From 8cfb4cf4587b4b32134498d34d602022f30b565a Mon Sep 17 00:00:00 2001
From: Dzejkop <jakubtrad@gmail.com>
Date: Mon, 15 Dec 2025 16:41:33 +0100
Subject: [PATCH] Add support for jwt secret auth

---
 runner/payload/simulator/cmd/main.go | 50 ++++++++++++++++++++++------
 1 file changed, 40 insertions(+), 10 deletions(-)

diff --git a/runner/payload/simulator/cmd/main.go b/runner/payload/simulator/cmd/main.go
index c323753..6590b8b 100644
--- a/runner/payload/simulator/cmd/main.go
+++ b/runner/payload/simulator/cmd/main.go
@@ -2,12 +2,14 @@ package main
 
 import (
 	"context"
+	"encoding/hex"
 	"encoding/json"
 	"fmt"
 	"math/big"
 	"math/rand"
 	"os"
 	"sort"
+	"strings"
 	"sync"
 
 	"github.com/base/base-bench/runner/payload/simulator/simulatorstats"
@@ -17,6 +19,8 @@ import (
 	"github.com/ethereum/go-ethereum/core/types"
 	"github.com/ethereum/go-ethereum/ethclient"
 	"github.com/ethereum/go-ethereum/log"
+	"github.com/ethereum/go-ethereum/node"
+	"github.com/ethereum/go-ethereum/rpc"
 	"github.com/urfave/cli/v2"
 )
 
@@ -26,6 +30,10 @@ var flags = []cli.Flag{
 		Usage:    "RPC URL of the chain to fetch payloads from",
 		Required: true,
 	},
+	&cli.StringFlag{
+		Name:  "rpc-url-jwt-secret",
+		Usage: "Hex-encoded JWT secret for authenticating RPC calls (optional)",
+	},
 	&cli.IntFlag{
 		Name:  "sample-size",
 		Usage: "Number of payloads to sample",
@@ -95,6 +103,16 @@ func main() {
 		var genesis *core.Genesis
 		var err error
 		if chainID != "" {
+			chainIDBig, ok := new(big.Int).SetString(chainID, 10)
+			if !ok {
+				return fmt.Errorf("invalid chain ID: %s", chainID)
+			}
+
+			genesis, err = core.LoadOPStackGenesis(chainIDBig.Uint64())
+			if err != nil {
+				return err
+			}
+		} else {
 			genesisFile, err := os.Open(genesisFilePath)
 			if err != nil {
 				return err
@@ -104,23 +122,35 @@ func main() {
 			if err != nil {
 				return err
 			}
-		} else {
-			chainIDBig, ok := new(big.Int).SetString(chainID, 10)
-			if !ok {
-				return fmt.Errorf("invalid chain ID: %s", chainID)
+		}
+
+		// Create ethclient with optional JWT authentication
+		var client *ethclient.Client
+		if jwtSecretHex := c.String("rpc-url-jwt-secret"); jwtSecretHex != "" {
+			jwtSecretBytes, err := hex.DecodeString(strings.TrimPrefix(jwtSecretHex, "0x"))
+			if err != nil {
+				return fmt.Errorf("failed to decode jwt secret: %w", err)
 			}
 
-			genesis, err = core.LoadOPStackGenesis(chainIDBig.Uint64())
+			if len(jwtSecretBytes) != 32 {
+				return fmt.Errorf("jwt secret must be 32 bytes, got %d", len(jwtSecretBytes))
+			}
+
+			var jwtSecret [32]byte
+			copy(jwtSecret[:], jwtSecretBytes)
+
+			rpcClient, err := rpc.DialOptions(c.Context, rpcURL, rpc.WithHTTPAuth(node.NewJWTAuth(jwtSecret)))
+			if err != nil {
+				return fmt.Errorf("failed to dial rpc with jwt auth: %w", err)
+			}
+			client = ethclient.NewClient(rpcClient)
+		} else {
+			client, err = ethclient.DialContext(c.Context, rpcURL)
 			if err != nil {
 				return err
 			}
 		}
 
-		client, err := ethclient.DialContext(c.Context, rpcURL)
-		if err != nil {
-			return err
-		}
-
 		latestBlock, err := client.BlockByNumber(c.Context, nil)
 		if err != nil {
 			return err