@parity/product-deploy 0.10.0-rc.0 → 0.10.0-rc.1

package/DEPLOYMENT.md

@@ -0,0 +1,124 @@
+# Deploying your first app
+
+This guide walks you from zero to a deployed, viewable web app on the [Polkadot Bulletin Chain](https://github.com/paritytech/polkadot-bulletin-chain) testnet, using `bulletin-deploy`.
+
+> [!NOTE]
+> This targets a **testnet** (`paseo-next-v2`) by default. It is reference/proof-of-concept tooling — see the security notice in the [README](README.md#security).
+
+## Prerequisites
+
+1. **Node.js ≥ 22.**
+   ```sh
+   node --version   # must print v22 or higher
+   ```
+2. **The CLI**, installed globally:
+   ```sh
+   npm install -g bulletin-deploy
+   ```
+3. **A built static site** — a directory of static files (HTML/CSS/JS), for example `./dist`. Build your app however you normally would (`npm run build`, etc.); `bulletin-deploy` uploads the resulting directory as-is.
+4. **An identity to own the name** — choose one:
+   - **Mobile Polkadot wallet (recommended).** No mnemonic on disk; you sign in once by scanning a QR code. See [Sign in](#1-sign-in-recommended) below.
+   - **A testnet mnemonic.** Pass `--mnemonic "..."` (or set the `MNEMONIC` env var) instead of signing in.
+
+That is all you need on testnet. You do **not** need testnet funds for the recommended path: a worker account registers the name and uploads the content, then transfers ownership to your account as the final step.
+
+### Optional: IPFS / Kubo
+
+By default the CLI uses the [IPFS Kubo](https://docs.ipfs.tech/install/) binary to merkleize your site if it is on your `PATH`, and otherwise falls back to a pure-JavaScript implementation. You can force the pure-JS path (no binary required) with `--js-merkle`. If you see `IPFS CLI not installed`, either install Kubo or add `--js-merkle`.
+
+## Choosing a name
+
+Apps are addressed by a DotNS name like `myapp.dot`. A few rules:
+
+- The base label must be **at least 6 characters** (shorter labels are reserved).
+- Pick something not already registered. The CLI tells you during a deploy whether the name is available or already owned by you.
+
+## Deploy
+
+### 1. Sign in (recommended)
+
+```sh
+bulletin-deploy login    # scan the QR code with your Polkadot wallet app
+bulletin-deploy whoami   # confirm the signed-in address
+```
+
+If you would rather sign with a mnemonic, skip this and pass `--mnemonic` on the deploy command instead.
+
+### 2. Deploy your build directory
+
+```sh
+bulletin-deploy ./dist myapp.dot
+# or, without an IPFS binary installed:
+bulletin-deploy ./dist myapp.dot --js-merkle
+```
+
+The CLI will:
+
+1. Merkleize your directory into content-addressed chunks.
+2. Upload the chunks to the Bulletin Chain and wait for finality.
+3. Register `myapp.dot` in DotNS and point it at your content.
+4. Transfer ownership of the name to your signed-in account.
+
+On success it prints a summary:
+
+```
+============================================================
+DEPLOYMENT COMPLETE!
+============================================================
+   - Polkadot Desktop: myapp.dot
+   - Polkadot Browser: https://myapp.dot.li
+```
+
+### 3. View it
+
+- Open **`https://myapp.dot.li`** in any browser.
+- Or open **`myapp.dot`** directly in a Polkadot-aware browser/extension.
+
+## If the transfer step fails
+
+If your content uploads but the final ownership transfer fails, the name is registered by the worker and you can claim it separately:
+
+```sh
+bulletin-deploy transfer myapp.dot              # → your signed-in account
+bulletin-deploy transfer myapp.dot --to 0x...   # → an explicit recipient
+```
+
+## Choosing a different network
+
+```sh
+bulletin-deploy --list-environments      # show available environment IDs
+bulletin-deploy ./dist myapp.dot --env <id>
+```
+
+The default is `paseo-next-v2`. Override individual fields with `--environment-file <path>` or `--contract KEY=0x...`.
+
+## Bootstrapping your own storage pool
+
+On `paseo-next-v2` and the other shared Parity testnets the upload pool is **already authorized** — you don't need to bootstrap anything to deploy. You only need this if you run your own setup: a custom pool mnemonic, your own Bulletin chain, or a testnet that was just reset (a wipe clears all authorizations).
+
+Uploading content to the Bulletin Chain requires the storage account to hold a `TransactionStorage` authorization — a quota of transactions and bytes. `bulletin-deploy` never grants this itself; the account must be authorized by the chain's authorizer first. The separate `bulletin-bootstrap` CLI does that for a pool:
+
+```sh
+bulletin-bootstrap --env <id>                 # authorize the default pool on an environment
+bulletin-bootstrap --env <id> --pool-size 20  # authorize a larger pool
+bulletin-bootstrap --mnemonic "<phrase>"      # authorize a custom pool's accounts
+```
+
+It derives the pool accounts, authorizes each one for storage, and funds them. On a testnet the authorizer is the dev account (`//Alice`); on a production chain the network's own authorizer must grant authorization — `bulletin-bootstrap` cannot self-authorize there. It's a one-time setup step, not part of a routine deploy. See [`docs/bootstrap.md`](docs/bootstrap.md) for the full operator reference.
+
+## Signing modes, in short
+
+- **Signed in (default):** a worker registers and uploads, then hands the name to your account — zero wallet signatures on testnet.
+- **`--no-transfer-to-signedin-user`:** sign every DotNS transaction with your mobile session instead.
+- **`--mnemonic "..."` / `MNEMONIC`:** use a mnemonic instead of a session.
+
+## Troubleshooting
+
+| Symptom | Cause / fix |
+|---|---|
+| `IPFS CLI not installed` | Install [Kubo](https://docs.ipfs.tech/install/), or add `--js-merkle`. |
+| Name rejected as reserved / too short | Use a base label of **6+ characters**. |
+| `Login session unavailable or expired` | Re-run `bulletin-deploy login`. |
+| Not authorized to upload | The storage account lacks a Bulletin `TransactionStorage` authorization. On `paseo-next-v2` the shared pool is already authorized; on your own setup, see [Bootstrapping your own storage pool](#bootstrapping-your-own-storage-pool). On a production chain, request authorization from the network's authorizer. |
+
+For the full option reference, run `bulletin-deploy --help`.

package/README.md

@@ -1,6 +1,24 @@
 # bulletin-deploy
 
-CLI tool for deploying web apps to the [Polkadot Bulletin Chain](https://github.com/paritytech/polkadot-bulletin-chain) via DotNS, Polkadot's on-chain naming system.
+> [!WARNING]
+> The following is a prototype, reference implementation, and proof-of-concept. This open source code is provided for research, experimentation, and developer education only. This code has not been audited, is actively experimental, and may contain bugs, vulnerabilities, or incomplete features. Use at your own risk.
+
+Deploy a static web app to the [Polkadot Bulletin Chain](https://github.com/paritytech/polkadot-bulletin-chain) and serve it under a human-readable `.dot` name — from one command. Names are resolved through DotNS, Polkadot's on-chain naming system.
+
+It targets Polkadot **testnets** (default: `paseo-next-v2`). This is reference tooling for putting a static site on-chain, not a managed hosting service — you run the deploys yourself, and there is no server or account to sign up for.
+
+[![npm](https://img.shields.io/npm/v/bulletin-deploy)](https://www.npmjs.com/package/bulletin-deploy)
+[![License: GPL-3.0-or-later](https://img.shields.io/badge/license-GPL--3.0--or--later-blue.svg)](LICENSE)
+
+## Features
+
+- **On-chain static hosting** — Upload a built site (any framework, or plain HTML) to the Bulletin Chain and address it by a `.dot` name. No web server to run.
+- **Mobile-wallet signing** — `login` once by scanning a QR with your Polkadot wallet; deploy with no mnemonic stored on disk.
+- **Zero-signature testnet deploys** — a local worker registers the name and uploads the content, then transfers ownership to your signed-in account — no wallet taps in the default testnet flow.
+- **Incremental uploads** — re-deploys only push the content chunks that changed, so updates are fast and cheap.
+- **No native dependency required** — `--js-merkle` does content addressing in pure JavaScript; the IPFS Kubo binary is optional, not required.
+- **Built-in environments** — target presets (RPC endpoints + contract addresses) selectable with `--env`, overridable per field.
+- **Telemetry off by default** — opt-in only, and honors the `DO_NOT_TRACK` convention.
 
 ## Install
 
@@ -8,6 +26,8 @@ CLI tool for deploying web apps to the [Polkadot Bulletin Chain](https://github.
 npm install -g bulletin-deploy
 ```
 
+Requires **Node.js ≥ 22**. Content addressing uses the IPFS [Kubo](https://docs.ipfs.tech/install/) binary if it's on your `PATH`; otherwise pass `--js-merkle` to run it in pure JavaScript with no native dependency.
+
 ## Quick start
 
 ```sh
@@ -15,17 +35,28 @@ npm install -g bulletin-deploy
 bulletin-deploy ./dist my-app.dot
 ```
 
-## Session-based signing (mobile wallet)
+Once it finishes, your site is served at `https://my-app.dot.li`.
+
+New here? **[DEPLOYMENT.md](DEPLOYMENT.md)** walks you from prerequisites to a viewable app, step by step — including how to acquire a `.dot` name, what authorization a network requires (the raw "not authorized" chain error is a common first-run trap), and where a deployed site is viewable.
+
+## Signing with a mobile wallet
 
 Sign in once with your mobile Polkadot wallet — no mnemonic on disk:
 
 ```sh
-bulletin-deploy login    # Scan QR code with your Polkadot wallet app
+bulletin-deploy login    # Scan the QR code with your Polkadot wallet app
 bulletin-deploy whoami   # Show the currently signed-in address
 bulletin-deploy logout   # Sign out and clear the session
 ```
 
-After `login`, subsequent deploys will use the session signer automatically.
+After `login`, subsequent deploys hand the name to your signed-in account with **zero mobile signatures** (testnet): a local worker (the default dev account, or your `--mnemonic`) registers the name and uploads the content, then transfers ownership to your signed-in address as the final step. Pass `--no-transfer-to-signedin-user` to sign every DotNS transaction with your mobile session instead.
+
+If a deploy's content lands but the final transfer fails, hand the name over separately:
+
+```sh
+bulletin-deploy transfer my-app.dot              # → the signed-in account
+bulletin-deploy transfer my-app.dot --to 0x...   # → an explicit recipient
+```
 
 ## Options
 
@@ -37,19 +68,39 @@ Key options:
 |--------|-------------|
 | `--env <id>` | Target environment (default: `paseo-next-v2`). Run `--list-environments` to see available IDs. |
 | `--mnemonic "..."` | DotNS owner mnemonic (or set `MNEMONIC` env var). Alternative to session signing. |
+| `--no-transfer-to-signedin-user` | When signed in, sign every DotNS tx with your mobile session instead of the default register-as-worker-then-hand-over flow. |
+| `--to <0xH160>` | Recipient address for the `transfer` subcommand. Defaults to the signed-in account. |
 | `--js-merkle` | Use pure-JS merkleization (no IPFS Kubo binary required). |
 | `--publish` | List the domain in the on-chain Publisher registry after deploy. |
 | `--config <path>` | Explicit path to `bulletin-deploy.config.ts` for product deploys. |
 | `--tag "..."` | Label the deploy in telemetry. |
 | `--version` | Print the installed version and exit. |
 
+Subcommands: `login`, `logout`, `whoami` (session management, above) and `transfer <domain.dot>` (hand a name you registered to the signed-in account or `--to`).
+
 ## Environments
 
-bulletin-deploy ships with built-in environment presets (RPC endpoints, contract addresses). Use `--list-environments` to print the table. Override individual fields with `--environment-file <path>` or `--contract KEY=0x...`.
+bulletin-deploy ships with built-in environment presets (RPC endpoints, contract addresses). The default is `paseo-next-v2`, a Polkadot testnet. Use `--list-environments` to print the table; override individual fields with `--environment-file <path>` or `--contract KEY=0x...`. For what a starting account needs on a given network — funding, a `.dot` name, authorization — see **[DEPLOYMENT.md](DEPLOYMENT.md)**.
+
+## Build from source
+
+```sh
+git clone https://github.com/paritytech/bulletin-deploy
+cd bulletin-deploy
+npm ci
+npm run build
+npm test          # offline unit tests
+```
+
+This produces the same `bulletin-deploy` CLI in `bin/`. See [`docs/testing.md`](docs/testing.md) for the live-testnet E2E suite.
+
+## Releases
+
+Releases use a two-stage flow: a release candidate is validated by the end-to-end test matrix against a live testnet, then the byte-identical source is published to npm under the stable version. Once Trusted Publishing is enabled, npm provenance will let you verify that a published release was built from this repository.
 
 ## Telemetry
 
-Deploy telemetry (Sentry) is **off by default**. It activates only if you explicitly opt in with `BULLETIN_DEPLOY_TELEMETRY=1`, or when the CLI detects it is running in Parity's own CI. Set `BULLETIN_DEPLOY_TELEMETRY=0` to force it off in any context. The Sentry DSN baked into the package is a public project identifier, not a secret — it grants no access to collected data.
+Deploy telemetry (Sentry) is **off by default**. It activates only if you explicitly opt in with `BULLETIN_DEPLOY_TELEMETRY=1`, or when the CLI detects it is running in Parity's own CI. Set `BULLETIN_DEPLOY_TELEMETRY=0` — or the cross-tool `DO_NOT_TRACK=1` — to force it off in any context. The Sentry DSN baked into the package is a public project identifier, not a secret — it grants no access to collected data.
 
 Separately from telemetry, the CLI checks the npm registry for the minimum supported version. Set `BULLETIN_DEPLOY_UPDATE_CHECK=0` to disable that check.
 
@@ -57,6 +108,22 @@ Separately from telemetry, the CLI checks the npm registry for the minimum suppo
 
 Issues and pull requests are welcome on the GitHub repository. Releases are cut by the maintainers. (Parity-internal design notes and investigation logs live in `docs-internal/`, which is not published to npm.)
 
+## Security
+
+> [!WARNING]
+> The following is a prototype, reference implementation, and proof-of-concept. This open source code is provided for research, experimentation, and developer education only. This code has not been audited, is actively experimental, and may contain bugs, vulnerabilities, or incomplete features. Use at your own risk.
+
+This repository contains reference and proof-of-concept code. Unless a specific release states otherwise, it has **not** received a full security audit. Use in production or production-like deployments should only follow an independent security review of the relevant code, configuration, generated output, and deployment environment.
+
+Before deploying this for real use cases, you are responsible for:
+
+- Reviewing the code yourself — we publish a reference, not a hardened production build.
+- Checking that the dependencies are up to date and free of known vulnerabilities.
+- Securing your own fork or deployment environment (keys, secrets, network configuration).
+- Tracking the latest tagged release for security fixes; older releases are not backported (exceptions might apply).
+
+Do **not** open a public issue for a suspected vulnerability. Follow Parity's responsible-disclosure process (`SECURITY.md`, inherited org-wide from [`paritytech/.github`](https://github.com/paritytech/.github/blob/main/SECURITY.md)) and email **security@parity.io**. For Parity's Bug Bounty programme, see https://parity.io/bug-bounty.
+
 ## License
 
 [GPL-3.0-or-later](LICENSE). Versions up to and including 0.8.3 were published under Apache-2.0; the license changed to GPL-3.0-or-later ahead of the project being open-sourced.

package/assets/environments.json

@@ -128,6 +128,35 @@
         "PUBLISHER": "0xa616254fd98724c7a3d295c98ca393a486096b68"
       }
     },
+    {
+      "id": "summit",
+      "name": "Summit",
+      "network": "testnet",
+      "description": "Web3 Summit Network",
+      "e2eEligible": false,
+      "ipfs": "https://summit-ipfs.polkadot.io",
+      "autoAccountMapping": true,
+      "nativeToEthRatio": 100000000,
+      "registerStorageDeposit": 2000000000000,
+      "contracts": {
+        "DOTNS_PROTOCOL_REGISTRY": "0x09f1AE947950eA2d1f010fE2abC00fDd5A745820",
+        "DOTNS_REGISTRAR": "0xf3969bCBE60463302306663C62A6A8ef91ab9aA5",
+        "DOTNS_REGISTRAR_CONTROLLER": "0xA68a5b2A6be6d014be0dB07c0ed4bacc4A6A570A",
+        "DOTNS_REGISTRY": "0xFb7AB7E142ED0248D77198CA8722D67C1930D783",
+        "DOTNS_POP_CONTROLLER": "0xC7DD78B145ed109092A2d1E79324E5FE219B9518",
+        "ROOT_GATEWAY_DISPATCHER": "0x22362162032ED2442b43f5902b3421be5aCF1b60",
+        "DOTNS_RESOLVER": "0xC7f1C3B16BFd0c5910EE37a4a2033f4506AcE94d",
+        "DOTNS_CONTENT_RESOLVER": "0xf110e5799c3f0adb8ED885C02c45Ecfe7fD86226",
+        "DOTNS_REVERSE_RESOLVER": "0x5aa444C6cbA9bd703d1a0B5E5C643FB886F80bB4",
+        "DOTNS_POP_RESOLVER": "0x03FD2ed7B1b848c59A2428224162dE00D11a8133",
+        "DOTNS_NAME_ESCROW": "0xDbE911007f8cd9876D384b8c025d3BB157DCCcA4",
+        "POP_RULES": "0x6331e51C9AfC73BfE12562fd160BA2c66A73f984",
+        "STORE_FACTORY": "0x2947af3CBFb45b89610524a25921C32cB65C4C39",
+        "LABEL_STORE_BEACON": "0x670Dab225ea4f2EeB0e6Df2e49AA595aB2CAa5cb",
+        "USER_STORE_BEACON": "0x31e392736889c973A25509861C7D6E6F2EaD951C",
+        "MULTICALL3": "0x1C1044BEa5bDe0F435436bB52A8340fBE1D59847"
+      }
+    },
     {
       "id": "polkadot",
       "name": "Polkadot",
@@ -166,6 +195,9 @@
           "wss": "wss://paseo-rpc.n.dwellir.com",
           "uptimeUrl": "https://stats.uptimerobot.com/UrEXbl6Xyt"
         },
+        "summit": {
+          "wss": "wss://summit-rpc.polkadot.io"
+        },
         "polkadot": {
           "wss": [
             "wss://polkadot-rpc.n.dwellir.com",
@@ -213,6 +245,9 @@
           "wss": "wss://paseo-asset-hub-next-rpc.polkadot.io",
           "parachainId": 1500
         },
+        "summit": {
+          "wss": "wss://summit-asset-hub-rpc.polkadot.io"
+        },
         "polkadot": {
           "wss": [
             "wss://asset-hub-polkadot-rpc.n.dwellir.com",
@@ -326,6 +361,9 @@
           "wss": "wss://paseo-people-next-system-rpc.polkadot.io",
           "parachainId": 1502
         },
+        "summit": {
+          "wss": "wss://summit-people-rpc.polkadot.io"
+        },
         "polkadot": {
           "wss": [
             "wss://people-polkadot-rpc.n.dwellir.com",
@@ -376,6 +414,9 @@
           "wss": "wss://paseo-bulletin-next-rpc.polkadot.io",
           "parachainId": 1501
         },
+        "summit": {
+          "wss": "wss://summit-bulletin-rpc.polkadot.io"
+        },
         "custom": {
           "wss": "wss://previewnet.substrate.dev/bulletin",
           "parachainId": 2487

package/bin/bulletin-deploy

@@ -1,6 +1,6 @@
 #!/usr/bin/env node
 
-import { deploy, DEFAULT_BULLETIN_RPC, DEFAULT_POOL_SIZE, NonRetryableError, EXIT_CODE_NO_RETRY, isConnectionError, unpublish } from "../dist/deploy.js";
+import { deploy, DEFAULT_BULLETIN_RPC, DEFAULT_POOL_SIZE, NonRetryableError, EXIT_CODE_NO_RETRY, isConnectionError, isBenignTeardownError, unpublish } from "../dist/deploy.js";
 import { VERSION, setDeployAttribute, captureWarning, closeTelemetry, setRunStateActive, markRelaunchOomHintShown } from "../dist/telemetry.js";
 import { handleFailedDeploy, handlePreflightVersionCheck, fetchVersionInfo, preReleaseWarning, checkNodeVersion } from "../dist/version-check.js";
 import { setDeployContext, installLogCapture, buildCliFlagsSummary } from "../dist/bug-report.js";
@@ -142,12 +142,8 @@ if (flags.unpublish) {
 // installed yet here, so SSO subcommands install these guards to swallow that +
 // connection-teardown noise and surface anything else.
 function installSsoTeardownGuards() {
-  const benignTeardown = (e) => {
-    const s = e instanceof Error ? `${e.name ?? ""} ${e.message ?? ""}` : String(e);
-    return isConnectionError(e) || /DestroyedError|Client destroyed/.test(s);
-  };
-  process.on("unhandledRejection", (e) => { if (!benignTeardown(e)) { console.error(e); process.exit(1); } });
-  process.on("uncaughtException", (e) => { if (!benignTeardown(e)) { console.error(e); process.exit(1); } });
+  process.on("unhandledRejection", (e) => { if (!isBenignTeardownError(e)) { console.error(e); process.exit(1); } });
+  process.on("uncaughtException", (e) => { if (!isBenignTeardownError(e)) { console.error(e); process.exit(1); } });
 }
 
 // Sign-in subcommands: login / logout / whoami.
@@ -396,9 +392,13 @@ if (!flags.help && !flags.version) {
     if (process.env.BULLETIN_DEPLOY_DEBUG_HANDLERS === "1") {
       console.error(`[handleUnhandled ${kind}] match=${isConnectionError(e)} type=${e?.constructor?.name ?? typeof e} msg=${msgStr.slice(0, 200)}`);
     }
-    if (isConnectionError(e)) {
+    // Benign teardown noise (connection errors + "DestroyedError: Client destroyed"
+    // from session-adapter teardown after the deploy's work is done) must not mark
+    // the deploy killed / exit 2. The SSO subcommands already whitelist this; the
+    // deploy path must too (the owner-signs update path tears down a session).
+    if (isBenignTeardownError(e)) {
       try {
-        captureWarning(`Suppressed ${kind} connection error`, { msg: msgStr.slice(0, 200) });
+        captureWarning(`Suppressed ${kind} teardown/connection noise`, { msg: msgStr.slice(0, 200) });
       } catch { /* telemetry best-effort */ }
       return;
     }
@@ -486,7 +486,7 @@ try {
   }
 
   console.log(`CID: ${result.cid}`);
-  console.log(`Domain: ${result.domainName}`);
+  console.log(`Domain: ${result.fullDomain}`);
 
   // Opt-in manifest publish on top of the legacy contenthash deploy.
   //
@@ -515,13 +515,8 @@ try {
         console.error(`Manifest publish failed: ${err?.message ?? err}`);
         process.exit(err instanceof NonRetryableError ? EXIT_CODE_NO_RETRY : 1);
       }
-    } else {
-      const where = flags.config
-        ? `--config ${flags.config}`
-        : `bulletin-deploy.config.{ts,js,mjs} via walking up from ${buildDirAbs}`;
-      console.log("");
-      console.log(`⚠  No bulletin-deploy.config.ts — ${domain} published as legacy contenthash only. Add config to enable product manifest: https://github.com/paritytech/triangle-js-sdks`);
     }
+    // No config → the contenthash-only deploy above is the whole job; nothing else to do.
   }
 
   if (!flags.help && !flags.version) {

package/dist/allocations-CEPeZr6T.d.ts

@@ -0,0 +1,111 @@
+import * as polkadot_api from 'polkadot-api';
+import { TerminalAdapter, UserSession } from '@parity/product-sdk-terminal';
+
+/**
+ * Structural mirror of host-papp's `ApAllocatableResource` codec type. We
+ * declare it locally because host-papp's package root doesn't re-export the
+ * codec types yet — when it does (and product-sdk-terminal threads them
+ * through) this can be replaced with a direct import.
+ *
+ *   StatementStoreAllowance — write to the SSS (host_chat, allowance ring).
+ *   BulletInAllowance       — write to Bulletin (TransactionStorage.store).
+ *   SmartContractAllowance  — PGAS sponsoring for Revive contract calls.
+ *                             The `value` is the derivation index of the
+ *                             product account (0 for the default account).
+ *   AutoSigning             — surrender the product-account signing key to
+ *                             the host so it can sign on the user's behalf
+ *                             without per-call prompts. Not used today.
+ *
+ * NOTE: host-api v0.8 renamed this variant to 'BulletinAllowance', but the
+ * SSO resource-allocation codec (host-papp, which this path reaches via
+ * product-sdk-terminal) retains the old 'BulletInAllowance' spelling as of
+ * host-papp 0.8.5 / terminal 0.3.1. Ours must match the SSO codec — the
+ * _SDK_COMPAT_PIN below fails the build if the SDK's spelling ever changes.
+ */
+type AllocatableResource = {
+    tag: "StatementStoreAllowance";
+    value: undefined;
+} | {
+    tag: "BulletInAllowance";
+    value: undefined;
+} | {
+    tag: "SmartContractAllowance";
+    value: number;
+} | {
+    tag: "AutoSigning";
+    value: undefined;
+};
+/**
+ * Outcome of one allocation. We don't read the inner `Allocated` payload
+ * (allowance slot keys, derivation secrets) — the host stores them and uses
+ * them transparently on subsequent calls. We just need the tag to know
+ * whether the allocation succeeded.
+ */
+type AllocationOutcome = {
+    tag: "Allocated";
+    value: unknown;
+} | {
+    tag: "Rejected";
+    value: undefined;
+} | {
+    tag: "NotAvailable";
+    value: undefined;
+};
+/** Tag-only view, handy for downstream code that doesn't care about payloads. */
+type ResourceTag = AllocatableResource["tag"];
+type OnExistingAllowancePolicy = "Ignore" | "Increase";
+/**
+ * Default mobile-granted resource set for a CLI product account: write access
+ * to the statement store + Bulletin, plus PGAS sponsoring for the default
+ * (index 0) product account.
+ */
+declare const DEFAULT_RESOURCES: AllocatableResource[];
+/**
+ * The BulletInAllowance resource singleton. Callers that only need this one
+ * resource (e.g. createSlotAccountSigner) use this constant instead of
+ * constructing the literal — keeps the SSO codec spelling in one place.
+ */
+declare const BULLETIN_RESOURCE: AllocatableResource;
+/**
+ * Send a `host_request_resource_allocation` request over the user's active
+ * session. The host (mobile wallet) prompts the user to approve and returns
+ * one outcome per requested resource in order. Granted key material is cached
+ * to disk by the terminal facet (`{appId}_AllowanceKeys.json`) so subsequent
+ * calls (and the storage-signer reader) find it without a second wallet prompt.
+ *
+ * Throws on transport-level failures (Statement Store unreachable, encryption
+ * error, etc.). Per-resource refusals are reported as `Rejected`/`NotAvailable`
+ * outcomes — callers inspect the array to decide whether to proceed.
+ *
+ * `onExisting` is pinned to "Ignore": return existing cached keys if any, else
+ * allocate a new slot. Auto-pick would give "Increase" when all slot-table
+ * resources are already cached, which re-prompts the user unnecessarily.
+ */
+declare function requestResourceAllocation(session: UserSession, adapter: TerminalAdapter, resources?: AllocatableResource[], onExisting?: OnExistingAllowancePolicy): Promise<AllocationOutcome[]>;
+interface AllocationSummary {
+    granted: AllocatableResource[];
+    rejected: AllocatableResource[];
+    unavailable: AllocatableResource[];
+}
+/**
+ * Bucket allocation outcomes by tag. Order-sensitive: `outcomes[i]` maps to
+ * `resources[i]`. Outcomes without a matching resource are silently dropped.
+ */
+declare function summarizeOutcomes(outcomes: AllocationOutcome[], resources: AllocatableResource[]): AllocationSummary;
+/**
+ * Read a previously allocated slot signer from the terminal cache
+ * (`{appId}_AllowanceKeys.json`) written by `requestResourceAllocation`.
+ *
+ * Returns `null` on a cache miss — never triggers a phone prompt. Use this
+ * instead of `adapter.allowance.getBulletinSigner()` when the allocation has
+ * already been claimed in the same session (e.g. after a successful
+ * `requestResourceAllocation(DEFAULT_RESOURCES)` call) so that step 2 of the
+ * login flow is a guaranteed cache-hit with zero additional wallet interaction.
+ *
+ * Throws only for SmartContractAllowance / AutoSigning resources (not applicable
+ * to BulletInAllowance). Returns `null` for BulletInAllowance when no cached
+ * entry exists.
+ */
+declare function createSlotAccountSigner(adapter: TerminalAdapter, resource: AllocatableResource): Promise<polkadot_api.PolkadotSigner | null>;
+
+export { type AllocatableResource as A, BULLETIN_RESOURCE as B, DEFAULT_RESOURCES as D, type OnExistingAllowancePolicy as O, type ResourceTag as R, type AllocationOutcome as a, type AllocationSummary as b, createSlotAccountSigner as c, requestResourceAllocation as r, summarizeOutcomes as s };

package/dist/auth/index.d.ts

@@ -1,6 +1,7 @@
-export { A as AllocatableResource, a as AllocationOutcome, b as AllocationSummary, c as AuthClient, d as AuthConfig, C as ConnectResult, D as DEFAULT_RESOURCES, L as LoginHandle, e as LoginStatus, f as LogoutHandle, g as LogoutStatus, S as SessionAddresses, h as SessionHandle, i as createAuthClient, r as requestResourceAllocation, s as summarizeOutcomes } from '../auth-C-Pel0AT.js';
+export { A as AuthClient, a as AuthConfig, C as ConnectResult, L as LoginHandle, b as LoginStatus, c as LogoutHandle, d as LogoutStatus, S as SessionAddresses, e as SessionHandle, f as createAuthClient } from '../auth-CA_YKtM2.js';
 export { renderQrCode } from '@parity/product-sdk-terminal';
-export { R as ResolvedSigner, S as SignerNotAvailableError, r as resolveSigner } from '../signer-vR6KKC7V.js';
+export { R as ResolvedSigner, S as SignerNotAvailableError, r as resolveSigner } from '../signer-Duup0hgQ.js';
+export { A as AllocatableResource, a as AllocationOutcome, b as AllocationSummary, B as BULLETIN_RESOURCE, D as DEFAULT_RESOURCES, c as createSlotAccountSigner, r as requestResourceAllocation, s as summarizeOutcomes } from '../allocations-CEPeZr6T.js';
 export { renderLoginStatus, renderLogoutStatus } from './vendor/ui/index.js';
 import 'polkadot-api';
 import '@parity/product-sdk-tx';

package/dist/auth/index.js

@@ -1,12 +1,14 @@
 import "../chunk-JQKKMUCT.js";
 import {
+  BULLETIN_RESOURCE,
   DEFAULT_RESOURCES,
   SignerNotAvailableError,
   createAuthClient,
+  createSlotAccountSigner,
   requestResourceAllocation,
   resolveSigner,
   summarizeOutcomes
-} from "../chunk-DHY2ZXVZ.js";
+} from "../chunk-5OKB3TEB.js";
 import {
   renderLoginStatus,
   renderLogoutStatus,
@@ -14,9 +16,11 @@ import {
 } from "../chunk-RIRDBSBG.js";
 import "../chunk-ZOC4GITL.js";
 export {
+  BULLETIN_RESOURCE,
   DEFAULT_RESOURCES,
   SignerNotAvailableError,
   createAuthClient,
+  createSlotAccountSigner,
   renderLoginStatus,
   renderLogoutStatus,
   renderQrCode,

package/dist/auth/vendor/index.d.ts

@@ -1,7 +1,8 @@
-export { A as AllocatableResource, a as AllocationOutcome, b as AllocationSummary, c as AuthClient, d as AuthConfig, C as ConnectResult, D as DEFAULT_RESOURCES, L as LoginHandle, e as LoginStatus, f as LogoutHandle, g as LogoutStatus, O as OnExistingAllowancePolicy, R as ResourceTag, S as SessionAddresses, h as SessionHandle, i as createAuthClient, r as requestResourceAllocation, s as summarizeOutcomes } from '../../auth-C-Pel0AT.js';
+export { A as AuthClient, a as AuthConfig, C as ConnectResult, L as LoginHandle, b as LoginStatus, c as LogoutHandle, d as LogoutStatus, S as SessionAddresses, e as SessionHandle, f as createAuthClient } from '../../auth-CA_YKtM2.js';
 import { UserSession } from '@parity/product-sdk-terminal';
 import { PolkadotSigner } from 'polkadot-api';
-export { R as ResolvedSigner, S as SignerNotAvailableError, a as SignerOptions, b as SignerSource, p as parseDevAccountName, r as resolveSigner } from '../../signer-vR6KKC7V.js';
+export { R as ResolvedSigner, S as SignerNotAvailableError, a as SignerOptions, b as SignerSource, p as parseDevAccountName, r as resolveSigner } from '../../signer-Duup0hgQ.js';
+export { A as AllocatableResource, a as AllocationOutcome, b as AllocationSummary, B as BULLETIN_RESOURCE, D as DEFAULT_RESOURCES, O as OnExistingAllowancePolicy, R as ResourceTag, c as createSlotAccountSigner, r as requestResourceAllocation, s as summarizeOutcomes } from '../../allocations-CEPeZr6T.js';
 import '@parity/product-sdk-tx';
 
 interface ProductAccountRef {

package/dist/auth/vendor/index.js

@@ -1,23 +1,27 @@
 import {
+  BULLETIN_RESOURCE,
   DEFAULT_RESOURCES,
   INCOMPLETE_SESSION_MESSAGE,
   SignerNotAvailableError,
   createAuthClient,
   createSessionSigner,
+  createSlotAccountSigner,
   deriveProductPublicKey,
   parseDevAccountName,
   requestResourceAllocation,
   resolveSigner,
   sessionRootPublicKey,
   summarizeOutcomes
-} from "../../chunk-DHY2ZXVZ.js";
+} from "../../chunk-5OKB3TEB.js";
 import "../../chunk-ZOC4GITL.js";
 export {
+  BULLETIN_RESOURCE,
   DEFAULT_RESOURCES,
   INCOMPLETE_SESSION_MESSAGE,
   SignerNotAvailableError,
   createAuthClient,
   createSessionSigner,
+  createSlotAccountSigner,
   deriveProductPublicKey,
   parseDevAccountName,
   requestResourceAllocation,

package/dist/auth/vendor/ui/index.d.ts

@@ -1,6 +1,7 @@
 export { renderQrCode } from '@parity/product-sdk-terminal';
-import { e as LoginStatus, g as LogoutStatus } from '../../../auth-C-Pel0AT.js';
+import { b as LoginStatus, d as LogoutStatus } from '../../../auth-CA_YKtM2.js';
 import 'polkadot-api';
+import '../../../allocations-CEPeZr6T.js';
 
 /**
  * Pure formatters that map the `LoginStatus` / `LogoutStatus` streams to