@parity/product-deploy 0.8.3-rc.0 → 0.8.3-rc.11

package/dist/{chunk-LJMYOXQV.js → chunk-4GX3KJPU.js}

@@ -8,7 +8,7 @@ import {
   setDeploySentryTag,
   truncateAddress,
   withSpan
-} from "./chunk-YT2XCGZK.js";
+} from "./chunk-P2ZOBSCJ.js";
 import {
   validateContractAddresses
 } from "./chunk-5K3RI5C2.js";
@@ -958,6 +958,7 @@ var DotNS = class {
   _environmentId = null;
   _popSelfServe = null;
   _registerStorageDeposit = MINIMUM_REGISTER_STORAGE_DEPOSIT;
+  _onPhoneSigningRequired = void 0;
   // Test-only seam: consumed once by classifyAliasAccountState() then cleared.
   // Mirrors the __setDeployRootSpanForTest / __setSentryForTest pattern.
   _classifyOverrideForTest = null;
@@ -1005,6 +1006,9 @@ var DotNS = class {
     if (options.registerStorageDeposit !== void 0) {
       this._registerStorageDeposit = options.registerStorageDeposit;
     }
+    if (options.onPhoneSigningRequired !== void 0) {
+      this._onPhoneSigningRequired = options.onPhoneSigningRequired;
+    }
     const rpc = options.rpc || process.env.DOTNS_RPC || this.assetHubEndpoints[0];
     this.rpc = rpc;
     this._usesExternalSigner = Boolean(options.signer && options.signerAddress);
@@ -1657,6 +1661,9 @@ var DotNS = class {
           await new Promise((r) => setTimeout(r, POLL_INTERVAL_MS));
         }
       };
+      console.log(`
+   Linking content...`);
+      this._onPhoneSigningRequired?.("Link content");
       const txRes = await this.contractTransaction(this._contracts.DOTNS_CONTENT_RESOLVER, 0n, DOTNS_CONTENT_RESOLVER_ABI, "setContenthash", [node, contenthashHex], (s) => console.log(`      ${s}`), { useNoncePolling: true, verifyEffect });
       const finalOnChain = (await this.getContenthash(domainName) || "0x").toLowerCase();
       if (finalOnChain !== expected) {
@@ -1884,6 +1891,7 @@ var DotNS = class {
         }
       };
       try {
+        this._onPhoneSigningRequired?.("Publish to registry");
         const txRes = await this.contractTransaction(publisher, 0n, PUBLISHER_ABI, "publish", [label], (s) => console.log(`      ${s}`), { useNoncePolling: true, verifyEffect });
         const finalPublished = await withTimeout(
           this.contractCall(publisher, PUBLISHER_ABI, "isPublished", [labelhash]),
@@ -2028,6 +2036,7 @@ var DotNS = class {
     this.ensureConnected();
     console.log(`
    Submitting commitment...`);
+    this._onPhoneSigningRequired?.("Commitment");
     const commitTxRes = await this.contractTransaction(this._contracts.DOTNS_REGISTRAR_CONTROLLER, 0n, DOTNS_REGISTRAR_CONTROLLER_ABI, "commit", [commitment], (s) => console.log(`      ${s}`));
     logTxResolution(commitTxRes);
     console.log(`   Committed at: ${(/* @__PURE__ */ new Date()).toISOString()}`);
@@ -2122,6 +2131,7 @@ var DotNS = class {
     setDeployAttribute("deploy.payment_wei", priceWei.toString());
     console.log(`   Oracle price: ${formatEther(priceWei)} PAS`);
     console.log(`   Paying: ${formatEther(bufferedPaymentWei)} PAS`);
+    this._onPhoneSigningRequired?.("Register");
     const registerTxRes = await this.contractTransaction(this._contracts.DOTNS_REGISTRAR_CONTROLLER, bufferedPaymentNative, DOTNS_REGISTRAR_CONTROLLER_ABI, "register", [registration], (s) => console.log(`      ${s}`));
     logTxResolution(registerTxRes);
     if (registerTxRes.kind === TX_KIND_HASH) {
@@ -2545,6 +2555,7 @@ var DotNS = class {
       this.connected = false;
     }
     this._usesExternalSigner = false;
+    this._onPhoneSigningRequired = void 0;
   }
 };
 var dotns = new DotNS();

package/dist/{chunk-OAWXITVX.js → chunk-4W6VNILJ.js}

@@ -6,10 +6,10 @@ import {
   resolveDotnsConnectOptions,
   storeDirectory,
   storeFile
-} from "./chunk-PV3N2XTC.js";
+} from "./chunk-4CZ4GIWK.js";
 import {
   DotNS
-} from "./chunk-LJMYOXQV.js";
+} from "./chunk-4GX3KJPU.js";
 import {
   getPopSelfServeConfig,
   loadEnvironments,

package/dist/{chunk-CBCUKOOJ.js → chunk-AKCO2LGH.js}

@@ -1,6 +1,6 @@
 import {
   VERSION
-} from "./chunk-YT2XCGZK.js";
+} from "./chunk-P2ZOBSCJ.js";
 
 // src/version-check.ts
 import { execSync, execFileSync } from "child_process";

package/dist/{chunk-VRZXAB7J.js → chunk-AMGKEAOH.js}

@@ -2,11 +2,11 @@ import {
   classifyErrorArea,
   isInteractive,
   promptYesNo
-} from "./chunk-CBCUKOOJ.js";
+} from "./chunk-AKCO2LGH.js";
 import {
   VERSION,
   getCurrentSentryTraceId
-} from "./chunk-YT2XCGZK.js";
+} from "./chunk-P2ZOBSCJ.js";
 
 // src/bug-report.ts
 import { execSync, execFileSync } from "child_process";

package/dist/{chunk-UXVBF7TD.js → chunk-KFIIAUQU.js}

@@ -6,7 +6,7 @@ import * as path from "path";
 // package.json
 var package_default = {
   name: "@parity/product-deploy",
-  version: "0.8.3-rc.0",
+  version: "0.8.3-rc.11",
   private: false,
   repository: {
     type: "git",
@@ -49,10 +49,10 @@ var package_default = {
     "tools/release-retry-wrapper.mjs"
   ],
   scripts: {
-    build: "tsup src/index.ts src/deploy.ts src/dotns.ts src/pool.ts src/telemetry.ts src/memory-report.ts src/merkle.ts src/gh-pages-mirror.ts src/version-check.ts src/bug-report.ts src/run-state.ts src/environments.ts src/errors.ts src/manifest.ts src/chunk-probe.ts src/manifest-embed.ts src/manifest-fetch.ts src/manifest-roundtrip.ts src/incremental-stats.ts src/chunker.ts src/personhood/encoding.ts src/personhood/hashing.ts src/personhood/constants.ts src/personhood/member-key.ts src/personhood/people-client.ts src/personhood/proof-validity.ts src/personhood/reprove.ts src/personhood/bind-personal-id.ts src/personhood/claim-pgas.ts src/personhood/bind-paid-alias.ts src/personhood/bootstrap.ts src/personhood/chain-prereqs.ts src/manifest/types.ts src/manifest/schema.ts src/manifest/byte-budget.ts src/manifest/config-load.ts src/manifest/publish.ts --format esm --dts --clean --target node22",
+    build: "tsup src/index.ts src/deploy.ts src/dotns.ts src/pool.ts src/telemetry.ts src/memory-report.ts src/merkle.ts src/gh-pages-mirror.ts src/version-check.ts src/bug-report.ts src/run-state.ts src/environments.ts src/errors.ts src/manifest.ts src/chunk-probe.ts src/manifest-embed.ts src/manifest-fetch.ts src/manifest-roundtrip.ts src/incremental-stats.ts src/chunker.ts src/personhood/encoding.ts src/personhood/hashing.ts src/personhood/constants.ts src/personhood/member-key.ts src/personhood/people-client.ts src/personhood/proof-validity.ts src/personhood/reprove.ts src/personhood/bind-personal-id.ts src/personhood/claim-pgas.ts src/personhood/bind-paid-alias.ts src/personhood/bootstrap.ts src/personhood/chain-prereqs.ts src/manifest/types.ts src/manifest/schema.ts src/manifest/byte-budget.ts src/manifest/config-load.ts src/manifest/publish.ts src/auth/index.ts src/auth/vendor/index.ts src/auth/vendor/ui/index.ts src/auth-config.ts src/commands/login.ts src/commands/logout.ts src/commands/whoami.ts src/storage-signer.ts --format esm --dts --clean --target node22",
     "refresh-environments": "node scripts/refresh-environments.mjs",
     prepare: "npm run build",
-    test: "npm run build && node --test test/test.js test/cli-help.test.js test/helpers/e2e-helpers.test.js test/environments.test.js test/refresh-environments.test.js test/chunk-sharing-report.test.js test/product-manifest.test.js test/cache-savings-totals.test.js test/error-pattern-signature.test.js test/exit-codes.test.js test/probe-env-health.test.js test/e2e-chain-calls.test.js",
+    test: "npm run build && node --test test/test.js test/cli-help.test.js test/helpers/e2e-helpers.test.js test/environments.test.js test/refresh-environments.test.js test/chunk-sharing-report.test.js test/product-manifest.test.js test/cache-savings-totals.test.js test/error-pattern-signature.test.js test/exit-codes.test.js test/probe-env-health.test.js test/e2e-chain-calls.test.js test/auth-config.test.js test/whoami.test.js test/login.test.js test/logout.test.js test/auth-resolve.test.js",
     "test:e2e": "npm run build && node --test test/e2e.test.js",
     "test:e2e:smoke": "bash scripts/e2e-pass.sh smoke",
     "test:e2e:pr": "bash scripts/e2e-pass.sh pr",
@@ -63,6 +63,10 @@ var package_default = {
     "@ipld/car": "^5.4.3",
     "@ipld/dag-pb": "^4.1.3",
     "@noble/hashes": "^1.7.2",
+    "@parity/product-sdk-address": "^0.1.1",
+    "@parity/product-sdk-keys": "^0.3.0",
+    "@parity/product-sdk-terminal": "^0.2.1",
+    "@parity/product-sdk-tx": "^0.2.4",
     "@polkadot-api/metadata-builders": "^0.14.2",
     "@polkadot-api/substrate-bindings": "^0.20.2",
     "@polkadot-labs/hdkd": "^0.0.28",
@@ -82,8 +86,18 @@ var package_default = {
     "@types/node": "^22.0.0",
     tsup: "^8.5.0",
     typescript: "^5.9.3",
+    vitest: "^3.0.0",
     ws: "^8.20.1"
   },
+  overrides: {
+    "@polkadot-api/json-rpc-provider": "^0.2.0",
+    "@novasamatech/host-api": "0.7.9-4",
+    "@novasamatech/host-papp": "0.7.9-4",
+    "@novasamatech/product-sdk": "0.7.9-4",
+    "@novasamatech/scale": "0.7.9-4",
+    "@novasamatech/statement-store": "0.7.9-4",
+    "@novasamatech/storage-adapter": "0.7.9-4"
+  },
   minimumVersion: "0.5.6",
   engines: {
     node: ">=22"

package/dist/{chunk-L5Z3TJD7.js → chunk-OCKCB72S.js}

@@ -1,18 +1,18 @@
 import {
   buildAliasProofMessage,
   getProofValidAtSec
-} from "./chunk-SLE4P6MO.js";
+} from "./chunk-EJI3MX4G.js";
+import {
+  bytesToHex,
+  encodeMembers,
+  hexToBytes
+} from "./chunk-ZYVGHDMU.js";
 import {
   PEOPLE_MEMBER_IDENTIFIER_HEX,
   PGAS_ASSET_ID,
   PGAS_ASSET_LOCATION,
   PROOF_BYTES
 } from "./chunk-SI2ZUOYD.js";
-import {
-  bytesToHex,
-  encodeMembers,
-  hexToBytes
-} from "./chunk-ZYVGHDMU.js";
 
 // src/personhood/bind-paid-alias.ts
 import { getSs58AddressInfo, Binary } from "polkadot-api";

package/dist/{chunk-YT2XCGZK.js → chunk-P2ZOBSCJ.js}

@@ -1,7 +1,7 @@
 import {
   package_default,
   writeRunState
-} from "./chunk-UXVBF7TD.js";
+} from "./chunk-KFIIAUQU.js";
 
 // src/memory-report.ts
 import * as fs2 from "fs";
@@ -17,7 +17,6 @@ import * as path from "path";
 var VERSION = package_default.version;
 var DOTNS_BACKEND = "contract";
 var DOTNS_POP_SOURCE = "personhood-precompile";
-var DEFAULT_DSN = "https://e021c025d79c4c3ade2862a11f13c40b@o4511059872841728.ingest.de.sentry.io/4511093597405264";
 var INTERNAL_ORG_RE = /^(paritytech|w3f|polkadot-fellows)\//i;
 var PARITY_HOST_APPS = /* @__PURE__ */ new Set(["playground-cli"]);
 function extractRepoSlug(url) {
@@ -45,7 +44,7 @@ function isInternalContext() {
     hostApp: process.env.BULLETIN_DEPLOY_HOST_APP
   });
 }
-var OPT_OUT = process.env.BULLETIN_DEPLOY_TELEMETRY === "0";
+var OPT_OUT = process.env.BULLETIN_DEPLOY_TELEMETRY === "0" || process.env.BULLETIN_DEPLOY_TELEMETRY === "off";
 var OPT_IN = process.env.BULLETIN_DEPLOY_TELEMETRY === "1";
 var DISABLED = OPT_OUT || !OPT_IN && !isInternalContext();
 var CONVENTIONAL_BRANCH_PREFIXES = /* @__PURE__ */ new Set([
@@ -117,8 +116,10 @@ function initTelemetry() {
   if (process.env.BULLETIN_DEPLOY_USE_AMBIENT_SENTRY === "1") {
     return;
   }
+  const dsn = process.env.SENTRY_DSN || (true ? "" : "");
+  if (!dsn) return;
   Sentry.init({
-    dsn: process.env.SENTRY_DSN || DEFAULT_DSN,
+    dsn,
     release: `${package_default.name}@${VERSION}`,
     tracesSampleRate: 1,
     environment: process.env.CI ? "ci" : "local",
@@ -316,15 +317,21 @@ var ERROR_KIND_RULES = [
   [/\bstale\b.*nonce|nonce.*\bstale\b|"type"\s*:\s*"(?:Future|Stale)"|Invalid::Future|tx rejected by pool/i, "nonce-stale"],
   [/heartbeat timeout|WS halt|Unable to connect|ChainHead disjointed|websocket.*closed|socket closed|disconnect/i, "connection"],
   [/requires ProofOfPersonhood(?:Full|Lite|Light),\s*but this signer is NoStatus/i, "naming.pop_required"],
+  [/requires NoStatus,\s*but this signer is ProofOfPersonhood/i, "naming.nostatus_required"],
+  [/Cannot decode zero data.*with ABI parameters/i, "naming.contract_unavailable"],
   [/Domain\s+\S+\.dot\s+is already owned by\s+0x[a-fA-F0-9]+/i, "naming.already_owned"],
   [/Cannot deploy\s+[\w.-]+\.dot:\s*parent\s+[\w.-]+\.dot\s+is owned by/i, "naming.subdomain_orphan"],
   [/Post-deploy verification failed for .+: on-chain contenthash is /i, "verify.contenthash_mismatch"],
   [/Deploy verification failed:\s*DAG-PB root.+not finalised/i, "verify.dagpb_not_finalised"],
   [/Retry budget exhausted:.*recovery attempts/i, "network.recovery_exhausted"],
+  [/Account auto-mapping did not take effect on-chain/i, "account.mapping_pending"],
   [/ReviveApi\.\w+ timed out after \d+ms/i, "chain.api_timeout"],
   [/ReviveApi\.\w+ returned empty result/i, "chain.api_timeout"],
   [/transaction watcher silent for \d+s/i, "chain.tx_silent"],
-  [/^(?:commit|register|setSubnodeOwner|setResolver|setContenthash|setText|publish|unpublish|Revive\.call|Utility\.batch_all) timed out after \d+ms/i, "chain.tx_timeout"],
+  [/(?:commit|register|setSubnodeOwner|setResolver|setContenthash|setText|publish|unpublish|Revive\.call|Utility\.batch_all) timed out after \d+ms/i, "chain.tx_timeout"],
+  [/AncientBirthBlock/i, "chain.extrinsic_expired"],
+  [/Bulletin quota exhausted/i, "chain.quota_exhausted"],
+  [/Mobile signing (?:failed|rejected).*message too big/i, "signer.message_too_large"],
   [/^INVARIANT FAILED:/i, "tool.invariant"]
 ];
 function classifyErrorKind(msg) {

package/dist/chunk-RIRDBSBG.js

@@ -0,0 +1,36 @@
+// src/auth/vendor/ui/qr.ts
+import { renderQrCode } from "@parity/product-sdk-terminal";
+
+// src/auth/vendor/ui/status.ts
+function renderLoginStatus(status) {
+  switch (status.step) {
+    case "waiting":
+      return "Waiting for you to scan the QR code with your phone\u2026";
+    case "paired":
+      return "Paired \u2014 finishing sign-in\u2026";
+    case "pending":
+      return `Working: ${status.stage}\u2026`;
+    case "success":
+      return `Signed in as ${status.address}`;
+    case "error":
+      return `Sign-in failed: ${status.message}`;
+  }
+}
+function renderLogoutStatus(status) {
+  switch (status.step) {
+    case "disconnecting":
+      return `Signing out ${status.address}\u2026`;
+    case "success":
+      return `Signed out ${status.address}`;
+    case "partial":
+      return `Signed out locally (${status.address}); the phone was not notified: ${status.reason}`;
+    case "error":
+      return `Sign-out error: ${status.message}`;
+  }
+}
+
+export {
+  renderQrCode,
+  renderLoginStatus,
+  renderLogoutStatus
+};

package/dist/{chunk-Z6PRIHI7.js → chunk-X2Q5FPIQ.js}

@@ -1,6 +1,6 @@
 import {
   captureWarning
-} from "./chunk-YT2XCGZK.js";
+} from "./chunk-P2ZOBSCJ.js";
 
 // src/chunk-probe.ts
 import { Twox128, Blake2128Concat, decAnyMetadata, unifyMetadata } from "@polkadot-api/substrate-bindings";

package/dist/chunk-YUSHBZBX.js

@@ -0,0 +1,52 @@
+import {
+  loadEnvironments
+} from "./chunk-5K3RI5C2.js";
+
+// src/auth-config.ts
+import { existsSync } from "fs";
+import { homedir } from "os";
+import { join } from "path";
+var DOT_DAPP_ID = "dot-cli";
+var DOT_PRODUCT_ID = "playground.dot";
+var DOT_DERIVATION_INDEX = 0;
+var DOT_TERMINAL_METADATA_URL = "https://gist.githubusercontent.com/ReinhardHatko/1967dd3f4afe78683cc0ba14d6ec8744/raw/c1625eb7ed7671b7e09a3fa2a25998dde33c70b8/metadata.json";
+function hasPersistedSession() {
+  return existsSync(join(homedir(), ".polkadot-apps", `${DOT_DAPP_ID}_SsoSessions.json`));
+}
+function buildAuthConfig(doc, envId) {
+  const peopleChain = doc.chains.find((c) => c.id === "people");
+  if (!peopleChain) {
+    throw new Error(
+      `No "people" chain found in environments doc. Add a "people" entry under "chains" in environments.json.`
+    );
+  }
+  const endpoint = peopleChain.endpoints[envId];
+  if (!endpoint) {
+    throw new Error(
+      `No people-chain endpoint for environment "${envId}". Available envs: ${Object.keys(peopleChain.endpoints).join(", ")}.`
+    );
+  }
+  const peopleEndpoints = Array.isArray(endpoint.wss) ? endpoint.wss : [endpoint.wss];
+  return {
+    dappId: DOT_DAPP_ID,
+    productId: DOT_PRODUCT_ID,
+    derivationIndex: DOT_DERIVATION_INDEX,
+    metadataUrl: DOT_TERMINAL_METADATA_URL,
+    peopleEndpoints
+  };
+}
+async function getAuthClient(envId) {
+  const { createAuthClient } = await import("./auth/index.js");
+  const { doc } = await loadEnvironments();
+  return createAuthClient(buildAuthConfig(doc, envId));
+}
+
+export {
+  DOT_DAPP_ID,
+  DOT_PRODUCT_ID,
+  DOT_DERIVATION_INDEX,
+  DOT_TERMINAL_METADATA_URL,
+  hasPersistedSession,
+  buildAuthConfig,
+  getAuthClient
+};

package/dist/chunk-probe.js

@@ -5,9 +5,9 @@ import {
   _decodeStorageValue,
   _resetProbeSession,
   probeChunks
-} from "./chunk-Z6PRIHI7.js";
-import "./chunk-YT2XCGZK.js";
-import "./chunk-UXVBF7TD.js";
+} from "./chunk-X2Q5FPIQ.js";
+import "./chunk-P2ZOBSCJ.js";
+import "./chunk-KFIIAUQU.js";
 export {
   ChainProbeCrossValidationError,
   ChainProbeMetadataError,

package/dist/commands/login.d.ts

@@ -0,0 +1,28 @@
+import { b as AllocationSummary } from '../allocations-B65Is4Md.js';
+import '@parity/product-sdk-terminal';
+
+/**
+ * login — QR/mobile sign-in command.
+ *
+ * Flow:
+ *  1. connect() → existing session (already logged in) OR QR code
+ *  2. Print QR → user scans on phone
+ *  3. waitForLogin() → phone approves → paired
+ *  4. requestAllocation() — REQUIRED before the fresh session can sign (RFC-0010)
+ *  5. Print summarizeLogin()
+ *  6. destroy()
+ */
+
+/**
+ * Format a post-login summary. Pure function, unit-testable.
+ */
+declare function summarizeLogin(address: string, summary: AllocationSummary): string;
+interface LoginOptions {
+    suri?: string;
+}
+/**
+ * Run the login command. Prints the QR code to stdout and waits for mobile approval.
+ */
+declare function runLogin(envId: string, _opts?: LoginOptions): Promise<void>;
+
+export { type LoginOptions, runLogin, summarizeLogin };

package/dist/commands/login.js

@@ -0,0 +1,116 @@
+import "../chunk-JQKKMUCT.js";
+import {
+  DEFAULT_RESOURCES,
+  summarizeOutcomes
+} from "../chunk-2OZVKA3D.js";
+import {
+  renderLoginStatus
+} from "../chunk-RIRDBSBG.js";
+import {
+  extractBulletinSlotKey,
+  writeBulletinSlotKey
+} from "../chunk-4CZ4GIWK.js";
+import "../chunk-HOTQDYHD.js";
+import "../chunk-IW3X2MJF.js";
+import "../chunk-KOSF5FDO.js";
+import "../chunk-J3NIXHZZ.js";
+import "../chunk-S7EM5VMW.js";
+import {
+  DOT_DAPP_ID,
+  getAuthClient
+} from "../chunk-YUSHBZBX.js";
+import "../chunk-AMGKEAOH.js";
+import "../chunk-AKCO2LGH.js";
+import "../chunk-X2Q5FPIQ.js";
+import "../chunk-C2TS5MER.js";
+import "../chunk-4GX3KJPU.js";
+import "../chunk-QS7YU76C.js";
+import "../chunk-P2ZOBSCJ.js";
+import "../chunk-KFIIAUQU.js";
+import "../chunk-5K3RI5C2.js";
+import "../chunk-ZOC4GITL.js";
+
+// src/commands/login.ts
+function summarizeLogin(address, summary) {
+  const lines = [
+    `Signed in as: ${address}`,
+    `Resources granted: ${summary.granted.length}`
+  ];
+  if (summary.rejected.length > 0) {
+    lines.push(`Resources rejected: ${summary.rejected.length} (${summary.rejected.map((r) => r.tag).join(", ")})`);
+  }
+  if (summary.unavailable.length > 0) {
+    lines.push(`Resources unavailable: ${summary.unavailable.length}`);
+  }
+  return lines.join("\n");
+}
+async function runLogin(envId, _opts = {}) {
+  const client = await getAuthClient(envId);
+  const result = await client.connect();
+  if (result.kind === "existing") {
+    const sessionHandle2 = await client.getSessionSigner();
+    if (sessionHandle2) {
+      let sssExpired = false;
+      const origErr = console.error;
+      console.error = (...args) => {
+        const msg = args.map(String).join(" ");
+        if (msg.includes("NoAllowanceError") || msg.includes("no allowance set")) {
+          sssExpired = true;
+          return;
+        }
+        origErr(...args);
+      };
+      await Promise.race([
+        client.requestAllocation(sessionHandle2.userSession, DEFAULT_RESOURCES).catch(() => {
+        }),
+        new Promise((r) => setTimeout(r, 3e3))
+      ]);
+      console.error = origErr;
+      sessionHandle2.destroy();
+      if (sssExpired) {
+        console.error(
+          `
+Statement Store allowance has expired for ${result.address}.
+Run: bulletin-deploy logout
+Then: bulletin-deploy login
+to re-pair and renew (allowance lasts ~2-3 days).`
+        );
+        process.exit(1);
+      }
+    }
+    console.log(`Already signed in as: ${result.address}`);
+    return;
+  }
+  console.log(result.qrCode);
+  console.log("Scan the QR code with your Polkadot wallet app.");
+  const address = await client.waitForLogin(result.login, (status) => {
+    const msg = renderLoginStatus(status);
+    if (msg) process.stdout.write(`\r${msg}`);
+  });
+  if (!address) {
+    console.error("\nLogin failed.");
+    return;
+  }
+  const sessionHandle = await client.getSessionSigner();
+  if (sessionHandle) {
+    try {
+      const outcomes = await client.requestAllocation(sessionHandle.userSession, DEFAULT_RESOURCES);
+      const summary = summarizeOutcomes(outcomes, DEFAULT_RESOURCES);
+      console.log("\n" + summarizeLogin(address, summary));
+      const hexKey = extractBulletinSlotKey(outcomes);
+      if (hexKey) {
+        await writeBulletinSlotKey(DOT_DAPP_ID, hexKey);
+        console.log(`   Bulletin storage key cached \u2713`);
+      }
+    } finally {
+      sessionHandle.destroy();
+    }
+  } else {
+    console.log(`
+Signed in as: ${address}`);
+  }
+}
+export {
+  runLogin,
+  summarizeLogin
+};

package/dist/commands/logout.d.ts

@@ -0,0 +1,21 @@
+import { d as LogoutStatus } from '../auth-DkRZBK-T.js';
+import '@parity/product-sdk-terminal';
+import 'polkadot-api';
+import '../allocations-B65Is4Md.js';
+
+/**
+ * logout — sign out the current session.
+ *
+ * Flow: findSession() → null → "no session" ; else waitForLogout()
+ */
+
+/**
+ * Format a logout status line. Pure function, unit-testable.
+ */
+declare function formatLogout(status: LogoutStatus): string;
+/**
+ * Run the logout command. Finds the current session and signs out.
+ */
+declare function runLogout(envId: string): Promise<void>;
+
+export { formatLogout, runLogout };

package/dist/commands/logout.js

@@ -0,0 +1,37 @@
+import "../chunk-JQKKMUCT.js";
+import "../chunk-2OZVKA3D.js";
+import {
+  renderLogoutStatus
+} from "../chunk-RIRDBSBG.js";
+import {
+  getAuthClient
+} from "../chunk-YUSHBZBX.js";
+import "../chunk-5K3RI5C2.js";
+import "../chunk-ZOC4GITL.js";
+
+// src/commands/logout.ts
+function formatLogout(status) {
+  return renderLogoutStatus(status);
+}
+async function runLogout(envId) {
+  const client = await getAuthClient(envId);
+  try {
+    const handle = await client.findSession();
+    if (!handle) {
+      console.log("Not logged in. No session to sign out.");
+      return;
+    }
+    await client.waitForLogout(handle, (status) => {
+      console.log(formatLogout(status));
+    });
+  } finally {
+    try {
+      await client.clearLocalAppStorage();
+    } catch {
+    }
+  }
+}
+export {
+  formatLogout,
+  runLogout
+};

package/dist/commands/whoami.d.ts

@@ -0,0 +1,22 @@
+import { S as SessionAddresses } from '../auth-DkRZBK-T.js';
+import '@parity/product-sdk-terminal';
+import 'polkadot-api';
+import '../allocations-B65Is4Md.js';
+
+/**
+ * whoami — show the currently logged-in session account, or "not logged in".
+ * Pure formatter `formatWhoami` is unit-tested; `runWhoami` is the live async path.
+ */
+
+/**
+ * Format session address info for display. Pass `null` when no session exists.
+ * Pure function — unit-testable without any SSO stack.
+ */
+declare function formatWhoami(addresses: SessionAddresses | null): string;
+/**
+ * Run the whoami command. Gets the session signer (if any) and prints the
+ * formatted output. Never throws — "no session" prints the not-logged-in message.
+ */
+declare function runWhoami(envId: string): Promise<void>;
+
+export { formatWhoami, runWhoami };

package/dist/commands/whoami.js

@@ -0,0 +1,47 @@
+import {
+  getAuthClient,
+  hasPersistedSession
+} from "../chunk-YUSHBZBX.js";
+import "../chunk-5K3RI5C2.js";
+import "../chunk-ZOC4GITL.js";
+
+// src/commands/whoami.ts
+function formatWhoami(addresses) {
+  if (!addresses) {
+    return "Not logged in. Run `bulletin-deploy login` to sign in.";
+  }
+  return [
+    `Logged in:`,
+    `  Root address:    ${addresses.rootAddress}`,
+    `  Product address: ${addresses.productAddress}`,
+    `  H160 (EVM):      ${addresses.productH160}`
+  ].join("\n");
+}
+async function runWhoami(envId) {
+  if (!hasPersistedSession()) {
+    console.log(formatWhoami(null));
+    return;
+  }
+  try {
+    const client = await getAuthClient(envId);
+    const handle = await client.getSessionSigner();
+    if (handle) {
+      console.log(formatWhoami(handle.addresses));
+      handle.destroy();
+    } else {
+      console.log(formatWhoami(null));
+    }
+  } catch (err) {
+    const e = err;
+    if (e?.name === "SignerNotAvailableError") {
+      console.log(formatWhoami(null));
+    } else {
+      console.log(`Could not reach login service: ${e?.message ?? String(err)}`);
+      console.log(formatWhoami(null));
+    }
+  }
+}
+export {
+  formatWhoami,
+  runWhoami
+};