diff --git a/op-acceptance-tests/tests/batcher_consensus/batcher_consensus_test.go b/op-acceptance-tests/tests/batcher_consensus/batcher_consensus_test.go
new file mode 100644
index 00000000000..f21f740fe97
--- /dev/null
+++ b/op-acceptance-tests/tests/batcher_consensus/batcher_consensus_test.go
@@ -0,0 +1,47 @@
+package batcher_consensus
+
+import (
+	"testing"
+
+	batcher "github.com/ethereum-optimism/optimism/op-batcher/batcher"
+	batcherFlags "github.com/ethereum-optimism/optimism/op-batcher/flags"
+	"github.com/ethereum-optimism/optimism/op-devstack/devtest"
+	"github.com/ethereum-optimism/optimism/op-devstack/presets"
+	"github.com/ethereum-optimism/optimism/op-devstack/sysgo"
+	"github.com/ethereum-optimism/optimism/op-service/eth"
+	supervisortypes "github.com/ethereum-optimism/optimism/op-supervisor/supervisor/types"
+)
+
+func newBatchConsensusPOC(t devtest.T, proofValid bool) *presets.Minimal {
+	return presets.NewMinimalNoFaultProofs(t,
+		presets.WithDeployerOptions(sysgo.WithEcotoneAtGenesis),
+		presets.WithBatchConsensusMockVerifier(sysgo.DefaultBatchConsensusMockVerifierAddress),
+		presets.WithBatchConsensusCommonwareSidecarResult(proofValid),
+		presets.WithBatcherOption(func(_ sysgo.ComponentTarget, cfg *batcher.CLIConfig) {
+			cfg.DataAvailabilityType = batcherFlags.BlobsType
+		}),
+	)
+}
+
+func TestBatchConsensusValidProofAdvancesSafeHead(gt *testing.T) {
+	t := devtest.ParallelT(gt)
+	sys := newBatchConsensusPOC(t, true)
+
+	alice := sys.FunderL2.NewFundedEOA(eth.OneHundredthEther)
+	bob := sys.Wallet.NewEOA(sys.L2EL)
+	alice.Transfer(bob.Address(), eth.OneWei)
+
+	sys.L2CL.Advanced(supervisortypes.LocalSafe, 1, 60)
+}
+
+func TestBatchConsensusInvalidProofDoesNotAdvanceSafeHead(gt *testing.T) {
+	t := devtest.ParallelT(gt)
+	sys := newBatchConsensusPOC(t, false)
+
+	alice := sys.FunderL2.NewFundedEOA(eth.OneHundredthEther)
+	bob := sys.Wallet.NewEOA(sys.L2EL)
+	alice.Transfer(bob.Address(), eth.OneWei)
+
+	sys.L2CL.Advanced(supervisortypes.LocalUnsafe, 1, 30)
+	sys.L2CL.NotAdvanced(supervisortypes.LocalSafe, 10)
+}
diff --git a/op-batcher-consensus-sidecar/.gitignore b/op-batcher-consensus-sidecar/.gitignore
new file mode 100644
index 00000000000..2f7896d1d13
--- /dev/null
+++ b/op-batcher-consensus-sidecar/.gitignore
@@ -0,0 +1 @@
+target/
diff --git a/op-batcher-consensus-sidecar/Cargo.lock b/op-batcher-consensus-sidecar/Cargo.lock
new file mode 100644
index 00000000000..5f0e7920e1d
--- /dev/null
+++ b/op-batcher-consensus-sidecar/Cargo.lock
@@ -0,0 +1,3477 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+version = 4
+
+[[package]]
+name = "aead"
+version = "0.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d122413f284cf2d62fb1b7db97e02edb8cda96d769b16e443a4f6195e35662b0"
+dependencies = [
+ "crypto-common",
+ "generic-array",
+]
+
+[[package]]
+name = "ahash"
+version = "0.8.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5a15f179cd60c4584b8a8c596927aadc462e27f2ca70c04e0071964a73ba7a75"
+dependencies = [
+ "cfg-if",
+ "getrandom 0.3.4",
+ "once_cell",
+ "version_check",
+ "zerocopy",
+]
+
+[[package]]
+name = "aho-corasick"
+version = "1.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ddd31a130427c27518df266943a5308ed92d4b226cc639f5a8f1002816174301"
+dependencies = [
+ "memchr",
+]
+
+[[package]]
+name = "allocator-api2"
+version = "0.2.21"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "683d7910e743518b0e34f1186f92494becacb047c7b6bf616c96772180fef923"
+
+[[package]]
+name = "anes"
+version = "0.1.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4b46cbb362ab8752921c97e041f5e366ee6297bd428a31275b9fcf1e380f7299"
+
+[[package]]
+name = "anstyle"
+version = "1.0.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "940b3a0ca603d1eade50a4846a2afffd5ef57a9feac2c0e2ec2e14f9ead76000"
+
+[[package]]
+name = "anyhow"
+version = "1.0.102"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7f202df86484c868dbad7eaa557ef785d5c66295e41b460ef922eca0723b842c"
+
+[[package]]
+name = "arrayref"
+version = "0.3.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "76a2e8124351fda1ef8aaaa3bbd7ebbcb486bbcd4225aca0aa0d84bb2db8fecb"
+
+[[package]]
+name = "arrayvec"
+version = "0.7.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7c02d123df017efcdfbd739ef81735b36c5ba83ec3c59c80a9d7ecc718f92e50"
+dependencies = [
+ "zeroize",
+]
+
+[[package]]
+name = "async-trait"
+version = "0.1.89"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9035ad2d096bed7955a320ee7e2230574d28fd3c3a0f186cbea1ff3c7eed5dbb"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "atomic-waker"
+version = "1.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0"
+
+[[package]]
+name = "autocfg"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8"
+
+[[package]]
+name = "aws-lc-rs"
+version = "1.17.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5ec2f1fc3ec205783a5da9a7e6c1509cc69dedf09a1949e412c1e18469326d00"
+dependencies = [
+ "aws-lc-sys",
+ "untrusted",
+ "zeroize",
+]
+
+[[package]]
+name = "aws-lc-sys"
+version = "0.41.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1a2f9779ce85b93ab6170dd940ad0169b5766ff848247aff13bb788b832fe3f4"
+dependencies = [
+ "cc",
+ "cmake",
+ "dunce",
+ "fs_extra",
+]
+
+[[package]]
+name = "axum"
+version = "0.8.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "31b698c5f9a010f6573133b09e0de5408834d0c82f8d7475a89fc1867a71cd90"
+dependencies = [
+ "axum-core",
+ "bytes",
+ "form_urlencoded",
+ "futures-util",
+ "http",
+ "http-body",
+ "http-body-util",
+ "hyper",
+ "hyper-util",
+ "itoa",
+ "matchit",
+ "memchr",
+ "mime",
+ "percent-encoding",
+ "pin-project-lite",
+ "serde_core",
+ "serde_json",
+ "serde_path_to_error",
+ "serde_urlencoded",
+ "sync_wrapper",
+ "tokio",
+ "tower",
+ "tower-layer",
+ "tower-service",
+ "tracing",
+]
+
+[[package]]
+name = "axum-core"
+version = "0.5.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "08c78f31d7b1291f7ee735c1c6780ccde7785daae9a9206026862dab7d8792d1"
+dependencies = [
+ "bytes",
+ "futures-core",
+ "http",
+ "http-body",
+ "http-body-util",
+ "mime",
+ "pin-project-lite",
+ "sync_wrapper",
+ "tower-layer",
+ "tower-service",
+ "tracing",
+]
+
+[[package]]
+name = "base16ct"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf"
+
+[[package]]
+name = "base64"
+version = "0.22.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6"
+
+[[package]]
+name = "base64ct"
+version = "1.8.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2af50177e190e07a26ab74f8b1efbfe2ef87da2116221318cb1c2e82baf7de06"
+
+[[package]]
+name = "bitflags"
+version = "2.11.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c4512299f36f043ab09a583e57bceb5a5aab7a73db1805848e8fef3c9e8c78b3"
+
+[[package]]
+name = "blake3"
+version = "1.8.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0aa83c34e62843d924f905e0f5c866eb1dd6545fc4d719e803d9ba6030371fce"
+dependencies = [
+ "arrayref",
+ "arrayvec",
+ "cc",
+ "cfg-if",
+ "constant_time_eq",
+ "cpufeatures 0.3.0",
+ "zeroize",
+]
+
+[[package]]
+name = "block-buffer"
+version = "0.10.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71"
+dependencies = [
+ "generic-array",
+]
+
+[[package]]
+name = "blst"
+version = "0.3.16"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dcdb4c7013139a150f9fc55d123186dbfaba0d912817466282c73ac49e71fb45"
+dependencies = [
+ "cc",
+ "glob",
+ "threadpool",
+ "zeroize",
+]
+
+[[package]]
+name = "bumpalo"
+version = "3.20.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5d20789868f4b01b2f2caec9f5c4e0213b41e3e5702a50157d699ae31ced2fcb"
+
+[[package]]
+name = "bytes"
+version = "1.11.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33"
+
+[[package]]
+name = "cast"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "37b2a672a2cb129a2e41c10b1224bb368f9f37a2b16b612598138befd7b37eb5"
+
+[[package]]
+name = "cc"
+version = "1.2.62"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a1dce859f0832a7d088c4f1119888ab94ef4b5d6795d1ce05afb7fe159d79f98"
+dependencies = [
+ "find-msvc-tools",
+ "jobserver",
+ "libc",
+ "shlex",
+]
+
+[[package]]
+name = "cfg-if"
+version = "1.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801"
+
+[[package]]
+name = "chacha20"
+version = "0.9.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c3613f74bd2eac03dad61bd53dbe620703d4371614fe0bc3b9f04dd36fe4e818"
+dependencies = [
+ "cfg-if",
+ "cipher",
+ "cpufeatures 0.2.17",
+]
+
+[[package]]
+name = "chacha20poly1305"
+version = "0.10.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "10cd79432192d1c0f4e1a0fef9527696cc039165d729fb41b3f4f4f354c2dc35"
+dependencies = [
+ "aead",
+ "chacha20",
+ "cipher",
+ "poly1305",
+ "zeroize",
+]
+
+[[package]]
+name = "ciborium"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "42e69ffd6f0917f5c029256a24d0161db17cea3997d185db0d35926308770f0e"
+dependencies = [
+ "ciborium-io",
+ "ciborium-ll",
+ "serde",
+]
+
+[[package]]
+name = "ciborium-io"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "05afea1e0a06c9be33d539b876f1ce3692f4afea2cb41f740e7743225ed1c757"
+
+[[package]]
+name = "ciborium-ll"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "57663b653d948a338bfb3eeba9bb2fd5fcfaecb9e199e87e1eda4d9e8b240fd9"
+dependencies = [
+ "ciborium-io",
+ "half",
+]
+
+[[package]]
+name = "cipher"
+version = "0.4.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad"
+dependencies = [
+ "crypto-common",
+ "inout",
+ "zeroize",
+]
+
+[[package]]
+name = "clap"
+version = "4.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1ddb117e43bbf7dacf0a4190fef4d345b9bad68dfc649cb349e7d17d28428e51"
+dependencies = [
+ "clap_builder",
+]
+
+[[package]]
+name = "clap_builder"
+version = "4.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "714a53001bf66416adb0e2ef5ac857140e7dc3a0c48fb28b2f10762fc4b5069f"
+dependencies = [
+ "anstyle",
+ "clap_lex",
+]
+
+[[package]]
+name = "clap_lex"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c8d4a3bb8b1e0c1050499d1815f5ab16d04f0959b233085fb31653fbfc9d98f9"
+
+[[package]]
+name = "cmake"
+version = "0.1.58"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c0f78a02292a74a88ac736019ab962ece0bc380e3f977bf72e376c5d78ff0678"
+dependencies = [
+ "cc",
+]
+
+[[package]]
+name = "cmov"
+version = "0.5.0-pre.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5417da527aa9bf6a1e10a781231effd1edd3ee82f27d5f8529ac9b279babce96"
+
+[[package]]
+name = "commonware-actor"
+version = "2026.4.0"
+source = "git+https://github.com/commonwarexyz/monorepo?rev=468b7a9a40d531bf1cb6f2536bc25abb917ab850#468b7a9a40d531bf1cb6f2536bc25abb917ab850"
+dependencies = [
+ "cfg-if",
+ "commonware-macros",
+ "commonware-runtime",
+ "crossbeam-queue",
+ "futures-util",
+ "parking_lot",
+]
+
+[[package]]
+name = "commonware-broadcast"
+version = "2026.4.0"
+source = "git+https://github.com/commonwarexyz/monorepo?rev=468b7a9a40d531bf1cb6f2536bc25abb917ab850#468b7a9a40d531bf1cb6f2536bc25abb917ab850"
+dependencies = [
+ "commonware-actor",
+ "commonware-codec",
+ "commonware-cryptography",
+ "commonware-macros",
+ "commonware-p2p",
+ "commonware-runtime",
+ "commonware-utils",
+ "thiserror",
+ "tracing",
+]
+
+[[package]]
+name = "commonware-codec"
+version = "2026.4.0"
+source = "git+https://github.com/commonwarexyz/monorepo?rev=468b7a9a40d531bf1cb6f2536bc25abb917ab850#468b7a9a40d531bf1cb6f2536bc25abb917ab850"
+dependencies = [
+ "bytes",
+ "cfg-if",
+ "commonware-macros",
+ "paste",
+ "rand 0.8.6",
+ "rand_chacha 0.3.1",
+ "thiserror",
+]
+
+[[package]]
+name = "commonware-coding"
+version = "2026.4.0"
+source = "git+https://github.com/commonwarexyz/monorepo?rev=468b7a9a40d531bf1cb6f2536bc25abb917ab850#468b7a9a40d531bf1cb6f2536bc25abb917ab850"
+dependencies = [
+ "bytes",
+ "commonware-codec",
+ "commonware-cryptography",
+ "commonware-macros",
+ "commonware-math",
+ "commonware-parallel",
+ "commonware-storage",
+ "commonware-utils",
+ "num-rational",
+ "rand 0.8.6",
+ "rand_core 0.6.4",
+ "rayon",
+ "reed-solomon-simd",
+ "thiserror",
+]
+
+[[package]]
+name = "commonware-consensus"
+version = "2026.4.0"
+source = "git+https://github.com/commonwarexyz/monorepo?rev=468b7a9a40d531bf1cb6f2536bc25abb917ab850#468b7a9a40d531bf1cb6f2536bc25abb917ab850"
+dependencies = [
+ "bytes",
+ "cfg-if",
+ "commonware-actor",
+ "commonware-broadcast",
+ "commonware-codec",
+ "commonware-coding",
+ "commonware-cryptography",
+ "commonware-formatting",
+ "commonware-macros",
+ "commonware-math",
+ "commonware-p2p",
+ "commonware-parallel",
+ "commonware-resolver",
+ "commonware-runtime",
+ "commonware-storage",
+ "commonware-utils",
+ "futures",
+ "pin-project",
+ "rand 0.8.6",
+ "rand_core 0.6.4",
+ "rand_distr",
+ "rayon",
+ "thiserror",
+ "tracing",
+]
+
+[[package]]
+name = "commonware-cryptography"
+version = "2026.4.0"
+source = "git+https://github.com/commonwarexyz/monorepo?rev=468b7a9a40d531bf1cb6f2536bc25abb917ab850#468b7a9a40d531bf1cb6f2536bc25abb917ab850"
+dependencies = [
+ "anyhow",
+ "aws-lc-rs",
+ "blake3",
+ "blst",
+ "bytes",
+ "cfg-if",
+ "chacha20poly1305",
+ "commonware-codec",
+ "commonware-formatting",
+ "commonware-macros",
+ "commonware-math",
+ "commonware-parallel",
+ "commonware-utils",
+ "crc-fast",
+ "ctutils",
+ "curve25519-dalek",
+ "ecdsa",
+ "getrandom 0.2.17",
+ "num-rational",
+ "num-traits",
+ "p256",
+ "rand 0.8.6",
+ "rand_chacha 0.3.1",
+ "rand_core 0.6.4",
+ "sha2",
+ "thiserror",
+ "x25519-dalek",
+ "zeroize",
+]
+
+[[package]]
+name = "commonware-formatting"
+version = "2026.4.0"
+source = "git+https://github.com/commonwarexyz/monorepo?rev=468b7a9a40d531bf1cb6f2536bc25abb917ab850#468b7a9a40d531bf1cb6f2536bc25abb917ab850"
+dependencies = [
+ "commonware-macros",
+ "const-hex",
+]
+
+[[package]]
+name = "commonware-macros"
+version = "2026.4.0"
+source = "git+https://github.com/commonwarexyz/monorepo?rev=468b7a9a40d531bf1cb6f2536bc25abb917ab850#468b7a9a40d531bf1cb6f2536bc25abb917ab850"
+dependencies = [
+ "commonware-macros-impl",
+ "tokio",
+]
+
+[[package]]
+name = "commonware-macros-impl"
+version = "2026.4.0"
+source = "git+https://github.com/commonwarexyz/monorepo?rev=468b7a9a40d531bf1cb6f2536bc25abb917ab850#468b7a9a40d531bf1cb6f2536bc25abb917ab850"
+dependencies = [
+ "proc-macro-crate",
+ "proc-macro2",
+ "quote",
+ "syn",
+ "toml",
+]
+
+[[package]]
+name = "commonware-math"
+version = "2026.4.0"
+source = "git+https://github.com/commonwarexyz/monorepo?rev=468b7a9a40d531bf1cb6f2536bc25abb917ab850#468b7a9a40d531bf1cb6f2536bc25abb917ab850"
+dependencies = [
+ "bytes",
+ "commonware-codec",
+ "commonware-macros",
+ "commonware-parallel",
+ "commonware-utils",
+ "rand_core 0.6.4",
+]
+
+[[package]]
+name = "commonware-p2p"
+version = "2026.4.0"
+source = "git+https://github.com/commonwarexyz/monorepo?rev=468b7a9a40d531bf1cb6f2536bc25abb917ab850#468b7a9a40d531bf1cb6f2536bc25abb917ab850"
+dependencies = [
+ "commonware-actor",
+ "commonware-codec",
+ "commonware-cryptography",
+ "commonware-macros",
+ "commonware-parallel",
+ "commonware-runtime",
+ "commonware-stream",
+ "commonware-utils",
+ "either",
+ "futures",
+ "num-bigint",
+ "num-integer",
+ "num-rational",
+ "num-traits",
+ "rand 0.8.6",
+ "rand_core 0.6.4",
+ "rand_distr",
+ "thiserror",
+ "tracing",
+]
+
+[[package]]
+name = "commonware-parallel"
+version = "2026.4.0"
+source = "git+https://github.com/commonwarexyz/monorepo?rev=468b7a9a40d531bf1cb6f2536bc25abb917ab850#468b7a9a40d531bf1cb6f2536bc25abb917ab850"
+dependencies = [
+ "cfg-if",
+ "commonware-macros",
+ "rayon",
+]
+
+[[package]]
+name = "commonware-resolver"
+version = "2026.4.0"
+source = "git+https://github.com/commonwarexyz/monorepo?rev=468b7a9a40d531bf1cb6f2536bc25abb917ab850#468b7a9a40d531bf1cb6f2536bc25abb917ab850"
+dependencies = [
+ "bytes",
+ "commonware-actor",
+ "commonware-codec",
+ "commonware-cryptography",
+ "commonware-macros",
+ "commonware-p2p",
+ "commonware-runtime",
+ "commonware-stream",
+ "commonware-utils",
+ "futures",
+ "rand 0.8.6",
+ "thiserror",
+ "tracing",
+]
+
+[[package]]
+name = "commonware-runtime"
+version = "2026.4.0"
+source = "git+https://github.com/commonwarexyz/monorepo?rev=468b7a9a40d531bf1cb6f2536bc25abb917ab850#468b7a9a40d531bf1cb6f2536bc25abb917ab850"
+dependencies = [
+ "axum",
+ "bytes",
+ "cfg-if",
+ "commonware-codec",
+ "commonware-cryptography",
+ "commonware-formatting",
+ "commonware-macros",
+ "commonware-parallel",
+ "commonware-runtime-macros",
+ "commonware-utils",
+ "criterion",
+ "crossbeam-utils",
+ "futures",
+ "getrandom 0.2.17",
+ "governor",
+ "libc",
+ "opentelemetry",
+ "opentelemetry-otlp",
+ "opentelemetry_sdk",
+ "prometheus-client",
+ "rand 0.8.6",
+ "rand_core 0.6.4",
+ "rayon",
+ "sha2",
+ "sysinfo",
+ "thiserror",
+ "tokio",
+ "tracing",
+ "tracing-opentelemetry",
+ "tracing-subscriber",
+]
+
+[[package]]
+name = "commonware-runtime-macros"
+version = "2026.4.0"
+source = "git+https://github.com/commonwarexyz/monorepo?rev=468b7a9a40d531bf1cb6f2536bc25abb917ab850#468b7a9a40d531bf1cb6f2536bc25abb917ab850"
+dependencies = [
+ "proc-macro-crate",
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "commonware-storage"
+version = "2026.4.0"
+source = "git+https://github.com/commonwarexyz/monorepo?rev=468b7a9a40d531bf1cb6f2536bc25abb917ab850#468b7a9a40d531bf1cb6f2536bc25abb917ab850"
+dependencies = [
+ "ahash",
+ "anyhow",
+ "bytes",
+ "cfg-if",
+ "commonware-codec",
+ "commonware-cryptography",
+ "commonware-formatting",
+ "commonware-macros",
+ "commonware-parallel",
+ "commonware-runtime",
+ "commonware-utils",
+ "futures",
+ "futures-util",
+ "thiserror",
+ "tracing",
+ "zstd",
+]
+
+[[package]]
+name = "commonware-stream"
+version = "2026.4.0"
+source = "git+https://github.com/commonwarexyz/monorepo?rev=468b7a9a40d531bf1cb6f2536bc25abb917ab850#468b7a9a40d531bf1cb6f2536bc25abb917ab850"
+dependencies = [
+ "chacha20poly1305",
+ "commonware-codec",
+ "commonware-cryptography",
+ "commonware-formatting",
+ "commonware-macros",
+ "commonware-runtime",
+ "commonware-utils",
+ "futures",
+ "rand 0.8.6",
+ "rand_core 0.6.4",
+ "thiserror",
+ "x25519-dalek",
+ "zeroize",
+]
+
+[[package]]
+name = "commonware-utils"
+version = "2026.4.0"
+source = "git+https://github.com/commonwarexyz/monorepo?rev=468b7a9a40d531bf1cb6f2536bc25abb917ab850#468b7a9a40d531bf1cb6f2536bc25abb917ab850"
+dependencies = [
+ "bytes",
+ "cfg-if",
+ "commonware-codec",
+ "commonware-formatting",
+ "commonware-macros",
+ "futures",
+ "getrandom 0.2.17",
+ "hashbrown 0.16.1",
+ "num-bigint",
+ "num-integer",
+ "num-rational",
+ "num-traits",
+ "parking_lot",
+ "pin-project",
+ "rand 0.8.6",
+ "thiserror",
+ "tokio",
+ "zeroize",
+]
+
+[[package]]
+name = "const-hex"
+version = "1.19.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "20d9a563d167a9cce0f94153382b33cb6eded6dfabff03c69ad65a28ea1514e0"
+dependencies = [
+ "cfg-if",
+ "cpufeatures 0.2.17",
+ "proptest",
+ "serde_core",
+]
+
+[[package]]
+name = "const-oid"
+version = "0.9.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"
+
+[[package]]
+name = "constant_time_eq"
+version = "0.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3d52eff69cd5e647efe296129160853a42795992097e8af39800e1060caeea9b"
+
+[[package]]
+name = "cpufeatures"
+version = "0.2.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280"
+dependencies = [
+ "libc",
+]
+
+[[package]]
+name = "cpufeatures"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8b2a41393f66f16b0823bb79094d54ac5fbd34ab292ddafb9a0456ac9f87d201"
+dependencies = [
+ "libc",
+]
+
+[[package]]
+name = "crc-fast"
+version = "1.10.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e75b2483e97a5a7da73ac68a05b629f9c53cff58d8ed1c77866079e18b00dba5"
+dependencies = [
+ "digest",
+ "spin",
+]
+
+[[package]]
+name = "criterion"
+version = "0.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e1c047a62b0cc3e145fa84415a3191f628e980b194c2755aa12300a4e6cbd928"
+dependencies = [
+ "anes",
+ "cast",
+ "ciborium",
+ "clap",
+ "criterion-plot",
+ "itertools 0.13.0",
+ "num-traits",
+ "oorandom",
+ "plotters",
+ "rayon",
+ "regex",
+ "serde",
+ "serde_json",
+ "tinytemplate",
+ "walkdir",
+]
+
+[[package]]
+name = "criterion-plot"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9b1bcc0dc7dfae599d84ad0b1a55f80cde8af3725da8313b528da95ef783e338"
+dependencies = [
+ "cast",
+ "itertools 0.13.0",
+]
+
+[[package]]
+name = "crossbeam-deque"
+version = "0.8.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9dd111b7b7f7d55b72c0a6ae361660ee5853c9af73f70c3c2ef6858b950e2e51"
+dependencies = [
+ "crossbeam-epoch",
+ "crossbeam-utils",
+]
+
+[[package]]
+name = "crossbeam-epoch"
+version = "0.9.18"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e"
+dependencies = [
+ "crossbeam-utils",
+]
+
+[[package]]
+name = "crossbeam-queue"
+version = "0.3.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0f58bbc28f91df819d0aa2a2c00cd19754769c2fad90579b3592b1c9ba7a3115"
+dependencies = [
+ "crossbeam-utils",
+]
+
+[[package]]
+name = "crossbeam-utils"
+version = "0.8.21"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28"
+
+[[package]]
+name = "crunchy"
+version = "0.2.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "460fbee9c2c2f33933d720630a6a0bac33ba7053db5344fac858d4b8952d77d5"
+
+[[package]]
+name = "crypto-bigint"
+version = "0.5.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76"
+dependencies = [
+ "generic-array",
+ "rand_core 0.6.4",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "crypto-common"
+version = "0.1.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "78c8292055d1c1df0cce5d180393dc8cce0abec0a7102adb6c7b1eef6016d60a"
+dependencies = [
+ "generic-array",
+ "rand_core 0.6.4",
+ "typenum",
+]
+
+[[package]]
+name = "ctutils"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "758e5ed90be3c8abff7f9a6f37ab7f6d8c59c2210d448b81f3f508134aec84e4"
+dependencies = [
+ "cmov",
+]
+
+[[package]]
+name = "curve25519-dalek"
+version = "4.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "97fb8b7c4503de7d6ae7b42ab72a5a59857b4c937ec27a3d4539dba95b5ab2be"
+dependencies = [
+ "cfg-if",
+ "cpufeatures 0.2.17",
+ "curve25519-dalek-derive",
+ "digest",
+ "fiat-crypto",
+ "rustc_version",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "curve25519-dalek-derive"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "dashmap"
+version = "6.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e6361d5c062261c78a176addb82d4c821ae42bed6089de0e12603cd25de2059c"
+dependencies = [
+ "cfg-if",
+ "crossbeam-utils",
+ "hashbrown 0.14.5",
+ "lock_api",
+ "once_cell",
+ "parking_lot_core",
+]
+
+[[package]]
+name = "der"
+version = "0.7.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb"
+dependencies = [
+ "const-oid",
+ "zeroize",
+]
+
+[[package]]
+name = "digest"
+version = "0.10.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
+dependencies = [
+ "block-buffer",
+ "const-oid",
+ "crypto-common",
+ "subtle",
+]
+
+[[package]]
+name = "displaydoc"
+version = "0.2.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "dtoa"
+version = "1.0.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4c3cf4824e2d5f025c7b531afcb2325364084a16806f6d47fbc1f5fbd9960590"
+
+[[package]]
+name = "dunce"
+version = "1.0.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813"
+
+[[package]]
+name = "ecdsa"
+version = "0.16.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca"
+dependencies = [
+ "der",
+ "digest",
+ "elliptic-curve",
+ "rfc6979",
+ "signature",
+ "spki",
+]
+
+[[package]]
+name = "either"
+version = "1.15.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719"
+
+[[package]]
+name = "elliptic-curve"
+version = "0.13.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47"
+dependencies = [
+ "base16ct",
+ "crypto-bigint",
+ "digest",
+ "ff",
+ "generic-array",
+ "group",
+ "pkcs8",
+ "rand_core 0.6.4",
+ "sec1",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "equivalent"
+version = "1.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "877a4ace8713b0bcf2a4e7eec82529c029f1d0619886d18145fea96c3ffe5c0f"
+
+[[package]]
+name = "errno"
+version = "0.3.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb"
+dependencies = [
+ "libc",
+ "windows-sys",
+]
+
+[[package]]
+name = "ff"
+version = "0.13.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c0b50bfb653653f9ca9095b427bed08ab8d75a137839d9ad64eb11810d5b6393"
+dependencies = [
+ "rand_core 0.6.4",
+ "subtle",
+]
+
+[[package]]
+name = "fiat-crypto"
+version = "0.2.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d"
+
+[[package]]
+name = "find-msvc-tools"
+version = "0.1.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5baebc0774151f905a1a2cc41989300b1e6fbb29aff0ceffa1064fdd3088d582"
+
+[[package]]
+name = "fixedbitset"
+version = "0.5.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1d674e81391d1e1ab681a28d99df07927c6d4aa5b027d7da16ba32d1d21ecd99"
+
+[[package]]
+name = "foldhash"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "77ce24cb58228fbb8aa041425bb1050850ac19177686ea6e0f41a70416f56fdb"
+
+[[package]]
+name = "form_urlencoded"
+version = "1.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cb4cb245038516f5f85277875cdaa4f7d2c9a0fa0468de06ed190163b1581fcf"
+dependencies = [
+ "percent-encoding",
+]
+
+[[package]]
+name = "fs_extra"
+version = "1.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c"
+
+[[package]]
+name = "futures"
+version = "0.3.32"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8b147ee9d1f6d097cef9ce628cd2ee62288d963e16fb287bd9286455b241382d"
+dependencies = [
+ "futures-channel",
+ "futures-core",
+ "futures-executor",
+ "futures-io",
+ "futures-sink",
+ "futures-task",
+ "futures-util",
+]
+
+[[package]]
+name = "futures-channel"
+version = "0.3.32"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "07bbe89c50d7a535e539b8c17bc0b49bdb77747034daa8087407d655f3f7cc1d"
+dependencies = [
+ "futures-core",
+ "futures-sink",
+]
+
+[[package]]
+name = "futures-core"
+version = "0.3.32"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7e3450815272ef58cec6d564423f6e755e25379b217b0bc688e295ba24df6b1d"
+
+[[package]]
+name = "futures-executor"
+version = "0.3.32"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "baf29c38818342a3b26b5b923639e7b1f4a61fc5e76102d4b1981c6dc7a7579d"
+dependencies = [
+ "futures-core",
+ "futures-task",
+ "futures-util",
+]
+
+[[package]]
+name = "futures-io"
+version = "0.3.32"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cecba35d7ad927e23624b22ad55235f2239cfa44fd10428eecbeba6d6a717718"
+
+[[package]]
+name = "futures-macro"
+version = "0.3.32"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e835b70203e41293343137df5c0664546da5745f82ec9b84d40be8336958447b"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "futures-sink"
+version = "0.3.32"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c39754e157331b013978ec91992bde1ac089843443c49cbc7f46150b0fad0893"
+
+[[package]]
+name = "futures-task"
+version = "0.3.32"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "037711b3d59c33004d3856fbdc83b99d4ff37a24768fa1be9ce3538a1cde4393"
+
+[[package]]
+name = "futures-timer"
+version = "3.0.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f288b0a4f20f9a56b5d1da57e2227c661b7b16168e2f72365f57b63326e29b24"
+
+[[package]]
+name = "futures-util"
+version = "0.3.32"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "389ca41296e6190b48053de0321d02a77f32f8a5d2461dd38762c0593805c6d6"
+dependencies = [
+ "futures-channel",
+ "futures-core",
+ "futures-io",
+ "futures-macro",
+ "futures-sink",
+ "futures-task",
+ "memchr",
+ "pin-project-lite",
+ "slab",
+]
+
+[[package]]
+name = "generic-array"
+version = "0.14.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
+dependencies = [
+ "typenum",
+ "version_check",
+ "zeroize",
+]
+
+[[package]]
+name = "getrandom"
+version = "0.2.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ff2abc00be7fca6ebc474524697ae276ad847ad0a6b3faa4bcb027e9a4614ad0"
+dependencies = [
+ "cfg-if",
+ "js-sys",
+ "libc",
+ "wasi",
+ "wasm-bindgen",
+]
+
+[[package]]
+name = "getrandom"
+version = "0.3.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "899def5c37c4fd7b2664648c28120ecec138e4d395b459e5ca34f9cce2dd77fd"
+dependencies = [
+ "cfg-if",
+ "js-sys",
+ "libc",
+ "r-efi",
+ "wasip2",
+ "wasm-bindgen",
+]
+
+[[package]]
+name = "glob"
+version = "0.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280"
+
+[[package]]
+name = "governor"
+version = "0.10.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9efcab3c1958580ff1f25a2a41be1668f7603d849bb63af523b208a3cc1223b8"
+dependencies = [
+ "cfg-if",
+ "dashmap",
+ "futures-sink",
+ "futures-timer",
+ "futures-util",
+ "getrandom 0.3.4",
+ "hashbrown 0.16.1",
+ "nonzero_ext",
+ "parking_lot",
+ "portable-atomic",
+ "quanta",
+ "rand 0.9.4",
+ "smallvec",
+ "spinning_top",
+ "web-time",
+]
+
+[[package]]
+name = "group"
+version = "0.13.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63"
+dependencies = [
+ "ff",
+ "rand_core 0.6.4",
+ "subtle",
+]
+
+[[package]]
+name = "half"
+version = "2.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6ea2d84b969582b4b1864a92dc5d27cd2b77b622a8d79306834f1be5ba20d84b"
+dependencies = [
+ "cfg-if",
+ "crunchy",
+ "zerocopy",
+]
+
+[[package]]
+name = "hashbrown"
+version = "0.14.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1"
+
+[[package]]
+name = "hashbrown"
+version = "0.16.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "841d1cc9bed7f9236f321df977030373f4a4163ae1a7dbfe1a51a2c1a51d9100"
+dependencies = [
+ "allocator-api2",
+ "equivalent",
+ "foldhash",
+]
+
+[[package]]
+name = "hashbrown"
+version = "0.17.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ed5909b6e89a2db4456e54cd5f673791d7eca6732202bbf2a9cc504fe2f9b84a"
+
+[[package]]
+name = "hermit-abi"
+version = "0.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fc0fef456e4baa96da950455cd02c081ca953b141298e41db3fc7e36b1da849c"
+
+[[package]]
+name = "hex"
+version = "0.4.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
+
+[[package]]
+name = "hmac"
+version = "0.12.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e"
+dependencies = [
+ "digest",
+]
+
+[[package]]
+name = "http"
+version = "1.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e3ba2a386d7f85a81f119ad7498ebe444d2e22c2af0b86b069416ace48b3311a"
+dependencies = [
+ "bytes",
+ "itoa",
+]
+
+[[package]]
+name = "http-body"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1efedce1fb8e6913f23e0c92de8e62cd5b772a67e7b3946df930a62566c93184"
+dependencies = [
+ "bytes",
+ "http",
+]
+
+[[package]]
+name = "http-body-util"
+version = "0.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b021d93e26becf5dc7e1b75b1bed1fd93124b374ceb73f43d4d4eafec896a64a"
+dependencies = [
+ "bytes",
+ "futures-core",
+ "http",
+ "http-body",
+ "pin-project-lite",
+]
+
+[[package]]
+name = "httparse"
+version = "1.10.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6dbf3de79e51f3d586ab4cb9d5c3e2c14aa28ed23d180cf89b4df0454a69cc87"
+
+[[package]]
+name = "httpdate"
+version = "1.0.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9"
+
+[[package]]
+name = "hyper"
+version = "1.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6299f016b246a94207e63da54dbe807655bf9e00044f73ded42c3ac5305fbcca"
+dependencies = [
+ "atomic-waker",
+ "bytes",
+ "futures-channel",
+ "futures-core",
+ "http",
+ "http-body",
+ "httparse",
+ "httpdate",
+ "itoa",
+ "pin-project-lite",
+ "smallvec",
+ "tokio",
+ "want",
+]
+
+[[package]]
+name = "hyper-util"
+version = "0.1.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "96547c2556ec9d12fb1578c4eaf448b04993e7fb79cbaad930a656880a6bdfa0"
+dependencies = [
+ "base64",
+ "bytes",
+ "futures-channel",
+ "futures-util",
+ "http",
+ "http-body",
+ "hyper",
+ "ipnet",
+ "libc",
+ "percent-encoding",
+ "pin-project-lite",
+ "socket2",
+ "tokio",
+ "tower-service",
+ "tracing",
+]
+
+[[package]]
+name = "icu_collections"
+version = "2.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2984d1cd16c883d7935b9e07e44071dca8d917fd52ecc02c04d5fa0b5a3f191c"
+dependencies = [
+ "displaydoc",
+ "potential_utf",
+ "utf8_iter",
+ "yoke",
+ "zerofrom",
+ "zerovec",
+]
+
+[[package]]
+name = "icu_locale_core"
+version = "2.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "92219b62b3e2b4d88ac5119f8904c10f8f61bf7e95b640d25ba3075e6cac2c29"
+dependencies = [
+ "displaydoc",
+ "litemap",
+ "tinystr",
+ "writeable",
+ "zerovec",
+]
+
+[[package]]
+name = "icu_normalizer"
+version = "2.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c56e5ee99d6e3d33bd91c5d85458b6005a22140021cc324cea84dd0e72cff3b4"
+dependencies = [
+ "icu_collections",
+ "icu_normalizer_data",
+ "icu_properties",
+ "icu_provider",
+ "smallvec",
+ "zerovec",
+]
+
+[[package]]
+name = "icu_normalizer_data"
+version = "2.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "da3be0ae77ea334f4da67c12f149704f19f81d1adf7c51cf482943e84a2bad38"
+
+[[package]]
+name = "icu_properties"
+version = "2.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bee3b67d0ea5c2cca5003417989af8996f8604e34fb9ddf96208a033901e70de"
+dependencies = [
+ "icu_collections",
+ "icu_locale_core",
+ "icu_properties_data",
+ "icu_provider",
+ "zerotrie",
+ "zerovec",
+]
+
+[[package]]
+name = "icu_properties_data"
+version = "2.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8e2bbb201e0c04f7b4b3e14382af113e17ba4f63e2c9d2ee626b720cbce54a14"
+
+[[package]]
+name = "icu_provider"
+version = "2.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "139c4cf31c8b5f33d7e199446eff9c1e02decfc2f0eec2c8d71f65befa45b421"
+dependencies = [
+ "displaydoc",
+ "icu_locale_core",
+ "writeable",
+ "yoke",
+ "zerofrom",
+ "zerotrie",
+ "zerovec",
+]
+
+[[package]]
+name = "idna"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3b0875f23caa03898994f6ddc501886a45c7d3d62d04d2d90788d47be1b1e4de"
+dependencies = [
+ "idna_adapter",
+ "smallvec",
+ "utf8_iter",
+]
+
+[[package]]
+name = "idna_adapter"
+version = "1.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cb68373c0d6620ef8105e855e7745e18b0d00d3bdb07fb532e434244cdb9a714"
+dependencies = [
+ "icu_normalizer",
+ "icu_properties",
+]
+
+[[package]]
+name = "indexmap"
+version = "2.14.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d466e9454f08e4a911e14806c24e16fba1b4c121d1ea474396f396069cf949d9"
+dependencies = [
+ "equivalent",
+ "hashbrown 0.17.1",
+]
+
+[[package]]
+name = "inout"
+version = "0.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "879f10e63c20629ecabbb64a8010319738c66a5cd0c29b02d63d272b03751d01"
+dependencies = [
+ "generic-array",
+]
+
+[[package]]
+name = "ipnet"
+version = "2.12.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d98f6fed1fde3f8c21bc40a1abb88dd75e67924f9cffc3ef95607bad8017f8e2"
+
+[[package]]
+name = "itertools"
+version = "0.13.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "413ee7dfc52ee1a4949ceeb7dbc8a33f2d6c088194d9f922fb8318faf1f01186"
+dependencies = [
+ "either",
+]
+
+[[package]]
+name = "itertools"
+version = "0.14.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2b192c782037fadd9cfa75548310488aabdbf3d2da73885b31bd0abd03351285"
+dependencies = [
+ "either",
+]
+
+[[package]]
+name = "itoa"
+version = "1.0.18"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8f42a60cbdf9a97f5d2305f08a87dc4e09308d1276d28c869c684d7777685682"
+
+[[package]]
+name = "jobserver"
+version = "0.1.34"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9afb3de4395d6b3e67a780b6de64b51c978ecf11cb9a462c66be7d4ca9039d33"
+dependencies = [
+ "getrandom 0.3.4",
+ "libc",
+]
+
+[[package]]
+name = "js-sys"
+version = "0.3.98"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "67df7112613f8bfd9150013a0314e196f4800d3201ae742489d999db2f979f08"
+dependencies = [
+ "cfg-if",
+ "futures-util",
+ "once_cell",
+ "wasm-bindgen",
+]
+
+[[package]]
+name = "k256"
+version = "0.13.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f6e3919bbaa2945715f0bb6d3934a173d1e9a59ac23767fbaaef277265a7411b"
+dependencies = [
+ "cfg-if",
+ "ecdsa",
+ "elliptic-curve",
+ "once_cell",
+ "sha2",
+ "signature",
+]
+
+[[package]]
+name = "keccak"
+version = "0.1.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cb26cec98cce3a3d96cbb7bced3c4b16e3d13f27ec56dbd62cbc8f39cfb9d653"
+dependencies = [
+ "cpufeatures 0.2.17",
+]
+
+[[package]]
+name = "lazy_static"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe"
+
+[[package]]
+name = "libc"
+version = "0.2.186"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "68ab91017fe16c622486840e4c83c9a37afeff978bd239b5293d61ece587de66"
+
+[[package]]
+name = "libm"
+version = "0.2.16"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b6d2cec3eae94f9f509c767b45932f1ada8350c4bdb85af2fcab4a3c14807981"
+
+[[package]]
+name = "litemap"
+version = "0.8.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "92daf443525c4cce67b150400bc2316076100ce0b3686209eb8cf3c31612e6f0"
+
+[[package]]
+name = "lock_api"
+version = "0.4.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "224399e74b87b5f3557511d98dff8b14089b3dadafcab6bb93eab67d3aace965"
+dependencies = [
+ "scopeguard",
+]
+
+[[package]]
+name = "log"
+version = "0.4.29"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897"
+
+[[package]]
+name = "matchers"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d1525a2a28c7f4fa0fc98bb91ae755d1e2d1505079e05539e35bc876b5d65ae9"
+dependencies = [
+ "regex-automata",
+]
+
+[[package]]
+name = "matchit"
+version = "0.8.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "47e1ffaa40ddd1f3ed91f717a33c8c0ee23fff369e3aa8772b9605cc1d22f4c3"
+
+[[package]]
+name = "memchr"
+version = "2.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79"
+
+[[package]]
+name = "mime"
+version = "0.3.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a"
+
+[[package]]
+name = "mio"
+version = "1.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "50b7e5b27aa02a74bac8c3f23f448f8d87ff11f92d3aac1a6ed369ee08cc56c1"
+dependencies = [
+ "libc",
+ "wasi",
+ "windows-sys",
+]
+
+[[package]]
+name = "nonzero_ext"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "38bf9645c8b145698bb0b18a4637dcacbc421ea49bef2317e4fd8065a387cf21"
+
+[[package]]
+name = "ntapi"
+version = "0.4.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c3b335231dfd352ffb0f8017f3b6027a4917f7df785ea2143d8af2adc66980ae"
+dependencies = [
+ "winapi",
+]
+
+[[package]]
+name = "nu-ansi-term"
+version = "0.50.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7957b9740744892f114936ab4a57b3f487491bbeafaf8083688b16841a4240e5"
+dependencies = [
+ "windows-sys",
+]
+
+[[package]]
+name = "num-bigint"
+version = "0.4.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a5e44f723f1133c9deac646763579fdb3ac745e418f2a7af9cd0c431da1f20b9"
+dependencies = [
+ "num-integer",
+ "num-traits",
+]
+
+[[package]]
+name = "num-integer"
+version = "0.1.46"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f"
+dependencies = [
+ "num-traits",
+]
+
+[[package]]
+name = "num-rational"
+version = "0.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f83d14da390562dca69fc84082e73e548e1ad308d24accdedd2720017cb37824"
+dependencies = [
+ "num-bigint",
+ "num-integer",
+ "num-traits",
+]
+
+[[package]]
+name = "num-traits"
+version = "0.2.19"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841"
+dependencies = [
+ "autocfg",
+ "libm",
+]
+
+[[package]]
+name = "num_cpus"
+version = "1.17.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "91df4bbde75afed763b708b7eee1e8e7651e02d97f6d5dd763e89367e957b23b"
+dependencies = [
+ "hermit-abi",
+ "libc",
+]
+
+[[package]]
+name = "objc2-core-foundation"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2a180dd8642fa45cdb7dd721cd4c11b1cadd4929ce112ebd8b9f5803cc79d536"
+dependencies = [
+ "bitflags",
+]
+
+[[package]]
+name = "objc2-io-kit"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "33fafba39597d6dc1fb709123dfa8289d39406734be322956a69f0931c73bb15"
+dependencies = [
+ "libc",
+ "objc2-core-foundation",
+]
+
+[[package]]
+name = "once_cell"
+version = "1.21.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9f7c3e4beb33f85d45ae3e3a1792185706c8e16d043238c593331cc7cd313b50"
+
+[[package]]
+name = "oorandom"
+version = "11.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d6790f58c7ff633d8771f42965289203411a5e5c68388703c06e14f24770b41e"
+
+[[package]]
+name = "op-batcher-consensus-sidecar"
+version = "0.1.0"
+dependencies = [
+ "anyhow",
+ "commonware-actor",
+ "commonware-codec",
+ "commonware-consensus",
+ "commonware-cryptography",
+ "commonware-p2p",
+ "commonware-parallel",
+ "commonware-runtime",
+ "commonware-utils",
+ "hex",
+ "k256",
+ "serde",
+ "serde_json",
+ "sha3",
+]
+
+[[package]]
+name = "opaque-debug"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381"
+
+[[package]]
+name = "opentelemetry"
+version = "0.31.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b84bcd6ae87133e903af7ef497404dda70c60d0ea14895fc8a5e6722754fc2a0"
+dependencies = [
+ "futures-core",
+ "futures-sink",
+ "js-sys",
+ "pin-project-lite",
+ "thiserror",
+ "tracing",
+]
+
+[[package]]
+name = "opentelemetry-http"
+version = "0.31.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d7a6d09a73194e6b66df7c8f1b680f156d916a1a942abf2de06823dd02b7855d"
+dependencies = [
+ "async-trait",
+ "bytes",
+ "http",
+ "opentelemetry",
+ "reqwest",
+]
+
+[[package]]
+name = "opentelemetry-otlp"
+version = "0.31.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1f69cd6acbb9af919df949cd1ec9e5e7fdc2ef15d234b6b795aaa525cc02f71f"
+dependencies = [
+ "http",
+ "opentelemetry",
+ "opentelemetry-http",
+ "opentelemetry-proto",
+ "opentelemetry_sdk",
+ "prost",
+ "reqwest",
+ "thiserror",
+ "tracing",
+]
+
+[[package]]
+name = "opentelemetry-proto"
+version = "0.31.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a7175df06de5eaee9909d4805a3d07e28bb752c34cab57fa9cff549da596b30f"
+dependencies = [
+ "opentelemetry",
+ "opentelemetry_sdk",
+ "prost",
+ "tonic",
+ "tonic-prost",
+]
+
+[[package]]
+name = "opentelemetry_sdk"
+version = "0.31.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e14ae4f5991976fd48df6d843de219ca6d31b01daaab2dad5af2badeded372bd"
+dependencies = [
+ "futures-channel",
+ "futures-executor",
+ "futures-util",
+ "opentelemetry",
+ "percent-encoding",
+ "rand 0.9.4",
+ "thiserror",
+ "tokio",
+ "tokio-stream",
+]
+
+[[package]]
+name = "p256"
+version = "0.13.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b"
+dependencies = [
+ "ecdsa",
+ "elliptic-curve",
+ "primeorder",
+ "sha2",
+]
+
+[[package]]
+name = "parking_lot"
+version = "0.12.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "93857453250e3077bd71ff98b6a65ea6621a19bb0f559a85248955ac12c45a1a"
+dependencies = [
+ "lock_api",
+ "parking_lot_core",
+]
+
+[[package]]
+name = "parking_lot_core"
+version = "0.9.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2621685985a2ebf1c516881c026032ac7deafcda1a2c9b7850dc81e3dfcb64c1"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "redox_syscall",
+ "smallvec",
+ "windows-link 0.2.1",
+]
+
+[[package]]
+name = "paste"
+version = "1.0.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a"
+
+[[package]]
+name = "percent-encoding"
+version = "2.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9b4f627cb1b25917193a259e49bdad08f671f8d9708acfd5fe0a8c1455d87220"
+
+[[package]]
+name = "pin-project"
+version = "1.1.13"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2466b2336ed02bcdca6b294417127b90ec92038d1d5c4fbeac971a922e0e0924"
+dependencies = [
+ "pin-project-internal",
+]
+
+[[package]]
+name = "pin-project-internal"
+version = "1.1.13"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c96395f0a926bc13b1c17622aaddda1ecb55d49c8f1bf9777e4d877800a43f8b"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "pin-project-lite"
+version = "0.2.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a89322df9ebe1c1578d689c92318e070967d1042b512afbe49518723f4e6d5cd"
+
+[[package]]
+name = "pkcs8"
+version = "0.10.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7"
+dependencies = [
+ "der",
+ "spki",
+]
+
+[[package]]
+name = "pkg-config"
+version = "0.3.33"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "19f132c84eca552bf34cab8ec81f1c1dcc229b811638f9d283dceabe58c5569e"
+
+[[package]]
+name = "plotters"
+version = "0.3.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5aeb6f403d7a4911efb1e33402027fc44f29b5bf6def3effcc22d7bb75f2b747"
+dependencies = [
+ "num-traits",
+ "plotters-backend",
+ "plotters-svg",
+ "wasm-bindgen",
+ "web-sys",
+]
+
+[[package]]
+name = "plotters-backend"
+version = "0.3.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "df42e13c12958a16b3f7f4386b9ab1f3e7933914ecea48da7139435263a4172a"
+
+[[package]]
+name = "plotters-svg"
+version = "0.3.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "51bae2ac328883f7acdfea3d66a7c35751187f870bc81f94563733a154d7a670"
+dependencies = [
+ "plotters-backend",
+]
+
+[[package]]
+name = "poly1305"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8159bd90725d2df49889a078b54f4f79e87f1f8a8444194cdca81d38f5393abf"
+dependencies = [
+ "cpufeatures 0.2.17",
+ "opaque-debug",
+ "universal-hash",
+]
+
+[[package]]
+name = "portable-atomic"
+version = "1.13.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c33a9471896f1c69cecef8d20cbe2f7accd12527ce60845ff44c153bb2a21b49"
+
+[[package]]
+name = "potential_utf"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0103b1cef7ec0cf76490e969665504990193874ea05c85ff9bab8b911d0a0564"
+dependencies = [
+ "zerovec",
+]
+
+[[package]]
+name = "ppv-lite86"
+version = "0.2.21"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9"
+dependencies = [
+ "zerocopy",
+]
+
+[[package]]
+name = "primeorder"
+version = "0.13.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "353e1ca18966c16d9deb1c69278edbc5f194139612772bd9537af60ac231e1e6"
+dependencies = [
+ "elliptic-curve",
+]
+
+[[package]]
+name = "proc-macro-crate"
+version = "3.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e67ba7e9b2b56446f1d419b1d807906278ffa1a658a8a5d8a39dcb1f5a78614f"
+dependencies = [
+ "toml_edit",
+]
+
+[[package]]
+name = "proc-macro2"
+version = "1.0.106"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8fd00f0bb2e90d81d1044c2b32617f68fcb9fa3bb7640c23e9c748e53fb30934"
+dependencies = [
+ "unicode-ident",
+]
+
+[[package]]
+name = "prometheus-client"
+version = "0.24.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cca3d75b4566b9a29fe1ed623587fb058e826eb329a0be4b7c4da1ebb2d7a6ca"
+dependencies = [
+ "dtoa",
+ "itoa",
+ "parking_lot",
+ "prometheus-client-derive-encode",
+]
+
+[[package]]
+name = "prometheus-client-derive-encode"
+version = "0.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9adf1691c04c0a5ff46ff8f262b58beb07b0dbb61f96f9f54f6cbd82106ed87f"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "proptest"
+version = "1.11.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4b45fcc2344c680f5025fe57779faef368840d0bd1f42f216291f0dc4ace4744"
+dependencies = [
+ "bitflags",
+ "num-traits",
+ "rand 0.9.4",
+ "rand_chacha 0.9.0",
+ "rand_xorshift",
+ "regex-syntax",
+ "unarray",
+]
+
+[[package]]
+name = "prost"
+version = "0.14.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d2ea70524a2f82d518bce41317d0fae74151505651af45faf1ffbd6fd33f0568"
+dependencies = [
+ "bytes",
+ "prost-derive",
+]
+
+[[package]]
+name = "prost-derive"
+version = "0.14.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "27c6023962132f4b30eb4c172c91ce92d933da334c59c23cddee82358ddafb0b"
+dependencies = [
+ "anyhow",
+ "itertools 0.14.0",
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "quanta"
+version = "0.12.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f3ab5a9d756f0d97bdc89019bd2e4ea098cf9cde50ee7564dde6b81ccc8f06c7"
+dependencies = [
+ "crossbeam-utils",
+ "libc",
+ "once_cell",
+ "raw-cpuid",
+ "wasi",
+ "web-sys",
+ "winapi",
+]
+
+[[package]]
+name = "quote"
+version = "1.0.45"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "41f2619966050689382d2b44f664f4bc593e129785a36d6ee376ddf37259b924"
+dependencies = [
+ "proc-macro2",
+]
+
+[[package]]
+name = "r-efi"
+version = "5.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f"
+
+[[package]]
+name = "rand"
+version = "0.8.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5ca0ecfa931c29007047d1bc58e623ab12e5590e8c7cc53200d5202b69266d8a"
+dependencies = [
+ "libc",
+ "rand_chacha 0.3.1",
+ "rand_core 0.6.4",
+]
+
+[[package]]
+name = "rand"
+version = "0.9.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "44c5af06bb1b7d3216d91932aed5265164bf384dc89cd6ba05cf59a35f5f76ea"
+dependencies = [
+ "rand_chacha 0.9.0",
+ "rand_core 0.9.5",
+]
+
+[[package]]
+name = "rand_chacha"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
+dependencies = [
+ "ppv-lite86",
+ "rand_core 0.6.4",
+]
+
+[[package]]
+name = "rand_chacha"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb"
+dependencies = [
+ "ppv-lite86",
+ "rand_core 0.9.5",
+]
+
+[[package]]
+name = "rand_core"
+version = "0.6.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
+dependencies = [
+ "getrandom 0.2.17",
+]
+
+[[package]]
+name = "rand_core"
+version = "0.9.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "76afc826de14238e6e8c374ddcc1fa19e374fd8dd986b0d2af0d02377261d83c"
+dependencies = [
+ "getrandom 0.3.4",
+]
+
+[[package]]
+name = "rand_distr"
+version = "0.4.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "32cb0b9bc82b0a0876c2dd994a7e7a2683d3e7390ca40e6886785ef0c7e3ee31"
+dependencies = [
+ "num-traits",
+ "rand 0.8.6",
+]
+
+[[package]]
+name = "rand_xorshift"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "513962919efc330f829edb2535844d1b912b0fbe2ca165d613e4e8788bb05a5a"
+dependencies = [
+ "rand_core 0.9.5",
+]
+
+[[package]]
+name = "raw-cpuid"
+version = "11.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "498cd0dc59d73224351ee52a95fee0f1a617a2eae0e7d9d720cc622c73a54186"
+dependencies = [
+ "bitflags",
+]
+
+[[package]]
+name = "rayon"
+version = "1.12.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fb39b166781f92d482534ef4b4b1b2568f42613b53e5b6c160e24cfbfa30926d"
+dependencies = [
+ "either",
+ "rayon-core",
+]
+
+[[package]]
+name = "rayon-core"
+version = "1.13.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "22e18b0f0062d30d4230b2e85ff77fdfe4326feb054b9783a3460d8435c8ab91"
+dependencies = [
+ "crossbeam-deque",
+ "crossbeam-utils",
+]
+
+[[package]]
+name = "readme-rustdocifier"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "08ad765b21a08b1a8e5cdce052719188a23772bcbefb3c439f0baaf62c56ceac"
+
+[[package]]
+name = "redox_syscall"
+version = "0.5.18"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ed2bf2547551a7053d6fdfafda3f938979645c44812fbfcda098faae3f1a362d"
+dependencies = [
+ "bitflags",
+]
+
+[[package]]
+name = "reed-solomon-simd"
+version = "3.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cffef0520d30fbd4151fb20e262947ae47fb0ab276a744a19b6398438105a072"
+dependencies = [
+ "cpufeatures 0.2.17",
+ "fixedbitset",
+ "once_cell",
+ "readme-rustdocifier",
+]
+
+[[package]]
+name = "regex"
+version = "1.12.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e10754a14b9137dd7b1e3e5b0493cc9171fdd105e0ab477f51b72e7f3ac0e276"
+dependencies = [
+ "aho-corasick",
+ "memchr",
+ "regex-automata",
+ "regex-syntax",
+]
+
+[[package]]
+name = "regex-automata"
+version = "0.4.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6e1dd4122fc1595e8162618945476892eefca7b88c52820e74af6262213cae8f"
+dependencies = [
+ "aho-corasick",
+ "memchr",
+ "regex-syntax",
+]
+
+[[package]]
+name = "regex-syntax"
+version = "0.8.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dc897dd8d9e8bd1ed8cdad82b5966c3e0ecae09fb1907d58efaa013543185d0a"
+
+[[package]]
+name = "reqwest"
+version = "0.12.28"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "eddd3ca559203180a307f12d114c268abf583f59b03cb906fd0b3ff8646c1147"
+dependencies = [
+ "base64",
+ "bytes",
+ "futures-channel",
+ "futures-core",
+ "futures-util",
+ "http",
+ "http-body",
+ "http-body-util",
+ "hyper",
+ "hyper-util",
+ "js-sys",
+ "log",
+ "percent-encoding",
+ "pin-project-lite",
+ "serde",
+ "serde_json",
+ "serde_urlencoded",
+ "sync_wrapper",
+ "tokio",
+ "tower",
+ "tower-http",
+ "tower-service",
+ "url",
+ "wasm-bindgen",
+ "wasm-bindgen-futures",
+ "web-sys",
+]
+
+[[package]]
+name = "rfc6979"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2"
+dependencies = [
+ "hmac",
+ "subtle",
+]
+
+[[package]]
+name = "rustc_version"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92"
+dependencies = [
+ "semver",
+]
+
+[[package]]
+name = "rustversion"
+version = "1.0.22"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b39cdef0fa800fc44525c84ccb54a029961a8215f9619753635a9c0d2538d46d"
+
+[[package]]
+name = "ryu"
+version = "1.0.23"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9774ba4a74de5f7b1c1451ed6cd5285a32eddb5cccb8cc655a4e50009e06477f"
+
+[[package]]
+name = "same-file"
+version = "1.0.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502"
+dependencies = [
+ "winapi-util",
+]
+
+[[package]]
+name = "scopeguard"
+version = "1.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
+
+[[package]]
+name = "sec1"
+version = "0.7.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc"
+dependencies = [
+ "base16ct",
+ "der",
+ "generic-array",
+ "pkcs8",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "semver"
+version = "1.0.28"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8a7852d02fc848982e0c167ef163aaff9cd91dc640ba85e263cb1ce46fae51cd"
+
+[[package]]
+name = "serde"
+version = "1.0.228"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e"
+dependencies = [
+ "serde_core",
+ "serde_derive",
+]
+
+[[package]]
+name = "serde_core"
+version = "1.0.228"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad"
+dependencies = [
+ "serde_derive",
+]
+
+[[package]]
+name = "serde_derive"
+version = "1.0.228"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "serde_json"
+version = "1.0.149"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "83fc039473c5595ace860d8c4fafa220ff474b3fc6bfdb4293327f1a37e94d86"
+dependencies = [
+ "itoa",
+ "memchr",
+ "serde",
+ "serde_core",
+ "zmij",
+]
+
+[[package]]
+name = "serde_path_to_error"
+version = "0.1.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "10a9ff822e371bb5403e391ecd83e182e0e77ba7f6fe0160b795797109d1b457"
+dependencies = [
+ "itoa",
+ "serde",
+ "serde_core",
+]
+
+[[package]]
+name = "serde_spanned"
+version = "1.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6662b5879511e06e8999a8a235d848113e942c9124f211511b16466ee2995f26"
+dependencies = [
+ "serde_core",
+]
+
+[[package]]
+name = "serde_urlencoded"
+version = "0.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd"
+dependencies = [
+ "form_urlencoded",
+ "itoa",
+ "ryu",
+ "serde",
+]
+
+[[package]]
+name = "sha2"
+version = "0.10.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283"
+dependencies = [
+ "cfg-if",
+ "cpufeatures 0.2.17",
+ "digest",
+]
+
+[[package]]
+name = "sha3"
+version = "0.10.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "77fd7028345d415a4034cf8777cd4f8ab1851274233b45f84e3d955502d93874"
+dependencies = [
+ "digest",
+ "keccak",
+]
+
+[[package]]
+name = "sharded-slab"
+version = "0.1.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f40ca3c46823713e0d4209592e8d6e826aa57e928f09752619fc696c499637f6"
+dependencies = [
+ "lazy_static",
+]
+
+[[package]]
+name = "shlex"
+version = "1.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
+
+[[package]]
+name = "signal-hook-registry"
+version = "1.4.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c4db69cba1110affc0e9f7bcd48bbf87b3f4fc7c61fc9155afd4c469eb3d6c1b"
+dependencies = [
+ "errno",
+ "libc",
+]
+
+[[package]]
+name = "signature"
+version = "2.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de"
+dependencies = [
+ "digest",
+ "rand_core 0.6.4",
+]
+
+[[package]]
+name = "slab"
+version = "0.4.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0c790de23124f9ab44544d7ac05d60440adc586479ce501c1d6d7da3cd8c9cf5"
+
+[[package]]
+name = "smallvec"
+version = "1.15.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03"
+
+[[package]]
+name = "socket2"
+version = "0.6.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3a766e1110788c36f4fa1c2b71b387a7815aa65f88ce0229841826633d93723e"
+dependencies = [
+ "libc",
+ "windows-sys",
+]
+
+[[package]]
+name = "spin"
+version = "0.10.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d5fe4ccb98d9c292d56fec89a5e07da7fc4cf0dc11e156b41793132775d3e591"
+
+[[package]]
+name = "spinning_top"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d96d2d1d716fb500937168cc09353ffdc7a012be8475ac7308e1bdf0e3923300"
+dependencies = [
+ "lock_api",
+]
+
+[[package]]
+name = "spki"
+version = "0.7.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d"
+dependencies = [
+ "base64ct",
+ "der",
+]
+
+[[package]]
+name = "stable_deref_trait"
+version = "1.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6ce2be8dc25455e1f91df71bfa12ad37d7af1092ae736f3a6cd0e37bc7810596"
+
+[[package]]
+name = "subtle"
+version = "2.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
+
+[[package]]
+name = "syn"
+version = "2.0.117"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e665b8803e7b1d2a727f4023456bbbbe74da67099c585258af0ad9c5013b9b99"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-ident",
+]
+
+[[package]]
+name = "sync_wrapper"
+version = "1.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0bf256ce5efdfa370213c1dabab5935a12e49f2c58d15e9eac2870d3b4f27263"
+dependencies = [
+ "futures-core",
+]
+
+[[package]]
+name = "synstructure"
+version = "0.13.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "728a70f3dbaf5bab7f0c4b1ac8d7ae5ea60a4b5549c8a5914361c99147a709d2"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "sysinfo"
+version = "0.37.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "16607d5caffd1c07ce073528f9ed972d88db15dd44023fa57142963be3feb11f"
+dependencies = [
+ "libc",
+ "memchr",
+ "ntapi",
+ "objc2-core-foundation",
+ "objc2-io-kit",
+ "windows",
+]
+
+[[package]]
+name = "thiserror"
+version = "2.0.18"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4288b5bcbc7920c07a1149a35cf9590a2aa808e0bc1eafaade0b80947865fbc4"
+dependencies = [
+ "thiserror-impl",
+]
+
+[[package]]
+name = "thiserror-impl"
+version = "2.0.18"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ebc4ee7f67670e9b64d05fa4253e753e016c6c95ff35b89b7941d6b856dec1d5"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "thread_local"
+version = "1.1.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f60246a4944f24f6e018aa17cdeffb7818b76356965d03b07d6a9886e8962185"
+dependencies = [
+ "cfg-if",
+]
+
+[[package]]
+name = "threadpool"
+version = "1.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d050e60b33d41c19108b32cea32164033a9013fe3b46cbd4457559bfbf77afaa"
+dependencies = [
+ "num_cpus",
+]
+
+[[package]]
+name = "tinystr"
+version = "0.8.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c8323304221c2a851516f22236c5722a72eaa19749016521d6dff0824447d96d"
+dependencies = [
+ "displaydoc",
+ "zerovec",
+]
+
+[[package]]
+name = "tinytemplate"
+version = "1.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "be4d6b5f19ff7664e8c98d03e2139cb510db9b0a60b55f8e8709b689d939b6bc"
+dependencies = [
+ "serde",
+ "serde_json",
+]
+
+[[package]]
+name = "tokio"
+version = "1.52.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8fc7f01b389ac15039e4dc9531aa973a135d7a4135281b12d7c1bc79fd57fffe"
+dependencies = [
+ "bytes",
+ "libc",
+ "mio",
+ "parking_lot",
+ "pin-project-lite",
+ "signal-hook-registry",
+ "socket2",
+ "tokio-macros",
+ "windows-sys",
+]
+
+[[package]]
+name = "tokio-macros"
+version = "2.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "385a6cb71ab9ab790c5fe8d67f1645e6c450a7ce006a33de03daa956cf70a496"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "tokio-stream"
+version = "0.1.18"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "32da49809aab5c3bc678af03902d4ccddea2a87d028d86392a4b1560c6906c70"
+dependencies = [
+ "futures-core",
+ "pin-project-lite",
+ "tokio",
+]
+
+[[package]]
+name = "toml"
+version = "0.9.12+spec-1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cf92845e79fc2e2def6a5d828f0801e29a2f8acc037becc5ab08595c7d5e9863"
+dependencies = [
+ "indexmap",
+ "serde_core",
+ "serde_spanned",
+ "toml_datetime 0.7.5+spec-1.1.0",
+ "toml_parser",
+ "toml_writer",
+ "winnow 0.7.15",
+]
+
+[[package]]
+name = "toml_datetime"
+version = "0.7.5+spec-1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "92e1cfed4a3038bc5a127e35a2d360f145e1f4b971b551a2ba5fd7aedf7e1347"
+dependencies = [
+ "serde_core",
+]
+
+[[package]]
+name = "toml_datetime"
+version = "1.1.1+spec-1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3165f65f62e28e0115a00b2ebdd37eb6f3b641855f9d636d3cd4103767159ad7"
+dependencies = [
+ "serde_core",
+]
+
+[[package]]
+name = "toml_edit"
+version = "0.25.11+spec-1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0b59c4d22ed448339746c59b905d24568fcbb3ab65a500494f7b8c3e97739f2b"
+dependencies = [
+ "indexmap",
+ "toml_datetime 1.1.1+spec-1.1.0",
+ "toml_parser",
+ "winnow 1.0.3",
+]
+
+[[package]]
+name = "toml_parser"
+version = "1.1.2+spec-1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a2abe9b86193656635d2411dc43050282ca48aa31c2451210f4202550afb7526"
+dependencies = [
+ "winnow 1.0.3",
+]
+
+[[package]]
+name = "toml_writer"
+version = "1.1.1+spec-1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "756daf9b1013ebe47a8776667b466417e2d4c5679d441c26230efd9ef78692db"
+
+[[package]]
+name = "tonic"
+version = "0.14.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ac2a5518c70fa84342385732db33fb3f44bc4cc748936eb5833d2df34d6445ef"
+dependencies = [
+ "async-trait",
+ "base64",
+ "bytes",
+ "http",
+ "http-body",
+ "http-body-util",
+ "percent-encoding",
+ "pin-project",
+ "sync_wrapper",
+ "tokio-stream",
+ "tower-layer",
+ "tower-service",
+ "tracing",
+]
+
+[[package]]
+name = "tonic-prost"
+version = "0.14.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "50849f68853be452acf590cde0b146665b8d507b3b8af17261df47e02c209ea0"
+dependencies = [
+ "bytes",
+ "prost",
+ "tonic",
+]
+
+[[package]]
+name = "tower"
+version = "0.5.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ebe5ef63511595f1344e2d5cfa636d973292adc0eec1f0ad45fae9f0851ab1d4"
+dependencies = [
+ "futures-core",
+ "futures-util",
+ "pin-project-lite",
+ "sync_wrapper",
+ "tokio",
+ "tower-layer",
+ "tower-service",
+ "tracing",
+]
+
+[[package]]
+name = "tower-http"
+version = "0.6.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4cfcf7e2740e6fc6d4d688b4ef00650406bb94adf4731e43c096c3a19fe40840"
+dependencies = [
+ "bitflags",
+ "bytes",
+ "futures-util",
+ "http",
+ "http-body",
+ "pin-project-lite",
+ "tower",
+ "tower-layer",
+ "tower-service",
+ "url",
+]
+
+[[package]]
+name = "tower-layer"
+version = "0.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "121c2a6cda46980bb0fcd1647ffaf6cd3fc79a013de288782836f6df9c48780e"
+
+[[package]]
+name = "tower-service"
+version = "0.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3"
+
+[[package]]
+name = "tracing"
+version = "0.1.44"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "63e71662fa4b2a2c3a26f570f037eb95bb1f85397f3cd8076caed2f026a6d100"
+dependencies = [
+ "log",
+ "pin-project-lite",
+ "tracing-attributes",
+ "tracing-core",
+]
+
+[[package]]
+name = "tracing-attributes"
+version = "0.1.31"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7490cfa5ec963746568740651ac6781f701c9c5ea257c58e057f3ba8cf69e8da"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "tracing-core"
+version = "0.1.36"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "db97caf9d906fbde555dd62fa95ddba9eecfd14cb388e4f491a66d74cd5fb79a"
+dependencies = [
+ "once_cell",
+ "valuable",
+]
+
+[[package]]
+name = "tracing-log"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ee855f1f400bd0e5c02d150ae5de3840039a3f54b025156404e34c23c03f47c3"
+dependencies = [
+ "log",
+ "once_cell",
+ "tracing-core",
+]
+
+[[package]]
+name = "tracing-opentelemetry"
+version = "0.32.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1ac28f2d093c6c477eaa76b23525478f38de514fa9aeb1285738d4b97a9552fc"
+dependencies = [
+ "js-sys",
+ "opentelemetry",
+ "smallvec",
+ "tracing",
+ "tracing-core",
+ "tracing-log",
+ "tracing-subscriber",
+ "web-time",
+]
+
+[[package]]
+name = "tracing-serde"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "704b1aeb7be0d0a84fc9828cae51dab5970fee5088f83d1dd7ee6f6246fc6ff1"
+dependencies = [
+ "serde",
+ "tracing-core",
+]
+
+[[package]]
+name = "tracing-subscriber"
+version = "0.3.23"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cb7f578e5945fb242538965c2d0b04418d38ec25c79d160cd279bf0731c8d319"
+dependencies = [
+ "matchers",
+ "nu-ansi-term",
+ "once_cell",
+ "regex-automata",
+ "serde",
+ "serde_json",
+ "sharded-slab",
+ "smallvec",
+ "thread_local",
+ "tracing",
+ "tracing-core",
+ "tracing-log",
+ "tracing-serde",
+]
+
+[[package]]
+name = "try-lock"
+version = "0.2.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b"
+
+[[package]]
+name = "typenum"
+version = "1.20.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "40ce102ab67701b8526c123c1bab5cbe42d7040ccfd0f64af1a385808d2f43de"
+
+[[package]]
+name = "unarray"
+version = "0.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "eaea85b334db583fe3274d12b4cd1880032beab409c0d774be044d4480ab9a94"
+
+[[package]]
+name = "unicode-ident"
+version = "1.0.24"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e6e4313cd5fcd3dad5cafa179702e2b244f760991f45397d14d4ebf38247da75"
+
+[[package]]
+name = "universal-hash"
+version = "0.5.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fc1de2c688dc15305988b563c3854064043356019f97a4b46276fe734c4f07ea"
+dependencies = [
+ "crypto-common",
+ "subtle",
+]
+
+[[package]]
+name = "untrusted"
+version = "0.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a"
+
+[[package]]
+name = "url"
+version = "2.5.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ff67a8a4397373c3ef660812acab3268222035010ab8680ec4215f38ba3d0eed"
+dependencies = [
+ "form_urlencoded",
+ "idna",
+ "percent-encoding",
+ "serde",
+]
+
+[[package]]
+name = "utf8_iter"
+version = "1.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be"
+
+[[package]]
+name = "valuable"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ba73ea9cf16a25df0c8caa16c51acb937d5712a8429db78a3ee29d5dcacd3a65"
+
+[[package]]
+name = "version_check"
+version = "0.9.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a"
+
+[[package]]
+name = "walkdir"
+version = "2.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "29790946404f91d9c5d06f9874efddea1dc06c5efe94541a7d6863108e3a5e4b"
+dependencies = [
+ "same-file",
+ "winapi-util",
+]
+
+[[package]]
+name = "want"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bfa7760aed19e106de2c7c0b581b509f2f25d3dacaf737cb82ac61bc6d760b0e"
+dependencies = [
+ "try-lock",
+]
+
+[[package]]
+name = "wasi"
+version = "0.11.1+wasi-snapshot-preview1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b"
+
+[[package]]
+name = "wasip2"
+version = "1.0.3+wasi-0.2.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "20064672db26d7cdc89c7798c48a0fdfac8213434a1186e5ef29fd560ae223d6"
+dependencies = [
+ "wit-bindgen",
+]
+
+[[package]]
+name = "wasm-bindgen"
+version = "0.2.121"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "49ace1d07c165b0864824eee619580c4689389afa9dc9ed3a4c75040d82e6790"
+dependencies = [
+ "cfg-if",
+ "once_cell",
+ "rustversion",
+ "wasm-bindgen-macro",
+ "wasm-bindgen-shared",
+]
+
+[[package]]
+name = "wasm-bindgen-futures"
+version = "0.4.71"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "96492d0d3ffba25305a7dc88720d250b1401d7edca02cc3bcd50633b424673b8"
+dependencies = [
+ "js-sys",
+ "wasm-bindgen",
+]
+
+[[package]]
+name = "wasm-bindgen-macro"
+version = "0.2.121"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8e68e6f4afd367a562002c05637acb8578ff2dea1943df76afb9e83d177c8578"
+dependencies = [
+ "quote",
+ "wasm-bindgen-macro-support",
+]
+
+[[package]]
+name = "wasm-bindgen-macro-support"
+version = "0.2.121"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d95a9ec35c64b2a7cb35d3fead40c4238d0940c86d107136999567a4703259f2"
+dependencies = [
+ "bumpalo",
+ "proc-macro2",
+ "quote",
+ "syn",
+ "wasm-bindgen-shared",
+]
+
+[[package]]
+name = "wasm-bindgen-shared"
+version = "0.2.121"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c4e0100b01e9f0d03189a92b96772a1fb998639d981193d7dbab487302513441"
+dependencies = [
+ "unicode-ident",
+]
+
+[[package]]
+name = "web-sys"
+version = "0.3.98"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4b572dff8bcf38bad0fa19729c89bb5748b2b9b1d8be70cf90df697e3a8f32aa"
+dependencies = [
+ "js-sys",
+ "wasm-bindgen",
+]
+
+[[package]]
+name = "web-time"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5a6580f308b1fad9207618087a65c04e7a10bc77e02c8e84e9b00dd4b12fa0bb"
+dependencies = [
+ "js-sys",
+ "wasm-bindgen",
+]
+
+[[package]]
+name = "winapi"
+version = "0.3.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
+dependencies = [
+ "winapi-i686-pc-windows-gnu",
+ "winapi-x86_64-pc-windows-gnu",
+]
+
+[[package]]
+name = "winapi-i686-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
+
+[[package]]
+name = "winapi-util"
+version = "0.1.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22"
+dependencies = [
+ "windows-sys",
+]
+
+[[package]]
+name = "winapi-x86_64-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
+
+[[package]]
+name = "windows"
+version = "0.61.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9babd3a767a4c1aef6900409f85f5d53ce2544ccdfaa86dad48c91782c6d6893"
+dependencies = [
+ "windows-collections",
+ "windows-core",
+ "windows-future",
+ "windows-link 0.1.3",
+ "windows-numerics",
+]
+
+[[package]]
+name = "windows-collections"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3beeceb5e5cfd9eb1d76b381630e82c4241ccd0d27f1a39ed41b2760b255c5e8"
+dependencies = [
+ "windows-core",
+]
+
+[[package]]
+name = "windows-core"
+version = "0.61.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c0fdd3ddb90610c7638aa2b3a3ab2904fb9e5cdbecc643ddb3647212781c4ae3"
+dependencies = [
+ "windows-implement",
+ "windows-interface",
+ "windows-link 0.1.3",
+ "windows-result",
+ "windows-strings",
+]
+
+[[package]]
+name = "windows-future"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fc6a41e98427b19fe4b73c550f060b59fa592d7d686537eebf9385621bfbad8e"
+dependencies = [
+ "windows-core",
+ "windows-link 0.1.3",
+ "windows-threading",
+]
+
+[[package]]
+name = "windows-implement"
+version = "0.60.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "053e2e040ab57b9dc951b72c264860db7eb3b0200ba345b4e4c3b14f67855ddf"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "windows-interface"
+version = "0.59.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3f316c4a2570ba26bbec722032c4099d8c8bc095efccdc15688708623367e358"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "windows-link"
+version = "0.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5e6ad25900d524eaabdbbb96d20b4311e1e7ae1699af4fb28c17ae66c80d798a"
+
+[[package]]
+name = "windows-link"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5"
+
+[[package]]
+name = "windows-numerics"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9150af68066c4c5c07ddc0ce30421554771e528bde427614c61038bc2c92c2b1"
+dependencies = [
+ "windows-core",
+ "windows-link 0.1.3",
+]
+
+[[package]]
+name = "windows-result"
+version = "0.3.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "56f42bd332cc6c8eac5af113fc0c1fd6a8fd2aa08a0119358686e5160d0586c6"
+dependencies = [
+ "windows-link 0.1.3",
+]
+
+[[package]]
+name = "windows-strings"
+version = "0.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "56e6c93f3a0c3b36176cb1327a4958a0353d5d166c2a35cb268ace15e91d3b57"
+dependencies = [
+ "windows-link 0.1.3",
+]
+
+[[package]]
+name = "windows-sys"
+version = "0.61.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ae137229bcbd6cdf0f7b80a31df61766145077ddf49416a728b02cb3921ff3fc"
+dependencies = [
+ "windows-link 0.2.1",
+]
+
+[[package]]
+name = "windows-threading"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b66463ad2e0ea3bbf808b7f1d371311c80e115c0b71d60efc142cafbcfb057a6"
+dependencies = [
+ "windows-link 0.1.3",
+]
+
+[[package]]
+name = "winnow"
+version = "0.7.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "df79d97927682d2fd8adb29682d1140b343be4ac0f08fd68b7765d9c059d3945"
+
+[[package]]
+name = "winnow"
+version = "1.0.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0592e1c9d151f854e6fd382574c3a0855250e1d9b2f99d9281c6e6391af352f1"
+dependencies = [
+ "memchr",
+]
+
+[[package]]
+name = "wit-bindgen"
+version = "0.57.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1ebf944e87a7c253233ad6766e082e3cd714b5d03812acc24c318f549614536e"
+
+[[package]]
+name = "writeable"
+version = "0.6.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1ffae5123b2d3fc086436f8834ae3ab053a283cfac8fe0a0b8eaae044768a4c4"
+
+[[package]]
+name = "x25519-dalek"
+version = "2.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c7e468321c81fb07fa7f4c636c3972b9100f0346e5b6a9f2bd0603a52f7ed277"
+dependencies = [
+ "curve25519-dalek",
+ "rand_core 0.6.4",
+ "serde",
+ "zeroize",
+]
+
+[[package]]
+name = "yoke"
+version = "0.8.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "abe8c5fda708d9ca3df187cae8bfb9ceda00dd96231bed36e445a1a48e66f9ca"
+dependencies = [
+ "stable_deref_trait",
+ "yoke-derive",
+ "zerofrom",
+]
+
+[[package]]
+name = "yoke-derive"
+version = "0.8.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "de844c262c8848816172cef550288e7dc6c7b7814b4ee56b3e1553f275f1858e"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+ "synstructure",
+]
+
+[[package]]
+name = "zerocopy"
+version = "0.8.48"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "eed437bf9d6692032087e337407a86f04cd8d6a16a37199ed57949d415bd68e9"
+dependencies = [
+ "zerocopy-derive",
+]
+
+[[package]]
+name = "zerocopy-derive"
+version = "0.8.48"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "70e3cd084b1788766f53af483dd21f93881ff30d7320490ec3ef7526d203bad4"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "zerofrom"
+version = "0.1.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0ec05a11813ea801ff6d75110ad09cd0824ddba17dfe17128ea0d5f68e6c5272"
+dependencies = [
+ "zerofrom-derive",
+]
+
+[[package]]
+name = "zerofrom-derive"
+version = "0.1.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "11532158c46691caf0f2593ea8358fed6bbf68a0315e80aae9bd41fbade684a1"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+ "synstructure",
+]
+
+[[package]]
+name = "zeroize"
+version = "1.8.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b97154e67e32c85465826e8bcc1c59429aaaf107c1e4a9e53c8d8ccd5eff88d0"
+dependencies = [
+ "zeroize_derive",
+]
+
+[[package]]
+name = "zeroize_derive"
+version = "1.4.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "85a5b4158499876c763cb03bc4e49185d3cccbabb15b33c627f7884f43db852e"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "zerotrie"
+version = "0.2.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0f9152d31db0792fa83f70fb2f83148effb5c1f5b8c7686c3459e361d9bc20bf"
+dependencies = [
+ "displaydoc",
+ "yoke",
+ "zerofrom",
+]
+
+[[package]]
+name = "zerovec"
+version = "0.11.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "90f911cbc359ab6af17377d242225f4d75119aec87ea711a880987b18cd7b239"
+dependencies = [
+ "yoke",
+ "zerofrom",
+ "zerovec-derive",
+]
+
+[[package]]
+name = "zerovec-derive"
+version = "0.11.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "625dc425cab0dca6dc3c3319506e6593dcb08a9f387ea3b284dbd52a92c40555"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "zmij"
+version = "1.0.21"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b8848ee67ecc8aedbaf3e4122217aff892639231befc6a1b58d29fff4c2cabaa"
+
+[[package]]
+name = "zstd"
+version = "0.13.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e91ee311a569c327171651566e07972200e76fcfe2242a4fa446149a3881c08a"
+dependencies = [
+ "zstd-safe",
+]
+
+[[package]]
+name = "zstd-safe"
+version = "7.2.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8f49c4d5f0abb602a93fb8736af2a4f4dd9512e36f7f570d66e65ff867ed3b9d"
+dependencies = [
+ "zstd-sys",
+]
+
+[[package]]
+name = "zstd-sys"
+version = "2.0.16+zstd.1.5.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "91e19ebc2adc8f83e43039e79776e3fda8ca919132d68a1fed6a5faca2683748"
+dependencies = [
+ "cc",
+ "pkg-config",
+]
diff --git a/op-batcher-consensus-sidecar/Cargo.toml b/op-batcher-consensus-sidecar/Cargo.toml
new file mode 100644
index 00000000000..0b01381c60c
--- /dev/null
+++ b/op-batcher-consensus-sidecar/Cargo.toml
@@ -0,0 +1,25 @@
+[package]
+name = "op-batcher-consensus-sidecar"
+version = "0.1.0"
+edition = "2021"
+license = "MIT OR Apache-2.0"
+
+[[bin]]
+name = "op-batcher-consensus-sidecar"
+path = "src/main.rs"
+
+[dependencies]
+anyhow = "1"
+commonware-actor = { git = "https://github.com/commonwarexyz/monorepo", rev = "468b7a9a40d531bf1cb6f2536bc25abb917ab850", package = "commonware-actor" }
+commonware-codec = { git = "https://github.com/commonwarexyz/monorepo", rev = "468b7a9a40d531bf1cb6f2536bc25abb917ab850", package = "commonware-codec" }
+commonware-consensus = { git = "https://github.com/commonwarexyz/monorepo", rev = "468b7a9a40d531bf1cb6f2536bc25abb917ab850", package = "commonware-consensus" }
+commonware-cryptography = { git = "https://github.com/commonwarexyz/monorepo", rev = "468b7a9a40d531bf1cb6f2536bc25abb917ab850", package = "commonware-cryptography", features = ["std"] }
+commonware-p2p = { git = "https://github.com/commonwarexyz/monorepo", rev = "468b7a9a40d531bf1cb6f2536bc25abb917ab850", package = "commonware-p2p" }
+commonware-parallel = { git = "https://github.com/commonwarexyz/monorepo", rev = "468b7a9a40d531bf1cb6f2536bc25abb917ab850", package = "commonware-parallel", features = ["std"] }
+commonware-runtime = { git = "https://github.com/commonwarexyz/monorepo", rev = "468b7a9a40d531bf1cb6f2536bc25abb917ab850", package = "commonware-runtime" }
+commonware-utils = { git = "https://github.com/commonwarexyz/monorepo", rev = "468b7a9a40d531bf1cb6f2536bc25abb917ab850", package = "commonware-utils" }
+hex = "0.4"
+k256 = { version = "0.13", features = ["ecdsa", "sha256"] }
+serde = { version = "1", features = ["derive"] }
+serde_json = "1"
+sha3 = "0.10"
diff --git a/op-batcher-consensus-sidecar/src/main.rs b/op-batcher-consensus-sidecar/src/main.rs
new file mode 100644
index 00000000000..002e39e403c
--- /dev/null
+++ b/op-batcher-consensus-sidecar/src/main.rs
@@ -0,0 +1,625 @@
+use anyhow::{anyhow, Context, Result};
+use commonware_actor::Feedback;
+use commonware_codec::{Encode, ReadExt};
+use commonware_consensus::{
+    simplex::{self, elector::RoundRobin, types::Activity, Engine, ForwardingPolicy, Plan},
+    types::{Epoch, ViewDelta},
+    Automaton, CertifiableAutomaton, Relay, Reporter,
+};
+use commonware_cryptography::{
+    certificate::Scheme as _,
+    ed25519,
+    secp256r1::{self, standard as p256},
+    sha256::Digest as Sha256Digest,
+    Hasher, Sha256, Signer,
+};
+use commonware_p2p::simulated::{Config as SimulatedNetworkConfig, Link, Network};
+use commonware_parallel::Sequential;
+use commonware_runtime::{
+    buffer::paged::CacheRef, deterministic, Clock as _, Quota, Runner as _, Supervisor as _,
+};
+use commonware_utils::{
+    channel::{mpsc, oneshot},
+    ordered::{BiMap, Set},
+    sync::Mutex,
+    TryCollect,
+};
+use k256::ecdsa::{RecoveryId, Signature, SigningKey};
+use serde::{Deserialize, Serialize};
+use sha3::{Digest as Sha3Digest, Keccak256};
+use std::{
+    env,
+    io::{Read, Write},
+    net::{TcpListener, TcpStream},
+    num::{NonZeroU16, NonZeroU32, NonZeroUsize},
+    sync::Arc,
+    time::Duration,
+};
+
+const PROVIDER: &str = "commonware-p2pft-poc-secp256r1";
+const SIMPLEX_PROVIDER: &str = "commonware-simplex-poc-secp256r1";
+const COMMONWARE_NAMESPACE: &[u8] = b"op-batcher-consensus-poc/commonware";
+const SIMPLEX_NAMESPACE: &[u8] = b"op-batcher-consensus-poc/simplex";
+const EVM_PREFIX: &[u8] = b"BCSIG1";
+const SIMPLEX_PROOF_PREFIX: &[u8] = b"CWSIMPLX1";
+const EVM_SIGNING_KEY: [u8; 32] = [
+    0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+    0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+];
+const EVM_VALIDATOR_KEYS: [[u8; 32]; 3] = [
+    [
+        0x11, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x11, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd,
+        0xef, 0x11, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x11, 0x23, 0x45, 0x67, 0x89, 0xab,
+        0xcd, 0xef,
+    ],
+    [
+        0x21, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x21, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd,
+        0xef, 0x21, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x21, 0x23, 0x45, 0x67, 0x89, 0xab,
+        0xcd, 0xef,
+    ],
+    [
+        0x31, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x31, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd,
+        0xef, 0x31, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x31, 0x23, 0x45, 0x67, 0x89, 0xab,
+        0xcd, 0xef,
+    ],
+];
+const SIMPLEX_P256_VALIDATOR_KEYS: [[u8; 32]; 4] = [
+    EVM_VALIDATOR_KEYS[0],
+    EVM_VALIDATOR_KEYS[1],
+    EVM_VALIDATOR_KEYS[2],
+    [
+        0x41, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x41, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd,
+        0xef, 0x41, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x41, 0x23, 0x45, 0x67, 0x89, 0xab,
+        0xcd, 0xef,
+    ],
+];
+
+#[derive(Debug, Deserialize)]
+struct ProofRequest {
+    l1_chain_id: String,
+    l2_chain_id: String,
+    batch_inbox: String,
+    batcher: String,
+    blob_versioned_hashes: Vec<String>,
+}
+
+#[derive(Debug, Serialize)]
+struct ProofResponse {
+    provider: String,
+    certificate: String,
+    calldata: String,
+}
+
+fn main() -> Result<()> {
+    let mut listen = "127.0.0.1:0".to_string();
+    let mut valid = true;
+    let mut simplex = false;
+    let args: Vec<String> = env::args().collect();
+    let mut i = 1;
+    while i < args.len() {
+        match args[i].as_str() {
+            "--listen" => {
+                i += 1;
+                listen = args
+                    .get(i)
+                    .ok_or_else(|| anyhow!("missing --listen value"))?
+                    .clone();
+            }
+            "--invalid" => valid = false,
+            "--commonware-simplex" => simplex = true,
+            other => return Err(anyhow!("unknown argument {other}")),
+        }
+        i += 1;
+    }
+
+    let listener = TcpListener::bind(&listen).context("bind listener")?;
+    eprintln!(
+        "op-batcher-consensus-sidecar listening on {}",
+        listener.local_addr()?
+    );
+    for stream in listener.incoming() {
+        match stream {
+            Ok(stream) => {
+                if let Err(err) = handle(stream, valid, simplex) {
+                    eprintln!("request failed: {err:#}");
+                }
+            }
+            Err(err) => eprintln!("accept failed: {err}"),
+        }
+    }
+    Ok(())
+}
+
+fn handle(mut stream: TcpStream, valid: bool, simplex: bool) -> Result<()> {
+    let mut buf = vec![0u8; 64 * 1024];
+    let n = stream.read(&mut buf).context("read request")?;
+    let req_bytes = &buf[..n];
+    let body_start = req_bytes
+        .windows(4)
+        .position(|w| w == b"\r\n\r\n")
+        .map(|p| p + 4)
+        .ok_or_else(|| anyhow!("malformed HTTP request"))?;
+    let body = &req_bytes[body_start..];
+    let req: ProofRequest = serde_json::from_slice(body).context("decode proof request")?;
+    let resp = build_response(&req, valid, simplex).context("build proof response")?;
+    let payload = serde_json::to_vec(&resp).context("encode proof response")?;
+    write_response(&mut stream, 200, "OK", &payload)?;
+    Ok(())
+}
+
+fn write_response(stream: &mut TcpStream, code: u16, reason: &str, body: &[u8]) -> Result<()> {
+    write!(
+        stream,
+        "HTTP/1.1 {code} {reason}\r\ncontent-type: application/json\r\ncontent-length: {}\r\nconnection: close\r\n\r\n",
+        body.len()
+    )?;
+    stream.write_all(body)?;
+    Ok(())
+}
+
+fn build_response(req: &ProofRequest, valid: bool, simplex: bool) -> Result<ProofResponse> {
+    let digest = proof_digest(req)?;
+    if simplex {
+        return build_simplex_response(&digest, valid);
+    }
+    let commonware_signer = secp256r1::recoverable::PrivateKey::from_seed(1);
+    let commonware_sig = commonware_signer.sign(COMMONWARE_NAMESPACE, digest.as_slice());
+    let mut certificate = Vec::new();
+    certificate.extend_from_slice(b"CWPOC1");
+    certificate.extend_from_slice(commonware_sig.as_ref());
+
+    let mut calldata = evm_calldata(&digest)?;
+    if !valid {
+        certificate.push(0);
+        let last = calldata
+            .last_mut()
+            .ok_or_else(|| anyhow!("empty calldata"))?;
+        *last = 0;
+    }
+
+    Ok(ProofResponse {
+        provider: PROVIDER.to_string(),
+        certificate: format!("0x{}", hex::encode(certificate)),
+        calldata: format!("0x{}", hex::encode(calldata)),
+    })
+}
+
+fn build_simplex_response(digest: &[u8; 32], valid: bool) -> Result<ProofResponse> {
+    let certificate = run_simplex_consensus(*digest)?;
+    let mut calldata = evm_commonware_calldata(digest, &certificate)?;
+    if !valid {
+        let last = calldata
+            .get_mut(SIMPLEX_PROOF_PREFIX.len() + 32)
+            .ok_or_else(|| anyhow!("empty calldata"))?;
+        *last = 0;
+    }
+    Ok(ProofResponse {
+        provider: SIMPLEX_PROVIDER.to_string(),
+        certificate: format!("0x{}", hex::encode(certificate)),
+        calldata: format!("0x{}", hex::encode(calldata)),
+    })
+}
+
+type SimplexScheme = simplex::scheme::secp256r1::Scheme<ed25519::PublicKey>;
+type SimplexFinalization = simplex::types::Finalization<SimplexScheme, Sha256Digest>;
+
+#[derive(Clone)]
+struct FixedMailbox {
+    sender: mpsc::UnboundedSender<FixedMessage>,
+}
+
+enum FixedMessage {
+    Genesis {
+        epoch: Epoch,
+        response: oneshot::Sender<Sha256Digest>,
+    },
+    Propose {
+        response: oneshot::Sender<Sha256Digest>,
+    },
+    Verify {
+        payload: Sha256Digest,
+        response: oneshot::Sender<bool>,
+    },
+    Certify {
+        payload: Sha256Digest,
+        response: oneshot::Sender<bool>,
+    },
+}
+
+struct FixedApplication<E> {
+    context: E,
+    target: Sha256Digest,
+    mailbox: mpsc::UnboundedReceiver<FixedMessage>,
+}
+
+impl<E> FixedApplication<E>
+where
+    E: commonware_runtime::Spawner,
+{
+    fn new(context: E, target: Sha256Digest) -> (Self, FixedMailbox) {
+        let (sender, mailbox) = mpsc::unbounded_channel();
+        (
+            Self {
+                context,
+                target,
+                mailbox,
+            },
+            FixedMailbox { sender },
+        )
+    }
+
+    fn start(mut self) {
+        self.context.spawn(move |_| async move {
+            while let Some(message) = self.mailbox.recv().await {
+                match message {
+                    FixedMessage::Genesis { epoch, response } => {
+                        let mut hasher = Sha256::default();
+                        hasher.update(b"op-batcher-consensus-simplex-genesis");
+                        hasher.update(&epoch.encode());
+                        let _ = response.send(hasher.finalize());
+                    }
+                    FixedMessage::Propose { response } => {
+                        let _ = response.send(self.target);
+                    }
+                    FixedMessage::Verify { payload, response }
+                    | FixedMessage::Certify { payload, response } => {
+                        let _ = response.send(payload == self.target);
+                    }
+                }
+            }
+        });
+    }
+}
+
+impl Automaton for FixedMailbox {
+    type Context = simplex::types::Context<Sha256Digest, ed25519::PublicKey>;
+    type Digest = Sha256Digest;
+
+    async fn genesis(&mut self, epoch: Epoch) -> Self::Digest {
+        let (response, receiver) = oneshot::channel();
+        let _ = self.sender.send(FixedMessage::Genesis { epoch, response });
+        receiver.await.expect("simplex genesis response")
+    }
+
+    async fn propose(&mut self, _context: Self::Context) -> oneshot::Receiver<Self::Digest> {
+        let (response, receiver) = oneshot::channel();
+        let _ = self.sender.send(FixedMessage::Propose { response });
+        receiver
+    }
+
+    async fn verify(
+        &mut self,
+        _context: Self::Context,
+        payload: Self::Digest,
+    ) -> oneshot::Receiver<bool> {
+        let (response, receiver) = oneshot::channel();
+        let _ = self.sender.send(FixedMessage::Verify { payload, response });
+        receiver
+    }
+}
+
+impl CertifiableAutomaton for FixedMailbox {
+    async fn certify(
+        &mut self,
+        _round: commonware_consensus::types::Round,
+        payload: Self::Digest,
+    ) -> oneshot::Receiver<bool> {
+        let (response, receiver) = oneshot::channel();
+        let _ = self
+            .sender
+            .send(FixedMessage::Certify { payload, response });
+        receiver
+    }
+}
+
+impl Relay for FixedMailbox {
+    type Digest = Sha256Digest;
+    type Plan = Plan<ed25519::PublicKey>;
+    type PublicKey = ed25519::PublicKey;
+
+    fn broadcast(&mut self, _payload: Self::Digest, _plan: Self::Plan) -> Feedback {
+        Feedback::Ok
+    }
+}
+
+#[derive(Clone)]
+struct CaptureReporter {
+    scheme: SimplexScheme,
+    finalization: Arc<Mutex<Option<SimplexFinalization>>>,
+}
+
+impl Reporter for CaptureReporter {
+    type Activity = Activity<SimplexScheme, Sha256Digest>;
+
+    fn report(&mut self, activity: Self::Activity) -> Feedback {
+        if let Activity::Finalization(finalization) = activity {
+            if self
+                .scheme
+                .verify_certificate::<_, Sha256Digest, commonware_utils::N3f1>(
+                    &mut commonware_utils::test_rng(),
+                    simplex::types::Subject::Finalize {
+                        proposal: &finalization.proposal,
+                    },
+                    &finalization.certificate,
+                    &Sequential,
+                )
+            {
+                *self.finalization.lock() = Some(finalization);
+            }
+        }
+        Feedback::Ok
+    }
+}
+
+fn run_simplex_consensus(digest: [u8; 32]) -> Result<Vec<u8>> {
+    let target = Sha256Digest::from(digest);
+    let runner = deterministic::Runner::default();
+    runner.start(|context| async move {
+        let identity_signers = (0..4)
+            .map(|i| ed25519::PrivateKey::from_seed(i + 1))
+            .collect::<Vec<_>>();
+        let consensus_signers = SIMPLEX_P256_VALIDATOR_KEYS
+            .iter()
+            .map(simplex_p256_private_key)
+            .collect::<Result<Vec<_>>>()?;
+        let participants: Set<_> = identity_signers
+            .iter()
+            .map(|signer| signer.public_key())
+            .try_collect()
+            .map_err(|_| anyhow!("duplicate Commonware Simplex participants"))?;
+        let consensus_participants: BiMap<_, _> = identity_signers
+            .iter()
+            .zip(consensus_signers.iter())
+            .map(|(identity, consensus)| (identity.public_key(), consensus.public_key()))
+            .try_collect()
+            .map_err(|_| anyhow!("duplicate Commonware Simplex consensus participants"))?;
+
+        let schemes = consensus_signers
+            .iter()
+            .map(|signer| {
+                SimplexScheme::signer(
+                    SIMPLEX_NAMESPACE,
+                    consensus_participants.clone(),
+                    signer.clone(),
+                )
+                .ok_or_else(|| anyhow!("simplex signer not in participants"))
+            })
+            .collect::<Result<Vec<_>>>()?;
+
+        let (network, oracle) = Network::new_with_peers(
+            context.child("network"),
+            SimulatedNetworkConfig {
+                max_size: 1024 * 1024,
+                disconnect_on_block: false,
+                tracked_peer_sets: NonZeroUsize::new(1).unwrap(),
+            },
+            participants.iter().cloned().collect::<Vec<_>>(),
+        )
+        .await;
+        network.start();
+
+        let link = Link {
+            latency: Duration::from_millis(1),
+            jitter: Duration::from_millis(0),
+            success_rate: 1.0,
+        };
+        for from in participants.iter() {
+            for to in participants.iter() {
+                if from == to {
+                    continue;
+                }
+                oracle
+                    .add_link(from.clone(), to.clone(), link.clone())
+                    .await
+                    .map_err(|err| anyhow!("link simplex peers: {err:?}"))?;
+            }
+        }
+
+        let finalization = Arc::new(Mutex::new(None));
+        for (idx, identity) in identity_signers.iter().enumerate() {
+            let public_key = identity.public_key();
+            let control = oracle.control(public_key.clone());
+            let vote = control
+                .register(0, Quota::per_second(NonZeroU32::MAX))
+                .await
+                .map_err(|err| anyhow!("register simplex vote channel: {err:?}"))?;
+            let certificate = control
+                .register(1, Quota::per_second(NonZeroU32::MAX))
+                .await
+                .map_err(|err| anyhow!("register simplex certificate channel: {err:?}"))?;
+            let resolver = control
+                .register(2, Quota::per_second(NonZeroU32::MAX))
+                .await
+                .map_err(|err| anyhow!("register simplex resolver channel: {err:?}"))?;
+
+            let (application, mailbox) =
+                FixedApplication::new(context.child("application"), target);
+            application.start();
+
+            let scheme = schemes[idx].clone();
+            let reporter = CaptureReporter {
+                scheme: scheme.clone(),
+                finalization: finalization.clone(),
+            };
+            let cfg = simplex::Config {
+                scheme,
+                elector: RoundRobin::<Sha256>::default(),
+                blocker: oracle.control(public_key.clone()),
+                automaton: mailbox.clone(),
+                relay: mailbox,
+                reporter,
+                partition: format!("batch-consensus-{idx}"),
+                mailbox_size: NonZeroUsize::new(1024).unwrap(),
+                epoch: Epoch::zero(),
+                replay_buffer: NonZeroUsize::new(1024 * 1024).unwrap(),
+                write_buffer: NonZeroUsize::new(1024 * 1024).unwrap(),
+                leader_timeout: Duration::from_millis(100),
+                certification_timeout: Duration::from_millis(200),
+                timeout_retry: Duration::from_secs(1),
+                fetch_timeout: Duration::from_millis(100),
+                activity_timeout: ViewDelta::new(10),
+                skip_timeout: ViewDelta::new(5),
+                fetch_concurrent: NonZeroUsize::new(4).unwrap(),
+                page_cache: CacheRef::from_pooler(
+                    &context,
+                    NonZeroU16::new(1024).unwrap(),
+                    NonZeroUsize::new(10).unwrap(),
+                ),
+                strategy: Sequential,
+                forwarding: ForwardingPolicy::Disabled,
+            };
+            Engine::new(context.child("engine"), cfg).start(vote, certificate, resolver);
+        }
+
+        for _ in 0..100 {
+            if let Some(finalization) = finalization.lock().clone() {
+                if finalization.proposal.payload != target {
+                    return Err(anyhow!("simplex finalized unexpected payload"));
+                }
+                eprintln!(
+                    "commonware simplex finalized batch consensus proof view={} payload={:?}",
+                    finalization.proposal.round.view(),
+                    finalization.proposal.payload
+                );
+                let mut out = Vec::new();
+                out.extend_from_slice(b"CWSIMPLX1");
+                out.extend_from_slice(&finalization.encode());
+                return Ok(out);
+            }
+            context.sleep(Duration::from_millis(20)).await;
+        }
+        Err(anyhow!(
+            "timed out waiting for Commonware Simplex finalization"
+        ))
+    })
+}
+
+fn simplex_p256_private_key(raw: &[u8; 32]) -> Result<p256::PrivateKey> {
+    p256::PrivateKey::read(&mut &raw[..]).context("decode Simplex P256 validator key")
+}
+
+fn proof_digest(req: &ProofRequest) -> Result<[u8; 32]> {
+    let mut hasher = Keccak256::new();
+    hasher.update(req.l1_chain_id.as_bytes());
+    hasher.update(b"|");
+    hasher.update(req.l2_chain_id.as_bytes());
+    hasher.update(b"|");
+    hasher.update(hex_address(&req.batch_inbox)?);
+    hasher.update(hex_address(&req.batcher)?);
+    for h in &req.blob_versioned_hashes {
+        hasher.update(hex_hash(h)?);
+    }
+    Ok(hasher.finalize().into())
+}
+
+fn evm_calldata(digest: &[u8; 32]) -> Result<Vec<u8>> {
+    evm_calldata_with_prefix(EVM_PREFIX, digest, None)
+}
+
+fn evm_commonware_calldata(digest: &[u8; 32], certificate: &[u8]) -> Result<Vec<u8>> {
+    if certificate.is_empty() {
+        return Err(anyhow!("empty Commonware certificate"));
+    }
+    let mut out =
+        Vec::with_capacity(SIMPLEX_PROOF_PREFIX.len() + 32 + 1 + 65 * 3 + certificate.len());
+    out.extend_from_slice(SIMPLEX_PROOF_PREFIX);
+    out.extend_from_slice(digest);
+    out.push(1);
+    let signing_digest = commonware_evm_signing_digest(digest, certificate);
+    for key in EVM_VALIDATOR_KEYS {
+        let signing_key = SigningKey::from_slice(&key).context("load EVM validator signing key")?;
+        let (sig, recid): (Signature, RecoveryId) = signing_key
+            .sign_prehash_recoverable(&signing_digest)
+            .context("sign EVM validator digest")?;
+        out.extend_from_slice(&sig.to_bytes());
+        out.push(recid.to_byte());
+    }
+    out.extend_from_slice(certificate);
+    Ok(out)
+}
+
+fn commonware_evm_signing_digest(digest: &[u8; 32], certificate: &[u8]) -> [u8; 32] {
+    let mut hasher = Keccak256::new();
+    hasher.update(SIMPLEX_PROOF_PREFIX);
+    hasher.update(digest);
+    hasher.update([1u8]);
+    hasher.update(certificate);
+    hasher.finalize().into()
+}
+
+fn evm_calldata_with_prefix(
+    prefix: &[u8],
+    digest: &[u8; 32],
+    certificate: Option<&[u8]>,
+) -> Result<Vec<u8>> {
+    let signing_key = SigningKey::from_slice(&EVM_SIGNING_KEY).context("load EVM signing key")?;
+    let (sig, recid): (Signature, RecoveryId) = signing_key
+        .sign_prehash_recoverable(digest)
+        .context("sign EVM digest")?;
+    let certificate_len = certificate.map_or(0, <[u8]>::len);
+    let mut out = Vec::with_capacity(prefix.len() + 32 + 65 + 1 + certificate_len);
+    out.extend_from_slice(prefix);
+    out.extend_from_slice(digest);
+    out.extend_from_slice(&sig.to_bytes());
+    out.push(recid.to_byte());
+    out.push(1);
+    if let Some(certificate) = certificate {
+        out.extend_from_slice(certificate);
+    }
+    Ok(out)
+}
+
+fn hex_address(s: &str) -> Result<[u8; 20]> {
+    let bytes = decode_hex(s)?;
+    bytes
+        .try_into()
+        .map_err(|_| anyhow!("expected 20-byte address: {s}"))
+}
+
+fn hex_hash(s: &str) -> Result<[u8; 32]> {
+    let bytes = decode_hex(s)?;
+    bytes
+        .try_into()
+        .map_err(|_| anyhow!("expected 32-byte hash: {s}"))
+}
+
+fn decode_hex(s: &str) -> Result<Vec<u8>> {
+    hex::decode(s.strip_prefix("0x").unwrap_or(s)).with_context(|| format!("decode hex {s}"))
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    fn request() -> ProofRequest {
+        ProofRequest {
+            l1_chain_id: "900".to_string(),
+            l2_chain_id: "901".to_string(),
+            batch_inbox: "0x0000000000000000000000000000000000000001".to_string(),
+            batcher: "0x0000000000000000000000000000000000000002".to_string(),
+            blob_versioned_hashes: vec![
+                "0x0100000000000000000000000000000000000000000000000000000000000000".to_string(),
+            ],
+        }
+    }
+
+    #[test]
+    fn simplex_response_contains_commonware_certificate_and_evm_calldata() {
+        let resp = build_response(&request(), true, true).unwrap();
+        let certificate = decode_hex(&resp.certificate).unwrap();
+        let calldata = decode_hex(&resp.calldata).unwrap();
+
+        assert_eq!(resp.provider, SIMPLEX_PROVIDER);
+        assert!(certificate.starts_with(b"CWSIMPLX1"));
+        assert!(calldata.starts_with(SIMPLEX_PROOF_PREFIX));
+        assert_eq!(
+            calldata.len(),
+            SIMPLEX_PROOF_PREFIX.len() + 32 + 1 + (65 * 3) + certificate.len()
+        );
+        assert_eq!(calldata[SIMPLEX_PROOF_PREFIX.len() + 32], 1);
+        assert_eq!(
+            &calldata[SIMPLEX_PROOF_PREFIX.len() + 32 + 1 + (65 * 3)..],
+            certificate
+        );
+    }
+}
diff --git a/op-batcher/batcher/config.go b/op-batcher/batcher/config.go
index c6530742453..028279bcc2d 100644
--- a/op-batcher/batcher/config.go
+++ b/op-batcher/batcher/config.go
@@ -137,6 +137,10 @@ type CLIConfig struct {
 	// for choosing the most economic type dynamically at the start of each channel.
 	DataAvailabilityType flags.DataAvailabilityType
 
+	// BatchConsensusProofEndpoint is an optional HTTP endpoint that returns verifier calldata
+	// for blob batch consensus proofs.
+	BatchConsensusProofEndpoint string
+
 	// ActiveSequencerCheckDuration is the duration between checks to determine the active sequencer endpoint.
 	ActiveSequencerCheckDuration time.Duration
 
@@ -241,6 +245,7 @@ func NewConfig(ctx *cli.Context) *CLIConfig {
 		CheckRecentTxsDepth:          ctx.Int(flags.CheckRecentTxsDepthFlag.Name),
 		BatchType:                    ctx.Uint(flags.BatchTypeFlag.Name),
 		DataAvailabilityType:         flags.DataAvailabilityType(ctx.String(flags.DataAvailabilityTypeFlag.Name)),
+		BatchConsensusProofEndpoint:  ctx.String(flags.BatchConsensusProofEndpointFlag.Name),
 		ActiveSequencerCheckDuration: ctx.Duration(flags.ActiveSequencerCheckDurationFlag.Name),
 		TxMgrConfig:                  txmgr.ReadCLIConfig(ctx),
 		LogConfig:                    oplog.ReadCLIConfig(ctx),
diff --git a/op-batcher/batcher/driver.go b/op-batcher/batcher/driver.go
index da21d10183a..ef610d13f79 100644
--- a/op-batcher/batcher/driver.go
+++ b/op-batcher/batcher/driver.go
@@ -26,6 +26,7 @@ import (
 	"github.com/ethereum-optimism/optimism/op-batcher/metrics"
 	"github.com/ethereum-optimism/optimism/op-node/rollup"
 	"github.com/ethereum-optimism/optimism/op-node/rollup/derive"
+	"github.com/ethereum-optimism/optimism/op-service/batchconsensus"
 	"github.com/ethereum-optimism/optimism/op-service/dial"
 	"github.com/ethereum-optimism/optimism/op-service/eth"
 	"github.com/ethereum-optimism/optimism/op-service/txmgr"
@@ -1027,12 +1028,74 @@ func (l *BatchSubmitter) blobTxCandidate(data txData) (*txmgr.TxCandidate, error
 	l.Log.Info("Building Blob transaction candidate",
 		"size", size, "last_size", lastSize, "num_blobs", len(blobs))
 	l.Metr.RecordBlobUsedBytes(lastSize)
+	txCalldata, err := l.batchConsensusCalldata(blobs)
+	if err != nil {
+		return nil, err
+	}
 	return &txmgr.TxCandidate{
-		To:    &l.RollupConfig.BatchInboxAddress,
-		Blobs: blobs,
+		To:     &l.RollupConfig.BatchInboxAddress,
+		TxData: txCalldata,
+		Blobs:  blobs,
 	}, nil
 }
 
+func (l *BatchSubmitter) batchConsensusCalldata(blobs []*eth.Blob) ([]byte, error) {
+	if l.RollupConfig.BatchConsensusVerifierAddress == (common.Address{}) {
+		return nil, nil
+	}
+	blobHashes := make([]common.Hash, 0, len(blobs))
+	for i, blob := range blobs {
+		commitment, err := blob.ComputeKZGCommitment()
+		if err != nil {
+			return nil, fmt.Errorf("computing KZG commitment for consensus proof blob %d: %w", i, err)
+		}
+		blobHashes = append(blobHashes, eth.KZGToVersionedHash(commitment))
+	}
+	batcherAddr := l.RollupConfig.Genesis.SystemConfig.BatcherAddr
+	if l.Txmgr != nil {
+		batcherAddr = l.Txmgr.From()
+	}
+	if l.Config.BatchConsensusProofEndpoint != "" {
+		req, err := batchconsensus.NewProofRequest(
+			l.RollupConfig.L1ChainID,
+			l.RollupConfig.L2ChainID,
+			l.RollupConfig.BatchInboxAddress,
+			batcherAddr,
+			blobHashes,
+		)
+		if err != nil {
+			return nil, fmt.Errorf("building batch consensus proof request: %w", err)
+		}
+		ctx := l.shutdownCtx
+		if ctx == nil {
+			ctx = context.Background()
+		}
+		var cancel context.CancelFunc
+		if l.Config.NetworkTimeout > 0 {
+			ctx, cancel = context.WithTimeout(ctx, l.Config.NetworkTimeout)
+			defer cancel()
+		}
+		proof, err := batchconsensus.FetchProof(ctx, l.Config.BatchConsensusProofEndpoint, req)
+		if err != nil {
+			return nil, fmt.Errorf("fetching batch consensus proof calldata: %w", err)
+		}
+		l.Log.Info("Attached sidecar batch consensus proof calldata to blob transaction", "proof_size", len(proof.Calldata), "certificate_size", len(proof.Certificate), "provider", proof.Provider, "num_blobs", len(blobHashes), "endpoint", l.Config.BatchConsensusProofEndpoint, "verifier", l.RollupConfig.BatchConsensusVerifierAddress)
+		return proof.Calldata, nil
+	}
+	calldata, err := batchconsensus.BuildMockVerifyCalldata(
+		l.RollupConfig.L1ChainID,
+		l.RollupConfig.L2ChainID,
+		l.RollupConfig.BatchInboxAddress,
+		batcherAddr,
+		blobHashes,
+	)
+	if err != nil {
+		return nil, fmt.Errorf("building batch consensus proof calldata: %w", err)
+	}
+	l.Log.Info("Attached batch consensus proof calldata to blob transaction", "proof_size", len(calldata), "num_blobs", len(blobHashes), "verifier", l.RollupConfig.BatchConsensusVerifierAddress)
+	return calldata, nil
+}
+
 func (l *BatchSubmitter) calldataTxCandidate(data []byte) *txmgr.TxCandidate {
 	l.Log.Info("Building Calldata transaction candidate", "size", len(data))
 	return &txmgr.TxCandidate{
diff --git a/op-batcher/batcher/driver_test.go b/op-batcher/batcher/driver_test.go
index 964d604ce0e..85b37cdef81 100644
--- a/op-batcher/batcher/driver_test.go
+++ b/op-batcher/batcher/driver_test.go
@@ -5,6 +5,8 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"math/big"
+	"math/rand"
 	"net"
 	"net/http"
 	"net/http/httptest"
@@ -15,12 +17,15 @@ import (
 
 	"github.com/ethereum-optimism/optimism/op-batcher/config"
 	"github.com/ethereum-optimism/optimism/op-batcher/metrics"
+	"github.com/ethereum-optimism/optimism/op-node/rollup"
+	"github.com/ethereum-optimism/optimism/op-service/batchconsensus"
 	"github.com/ethereum-optimism/optimism/op-service/dial"
 	"github.com/ethereum-optimism/optimism/op-service/eth"
 	opmetrics "github.com/ethereum-optimism/optimism/op-service/metrics"
 	"github.com/ethereum-optimism/optimism/op-service/testlog"
 	"github.com/ethereum-optimism/optimism/op-service/testutils"
 	"github.com/ethereum-optimism/optimism/op-service/txmgr"
+	"github.com/ethereum/go-ethereum/common"
 	"github.com/ethereum/go-ethereum/log"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -183,6 +188,100 @@ func TestBatchSubmitter_sendTx_FloorDataGas(t *testing.T) {
 	require.GreaterOrEqual(t, candidateOut.GasLimit, expectedFloorDataGas)
 }
 
+func TestBatchSubmitter_BlobTxCandidateBatchConsensusCalldata(t *testing.T) {
+	batchInbox := testutils.RandomAddress(rand.New(rand.NewSource(1)))
+	verifier := testutils.RandomAddress(rand.New(rand.NewSource(2)))
+	batcherAddr := testutils.RandomAddress(rand.New(rand.NewSource(3)))
+	bs := NewBatchSubmitter(DriverSetup{
+		Log:  testlog.Logger(t, log.LevelDebug),
+		Metr: metrics.NoopMetrics,
+		RollupConfig: &rollup.Config{
+			Genesis: rollup.Genesis{
+				SystemConfig: eth.SystemConfig{BatcherAddr: batcherAddr},
+			},
+			L1ChainID:                     big.NewInt(1),
+			L2ChainID:                     big.NewInt(2),
+			BatchInboxAddress:             batchInbox,
+			BatchConsensusVerifierAddress: verifier,
+		},
+		ChannelConfig: defaultTestChannelConfig(),
+	})
+	txdata := txData{
+		asBlob: true,
+		frames: []frameData{{
+			data: []byte{0x01, 0x02, 0x03},
+		}},
+	}
+
+	candidate, err := bs.blobTxCandidate(txdata)
+	require.NoError(t, err)
+	require.Equal(t, &batchInbox, candidate.To)
+	require.Len(t, candidate.Blobs, 1)
+	require.NotEmpty(t, candidate.TxData)
+
+	blobHashes := make([]common.Hash, 0, len(candidate.Blobs))
+	for _, blob := range candidate.Blobs {
+		commitment, err := blob.ComputeKZGCommitment()
+		require.NoError(t, err)
+		blobHashes = append(blobHashes, eth.KZGToVersionedHash(commitment))
+	}
+	expected, err := batchconsensus.BuildMockVerifyCalldata(big.NewInt(1), big.NewInt(2), batchInbox, batcherAddr, blobHashes)
+	require.NoError(t, err)
+	require.Equal(t, expected, candidate.TxData)
+}
+
+func TestBatchSubmitter_BlobTxCandidateBatchConsensusSidecar(t *testing.T) {
+	batchInbox := testutils.RandomAddress(rand.New(rand.NewSource(4)))
+	verifier := testutils.RandomAddress(rand.New(rand.NewSource(5)))
+	batcherAddr := testutils.RandomAddress(rand.New(rand.NewSource(6)))
+	expectedCalldata := []byte{0xab, 0xcd}
+	var gotReq batchconsensus.ProofRequest
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		require.Equal(t, http.MethodPost, r.Method)
+		require.NoError(t, json.NewDecoder(r.Body).Decode(&gotReq))
+		w.Header().Set("content-type", "application/json")
+		require.NoError(t, json.NewEncoder(w).Encode(batchconsensus.ProofResponse{
+			Provider:    batchconsensus.ProviderCommonwarePOC,
+			Certificate: expectedCalldata,
+			Calldata:    expectedCalldata,
+		}))
+	}))
+	defer server.Close()
+	bs := NewBatchSubmitter(DriverSetup{
+		Log:  testlog.Logger(t, log.LevelDebug),
+		Metr: metrics.NoopMetrics,
+		RollupConfig: &rollup.Config{
+			Genesis: rollup.Genesis{
+				SystemConfig: eth.SystemConfig{BatcherAddr: batcherAddr},
+			},
+			L1ChainID:                     big.NewInt(11),
+			L2ChainID:                     big.NewInt(22),
+			BatchInboxAddress:             batchInbox,
+			BatchConsensusVerifierAddress: verifier,
+		},
+		Config: BatcherConfig{
+			BatchConsensusProofEndpoint: server.URL,
+			NetworkTimeout:              time.Second,
+		},
+		ChannelConfig: defaultTestChannelConfig(),
+	})
+	txdata := txData{
+		asBlob: true,
+		frames: []frameData{{
+			data: []byte{0x04, 0x05, 0x06},
+		}},
+	}
+
+	candidate, err := bs.blobTxCandidate(txdata)
+	require.NoError(t, err)
+	require.Equal(t, expectedCalldata, candidate.TxData)
+	require.Equal(t, "11", gotReq.L1ChainID)
+	require.Equal(t, "22", gotReq.L2ChainID)
+	require.Equal(t, batchInbox, gotReq.BatchInbox)
+	require.Equal(t, batcherAddr, gotReq.Batcher)
+	require.Len(t, gotReq.BlobVersionedHashes, 1)
+}
+
 type handlerFailureMode string
 
 const (
diff --git a/op-batcher/batcher/service.go b/op-batcher/batcher/service.go
index 1c75a12453c..8ac90d33192 100644
--- a/op-batcher/batcher/service.go
+++ b/op-batcher/batcher/service.go
@@ -50,6 +50,8 @@ type BatcherConfig struct {
 
 	// For throttling DA. See CLIConfig in config.go for details on these parameters.
 	ThrottleParams config.ThrottleParams
+
+	BatchConsensusProofEndpoint string
 }
 
 // BatcherService represents a full batch-submitter instance and its resources,
@@ -109,6 +111,7 @@ func (bs *BatcherService) initFromCLIConfig(ctx context.Context, closeApp contex
 	bs.NetworkTimeout = cfg.TxMgrConfig.NetworkTimeout
 	bs.CheckRecentTxsDepth = cfg.CheckRecentTxsDepth
 	bs.WaitNodeSync = cfg.WaitNodeSync
+	bs.BatchConsensusProofEndpoint = cfg.BatchConsensusProofEndpoint
 
 	bs.ThrottleParams = config.ThrottleParams{
 		LowerThreshold:      cfg.ThrottleConfig.LowerThreshold,
diff --git a/op-batcher/flags/flags.go b/op-batcher/flags/flags.go
index bd0acce42e5..3ac50d5c3b2 100644
--- a/op-batcher/flags/flags.go
+++ b/op-batcher/flags/flags.go
@@ -138,6 +138,11 @@ var (
 		}(),
 		EnvVars: prefixEnvVars("DATA_AVAILABILITY_TYPE"),
 	}
+	BatchConsensusProofEndpointFlag = &cli.StringFlag{
+		Name:    "batch-consensus-proof-endpoint",
+		Usage:   "HTTP endpoint that returns verifier calldata for blob batch consensus proofs. If empty, the POC mock proof is used when the rollup verifier address is configured.",
+		EnvVars: prefixEnvVars("BATCH_CONSENSUS_PROOF_ENDPOINT"),
+	}
 	ActiveSequencerCheckDurationFlag = &cli.DurationFlag{
 		Name:    "active-sequencer-check-duration",
 		Usage:   "The duration between checks to determine the active sequencer endpoint.",
@@ -185,6 +190,7 @@ var optionalFlags = []cli.Flag{
 	SequencerHDPathFlag,
 	BatchTypeFlag,
 	DataAvailabilityTypeFlag,
+	BatchConsensusProofEndpointFlag,
 	ActiveSequencerCheckDurationFlag,
 	CompressionAlgoFlag,
 }
diff --git a/op-devstack/presets/options.go b/op-devstack/presets/options.go
index a4cd786eef6..7aa3f4079ff 100644
--- a/op-devstack/presets/options.go
+++ b/op-devstack/presets/options.go
@@ -6,6 +6,7 @@ import (
 	gameTypes "github.com/ethereum-optimism/optimism/op-challenger/game/types"
 	"github.com/ethereum-optimism/optimism/op-devstack/sysgo"
 	"github.com/ethereum-optimism/optimism/op-service/eth"
+	"github.com/ethereum/go-ethereum/common"
 )
 
 type Option interface {
@@ -103,6 +104,61 @@ func WithDeployerOptions(opts ...sysgo.DeployerOption) Option {
 	}
 }
 
+// WithBatchConsensusMockVerifier configures the sysgo world with an L1 verifier
+// contract for the batcher consensus POC.
+func WithBatchConsensusMockVerifier(addr common.Address) Option {
+	return WithBatchConsensusMockVerifierResult(addr, true)
+}
+
+// WithBatchConsensusMockVerifierResult configures the sysgo world with a mock L1
+// verifier contract that can accept or reject proofs.
+func WithBatchConsensusMockVerifierResult(addr common.Address, accept bool) Option {
+	return option{
+		kinds: optionKindDeployer,
+		applyFn: func(cfg *sysgo.PresetConfig) {
+			cfg.BatchConsensusMockVerifierAddress = &addr
+			cfg.BatchConsensusMockVerifierAccept = accept
+		},
+	}
+}
+
+// WithBatchConsensusMockProofSidecar starts a devstack-local proof sidecar using
+// the same HTTP protocol expected by op-batcher.
+func WithBatchConsensusMockProofSidecar() Option {
+	return WithBatchConsensusMockProofSidecarResult(true)
+}
+
+// WithBatchConsensusMockProofSidecarResult starts a devstack-local proof sidecar
+// that can deliberately return invalid signature-shaped proof calldata.
+func WithBatchConsensusMockProofSidecarResult(valid bool) Option {
+	return option{
+		kinds: optionKindBatcher,
+		applyFn: func(cfg *sysgo.PresetConfig) {
+			cfg.BatchConsensusMockProofSidecar = true
+			cfg.BatchConsensusMockProofValid = valid
+		},
+	}
+}
+
+// WithBatchConsensusCommonwareSidecar starts the Rust Commonware Simplex-backed
+// proof sidecar and points op-batcher at its HTTP endpoint.
+func WithBatchConsensusCommonwareSidecar() Option {
+	return WithBatchConsensusCommonwareSidecarResult(true)
+}
+
+// WithBatchConsensusCommonwareSidecarResult starts the Rust Commonware
+// Simplex-backed proof sidecar and can deliberately return invalid verifier
+// calldata after consensus finalization.
+func WithBatchConsensusCommonwareSidecarResult(valid bool) Option {
+	return option{
+		kinds: optionKindBatcher,
+		applyFn: func(cfg *sysgo.PresetConfig) {
+			cfg.BatchConsensusCommonwareSidecar = true
+			cfg.BatchConsensusCommonwareValid = valid
+		},
+	}
+}
+
 // WithLocalContractSourcesAt configures a preset to load local contracts-bedrock
 // artifacts from the supplied directory instead of resolving them relative to
 // the process working directory.
diff --git a/op-devstack/sysgo/batch_consensus.go b/op-devstack/sysgo/batch_consensus.go
new file mode 100644
index 00000000000..894a5832a1d
--- /dev/null
+++ b/op-devstack/sysgo/batch_consensus.go
@@ -0,0 +1,533 @@
+package sysgo
+
+import (
+	"crypto/elliptic"
+	"encoding/hex"
+	"encoding/json"
+	"math/big"
+	"os"
+	"path/filepath"
+
+	"github.com/ethereum-optimism/optimism/op-service/eth"
+	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/core/types"
+	gethcrypto "github.com/ethereum/go-ethereum/crypto"
+)
+
+var DefaultBatchConsensusMockVerifierAddress = common.HexToAddress("0x00000000000000000000000000000000000bc0de")
+
+var batchConsensusMockVerifierFalseCode = common.FromHex("0x600060005260206000f3")
+var batchConsensusMockVerifierTrueCode = common.FromHex("0x600160005260206000f3")
+
+func applyBatchConsensusMockVerifier(cfg PresetConfig, l1Net *L1Network, l2Nets ...*L2Network) {
+	if cfg.BatchConsensusMockVerifierAddress == nil {
+		return
+	}
+	addr := *cfg.BatchConsensusMockVerifierAddress
+	if l1Net.genesis.Alloc == nil {
+		l1Net.genesis.Alloc = make(types.GenesisAlloc)
+	}
+	if cfg.BatchConsensusCommonwareSidecar {
+		osakaTime := uint64(0)
+		if l1Net.genesis.Config.PragueTime != nil {
+			osakaTime = *l1Net.genesis.Config.PragueTime
+		}
+		l1Net.genesis.Config.OsakaTime = &osakaTime
+	}
+	code := batchConsensusMockVerifierFalseCode
+	if cfg.BatchConsensusMockVerifierAccept {
+		code = batchConsensusMockVerifierTrueCode
+		if cfg.BatchConsensusCommonwareSidecar {
+			code = batchConsensusCommonwareSolidityVerifierCode()
+		} else if cfg.BatchConsensusMockProofSidecar {
+			code = batchConsensusMockVerifierProofCode(batchConsensusMockProofSignerAddress())
+		}
+	}
+	account := types.Account{
+		Balance: big.NewInt(0),
+		Code:    code,
+	}
+	if cfg.BatchConsensusMockVerifierAccept && cfg.BatchConsensusCommonwareSidecar {
+		account.Storage = batchConsensusCommonwareSolidityVerifierStorage()
+	}
+	l1Net.genesis.Alloc[addr] = account
+	l1GenesisID := eth.ToBlockID(l1Net.genesis.ToBlock())
+	for _, l2Net := range l2Nets {
+		l2Net.rollupCfg.Genesis.L1 = l1GenesisID
+		l2Net.rollupCfg.BatchConsensusVerifierAddress = addr
+	}
+}
+
+func batchConsensusMockVerifierProofCode(signer common.Address) []byte {
+	return batchConsensusMockVerifierSignatureProofCode(signatureProofLayout{
+		signer:       signer,
+		exactSize:    0x68,
+		digestOffset: 0x06,
+		rOffset:      0x26,
+		sOffset:      0x46,
+		vOffset:      0x66,
+		markerOffset: 0x67,
+	})
+}
+
+func batchConsensusMockVerifierCommonwareProofCode(_ []common.Address) []byte {
+	return batchConsensusCommonwareSolidityVerifierCode()
+}
+
+func batchConsensusCommonwareSolidityVerifierCode() []byte {
+	paths, err := contractPaths()
+	if err != nil {
+		panic(err)
+	}
+	artifactPath := filepath.Join(
+		paths.FoundryArtifacts,
+		"CommonwareSimplexBatchConsensusVerifier.sol",
+		"CommonwareSimplexBatchConsensusVerifier.json",
+	)
+	data, err := os.ReadFile(artifactPath)
+	if err != nil {
+		panic(err)
+	}
+	var artifact struct {
+		DeployedBytecode struct {
+			Object string `json:"object"`
+		} `json:"deployedBytecode"`
+	}
+	if err := json.Unmarshal(data, &artifact); err != nil {
+		panic(err)
+	}
+	if artifact.DeployedBytecode.Object == "" {
+		panic("CommonwareSimplexBatchConsensusVerifier artifact has empty deployed bytecode")
+	}
+	return common.FromHex(artifact.DeployedBytecode.Object)
+}
+
+func batchConsensusCommonwareSolidityVerifierStorage() map[common.Hash]common.Hash {
+	keys := batchConsensusCommonwareP256ProofPublicKeysForAllValidators()
+	orderedKeys := []batchConsensusP256PublicKey{keys[3], keys[0], keys[1], keys[2]}
+	storage := make(map[common.Hash]common.Hash)
+	storage[common.BigToHash(big.NewInt(0))] = common.BigToHash(big.NewInt(int64(len(orderedKeys))))
+	storage[common.BigToHash(big.NewInt(1))] = common.BigToHash(big.NewInt(3))
+	for i, key := range orderedKeys {
+		storage[batchConsensusMappingStorageSlot(uint64(i), 2)] = common.BytesToHash(key.x[:])
+		storage[batchConsensusMappingStorageSlot(uint64(i), 3)] = common.BytesToHash(key.y[:])
+	}
+	return storage
+}
+
+func batchConsensusMappingStorageSlot(index uint64, slot uint64) common.Hash {
+	var input [64]byte
+	new(big.Int).SetUint64(index).FillBytes(input[:32])
+	new(big.Int).SetUint64(slot).FillBytes(input[32:])
+	return gethcrypto.Keccak256Hash(input[:])
+}
+
+var batchConsensusCommonwareP256ProofSignerKeys = []string{
+	"1123456789abcdef1123456789abcdef1123456789abcdef1123456789abcdef",
+	"2123456789abcdef2123456789abcdef2123456789abcdef2123456789abcdef",
+	"3123456789abcdef3123456789abcdef3123456789abcdef3123456789abcdef",
+	"4123456789abcdef4123456789abcdef4123456789abcdef4123456789abcdef",
+}
+
+type batchConsensusP256PublicKey struct {
+	x [32]byte
+	y [32]byte
+}
+
+func batchConsensusCommonwareP256ProofPublicKeys() []batchConsensusP256PublicKey {
+	return batchConsensusCommonwareP256ProofPublicKeysForAllValidators()[:3]
+}
+
+func batchConsensusCommonwareP256ProofPublicKeysForAllValidators() []batchConsensusP256PublicKey {
+	curve := elliptic.P256()
+	out := make([]batchConsensusP256PublicKey, 0, len(batchConsensusCommonwareP256ProofSignerKeys))
+	for _, rawHex := range batchConsensusCommonwareP256ProofSignerKeys {
+		raw, err := hex.DecodeString(rawHex)
+		if err != nil {
+			panic(err)
+		}
+		x, y := curve.ScalarBaseMult(raw)
+		var key batchConsensusP256PublicKey
+		x.FillBytes(key.x[:])
+		y.FillBytes(key.y[:])
+		out = append(out, key)
+	}
+	return out
+}
+
+func batchConsensusMockVerifierCommonwareP256ProofCode(signers []batchConsensusP256PublicKey) []byte {
+	if len(signers) != 3 {
+		panic("Commonware P256 verifier expects exactly three quorum signers")
+	}
+
+	const (
+		calldataSize       = 0x01e3
+		outerDigestOffset  = 0x0009
+		outerMarkerOffset  = 0x0029
+		certificateOffset  = 0x00ed
+		proposalOffset     = certificateOffset + 0x0009
+		payloadOffset      = proposalOffset + 0x0003
+		signersLenOffset   = proposalOffset + 0x0023
+		bitmapOffset       = signersLenOffset + 0x0008
+		signatureLenOffset = bitmapOffset + 0x0001
+		signatureOffset    = signatureLenOffset + 0x0001
+		proposalLen        = 0x0023
+		hashInputLen       = 0x004d
+		p256InputOffset    = 0x0080
+		p256OutputOffset   = 0x0120
+	)
+
+	var code []byte
+	emit := func(op ...byte) {
+		code = append(code, op...)
+	}
+	push1 := func(v byte) {
+		emit(0x60, v)
+	}
+	push2 := func(v uint16) {
+		emit(0x61, byte(v>>8), byte(v))
+	}
+	pushN := func(v []byte) {
+		if len(v) == 0 || len(v) > 32 {
+			panic("invalid push size")
+		}
+		emit(byte(0x5f + len(v)))
+		code = append(code, v...)
+	}
+	push32 := func(v []byte) {
+		if len(v) != 32 {
+			panic("invalid push32 size")
+		}
+		emit(0x7f)
+		code = append(code, v...)
+	}
+	pushOffset := func(v uint16) {
+		if v <= 0xff {
+			push1(byte(v))
+			return
+		}
+		push2(v)
+	}
+	push2Placeholder := func() int {
+		emit(0x61, 0x00, 0x00)
+		return len(code) - 2
+	}
+	var falseJumps []int
+	jumpFalseIfTopIsTrue := func() {
+		jump := push2Placeholder()
+		emit(0x57)
+		falseJumps = append(falseJumps, jump)
+	}
+	requireTopTrue := func() {
+		emit(0x15) // ISZERO
+		jumpFalseIfTopIsTrue()
+	}
+	requireByteEq := func(offset uint16, want byte) {
+		push1(want)
+		pushOffset(offset)
+		emit(0x35) // CALLDATALOAD
+		push1(0xf8)
+		emit(0x1c, 0x14) // SHR EQ
+		requireTopTrue()
+	}
+	requireWordEq := func(leftOffset, rightOffset uint16) {
+		pushOffset(leftOffset)
+		emit(0x35)
+		pushOffset(rightOffset)
+		emit(0x35, 0x14) // CALLDATALOAD EQ
+		requireTopTrue()
+	}
+
+	push2(calldataSize)
+	emit(0x36, 0x14) // CALLDATASIZE EQ
+	requireTopTrue()
+
+	pushN([]byte("CWSIMPLX1"))
+	push1(0x00)
+	emit(0x35)
+	push1(byte(8 * (32 - len("CWSIMPLX1"))))
+	emit(0x1c, 0x14) // SHR EQ
+	requireTopTrue()
+
+	pushN([]byte("CWSIMPLX1"))
+	push2(certificateOffset)
+	emit(0x35)
+	push1(byte(8 * (32 - len("CWSIMPLX1"))))
+	emit(0x1c, 0x14) // SHR EQ
+	requireTopTrue()
+
+	requireByteEq(outerMarkerOffset, 0x01)
+	requireByteEq(bitmapOffset, 0x0e)
+	requireByteEq(signatureLenOffset, 0x03)
+	requireWordEq(outerDigestOffset, payloadOffset)
+
+	push1(0x04)
+	push2(signersLenOffset)
+	emit(0x35)
+	push1(0xc0)
+	emit(0x1c, 0x14) // SHR EQ
+	requireTopTrue()
+
+	// Commonware secp256r1 signs sha256(union_unique(finalize_namespace, proposal.encode())).
+	namespacePrefix := []byte("\x29op-batcher-consensus-poc/simplex_FINALIZE")
+	first := make([]byte, 32)
+	copy(first, namespacePrefix[:32])
+	second := make([]byte, 32)
+	copy(second, namespacePrefix[32:])
+	push32(first)
+	push1(0x00)
+	emit(0x52) // MSTORE
+	push32(second)
+	push1(0x20)
+	emit(0x52) // MSTORE
+	push1(proposalLen)
+	push2(proposalOffset)
+	push1(0x2a)
+	emit(0x37) // CALLDATACOPY
+
+	push1(0x20)
+	push1(0x00)
+	push1(hashInputLen)
+	push1(0x00)
+	push1(0x02)
+	emit(0x5a, 0xfa) // GAS STATICCALL
+	requireTopTrue()
+
+	for i, signer := range signers {
+		sigOffset := uint16(signatureOffset + (i * 64))
+		push1(0x00)
+		emit(0x51)
+		push1(p256InputOffset)
+		emit(0x52)
+		push2(sigOffset)
+		emit(0x35)
+		push1(p256InputOffset + 0x20)
+		emit(0x52)
+		push2(sigOffset + 0x20)
+		emit(0x35)
+		push1(p256InputOffset + 0x40)
+		emit(0x52)
+		push32(signer.x[:])
+		push1(p256InputOffset + 0x60)
+		emit(0x52)
+		push32(signer.y[:])
+		push2(p256InputOffset + 0x80)
+		emit(0x52)
+		push1(0x00)
+		push2(p256OutputOffset)
+		emit(0x52)
+
+		push1(0x20)
+		push2(p256OutputOffset)
+		push1(0xa0)
+		push1(p256InputOffset)
+		push2(0x0100)
+		emit(0x5a, 0xfa) // GAS STATICCALL
+		requireTopTrue()
+
+		push1(0x01)
+		push2(p256OutputOffset)
+		emit(0x51, 0x14) // MLOAD EQ
+		requireTopTrue()
+	}
+
+	push1(0x01)
+	push1(0x00)
+	emit(0x52)
+	push1(0x20)
+	push1(0x00)
+	emit(0xf3)
+
+	falseLabel := len(code)
+	emit(0x5b)
+	push1(0x00)
+	push1(0x00)
+	emit(0x52)
+	push1(0x20)
+	push1(0x00)
+	emit(0xf3)
+
+	for _, jump := range falseJumps {
+		code[jump] = byte(falseLabel >> 8)
+		code[jump+1] = byte(falseLabel)
+	}
+	return code
+}
+
+type signatureProofLayout struct {
+	signer       common.Address
+	signers      []common.Address
+	prefix       []byte
+	exactSize    byte
+	minSize      byte
+	digestOffset byte
+	markerOffset byte
+	rOffset      byte
+	sOffset      byte
+	vOffset      byte
+	sigOffset    byte
+	certOffset   byte
+}
+
+func batchConsensusMockVerifierSignatureProofCode(layout signatureProofLayout) []byte {
+	var code []byte
+	emit := func(op ...byte) {
+		code = append(code, op...)
+	}
+	push1 := func(v byte) {
+		emit(0x60, v)
+	}
+	push2Placeholder := func() int {
+		emit(0x61, 0x00, 0x00)
+		return len(code) - 2
+	}
+	pushBytes := func(v []byte) {
+		if len(v) == 0 || len(v) > 32 {
+			panic("invalid push size")
+		}
+		emit(byte(0x5f + len(v)))
+		code = append(code, v...)
+	}
+	var falseJumps []int
+	signers := layout.signers
+	if len(signers) == 0 {
+		signers = []common.Address{layout.signer}
+	}
+
+	// Calldata length must match the selected proof envelope. The Commonware
+	// envelope must also include at least one byte of certificate payload after
+	// the signature-shaped EVM bridge proof.
+	if layout.exactSize != 0 {
+		push1(layout.exactSize)
+		emit(0x36, 0x14, 0x15) // CALLDATASIZE EQ ISZERO
+	} else {
+		push1(layout.minSize)
+		emit(0x36, 0x11, 0x15) // CALLDATASIZE GT ISZERO
+	}
+	falseJump := push2Placeholder()
+	emit(0x57) // JUMPI
+	falseJumps = append(falseJumps, falseJump)
+
+	if len(layout.prefix) > 0 {
+		pushBytes(layout.prefix)
+		push1(0x00)
+		emit(0x35) // CALLDATALOAD
+		push1(byte(8 * (32 - len(layout.prefix))))
+		emit(0x1c, 0x14, 0x15) // SHR EQ ISZERO
+		falseJumpPrefix := push2Placeholder()
+		emit(0x57) // JUMPI
+		falseJumps = append(falseJumps, falseJumpPrefix)
+	}
+
+	// Valid marker must be 0x01.
+	push1(0x01)
+	push1(layout.markerOffset)
+	emit(0x35) // CALLDATALOAD
+	push1(0xf8)
+	emit(0x1c, 0x14, 0x15) // SHR EQ ISZERO
+	falseJump2 := push2Placeholder()
+	emit(0x57) // JUMPI
+	falseJumps = append(falseJumps, falseJump2)
+
+	if layout.certOffset != 0 {
+		// The Commonware verifier signs keccak256(prefix || digest || marker || certificate),
+		// binding the EVM-checkable quorum proof to the exact certificate payload carried in calldata.
+		push1(layout.sigOffset)
+		push1(0x00)
+		push1(0x00)
+		emit(0x37) // CALLDATACOPY
+
+		push1(layout.certOffset)
+		emit(0x36, 0x03) // CALLDATASIZE SUB
+		push1(layout.certOffset)
+		push1(layout.sigOffset)
+		emit(0x37) // CALLDATACOPY
+
+		push1(layout.certOffset)
+		emit(0x36, 0x03) // CALLDATASIZE SUB
+		push1(layout.sigOffset)
+		emit(0x01) // ADD
+		push1(0x00)
+		emit(0x20) // SHA3
+		push1(0x00)
+		emit(0x52)
+	}
+
+	for i, signer := range signers {
+		rOffset := layout.rOffset
+		sOffset := layout.sOffset
+		vOffset := layout.vOffset
+		if layout.sigOffset != 0 {
+			sigOffset := int(layout.sigOffset) + (i * 65)
+			rOffset = byte(sigOffset)
+			sOffset = byte(sigOffset + 32)
+			vOffset = byte(sigOffset + 64)
+		}
+
+		// ecrecover input: digest, v, r, s.
+		if layout.certOffset == 0 {
+			push1(layout.digestOffset)
+			emit(0x35)
+			push1(0x00)
+			emit(0x52)
+		}
+
+		push1(0x1b)
+		push1(vOffset)
+		emit(0x35)
+		push1(0xf8)
+		emit(0x1c, 0x01) // SHR ADD
+		push1(0x20)
+		emit(0x52)
+
+		push1(rOffset)
+		emit(0x35)
+		push1(0x40)
+		emit(0x52)
+
+		push1(sOffset)
+		emit(0x35)
+		push1(0x60)
+		emit(0x52)
+
+		push1(0x20)
+		push1(0x80)
+		push1(0x80)
+		push1(0x00)
+		push1(0x01)
+		emit(0x5a, 0xfa, 0x15) // GAS STATICCALL ISZERO
+		falseJump3 := push2Placeholder()
+		emit(0x57) // JUMPI
+		falseJumps = append(falseJumps, falseJump3)
+
+		emit(0x73)
+		code = append(code, signer.Bytes()...)
+		push1(0x80)
+		emit(0x51, 0x14, 0x15) // MLOAD EQ ISZERO
+		falseJump4 := push2Placeholder()
+		emit(0x57) // JUMPI
+		falseJumps = append(falseJumps, falseJump4)
+	}
+
+	push1(0x01)
+	push1(0x00)
+	emit(0x52)
+	push1(0x20)
+	push1(0x00)
+	emit(0xf3)
+
+	falseLabel := len(code)
+	emit(0x5b)
+	push1(0x00)
+	push1(0x00)
+	emit(0x52)
+	push1(0x20)
+	push1(0x00)
+	emit(0xf3)
+
+	for _, jump := range falseJumps {
+		code[jump] = byte(falseLabel >> 8)
+		code[jump+1] = byte(falseLabel)
+	}
+	return code
+}
diff --git a/op-devstack/sysgo/batch_consensus_sidecar.go b/op-devstack/sysgo/batch_consensus_sidecar.go
new file mode 100644
index 00000000000..f800460c6f9
--- /dev/null
+++ b/op-devstack/sysgo/batch_consensus_sidecar.go
@@ -0,0 +1,148 @@
+package sysgo
+
+import (
+	"crypto/ecdsa"
+	"encoding/json"
+	"fmt"
+	"math/big"
+	"net"
+	"net/http"
+	"time"
+
+	"github.com/ethereum-optimism/optimism/op-devstack/devtest"
+	"github.com/ethereum-optimism/optimism/op-devstack/shared/rustbin"
+	"github.com/ethereum-optimism/optimism/op-service/batchconsensus"
+	"github.com/ethereum-optimism/optimism/op-service/logpipe"
+	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/crypto"
+)
+
+const batchConsensusMockProofSignerKey = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
+
+var batchConsensusCommonwareProofSignerKeys = []string{
+	"1123456789abcdef1123456789abcdef1123456789abcdef1123456789abcdef",
+	"2123456789abcdef2123456789abcdef2123456789abcdef2123456789abcdef",
+	"3123456789abcdef3123456789abcdef3123456789abcdef3123456789abcdef",
+}
+
+func startBatchConsensusMockProofSidecar(t devtest.T, valid bool) string {
+	signer, err := batchConsensusMockProofSigner()
+	t.Require().NoError(err)
+	mux := http.NewServeMux()
+	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+		if r.Method != http.MethodPost {
+			http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
+			return
+		}
+		var req batchconsensus.ProofRequest
+		if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+			http.Error(w, fmt.Sprintf("decode request: %v", err), http.StatusBadRequest)
+			return
+		}
+		l1ChainID, ok := new(big.Int).SetString(req.L1ChainID, 10)
+		if !ok {
+			http.Error(w, "invalid l1_chain_id", http.StatusBadRequest)
+			return
+		}
+		l2ChainID, ok := new(big.Int).SetString(req.L2ChainID, 10)
+		if !ok {
+			http.Error(w, "invalid l2_chain_id", http.StatusBadRequest)
+			return
+		}
+		normalizedReq, err := batchconsensus.NewProofRequest(l1ChainID, l2ChainID, req.BatchInbox, req.Batcher, req.BlobVersionedHashes)
+		if err != nil {
+			http.Error(w, fmt.Sprintf("normalize request: %v", err), http.StatusBadRequest)
+			return
+		}
+		resp, err := batchconsensus.BuildSignedProofResponse(normalizedReq, signer, valid)
+		if err != nil {
+			http.Error(w, fmt.Sprintf("build signed proof: %v", err), http.StatusInternalServerError)
+			return
+		}
+		w.Header().Set("content-type", "application/json")
+		if err := json.NewEncoder(w).Encode(resp); err != nil {
+			t.Logger().Warn("Failed to encode batch consensus proof response", "err", err)
+		}
+	})
+	listener, err := net.Listen("tcp", "127.0.0.1:0")
+	t.Require().NoError(err)
+	server := &http.Server{Handler: mux}
+	t.Cleanup(func() {
+		_ = server.Close()
+	})
+	go func() {
+		if err := server.Serve(listener); err != nil && err != http.ErrServerClosed {
+			t.Logger().Error("Batch consensus mock proof sidecar failed", "err", err)
+		}
+	}()
+	endpoint := "http://" + listener.Addr().String()
+	t.Logger().Info("Started batch consensus mock proof sidecar", "endpoint", endpoint, "valid", valid, "signer", crypto.PubkeyToAddress(signer.PublicKey))
+	return endpoint
+}
+
+func batchConsensusMockProofSigner() (*ecdsa.PrivateKey, error) {
+	return crypto.HexToECDSA(batchConsensusMockProofSignerKey)
+}
+
+func batchConsensusMockProofSignerAddress() common.Address {
+	key, err := batchConsensusMockProofSigner()
+	if err != nil {
+		panic(err)
+	}
+	return crypto.PubkeyToAddress(key.PublicKey)
+}
+
+func batchConsensusCommonwareProofSigners() ([]*ecdsa.PrivateKey, error) {
+	out := make([]*ecdsa.PrivateKey, 0, len(batchConsensusCommonwareProofSignerKeys))
+	for _, raw := range batchConsensusCommonwareProofSignerKeys {
+		key, err := crypto.HexToECDSA(raw)
+		if err != nil {
+			return nil, err
+		}
+		out = append(out, key)
+	}
+	return out, nil
+}
+
+func batchConsensusCommonwareProofSignerAddresses() []common.Address {
+	signers, err := batchConsensusCommonwareProofSigners()
+	if err != nil {
+		panic(err)
+	}
+	out := make([]common.Address, 0, len(signers))
+	for _, signer := range signers {
+		out = append(out, crypto.PubkeyToAddress(signer.PublicKey))
+	}
+	return out
+}
+
+func startBatchConsensusCommonwareProofSidecar(t devtest.T, valid bool) string {
+	port, err := getAvailableLocalPort()
+	t.Require().NoError(err)
+	endpoint := "http://127.0.0.1:" + port
+
+	stdOut := logpipe.LogCallback(func(line []byte) {
+		t.Logger().Info("Batch consensus Commonware Simplex sidecar stdout", "line", string(line))
+	})
+	stdErr := logpipe.LogCallback(func(line []byte) {
+		t.Logger().Info("Batch consensus Commonware Simplex sidecar stderr", "line", string(line))
+	})
+	sub := NewSubProcess(t, stdOut, stdErr)
+
+	execPath, err := rustbin.Spec{
+		SrcDir:  "op-batcher-consensus-sidecar",
+		Package: "op-batcher-consensus-sidecar",
+		Binary:  "op-batcher-consensus-sidecar",
+	}.EnsureExists(t.Ctx(), t.Logger())
+	t.Require().NoError(err, "prepare batch consensus Commonware Simplex sidecar binary")
+
+	args := []string{"--listen", "127.0.0.1:" + port, "--commonware-simplex"}
+	if !valid {
+		args = append(args, "--invalid")
+	}
+	t.Require().NoError(sub.Start(execPath, args, nil), "start batch consensus Commonware Simplex sidecar")
+	waitTCPReady(t, endpoint, 10*time.Second)
+
+	t.Logger().Info("Started batch consensus Commonware Simplex proof sidecar", "endpoint", endpoint, "valid", valid)
+	return endpoint
+}
diff --git a/op-devstack/sysgo/batch_consensus_test.go b/op-devstack/sysgo/batch_consensus_test.go
new file mode 100644
index 00000000000..c82f02ca877
--- /dev/null
+++ b/op-devstack/sysgo/batch_consensus_test.go
@@ -0,0 +1,138 @@
+package sysgo
+
+import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/sha256"
+	"math/big"
+	"testing"
+
+	"github.com/ethereum-optimism/optimism/op-service/batchconsensus"
+	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/core/state"
+	"github.com/ethereum/go-ethereum/core/tracing"
+	"github.com/ethereum/go-ethereum/core/types"
+	"github.com/ethereum/go-ethereum/core/vm/runtime"
+	"github.com/ethereum/go-ethereum/params"
+	"github.com/stretchr/testify/require"
+)
+
+func TestBatchConsensusMockVerifierProofCode(t *testing.T) {
+	signer, err := batchConsensusMockProofSigner()
+	require.NoError(t, err)
+	req, err := batchconsensus.NewProofRequest(
+		big.NewInt(1),
+		big.NewInt(2),
+		common.HexToAddress("0x1111"),
+		common.HexToAddress("0x2222"),
+		[]common.Hash{common.HexToHash("0x3333")},
+	)
+	require.NoError(t, err)
+	code := batchConsensusMockVerifierProofCode(batchConsensusMockProofSignerAddress())
+
+	valid, err := batchconsensus.BuildSignedProofCalldata(req, signer, true)
+	require.NoError(t, err)
+	out, _, err := runtime.Execute(code, valid, nil)
+	require.NoError(t, err)
+	ok, err := batchconsensus.DecodeVerifyResult(out)
+	require.NoError(t, err)
+	require.True(t, ok)
+
+	invalid, err := batchconsensus.BuildSignedProofCalldata(req, signer, false)
+	require.NoError(t, err)
+	out, _, err = runtime.Execute(code, invalid, nil)
+	require.NoError(t, err)
+	ok, err = batchconsensus.DecodeVerifyResult(out)
+	require.NoError(t, err)
+	require.False(t, ok)
+}
+
+func TestBatchConsensusMockVerifierCommonwareProofCode(t *testing.T) {
+	req, err := batchconsensus.NewProofRequest(
+		big.NewInt(1),
+		big.NewInt(2),
+		common.HexToAddress("0x1111"),
+		common.HexToAddress("0x2222"),
+		[]common.Hash{common.HexToHash("0x3333")},
+	)
+	require.NoError(t, err)
+	signers, err := batchConsensusCommonwareProofSigners()
+	require.NoError(t, err)
+	code := batchConsensusMockVerifierCommonwareProofCode(batchConsensusCommonwareProofSignerAddresses())
+	certificate := common.FromHex("0x435753494d504c5831000200a9dc0572235267fb0049b4c044903f4ec7c23784811f24d2238248045975ad4000000000000000040e0393cef7cc3de40e20cf4e211a10dfd51277bfc8c7d039909bc1d925798efd31dd527be67cc5b9fe797cdde5523d750d4d90bf12f763ab5d0b1d2ed530515ddd0ad38f5287bd39c36d22a44843a9f9f0af2aa459c3399cc43a319edd5280ba630b442e2a59c8e718674a4dbc06cf0a4a2baa2f38a8da4d79e19e7cdf67c8e869b3fe40e383b25fc686507b49f81640ef09d25672a01226e48ccc533321831ebfdf39bab8e450680daad689faf453a10cc0c5eb8d46a40803a85b325a67e606b6ac")
+	requireCommonwareP256Fixture(t, certificate)
+
+	valid, err := batchconsensus.BuildCommonwareSimplexProofCalldata(req, certificate, signers, true)
+	require.NoError(t, err)
+	out := executeBatchConsensusCommonwareVerifier(t, code, valid)
+	ok, err := batchconsensus.DecodeVerifyResult(out)
+	require.NoError(t, err)
+	require.Truef(t, ok, "code_len=%d calldata_len=%d code=%x out=%x", len(code), len(valid), code, out)
+
+	withoutCertificate := valid[:len(valid)-len(certificate)]
+	out = executeBatchConsensusCommonwareVerifier(t, code, withoutCertificate)
+	ok, err = batchconsensus.DecodeVerifyResult(out)
+	require.NoError(t, err)
+	require.False(t, ok)
+
+	wrongCertificate := append([]byte(nil), valid...)
+	wrongCertificate[len(wrongCertificate)-1] ^= 0x01
+	out = executeBatchConsensusCommonwareVerifier(t, code, wrongCertificate)
+	ok, err = batchconsensus.DecodeVerifyResult(out)
+	require.NoError(t, err)
+	require.False(t, ok)
+
+	invalid, err := batchconsensus.BuildCommonwareSimplexProofCalldata(req, certificate, signers, false)
+	require.NoError(t, err)
+	out = executeBatchConsensusCommonwareVerifier(t, code, invalid)
+	ok, err = batchconsensus.DecodeVerifyResult(out)
+	require.NoError(t, err)
+	require.False(t, ok)
+}
+
+func executeBatchConsensusCommonwareVerifier(t *testing.T, code []byte, input []byte) []byte {
+	t.Helper()
+	statedb, err := state.New(types.EmptyRootHash, state.NewDatabaseForTesting())
+	require.NoError(t, err)
+	addr := common.BytesToAddress([]byte("contract"))
+	statedb.CreateAccount(addr)
+	statedb.SetCode(addr, code, tracing.CodeChangeUnspecified)
+	for slot, value := range batchConsensusCommonwareSolidityVerifierStorage() {
+		statedb.SetState(addr, slot, value)
+	}
+	out, _, err := runtime.Call(addr, input, &runtime.Config{
+		ChainConfig: params.MergedTestChainConfig,
+		State:       statedb,
+	})
+	require.NoError(t, err)
+	return out
+}
+
+func requireCommonwareP256Fixture(t *testing.T, certificate []byte) {
+	t.Helper()
+	require.Len(t, certificate, 246)
+	require.Equal(t, []byte("CWSIMPLX1"), certificate[:9])
+	require.Equal(t, byte(0x0e), certificate[52])
+	require.Equal(t, byte(0x03), certificate[53])
+	msg := append([]byte("\x29op-batcher-consensus-poc/simplex_FINALIZE"), certificate[9:44]...)
+	digest := sha256.Sum256(msg)
+	for i, signer := range batchConsensusCommonwareP256ProofPublicKeys() {
+		sig := certificate[54+(i*64) : 54+((i+1)*64)]
+		r := new(big.Int).SetBytes(sig[:32])
+		s := new(big.Int).SetBytes(sig[32:])
+		pub := ecdsa.PublicKey{
+			Curve: elliptic.P256(),
+			X:     new(big.Int).SetBytes(signer.x[:]),
+			Y:     new(big.Int).SetBytes(signer.y[:]),
+		}
+		require.Truef(t, ecdsa.Verify(&pub, digest[:], r, s), "signature %d", i)
+	}
+}
+
+func TestBatchConsensusMockVerifierTrueCode(t *testing.T) {
+	out, _, err := runtime.Execute(batchConsensusMockVerifierTrueCode, []byte("anything"), nil)
+	require.NoError(t, err)
+	ok, err := batchconsensus.DecodeVerifyResult(out)
+	require.NoError(t, err)
+	require.True(t, ok)
+}
diff --git a/op-devstack/sysgo/preset_config.go b/op-devstack/sysgo/preset_config.go
index d3be28e7ebc..282b777f4b9 100644
--- a/op-devstack/sysgo/preset_config.go
+++ b/op-devstack/sysgo/preset_config.go
@@ -5,6 +5,7 @@ import (
 
 	gameTypes "github.com/ethereum-optimism/optimism/op-challenger/game/types"
 	"github.com/ethereum-optimism/optimism/op-service/eth"
+	"github.com/ethereum/go-ethereum/common"
 )
 
 type PreGenesisSuperGameConfig struct {
@@ -36,6 +37,14 @@ type PresetConfig struct {
 	PreGenesisSuperGame     *PreGenesisSuperGameConfig
 	// SkipHonestProposer skips starting op-proposer.
 	SkipHonestProposer bool
+	// BatchConsensusMockVerifierAddress, if set, installs a mock verifier into L1
+	// genesis and configures L2 rollup config to require it for blob batches.
+	BatchConsensusMockVerifierAddress *common.Address
+	BatchConsensusMockVerifierAccept  bool
+	BatchConsensusMockProofSidecar    bool
+	BatchConsensusMockProofValid      bool
+	BatchConsensusCommonwareSidecar   bool
+	BatchConsensusCommonwareValid     bool
 }
 
 func NewPresetConfig() PresetConfig {
diff --git a/op-devstack/sysgo/singlechain_runtime.go b/op-devstack/sysgo/singlechain_runtime.go
index 652ef14d284..a6d715a6939 100644
--- a/op-devstack/sysgo/singlechain_runtime.go
+++ b/op-devstack/sysgo/singlechain_runtime.go
@@ -61,6 +61,7 @@ func newSingleChainNodeRuntime(name string, isSequencer bool, el L2ELNode, cl L2
 
 func newDefaultSingleChainWorld(t devtest.T, keys devkeys.Keys, cfg PresetConfig) singleChainRuntimeWorld {
 	l1Net, l2Net := buildSingleChainWorld(t, keys, cfg.LocalContractArtifactsPath, cfg.DeployerOptions...)
+	applyBatchConsensusMockVerifier(cfg, l1Net, l2Net)
 	return singleChainRuntimeWorld{
 		L1Network: l1Net,
 		L2Network: l2Net,
@@ -107,7 +108,25 @@ func newSingleChainRuntimeWithConfig(t devtest.T, cfg PresetConfig, spec singleC
 
 	var l2Batcher *L2Batcher
 	if spec.StartBatcher {
-		l2Batcher = startMinimalBatcher(t, keys, world.L2Network, l1EL, primary.CL, primary.EL, cfg.BatcherOptions...)
+		batcherOpts := cfg.BatcherOptions
+		if cfg.BatchConsensusMockProofSidecar && cfg.BatchConsensusCommonwareSidecar {
+			require.FailNow("batch consensus proof sidecars are mutually exclusive")
+		}
+		if cfg.BatchConsensusMockProofSidecar {
+			endpoint := startBatchConsensusMockProofSidecar(t, cfg.BatchConsensusMockProofValid)
+			batcherOpts = append([]BatcherOption{}, batcherOpts...)
+			batcherOpts = append(batcherOpts, func(_ ComponentTarget, cfg *bss.CLIConfig) {
+				cfg.BatchConsensusProofEndpoint = endpoint
+			})
+		}
+		if cfg.BatchConsensusCommonwareSidecar {
+			endpoint := startBatchConsensusCommonwareProofSidecar(t, cfg.BatchConsensusCommonwareValid)
+			batcherOpts = append([]BatcherOption{}, batcherOpts...)
+			batcherOpts = append(batcherOpts, func(_ ComponentTarget, cfg *bss.CLIConfig) {
+				cfg.BatchConsensusProofEndpoint = endpoint
+			})
+		}
+		l2Batcher = startMinimalBatcher(t, keys, world.L2Network, l1EL, primary.CL, primary.EL, batcherOpts...)
 	}
 
 	var l2Proposer *L2Proposer
diff --git a/op-node/metrics/metered/metered_l1fetcher.go b/op-node/metrics/metered/metered_l1fetcher.go
index f79433c72a2..97defd071eb 100644
--- a/op-node/metrics/metered/metered_l1fetcher.go
+++ b/op-node/metrics/metered/metered_l1fetcher.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"time"
 
+	"github.com/ethereum/go-ethereum"
 	"github.com/ethereum/go-ethereum/common"
 	"github.com/ethereum/go-ethereum/core/types"
 
@@ -21,6 +22,7 @@ type L1Fetcher interface {
 	InfoByHash(ctx context.Context, hash common.Hash) (eth.BlockInfo, error)
 	FetchReceipts(ctx context.Context, blockHash common.Hash) (eth.BlockInfo, types.Receipts, error)
 	InfoAndTxsByHash(ctx context.Context, hash common.Hash) (eth.BlockInfo, types.Transactions, error)
+	CallAtHash(ctx context.Context, msg ethereum.CallMsg, blockHash common.Hash) ([]byte, error)
 }
 
 type MeteredL1Fetcher struct {
@@ -68,6 +70,11 @@ func (m *MeteredL1Fetcher) FetchReceipts(ctx context.Context, blockHash common.H
 	return m.inner.FetchReceipts(ctx, blockHash)
 }
 
+func (m *MeteredL1Fetcher) CallAtHash(ctx context.Context, msg ethereum.CallMsg, blockHash common.Hash) ([]byte, error) {
+	defer m.recordTime("CallAtHash")()
+	return m.inner.CallAtHash(ctx, msg, blockHash)
+}
+
 func (m *MeteredL1Fetcher) recordTime(method string) func() {
 	start := m.now()
 	return func() {
diff --git a/op-node/metrics/metered/metered_l1fetcher_test.go b/op-node/metrics/metered/metered_l1fetcher_test.go
index 0e96fced531..03ae57355ae 100644
--- a/op-node/metrics/metered/metered_l1fetcher_test.go
+++ b/op-node/metrics/metered/metered_l1fetcher_test.go
@@ -9,6 +9,7 @@ import (
 	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
 
+	"github.com/ethereum/go-ethereum"
 	"github.com/ethereum/go-ethereum/common"
 	"github.com/ethereum/go-ethereum/core/types"
 
@@ -96,6 +97,18 @@ func TestDurationRecorded(t *testing.T) {
 				require.Equal(t, expectedErr, err)
 			},
 		},
+		{
+			method: "CallAtHash",
+			call: func(t *testing.T, fetcher *MeteredL1Fetcher, inner *testutils.MockL1Source) {
+				msg := ethereum.CallMsg{Data: []byte{0x01}}
+				expectedOut := []byte{0x02}
+				inner.ExpectCallAtHash(msg, hash, expectedOut, expectedErr)
+
+				actualOut, err := fetcher.CallAtHash(context.Background(), msg, hash)
+				require.Equal(t, expectedOut, actualOut)
+				require.Equal(t, expectedErr, err)
+			},
+		},
 	}
 	for _, test := range tests {
 		test := test
diff --git a/op-node/metrics/metrics.go b/op-node/metrics/metrics.go
index 944a8624325..43148c02d39 100644
--- a/op-node/metrics/metrics.go
+++ b/op-node/metrics/metrics.go
@@ -45,6 +45,7 @@ type Metricer interface {
 	RecordL2Ref(name string, ref eth.L2BlockRef)
 	RecordUnsafePayloadsBuffer(length uint64, memSize uint64, next eth.BlockID)
 	RecordDerivedBatches(batchType string)
+	RecordBatchConsensusProof(result string)
 	CountSequencedTxsInBlock(txns int, deposits int)
 	RecordL1ReorgDepth(d uint64)
 	RecordSequencerInconsistentL1Origin(from eth.BlockID, to eth.BlockID)
@@ -98,7 +99,8 @@ type Metrics struct {
 
 	*event.EventMetricsTracker
 
-	DerivedBatches metrics.EventVec
+	DerivedBatches       metrics.EventVec
+	BatchConsensusProofs metrics.EventVec
 
 	P2PReqDurationSeconds *prometheus.HistogramVec
 	P2PReqTotal           *prometheus.CounterVec
@@ -219,7 +221,8 @@ func NewMetrics(procName string, labels prometheus.Labels) *Metrics {
 		}),
 		EventMetricsTracker: event.NewMetricsTracker(ns, factory),
 
-		DerivedBatches: metrics.NewEventVec(factory, ns, "", "derived_batches", "derived batches", []string{"type"}),
+		DerivedBatches:       metrics.NewEventVec(factory, ns, "", "derived_batches", "derived batches", []string{"type"}),
+		BatchConsensusProofs: metrics.NewEventVec(factory, ns, "", "batch_consensus_proofs", "batch consensus proof verification results", []string{"result"}),
 
 		SequencerInconsistentL1Origin: metrics.NewEvent(factory, ns, "", "sequencer_inconsistent_l1_origin", "events when the sequencer selects an inconsistent L1 origin"),
 		SequencerResets:               metrics.NewEvent(factory, ns, "", "sequencer_resets", "sequencer resets"),
@@ -472,6 +475,10 @@ func (m *Metrics) RecordDerivedBatches(batchType string) {
 	m.DerivedBatches.Record(batchType)
 }
 
+func (m *Metrics) RecordBatchConsensusProof(result string) {
+	m.BatchConsensusProofs.Record(result)
+}
+
 func (m *Metrics) CountSequencedTxsInBlock(txns int, deposits int) {
 	m.TransactionsSequencedTotal.WithLabelValues("deposits").Add(float64(deposits))
 	m.TransactionsSequencedTotal.WithLabelValues("txns").Add(float64(txns - deposits))
@@ -691,6 +698,9 @@ func (n *noopMetricer) RecordUnsafePayloadsBuffer(length uint64, memSize uint64,
 func (n *noopMetricer) RecordDerivedBatches(batchType string) {
 }
 
+func (n *noopMetricer) RecordBatchConsensusProof(result string) {
+}
+
 func (n *noopMetricer) CountSequencedTxsInBlock(txns int, deposits int) {
 }
 
diff --git a/op-node/node/node.go b/op-node/node/node.go
index c3a169dda0c..abb88a653f4 100644
--- a/op-node/node/node.go
+++ b/op-node/node/node.go
@@ -59,6 +59,7 @@ type L1Client interface {
 	InfoAndTxsByNumber(ctx context.Context, number uint64) (eth.BlockInfo, types.Transactions, error)
 	InfoAndTxsByLabel(ctx context.Context, label eth.BlockLabel) (eth.BlockInfo, types.Transactions, error)
 	FetchReceipts(ctx context.Context, blockHash common.Hash) (eth.BlockInfo, types.Receipts, error)
+	CallAtHash(ctx context.Context, msg ethereum.CallMsg, blockHash common.Hash) ([]byte, error)
 	GetProof(ctx context.Context, address common.Address, storage []common.Hash, blockTag string) (*eth.AccountResult, error)
 	GetStorageAt(ctx context.Context, address common.Address, storageSlot common.Hash, blockTag string) (common.Hash, error)
 	ReadStorageAt(ctx context.Context, address common.Address, storageSlot common.Hash, blockHash common.Hash) (common.Hash, error)
@@ -90,6 +91,7 @@ type L1Source interface {
 	InfoByHash(ctx context.Context, hash common.Hash) (eth.BlockInfo, error)
 	InfoAndTxsByHash(ctx context.Context, hash common.Hash) (eth.BlockInfo, types.Transactions, error)
 	FetchReceipts(ctx context.Context, blockHash common.Hash) (eth.BlockInfo, types.Receipts, error)
+	CallAtHash(ctx context.Context, msg ethereum.CallMsg, blockHash common.Hash) ([]byte, error)
 	Close()
 }
 
diff --git a/op-node/rollup/derive/altda_data_source_test.go b/op-node/rollup/derive/altda_data_source_test.go
index fdf088ab23b..c39797082de 100644
--- a/op-node/rollup/derive/altda_data_source_test.go
+++ b/op-node/rollup/derive/altda_data_source_test.go
@@ -102,7 +102,7 @@ func TestAltDADataSource(t *testing.T) {
 
 	signer := cfg.L1Signer()
 
-	factory := NewDataSourceFactory(logger, cfg, l1F, nil, da)
+	factory := NewDataSourceFactory(logger, cfg, l1F, nil, da, nil)
 
 	nc := 0
 	firstChallengeExpirationBlock := uint64(95)
@@ -342,7 +342,7 @@ func TestAltDADataSourceStall(t *testing.T) {
 
 	signer := cfg.L1Signer()
 
-	factory := NewDataSourceFactory(logger, cfg, l1F, nil, da)
+	factory := NewDataSourceFactory(logger, cfg, l1F, nil, da, nil)
 
 	parent := l1Refs[0]
 	// create a new mock l1 ref
@@ -465,7 +465,7 @@ func TestAltDADataSourceInvalidData(t *testing.T) {
 
 	signer := cfg.L1Signer()
 
-	factory := NewDataSourceFactory(logger, cfg, l1F, nil, da)
+	factory := NewDataSourceFactory(logger, cfg, l1F, nil, da, nil)
 
 	parent := l1Refs[0]
 	// create a new mock l1 ref
diff --git a/op-node/rollup/derive/blob_data_source.go b/op-node/rollup/derive/blob_data_source.go
index d4ec55fa1b2..b13874753c0 100644
--- a/op-node/rollup/derive/blob_data_source.go
+++ b/op-node/rollup/derive/blob_data_source.go
@@ -11,6 +11,7 @@ import (
 	"github.com/ethereum/go-ethereum/core/types"
 	"github.com/ethereum/go-ethereum/log"
 
+	"github.com/ethereum-optimism/optimism/op-service/batchconsensus"
 	"github.com/ethereum-optimism/optimism/op-service/eth"
 )
 
@@ -86,7 +87,7 @@ func (ds *BlobDataSource) open(ctx context.Context) ([]blobOrCalldata, error) {
 		return nil, NewTemporaryError(fmt.Errorf("failed to open blob data source: %w", err))
 	}
 
-	data, hashes := dataAndHashesFromTxs(txs, &ds.dsCfg, ds.batcherAddr, ds.log)
+	data, hashes := dataAndHashesFromTxs(ctx, txs, &ds.dsCfg, ds.ref.Hash, ds.batcherAddr, ds.log)
 
 	if len(hashes) == 0 {
 		// there are no blobs to fetch so we can return immediately
@@ -115,7 +116,7 @@ func (ds *BlobDataSource) open(ctx context.Context) ([]blobOrCalldata, error) {
 // dataAndHashesFromTxs extracts calldata and datahashes from the input transactions and returns them. It
 // creates a placeholder blobOrCalldata element for each returned blob hash that must be populated
 // by fillBlobPointers after blob bodies are retrieved.
-func dataAndHashesFromTxs(txs types.Transactions, config *DataSourceConfig, batcherAddr common.Address, logger log.Logger) ([]blobOrCalldata, []common.Hash) {
+func dataAndHashesFromTxs(ctx context.Context, txs types.Transactions, config *DataSourceConfig, l1BlockHash common.Hash, batcherAddr common.Address, logger log.Logger) ([]blobOrCalldata, []common.Hash) {
 	data := []blobOrCalldata{}
 	var hashes []common.Hash
 	for _, tx := range txs {
@@ -129,9 +130,12 @@ func dataAndHashesFromTxs(txs types.Transactions, config *DataSourceConfig, batc
 			data = append(data, blobOrCalldata{nil, &calldata})
 			continue
 		}
-		// handle blob batcher transactions by extracting their blob hashes, ignoring any calldata.
-		if len(tx.Data()) > 0 {
-			log.Warn("blob tx has calldata, which will be ignored", "txhash", tx.Hash())
+		if config.batchConsensusVerifierAddress != (common.Address{}) {
+			if !verifyBlobBatchConsensus(ctx, config, l1BlockHash, batcherAddr, tx, logger) {
+				continue
+			}
+		} else if len(tx.Data()) > 0 {
+			logger.Warn("blob tx has calldata, which will be ignored", "txhash", tx.Hash())
 		}
 		for _, h := range tx.BlobHashes() {
 			hashes = append(hashes, h)
@@ -141,6 +145,44 @@ func dataAndHashesFromTxs(txs types.Transactions, config *DataSourceConfig, batc
 	return data, hashes
 }
 
+func verifyBlobBatchConsensus(ctx context.Context, config *DataSourceConfig, l1BlockHash common.Hash, batcherAddr common.Address, tx *types.Transaction, logger log.Logger) bool {
+	record := func(result string) {
+		if config.metrics != nil {
+			config.metrics.RecordBatchConsensusProof(result)
+		}
+	}
+	if len(tx.Data()) == 0 {
+		logger.Warn("ignoring blob batcher tx with missing batch consensus proof", "txhash", tx.Hash(), "block", l1BlockHash)
+		record("missing")
+		return false
+	}
+	msg := ethereum.CallMsg{
+		From: batcherAddr,
+		To:   &config.batchConsensusVerifierAddress,
+		Data: tx.Data(),
+	}
+	out, err := config.batchConsensusVerificationCall.CallAtHash(ctx, msg, l1BlockHash)
+	if err != nil {
+		logger.Warn("ignoring blob batcher tx with rejected batch consensus proof", "txhash", tx.Hash(), "block", l1BlockHash, "err", err)
+		record("rejected")
+		return false
+	}
+	ok, err := batchconsensus.DecodeVerifyResult(out)
+	if err != nil {
+		logger.Warn("ignoring blob batcher tx with invalid batch consensus verifier result", "txhash", tx.Hash(), "block", l1BlockHash, "err", err)
+		record("invalid_result")
+		return false
+	}
+	if !ok {
+		logger.Warn("ignoring blob batcher tx with false batch consensus verifier result", "txhash", tx.Hash(), "block", l1BlockHash)
+		record("false")
+		return false
+	}
+	logger.Debug("accepted blob batcher tx with batch consensus proof", "txhash", tx.Hash(), "block", l1BlockHash, "blob_hashes", len(tx.BlobHashes()))
+	record("accepted")
+	return true
+}
+
 // fillBlobPointers goes back through the data array and fills in the pointers to the fetched blob
 // bodies. There should be exactly one placeholder blobOrCalldata element for each blob, otherwise
 // error is returned.
diff --git a/op-node/rollup/derive/blob_data_source_test.go b/op-node/rollup/derive/blob_data_source_test.go
index a20205544c4..ab8651b9df1 100644
--- a/op-node/rollup/derive/blob_data_source_test.go
+++ b/op-node/rollup/derive/blob_data_source_test.go
@@ -1,17 +1,21 @@
 package derive
 
 import (
+	"context"
 	"crypto/ecdsa"
+	"errors"
 	"math/big"
 	"math/rand"
 	"testing"
 
 	"github.com/stretchr/testify/require"
 
+	"github.com/ethereum/go-ethereum"
 	"github.com/ethereum/go-ethereum/common"
 	"github.com/ethereum/go-ethereum/core/types"
 	"github.com/ethereum/go-ethereum/crypto"
 
+	"github.com/ethereum-optimism/optimism/op-service/batchconsensus"
 	"github.com/ethereum-optimism/optimism/op-service/eth"
 	"github.com/ethereum-optimism/optimism/op-service/testlog"
 	"github.com/ethereum-optimism/optimism/op-service/testutils"
@@ -45,7 +49,7 @@ func TestDataAndHashesFromTxs(t *testing.T) {
 	}
 	calldataTx, _ := types.SignNewTx(privateKey, signer, txData)
 	txs := types.Transactions{calldataTx}
-	data, blobHashes := dataAndHashesFromTxs(txs, &config, batcherAddr, logger)
+	data, blobHashes := dataAndHashesFromTxs(context.Background(), txs, &config, common.Hash{}, batcherAddr, logger)
 	require.Equal(t, 1, len(data))
 	require.Equal(t, 0, len(blobHashes))
 
@@ -60,14 +64,14 @@ func TestDataAndHashesFromTxs(t *testing.T) {
 	}
 	blobTx, _ := types.SignNewTx(privateKey, signer, blobTxData)
 	txs = types.Transactions{blobTx}
-	data, blobHashes = dataAndHashesFromTxs(txs, &config, batcherAddr, logger)
+	data, blobHashes = dataAndHashesFromTxs(context.Background(), txs, &config, common.Hash{}, batcherAddr, logger)
 	require.Equal(t, 1, len(data))
 	require.Equal(t, 1, len(blobHashes))
 	require.Nil(t, data[0].calldata)
 
 	// try again with both the blob & calldata transactions and make sure both are picked up
 	txs = types.Transactions{blobTx, calldataTx}
-	data, blobHashes = dataAndHashesFromTxs(txs, &config, batcherAddr, logger)
+	data, blobHashes = dataAndHashesFromTxs(context.Background(), txs, &config, common.Hash{}, batcherAddr, logger)
 	require.Equal(t, 2, len(data))
 	require.Equal(t, 1, len(blobHashes))
 	require.NotNil(t, data[1].calldata)
@@ -75,7 +79,7 @@ func TestDataAndHashesFromTxs(t *testing.T) {
 	// make sure blob tx to the batch inbox is ignored if not signed by the batcher
 	blobTx, _ = types.SignNewTx(testutils.RandomKey(), signer, blobTxData)
 	txs = types.Transactions{blobTx}
-	data, blobHashes = dataAndHashesFromTxs(txs, &config, batcherAddr, logger)
+	data, blobHashes = dataAndHashesFromTxs(context.Background(), txs, &config, common.Hash{}, batcherAddr, logger)
 	require.Equal(t, 0, len(data))
 	require.Equal(t, 0, len(blobHashes))
 
@@ -84,7 +88,7 @@ func TestDataAndHashesFromTxs(t *testing.T) {
 	blobTxData.To = testutils.RandomAddress(rng)
 	blobTx, _ = types.SignNewTx(privateKey, signer, blobTxData)
 	txs = types.Transactions{blobTx}
-	data, blobHashes = dataAndHashesFromTxs(txs, &config, batcherAddr, logger)
+	data, blobHashes = dataAndHashesFromTxs(context.Background(), txs, &config, common.Hash{}, batcherAddr, logger)
 	require.Equal(t, 0, len(data))
 	require.Equal(t, 0, len(blobHashes))
 
@@ -98,11 +102,121 @@ func TestDataAndHashesFromTxs(t *testing.T) {
 	setCodeTx, err := types.SignNewTx(privateKey, signer, setCodeTxData)
 	require.NoError(t, err)
 	txs = types.Transactions{setCodeTx}
-	data, blobHashes = dataAndHashesFromTxs(txs, &config, batcherAddr, logger)
+	data, blobHashes = dataAndHashesFromTxs(context.Background(), txs, &config, common.Hash{}, batcherAddr, logger)
 	require.Equal(t, 0, len(data))
 	require.Equal(t, 0, len(blobHashes))
 }
 
+type mockBatchConsensusCaller struct {
+	out       []byte
+	err       error
+	calls     int
+	lastMsg   ethereum.CallMsg
+	lastBlock common.Hash
+}
+
+func (m *mockBatchConsensusCaller) CallAtHash(ctx context.Context, msg ethereum.CallMsg, blockHash common.Hash) ([]byte, error) {
+	m.calls++
+	m.lastMsg = msg
+	m.lastBlock = blockHash
+	return m.out, m.err
+}
+
+func TestDataAndHashesFromTxsBatchConsensusVerifier(t *testing.T) {
+	rng := rand.New(rand.NewSource(54321))
+	privateKey := testutils.InsecureRandomKey(rng)
+	publicKey, _ := privateKey.Public().(*ecdsa.PublicKey)
+	batcherAddr := crypto.PubkeyToAddress(*publicKey)
+	batchInboxAddr := testutils.RandomAddress(rng)
+	verifierAddr := testutils.RandomAddress(rng)
+	l1BlockHash := testutils.RandomHash(rng)
+	blobHash := testutils.RandomHash(rng)
+	logger := testlog.Logger(t, log.LvlInfo)
+	signer := types.NewPragueSigner(big.NewInt(100))
+
+	calldata, err := batchconsensus.BuildMockVerifyCalldata(big.NewInt(1), big.NewInt(2), batchInboxAddr, batcherAddr, []common.Hash{blobHash})
+	require.NoError(t, err)
+	blobTx, err := types.SignNewTx(privateKey, signer, &types.BlobTx{
+		Nonce:      rng.Uint64(),
+		Gas:        2_000_000,
+		To:         batchInboxAddr,
+		Data:       calldata,
+		BlobHashes: []common.Hash{blobHash},
+	})
+	require.NoError(t, err)
+
+	abiTrue := common.LeftPadBytes([]byte{1}, 32)
+	abiFalse := make([]byte, 32)
+
+	results := []struct {
+		name           string
+		callOut        []byte
+		callErr        error
+		tx             *types.Transaction
+		expectedResult string
+		expectedHashes int
+	}{
+		{name: "accepted", callOut: abiTrue, tx: blobTx, expectedResult: "accepted", expectedHashes: 1},
+		{name: "false", callOut: abiFalse, tx: blobTx, expectedResult: "false"},
+		{name: "rejected", callErr: errors.New("execution reverted"), tx: blobTx, expectedResult: "rejected"},
+		{name: "invalid-result", callOut: []byte{0x01}, tx: blobTx, expectedResult: "invalid_result"},
+	}
+	for _, tt := range results {
+		t.Run(tt.name, func(t *testing.T) {
+			caller := &mockBatchConsensusCaller{out: tt.callOut, err: tt.callErr}
+			var metricResult string
+			config := DataSourceConfig{
+				l1Signer:                       signer,
+				batchInboxAddress:              batchInboxAddr,
+				batchConsensusVerifierAddress:  verifierAddr,
+				batchConsensusVerificationCall: caller,
+				metrics: &testutils.TestDerivationMetrics{
+					FnRecordBatchConsensusProof: func(result string) {
+						metricResult = result
+					},
+				},
+			}
+
+			data, blobHashes := dataAndHashesFromTxs(context.Background(), types.Transactions{tt.tx}, &config, l1BlockHash, batcherAddr, logger)
+			require.Equal(t, tt.expectedHashes, len(blobHashes))
+			require.Equal(t, tt.expectedHashes, len(data))
+			require.Equal(t, 1, caller.calls)
+			require.Equal(t, verifierAddr, *caller.lastMsg.To)
+			require.Equal(t, calldata, caller.lastMsg.Data)
+			require.Equal(t, l1BlockHash, caller.lastBlock)
+			require.Equal(t, tt.expectedResult, metricResult)
+		})
+	}
+
+	t.Run("missing proof", func(t *testing.T) {
+		blobTxNoData, err := types.SignNewTx(privateKey, signer, &types.BlobTx{
+			Nonce:      rng.Uint64(),
+			Gas:        2_000_000,
+			To:         batchInboxAddr,
+			BlobHashes: []common.Hash{blobHash},
+		})
+		require.NoError(t, err)
+		caller := &mockBatchConsensusCaller{out: abiTrue}
+		var metricResult string
+		config := DataSourceConfig{
+			l1Signer:                       signer,
+			batchInboxAddress:              batchInboxAddr,
+			batchConsensusVerifierAddress:  verifierAddr,
+			batchConsensusVerificationCall: caller,
+			metrics: &testutils.TestDerivationMetrics{
+				FnRecordBatchConsensusProof: func(result string) {
+					metricResult = result
+				},
+			},
+		}
+		data, blobHashes := dataAndHashesFromTxs(context.Background(), types.Transactions{blobTxNoData}, &config, l1BlockHash, batcherAddr, logger)
+		require.Empty(t, data)
+		require.Empty(t, blobHashes)
+		require.Zero(t, caller.calls)
+		require.Equal(t, "missing", metricResult)
+	})
+}
+
 func TestFillBlobPointers(t *testing.T) {
 	blob := eth.Blob{}
 	rng := rand.New(rand.NewSource(1234))
diff --git a/op-node/rollup/derive/calldata_source_test.go b/op-node/rollup/derive/calldata_source_test.go
index 01b2616cca3..579d5f3e479 100644
--- a/op-node/rollup/derive/calldata_source_test.go
+++ b/op-node/rollup/derive/calldata_source_test.go
@@ -121,7 +121,10 @@ func TestDataFromEVMTransactions(t *testing.T) {
 			}
 		}
 
-		out := DataFromEVMTransactions(DataSourceConfig{cfg.L1Signer(), cfg.BatchInboxAddress, false}, batcherAddr, txs, testlog.Logger(t, log.LevelCrit))
+		out := DataFromEVMTransactions(DataSourceConfig{
+			l1Signer:          cfg.L1Signer(),
+			batchInboxAddress: cfg.BatchInboxAddress,
+		}, batcherAddr, txs, testlog.Logger(t, log.LevelCrit))
 		require.ElementsMatch(t, expectedData, out)
 	}
 
diff --git a/op-node/rollup/derive/data_source.go b/op-node/rollup/derive/data_source.go
index d90cfb42ff5..2b092d81db0 100644
--- a/op-node/rollup/derive/data_source.go
+++ b/op-node/rollup/derive/data_source.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 
+	"github.com/ethereum/go-ethereum"
 	"github.com/ethereum/go-ethereum/common"
 	"github.com/ethereum/go-ethereum/core/types"
 	"github.com/ethereum/go-ethereum/log"
@@ -26,6 +27,10 @@ type L1BlobsFetcher interface {
 	GetBlobsByHash(ctx context.Context, time uint64, hashes []common.Hash) ([]*eth.Blob, error)
 }
 
+type L1BatchConsensusCaller interface {
+	CallAtHash(ctx context.Context, msg ethereum.CallMsg, blockHash common.Hash) ([]byte, error)
+}
+
 type AltDAInputFetcher interface {
 	// GetInput fetches the input for the given commitment at the given block number from the DA storage service.
 	GetInput(ctx context.Context, l1 altda.L1Fetcher, c altda.CommitmentData, blockId eth.L1BlockRef) (eth.Data, error)
@@ -45,13 +50,23 @@ type DataSourceFactory struct {
 	blobsFetcher L1BlobsFetcher
 	altDAFetcher AltDAInputFetcher
 	ecotoneTime  *uint64
+	metrics      Metrics
 }
 
-func NewDataSourceFactory(log log.Logger, cfg *rollup.Config, fetcher L1Fetcher, blobsFetcher L1BlobsFetcher, altDAFetcher AltDAInputFetcher) *DataSourceFactory {
+func NewDataSourceFactory(log log.Logger, cfg *rollup.Config, fetcher L1Fetcher, blobsFetcher L1BlobsFetcher, altDAFetcher AltDAInputFetcher, metrics Metrics) *DataSourceFactory {
+	var batchConsensusCaller L1BatchConsensusCaller
+	if cfg.BatchConsensusVerifierAddress != (common.Address{}) {
+		if caller, ok := fetcher.(L1BatchConsensusCaller); ok {
+			batchConsensusCaller = caller
+		}
+	}
 	config := DataSourceConfig{
-		l1Signer:          cfg.L1Signer(),
-		batchInboxAddress: cfg.BatchInboxAddress,
-		altDAEnabled:      cfg.AltDAEnabled(),
+		l1Signer:                       cfg.L1Signer(),
+		batchInboxAddress:              cfg.BatchInboxAddress,
+		batchConsensusVerifierAddress:  cfg.BatchConsensusVerifierAddress,
+		batchConsensusVerificationCall: batchConsensusCaller,
+		metrics:                        metrics,
+		altDAEnabled:                   cfg.AltDAEnabled(),
 	}
 	return &DataSourceFactory{
 		log:          log,
@@ -60,6 +75,7 @@ func NewDataSourceFactory(log log.Logger, cfg *rollup.Config, fetcher L1Fetcher,
 		blobsFetcher: blobsFetcher,
 		altDAFetcher: altDAFetcher,
 		ecotoneTime:  cfg.EcotoneTime,
+		metrics:      metrics,
 	}
 }
 
@@ -72,6 +88,9 @@ func (ds *DataSourceFactory) OpenData(ctx context.Context, ref eth.L1BlockRef, b
 		if ds.blobsFetcher == nil {
 			return nil, NewCriticalError(fmt.Errorf("ecotone upgrade active but beacon endpoint not configured"))
 		}
+		if ds.dsCfg.batchConsensusVerifierAddress != (common.Address{}) && ds.dsCfg.batchConsensusVerificationCall == nil {
+			return nil, NewCriticalError(fmt.Errorf("batch consensus verifier configured but L1 fetcher does not support block-hash eth_call"))
+		}
 		src = NewBlobDataSource(ctx, ds.log, ds.dsCfg, ds.fetcher, ds.blobsFetcher, ref, batcherAddr)
 	} else {
 		src = NewCalldataSource(ctx, ds.log, ds.dsCfg, ds.fetcher, ref, batcherAddr)
@@ -85,9 +104,12 @@ func (ds *DataSourceFactory) OpenData(ctx context.Context, ref eth.L1BlockRef, b
 
 // DataSourceConfig regroups the mandatory rollup.Config fields needed for DataFromEVMTransactions.
 type DataSourceConfig struct {
-	l1Signer          types.Signer
-	batchInboxAddress common.Address
-	altDAEnabled      bool
+	l1Signer                       types.Signer
+	batchInboxAddress              common.Address
+	batchConsensusVerifierAddress  common.Address
+	batchConsensusVerificationCall L1BatchConsensusCaller
+	metrics                        Metrics
+	altDAEnabled                   bool
 }
 
 // isValidBatchTx returns true if:
diff --git a/op-node/rollup/derive/pipeline.go b/op-node/rollup/derive/pipeline.go
index 67f0511eac4..f5655829c00 100644
--- a/op-node/rollup/derive/pipeline.go
+++ b/op-node/rollup/derive/pipeline.go
@@ -25,6 +25,7 @@ type Metrics interface {
 	RecordChannelTimedOut()
 	RecordFrame()
 	RecordDerivedBatches(batchType string)
+	RecordBatchConsensusProof(result string)
 	SetDerivationIdle(idle bool)
 	RecordPipelineReset()
 }
@@ -35,6 +36,7 @@ type L1Fetcher interface {
 	L1BlockRefByHashFetcher
 	L1ReceiptsFetcher
 	L1TransactionFetcher
+	L1BatchConsensusCaller
 }
 
 type ResettableStage interface {
@@ -109,7 +111,7 @@ func NewDerivationPipeline(log log.Logger, rollupCfg *rollup.Config, depSet Depe
 	} else {
 		l1Traversal = NewL1Traversal(log, rollupCfg, l1Fetcher)
 	}
-	dataSrc := NewDataSourceFactory(log, rollupCfg, l1Fetcher, l1Blobs, altDA) // auxiliary stage for L1Retrieval
+	dataSrc := NewDataSourceFactory(log, rollupCfg, l1Fetcher, l1Blobs, altDA, metrics) // auxiliary stage for L1Retrieval
 	l1Src := NewL1Retrieval(log, dataSrc, l1Traversal)
 	frameQueue := NewFrameQueue(log, rollupCfg, l1Src)
 	channelMux := NewChannelMux(log, spec, frameQueue, metrics)
diff --git a/op-node/rollup/types.go b/op-node/rollup/types.go
index c80b22aa5b3..57f96b2847d 100644
--- a/op-node/rollup/types.go
+++ b/op-node/rollup/types.go
@@ -142,6 +142,8 @@ type Config struct {
 
 	// L1 address that batches are sent to.
 	BatchInboxAddress common.Address `json:"batch_inbox_address"`
+	// Optional L1 verifier contract for blob batcher consensus proofs.
+	BatchConsensusVerifierAddress common.Address `json:"batch_consensus_verifier_address,omitempty"`
 	// L1 Deposit Contract Address
 	DepositContractAddress common.Address `json:"deposit_contract_address"`
 	// L1 System Config Address
diff --git a/op-service/batchconsensus/client.go b/op-service/batchconsensus/client.go
new file mode 100644
index 00000000000..354c1e3a103
--- /dev/null
+++ b/op-service/batchconsensus/client.go
@@ -0,0 +1,84 @@
+package batchconsensus
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"math/big"
+	"net/http"
+
+	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/common/hexutil"
+)
+
+type ProofRequest struct {
+	L1ChainID           string         `json:"l1_chain_id"`
+	L2ChainID           string         `json:"l2_chain_id"`
+	BatchInbox          common.Address `json:"batch_inbox"`
+	Batcher             common.Address `json:"batcher"`
+	BlobVersionedHashes []common.Hash  `json:"blob_versioned_hashes"`
+}
+
+type ProofResponse struct {
+	Provider    string        `json:"provider,omitempty"`
+	Certificate hexutil.Bytes `json:"certificate,omitempty"`
+	Calldata    hexutil.Bytes `json:"calldata"`
+}
+
+const (
+	ProviderCommonwarePOC        = "commonware-poc-secp256k1"
+	ProviderCommonwareSimplexPOC = "commonware-simplex-poc-secp256r1"
+)
+
+func NewProofRequest(l1ChainID, l2ChainID *big.Int, batchInbox common.Address, batcher common.Address, blobHashes []common.Hash) (ProofRequest, error) {
+	if l1ChainID == nil {
+		return ProofRequest{}, fmt.Errorf("missing L1 chain ID")
+	}
+	if l2ChainID == nil {
+		return ProofRequest{}, fmt.Errorf("missing L2 chain ID")
+	}
+	return ProofRequest{
+		L1ChainID:           l1ChainID.String(),
+		L2ChainID:           l2ChainID.String(),
+		BatchInbox:          batchInbox,
+		Batcher:             batcher,
+		BlobVersionedHashes: blobHashes,
+	}, nil
+}
+
+func FetchProofCalldata(ctx context.Context, endpoint string, req ProofRequest) ([]byte, error) {
+	resp, err := FetchProof(ctx, endpoint, req)
+	if err != nil {
+		return nil, err
+	}
+	return resp.Calldata, nil
+}
+
+func FetchProof(ctx context.Context, endpoint string, req ProofRequest) (ProofResponse, error) {
+	body, err := json.Marshal(req)
+	if err != nil {
+		return ProofResponse{}, fmt.Errorf("marshal proof request: %w", err)
+	}
+	httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint, bytes.NewReader(body))
+	if err != nil {
+		return ProofResponse{}, fmt.Errorf("build proof request: %w", err)
+	}
+	httpReq.Header.Set("content-type", "application/json")
+	httpResp, err := http.DefaultClient.Do(httpReq)
+	if err != nil {
+		return ProofResponse{}, fmt.Errorf("send proof request: %w", err)
+	}
+	defer httpResp.Body.Close()
+	if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 {
+		return ProofResponse{}, fmt.Errorf("proof sidecar returned status %d", httpResp.StatusCode)
+	}
+	var resp ProofResponse
+	if err := json.NewDecoder(httpResp.Body).Decode(&resp); err != nil {
+		return ProofResponse{}, fmt.Errorf("decode proof response: %w", err)
+	}
+	if len(resp.Calldata) == 0 {
+		return ProofResponse{}, fmt.Errorf("proof sidecar returned empty calldata")
+	}
+	return resp, nil
+}
diff --git a/op-service/batchconsensus/mock.go b/op-service/batchconsensus/mock.go
new file mode 100644
index 00000000000..b659dacc835
--- /dev/null
+++ b/op-service/batchconsensus/mock.go
@@ -0,0 +1,73 @@
+package batchconsensus
+
+import (
+	"fmt"
+	"math/big"
+	"strings"
+
+	"github.com/ethereum/go-ethereum/accounts/abi"
+	"github.com/ethereum/go-ethereum/common"
+)
+
+const (
+	VerifyBatchConsensusMethod = "verifyBatchConsensus"
+	MockProof                  = "op-batcher-consensus-poc"
+)
+
+var verifierABI = mustParseVerifierABI()
+
+func mustParseVerifierABI() abi.ABI {
+	parsed, err := abi.JSON(strings.NewReader(`[{
+		"type":"function",
+		"name":"verifyBatchConsensus",
+		"inputs":[
+			{"name":"l1ChainId","type":"uint256"},
+			{"name":"l2ChainId","type":"uint256"},
+			{"name":"batchInbox","type":"address"},
+			{"name":"batcher","type":"address"},
+			{"name":"blobVersionedHashes","type":"bytes32[]"},
+			{"name":"proof","type":"bytes"}
+		],
+		"outputs":[{"name":"ok","type":"bool"}],
+		"stateMutability":"view"
+	}]`))
+	if err != nil {
+		panic(err)
+	}
+	return parsed
+}
+
+// BuildMockVerifyCalldata builds the POC verifier calldata. The final proof bytes are intentionally
+// opaque so the mock proof can be replaced by a Commonware certificate without changing derivation.
+func BuildMockVerifyCalldata(l1ChainID, l2ChainID *big.Int, batchInbox common.Address, batcher common.Address, blobHashes []common.Hash) ([]byte, error) {
+	if l1ChainID == nil {
+		return nil, fmt.Errorf("missing L1 chain ID")
+	}
+	if l2ChainID == nil {
+		return nil, fmt.Errorf("missing L2 chain ID")
+	}
+	return verifierABI.Pack(
+		VerifyBatchConsensusMethod,
+		l1ChainID,
+		l2ChainID,
+		batchInbox,
+		batcher,
+		blobHashes,
+		[]byte(MockProof),
+	)
+}
+
+func DecodeVerifyResult(out []byte) (bool, error) {
+	values, err := verifierABI.Unpack(VerifyBatchConsensusMethod, out)
+	if err != nil {
+		return false, err
+	}
+	if len(values) != 1 {
+		return false, fmt.Errorf("expected one verifier return value, got %d", len(values))
+	}
+	ok, valid := values[0].(bool)
+	if !valid {
+		return false, fmt.Errorf("expected bool verifier return value, got %T", values[0])
+	}
+	return ok, nil
+}
diff --git a/op-service/batchconsensus/signature.go b/op-service/batchconsensus/signature.go
new file mode 100644
index 00000000000..8860887556f
--- /dev/null
+++ b/op-service/batchconsensus/signature.go
@@ -0,0 +1,133 @@
+package batchconsensus
+
+import (
+	"bytes"
+	"crypto/ecdsa"
+	"fmt"
+
+	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/crypto"
+)
+
+var signedProofPrefix = []byte("BCSIG1")
+var commonwareSimplexProofPrefix = []byte("CWSIMPLX1")
+
+func Digest(req ProofRequest) common.Hash {
+	var buf bytes.Buffer
+	buf.WriteString(req.L1ChainID)
+	buf.WriteByte('|')
+	buf.WriteString(req.L2ChainID)
+	buf.WriteByte('|')
+	buf.Write(req.BatchInbox.Bytes())
+	buf.Write(req.Batcher.Bytes())
+	for _, h := range req.BlobVersionedHashes {
+		buf.Write(h[:])
+	}
+	return crypto.Keccak256Hash(buf.Bytes())
+}
+
+// BuildSignedProofCalldata creates signature-shaped verifier calldata for the POC sidecar path.
+// The trailing byte is intentionally easy for the tiny devstack verifier bytecode to inspect.
+func BuildSignedProofCalldata(req ProofRequest, signer *ecdsa.PrivateKey, valid bool) ([]byte, error) {
+	if signer == nil {
+		return nil, fmt.Errorf("missing signer")
+	}
+	digest := Digest(req)
+	sig, err := crypto.Sign(digest[:], signer)
+	if err != nil {
+		return nil, fmt.Errorf("sign proof digest: %w", err)
+	}
+	if !valid {
+		sig[0] ^= 0x01
+	}
+	out := make([]byte, 0, len(signedProofPrefix)+len(digest)+len(sig)+1)
+	out = append(out, signedProofPrefix...)
+	out = append(out, digest[:]...)
+	out = append(out, sig...)
+	if valid {
+		out = append(out, 0x01)
+	} else {
+		out = append(out, 0x00)
+	}
+	return out, nil
+}
+
+func BuildSignedProofResponse(req ProofRequest, signer *ecdsa.PrivateKey, valid bool) (ProofResponse, error) {
+	calldata, err := BuildSignedProofCalldata(req, signer, valid)
+	if err != nil {
+		return ProofResponse{}, err
+	}
+	return ProofResponse{
+		Provider:    ProviderCommonwarePOC,
+		Certificate: calldata,
+		Calldata:    calldata,
+	}, nil
+}
+
+// BuildCommonwareSimplexProofCalldata creates verifier calldata that carries a
+// Commonware Simplex finalization certificate after the fixed POC envelope used
+// by the DevStack verifier.
+func BuildCommonwareSimplexProofCalldata(req ProofRequest, certificate []byte, signers []*ecdsa.PrivateKey, valid bool) ([]byte, error) {
+	if len(certificate) == 0 {
+		return nil, fmt.Errorf("missing Commonware certificate")
+	}
+	if len(signers) == 0 {
+		return nil, fmt.Errorf("missing signers")
+	}
+	digest := Digest(req)
+	out := make([]byte, 0, len(commonwareSimplexProofPrefix)+len(digest)+1+(65*len(signers))+len(certificate))
+	out = append(out, commonwareSimplexProofPrefix...)
+	out = append(out, digest[:]...)
+	if valid {
+		out = append(out, 0x01)
+	} else {
+		out = append(out, 0x00)
+	}
+	signingDigest := commonwareSimplexSigningDigest(digest, certificate)
+	for i, signer := range signers {
+		if signer == nil {
+			return nil, fmt.Errorf("missing signer %d", i)
+		}
+		sig, err := crypto.Sign(signingDigest[:], signer)
+		if err != nil {
+			return nil, fmt.Errorf("sign proof digest %d: %w", i, err)
+		}
+		if !valid && i == 0 {
+			sig[0] ^= 0x01
+		}
+		out = append(out, sig...)
+	}
+	out = append(out, certificate...)
+	return out, nil
+}
+
+func commonwareSimplexSigningDigest(digest common.Hash, certificate []byte) common.Hash {
+	payload := make([]byte, 0, len(commonwareSimplexProofPrefix)+len(digest)+1+len(certificate))
+	payload = append(payload, commonwareSimplexProofPrefix...)
+	payload = append(payload, digest[:]...)
+	payload = append(payload, 0x01)
+	payload = append(payload, certificate...)
+	return crypto.Keccak256Hash(payload)
+}
+
+func RecoverSigner(req ProofRequest, calldata []byte) (common.Address, bool) {
+	if len(calldata) != len(signedProofPrefix)+32+65+1 {
+		return common.Address{}, false
+	}
+	if !bytes.Equal(calldata[:len(signedProofPrefix)], signedProofPrefix) {
+		return common.Address{}, false
+	}
+	if calldata[len(calldata)-1] != 0x01 {
+		return common.Address{}, false
+	}
+	digest := Digest(req)
+	if !bytes.Equal(calldata[len(signedProofPrefix):len(signedProofPrefix)+32], digest[:]) {
+		return common.Address{}, false
+	}
+	sig := calldata[len(signedProofPrefix)+32 : len(signedProofPrefix)+32+65]
+	pub, err := crypto.SigToPub(digest[:], sig)
+	if err != nil {
+		return common.Address{}, false
+	}
+	return crypto.PubkeyToAddress(*pub), true
+}
diff --git a/op-service/batchconsensus/signature_test.go b/op-service/batchconsensus/signature_test.go
new file mode 100644
index 00000000000..35e46cde868
--- /dev/null
+++ b/op-service/batchconsensus/signature_test.go
@@ -0,0 +1,77 @@
+package batchconsensus
+
+import (
+	"bytes"
+	"crypto/ecdsa"
+	"math/big"
+	"testing"
+
+	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/crypto"
+	"github.com/stretchr/testify/require"
+)
+
+func TestBuildSignedProofCalldataRecoverSigner(t *testing.T) {
+	key, err := crypto.HexToECDSA("0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef")
+	require.NoError(t, err)
+	req, err := NewProofRequest(
+		big.NewInt(1),
+		big.NewInt(2),
+		common.HexToAddress("0x1111"),
+		common.HexToAddress("0x2222"),
+		[]common.Hash{common.HexToHash("0x3333")},
+	)
+	require.NoError(t, err)
+
+	calldata, err := BuildSignedProofCalldata(req, key, true)
+	require.NoError(t, err)
+	signer, ok := RecoverSigner(req, calldata)
+	require.True(t, ok)
+	require.Equal(t, crypto.PubkeyToAddress(key.PublicKey), signer)
+
+	invalid, err := BuildSignedProofCalldata(req, key, false)
+	require.NoError(t, err)
+	_, ok = RecoverSigner(req, invalid)
+	require.False(t, ok)
+
+	otherReq := req
+	otherReq.BlobVersionedHashes = []common.Hash{common.HexToHash("0x4444")}
+	_, ok = RecoverSigner(otherReq, calldata)
+	require.False(t, ok)
+
+	resp, err := BuildSignedProofResponse(req, key, true)
+	require.NoError(t, err)
+	require.Equal(t, ProviderCommonwarePOC, resp.Provider)
+	require.Equal(t, resp.Calldata, resp.Certificate)
+}
+
+func TestBuildCommonwareSimplexProofCalldata(t *testing.T) {
+	key1, err := crypto.GenerateKey()
+	require.NoError(t, err)
+	key2, err := crypto.GenerateKey()
+	require.NoError(t, err)
+	key3, err := crypto.GenerateKey()
+	require.NoError(t, err)
+	req := ProofRequest{
+		L1ChainID:           "1",
+		L2ChainID:           "2",
+		BatchInbox:          common.HexToAddress("0x1111"),
+		Batcher:             common.HexToAddress("0x2222"),
+		BlobVersionedHashes: []common.Hash{common.HexToHash("0x3333")},
+	}
+	certificate := []byte("CWSIMPLX1-finalization")
+
+	signers := []*ecdsa.PrivateKey{key1, key2, key3}
+	calldata, err := BuildCommonwareSimplexProofCalldata(req, certificate, signers, true)
+	require.NoError(t, err)
+	require.True(t, bytes.HasPrefix(calldata, commonwareSimplexProofPrefix))
+	require.Equal(t, byte(1), calldata[len(commonwareSimplexProofPrefix)+32])
+	require.Equal(t, certificate, calldata[len(commonwareSimplexProofPrefix)+32+1+(65*len(signers)):])
+	wrongCertificate := append([]byte(nil), certificate...)
+	wrongCertificate[len(wrongCertificate)-1] ^= 0x01
+	require.NotEqual(t, commonwareSimplexSigningDigest(Digest(req), certificate), commonwareSimplexSigningDigest(Digest(req), wrongCertificate))
+
+	invalid, err := BuildCommonwareSimplexProofCalldata(req, certificate, signers, false)
+	require.NoError(t, err)
+	require.Equal(t, byte(0), invalid[len(commonwareSimplexProofPrefix)+32])
+}
diff --git a/op-service/sources/eth_client.go b/op-service/sources/eth_client.go
index 075d3dd03c3..d21d1db6d54 100644
--- a/op-service/sources/eth_client.go
+++ b/op-service/sources/eth_client.go
@@ -593,6 +593,17 @@ func (s *EthClient) Call(ctx context.Context, msg ethereum.CallMsg, blockNumber
 	return hex, nil
 }
 
+// CallAtHash executes a message call transaction against the state at the given block hash.
+func (s *EthClient) CallAtHash(ctx context.Context, msg ethereum.CallMsg, blockHash common.Hash) ([]byte, error) {
+	var hex hexutil.Bytes
+	block := rpc.BlockNumberOrHashWithHash(blockHash, false)
+	err := s.client.CallContext(ctx, &hex, "eth_call", ToCallArg(msg), block)
+	if err != nil {
+		return nil, err
+	}
+	return hex, nil
+}
+
 // EstimateGas tries to estimate the gas needed to execute a specific transaction.
 func (s *EthClient) EstimateGas(ctx context.Context, msg ethereum.CallMsg) (uint64, error) {
 	var hex hexutil.Uint64
diff --git a/op-service/sources/eth_client_test.go b/op-service/sources/eth_client_test.go
index b3160a1d2bf..7ea1bcb677b 100644
--- a/op-service/sources/eth_client_test.go
+++ b/op-service/sources/eth_client_test.go
@@ -63,6 +63,37 @@ func randHash() (out common.Hash) {
 	return out
 }
 
+func TestEthClient_CallAtHash(t *testing.T) {
+	m := new(mockRPC)
+	ctx := context.Background()
+	blockHash := randHash()
+	to := common.HexToAddress("0x1234")
+	msg := ethereum.CallMsg{To: &to, Data: []byte{0xab, 0xcd}}
+	expected := hexutil.Bytes{0x01}
+
+	m.On("CallContext", ctx, mock.Anything, "eth_call", mock.MatchedBy(func(args []any) bool {
+		if len(args) != 2 {
+			return false
+		}
+		block, ok := args[1].(rpc.BlockNumberOrHash)
+		if !ok {
+			return false
+		}
+		hash, ok := block.Hash()
+		return ok && hash == blockHash
+	})).Run(func(args mock.Arguments) {
+		out := args[1].(*hexutil.Bytes)
+		*out = expected
+	}).Return([]error{nil})
+
+	s, err := NewEthClient(m, nil, nil, testEthClientConfig)
+	require.NoError(t, err)
+	out, err := s.CallAtHash(ctx, msg, blockHash)
+	require.NoError(t, err)
+	require.Equal(t, []byte(expected), out)
+	m.Mock.AssertExpectations(t)
+}
+
 func randHeader() (*types.Header, *RPCHeader) {
 	hdr := &types.Header{
 		ParentHash:  randHash(),
diff --git a/op-service/testutils/metrics.go b/op-service/testutils/metrics.go
index ad6335df90d..3c60b33eb52 100644
--- a/op-service/testutils/metrics.go
+++ b/op-service/testutils/metrics.go
@@ -9,12 +9,13 @@ import (
 // TestDerivationMetrics implements the metrics used in the derivation pipeline as no-op operations.
 // Optionally a test may hook into the metrics
 type TestDerivationMetrics struct {
-	FnRecordL1ReorgDepth      func(d uint64)
-	FnRecordL1Ref             func(name string, ref eth.L1BlockRef)
-	FnRecordL2Ref             func(name string, ref eth.L2BlockRef)
-	FnRecordUnsafePayloads    func(length uint64, memSize uint64, next eth.BlockID)
-	FnRecordChannelInputBytes func(inputCompressedBytes int)
-	FnRecordChannelTimedOut   func()
+	FnRecordL1ReorgDepth        func(d uint64)
+	FnRecordL1Ref               func(name string, ref eth.L1BlockRef)
+	FnRecordL2Ref               func(name string, ref eth.L2BlockRef)
+	FnRecordUnsafePayloads      func(length uint64, memSize uint64, next eth.BlockID)
+	FnRecordChannelInputBytes   func(inputCompressedBytes int)
+	FnRecordChannelTimedOut     func()
+	FnRecordBatchConsensusProof func(result string)
 }
 
 func (t *TestDerivationMetrics) CountSequencedTxsInBlock(txns int, deposits int) {
@@ -71,6 +72,12 @@ func (t *TestDerivationMetrics) RecordFrame() {
 func (n *TestDerivationMetrics) RecordDerivedBatches(batchType string) {
 }
 
+func (n *TestDerivationMetrics) RecordBatchConsensusProof(result string) {
+	if n.FnRecordBatchConsensusProof != nil {
+		n.FnRecordBatchConsensusProof(result)
+	}
+}
+
 func (t *TestDerivationMetrics) SetDerivationIdle(idle bool) {}
 
 func (t *TestDerivationMetrics) RecordPipelineReset() {
diff --git a/op-service/testutils/mock_eth_client.go b/op-service/testutils/mock_eth_client.go
index 9975293866c..ccfe32f81e0 100644
--- a/op-service/testutils/mock_eth_client.go
+++ b/op-service/testutils/mock_eth_client.go
@@ -6,6 +6,7 @@ import (
 
 	"github.com/stretchr/testify/mock"
 
+	"github.com/ethereum/go-ethereum"
 	"github.com/ethereum/go-ethereum/common"
 	"github.com/ethereum/go-ethereum/core/types"
 	"github.com/ethereum/go-ethereum/rpc"
@@ -148,6 +149,15 @@ func (m *MockEthClient) ExpectFetchReceipts(hash common.Hash, info eth.BlockInfo
 	m.Mock.On("FetchReceipts", hash).Once().Return(&info, receipts, err)
 }
 
+func (m *MockEthClient) CallAtHash(ctx context.Context, msg ethereum.CallMsg, blockHash common.Hash) ([]byte, error) {
+	out := m.Mock.Called(msg, blockHash)
+	return out.Get(0).([]byte), out.Error(1)
+}
+
+func (m *MockEthClient) ExpectCallAtHash(msg ethereum.CallMsg, blockHash common.Hash, out []byte, err error) {
+	m.Mock.On("CallAtHash", msg, blockHash).Once().Return(out, err)
+}
+
 func (m *MockEthClient) GetProof(ctx context.Context, address common.Address, storage []common.Hash, blockTag string) (*eth.AccountResult, error) {
 	out := m.Mock.Called(address, storage, blockTag)
 	return out.Get(0).(*eth.AccountResult), out.Error(1)
diff --git a/op-up/batcher_consensus_smoke.go b/op-up/batcher_consensus_smoke.go
new file mode 100644
index 00000000000..6035f7530cd
--- /dev/null
+++ b/op-up/batcher_consensus_smoke.go
@@ -0,0 +1,225 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"time"
+
+	opservice "github.com/ethereum-optimism/optimism/op-service"
+	"github.com/ethereum-optimism/optimism/op-service/cliapp"
+	"github.com/ethereum-optimism/optimism/op-service/eth"
+	"github.com/urfave/cli/v2"
+)
+
+var batcherConsensusSmokeL2URLFlag = &cli.StringFlag{
+	Name:    "l2-rpc",
+	Usage:   "RPC URL for the consensus-enabled L2.",
+	EnvVars: opservice.PrefixEnvVar(envPrefix, "SMOKE_BATCHER_CONSENSUS_L2_RPC"),
+	Value:   "http://localhost:8545",
+}
+var batcherConsensusSmokeValidL2URLFlag = &cli.StringFlag{
+	Name:    "valid-l2-rpc",
+	Usage:   "RPC URL for the consensus-enabled L2 with valid Commonware proofs.",
+	EnvVars: opservice.PrefixEnvVar(envPrefix, "SMOKE_BATCHER_CONSENSUS_VALID_L2_RPC"),
+	Value:   "http://localhost:8545",
+}
+var batcherConsensusSmokeInvalidL2URLFlag = &cli.StringFlag{
+	Name:    "invalid-l2-rpc",
+	Usage:   "RPC URL for the consensus-enabled L2 with invalid Commonware proofs.",
+	EnvVars: opservice.PrefixEnvVar(envPrefix, "SMOKE_BATCHER_CONSENSUS_INVALID_L2_RPC"),
+	Value:   "http://localhost:8546",
+}
+
+const batcherConsensusRejectTimeout = 20 * time.Second
+
+type batcherConsensusSmokeEnv struct {
+	ctx    context.Context
+	stderr io.Writer
+	chain  *remoteChain
+	user   *remoteUser
+}
+
+func batcherConsensusSmokeCommand() *cli.Command {
+	smokeFlags := cliapp.ProtectFlags([]cli.Flag{batcherConsensusSmokeL2URLFlag, smokePrivateKeyFlag})
+	smokeAllFlags := cliapp.ProtectFlags([]cli.Flag{
+		batcherConsensusSmokeValidL2URLFlag,
+		batcherConsensusSmokeInvalidL2URLFlag,
+		smokePrivateKeyFlag,
+	})
+	return &cli.Command{
+		Name:  "smoke-batcher-consensus",
+		Usage: "run batcher consensus smoke tests against a remote chain RPC",
+		Subcommands: []*cli.Command{
+			{
+				Name:  "all",
+				Usage: "run valid and invalid batcher consensus smoke tests sequentially",
+				Flags: smokeAllFlags,
+				Action: func(cliCtx *cli.Context) error {
+					return smokeBatcherConsensusAll(cliCtx)
+				},
+			},
+			{
+				Name:  "safe-advance",
+				Usage: "send an L2 transfer and verify the safe head advances to include it",
+				Flags: smokeFlags,
+				Action: func(cliCtx *cli.Context) error {
+					return withBatcherConsensusSmokeEnv(cliCtx, "Batcher Consensus Safe Advance", smokeBatcherConsensusSafeAdvance)
+				},
+			},
+			{
+				Name:  "invalid-rejection",
+				Usage: "send an L2 transfer and verify invalid consensus proofs keep it out of the safe head",
+				Flags: smokeFlags,
+				Action: func(cliCtx *cli.Context) error {
+					return withBatcherConsensusSmokeEnv(cliCtx, "Batcher Consensus Invalid Rejection", smokeBatcherConsensusInvalidRejection)
+				},
+			},
+		},
+	}
+}
+
+func newBatcherConsensusSmokeEnv(ctx context.Context, stderr io.Writer, name, url, privateKey string) (*batcherConsensusSmokeEnv, func(), error) {
+	logger := newLogger(ctx, stderr)
+	chain, err := connectRemoteChain(ctx, logger, name, url)
+	if err != nil {
+		return nil, nil, err
+	}
+	privKey, address, err := resolveSmokeKey(privateKey)
+	if err != nil {
+		chain.ethClient.Close()
+		return nil, nil, err
+	}
+	env := &batcherConsensusSmokeEnv{
+		ctx:    ctx,
+		stderr: stderr,
+		chain:  chain,
+		user:   &remoteUser{chain: chain, privKey: privKey, address: address},
+	}
+	cleanup := func() {
+		chain.ethClient.Close()
+	}
+	return env, cleanup, nil
+}
+
+func withBatcherConsensusSmokeEnv(cliCtx *cli.Context, name string, fn func(env *batcherConsensusSmokeEnv) error) error {
+	ctx := cliCtx.Context
+	stderr := cliCtx.App.ErrWriter
+	env, cleanup, err := newBatcherConsensusSmokeEnv(
+		ctx,
+		stderr,
+		"L2",
+		cliCtx.String(batcherConsensusSmokeL2URLFlag.Name),
+		cliCtx.String(smokePrivateKeyFlag.Name),
+	)
+	if err != nil {
+		return err
+	}
+	defer cleanup()
+	fmt.Fprintf(stderr, "\n=== %s ===\n", name)
+	fmt.Fprintf(stderr, "%s RPC: %s (chain ID %s)\n", env.chain.name, env.chain.url, env.chain.chainID)
+	fmt.Fprintf(stderr, "Smoke Sender Address: %s\n\n", env.user.address)
+	if err := fn(env); err != nil {
+		fmt.Fprintf(stderr, "\nFAIL: %s (%v)\n", name, err)
+		return err
+	}
+	fmt.Fprintf(stderr, "\nPASS: %s\n", name)
+	return nil
+}
+
+func smokeBatcherConsensusAll(cliCtx *cli.Context) error {
+	ctx := cliCtx.Context
+	stderr := cliCtx.App.ErrWriter
+	validEnv, validCleanup, err := newBatcherConsensusSmokeEnv(
+		ctx,
+		stderr,
+		"Valid L2",
+		cliCtx.String(batcherConsensusSmokeValidL2URLFlag.Name),
+		cliCtx.String(smokePrivateKeyFlag.Name),
+	)
+	if err != nil {
+		return err
+	}
+	defer validCleanup()
+
+	invalidEnv, invalidCleanup, err := newBatcherConsensusSmokeEnv(
+		ctx,
+		stderr,
+		"Invalid L2",
+		cliCtx.String(batcherConsensusSmokeInvalidL2URLFlag.Name),
+		cliCtx.String(smokePrivateKeyFlag.Name),
+	)
+	if err != nil {
+		return err
+	}
+	defer invalidCleanup()
+
+	fmt.Fprintf(stderr, "\n=== Batcher Consensus All ===\n")
+	fmt.Fprintf(stderr, "Valid L2 RPC: %s (chain ID %s)\n", validEnv.chain.url, validEnv.chain.chainID)
+	fmt.Fprintf(stderr, "Invalid L2 RPC: %s (chain ID %s)\n", invalidEnv.chain.url, invalidEnv.chain.chainID)
+	fmt.Fprintf(stderr, "Smoke Sender Address: %s\n\n", validEnv.user.address)
+
+	if err := smokeBatcherConsensusSafeAdvance(validEnv); err != nil {
+		fmt.Fprintf(stderr, "\nFAIL: Batcher Consensus Safe Advance (%v)\n", err)
+		return err
+	}
+	if err := smokeBatcherConsensusInvalidRejection(invalidEnv); err != nil {
+		fmt.Fprintf(stderr, "\nFAIL: Batcher Consensus Invalid Rejection (%v)\n", err)
+		return err
+	}
+	fmt.Fprintf(stderr, "\nPASS: Batcher Consensus All\n")
+	return nil
+}
+
+func smokeBatcherConsensusSafeAdvance(env *batcherConsensusSmokeEnv) error {
+	recipient := randomAddress()
+	tx, err := env.user.transfer(env.ctx, recipient, eth.OneWei)
+	if err != nil {
+		return fmt.Errorf("send L2 transfer: %w", err)
+	}
+	receipt, err := tx.Included.Eval(env.ctx)
+	if err != nil {
+		return fmt.Errorf("wait for L2 transfer inclusion: %w", err)
+	}
+	targetSafe := receipt.BlockNumber.Uint64()
+	fmt.Fprintf(env.stderr, "    Included transfer in L2 block %d, waiting for safe head\n", targetSafe)
+	deadline := time.Now().Add(2 * smokeWaitTimeout)
+	for time.Now().Before(deadline) {
+		safe, err := env.chain.ethClient.BlockRefByLabel(env.ctx, eth.Safe)
+		if err == nil && safe.Number >= targetSafe {
+			fmt.Fprintf(env.stderr, "    Safe head reached L2 block %d\n", safe.Number)
+			return nil
+		}
+		time.Sleep(time.Second)
+	}
+	return fmt.Errorf("safe head did not reach L2 block %d before timeout", targetSafe)
+}
+
+func smokeBatcherConsensusInvalidRejection(env *batcherConsensusSmokeEnv) error {
+	startSafe, err := env.chain.ethClient.BlockRefByLabel(env.ctx, eth.Safe)
+	if err != nil {
+		return fmt.Errorf("read starting safe head: %w", err)
+	}
+	recipient := randomAddress()
+	tx, err := env.user.transfer(env.ctx, recipient, eth.OneWei)
+	if err != nil {
+		return fmt.Errorf("send L2 transfer: %w", err)
+	}
+	receipt, err := tx.Included.Eval(env.ctx)
+	if err != nil {
+		return fmt.Errorf("wait for L2 transfer inclusion: %w", err)
+	}
+	targetSafe := receipt.BlockNumber.Uint64()
+	fmt.Fprintf(env.stderr, "    Starting safe head: L2 block %d\n", startSafe.Number)
+	fmt.Fprintf(env.stderr, "    Included transfer in unsafe L2 block %d, checking it is not marked safe\n", targetSafe)
+	deadline := time.Now().Add(batcherConsensusRejectTimeout)
+	for time.Now().Before(deadline) {
+		safe, err := env.chain.ethClient.BlockRefByLabel(env.ctx, eth.Safe)
+		if err == nil && safe.Number >= targetSafe {
+			return fmt.Errorf("safe head unexpectedly reached L2 block %d with invalid consensus proofs", safe.Number)
+		}
+		time.Sleep(time.Second)
+	}
+	fmt.Fprintf(env.stderr, "    Safe head stayed below L2 block %d for %s\n", targetSafe, batcherConsensusRejectTimeout)
+	return nil
+}
diff --git a/op-up/main.go b/op-up/main.go
index de3870656c2..22b20942167 100644
--- a/op-up/main.go
+++ b/op-up/main.go
@@ -17,10 +17,13 @@ import (
 	"syscall"
 	"time"
 
+	batcher "github.com/ethereum-optimism/optimism/op-batcher/batcher"
+	batcherFlags "github.com/ethereum-optimism/optimism/op-batcher/flags"
 	"github.com/ethereum-optimism/optimism/op-chain-ops/devkeys"
 	"github.com/ethereum-optimism/optimism/op-devstack/devtest"
 	"github.com/ethereum-optimism/optimism/op-devstack/dsl"
 	"github.com/ethereum-optimism/optimism/op-devstack/presets"
+	"github.com/ethereum-optimism/optimism/op-devstack/sysgo"
 	opservice "github.com/ethereum-optimism/optimism/op-service"
 	"github.com/ethereum-optimism/optimism/op-service/cliapp"
 	"github.com/ethereum-optimism/optimism/op-service/client"
@@ -69,6 +72,22 @@ var (
 		Usage:   "start a 2-chain interop devnet backed by op-supernode.",
 		EnvVars: opservice.PrefixEnvVar(envPrefix, "INTEROP"),
 	}
+	batcherConsensusPOCFlag = &cli.BoolFlag{
+		Name:    "batcher-consensus-poc",
+		Usage:   "start a single-chain blob-mode devnet with the batcher consensus POC verifier and Commonware Simplex sidecar enabled.",
+		EnvVars: opservice.PrefixEnvVar(envPrefix, "BATCHER_CONSENSUS_POC"),
+	}
+	batcherConsensusPOCInvalidFlag = &cli.BoolFlag{
+		Name:    "batcher-consensus-poc-invalid",
+		Usage:   "run the batcher consensus POC sidecar in invalid-proof mode to demo rejection.",
+		EnvVars: opservice.PrefixEnvVar(envPrefix, "BATCHER_CONSENSUS_POC_INVALID"),
+	}
+	l2RPCPortFlag = &cli.StringFlag{
+		Name:    "l2-rpc-port",
+		Usage:   "the localhost port used to expose the single-chain L2 EL RPC.",
+		EnvVars: opservice.PrefixEnvVar(envPrefix, "L2_RPC_PORT"),
+		Value:   "8545",
+	}
 )
 
 func main() {
@@ -87,7 +106,7 @@ func run(ctx context.Context, args []string, stdout, stderr io.Writer) error {
 	app.Version = opservice.FormatVersion(Version, GitCommit, GitDate, VersionMeta)
 	app.Name = "op-up"
 	app.Usage = "deploys an in-memory OP Stack devnet."
-	app.Flags = cliapp.ProtectFlags([]cli.Flag{dirFlag, interopFlag})
+	app.Flags = cliapp.ProtectFlags([]cli.Flag{dirFlag, interopFlag, batcherConsensusPOCFlag, batcherConsensusPOCInvalidFlag, l2RPCPortFlag})
 	// The default OnUsageError behavior will print the error twice: once in the cli package and
 	// once in our main function.
 	// The function below prints help and returns the error for further handling/error messages.
@@ -98,15 +117,24 @@ func run(ctx context.Context, args []string, stdout, stderr io.Writer) error {
 		return err
 	}
 	app.Action = func(cliCtx *cli.Context) error {
-		return runOpUp(cliCtx.Context, cliCtx.App.ErrWriter, cliCtx.String(dirFlag.Name), cliCtx.Bool(interopFlag.Name))
+		return runOpUp(
+			cliCtx.Context,
+			cliCtx.App.ErrWriter,
+			cliCtx.String(dirFlag.Name),
+			cliCtx.Bool(interopFlag.Name),
+			cliCtx.Bool(batcherConsensusPOCFlag.Name),
+			cliCtx.Bool(batcherConsensusPOCInvalidFlag.Name),
+			cliCtx.String(l2RPCPortFlag.Name),
+		)
 	}
 	app.Commands = []*cli.Command{
 		smokeCommand(),
+		batcherConsensusSmokeCommand(),
 	}
 	return app.RunContext(ctx, args)
 }
 
-func runOpUp(ctx context.Context, stderr io.Writer, opUpDir string, interop bool) error {
+func runOpUp(ctx context.Context, stderr io.Writer, opUpDir string, interop bool, batcherConsensusPOC bool, batcherConsensusPOCInvalid bool, l2RPCPort string) error {
 	fmt.Fprintf(stderr, "%s\n", asciiArt)
 
 	if err := os.MkdirAll(opUpDir, 0o755); err != nil {
@@ -121,6 +149,12 @@ func runOpUp(ctx context.Context, stderr io.Writer, opUpDir string, interop bool
 	t := newTestingT(ctx, stderr, tempRoot)
 	defer t.doCleanup()
 
+	if interop && batcherConsensusPOC {
+		return fmt.Errorf("--%s cannot be combined with --%s", interopFlag.Name, batcherConsensusPOCFlag.Name)
+	}
+	if batcherConsensusPOCInvalid && !batcherConsensusPOC {
+		return fmt.Errorf("--%s requires --%s", batcherConsensusPOCInvalidFlag.Name, batcherConsensusPOCFlag.Name)
+	}
 	if interop {
 		sys, err := newSupernodeInteropSystem(t)
 		if err != nil {
@@ -130,11 +164,19 @@ func runOpUp(ctx context.Context, stderr io.Writer, opUpDir string, interop bool
 			return err
 		}
 	} else {
-		sys, err := newMinimalSystem(t)
+		sys, err := newMinimalSystem(t, batcherConsensusPOC, batcherConsensusPOCInvalid)
 		if err != nil {
 			return err
 		}
-		if err := runSystem(ctx, stderr, sys); err != nil {
+		if batcherConsensusPOC {
+			fmt.Fprintf(stderr, "Batcher consensus POC verifier: %s\n", sysgo.DefaultBatchConsensusMockVerifierAddress)
+			mode := "valid"
+			if batcherConsensusPOCInvalid {
+				mode = "invalid"
+			}
+			fmt.Fprintf(stderr, "Batcher consensus POC sidecar: Commonware Simplex finalization (%s proofs)\n", mode)
+		}
+		if err := runSystem(ctx, stderr, sys, l2RPCPort); err != nil {
 			return err
 		}
 	}
@@ -153,7 +195,7 @@ func newLogger(ctx context.Context, stderr io.Writer) log.Logger {
 	return logger
 }
 
-func newMinimalSystem(t *testingT) (sys *presets.Minimal, err error) {
+func newMinimalSystem(t *testingT, batcherConsensusPOC bool, batcherConsensusPOCInvalid bool) (sys *presets.Minimal, err error) {
 	defer func() {
 		if recovered := recover(); recovered != nil {
 			var failure testingFailure
@@ -164,6 +206,16 @@ func newMinimalSystem(t *testingT) (sys *presets.Minimal, err error) {
 			panic(recovered)
 		}
 	}()
+	if batcherConsensusPOC {
+		return presets.NewMinimalNoFaultProofs(t,
+			presets.WithDeployerOptions(sysgo.WithEcotoneAtGenesis),
+			presets.WithBatchConsensusMockVerifier(sysgo.DefaultBatchConsensusMockVerifierAddress),
+			presets.WithBatchConsensusCommonwareSidecarResult(!batcherConsensusPOCInvalid),
+			presets.WithBatcherOption(func(_ sysgo.ComponentTarget, cfg *batcher.CLIConfig) {
+				cfg.DataAvailabilityType = batcherFlags.BlobsType
+			}),
+		), nil
+	}
 	return presets.NewMinimal(t), nil
 }
 
@@ -186,18 +238,19 @@ func newSupernodeInteropSystem(t *testingT) (sys *presets.TwoL2SupernodeInterop,
 	), nil
 }
 
-func runSystem(ctx context.Context, stderr io.Writer, sys *presets.Minimal) error {
+func runSystem(ctx context.Context, stderr io.Writer, sys *presets.Minimal, l2RPCPort string) error {
 	if err := printAccountInfo(stderr); err != nil {
 		return err
 	}
-	fmt.Fprintf(stderr, "EL Node URL: %s\n", "http://localhost:8545")
+	elNodeURL := "http://localhost:" + l2RPCPort
+	fmt.Fprintf(stderr, "EL Node URL: %s\n", elNodeURL)
 
 	elNode := sys.L2EL
 	go logBlocks(ctx, stderr, "L2", elNode)
 
 	// Proxy L2 EL requests.
 	go func() {
-		if err := proxyEL(ctx, stderr, "localhost:8545", elNode.Escape().L2EthClient().RPC()); err != nil && !errors.Is(err, http.ErrServerClosed) {
+		if err := proxyEL(ctx, stderr, "localhost:"+l2RPCPort, elNode.Escape().L2EthClient().RPC()); err != nil && !errors.Is(err, http.ErrServerClosed) {
 			fmt.Fprintf(stderr, "error: %v", err)
 		}
 	}()
diff --git a/packages/contracts-bedrock/src/L1/CommonwareSimplexBatchConsensusVerifier.sol b/packages/contracts-bedrock/src/L1/CommonwareSimplexBatchConsensusVerifier.sol
new file mode 100644
index 00000000000..59bcc31365f
--- /dev/null
+++ b/packages/contracts-bedrock/src/L1/CommonwareSimplexBatchConsensusVerifier.sol
@@ -0,0 +1,183 @@
+// SPDX-License-Identifier: MIT
+pragma solidity 0.8.15;
+
+/// @title CommonwareSimplexBatchConsensusVerifier
+/// @notice Verifies a Commonware Simplex secp256r1 batch-consensus proof envelope.
+/// @dev The fallback accepts raw proof bytes and returns ABI-encoded bool so op-node can eth_call the verifier
+///      directly with the blob transaction calldata.
+contract CommonwareSimplexBatchConsensusVerifier {
+    bytes9 internal constant SIMPLEX_PREFIX = "CWSIMPLX1";
+
+    uint256 internal constant OUTER_DIGEST_OFFSET = 0x0009;
+    uint256 internal constant OUTER_MARKER_OFFSET = 0x0029;
+    uint256 internal constant CERTIFICATE_OFFSET = 0x00ed;
+    uint256 internal constant PROPOSAL_OFFSET = CERTIFICATE_OFFSET + 0x0009;
+    uint256 internal constant PAYLOAD_OFFSET = PROPOSAL_OFFSET + 0x0003;
+    uint256 internal constant SIGNERS_LEN_OFFSET = PROPOSAL_OFFSET + 0x0023;
+    uint256 internal constant BITMAP_OFFSET = SIGNERS_LEN_OFFSET + 0x0008;
+    uint256 internal constant SIGNATURE_LEN_OFFSET = BITMAP_OFFSET + 0x0001;
+    uint256 internal constant SIGNATURE_OFFSET = SIGNATURE_LEN_OFFSET + 0x0001;
+    uint256 internal constant PROPOSAL_LEN = 0x0023;
+    uint256 internal constant HASH_INPUT_LEN = 0x004d;
+    uint256 internal constant P256_INPUT_LEN = 0x00a0;
+    uint256 internal constant MAX_BITMAP_SIGNERS = 8;
+
+    address internal constant P256_PRECOMPILE = 0x0000000000000000000000000000000000000100;
+
+    uint256 public committeeSize;
+    uint256 public quorum;
+    mapping(uint256 => bytes32) public validatorX;
+    mapping(uint256 => bytes32) public validatorY;
+
+    constructor(bytes32[] memory _validatorX, bytes32[] memory _validatorY, uint256 _quorum) {
+        require(_validatorX.length == _validatorY.length, "CommonwareSimplex: length mismatch");
+        require(_validConfig(_validatorX.length, _quorum), "CommonwareSimplex: invalid config");
+        committeeSize = _validatorX.length;
+        quorum = _quorum;
+        for (uint256 i = 0; i < _validatorX.length; i++) {
+            require(_validatorX[i] != bytes32(0) && _validatorY[i] != bytes32(0), "CommonwareSimplex: empty validator");
+            for (uint256 j = 0; j < i; j++) {
+                require(
+                    _validatorX[i] != _validatorX[j] || _validatorY[i] != _validatorY[j],
+                    "CommonwareSimplex: duplicate validator"
+                );
+            }
+            validatorX[i] = _validatorX[i];
+            validatorY[i] = _validatorY[i];
+        }
+    }
+
+    /// @notice Raw-call entrypoint used by op-node derivation.
+    fallback(bytes calldata _proof) external returns (bytes memory) {
+        return abi.encode(_verify(_proof));
+    }
+
+    /// @notice Named verifier entrypoint for tests and tooling.
+    function verifyBatchConsensus(bytes calldata _proof) external view returns (bool) {
+        return _verify(_proof);
+    }
+
+    function _verify(bytes calldata _proof) internal view returns (bool) {
+        uint256 size = committeeSize;
+        uint256 threshold = quorum;
+        if (!_validConfig(size, threshold)) return false;
+        if (_proof.length < SIGNATURE_OFFSET) return false;
+        if (_readBytes9(_proof, 0) != SIMPLEX_PREFIX) return false;
+        if (_readBytes9(_proof, CERTIFICATE_OFFSET) != SIMPLEX_PREFIX) return false;
+        if (_byteAt(_proof, OUTER_MARKER_OFFSET) != 0x01) return false;
+        if (_readBytes32(_proof, OUTER_DIGEST_OFFSET) != _readBytes32(_proof, PAYLOAD_OFFSET)) return false;
+        if (_readUint64(_proof, SIGNERS_LEN_OFFSET) != size) return false;
+
+        uint8 bitmap = _byteAt(_proof, BITMAP_OFFSET);
+        uint256 signatureCount = _byteAt(_proof, SIGNATURE_LEN_OFFSET);
+        if (signatureCount < threshold) return false;
+        if (_proof.length != SIGNATURE_OFFSET + (signatureCount * 64)) return false;
+        if (_countBits(bitmap) != signatureCount) return false;
+
+        bytes32 digest = _simplexSigningDigest(_proof);
+        return _verifyQuorum(_proof, digest, bitmap, signatureCount, size, threshold);
+    }
+
+    function _simplexSigningDigest(bytes calldata _proof) internal pure returns (bytes32 digest_) {
+        bytes memory input = new bytes(HASH_INPUT_LEN);
+        uint256 proposalOffset = PROPOSAL_OFFSET;
+        assembly {
+            let ptr := add(input, 0x20)
+            mstore(ptr, 0x296f702d626174636865722d636f6e73656e7375732d706f632f73696d706c65)
+            mstore(add(ptr, 0x20), 0x785f46494e414c495a4500000000000000000000000000000000000000000000)
+            calldatacopy(add(ptr, 0x2a), add(_proof.offset, proposalOffset), 0x23)
+        }
+        digest_ = sha256(input);
+    }
+
+    function _verifyQuorum(
+        bytes calldata _proof,
+        bytes32 _digest,
+        uint8 _bitmap,
+        uint256 _signatureCount,
+        uint256 _committeeSize,
+        uint256 _quorum
+    )
+        internal
+        view
+        returns (bool)
+    {
+        uint256 verified = 0;
+        uint256 bitmap = uint256(_bitmap);
+        for (uint256 validatorIndex = 0; validatorIndex < _committeeSize; validatorIndex++) {
+            if ((bitmap & (uint256(1) << validatorIndex)) == 0) continue;
+            if (!_verifyValidator(_proof, _digest, validatorIndex, verified)) return false;
+            verified++;
+        }
+        return verified == _signatureCount && verified >= _quorum;
+    }
+
+    function _verifyValidator(
+        bytes calldata _proof,
+        bytes32 _digest,
+        uint256 _validatorIndex,
+        uint256 _signatureIndex
+    )
+        internal
+        view
+        returns (bool)
+    {
+        uint256 sigOffset = SIGNATURE_OFFSET + (_signatureIndex * 64);
+        bytes32 r = _readBytes32(_proof, sigOffset);
+        bytes32 s = _readBytes32(_proof, sigOffset + 32);
+        (bytes32 x, bytes32 y) = _validatorKey(_validatorIndex);
+        return _verifyP256(_digest, r, s, x, y);
+    }
+
+    function _verifyP256(bytes32 _digest, bytes32 _r, bytes32 _s, bytes32 _x, bytes32 _y) internal view returns (bool) {
+        bytes memory input = new bytes(P256_INPUT_LEN);
+        assembly {
+            let ptr := add(input, 0x20)
+            mstore(ptr, _digest)
+            mstore(add(ptr, 0x20), _r)
+            mstore(add(ptr, 0x40), _s)
+            mstore(add(ptr, 0x60), _x)
+            mstore(add(ptr, 0x80), _y)
+        }
+        (bool success, bytes memory output) = P256_PRECOMPILE.staticcall(input);
+        return success && output.length == 32 && abi.decode(output, (uint256)) == 1;
+    }
+
+    function _validatorKey(uint256 _validatorIndex) internal view returns (bytes32 x_, bytes32 y_) {
+        x_ = validatorX[_validatorIndex];
+        y_ = validatorY[_validatorIndex];
+    }
+
+    function _validConfig(uint256 _committeeSize, uint256 _quorum) internal pure returns (bool) {
+        return _committeeSize > 0 && _committeeSize <= MAX_BITMAP_SIGNERS && _quorum > 0 && _quorum <= _committeeSize;
+    }
+
+    function _countBits(uint8 _bitmap) internal pure returns (uint256 count_) {
+        uint256 bitmap = uint256(_bitmap);
+        for (uint256 i = 0; i < MAX_BITMAP_SIGNERS; i++) {
+            if ((bitmap & (uint256(1) << i)) != 0) count_++;
+        }
+    }
+
+    function _readBytes9(bytes calldata _data, uint256 _offset) internal pure returns (bytes9 out_) {
+        assembly {
+            out_ := calldataload(add(_data.offset, _offset))
+        }
+    }
+
+    function _readBytes32(bytes calldata _data, uint256 _offset) internal pure returns (bytes32 out_) {
+        assembly {
+            out_ := calldataload(add(_data.offset, _offset))
+        }
+    }
+
+    function _readUint64(bytes calldata _data, uint256 _offset) internal pure returns (uint64 out_) {
+        assembly {
+            out_ := shr(192, calldataload(add(_data.offset, _offset)))
+        }
+    }
+
+    function _byteAt(bytes calldata _data, uint256 _offset) internal pure returns (uint8 out_) {
+        out_ = uint8(_data[_offset]);
+    }
+}
diff --git a/packages/contracts-bedrock/test/L1/CommonwareSimplexBatchConsensusVerifier.t.sol b/packages/contracts-bedrock/test/L1/CommonwareSimplexBatchConsensusVerifier.t.sol
new file mode 100644
index 00000000000..e9a05a1ad37
--- /dev/null
+++ b/packages/contracts-bedrock/test/L1/CommonwareSimplexBatchConsensusVerifier.t.sol
@@ -0,0 +1,112 @@
+// SPDX-License-Identifier: MIT
+pragma solidity 0.8.15;
+
+import { Test } from "test/setup/Test.sol";
+import { CommonwareSimplexBatchConsensusVerifier } from "src/L1/CommonwareSimplexBatchConsensusVerifier.sol";
+
+contract CommonwareSimplexBatchConsensusVerifier_Test is Test {
+    bytes internal constant P256_VERIFIER_BYTECODE =
+        hex"7fffffffff00000001000000000000000000000000ffffffffffffffffffffffff604052610199565b60008060008561003f5750859150869050876100cc565b886100515750829150839050846100cc565b60405180878809818b8c098281880983838c0984858f85098b09925084858c86098e099350848286038208905084818209858183098685880387089550868788848709600209880388838a038a8a8b09080899508687828709880388898d8b038b878a09088909089850505084858f8d098209955050505050505b96509650969350505050565b8160071b915081513d8301516040840151604051808384098183840982838388096004098384858485093d510985868a8b09600309089650838482600209850385898a090891508384858586096008098503858685880385088a0908965050828385870960020960079790971b9081523d810195909552505050506040015250565b8160071b91508260071b925061018460408401513d850151855160408601513d8701518751610028565b60079390931b9182523d820152604001525050565b6020357fffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6325516040357f7fffffff800000007fffffffffffffffde737d56d38bcf4279dce5617e3192a88111156101eb5781035b60206108005260206108205260206108405280610860526002820361088052816108a0526040518060031860205260603560803560203d60c061080060055afa60203d1416837f5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b8585873d5189898a09080908848384091486861086151087891089151016609f36111616166102815760206080f35b60808281523d01819052600160c05250507f6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2966102009081527f4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f53d9091015250506001610240526102f3600160026100d8565b6102ff600460086100d8565b61030d60026001600361015a565b61031b60046001600561015a565b61032960046002600661015a565b61033760046003600761015a565b61034560086001600961015a565b61035360086002600a61015a565b61036160086003600b61015a565b61036f60086004600c61015a565b61037d600c6001600d61015a565b61038b600c6002600e61015a565b610399600c6003600f61015a565b6000816000516000350982600051850960008060006040515b821561046657808485098184850982838386096004098384858485093d51098586888909600309088485836002098603868384090885868787880960080987038788848a03870885090886878a8c09600209878283099650878182099550878888850960040994508788898889093d5109898a868709600309089350878886600209890389868709089850878882840960020999505050508485868687096008098603868789890386088409089750505050505b61018085881b60f71c1661060087891b60f51c1617801561051e57604081015180610491575061051e565b846104a85781513d8301519650909450925061051e565b82858609838283098481870985868584098a09915085818703878588510908868182098781830988858a038a8b8e8a093d8c01510908955088898a8487096002098a038a838c038c8a8b090808995088898287098a038a8b8d8d038d878a09088909089b5050508687868b098209985050505050505b5082156105d357808485098184850982838386096004098384858485093d51098586888909600309088485836002098603868384090885868787880960080987038788848a03870885090886878a8c09600209878283099650878182099550878888850960040994508788898889093d5109898a868709600309089350878886600209890389868709089850878882840960020999505050508485868687096008098603868789890386088409089750505050505b61018085881b60f51c1661060087891b60f31c1617801561068b576040810151806105fe575061068b565b846106155781513d8301519650909450925061068b565b82858609838283098481870985868584098a09915085818703878588510908868182098781830988858a038a8b8e8a093d8c01510908955088898a8487096002098a038a838c038c8a8b090808995088898287098a038a8b8d8d038d878a09088909089b5050508687868b098209985050505050505b50600487019660fb19016103b257826106a75788153d5260203df35b82610860526002810361088052806108a0523d3d60c061080060055afa898983843d513d510986090614163d525050505050505050503d3df3fea26469706673582212206775789f4c3ac0130b20d36cc627c1cec82b85082a6b23157dc1409168ae969264736f6c634300081a0033";
+
+    CommonwareSimplexBatchConsensusVerifier verifier;
+
+    bytes internal constant VALID_PROOF =
+        hex"435753494d504c5831a9dc0572235267fb0049b4c044903f4ec7c23784811f24d2238248045975ad400193c3457f16ecd9c18552cd55ae4816e0490107e52b860bd6c35d96291d4afc181d5e583deb6b0d4b83e3e69fb21851c40b1a299b60e84ea65ca02608c08e3c2801db85662d346681d1d481629901f3d543f6a4ebf5ee9db0c8be72c79d979f917d1b6810d00542fabd9c069f370964ed510ac33e393e63b5f33a2ad161c386836000129d544755d396e2fd153459dddacfa2571c0b0eaef97af37c172bbe791e3874252772233e69318940ee3e4432065ee65228c8a9d5ec5cb5313d8504d5a8edba00435753494d504c5831000200a9dc0572235267fb0049b4c044903f4ec7c23784811f24d2238248045975ad4000000000000000040e0393cef7cc3de40e20cf4e211a10dfd51277bfc8c7d039909bc1d925798efd31dd527be67cc5b9fe797cdde5523d750d4d90bf12f763ab5d0b1d2ed530515ddd0ad38f5287bd39c36d22a44843a9f9f0af2aa459c3399cc43a319edd5280ba630b442e2a59c8e718674a4dbc06cf0a4a2baa2f38a8da4d79e19e7cdf67c8e869b3fe40e383b25fc686507b49f81640ef09d25672a01226e48ccc533321831ebfdf39bab8e450680daad689faf453a10cc0c5eb8d46a40803a85b325a67e606b6ac";
+
+    function setUp() public {
+        vm.etch(address(0x100), P256_VERIFIER_BYTECODE);
+        verifier = _newVerifier(3);
+    }
+
+    function test_verifyBatchConsensus_validProof_succeeds() public view {
+        assertTrue(verifier.verifyBatchConsensus(VALID_PROOF));
+    }
+
+    function test_fallback_validProof_succeeds() public view {
+        (bool success, bytes memory out) = address(verifier).staticcall(VALID_PROOF);
+        assertTrue(success);
+        assertTrue(abi.decode(out, (bool)));
+    }
+
+    function test_verifyBatchConsensus_rejectsMissingCertificate() public view {
+        bytes memory proof = _truncate(VALID_PROOF, 246);
+        assertFalse(verifier.verifyBatchConsensus(proof));
+    }
+
+    function test_verifyBatchConsensus_rejectsInvalidMarker() public view {
+        bytes memory proof = _copy(VALID_PROOF);
+        proof[0x29] = 0x00;
+        assertFalse(verifier.verifyBatchConsensus(proof));
+    }
+
+    function test_verifyBatchConsensus_rejectsMismatchedPayload() public view {
+        bytes memory proof = _copy(VALID_PROOF);
+        proof[0x00f9] ^= 0x01;
+        assertFalse(verifier.verifyBatchConsensus(proof));
+    }
+
+    function test_verifyBatchConsensus_rejectsInvalidSimplexSignature() public view {
+        bytes memory proof = _copy(VALID_PROOF);
+        proof[0x0123] ^= 0x01;
+        assertFalse(verifier.verifyBatchConsensus(proof));
+    }
+
+    function test_verifyBatchConsensus_rejectsInsufficientQuorum() public {
+        CommonwareSimplexBatchConsensusVerifier fourOfFour = _newVerifier(4);
+        assertFalse(fourOfFour.verifyBatchConsensus(VALID_PROOF));
+    }
+
+    function test_verifyBatchConsensus_rejectsWrongCommitteeKey() public {
+        (bytes32[] memory xs, bytes32[] memory ys) = _committee();
+        xs[1] = xs[0];
+        CommonwareSimplexBatchConsensusVerifier wrongCommittee = new CommonwareSimplexBatchConsensusVerifier(xs, ys, 3);
+        assertFalse(wrongCommittee.verifyBatchConsensus(VALID_PROOF));
+    }
+
+    function test_constructor_rejectsInvalidQuorum() public {
+        (bytes32[] memory xs, bytes32[] memory ys) = _committee();
+        vm.expectRevert("CommonwareSimplex: invalid config");
+        new CommonwareSimplexBatchConsensusVerifier(xs, ys, 5);
+    }
+
+    function test_constructor_rejectsDuplicateValidator() public {
+        (bytes32[] memory xs, bytes32[] memory ys) = _committee();
+        xs[2] = xs[1];
+        ys[2] = ys[1];
+        vm.expectRevert("CommonwareSimplex: duplicate validator");
+        new CommonwareSimplexBatchConsensusVerifier(xs, ys, 3);
+    }
+
+    function _newVerifier(uint256 quorum) internal returns (CommonwareSimplexBatchConsensusVerifier) {
+        (bytes32[] memory xs, bytes32[] memory ys) = _committee();
+        return new CommonwareSimplexBatchConsensusVerifier(xs, ys, quorum);
+    }
+
+    function _committee() internal pure returns (bytes32[] memory xs, bytes32[] memory ys) {
+        xs = new bytes32[](4);
+        ys = new bytes32[](4);
+
+        xs[0] = 0x3bd43f49684b6e9be4eee504029cfc9e520d6035605ec99acdd082f818324d6c;
+        ys[0] = 0x59dc2d73f88d5def8923c6ef41fa5e25ba7420c7bb4a7f002ee3e81878e45f1b;
+        xs[1] = 0xb94425908ddd66d4dc8fc0e1516fe888c7558e5945da5c0b3df3d9a12cc7d991;
+        ys[1] = 0x30a50e74eb9cf19dbe8545f55f25774d035431ddd8f60996f6be020ab9932cff;
+        xs[2] = 0x6348f24d507e944cc8a2c73c88f05cc1224b4873bd7b12fb75d48be495b1a3c6;
+        ys[2] = 0x674fe8b903c5d7f11d5f6261851f0e0e5cd835dfea422f0a59a0c43a56d8482b;
+        xs[3] = 0xc2d3f77d431b8d1b66f73bff503fd3f82dc4172992e7bebd9f836dbc8da7efa8;
+        ys[3] = 0xea311f669388c70096d166207adbe142f4ae09384a66d9aa73b9e6646ab8ad7f;
+    }
+
+    function _copy(bytes memory input) internal pure returns (bytes memory out) {
+        out = new bytes(input.length);
+        for (uint256 i = 0; i < input.length; i++) {
+            out[i] = input[i];
+        }
+    }
+
+    function _truncate(bytes memory input, uint256 newLength) internal pure returns (bytes memory out) {
+        out = new bytes(newLength);
+        for (uint256 i = 0; i < newLength; i++) {
+            out[i] = input[i];
+        }
+    }
+}