@parity/product-deploy 0.7.28-rc.0

package/dist/chunk-DNXH4QTI.js

@@ -0,0 +1,2336 @@
+import {
+  isTestnetSpecName
+} from "./chunk-QMYW3D6E.js";
+import {
+  captureWarning,
+  setDeployAttribute,
+  setDeploySentryTag,
+  truncateAddress,
+  withSpan
+} from "./chunk-MFTODIIT.js";
+import {
+  validateContractAddresses
+} from "./chunk-OITUIM2E.js";
+import {
+  NonRetryableError
+} from "./chunk-ZOC4GITL.js";
+
+// src/dotns.ts
+import crypto from "crypto";
+import { createClient, Enum } from "polkadot-api";
+import { getPolkadotSigner } from "polkadot-api/signer";
+import { getWsProvider } from "polkadot-api/ws";
+import { Keyring } from "@polkadot/keyring";
+import { cryptoWaitReady } from "@polkadot/util-crypto";
+import { Binary } from "polkadot-api";
+import {
+  encodeFunctionData,
+  decodeFunctionResult,
+  decodeErrorResult,
+  keccak256,
+  toBytes,
+  formatEther,
+  isAddress,
+  bytesToHex,
+  isHex,
+  toHex,
+  zeroAddress,
+  namehash,
+  concatHex
+} from "viem";
+import { CID } from "multiformats/cid";
+var TX_KIND_HASH = "hash";
+var TX_KIND_NONCE_ADVANCED = "nonce-advanced";
+var ATTR_TX_RESOLUTION_KIND = "deploy.dotns.tx_resolution_kind";
+var ONE_PAS = 10000000000n;
+var FEE_FLOOR_OWNED = ONE_PAS / 100n;
+var FEE_FLOOR_REGISTER = ONE_PAS / 10n;
+var TOP_UP_TARGET = ONE_PAS / 2n;
+var SOURCE_BUFFER = ONE_PAS;
+var MINIMUM_REGISTER_STORAGE_DEPOSIT = 2000000000000n;
+var REPROVE_FEE_ESTIMATE = ONE_PAS / 100n;
+var REPROVE_FEE_SAFETY_MARGIN_PCT = 110n;
+var TOP_UP_TRANSFER_TIMEOUT_MS = 6e4;
+var PASEO_FAUCET_URL = "https://faucet.polkadot.io";
+function fmtPas(plancks) {
+  return (Number(plancks) / Number(ONE_PAS)).toFixed(4);
+}
+function resolveNativeTokenSymbol(envId) {
+  if (!envId) return "PAS";
+  if (envId.includes("paseo")) return "PAS";
+  if (envId.includes("westend")) return "WND";
+  if (envId.includes("rococo")) return "ROC";
+  return "PAS";
+}
+function feeFloorFor(plannedAction, storageDeposit = MINIMUM_REGISTER_STORAGE_DEPOSIT) {
+  if (plannedAction === "already-owned-by-us") return FEE_FLOOR_OWNED;
+  return FEE_FLOOR_REGISTER + storageDeposit;
+}
+function topUpTargetFor(plannedAction, storageDeposit = MINIMUM_REGISTER_STORAGE_DEPOSIT) {
+  if (plannedAction === "already-owned-by-us") return TOP_UP_TARGET;
+  return TOP_UP_TARGET + storageDeposit;
+}
+var RPC_ENDPOINTS = [
+  "wss://asset-hub-paseo.dotters.network",
+  "wss://sys.ibp.network/asset-hub-paseo",
+  "wss://pas-rpc.stakeworld.io/assethub"
+];
+var CONTRACTS = {
+  DOTNS_REGISTRAR: "0x329aAA5b6bEa94E750b2dacBa74Bf41291E6c2BD",
+  DOTNS_REGISTRAR_CONTROLLER: "0xd09e0F1c1E6CE8Cf40df929ef4FC778629573651",
+  DOTNS_REGISTRY: "0x4Da0d37aBe96C06ab19963F31ca2DC0412057a6f",
+  DOTNS_RESOLVER: "0x95645C7fD0fF38790647FE13F87Eb11c1DCc8514",
+  DOTNS_CONTENT_RESOLVER: "0x7756DF72CBc7f062e7403cD59e45fBc78bed1cD7",
+  DOTNS_REVERSE_RESOLVER: "0x95D57363B491CF743970c640fe419541386ac8BF",
+  STORE_FACTORY: "0x030296782F4d3046B080BcB017f01837561D9702",
+  POP_RULES: "0x4e8920B1E69d0cEA9b23CBFC87A17Ee6fE02d2d3"
+};
+var PERSONHOOD_PRECOMPILE_ADDRESS = "0x000000000000000000000000000000000a010000";
+var PERSONHOOD_CONTEXT = "0x646f746e73000000000000000000000000000000000000000000000000000000";
+var DECIMALS = 12n;
+var NATIVE_TO_ETH_RATIO = 1000000n;
+var CONNECTION_TIMEOUT_MS = 3e4;
+var OPERATION_TIMEOUT_MS = 3e5;
+var TX_TIMEOUT_MS = 9e4;
+var TX_CHAIN_TIME_BUDGET_MS = 18e4;
+var TX_WALL_CLOCK_CEILING_MS = 10 * 60 * 1e3;
+var WS_HEARTBEAT_TIMEOUT_MS = 3e5;
+var DOTNS_TX_MAX_ATTEMPTS = 3;
+function classifyTxRetryDecision(err) {
+  const msg = err instanceof Error ? err.message : String(err);
+  const lower = msg.toLowerCase();
+  if (lower.includes("nonce-advance fallback")) return "retry";
+  if (/\bstale\b/.test(lower)) return "retry";
+  if (/"type"\s*:\s*"future"|\binvalid::future\b/.test(lower)) return "retry";
+  if (lower.includes("websocket") || lower.includes("connection") || lower.includes("socket closed") || lower.includes("disconnect")) return "retry";
+  if (lower.includes("timed out") || lower.includes("timeout")) return "retry";
+  return "abort";
+}
+var DEFAULT_MNEMONIC = "bottom drive obey lake curtain smoke basket hold race lonely fit walk";
+var _rpcIdCounter = 0;
+async function fetchNonceFromEndpoint(rpc, ss58Address) {
+  if (!globalThis.WebSocket) throw new Error("WebSocket support is required to fetch nonce");
+  return new Promise((resolve, reject) => {
+    let done = false;
+    const settle = (fn, ...args) => {
+      if (done) return;
+      done = true;
+      clearTimeout(timer);
+      try {
+        ws.close();
+      } catch {
+      }
+      fn(...args);
+    };
+    const timer = setTimeout(() => settle(reject, new Error(`fetchNonce timed out after 8s for ${rpc}`)), 8e3);
+    const ws = new WebSocket(rpc);
+    const id = ++_rpcIdCounter;
+    ws.onopen = () => ws.send(JSON.stringify({ jsonrpc: "2.0", id, method: "system_accountNextIndex", params: [ss58Address] }));
+    ws.onmessage = (e) => {
+      const d = typeof e.data === "string" ? e.data : e.data.toString();
+      const r = JSON.parse(d);
+      if (r.id === id) {
+        r.error ? settle(reject, new Error(r.error.message)) : settle(resolve, r.result);
+      }
+    };
+    ws.onerror = () => settle(reject, new Error(`WebSocket to ${rpc} failed`));
+    ws.onclose = () => settle(reject, new Error(`WebSocket to ${rpc} closed before response`));
+  });
+}
+async function fetchNonce(rpc, ss58Address) {
+  if (Array.isArray(rpc)) return Promise.any(rpc.map((ep) => fetchNonceFromEndpoint(ep, ss58Address)));
+  return fetchNonceFromEndpoint(rpc, ss58Address);
+}
+async function verifyNonceAdvanced(endpoints, ss58Address, originalNonce) {
+  const results = await Promise.allSettled(
+    endpoints.map((ep) => fetchNonceFromEndpoint(ep, ss58Address).then((n) => ({ n, ep })))
+  );
+  for (const r of results) {
+    if (r.status === "fulfilled" && r.value.n > originalNonce) {
+      return { advanced: true, witnessRpc: r.value.ep };
+    }
+  }
+  return { advanced: false };
+}
+var ProofOfPersonhoodStatus = {
+  NoStatus: 0,
+  ProofOfPersonhoodLite: 1,
+  ProofOfPersonhoodFull: 2,
+  Reserved: 3
+};
+var DOTNS_REGISTRAR_CONTROLLER_ABI = [
+  { inputs: [{ name: "registration", type: "tuple", components: [{ name: "label", type: "string" }, { name: "owner", type: "address" }, { name: "secret", type: "bytes32" }, { name: "reserved", type: "bool" }] }], name: "makeCommitment", outputs: [{ name: "", type: "bytes32" }], stateMutability: "view", type: "function" },
+  { inputs: [{ name: "commitment", type: "bytes32" }], name: "commit", outputs: [], stateMutability: "nonpayable", type: "function" },
+  { inputs: [], name: "minCommitmentAge", outputs: [{ name: "", type: "uint256" }], stateMutability: "view", type: "function" },
+  { inputs: [], name: "maxCommitmentAge", outputs: [{ name: "", type: "uint256" }], stateMutability: "view", type: "function" },
+  { inputs: [{ name: "commitment", type: "bytes32" }], name: "commitments", outputs: [{ name: "", type: "uint256" }], stateMutability: "view", type: "function" },
+  { inputs: [{ name: "registration", type: "tuple", components: [{ name: "label", type: "string" }, { name: "owner", type: "address" }, { name: "secret", type: "bytes32" }, { name: "reserved", type: "bool" }] }], name: "register", outputs: [], stateMutability: "payable", type: "function" }
+];
+var DOTNS_REGISTRAR_ABI = [
+  { inputs: [{ name: "tokenId", type: "uint256" }], name: "ownerOf", outputs: [{ name: "", type: "address" }], stateMutability: "view", type: "function" }
+];
+var POP_RULES_ABI = [
+  { inputs: [{ name: "name", type: "string" }], name: "classifyName", outputs: [{ name: "requirement", type: "uint8" }, { name: "message", type: "string" }], stateMutability: "pure", type: "function" },
+  { inputs: [{ name: "name", type: "string" }], name: "price", outputs: [{ name: "", type: "uint256" }], stateMutability: "view", type: "function" },
+  { inputs: [{ name: "name", type: "string" }, { name: "userAddress", type: "address" }], name: "priceWithCheck", outputs: [{ name: "metadata", type: "tuple", components: [{ name: "price", type: "uint256" }, { name: "status", type: "uint8" }, { name: "userStatus", type: "uint8" }, { name: "message", type: "string" }] }], stateMutability: "view", type: "function" },
+  { inputs: [{ name: "name", type: "string" }, { name: "userAddress", type: "address" }], name: "priceWithoutCheck", outputs: [{ name: "metadata", type: "tuple", components: [{ name: "price", type: "uint256" }, { name: "status", type: "uint8" }, { name: "userStatus", type: "uint8" }, { name: "message", type: "string" }] }], stateMutability: "view", type: "function" },
+  { inputs: [{ name: "name", type: "string" }], name: "isBaseNameReserved", outputs: [{ name: "isReserved", type: "bool" }, { name: "reservationOwner", type: "address" }, { name: "expiryTimestamp", type: "uint64" }], stateMutability: "view", type: "function" }
+];
+var PERSONHOOD_ABI = [
+  {
+    type: "function",
+    name: "personhoodStatus",
+    inputs: [
+      { name: "account", type: "address" },
+      { name: "context", type: "bytes32" }
+    ],
+    outputs: [
+      {
+        name: "info",
+        type: "tuple",
+        components: [
+          { name: "status", type: "uint8" },
+          { name: "contextAlias", type: "bytes32" }
+        ]
+      }
+    ],
+    stateMutability: "view"
+  }
+];
+var DOTNS_REGISTRY_ABI = [
+  { inputs: [{ name: "record", type: "tuple", components: [{ name: "parentNode", type: "bytes32" }, { name: "subLabel", type: "string" }, { name: "parentLabel", type: "string" }, { name: "owner", type: "address" }] }], name: "setSubnodeOwner", outputs: [{ name: "subnode", type: "bytes32" }], stateMutability: "nonpayable", type: "function" },
+  { inputs: [{ name: "node", type: "bytes32" }, { name: "newResolver", type: "address" }], name: "setResolver", outputs: [], stateMutability: "nonpayable", type: "function" },
+  { inputs: [{ name: "node", type: "bytes32" }], name: "owner", outputs: [{ name: "", type: "address" }], stateMutability: "view", type: "function" },
+  { inputs: [{ name: "node", type: "bytes32" }], name: "resolver", outputs: [{ name: "", type: "address" }], stateMutability: "view", type: "function" }
+];
+var DOTNS_CONTENT_RESOLVER_ABI = [
+  { inputs: [{ name: "node", type: "bytes32" }, { name: "hash", type: "bytes" }], name: "setContenthash", outputs: [], stateMutability: "nonpayable", type: "function" },
+  { inputs: [{ name: "node", type: "bytes32" }], name: "contenthash", outputs: [{ name: "", type: "bytes" }], stateMutability: "view", type: "function" }
+];
+var DOTNS_TEXT_RESOLVER_ABI = [
+  { inputs: [{ name: "node", type: "bytes32" }, { name: "key", type: "string" }, { name: "value", type: "string" }], name: "setText", outputs: [], stateMutability: "nonpayable", type: "function" },
+  { inputs: [{ name: "node", type: "bytes32" }, { name: "key", type: "string" }], name: "text", outputs: [{ name: "", type: "string" }], stateMutability: "view", type: "function" }
+];
+var PUBLISHER_ABI = [
+  { inputs: [{ name: "label", type: "string" }], name: "publish", outputs: [], stateMutability: "nonpayable", type: "function" },
+  { inputs: [{ name: "label", type: "string" }], name: "unpublish", outputs: [], stateMutability: "nonpayable", type: "function" },
+  { inputs: [{ name: "labelhash", type: "bytes32" }], name: "isPublished", outputs: [{ name: "", type: "bool" }], stateMutability: "view", type: "function" },
+  { inputs: [], name: "EmptyLabel", type: "error" },
+  { inputs: [], name: "NoPersonhood", type: "error" },
+  { inputs: [{ name: "nextAllowedAt", type: "uint64" }], name: "CooldownActive", type: "error" },
+  { inputs: [{ name: "caller", type: "address" }, { name: "tokenId", type: "uint256" }], name: "NotOwner", type: "error" }
+];
+var PublisherNotSupportedError = class extends Error {
+  constructor(envName) {
+    super(`Publisher contract is not configured for environment '${envName}'. Use an env that has a deployed Publisher (currently: paseo-next-v2).`);
+    this.name = "PublisherNotSupportedError";
+  }
+};
+var ContractDryRunRevertError = class extends Error {
+  revertData;
+  revertFlags;
+  constructor(message, revertData, revertFlags) {
+    super(message);
+    this.name = "ContractDryRunRevertError";
+    this.revertData = revertData;
+    this.revertFlags = revertFlags;
+  }
+};
+function decodePublisherRevert(source) {
+  const data = typeof source === "string" ? source : source?.revertData;
+  if (!data || data.length < 10) return null;
+  try {
+    const decoded = decodeErrorResult({ abi: PUBLISHER_ABI, data });
+    return { name: decoded.errorName, args: decoded.args };
+  } catch {
+    return null;
+  }
+}
+function convertToHexString(value) {
+  if (!value) return "0x";
+  if (value instanceof Uint8Array) return bytesToHex(value);
+  if (typeof value === "string" && isHex(value)) return value;
+  try {
+    return toHex(value);
+  } catch {
+    return "0x";
+  }
+}
+function convertToBigInt(value, fallback = 0n) {
+  try {
+    if (typeof value === "bigint") return value;
+    if (typeof value === "number") return BigInt(value);
+    if (typeof value === "string") return BigInt(value);
+    if (value && typeof value.toString === "function") return BigInt(value.toString());
+    return fallback;
+  } catch {
+    return fallback;
+  }
+}
+function normalizeWeight(weight) {
+  const referenceTime = weight?.ref_time ?? weight?.refTime ?? 0;
+  const proofSize = weight?.proof_size ?? weight?.proofSize ?? 0;
+  return { referenceTime: convertToBigInt(referenceTime, 0n), proofSize: convertToBigInt(proofSize, 0n) };
+}
+function extractStorageDepositCharge(rawStorageDeposit) {
+  if (!rawStorageDeposit) return 0n;
+  if (typeof rawStorageDeposit?.isCharge === "boolean") {
+    if (rawStorageDeposit.isCharge && rawStorageDeposit.asCharge != null) return convertToBigInt(rawStorageDeposit.asCharge, 0n);
+    return 0n;
+  }
+  if (rawStorageDeposit.charge != null) return convertToBigInt(rawStorageDeposit.charge, 0n);
+  if (rawStorageDeposit.Charge != null) return convertToBigInt(rawStorageDeposit.Charge, 0n);
+  if (rawStorageDeposit.value != null) return convertToBigInt(rawStorageDeposit.value, 0n);
+  return 0n;
+}
+function dotnsContractName(address, contracts = CONTRACTS) {
+  const normalized = address.toLowerCase();
+  for (const [name, contractAddress] of Object.entries({ ...CONTRACTS, ...contracts })) {
+    if (contractAddress.toLowerCase() === normalized) return name;
+  }
+  return "unknown";
+}
+function stringifyDebugValue(value) {
+  return JSON.stringify(value, (_key, nested) => typeof nested === "bigint" ? nested.toString() : nested);
+}
+function dotnsTxDebugEnabled() {
+  return process.env.BULLETIN_DEPLOY_DOTNS_DEBUG === "1" || process.env.DOTNS_DEBUG === "1";
+}
+function formatWeight(weight) {
+  if (!weight) return "unknown";
+  return `ref_time=${weight.referenceTime.toString()} proof_size=${weight.proofSize.toString()}`;
+}
+var BARE_REVERT_DIAGNOSTIC_FUNCTIONS = /* @__PURE__ */ new Set(["register", "commit", "setContenthash", "setSubnodeOwner", "setResolver"]);
+function formatContractDryRunFailure(gasEstimate, context) {
+  const functionName = context.functionName ?? "unknown";
+  const contractName = dotnsContractName(context.contractAddress, context.contracts);
+  const lines = [
+    `Contract execution would revert during ${functionName} on ${contractName}`,
+    `  contract: ${context.contractAddress}`,
+    `  signer: ${context.signerSubstrateAddress}${context.signerEvmAddress ? ` (${context.signerEvmAddress})` : ""}`,
+    `  value: ${context.value.toString()}`,
+    `  revert: flags=${gasEstimate.revertFlags?.toString() ?? "unknown"} data=${gasEstimate.revertData ?? "0x"}`,
+    `  gasRequired: ${formatWeight(gasEstimate.gasRequired)}`,
+    `  gasConsumed: ${formatWeight(gasEstimate.gasConsumed)}`,
+    `  storageDeposit: ${gasEstimate.storageDeposit?.toString() ?? "unknown"}`
+  ];
+  if (dotnsTxDebugEnabled()) {
+    lines.push(`  calldata: ${context.encodedData}`);
+    if (context.args) lines.push(`  args: ${stringifyDebugValue(context.args)}`);
+  }
+  const revertData = gasEstimate.revertData;
+  const isBareRevert = (revertData === void 0 || revertData.trim() === "0x") && gasEstimate.revertFlags === 1n;
+  if (isBareRevert && BARE_REVERT_DIAGNOSTIC_FUNCTIONS.has(functionName)) {
+    if (functionName === "register") {
+      lines.push(
+        `  diagnostic: bare-revert (empty 0x) during register. Most likely cause: insufficient signer balance for storage deposit.`,
+        `    A fresh TLD register() requires sufficient free balance to cover the chain's storage deposit (typically 200+ PAS).`,
+        `    Other possible causes:`,
+        `    1. PoP status changed between preflight and registration (race condition).`,
+        `    2. Commitment timing: the revealed commitment is still too new or already expired.`,
+        `    3. Label was registered by someone else between preflight and register.`,
+        `  To reproduce in isolation: \`node tools/dotns-dry-run.mjs <label>\``,
+        `  To rule out a mapping issue: add --fresh (a brand-new unmapped origin) \u2014 if --fresh reverts but the mapped one doesn't, it's a mapping bug.`
+      );
+    } else {
+      lines.push(
+        `  diagnostic: bare-revert (empty 0x). Account mapping was verified at connect time, so the cause is likely:`,
+        `    1. PoP status changed between preflight and registration (race condition).`,
+        `    2. Commitment timing: the revealed commitment is still too new or already expired.`,
+        `    3. Label was registered by someone else between preflight and register.`,
+        `  To reproduce in isolation: \`node tools/dotns-dry-run.mjs <label>\``,
+        `  To rule out a mapping issue: add --fresh (a brand-new unmapped origin) \u2014 if --fresh reverts but the mapped one doesn't, it's a mapping bug.`
+      );
+    }
+  }
+  return lines.join("\n");
+}
+function __formatContractDryRunFailureForTest(gasEstimate, context) {
+  return formatContractDryRunFailure(gasEstimate, context);
+}
+function unwrapExecutionResult(rawResult) {
+  if (!rawResult) return { ok: null, err: null, successFlag: null };
+  if (typeof rawResult.success === "boolean") {
+    return rawResult.success ? { ok: rawResult.value ?? null, err: null, successFlag: true } : { ok: null, err: rawResult.error ?? rawResult.value ?? null, successFlag: false };
+  }
+  if (typeof rawResult.isOk === "boolean") {
+    return rawResult.isOk ? { ok: rawResult.value ?? null, err: null, successFlag: true } : { ok: null, err: rawResult.value ?? null, successFlag: false };
+  }
+  if (rawResult.ok != null) return { ok: rawResult.ok, err: null, successFlag: true };
+  if (rawResult.err != null) return { ok: null, err: rawResult.err, successFlag: false };
+  return { ok: null, err: rawResult, successFlag: null };
+}
+function withTimeout(promise, timeoutMs, operationName) {
+  let timer;
+  const timeoutPromise = new Promise((_, reject) => {
+    timer = setTimeout(() => reject(new Error(`${operationName} timed out after ${timeoutMs}ms`)), timeoutMs);
+  });
+  return Promise.race([promise, timeoutPromise]).finally(() => clearTimeout(timer));
+}
+var DOT_NODE = "0x3fce7d1364a893e213bc4212792b517ffc88f5b13b86c8ef9c8d390c3a1370ce";
+function convertWeiToNative(weiValue) {
+  return weiValue / NATIVE_TO_ETH_RATIO;
+}
+function computeDomainTokenId(label) {
+  const labelhash = keccak256(toBytes(label));
+  const node = keccak256(concatHex([DOT_NODE, labelhash]));
+  return BigInt(node);
+}
+function countTrailingDigits(label) {
+  let count = 0;
+  for (let i = label.length - 1; i >= 0; i--) {
+    const code = label.charCodeAt(i);
+    if (code >= 48 && code <= 57) count++;
+    else break;
+  }
+  return count;
+}
+function stripTrailingDigits(label) {
+  return label.replace(/\d+$/, "").replace(/-$/, "");
+}
+function sanitizeDomainLabel(label) {
+  const trailingDigitCount = countTrailingDigits(label);
+  if (trailingDigitCount > 2) {
+    const sanitized = stripTrailingDigits(label) + label.slice(-2);
+    console.log(`   Domain label sanitized: "${label}" \u2192 "${sanitized}" (stripped excess trailing digits)`);
+    return sanitized;
+  }
+  return label;
+}
+function validateDomainLabel(label, opts = {}) {
+  if (!/^[a-z0-9-]{3,}$/.test(label)) throw new Error("Invalid domain label: must contain only lowercase letters, digits, and hyphens, min 3 chars");
+  if (label.startsWith("-") || label.endsWith("-")) throw new Error("Invalid domain label: cannot start or end with hyphen");
+  const sanitized = sanitizeDomainLabel(label);
+  if (/-\d+$/.test(sanitized)) {
+    const baseWithHyphen = sanitized.replace(/\d+$/, "");
+    const dropHyphen = sanitized.replace(/-(\d+)$/, "$1");
+    const insertSegment = sanitized.replace(/-(\d+)$/, "-pr$1");
+    throw new Error(
+      `Invalid domain label: "${sanitized}" \u2014 dotns base-name extraction leaves a trailing hyphen ("${baseWithHyphen}"), which the registry rejects with PopError("Name must be lowercase ASCII DNS label"). Drop the hyphen before the digits (e.g. "${dropHyphen}") or add a non-digit segment between (e.g. "${insertSegment}").`
+    );
+  }
+  if (opts.checkReserved !== false) {
+    const classification = classifyDotnsLabel(sanitized);
+    if (classification.status === ProofOfPersonhoodStatus.Reserved) {
+      const sanitizeTrail = label !== sanitized ? `Input "${label}" was sanitized to "${sanitized}" (excess trailing digits trimmed). ` : "";
+      throw new NonRetryableError(
+        `${sanitizeTrail}Invalid domain label "${sanitized}": ${classification.message}`
+      );
+    }
+  }
+  return sanitized;
+}
+function isCommitmentMature(chainNowSeconds, commitTimestampSeconds, minimumAgeSeconds) {
+  return chainNowSeconds > commitTimestampSeconds + minimumAgeSeconds;
+}
+function isCommitmentTimingBarerevert(msg) {
+  return /bare-revert.*\(empty 0x\)/i.test(msg) || /commitment.*too new.*expired/i.test(msg) || /expired.*commitment/i.test(msg);
+}
+function classifyDotnsLabel(label) {
+  const totalLength = label.length;
+  const trailingDigits = countTrailingDigits(label);
+  if (trailingDigits > 2) {
+    return {
+      status: ProofOfPersonhoodStatus.Reserved,
+      message: `Name has ${trailingDigits} trailing digits; DotNS allows at most 2 trailing digits. Use a base name with 0-2 trailing digits.`
+    };
+  }
+  const baselength = totalLength - trailingDigits;
+  if (baselength <= 5) {
+    return {
+      status: ProofOfPersonhoodStatus.Reserved,
+      message: `Base name is ${baselength} char${baselength === 1 ? "" : "s"}; DotNS reserves base names of 5 chars or fewer for governance (PopRules). Use a base name of 6+ chars \u2014 role prefixes like 'rc<N>pool' / 'rc<N>dir' / 'nightly-<role>' work well.`
+    };
+  }
+  if (baselength >= 6 && baselength <= 8) {
+    if (trailingDigits === 2) return { status: ProofOfPersonhoodStatus.ProofOfPersonhoodLite, message: "Requires Light personhood verification" };
+    return { status: ProofOfPersonhoodStatus.ProofOfPersonhoodFull, message: "Requires Full personhood verification" };
+  }
+  if (trailingDigits === 2) return { status: ProofOfPersonhoodStatus.NoStatus, message: "Available to all" };
+  return { status: ProofOfPersonhoodStatus.ProofOfPersonhoodFull, message: "Requires Full personhood verification" };
+}
+function canRegister(requiredStatus, userStatus, trailingDigits) {
+  if (requiredStatus === ProofOfPersonhoodStatus.Reserved) return false;
+  if (requiredStatus === ProofOfPersonhoodStatus.ProofOfPersonhoodFull) {
+    return userStatus === ProofOfPersonhoodStatus.ProofOfPersonhoodFull;
+  }
+  if (requiredStatus === ProofOfPersonhoodStatus.ProofOfPersonhoodLite) {
+    return userStatus === ProofOfPersonhoodStatus.ProofOfPersonhoodLite || userStatus === ProofOfPersonhoodStatus.ProofOfPersonhoodFull;
+  }
+  return trailingDigits !== 0 && userStatus !== ProofOfPersonhoodStatus.ProofOfPersonhoodLite;
+}
+function exampleNoStatusLabel(label) {
+  const base = stripTrailingDigits(validateDomainLabel(label, { checkReserved: false })).replace(/[^a-z0-9-]/g, "x");
+  return `${base.padEnd(9, "x").slice(0, 9)}00.dot`;
+}
+function parseDomainName(input) {
+  const name = input.replace(/\.dot$/, "");
+  const parts = name.split(".");
+  if (parts.length === 1) {
+    const sanitized = validateDomainLabel(parts[0]);
+    return { isSubdomain: false, label: sanitized, sublabel: null, parentLabel: null, fullName: `${sanitized}.dot` };
+  }
+  if (parts.length === 2) {
+    const sanitizedSub = validateDomainLabel(parts[0], { checkReserved: false });
+    const sanitizedParent = validateDomainLabel(parts[1]);
+    const fullLabel = `${sanitizedSub}.${sanitizedParent}`;
+    return { isSubdomain: true, label: fullLabel, sublabel: sanitizedSub, parentLabel: sanitizedParent, fullName: `${fullLabel}.dot` };
+  }
+  throw new Error(`Invalid domain: only one level of subdomains supported (got ${parts.length} labels)`);
+}
+function parseProofOfPersonhoodStatus(status) {
+  const s = (status ?? "none").toLowerCase();
+  if (s === "none" || s === "nostatus") return ProofOfPersonhoodStatus.NoStatus;
+  if (s === "lite" || s === "poplite") return ProofOfPersonhoodStatus.ProofOfPersonhoodLite;
+  if (s === "full" || s === "popfull") return ProofOfPersonhoodStatus.ProofOfPersonhoodFull;
+  throw new Error("Invalid status. Use none, lite, or full");
+}
+function popStatusName(status) {
+  return Object.keys(ProofOfPersonhoodStatus).find((k) => ProofOfPersonhoodStatus[k] === status) ?? String(status);
+}
+function normalizeProofOfPersonhoodStatus(status) {
+  if (typeof status === "number") return status;
+  if (typeof status === "bigint") return Number(status);
+  if (typeof status === "string") return Number(status);
+  throw new Error(`Unexpected ProofOfPersonhoodStatus type: ${typeof status}`);
+}
+function parsePersonhoodStatusResult(result) {
+  const status = Array.isArray(result) ? result[0]?.status ?? result[0] : result?.status;
+  return normalizeProofOfPersonhoodStatus(status);
+}
+var ReviveClientWrapper = class _ReviveClientWrapper {
+  static DRY_RUN_STORAGE_LIMIT = 18446744073709551615n;
+  static DRY_RUN_WEIGHT_LIMIT = { ref_time: 18446744073709551615n, proof_size: 18446744073709551615n };
+  client;
+  mappedAccounts;
+  constructor(client) {
+    this.client = client;
+    this.mappedAccounts = /* @__PURE__ */ new Set();
+  }
+  async getEvmAddress(substrateAddress) {
+    if (isAddress(substrateAddress)) return substrateAddress;
+    const address = await this.client.apis.ReviveApi.address(substrateAddress);
+    return convertToHexString(address);
+  }
+  async performDryRunCall(originSubstrateAddress, contractAddress, value, encodedData) {
+    if (isAddress(originSubstrateAddress)) throw new Error("performDryRunCall requires SS58 Substrate address, not EVM H160 address");
+    const executionResults = await this.client.apis.ReviveApi.call(originSubstrateAddress, contractAddress, value, _ReviveClientWrapper.DRY_RUN_WEIGHT_LIMIT, _ReviveClientWrapper.DRY_RUN_STORAGE_LIMIT, Binary.fromHex(encodedData));
+    const { ok, err, successFlag } = unwrapExecutionResult(executionResults.result);
+    const flags = ok?.flags ? convertToBigInt(ok.flags, 0n) : 0n;
+    const returnData = convertToHexString(ok?.data);
+    const didRevert = ok ? (flags & 1n) === 1n : true;
+    const gasConsumed = normalizeWeight(executionResults.weight_consumed);
+    const gasRequired = normalizeWeight(executionResults.weight_required ?? executionResults.weight_consumed);
+    const storageDepositValue = extractStorageDepositCharge(executionResults.storage_deposit);
+    const isOk = !!ok && !didRevert;
+    const isErr = !ok || didRevert || !!err || (typeof successFlag === "boolean" ? !successFlag : false);
+    return { gasConsumed, gasRequired, storageDeposit: { value: storageDepositValue }, result: { isOk, isErr, value: { data: ok ? returnData : "0x", flags: ok ? flags : 1n } } };
+  }
+  async estimateGasForCall(originSubstrateAddress, contractAddress, value, encodedData) {
+    const result = await this.performDryRunCall(originSubstrateAddress, contractAddress, value, encodedData);
+    if (!result.result.isOk) return { success: false, gasConsumed: result.gasConsumed, storageDeposit: result.storageDeposit.value, gasRequired: result.gasRequired, revertData: result.result.value.data, revertFlags: result.result.value.flags };
+    return { success: true, gasConsumed: result.gasConsumed, storageDeposit: result.storageDeposit.value, gasRequired: result.gasRequired };
+  }
+  async checkIfAccountMapped(substrateAddress) {
+    try {
+      const evmAddress = await this.getEvmAddress(substrateAddress);
+      const mappedAccount = await this.client.query.Revive.OriginalAccount.getValue(evmAddress);
+      return mappedAccount !== null && mappedAccount !== void 0;
+    } catch {
+      return false;
+    }
+  }
+  async ensureAccountMapped(substrateAddress, signer) {
+    if (isAddress(substrateAddress)) throw new Error("ensureAccountMapped requires SS58 Substrate address, not EVM H160 address");
+    if (this.mappedAccounts.has(substrateAddress)) return;
+    const isMapped = await this.checkIfAccountMapped(substrateAddress);
+    if (isMapped) {
+      this.mappedAccounts.add(substrateAddress);
+      return;
+    }
+    try {
+      await this.signAndSubmitWithRetry(() => this.client.tx.Revive.map_account(), signer, () => {
+      }, "Revive.map_account");
+      this.mappedAccounts.add(substrateAddress);
+    } catch (error) {
+      const errorMessage = error?.message || String(error);
+      if (errorMessage.includes("AccountAlreadyMapped")) {
+        this.mappedAccounts.add(substrateAddress);
+        return;
+      }
+      throw error;
+    }
+  }
+  signAndSubmitExtrinsic(extrinsic, signer, statusCallback, opts = {}) {
+    return new Promise((resolve, reject) => {
+      let settled = false;
+      let deadlinePoller = null;
+      let sub;
+      const finish = (fn) => (...args) => {
+        if (!settled) {
+          settled = true;
+          if (deadlinePoller) clearTimeout(deadlinePoller);
+          try {
+            sub?.unsubscribe();
+          } catch {
+          }
+          fn(...args);
+        }
+      };
+      const startWallClockMs = Date.now();
+      let startChainTimeMs = null;
+      const poll = async () => {
+        if (settled) return;
+        try {
+          if (opts.nonceFallback) {
+            const nonce = await verifyNonceAdvanced(opts.nonceFallback.rpcs, opts.nonceFallback.senderSS58, opts.nonceFallback.expectedNonce);
+            if (nonce.advanced) {
+              if (opts.verifyEffect) {
+                statusCallback("verifying");
+                const observed = await opts.verifyEffect();
+                if (!observed) {
+                  statusCallback("failed");
+                  finish(reject)(new Error(`nonce-advance fallback: nonce moved past ${opts.nonceFallback.expectedNonce} but expected on-chain effect not observable (likely a different tx of ours consumed the nonce, or our tx was reorged out)`));
+                  return;
+                }
+              }
+              statusCallback("included");
+              finish(resolve)({ kind: "nonce-advanced", rpc: nonce.witnessRpc });
+              return;
+            }
+          }
+          if (Date.now() - startWallClockMs > TX_WALL_CLOCK_CEILING_MS) {
+            statusCallback("failed");
+            finish(reject)(new Error(`Transaction did not settle within ${TX_WALL_CLOCK_CEILING_MS / 1e3}s wall-clock (chain may be stalled)`));
+            return;
+          }
+          const chainNowMs = Number(await this.client.query.Timestamp.Now.getValue());
+          if (startChainTimeMs === null) startChainTimeMs = chainNowMs;
+          const chainElapsedMs = chainNowMs - startChainTimeMs;
+          if (chainElapsedMs > TX_CHAIN_TIME_BUDGET_MS) {
+            statusCallback("failed");
+            finish(reject)(new Error(`Transaction not included after ${Math.floor(chainElapsedMs / 1e3)}s of chain progress (budget=${TX_CHAIN_TIME_BUDGET_MS / 1e3}s)`));
+            return;
+          }
+        } catch {
+        }
+        if (!settled) deadlinePoller = setTimeout(poll, 6e3);
+      };
+      deadlinePoller = setTimeout(poll, 6e3);
+      try {
+        sub = extrinsic.signSubmitAndWatch(signer, { mortality: { mortal: true, period: 256 } }).subscribe({
+          next: (event) => {
+            const transactionHash = event.txHash?.toString();
+            switch (event.type) {
+              case "signed":
+                statusCallback("signing");
+                break;
+              case "broadcasted":
+                statusCallback("broadcasting");
+                break;
+              case "txBestBlocksState":
+                if (event.found) statusCallback("included");
+                break;
+              case "finalized": {
+                if (event.dispatchError || event.ok === false) {
+                  statusCallback("failed");
+                  finish(reject)(new Error(`Transaction failed: ${event.dispatchError?.toString?.() ?? "dispatch error"}`));
+                  return;
+                }
+                const block = event.block ? { hash: String(event.block.hash), number: Number(event.block.number) } : void 0;
+                statusCallback("finalized");
+                finish(resolve)({ kind: "hash", hash: transactionHash, block });
+                return;
+              }
+              case "invalid":
+              case "dropped":
+                statusCallback("failed");
+                finish(reject)(new Error(`Transaction ${event.type}`));
+                return;
+            }
+          },
+          error: (error) => {
+            statusCallback("failed");
+            finish(reject)(error);
+          },
+          complete: () => {
+            if (settled) return;
+            statusCallback("failed");
+            finish(reject)(new Error("transaction subscription closed before finalization"));
+          }
+        });
+      } catch (error) {
+        statusCallback("failed");
+        finish(reject)(error);
+      }
+    });
+  }
+  async signAndSubmitWithRetry(buildExtrinsic, signer, statusCallback, label, opts = {}) {
+    let lastError;
+    for (let attempt = 1; attempt <= DOTNS_TX_MAX_ATTEMPTS; attempt++) {
+      try {
+        return await this.signAndSubmitExtrinsic(buildExtrinsic(), signer, statusCallback, opts);
+      } catch (e) {
+        lastError = e;
+        const decision = classifyTxRetryDecision(e);
+        if (decision === "abort" || attempt === DOTNS_TX_MAX_ATTEMPTS) break;
+        const short = (e?.message ?? String(e)).slice(0, 80);
+        console.log(`   ${label}: attempt ${attempt}/${DOTNS_TX_MAX_ATTEMPTS} failed (${short}), retrying...`);
+      }
+    }
+    throw lastError instanceof Error ? lastError : new Error(String(lastError));
+  }
+  // Dry-runs one Revive.call and returns the chain-side limits the live
+  // submission should use. Throws a formatted error when the call would
+  // revert. Shared between single-tx submitTransaction and the batched
+  // submitBatchedTransactions so they cannot drift.
+  async dryRunReviveCall(contractAddress, value, encodedData, signerSubstrateAddress, context) {
+    const gasEstimate = await this.estimateGasForCall(signerSubstrateAddress, contractAddress, value, encodedData);
+    if (!gasEstimate.success) {
+      const signerEvmAddress = await this.getEvmAddress(signerSubstrateAddress);
+      const msg = formatContractDryRunFailure(gasEstimate, {
+        contractAddress,
+        functionName: context.functionName,
+        signerSubstrateAddress,
+        signerEvmAddress,
+        value,
+        encodedData,
+        args: context.args,
+        contracts: context.contracts
+      });
+      throw new ContractDryRunRevertError(msg, gasEstimate.revertData ?? "0x", gasEstimate.revertFlags ?? 0n);
+    }
+    const minimumStorageDeposit = 2000000000000n;
+    let storageDepositLimit = gasEstimate.storageDeposit === 0n ? minimumStorageDeposit : gasEstimate.storageDeposit * 120n / 100n;
+    if (storageDepositLimit < minimumStorageDeposit) storageDepositLimit = minimumStorageDeposit;
+    return {
+      weight_limit: { ref_time: gasEstimate.gasRequired.referenceTime, proof_size: gasEstimate.gasRequired.proofSize },
+      storage_deposit_limit: storageDepositLimit
+    };
+  }
+  async submitTransaction(contractAddress, value, encodedData, signerSubstrateAddress, signer, statusCallback, { rpcs, useNoncePolling, functionName, args, contracts, verifyEffect }) {
+    await this.ensureAccountMapped(signerSubstrateAddress, signer);
+    if (functionName === "register") {
+      try {
+        const stillMapped = await this.checkIfAccountMapped(signerSubstrateAddress);
+        if (!stillMapped) {
+          captureWarning("account mapping not confirmed on-chain immediately before register dry-run", {
+            signer: signerSubstrateAddress
+          });
+        }
+      } catch {
+      }
+    }
+    const prep = await this.dryRunReviveCall(contractAddress, value, encodedData, signerSubstrateAddress, { functionName, args, contracts });
+    const buildExtrinsic = () => this.client.tx.Revive.call({ dest: contractAddress, value, weight_limit: prep.weight_limit, storage_deposit_limit: prep.storage_deposit_limit, data: Binary.fromHex(encodedData) });
+    let nonceFallback;
+    if (useNoncePolling) {
+      try {
+        const nonce = await fetchNonce(rpcs, signerSubstrateAddress);
+        nonceFallback = { rpcs, senderSS58: signerSubstrateAddress, expectedNonce: nonce };
+      } catch {
+      }
+    }
+    return await this.signAndSubmitWithRetry(buildExtrinsic, signer, statusCallback, "Revive.call", { nonceFallback, verifyEffect });
+  }
+  // Dry-runs each call individually, then wraps them in a single
+  // Utility.batch_all extrinsic. batch_all is atomic over inner calls — only
+  // batch operations whose rollback-together is acceptable (e.g. cosmetic
+  // setText writes).
+  async submitBatchedTransactions(calls, signerSubstrateAddress, signer, statusCallback) {
+    if (calls.length === 0) throw new Error("submitBatchedTransactions: at least one call required");
+    await this.ensureAccountMapped(signerSubstrateAddress, signer);
+    const preps = await Promise.all(calls.map((c) => this.dryRunReviveCall(c.contractAddress, c.value, c.encodedData, signerSubstrateAddress, { functionName: c.functionName, args: c.args })));
+    const buildExtrinsic = () => {
+      const inners = calls.map((c, i) => this.client.tx.Revive.call({
+        dest: c.contractAddress,
+        value: c.value,
+        weight_limit: preps[i].weight_limit,
+        storage_deposit_limit: preps[i].storage_deposit_limit,
+        data: Binary.fromHex(c.encodedData)
+      }).decodedCall);
+      return this.client.tx.Utility.batch_all({ calls: inners });
+    };
+    return await this.signAndSubmitWithRetry(buildExtrinsic, signer, statusCallback, "Utility.batch_all");
+  }
+};
+function logTxResolution(res) {
+  setDeployAttribute(ATTR_TX_RESOLUTION_KIND, res.kind);
+  if (res.kind === TX_KIND_HASH) {
+    console.log(`   Tx: ${res.hash}`);
+  } else {
+    let rpcHost = res.rpc;
+    try {
+      rpcHost = new URL(res.rpc).host;
+    } catch {
+    }
+    console.log(`   Tx: confirmed via nonce-advance on ${rpcHost}`);
+  }
+}
+var DOTNS_CONTEXT_HEX_LOWER = "0x646f746e73000000000000000000000000000000000000000000000000000000";
+function formatPersonhoodRemediation(state, popSelfServe, environmentId) {
+  if (!popSelfServe?.stateAwareGuidance) {
+    return "Self-attestation is no longer available. Contact the DotNS team for whitelisting / Personhood status help.";
+  }
+  switch (state.state) {
+    case "not-bound":
+      return `Your account has no DotNS alias binding on ${environmentId ?? "this environment"}. On testnets you can self-serve:
+  1. Fund the service account mnemonic via ${popSelfServe.faucetUrl}
+  2. Go to ${popSelfServe.personhoodFaucetUrl}, pick your env (e.g. ${popSelfServe.sudoEnvLabel}), and paste the mnemonic
+  3. Go to ${popSelfServe.dotnsBootstrapUrl} and follow each step (first and last can probably be skipped)`;
+    case "bound-likely-stale":
+      return `Your alias binding exists but may have a stale ring revision. Run \`node tools/reprove-alias.mjs --mnemonic <your-mnemonic> --env ${environmentId ?? "this environment"}\` to refresh the proof, then retry the registration.`;
+    case "wrong-context":
+      return "Your alias binding exists but is for a different application context" + (state.storedContextHex ? ` (context: ${state.storedContextHex})` : "") + ". Re-bind under the 'dotns' context using the bootstrap flow: " + popSelfServe.dotnsBootstrapUrl;
+    case "bound-fresh":
+      return "Self-attestation is no longer available. Contact the DotNS team for whitelisting / Personhood status help.";
+  }
+}
+function formatPopShortfallReason(opts) {
+  const { label, requiredName, currentName, isTestnet, environmentId, popSelfServe, aliasState, exampleNoStatusLabel: noStatusEx } = opts;
+  const leadIn = `${label}.dot requires ${requiredName}, but this signer is ${currentName}.`;
+  let testnetBlock = "";
+  if (isTestnet && popSelfServe != null) {
+    if (popSelfServe.stateAwareGuidance) {
+      const state = aliasState ?? { state: "not-bound" };
+      testnetBlock = "\n\n" + formatPersonhoodRemediation(state, popSelfServe, environmentId);
+    } else {
+      testnetBlock = `
+
+On testnets you can self-serve:
+  1. Fund the service account mnemonic via ${popSelfServe.faucetUrl}
+  2. Go to ${popSelfServe.personhoodFaucetUrl}, pick your env (e.g. ${popSelfServe.sudoEnvLabel}), and paste the mnemonic
+  3. Go to ${popSelfServe.dotnsBootstrapUrl} and follow each step (first and last can probably be skipped)`;
+    }
+  }
+  const alternativesBlock = `
+
+Alternatively:
+  - Use a NoStatus-compatible label (base length >= 9 with exactly two trailing digits, e.g. ${noStatusEx})
+  - Raise a whitelist issue at https://github.com/paritytech/dotns/`;
+  return leadIn + testnetBlock + alternativesBlock;
+}
+var DotNS = class {
+  client;
+  clientWrapper;
+  rpc;
+  substrateAddress;
+  evmAddress;
+  signer;
+  connected;
+  // Per-instance failover list. Populated from options.assetHubEndpoints when
+  // bulletin-deploy resolves the asset-hub list via environments.json; falls
+  // back to the legacy paseo-only RPC_ENDPOINTS for direct library callers.
+  assetHubEndpoints;
+  _usesExternalSigner = false;
+  _localMnemonic = null;
+  _contracts = CONTRACTS;
+  _nativeToEthRatio = NATIVE_TO_ETH_RATIO;
+  _environmentId = null;
+  _popSelfServe = null;
+  _registerStorageDeposit = MINIMUM_REGISTER_STORAGE_DEPOSIT;
+  // Test-only seam: consumed once by classifyAliasAccountState() then cleared.
+  // Mirrors the __setDeployRootSpanForTest / __setSentryForTest pattern.
+  _classifyOverrideForTest = null;
+  /** Test-only: inject a fixed classifyAliasAccountState return value for the next call. Consumed once. */
+  __setClassifyOverrideForTest(state) {
+    this._classifyOverrideForTest = { state, revision: 0 };
+  }
+  // Test-only seam: consumed once by getUserPopStatus() then cleared.
+  _userPopStatusOverrideForTest = null;
+  /** Test-only: inject a fixed getUserPopStatus return value for the next call. Consumed once. */
+  __setUserPopStatusForTest(status) {
+    this._userPopStatusOverrideForTest = status;
+  }
+  // Test-only seam: fallback result for reprove() when the real call throws "not strictly
+  // greater than stored" (account already at latest revision). Any other error propagates.
+  _reproveFallbackForTest = null;
+  /** Test-only: register a fallback reprove result used only if the real reprove() throws "not strictly greater than stored". Consumed once. */
+  __setReproveFallbackForTest(result) {
+    this._reproveFallbackForTest = result;
+  }
+  constructor() {
+    this.client = null;
+    this.clientWrapper = null;
+    this.rpc = null;
+    this.substrateAddress = null;
+    this.evmAddress = null;
+    this.signer = null;
+    this.connected = false;
+    this.assetHubEndpoints = RPC_ENDPOINTS;
+  }
+  async connect(options = {}) {
+    if (options.assetHubEndpoints && options.assetHubEndpoints.length > 0) {
+      this.assetHubEndpoints = options.assetHubEndpoints;
+    }
+    if (options.contracts && Object.keys(options.contracts).length > 0) {
+      validateContractAddresses(options.contracts, options.environmentId ?? "unknown");
+      this._contracts = { ...CONTRACTS, ...options.contracts };
+    }
+    if (options.environmentId) {
+      this._environmentId = options.environmentId;
+    }
+    if (options.popSelfServe !== void 0) {
+      this._popSelfServe = options.popSelfServe ?? null;
+    }
+    if (options.registerStorageDeposit !== void 0) {
+      this._registerStorageDeposit = options.registerStorageDeposit;
+    }
+    const rpc = options.rpc || process.env.DOTNS_RPC || this.assetHubEndpoints[0];
+    this.rpc = rpc;
+    this._usesExternalSigner = Boolean(options.signer && options.signerAddress);
+    if (this._usesExternalSigner) {
+      this.signer = options.signer;
+      this.substrateAddress = options.signerAddress;
+    } else {
+      const mnemonicArg = options.mnemonic || process.env.DOTNS_MNEMONIC || process.env.MNEMONIC;
+      const keyUriArg = options.keyUri || process.env.DOTNS_KEY_URI;
+      let source = keyUriArg || mnemonicArg || DEFAULT_MNEMONIC;
+      const isKeyUri = Boolean(keyUriArg);
+      if (!isKeyUri && !options.derivationPath) {
+        this._localMnemonic = mnemonicArg || DEFAULT_MNEMONIC;
+      }
+      if (options.derivationPath && !isKeyUri && source) {
+        source = `${source}${options.derivationPath}`;
+      }
+      await cryptoWaitReady();
+      const keyring = new Keyring({ type: "sr25519" });
+      const account = isKeyUri || options.derivationPath ? keyring.addFromUri(source) : keyring.addFromMnemonic(source);
+      this.signer = getPolkadotSigner(account.publicKey, "Sr25519", async (input) => account.sign(input));
+      this.substrateAddress = account.address;
+    }
+    console.log(`   SS58 Address: ${this.substrateAddress}`);
+    setDeployAttribute("deploy.dotns.signer", truncateAddress(this.substrateAddress));
+    setDeploySentryTag("deploy.dotns.signer", truncateAddress(this.substrateAddress));
+    return withSpan("deploy.dotns.connect", "dotns connect", {}, async () => {
+      try {
+        this.client = createClient(getWsProvider(rpc, { heartbeatTimeout: WS_HEARTBEAT_TIMEOUT_MS }));
+        const unsafeApi = this.client.getUnsafeApi();
+        this.clientWrapper = new ReviveClientWrapper(unsafeApi);
+        this.evmAddress = await withTimeout(
+          this.clientWrapper.getEvmAddress(this.substrateAddress),
+          CONNECTION_TIMEOUT_MS,
+          "ReviveApi.address"
+        );
+        console.log(`   H160 Address: ${this.evmAddress}`);
+      } catch (e) {
+        throw new Error(`DotNS connect: failed to resolve EVM address from ${this.substrateAddress} via ReviveApi.address (${e.message?.slice(0, 200)})`);
+      }
+      setDeployAttribute("deploy.dotns.rpc_used", rpc);
+      setDeployAttribute("deploy.dotns.evm_address", this.evmAddress);
+      this.connected = true;
+      if (options.nativeToEthRatio) this._nativeToEthRatio = options.nativeToEthRatio;
+      try {
+        await this.ensureMappedAccountReady(options.autoAccountMapping ?? false);
+      } catch (e) {
+        this.connected = false;
+        throw e;
+      }
+      return this;
+    });
+  }
+  async ensureMappedAccountReady(autoAccountMapping = false) {
+    this.ensureConnected();
+    if (!this.clientWrapper || !this.substrateAddress || !this.signer) {
+      throw new Error("Account mapping unavailable before DotNS signer is initialized");
+    }
+    if (autoAccountMapping) {
+      setDeployAttribute("deploy.dotns.mapping_source", "auto-account-mapping");
+      await this.ensureAutoMappedAccountReady();
+      return;
+    }
+    if (await this.clientWrapper.checkIfAccountMapped(this.substrateAddress)) {
+      setDeployAttribute("deploy.dotns.mapping_source", "already-mapped");
+      console.log(`   Account: mapped`);
+      return;
+    }
+    console.log(`   Mapping account on Asset Hub Revive...`);
+    try {
+      await this.clientWrapper.ensureAccountMapped(this.substrateAddress, this.signer);
+    } catch (e) {
+      if (await this.clientWrapper.checkIfAccountMapped(this.substrateAddress)) {
+        setDeployAttribute("deploy.dotns.mapping_source", "direct-mapped");
+        console.log(`   Account: mapped`);
+        return;
+      }
+      captureWarning("explicit account mapping failed; falling back to Revive auto-map trigger", {
+        signer: this.substrateAddress,
+        error: e?.message?.slice?.(0, 200) ?? String(e).slice(0, 200)
+      });
+      setDeployAttribute("deploy.dotns.mapping_source", "auto-map-fallback");
+      await this.ensureAutoMappedAccountReady();
+      return;
+    }
+    setDeployAttribute("deploy.dotns.mapping_source", "direct-mapped");
+    console.log(`   Account: mapped`);
+  }
+  async ensureAutoMappedAccountReady() {
+    this.ensureConnected();
+    if (!this.clientWrapper || !this.substrateAddress || !this.signer) {
+      throw new Error("Account auto-mapping unavailable before DotNS signer is initialized");
+    }
+    if (await this.clientWrapper.checkIfAccountMapped(this.substrateAddress)) {
+      console.log(`   Account: auto-mapped (Revive.OriginalAccount confirmed)`);
+      return;
+    }
+    if (await this.isTestnet()) {
+      const free = await this.readFreeBalance(this.substrateAddress);
+      if (free < FEE_FLOOR_REGISTER) {
+        console.log(`   DotNS signer ${this.substrateAddress.slice(0, 8)}... balance ${fmtPas(free)} PAS before auto-map \u2014 attempting testnet auto top-up...`);
+        const toppedUp = await this.attemptTestnetTopUp(this.substrateAddress, TOP_UP_TARGET);
+        if (toppedUp) {
+          console.log(`   Topped up ${fmtPas(toppedUp.transferred)} PAS from ${toppedUp.source} for auto-map`);
+          setDeployAttribute("deploy.dotns.signer_below_floor", "true");
+          setDeployAttribute("deploy.dotns.toppedup", "true");
+          setDeployAttribute("deploy.dotns.toppedup_source", toppedUp.source);
+        }
+      }
+    }
+    if (!await this.clientWrapper.checkIfAccountMapped(this.substrateAddress)) {
+      try {
+        const cd = encodeFunctionData({ abi: DOTNS_REGISTRAR_CONTROLLER_ABI, functionName: "minCommitmentAge", args: [] });
+        await this.clientWrapper.signAndSubmitWithRetry(
+          () => this.clientWrapper.client.tx.Revive.call({
+            dest: this._contracts.DOTNS_REGISTRAR_CONTROLLER,
+            value: 0n,
+            weight_limit: { ref_time: 10000000000n, proof_size: 131072n },
+            storage_deposit_limit: 5000000000000n,
+            data: Binary.fromHex(cd)
+          }),
+          this.signer,
+          () => {
+          },
+          "auto-map trigger"
+        );
+      } catch (e) {
+        captureWarning("DotNS auto-map trigger failed", {
+          signer: this.substrateAddress,
+          error: e?.message?.slice?.(0, 200) ?? String(e).slice(0, 200)
+        });
+      }
+    }
+    if (!await this.clientWrapper.checkIfAccountMapped(this.substrateAddress)) {
+      throw new Error(`Account auto-mapping did not take effect on-chain for ${this.substrateAddress}. The signer needs enough testnet PAS to submit the Revive auto-map trigger before DotNS preflight can run. Top up at ${PASEO_FAUCET_URL} or fund Alice/Bob so auto-top-up can help.`);
+    }
+    console.log(`   Account: auto-mapped (Revive.OriginalAccount confirmed)`);
+  }
+  ensureConnected() {
+    if (!this.connected) throw new Error("Not connected. Call connect() first.");
+  }
+  // Returns true when the DotNS chain (Asset Hub) reports a testnet spec_name.
+  // Used to gate test-only behaviors like self-granting Full PoP on a Lite
+  // signer for a NoStatus label.
+  _testnetCache = null;
+  async isTestnet() {
+    if (this._testnetCache !== null) return this._testnetCache;
+    this.ensureConnected();
+    if (this.clientWrapper) {
+      try {
+        const version = await this.clientWrapper.client.constants.System.Version();
+        const raw = version?.spec_name ?? version?.specName;
+        const specName = typeof raw === "string" ? raw : raw?.asText?.() ?? String(raw ?? "");
+        this._testnetCache = isTestnetSpecName(specName);
+        return this._testnetCache;
+      } catch {
+      }
+    }
+    const rpc = this.rpc ?? "";
+    this._testnetCache = isTestnetSpecName(rpc) || rpc.includes("paseo") || rpc.includes("westend") || rpc.includes("rococo");
+    return this._testnetCache;
+  }
+  /**
+   * Classify the AliasAccounts state for a substrate address.
+   * Only called on paseo-next-v2 testnets inside the preflight's NoStatus branch.
+   * Returns "not-bound" if the chain is unreachable (safe fallback to generic advice).
+   */
+  async classifyAliasAccountState(ss58) {
+    if (this._classifyOverrideForTest !== null) {
+      const result = this._classifyOverrideForTest;
+      this._classifyOverrideForTest = null;
+      return result;
+    }
+    if (!this.clientWrapper) return { state: "not-bound" };
+    try {
+      const api = this.clientWrapper.client;
+      const row = await api.query.AliasAccounts.AccountToAlias.getValue(ss58, { at: "best" });
+      if (!row) return { state: "not-bound" };
+      const contextHex = typeof row.ca?.context === "string" ? row.ca.context.toLowerCase() : "";
+      const paid = Boolean(row.paid);
+      const revision = Number(row.revision ?? 0);
+      if (paid && contextHex === DOTNS_CONTEXT_HEX_LOWER) {
+        return { state: "bound-likely-stale", storedContextHex: contextHex, paid, revision };
+      }
+      if (!paid || contextHex !== DOTNS_CONTEXT_HEX_LOWER) {
+        return { state: "wrong-context", storedContextHex: contextHex, paid, revision };
+      }
+      return { state: "bound-fresh", storedContextHex: contextHex, paid, revision };
+    } catch {
+      return { state: "not-bound" };
+    }
+  }
+  // Free PAS balance for a substrate address on the connected DotNS chain.
+  // Used by preflight to gate the deploy on whether the signer can pay tx
+  // fees before the chunk upload runs. Returns 0n if the account doesn't
+  // exist on chain.
+  async readFreeBalance(ss58) {
+    this.ensureConnected();
+    if (!this.clientWrapper) throw new Error("readFreeBalance: polkadot-api client not available");
+    const acc = await this.clientWrapper.client.query.System.Account.getValue(ss58);
+    return BigInt(acc?.data?.free ?? 0n);
+  }
+  // Testnet-only: try to top the deploy signer up from the well-known dev
+  // phrase's Alice (root) or Bob (//Bob) account. Each candidate is read,
+  // skipped if it can't spare the transfer, and otherwise used to send
+  // `targetAmount` to `recipientSs58`. Returns the source label + amount on
+  // success, or null if neither candidate had the funds. The dev phrase is
+  // hardcoded on purpose — this only fires on testnet (gated by caller) and
+  // runs against accounts every Substrate-Polkadot tester can fund.
+  async attemptTestnetTopUp(recipientSs58, targetAmount) {
+    this.ensureConnected();
+    if (!this.clientWrapper) throw new Error("attemptTestnetTopUp: polkadot-api client not available");
+    await cryptoWaitReady();
+    const keyring = new Keyring({ type: "sr25519" });
+    const sources = [
+      { label: "Alice", uri: DEFAULT_MNEMONIC },
+      { label: "Bob", uri: `${DEFAULT_MNEMONIC}//Bob` }
+    ];
+    for (const src of sources) {
+      const account = keyring.addFromUri(src.uri);
+      if (account.address === recipientSs58) continue;
+      const sourceBalance = await this.readFreeBalance(account.address);
+      if (sourceBalance < targetAmount + SOURCE_BUFFER) {
+        console.log(`   ${src.label} (${account.address.slice(0, 8)}...) low: ${fmtPas(sourceBalance)} PAS \u2014 skipping`);
+        captureWarning(`DotNS auto-top-up: ${src.label} insufficient`, {
+          source: src.label,
+          sourceAddress: account.address,
+          free: sourceBalance.toString(),
+          required: (targetAmount + SOURCE_BUFFER).toString()
+        });
+        continue;
+      }
+      const signer = getPolkadotSigner(
+        account.publicKey,
+        "Sr25519",
+        async (input) => account.sign(input)
+      );
+      console.log(`   Trying ${src.label} (${account.address.slice(0, 8)}...): transferring ${fmtPas(targetAmount)} PAS to ${recipientSs58.slice(0, 8)}...`);
+      try {
+        await withTimeout(
+          this.submitTransfer(signer, recipientSs58, targetAmount),
+          TOP_UP_TRANSFER_TIMEOUT_MS,
+          `Balances.transfer_allow_death from ${src.label}`
+        );
+        return { source: src.label, transferred: targetAmount };
+      } catch (e) {
+        console.log(`   Top-up via ${src.label} failed: ${e.message?.slice(0, 200)}`);
+      }
+    }
+    return null;
+  }
+  // Helper: submit a Balances.transfer_allow_death tx and resolve only after
+  // GRANDPA finalization (not best-block inclusion). Auto-top-up writes to
+  // the deploy signer's balance; if a re-org rolls back a best-block credit
+  // before the deploy's next tx, preflight reports success but setContenthash
+  // / register fail with Insufficient funds again. Waiting for finalization
+  // adds ~18s on Asset Hub Paseo but eliminates the re-org window.
+  // Logs a per-block-progress line so the operator sees the wait isn't a hang.
+  // Note: Enum("Id", ss58) is required to decode the SS58 to AccountId32;
+  // the structural literal { type: "Id", value } encodes wrong.
+  // Companion in tools/setup-e2e-derivation-signers.mjs uses best-block only;
+  // that's a one-time setup script, not a runtime gate, so the trade-off there
+  // is different.
+  submitTransfer(signer, destSubstrate, valueRaw) {
+    const api = this.clientWrapper.client;
+    const tx = api.tx.Balances.transfer_allow_death({
+      dest: Enum("Id", destSubstrate),
+      value: valueRaw
+    });
+    return new Promise((resolve, reject) => {
+      let settled = false;
+      let bestBlockSeen = false;
+      const sub = tx.signSubmitAndWatch(signer).subscribe({
+        next: (event) => {
+          if (settled) return;
+          if (event.type === "txBestBlocksState" && event.found && !bestBlockSeen) {
+            bestBlockSeen = true;
+            if (!event.ok) {
+              settled = true;
+              try {
+                sub.unsubscribe();
+              } catch {
+              }
+              reject(new Error("Balances.transfer_allow_death dispatch error"));
+              return;
+            }
+            console.log(`   Tx in best block \u2014 waiting for finalization...`);
+            return;
+          }
+          if (event.type === "finalized") {
+            settled = true;
+            try {
+              sub.unsubscribe();
+            } catch {
+            }
+            if (event.ok === false) reject(new Error("Balances.transfer_allow_death finalization error"));
+            else resolve();
+          }
+        },
+        error: (e) => {
+          if (settled) return;
+          settled = true;
+          reject(e instanceof Error ? e : new Error(String(e)));
+        },
+        // Defensive: papi can complete the stream after a network drop without
+        // emitting finalized. Without this, the promise hangs forever and
+        // preflight stalls. Reject so the caller falls back to Bob.
+        complete: () => {
+          if (settled) return;
+          settled = true;
+          reject(new Error("transfer subscription closed without finalization"));
+        }
+      });
+    });
+  }
+  async contractCall(contractAddress, contractAbi, functionName, args = []) {
+    this.ensureConnected();
+    if (!this.clientWrapper) throw new Error("contractCall: polkadot-api client not available");
+    const encodedCallData = encodeFunctionData({ abi: contractAbi, functionName, args });
+    const callResult = await this.clientWrapper.performDryRunCall(this.substrateAddress, contractAddress, 0n, encodedCallData);
+    if (!callResult.result.isOk) {
+      const errorData = callResult.result.value;
+      throw new Error(formatContractDryRunFailure({
+        revertData: errorData?.data ?? "0x",
+        revertFlags: errorData?.flags ?? 0n,
+        gasConsumed: callResult.gasConsumed,
+        gasRequired: callResult.gasRequired,
+        storageDeposit: callResult.storageDeposit?.value
+      }, {
+        contractAddress,
+        functionName,
+        signerSubstrateAddress: this.substrateAddress,
+        signerEvmAddress: this.evmAddress ?? void 0,
+        value: 0n,
+        encodedData: encodedCallData,
+        args,
+        contracts: this._contracts
+      }));
+    }
+    return decodeFunctionResult({ abi: contractAbi, functionName, data: callResult.result.value.data });
+  }
+  /**
+   * Like contractCall, but returns null when the chain replies with empty data
+   * ("0x"). Use this for view functions where an unset storage slot is a
+   * meaningful answer (e.g. resolver(node) for a name with no resolver,
+   * text records, optional ownership lookups). Use the strict contractCall
+   * for read paths that must always return a value.
+   */
+  async contractCallNullable(contractAddress, contractAbi, functionName, args = []) {
+    this.ensureConnected();
+    if (!this.clientWrapper) throw new Error("contractCallNullable: polkadot-api client not available");
+    const encodedCallData = encodeFunctionData({ abi: contractAbi, functionName, args });
+    const callResult = await this.clientWrapper.performDryRunCall(this.substrateAddress, contractAddress, 0n, encodedCallData);
+    if (!callResult.result.isOk) {
+      const errorData = callResult.result.value;
+      throw new Error(formatContractDryRunFailure({
+        revertData: errorData?.data ?? "0x",
+        revertFlags: errorData?.flags ?? 0n,
+        gasConsumed: callResult.gasConsumed,
+        gasRequired: callResult.gasRequired,
+        storageDeposit: callResult.storageDeposit?.value
+      }, {
+        contractAddress,
+        functionName,
+        signerSubstrateAddress: this.substrateAddress,
+        signerEvmAddress: this.evmAddress ?? void 0,
+        value: 0n,
+        encodedData: encodedCallData,
+        args,
+        contracts: this._contracts
+      }));
+    }
+    const rawData = callResult.result.value.data ?? "0x";
+    if (rawData === "0x" || rawData === "" || rawData.length <= 2) return null;
+    return decodeFunctionResult({ abi: contractAbi, functionName, data: rawData });
+  }
+  async contractTransaction(contractAddress, value, contractAbi, functionName, args = [], statusCallback = () => {
+  }, { useNoncePolling, verifyEffect } = {}) {
+    this.ensureConnected();
+    if (!this.clientWrapper) throw new Error("contractTransaction: polkadot-api client not available");
+    const encodedCallData = encodeFunctionData({ abi: contractAbi, functionName, args });
+    const rpcs = this.rpc ? [this.rpc, ...this.assetHubEndpoints.filter((ep) => ep !== this.rpc)] : this.assetHubEndpoints;
+    return await withTimeout(
+      this.clientWrapper.submitTransaction(contractAddress, value, encodedCallData, this.substrateAddress, this.signer, statusCallback, { rpcs, useNoncePolling, functionName, args, contracts: this._contracts, verifyEffect }),
+      OPERATION_TIMEOUT_MS,
+      functionName
+    );
+  }
+  async checkOwnership(label, ownerAddress = null) {
+    this.ensureConnected();
+    const checkAddress = (ownerAddress || this.evmAddress).toLowerCase();
+    const tokenId = computeDomainTokenId(label);
+    try {
+      const owner = await withTimeout(this.contractCallNullable(this._contracts.DOTNS_REGISTRAR, DOTNS_REGISTRAR_ABI, "ownerOf", [tokenId]), 3e4, "ownerOf");
+      if (owner === null) return { owned: false, owner: null };
+      const owned = owner.toLowerCase() === checkAddress;
+      return { owned, owner };
+    } catch {
+      return { owned: false, owner: null };
+    }
+  }
+  async getUserPopStatus(ownerAddress = null) {
+    if (this._userPopStatusOverrideForTest !== null) {
+      const result = this._userPopStatusOverrideForTest;
+      this._userPopStatusOverrideForTest = null;
+      return result;
+    }
+    this.ensureConnected();
+    const checkAddress = ownerAddress || this.evmAddress;
+    try {
+      const result = await withTimeout(
+        this.contractCall(PERSONHOOD_PRECOMPILE_ADDRESS, PERSONHOOD_ABI, "personhoodStatus", [checkAddress, PERSONHOOD_CONTEXT]),
+        3e4,
+        "personhoodStatus"
+      );
+      return parsePersonhoodStatusResult(result);
+    } catch (e) {
+      throw new Error(
+        `Could not read DotNS Personhood status for ${checkAddress} from the Personhood precompile. Check the Asset Hub RPC/environment and contact the DotNS team if the signer should be whitelisted. Underlying: ${e?.message ?? String(e)}`
+      );
+    }
+  }
+  async checkSubdomainOwnership(sublabel, parentLabel) {
+    this.ensureConnected();
+    if (!this.clientWrapper) return { owned: false, owner: null };
+    const node = namehash(`${sublabel}.${parentLabel}.dot`);
+    try {
+      const owner = await withTimeout(this.contractCallNullable(this._contracts.DOTNS_REGISTRY, DOTNS_REGISTRY_ABI, "owner", [node]), 3e4, "owner");
+      if (!owner || owner === zeroAddress) return { owned: false, owner: null };
+      const owned = owner.toLowerCase() === this.evmAddress.toLowerCase();
+      return { owned, owner };
+    } catch {
+      return { owned: false, owner: null };
+    }
+  }
+  async registerSubdomain(sublabel, parentLabel) {
+    return withSpan("deploy.dotns.register-subdomain", `2a. register ${sublabel}.${parentLabel}.dot`, {}, async () => {
+      this.ensureConnected();
+      console.log(`
+   Registering subdomain ${sublabel}.${parentLabel}.dot...`);
+      const parentNode = namehash(`${parentLabel}.dot`);
+      const subnodeNode = namehash(`${sublabel}.${parentLabel}.dot`);
+      const subnodeRecord = { parentNode, subLabel: sublabel, parentLabel, owner: this.evmAddress };
+      const txResolution = await this.submitBatchedContractCalls(
+        [
+          { contractAddress: this._contracts.DOTNS_REGISTRY, abi: DOTNS_REGISTRY_ABI, functionName: "setSubnodeOwner", args: [subnodeRecord] },
+          { contractAddress: this._contracts.DOTNS_REGISTRY, abi: DOTNS_REGISTRY_ABI, functionName: "setResolver", args: [subnodeNode, this._contracts.DOTNS_CONTENT_RESOLVER] }
+        ],
+        (s) => console.log(`      ${s}`),
+        `Utility.batch_all (register ${sublabel}.${parentLabel}.dot)`
+      );
+      logTxResolution(txResolution);
+      if (txResolution.kind === TX_KIND_HASH) {
+        setDeployAttribute("deploy.subnode.tx", txResolution.hash);
+        if (txResolution.block) {
+          setDeployAttribute("deploy.subnode.block", txResolution.block.number);
+          setDeployAttribute("deploy.subnode.block_hash", txResolution.block.hash);
+          console.log(`      finalised @ block ${txResolution.block.number} (tx ${txResolution.hash})`);
+        } else {
+          console.log(`      finalised (tx ${txResolution.hash})`);
+        }
+      }
+      console.log(`   Subdomain registered!`);
+      return { sublabel, parentLabel, owner: this.evmAddress };
+    });
+  }
+  /**
+   * Submit multiple contract calls as a single atomic `Utility.batch_all`
+   * extrinsic.
+   *
+   * Each call is encoded as a `pallet-revive::call(...)` extrinsic and
+   * batched into one outer dispatch. The runtime executes them in
+   * sequence and rolls back the entire batch on any inner revert. Only
+   * the leading call is dry-run for gas — its weight is reused as the
+   * budget for every subsequent call, on the assumption sibling
+   * registry/resolver writes are similarly sized.
+   */
+  async submitBatchedContractCalls(calls, statusCallback, label) {
+    this.ensureConnected();
+    if (!this.clientWrapper) throw new Error(`${label}: polkadot-api client not available`);
+    if (calls.length === 0) throw new Error(`${label}: at least one inner call required`);
+    await this.clientWrapper.ensureAccountMapped(this.substrateAddress, this.signer);
+    const encoded = calls.map((c) => ({
+      contractAddress: c.contractAddress,
+      value: c.value ?? 0n,
+      data: encodeFunctionData({ abi: c.abi, functionName: c.functionName, args: c.args })
+    }));
+    const headEstimate = await this.clientWrapper.estimateGasForCall(
+      this.substrateAddress,
+      encoded[0].contractAddress,
+      encoded[0].value,
+      encoded[0].data
+    );
+    if (!headEstimate.success) {
+      throw new Error(formatContractDryRunFailure(headEstimate, {
+        contractAddress: encoded[0].contractAddress,
+        functionName: calls[0].functionName,
+        signerSubstrateAddress: this.substrateAddress,
+        signerEvmAddress: this.evmAddress,
+        value: encoded[0].value,
+        encodedData: encoded[0].data,
+        args: calls[0].args,
+        contracts: this._contracts
+      }));
+    }
+    const weight_limit = {
+      proof_size: headEstimate.gasRequired.proofSize,
+      ref_time: headEstimate.gasRequired.referenceTime
+    };
+    const minimumStorageDeposit = 2000000000000n;
+    let storage_deposit_limit = headEstimate.storageDeposit === 0n ? minimumStorageDeposit : headEstimate.storageDeposit * 120n / 100n;
+    if (storage_deposit_limit < minimumStorageDeposit) storage_deposit_limit = minimumStorageDeposit;
+    const client = this.clientWrapper.client;
+    const buildBatch = () => {
+      const inner = encoded.map(
+        (e) => client.tx.Revive.call({
+          dest: e.contractAddress,
+          value: e.value,
+          weight_limit,
+          storage_deposit_limit,
+          data: Binary.fromHex(e.data)
+        })
+      );
+      return client.tx.Utility.batch_all({ calls: inner.map((c) => c.decodedCall) });
+    };
+    return await withTimeout(
+      this.clientWrapper.signAndSubmitWithRetry(buildBatch, this.signer, statusCallback, label),
+      OPERATION_TIMEOUT_MS,
+      label
+    );
+  }
+  async setContenthash(domainName, contenthashHex) {
+    return withSpan("deploy.dotns.set-contenthash", "2b. set-contenthash", {}, async () => {
+      this.ensureConnected();
+      const node = namehash(`${domainName}.dot`);
+      let ipfsCid = null;
+      if (contenthashHex && contenthashHex !== "0x") {
+        const bytes = Buffer.from(contenthashHex.slice(2), "hex");
+        if (bytes[0] === 227 && bytes.length >= 4) {
+          const cidBytes = bytes.slice(2);
+          ipfsCid = CID.decode(cidBytes).toString();
+        }
+      }
+      if (!ipfsCid) throw new Error(`setContenthash: cannot decode contenthash ${contenthashHex} to an IPFS CID`);
+      console.log(`   Setting contenthash: ${ipfsCid}`);
+      const expected = contenthashHex.toLowerCase();
+      try {
+        const current = (await this.getContenthash(domainName) || "0x").toLowerCase();
+        if (current === expected) {
+          console.log(`   Contenthash already set: ${ipfsCid} \u2014 skipping tx`);
+          setDeployAttribute("deploy.dotns.contenthash_unchanged", "true");
+          return { node };
+        }
+      } catch (_) {
+      }
+      setDeployAttribute("deploy.dotns.contenthash_unchanged", "false");
+      const MAX_VERIFY_CHAIN_SECONDS = 30;
+      const POLL_INTERVAL_MS = 2e3;
+      const verifyEffect = async () => {
+        const wrapper = this.clientWrapper;
+        if (!this.connected || !wrapper) return false;
+        const startChainMs = Number(await wrapper.client.query.Timestamp.Now.getValue());
+        let lastPrintedElapsed = -1;
+        while (true) {
+          const liveWrapper = this.clientWrapper;
+          if (!this.connected || !liveWrapper) return false;
+          const [onChainRaw, nowChainMs] = await Promise.all([
+            this.getContenthash(domainName),
+            liveWrapper.client.query.Timestamp.Now.getValue().then(Number)
+          ]);
+          const onChain = (onChainRaw || "0x").toLowerCase();
+          if (onChain === expected) return true;
+          const chainElapsed = (nowChainMs - startChainMs) / 1e3;
+          if (chainElapsed >= MAX_VERIFY_CHAIN_SECONDS) return false;
+          const floored = Math.floor(chainElapsed);
+          if (floored > lastPrintedElapsed) {
+            console.log(`   Awaiting finalization (chain time +${floored}s / ${MAX_VERIFY_CHAIN_SECONDS}s)...`);
+            lastPrintedElapsed = floored;
+          }
+          await new Promise((r) => setTimeout(r, POLL_INTERVAL_MS));
+        }
+      };
+      const txRes = await this.contractTransaction(this._contracts.DOTNS_CONTENT_RESOLVER, 0n, DOTNS_CONTENT_RESOLVER_ABI, "setContenthash", [node, contenthashHex], (s) => console.log(`      ${s}`), { useNoncePolling: true, verifyEffect });
+      const finalOnChain = (await this.getContenthash(domainName) || "0x").toLowerCase();
+      if (finalOnChain !== expected) {
+        throw new Error(
+          `Post-deploy verification failed for ${domainName}.dot: on-chain contenthash is ${finalOnChain}, not the ${expected} we just wrote. The setContenthash tx may have silently failed, or another party overwrote the domain. Re-run the deploy to retry.`
+        );
+      }
+      setDeployAttribute("deploy.dotns.tx_resolution", txRes.kind);
+      logTxResolution(txRes);
+      if (txRes.kind === TX_KIND_HASH) {
+        setDeployAttribute("deploy.contenthash.tx", txRes.hash);
+        if (txRes.block) {
+          setDeployAttribute("deploy.contenthash.block", txRes.block.number);
+          setDeployAttribute("deploy.contenthash.block_hash", txRes.block.hash);
+          console.log(`      finalised @ block ${txRes.block.number} (tx ${txRes.hash})`);
+        } else {
+          console.log(`      finalised (tx ${txRes.hash})`);
+        }
+      }
+      console.log(`   Verified on-chain: ${ipfsCid}
+`);
+      return { node };
+    });
+  }
+  /**
+   * Point a node's registered resolver at `DOTNS_CONTENT_RESOLVER` (RFC §Step 3.2).
+   *
+   * Hosts read text records via `IDotnsRegistry.resolver(node)`, so the
+   * registered slot must point at the content resolver for manifest text
+   * records to be discoverable. The pre-read is best-effort: pallet-revive
+   * returns `isOk=true` with empty data when a selector isn't in the
+   * deployed bytecode, which makes viem's decoder throw. Any decode failure
+   * is treated as "unset" and the write fires unconditionally. `setResolver`
+   * is idempotent against the same target, so registries that pre-date the
+   * `resolver(bytes32)` getter just pay one extra extrinsic per publish.
+   */
+  async ensureContentResolver(domainName) {
+    this.ensureConnected();
+    const node = namehash(`${domainName}.dot`);
+    const target = this._contracts.DOTNS_CONTENT_RESOLVER;
+    let current = null;
+    try {
+      current = await this.contractCall(this._contracts.DOTNS_REGISTRY, DOTNS_REGISTRY_ABI, "resolver", [node]);
+    } catch {
+    }
+    if (typeof current === "string" && current.toLowerCase() === target.toLowerCase()) {
+      return { changed: false };
+    }
+    console.log(`   Redirecting resolver for ${domainName}.dot to content resolver ${target}\u2026`);
+    await this.contractTransaction(this._contracts.DOTNS_REGISTRY, 0n, DOTNS_REGISTRY_ABI, "setResolver", [node, target], (s) => console.log(`      ${s}`), { useNoncePolling: true });
+    return { changed: true };
+  }
+  /** Read a text record off `DOTNS_CONTENT_RESOLVER`. Returns `""` when unset. */
+  async getTextRecord(domainName, key) {
+    this.ensureConnected();
+    const node = namehash(`${domainName}.dot`);
+    const result = await this.contractCall(
+      this._contracts.DOTNS_CONTENT_RESOLVER,
+      DOTNS_TEXT_RESOLVER_ABI,
+      "text",
+      [node, key]
+    );
+    return typeof result === "string" ? result : "";
+  }
+  async setTextRecord(domainName, key, value) {
+    return withSpan("deploy.dotns.set-text", `2c. set-text ${key}`, {}, async () => {
+      this.ensureConnected();
+      console.log(`   Setting text[${key}]: ${value}`);
+      const node = namehash(`${domainName}.dot`);
+      const textTxRes = await this.contractTransaction(this._contracts.DOTNS_CONTENT_RESOLVER, 0n, DOTNS_TEXT_RESOLVER_ABI, "setText", [node, key, value], (s) => console.log(`      ${s}`), { useNoncePolling: true });
+      logTxResolution(textTxRes);
+      const MAX_CHAIN_WAIT_SECONDS = 90;
+      const POLL_INTERVAL_MS = 2e3;
+      const startChainMs = Number(await this.clientWrapper.client.query.Timestamp.Now.getValue());
+      let onChainValue = "";
+      let lastPrintedElapsed = -1;
+      while (true) {
+        const onChain = await withTimeout(this.contractCall(this._contracts.DOTNS_CONTENT_RESOLVER, DOTNS_TEXT_RESOLVER_ABI, "text", [node, key]), 3e4, "text");
+        onChainValue = onChain ?? "";
+        if (onChainValue === value) break;
+        const nowChainMs = Number(await this.clientWrapper.client.query.Timestamp.Now.getValue());
+        const chainElapsed = (nowChainMs - startChainMs) / 1e3;
+        if (chainElapsed >= MAX_CHAIN_WAIT_SECONDS) break;
+        const floored = Math.floor(chainElapsed);
+        if (floored > lastPrintedElapsed) {
+          console.log(`   Awaiting text finalization (chain time +${floored}s / ${MAX_CHAIN_WAIT_SECONDS}s)...`);
+          lastPrintedElapsed = floored;
+        }
+        await new Promise((r) => setTimeout(r, POLL_INTERVAL_MS));
+      }
+      if (onChainValue !== value) {
+        throw new Error(
+          `Post-set verification failed for text[${key}] on ${domainName}.dot: on-chain value is ${JSON.stringify(onChainValue)}, not ${JSON.stringify(value)} we just wrote. The setText tx may have silently failed, or another writer overwrote the record.`
+        );
+      }
+      console.log(`   Verified text[${key}]: ${onChainValue}
+`);
+      const txHashStr = textTxRes.kind === TX_KIND_HASH ? textTxRes.hash : TX_KIND_NONCE_ADVANCED;
+      return { value, txHash: txHashStr };
+    });
+  }
+  // Atomicity boundary: setContenthash and publish stay outside this batch
+  // so a cosmetic setText failure cannot roll back the on-chain CID.
+  async setTextRecords(domainName, entries) {
+    if (entries.length === 0) return { txHash: null, batched: false };
+    if (entries.length === 1) {
+      const r = await this.setTextRecord(domainName, entries[0].key, entries[0].value);
+      return { txHash: r.txHash, batched: false };
+    }
+    return withSpan("deploy.dotns.set-text-batch", `2c. set-text batch (${entries.length})`, {}, async () => {
+      this.ensureConnected();
+      const node = namehash(`${domainName}.dot`);
+      const calls = entries.map((e) => {
+        console.log(`   Setting text[${e.key}]: ${e.value}`);
+        return {
+          contractAddress: this._contracts.DOTNS_CONTENT_RESOLVER,
+          value: 0n,
+          encodedData: encodeFunctionData({ abi: DOTNS_TEXT_RESOLVER_ABI, functionName: "setText", args: [node, e.key, e.value] }),
+          functionName: "setText",
+          args: [node, e.key, e.value]
+        };
+      });
+      const batchTxRes = await withTimeout(
+        this.clientWrapper.submitBatchedTransactions(calls, this.substrateAddress, this.signer, (s) => console.log(`      ${s}`)),
+        OPERATION_TIMEOUT_MS,
+        "Utility.batch_all(setText)"
+      );
+      logTxResolution(batchTxRes);
+      const txHash = batchTxRes.kind === TX_KIND_HASH ? batchTxRes.hash : TX_KIND_NONCE_ADVANCED;
+      const MAX_CHAIN_WAIT_SECONDS = 90;
+      const POLL_INTERVAL_MS = 2e3;
+      const startChainMs = Number(await this.clientWrapper.client.query.Timestamp.Now.getValue());
+      let lastResults = [];
+      while (true) {
+        lastResults = await Promise.all(entries.map((e) => withTimeout(this.contractCall(this._contracts.DOTNS_CONTENT_RESOLVER, DOTNS_TEXT_RESOLVER_ABI, "text", [node, e.key]), 3e4, "text").then((onChain) => ({ key: e.key, expected: e.value, onChain: onChain ?? "" }))));
+        if (lastResults.every((v) => v.onChain === v.expected)) break;
+        const nowChainMs = Number(await this.clientWrapper.client.query.Timestamp.Now.getValue());
+        const chainElapsed = (nowChainMs - startChainMs) / 1e3;
+        if (chainElapsed >= MAX_CHAIN_WAIT_SECONDS) break;
+        console.log(`   Awaiting batched text finalization (chain time +${Math.floor(chainElapsed)}s / ${MAX_CHAIN_WAIT_SECONDS}s)...`);
+        await new Promise((r) => setTimeout(r, POLL_INTERVAL_MS));
+      }
+      for (const v of lastResults) {
+        if (v.onChain !== v.expected) {
+          throw new Error(
+            `Post-set verification failed for text[${v.key}] on ${domainName}.dot: on-chain value is ${JSON.stringify(v.onChain)}, not ${JSON.stringify(v.expected)} we just wrote. The batched setText tx may have silently failed, or another writer overwrote the record.`
+          );
+        }
+        console.log(`   Verified text[${v.key}]: ${v.onChain}`);
+      }
+      return { txHash, batched: true };
+    });
+  }
+  // Adds `<label>.dot` to the on-chain Publisher registry. Pre-checks
+  // isPublished and returns "already-published" instead of resubmitting,
+  // which is both cheaper and avoids waking the Lite cooldown. A
+  // CooldownActive revert is treated as success-equivalent — the registry
+  // is already in the desired state from a recent prior publish.
+  async publishLabel(label) {
+    return withSpan("deploy.publish", `3. publish ${label}.dot`, { "deploy.publish.label": label }, async () => {
+      this.ensureConnected();
+      const publisher = this._contracts.PUBLISHER;
+      if (!publisher || publisher === zeroAddress) {
+        throw new PublisherNotSupportedError(this.rpc ?? "unknown");
+      }
+      const labelhash = keccak256(toBytes(label));
+      const already = await withTimeout(
+        this.contractCall(publisher, PUBLISHER_ABI, "isPublished", [labelhash]),
+        3e4,
+        "isPublished"
+      );
+      if (already === true) {
+        console.log(`   Already published \u2014 skipping`);
+        return { status: "already-published" };
+      }
+      try {
+        const txRes = await this.contractTransaction(publisher, 0n, PUBLISHER_ABI, "publish", [label], (s) => console.log(`      ${s}`), { useNoncePolling: true });
+        logTxResolution(txRes);
+        const txHash = txRes.kind === TX_KIND_HASH ? txRes.hash : TX_KIND_NONCE_ADVANCED;
+        return { status: "published", txHash };
+      } catch (e) {
+        const decoded = decodePublisherRevert(e);
+        if (decoded?.name === "CooldownActive") {
+          const nextAllowed = decoded.args?.[0];
+          console.log(`   Cooldown active (next allowed at ${nextAllowed}) \u2014 treating as already published`);
+          return { status: "cooldown-skipped" };
+        }
+        if (decoded?.name) throw new Error(`Publisher.publish reverted: ${decoded.name}${decoded.args ? `(${decoded.args.join(", ")})` : ""}`);
+        throw e;
+      }
+    });
+  }
+  // Removes `<label>.dot` from the on-chain Publisher registry. Pre-checks
+  // isPublished and returns "already-unpublished" instead of resubmitting,
+  // which both saves gas and avoids emitting a spurious Unpublished event
+  // for a label that was never in the set.
+  async unpublishLabel(label) {
+    return withSpan("deploy.unpublish", `unpublish ${label}.dot`, { "deploy.unpublish.label": label }, async () => {
+      this.ensureConnected();
+      const publisher = this._contracts.PUBLISHER;
+      if (!publisher || publisher === zeroAddress) {
+        throw new PublisherNotSupportedError(this.rpc ?? "unknown");
+      }
+      const labelhash = keccak256(toBytes(label));
+      const isPub = await withTimeout(
+        this.contractCall(publisher, PUBLISHER_ABI, "isPublished", [labelhash]),
+        3e4,
+        "isPublished"
+      );
+      if (isPub !== true) {
+        console.log(`   Not currently published \u2014 skipping`);
+        return { status: "already-unpublished" };
+      }
+      try {
+        const txRes = await this.contractTransaction(publisher, 0n, PUBLISHER_ABI, "unpublish", [label], (s) => console.log(`      ${s}`), { useNoncePolling: true });
+        logTxResolution(txRes);
+        const txHash = txRes.kind === TX_KIND_HASH ? txRes.hash : TX_KIND_NONCE_ADVANCED;
+        return { status: "unpublished", txHash };
+      } catch (e) {
+        const decoded = decodePublisherRevert(e);
+        if (decoded?.name) throw new Error(`Publisher.unpublish reverted: ${decoded.name}${decoded.args ? `(${decoded.args.join(", ")})` : ""}`);
+        throw e;
+      }
+    });
+  }
+  async getContenthash(domainName) {
+    this.ensureConnected();
+    const node = namehash(`${domainName}.dot`);
+    const result = await withTimeout(
+      this.contractCall(this._contracts.DOTNS_CONTENT_RESOLVER, DOTNS_CONTENT_RESOLVER_ABI, "contenthash", [node]),
+      3e4,
+      "contenthash"
+    );
+    return typeof result === "string" ? result : result?.toString?.() ?? String(result);
+  }
+  async classifyName(label) {
+    this.ensureConnected();
+    console.log(`
+   Classifying name via PopOracle...`);
+    const result = await withTimeout(this.contractCall(this._contracts.POP_RULES, POP_RULES_ABI, "classifyName", [label]), 3e4, "classifyName");
+    const requiredStatus = typeof result[0] === "bigint" ? Number(result[0]) : result[0];
+    const message = result[1];
+    console.log(`   Required status: ${popStatusName(requiredStatus)}`);
+    console.log(`   Message: ${message}`);
+    return { requiredStatus, message };
+  }
+  async ensureNotRegistered(label) {
+    this.ensureConnected();
+    console.log(`
+   Checking availability of ${label}.dot...`);
+    const tokenId = computeDomainTokenId(label);
+    try {
+      const owner = await withTimeout(this.contractCall(this._contracts.DOTNS_REGISTRAR, DOTNS_REGISTRAR_ABI, "ownerOf", [tokenId]), 3e4, "Availability check");
+      if (owner !== zeroAddress) throw new Error(`Domain ${label}.dot already owned by ${owner}`);
+    } catch (error) {
+      const errorMessage = error instanceof Error ? error.message : String(error);
+      if (errorMessage.includes("already owned")) throw error;
+    }
+    console.log(`   ${label}.dot is available`);
+  }
+  async generateCommitment(label, includeReverse = false) {
+    this.ensureConnected();
+    console.log(`
+   Generating commitment hash...`);
+    label = validateDomainLabel(label);
+    const secret = `0x${crypto.randomBytes(32).toString("hex")}`;
+    const registration = { label, owner: this.evmAddress, secret, reserved: includeReverse };
+    const commitment = await withTimeout(this.contractCall(this._contracts.DOTNS_REGISTRAR_CONTROLLER, DOTNS_REGISTRAR_CONTROLLER_ABI, "makeCommitment", [registration]), 3e4, "Commitment generation");
+    console.log(`   Commitment: ${commitment}`);
+    return { commitment, registration };
+  }
+  async submitCommitment(commitment) {
+    this.ensureConnected();
+    console.log(`
+   Submitting commitment...`);
+    const commitTxRes = await this.contractTransaction(this._contracts.DOTNS_REGISTRAR_CONTROLLER, 0n, DOTNS_REGISTRAR_CONTROLLER_ABI, "commit", [commitment], (s) => console.log(`      ${s}`));
+    logTxResolution(commitTxRes);
+    console.log(`   Committed at: ${(/* @__PURE__ */ new Date()).toISOString()}`);
+  }
+  async waitForCommitmentAge(commitment) {
+    this.ensureConnected();
+    const POLL_TIMEOUT_MS = 9e4;
+    const POLL_INTERVAL_MS = 3e3;
+    console.log(`
+   Reading minimum commitment age...`);
+    const [minimumAge, maximumAge, initialCommitTimestamp] = await Promise.all([
+      withTimeout(this.contractCall(this._contracts.DOTNS_REGISTRAR_CONTROLLER, DOTNS_REGISTRAR_CONTROLLER_ABI, "minCommitmentAge", []), 3e4, "minCommitmentAge"),
+      withTimeout(this.contractCall(this._contracts.DOTNS_REGISTRAR_CONTROLLER, DOTNS_REGISTRAR_CONTROLLER_ABI, "maxCommitmentAge", []), 3e4, "maxCommitmentAge"),
+      withTimeout(this.contractCall(this._contracts.DOTNS_REGISTRAR_CONTROLLER, DOTNS_REGISTRAR_CONTROLLER_ABI, "commitments", [commitment]), 3e4, "commitments")
+    ]);
+    const minimumAgeSeconds = typeof minimumAge === "bigint" ? Number(minimumAge) : minimumAge;
+    const maximumAgeSeconds = typeof maximumAge === "bigint" ? Number(maximumAge) : maximumAge ?? 86400;
+    const commitTimestamp = typeof initialCommitTimestamp === "bigint" ? Number(initialCommitTimestamp) : initialCommitTimestamp;
+    if (commitTimestamp === 0) {
+      throw new Error("Commitment not found on-chain. It may not have been included in a block yet.");
+    }
+    console.log(`   Minimum commitment age: ${minimumAgeSeconds}s, maximum: ${maximumAgeSeconds}s`);
+    console.log(`   Commitment valid window: ${commitTimestamp + minimumAgeSeconds} \u2013 ${commitTimestamp + maximumAgeSeconds}`);
+    console.log(`   Commitment stored on-chain (timestamp: ${commitTimestamp})`);
+    console.log(`   Waiting for on-chain block.timestamp > ${commitTimestamp + minimumAgeSeconds} (timeout ${POLL_TIMEOUT_MS / 1e3}s)`);
+    const pollDeadline = Date.now() + POLL_TIMEOUT_MS;
+    while (Date.now() < pollDeadline) {
+      const nowMs = await this.clientWrapper.client.query.Timestamp.Now.getValue();
+      const chainNowSeconds = Math.floor(Number(nowMs) / 1e3);
+      if (isCommitmentMature(chainNowSeconds, commitTimestamp, minimumAgeSeconds)) {
+        console.log(`   Commitment age requirement met (chain.now=${chainNowSeconds}, target>${commitTimestamp + minimumAgeSeconds})`);
+        console.log(`   Buffering ${POLL_INTERVAL_MS / 1e3}s for block propagation (guard against node lag after maturity)...`);
+        await new Promise((resolve) => setTimeout(resolve, POLL_INTERVAL_MS));
+        const nowAfterBuffer = Math.floor(Number(await this.clientWrapper.client.query.Timestamp.Now.getValue()) / 1e3);
+        const expiresAt = commitTimestamp + maximumAgeSeconds;
+        const remainingSecs = expiresAt - nowAfterBuffer;
+        if (remainingSecs <= 0) {
+          throw new Error(`Commitment has expired (chain.now=${nowAfterBuffer}, expired at=${expiresAt}). A fresh commit cycle is needed.`);
+        }
+        if (remainingSecs < 30) {
+          console.log(`   Warning: commitment expires in ${remainingSecs}s \u2014 proceeding immediately.`);
+        }
+        return;
+      }
+      const chainSecondsToTarget = Math.max(0, commitTimestamp + minimumAgeSeconds - chainNowSeconds);
+      console.log(`   Chain time ${chainNowSeconds} \u2014 need +${chainSecondsToTarget}s more chain progress`);
+      await new Promise((resolve) => setTimeout(resolve, POLL_INTERVAL_MS));
+    }
+    throw new Error(`Commitment still too new after ${POLL_TIMEOUT_MS / 1e3}s of polling chain time. The chain may be stalled.`);
+  }
+  async getPriceAndValidate(label) {
+    this.ensureConnected();
+    console.log(`
+   Checking price and eligibility...`);
+    label = validateDomainLabel(label);
+    const baseName = stripTrailingDigits(label);
+    const reservationInfo = await withTimeout(this.contractCall(this._contracts.POP_RULES, POP_RULES_ABI, "isBaseNameReserved", [baseName]), 3e4, "isBaseNameReserved");
+    const [isReserved, reservationOwner] = reservationInfo;
+    if (isReserved && reservationOwner.toLowerCase() !== this.evmAddress.toLowerCase()) throw new Error("Base name reserved for original Lite registrant");
+    const classificationResult = await withTimeout(this.contractCall(this._contracts.POP_RULES, POP_RULES_ABI, "classifyName", [label]), 3e4, "classifyName");
+    const requiredStatus = typeof classificationResult[0] === "bigint" ? Number(classificationResult[0]) : classificationResult[0];
+    const message = classificationResult[1];
+    const userStatus = await this.getUserPopStatus();
+    if (requiredStatus === ProofOfPersonhoodStatus.Reserved) throw new Error(message);
+    if (requiredStatus === ProofOfPersonhoodStatus.ProofOfPersonhoodFull) {
+      if (userStatus !== ProofOfPersonhoodStatus.ProofOfPersonhoodFull) throw new Error("Requires Full Personhood verification");
+    } else if (requiredStatus === ProofOfPersonhoodStatus.ProofOfPersonhoodLite) {
+      if (userStatus !== ProofOfPersonhoodStatus.ProofOfPersonhoodLite && userStatus !== ProofOfPersonhoodStatus.ProofOfPersonhoodFull) throw new Error("Requires Personhood Lite verification");
+    } else {
+      const trailingDigitCount = countTrailingDigits(label);
+      if (trailingDigitCount === 0 || userStatus === ProofOfPersonhoodStatus.ProofOfPersonhoodLite) {
+        throw new Error("Personhood Lite cannot register base names \u2014 this name class requires a Full or NoStatus signer");
+      }
+    }
+    const priceMeta = await withTimeout(this.contractCall(this._contracts.POP_RULES, POP_RULES_ABI, "priceWithCheck", [label, this.evmAddress]), 3e4, "priceWithCheck");
+    const priceRaw = priceMeta?.price;
+    if (priceRaw == null) {
+      throw new Error(
+        `priceWithCheck returned unexpected shape (expected object with .price): ` + JSON.stringify(priceMeta, (_, v) => typeof v === "bigint" ? v.toString() : v)
+      );
+    }
+    const priceWei = typeof priceRaw === "bigint" ? priceRaw : BigInt(priceRaw);
+    console.log(`   Required status: ${popStatusName(requiredStatus)}`);
+    console.log(`   User status: ${popStatusName(userStatus)}`);
+    console.log(`   Price: ${formatEther(priceWei)} PAS`);
+    return { priceWei, requiredStatus, userStatus, message };
+  }
+  async finalizeRegistration(registration, priceWei) {
+    this.ensureConnected();
+    console.log(`
+   Finalizing registration for ${registration.label}.dot...`);
+    const bufferedPaymentWei = priceWei * 110n / 100n;
+    const bufferedPaymentNative = bufferedPaymentWei / this._nativeToEthRatio;
+    if (priceWei > 0n && bufferedPaymentNative === 0n) {
+      throw new Error(
+        `Payment conversion underflow: priceWei=${priceWei} rounds to 0 native units (nativeToEthRatio=${this._nativeToEthRatio}). Cannot call register with zero payment.`
+      );
+    }
+    setDeployAttribute("deploy.payment_wei", priceWei.toString());
+    console.log(`   Oracle price: ${formatEther(priceWei)} PAS`);
+    console.log(`   Paying: ${formatEther(bufferedPaymentWei)} PAS`);
+    const registerTxRes = await this.contractTransaction(this._contracts.DOTNS_REGISTRAR_CONTROLLER, bufferedPaymentNative, DOTNS_REGISTRAR_CONTROLLER_ABI, "register", [registration], (s) => console.log(`      ${s}`));
+    logTxResolution(registerTxRes);
+    if (registerTxRes.kind === TX_KIND_HASH) {
+      setDeployAttribute("deploy.register.tx", registerTxRes.hash);
+      if (registerTxRes.block) {
+        setDeployAttribute("deploy.register.block", registerTxRes.block.number);
+        setDeployAttribute("deploy.register.block_hash", registerTxRes.block.hash);
+        console.log(`      finalised @ block ${registerTxRes.block.number} (tx ${registerTxRes.hash})`);
+      } else {
+        console.log(`      finalised (tx ${registerTxRes.hash})`);
+      }
+    }
+  }
+  async verifyOwnership(label) {
+    this.ensureConnected();
+    console.log(`
+   Verifying ownership...`);
+    const tokenId = computeDomainTokenId(label);
+    const actualOwner = await withTimeout(this.contractCall(this._contracts.DOTNS_REGISTRAR, DOTNS_REGISTRAR_ABI, "ownerOf", [tokenId]), 3e4, "ownerOf");
+    if (actualOwner.toLowerCase() !== this.evmAddress.toLowerCase()) {
+      console.log(`   Expected: ${this.evmAddress}`);
+      console.log(`   Actual: ${actualOwner}`);
+      throw new Error(`Owner mismatch for ${label}.dot`);
+    }
+    console.log(`   Owner: ${actualOwner}`);
+  }
+  // View-only readiness check. Runs every chain read needed to predict whether
+  // `register(label)` will succeed, so the caller can fail-fast BEFORE the
+  // Bulletin chunk upload. Never writes to chain. See issue #100.
+  async preflight(label) {
+    return this._preflightInternal(label, false);
+  }
+  async _preflightInternal(label, reproveAttempted) {
+    return withSpan("deploy.dotns.preflight", `preflight ${label}.dot`, {}, async () => {
+      setDeployAttribute("deploy.dotns.reprove.auto", "false");
+      this.ensureConnected();
+      const validated = validateDomainLabel(label);
+      const trailingDigits = countTrailingDigits(validated);
+      const baselength = validated.length - trailingDigits;
+      const classification = classifyDotnsLabel(validated);
+      if (classification.status === ProofOfPersonhoodStatus.Reserved) {
+        const sanitizeTrail = label !== validated ? `Input "${label}" was sanitized to "${validated}" (excess trailing digits trimmed). ` : "";
+        return {
+          label: validated,
+          classification,
+          userStatus: 0,
+          trailingDigits,
+          baselength,
+          isAvailable: false,
+          existingOwner: null,
+          isBaseNameReserved: false,
+          reservationOwner: null,
+          isTestnet: false,
+          canProceed: false,
+          reason: `${sanitizeTrail}${classification.message}`,
+          plannedAction: "abort",
+          needsPopUpgrade: false
+        };
+      }
+      const baseName = stripTrailingDigits(validated);
+      const [userStatus, baseReservation, ownership, isTestnet, signerFreeBalance] = await Promise.all([
+        this.getUserPopStatus(),
+        withTimeout(this.contractCall(this._contracts.POP_RULES, POP_RULES_ABI, "isBaseNameReserved", [baseName]), 3e4, "isBaseNameReserved"),
+        this.checkOwnership(validated),
+        this.isTestnet(),
+        this.readFreeBalance(this.substrateAddress)
+      ]);
+      const [isReserved, reservationOwnerRaw] = baseReservation;
+      const reservationOwner = isReserved ? reservationOwnerRaw.toLowerCase() : null;
+      const ownerRaw = ownership.owner?.toLowerCase() ?? null;
+      const existingOwner = ownerRaw && ownerRaw !== zeroAddress ? ownerRaw : null;
+      const selfAddress = this.evmAddress.toLowerCase();
+      if (existingOwner !== null && existingOwner !== selfAddress) {
+        return {
+          label: validated,
+          classification,
+          userStatus,
+          trailingDigits,
+          baselength,
+          isAvailable: false,
+          existingOwner,
+          isBaseNameReserved: isReserved,
+          reservationOwner,
+          isTestnet,
+          canProceed: false,
+          reason: `Domain ${validated}.dot is already owned by ${existingOwner}.`,
+          plannedAction: "abort",
+          needsPopUpgrade: false,
+          signerFreeBalance
+        };
+      }
+      if (existingOwner !== null && existingOwner === selfAddress) {
+        return await this.gateOnFeeBalance({
+          label: validated,
+          classification,
+          userStatus,
+          trailingDigits,
+          baselength,
+          isAvailable: true,
+          existingOwner,
+          isBaseNameReserved: isReserved,
+          reservationOwner,
+          isTestnet,
+          canProceed: true,
+          plannedAction: "already-owned-by-us",
+          needsPopUpgrade: false
+        }, signerFreeBalance, isTestnet);
+      }
+      if (isReserved && reservationOwner !== selfAddress) {
+        return {
+          label: validated,
+          classification,
+          userStatus,
+          trailingDigits,
+          baselength,
+          isAvailable: true,
+          existingOwner: null,
+          isBaseNameReserved: true,
+          reservationOwner,
+          isTestnet,
+          canProceed: false,
+          reason: `Base name ${baseName} is reserved for ${reservationOwner}.`,
+          plannedAction: "abort",
+          needsPopUpgrade: false,
+          signerFreeBalance
+        };
+      }
+      const targetPopStatus = userStatus;
+      if (!canRegister(classification.status, userStatus, trailingDigits)) {
+        if (classification.status === ProofOfPersonhoodStatus.NoStatus && userStatus === ProofOfPersonhoodStatus.ProofOfPersonhoodLite) {
+          return {
+            label: validated,
+            classification,
+            userStatus,
+            trailingDigits,
+            baselength,
+            isAvailable: true,
+            existingOwner: null,
+            isBaseNameReserved: isReserved,
+            reservationOwner,
+            isTestnet,
+            canProceed: false,
+            reason: `${validated}.dot: this name class is NoStatus-compatible, but Personhood Lite signers cannot register NoStatus-class labels. Self-attestation is no longer available. Use a NoStatus or Full signer, or contact the DotNS team for whitelisting / Personhood status help.`,
+            plannedAction: "abort",
+            needsPopUpgrade: false,
+            targetPopStatus,
+            signerFreeBalance
+          };
+        }
+        if (userStatus === ProofOfPersonhoodStatus.NoStatus && isTestnet && this._popSelfServe?.stateAwareGuidance === true && this.substrateAddress) {
+          const aliasState = await this.classifyAliasAccountState(this.substrateAddress);
+          if (aliasState.state === "bound-likely-stale" && !this._usesExternalSigner && this._localMnemonic && !reproveAttempted) {
+            const minBalance = REPROVE_FEE_ESTIMATE * REPROVE_FEE_SAFETY_MARGIN_PCT / 100n;
+            const symbol = resolveNativeTokenSymbol(this._environmentId);
+            if (signerFreeBalance < minBalance) {
+              setDeployAttribute("deploy.dotns.reprove.auto", "true");
+              setDeployAttribute("deploy.dotns.reprove.outcome", "insufficient_funds");
+              return {
+                label: validated,
+                classification,
+                userStatus,
+                trailingDigits,
+                baselength,
+                isAvailable: true,
+                existingOwner: null,
+                isBaseNameReserved: isReserved,
+                reservationOwner,
+                isTestnet,
+                canProceed: false,
+                reason: `Cannot auto-refresh: signer balance ${fmtPas(signerFreeBalance)} ${symbol} < estimated fee ${fmtPas(REPROVE_FEE_ESTIMATE)} ${symbol}. Top up via the testnet faucet or run \`tools/reprove-alias.mjs --mnemonic <your-mnemonic> --env ${this._environmentId}\` manually.`,
+                plannedAction: "abort",
+                needsPopUpgrade: false,
+                targetPopStatus,
+                signerFreeBalance
+              };
+            }
+            console.log(`   Personhood: alias revision stale (stored=${aliasState.revision ?? "unknown"}) \u2014 refreshing on testnet`);
+            console.log(`      Estimated fee: ${fmtPas(REPROVE_FEE_ESTIMATE)} ${symbol} (signer balance: ${fmtPas(signerFreeBalance)} ${symbol})`);
+            setDeployAttribute("deploy.dotns.reprove.auto", "true");
+            let reproveSucceeded = false;
+            try {
+              console.log(`      Submitting reprove_alias_account\u2026`);
+              const reproveResult = await this.reprove(this._localMnemonic);
+              console.log(`      Refresh complete (revision ${reproveResult.oldRevision} \u2192 ${reproveResult.newRevision}, block ${reproveResult.blockHash})`);
+              setDeployAttribute("deploy.dotns.reprove.outcome", "success");
+              setDeployAttribute("deploy.dotns.reprove.old_revision", String(reproveResult.oldRevision));
+              setDeployAttribute("deploy.dotns.reprove.new_revision", String(reproveResult.newRevision));
+              reproveSucceeded = true;
+            } catch (e) {
+              const msg = e?.message ?? String(e);
+              console.log(`      Auto-reprove failed: ${msg}`);
+              setDeployAttribute("deploy.dotns.reprove.outcome", "failed_submission");
+            }
+            if (reproveSucceeded) {
+              console.log(`   Continuing with registration of ${validated}.dot.`);
+              return this._preflightInternal(label, true);
+            }
+          }
+          const remediationMessage = formatPersonhoodRemediation(aliasState, this._popSelfServe, this._environmentId);
+          const currentName2 = popStatusName(userStatus);
+          const requiredName2 = popStatusName(classification.status);
+          return {
+            label: validated,
+            classification,
+            userStatus,
+            trailingDigits,
+            baselength,
+            isAvailable: true,
+            existingOwner: null,
+            isBaseNameReserved: isReserved,
+            reservationOwner,
+            isTestnet,
+            canProceed: false,
+            reason: `${validated}.dot requires ${requiredName2}, but this signer is ${currentName2}. ${remediationMessage}`,
+            plannedAction: "abort",
+            needsPopUpgrade: false,
+            targetPopStatus,
+            signerFreeBalance
+          };
+        }
+        const currentName = popStatusName(userStatus);
+        const requiredName = popStatusName(classification.status);
+        return {
+          label: validated,
+          classification,
+          userStatus,
+          trailingDigits,
+          baselength,
+          isAvailable: true,
+          existingOwner: null,
+          isBaseNameReserved: isReserved,
+          reservationOwner,
+          isTestnet,
+          canProceed: false,
+          reason: formatPopShortfallReason({
+            label: validated,
+            requiredName,
+            currentName,
+            isTestnet,
+            environmentId: this._environmentId,
+            popSelfServe: this._popSelfServe,
+            aliasState: null,
+            exampleNoStatusLabel: exampleNoStatusLabel(validated)
+          }),
+          plannedAction: "abort",
+          needsPopUpgrade: false,
+          targetPopStatus,
+          signerFreeBalance
+        };
+      }
+      return await this.gateOnFeeBalance({
+        label: validated,
+        classification,
+        userStatus,
+        trailingDigits,
+        baselength,
+        isAvailable: true,
+        existingOwner: null,
+        isBaseNameReserved: isReserved,
+        reservationOwner,
+        isTestnet,
+        canProceed: true,
+        plannedAction: "register",
+        needsPopUpgrade: false,
+        targetPopStatus
+      }, signerFreeBalance, isTestnet);
+    });
+  }
+  // Final preflight stage: check the DotNS signer can pay tx fees on the
+  // connected fee chain (Asset Hub Paseo for testnet, Asset Hub Polkadot for
+  // mainnet). On testnet, attempts a one-shot auto-top-up from the dev
+  // phrase's Alice or Bob if the signer is short. Replaces the original
+  // canProceed:true result with an actionable canProceed:false when even the
+  // top-up can't get the signer above the threshold.
+  async gateOnFeeBalance(candidate, signerFreeBalance, isTestnet) {
+    const feeFloor = feeFloorFor(candidate.plannedAction, this._registerStorageDeposit);
+    let effectiveBalance = signerFreeBalance;
+    let toppedUp;
+    if (effectiveBalance < feeFloor && isTestnet) {
+      setDeployAttribute("deploy.dotns.signer_below_floor", "true");
+      console.log(`   DotNS signer ${this.substrateAddress?.slice(0, 8)}... balance ${fmtPas(effectiveBalance)} PAS < ${fmtPas(feeFloor)} PAS floor \u2014 attempting testnet auto top-up...`);
+      const result = await this.attemptTestnetTopUp(this.substrateAddress, topUpTargetFor(candidate.plannedAction, this._registerStorageDeposit));
+      if (result) {
+        console.log(`   Topped up ${fmtPas(result.transferred)} PAS from ${result.source}`);
+        effectiveBalance += result.transferred;
+        toppedUp = result;
+        setDeployAttribute("deploy.dotns.toppedup", "true");
+        setDeployAttribute("deploy.dotns.toppedup_source", result.source);
+      }
+    } else if (effectiveBalance < feeFloor) {
+      setDeployAttribute("deploy.dotns.signer_below_floor", "true");
+    }
+    if (effectiveBalance < feeFloor) {
+      const op = candidate.plannedAction === "already-owned-by-us" ? "setContenthash" : "register";
+      const tail = isTestnet ? ` Testnet auto-top-up via Alice/Bob failed (both also low). Top up at ${PASEO_FAUCET_URL}.` : ` Top up the signer's balance and re-deploy.`;
+      captureWarning("DotNS preflight balance gate: signer cannot pay fees", {
+        signer: this.substrateAddress,
+        free: effectiveBalance.toString(),
+        floor: feeFloor.toString(),
+        plannedAction: candidate.plannedAction,
+        isTestnet: String(isTestnet),
+        autoTopUpAttempted: String(isTestnet)
+      });
+      return {
+        ...candidate,
+        canProceed: false,
+        plannedAction: "abort",
+        reason: `DotNS signer ${this.substrateAddress} has ${fmtPas(effectiveBalance)} PAS free; needs \u2265${fmtPas(feeFloor)} PAS for ${op}.${tail}`,
+        signerFreeBalance: effectiveBalance,
+        feeFloor
+      };
+    }
+    return { ...candidate, signerFreeBalance: effectiveBalance, feeFloor, toppedUp };
+  }
+  async register(label, options = {}) {
+    return withSpan("deploy.dotns.register", `2a. register ${label}.dot`, {}, async () => {
+      if (!this.connected) await this.connect(options);
+      label = validateDomainLabel(label);
+      const trailingDigitCount = countTrailingDigits(label);
+      const preClassification = classifyDotnsLabel(label);
+      const preRequiredStatus = preClassification.status;
+      if (preRequiredStatus === ProofOfPersonhoodStatus.Reserved) {
+        throw new Error(preClassification.message);
+      }
+      const isTestnet = await this.isTestnet();
+      const registerAliasState = isTestnet && this._popSelfServe?.stateAwareGuidance === true && this.substrateAddress ? await this.classifyAliasAccountState(this.substrateAddress) : null;
+      const rejectIneligible = (statusRequired, userStatus2) => {
+        if (statusRequired === ProofOfPersonhoodStatus.NoStatus && userStatus2 === ProofOfPersonhoodStatus.ProofOfPersonhoodLite) {
+          throw new Error(
+            `${label}.dot: this name class is NoStatus-compatible, but Personhood Lite signers cannot register NoStatus-class labels. Self-attestation is no longer available. Use a NoStatus or Full signer, or contact the DotNS team for whitelisting / Personhood status help.`
+          );
+        }
+        throw new Error(
+          formatPopShortfallReason({
+            label,
+            requiredName: popStatusName(statusRequired),
+            currentName: popStatusName(userStatus2),
+            isTestnet,
+            environmentId: this._environmentId,
+            popSelfServe: this._popSelfServe,
+            aliasState: registerAliasState,
+            exampleNoStatusLabel: exampleNoStatusLabel(label)
+          })
+        );
+      };
+      const reverse = options.reverse ?? (process.env.DOTNS_REVERSE ?? "false").toLowerCase() === "true";
+      const [classification] = await Promise.all([
+        this.classifyName(label),
+        this.ensureNotRegistered(label)
+      ]);
+      const requiredStatus = classification.requiredStatus;
+      if (requiredStatus === ProofOfPersonhoodStatus.Reserved) {
+        throw new Error(classification.message);
+      }
+      const userStatus = await this.getUserPopStatus();
+      if (!canRegister(requiredStatus, userStatus, trailingDigitCount)) {
+        rejectIneligible(requiredStatus, userStatus);
+      }
+      const doCommitAndRegister = async () => {
+        const { commitment, registration } = await this.generateCommitment(label, reverse);
+        await withSpan("deploy.dotns.submit-commitment", "2a-i. submit-commitment", {}, () => this.submitCommitment(commitment));
+        await withSpan("deploy.dotns.wait-commitment-age", "2a-ii. wait-commitment-age", {}, () => this.waitForCommitmentAge(commitment));
+        const pricing = await withSpan("deploy.dotns.price-validation", "2a-iii. price-validation", {}, () => this.getPriceAndValidate(label));
+        await withSpan("deploy.dotns.finalize-registration", "2a-iv. finalize-registration", {}, () => this.finalizeRegistration(registration, pricing.priceWei));
+      };
+      try {
+        await doCommitAndRegister();
+      } catch (err) {
+        const msg = err.message ?? "";
+        if (!isCommitmentTimingBarerevert(msg)) throw err;
+        console.log(`
+   Register bare-reverted (commitment timing race \u2014 node saw a block where commitment was too new or expired).`);
+        console.log(`   Retrying with a fresh commitment. This usually resolves in one block.
+`);
+        await doCommitAndRegister();
+      }
+      await this.verifyOwnership(label);
+      console.log(`
+   Registration complete!`);
+      return { label, owner: this.evmAddress };
+    });
+  }
+  /**
+   * Reprove a stale DotNS alias binding.
+   * Opens a People-chain client internally, builds the ring proof, and submits
+   * reprove_alias_account on AH. Use when the alias exists but the ring root
+   * has advanced past the stored revision.
+   *
+   * Requires a mnemonic — the DotNS instance must have been connected with one.
+   */
+  async reprove(mnemonic) {
+    this.ensureConnected();
+    if (!this.substrateAddress || !this.signer) {
+      throw new Error("reprove: DotNS must be connected with a signer");
+    }
+    const envId = this._environmentId ?? "paseo-next-v2";
+    const { connectPeopleClient } = await import("./personhood/people-client.js");
+    const { reproveAliasToAccount } = await import("./personhood/reprove.js");
+    const { deriveMemberEntropy, deriveMemberKey } = await import("./personhood/member-key.js");
+    const verifiable = await import("verifiablejs/nodejs");
+    const memberEntropy = deriveMemberEntropy(mnemonic);
+    const memberKey = deriveMemberKey(mnemonic);
+    const peopleConn = await connectPeopleClient(envId);
+    try {
+      const result = await reproveAliasToAccount({
+        peopleUnsafeApi: peopleConn.unsafeApi,
+        ahUnsafeApi: this.clientWrapper.client,
+        account: this.substrateAddress,
+        memberKey,
+        signCall: this.signer,
+        buildRingProof: async ({ members, context, msg }) => {
+          const r = verifiable.one_shot(memberEntropy, members, context, msg);
+          return { proof: r.proof, alias: r.alias };
+        }
+      });
+      return result;
+    } catch (e) {
+      if (this._reproveFallbackForTest && typeof e?.message === "string" && e.message.includes("not strictly greater than stored")) {
+        const fb = this._reproveFallbackForTest;
+        this._reproveFallbackForTest = null;
+        return fb;
+      }
+      throw e;
+    } finally {
+      peopleConn.disconnect();
+    }
+  }
+  /**
+   * Run the personhood bootstrap flow for this DotNS signer.
+   * Idempotent: each step is gated on chain state being "still needs doing".
+   * Does NOT auto-run from preflight — call explicitly.
+   *
+   * Throws RecognizeRequiredError if the account hasn't been recognized by the
+   * personhood faucet (https://sudo.personhood.dev/personhood-faucet).
+   */
+  async bootstrap(mnemonic) {
+    const { runBootstrap } = await import("./personhood/bootstrap.js");
+    const envId = this._environmentId ?? "paseo-next-v2";
+    return runBootstrap({ mnemonic, environmentId: envId });
+  }
+  disconnect() {
+    if (this.client) {
+      this.client.destroy();
+      this.client = null;
+      this.clientWrapper = null;
+      this.connected = false;
+    }
+    this._usesExternalSigner = false;
+  }
+};
+var dotns = new DotNS();
+
+export {
+  TX_KIND_HASH,
+  TX_KIND_NONCE_ADVANCED,
+  ATTR_TX_RESOLUTION_KIND,
+  MINIMUM_REGISTER_STORAGE_DEPOSIT,
+  fmtPas,
+  feeFloorFor,
+  RPC_ENDPOINTS,
+  CONTRACTS,
+  DECIMALS,
+  NATIVE_TO_ETH_RATIO,
+  CONNECTION_TIMEOUT_MS,
+  OPERATION_TIMEOUT_MS,
+  TX_TIMEOUT_MS,
+  TX_CHAIN_TIME_BUDGET_MS,
+  TX_WALL_CLOCK_CEILING_MS,
+  WS_HEARTBEAT_TIMEOUT_MS,
+  DOTNS_TX_MAX_ATTEMPTS,
+  classifyTxRetryDecision,
+  DEFAULT_MNEMONIC,
+  fetchNonce,
+  verifyNonceAdvanced,
+  ProofOfPersonhoodStatus,
+  PUBLISHER_ABI,
+  PublisherNotSupportedError,
+  ContractDryRunRevertError,
+  decodePublisherRevert,
+  convertToHexString,
+  __formatContractDryRunFailureForTest,
+  DOT_NODE,
+  convertWeiToNative,
+  computeDomainTokenId,
+  countTrailingDigits,
+  stripTrailingDigits,
+  sanitizeDomainLabel,
+  validateDomainLabel,
+  isCommitmentMature,
+  isCommitmentTimingBarerevert,
+  classifyDotnsLabel,
+  canRegister,
+  parseDomainName,
+  parseProofOfPersonhoodStatus,
+  popStatusName,
+  formatPersonhoodRemediation,
+  formatPopShortfallReason,
+  DotNS,
+  dotns
+};