@parity/product-deploy 0.8.1 → 0.8.2-rc.1

package/dist/{chunk-CNPB4VAM.js → chunk-5K3RI5C2.js}

@@ -20,6 +20,12 @@ var environments_default = {
       autoAccountMapping: true,
       nativeToEthRatio: 1e8,
       registerStorageDeposit: 2e12,
+      popSelfServe: {
+        sudoEnvLabel: "Preview",
+        personhoodFaucetUrl: "https://sudo.personhood.dev/personhood-faucet",
+        dotnsBootstrapUrl: "https://sudo.personhood.dev/dotns-bootstrap",
+        stateAwareGuidance: true
+      },
       contracts: {
         DOTNS_PROTOCOL_REGISTRY: "0x984F17a9077808F4B7e127F76806A1D59546B5B6",
         DOTNS_REGISTRAR: "0x061273AeF34e8ab9Ca08E199d7440E2639Fc2088",
@@ -453,6 +459,34 @@ function isValidDoc(value) {
   const v = value;
   return Array.isArray(v.environments) && Array.isArray(v.chains);
 }
+function deepMergeEnvironments(base, override) {
+  const mergedEnvironments = mergeById(base.environments, override.environments ?? []);
+  const mergedChains = mergeById(base.chains, override.chains ?? []);
+  return { environments: mergedEnvironments, chains: mergedChains };
+}
+function mergeById(base, overrides) {
+  const result = base.map((b) => {
+    const ov = overrides.find((o) => o.id === b.id);
+    return ov ? mergeObjects(b, ov) : b;
+  });
+  for (const ov of overrides) {
+    if (!base.find((b) => b.id === ov.id)) result.push(ov);
+  }
+  return result;
+}
+function mergeObjects(base, override) {
+  const result = { ...base };
+  for (const key of Object.keys(override)) {
+    const ov = override[key];
+    const bs = base[key];
+    if (ov !== null && typeof ov === "object" && !Array.isArray(ov) && bs !== null && typeof bs === "object" && !Array.isArray(bs)) {
+      result[key] = { ...bs, ...ov };
+    } else {
+      result[key] = ov;
+    }
+  }
+  return result;
+}
 async function readBundled(bundledPath, capture) {
   try {
     const raw = await fs.readFile(bundledPath, "utf8");
@@ -468,6 +502,42 @@ async function loadEnvironments(opts = {}) {
   const warn = opts.warn ?? ((msg) => console.error(msg));
   const capture = opts.capture ?? (() => {
   });
+  const userFilePath = opts.userFilePath ?? process.env.BULLETIN_DEPLOY_ENV_FILE;
+  if (userFilePath) {
+    let raw;
+    try {
+      raw = await fs.readFile(userFilePath, "utf8");
+    } catch (err) {
+      throw new NonRetryableError(
+        `--environment-file: cannot read "${userFilePath}": ${err?.message ?? err}`
+      );
+    }
+    let userDoc;
+    try {
+      userDoc = JSON.parse(raw);
+    } catch (err) {
+      throw new NonRetryableError(
+        `--environment-file: "${userFilePath}" is not valid JSON: ${err?.message ?? err}`
+      );
+    }
+    const base = await readBundled(bundledPath, capture);
+    const baseDoc = base ?? (isValidDoc(environments_default) ? environments_default : HARDCODED_FALLBACK);
+    const partial = userDoc && typeof userDoc === "object" && !Array.isArray(userDoc) ? userDoc : {};
+    const merged = deepMergeEnvironments(baseDoc, partial);
+    warn(
+      `bulletin-deploy: Using user-supplied environment file "${userFilePath}" \u2014 values are NOT validated against chain; you own correctness.`
+    );
+    for (const env of merged.environments) {
+      if (env.contracts && Object.keys(env.contracts).length > 0) {
+        try {
+          validateContractAddresses(env.contracts, env.id);
+        } catch (err) {
+          warn(`bulletin-deploy: Warning: ${err?.message ?? err}`);
+        }
+      }
+    }
+    return { doc: merged, source: "file" };
+  }
   const bundled = await readBundled(bundledPath, capture);
   if (bundled) return { doc: bundled, source: "bundled" };
   if (isValidDoc(environments_default)) {
@@ -584,6 +654,7 @@ export {
   defaultBundledPath,
   isValidContractAddress,
   validateContractAddresses,
+  deepMergeEnvironments,
   loadEnvironments,
   resolveEndpoints,
   getPopSelfServeConfig,

package/dist/{chunk-O2BFXY3Y.js → chunk-EJWZGSHD.js}

@@ -1,6 +1,6 @@
 import {
   VERSION
-} from "./chunk-INVA3XGG.js";
+} from "./chunk-RIAMPAL2.js";
 
 // src/version-check.ts
 import { execSync, execFileSync } from "child_process";

package/dist/{chunk-MXMVZU2Q.js → chunk-H64ZLWW2.js}

@@ -2,11 +2,11 @@ import {
   classifyErrorArea,
   isInteractive,
   promptYesNo
-} from "./chunk-O2BFXY3Y.js";
+} from "./chunk-EJWZGSHD.js";
 import {
   VERSION,
   getCurrentSentryTraceId
-} from "./chunk-INVA3XGG.js";
+} from "./chunk-RIAMPAL2.js";
 
 // src/bug-report.ts
 import { execSync, execFileSync } from "child_process";

package/dist/{chunk-WPJADKC7.js → chunk-HPPLVGGC.js}

@@ -11,7 +11,7 @@ import {
   extractManifestFromCar,
   fetchPreviousManifest,
   writePersistentLocalManifest
-} from "./chunk-L2SKSKB6.js";
+} from "./chunk-J3NIXHZZ.js";
 import {
   MANIFEST_PATH,
   MANIFEST_VERSION,
@@ -20,10 +20,10 @@ import {
 } from "./chunk-S7EM5VMW.js";
 import {
   setDeployContext
-} from "./chunk-MXMVZU2Q.js";
+} from "./chunk-H64ZLWW2.js";
 import {
   probeChunks
-} from "./chunk-KB3EII7F.js";
+} from "./chunk-WSBDIHFZ.js";
 import {
   packSection
 } from "./chunk-C2TS5MER.js";
@@ -35,15 +35,15 @@ import {
   parseDomainName,
   popStatusName,
   verifyNonceAdvanced
-} from "./chunk-IRT4A7OO.js";
+} from "./chunk-2GBSYVK2.js";
 import {
   derivePoolAccounts,
   detectTestnet,
   ensureAuthorized,
   fetchPoolAuthorizations,
-  selectAccount,
-  topUpBy
-} from "./chunk-RW3GWDGI.js";
+  isAuthorizationSufficient,
+  selectAccount
+} from "./chunk-JQ5X3VMP.js";
 import {
   VERSION,
   captureWarning,
@@ -57,13 +57,13 @@ import {
   truncateAddress,
   withDeploySpan,
   withSpan
-} from "./chunk-INVA3XGG.js";
+} from "./chunk-RIAMPAL2.js";
 import {
   DEFAULT_ENV_ID,
   getPopSelfServeConfig,
   loadEnvironments,
   resolveEndpoints
-} from "./chunk-CNPB4VAM.js";
+} from "./chunk-5K3RI5C2.js";
 import {
   NonRetryableError
 } from "./chunk-ZOC4GITL.js";
@@ -449,7 +449,7 @@ var __assignDenseNoncesForTest = assignDenseNonces;
 async function storeChunkedContent(chunks, { client: existingClient, unsafeApi: existingApi, signer: existingSigner, ss58: existingSS58, reconnect, fetchNonce: fetchNonceOverride, skipCids, probeFailedCids, gateway: providerGateway, trustedCids, skipRootStore } = {}) {
   const _fetchNonce = fetchNonceOverride ?? fetchNonce;
   console.log(`
-   Chunks: ${chunks.length}`);
+   Data chunks: ${chunks.length}`);
   const totalBytes = chunks.reduce((s, c) => s + c.length, 0);
   console.log(`   Total: ${(totalBytes / 1024).toFixed(2)} KB`);
   let client, unsafeApi, signer, ss58;
@@ -490,8 +490,6 @@ async function storeChunkedContent(chunks, { client: existingClient, unsafeApi:
       }
     }
   }
-  const requiredTxs = BigInt(chunks.length + 1);
-  const requiredBytes = BigInt(totalBytes);
   const readUploadAuthorization = () => Promise.all([
     unsafeApi.query.TransactionStorage.Authorizations.getValue(Enum("Account", ss58)),
     unsafeApi.query.System.Number.getValue()
@@ -508,21 +506,9 @@ async function storeChunkedContent(chunks, { client: existingClient, unsafeApi:
       throw e;
     }
   }
-  const txsRemaining = uploadAuth ? BigInt(uploadAuth.extent.transactions_allowance) - BigInt(uploadAuth.extent.transactions) : 0n;
-  const bytesRemaining = uploadAuth ? BigInt(uploadAuth.extent.bytes_allowance) - BigInt(uploadAuth.extent.bytes) : 0n;
-  const isAuthorized = uploadAuth !== void 0 && Number(uploadAuth.expiration ?? 0) > currentBlockNum;
-  if (!isAuthorized || txsRemaining < requiredTxs || bytesRemaining < requiredBytes) {
-    const txsRemainingDisplay = txsRemaining < 0n ? 0n : txsRemaining;
-    const bytesRemainingDisplay = bytesRemaining < 0n ? 0n : bytesRemaining;
-    console.log(`
-   Account needs re-authorization (authorized=${isAuthorized}, need ${requiredTxs} txs / ${(totalBytes / 1e6).toFixed(1)}MB, have ${txsRemainingDisplay} txs / ${(Number(bytesRemainingDisplay) / 1e6).toFixed(2)}MB)`);
-    console.log(`   Attempting to re-authorize with Alice...`);
-    try {
-      await ensureAuthorized(unsafeApi, ss58, void 0, { txs: requiredTxs, bytes: requiredBytes });
-      console.log(`   Re-authorization successful`);
-    } catch (e) {
-      throw new NonRetryableError(`Account ${ss58} has insufficient Bulletin authorization and auto-authorization via Alice failed (${e.message}). Authorize the account on-chain.`);
-    }
+  const sufficient = await isAuthorizationSufficient(unsafeApi, ss58, uploadAuth, currentBlockNum);
+  if (!sufficient) {
+    throw new NonRetryableError(`Account ${ss58} has no active Bulletin authorization (missing or expired). Request authorization on-chain (testnet faucet / personhood / pool bootstrap), then retry.`);
   }
   let reconnectionsUsed = 0;
   const recoveryHistory = [];
@@ -583,7 +569,7 @@ async function storeChunkedContent(chunks, { client: existingClient, unsafeApi:
     const MAX_CHUNK_RETRIES = 3;
     const MAX_REPROBE_RETRIES = 3;
     console.log(`
-   Submitting ${chunks.length} chunks in batches of up to ${BATCH_SIZE_INITIAL}...`);
+   Submitting ${chunks.length} data chunks in batches of up to ${BATCH_SIZE_INITIAL}...`);
     const stored = new Array(chunks.length).fill(null);
     let tier2Verified = 0;
     let tier2Inconclusive = 0;
@@ -875,7 +861,7 @@ async function storeChunkedContent(chunks, { client: existingClient, unsafeApi:
     if (uploadReceipt) {
       setDeployAttribute("bulletin.upload.tx_hash", uploadReceipt.txHash);
       setDeployAttribute("bulletin.upload.block_hash", uploadReceipt.blockHash);
-      setDeployAttribute("bulletin.upload.block_number", uploadReceipt.blockNumber);
+      setDeployAttribute("bulletin.upload.block_number", String(uploadReceipt.blockNumber));
       console.log(`   Storage upload finalised @ block ${uploadReceipt.blockNumber} (tx ${uploadReceipt.txHash})`);
     }
     if (wsHaltDetected && reconnect && reconnectionsUsed < MAX_RECONNECTIONS) {
@@ -1109,7 +1095,8 @@ async function storeDirectoryV2(directoryPath, opts = {}) {
   sampleMemory("storage_start");
   const fetched = await fetchPreviousManifest(prevContenthash, {
     gateway,
-    domain: opts.domain
+    domain: opts.domain,
+    chainClient: opts.provider?.client
   });
   const prevManifest = fetched.source === "embedded" ? fetched.manifest : null;
   console.log(`   Manifest fetch: ${fetched.source}${fetched.source !== "none" ? ` (${fetched.attempts} attempt${fetched.attempts === 1 ? "" : "s"})` : ""}`);
@@ -1577,6 +1564,45 @@ async function unpublish(domainName, options = {}) {
     }
   }
 }
+function browserUrlFor(name, envId) {
+  const base = `https://${name}.dot.li`;
+  return envId === "preview" ? `${base}?network=previewnet` : base;
+}
+function interpretBitswapResult(outcome) {
+  if (outcome.ok) {
+    return { retrievable: true, errorVariant: "none" };
+  }
+  const err = outcome.error;
+  if (err != null && typeof err === "object" && "code" in err && err.code === -32810) {
+    return { retrievable: false, errorVariant: "not_found" };
+  }
+  if (err instanceof Error && err.message === "p2p_probe_timeout") {
+    return { retrievable: false, errorVariant: "timeout" };
+  }
+  return { retrievable: false, errorVariant: "error" };
+}
+async function probeP2pRetrieval(client, cid, timeoutMs = 3e3) {
+  const t0 = Date.now();
+  let outcome;
+  try {
+    const timeoutError = new Error("p2p_probe_timeout");
+    const response = await Promise.race([
+      client._request("bitswap_v1_get", [cid]),
+      new Promise((_, reject) => {
+        const t = setTimeout(() => reject(timeoutError), timeoutMs);
+        if (typeof t === "object" && t !== null && typeof t.unref === "function") {
+          t.unref();
+        }
+      })
+    ]);
+    outcome = { ok: true, response };
+  } catch (err) {
+    outcome = { ok: false, error: err };
+  }
+  const durationMs = Date.now() - t0;
+  const { retrievable, errorVariant } = interpretBitswapResult(outcome);
+  return { retrievable, errorVariant, durationMs };
+}
 async function deploy(content, domainName = null, options = {}) {
   if (options.signer && options.signerAddress && options.mnemonic) {
     throw new NonRetryableError("Pass either a mnemonic or an external signer, not both \u2014 they identify the signing account and only one can win.");
@@ -1708,17 +1734,8 @@ async function deploy(content, domainName = null, options = {}) {
       }
       provider = await reconnect();
       const providerWithReconnect = { ...provider, reconnect };
-      const [isTestnet, estimated] = await Promise.all([
-        detectTestnet(provider.unsafeApi),
-        estimateUploadBytes(content)
-      ]);
+      const isTestnet = await detectTestnet(provider.unsafeApi);
       setDeployAttribute("deploy.is_testnet", isTestnet ? "true" : "false");
-      if (isTestnet && estimated != null) {
-        const uploadBytes = Math.ceil(estimated * 1.2);
-        const chunksNeeded = Math.max(1, Math.ceil(uploadBytes / CHUNK_SIZE));
-        const needs = { txs: BigInt(chunksNeeded + 2), bytes: BigInt(uploadBytes) };
-        await topUpBy(provider.unsafeApi, provider.ss58, needs, "uploader");
-      }
       console.log("\n" + "=".repeat(60));
       console.log("Storage");
       console.log("=".repeat(60));
@@ -1928,6 +1945,17 @@ async function deploy(content, domainName = null, options = {}) {
         }
         dotns.disconnect();
       });
+      await withSpan("deploy.p2p-check", "3. p2p-check", { "deploy.domain": name }, async () => {
+        const probe = await probeP2pRetrieval(provider.client, cid);
+        setDeployAttribute("deploy.p2p.retrievable", probe.retrievable ? "true" : "false");
+        setDeployAttribute("deploy.p2p.check_ms", String(probe.durationMs));
+        setDeployAttribute("deploy.p2p.error_variant", probe.errorVariant);
+        if (probe.retrievable) {
+          console.log(`   P2P retrieval: \u2713 (${probe.durationMs}ms)`);
+        } else {
+          console.log(`   P2P retrieval: \u26A0 not yet retrievable (${probe.errorVariant}, ${probe.durationMs}ms)`);
+        }
+      });
       if (options.ghPagesMirror) {
         console.log("\n" + "=".repeat(60));
         console.log("Final checks");
@@ -1967,7 +1995,7 @@ async function deploy(content, domainName = null, options = {}) {
       console.log("=".repeat(60));
       console.log("\n\u{1F53A} Polkadot Triangle");
       console.log(`   - Polkadot Desktop: ${name}.dot`);
-      console.log(`   - Polkadot Browser: https://${name}.dot.li`);
+      console.log(`   - Polkadot Browser: ${browserUrlFor(name, envId)}`);
       console.log("\n" + "=".repeat(60) + "\n");
       return { domainName: name, fullDomain: `${name}.dot`, cid, ipfsCid };
     } finally {
@@ -2289,7 +2317,7 @@ async function buildOrderedCar(options) {
   const s1Bytes = section1Chunks.reduce((s, b) => s + b.length, 0);
   const s2Bytes = section2Chunks.reduce((s, b) => s + b.length, 0);
   console.log(
-    `   CAR (3-section): ${(carBytes.length / 1024 / 1024).toFixed(2)} MB (s0=${section0Bytes.length}B s1=${s1Bytes}B s2=${s2Bytes}B), ${allChunks.length} chunks (${section0Chunks.length}+${section1Chunks.length}+${section2Chunks.length})`
+    `   CAR (3-section): ${(carBytes.length / 1024 / 1024).toFixed(2)} MB (s0=${section0Bytes.length}B s1=${s1Bytes}B s2=${s2Bytes}B), ${allChunks.length} frames (${section0Chunks.length} header + ${section1Chunks.length} data + ${section2Chunks.length} manifest)`
   );
   return {
     carBytes,
@@ -2407,5 +2435,8 @@ export {
   estimateUploadBytes,
   assertSubdomainOwnerMatchesSigner,
   unpublish,
+  browserUrlFor,
+  interpretBitswapResult,
+  probeP2pRetrieval,
   deploy
 };

package/dist/{chunk-L2SKSKB6.js → chunk-J3NIXHZZ.js}

@@ -192,10 +192,115 @@ async function fetchAcrossTiers(url, budget, start) {
   }
   return { outcome: "retryable", reason: `tiers exhausted: ${lastReason}`, attempts, bytesDownloaded };
 }
+var CHAIN_TIER_TIMEOUT_MS = 5e3;
+function normalizeBitswapBytes(response) {
+  if (response instanceof Uint8Array) return response;
+  if (typeof response === "string") {
+    const hex = response.startsWith("0x") ? response.slice(2) : response;
+    if (hex.length % 2 !== 0) throw new Error(`bitswap_v1_get: odd-length hex response (${hex.length} chars)`);
+    const out = new Uint8Array(hex.length / 2);
+    for (let i = 0; i < out.length; i++) {
+      out[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);
+    }
+    return out;
+  }
+  if (Array.isArray(response) && response.every((x) => typeof x === "number")) {
+    return new Uint8Array(response);
+  }
+  if (response instanceof ArrayBuffer) return new Uint8Array(response);
+  throw new Error(`bitswap_v1_get: unexpected response type ${typeof response}`);
+}
+async function chainGet(client, cid, timeoutMs) {
+  const timeoutError = new Error(`bitswap_v1_get timeout after ${timeoutMs}ms`);
+  const response = await Promise.race([
+    client._request("bitswap_v1_get", [cid]),
+    new Promise((_, reject) => {
+      const t = setTimeout(() => reject(timeoutError), timeoutMs);
+      if (typeof t === "object" && t !== null && typeof t.unref === "function") {
+        t.unref();
+      }
+    })
+  ]);
+  return normalizeBitswapBytes(response);
+}
+async function fetchManifestFromChain(client, rootCid, timeoutMs) {
+  let rootBytes;
+  try {
+    rootBytes = await chainGet(client, rootCid, timeoutMs);
+  } catch {
+    return null;
+  }
+  let chunkCids;
+  try {
+    const rootNode = dagPB.decode(rootBytes);
+    chunkCids = (rootNode.Links ?? []).map((l) => l.Hash.toString());
+  } catch {
+    return null;
+  }
+  if (chunkCids.length === 0) return null;
+  let chunk0;
+  try {
+    chunk0 = await chainGet(client, chunkCids[0], timeoutMs);
+  } catch {
+    return null;
+  }
+  let manifestBytes;
+  try {
+    manifestBytes = await extractManifestFromCar(chunk0);
+    if (manifestBytes) return manifestBytes;
+  } catch {
+  }
+  if (chunkCids.length < 2) return null;
+  let chunk1;
+  try {
+    chunk1 = await chainGet(client, chunkCids[1], timeoutMs);
+  } catch {
+    return null;
+  }
+  const combined = new Uint8Array(chunk0.length + chunk1.length);
+  combined.set(chunk0, 0);
+  combined.set(chunk1, chunk0.length);
+  try {
+    manifestBytes = await extractManifestFromCar(combined);
+    return manifestBytes ?? null;
+  } catch {
+    return null;
+  }
+}
 async function fetchPreviousManifest(prevContenthash, options = {}) {
   if (prevContenthash === null) return { source: "none" };
   const local = readPersistentLocalManifest(options.domain, prevContenthash);
   if (local) return local;
+  if (options.chainClient) {
+    const chainTimeoutMs = CHAIN_TIER_TIMEOUT_MS;
+    const chainManifestBytes = await Sentry.startSpan(
+      { op: "manifest.fetch.chain", name: `manifest chain ${prevContenthash.slice(0, 12)}` },
+      async (span) => {
+        span.setAttribute("manifest.chain.cid", prevContenthash.slice(0, 12));
+        try {
+          const bytes = await fetchManifestFromChain(options.chainClient, prevContenthash, chainTimeoutMs);
+          span.setAttribute("manifest.chain.outcome", bytes ? "success" : "miss");
+          return bytes;
+        } catch (e) {
+          span.setAttribute("manifest.chain.outcome", "error");
+          span.setAttribute("manifest.chain.error", e?.message ?? String(e));
+          return null;
+        }
+      }
+    );
+    if (chainManifestBytes) {
+      const text = new TextDecoder().decode(chainManifestBytes);
+      const parsed = parseManifest(text);
+      if (parsed.ok) {
+        return {
+          source: "embedded",
+          manifest: parsed.manifest,
+          attempts: 1,
+          bytesDownloaded: chainManifestBytes.length
+        };
+      }
+    }
+  }
   const gatewayList = (options.gateways ?? (options.gateway ? [options.gateway] : [])).map((g) => g.replace(/\/$/, ""));
   const budget = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;
   const start = Date.now();
@@ -302,6 +407,9 @@ export {
   getCacheDir,
   readPersistentLocalManifest,
   writePersistentLocalManifest,
+  CHAIN_TIER_TIMEOUT_MS,
+  normalizeBitswapBytes,
+  fetchManifestFromChain,
   fetchPreviousManifest,
   extractManifestFromCar,
   walkDagToManifest

package/dist/{chunk-RW3GWDGI.js → chunk-JQ5X3VMP.js}

@@ -1,7 +1,3 @@
-import {
-  setDeployAttribute
-} from "./chunk-INVA3XGG.js";
-
 // src/pool.ts
 import { sr25519CreateDerive } from "@polkadot-labs/hdkd";
 import { DEV_PHRASE, entropyToMiniSecret, mnemonicToEntropy } from "@polkadot-labs/hdkd-helpers";
@@ -33,14 +29,15 @@ function derivePoolAccounts(poolSize = 10, mnemonic = DEV_PHRASE) {
   }
   return accounts;
 }
-function isAuthorizationSufficient(auth, currentBlock, needs) {
+async function isAuthorizationSufficient(api, address, auth, currentBlock, needs) {
   if (auth === void 0) return false;
   if (Number(auth.expiration ?? 0) <= currentBlock) return false;
   if (needs) {
-    const txsRemaining = BigInt(auth.extent.transactions_allowance) - BigInt(auth.extent.transactions);
-    const bytesRemaining = BigInt(auth.extent.bytes_allowance) - BigInt(auth.extent.bytes);
-    if (txsRemaining < needs.txs) return false;
-    if (bytesRemaining < needs.bytes) return false;
+    const ok = await api.apis.BulletinTransactionStorageApi.can_store(
+      address,
+      clampU32(needs.bytes, "needs.bytes")
+    );
+    if (!ok) return false;
   }
   return true;
 }
@@ -67,46 +64,6 @@ async function fetchPoolAuthorizations(api, accounts) {
   );
   return results;
 }
-function computeTopUpTarget(current, needs) {
-  const minTxs = needs.txs + BigInt(TOPUP_TRANSACTIONS);
-  const minBytes = needs.bytes + TOPUP_BYTES;
-  if (current.transactions >= minTxs && current.bytes >= minBytes) return null;
-  return {
-    transactions: current.transactions > minTxs ? current.transactions : minTxs,
-    bytes: current.bytes > minBytes ? current.bytes : minBytes
-  };
-}
-function classifyAliceTxError(err) {
-  const msg = err instanceof Error ? err.message : String(err);
-  const lower = msg.toLowerCase();
-  if (/\bstale\b/.test(lower)) return "retry";
-  if (/"type"\s*:\s*"future"|\binvalid::future\b/.test(lower)) return "retry";
-  if (lower.includes("websocket") || lower.includes("connection") || lower.includes("socket closed") || lower.includes("disconnect")) return "retry";
-  if (lower.includes("timed out") || lower.includes("timeout")) return "retry";
-  return "abort";
-}
-var ALICE_MAX_ATTEMPTS = 3;
-async function submitAliceTxWithRetry(buildTx, aliceSigner, label) {
-  let lastError;
-  let attempts = 0;
-  for (let attempt = 1; attempt <= ALICE_MAX_ATTEMPTS; attempt++) {
-    attempts = attempt;
-    try {
-      const tx = buildTx();
-      const result = await tx.signAndSubmit(aliceSigner);
-      if (!result.ok) throw new Error(`${label} dispatch error`);
-      return;
-    } catch (e) {
-      lastError = e;
-      const decision = classifyAliceTxError(e);
-      if (decision === "abort" || attempt === ALICE_MAX_ATTEMPTS) break;
-      console.log(`   ${label}: attempt ${attempt}/${ALICE_MAX_ATTEMPTS} failed (${String(e.message ?? e).slice(0, 80)}), retrying...`);
-    }
-  }
-  const msg = lastError instanceof Error ? lastError.message : String(lastError);
-  const plural = attempts === 1 ? "attempt" : "attempts";
-  throw new Error(`${label} failed after ${attempts} ${plural}: ${msg}`);
-}
 function isTestnetSpecName(specName) {
   if (!specName) return false;
   const s = specName.toLowerCase();
@@ -132,69 +89,28 @@ async function detectTestnet(api) {
 function _resetTestnetCacheForTests() {
   _testnetDetectionCache = null;
 }
-function aliceKeyring() {
-  const keyring = new Keyring({ type: "sr25519" });
-  const alice = keyring.addFromUri("//Alice");
-  const signer = getPolkadotSigner(alice.publicKey, "Sr25519", (data) => alice.sign(data));
-  return { alice, signer };
-}
 var U32_MAX = 0xFFFFFFFFn;
 function clampU32(n, name) {
   if (n < 0n) throw new Error(`${name} must be non-negative`);
   if (n > U32_MAX) throw new Error(`${name} (${n}) exceeds u32 max \u2014 split the deploy into smaller batches`);
   return Number(n);
 }
-function markBulletinAuthGranted() {
-  setDeployAttribute("deploy.unblock.bulletin_auth.fired", "true");
-  setDeployAttribute("deploy.unblock.bulletin_auth.granted_txs", String(TOPUP_TRANSACTIONS));
-  setDeployAttribute("deploy.unblock.bulletin_auth.granted_bytes", String(TOPUP_BYTES));
-}
 async function ensureAuthorized(api, address, label, needs) {
   const [auth, currentBlock] = await Promise.all([
     api.query.TransactionStorage.Authorizations.getValue(Enum("Account", address)),
     api.query.System.Number.getValue()
   ]);
-  if (isAuthorizationSufficient(auth, currentBlock, needs)) return;
-  console.log(`   Auto-authorizing ${label ?? "account"} (${address.slice(0, 8)}...)...`);
-  const { signer } = aliceKeyring();
-  await submitAliceTxWithRetry(
-    () => api.tx.TransactionStorage.authorize_account({
-      who: address,
-      transactions: clampU32(BigInt(TOPUP_TRANSACTIONS), "transactions"),
-      bytes: TOPUP_BYTES
-    }),
-    signer,
-    `authorize_account(${label ?? "account"})`
-  );
-  console.log(`   Authorized: ${TOPUP_TRANSACTIONS} txs / ${Number(TOPUP_BYTES) / 1e6}MB`);
-  markBulletinAuthGranted();
-}
-async function topUpBy(api, address, needs, label) {
-  const [currentAuth, currentBlock] = await Promise.all([
-    api.query.TransactionStorage.Authorizations.getValue(Enum("Account", address)),
-    api.query.System.Number.getValue()
-  ]);
-  if (isAuthorizationSufficient(currentAuth, currentBlock, needs)) {
-    const expiration = Number(currentAuth.expiration);
-    const fmtMB = (b) => (Number(b) / 1e6).toFixed(1);
-    const txsRemaining = BigInt(currentAuth.extent.transactions_allowance) - BigInt(currentAuth.extent.transactions);
-    const bytesRemaining = BigInt(currentAuth.extent.bytes_allowance) - BigInt(currentAuth.extent.bytes);
-    console.log(`   Pre-auth skipped for ${label ?? "account"} (${address.slice(0, 8)}...): authorized until block ${expiration}, ${txsRemaining} txs / ${fmtMB(bytesRemaining)}MB remaining.`);
-    return;
+  if (await isAuthorizationSufficient(api, address, auth, currentBlock, needs)) return;
+  const isTestnet = await detectTestnet(api);
+  const who = `${label ?? "account"} (${address.slice(0, 8)}...)`;
+  if (isTestnet) {
+    throw new Error(
+      `Bulletin storage account ${who} is not authorized (or its authorization expired). bulletin-deploy no longer self-authorizes on the Bulletin chain \u2014 request authorization for this account from the chain's authorizer (testnet faucet / personhood / pool bootstrap), then retry.`
+    );
   }
-  const { signer } = aliceKeyring();
-  console.log(`   Pre-authorizing ${label ?? "account"} (${address.slice(0, 8)}...): granting ${TOPUP_TRANSACTIONS} txs / ${Number(TOPUP_BYTES) / 1e6}MB...`);
-  await submitAliceTxWithRetry(
-    () => api.tx.TransactionStorage.authorize_account({
-      who: address,
-      transactions: clampU32(BigInt(TOPUP_TRANSACTIONS), "transactions"),
-      bytes: TOPUP_BYTES
-    }),
-    signer,
-    `topUpBy(${label ?? "account"})`
+  throw new Error(
+    `Bulletin storage account ${who} is not authorized to store. On production the storage account must already carry its own authorization/allowance \u2014 bulletin-deploy cannot grant it.`
   );
-  console.log(`   Pre-authorized: ${TOPUP_TRANSACTIONS} txs / ${Number(TOPUP_BYTES) / 1e6}MB`);
-  markBulletinAuthGranted();
 }
 async function bootstrapPool(bulletinRpc, poolSize = 10, mnemonic) {
   console.log(`Bootstrapping ${poolSize} pool accounts on ${bulletinRpc}...
@@ -259,12 +175,9 @@ export {
   isAuthorizationSufficient,
   selectAccount,
   fetchPoolAuthorizations,
-  computeTopUpTarget,
-  classifyAliceTxError,
   isTestnetSpecName,
   detectTestnet,
   _resetTestnetCacheForTests,
   ensureAuthorized,
-  topUpBy,
   bootstrapPool
 };