Summary

Fixes the teardown SEGFAULT in CI log 92cbf66b564931cf (full analysis: original gist). The e2e_fees/fee_settings test body itself passed — the process died in afterAll because an EpochProvingJob.run() body was still calling into the native world-state addon after ProverNode.stop() returned.

Applies fixes #1 and #3 from that analysis. Fix #2 was skipped per request.

Fix #1 — ProverNode.stop() awaits in-flight jobs

yarn-project/prover-node/src/prover-node.ts

• startProof used void this.runJob(job) (fire-and-forget) and stop() only awaited job.stop() for each tracked job. job.stop() only waits on the internal runPromise (set partway through run()), not the runJob wrapper's post-run work (tryUploadEpochFailure, createProvingJob on reorg) — both touch world-state.
• Worse, stop() called this.prover.stop() first, which only cancelled in-flight proving requests; the orchestrator's asyncPool body kept creating forks and inserting L1→L2 messages.
• Now track runJob promises in a Map<string, Promise<void>> keyed by job.getId() via a small trackRunJob helper, and have stop() signal job.stop() and await both the jobs and the runJob wrappers before stopping the prover/publisher/etc. (Map<string, …> rather than Set<Promise<…>> to satisfy the project's aztec-custom/no-non-primitive-in-collections lint rule.)

Fix #3 — Defensive shutdown guard in NativeWorldState

yarn-project/world-state/src/native/native_world_state_instance.ts

• close() previously only drained the canonical (forkId=0) queue — in-flight per-fork-queue calls could race with the native CLOSE and segfault. The existing assert.equal(this.open, true, ...) was inside the queue's execute callback, so it didn't prevent new calls from being enqueued and only produced AssertionError-style failures.
• Add a top-of-call() early check: if !this.open, throw Native world state is closed; cannot call <MSG> before any queue lookup.
• close() now drains every non-canonical per-fork queue (Promise.all(queue.stop())) before sending CLOSE on the canonical queue.

Worst case during shutdown is now a recognisable JS error, never a SIGSEGV.

Drive-by: e2e_expiration_timestamp flake fix

yarn-project/end-to-end/src/e2e_expiration_timestamp.test.ts

Same workaround as PR #23336 used for e2e_amm: anchor the PXE to the checkpointed tip via { syncChainTip: 'checkpointed' }. Without it the test races with the pipelined-prune that fires after the time warp and proveWithKernels blows up with Block hash … not found — this surfaced on the first run of this PR that got past lint.

Tests

• prover-node.test.ts: new awaits in-flight epoch jobs before stop resolves blocks job.run() via promiseWithResolvers, calls stop(), asserts it does NOT resolve until run resolves.
• native_world_state.test.ts: new rejects calls issued after close with a JS error rather than crashing closes a service and asserts a follow-up fork() rejects with /closed/i.

Out of scope

• C++-side destruction guard / refcount inside the native addon itself (defence-in-depth beyond the JS wrapper).
• Fix feat(json-rpc): initial package #2 (cancelJobsOnStop: true for in-process simulated prover-nodes).

Details: https://gist.github.com/AztecBot/e214caa9c9fdfe3b8de5fb9f9b2bf867