@parity/product-deploy 0.11.0-rc.3 → 0.11.0-rc.5

package/assets/environments.json

@@ -5,6 +5,7 @@
       "name": "Preview",
       "network": "testnet",
       "description": "Product Preview net, used by Product Teams",
+      "bulletinAutoAuthorize": true,
       "e2eEligible": true,
       "backend": "https://polkadot-app-stg.parity.io/",
       "ipfs": "https://previewnet.substrate.dev",
@@ -96,6 +97,7 @@
       "name": "Paseo Next v2",
       "network": "testnet",
       "description": "Next iteration of the Paseo Next testnet",
+      "bulletinAutoAuthorize": true,
       "e2eEligible": true,
       "backend": "https://identity-backend-next.parity-testnet.parity.io",
       "ipfs": "https://paseo-bulletin-next-ipfs.polkadot.io",

package/dist/auth-config.js

@@ -9,11 +9,11 @@ import {
   getPeopleChainEndpoints,
   hasPersistedSession,
   resolveBulletinEndpoints
-} from "./chunk-RVGCHRLK.js";
+} from "./chunk-KBKS3V2V.js";
 import "./chunk-TSPERKUS.js";
-import "./chunk-5KRARO46.js";
-import "./chunk-PH32GINP.js";
-import "./chunk-QRKI6MMK.js";
+import "./chunk-UIDRWZWX.js";
+import "./chunk-LFRH4HBZ.js";
+import "./chunk-JSYQ3JQS.js";
 import "./chunk-ZOC4GITL.js";
 export {
   DOT_DAPP_ID,

package/dist/bug-report.d.ts

@@ -24,6 +24,15 @@ declare function buildReportBody(error: Error): string;
 declare function buildTitle(error: Error): string;
 declare function buildLabels(error: Error): string[];
 declare function createGhIssue(title: string, body: string, labels: string[]): string;
+/**
+ * True for deploy failures caused by user input rather than a code defect, so
+ * the bug-report prompt is NOT offered for them (#869). Scoped to DotNS name
+ * validation: a malformed or reserved label ("Invalid domain label …",
+ * "… reserves base names of N chars …") is something the user fixes by choosing
+ * a different name — filing it as a bug just creates noise. The actionable error
+ * message has already been printed to the user. Exported for unit testing.
+ */
+declare function isUserInputError(error: Error): boolean;
 declare function offerBugReport(error: Error): Promise<void>;
 
-export { buildCliFlagsSummary, buildLabels, buildReportBody, buildTitle, createGhIssue, getCapturedTail, installLogCapture, offerBugReport, scrubSecrets, setDeployContext };
+export { buildCliFlagsSummary, buildLabels, buildReportBody, buildTitle, createGhIssue, getCapturedTail, installLogCapture, isUserInputError, offerBugReport, scrubSecrets, setDeployContext };

package/dist/bug-report.js

@@ -6,13 +6,14 @@ import {
   createGhIssue,
   getCapturedTail,
   installLogCapture,
+  isUserInputError,
   offerBugReport,
   scrubSecrets,
   setDeployContext
-} from "./chunk-CLM3ODFR.js";
-import "./chunk-2NLCZQY4.js";
-import "./chunk-5KRARO46.js";
-import "./chunk-PH32GINP.js";
+} from "./chunk-PECJ5FDA.js";
+import "./chunk-NEQRG3AY.js";
+import "./chunk-UIDRWZWX.js";
+import "./chunk-LFRH4HBZ.js";
 export {
   buildCliFlagsSummary,
   buildLabels,
@@ -21,6 +22,7 @@ export {
   createGhIssue,
   getCapturedTail,
   installLogCapture,
+  isUserInputError,
   offerBugReport,
   scrubSecrets,
   setDeployContext

package/dist/{chunk-VZTZEW7C.js → chunk-BIJICTV4.js}

@@ -1,6 +1,6 @@
 import {
   preflightSssAllowance
-} from "./chunk-RFT2I7TB.js";
+} from "./chunk-M6OQTMDB.js";
 import {
   statementSigningAccount
 } from "./chunk-GRPLHUYC.js";
@@ -31,16 +31,16 @@ import {
 } from "./chunk-S7EM5VMW.js";
 import {
   setDeployContext
-} from "./chunk-CLM3ODFR.js";
+} from "./chunk-PECJ5FDA.js";
 import {
   probeChunks
-} from "./chunk-3US5OZWX.js";
+} from "./chunk-RU7Z5Y7Z.js";
 import {
   packSection
 } from "./chunk-C2TS5MER.js";
 import {
   resolveStorageSigner
-} from "./chunk-24KTLZ67.js";
+} from "./chunk-OZEJEDHM.js";
 import {
   createSlotAccountSigner,
   requestResourceAllocation
@@ -49,7 +49,7 @@ import {
   STALE_SESSION_MESSAGE,
   getPeopleChainEndpoints,
   hasPersistedSession
-} from "./chunk-RVGCHRLK.js";
+} from "./chunk-KBKS3V2V.js";
 import {
   CLI_NAME
 } from "./chunk-TSPERKUS.js";
@@ -62,7 +62,7 @@ import {
   parseDomainName,
   popStatusName,
   verifyNonceAdvanced
-} from "./chunk-PYGCOK67.js";
+} from "./chunk-ITXKADHO.js";
 import {
   derivePoolAccounts,
   detectTestnet,
@@ -70,7 +70,7 @@ import {
   fetchPoolAuthorizations,
   isAuthorizationSufficient,
   selectAccount
-} from "./chunk-4IUTMHVB.js";
+} from "./chunk-MRQPJLPS.js";
 import {
   VERSION,
   captureWarning,
@@ -84,13 +84,13 @@ import {
   truncateAddress,
   withDeploySpan,
   withSpan
-} from "./chunk-5KRARO46.js";
+} from "./chunk-UIDRWZWX.js";
 import {
   DEFAULT_ENV_ID,
   getPopSelfServeConfig,
   loadEnvironments,
   resolveEndpoints
-} from "./chunk-QRKI6MMK.js";
+} from "./chunk-JSYQ3JQS.js";
 import {
   NonRetryableError
 } from "./chunk-ZOC4GITL.js";
@@ -373,6 +373,7 @@ var DEFAULT_BULLETIN_RPC = "wss://paseo-bulletin-rpc.polkadot.io";
 var DEFAULT_POOL_SIZE = 10;
 var BULLETIN_ENDPOINTS = [DEFAULT_BULLETIN_RPC];
 var POOL_SIZE = DEFAULT_POOL_SIZE;
+var bulletinAutoAuthorize = false;
 var _deployRpcFailedOver = false;
 var _onWsHalt = null;
 function setWsHaltCallback(cb) {
@@ -511,7 +512,7 @@ async function getProvider() {
     const selectionResult = selectAccount(authorizations, Math.random, pinnedPoolIndex);
     const selectedAccount = selectionResult.account;
     const eligibleCount = selectionResult.eligibleCount;
-    await ensureAuthorized(unsafeApi, selectedAccount.address, `pool account ${selectedAccount.index}`);
+    await ensureAuthorized(unsafeApi, selectedAccount.address, `pool account ${selectedAccount.index}`, { autoAuthorize: bulletinAutoAuthorize });
     console.log(`   Using pool account ${selectedAccount.index}: ${selectedAccount.address}`);
     setDeployAttribute("deploy.signer.mode", "pool");
     setDeployAttribute("deploy.pool.account", truncateAddress(selectedAccount.address));
@@ -540,7 +541,7 @@ async function getDirectProvider(mnemonic, derivationPath = "") {
   let now = currentBlock.number;
   if (!auth || Number(auth.expiration ?? 0) <= now) {
     try {
-      await ensureAuthorized(unsafeApi, ss58, "direct signer");
+      await ensureAuthorized(unsafeApi, ss58, "direct signer", { autoAuthorize: bulletinAutoAuthorize });
       [auth, currentBlock] = await Promise.all([
         unsafeApi.query.TransactionStorage.Authorizations.getValue(Enum2("Account", ss58)),
         client.getFinalizedBlock()
@@ -572,7 +573,7 @@ async function getSignerProvider(signer, ss58) {
   let now = currentBlock.number;
   if (!auth || Number(auth.expiration ?? 0) <= now) {
     try {
-      await ensureAuthorized(unsafeApi, ss58, "external signer");
+      await ensureAuthorized(unsafeApi, ss58, "external signer", { autoAuthorize: bulletinAutoAuthorize });
       [auth, currentBlock] = await Promise.all([
         unsafeApi.query.TransactionStorage.Authorizations.getValue(Enum2("Account", ss58)),
         client.getFinalizedBlock()
@@ -614,6 +615,12 @@ function formatStorageSignerLine(slotAddress, failReason, owned) {
   }
   return `   Storage signer: pool fallback (${failReason ?? "no session"})`;
 }
+function formatTransferModeStorageSignerLine(workerAddress) {
+  return `   Storage signer: worker ${workerAddress} (transfer mode)`;
+}
+function formatTransferModeDotnsLine(alreadyOwned, dotName, recipient) {
+  return alreadyOwned ? `   DotNS: you already own ${dotName} \u2014 content update needs your phone signature (no transfer)` : `   DotNS: will register ${dotName} and transfer it to your account ${recipient}`;
+}
 function selectStorageReconnect(options) {
   if (options.storageSigner && options.storageSignerAddress) {
     let useSlot = true;
@@ -965,7 +972,7 @@ async function storeChunkedContent(chunks, { client: existingClient, unsafeApi:
     while (b < chunks.length) {
       if (wsHaltDetected && reconnect && reconnectionsUsed < MAX_RECONNECTIONS) {
         wsHaltDetected = false;
-        await doReconnect();
+        await doReconnectAndRebase();
       }
       const batchSize = reconnectionsUsed > 0 ? BATCH_SIZE_RECOVERY : BATCH_SIZE_INITIAL;
       const batchIndices = [];
@@ -1009,7 +1016,7 @@ async function storeChunkedContent(chunks, { client: existingClient, unsafeApi:
           for (const idx of batchIndices) {
             const chunkNonce = assignedNonces.get(idx);
             if (chunkNonce !== void 0 && chunkNonce < currentNonce && stored[idx] === null) {
-              console.log(`   Chunk ${idx + 1}: nonce ${chunkNonce} consumed (current=${currentNonce}), treating as included`);
+              console.log(`   Chunk ${idx}: nonce ${chunkNonce} consumed (current=${currentNonce}), treating as included`);
               stored[idx] = { cid: createCID(chunks[idx], CID_CONFIG.codec, 18), len: chunks[idx].length, viaFallback: true };
               nonceAdvanceIndices.add(idx);
               assignedNonces.delete(idx);
@@ -1027,7 +1034,7 @@ async function storeChunkedContent(chunks, { client: existingClient, unsafeApi:
         }
         const failCid = createCID(fail.chunkData, CID_CONFIG.codec, 18);
         if (probeFailedCids && probeFailedCids.has(failCid.toString()) && fail.error?.message?.includes("isValid:false")) {
-          console.log(`   Chunk ${fail.index + 1}: isValid:false but CID was probe-failed \u2014 treating as already on chain`);
+          console.log(`   Chunk ${fail.index}: isValid:false but CID was probe-failed \u2014 treating as already on chain`);
           captureWarning("isValid:false treated as success (probe-failed backstop)", { chunkIndex: fail.index + 1, cid: failCid.toString() });
           stored[fail.index] = { cid: failCid, len: fail.chunkData.length, viaFallback: true };
           continue;
@@ -1035,13 +1042,13 @@ async function storeChunkedContent(chunks, { client: existingClient, unsafeApi:
         captureWarning("Chunk upload failed, retrying", { chunkIndex: fail.index + 1, maxRetries: MAX_CHUNK_RETRIES, error: fail.error?.message?.slice(0, 200) });
         const isExpiryFailure = fail.error?.message?.includes("isValid:false");
         if (isExpiryFailure) {
-          console.log(`   Chunk ${fail.index + 1}: tx rejected (isValid:false), likely mortal era expiry \u2014 reissuing with fresh nonce`);
+          console.log(`   Chunk ${fail.index}: tx rejected (isValid:false), likely mortal era expiry \u2014 reissuing with fresh nonce`);
         }
         let retried = false;
         for (let attempt = 1; attempt <= MAX_CHUNK_RETRIES; attempt++) {
           recordRecoveryAndCheckBudget("chunk_retry");
           const retryDelay = Math.min(RETRY_BASE_DELAY_MS * Math.pow(2, attempt - 1), RETRY_MAX_DELAY_MS);
-          console.log(`   Retrying chunk ${fail.index + 1} (attempt ${attempt}/${MAX_CHUNK_RETRIES}) in ${(retryDelay / 1e3).toFixed(0)}s...`);
+          console.log(`   Retrying chunk ${fail.index} (attempt ${attempt}/${MAX_CHUNK_RETRIES}) in ${(retryDelay / 1e3).toFixed(0)}s...`);
           await new Promise((r) => setTimeout(r, retryDelay));
           let perRetryChanged = false;
           if (isConnectionError(fail.error) && reconnect && reconnectionsUsed < MAX_RECONNECTIONS) {
@@ -1056,7 +1063,7 @@ async function storeChunkedContent(chunks, { client: existingClient, unsafeApi:
             const currentNonce = await _fetchNonce(BULLETIN_ENDPOINTS, ss58);
             const originalNonce = assignedNonces.get(fail.index);
             if (!perRetryChanged && originalNonce !== void 0 && originalNonce < currentNonce) {
-              console.log(`   Chunk ${fail.index + 1}: nonce ${originalNonce} consumed (current=${currentNonce}), treating as included`);
+              console.log(`   Chunk ${fail.index}: nonce ${originalNonce} consumed (current=${currentNonce}), treating as included`);
               stored[fail.index] = { cid: createCID(fail.chunkData, CID_CONFIG.codec, 18), len: fail.chunkData.length, viaFallback: true };
               nonceAdvanceIndices.add(fail.index);
               assignedNonces.delete(fail.index);
@@ -1073,7 +1080,7 @@ async function storeChunkedContent(chunks, { client: existingClient, unsafeApi:
             break;
           } catch (e) {
             if (probeFailedCids && probeFailedCids.has(failCid.toString()) && e?.message?.includes("isValid:false")) {
-              console.log(`   Chunk ${fail.index + 1}: retry isValid:false but CID was probe-failed \u2014 treating as already on chain`);
+              console.log(`   Chunk ${fail.index}: retry isValid:false but CID was probe-failed \u2014 treating as already on chain`);
               captureWarning("isValid:false retry treated as success (probe-failed backstop)", { chunkIndex: fail.index + 1, cid: failCid.toString(), attempt });
               stored[fail.index] = { cid: failCid, len: fail.chunkData.length, viaFallback: true };
               assignedNonces.delete(fail.index);
@@ -1094,7 +1101,7 @@ async function storeChunkedContent(chunks, { client: existingClient, unsafeApi:
           if (isConnectionError(fail.error) && reconnectionsUsed >= MAX_RECONNECTIONS) {
             throw new Error(`Connection lost and max reconnections (${MAX_RECONNECTIONS}) exhausted`);
           }
-          throw new Error(`Chunk ${fail.index + 1} failed after ${MAX_CHUNK_RETRIES} retries: ${fail.error?.message?.slice(0, 100)}`);
+          throw new Error(`Chunk ${fail.index} failed after ${MAX_CHUNK_RETRIES} retries: ${fail.error?.message?.slice(0, 100)}`);
         }
       }
       b += batchSize;
@@ -1118,7 +1125,7 @@ async function storeChunkedContent(chunks, { client: existingClient, unsafeApi:
       for (const m of missingResults) {
         const idx = cidToIndex.get(m.cid);
         for (let attempt = 1; attempt <= MAX_REPROBE_RETRIES; attempt++) {
-          console.log(`   Nonce-collision re-upload: chunk ${idx + 1} (attempt ${attempt}/${MAX_REPROBE_RETRIES})`);
+          console.log(`   Nonce-collision re-upload: chunk ${idx} (attempt ${attempt}/${MAX_REPROBE_RETRIES})`);
           try {
             const freshNonce = await _fetchNonce(BULLETIN_ENDPOINTS, ss58);
             const result2 = await storeChunk(unsafeApi, signer, chunks[idx], freshNonce, ss58, { fetchNonce: fetchNonceOverride });
@@ -1133,7 +1140,7 @@ async function storeChunkedContent(chunks, { client: existingClient, unsafeApi:
               }
             }
             if (attempt === MAX_REPROBE_RETRIES) {
-              throw new Error(`Nonce-collision re-upload of chunk ${idx + 1} failed after ${MAX_REPROBE_RETRIES} attempts: ${e.message?.slice(0, 100)}`);
+              throw new Error(`Nonce-collision re-upload of chunk ${idx} failed after ${MAX_REPROBE_RETRIES} attempts: ${e.message?.slice(0, 100)}`);
             }
           }
         }
@@ -1154,7 +1161,7 @@ async function storeChunkedContent(chunks, { client: existingClient, unsafeApi:
     for (let i = 0; i < chunks.length; i++) {
       const expectedCid = createCID(chunks[i], CID_CONFIG.codec, 18);
       if (verifiedStored[i].cid.toString() !== expectedCid.toString()) {
-        throw new Error(`Chunk verification failed: chunk ${i + 1} CID mismatch (expected ${expectedCid}, got ${verifiedStored[i].cid})`);
+        throw new Error(`Chunk verification failed: chunk ${i} CID mismatch (expected ${expectedCid}, got ${verifiedStored[i].cid})`);
       }
     }
     console.log(`   All ${chunks.length} chunks verified \u2713`);
@@ -1993,6 +2000,7 @@ async function deploy(content, domainName = null, options = {}) {
   let envNativeToEthRatio;
   let envRegisterStorageDeposit;
   let envPopSelfServe = null;
+  bulletinAutoAuthorize = false;
   if (options.bulletinEndpoints && options.bulletinEndpoints.length > 0) {
     envBulletin = options.bulletinEndpoints;
     envAssetHub = options.assetHubEndpoints;
@@ -2011,6 +2019,7 @@ async function deploy(content, domainName = null, options = {}) {
       envNativeToEthRatio = resolved.nativeToEthRatio;
       envRegisterStorageDeposit = resolved.registerStorageDeposit;
       envPopSelfServe = getPopSelfServeConfig(doc, envId);
+      bulletinAutoAuthorize = resolved.bulletinAutoAuthorize;
     } catch (e) {
       if (e instanceof NonRetryableError) throw e;
       if (options.env !== void 0) throw e;
@@ -2056,7 +2065,7 @@ async function deploy(content, domainName = null, options = {}) {
       sessionCleanup = actors.worker.destroy.bind(actors.worker);
       if (actors.worker.source === "session") resolvedUserSession = actors.worker;
       if (actors.recipientH160) {
-        console.log(`   Worker: ${actors.worker.source} signer ${actors.worker.address} \u2192 will transfer ${domainName ?? "the name"} to ${actors.recipientH160}`);
+        console.log(`   Worker: ${actors.worker.source} signer ${actors.worker.address} (signs Bulletin storage)`);
       } else {
         console.log(`   Using ${actors.worker.source} signer: ${actors.worker.address}`);
       }
@@ -2107,8 +2116,10 @@ async function deploy(content, domainName = null, options = {}) {
     if (slotResult) {
       options = { ...options, storageSigner: slotResult.signer, storageSignerAddress: slotResult.slotAddress };
       console.log(formatStorageSignerLine(slotResult.slotAddress, void 0, slotResult.owned));
+    } else if (options.transferTo && options.signerAddress) {
+      console.log(formatTransferModeStorageSignerLine(options.signerAddress));
     } else {
-      const storageFailReason = resolvedUserSession ? "no allowance" : options.transferTo ? "transfer mode \u2014 worker signs storage" : void 0;
+      const storageFailReason = resolvedUserSession ? "no allowance" : void 0;
       console.log(formatStorageSignerLine(null, storageFailReason));
     }
   }
@@ -2214,8 +2225,8 @@ async function deploy(content, domainName = null, options = {}) {
             const fromName = popStatusName(dotnsPreflight.userStatus);
             console.log(`   Your PoP: ${fromName}`);
             console.log(`   Domain: ${alreadyOwned ? "owned by you" : "available"}`);
-            if (dotnsPreflight.plannedAction === "already-owned-by-recipient") {
-              console.log(`   DotNS signer: owner identity (phone signature required for content update)`);
+            if (options.transferTo) {
+              console.log(formatTransferModeDotnsLine(alreadyOwned, `${name}.dot`, options.transferTo));
             }
           }
           if (!dotnsPreflight.canProceed) {
@@ -2570,7 +2581,7 @@ async function deploy(content, domainName = null, options = {}) {
         console.log("=".repeat(60));
         console.log("\nCheck it out here:");
         console.log(`   ${browserUrlFor(name, envId)}`);
-        console.log(`   ${name}.dot  (in a Polkadot-aware browser)`);
+        console.log(`   ${name}.dot  (in a Polkadot app: mobile or desktop)`);
         console.log("\n" + "=".repeat(60) + "\n");
         return { domainName: name, fullDomain: `${name}.dot`, cid, ipfsCid };
       } finally {
@@ -3026,6 +3037,8 @@ export {
   isPhoneSignerActive,
   shouldHandoverName,
   formatStorageSignerLine,
+  formatTransferModeStorageSignerLine,
+  formatTransferModeDotnsLine,
   storeFile,
   __assignDenseNoncesForTest,
   storeChunkedContent,

package/dist/{chunk-PYGCOK67.js → chunk-ITXKADHO.js}

@@ -3,7 +3,7 @@ import {
 } from "./chunk-SI2ZUOYD.js";
 import {
   isTestnetSpecName
-} from "./chunk-4IUTMHVB.js";
+} from "./chunk-MRQPJLPS.js";
 import {
   captureWarning,
   markCodePath,
@@ -11,10 +11,10 @@ import {
   setDeploySentryTag,
   truncateAddress,
   withSpan
-} from "./chunk-5KRARO46.js";
+} from "./chunk-UIDRWZWX.js";
 import {
   validateContractAddresses
-} from "./chunk-QRKI6MMK.js";
+} from "./chunk-JSYQ3JQS.js";
 import {
   NonRetryableError
 } from "./chunk-ZOC4GITL.js";
@@ -126,6 +126,7 @@ var TX_WALL_CLOCK_CEILING_MS = 24e4;
 var TX_NO_PROGRESS_MS = 9e4;
 var WS_HEARTBEAT_TIMEOUT_MS = 3e5;
 var DOTNS_TX_MAX_ATTEMPTS = 3;
+var VERIFY_EFFECT_CHAIN_SECONDS = 60;
 function classifyTxRetryDecision(err) {
   const msg = err instanceof Error ? err.message : String(err);
   const lower = msg.toLowerCase();
@@ -146,6 +147,9 @@ function dotnsRetryBackoffMs(attempt, rand = Math.random) {
 function shouldRetryTxAttempt(attempt, maxAttempts, decision) {
   return decision === "retry" && attempt < maxAttempts;
 }
+function shouldRegateBeforeResign(attempt, isPhoneSigner) {
+  return attempt >= 2 && isPhoneSigner === true;
+}
 function makeRetryStatusFilter(sink) {
   let buffered = false;
   let includedSeen = false;
@@ -783,6 +787,9 @@ var ReviveClientWrapper = class _ReviveClientWrapper {
     let lastError;
     for (let attempt = 1; attempt <= DOTNS_TX_MAX_ATTEMPTS; attempt++) {
       filter.reset();
+      if (shouldRegateBeforeResign(attempt, opts.isPhoneSigner)) {
+        await opts.onResign?.(attempt);
+      }
       try {
         return await this.signAndSubmitExtrinsic(buildExtrinsic(), signer, filter.callback, opts);
       } catch (e) {
@@ -830,7 +837,7 @@ var ReviveClientWrapper = class _ReviveClientWrapper {
       storage_deposit_limit: storageDepositLimit
     };
   }
-  async submitTransaction(contractAddress, value, encodedData, signerSubstrateAddress, signer, statusCallback, { rpcs, useNoncePolling, functionName, args, contracts, verifyEffect, feeAsset }) {
+  async submitTransaction(contractAddress, value, encodedData, signerSubstrateAddress, signer, statusCallback, { rpcs, useNoncePolling, functionName, args, contracts, verifyEffect, feeAsset, isPhoneSigner, onResign }) {
     await this.ensureAccountMapped(signerSubstrateAddress, signer);
     if (functionName === "register") {
       try {
@@ -862,7 +869,7 @@ var ReviveClientWrapper = class _ReviveClientWrapper {
       "chain.tx.submit",
       `sign+submit ${functionName ?? "Revive.call"}`,
       { "chain.function_name": functionName ?? "Revive.call", "chain.use_nonce_polling": Boolean(useNoncePolling) },
-      () => this.signAndSubmitWithRetry(buildExtrinsic, signer, statusCallback, "Revive.call", { nonceFallback, verifyEffect, feeAsset })
+      () => this.signAndSubmitWithRetry(buildExtrinsic, signer, statusCallback, "Revive.call", { nonceFallback, verifyEffect, feeAsset, isPhoneSigner, onResign })
     );
   }
   // Dry-runs each call individually, then wraps them in a single
@@ -1484,7 +1491,22 @@ var DotNS = class {
       await this._awaitPhoneReady(phoneLabel);
     }
     return await withTimeout(
-      this.clientWrapper.submitTransaction(contractAddress, value, encodedCallData, this.substrateAddress, this.signer, statusCallback, { rpcs, useNoncePolling, functionName, args, contracts: this._contracts, verifyEffect, feeAsset }),
+      this.clientWrapper.submitTransaction(contractAddress, value, encodedCallData, this.substrateAddress, this.signer, statusCallback, {
+        rpcs,
+        useNoncePolling,
+        functionName,
+        args,
+        contracts: this._contracts,
+        verifyEffect,
+        feeAsset,
+        // Re-gate phone-signer retries (#971): a verifyEffect false-negative
+        // makes signAndSubmitWithRetry re-sign; for a phone signer that needs
+        // another tap, so pause via _awaitPhoneReady ("Re-sign needed … Check
+        // your phone / Press Y") before re-signing. Both _awaitPhoneReady and the
+        // retry-loop guard no-op for non-phone signers (local/dev workers).
+        isPhoneSigner: this._isPhoneSigner,
+        onResign: phoneLabel !== void 0 ? () => this._awaitPhoneReady(phoneLabel) : void 0
+      }),
       OPERATION_TIMEOUT_MS,
       functionName
     );
@@ -1587,7 +1609,7 @@ var DotNS = class {
       const parentNode = namehash(`${parentLabel}.dot`);
       const subnodeNode = namehash(`${sublabel}.${parentLabel}.dot`);
       const subnodeRecord = { parentNode, subLabel: sublabel, parentLabel, owner: this.evmAddress };
-      const MAX_VERIFY_CHAIN_SECONDS = 30;
+      const MAX_VERIFY_CHAIN_SECONDS = VERIFY_EFFECT_CHAIN_SECONDS;
       const POLL_INTERVAL_MS = 2e3;
       const verifyEffect = async () => {
         const wrapper = this.clientWrapper;
@@ -1727,7 +1749,7 @@ var DotNS = class {
       } catch (_) {
       }
       setDeployAttribute("deploy.dotns.contenthash_unchanged", "false");
-      const MAX_VERIFY_CHAIN_SECONDS = 30;
+      const MAX_VERIFY_CHAIN_SECONDS = VERIFY_EFFECT_CHAIN_SECONDS;
       const POLL_INTERVAL_MS = 2e3;
       const verifyEffect = async () => {
         const wrapper = this.clientWrapper;
@@ -1824,7 +1846,7 @@ var DotNS = class {
       this.ensureConnected();
       console.log(`   Setting text[${key}]: ${value}`);
       const node = namehash(`${domainName}.dot`);
-      const MAX_VERIFY_CHAIN_SECONDS = 30;
+      const MAX_VERIFY_CHAIN_SECONDS = VERIFY_EFFECT_CHAIN_SECONDS;
       const TEXT_POLL_INTERVAL_MS = 2e3;
       const verifyEffect = async () => {
         const wrapper = this.clientWrapper;
@@ -1956,7 +1978,7 @@ var DotNS = class {
         console.log(`   Already published \u2014 skipping`);
         return { status: "already-published" };
       }
-      const MAX_VERIFY_CHAIN_SECONDS = 30;
+      const MAX_VERIFY_CHAIN_SECONDS = VERIFY_EFFECT_CHAIN_SECONDS;
       const PUBLISH_POLL_INTERVAL_MS = 2e3;
       const verifyEffect = async () => {
         const wrapper = this.clientWrapper;
@@ -2029,7 +2051,7 @@ var DotNS = class {
         console.log(`   Not currently published \u2014 skipping`);
         return { status: "already-unpublished" };
       }
-      const MAX_VERIFY_CHAIN_SECONDS = 30;
+      const MAX_VERIFY_CHAIN_SECONDS = VERIFY_EFFECT_CHAIN_SECONDS;
       const UNPUBLISH_POLL_INTERVAL_MS = 2e3;
       const verifyEffect = async () => {
         const wrapper = this.clientWrapper;
@@ -2737,9 +2759,11 @@ export {
   TX_NO_PROGRESS_MS,
   WS_HEARTBEAT_TIMEOUT_MS,
   DOTNS_TX_MAX_ATTEMPTS,
+  VERIFY_EFFECT_CHAIN_SECONDS,
   classifyTxRetryDecision,
   dotnsRetryBackoffMs,
   shouldRetryTxAttempt,
+  shouldRegateBeforeResign,
   makeRetryStatusFilter,
   DEFAULT_MNEMONIC,
   fetchNonce,

package/dist/{chunk-QRKI6MMK.js → chunk-JSYQ3JQS.js}

@@ -14,6 +14,7 @@ var environments_default = {
       name: "Preview",
       network: "testnet",
       description: "Product Preview net, used by Product Teams",
+      bulletinAutoAuthorize: true,
       e2eEligible: true,
       backend: "https://polkadot-app-stg.parity.io/",
       ipfs: "https://previewnet.substrate.dev",
@@ -105,6 +106,7 @@ var environments_default = {
       name: "Paseo Next v2",
       network: "testnet",
       description: "Next iteration of the Paseo Next testnet",
+      bulletinAutoAuthorize: true,
       e2eEligible: true,
       backend: "https://identity-backend-next.parity-testnet.parity.io",
       ipfs: "https://paseo-bulletin-next-ipfs.polkadot.io",
@@ -652,7 +654,8 @@ function resolveEndpoints(doc, envId) {
     autoAccountMapping: env.autoAccountMapping ?? false,
     contracts: env.contracts ?? {},
     nativeToEthRatio: BigInt(env.nativeToEthRatio ?? 1e6),
-    ...env.registerStorageDeposit !== void 0 ? { registerStorageDeposit: BigInt(env.registerStorageDeposit) } : {}
+    ...env.registerStorageDeposit !== void 0 ? { registerStorageDeposit: BigInt(env.registerStorageDeposit) } : {},
+    bulletinAutoAuthorize: env.bulletinAutoAuthorize ?? false
   };
 }
 function getPopSelfServeConfig(doc, envId) {

package/dist/{chunk-RVGCHRLK.js → chunk-KBKS3V2V.js}

@@ -3,10 +3,10 @@ import {
 } from "./chunk-TSPERKUS.js";
 import {
   VERSION
-} from "./chunk-5KRARO46.js";
+} from "./chunk-UIDRWZWX.js";
 import {
   loadEnvironments
-} from "./chunk-QRKI6MMK.js";
+} from "./chunk-JSYQ3JQS.js";
 
 // src/auth-config.ts
 import { existsSync, readdirSync } from "fs";

package/dist/{chunk-PH32GINP.js → chunk-LFRH4HBZ.js}

@@ -6,7 +6,7 @@ import * as path from "path";
 // package.json
 var package_default = {
   name: "@parity/product-deploy",
-  version: "0.11.0-rc.3",
+  version: "0.11.0-rc.5",
   private: false,
   repository: {
     type: "git",

package/dist/{chunk-RFT2I7TB.js → chunk-M6OQTMDB.js}

@@ -3,7 +3,7 @@ import {
 } from "./chunk-GRPLHUYC.js";
 import {
   DOT_DAPP_ID
-} from "./chunk-RVGCHRLK.js";
+} from "./chunk-KBKS3V2V.js";
 
 // src/sss-allowance-cache.ts
 import { mkdir, readFile, writeFile, unlink } from "fs/promises";

package/dist/{chunk-4IUTMHVB.js → chunk-MRQPJLPS.js}

@@ -100,17 +100,38 @@ function clampU32(n, name) {
   if (n > U32_MAX) throw new Error(`${name} (${n}) exceeds u32 max \u2014 split the deploy into smaller batches`);
   return Number(n);
 }
-async function ensureAuthorized(api, address, label) {
+async function ensureAuthorized(api, address, label, opts = {}) {
   const [auth, currentBlock] = await Promise.all([
     api.query.TransactionStorage.Authorizations.getValue(Enum("Account", address)),
     api.query.System.Number.getValue()
   ]);
   if (isAuthorizationSufficient(auth, currentBlock)) return;
-  const isTestnet = await detectTestnet(api);
   const who = `${label ?? "account"} (${address.slice(0, 8)}...)`;
+  if (opts.autoAuthorize) {
+    await cryptoWaitReady();
+    const keyring = new Keyring({ type: "sr25519" });
+    const alice = keyring.addFromUri("//Alice");
+    const signer = getPolkadotSigner(alice.publicKey, "Sr25519", (data) => alice.sign(data));
+    const grant = `${TOPUP_TRANSACTIONS} txs / ${Number(TOPUP_BYTES) / 1e6}MB`;
+    console.log(`   Auto-authorizing ${who} on Bulletin (${grant})...`);
+    const tx = api.tx.TransactionStorage.authorize_account({
+      who: address,
+      transactions: clampU32(BigInt(TOPUP_TRANSACTIONS), "transactions"),
+      bytes: TOPUP_BYTES
+    });
+    const result = await tx.signAndSubmit(signer);
+    if (!result?.ok) {
+      throw new Error(
+        `Auto-authorization of Bulletin storage account ${who} failed: authorize_account was rejected. This environment is flagged bulletinAutoAuthorize, but //Alice may not hold authorizer rights on this chain.`
+      );
+    }
+    console.log(`   Authorized: ${grant}`);
+    return;
+  }
+  const isTestnet = await detectTestnet(api);
   if (isTestnet) {
     throw new Error(
-      `Bulletin storage account ${who} is not authorized (or its authorization expired). bulletin-deploy no longer self-authorizes on the Bulletin chain \u2014 request authorization for this account from the chain's authorizer (testnet faucet / personhood / pool bootstrap), then retry.`
+      `Bulletin storage account ${who} is not authorized (or its authorization expired). bulletin-deploy self-authorizes only on allow-listed testnets (environments.json bulletinAutoAuthorize) \u2014 request authorization for this account from the chain's authorizer (testnet faucet / personhood / pool bootstrap), then retry.`
     );
   }
   throw new Error(

package/dist/{chunk-2NLCZQY4.js → chunk-NEQRG3AY.js}

@@ -1,6 +1,6 @@
 import {
   VERSION
-} from "./chunk-5KRARO46.js";
+} from "./chunk-UIDRWZWX.js";
 
 // src/version-check.ts
 import { execSync, execFileSync } from "child_process";

package/dist/{chunk-24KTLZ67.js → chunk-OZEJEDHM.js}

@@ -4,10 +4,10 @@ import {
 } from "./chunk-5FLTDWWP.js";
 import {
   DOT_PRODUCT_ID
-} from "./chunk-RVGCHRLK.js";
+} from "./chunk-KBKS3V2V.js";
 import {
   DEFAULT_MNEMONIC
-} from "./chunk-PYGCOK67.js";
+} from "./chunk-ITXKADHO.js";
 
 // src/deploy-actors.ts
 var DEFAULT_WORKER_SURI = DEFAULT_MNEMONIC;
@@ -23,8 +23,18 @@ async function resolveDeployActors(authClient, { suri, transferEnabled, isTestne
   if (sessionPresent && transferEnabled) {
     if (!suri && !isTestnet) throw new MainnetDefaultWorkerError();
     const worker2 = await resolveSigner(authClient, { suri: suri ?? DEFAULT_WORKER_SURI });
-    const handle = await authClient.getSessionSigner();
-    if (!handle) throw new Error("transfer mode active but no session resolved; pass --no-transfer-to-signedin-user.");
+    let handle = null;
+    try {
+      handle = await authClient.getSessionSigner();
+    } catch {
+      handle = null;
+    }
+    if (!handle) {
+      console.error(
+        "\u26A0  Found a login session on disk but couldn't load it \u2014 deploying without transfer (the worker signs directly). Log in again if you meant to transfer to your account."
+      );
+      return { worker: worker2 };
+    }
     try {
       return { worker: worker2, recipientH160: handle.addresses.productH160 };
     } finally {