@parity/product-deploy 0.10.1-dev.0 → 0.11.0-rc.1

package/dist/{chunk-QGGISN4D.js → chunk-MDLFWWXZ.js}

@@ -3,7 +3,7 @@ import {
 } from "./chunk-TSPERKUS.js";
 import {
   VERSION
-} from "./chunk-HX6BOXMG.js";
+} from "./chunk-TK4IZ73C.js";
 import {
   loadEnvironments
 } from "./chunk-QRKI6MMK.js";

package/dist/{chunk-4GDFP7XR.js → chunk-PDCSBS5T.js}

@@ -11,7 +11,7 @@ import {
   setDeploySentryTag,
   truncateAddress,
   withSpan
-} from "./chunk-HX6BOXMG.js";
+} from "./chunk-TK4IZ73C.js";
 import {
   validateContractAddresses
 } from "./chunk-QRKI6MMK.js";
@@ -988,6 +988,11 @@ var DotNS = class {
   _popSelfServe = null;
   _registerStorageDeposit = MINIMUM_REGISTER_STORAGE_DEPOSIT;
   _onPhoneSigningRequired = void 0;
+  _confirmPhoneReady = void 0;
+  /** Total phone-signature count for this DotNS session (drives the `total` field passed to confirmPhoneReady). */
+  _phoneSignatureTotal = 0;
+  /** Running attempt counter per label for re-sign detection. Reset at connect/disconnect. */
+  _phoneSignatureAttempts = /* @__PURE__ */ new Map();
   // Test-only seam: consumed once by classifyAliasAccountState() then cleared.
   // Mirrors the __setDeployRootSpanForTest / __setSentryForTest pattern.
   _classifyOverrideForTest = null;
@@ -1038,6 +1043,9 @@ var DotNS = class {
     if (options.onPhoneSigningRequired !== void 0) {
       this._onPhoneSigningRequired = options.onPhoneSigningRequired;
     }
+    if (options.confirmPhoneReady !== void 0) {
+      this._confirmPhoneReady = options.confirmPhoneReady;
+    }
     const rpc = options.rpc || process.env.DOTNS_RPC || this.assetHubEndpoints[0];
     this.rpc = rpc;
     this._usesExternalSigner = Boolean(options.signer && options.signerAddress);
@@ -1458,11 +1466,14 @@ var DotNS = class {
     return decodeFunctionResult({ abi: contractAbi, functionName, data: rawData });
   }
   async contractTransaction(contractAddress, value, contractAbi, functionName, args = [], statusCallback = () => {
-  }, { useNoncePolling, verifyEffect, feeAsset } = {}) {
+  }, { useNoncePolling, verifyEffect, feeAsset, phoneLabel } = {}) {
     this.ensureConnected();
     if (!this.clientWrapper) throw new Error("contractTransaction: polkadot-api client not available");
     const encodedCallData = encodeFunctionData({ abi: contractAbi, functionName, args });
     const rpcs = this.rpc ? [this.rpc, ...this.assetHubEndpoints.filter((ep) => ep !== this.rpc)] : this.assetHubEndpoints;
+    if (phoneLabel !== void 0) {
+      await this._awaitPhoneReady(phoneLabel);
+    }
     return await withTimeout(
       this.clientWrapper.submitTransaction(contractAddress, value, encodedCallData, this.substrateAddress, this.signer, statusCallback, { rpcs, useNoncePolling, functionName, args, contracts: this._contracts, verifyEffect, feeAsset }),
       OPERATION_TIMEOUT_MS,
@@ -1735,8 +1746,7 @@ var DotNS = class {
       };
       console.log(`
    Linking content...`);
-      this._onPhoneSigningRequired?.("Link content");
-      const txRes = await this.contractTransaction(this._contracts.DOTNS_CONTENT_RESOLVER, 0n, DOTNS_CONTENT_RESOLVER_ABI, "setContenthash", [node, contenthashHex], (s) => console.log(`      ${s}`), { useNoncePolling: true, verifyEffect, feeAsset: opts.feeAsset });
+      const txRes = await this.contractTransaction(this._contracts.DOTNS_CONTENT_RESOLVER, 0n, DOTNS_CONTENT_RESOLVER_ABI, "setContenthash", [node, contenthashHex], (s) => console.log(`      ${s}`), { useNoncePolling: true, verifyEffect, feeAsset: opts.feeAsset, phoneLabel: "Link content" });
       const finalOnChain = (await this.getContenthash(domainName) || "0x").toLowerCase();
       if (finalOnChain !== expected) {
         throw new Error(
@@ -1963,8 +1973,7 @@ var DotNS = class {
         }
       };
       try {
-        this._onPhoneSigningRequired?.("Publish to registry");
-        const txRes = await this.contractTransaction(publisher, 0n, PUBLISHER_ABI, "publish", [label], (s) => console.log(`      ${s}`), { useNoncePolling: true, verifyEffect });
+        const txRes = await this.contractTransaction(publisher, 0n, PUBLISHER_ABI, "publish", [label], (s) => console.log(`      ${s}`), { useNoncePolling: true, verifyEffect, phoneLabel: "Publish to registry" });
         const finalPublished = await withTimeout(
           this.contractCall(publisher, PUBLISHER_ABI, "isPublished", [labelhash]),
           3e4,
@@ -2108,8 +2117,7 @@ var DotNS = class {
     this.ensureConnected();
     console.log(`
    Submitting commitment...`);
-    this._onPhoneSigningRequired?.("Commitment");
-    const commitTxRes = await this.contractTransaction(this._contracts.DOTNS_REGISTRAR_CONTROLLER, 0n, DOTNS_REGISTRAR_CONTROLLER_ABI, "commit", [commitment], (s) => console.log(`      ${s}`));
+    const commitTxRes = await this.contractTransaction(this._contracts.DOTNS_REGISTRAR_CONTROLLER, 0n, DOTNS_REGISTRAR_CONTROLLER_ABI, "commit", [commitment], (s) => console.log(`      ${s}`), { phoneLabel: "Commitment" });
     logTxResolution(commitTxRes);
     console.log(`   Committed at: ${(/* @__PURE__ */ new Date()).toISOString()}`);
   }
@@ -2202,8 +2210,7 @@ var DotNS = class {
     setDeployAttribute("deploy.payment_wei", priceWei.toString());
     console.log(`   Oracle price: ${formatEther(priceWei)} PAS`);
     console.log(`   Paying: ${formatEther(bufferedPaymentWei)} PAS`);
-    this._onPhoneSigningRequired?.("Register");
-    const registerTxRes = await this.contractTransaction(this._contracts.DOTNS_REGISTRAR_CONTROLLER, bufferedPaymentNative, DOTNS_REGISTRAR_CONTROLLER_ABI, "register", [registration], (s) => console.log(`      ${s}`));
+    const registerTxRes = await this.contractTransaction(this._contracts.DOTNS_REGISTRAR_CONTROLLER, bufferedPaymentNative, DOTNS_REGISTRAR_CONTROLLER_ABI, "register", [registration], (s) => console.log(`      ${s}`), { phoneLabel: "Register" });
     logTxResolution(registerTxRes);
     if (registerTxRes.kind === TX_KIND_HASH) {
       setDeployAttribute("deploy.register.tx", registerTxRes.hash);
@@ -2651,6 +2658,41 @@ var DotNS = class {
     const envId = this._environmentId ?? "paseo-next-v2";
     return runBootstrap({ mnemonic, environmentId: envId });
   }
+  /**
+   * Set the expected total number of phone signatures for this DotNS session.
+   * Called from deploy() at preflight after computePhoneSigningSteps so that
+   * confirmPhoneReady receives the correct `total`.
+   */
+  setPhoneSignatureTotal(total) {
+    this._phoneSignatureTotal = total;
+  }
+  /**
+   * Internal: await the human-ready gate then fire the "check your phone"
+   * notification. Must be called OUTSIDE any withTimeout — the human wait is
+   * unbounded and must never be inside the machine timeout.
+   *
+   * Behaviour:
+   * - confirmPhoneReady provided → await it (counts re-signs via attempt map).
+   * - not provided + non-TTY → fail fast (NonRetryableError).
+   * - not provided + TTY → no-op (bin must have supplied the hook; if it did
+   *   not, the caller proceeds without a gate — backward-compat for library
+   *   consumers that supply neither hook nor TTY check).
+   * After the gate resolves, fires onPhoneSigningRequired (the "check your
+   * phone" notification) so the user knows the request is now being sent.
+   */
+  async _awaitPhoneReady(label) {
+    if (!this._usesExternalSigner) return;
+    const attempt = (this._phoneSignatureAttempts.get(label) ?? 0) + 1;
+    this._phoneSignatureAttempts.set(label, attempt);
+    if (this._confirmPhoneReady) {
+      await this._confirmPhoneReady({ label, attempt, total: this._phoneSignatureTotal });
+    } else if (!(process.stdout.isTTY && process.stdin.isTTY)) {
+      throw new NonRetryableError(
+        "phone signer active but no confirmPhoneReady hook provided and not running in a TTY \u2014 re-run interactively or provide the confirmPhoneReady option"
+      );
+    }
+    this._onPhoneSigningRequired?.(label);
+  }
   disconnect() {
     if (this.client) {
       this.client.destroy();
@@ -2660,6 +2702,9 @@ var DotNS = class {
     }
     this._usesExternalSigner = false;
     this._onPhoneSigningRequired = void 0;
+    this._confirmPhoneReady = void 0;
+    this._phoneSignatureTotal = 0;
+    this._phoneSignatureAttempts.clear();
   }
 };
 var dotns = new DotNS();

package/dist/{chunk-HX6BOXMG.js → chunk-TK4IZ73C.js}

@@ -1,7 +1,7 @@
 import {
   package_default,
   writeRunState
-} from "./chunk-VMQDFI4D.js";
+} from "./chunk-AUVTECEP.js";
 
 // src/memory-report.ts
 import * as fs2 from "fs";
@@ -22,6 +22,17 @@ var PARITY_HOST_APPS = /* @__PURE__ */ new Set(["playground-cli"]);
 function extractRepoSlug(url) {
   return url.replace(/.*github\.com[:/]/, "").replace(/\.git$/, "");
 }
+var FALLBACK_ISSUE_REPO = "paritytech/bulletin-deploy";
+function resolveIssueRepoSlug(repository) {
+  try {
+    const raw = typeof repository === "string" ? repository : repository?.url;
+    if (!raw || typeof raw !== "string") return FALLBACK_ISSUE_REPO;
+    const slug = extractRepoSlug(raw.trim());
+    if (/^[^/\s]+\/[^/\s]+$/.test(slug)) return slug;
+  } catch {
+  }
+  return FALLBACK_ISSUE_REPO;
+}
 function tryGitRemote() {
   try {
     return extractRepoSlug(execSync("git remote get-url origin", { encoding: "utf-8", stdio: ["pipe", "pipe", "pipe"] }).trim());
@@ -724,6 +735,8 @@ export {
   maybeWriteMemoryReport,
   sampleFromBytes,
   VERSION,
+  extractRepoSlug,
+  resolveIssueRepoSlug,
   isInternalContextFromSignals,
   isInternalContext,
   isTelemetryDisabled,

package/dist/chunk-probe.js

@@ -5,9 +5,9 @@ import {
   _decodeStorageValue,
   _resetProbeSession,
   probeChunks
-} from "./chunk-LSZEHAFU.js";
-import "./chunk-HX6BOXMG.js";
-import "./chunk-VMQDFI4D.js";
+} from "./chunk-GF2QXG66.js";
+import "./chunk-TK4IZ73C.js";
+import "./chunk-AUVTECEP.js";
 export {
   ChainProbeCrossValidationError,
   ChainProbeMetadataError,

package/dist/commands/login.js

@@ -1,23 +1,12 @@
 import {
   startSpinner
 } from "../chunk-J7CYVTAW.js";
-import "../chunk-JQKKMUCT.js";
-import {
-  BULLETIN_RESOURCE,
-  DEFAULT_RESOURCES,
-  createSlotAccountSigner,
-  requestResourceAllocation,
-  summarizeOutcomes
-} from "../chunk-5FLTDWWP.js";
-import {
-  renderLoginStatus
-} from "../chunk-RIRDBSBG.js";
 import {
   waitForBulletinAuthorization
-} from "../chunk-ZNZOAGMR.js";
+} from "../chunk-A43XBCGD.js";
 import {
   preflightSssAllowance
-} from "../chunk-QIMAKL3Z.js";
+} from "../chunk-C5RIKMTP.js";
 import {
   statementSigningAccount
 } from "../chunk-GRPLHUYC.js";
@@ -26,24 +15,36 @@ import "../chunk-IW3X2MJF.js";
 import "../chunk-KOSF5FDO.js";
 import "../chunk-J3NIXHZZ.js";
 import "../chunk-S7EM5VMW.js";
+import "../chunk-LXSTFGUA.js";
+import "../chunk-5LJPUNCB.js";
+import "../chunk-GF2QXG66.js";
+import "../chunk-C2TS5MER.js";
+import "../chunk-7OVS6LIV.js";
+import "../chunk-JQKKMUCT.js";
+import {
+  BULLETIN_RESOURCE,
+  DEFAULT_RESOURCES,
+  createSlotAccountSigner,
+  requestResourceAllocation,
+  summarizeOutcomes
+} from "../chunk-5FLTDWWP.js";
+import {
+  renderLoginStatus
+} from "../chunk-RIRDBSBG.js";
 import {
   DOT_PRODUCT_ID,
   getAuthClient,
   getPeopleChainEndpoints,
   resolveBulletinEndpoints
-} from "../chunk-QGGISN4D.js";
-import "../chunk-NBBV3IS3.js";
-import "../chunk-J63XPPZW.js";
-import "../chunk-LSZEHAFU.js";
-import "../chunk-C2TS5MER.js";
+} from "../chunk-MDLFWWXZ.js";
 import {
   CLI_NAME
 } from "../chunk-TSPERKUS.js";
-import "../chunk-4GDFP7XR.js";
+import "../chunk-PDCSBS5T.js";
 import "../chunk-SI2ZUOYD.js";
 import "../chunk-4IUTMHVB.js";
-import "../chunk-HX6BOXMG.js";
-import "../chunk-VMQDFI4D.js";
+import "../chunk-TK4IZ73C.js";
+import "../chunk-AUVTECEP.js";
 import {
   loadEnvironments
 } from "../chunk-QRKI6MMK.js";

package/dist/commands/logout.js

@@ -1,18 +1,18 @@
+import {
+  clearSssAllowanceCache
+} from "../chunk-C5RIKMTP.js";
+import "../chunk-GRPLHUYC.js";
 import "../chunk-JQKKMUCT.js";
 import "../chunk-5FLTDWWP.js";
 import {
   renderLogoutStatus
 } from "../chunk-RIRDBSBG.js";
-import {
-  clearSssAllowanceCache
-} from "../chunk-QIMAKL3Z.js";
-import "../chunk-GRPLHUYC.js";
 import {
   getAuthClient
-} from "../chunk-QGGISN4D.js";
+} from "../chunk-MDLFWWXZ.js";
 import "../chunk-TSPERKUS.js";
-import "../chunk-HX6BOXMG.js";
-import "../chunk-VMQDFI4D.js";
+import "../chunk-TK4IZ73C.js";
+import "../chunk-AUVTECEP.js";
 import "../chunk-QRKI6MMK.js";
 import "../chunk-ZOC4GITL.js";
 

package/dist/commands/transfer.js

@@ -4,11 +4,11 @@ import {
 import {
   DEFAULT_MNEMONIC,
   DotNS
-} from "../chunk-4GDFP7XR.js";
+} from "../chunk-PDCSBS5T.js";
 import "../chunk-SI2ZUOYD.js";
 import "../chunk-4IUTMHVB.js";
-import "../chunk-HX6BOXMG.js";
-import "../chunk-VMQDFI4D.js";
+import "../chunk-TK4IZ73C.js";
+import "../chunk-AUVTECEP.js";
 import {
   getPopSelfServeConfig,
   loadEnvironments,

package/dist/commands/whoami.js

@@ -2,12 +2,12 @@ import {
   STALE_SESSION_MESSAGE,
   getAuthClient,
   hasPersistedSession
-} from "../chunk-QGGISN4D.js";
+} from "../chunk-MDLFWWXZ.js";
 import {
   CLI_NAME
 } from "../chunk-TSPERKUS.js";
-import "../chunk-HX6BOXMG.js";
-import "../chunk-VMQDFI4D.js";
+import "../chunk-TK4IZ73C.js";
+import "../chunk-AUVTECEP.js";
 import "../chunk-QRKI6MMK.js";
 import "../chunk-ZOC4GITL.js";
 

package/dist/deploy-actors.d.ts

@@ -1,8 +1,8 @@
 import { A as AuthClient } from './auth-CA_YKtM2.js';
+import { PolkadotSigner } from 'polkadot-api';
 import { R as ResolvedSigner } from './signer-Duup0hgQ.js';
+import { A as AllocatableResource } from './allocations-CEPeZr6T.js';
 import '@parity/product-sdk-terminal';
-import 'polkadot-api';
-import './allocations-CEPeZr6T.js';
 import '@parity/product-sdk-tx';
 
 declare class MainnetDefaultWorkerError extends Error {
@@ -20,5 +20,86 @@ interface ResolveDeployActorsOptions {
     sessionPresent: boolean;
 }
 declare function resolveDeployActors(authClient: AuthClient, { suri, transferEnabled, isTestnet, sessionPresent }: ResolveDeployActorsOptions): Promise<DeployActors>;
+/**
+ * Result returned by resolveStorageSigner when a Bulletin slot signer was found.
+ *
+ * `owned` is true when the slot comes from the user's own session (cache-hit or
+ * freshly allocated via step-4 prompt). It is used by formatStorageSignerLine to
+ * distinguish "your allowance slot" (owned) from "allowance slot" (explicitly
+ * injected by a programmatic caller).
+ */
+interface StorageSignerResult {
+    signer: PolkadotSigner;
+    slotAddress: string;
+    /** true when the slot comes from the user's own session (not a pre-injected slot). */
+    owned: true;
+}
+/**
+ * Injectable dependencies for resolveStorageSigner.
+ * All fields are optional — defaults are used when not provided (deploy path).
+ * Injecting stubs lets unit tests drive every branch without a real adapter.
+ */
+interface StorageSignerDeps {
+    /**
+     * Calls adapter.allowance.getBulletinSigner(sessionId, productId).
+     * Returns an Ok/Err result (product-sdk shape).
+     */
+    getBulletinSigner: (sessionId: string, productId: string, adapter: any) => Promise<{
+        isOk(): boolean;
+        isErr(): boolean;
+        value?: PolkadotSigner;
+        error?: {
+            reason: string;
+        };
+    }>;
+    /**
+     * Triggers a phone prompt to allocate the BulletInAllowance resource.
+     * Returns AllocationOutcome[] — one per resource in order.
+     */
+    requestResourceAllocation: (userSession: any, adapter: any, resources: AllocatableResource[]) => Promise<{
+        tag: string;
+        value?: unknown;
+    }[]>;
+    /**
+     * Read the cached slot account signer written by requestResourceAllocation.
+     * Returns null on a miss (graceful fallback).
+     */
+    createSlotAccountSigner?: (adapter: any, resource: AllocatableResource) => Promise<PolkadotSigner | null>;
+    /** Encode a public key as SS58. */
+    ss58Encode: (publicKey: Uint8Array) => string;
+    /**
+     * Called BEFORE requestResourceAllocation to print the user-facing prompt.
+     * Should print the "check your phone" warning so the user knows what's coming.
+     * Ctrl-C will interrupt the subsequent requestResourceAllocation call directly.
+     */
+    promptBeforeAllocation: () => void;
+}
+/**
+ * Resolve a user-owned Bulletin slot signer from the active session.
+ *
+ * Implements steps 3–4 of the storage-signer precedence:
+ *   3. Cache-hit: adapter.allowance.getBulletinSigner(sessionId) → slot signer.
+ *   4. Cache-miss (NotAvailable / Rejected): prompt then requestResourceAllocation
+ *      ([BulletInAllowance]) → newly-allocated slot signer.
+ *   5. Fall through: returns null → caller falls back to pool.
+ *
+ * Non-goals: explicit storageSigner / signer / mnemonic paths — those are handled
+ * upstream by selectStorageReconnect. This function only handles session-derived slots.
+ *
+ * Layer-3 isolation is preserved: when `session` is null (no session file on disk,
+ * no --suri), this function returns null immediately without touching the SSO stack.
+ *
+ * @param session  The resolved session object from resolveDeployActors (or null when
+ *                 no session is present). Must have { userSession, adapter } shape.
+ * @param deps     Injectable dependencies for testing. Production callers pass
+ *                 undefined to use the real auth functions.
+ * @returns        A { signer, slotAddress, owned: true } result or null (→ pool).
+ */
+declare function resolveStorageSigner(session: {
+    userSession: {
+        id: string;
+    };
+    adapter: any;
+} | null | undefined, deps: StorageSignerDeps): Promise<StorageSignerResult | null>;
 
-export { type DeployActors, MainnetDefaultWorkerError, type ResolveDeployActorsOptions, resolveDeployActors };
+export { type DeployActors, MainnetDefaultWorkerError, type ResolveDeployActorsOptions, type StorageSignerDeps, type StorageSignerResult, resolveDeployActors, resolveStorageSigner };

package/dist/deploy-actors.js

@@ -1,45 +1,22 @@
-import "./chunk-JQKKMUCT.js";
 import {
-  resolveSigner
-} from "./chunk-5FLTDWWP.js";
+  MainnetDefaultWorkerError,
+  resolveDeployActors,
+  resolveStorageSigner
+} from "./chunk-7OVS6LIV.js";
+import "./chunk-JQKKMUCT.js";
+import "./chunk-5FLTDWWP.js";
 import "./chunk-RIRDBSBG.js";
+import "./chunk-MDLFWWXZ.js";
 import "./chunk-TSPERKUS.js";
-import {
-  DEFAULT_MNEMONIC
-} from "./chunk-4GDFP7XR.js";
+import "./chunk-PDCSBS5T.js";
 import "./chunk-SI2ZUOYD.js";
 import "./chunk-4IUTMHVB.js";
-import "./chunk-HX6BOXMG.js";
-import "./chunk-VMQDFI4D.js";
+import "./chunk-TK4IZ73C.js";
+import "./chunk-AUVTECEP.js";
 import "./chunk-QRKI6MMK.js";
 import "./chunk-ZOC4GITL.js";
-
-// src/deploy-actors.ts
-var DEFAULT_WORKER_SURI = DEFAULT_MNEMONIC;
-var MainnetDefaultWorkerError = class extends Error {
-  constructor() {
-    super(
-      "Refusing to default the deploy worker to Alice on a non-testnet environment. Pass --mnemonic <a funded, sufficiently-verified key> to do the transfer flow, or --no-transfer-to-signedin-user to sign directly with your mobile session."
-    );
-    this.name = "MainnetDefaultWorkerError";
-  }
-};
-async function resolveDeployActors(authClient, { suri, transferEnabled, isTestnet, sessionPresent }) {
-  if (sessionPresent && transferEnabled) {
-    if (!suri && !isTestnet) throw new MainnetDefaultWorkerError();
-    const worker2 = await resolveSigner(authClient, { suri: suri ?? DEFAULT_WORKER_SURI });
-    const handle = await authClient.getSessionSigner();
-    if (!handle) throw new Error("transfer mode active but no session resolved; pass --no-transfer-to-signedin-user.");
-    try {
-      return { worker: worker2, recipientH160: handle.addresses.productH160 };
-    } finally {
-      handle.destroy();
-    }
-  }
-  const worker = await resolveSigner(authClient, { suri });
-  return { worker };
-}
 export {
   MainnetDefaultWorkerError,
-  resolveDeployActors
+  resolveDeployActors,
+  resolveStorageSigner
 };

package/dist/deploy.d.ts

@@ -1,9 +1,15 @@
 import { WsEvent } from 'polkadot-api/ws';
 import { CID } from 'multiformats/cid';
 import { ManifestFileEntry } from './manifest.js';
+import { PhoneSignatureStep } from './dotns.js';
 import { PopSelfServeConfig } from './environments.js';
 import { PolkadotSigner } from 'polkadot-api';
 export { EXIT_CODE_NO_RETRY, NonRetryableError } from './errors.js';
+import './personhood/bootstrap.js';
+import './personhood/bind-personal-id.js';
+import './personhood/claim-pgas.js';
+import './personhood/bind-paid-alias.js';
+import './personhood/chain-prereqs.js';
 
 interface DeployResult {
     domainName: string;
@@ -135,10 +141,11 @@ declare function shouldHandoverName(opts: {
 }): boolean;
 /**
  * Produce the one-line storage-signer status printed at resolution time. Exported for unit testing.
- *   Success: "   Storage signer: allowance slot <ss58>"
- *   Fallback: "   Storage signer: pool fallback (<reason>)"
+ *   User-owned slot: "   Storage signer: your allowance slot <ss58>"  (owned=true)
+ *   Explicit slot:   "   Storage signer: allowance slot <ss58>"        (owned=false or omitted)
+ *   Fallback:        "   Storage signer: pool fallback (<reason>)"
  */
-declare function formatStorageSignerLine(slotAddress: string | null, failReason?: string): string;
+declare function formatStorageSignerLine(slotAddress: string | null, failReason?: string, owned?: boolean): string;
 declare function storeFile(contentBytes: Uint8Array, { client: existingClient, unsafeApi: existingApi, signer: existingSigner, hashCode, }?: ExistingProvider & {
     hashCode?: number;
 }): Promise<string>;
@@ -347,6 +354,25 @@ interface DeployOptions {
      * CLI: --contract <KEY>=<0xADDRESS> (repeatable).
      */
     contracts?: Record<string, string>;
+    /**
+     * Plan of phone signatures this deploy will need. Fired once, at preflight,
+     * BEFORE storage. Notification only; used by the CLI bin to print the
+     * "Have your phone ready" banner up front.
+     */
+    onPhoneSignaturePlan?: (steps: PhoneSignatureStep[]) => void;
+    /**
+     * Human-ready gate. Awaited immediately BEFORE each phone signature request
+     * is sent. Resolve when the human is at their phone and ready; reject/throw
+     * to abort. The per-signature operation timeout starts only AFTER this
+     * resolves. `attempt` >= 2 means a re-sign.
+     * Absent + non-TTY → fail fast (NonRetryableError).
+     * Absent + TTY → CLI bin must supply the hook; core does not readline.
+     */
+    confirmPhoneReady?: (ctx: {
+        label: string;
+        attempt: number;
+        total: number;
+    }) => Promise<void>;
 }
 declare function resolveDotnsConnectOptions(options: Pick<DeployOptions, "mnemonic" | "derivationPath" | "signer" | "signerAddress">, assetHubEndpoints?: string[], autoAccountMapping?: boolean, contracts?: Record<string, string>, nativeToEthRatio?: bigint, environmentId?: string, popSelfServe?: PopSelfServeConfig | null, registerStorageDeposit?: bigint): {
     signer?: PolkadotSigner;
@@ -430,4 +456,4 @@ declare function computePhoneSigningSteps(dotnsPreflight: {
     needsPopUpgrade: boolean;
 } | null, publishNeeded: boolean): string[];
 
-export { BLAKE2B_256_MULTIHASH_CODE, BULLETIN_ENDPOINTS, type BitswapErrorVariant, type BitswapProbeResult, CHUNK_MORTALITY_PERIOD, DEFAULT_BULLETIN_RPC, DEFAULT_POOL_SIZE, type DeployContent, type DeployOptions, type DeployResult, ENCRYPT_KEY_LEN, ENCRYPT_MAGIC, ENCRYPT_NONCE_LEN, ENCRYPT_PBKDF2_ITERATIONS, ENCRYPT_SALT_LEN, ENCRYPT_TAG_LEN, SHA256_MULTIHASH_CODE, type SizeDecision, type StoreDirectoryOptions, WS_HEARTBEAT_TIMEOUT_MS, __assignDenseNoncesForTest, __selectStorageProviderModeForTest, applyManifestFetchAttributes, assertSubdomainOwnerMatchesSigner, browserUrlFor, buildFilesMap, checkDeploySize, chooseSignerInput, chunk, computePhoneSigningSteps, computeStorageCid, createCID, deploy, deriveRootSigner, detectFramework, encodeContenthash, encryptContent, estimateUploadBytes, formatStorageSignerLine, friendlyChainError, hasIPFS, interpretBitswapResult, isBenignTeardownError, isConnectionError, isPhoneSignerActive, makeBulletinStatusHandler, merkleize, probeP2pRetrieval, resolveDotnsConnectOptions, resolveReproducibleTimestamp, retryBudgetExhausted, setWsHaltCallback, shouldHandoverName, storeChunkedContent, storeDirectory, storeDirectoryV2, storeFile, unpublish };
+export { BLAKE2B_256_MULTIHASH_CODE, BULLETIN_ENDPOINTS, type BitswapErrorVariant, type BitswapProbeResult, CHUNK_MORTALITY_PERIOD, DEFAULT_BULLETIN_RPC, DEFAULT_POOL_SIZE, type DeployContent, type DeployOptions, type DeployResult, ENCRYPT_KEY_LEN, ENCRYPT_MAGIC, ENCRYPT_NONCE_LEN, ENCRYPT_PBKDF2_ITERATIONS, ENCRYPT_SALT_LEN, ENCRYPT_TAG_LEN, PhoneSignatureStep, SHA256_MULTIHASH_CODE, type SizeDecision, type StoreDirectoryOptions, WS_HEARTBEAT_TIMEOUT_MS, __assignDenseNoncesForTest, __selectStorageProviderModeForTest, applyManifestFetchAttributes, assertSubdomainOwnerMatchesSigner, browserUrlFor, buildFilesMap, checkDeploySize, chooseSignerInput, chunk, computePhoneSigningSteps, computeStorageCid, createCID, deploy, deriveRootSigner, detectFramework, encodeContenthash, encryptContent, estimateUploadBytes, formatStorageSignerLine, friendlyChainError, hasIPFS, interpretBitswapResult, isBenignTeardownError, isConnectionError, isPhoneSignerActive, makeBulletinStatusHandler, merkleize, probeP2pRetrieval, resolveDotnsConnectOptions, resolveReproducibleTimestamp, retryBudgetExhausted, setWsHaltCallback, shouldHandoverName, storeChunkedContent, storeDirectory, storeDirectoryV2, storeFile, unpublish };

package/dist/deploy.js

@@ -50,25 +50,29 @@ import {
   storeDirectoryV2,
   storeFile,
   unpublish
-} from "./chunk-ZNZOAGMR.js";
-import "./chunk-QIMAKL3Z.js";
+} from "./chunk-A43XBCGD.js";
+import "./chunk-C5RIKMTP.js";
 import "./chunk-GRPLHUYC.js";
 import "./chunk-HOTQDYHD.js";
 import "./chunk-IW3X2MJF.js";
 import "./chunk-KOSF5FDO.js";
 import "./chunk-J3NIXHZZ.js";
 import "./chunk-S7EM5VMW.js";
-import "./chunk-QGGISN4D.js";
-import "./chunk-NBBV3IS3.js";
-import "./chunk-J63XPPZW.js";
-import "./chunk-LSZEHAFU.js";
+import "./chunk-LXSTFGUA.js";
+import "./chunk-5LJPUNCB.js";
+import "./chunk-GF2QXG66.js";
 import "./chunk-C2TS5MER.js";
+import "./chunk-7OVS6LIV.js";
+import "./chunk-JQKKMUCT.js";
+import "./chunk-5FLTDWWP.js";
+import "./chunk-RIRDBSBG.js";
+import "./chunk-MDLFWWXZ.js";
 import "./chunk-TSPERKUS.js";
-import "./chunk-4GDFP7XR.js";
+import "./chunk-PDCSBS5T.js";
 import "./chunk-SI2ZUOYD.js";
 import "./chunk-4IUTMHVB.js";
-import "./chunk-HX6BOXMG.js";
-import "./chunk-VMQDFI4D.js";
+import "./chunk-TK4IZ73C.js";
+import "./chunk-AUVTECEP.js";
 import "./chunk-QRKI6MMK.js";
 import {
   EXIT_CODE_NO_RETRY,