower(version.String(version.Capella)):
+		hr := &ExecHeaderResponseCapella{}
+		if err := json.Unmarshal(hb, hr); err != nil {
+			return nil, errors.Wrapf(err, "error unmarshaling the builder GetHeader response, using slot=%d, parentHash=%#x, pubkey=%#x", slot, parentHash, pubkey)
+		}
+		p, err := hr.ToProto()
+		if err != nil {
+			return nil, errors.Wrapf(err, "could not extract proto message from header")
+		}
+		return WrappedSignedBuilderBidCapella(p)
+	case strings.ToLower(version.String(version.Bellatrix)):
+		hr := &ExecHeaderResponse{}
+		if err := json.Unmarshal(hb, hr); err != nil {
+			return nil, errors.Wrapf(err, "error unmarshaling the builder GetHeader response, using slot=%d, parentHash=%#x, pubkey=%#x", slot, parentHash, pubkey)
+		}
+		p, err := hr.ToProto()
+		if err != nil {
+			return nil, errors.Wrap(err, "could not extract proto message from header")
+		}
+		return WrappedSignedBuilderBid(p)
+	default:
+		return nil, fmt.Errorf("unsupported header version %s", strings.ToLower(v.Version))
+	}
+}
+
+// RegisterValidator encodes the SignedValidatorRegistrationV1 message to json (including hex-encoding the byte
+// fields with 0x prefixes) and posts to the builder validator registration endpoint.
+func (c *Client) RegisterValidator(ctx context.Context, svr []*ethpb.SignedValidatorRegistrationV1) error {
+	ctx, span := trace.StartSpan(ctx, "builder.client.RegisterValidator")
+	defer span.End()
+	span.SetAttributes(trace.Int64Attribute("num_reqs", int64(len(svr))))
+
+	if len(svr) == 0 {
+		err := errors.Wrap(errMalformedRequest, "empty validator registration list")
+		tracing.AnnotateError(span, err)
+		return err
+	}
+	vs := make([]*structs.SignedValidatorRegistration, len(svr))
+	for i := 0; i < len(svr); i++ {
+		vs[i] = structs.SignedValidatorRegistrationFromConsensus(svr[i])
+	}
+	body, err := json.Marshal(vs)
+	if err != nil {
+		err := errors.Wrap(err, "error encoding the SignedValidatorRegistration value body in RegisterValidator")
+		tracing.AnnotateError(span, err)
+		return err
+	}
+
+	_, err = c.do(ctx, http.MethodPost, postRegisterValidatorPath, bytes.NewBuffer(body))
+	if err != nil {
+		return err
+	}
+	log.WithField("registrationCount", len(svr)).Debug("Successfully registered validator(s) on builder")
+	return nil
+}
+
+var errResponseVersionMismatch = errors.New("builder API response uses a different version than requested in " + api.VersionHeader + " header")
+
+// SubmitBlindedBlock calls the builder API endpoint that binds the validator to the builder and submits the block.
+// The response is the full execution payload used to create the blinded block.
+func (c *Client) SubmitBlindedBlock(ctx context.Context, sb interfaces.ReadOnlySignedBeaconBlock) (interfaces.ExecutionData, *v1.BlobsBundle, error) {
+	if !sb.IsBlinded() {
+		return nil, nil, errNotBlinded
+	}
+
+	// massage the proto struct type data into the api response type.
+	mj, err := structs.SignedBeaconBlockMessageJsoner(sb)
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "error generating blinded beacon block post request")
+	}
+
+	body, err := json.Marshal(mj)
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "error marshaling blinded block post request to json")
+	}
+	postOpts := func(r *http.Request) {
+		r.Header.Add("Eth-Consensus-Version", version.String(sb.Version()))
+		r.Header.Set("Content-Type", api.JsonMediaType)
+		r.Header.Set("Accept", api.JsonMediaType)
+	}
+	// post the blinded block - the execution payload response should contain the unblinded payload, along with the
+	// blobs bundle if it is post deneb.
+	rb, err := c.do(ctx, http.MethodPost, postBlindedBeaconBlockPath, bytes.NewBuffer(body), postOpts)
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "error posting the blinded block to the builder api")
+	}
+	// ExecutionPayloadResponse parses just the outer container and the Value key, enabling it to use the .Value
+	// key to determine which underlying data type to use to finish the unmarshaling.
+	ep := &ExecutionPayloadResponse{}
+	if err := json.Unmarshal(rb, ep); err != nil {
+		return nil, nil, errors.Wrap(err, "error unmarshaling the builder ExecutionPayloadResponse")
+	}
+	if strings.ToLower(ep.Version) != version.String(sb.Version()) {
+		return nil, nil, errors.Wrapf(errResponseVersionMismatch, "req=%s, recv=%s", strings.ToLower(ep.Version), version.String(sb.Version()))
+	}
+	// This parses the rest of the response and returns the inner data field.
+	pp, err := ep.ParsePayload()
+	if err != nil {
+		return nil, nil, errors.Wrapf(err, "failed to parse execution payload from builder with version=%s", ep.Version)
+	}
+	// Get the payload as a proto.Message so it can be wrapped as an execution payload interface.
+	pb, err := pp.PayloadProto()
+	if err != nil {
+		return nil, nil, err
+	}
+	ed, err := blocks.NewWrappedExecutionData(pb)
+	if err != nil {
+		return nil, nil, err
+	}
+	bb, ok := pp.(BlobBundler)
+	if ok {
+		bbpb, err := bb.BundleProto()
+		if err != nil {
+			return nil, nil, errors.Wrapf(err, "failed to extract blobs bundle from builder response with version=%s", ep.Version)
+		}
+		return ed, bbpb, nil
+	}
+	return ed, nil, nil
+}
+
+// Status asks the remote builder server for a health check. A response of 200 with an empty body is the success/healthy
+// response, and an error response may have an error message. This method will return a nil value for error in the
+// happy path, and an error with information about the server response body for a non-200 response.
+func (c *Client) Status(ctx context.Context) error {
+	_, err := c.do(ctx, http.MethodGet, getStatus, nil)
+	return err
+}
+
+func non200Err(response *http.Response) error {
+	bodyBytes, err := io.ReadAll(io.LimitReader(response.Body, client.MaxErrBodySize))
+	var errMessage ErrorMessage
+	var body string
+	if err != nil {
+		body = "(Unable to read response body.)"
+	} else {
+		body = "response body:\n" + string(bodyBytes)
+	}
+	msg := fmt.Sprintf("code=%d, url=%s, body=%s", response.StatusCode, response.Request.URL, body)
+	switch response.StatusCode {
+	case http.StatusNoContent:
+		log.WithError(ErrNoContent).Debug(msg)
+		return ErrNoContent
+	case http.StatusBadRequest:
+		log.WithError(ErrBadRequest).Debug(msg)
+		if jsonErr := json.Unmarshal(bodyBytes, &errMessage); jsonErr != nil {
+			return errors.Wrap(jsonErr, "unable to read response body")
+		}
+		return errors.Wrap(ErrBadRequest, errMessage.Message)
+	case http.StatusNotFound:
+		log.WithError(ErrNotFound).Debug(msg)
+		if jsonErr := json.Unmarshal(bodyBytes, &errMessage); jsonErr != nil {
+			return errors.Wrap(jsonErr, "unable to read response body")
+		}
+		return errors.Wrap(ErrNotFound, errMessage.Message)
+	case http.StatusInternalServerError:
+		log.WithError(ErrNotOK).Debug(msg)
+		if jsonErr := json.Unmarshal(bodyBytes, &errMessage); jsonErr != nil {
+			return errors.Wrap(jsonErr, "unable to read response body")
+		}
+		return errors.Wrap(ErrNotOK, errMessage.Message)
+	default:
+		log.WithError(ErrNotOK).Debug(msg)
+		return errors.Wrap(ErrNotOK, fmt.Sprintf("unsupported error code: %d", response.StatusCode))
+	}
+}

api/client/builder/client_test.go

@@ -0,0 +1,897 @@
+package builder
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strconv"
+	"testing"
+
+	"github.com/prysmaticlabs/go-bitfield"
+	"github.com/prysmaticlabs/prysm/v5/api/server/structs"
+	"github.com/prysmaticlabs/prysm/v5/config/params"
+	"github.com/prysmaticlabs/prysm/v5/consensus-types/blocks"
+	"github.com/prysmaticlabs/prysm/v5/consensus-types/primitives"
+	"github.com/prysmaticlabs/prysm/v5/encoding/bytesutil"
+	v1 "github.com/prysmaticlabs/prysm/v5/proto/engine/v1"
+	eth "github.com/prysmaticlabs/prysm/v5/proto/prysm/v1alpha1"
+	"github.com/prysmaticlabs/prysm/v5/testing/assert"
+	"github.com/prysmaticlabs/prysm/v5/testing/require"
+	log "github.com/sirupsen/logrus"
+)
+
+type roundtrip func(*http.Request) (*http.Response, error)
+
+func (fn roundtrip) RoundTrip(r *http.Request) (*http.Response, error) {
+	return fn(r)
+}
+
+func TestClient_Status(t *testing.T) {
+	ctx := context.Background()
+	statusPath := "/eth/v1/builder/status"
+	hc := &http.Client{
+		Transport: roundtrip(func(r *http.Request) (*http.Response, error) {
+			defer func() {
+				if r.Body == nil {
+					return
+				}
+				require.NoError(t, r.Body.Close())
+			}()
+			require.Equal(t, statusPath, r.URL.Path)
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       io.NopCloser(bytes.NewBuffer(nil)),
+				Request:    r.Clone(ctx),
+			}, nil
+		}),
+	}
+	c := &Client{
+		hc:      hc,
+		baseURL: &url.URL{Host: "localhost:3500", Scheme: "http"},
+	}
+	require.NoError(t, c.Status(ctx))
+	hc = &http.Client{
+		Transport: roundtrip(func(r *http.Request) (*http.Response, error) {
+			defer func() {
+				if r.Body == nil {
+					return
+				}
+				require.NoError(t, r.Body.Close())
+			}()
+			require.Equal(t, statusPath, r.URL.Path)
+			message := ErrorMessage{
+				Code:    500,
+				Message: "Internal server error",
+			}
+			resp, err := json.Marshal(message)
+			require.NoError(t, err)
+			return &http.Response{
+				StatusCode: http.StatusInternalServerError,
+				Body:       io.NopCloser(bytes.NewBuffer(resp)),
+				Request:    r.Clone(ctx),
+			}, nil
+		}),
+	}
+	c = &Client{
+		hc:      hc,
+		baseURL: &url.URL{Host: "localhost:3500", Scheme: "http"},
+	}
+	require.ErrorIs(t, c.Status(ctx), ErrNotOK)
+}
+
+func TestClient_RegisterValidator(t *testing.T) {
+	ctx := context.Background()
+	expectedBody := `[{"message":{"fee_recipient":"0x0000000000000000000000000000000000000000","gas_limit":"23","timestamp":"42","pubkey":"0x93247f2209abcacf57b75a51dafae777f9dd38bc7053d1af526f220a7489a6d3a2753e5f3e8b1cfe39b56f43611df74a"},"signature":"0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"}]`
+	expectedPath := "/eth/v1/builder/validators"
+	hc := &http.Client{
+		Transport: roundtrip(func(r *http.Request) (*http.Response, error) {
+			body, err := io.ReadAll(r.Body)
+			defer func() {
+				require.NoError(t, r.Body.Close())
+			}()
+			require.NoError(t, err)
+			require.Equal(t, expectedBody, string(body))
+			require.Equal(t, expectedPath, r.URL.Path)
+			require.Equal(t, http.MethodPost, r.Method)
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       io.NopCloser(bytes.NewBuffer(nil)),
+				Request:    r.Clone(ctx),
+			}, nil
+		}),
+	}
+	c := &Client{
+		hc:      hc,
+		baseURL: &url.URL{Host: "localhost:3500", Scheme: "http"},
+	}
+	reg := &eth.SignedValidatorRegistrationV1{
+		Message: &eth.ValidatorRegistrationV1{
+			FeeRecipient: ezDecode(t, params.BeaconConfig().EthBurnAddressHex),
+			GasLimit:     23,
+			Timestamp:    42,
+			Pubkey:       ezDecode(t, "0x93247f2209abcacf57b75a51dafae777f9dd38bc7053d1af526f220a7489a6d3a2753e5f3e8b1cfe39b56f43611df74a"),
+		},
+		Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+	}
+	require.NoError(t, c.RegisterValidator(ctx, []*eth.SignedValidatorRegistrationV1{reg}))
+}
+
+func TestClient_GetHeader(t *testing.T) {
+	ctx := context.Background()
+	expectedPath := "/eth/v1/builder/header/23/0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2/0x93247f2209abcacf57b75a51dafae777f9dd38bc7053d1af526f220a7489a6d3a2753e5f3e8b1cfe39b56f43611df74a"
+	var slot primitives.Slot = 23
+	parentHash := ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2")
+	pubkey := ezDecode(t, "0x93247f2209abcacf57b75a51dafae777f9dd38bc7053d1af526f220a7489a6d3a2753e5f3e8b1cfe39b56f43611df74a")
+	t.Run("server error", func(t *testing.T) {
+		hc := &http.Client{
+			Transport: roundtrip(func(r *http.Request) (*http.Response, error) {
+				require.Equal(t, expectedPath, r.URL.Path)
+				message := ErrorMessage{
+					Code:    500,
+					Message: "Internal server error",
+				}
+				resp, err := json.Marshal(message)
+				require.NoError(t, err)
+				return &http.Response{
+					StatusCode: http.StatusInternalServerError,
+					Body:       io.NopCloser(bytes.NewBuffer(resp)),
+					Request:    r.Clone(ctx),
+				}, nil
+			}),
+		}
+		c := &Client{
+			hc:      hc,
+			baseURL: &url.URL{Host: "localhost:3500", Scheme: "http"},
+		}
+
+		_, err := c.GetHeader(ctx, slot, bytesutil.ToBytes32(parentHash), bytesutil.ToBytes48(pubkey))
+		require.ErrorIs(t, err, ErrNotOK)
+	})
+	t.Run("header not available", func(t *testing.T) {
+		hc := &http.Client{
+			Transport: roundtrip(func(r *http.Request) (*http.Response, error) {
+				require.Equal(t, expectedPath, r.URL.Path)
+				return &http.Response{
+					StatusCode: http.StatusNoContent,
+					Body:       io.NopCloser(bytes.NewBuffer([]byte("No header is available."))),
+					Request:    r.Clone(ctx),
+				}, nil
+			}),
+		}
+		c := &Client{
+			hc:      hc,
+			baseURL: &url.URL{Host: "localhost:3500", Scheme: "http"},
+		}
+		_, err := c.GetHeader(ctx, slot, bytesutil.ToBytes32(parentHash), bytesutil.ToBytes48(pubkey))
+		require.ErrorIs(t, err, ErrNoContent)
+	})
+	t.Run("bellatrix", func(t *testing.T) {
+		hc := &http.Client{
+			Transport: roundtrip(func(r *http.Request) (*http.Response, error) {
+				require.Equal(t, expectedPath, r.URL.Path)
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       io.NopCloser(bytes.NewBufferString(testExampleHeaderResponse)),
+					Request:    r.Clone(ctx),
+				}, nil
+			}),
+		}
+		c := &Client{
+			hc:      hc,
+			baseURL: &url.URL{Host: "localhost:3500", Scheme: "http"},
+		}
+		h, err := c.GetHeader(ctx, slot, bytesutil.ToBytes32(parentHash), bytesutil.ToBytes48(pubkey))
+		require.NoError(t, err)
+		expectedSig := ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505")
+		require.Equal(t, true, bytes.Equal(expectedSig, h.Signature()))
+		expectedTxRoot := ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2")
+		bid, err := h.Message()
+		require.NoError(t, err)
+		bidHeader, err := bid.Header()
+		require.NoError(t, err)
+		withdrawalsRoot, err := bidHeader.TransactionsRoot()
+		require.NoError(t, err)
+		require.Equal(t, true, bytes.Equal(expectedTxRoot, withdrawalsRoot))
+		require.Equal(t, uint64(1), bidHeader.GasUsed())
+		// this matches the value in the testExampleHeaderResponse
+		bidStr := "652312848583266388373324160190187140051835877600158453279131187530910662656"
+		value, err := stringToUint256(bidStr)
+		require.NoError(t, err)
+		require.Equal(t, 0, value.Int.Cmp(primitives.WeiToBigInt(bid.Value())))
+		require.Equal(t, bidStr, primitives.WeiToBigInt(bid.Value()).String())
+	})
+	t.Run("capella", func(t *testing.T) {
+		hc := &http.Client{
+			Transport: roundtrip(func(r *http.Request) (*http.Response, error) {
+				require.Equal(t, expectedPath, r.URL.Path)
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       io.NopCloser(bytes.NewBufferString(testExampleHeaderResponseCapella)),
+					Request:    r.Clone(ctx),
+				}, nil
+			}),
+		}
+		c := &Client{
+			hc:      hc,
+			baseURL: &url.URL{Host: "localhost:3500", Scheme: "http"},
+		}
+		h, err := c.GetHeader(ctx, slot, bytesutil.ToBytes32(parentHash), bytesutil.ToBytes48(pubkey))
+		require.NoError(t, err)
+		expectedWithdrawalsRoot := ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2")
+		bid, err := h.Message()
+		require.NoError(t, err)
+		bidHeader, err := bid.Header()
+		require.NoError(t, err)
+		withdrawalsRoot, err := bidHeader.WithdrawalsRoot()
+		require.NoError(t, err)
+		require.Equal(t, true, bytes.Equal(expectedWithdrawalsRoot, withdrawalsRoot))
+		bidStr := "652312848583266388373324160190187140051835877600158453279131187530910662656"
+		value, err := stringToUint256(bidStr)
+		require.NoError(t, err)
+		require.Equal(t, 0, value.Int.Cmp(primitives.WeiToBigInt(bid.Value())))
+		require.Equal(t, bidStr, primitives.WeiToBigInt(bid.Value()).String())
+	})
+	t.Run("deneb", func(t *testing.T) {
+		hc := &http.Client{
+			Transport: roundtrip(func(r *http.Request) (*http.Response, error) {
+				require.Equal(t, expectedPath, r.URL.Path)
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       io.NopCloser(bytes.NewBufferString(testExampleHeaderResponseDeneb)),
+					Request:    r.Clone(ctx),
+				}, nil
+			}),
+		}
+		c := &Client{
+			hc:      hc,
+			baseURL: &url.URL{Host: "localhost:3500", Scheme: "http"},
+		}
+		h, err := c.GetHeader(ctx, slot, bytesutil.ToBytes32(parentHash), bytesutil.ToBytes48(pubkey))
+		require.NoError(t, err)
+		expectedWithdrawalsRoot := ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2")
+		bid, err := h.Message()
+		require.NoError(t, err)
+		bidHeader, err := bid.Header()
+		require.NoError(t, err)
+		withdrawalsRoot, err := bidHeader.WithdrawalsRoot()
+		require.NoError(t, err)
+		require.Equal(t, true, bytes.Equal(expectedWithdrawalsRoot, withdrawalsRoot))
+
+		bidStr := "652312848583266388373324160190187140051835877600158453279131187530910662656"
+		value, err := stringToUint256(bidStr)
+		require.NoError(t, err)
+		require.Equal(t, 0, value.Int.Cmp(primitives.WeiToBigInt(bid.Value())))
+		require.Equal(t, bidStr, primitives.WeiToBigInt(bid.Value()).String())
+
+		kcgCommitments, err := bid.BlobKzgCommitments()
+		require.NoError(t, err)
+		require.Equal(t, len(kcgCommitments) > 0, true)
+		for i := range kcgCommitments {
+			require.Equal(t, len(kcgCommitments[i]) == 48, true)
+		}
+	})
+	t.Run("deneb, too many kzg commitments", func(t *testing.T) {
+		hc := &http.Client{
+			Transport: roundtrip(func(r *http.Request) (*http.Response, error) {
+				require.Equal(t, expectedPath, r.URL.Path)
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       io.NopCloser(bytes.NewBufferString(testExampleHeaderResponseDenebTooManyBlobs)),
+					Request:    r.Clone(ctx),
+				}, nil
+			}),
+		}
+		c := &Client{
+			hc:      hc,
+			baseURL: &url.URL{Host: "localhost:3500", Scheme: "http"},
+		}
+		_, err := c.GetHeader(ctx, slot, bytesutil.ToBytes32(parentHash), bytesutil.ToBytes48(pubkey))
+		require.ErrorContains(t, "could not extract proto message from header: too many blob commitments: 7", err)
+	})
+	t.Run("unsupported version", func(t *testing.T) {
+		hc := &http.Client{
+			Transport: roundtrip(func(r *http.Request) (*http.Response, error) {
+				require.Equal(t, expectedPath, r.URL.Path)
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       io.NopCloser(bytes.NewBufferString(testExampleHeaderResponseUnknownVersion)),
+					Request:    r.Clone(ctx),
+				}, nil
+			}),
+		}
+		c := &Client{
+			hc:      hc,
+			baseURL: &url.URL{Host: "localhost:3500", Scheme: "http"},
+		}
+		_, err := c.GetHeader(ctx, slot, bytesutil.ToBytes32(parentHash), bytesutil.ToBytes48(pubkey))
+		require.ErrorContains(t, "unsupported header version", err)
+	})
+}
+
+func TestSubmitBlindedBlock(t *testing.T) {
+	ctx := context.Background()
+
+	t.Run("bellatrix", func(t *testing.T) {
+		hc := &http.Client{
+			Transport: roundtrip(func(r *http.Request) (*http.Response, error) {
+				require.Equal(t, postBlindedBeaconBlockPath, r.URL.Path)
+				require.Equal(t, "bellatrix", r.Header.Get("Eth-Consensus-Version"))
+				require.Equal(t, "application/json", r.Header.Get("Content-Type"))
+				require.Equal(t, "application/json", r.Header.Get("Accept"))
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       io.NopCloser(bytes.NewBufferString(testExampleExecutionPayload)),
+					Request:    r.Clone(ctx),
+				}, nil
+			}),
+		}
+		c := &Client{
+			hc:      hc,
+			baseURL: &url.URL{Host: "localhost:3500", Scheme: "http"},
+		}
+		sbbb, err := blocks.NewSignedBeaconBlock(testSignedBlindedBeaconBlockBellatrix(t))
+		require.NoError(t, err)
+		ep, _, err := c.SubmitBlindedBlock(ctx, sbbb)
+		require.NoError(t, err)
+		require.Equal(t, true, bytes.Equal(ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"), ep.ParentHash()))
+		bfpg, err := stringToUint256("452312848583266388373324160190187140051835877600158453279131187530910662656")
+		require.NoError(t, err)
+		require.Equal(t, fmt.Sprintf("%#x", bfpg.SSZBytes()), fmt.Sprintf("%#x", ep.BaseFeePerGas()))
+		require.Equal(t, uint64(1), ep.GasLimit())
+	})
+	t.Run("capella", func(t *testing.T) {
+		hc := &http.Client{
+			Transport: roundtrip(func(r *http.Request) (*http.Response, error) {
+				require.Equal(t, postBlindedBeaconBlockPath, r.URL.Path)
+				require.Equal(t, "capella", r.Header.Get("Eth-Consensus-Version"))
+				require.Equal(t, "application/json", r.Header.Get("Content-Type"))
+				require.Equal(t, "application/json", r.Header.Get("Accept"))
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       io.NopCloser(bytes.NewBufferString(testExampleExecutionPayloadCapella)),
+					Request:    r.Clone(ctx),
+				}, nil
+			}),
+		}
+		c := &Client{
+			hc:      hc,
+			baseURL: &url.URL{Host: "localhost:3500", Scheme: "http"},
+		}
+		sbb, err := blocks.NewSignedBeaconBlock(testSignedBlindedBeaconBlockCapella(t))
+		require.NoError(t, err)
+		ep, _, err := c.SubmitBlindedBlock(ctx, sbb)
+		require.NoError(t, err)
+		withdrawals, err := ep.Withdrawals()
+		require.NoError(t, err)
+		require.Equal(t, 1, len(withdrawals))
+		assert.Equal(t, uint64(1), withdrawals[0].Index)
+		assert.Equal(t, primitives.ValidatorIndex(1), withdrawals[0].ValidatorIndex)
+		assert.DeepEqual(t, ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943"), withdrawals[0].Address)
+		assert.Equal(t, uint64(1), withdrawals[0].Amount)
+	})
+	t.Run("deneb", func(t *testing.T) {
+		test := testSignedBlindedBeaconBlockDeneb(t)
+		hc := &http.Client{
+			Transport: roundtrip(func(r *http.Request) (*http.Response, error) {
+				require.Equal(t, postBlindedBeaconBlockPath, r.URL.Path)
+				require.Equal(t, "deneb", r.Header.Get("Eth-Consensus-Version"))
+				require.Equal(t, "application/json", r.Header.Get("Content-Type"))
+				require.Equal(t, "application/json", r.Header.Get("Accept"))
+				var req structs.SignedBlindedBeaconBlockDeneb
+				err := json.NewDecoder(r.Body).Decode(&req)
+				require.NoError(t, err)
+				block, err := req.ToConsensus()
+				require.NoError(t, err)
+				require.DeepEqual(t, block, test)
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       io.NopCloser(bytes.NewBufferString(testExampleExecutionPayloadDeneb)),
+					Request:    r.Clone(ctx),
+				}, nil
+			}),
+		}
+		c := &Client{
+			hc:      hc,
+			baseURL: &url.URL{Host: "localhost:3500", Scheme: "http"},
+		}
+
+		sbb, err := blocks.NewSignedBeaconBlock(test)
+		require.NoError(t, err)
+
+		ep, blobBundle, err := c.SubmitBlindedBlock(ctx, sbb)
+		require.NoError(t, err)
+		withdrawals, err := ep.Withdrawals()
+		require.NoError(t, err)
+		require.Equal(t, 1, len(withdrawals))
+		assert.Equal(t, uint64(1), withdrawals[0].Index)
+		assert.Equal(t, primitives.ValidatorIndex(1), withdrawals[0].ValidatorIndex)
+		assert.DeepEqual(t, ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943"), withdrawals[0].Address)
+		assert.Equal(t, uint64(1), withdrawals[0].Amount)
+		require.NotNil(t, blobBundle)
+	})
+	t.Run("mismatched versions, expected bellatrix got capella", func(t *testing.T) {
+		hc := &http.Client{
+			Transport: roundtrip(func(r *http.Request) (*http.Response, error) {
+				require.Equal(t, postBlindedBeaconBlockPath, r.URL.Path)
+				return &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       io.NopCloser(bytes.NewBufferString(testExampleExecutionPayloadCapella)), // send a Capella payload
+					Request:    r.Clone(ctx),
+				}, nil
+			}),
+		}
+		c := &Client{
+			hc:      hc,
+			baseURL: &url.URL{Host: "localhost:3500", Scheme: "http"},
+		}
+		sbbb, err := blocks.NewSignedBeaconBlock(testSignedBlindedBeaconBlockBellatrix(t))
+		require.NoError(t, err)
+		_, _, err = c.SubmitBlindedBlock(ctx, sbbb)
+		require.ErrorIs(t, err, errResponseVersionMismatch)
+	})
+	t.Run("not blinded", func(t *testing.T) {
+		sbb, err := blocks.NewSignedBeaconBlock(&eth.SignedBeaconBlockBellatrix{Block: &eth.BeaconBlockBellatrix{Body: &eth.BeaconBlockBodyBellatrix{ExecutionPayload: &v1.ExecutionPayload{}}}})
+		require.NoError(t, err)
+		_, _, err = (&Client{}).SubmitBlindedBlock(ctx, sbb)
+		require.ErrorIs(t, err, errNotBlinded)
+	})
+}
+
+func testSignedBlindedBeaconBlockBellatrix(t *testing.T) *eth.SignedBlindedBeaconBlockBellatrix {
+	return &eth.SignedBlindedBeaconBlockBellatrix{
+		Block: &eth.BlindedBeaconBlockBellatrix{
+			Slot:          1,
+			ProposerIndex: 1,
+			ParentRoot:    ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+			StateRoot:     ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+			Body: &eth.BlindedBeaconBlockBodyBellatrix{
+				RandaoReveal: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+				Eth1Data: &eth.Eth1Data{
+					DepositRoot:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					DepositCount: 1,
+					BlockHash:    ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+				},
+				Graffiti: ezDecode(t, "0xdeadbeefc0ffee"),
+				ProposerSlashings: []*eth.ProposerSlashing{
+					{
+						Header_1: &eth.SignedBeaconBlockHeader{
+							Header: &eth.BeaconBlockHeader{
+								Slot:          1,
+								ProposerIndex: 1,
+								ParentRoot:    ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								StateRoot:     ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								BodyRoot:      ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+							},
+							Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+						},
+						Header_2: &eth.SignedBeaconBlockHeader{
+							Header: &eth.BeaconBlockHeader{
+								Slot:          1,
+								ProposerIndex: 1,
+								ParentRoot:    ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								StateRoot:     ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								BodyRoot:      ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+							},
+							Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+						},
+					},
+				},
+				AttesterSlashings: []*eth.AttesterSlashing{
+					{
+						Attestation_1: &eth.IndexedAttestation{
+							AttestingIndices: []uint64{1},
+							Data: &eth.AttestationData{
+								Slot:            1,
+								CommitteeIndex:  1,
+								BeaconBlockRoot: ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								Source: &eth.Checkpoint{
+									Epoch: 1,
+									Root:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								},
+								Target: &eth.Checkpoint{
+									Epoch: 1,
+									Root:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								},
+							},
+							Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+						},
+						Attestation_2: &eth.IndexedAttestation{
+							AttestingIndices: []uint64{1},
+							Data: &eth.AttestationData{
+								Slot:            1,
+								CommitteeIndex:  1,
+								BeaconBlockRoot: ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								Source: &eth.Checkpoint{
+									Epoch: 1,
+									Root:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								},
+								Target: &eth.Checkpoint{
+									Epoch: 1,
+									Root:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								},
+							},
+							Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+						},
+					},
+				},
+				Attestations: []*eth.Attestation{
+					{
+						AggregationBits: bitfield.Bitlist{0x01},
+						Data: &eth.AttestationData{
+							Slot:            1,
+							CommitteeIndex:  1,
+							BeaconBlockRoot: ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+							Source: &eth.Checkpoint{
+								Epoch: 1,
+								Root:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+							},
+							Target: &eth.Checkpoint{
+								Epoch: 1,
+								Root:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+							},
+						},
+						Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+					},
+				},
+				Deposits: []*eth.Deposit{
+					{
+						Proof: [][]byte{ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2")},
+						Data: &eth.Deposit_Data{
+							PublicKey:             ezDecode(t, "0x93247f2209abcacf57b75a51dafae777f9dd38bc7053d1af526f220a7489a6d3a2753e5f3e8b1cfe39b56f43611df74a"),
+							WithdrawalCredentials: ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+							Amount:                1,
+							Signature:             ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+						},
+					},
+				},
+				VoluntaryExits: []*eth.SignedVoluntaryExit{
+					{
+						Exit: &eth.VoluntaryExit{
+							Epoch:          1,
+							ValidatorIndex: 1,
+						},
+						Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+					},
+				},
+				SyncAggregate: &eth.SyncAggregate{
+					SyncCommitteeSignature: make([]byte, 48),
+					SyncCommitteeBits:      bitfield.Bitvector512{0x01},
+				},
+				ExecutionPayloadHeader: &v1.ExecutionPayloadHeader{
+					ParentHash:       ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					FeeRecipient:     ezDecode(t, "0xabcf8e0d4e9587369b2301d0790347320302cc09"),
+					StateRoot:        ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					ReceiptsRoot:     ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					LogsBloom:        ezDecode(t, "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"),
+					PrevRandao:       ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					BlockNumber:      1,
+					GasLimit:         1,
+					GasUsed:          1,
+					Timestamp:        1,
+					ExtraData:        ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					BaseFeePerGas:    []byte(strconv.FormatUint(1, 10)),
+					BlockHash:        ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					TransactionsRoot: ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+				},
+			},
+		},
+		Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+	}
+}
+
+func testSignedBlindedBeaconBlockCapella(t *testing.T) *eth.SignedBlindedBeaconBlockCapella {
+	return &eth.SignedBlindedBeaconBlockCapella{
+		Block: &eth.BlindedBeaconBlockCapella{
+			Slot:          1,
+			ProposerIndex: 1,
+			ParentRoot:    ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+			StateRoot:     ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+			Body: &eth.BlindedBeaconBlockBodyCapella{
+				RandaoReveal: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+				Eth1Data: &eth.Eth1Data{
+					DepositRoot:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					DepositCount: 1,
+					BlockHash:    ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+				},
+				Graffiti: ezDecode(t, "0xdeadbeefc0ffee"),
+				ProposerSlashings: []*eth.ProposerSlashing{
+					{
+						Header_1: &eth.SignedBeaconBlockHeader{
+							Header: &eth.BeaconBlockHeader{
+								Slot:          1,
+								ProposerIndex: 1,
+								ParentRoot:    ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								StateRoot:     ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								BodyRoot:      ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+							},
+							Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+						},
+						Header_2: &eth.SignedBeaconBlockHeader{
+							Header: &eth.BeaconBlockHeader{
+								Slot:          1,
+								ProposerIndex: 1,
+								ParentRoot:    ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								StateRoot:     ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								BodyRoot:      ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+							},
+							Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+						},
+					},
+				},
+				AttesterSlashings: []*eth.AttesterSlashing{
+					{
+						Attestation_1: &eth.IndexedAttestation{
+							AttestingIndices: []uint64{1},
+							Data: &eth.AttestationData{
+								Slot:            1,
+								CommitteeIndex:  1,
+								BeaconBlockRoot: ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								Source: &eth.Checkpoint{
+									Epoch: 1,
+									Root:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								},
+								Target: &eth.Checkpoint{
+									Epoch: 1,
+									Root:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								},
+							},
+							Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+						},
+						Attestation_2: &eth.IndexedAttestation{
+							AttestingIndices: []uint64{1},
+							Data: &eth.AttestationData{
+								Slot:            1,
+								CommitteeIndex:  1,
+								BeaconBlockRoot: ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								Source: &eth.Checkpoint{
+									Epoch: 1,
+									Root:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								},
+								Target: &eth.Checkpoint{
+									Epoch: 1,
+									Root:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								},
+							},
+							Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+						},
+					},
+				},
+				Attestations: []*eth.Attestation{
+					{
+						AggregationBits: bitfield.Bitlist{0x01},
+						Data: &eth.AttestationData{
+							Slot:            1,
+							CommitteeIndex:  1,
+							BeaconBlockRoot: ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+							Source: &eth.Checkpoint{
+								Epoch: 1,
+								Root:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+							},
+							Target: &eth.Checkpoint{
+								Epoch: 1,
+								Root:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+							},
+						},
+						Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+					},
+				},
+				Deposits: []*eth.Deposit{
+					{
+						Proof: [][]byte{ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2")},
+						Data: &eth.Deposit_Data{
+							PublicKey:             ezDecode(t, "0x93247f2209abcacf57b75a51dafae777f9dd38bc7053d1af526f220a7489a6d3a2753e5f3e8b1cfe39b56f43611df74a"),
+							WithdrawalCredentials: ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+							Amount:                1,
+							Signature:             ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+						},
+					},
+				},
+				VoluntaryExits: []*eth.SignedVoluntaryExit{
+					{
+						Exit: &eth.VoluntaryExit{
+							Epoch:          1,
+							ValidatorIndex: 1,
+						},
+						Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+					},
+				},
+				SyncAggregate: &eth.SyncAggregate{
+					SyncCommitteeSignature: make([]byte, 48),
+					SyncCommitteeBits:      bitfield.Bitvector512{0x01},
+				},
+				ExecutionPayloadHeader: &v1.ExecutionPayloadHeaderCapella{
+					ParentHash:       ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					FeeRecipient:     ezDecode(t, "0xabcf8e0d4e9587369b2301d0790347320302cc09"),
+					StateRoot:        ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					ReceiptsRoot:     ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					LogsBloom:        ezDecode(t, "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"),
+					PrevRandao:       ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					BlockNumber:      1,
+					GasLimit:         1,
+					GasUsed:          1,
+					Timestamp:        1,
+					ExtraData:        ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					BaseFeePerGas:    []byte(strconv.FormatUint(1, 10)),
+					BlockHash:        ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					TransactionsRoot: ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					WithdrawalsRoot:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+				},
+			},
+		},
+		Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+	}
+}
+
+func testSignedBlindedBeaconBlockDeneb(t *testing.T) *eth.SignedBlindedBeaconBlockDeneb {
+	basebytes, err := bytesutil.Uint256ToSSZBytes("14074904626401341155369551180448584754667373453244490859944217516317499064576")
+	if err != nil {
+		log.Error(err)
+	}
+	return &eth.SignedBlindedBeaconBlockDeneb{
+		Message: &eth.BlindedBeaconBlockDeneb{
+			Slot:          1,
+			ProposerIndex: 1,
+			ParentRoot:    ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+			StateRoot:     ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+			Body: &eth.BlindedBeaconBlockBodyDeneb{
+				RandaoReveal: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+				Eth1Data: &eth.Eth1Data{
+					DepositRoot:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					DepositCount: 1,
+					BlockHash:    ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+				},
+				Graffiti: ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+				ProposerSlashings: []*eth.ProposerSlashing{
+					{
+						Header_1: &eth.SignedBeaconBlockHeader{
+							Header: &eth.BeaconBlockHeader{
+								Slot:          1,
+								ProposerIndex: 1,
+								ParentRoot:    ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								StateRoot:     ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								BodyRoot:      ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+							},
+							Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+						},
+						Header_2: &eth.SignedBeaconBlockHeader{
+							Header: &eth.BeaconBlockHeader{
+								Slot:          1,
+								ProposerIndex: 1,
+								ParentRoot:    ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								StateRoot:     ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								BodyRoot:      ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+							},
+							Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+						},
+					},
+				},
+				AttesterSlashings: []*eth.AttesterSlashing{
+					{
+						Attestation_1: &eth.IndexedAttestation{
+							AttestingIndices: []uint64{1},
+							Data: &eth.AttestationData{
+								Slot:            1,
+								CommitteeIndex:  1,
+								BeaconBlockRoot: ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								Source: &eth.Checkpoint{
+									Epoch: 1,
+									Root:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								},
+								Target: &eth.Checkpoint{
+									Epoch: 1,
+									Root:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								},
+							},
+							Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+						},
+						Attestation_2: &eth.IndexedAttestation{
+							AttestingIndices: []uint64{1},
+							Data: &eth.AttestationData{
+								Slot:            1,
+								CommitteeIndex:  1,
+								BeaconBlockRoot: ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								Source: &eth.Checkpoint{
+									Epoch: 1,
+									Root:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								},
+								Target: &eth.Checkpoint{
+									Epoch: 1,
+									Root:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+								},
+							},
+							Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+						},
+					},
+				},
+				Attestations: []*eth.Attestation{
+					{
+						AggregationBits: bitfield.Bitlist{0x01},
+						Data: &eth.AttestationData{
+							Slot:            1,
+							CommitteeIndex:  1,
+							BeaconBlockRoot: ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+							Source: &eth.Checkpoint{
+								Epoch: 1,
+								Root:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+							},
+							Target: &eth.Checkpoint{
+								Epoch: 1,
+								Root:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+							},
+						},
+						Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+					},
+				},
+				Deposits: []*eth.Deposit{
+					{
+						Proof: [][]byte{ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2")},
+						Data: &eth.Deposit_Data{
+							PublicKey:             ezDecode(t, "0x93247f2209abcacf57b75a51dafae777f9dd38bc7053d1af526f220a7489a6d3a2753e5f3e8b1cfe39b56f43611df74a"),
+							WithdrawalCredentials: ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+							Amount:                1,
+							Signature:             ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+						},
+					},
+				},
+				VoluntaryExits: []*eth.SignedVoluntaryExit{
+					{
+						Exit: &eth.VoluntaryExit{
+							Epoch:          1,
+							ValidatorIndex: 1,
+						},
+						Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+					},
+				},
+				SyncAggregate: &eth.SyncAggregate{
+					SyncCommitteeSignature: make([]byte, 96),
+					SyncCommitteeBits:      ezDecode(t, "0x6451e9f951ebf05edc01de67e593484b672877054f055903ff0df1a1a945cf30ca26bb4d4b154f94a1bc776bcf5d0efb3603e1f9b8ee2499ccdcfe2a18cef458"),
+				},
+				ExecutionPayloadHeader: &v1.ExecutionPayloadHeaderDeneb{
+					ParentHash:       ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					FeeRecipient:     ezDecode(t, "0xabcf8e0d4e9587369b2301d0790347320302cc09"),
+					StateRoot:        ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					ReceiptsRoot:     ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					LogsBloom:        ezDecode(t, "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"),
+					PrevRandao:       ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					BlockNumber:      1,
+					GasLimit:         1,
+					GasUsed:          1,
+					Timestamp:        1,
+					ExtraData:        ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					BaseFeePerGas:    basebytes,
+					BlockHash:        ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					TransactionsRoot: ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					WithdrawalsRoot:  ezDecode(t, "0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"),
+					BlobGasUsed:      1,
+					ExcessBlobGas:    2,
+				},
+			},
+		},
+		Signature: ezDecode(t, "0x1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505cc411d61252fb6cb3fa0017b679f8bb2305b26a285fa2737f175668d0dff91cc1b66ac1fb663c9bc59509846d6ec05345bd908eda73e670af888da41af171505"),
+	}
+}
+
+func TestRequestLogger(t *testing.T) {
+	wo := WithObserver(&requestLogger{})
+	c, err := NewClient("localhost:3500", wo)
+	require.NoError(t, err)
+
+	ctx := context.Background()
+	hc := &http.Client{
+		Transport: roundtrip(func(r *http.Request) (*http.Response, error) {
+			require.Equal(t, getStatus, r.URL.Path)
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       io.NopCloser(bytes.NewBufferString(testExampleExecutionPayload)),
+				Request:    r.Clone(ctx),
+			}, nil
+		}),
+	}
+	c.hc = hc
+	err = c.Status(ctx)
+	require.NoError(t, err)
+}

api/client/builder/errors.go

@@ -0,0 +1,17 @@
+package builder
+
+import "github.com/pkg/errors"
+
+// ErrNotOK is used to indicate when an HTTP request to the Beacon Node API failed with any non-2xx response code.
+// More specific errors may be returned, but an error in reaction to a non-2xx response will always wrap ErrNotOK.
+var ErrNotOK = errors.New("did not receive 200 response from API")
+
+// ErrNotFound specifically means that a '404 - NOT FOUND' response was received from the API.
+var ErrNotFound = errors.Wrap(ErrNotOK, "recv 404 NotFound response from API")
+
+// ErrBadRequest specifically means that a '400 - BAD REQUEST' response was received from the API.
+var ErrBadRequest = errors.Wrap(ErrNotOK, "recv 400 BadRequest response from API")
+
+// ErrNoContent specifically means that a '204 - No Content' response was received from the API.
+// Typically, a 204 is a success but in this case for the Header API means No header is available
+var ErrNoContent = errors.New("recv 204 no content response from API, No header is available")

api/client/builder/testdata/execution-payload-capella.json

@@ -0,0 +1 @@
+{"parent_hash":"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2","fee_recipient":"0xabcf8e0d4e9587369b2301d0790347320302cc09","state_root":"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2","receipts_root":"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2","logs_bloom":"0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000","prev_randao":"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2","block_number":"1","gas_limit":"1","gas_used":"1","timestamp":"1","extra_data":"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2","base_fee_per_gas":"14074904626401341155369551180448584754667373453244490859944217516317499064576","block_hash":"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2","transactions_root":"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2","withdrawals_root":"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"}

api/client/builder/testdata/execution-payload.json

@@ -0,0 +1 @@
+{"parent_hash":"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2","fee_recipient":"0xabcf8e0d4e9587369b2301d0790347320302cc09","state_root":"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2","receipts_root":"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2","logs_bloom":"0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000","prev_randao":"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2","block_number":"1","gas_limit":"1","gas_used":"1","timestamp":"1","extra_data":"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2","base_fee_per_gas":"14074904626401341155369551180448584754667373453244490859944217516317499064576","block_hash":"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2","transactions_root":"0xcf8e0d4e9587369b2301d0790347320302cc0943d5a1884560367e8208d920f2"}

api/client/builder/testing/BUILD.bazel

@@ -0,0 +1,16 @@
+load("@prysm//tools/go:def.bzl", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = ["mock.go"],
+    importpath = "github.com/prysmaticlabs/prysm/v5/api/client/builder/testing",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//api/client/builder:go_default_library",
+        "//consensus-types/interfaces:go_default_library",
+        "//consensus-types/primitives:go_default_library",
+        "//encoding/bytesutil:go_default_library",
+        "//proto/engine/v1:go_default_library",
+        "//proto/prysm/v1alpha1:go_default_library",
+    ],
+)

api/client/builder/testing/mock.go

@@ -0,0 +1,51 @@
+package testing
+
+import (
+	"context"
+
+	"github.com/prysmaticlabs/prysm/v5/api/client/builder"
+	"github.com/prysmaticlabs/prysm/v5/consensus-types/interfaces"
+	"github.com/prysmaticlabs/prysm/v5/consensus-types/primitives"
+	"github.com/prysmaticlabs/prysm/v5/encoding/bytesutil"
+	v1 "github.com/prysmaticlabs/prysm/v5/proto/engine/v1"
+	ethpb "github.com/prysmaticlabs/prysm/v5/proto/prysm/v1alpha1"
+)
+
+// MockClient is a mock implementation of BuilderClient.
+type MockClient struct {
+	RegisteredVals map[[48]byte]bool
+}
+
+// NewClient creates a new, correctly initialized mock.
+func NewClient() MockClient {
+	return MockClient{RegisteredVals: map[[48]byte]bool{}}
+}
+
+// NodeURL --
+func (MockClient) NodeURL() string {
+	return ""
+}
+
+// GetHeader --
+func (MockClient) GetHeader(_ context.Context, _ primitives.Slot, _ [32]byte, _ [48]byte) (builder.SignedBid, error) {
+	return nil, nil
+}
+
+// RegisterValidator --
+func (m MockClient) RegisterValidator(_ context.Context, svr []*ethpb.SignedValidatorRegistrationV1) error {
+	for _, r := range svr {
+		b := bytesutil.ToBytes48(r.Message.Pubkey)
+		m.RegisteredVals[b] = true
+	}
+	return nil
+}
+
+// SubmitBlindedBlock --
+func (MockClient) SubmitBlindedBlock(_ context.Context, _ interfaces.ReadOnlySignedBeaconBlock) (interfaces.ExecutionData, *v1.BlobsBundle, error) {
+	return nil, nil, nil
+}
+
+// Status --
+func (MockClient) Status(_ context.Context) error {
+	return nil
+}

api/client/client.go

@@ -0,0 +1,105 @@
+package client
+
+import (
+	"context"
+	"io"
+	"net"
+	"net/http"
+	"net/url"
+
+	"github.com/pkg/errors"
+)
+
+const (
+	MaxBodySize      int64 = 1 << 23 // 8MB default, WithMaxBodySize can override
+	MaxBodySizeState int64 = 1 << 29 // 512MB
+	MaxErrBodySize   int64 = 1 << 17 // 128KB
+)
+
+// Client is a wrapper object around the HTTP client.
+type Client struct {
+	hc          *http.Client
+	baseURL     *url.URL
+	token       string
+	maxBodySize int64
+}
+
+// NewClient constructs a new client with the provided options (ex WithTimeout).
+// `host` is the base host + port used to construct request urls. This value can be
+// a URL string, or NewClient will assume an http endpoint if just `host:port` is used.
+func NewClient(host string, opts ...ClientOpt) (*Client, error) {
+	u, err := urlForHost(host)
+	if err != nil {
+		return nil, err
+	}
+	c := &Client{
+		hc:          &http.Client{},
+		baseURL:     u,
+		maxBodySize: MaxBodySize,
+	}
+	for _, o := range opts {
+		o(c)
+	}
+	return c, nil
+}
+
+// Token returns the bearer token used for jwt authentication
+func (c *Client) Token() string {
+	return c.token
+}
+
+// BaseURL returns the base url of the client
+func (c *Client) BaseURL() *url.URL {
+	return c.baseURL
+}
+
+// Do execute the request against the http client
+func (c *Client) Do(req *http.Request) (*http.Response, error) {
+	return c.hc.Do(req)
+}
+
+func urlForHost(h string) (*url.URL, error) {
+	// try to parse as url (being permissive)
+	u, err := url.Parse(h)
+	if err == nil && u.Host != "" {
+		return u, nil
+	}
+	// try to parse as host:port
+	host, port, err := net.SplitHostPort(h)
+	if err != nil {
+		return nil, ErrMalformedHostname
+	}
+	return &url.URL{Host: net.JoinHostPort(host, port), Scheme: "http"}, nil
+}
+
+// NodeURL returns a human-readable string representation of the beacon node base url.
+func (c *Client) NodeURL() string {
+	return c.baseURL.String()
+}
+
+// Get is a generic, opinionated GET function to reduce boilerplate amongst the getters in this package.
+func (c *Client) Get(ctx context.Context, path string, opts ...ReqOption) ([]byte, error) {
+	u := c.baseURL.ResolveReference(&url.URL{Path: path})
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, u.String(), http.NoBody)
+	if err != nil {
+		return nil, err
+	}
+	for _, o := range opts {
+		o(req)
+	}
+	r, err := c.hc.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer func() {
+		err = r.Body.Close()
+	}()
+	if r.StatusCode != http.StatusOK {
+		return nil, Non200Err(r)
+	}
+	b, err := io.ReadAll(io.LimitReader(r.Body, c.maxBodySize))
+	if err != nil {
+		return nil, errors.Wrap(err, "error reading http response body")
+	}
+	return b, nil
+}

api/client/client_test.go

@@ -0,0 +1,48 @@
+package client
+
+import (
+	"net/url"
+	"testing"
+
+	"github.com/prysmaticlabs/prysm/v5/testing/require"
+)
+
+func TestValidHostname(t *testing.T) {
+	cases := []struct {
+		name    string
+		hostArg string
+		path    string
+		joined  string
+		err     error
+	}{
+		{
+			name:    "hostname without port",
+			hostArg: "mydomain.org",
+			err:     ErrMalformedHostname,
+		},
+	}
+	for _, c := range cases {
+		t.Run(c.name, func(t *testing.T) {
+			cl, err := NewClient(c.hostArg)
+			if c.err != nil {
+				require.ErrorIs(t, err, c.err)
+				return
+			}
+			require.NoError(t, err)
+			require.Equal(t, c.joined, cl.BaseURL().ResolveReference(&url.URL{Path: c.path}).String())
+		})
+	}
+}
+
+func TestWithAuthenticationToken(t *testing.T) {
+	cl, err := NewClient("https://www.offchainlabs.com:3500", WithAuthenticationToken("my token"))
+	require.NoError(t, err)
+	require.Equal(t, cl.Token(), "my token")
+}
+
+func TestBaseURL(t *testing.T) {
+	cl, err := NewClient("https://www.offchainlabs.com:3500")
+	require.NoError(t, err)
+	require.Equal(t, "www.offchainlabs.com", cl.BaseURL().Hostname())
+	require.Equal(t, "3500", cl.BaseURL().Port())
+}

api/client/errors.go

@@ -0,0 +1,43 @@
+package client
+
+import (
+	"fmt"
+	"io"
+	"net/http"
+
+	"github.com/pkg/errors"
+)
+
+// ErrMalformedHostname is used to indicate if a host name's format is incorrect.
+var ErrMalformedHostname = errors.New("hostname must include port, separated by one colon, like example.com:3500")
+
+// ErrNotOK is used to indicate when an HTTP request to the API failed with any non-2xx response code.
+// More specific errors may be returned, but an error in reaction to a non-2xx response will always wrap ErrNotOK.
+var ErrNotOK = errors.New("did not receive 2xx response from API")
+
+// ErrNotFound specifically means that a '404 - NOT FOUND' response was received from the API.
+var ErrNotFound = errors.Wrap(ErrNotOK, "recv 404 NotFound response from API")
+
+// ErrInvalidNodeVersion indicates that the /eth/v1/node/version API response format was not recognized.
+var ErrInvalidNodeVersion = errors.New("invalid node version response")
+
+// ErrConnectionIssue represents a connection problem.
+var ErrConnectionIssue = errors.New("could not connect")
+
+// Non200Err is a function that parses an HTTP response to handle responses that are not 200 with a formatted error.
+func Non200Err(r *http.Response) error {
+	b, err := io.ReadAll(io.LimitReader(r.Body, MaxErrBodySize))
+	var body string
+	if err != nil {
+		body = "(Unable to read response body.)"
+	} else {
+		body = "response body:\n" + string(b)
+	}
+	msg := fmt.Sprintf("code=%d, url=%s, body=%s", r.StatusCode, r.Request.URL, body)
+	switch r.StatusCode {
+	case http.StatusNotFound:
+		return errors.Wrap(ErrNotFound, msg)
+	default:
+		return errors.Wrap(ErrNotOK, msg)
+	}
+}

api/client/event/BUILD.bazel

@@ -0,0 +1,30 @@
+load("@prysm//tools/go:def.bzl", "go_library", "go_test")
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "event_stream.go",
+        "utils.go",
+    ],
+    importpath = "github.com/prysmaticlabs/prysm/v5/api/client/event",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//api:go_default_library",
+        "//api/client:go_default_library",
+        "@com_github_pkg_errors//:go_default_library",
+        "@com_github_sirupsen_logrus//:go_default_library",
+    ],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = [
+        "event_stream_test.go",
+        "utils_test.go",
+    ],
+    embed = [":go_default_library"],
+    deps = [
+        "//testing/require:go_default_library",
+        "@com_github_sirupsen_logrus//:go_default_library",
+    ],
+)

api/client/event/event_stream.go

@@ -0,0 +1,151 @@
+package event
+
+import (
+	"bufio"
+	"context"
+	"net/http"
+	"net/url"
+	"strings"
+
+	"github.com/pkg/errors"
+	"github.com/prysmaticlabs/prysm/v5/api"
+	"github.com/prysmaticlabs/prysm/v5/api/client"
+	log "github.com/sirupsen/logrus"
+)
+
+const (
+	EventHead                        = "head"
+	EventBlock                       = "block"
+	EventAttestation                 = "attestation"
+	EventVoluntaryExit               = "voluntary_exit"
+	EventBlsToExecutionChange        = "bls_to_execution_change"
+	EventProposerSlashing            = "proposer_slashing"
+	EventAttesterSlashing            = "attester_slashing"
+	EventFinalizedCheckpoint         = "finalized_checkpoint"
+	EventChainReorg                  = "chain_reorg"
+	EventContributionAndProof        = "contribution_and_proof"
+	EventLightClientFinalityUpdate   = "light_client_finality_update"
+	EventLightClientOptimisticUpdate = "light_client_optimistic_update"
+	EventPayloadAttributes           = "payload_attributes"
+	EventBlobSidecar                 = "blob_sidecar"
+	EventError                       = "error"
+	EventConnectionError             = "connection_error"
+)
+
+var (
+	_ = EventStreamClient(&EventStream{})
+)
+
+var DefaultEventTopics = []string{EventHead}
+
+type EventStreamClient interface {
+	Subscribe(eventsChannel chan<- *Event)
+}
+
+type Event struct {
+	EventType string
+	Data      []byte
+}
+
+// EventStream is responsible for subscribing to the Beacon API events endpoint
+// and dispatching received events to subscribers.
+type EventStream struct {
+	ctx        context.Context
+	httpClient *http.Client
+	host       string
+	topics     []string
+}
+
+func NewEventStream(ctx context.Context, httpClient *http.Client, host string, topics []string) (*EventStream, error) {
+	// Check if the host is a valid URL
+	_, err := url.ParseRequestURI(host)
+	if err != nil {
+		return nil, err
+	}
+	if len(topics) == 0 {
+		return nil, errors.New("no topics provided")
+	}
+
+	return &EventStream{
+		ctx:        ctx,
+		httpClient: httpClient,
+		host:       host,
+		topics:     topics,
+	}, nil
+}
+
+func (h *EventStream) Subscribe(eventsChannel chan<- *Event) {
+	allTopics := strings.Join(h.topics, ",")
+	log.WithField("topics", allTopics).Info("Listening to Beacon API events")
+	fullUrl := h.host + "/eth/v1/events?topics=" + allTopics
+	req, err := http.NewRequestWithContext(h.ctx, http.MethodGet, fullUrl, nil)
+	if err != nil {
+		eventsChannel <- &Event{
+			EventType: EventConnectionError,
+			Data:      []byte(errors.Wrap(err, "failed to create HTTP request").Error()),
+		}
+	}
+	req.Header.Set("Accept", api.EventStreamMediaType)
+	req.Header.Set("Connection", api.KeepAlive)
+	resp, err := h.httpClient.Do(req)
+	if err != nil {
+		eventsChannel <- &Event{
+			EventType: EventConnectionError,
+			Data:      []byte(errors.Wrap(err, client.ErrConnectionIssue.Error()).Error()),
+		}
+		return
+	}
+
+	defer func() {
+		if closeErr := resp.Body.Close(); closeErr != nil {
+			log.WithError(closeErr).Error("Failed to close events response body")
+		}
+	}()
+	// Create a new scanner to read lines from the response body
+	scanner := bufio.NewScanner(resp.Body)
+	// Set the split function for the scanning operation
+	scanner.Split(scanLinesWithCarriage)
+
+	var eventType, data string // Variables to store event type and data
+
+	// Iterate over lines of the event stream
+	for scanner.Scan() {
+		select {
+		case <-h.ctx.Done():
+			log.Info("Context canceled, stopping event stream")
+			close(eventsChannel)
+			return
+		default:
+			line := scanner.Text()
+			// Handle the event based on your specific format
+			if line == "" {
+				// Empty line indicates the end of an event
+				if eventType != "" && data != "" {
+					// Process the event when both eventType and data are set
+					eventsChannel <- &Event{EventType: eventType, Data: []byte(data)}
+				}
+
+				// Reset eventType and data for the next event
+				eventType, data = "", ""
+				continue
+			}
+			et, ok := strings.CutPrefix(line, "event: ")
+			if ok {
+				// Extract event type from the "event" field
+				eventType = et
+			}
+			d, ok := strings.CutPrefix(line, "data: ")
+			if ok {
+				// Extract data from the "data" field
+				data = d
+			}
+		}
+	}
+
+	if err := scanner.Err(); err != nil {
+		eventsChannel <- &Event{
+			EventType: EventConnectionError,
+			Data:      []byte(errors.Wrap(err, errors.Wrap(client.ErrConnectionIssue, "scanner failed").Error()).Error()),
+		}
+	}
+}

api/client/event/event_stream_test.go

@@ -0,0 +1,101 @@
+package event
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+	"time"
+
+	"github.com/prysmaticlabs/prysm/v5/testing/require"
+	log "github.com/sirupsen/logrus"
+)
+
+func TestNewEventStream(t *testing.T) {
+	validURL := "http://localhost:8080"
+	invalidURL := "://invalid"
+	topics := []string{"topic1", "topic2"}
+
+	tests := []struct {
+		name    string
+		host    string
+		topics  []string
+		wantErr bool
+	}{
+		{"Valid input", validURL, topics, false},
+		{"Invalid URL", invalidURL, topics, true},
+		{"No topics", validURL, []string{}, true},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			_, err := NewEventStream(context.Background(), &http.Client{}, tt.host, tt.topics)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("NewEventStream() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}
+
+func TestEventStream(t *testing.T) {
+	mux := http.NewServeMux()
+	mux.HandleFunc("/eth/v1/events", func(w http.ResponseWriter, _ *http.Request) {
+		flusher, ok := w.(http.Flusher)
+		require.Equal(t, true, ok)
+		for i := 1; i <= 3; i++ {
+			events := [3]string{"event: head\ndata: data%d\n\n", "event: head\rdata: data%d\r\r", "event: head\r\ndata: data%d\r\n\r\n"}
+			_, err := fmt.Fprintf(w, events[i-1], i)
+			require.NoError(t, err)
+			flusher.Flush()                    // Trigger flush to simulate streaming data
+			time.Sleep(100 * time.Millisecond) // Simulate delay between events
+		}
+	})
+	server := httptest.NewServer(mux)
+	defer server.Close()
+
+	topics := []string{"head"}
+	eventsChannel := make(chan *Event, 1)
+	stream, err := NewEventStream(context.Background(), http.DefaultClient, server.URL, topics)
+	require.NoError(t, err)
+	go stream.Subscribe(eventsChannel)
+
+	// Collect events
+	var events []*Event
+
+	for len(events) != 3 {
+		select {
+		case event := <-eventsChannel:
+			log.Info(event)
+			events = append(events, event)
+		}
+	}
+
+	// Assertions to verify the events content
+	expectedData := []string{"data1", "data2", "data3"}
+	for i, event := range events {
+		if string(event.Data) != expectedData[i] {
+			t.Errorf("Expected event data %q, got %q", expectedData[i], string(event.Data))
+		}
+	}
+}
+
+func TestEventStreamRequestError(t *testing.T) {
+	topics := []string{"head"}
+	eventsChannel := make(chan *Event, 1)
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	// use valid url that will result in failed request with nil body
+	stream, err := NewEventStream(ctx, http.DefaultClient, "http://badhost:1234", topics)
+	require.NoError(t, err)
+
+	// error will happen when request is made, should be received over events channel
+	go stream.Subscribe(eventsChannel)
+
+	event := <-eventsChannel
+	if event.EventType != EventConnectionError {
+		t.Errorf("Expected event type %q, got %q", EventConnectionError, event.EventType)
+	}
+
+}

api/client/event/utils.go

@@ -0,0 +1,36 @@
+package event
+
+import (
+	"bytes"
+)
+
+// adapted from ScanLines in scan.go to handle carriage return characters as separators
+func scanLinesWithCarriage(data []byte, atEOF bool) (advance int, token []byte, err error) {
+	if atEOF && len(data) == 0 {
+		return 0, nil, nil
+	}
+	if i, j := bytes.IndexByte(data, '\n'), bytes.IndexByte(data, '\r'); i >= 0 || j >= 0 {
+		in := i
+		// Select the first index of \n or \r or the second index of \r if it is followed by \n
+		if i < 0 || (i > j && i != j+1 && j >= 0) {
+			in = j
+		}
+
+		// We have a full newline-terminated line.
+		return in + 1, dropCR(data[0:in]), nil
+	}
+	// If we're at EOF, we have a final, non-terminated line. Return it.
+	if atEOF {
+		return len(data), dropCR(data), nil
+	}
+	// Request more data.
+	return 0, nil, nil
+}
+
+// dropCR drops a terminal \r from the data.
+func dropCR(data []byte) []byte {
+	if len(data) > 0 && data[len(data)-1] == '\r' {
+		return data[0 : len(data)-1]
+	}
+	return data
+}

api/client/event/utils_test.go

@@ -0,0 +1,97 @@
+package event
+
+import (
+	"bufio"
+	"bytes"
+	"testing"
+
+	"github.com/prysmaticlabs/prysm/v5/testing/require"
+)
+
+func TestScanLinesWithCarriage(t *testing.T) {
+	testCases := []struct {
+		name     string
+		input    string
+		expected []string
+	}{
+		{
+			name:     "LF line endings",
+			input:    "line1\nline2\nline3",
+			expected: []string{"line1", "line2", "line3"},
+		},
+		{
+			name:     "CR line endings",
+			input:    "line1\rline2\rline3",
+			expected: []string{"line1", "line2", "line3"},
+		},
+		{
+			name:     "CRLF line endings",
+			input:    "line1\r\nline2\r\nline3",
+			expected: []string{"line1", "line2", "line3"},
+		},
+		{
+			name:     "Mixed line endings",
+			input:    "line1\nline2\rline3\r\nline4",
+			expected: []string{"line1", "line2", "line3", "line4"},
+		},
+		{
+			name:     "Empty lines",
+			input:    "line1\n\nline2\r\rline3",
+			expected: []string{"line1", "", "line2", "", "line3"},
+		},
+		{
+			name:     "Empty lines 2",
+			input:    "line1\n\rline2\n\rline3",
+			expected: []string{"line1", "", "line2", "", "line3"},
+		},
+		{
+			name:     "No line endings",
+			input:    "single line without ending",
+			expected: []string{"single line without ending"},
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			scanner := bufio.NewScanner(bytes.NewReader([]byte(tc.input)))
+			scanner.Split(scanLinesWithCarriage)
+
+			var lines []string
+			for scanner.Scan() {
+				lines = append(lines, scanner.Text())
+			}
+
+			require.NoError(t, scanner.Err())
+			require.Equal(t, len(tc.expected), len(lines), "Number of lines does not match")
+			for i, line := range lines {
+				require.Equal(t, tc.expected[i], line, "Line %d does not match", i)
+			}
+		})
+	}
+}
+
+// TestScanLinesWithCarriageEdgeCases tests edge cases and potential error scenarios
+func TestScanLinesWithCarriageEdgeCases(t *testing.T) {
+	t.Run("Empty input", func(t *testing.T) {
+		scanner := bufio.NewScanner(bytes.NewReader([]byte("")))
+		scanner.Split(scanLinesWithCarriage)
+		require.Equal(t, scanner.Scan(), false)
+		require.NoError(t, scanner.Err())
+	})
+
+	t.Run("Very long line", func(t *testing.T) {
+		longLine := bytes.Repeat([]byte("a"), bufio.MaxScanTokenSize+1)
+		scanner := bufio.NewScanner(bytes.NewReader(longLine))
+		scanner.Split(scanLinesWithCarriage)
+		require.Equal(t, scanner.Scan(), false)
+		require.NotNil(t, scanner.Err())
+	})
+
+	t.Run("Line ending at max token size", func(t *testing.T) {
+		input := append(bytes.Repeat([]byte("a"), bufio.MaxScanTokenSize-1), '\n')
+		scanner := bufio.NewScanner(bytes.NewReader(input))
+		scanner.Split(scanLinesWithCarriage)
+		require.Equal(t, scanner.Scan(), true)
+		require.Equal(t, string(bytes.Repeat([]byte("a"), bufio.MaxScanTokenSize-1)), scanner.Text())
+	})
+}

api/client/options.go

@@ -0,0 +1,55 @@
+package client
+
+import (
+	"fmt"
+	"net/http"
+	"time"
+)
+
+// ReqOption is a request functional option.
+type ReqOption func(*http.Request)
+
+// WithSSZEncoding is a request functional option that adds SSZ encoding header.
+func WithSSZEncoding() ReqOption {
+	return func(req *http.Request) {
+		req.Header.Set("Accept", "application/octet-stream")
+	}
+}
+
+// WithAuthorizationToken is a request functional option that adds header for authorization token.
+func WithAuthorizationToken(token string) ReqOption {
+	return func(req *http.Request) {
+		req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
+	}
+}
+
+// ClientOpt is a functional option for the Client type (http.Client wrapper)
+type ClientOpt func(*Client)
+
+// WithTimeout sets the .Timeout attribute of the wrapped http.Client.
+func WithTimeout(timeout time.Duration) ClientOpt {
+	return func(c *Client) {
+		c.hc.Timeout = timeout
+	}
+}
+
+// WithRoundTripper replaces the underlying HTTP's transport with a custom one.
+func WithRoundTripper(t http.RoundTripper) ClientOpt {
+	return func(c *Client) {
+		c.hc.Transport = t
+	}
+}
+
+// WithAuthenticationToken sets an oauth token to be used.
+func WithAuthenticationToken(token string) ClientOpt {
+	return func(c *Client) {
+		c.token = token
+	}
+}
+
+// WithMaxBodySize overrides the default max body size of 8MB.
+func WithMaxBodySize(size int64) ClientOpt {
+	return func(c *Client) {
+		c.maxBodySize = size
+	}
+}

api/client/validator/BUILD.bazel

@@ -0,0 +1,13 @@
+load("@prysm//tools/go:def.bzl", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = ["client.go"],
+    importpath = "github.com/prysmaticlabs/prysm/v5/api/client/validator",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//api/client:go_default_library",
+        "//validator/rpc:go_default_library",
+        "@com_github_pkg_errors//:go_default_library",
+    ],
+)

api/client/validator/client.go

@@ -0,0 +1,121 @@
+package validator
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"strings"
+
+	"github.com/pkg/errors"
+	"github.com/prysmaticlabs/prysm/v5/api/client"
+	"github.com/prysmaticlabs/prysm/v5/validator/rpc"
+)
+
+const (
+	localKeysPath    = "/eth/v1/keystores"
+	remoteKeysPath   = "/eth/v1/remotekeys"
+	feeRecipientPath = "/eth/v1/validator/{pubkey}/feerecipient"
+)
+
+// Client provides a collection of helper methods for calling the Keymanager API endpoints.
+type Client struct {
+	*client.Client
+}
+
+// NewClient returns a new Client that includes functions for REST calls to keymanager APIs.
+func NewClient(host string, opts ...client.ClientOpt) (*Client, error) {
+	c, err := client.NewClient(host, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return &Client{c}, nil
+}
+
+// GetValidatorPubKeys gets the current list of web3signer or the local validator public keys in hex format.
+func (c *Client) GetValidatorPubKeys(ctx context.Context) ([]string, error) {
+	jsonlocal, err := c.GetLocalValidatorKeys(ctx)
+	if err != nil {
+		return nil, err
+	}
+	jsonremote, err := c.GetRemoteValidatorKeys(ctx)
+	if err != nil {
+		return nil, err
+	}
+	if len(jsonlocal.Data) == 0 && len(jsonremote.Data) == 0 {
+		return nil, errors.New("there are no local keys or remote keys on the validator")
+	}
+
+	hexKeys := make(map[string]bool)
+
+	for index := range jsonlocal.Data {
+		hexKeys[jsonlocal.Data[index].ValidatingPubkey] = true
+	}
+	for index := range jsonremote.Data {
+		hexKeys[jsonremote.Data[index].Pubkey] = true
+	}
+	keys := make([]string, 0)
+	for k := range hexKeys {
+		keys = append(keys, k)
+	}
+	return keys, nil
+}
+
+// GetLocalValidatorKeys calls the keymanager APIs for local validator keys
+func (c *Client) GetLocalValidatorKeys(ctx context.Context) (*rpc.ListKeystoresResponse, error) {
+	localBytes, err := c.Get(ctx, localKeysPath, client.WithAuthorizationToken(c.Token()))
+	if err != nil {
+		return nil, err
+	}
+	jsonlocal := &rpc.ListKeystoresResponse{}
+	if err := json.Unmarshal(localBytes, jsonlocal); err != nil {
+		return nil, errors.Wrap(err, "failed to parse local keystore list")
+	}
+	return jsonlocal, nil
+}
+
+// GetRemoteValidatorKeys calls the keymanager APIs for web3signer validator keys
+func (c *Client) GetRemoteValidatorKeys(ctx context.Context) (*rpc.ListRemoteKeysResponse, error) {
+	remoteBytes, err := c.Get(ctx, remoteKeysPath, client.WithAuthorizationToken(c.Token()))
+	if err != nil {
+		if !strings.Contains(err.Error(), "Prysm Wallet is not of type Web3Signer") {
+			return nil, err
+		}
+	}
+	jsonremote := &rpc.ListRemoteKeysResponse{}
+	if len(remoteBytes) != 0 {
+		if err := json.Unmarshal(remoteBytes, jsonremote); err != nil {
+			return nil, errors.Wrap(err, "failed to parse remote keystore list")
+		}
+	}
+	return jsonremote, nil
+}
+
+// GetFeeRecipientAddresses takes a list of validators in hex format and returns an equal length list of fee recipients in hex format.
+func (c *Client) GetFeeRecipientAddresses(ctx context.Context, validators []string) ([]string, error) {
+	feeRecipients := make([]string, len(validators))
+	for index, validator := range validators {
+		feejson, err := c.GetFeeRecipientAddress(ctx, validator)
+		if err != nil {
+			return nil, errors.Wrap(err, fmt.Sprintf("keymanager API failed to retrieve fee recipient for validator %s", validators[index]))
+		}
+		if feejson.Data == nil {
+			continue
+		}
+		feeRecipients[index] = feejson.Data.Ethaddress
+	}
+	return feeRecipients, nil
+}
+
+// GetFeeRecipientAddress takes a public key and calls the keymanager API to return its fee recipient.
+func (c *Client) GetFeeRecipientAddress(ctx context.Context, pubkey string) (*rpc.GetFeeRecipientByPubkeyResponse, error) {
+	path := strings.Replace(feeRecipientPath, "{pubkey}", pubkey, 1)
+	b, err := c.Get(ctx, path, client.WithAuthorizationToken(c.Token()))
+	if err != nil {
+		return nil, err
+	}
+	feejson := &rpc.GetFeeRecipientByPubkeyResponse{}
+	if err := json.Unmarshal(b, feejson); err != nil {
+		return nil, errors.Wrap(err, "failed to parse fee recipient")
+	}
+	return feejson, nil
+}

api/constants.go

@@ -0,0 +1,9 @@
+package api
+
+const (
+	WebUrlPrefix        = "/v2/validator/"
+	WebApiUrlPrefix     = "/api/v2/validator/"
+	KeymanagerApiPrefix = "/eth/v1"
+	SystemLogsPrefix    = "health/logs"
+	AuthTokenFileName   = "auth-token"
+)

api/gateway/BUILD.bazel

@@ -1,42 +0,0 @@
-load("@prysm//tools/go:def.bzl", "go_library", "go_test")
-
-go_library(
-    name = "go_default_library",
-    srcs = [
-        "gateway.go",
-        "log.go",
-        "options.go",
-    ],
-    importpath = "github.com/prysmaticlabs/prysm/api/gateway",
-    visibility = [
-        "//beacon-chain:__subpackages__",
-        "//validator:__subpackages__",
-    ],
-    deps = [
-        "//api/gateway/apimiddleware:go_default_library",
-        "//runtime:go_default_library",
-        "@com_github_gorilla_mux//:go_default_library",
-        "@com_github_grpc_ecosystem_grpc_gateway_v2//runtime:go_default_library",
-        "@com_github_pkg_errors//:go_default_library",
-        "@com_github_rs_cors//:go_default_library",
-        "@com_github_sirupsen_logrus//:go_default_library",
-        "@org_golang_google_grpc//:go_default_library",
-        "@org_golang_google_grpc//connectivity:go_default_library",
-        "@org_golang_google_grpc//credentials:go_default_library",
-    ],
-)
-
-go_test(
-    name = "go_default_test",
-    srcs = ["gateway_test.go"],
-    embed = [":go_default_library"],
-    deps = [
-        "//api/gateway/apimiddleware:go_default_library",
-        "//cmd/beacon-chain/flags:go_default_library",
-        "//testing/assert:go_default_library",
-        "//testing/require:go_default_library",
-        "@com_github_gorilla_mux//:go_default_library",
-        "@com_github_sirupsen_logrus//hooks/test:go_default_library",
-        "@com_github_urfave_cli_v2//:go_default_library",
-    ],
-)

api/gateway/apimiddleware/BUILD.bazel

@@ -1,40 +0,0 @@
-load("@prysm//tools/go:def.bzl", "go_library", "go_test")
-
-go_library(
-    name = "go_default_library",
-    srcs = [
-        "api_middleware.go",
-        "log.go",
-        "param_handling.go",
-        "process_field.go",
-        "process_request.go",
-        "structs.go",
-    ],
-    importpath = "github.com/prysmaticlabs/prysm/api/gateway/apimiddleware",
-    visibility = ["//visibility:public"],
-    deps = [
-        "//api/grpc:go_default_library",
-        "//encoding/bytesutil:go_default_library",
-        "@com_github_ethereum_go_ethereum//common/hexutil:go_default_library",
-        "@com_github_gorilla_mux//:go_default_library",
-        "@com_github_pkg_errors//:go_default_library",
-        "@com_github_sirupsen_logrus//:go_default_library",
-        "@com_github_wealdtech_go_bytesutil//:go_default_library",
-    ],
-)
-
-go_test(
-    name = "go_default_test",
-    srcs = [
-        "param_handling_test.go",
-        "process_request_test.go",
-    ],
-    embed = [":go_default_library"],
-    deps = [
-        "//api/grpc:go_default_library",
-        "//testing/assert:go_default_library",
-        "//testing/require:go_default_library",
-        "@com_github_gorilla_mux//:go_default_library",
-        "@com_github_sirupsen_logrus//hooks/test:go_default_library",
-    ],
-)

api/gateway/apimiddleware/api_middleware.go

@@ -1,265 +0,0 @@
-package apimiddleware
-
-import (
-	"net/http"
-	"reflect"
-	"time"
-
-	"github.com/gorilla/mux"
-)
-
-// ApiProxyMiddleware is a proxy between an Ethereum consensus API HTTP client and grpc-gateway.
-// The purpose of the proxy is to handle HTTP requests and gRPC responses in such a way that:
-//   - Ethereum consensus API requests can be handled by grpc-gateway correctly
-//   - gRPC responses can be returned as spec-compliant Ethereum consensus API responses
-type ApiProxyMiddleware struct {
-	GatewayAddress  string
-	EndpointCreator EndpointFactory
-	Timeout         time.Duration
-	router          *mux.Router
-}
-
-// EndpointFactory is responsible for creating new instances of Endpoint values.
-type EndpointFactory interface {
-	Create(path string) (*Endpoint, error)
-	Paths() []string
-	IsNil() bool
-}
-
-// Endpoint is a representation of an API HTTP endpoint that should be proxied by the middleware.
-type Endpoint struct {
-	Path               string          // The path of the HTTP endpoint.
-	GetResponse        interface{}     // The struct corresponding to the JSON structure used in a GET response.
-	PostRequest        interface{}     // The struct corresponding to the JSON structure used in a POST request.
-	PostResponse       interface{}     // The struct corresponding to the JSON structure used in a POST response.
-	DeleteRequest      interface{}     // The struct corresponding to the JSON structure used in a DELETE request.
-	DeleteResponse     interface{}     // The struct corresponding to the JSON structure used in a DELETE response.
-	RequestURLLiterals []string        // Names of URL parameters that should not be base64-encoded.
-	RequestQueryParams []QueryParam    // Query parameters of the request.
-	Err                ErrorJson       // The struct corresponding to the error that should be returned in case of a request failure.
-	Hooks              HookCollection  // A collection of functions that can be invoked at various stages of the request/response cycle.
-	CustomHandlers     []CustomHandler // Functions that will be executed instead of the default request/response behaviour.
-}
-
-// RunDefault expresses whether the default processing logic should be carried out after running a pre hook.
-type RunDefault bool
-
-// DefaultEndpoint returns an Endpoint with default configuration, e.g. DefaultErrorJson for error handling.
-func DefaultEndpoint() Endpoint {
-	return Endpoint{
-		Err: &DefaultErrorJson{},
-	}
-}
-
-// QueryParam represents a single query parameter's metadata.
-type QueryParam struct {
-	Name string
-	Hex  bool
-	Enum bool
-}
-
-// CustomHandler is a function that can be invoked at the very beginning of the request,
-// essentially replacing the whole default request/response logic with custom logic for a specific endpoint.
-type CustomHandler = func(m *ApiProxyMiddleware, endpoint Endpoint, w http.ResponseWriter, req *http.Request) (handled bool)
-
-// HookCollection contains hooks that can be used to amend the default request/response cycle with custom logic for a specific endpoint.
-type HookCollection struct {
-	OnPreDeserializeRequestBodyIntoContainer      func(endpoint *Endpoint, w http.ResponseWriter, req *http.Request) (RunDefault, ErrorJson)
-	OnPostDeserializeRequestBodyIntoContainer     func(endpoint *Endpoint, w http.ResponseWriter, req *http.Request) ErrorJson
-	OnPreDeserializeGrpcResponseBodyIntoContainer func([]byte, interface{}) (RunDefault, ErrorJson)
-	OnPreSerializeMiddlewareResponseIntoJson      func(interface{}) (RunDefault, []byte, ErrorJson)
-}
-
-// fieldProcessor applies the processing function f to a value when the tag is present on the field.
-type fieldProcessor struct {
-	tag string
-	f   func(value reflect.Value) error
-}
-
-// Run starts the proxy, registering all proxy endpoints.
-func (m *ApiProxyMiddleware) Run(gatewayRouter *mux.Router) {
-	for _, path := range m.EndpointCreator.Paths() {
-		gatewayRouter.HandleFunc(path, m.WithMiddleware(path))
-	}
-	m.router = gatewayRouter
-}
-
-// ServeHTTP for the proxy middleware.
-func (m *ApiProxyMiddleware) ServeHTTP(w http.ResponseWriter, req *http.Request) {
-	m.router.ServeHTTP(w, req)
-}
-
-// WithMiddleware wraps the given endpoint handler with the middleware logic.
-func (m *ApiProxyMiddleware) WithMiddleware(path string) http.HandlerFunc {
-	return func(w http.ResponseWriter, req *http.Request) {
-		endpoint, err := m.EndpointCreator.Create(path)
-		if err != nil {
-			log.WithError(err).Errorf("Could not create endpoint for path: %s", path)
-			return
-		}
-
-		for _, handler := range endpoint.CustomHandlers {
-			if handler(m, *endpoint, w, req) {
-				return
-			}
-		}
-
-		if req.Method == "POST" {
-			if errJson := handlePostRequestForEndpoint(endpoint, w, req); errJson != nil {
-				WriteError(w, errJson, nil)
-				return
-			}
-		}
-
-		if req.Method == "DELETE" {
-			if errJson := handleDeleteRequestForEndpoint(endpoint, req); errJson != nil {
-				WriteError(w, errJson, nil)
-				return
-			}
-		}
-
-		if errJson := m.PrepareRequestForProxying(*endpoint, req); errJson != nil {
-			WriteError(w, errJson, nil)
-			return
-		}
-		grpcResp, errJson := m.ProxyRequest(req)
-		if errJson != nil {
-			WriteError(w, errJson, nil)
-			return
-		}
-		grpcRespBody, errJson := ReadGrpcResponseBody(grpcResp.Body)
-		if errJson != nil {
-			WriteError(w, errJson, nil)
-			return
-		}
-
-		var respJson []byte
-		if !GrpcResponseIsEmpty(grpcRespBody) {
-			respHasError, errJson := HandleGrpcResponseError(endpoint.Err, grpcResp, grpcRespBody, w)
-			if errJson != nil {
-				WriteError(w, errJson, nil)
-				return
-			}
-			if respHasError {
-				return
-			}
-
-			var resp interface{}
-			if req.Method == "GET" {
-				resp = endpoint.GetResponse
-			} else if req.Method == "DELETE" {
-				resp = endpoint.DeleteResponse
-			} else {
-				resp = endpoint.PostResponse
-			}
-			if errJson := deserializeGrpcResponseBodyIntoContainerWrapped(endpoint, grpcRespBody, resp); errJson != nil {
-				WriteError(w, errJson, nil)
-				return
-			}
-			if errJson := ProcessMiddlewareResponseFields(resp); errJson != nil {
-				WriteError(w, errJson, nil)
-				return
-			}
-
-			respJson, errJson = serializeMiddlewareResponseIntoJsonWrapped(endpoint, respJson, resp)
-			if errJson != nil {
-				WriteError(w, errJson, nil)
-				return
-			}
-		}
-
-		if errJson := WriteMiddlewareResponseHeadersAndBody(grpcResp, respJson, w); errJson != nil {
-			WriteError(w, errJson, nil)
-			return
-		}
-		if errJson := Cleanup(grpcResp.Body); errJson != nil {
-			WriteError(w, errJson, nil)
-			return
-		}
-	}
-}
-
-func handlePostRequestForEndpoint(endpoint *Endpoint, w http.ResponseWriter, req *http.Request) ErrorJson {
-	if errJson := deserializeRequestBodyIntoContainerWrapped(endpoint, req, w); errJson != nil {
-		return errJson
-	}
-	if errJson := ProcessRequestContainerFields(endpoint.PostRequest); errJson != nil {
-		return errJson
-	}
-	return SetRequestBodyToRequestContainer(endpoint.PostRequest, req)
-}
-
-func handleDeleteRequestForEndpoint(endpoint *Endpoint, req *http.Request) ErrorJson {
-	if errJson := DeserializeRequestBodyIntoContainer(req.Body, endpoint.DeleteRequest); errJson != nil {
-		return errJson
-	}
-	if errJson := ProcessRequestContainerFields(endpoint.DeleteRequest); errJson != nil {
-		return errJson
-	}
-	return SetRequestBodyToRequestContainer(endpoint.DeleteRequest, req)
-}
-
-func deserializeRequestBodyIntoContainerWrapped(endpoint *Endpoint, req *http.Request, w http.ResponseWriter) ErrorJson {
-	runDefault := true
-	if endpoint.Hooks.OnPreDeserializeRequestBodyIntoContainer != nil {
-		run, errJson := endpoint.Hooks.OnPreDeserializeRequestBodyIntoContainer(endpoint, w, req)
-		if errJson != nil {
-			return errJson
-		}
-		if !run {
-			runDefault = false
-		}
-	}
-	if runDefault {
-		if errJson := DeserializeRequestBodyIntoContainer(req.Body, endpoint.PostRequest); errJson != nil {
-			return errJson
-		}
-	}
-	if endpoint.Hooks.OnPostDeserializeRequestBodyIntoContainer != nil {
-		if errJson := endpoint.Hooks.OnPostDeserializeRequestBodyIntoContainer(endpoint, w, req); errJson != nil {
-			return errJson
-		}
-	}
-	return nil
-}
-
-func deserializeGrpcResponseBodyIntoContainerWrapped(endpoint *Endpoint, grpcResponseBody []byte, resp interface{}) ErrorJson {
-	runDefault := true
-	if endpoint.Hooks.OnPreDeserializeGrpcResponseBodyIntoContainer != nil {
-		run, errJson := endpoint.Hooks.OnPreDeserializeGrpcResponseBodyIntoContainer(grpcResponseBody, resp)
-		if errJson != nil {
-			return errJson
-		}
-		if !run {
-			runDefault = false
-		}
-	}
-	if runDefault {
-		if errJson := DeserializeGrpcResponseBodyIntoContainer(grpcResponseBody, resp); errJson != nil {
-			return errJson
-		}
-	}
-	return nil
-}
-
-func serializeMiddlewareResponseIntoJsonWrapped(endpoint *Endpoint, respJson []byte, resp interface{}) ([]byte, ErrorJson) {
-	runDefault := true
-	var errJson ErrorJson
-	if endpoint.Hooks.OnPreSerializeMiddlewareResponseIntoJson != nil {
-		var run RunDefault
-		run, respJson, errJson = endpoint.Hooks.OnPreSerializeMiddlewareResponseIntoJson(resp)
-		if errJson != nil {
-			return nil, errJson
-		}
-		if !run {
-			runDefault = false
-		}
-	}
-	if runDefault {
-		respJson, errJson = SerializeMiddlewareResponseIntoJson(resp)
-		if errJson != nil {
-			return nil, errJson
-		}
-	}
-	return respJson, nil
-}

api/gateway/apimiddleware/log.go

@@ -1,5 +0,0 @@
-package apimiddleware
-
-import "github.com/sirupsen/logrus"
-
-var log = logrus.WithField("prefix", "apimiddleware")

api/gateway/apimiddleware/param_handling.go

@@ -1,103 +0,0 @@
-package apimiddleware
-
-import (
-	"encoding/base64"
-	"net/http"
-	"net/url"
-	"strings"
-
-	"github.com/gorilla/mux"
-	butil "github.com/prysmaticlabs/prysm/encoding/bytesutil"
-	"github.com/wealdtech/go-bytesutil"
-)
-
-// HandleURLParameters processes URL parameters, allowing parameterized URLs to be safely and correctly proxied to grpc-gateway.
-func HandleURLParameters(url string, req *http.Request, literals []string) ErrorJson {
-	segments := strings.Split(url, "/")
-
-segmentsLoop:
-	for i, s := range segments {
-		// We only care about segments which are parameterized.
-		if isRequestParam(s) {
-			// Don't do anything with parameters which should be forwarded literally to gRPC.
-			for _, l := range literals {
-				if s == "{"+l+"}" {
-					continue segmentsLoop
-				}
-			}
-
-			routeVar := mux.Vars(req)[s[1:len(s)-1]]
-			bRouteVar := []byte(routeVar)
-			if butil.IsHex(bRouteVar) {
-				var err error
-				bRouteVar, err = bytesutil.FromHexString(string(bRouteVar))
-				if err != nil {
-					return InternalServerErrorWithMessage(err, "could not process URL parameter")
-				}
-			}
-			// Converting hex to base64 may result in a value which malforms the URL.
-			// We use URLEncoding to safely escape such values.
-			base64RouteVar := base64.URLEncoding.EncodeToString(bRouteVar)
-
-			// Merge segments back into the full URL.
-			splitPath := strings.Split(req.URL.Path, "/")
-			splitPath[i] = base64RouteVar
-			req.URL.Path = strings.Join(splitPath, "/")
-		}
-	}
-	return nil
-}
-
-// HandleQueryParameters processes query parameters, allowing them to be safely and correctly proxied to grpc-gateway.
-func HandleQueryParameters(req *http.Request, params []QueryParam) ErrorJson {
-	queryParams := req.URL.Query()
-
-	normalizeQueryValues(queryParams)
-
-	for key, vals := range queryParams {
-		for _, p := range params {
-			if key == p.Name {
-				if p.Hex {
-					queryParams.Del(key)
-					for _, v := range vals {
-						b := []byte(v)
-						if butil.IsHex(b) {
-							var err error
-							b, err = bytesutil.FromHexString(v)
-							if err != nil {
-								return InternalServerErrorWithMessage(err, "could not process query parameter")
-							}
-						}
-						queryParams.Add(key, base64.URLEncoding.EncodeToString(b))
-					}
-				}
-				if p.Enum {
-					queryParams.Del(key)
-					for _, v := range vals {
-						// gRPC expects uppercase enum values.
-						queryParams.Add(key, strings.ToUpper(v))
-					}
-				}
-			}
-		}
-	}
-	req.URL.RawQuery = queryParams.Encode()
-	return nil
-}
-
-// isRequestParam verifies whether the passed string is a request parameter.
-// Request parameters are enclosed in { and }.
-func isRequestParam(s string) bool {
-	return len(s) > 2 && s[0] == '{' && s[len(s)-1] == '}'
-}
-
-func normalizeQueryValues(queryParams url.Values) {
-	// Replace comma-separated values with individual values.
-	for key, vals := range queryParams {
-		splitVals := make([]string, 0)
-		for _, v := range vals {
-			splitVals = append(splitVals, strings.Split(v, ",")...)
-		}
-		queryParams[key] = splitVals
-	}
-}

api/gateway/apimiddleware/param_handling_test.go

@@ -1,124 +0,0 @@
-package apimiddleware
-
-import (
-	"bytes"
-	"net/http/httptest"
-	"testing"
-
-	"github.com/gorilla/mux"
-	"github.com/prysmaticlabs/prysm/testing/assert"
-	"github.com/prysmaticlabs/prysm/testing/require"
-)
-
-func TestHandleURLParameters(t *testing.T) {
-	var body bytes.Buffer
-
-	t.Run("no_params", func(t *testing.T) {
-		request := httptest.NewRequest("GET", "http://foo.example/bar", &body)
-
-		errJson := HandleURLParameters("/not_param", request, []string{})
-		require.Equal(t, true, errJson == nil)
-		assert.Equal(t, "/bar", request.URL.Path)
-	})
-
-	t.Run("with_params", func(t *testing.T) {
-		muxVars := make(map[string]string)
-		muxVars["bar_param"] = "bar"
-		muxVars["quux_param"] = "quux"
-		request := httptest.NewRequest("GET", "http://foo.example/bar/baz/quux", &body)
-		request = mux.SetURLVars(request, muxVars)
-
-		errJson := HandleURLParameters("/{bar_param}/not_param/{quux_param}", request, []string{})
-		require.Equal(t, true, errJson == nil)
-		assert.Equal(t, "/YmFy/baz/cXV1eA==", request.URL.Path)
-	})
-
-	t.Run("with_literal", func(t *testing.T) {
-		muxVars := make(map[string]string)
-		muxVars["bar_param"] = "bar"
-		request := httptest.NewRequest("GET", "http://foo.example/bar/baz", &body)
-		request = mux.SetURLVars(request, muxVars)
-
-		errJson := HandleURLParameters("/{bar_param}/not_param/", request, []string{"bar_param"})
-		require.Equal(t, true, errJson == nil)
-		assert.Equal(t, "/bar/baz", request.URL.Path)
-	})
-
-	t.Run("with_hex", func(t *testing.T) {
-		muxVars := make(map[string]string)
-		muxVars["hex_param"] = "0x626172"
-		request := httptest.NewRequest("GET", "http://foo.example/0x626172/baz", &body)
-		request = mux.SetURLVars(request, muxVars)
-
-		errJson := HandleURLParameters("/{hex_param}/not_param/", request, []string{})
-		require.Equal(t, true, errJson == nil)
-		assert.Equal(t, "/YmFy/baz", request.URL.Path)
-	})
-}
-
-func TestHandleQueryParameters(t *testing.T) {
-	var body bytes.Buffer
-
-	t.Run("regular_params", func(t *testing.T) {
-		request := httptest.NewRequest("GET", "http://foo.example?bar=bar&baz=baz", &body)
-
-		errJson := HandleQueryParameters(request, []QueryParam{{Name: "bar"}, {Name: "baz"}})
-		require.Equal(t, true, errJson == nil)
-		query := request.URL.Query()
-		v, ok := query["bar"]
-		require.Equal(t, true, ok, "query param not found")
-		require.Equal(t, 1, len(v), "wrong number of query param values")
-		assert.Equal(t, "bar", v[0])
-		v, ok = query["baz"]
-		require.Equal(t, true, ok, "query param not found")
-		require.Equal(t, 1, len(v), "wrong number of query param values")
-		assert.Equal(t, "baz", v[0])
-	})
-
-	t.Run("hex_and_enum_params", func(t *testing.T) {
-		request := httptest.NewRequest("GET", "http://foo.example?hex=0x626172&baz=baz", &body)
-
-		errJson := HandleQueryParameters(request, []QueryParam{{Name: "hex", Hex: true}, {Name: "baz", Enum: true}})
-		require.Equal(t, true, errJson == nil)
-		query := request.URL.Query()
-		v, ok := query["hex"]
-		require.Equal(t, true, ok, "query param not found")
-		require.Equal(t, 1, len(v), "wrong number of query param values")
-		assert.Equal(t, "YmFy", v[0])
-		v, ok = query["baz"]
-		require.Equal(t, true, ok, "query param not found")
-		require.Equal(t, 1, len(v), "wrong number of query param values")
-		assert.Equal(t, "BAZ", v[0])
-	})
-}
-
-func TestIsRequestParam(t *testing.T) {
-	tests := []struct {
-		s string
-		b bool
-	}{
-		{"", false},
-		{"{", false},
-		{"}", false},
-		{"{}", false},
-		{"{x}", true},
-		{"{very_long_parameter_name_with_underscores}", true},
-	}
-	for _, tt := range tests {
-		b := isRequestParam(tt.s)
-		assert.Equal(t, tt.b, b)
-	}
-}
-
-func TestNormalizeQueryValues(t *testing.T) {
-	input := make(map[string][]string)
-	input["key"] = []string{"value1", "value2,value3,value4", "value5"}
-
-	normalizeQueryValues(input)
-	require.Equal(t, 5, len(input["key"]))
-	assert.Equal(t, "value1", input["key"][0])
-	assert.Equal(t, "value2", input["key"][1])
-	assert.Equal(t, "value3", input["key"][2])
-	assert.Equal(t, "value4", input["key"][3])
-	assert.Equal(t, "value5", input["key"][4])
-}

api/gateway/apimiddleware/process_field.go

@@ -1,164 +0,0 @@
-package apimiddleware
-
-import (
-	"encoding/base64"
-	"fmt"
-	"math/big"
-	"reflect"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/ethereum/go-ethereum/common/hexutil"
-	"github.com/pkg/errors"
-	"github.com/wealdtech/go-bytesutil"
-)
-
-// processField calls each processor function on any field that has the matching tag set.
-// It is a recursive function.
-func processField(s interface{}, processors []fieldProcessor) error {
-	kind := reflect.TypeOf(s).Kind()
-	if kind != reflect.Ptr && kind != reflect.Slice && kind != reflect.Array {
-		return fmt.Errorf("processing fields of kind '%v' is unsupported", kind)
-	}
-
-	t := reflect.TypeOf(s).Elem()
-	v := reflect.Indirect(reflect.ValueOf(s))
-
-	for i := 0; i < t.NumField(); i++ {
-		switch v.Field(i).Kind() {
-		case reflect.Slice:
-			sliceElem := t.Field(i).Type.Elem()
-			kind := sliceElem.Kind()
-			// Recursively process slices to struct pointers.
-			if kind == reflect.Ptr && sliceElem.Elem().Kind() == reflect.Struct {
-				for j := 0; j < v.Field(i).Len(); j++ {
-					if err := processField(v.Field(i).Index(j).Interface(), processors); err != nil {
-						return errors.Wrapf(err, "could not process field '%s'", t.Field(i).Name)
-					}
-				}
-			}
-			// Process each string in string slices.
-			if kind == reflect.String {
-				for _, proc := range processors {
-					_, hasTag := t.Field(i).Tag.Lookup(proc.tag)
-					if hasTag {
-						for j := 0; j < v.Field(i).Len(); j++ {
-							if err := proc.f(v.Field(i).Index(j)); err != nil {
-								return errors.Wrapf(err, "could not process field '%s'", t.Field(i).Name)
-							}
-						}
-					}
-				}
-
-			}
-		// Recursively process struct pointers.
-		case reflect.Ptr:
-			if v.Field(i).Elem().Kind() == reflect.Struct {
-				if err := processField(v.Field(i).Interface(), processors); err != nil {
-					return errors.Wrapf(err, "could not process field '%s'", t.Field(i).Name)
-				}
-			}
-		default:
-			field := t.Field(i)
-			for _, proc := range processors {
-				if _, hasTag := field.Tag.Lookup(proc.tag); hasTag {
-					if err := proc.f(v.Field(i)); err != nil {
-						return errors.Wrapf(err, "could not process field '%s'", t.Field(i).Name)
-					}
-				}
-			}
-		}
-	}
-	return nil
-}
-
-func hexToBase64Processor(v reflect.Value) error {
-	if v.String() == "0x" {
-		v.SetString("")
-		return nil
-	}
-	b, err := bytesutil.FromHexString(v.String())
-	if err != nil {
-		return err
-	}
-	v.SetString(base64.StdEncoding.EncodeToString(b))
-	return nil
-}
-
-func base64ToHexProcessor(v reflect.Value) error {
-	if v.String() == "" {
-		// Empty hex values are represented as "0x".
-		v.SetString("0x")
-		return nil
-	}
-	b, err := base64.StdEncoding.DecodeString(v.String())
-	if err != nil {
-		return err
-	}
-	v.SetString(hexutil.Encode(b))
-	return nil
-}
-
-func base64ToUint256Processor(v reflect.Value) error {
-	if v.String() == "" {
-		return nil
-	}
-	littleEndian, err := base64.StdEncoding.DecodeString(v.String())
-	if err != nil {
-		return err
-	}
-	if len(littleEndian) != 32 {
-		return errors.New("invalid length for Uint256")
-	}
-
-	// Integers are stored as little-endian, but
-	// big.Int expects big-endian. So we need to reverse
-	// the byte order before decoding.
-	var bigEndian [32]byte
-	for i := 0; i < len(littleEndian); i++ {
-		bigEndian[i] = littleEndian[len(littleEndian)-1-i]
-	}
-	var uint256 big.Int
-	uint256.SetBytes(bigEndian[:])
-	v.SetString(uint256.String())
-	return nil
-}
-
-func uint256ToBase64Processor(v reflect.Value) error {
-	if v.String() == "" {
-		return nil
-	}
-	uint256, ok := new(big.Int).SetString(v.String(), 10)
-	if !ok {
-		return fmt.Errorf("could not parse Uint256")
-	}
-	bigEndian := uint256.Bytes()
-	if len(bigEndian) > 32 {
-		return fmt.Errorf("number too big for Uint256")
-	}
-
-	// Integers are stored as little-endian, but
-	// big.Int gives big-endian. So we need to reverse
-	// the byte order before encoding.
-	var littleEndian [32]byte
-	for i := 0; i < len(bigEndian); i++ {
-		littleEndian[i] = bigEndian[len(bigEndian)-1-i]
-	}
-	v.SetString(base64.StdEncoding.EncodeToString(littleEndian[:]))
-	return nil
-}
-
-func enumToLowercaseProcessor(v reflect.Value) error {
-	v.SetString(strings.ToLower(v.String()))
-	return nil
-}
-
-func timeToUnixProcessor(v reflect.Value) error {
-	t, err := time.Parse(time.RFC3339, v.String())
-	if err != nil {
-		return err
-	}
-	v.SetString(strconv.FormatUint(uint64(t.Unix()), 10))
-	return nil
-}

api/gateway/apimiddleware/process_request.go

@@ -1,270 +0,0 @@
-package apimiddleware
-
-import (
-	"bytes"
-	"encoding/json"
-	"io"
-	"net"
-	"net/http"
-	"strconv"
-	"strings"
-
-	"github.com/pkg/errors"
-	"github.com/prysmaticlabs/prysm/api/grpc"
-)
-
-// DeserializeRequestBodyIntoContainer deserializes the request's body into an endpoint-specific struct.
-func DeserializeRequestBodyIntoContainer(body io.Reader, requestContainer interface{}) ErrorJson {
-	decoder := json.NewDecoder(body)
-	decoder.DisallowUnknownFields()
-	if err := decoder.Decode(&requestContainer); err != nil {
-		if strings.Contains(err.Error(), "json: unknown field") {
-			e := errors.Wrap(err, "could not decode request body")
-			return &DefaultErrorJson{
-				Message: e.Error(),
-				Code:    http.StatusBadRequest,
-			}
-		}
-		return InternalServerErrorWithMessage(err, "could not decode request body")
-	}
-	return nil
-}
-
-// ProcessRequestContainerFields processes fields of an endpoint-specific container according to field tags.
-func ProcessRequestContainerFields(requestContainer interface{}) ErrorJson {
-	if err := processField(requestContainer, []fieldProcessor{
-		{
-			tag: "hex",
-			f:   hexToBase64Processor,
-		},
-		{
-			tag: "uint256",
-			f:   uint256ToBase64Processor,
-		},
-	}); err != nil {
-		return InternalServerErrorWithMessage(err, "could not process request data")
-	}
-	return nil
-}
-
-// SetRequestBodyToRequestContainer makes the endpoint-specific container the new body of the request.
-func SetRequestBodyToRequestContainer(requestContainer interface{}, req *http.Request) ErrorJson {
-	// Serialize the struct, which now includes a base64-encoded value, into JSON.
-	j, err := json.Marshal(requestContainer)
-	if err != nil {
-		return InternalServerErrorWithMessage(err, "could not marshal request")
-	}
-	// Set the body to the new JSON.
-	req.Body = io.NopCloser(bytes.NewReader(j))
-	req.Header.Set("Content-Length", strconv.Itoa(len(j)))
-	req.ContentLength = int64(len(j))
-	return nil
-}
-
-// PrepareRequestForProxying applies additional logic to the request so that it can be correctly proxied to grpc-gateway.
-func (m *ApiProxyMiddleware) PrepareRequestForProxying(endpoint Endpoint, req *http.Request) ErrorJson {
-	req.URL.Scheme = "http"
-	req.URL.Host = m.GatewayAddress
-	req.RequestURI = ""
-	if errJson := HandleURLParameters(endpoint.Path, req, endpoint.RequestURLLiterals); errJson != nil {
-		return errJson
-	}
-	if errJson := HandleQueryParameters(req, endpoint.RequestQueryParams); errJson != nil {
-		return errJson
-	}
-	// We have to add the prefix after handling parameters because adding the prefix changes URL segment indexing.
-	req.URL.Path = "/internal" + req.URL.Path
-	return nil
-}
-
-// ProxyRequest proxies the request to grpc-gateway.
-func (m *ApiProxyMiddleware) ProxyRequest(req *http.Request) (*http.Response, ErrorJson) {
-	// We do not use http.DefaultClient because it does not have any timeout.
-	netClient := &http.Client{Timeout: m.Timeout}
-	grpcResp, err := netClient.Do(req)
-	if err != nil {
-		if err, ok := err.(net.Error); ok && err.Timeout() {
-			return nil, TimeoutError()
-		}
-		return nil, InternalServerErrorWithMessage(err, "could not proxy request")
-	}
-	if grpcResp == nil {
-		return nil, &DefaultErrorJson{Message: "nil response from gRPC-gateway", Code: http.StatusInternalServerError}
-	}
-	return grpcResp, nil
-}
-
-// ReadGrpcResponseBody reads the body from the grpc-gateway's response.
-func ReadGrpcResponseBody(r io.Reader) ([]byte, ErrorJson) {
-	body, err := io.ReadAll(r)
-	if err != nil {
-		return nil, InternalServerErrorWithMessage(err, "could not read response body")
-	}
-	return body, nil
-}
-
-// HandleGrpcResponseError acts on an error that resulted from a grpc-gateway's response.
-func HandleGrpcResponseError(errJson ErrorJson, resp *http.Response, respBody []byte, w http.ResponseWriter) (bool, ErrorJson) {
-	responseHasError := false
-	if err := json.Unmarshal(respBody, errJson); err != nil {
-		return false, InternalServerErrorWithMessage(err, "could not unmarshal error")
-	}
-	if errJson.Msg() != "" {
-		responseHasError = true
-		// Something went wrong, but the request completed, meaning we can write headers and the error message.
-		for h, vs := range resp.Header {
-			for _, v := range vs {
-				w.Header().Set(h, v)
-			}
-		}
-		// Handle gRPC timeout.
-		if resp.StatusCode == http.StatusGatewayTimeout {
-			WriteError(w, TimeoutError(), resp.Header)
-		} else {
-			// Set code to HTTP code because unmarshalled body contained gRPC code.
-			errJson.SetCode(resp.StatusCode)
-			WriteError(w, errJson, resp.Header)
-		}
-	}
-	return responseHasError, nil
-}
-
-// GrpcResponseIsEmpty determines whether the grpc-gateway's response body contains no data.
-func GrpcResponseIsEmpty(grpcResponseBody []byte) bool {
-	return len(grpcResponseBody) == 0 || string(grpcResponseBody) == "{}"
-}
-
-// DeserializeGrpcResponseBodyIntoContainer deserializes the grpc-gateway's response body into an endpoint-specific struct.
-func DeserializeGrpcResponseBodyIntoContainer(body []byte, responseContainer interface{}) ErrorJson {
-	if err := json.Unmarshal(body, &responseContainer); err != nil {
-		return InternalServerErrorWithMessage(err, "could not unmarshal response")
-	}
-	return nil
-}
-
-// ProcessMiddlewareResponseFields processes fields of an endpoint-specific container according to field tags.
-func ProcessMiddlewareResponseFields(responseContainer interface{}) ErrorJson {
-	if err := processField(responseContainer, []fieldProcessor{
-		{
-			tag: "hex",
-			f:   base64ToHexProcessor,
-		},
-		{
-			tag: "enum",
-			f:   enumToLowercaseProcessor,
-		},
-		{
-			tag: "time",
-			f:   timeToUnixProcessor,
-		},
-		{
-			tag: "uint256",
-			f:   base64ToUint256Processor,
-		},
-	}); err != nil {
-		return InternalServerErrorWithMessage(err, "could not process response data")
-	}
-	return nil
-}
-
-// SerializeMiddlewareResponseIntoJson serializes the endpoint-specific response struct into a JSON representation.
-func SerializeMiddlewareResponseIntoJson(responseContainer interface{}) (jsonResponse []byte, errJson ErrorJson) {
-	j, err := json.Marshal(responseContainer)
-	if err != nil {
-		return nil, InternalServerErrorWithMessage(err, "could not marshal response")
-	}
-	return j, nil
-}
-
-// WriteMiddlewareResponseHeadersAndBody populates headers and the body of the final response.
-func WriteMiddlewareResponseHeadersAndBody(grpcResp *http.Response, responseJson []byte, w http.ResponseWriter) ErrorJson {
-	var statusCodeHeader string
-	for h, vs := range grpcResp.Header {
-		// We don't want to expose any gRPC metadata in the HTTP response, so we skip forwarding metadata headers.
-		if strings.HasPrefix(h, "Grpc-Metadata") {
-			if h == "Grpc-Metadata-"+grpc.HttpCodeMetadataKey {
-				statusCodeHeader = vs[0]
-			}
-		} else {
-			for _, v := range vs {
-				w.Header().Set(h, v)
-			}
-		}
-	}
-	if !GrpcResponseIsEmpty(responseJson) {
-		w.Header().Set("Content-Length", strconv.Itoa(len(responseJson)))
-		if statusCodeHeader != "" {
-			code, err := strconv.Atoi(statusCodeHeader)
-			if err != nil {
-				return InternalServerErrorWithMessage(err, "could not parse status code")
-			}
-			w.WriteHeader(code)
-		} else {
-			w.WriteHeader(grpcResp.StatusCode)
-		}
-		if _, err := io.Copy(w, io.NopCloser(bytes.NewReader(responseJson))); err != nil {
-			return InternalServerErrorWithMessage(err, "could not write response message")
-		}
-	} else {
-		w.Header().Set("Content-Length", "0")
-		w.WriteHeader(grpcResp.StatusCode)
-	}
-	return nil
-}
-
-// WriteError writes the error by manipulating headers and the body of the final response.
-func WriteError(w http.ResponseWriter, errJson ErrorJson, responseHeader http.Header) {
-	// Include custom error in the error JSON.
-	hasCustomError := false
-	if responseHeader != nil {
-		customError, ok := responseHeader["Grpc-Metadata-"+grpc.CustomErrorMetadataKey]
-		if ok {
-			hasCustomError = true
-			// Assume header has only one value and read the 0 index.
-			if err := json.Unmarshal([]byte(customError[0]), errJson); err != nil {
-				log.WithError(err).Error("Could not unmarshal custom error message")
-				return
-			}
-		}
-	}
-
-	var j []byte
-	if hasCustomError {
-		var err error
-		j, err = json.Marshal(errJson)
-		if err != nil {
-			log.WithError(err).Error("Could not marshal error message")
-			return
-		}
-	} else {
-		var err error
-		// We marshal the response body into a DefaultErrorJson if the custom error is not present.
-		// This is because the ErrorJson argument is the endpoint's error definition, which may contain custom fields.
-		// In such a scenario marhaling the endpoint's error would populate the resulting JSON
-		// with these fields even if they are not present in the gRPC header.
-		d := &DefaultErrorJson{
-			Message: errJson.Msg(),
-			Code:    errJson.StatusCode(),
-		}
-		j, err = json.Marshal(d)
-		if err != nil {
-			log.WithError(err).Error("Could not marshal error message")
-			return
-		}
-	}
-
-	w.Header().Set("Content-Length", strconv.Itoa(len(j)))
-	w.Header().Set("Content-Type", "application/json")
-	w.WriteHeader(errJson.StatusCode())
-	if _, err := io.Copy(w, io.NopCloser(bytes.NewReader(j))); err != nil {
-		log.WithError(err).Error("Could not write error message")
-	}
-}
-
-// Cleanup performs final cleanup on the initial response from grpc-gateway.
-func Cleanup(grpcResponseBody io.ReadCloser) ErrorJson {
-	if err := grpcResponseBody.Close(); err != nil {
-		return InternalServerErrorWithMessage(err, "could not close response body")
-	}
-	return nil
-}

api/gateway/apimiddleware/process_request_test.go

@@ -1,423 +0,0 @@
-package apimiddleware
-
-import (
-	"bytes"
-	"encoding/json"
-	"net/http"
-	"net/http/httptest"
-	"strings"
-	"testing"
-
-	"github.com/prysmaticlabs/prysm/api/grpc"
-	"github.com/prysmaticlabs/prysm/testing/assert"
-	"github.com/prysmaticlabs/prysm/testing/require"
-	"github.com/sirupsen/logrus/hooks/test"
-)
-
-type testRequestContainer struct {
-	TestString         string
-	TestHexString      string `hex:"true"`
-	TestEmptyHexString string `hex:"true"`
-	TestUint256String  string `uint256:"true"`
-}
-
-func defaultRequestContainer() *testRequestContainer {
-	return &testRequestContainer{
-		TestString:         "test string",
-		TestHexString:      "0x666F6F", // hex encoding of "foo"
-		TestEmptyHexString: "0x",
-		TestUint256String:  "4196",
-	}
-}
-
-type testResponseContainer struct {
-	TestString   string
-	TestHex      string `hex:"true"`
-	TestEmptyHex string `hex:"true"`
-	TestUint256  string `uint256:"true"`
-	TestEnum     string `enum:"true"`
-	TestTime     string `time:"true"`
-}
-
-func defaultResponseContainer() *testResponseContainer {
-	return &testResponseContainer{
-		TestString:   "test string",
-		TestHex:      "Zm9v", // base64 encoding of "foo"
-		TestEmptyHex: "",
-		TestEnum:     "Test Enum",
-		TestTime:     "2006-01-02T15:04:05Z",
-
-		// base64 encoding of 4196 in little-endian
-		TestUint256: "ZBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=",
-	}
-}
-
-type testErrorJson struct {
-	Message     string
-	Code        int
-	CustomField string
-}
-
-// StatusCode returns the error's underlying error code.
-func (e *testErrorJson) StatusCode() int {
-	return e.Code
-}
-
-// Msg returns the error's underlying message.
-func (e *testErrorJson) Msg() string {
-	return e.Message
-}
-
-// SetCode sets the error's underlying error code.
-func (e *testErrorJson) SetCode(code int) {
-	e.Code = code
-}
-
-// SetMsg sets the error's underlying message.
-func (e *testErrorJson) SetMsg(msg string) {
-	e.Message = msg
-}
-
-func TestDeserializeRequestBodyIntoContainer(t *testing.T) {
-	t.Run("ok", func(t *testing.T) {
-		var bodyJson bytes.Buffer
-		err := json.NewEncoder(&bodyJson).Encode(defaultRequestContainer())
-		require.NoError(t, err)
-
-		container := &testRequestContainer{}
-		errJson := DeserializeRequestBodyIntoContainer(&bodyJson, container)
-		require.Equal(t, true, errJson == nil)
-		assert.Equal(t, "test string", container.TestString)
-	})
-
-	t.Run("error", func(t *testing.T) {
-		var bodyJson bytes.Buffer
-		bodyJson.Write([]byte("foo"))
-		errJson := DeserializeRequestBodyIntoContainer(&bodyJson, &testRequestContainer{})
-		require.NotNil(t, errJson)
-		assert.Equal(t, true, strings.Contains(errJson.Msg(), "could not decode request body"))
-		assert.Equal(t, http.StatusInternalServerError, errJson.StatusCode())
-	})
-
-	t.Run("unknown field", func(t *testing.T) {
-		var bodyJson bytes.Buffer
-		bodyJson.Write([]byte("{\"foo\":\"foo\"}"))
-		errJson := DeserializeRequestBodyIntoContainer(&bodyJson, &testRequestContainer{})
-		require.NotNil(t, errJson)
-		assert.Equal(t, true, strings.Contains(errJson.Msg(), "could not decode request body"))
-		assert.Equal(t, http.StatusBadRequest, errJson.StatusCode())
-	})
-}
-
-func TestProcessRequestContainerFields(t *testing.T) {
-	t.Run("ok", func(t *testing.T) {
-		container := defaultRequestContainer()
-
-		errJson := ProcessRequestContainerFields(container)
-		require.Equal(t, true, errJson == nil)
-		assert.Equal(t, "Zm9v", container.TestHexString)
-		assert.Equal(t, "", container.TestEmptyHexString)
-		assert.Equal(t, "ZBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=", container.TestUint256String)
-	})
-
-	t.Run("error", func(t *testing.T) {
-		errJson := ProcessRequestContainerFields("foo")
-		require.NotNil(t, errJson)
-		assert.Equal(t, true, strings.Contains(errJson.Msg(), "could not process request data"))
-		assert.Equal(t, http.StatusInternalServerError, errJson.StatusCode())
-	})
-}
-
-func TestSetRequestBodyToRequestContainer(t *testing.T) {
-	var body bytes.Buffer
-	request := httptest.NewRequest("GET", "http://foo.example", &body)
-
-	errJson := SetRequestBodyToRequestContainer(defaultRequestContainer(), request)
-	require.Equal(t, true, errJson == nil)
-	container := &testRequestContainer{}
-	require.NoError(t, json.NewDecoder(request.Body).Decode(container))
-	assert.Equal(t, "test string", container.TestString)
-	contentLengthHeader, ok := request.Header["Content-Length"]
-	require.Equal(t, true, ok)
-	require.Equal(t, 1, len(contentLengthHeader), "wrong number of header values")
-	assert.Equal(t, "108", contentLengthHeader[0])
-	assert.Equal(t, int64(108), request.ContentLength)
-}
-
-func TestPrepareRequestForProxying(t *testing.T) {
-	middleware := &ApiProxyMiddleware{
-		GatewayAddress: "http://gateway.example",
-	}
-	// We will set some params to make the request more interesting.
-	endpoint := Endpoint{
-		Path:               "/{url_param}",
-		RequestURLLiterals: []string{"url_param"},
-		RequestQueryParams: []QueryParam{{Name: "query_param"}},
-	}
-	var body bytes.Buffer
-	request := httptest.NewRequest("GET", "http://foo.example?query_param=bar", &body)
-
-	errJson := middleware.PrepareRequestForProxying(endpoint, request)
-	require.Equal(t, true, errJson == nil)
-	assert.Equal(t, "http", request.URL.Scheme)
-	assert.Equal(t, middleware.GatewayAddress, request.URL.Host)
-	assert.Equal(t, "", request.RequestURI)
-}
-
-func TestReadGrpcResponseBody(t *testing.T) {
-	var b bytes.Buffer
-	b.Write([]byte("foo"))
-
-	body, jsonErr := ReadGrpcResponseBody(&b)
-	require.Equal(t, true, jsonErr == nil)
-	assert.Equal(t, "foo", string(body))
-}
-
-func TestHandleGrpcResponseError(t *testing.T) {
-	response := &http.Response{
-		StatusCode: 400,
-		Header: http.Header{
-			"Foo": []string{"foo"},
-			"Bar": []string{"bar"},
-		},
-	}
-	writer := httptest.NewRecorder()
-	errJson := &testErrorJson{
-		Message: "foo",
-		Code:    400,
-	}
-	b, err := json.Marshal(errJson)
-	require.NoError(t, err)
-
-	hasError, e := HandleGrpcResponseError(errJson, response, b, writer)
-	require.Equal(t, true, e == nil)
-	assert.Equal(t, true, hasError)
-	v, ok := writer.Header()["Foo"]
-	require.Equal(t, true, ok, "header not found")
-	require.Equal(t, 1, len(v), "wrong number of header values")
-	assert.Equal(t, "foo", v[0])
-	v, ok = writer.Header()["Bar"]
-	require.Equal(t, true, ok, "header not found")
-	require.Equal(t, 1, len(v), "wrong number of header values")
-	assert.Equal(t, "bar", v[0])
-	assert.Equal(t, 400, errJson.StatusCode())
-}
-
-func TestGrpcResponseIsEmpty(t *testing.T) {
-	t.Run("nil", func(t *testing.T) {
-		assert.Equal(t, true, GrpcResponseIsEmpty(nil))
-	})
-	t.Run("empty_slice", func(t *testing.T) {
-		assert.Equal(t, true, GrpcResponseIsEmpty(make([]byte, 0)))
-	})
-	t.Run("empty_brackets", func(t *testing.T) {
-		assert.Equal(t, true, GrpcResponseIsEmpty([]byte("{}")))
-	})
-	t.Run("non_empty", func(t *testing.T) {
-		assert.Equal(t, false, GrpcResponseIsEmpty([]byte("{\"foo\":\"bar\"})")))
-	})
-}
-
-func TestDeserializeGrpcResponseBodyIntoContainer(t *testing.T) {
-	t.Run("ok", func(t *testing.T) {
-		body, err := json.Marshal(defaultRequestContainer())
-		require.NoError(t, err)
-
-		container := &testRequestContainer{}
-		errJson := DeserializeGrpcResponseBodyIntoContainer(body, container)
-		require.Equal(t, true, errJson == nil)
-		assert.Equal(t, "test string", container.TestString)
-	})
-
-	t.Run("error", func(t *testing.T) {
-		var bodyJson bytes.Buffer
-		bodyJson.Write([]byte("foo"))
-		errJson := DeserializeGrpcResponseBodyIntoContainer(bodyJson.Bytes(), &testRequestContainer{})
-		require.NotNil(t, errJson)
-		assert.Equal(t, true, strings.Contains(errJson.Msg(), "could not unmarshal response"))
-		assert.Equal(t, http.StatusInternalServerError, errJson.StatusCode())
-	})
-}
-
-func TestProcessMiddlewareResponseFields(t *testing.T) {
-	t.Run("Ok", func(t *testing.T) {
-		container := defaultResponseContainer()
-
-		errJson := ProcessMiddlewareResponseFields(container)
-		require.Equal(t, true, errJson == nil)
-		assert.Equal(t, "0x666f6f", container.TestHex)
-		assert.Equal(t, "0x", container.TestEmptyHex)
-		assert.Equal(t, "4196", container.TestUint256)
-		assert.Equal(t, "test enum", container.TestEnum)
-		assert.Equal(t, "1136214245", container.TestTime)
-	})
-
-	t.Run("error", func(t *testing.T) {
-		errJson := ProcessMiddlewareResponseFields("foo")
-		require.NotNil(t, errJson)
-		assert.Equal(t, true, strings.Contains(errJson.Msg(), "could not process response data"))
-		assert.Equal(t, http.StatusInternalServerError, errJson.StatusCode())
-	})
-}
-
-func TestSerializeMiddlewareResponseIntoJson(t *testing.T) {
-	container := defaultResponseContainer()
-	j, errJson := SerializeMiddlewareResponseIntoJson(container)
-	assert.Equal(t, true, errJson == nil)
-	cToDeserialize := &testResponseContainer{}
-	require.NoError(t, json.Unmarshal(j, cToDeserialize))
-	assert.Equal(t, "test string", cToDeserialize.TestString)
-}
-
-func TestWriteMiddlewareResponseHeadersAndBody(t *testing.T) {
-	t.Run("GET", func(t *testing.T) {
-		response := &http.Response{
-			Header: http.Header{
-				"Foo": []string{"foo"},
-				"Grpc-Metadata-" + grpc.HttpCodeMetadataKey: []string{"204"},
-			},
-		}
-		container := defaultResponseContainer()
-		responseJson, err := json.Marshal(container)
-		require.NoError(t, err)
-		writer := httptest.NewRecorder()
-		writer.Body = &bytes.Buffer{}
-
-		errJson := WriteMiddlewareResponseHeadersAndBody(response, responseJson, writer)
-		require.Equal(t, true, errJson == nil)
-		v, ok := writer.Header()["Foo"]
-		require.Equal(t, true, ok, "header not found")
-		require.Equal(t, 1, len(v), "wrong number of header values")
-		assert.Equal(t, "foo", v[0])
-		v, ok = writer.Header()["Content-Length"]
-		require.Equal(t, true, ok, "header not found")
-		require.Equal(t, 1, len(v), "wrong number of header values")
-		assert.Equal(t, "181", v[0])
-		assert.Equal(t, 204, writer.Code)
-		assert.DeepEqual(t, responseJson, writer.Body.Bytes())
-	})
-
-	t.Run("GET_no_grpc_status_code_header", func(t *testing.T) {
-		response := &http.Response{
-			Header:     http.Header{},
-			StatusCode: 204,
-		}
-		container := defaultResponseContainer()
-		responseJson, err := json.Marshal(container)
-		require.NoError(t, err)
-		writer := httptest.NewRecorder()
-
-		errJson := WriteMiddlewareResponseHeadersAndBody(response, responseJson, writer)
-		require.Equal(t, true, errJson == nil)
-		assert.Equal(t, 204, writer.Code)
-	})
-
-	t.Run("GET_invalid_status_code", func(t *testing.T) {
-		response := &http.Response{
-			Header: http.Header{},
-		}
-
-		// Set invalid status code.
-		response.Header["Grpc-Metadata-"+grpc.HttpCodeMetadataKey] = []string{"invalid"}
-
-		container := defaultResponseContainer()
-		responseJson, err := json.Marshal(container)
-		require.NoError(t, err)
-		writer := httptest.NewRecorder()
-
-		errJson := WriteMiddlewareResponseHeadersAndBody(response, responseJson, writer)
-		require.Equal(t, false, errJson == nil)
-		assert.Equal(t, true, strings.Contains(errJson.Msg(), "could not parse status code"))
-		assert.Equal(t, http.StatusInternalServerError, errJson.StatusCode())
-	})
-
-	t.Run("POST", func(t *testing.T) {
-		response := &http.Response{
-			Header:     http.Header{},
-			StatusCode: 204,
-		}
-		container := defaultResponseContainer()
-		responseJson, err := json.Marshal(container)
-		require.NoError(t, err)
-		writer := httptest.NewRecorder()
-
-		errJson := WriteMiddlewareResponseHeadersAndBody(response, responseJson, writer)
-		require.Equal(t, true, errJson == nil)
-		assert.Equal(t, 204, writer.Code)
-	})
-
-	t.Run("POST_with_response_body", func(t *testing.T) {
-		response := &http.Response{
-			Header:     http.Header{},
-			StatusCode: 204,
-		}
-		container := defaultResponseContainer()
-		responseJson, err := json.Marshal(container)
-		require.NoError(t, err)
-		writer := httptest.NewRecorder()
-		writer.Body = &bytes.Buffer{}
-
-		errJson := WriteMiddlewareResponseHeadersAndBody(response, responseJson, writer)
-		require.Equal(t, true, errJson == nil)
-		assert.Equal(t, 204, writer.Code)
-		assert.DeepEqual(t, responseJson, writer.Body.Bytes())
-	})
-
-	t.Run("POST_with_empty_json_body", func(t *testing.T) {
-		response := &http.Response{
-			Header:     http.Header{},
-			StatusCode: 204,
-		}
-		responseJson, err := json.Marshal(struct{}{})
-		require.NoError(t, err)
-		writer := httptest.NewRecorder()
-		writer.Body = &bytes.Buffer{}
-
-		errJson := WriteMiddlewareResponseHeadersAndBody(response, responseJson, writer)
-		require.Equal(t, true, errJson == nil)
-		assert.Equal(t, 204, writer.Code)
-		assert.DeepEqual(t, []byte(nil), writer.Body.Bytes())
-		assert.Equal(t, "0", writer.Header()["Content-Length"][0])
-	})
-}
-
-func TestWriteError(t *testing.T) {
-	t.Run("ok", func(t *testing.T) {
-		responseHeader := http.Header{
-			"Grpc-Metadata-" + grpc.CustomErrorMetadataKey: []string{"{\"CustomField\":\"bar\"}"},
-		}
-		errJson := &testErrorJson{
-			Message: "foo",
-			Code:    500,
-		}
-		writer := httptest.NewRecorder()
-		writer.Body = &bytes.Buffer{}
-
-		WriteError(writer, errJson, responseHeader)
-		v, ok := writer.Header()["Content-Length"]
-		require.Equal(t, true, ok, "header not found")
-		require.Equal(t, 1, len(v), "wrong number of header values")
-		assert.Equal(t, "48", v[0])
-		v, ok = writer.Header()["Content-Type"]
-		require.Equal(t, true, ok, "header not found")
-		require.Equal(t, 1, len(v), "wrong number of header values")
-		assert.Equal(t, "application/json", v[0])
-		assert.Equal(t, 500, writer.Code)
-		eDeserialize := &testErrorJson{}
-		require.NoError(t, json.Unmarshal(writer.Body.Bytes(), eDeserialize))
-		assert.Equal(t, "foo", eDeserialize.Message)
-		assert.Equal(t, 500, eDeserialize.Code)
-		assert.Equal(t, "bar", eDeserialize.CustomField)
-	})
-
-	t.Run("invalid_custom_error_header", func(t *testing.T) {
-		logHook := test.NewGlobal()
-
-		responseHeader := http.Header{
-			"Grpc-Metadata-" + grpc.CustomErrorMetadataKey: []string{"invalid"},
-		}
-
-		WriteError(httptest.NewRecorder(), &testErrorJson{}, responseHeader)
-		assert.LogsContain(t, logHook, "Could not unmarshal custom error message")
-	})
-}

api/gateway/apimiddleware/structs.go

@@ -1,69 +0,0 @@
-package apimiddleware
-
-import (
-	"net/http"
-
-	"github.com/pkg/errors"
-)
-
-// ---------------
-// Error handling.
-// ---------------
-
-// ErrorJson describes common functionality of all JSON error representations.
-type ErrorJson interface {
-	StatusCode() int
-	SetCode(code int)
-	Msg() string
-	SetMsg(msg string)
-}
-
-// DefaultErrorJson is a JSON representation of a simple error value, containing only a message and an error code.
-type DefaultErrorJson struct {
-	Message string `json:"message"`
-	Code    int    `json:"code"`
-}
-
-// InternalServerErrorWithMessage returns a DefaultErrorJson with 500 code and a custom message.
-func InternalServerErrorWithMessage(err error, message string) *DefaultErrorJson {
-	e := errors.Wrapf(err, message)
-	return &DefaultErrorJson{
-		Message: e.Error(),
-		Code:    http.StatusInternalServerError,
-	}
-}
-
-// InternalServerError returns a DefaultErrorJson with 500 code.
-func InternalServerError(err error) *DefaultErrorJson {
-	return &DefaultErrorJson{
-		Message: err.Error(),
-		Code:    http.StatusInternalServerError,
-	}
-}
-
-func TimeoutError() *DefaultErrorJson {
-	return &DefaultErrorJson{
-		Message: "Request timeout",
-		Code:    http.StatusRequestTimeout,
-	}
-}
-
-// StatusCode returns the error's underlying error code.
-func (e *DefaultErrorJson) StatusCode() int {
-	return e.Code
-}
-
-// Msg returns the error's underlying message.
-func (e *DefaultErrorJson) Msg() string {
-	return e.Message
-}
-
-// SetCode sets the error's underlying error code.
-func (e *DefaultErrorJson) SetCode(code int) {
-	e.Code = code
-}
-
-// SetMsg sets the error's underlying message.
-func (e *DefaultErrorJson) SetMsg(msg string) {
-	e.Message = msg
-}

api/gateway/gateway.go

@@ -1,256 +0,0 @@
-// Package gateway defines a grpc-gateway server that serves HTTP-JSON traffic and acts a proxy between HTTP and gRPC.
-package gateway
-
-import (
-	"context"
-	"fmt"
-	"net"
-	"net/http"
-	"path"
-	"strings"
-	"time"
-
-	"github.com/gorilla/mux"
-	gwruntime "github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
-	"github.com/pkg/errors"
-	"github.com/prysmaticlabs/prysm/api/gateway/apimiddleware"
-	"github.com/prysmaticlabs/prysm/runtime"
-	"github.com/rs/cors"
-	"google.golang.org/grpc"
-	"google.golang.org/grpc/connectivity"
-	"google.golang.org/grpc/credentials"
-)
-
-var _ runtime.Service = (*Gateway)(nil)
-
-// PbMux serves grpc-gateway requests for selected patterns using registered protobuf handlers.
-type PbMux struct {
-	Registrations []PbHandlerRegistration // Protobuf registrations to be registered in Mux.
-	Patterns      []string                // URL patterns that will be handled by Mux.
-	Mux           *gwruntime.ServeMux     // The router that will be used for grpc-gateway requests.
-}
-
-// PbHandlerRegistration is a function that registers a protobuf handler.
-type PbHandlerRegistration func(context.Context, *gwruntime.ServeMux, *grpc.ClientConn) error
-
-// MuxHandler is a function that implements the mux handler functionality.
-type MuxHandler func(
-	apiMiddlewareHandler *apimiddleware.ApiProxyMiddleware,
-	h http.HandlerFunc,
-	w http.ResponseWriter,
-	req *http.Request,
-)
-
-// Config parameters for setting up the gateway service.
-type config struct {
-	maxCallRecvMsgSize           uint64
-	remoteCert                   string
-	gatewayAddr                  string
-	remoteAddr                   string
-	allowedOrigins               []string
-	apiMiddlewareEndpointFactory apimiddleware.EndpointFactory
-	muxHandler                   MuxHandler
-	pbHandlers                   []*PbMux
-	router                       *mux.Router
-	timeout                      time.Duration
-}
-
-// Gateway is the gRPC gateway to serve HTTP JSON traffic as a proxy and forward it to the gRPC server.
-type Gateway struct {
-	cfg          *config
-	conn         *grpc.ClientConn
-	server       *http.Server
-	cancel       context.CancelFunc
-	proxy        *apimiddleware.ApiProxyMiddleware
-	ctx          context.Context
-	startFailure error
-}
-
-// New returns a new instance of the Gateway.
-func New(ctx context.Context, opts ...Option) (*Gateway, error) {
-	g := &Gateway{
-		ctx: ctx,
-		cfg: &config{
-			router: mux.NewRouter(),
-		},
-	}
-	for _, opt := range opts {
-		if err := opt(g); err != nil {
-			return nil, err
-		}
-	}
-	return g, nil
-}
-
-// Start the gateway service.
-func (g *Gateway) Start() {
-	ctx, cancel := context.WithCancel(g.ctx)
-	g.cancel = cancel
-
-	conn, err := g.dial(ctx, "tcp", g.cfg.remoteAddr)
-	if err != nil {
-		log.WithError(err).Error("Failed to connect to gRPC server")
-		g.startFailure = err
-		return
-	}
-	g.conn = conn
-
-	for _, h := range g.cfg.pbHandlers {
-		for _, r := range h.Registrations {
-			if err := r(ctx, h.Mux, g.conn); err != nil {
-				log.WithError(err).Error("Failed to register handler")
-				g.startFailure = err
-				return
-			}
-		}
-		for _, p := range h.Patterns {
-			g.cfg.router.PathPrefix(p).Handler(h.Mux)
-		}
-	}
-
-	corsMux := g.corsMiddleware(g.cfg.router)
-
-	if g.cfg.apiMiddlewareEndpointFactory != nil && !g.cfg.apiMiddlewareEndpointFactory.IsNil() {
-		g.registerApiMiddleware()
-	}
-
-	if g.cfg.muxHandler != nil {
-		g.cfg.router.PathPrefix("/").HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			g.cfg.muxHandler(g.proxy, corsMux.ServeHTTP, w, r)
-		})
-	}
-
-	g.server = &http.Server{
-		Addr:    g.cfg.gatewayAddr,
-		Handler: corsMux,
-	}
-
-	go func() {
-		log.WithField("address", g.cfg.gatewayAddr).Info("Starting gRPC gateway")
-		if err := g.server.ListenAndServe(); err != http.ErrServerClosed {
-			log.WithError(err).Error("Failed to start gRPC gateway")
-			g.startFailure = err
-			return
-		}
-	}()
-}
-
-// Status of grpc gateway. Returns an error if this service is unhealthy.
-func (g *Gateway) Status() error {
-	if g.startFailure != nil {
-		return g.startFailure
-	}
-	if s := g.conn.GetState(); s != connectivity.Ready {
-		return fmt.Errorf("grpc server is %s", s)
-	}
-	return nil
-}
-
-// Stop the gateway with a graceful shutdown.
-func (g *Gateway) Stop() error {
-	if g.server != nil {
-		shutdownCtx, shutdownCancel := context.WithTimeout(g.ctx, 2*time.Second)
-		defer shutdownCancel()
-		if err := g.server.Shutdown(shutdownCtx); err != nil {
-			if errors.Is(err, context.DeadlineExceeded) {
-				log.Warn("Existing connections terminated")
-			} else {
-				log.WithError(err).Error("Failed to gracefully shut down server")
-			}
-		}
-	}
-	if g.cancel != nil {
-		g.cancel()
-	}
-	return nil
-}
-
-func (g *Gateway) corsMiddleware(h http.Handler) http.Handler {
-	c := cors.New(cors.Options{
-		AllowedOrigins:   g.cfg.allowedOrigins,
-		AllowedMethods:   []string{http.MethodPost, http.MethodGet, http.MethodDelete, http.MethodOptions},
-		AllowCredentials: true,
-		MaxAge:           600,
-		AllowedHeaders:   []string{"*"},
-	})
-	return c.Handler(h)
-}
-
-const swaggerDir = "proto/prysm/v1alpha1/"
-
-// SwaggerServer returns swagger specification files located under "/swagger/"
-func SwaggerServer() http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		if !strings.HasSuffix(r.URL.Path, ".swagger.json") {
-			log.Debugf("Not found: %s", r.URL.Path)
-			http.NotFound(w, r)
-			return
-		}
-
-		log.Debugf("Serving %s\n", r.URL.Path)
-		p := strings.TrimPrefix(r.URL.Path, "/swagger/")
-		p = path.Join(swaggerDir, p)
-		http.ServeFile(w, r, p)
-	}
-}
-
-// dial the gRPC server.
-func (g *Gateway) dial(ctx context.Context, network, addr string) (*grpc.ClientConn, error) {
-	switch network {
-	case "tcp":
-		return g.dialTCP(ctx, addr)
-	case "unix":
-		return g.dialUnix(ctx, addr)
-	default:
-		return nil, fmt.Errorf("unsupported network type %q", network)
-	}
-}
-
-// dialTCP creates a client connection via TCP.
-// "addr" must be a valid TCP address with a port number.
-func (g *Gateway) dialTCP(ctx context.Context, addr string) (*grpc.ClientConn, error) {
-	security := grpc.WithInsecure()
-	if len(g.cfg.remoteCert) > 0 {
-		creds, err := credentials.NewClientTLSFromFile(g.cfg.remoteCert, "")
-		if err != nil {
-			return nil, err
-		}
-		security = grpc.WithTransportCredentials(creds)
-	}
-	opts := []grpc.DialOption{
-		security,
-		grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(int(g.cfg.maxCallRecvMsgSize))),
-	}
-
-	return grpc.DialContext(ctx, addr, opts...)
-}
-
-// dialUnix creates a client connection via a unix domain socket.
-// "addr" must be a valid path to the socket.
-func (g *Gateway) dialUnix(ctx context.Context, addr string) (*grpc.ClientConn, error) {
-	d := func(addr string, timeout time.Duration) (net.Conn, error) {
-		return net.DialTimeout("unix", addr, timeout)
-	}
-	f := func(ctx context.Context, addr string) (net.Conn, error) {
-		if deadline, ok := ctx.Deadline(); ok {
-			return d(addr, time.Until(deadline))
-		}
-		return d(addr, 0)
-	}
-	opts := []grpc.DialOption{
-		grpc.WithInsecure(),
-		grpc.WithContextDialer(f),
-		grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(int(g.cfg.maxCallRecvMsgSize))),
-	}
-	return grpc.DialContext(ctx, addr, opts...)
-}
-
-func (g *Gateway) registerApiMiddleware() {
-	g.proxy = &apimiddleware.ApiProxyMiddleware{
-		GatewayAddress:  g.cfg.gatewayAddr,
-		EndpointCreator: g.cfg.apiMiddlewareEndpointFactory,
-		Timeout:         g.cfg.timeout,
-	}
-	log.Info("Starting API middleware")
-	g.proxy.Run(g.cfg.router)
-}

api/gateway/gateway_test.go

@@ -1,128 +0,0 @@
-package gateway
-
-import (
-	"context"
-	"flag"
-	"fmt"
-	"net/http"
-	"net/http/httptest"
-	"net/url"
-	"testing"
-
-	"github.com/gorilla/mux"
-	"github.com/prysmaticlabs/prysm/api/gateway/apimiddleware"
-	"github.com/prysmaticlabs/prysm/cmd/beacon-chain/flags"
-	"github.com/prysmaticlabs/prysm/testing/assert"
-	"github.com/prysmaticlabs/prysm/testing/require"
-	logTest "github.com/sirupsen/logrus/hooks/test"
-	"github.com/urfave/cli/v2"
-)
-
-type mockEndpointFactory struct {
-}
-
-func (*mockEndpointFactory) Paths() []string {
-	return []string{}
-}
-
-func (*mockEndpointFactory) Create(_ string) (*apimiddleware.Endpoint, error) {
-	return nil, nil
-}
-
-func (*mockEndpointFactory) IsNil() bool {
-	return false
-}
-
-func TestGateway_Customized(t *testing.T) {
-	r := mux.NewRouter()
-	cert := "cert"
-	origins := []string{"origin"}
-	size := uint64(100)
-	endpointFactory := &mockEndpointFactory{}
-
-	opts := []Option{
-		WithRouter(r),
-		WithRemoteCert(cert),
-		WithAllowedOrigins(origins),
-		WithMaxCallRecvMsgSize(size),
-		WithApiMiddleware(endpointFactory),
-		WithMuxHandler(func(
-			_ *apimiddleware.ApiProxyMiddleware,
-			_ http.HandlerFunc,
-			_ http.ResponseWriter,
-			_ *http.Request,
-		) {
-		}),
-	}
-
-	g, err := New(context.Background(), opts...)
-	require.NoError(t, err)
-
-	assert.Equal(t, r, g.cfg.router)
-	assert.Equal(t, cert, g.cfg.remoteCert)
-	require.Equal(t, 1, len(g.cfg.allowedOrigins))
-	assert.Equal(t, origins[0], g.cfg.allowedOrigins[0])
-	assert.Equal(t, size, g.cfg.maxCallRecvMsgSize)
-	assert.Equal(t, endpointFactory, g.cfg.apiMiddlewareEndpointFactory)
-}
-
-func TestGateway_StartStop(t *testing.T) {
-	hook := logTest.NewGlobal()
-
-	app := cli.App{}
-	set := flag.NewFlagSet("test", 0)
-	ctx := cli.NewContext(&app, set, nil)
-
-	gatewayPort := ctx.Int(flags.GRPCGatewayPort.Name)
-	gatewayHost := ctx.String(flags.GRPCGatewayHost.Name)
-	rpcHost := ctx.String(flags.RPCHost.Name)
-	selfAddress := fmt.Sprintf("%s:%d", rpcHost, ctx.Int(flags.RPCPort.Name))
-	gatewayAddress := fmt.Sprintf("%s:%d", gatewayHost, gatewayPort)
-
-	opts := []Option{
-		WithGatewayAddr(gatewayAddress),
-		WithRemoteAddr(selfAddress),
-		WithMuxHandler(func(
-			_ *apimiddleware.ApiProxyMiddleware,
-			_ http.HandlerFunc,
-			_ http.ResponseWriter,
-			_ *http.Request,
-		) {
-		}),
-	}
-
-	g, err := New(context.Background(), opts...)
-	require.NoError(t, err)
-
-	g.Start()
-	go func() {
-		require.LogsContain(t, hook, "Starting gRPC gateway")
-		require.LogsDoNotContain(t, hook, "Starting API middleware")
-	}()
-	err = g.Stop()
-	require.NoError(t, err)
-}
-
-func TestGateway_NilHandler_NotFoundHandlerRegistered(t *testing.T) {
-	app := cli.App{}
-	set := flag.NewFlagSet("test", 0)
-	ctx := cli.NewContext(&app, set, nil)
-
-	gatewayPort := ctx.Int(flags.GRPCGatewayPort.Name)
-	gatewayHost := ctx.String(flags.GRPCGatewayHost.Name)
-	rpcHost := ctx.String(flags.RPCHost.Name)
-	selfAddress := fmt.Sprintf("%s:%d", rpcHost, ctx.Int(flags.RPCPort.Name))
-	gatewayAddress := fmt.Sprintf("%s:%d", gatewayHost, gatewayPort)
-
-	opts := []Option{
-		WithGatewayAddr(gatewayAddress),
-		WithRemoteAddr(selfAddress),
-	}
-
-	g, err := New(context.Background(), opts...)
-	require.NoError(t, err)
-
-	writer := httptest.NewRecorder()
-	g.cfg.router.ServeHTTP(writer, &http.Request{Method: "GET", Host: "localhost", URL: &url.URL{Path: "/foo"}})
-	assert.Equal(t, http.StatusNotFound, writer.Code)
-}

api/gateway/log.go

@@ -1,5 +0,0 @@
-package gateway
-
-import "github.com/sirupsen/logrus"
-
-var log = logrus.WithField("prefix", "gateway")

api/gateway/options.go

@@ -1,93 +0,0 @@
-package gateway
-
-import (
-	"time"
-
-	"github.com/gorilla/mux"
-	gwruntime "github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
-	"github.com/prysmaticlabs/prysm/api/gateway/apimiddleware"
-)
-
-type Option func(g *Gateway) error
-
-func (g *Gateway) SetRouter(r *mux.Router) *Gateway {
-	g.cfg.router = r
-	return g
-}
-
-func WithPbHandlers(handlers []*PbMux) Option {
-	return func(g *Gateway) error {
-		g.cfg.pbHandlers = handlers
-		return nil
-	}
-}
-
-func WithMuxHandler(m MuxHandler) Option {
-	return func(g *Gateway) error {
-		g.cfg.muxHandler = m
-		return nil
-	}
-}
-
-func WithGatewayAddr(addr string) Option {
-	return func(g *Gateway) error {
-		g.cfg.gatewayAddr = addr
-		return nil
-	}
-}
-
-func WithRemoteAddr(addr string) Option {
-	return func(g *Gateway) error {
-		g.cfg.remoteAddr = addr
-		return nil
-	}
-}
-
-// WithRouter allows adding a custom mux router to the gateway.
-func WithRouter(r *mux.Router) Option {
-	return func(g *Gateway) error {
-		g.cfg.router = r
-		return nil
-	}
-}
-
-// WithAllowedOrigins allows adding a set of allowed origins to the gateway.
-func WithAllowedOrigins(origins []string) Option {
-	return func(g *Gateway) error {
-		g.cfg.allowedOrigins = origins
-		return nil
-	}
-}
-
-// WithRemoteCert allows adding a custom certificate to the gateway,
-func WithRemoteCert(cert string) Option {
-	return func(g *Gateway) error {
-		g.cfg.remoteCert = cert
-		return nil
-	}
-}
-
-// WithMaxCallRecvMsgSize allows specifying the maximum allowed gRPC message size.
-func WithMaxCallRecvMsgSize(size uint64) Option {
-	return func(g *Gateway) error {
-		g.cfg.maxCallRecvMsgSize = size
-		return nil
-	}
-}
-
-// WithApiMiddleware allows adding an API middleware proxy to the gateway.
-func WithApiMiddleware(endpointFactory apimiddleware.EndpointFactory) Option {
-	return func(g *Gateway) error {
-		g.cfg.apiMiddlewareEndpointFactory = endpointFactory
-		return nil
-	}
-}
-
-// WithTimeout allows changing the timeout value for API calls.
-func WithTimeout(seconds uint64) Option {
-	return func(g *Gateway) error {
-		g.cfg.timeout = time.Second * time.Duration(seconds)
-		gwruntime.DefaultContextTimeout = time.Second * time.Duration(seconds)
-		return nil
-	}
-}

api/grpc/BUILD.bazel

@@ -6,7 +6,7 @@ go_library(
         "grpcutils.go",
         "parameters.go",
     ],
-    importpath = "github.com/prysmaticlabs/prysm/api/grpc",
+    importpath = "github.com/prysmaticlabs/prysm/v5/api/grpc",
     visibility = ["//visibility:public"],
     deps = [
         "@com_github_sirupsen_logrus//:go_default_library",
@@ -22,9 +22,7 @@ go_test(
     deps = [
         "//testing/assert:go_default_library",
         "//testing/require:go_default_library",
-        "@com_github_grpc_ecosystem_grpc_gateway_v2//runtime:go_default_library",
         "@com_github_sirupsen_logrus//hooks/test:go_default_library",
-        "@org_golang_google_grpc//:go_default_library",
         "@org_golang_google_grpc//metadata:go_default_library",
     ],
 )

api/grpc/grpcutils.go

@@ -2,8 +2,6 @@ package grpc
 
 import (
 	"context"
-	"encoding/json"
-	"fmt"
 	"strings"
 	"time"
 
@@ -81,16 +79,3 @@ func AppendHeaders(parent context.Context, headers []string) context.Context {
 	}
 	return parent
 }
-
-// AppendCustomErrorHeader sets a CustomErrorMetadataKey gRPC header on the passed in context,
-// using the passed in error data as the header's value. The data is serialized as JSON.
-func AppendCustomErrorHeader(ctx context.Context, errorData interface{}) error {
-	j, err := json.Marshal(errorData)
-	if err != nil {
-		return fmt.Errorf("could not marshal error data into JSON: %w", err)
-	}
-	if err := grpc.SetHeader(ctx, metadata.Pairs(CustomErrorMetadataKey, string(j))); err != nil {
-		return fmt.Errorf("could not set custom error header: %w", err)
-	}
-	return nil
-}

api/grpc/grpcutils_test.go

@@ -2,15 +2,11 @@ package grpc
 
 import (
 	"context"
-	"encoding/json"
-	"strings"
 	"testing"
 
-	"github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
-	"github.com/prysmaticlabs/prysm/testing/assert"
-	"github.com/prysmaticlabs/prysm/testing/require"
+	"github.com/prysmaticlabs/prysm/v5/testing/assert"
+	"github.com/prysmaticlabs/prysm/v5/testing/require"
 	logTest "github.com/sirupsen/logrus/hooks/test"
-	"google.golang.org/grpc"
 	"google.golang.org/grpc/metadata"
 )
 
@@ -62,17 +58,3 @@ func TestAppendHeaders(t *testing.T) {
 		assert.Equal(t, "value=1", md.Get("first")[0])
 	})
 }
-
-func TestAppendCustomErrorHeader(t *testing.T) {
-	stream := &runtime.ServerTransportStream{}
-	ctx := grpc.NewContextWithServerTransportStream(context.Background(), stream)
-	data := &customErrorData{Message: "foo"}
-	require.NoError(t, AppendCustomErrorHeader(ctx, data))
-	// The stream used in test setup sets the metadata key in lowercase.
-	value, ok := stream.Header()[strings.ToLower(CustomErrorMetadataKey)]
-	require.Equal(t, true, ok, "Failed to retrieve custom error metadata value")
-	expected, err := json.Marshal(data)
-	require.NoError(t, err)
-	assert.Equal(t, string(expected), value[0])
-
-}

api/grpc/parameters.go

@@ -6,3 +6,11 @@ const CustomErrorMetadataKey = "Custom-Error"
 
 // HttpCodeMetadataKey is the key to use when setting custom HTTP status codes in gRPC metadata.
 const HttpCodeMetadataKey = "X-Http-Code"
+
+// MetadataPrefix is the prefix for grpc headers on metadata
+const MetadataPrefix = "Grpc-Metadata"
+
+// WithPrefix creates a new string with grpc metadata prefix
+func WithPrefix(value string) string {
+	return MetadataPrefix + "-" + value
+}

api/headers.go

@@ -0,0 +1,20 @@
+package api
+
+import "net/http"
+
+const (
+	VersionHeader                 = "Eth-Consensus-Version"
+	ExecutionPayloadBlindedHeader = "Eth-Execution-Payload-Blinded"
+	ExecutionPayloadValueHeader   = "Eth-Execution-Payload-Value"
+	ConsensusBlockValueHeader     = "Eth-Consensus-Block-Value"
+	JsonMediaType                 = "application/json"
+	OctetStreamMediaType          = "application/octet-stream"
+	EventStreamMediaType          = "text/event-stream"
+	KeepAlive                     = "keep-alive"
+)
+
+// SetSSEHeaders sets the headers needed for a server-sent event response.
+func SetSSEHeaders(w http.ResponseWriter) {
+	w.Header().Set("Content-Type", EventStreamMediaType)
+	w.Header().Set("Connection", KeepAlive)
+}

api/jwt.go

@@ -0,0 +1,32 @@
+package api
+
+import (
+	"github.com/ethereum/go-ethereum/common/hexutil"
+	"github.com/pkg/errors"
+	"github.com/prysmaticlabs/prysm/v5/crypto/rand"
+)
+
+// GenerateRandomHexString generates a random hex string that follows the standards for jwt token
+// used for beacon node -> execution client
+// used for web client -> validator client
+func GenerateRandomHexString() (string, error) {
+	secret := make([]byte, 32)
+	randGen := rand.NewGenerator()
+	n, err := randGen.Read(secret)
+	if err != nil {
+		return "", err
+	} else if n != 32 {
+		return "", errors.New("rand: unexpected length")
+	}
+	return hexutil.Encode(secret), nil
+}
+
+// ValidateAuthToken validating auth token for web
+func ValidateAuthToken(token string) error {
+	b, err := hexutil.Decode(token)
+	// token should be hex-encoded and at least 256 bits
+	if err != nil || len(b) < 32 {
+		return errors.New("invalid auth token: token should be hex-encoded and at least 256 bits")
+	}
+	return nil
+}

api/jwt_test.go

@@ -0,0 +1,13 @@
+package api
+
+import (
+	"testing"
+
+	"github.com/prysmaticlabs/prysm/v5/testing/require"
+)
+
+func TestGenerateRandomHexString(t *testing.T) {
+	token, err := GenerateRandomHexString()
+	require.NoError(t, err)
+	require.NoError(t, ValidateAuthToken(token))
+}

api/pagination/BUILD.bazel

@@ -3,7 +3,7 @@ load("@prysm//tools/go:def.bzl", "go_library", "go_test")
 go_library(
     name = "go_default_library",
     srcs = ["pagination.go"],
-    importpath = "github.com/prysmaticlabs/prysm/api/pagination",
+    importpath = "github.com/prysmaticlabs/prysm/v5/api/pagination",
     visibility = ["//visibility:public"],
     deps = [
         "//config/params:go_default_library",

api/pagination/pagination.go

@@ -6,7 +6,7 @@ import (
 	"strconv"
 
 	"github.com/pkg/errors"
-	"github.com/prysmaticlabs/prysm/config/params"
+	"github.com/prysmaticlabs/prysm/v5/config/params"
 )
 
 // StartAndEndPage takes in the requested page token, wanted page size, total page size.
@@ -15,6 +15,9 @@ func StartAndEndPage(pageToken string, pageSize, totalSize int) (int, int, strin
 	if pageToken == "" {
 		pageToken = "0"
 	}
+	if pageSize < 0 || totalSize < 0 {
+		return 0, 0, "", errors.Errorf("invalid page and total sizes provided: page size %d , total size %d", pageSize, totalSize)
+	}
 	if pageSize == 0 {
 		pageSize = params.BeaconConfig().DefaultPageSize
 	}
@@ -23,6 +26,9 @@ func StartAndEndPage(pageToken string, pageSize, totalSize int) (int, int, strin
 	if err != nil {
 		return 0, 0, "", errors.Wrap(err, "could not convert page token")
 	}
+	if token < 0 {
+		return 0, 0, "", errors.Errorf("invalid token value provided: %d", token)
+	}
 
 	// Start page can not be greater than set size.
 	start := token * pageSize

api/pagination/pagination_test.go

@@ -3,9 +3,9 @@ package pagination_test
 import (
 	"testing"
 
-	"github.com/prysmaticlabs/prysm/api/pagination"
-	"github.com/prysmaticlabs/prysm/testing/assert"
-	"github.com/prysmaticlabs/prysm/testing/require"
+	"github.com/prysmaticlabs/prysm/v5/api/pagination"
+	"github.com/prysmaticlabs/prysm/v5/testing/assert"
+	"github.com/prysmaticlabs/prysm/v5/testing/require"
 )
 
 func TestStartAndEndPage(t *testing.T) {
@@ -85,3 +85,19 @@ func TestStartAndEndPage_ExceedsMaxPage(t *testing.T) {
 	_, _, _, err := pagination.StartAndEndPage("", 0, 0)
 	assert.ErrorContains(t, wanted, err)
 }
+
+func TestStartAndEndPage_InvalidPageValues(t *testing.T) {
+	_, _, _, err := pagination.StartAndEndPage("10", -1, 10)
+	assert.ErrorContains(t, "invalid page and total sizes provided", err)
+
+	_, _, _, err = pagination.StartAndEndPage("12", 10, -10)
+	assert.ErrorContains(t, "invalid page and total sizes provided", err)
+
+	_, _, _, err = pagination.StartAndEndPage("12", -50, -60)
+	assert.ErrorContains(t, "invalid page and total sizes provided", err)
+}
+
+func TestStartAndEndPage_InvalidTokenValue(t *testing.T) {
+	_, _, _, err := pagination.StartAndEndPage("-12", 50, 60)
+	assert.ErrorContains(t, "invalid token value provided", err)
+}

api/server/BUILD.bazel

@@ -0,0 +1,15 @@
+load("@prysm//tools/go:def.bzl", "go_library", "go_test")
+
+go_library(
+    name = "go_default_library",
+    srcs = ["error.go"],
+    importpath = "github.com/prysmaticlabs/prysm/v5/api/server",
+    visibility = ["//visibility:public"],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = ["error_test.go"],
+    embed = [":go_default_library"],
+    deps = ["//testing/assert:go_default_library"],
+)

api/server/error.go

@@ -0,0 +1,47 @@
+package server
+
+import (
+	"errors"
+	"fmt"
+	"strings"
+)
+
+// DecodeError represents an error resulting from trying to decode an HTTP request.
+// It tracks the full field name for which decoding failed.
+type DecodeError struct {
+	path []string
+	err  error
+}
+
+// NewDecodeError wraps an error (either the initial decoding error or another DecodeError).
+// The current field that failed decoding must be passed in.
+func NewDecodeError(err error, field string) *DecodeError {
+	var de *DecodeError
+	ok := errors.As(err, &de)
+	if ok {
+		return &DecodeError{path: append([]string{field}, de.path...), err: de.err}
+	}
+	return &DecodeError{path: []string{field}, err: err}
+}
+
+// Error returns the formatted error message which contains the full field name and the actual decoding error.
+func (e *DecodeError) Error() string {
+	return fmt.Sprintf("could not decode %s: %s", strings.Join(e.path, "."), e.err.Error())
+}
+
+// IndexedVerificationFailureError wraps a collection of verification failures.
+type IndexedVerificationFailureError struct {
+	Message  string                        `json:"message"`
+	Code     int                           `json:"code"`
+	Failures []*IndexedVerificationFailure `json:"failures"`
+}
+
+func (e *IndexedVerificationFailureError) StatusCode() int {
+	return e.Code
+}
+
+// IndexedVerificationFailure represents an issue when verifying a single indexed object e.g. an item in an array.
+type IndexedVerificationFailure struct {
+	Index   int    `json:"index"`
+	Message string `json:"message"`
+}

api/server/error_test.go

@@ -0,0 +1,16 @@
+package server
+
+import (
+	"errors"
+	"testing"
+
+	"github.com/prysmaticlabs/prysm/v5/testing/assert"
+)
+
+func TestDecodeError(t *testing.T) {
+	e := errors.New("not a number")
+	de := NewDecodeError(e, "Z")
+	de = NewDecodeError(de, "Y")
+	de = NewDecodeError(de, "X")
+	assert.Equal(t, "could not decode X.Y.Z: not a number", de.Error())
+}

api/server/httprest/BUILD.bazel

@@ -0,0 +1,31 @@
+load("@prysm//tools/go:def.bzl", "go_library", "go_test")
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "log.go",
+        "options.go",
+        "server.go",
+    ],
+    importpath = "github.com/prysmaticlabs/prysm/v5/api/server/httprest",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//api/server/middleware:go_default_library",
+        "//runtime:go_default_library",
+        "@com_github_pkg_errors//:go_default_library",
+        "@com_github_sirupsen_logrus//:go_default_library",
+    ],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = ["server_test.go"],
+    embed = [":go_default_library"],
+    deps = [
+        "//cmd/beacon-chain/flags:go_default_library",
+        "//testing/assert:go_default_library",
+        "//testing/require:go_default_library",
+        "@com_github_sirupsen_logrus//hooks/test:go_default_library",
+        "@com_github_urfave_cli_v2//:go_default_library",
+    ],
+)

api/server/httprest/log.go

@@ -0,0 +1,5 @@
+package httprest
+
+import "github.com/sirupsen/logrus"
+
+var log = logrus.WithField("prefix", "httprest")

api/server/httprest/options.go

@@ -0,0 +1,44 @@
+package httprest
+
+import (
+	"time"
+
+	"net/http"
+
+	"github.com/prysmaticlabs/prysm/v5/api/server/middleware"
+)
+
+// Option is a http rest server functional parameter type.
+type Option func(g *Server) error
+
+// WithMiddlewares sets the list of middlewares to be applied on routes.
+func WithMiddlewares(mw []middleware.Middleware) Option {
+	return func(g *Server) error {
+		g.cfg.middlewares = mw
+		return nil
+	}
+}
+
+// WithHTTPAddr sets the full address ( host and port ) of the server.
+func WithHTTPAddr(addr string) Option {
+	return func(g *Server) error {
+		g.cfg.httpAddr = addr
+		return nil
+	}
+}
+
+// WithRouter sets the internal router of the server, this is required.
+func WithRouter(r *http.ServeMux) Option {
+	return func(g *Server) error {
+		g.cfg.router = r
+		return nil
+	}
+}
+
+// WithTimeout allows changing the timeout value for API calls.
+func WithTimeout(duration time.Duration) Option {
+	return func(g *Server) error {
+		g.cfg.timeout = duration
+		return nil
+	}
+}