From 16bbc52e5a7150b12c921d851f51164c7f355f4c Mon Sep 17 00:00:00 2001
From: Santiago Palladino <santiago@aztecprotocol.com>
Date: Wed, 4 Mar 2026 11:23:53 -0300
Subject: [PATCH] feat(validator): add VALIDATOR_ env vars for independent
 block limits (#21060)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Adds `VALIDATOR_MAX_L2_BLOCK_GAS`, `VALIDATOR_MAX_DA_BLOCK_GAS`,
`VALIDATOR_MAX_TX_PER_BLOCK`, and `VALIDATOR_MAX_TX_PER_CHECKPOINT` env
vars so operators can tune validation limits independently from `SEQ_`
proposer limits
- When a `VALIDATOR_` var is not set, no per-block limit is enforced for
that dimension (checkpoint-level protocol limits still apply)
- P2P gossip validation uses `VALIDATOR_MAX_TX_PER_BLOCK` when set,
falling back to the sequencer's `maxTxsPerBlock`

- [x] `yarn build` passes
- [x] `yarn format` and `yarn lint` clean
- [x] `yarn workspace @aztec/validator-client test` — 158 passed
- [x] `yarn workspace @aztec/stdlib test
src/checkpoint/validate.test.ts` — 20 passed

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
---
 .../operators/reference/changelog/v4.md       |  78 ++++++
 .../aztec-node/src/aztec-node/server.ts       |   8 +-
 yarn-project/foundation/src/config/env_var.ts |   4 +
 yarn-project/p2p/src/config.ts                |   9 +
 .../p2p/src/services/libp2p/libp2p_service.ts |  12 +-
 yarn-project/stdlib/src/block/l2_block.ts     |   5 +
 yarn-project/stdlib/src/checkpoint/index.ts   |   1 +
 .../stdlib/src/checkpoint/validate.ts         | 230 ++++++++++++++++++
 .../stdlib/src/interfaces/validator.ts        |  19 +-
 yarn-project/validator-client/README.md       |  42 ++++
 .../src/block_proposal_handler.ts             |   7 +
 yarn-project/validator-client/src/config.ts   |  20 ++
 yarn-project/validator-client/src/factory.ts  |   2 +-
 .../validator-client/src/validator.ts         |  16 +-
 14 files changed, 440 insertions(+), 13 deletions(-)
 create mode 100644 yarn-project/stdlib/src/checkpoint/validate.ts

diff --git a/docs/docs-operate/operators/reference/changelog/v4.md b/docs/docs-operate/operators/reference/changelog/v4.md
index 42e5dbd12538..48b21a1808f2 100644
--- a/docs/docs-operate/operators/reference/changelog/v4.md
+++ b/docs/docs-operate/operators/reference/changelog/v4.md
@@ -70,6 +70,65 @@ The `getL2Tips()` RPC endpoint now returns a restructured response with addition
 - Replace `tips.latest` with `tips.proposed`
 - For `checkpointed`, `proven`, and `finalized` tips, access block info via `.block` (e.g., `tips.proven.block.number`)
 
+### Block gas limits reworked
+
+The byte-based block size limit has been removed and replaced with field-based blob limits and automatic gas budget computation from L1 rollup limits.
+
+**Removed:**
+
+```bash
+--maxBlockSizeInBytes <value>                    ($SEQ_MAX_BLOCK_SIZE_IN_BYTES)
+```
+
+**Changed to optional (now auto-computed from L1 if not set):**
+
+```bash
+--maxL2BlockGas <value>                          ($SEQ_MAX_L2_BLOCK_GAS)
+--maxDABlockGas <value>                          ($SEQ_MAX_DA_BLOCK_GAS)
+```
+
+**New (proposer):**
+
+```bash
+--gasPerBlockAllocationMultiplier <value>         ($SEQ_GAS_PER_BLOCK_ALLOCATION_MULTIPLIER)
+--maxTxsPerCheckpoint <value>                     ($SEQ_MAX_TX_PER_CHECKPOINT)
+```
+
+**New (validator):**
+
+```bash
+--validateMaxL2BlockGas <value>                   ($VALIDATOR_MAX_L2_BLOCK_GAS)
+--validateMaxDABlockGas <value>                   ($VALIDATOR_MAX_DA_BLOCK_GAS)
+--validateMaxTxsPerBlock <value>                  ($VALIDATOR_MAX_TX_PER_BLOCK)
+--validateMaxTxsPerCheckpoint <value>             ($VALIDATOR_MAX_TX_PER_CHECKPOINT)
+```
+
+**Migration**: Remove `SEQ_MAX_BLOCK_SIZE_IN_BYTES` from your configuration. Per-block L2 and DA gas budgets are now derived automatically as `(checkpointLimit / maxBlocks) * multiplier`, where the multiplier defaults to 2. You can still override `SEQ_MAX_L2_BLOCK_GAS` and `SEQ_MAX_DA_BLOCK_GAS` explicitly, but they will be capped at the checkpoint-level limits. Validators can now set independent per-block and per-checkpoint limits via the `VALIDATOR_` env vars; when not set, only checkpoint-level protocol limits are enforced.
+
+### Setup phase allow list requires function selectors
+
+The transaction setup phase allow list now enforces function selectors, restricting which specific functions can run during setup on whitelisted contracts. Previously, any public function on a whitelisted contract or class was permitted.
+
+The semantics of the environment variable `TX_PUBLIC_SETUP_ALLOWLIST` have changed:
+
+**v3.x:**
+
+```bash
+--txPublicSetupAllowList <value>     ($TX_PUBLIC_SETUP_ALLOWLIST)
+```
+
+The variable fully **replaced** the hardcoded defaults. Format allowed entries without selectors: `I:address`, `C:classId`.
+
+**v4.0.0:**
+
+```bash
+--txPublicSetupAllowListExtend <value>  ($TX_PUBLIC_SETUP_ALLOWLIST)
+```
+
+The variable now **extends** the hardcoded defaults (which are always present). Selectors are now mandatory. Format: `I:address:selector,C:classId:selector`.
+
+**Migration**: If you were using `TX_PUBLIC_SETUP_ALLOWLIST`, ensure all entries include function selectors. Note the variable now adds to defaults rather than replacing them. If you were not setting this variable, no action is needed — the hardcoded defaults now include the correct selectors automatically.
+
 ## Removed features
 
 ## New features
@@ -149,6 +208,25 @@ P2P_RPC_PRICE_BUMP_PERCENTAGE=10     # default: 10 (percent)
 
 Set to `0` to disable the percentage-based bump (still requires strictly higher fee).
 
+### Validator-specific block limits
+
+Validators can now enforce per-block and per-checkpoint limits independently from the sequencer (proposer) limits. This allows operators to accept proposals that exceed their own proposer settings, or to reject proposals that are too large even if the proposer's limits allow them.
+
+**Configuration:**
+
+```bash
+VALIDATOR_MAX_L2_BLOCK_GAS=<value>         # Max L2 gas per block for validation
+VALIDATOR_MAX_DA_BLOCK_GAS=<value>         # Max DA gas per block for validation
+VALIDATOR_MAX_TX_PER_BLOCK=<value>         # Max txs per block for validation
+VALIDATOR_MAX_TX_PER_CHECKPOINT=<value>    # Max txs per checkpoint for validation
+```
+
+When not set, no per-block limit is enforced for that dimension — only checkpoint-level protocol limits apply. These do not fall back to the `SEQ_` values.
+
+### Setup allow list extendable via network config
+
+The setup phase allow list can now be extended via the network configuration JSON (`txPublicSetupAllowListExtend` field). This allows network operators to distribute additional allowed setup functions to all nodes without requiring code changes. The local environment variable takes precedence over the network-json value.
+
 ## Changed defaults
 
 ## Troubleshooting
diff --git a/yarn-project/aztec-node/src/aztec-node/server.ts b/yarn-project/aztec-node/src/aztec-node/server.ts
index 4670222c1125..2f6bf4a98158 100644
--- a/yarn-project/aztec-node/src/aztec-node/server.ts
+++ b/yarn-project/aztec-node/src/aztec-node/server.ts
@@ -348,9 +348,13 @@ export class AztecNodeService implements AztecNode, AztecNodeAdmin, Traceable {
     // We'll accumulate sentinel watchers here
     const watchers: Watcher[] = [];
 
-    // Create FullNodeCheckpointsBuilder for block proposal handling and tx validation
+    // Create FullNodeCheckpointsBuilder for block proposal handling and tx validation.
     const validatorCheckpointsBuilder = new FullNodeCheckpointsBuilder(
-      { ...config, l1GenesisTime, slotDuration: Number(slotDuration) },
+      {
+        ...config,
+        l1GenesisTime,
+        slotDuration: Number(slotDuration),
+      },
       worldStateSynchronizer,
       archiver,
       dateProvider,
diff --git a/yarn-project/foundation/src/config/env_var.ts b/yarn-project/foundation/src/config/env_var.ts
index 6cbd2d15ecae..a64f690a880d 100644
--- a/yarn-project/foundation/src/config/env_var.ts
+++ b/yarn-project/foundation/src/config/env_var.ts
@@ -278,6 +278,10 @@ export type EnvVar =
   | 'TRANSACTIONS_DISABLED'
   | 'VALIDATOR_ATTESTATIONS_POLLING_INTERVAL_MS'
   | 'VALIDATOR_DISABLED'
+  | 'VALIDATOR_MAX_DA_BLOCK_GAS'
+  | 'VALIDATOR_MAX_L2_BLOCK_GAS'
+  | 'VALIDATOR_MAX_TX_PER_BLOCK'
+  | 'VALIDATOR_MAX_TX_PER_CHECKPOINT'
   | 'VALIDATOR_PRIVATE_KEYS'
   | 'VALIDATOR_PRIVATE_KEY'
   | 'VALIDATOR_REEXECUTE'
diff --git a/yarn-project/p2p/src/config.ts b/yarn-project/p2p/src/config.ts
index 72d10b3c9417..2de83dd387cc 100644
--- a/yarn-project/p2p/src/config.ts
+++ b/yarn-project/p2p/src/config.ts
@@ -40,6 +40,9 @@ export interface P2PConfig
     TxCollectionConfig,
     TxFileStoreConfig,
     Pick<SequencerConfig, 'blockDurationMs' | 'expectedBlockProposalsPerSlot' | 'maxTxsPerBlock'> {
+  /** Maximum transactions per block for validation. Overrides maxTxsPerBlock for gossip validation when set. */
+  validateMaxTxsPerBlock?: number;
+
   /** A flag dictating whether the P2P subsystem should be enabled. */
   p2pEnabled: boolean;
 
@@ -202,6 +205,12 @@ export interface P2PConfig
 export const DEFAULT_P2P_PORT = 40400;
 
 export const p2pConfigMappings: ConfigMappingsType<P2PConfig> = {
+  validateMaxTxsPerBlock: {
+    env: 'VALIDATOR_MAX_TX_PER_BLOCK',
+    description:
+      'Maximum transactions per block for validation. Overrides maxTxsPerBlock for gossip validation when set.',
+    parseEnv: (val: string) => (val ? parseInt(val, 10) : undefined),
+  },
   p2pEnabled: {
     env: 'P2P_ENABLED',
     description: 'A flag dictating whether the P2P subsystem should be enabled.',
diff --git a/yarn-project/p2p/src/services/libp2p/libp2p_service.ts b/yarn-project/p2p/src/services/libp2p/libp2p_service.ts
index 8da82a7d195b..488135e69a70 100644
--- a/yarn-project/p2p/src/services/libp2p/libp2p_service.ts
+++ b/yarn-project/p2p/src/services/libp2p/libp2p_service.ts
@@ -222,14 +222,12 @@ export class LibP2PService extends WithTracer implements P2PService {
       this.protocolVersion,
     );
 
-    this.blockProposalValidator = new BlockProposalValidator(epochCache, {
+    const proposalValidatorOpts = {
       txsPermitted: !config.disableTransactions,
-      maxTxsPerBlock: config.maxTxsPerBlock,
-    });
-    this.checkpointProposalValidator = new CheckpointProposalValidator(epochCache, {
-      txsPermitted: !config.disableTransactions,
-      maxTxsPerBlock: config.maxTxsPerBlock,
-    });
+      maxTxsPerBlock: config.validateMaxTxsPerBlock,
+    };
+    this.blockProposalValidator = new BlockProposalValidator(epochCache, proposalValidatorOpts);
+    this.checkpointProposalValidator = new CheckpointProposalValidator(epochCache, proposalValidatorOpts);
     this.checkpointAttestationValidator = config.fishermanMode
       ? new FishermanAttestationValidator(epochCache, mempools.attestationPool, telemetry)
       : new CheckpointAttestationValidator(epochCache);
diff --git a/yarn-project/stdlib/src/block/l2_block.ts b/yarn-project/stdlib/src/block/l2_block.ts
index 15f037082a91..b5409770dbfa 100644
--- a/yarn-project/stdlib/src/block/l2_block.ts
+++ b/yarn-project/stdlib/src/block/l2_block.ts
@@ -1,4 +1,5 @@
 import { type BlockBlobData, encodeBlockBlobData } from '@aztec/blob-lib/encoding';
+import { DA_GAS_PER_FIELD } from '@aztec/constants';
 import {
   BlockNumber,
   CheckpointNumber,
@@ -138,6 +139,10 @@ export class L2Block {
     };
   }
 
+  computeDAGasUsed(): number {
+    return this.body.txEffects.reduce((total, txEffect) => total + txEffect.getNumBlobFields(), 0) * DA_GAS_PER_FIELD;
+  }
+
   static empty(header?: BlockHeader) {
     return new L2Block(
       AppendOnlyTreeSnapshot.empty(),
diff --git a/yarn-project/stdlib/src/checkpoint/index.ts b/yarn-project/stdlib/src/checkpoint/index.ts
index d86f88c87bbb..96c176e1d861 100644
--- a/yarn-project/stdlib/src/checkpoint/index.ts
+++ b/yarn-project/stdlib/src/checkpoint/index.ts
@@ -2,3 +2,4 @@ export * from './checkpoint.js';
 export * from './checkpoint_data.js';
 export * from './checkpoint_info.js';
 export * from './published_checkpoint.js';
+export * from './validate.js';
diff --git a/yarn-project/stdlib/src/checkpoint/validate.ts b/yarn-project/stdlib/src/checkpoint/validate.ts
new file mode 100644
index 000000000000..1ceb9fa4c102
--- /dev/null
+++ b/yarn-project/stdlib/src/checkpoint/validate.ts
@@ -0,0 +1,230 @@
+import { BLOBS_PER_CHECKPOINT, FIELDS_PER_BLOB, MAX_PROCESSABLE_DA_GAS_PER_CHECKPOINT } from '@aztec/constants';
+import type { CheckpointNumber, SlotNumber } from '@aztec/foundation/branded-types';
+import { sum } from '@aztec/foundation/collection';
+
+import { MAX_BLOCKS_PER_CHECKPOINT } from '../deserialization/index.js';
+import type { Checkpoint } from './checkpoint.js';
+
+export class CheckpointValidationError extends Error {
+  constructor(
+    message: string,
+    public readonly checkpointNumber: CheckpointNumber,
+    public readonly slot: SlotNumber,
+  ) {
+    super(message);
+    this.name = 'CheckpointValidationError';
+  }
+}
+
+/**
+ * Validates a checkpoint. Throws a CheckpointValidationError if any validation fails.
+ * - Validates structural integrity (non-empty, block count, sequential numbers, archive chaining, slot consistency)
+ * - Validates checkpoint blob field count against maxBlobFields limit
+ * - Validates total L2 gas used by checkpoint blocks against the Rollup contract mana limit
+ * - Validates total DA gas used by checkpoint blocks against MAX_PROCESSABLE_DA_GAS_PER_CHECKPOINT
+ * - Validates individual block L2 gas and DA gas against maxL2BlockGas and maxDABlockGas limits
+ */
+export function validateCheckpoint(
+  checkpoint: Checkpoint,
+  opts: {
+    rollupManaLimit?: number;
+    maxL2BlockGas?: number;
+    maxDABlockGas?: number;
+    maxTxsPerCheckpoint?: number;
+    maxTxsPerBlock?: number;
+  },
+): void {
+  validateCheckpointStructure(checkpoint);
+  validateCheckpointLimits(checkpoint, opts);
+  validateCheckpointBlocksGasLimits(checkpoint, opts);
+}
+
+/**
+ * Validates structural integrity of a checkpoint.
+ * - Non-empty block list
+ * - Block count within MAX_BLOCKS_PER_CHECKPOINT
+ * - Checkpoint slot matches the first block's slot
+ * - Checkpoint lastArchiveRoot matches the first block's lastArchive root
+ * - Sequential block numbers without gaps
+ * - Sequential indexWithinCheckpoint starting at 0
+ * - Archive root chaining between consecutive blocks
+ * - Consistent slot number across all blocks
+ * - Global variables (slot, timestamp, coinbase, feeRecipient, gasFees) match checkpoint header for each block
+ */
+export function validateCheckpointStructure(checkpoint: Checkpoint): void {
+  const { blocks, number, slot } = checkpoint;
+
+  if (blocks.length === 0) {
+    throw new CheckpointValidationError('Checkpoint has no blocks', number, slot);
+  }
+
+  if (blocks.length > MAX_BLOCKS_PER_CHECKPOINT) {
+    throw new CheckpointValidationError(
+      `Checkpoint has ${blocks.length} blocks, exceeding limit of ${MAX_BLOCKS_PER_CHECKPOINT}`,
+      number,
+      slot,
+    );
+  }
+
+  const firstBlock = blocks[0];
+
+  if (!checkpoint.header.lastArchiveRoot.equals(firstBlock.header.lastArchive.root)) {
+    throw new CheckpointValidationError(
+      `Checkpoint lastArchiveRoot does not match first block's lastArchive root`,
+      number,
+      slot,
+    );
+  }
+
+  for (let i = 0; i < blocks.length; i++) {
+    const block = blocks[i];
+
+    if (block.indexWithinCheckpoint !== i) {
+      throw new CheckpointValidationError(
+        `Block at index ${i} has indexWithinCheckpoint ${block.indexWithinCheckpoint}, expected ${i}`,
+        number,
+        slot,
+      );
+    }
+
+    if (block.slot !== slot) {
+      throw new CheckpointValidationError(
+        `Block ${block.number} has slot ${block.slot}, expected ${slot} (all blocks must share the same slot)`,
+        number,
+        slot,
+      );
+    }
+
+    if (!checkpoint.header.matchesGlobalVariables(block.header.globalVariables)) {
+      throw new CheckpointValidationError(
+        `Block ${block.number} global variables (slot, timestamp, coinbase, feeRecipient, gasFees) do not match checkpoint header`,
+        number,
+        slot,
+      );
+    }
+
+    if (i > 0) {
+      const prev = blocks[i - 1];
+      if (block.number !== prev.number + 1) {
+        throw new CheckpointValidationError(
+          `Block numbers are not sequential: block at index ${i - 1} has number ${prev.number}, block at index ${i} has number ${block.number}`,
+          number,
+          slot,
+        );
+      }
+
+      if (!block.header.lastArchive.root.equals(prev.archive.root)) {
+        throw new CheckpointValidationError(
+          `Block ${block.number} lastArchive root does not match archive root of block ${prev.number}`,
+          number,
+          slot,
+        );
+      }
+    }
+  }
+}
+
+/** Validates checkpoint blocks gas limits */
+function validateCheckpointBlocksGasLimits(
+  checkpoint: Checkpoint,
+  opts: {
+    maxL2BlockGas?: number;
+    maxDABlockGas?: number;
+    maxTxsPerBlock?: number;
+  },
+): void {
+  const { maxL2BlockGas, maxDABlockGas, maxTxsPerBlock } = opts;
+
+  if (maxL2BlockGas !== undefined) {
+    for (const block of checkpoint.blocks) {
+      const blockL2Gas = block.header.totalManaUsed.toNumber();
+      if (blockL2Gas > maxL2BlockGas) {
+        throw new CheckpointValidationError(
+          `Block ${block.number} in checkpoint has L2 gas used ${blockL2Gas} exceeding limit of ${maxL2BlockGas}`,
+          checkpoint.number,
+          checkpoint.slot,
+        );
+      }
+    }
+  }
+
+  if (maxDABlockGas !== undefined) {
+    for (const block of checkpoint.blocks) {
+      const blockDAGas = block.computeDAGasUsed();
+      if (blockDAGas > maxDABlockGas) {
+        throw new CheckpointValidationError(
+          `Block ${block.number} in checkpoint has DA gas used ${blockDAGas} exceeding limit of ${maxDABlockGas}`,
+          checkpoint.number,
+          checkpoint.slot,
+        );
+      }
+    }
+  }
+
+  if (maxTxsPerBlock !== undefined) {
+    for (const block of checkpoint.blocks) {
+      const blockTxCount = block.body.txEffects.length;
+      if (blockTxCount > maxTxsPerBlock) {
+        throw new CheckpointValidationError(
+          `Block ${block.number} in checkpoint has ${blockTxCount} txs exceeding limit of ${maxTxsPerBlock}`,
+          checkpoint.number,
+          checkpoint.slot,
+        );
+      }
+    }
+  }
+}
+
+/** Validates checkpoint max blob fields, gas limits, and tx limits */
+function validateCheckpointLimits(
+  checkpoint: Checkpoint,
+  opts: {
+    rollupManaLimit?: number;
+    maxTxsPerCheckpoint?: number;
+  },
+): void {
+  const { rollupManaLimit, maxTxsPerCheckpoint } = opts;
+
+  const maxBlobFields = BLOBS_PER_CHECKPOINT * FIELDS_PER_BLOB;
+  const maxDAGas = MAX_PROCESSABLE_DA_GAS_PER_CHECKPOINT;
+
+  if (rollupManaLimit !== undefined) {
+    const checkpointMana = sum(checkpoint.blocks.map(block => block.header.totalManaUsed.toNumber()));
+    if (checkpointMana > rollupManaLimit) {
+      throw new CheckpointValidationError(
+        `Checkpoint mana cost ${checkpointMana} exceeds rollup limit of ${rollupManaLimit}`,
+        checkpoint.number,
+        checkpoint.slot,
+      );
+    }
+  }
+
+  const checkpointDAGas = sum(checkpoint.blocks.map(block => block.computeDAGasUsed()));
+  if (checkpointDAGas > maxDAGas) {
+    throw new CheckpointValidationError(
+      `Checkpoint DA gas cost ${checkpointDAGas} exceeds limit of ${maxDAGas}`,
+      checkpoint.number,
+      checkpoint.slot,
+    );
+  }
+
+  const checkpointBlobFields = checkpoint.toBlobFields().length;
+  if (checkpointBlobFields > maxBlobFields) {
+    throw new CheckpointValidationError(
+      `Checkpoint blob field count ${checkpointBlobFields} exceeds limit of ${maxBlobFields}`,
+      checkpoint.number,
+      checkpoint.slot,
+    );
+  }
+
+  if (maxTxsPerCheckpoint !== undefined) {
+    const checkpointTxCount = sum(checkpoint.blocks.map(block => block.body.txEffects.length));
+    if (checkpointTxCount > maxTxsPerCheckpoint) {
+      throw new CheckpointValidationError(
+        `Checkpoint tx count ${checkpointTxCount} exceeds limit of ${maxTxsPerCheckpoint}`,
+        checkpoint.number,
+        checkpoint.slot,
+      );
+    }
+  }
+}
diff --git a/yarn-project/stdlib/src/interfaces/validator.ts b/yarn-project/stdlib/src/interfaces/validator.ts
index 898657f268f4..4a238e9d84ff 100644
--- a/yarn-project/stdlib/src/interfaces/validator.ts
+++ b/yarn-project/stdlib/src/interfaces/validator.ts
@@ -59,10 +59,22 @@ export type ValidatorClientConfig = ValidatorHASignerConfig & {
 
   /** Agree to attest to equivocated checkpoint proposals (for testing purposes only) */
   attestToEquivocatedProposals?: boolean;
+
+  /** Maximum L2 gas per block for validation. Proposals exceeding this limit are rejected. */
+  validateMaxL2BlockGas?: number;
+
+  /** Maximum DA gas per block for validation. Proposals exceeding this limit are rejected. */
+  validateMaxDABlockGas?: number;
+
+  /** Maximum transactions per block for validation. Proposals exceeding this limit are rejected. */
+  validateMaxTxsPerBlock?: number;
+
+  /** Maximum transactions per checkpoint for validation. Proposals exceeding this limit are rejected. */
+  validateMaxTxsPerCheckpoint?: number;
 };
 
 export type ValidatorClientFullConfig = ValidatorClientConfig &
-  Pick<SequencerConfig, 'txPublicSetupAllowList' | 'broadcastInvalidBlockProposal' | 'maxTxsPerBlock'> &
+  Pick<SequencerConfig, 'txPublicSetupAllowList' | 'broadcastInvalidBlockProposal'> &
   Pick<
     SlasherConfig,
     'slashBroadcastedInvalidBlockPenalty' | 'slashDuplicateProposalPenalty' | 'slashDuplicateAttestationPenalty'
@@ -86,6 +98,10 @@ export const ValidatorClientConfigSchema = zodFor<Omit<ValidatorClientConfig, 'v
     skipCheckpointProposalValidation: z.boolean().optional(),
     skipPushProposedBlocksToArchiver: z.boolean().optional(),
     attestToEquivocatedProposals: z.boolean().optional(),
+    validateMaxL2BlockGas: z.number().optional(),
+    validateMaxDABlockGas: z.number().optional(),
+    validateMaxTxsPerBlock: z.number().optional(),
+    validateMaxTxsPerCheckpoint: z.number().optional(),
   }),
 );
 
@@ -93,7 +109,6 @@ export const ValidatorClientFullConfigSchema = zodFor<Omit<ValidatorClientFullCo
   ValidatorClientConfigSchema.extend({
     txPublicSetupAllowList: z.array(AllowedElementSchema).optional(),
     broadcastInvalidBlockProposal: z.boolean().optional(),
-    maxTxsPerBlock: z.number().optional(),
     slashBroadcastedInvalidBlockPenalty: schemas.BigInt,
     slashDuplicateProposalPenalty: schemas.BigInt,
     slashDuplicateAttestationPenalty: schemas.BigInt,
diff --git a/yarn-project/validator-client/README.md b/yarn-project/validator-client/README.md
index bb232bc28184..9ae98004e384 100644
--- a/yarn-project/validator-client/README.md
+++ b/yarn-project/validator-client/README.md
@@ -223,6 +223,48 @@ This is useful for monitoring network health without participating in consensus.
 - `createCheckpointProposal(...)` → `CheckpointProposal`: Signs checkpoint proposal
 - `attestToCheckpointProposal(proposal, attestors)` → `CheckpointAttestation[]`: Creates attestations for given addresses
 
+## Block Building Limits
+
+L1 enforces gas and blob capacity per checkpoint. The node enforces these during block building to avoid L1 rejection. Three dimensions are metered: L2 gas (mana), DA gas, and blob fields. DA gas maps to blob fields today (`daGas = blobFields * 32`) but both are tracked independently.
+
+### Checkpoint limits
+
+| Dimension | Source | Budget |
+| --- | --- | --- |
+| L2 gas (mana) | `rollup.getManaLimit()` | Fetched from L1 at startup |
+| DA gas | `MAX_PROCESSABLE_DA_GAS_PER_CHECKPOINT` | 786,432 (6 blobs × 4096 fields × 32 gas/field) |
+| Blob fields | `BLOBS_PER_CHECKPOINT × FIELDS_PER_BLOB` | 24,576 minus checkpoint/block-end overhead |
+
+### Per-block budgets
+
+Per-block budgets prevent one block from consuming the entire checkpoint budget.
+
+**Proposer**: `computeBlockLimits()` derives budgets at startup as `min(checkpointLimit, ceil(checkpointLimit / maxBlocks * multiplier))`, where `maxBlocks` comes from the timetable and `multiplier` defaults to 2. The multiplier greater than 1 allows early blocks to use more than their even share of the checkpoint budget, since different blocks hit different limit dimensions (L2 gas, DA gas, blob fields) — a strict even split would waste capacity. Operators can override via `SEQ_MAX_L2_BLOCK_GAS` / `SEQ_MAX_DA_BLOCK_GAS` / `SEQ_MAX_TX_PER_BLOCK` (capped at checkpoint limits). Per-block TX limits follow the same derivation pattern when `SEQ_MAX_TX_PER_CHECKPOINT` is set.
+
+**Validator**: Optionally enforces per-block limits via `VALIDATOR_MAX_L2_BLOCK_GAS`, `VALIDATOR_MAX_DA_BLOCK_GAS`, and `VALIDATOR_MAX_TX_PER_BLOCK`. When set, these are passed to `buildBlock` during re-execution and to `validateCheckpoint` for final validation. When unset, no per-block limit is enforced for that dimension (checkpoint-level protocol limits still apply). These are independent of the `SEQ_` vars so operators can tune proposer and validation limits separately.
+
+**Checkpoint-level capping**: `CheckpointBuilder.capLimitsByCheckpointBudgets()` always runs before tx processing, capping per-block limits by `checkpointBudget - sum(used by prior blocks)` for all three gas dimensions and for transaction count (when `SEQ_MAX_TX_PER_CHECKPOINT` is set). This applies to both proposer and validator paths.
+
+### Per-transaction enforcement
+
+**Mempool entry** (`GasLimitsValidator`): L2 gas must be ≤ `MAX_PROCESSABLE_L2_GAS` (6,540,000) and ≥ fixed minimums.
+
+**Block building** (`PublicProcessor.process`): Before processing, txs are skipped if their estimated blob fields or gas limits would exceed the block budget. After processing, actual values are checked and the tx is reverted if limits are exceeded.
+
+### Gas limit configuration
+
+| Variable | Default | Description |
+| --- | --- | --- |
+| `SEQ_MAX_L2_BLOCK_GAS` | *auto* | Per-block L2 gas. Auto-derived from `rollupManaLimit / maxBlocks * multiplier`. |
+| `SEQ_MAX_DA_BLOCK_GAS` | *auto* | Per-block DA gas. Auto-derived from checkpoint DA limit / maxBlocks * multiplier. |
+| `SEQ_MAX_TX_PER_BLOCK` | *none* | Per-block tx count. If `SEQ_MAX_TX_PER_CHECKPOINT` is set and per-block is not, derived as `ceil(checkpointLimit / maxBlocks * multiplier)`. |
+| `SEQ_MAX_TX_PER_CHECKPOINT` | *none* | Total txs across all blocks in a checkpoint. When set, per-block tx limit is derived from it (unless explicitly overridden) and checkpoint-level capping is enforced. |
+| `SEQ_GAS_PER_BLOCK_ALLOCATION_MULTIPLIER` | 2 | Multiplier for per-block budget computation. |
+| `VALIDATOR_MAX_L2_BLOCK_GAS` | *none* | Per-block L2 gas limit for validation. Proposals exceeding this are rejected. |
+| `VALIDATOR_MAX_DA_BLOCK_GAS` | *none* | Per-block DA gas limit for validation. Proposals exceeding this are rejected. |
+| `VALIDATOR_MAX_TX_PER_BLOCK` | *none* | Per-block tx count limit for validation. Proposals exceeding this are rejected. |
+| `VALIDATOR_MAX_TX_PER_CHECKPOINT` | *none* | Per-checkpoint tx count limit for validation. Proposals exceeding this are rejected. |
+
 ## Testing Patterns
 
 ### Common Mocks
diff --git a/yarn-project/validator-client/src/block_proposal_handler.ts b/yarn-project/validator-client/src/block_proposal_handler.ts
index 0c8812aee9a8..d6b496613e04 100644
--- a/yarn-project/validator-client/src/block_proposal_handler.ts
+++ b/yarn-project/validator-client/src/block_proposal_handler.ts
@@ -10,6 +10,7 @@ import type { P2P, PeerId } from '@aztec/p2p';
 import { BlockProposalValidator } from '@aztec/p2p/msg_validators';
 import type { BlockData, L2Block, L2BlockSink, L2BlockSource } from '@aztec/stdlib/block';
 import { getEpochAtSlot, getTimestampForSlot } from '@aztec/stdlib/epoch-helpers';
+import { Gas } from '@aztec/stdlib/gas';
 import type { ITxProvider, ValidatorClientFullConfig, WorldStateSynchronizer } from '@aztec/stdlib/interfaces/server';
 import { type L1ToL2MessageSource, computeInHashFromL1ToL2Messages } from '@aztec/stdlib/messaging';
 import type { BlockProposal } from '@aztec/stdlib/p2p';
@@ -480,9 +481,15 @@ export class BlockProposalHandler {
 
     // Build the new block
     const deadline = this.getReexecutionDeadline(slot, config);
+    const maxBlockGas =
+      this.config.validateMaxL2BlockGas !== undefined || this.config.validateMaxDABlockGas !== undefined
+        ? new Gas(this.config.validateMaxDABlockGas ?? Infinity, this.config.validateMaxL2BlockGas ?? Infinity)
+        : undefined;
     const result = await checkpointBuilder.buildBlock(txs, blockNumber, blockHeader.globalVariables.timestamp, {
       deadline,
       expectedEndState: blockHeader.state,
+      maxTransactions: this.config.validateMaxTxsPerBlock,
+      maxBlockGas,
     });
 
     const { block, failedTxs } = result;
diff --git a/yarn-project/validator-client/src/config.ts b/yarn-project/validator-client/src/config.ts
index 6b367c214248..1c965e373723 100644
--- a/yarn-project/validator-client/src/config.ts
+++ b/yarn-project/validator-client/src/config.ts
@@ -77,6 +77,26 @@ export const validatorClientConfigMappings: ConfigMappingsType<ValidatorClientCo
     description: 'Agree to attest to equivocated checkpoint proposals (for testing purposes only)',
     ...booleanConfigHelper(false),
   },
+  validateMaxL2BlockGas: {
+    env: 'VALIDATOR_MAX_L2_BLOCK_GAS',
+    description: 'Maximum L2 block gas for validation. Proposals exceeding this limit are rejected.',
+    parseEnv: (val: string) => (val ? parseInt(val, 10) : undefined),
+  },
+  validateMaxDABlockGas: {
+    env: 'VALIDATOR_MAX_DA_BLOCK_GAS',
+    description: 'Maximum DA block gas for validation. Proposals exceeding this limit are rejected.',
+    parseEnv: (val: string) => (val ? parseInt(val, 10) : undefined),
+  },
+  validateMaxTxsPerBlock: {
+    env: 'VALIDATOR_MAX_TX_PER_BLOCK',
+    description: 'Maximum transactions per block for validation. Proposals exceeding this limit are rejected.',
+    parseEnv: (val: string) => (val ? parseInt(val, 10) : undefined),
+  },
+  validateMaxTxsPerCheckpoint: {
+    env: 'VALIDATOR_MAX_TX_PER_CHECKPOINT',
+    description: 'Maximum transactions per checkpoint for validation. Proposals exceeding this limit are rejected.',
+    parseEnv: (val: string) => (val ? parseInt(val, 10) : undefined),
+  },
   ...validatorHASignerConfigMappings,
 };
 
diff --git a/yarn-project/validator-client/src/factory.ts b/yarn-project/validator-client/src/factory.ts
index eacdb5322965..b7645d48c485 100644
--- a/yarn-project/validator-client/src/factory.ts
+++ b/yarn-project/validator-client/src/factory.ts
@@ -29,7 +29,7 @@ export function createBlockProposalHandler(
   const metrics = new ValidatorMetrics(deps.telemetry);
   const blockProposalValidator = new BlockProposalValidator(deps.epochCache, {
     txsPermitted: !config.disableTransactions,
-    maxTxsPerBlock: config.maxTxsPerBlock,
+    maxTxsPerBlock: config.validateMaxTxsPerBlock,
   });
   return new BlockProposalHandler(
     deps.checkpointsBuilder,
diff --git a/yarn-project/validator-client/src/validator.ts b/yarn-project/validator-client/src/validator.ts
index 892c43942e6e..28f3c8dfa3b7 100644
--- a/yarn-project/validator-client/src/validator.ts
+++ b/yarn-project/validator-client/src/validator.ts
@@ -24,6 +24,7 @@ import { AuthRequest, AuthResponse, BlockProposalValidator, ReqRespSubProtocol }
 import { OffenseType, WANT_TO_SLASH_EVENT, type Watcher, type WatcherEmitter } from '@aztec/slasher';
 import type { AztecAddress } from '@aztec/stdlib/aztec-address';
 import type { CommitteeAttestationsAndSigners, L2Block, L2BlockSink, L2BlockSource } from '@aztec/stdlib/block';
+import { validateCheckpoint } from '@aztec/stdlib/checkpoint';
 import { getEpochAtSlot, getTimestampForSlot } from '@aztec/stdlib/epoch-helpers';
 import type {
   CreateCheckpointProposalLastBlockData,
@@ -200,7 +201,7 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
     const metrics = new ValidatorMetrics(telemetry);
     const blockProposalValidator = new BlockProposalValidator(epochCache, {
       txsPermitted: !config.disableTransactions,
-      maxTxsPerBlock: config.maxTxsPerBlock,
+      maxTxsPerBlock: config.validateMaxTxsPerBlock,
     });
     const blockProposalHandler = new BlockProposalHandler(
       checkpointsBuilder,
@@ -766,6 +767,19 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
         return { isValid: false, reason: 'out_hash_mismatch' };
       }
 
+      // Final round of validations on the checkpoint, just in case.
+      try {
+        validateCheckpoint(computedCheckpoint, {
+          maxDABlockGas: this.config.validateMaxDABlockGas,
+          maxL2BlockGas: this.config.validateMaxL2BlockGas,
+          maxTxsPerBlock: this.config.validateMaxTxsPerBlock,
+          maxTxsPerCheckpoint: this.config.validateMaxTxsPerCheckpoint,
+        });
+      } catch (err) {
+        this.log.warn(`Checkpoint validation failed: ${err}`, proposalInfo);
+        return { isValid: false, reason: 'checkpoint_validation_failed' };
+      }
+
       this.log.verbose(`Checkpoint proposal validation successful for slot ${slot}`, proposalInfo);
       return { isValid: true };
     } finally {