joshstevens19
diff --git a/‎.gitignore‎
Lines changed: 1 addition & 0 deletions b/‎.gitignore‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎README.md‎
Lines changed: 7 additions & 8 deletions b/‎README.md‎
Lines changed: 7 additions & 8 deletions
diff --git a/‎crates/cli/Makefile‎
Lines changed: 2 additions & 0 deletions b/‎crates/cli/Makefile‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎crates/core/Cargo.toml‎
Lines changed: 2 additions & 0 deletions b/‎crates/core/Cargo.toml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎crates/core/src/provider/evm_provider.rs‎
Lines changed: 32 additions & 13 deletions b/‎crates/core/src/provider/evm_provider.rs‎
Lines changed: 32 additions & 13 deletions
diff --git a/‎crates/core/src/provider/mod.rs‎
Lines changed: 24 additions & 1 deletion b/‎crates/core/src/provider/mod.rs‎
Lines changed: 24 additions & 1 deletion
diff --git a/‎crates/core/src/relayer/db/write.rs‎
Lines changed: 13 additions & 0 deletions b/‎crates/core/src/relayer/db/write.rs‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎crates/core/src/startup.rs‎
Lines changed: 1 addition & 0 deletions b/‎crates/core/src/startup.rs‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎crates/core/src/wallet/aws_kms_wallet_manager.rs‎
Lines changed: 9 additions & 8 deletions b/‎crates/core/src/wallet/aws_kms_wallet_manager.rs‎
Lines changed: 9 additions & 8 deletions
diff --git a/‎crates/core/src/wallet/composite_wallet_manager.rs‎
Lines changed: 9 additions & 3 deletions b/‎crates/core/src/wallet/composite_wallet_manager.rs‎
Lines changed: 9 additions & 3 deletions
@@ -39,5 +39,6 @@ playground/**/keystores
 crates/e2e-tests/gcp-service-account.json
 crates/e2e-tests/__TEST_RESULTS__
 crates/e2e-tests/rrelayer.yaml
+*.key
 documentation/rrelayer/docs/dist/**
 documentation/rrelayer/vocs.config.tsx.time*
@@ -3,14 +3,13 @@
 Note rrelayer is brand new and actively underdevelopment, things will change and bugs will exist—if you find any bugs or have any
 feature requests, please open an issue on [github](https://github.com/joshstevens19/rrelayer/issues). 
 
-rrelayer is an opensource powerful, high-performance blockchain transaction relay service built in Rust, designed for seamless
-integration with any EVM-compatible network. This tool transforms complex blockchain interactions into simple REST API calls,
-eliminating the need for applications to manage wallets, transaction queuing, or nonce management. For rrelayer
-supports advanced wallet infrastructure supporting multiple signing providers including AWS KMS hardware security modules,
-Turnkey self-custody solutions, Privy managed wallets, AWS Secrets Manager, GCP Secret Manager, and raw mnemonic development setups.
-It's highly scalable and production-ready, enabling you to build robust Web3 applications with reliability and focus exclusively on
-your business logic. rrelayer has some super cool out-of-the-box features, like automatic top-ups (with safe support), permissions
-config including allowlists, API keys with restricted access, webhooks, rate limiting, and the ability to configure the gas bump blocks.
+rrelayer is an opensource powerful, high-performance blockchain transaction relay service built in Rust, designed for seamless integration with any EVM-compatible network.
+This tool transforms complex blockchain interactions into simple REST API calls, eliminating the need for applications to manage wallets, transaction queuing, or nonce management.
+For rrelayer supports advanced wallet infrastructure supporting multiple signing providers including AWS KMS hardware security modules,
+Turnkey self-custody solutions, Fireblocks enterprise MPC custody, Privy managed wallets, AWS Secrets Manager, GCP Secret Manager, PKCS#11 hardware security modules, and raw mnemonic development setups.
+It's highly scalable and production-ready, enabling you to build robust Web3 applications with reliability and focus exclusively on your business logic.
+rrelayer has some super cool out-of-the-box features, like automatic top-ups (with safe support), permissions config including allowlists, API keys with restricted access,
+webhooks, rate limiting, and the ability to configure the gas bump blocks.
 
 You can get to the full rrelayer documentation [here](https://rrelayer.xyz/).
 
 
@@ -16,6 +16,8 @@ start_base:
 	RUST_BACKTRACE=1 cargo run -- start --path $(CURDIR)/../../playground/base
 start_sepolia:
 	RUST_BACKTRACE=1 cargo run -- start --path $(CURDIR)/../../playground/sepolia
+sepolia_ethereum_fireblocks:
+	RUST_BACKTRACE=1 cargo run -- start --path $(CURDIR)/../../playground/sepolia_ethereum_fireblocks
 
 auth_login:
 	cargo run -- auth login
 
@@ -62,3 +62,5 @@ tower = "0.5.2"
 subtle = "2.6.1"
 cryptoki = "0.10"
 secrecy = "0.8"
+jsonwebtoken = "9.3"
+rsa = "0.9"
@@ -1,12 +1,13 @@
 use crate::gas::BLOB_GAS_PER_BLOB;
 use crate::provider::layer_extensions::RpcLoggingLayer;
 use crate::wallet::{
-    AwsKmsWalletManager, CompositeWalletManager, MnemonicWalletManager, Pkcs11WalletManager,
-    PrivateKeyWalletManager, PrivyWalletManager, TurnkeyWalletManager, WalletError,
-    WalletManagerTrait,
+    AwsKmsWalletManager, CompositeWalletManager, FireblocksWalletManager, MnemonicWalletManager,
+    Pkcs11WalletManager, PrivateKeyWalletManager, PrivyWalletManager, TurnkeyWalletManager,
+    WalletError, WalletManagerTrait,
 };
 use crate::yaml::{
-    AwsKmsSigningProviderConfig, Pkcs11SigningProviderConfig, TurnkeySigningProviderConfig,
+    AwsKmsSigningProviderConfig, FireblocksSigningProviderConfig, Pkcs11SigningProviderConfig,
+    TurnkeySigningProviderConfig,
 };
 use crate::{
     gas::{
@@ -59,6 +60,8 @@ pub struct EvmProvider {
     /// this is in milliseconds (min 250ms)
     pub blocks_every: u64,
     pub confirmations: u64,
+    /// Whether this provider type supports cloning (for clone prevention logic)
+    can_clone: bool,
 }
 
 async fn calculate_block_time_difference(
@@ -161,7 +164,7 @@ impl EvmProvider {
         gas_estimator: Arc<dyn BaseGasFeeEstimator + Send + Sync>,
     ) -> Result<Self, EvmProviderNewError> {
         let wallet_manager = Arc::new(MnemonicWalletManager::new(mnemonic));
-        Self::new_internal(network_setup_config, wallet_manager, gas_estimator).await
+        Self::new_internal(network_setup_config, wallet_manager, gas_estimator, true).await
     }
 
     pub async fn new_with_privy(
@@ -172,7 +175,7 @@ impl EvmProvider {
     ) -> Result<Self, EvmProviderNewError> {
         let privy_manager = PrivyWalletManager::new(app_id, app_secret).await?;
         let wallet_manager = Arc::new(privy_manager);
-        Self::new_internal(network_setup_config, wallet_manager, gas_estimator).await
+        Self::new_internal(network_setup_config, wallet_manager, gas_estimator, true).await
     }
 
     pub async fn new_with_aws_kms(
@@ -181,7 +184,7 @@ impl EvmProvider {
         gas_estimator: Arc<dyn BaseGasFeeEstimator + Send + Sync>,
     ) -> Result<Self, EvmProviderNewError> {
         let wallet_manager = Arc::new(AwsKmsWalletManager::new(aws_kms_config));
-        Self::new_internal(network_setup_config, wallet_manager, gas_estimator).await
+        Self::new_internal(network_setup_config, wallet_manager, gas_estimator, true).await
     }
 
     pub async fn new_with_turnkey(
@@ -191,7 +194,7 @@ impl EvmProvider {
     ) -> Result<Self, EvmProviderNewError> {
         let turnkey_manager = TurnkeyWalletManager::new(turnkey_config).await?;
         let wallet_manager = Arc::new(turnkey_manager);
-        Self::new_internal(network_setup_config, wallet_manager, gas_estimator).await
+        Self::new_internal(network_setup_config, wallet_manager, gas_estimator, true).await
     }
 
     pub async fn new_with_private_keys(
@@ -200,7 +203,7 @@ impl EvmProvider {
         gas_estimator: Arc<dyn BaseGasFeeEstimator + Send + Sync>,
     ) -> Result<Self, EvmProviderNewError> {
         let wallet_manager = Arc::new(PrivateKeyWalletManager::new(private_keys));
-        Self::new_internal(network_setup_config, wallet_manager, gas_estimator).await
+        Self::new_internal(network_setup_config, wallet_manager, gas_estimator, false).await
     }
 
     pub async fn new_with_pkcs11(
@@ -209,7 +212,17 @@ impl EvmProvider {
         gas_estimator: Arc<dyn BaseGasFeeEstimator + Send + Sync>,
     ) -> Result<Self, EvmProviderNewError> {
         let wallet_manager = Arc::new(Pkcs11WalletManager::new(pkcs11_config)?);
-        Self::new_internal(network_setup_config, wallet_manager, gas_estimator).await
+        Self::new_internal(network_setup_config, wallet_manager, gas_estimator, true).await
+    }
+
+    pub async fn new_with_fireblocks(
+        network_setup_config: &NetworkSetupConfig,
+        fireblocks_config: FireblocksSigningProviderConfig,
+        gas_estimator: Arc<dyn BaseGasFeeEstimator + Send + Sync>,
+    ) -> Result<Self, EvmProviderNewError> {
+        let fireblocks_manager = FireblocksWalletManager::new(fireblocks_config).await?;
+        let wallet_manager = Arc::new(fireblocks_manager);
+        Self::new_internal(network_setup_config, wallet_manager, gas_estimator, false).await
     }
 
     pub async fn new_with_composite(
@@ -224,13 +237,14 @@ impl EvmProvider {
 
         let wallet_manager =
             Arc::new(CompositeWalletManager::new(primary_manager, private_key_manager));
-        Self::new_internal(network_setup_config, wallet_manager, gas_estimator).await
+        Self::new_internal(network_setup_config, wallet_manager, gas_estimator, true).await
     }
 
     async fn new_internal(
         network_setup_config: &NetworkSetupConfig,
         wallet_manager: Arc<dyn WalletManagerTrait>,
         gas_estimator: Arc<dyn BaseGasFeeEstimator + Send + Sync>,
+        can_clone: bool,
     ) -> Result<Self, EvmProviderNewError> {
         let provider =
             create_retry_client(&network_setup_config.provider_urls[0]).await.map_err(|e| {
@@ -262,6 +276,7 @@ impl EvmProvider {
             name: network_setup_config.name.to_string(),
             provider_urls: network_setup_config.provider_urls.to_owned(),
             confirmations: network_setup_config.confirmations.unwrap_or(12),
+            can_clone,
         })
     }
 
@@ -279,6 +294,10 @@ impl EvmProvider {
         self.wallet_manager.get_address(wallet_index, &self.chain_id).await
     }
 
+    pub fn can_clone(&self) -> bool {
+        self.can_clone
+    }
+
     pub async fn get_receipt(
         &self,
         transaction_hash: &TransactionHash,
@@ -361,15 +380,15 @@ impl EvmProvider {
         wallet_index: &u32,
         text: &str,
     ) -> Result<Signature, WalletError> {
-        self.wallet_manager.sign_text(*wallet_index, text).await
+        self.wallet_manager.sign_text(*wallet_index, text, &self.chain_id).await
     }
 
     pub async fn sign_typed_data(
         &self,
         wallet_index: &u32,
         typed_data: &TypedData,
     ) -> Result<Signature, WalletError> {
-        self.wallet_manager.sign_typed_data(*wallet_index, typed_data).await
+        self.wallet_manager.sign_typed_data(*wallet_index, typed_data, &self.chain_id).await
     }
 
     pub async fn estimate_gas(
 
@@ -67,7 +67,10 @@ pub async fn load_providers(
             || signing_key.aws_kms.is_some()
             || signing_key.turnkey.is_some()
             || signing_key.pkcs11.is_some()
-            || signing_key.raw.is_some();
+            || signing_key.fireblocks.is_some()
+            || signing_key.raw.is_some()
+            || signing_key.aws_secret_manager.is_some()
+            || signing_key.gcp_secret_manager.is_some();
 
         // If we only have private keys and no main signing provider, use private key manager only
         if private_key_strings.is_some() && !has_main_signing_provider {
@@ -168,6 +171,26 @@ pub async fn load_providers(
                 )
                 .await?
             }
+        } else if let Some(fireblocks) = &signing_key.fireblocks {
+            if private_key_strings.is_some() {
+                let fireblocks_manager = std::sync::Arc::new(
+                    crate::wallet::FireblocksWalletManager::new(fireblocks.clone()).await?,
+                );
+                EvmProvider::new_with_composite(
+                    config,
+                    fireblocks_manager,
+                    private_key_strings,
+                    get_gas_estimator(&config.provider_urls, setup_config, config).await?,
+                )
+                .await?
+            } else {
+                EvmProvider::new_with_fireblocks(
+                    config,
+                    fireblocks.clone(),
+                    get_gas_estimator(&config.provider_urls, setup_config, config).await?,
+                )
+                .await?
+            }
         } else {
             let mnemonic = get_mnemonic_from_signing_key(project_path, signing_key).await?;
 
 
@@ -29,6 +29,9 @@ pub enum CreateRelayerError {
 
     #[error("Cannot clone private key relayer '{0}' - private key relayers are automatically imported on all networks")]
     CannotClonePrivateKeyRelayer(String),
+
+    #[error("Cannot clone relayer '{0}' - provider type does not support cloning")]
+    CannotCloneProviderRelayer(String),
 }
 
 impl From<CreateRelayerError> for HttpError {
@@ -40,6 +43,9 @@ impl From<CreateRelayerError> for HttpError {
             CreateRelayerError::CannotClonePrivateKeyRelayer(_) => {
                 crate::shared::bad_request(value.to_string())
             }
+            CreateRelayerError::CannotCloneProviderRelayer(_) => {
+                crate::shared::bad_request(value.to_string())
+            }
             _ => internal_server_error(Some(value.to_string())),
         }
     }
@@ -84,6 +90,13 @@ impl PostgresClient {
                     ));
                 }
 
+                // Prevent cloning providers that don't support cloning (e.g., Fireblocks)
+                if !evm_provider.can_clone() {
+                    return Err(CreateRelayerError::CannotCloneProviderRelayer(
+                        source_relayer.name.clone(),
+                    ));
+                }
+
                 let wallet_index = source_relayer.wallet_index;
                 let address = evm_provider
                     .create_wallet(source_relayer.wallet_index_type().index())
 
@@ -190,6 +190,7 @@ async fn start_api(
                 && signing_provider.aws_kms.is_none()
                 && signing_provider.turnkey.is_none()
                 && signing_provider.pkcs11.is_none()
+                && signing_provider.fireblocks.is_none()
             {
                 Some(network_config.chain_id)
             } else {
 
@@ -417,10 +417,13 @@ impl WalletManagerTrait for AwsKmsWalletManager {
         Ok(signature)
     }
 
-    async fn sign_text(&self, wallet_index: u32, text: &str) -> Result<Signature, WalletError> {
-        // For text signing, we use chain ID 1 as default since it's not chain-specific
-        let default_chain_id = ChainId::new(1);
-        let signer = self.get_or_initialize_signer(wallet_index, &default_chain_id).await?;
+    async fn sign_text(
+        &self,
+        wallet_index: u32,
+        text: &str,
+        chain_id: &ChainId,
+    ) -> Result<Signature, WalletError> {
+        let signer = self.get_or_initialize_signer(wallet_index, chain_id).await?;
         let signature = signer.sign_message(text.as_bytes()).await?;
         Ok(signature)
     }
@@ -429,11 +432,9 @@ impl WalletManagerTrait for AwsKmsWalletManager {
         &self,
         wallet_index: u32,
         typed_data: &TypedData,
+        chain_id: &ChainId,
     ) -> Result<Signature, WalletError> {
-        // For typed data signing, we use chain ID from the typed data or default to 1
-        let chain_id_u64 = typed_data.domain().chain_id.map(|id| id.to::<u64>()).unwrap_or(1);
-        let chain_id = ChainId::new(chain_id_u64);
-        let signer = self.get_or_initialize_signer(wallet_index, &chain_id).await?;
+        let signer = self.get_or_initialize_signer(wallet_index, chain_id).await?;
 
         let hash = typed_data.eip712_signing_hash()?;
         let signature = signer.sign_hash(&hash).await?;
 
@@ -80,18 +80,24 @@ impl WalletManagerTrait for CompositeWalletManager {
         manager.sign_transaction(wallet_index, transaction, chain_id).await
     }
 
-    async fn sign_text(&self, wallet_index: u32, text: &str) -> Result<Signature, WalletError> {
+    async fn sign_text(
+        &self,
+        wallet_index: u32,
+        text: &str,
+        chain_id: &ChainId,
+    ) -> Result<Signature, WalletError> {
         let manager = self.get_manager_for_index(wallet_index)?;
-        manager.sign_text(wallet_index, text).await
+        manager.sign_text(wallet_index, text, chain_id).await
     }
 
     async fn sign_typed_data(
         &self,
         wallet_index: u32,
         typed_data: &TypedData,
+        chain_id: &ChainId,
     ) -> Result<Signature, WalletError> {
         let manager = self.get_manager_for_index(wallet_index)?;
-        manager.sign_typed_data(wallet_index, typed_data).await
+        manager.sign_typed_data(wallet_index, typed_data, chain_id).await
     }
 
     fn supports_blobs(&self) -> bool {
Original file line number	Diff line number	Diff line change
`@@ -29,6 +29,9 @@ pub enum CreateRelayerError {`
`29`	`29`
`30`	`30`	`#[error("Cannot clone private key relayer '{0}' - private key relayers are automatically imported on all networks")]`
`31`	`31`	`CannotClonePrivateKeyRelayer(String),`
	`32`	`+`
	`33`	`+ #[error("Cannot clone relayer '{0}' - provider type does not support cloning")]`
	`34`	`+ CannotCloneProviderRelayer(String),`
`32`	`35`	`}`
`33`	`36`
`34`	`37`	`impl From<CreateRelayerError> for HttpError {`
`@@ -40,6 +43,9 @@ impl From<CreateRelayerError> for HttpError {`
`40`	`43`	`CreateRelayerError::CannotClonePrivateKeyRelayer(_) => {`
`41`	`44`	`crate::shared::bad_request(value.to_string())`
`42`	`45`	`}`
	`46`	`+ CreateRelayerError::CannotCloneProviderRelayer(_) => {`
	`47`	`+ crate::shared::bad_request(value.to_string())`
	`48`	`+ }`
`43`	`49`	`_ => internal_server_error(Some(value.to_string())),`
`44`	`50`	`}`
`45`	`51`	`}`
`@@ -84,6 +90,13 @@ impl PostgresClient {`
`84`	`90`	`));`
`85`	`91`	`}`
`86`	`92`
	`93`	`+ // Prevent cloning providers that don't support cloning (e.g., Fireblocks)`
	`94`	`+ if !evm_provider.can_clone() {`
	`95`	`+ return Err(CreateRelayerError::CannotCloneProviderRelayer(`
	`96`	`+ source_relayer.name.clone(),`
	`97`	`+ ));`
	`98`	`+ }`
	`99`	`+`
`87`	`100`	`let wallet_index = source_relayer.wallet_index;`
`88`	`101`	`let address = evm_provider`
`89`	`102`	`.create_wallet(source_relayer.wallet_index_type().index())`
Original file line number	Diff line number	Diff line change
`@@ -190,6 +190,7 @@ async fn start_api(`
`190`	`190`	`&& signing_provider.aws_kms.is_none()`
`191`	`191`	`&& signing_provider.turnkey.is_none()`
`192`	`192`	`&& signing_provider.pkcs11.is_none()`
	`193`	`+ && signing_provider.fireblocks.is_none()`
`193`	`194`	`{`
`194`	`195`	`Some(network_config.chain_id)`
`195`	`196`	`} else {`