@parity/product-deploy 0.8.3-rc.6 → 0.8.3-rc.7

package/dist/chunk-7DGFJC6E.js

@@ -0,0 +1,379 @@
+// src/auth/vendor/auth.ts
+import { readdir, unlink } from "fs/promises";
+import { homedir } from "os";
+import { join } from "path";
+import { deriveH160, ss58Encode } from "@parity/product-sdk-address";
+import {
+  createTerminalAdapter,
+  waitForSessions,
+  renderQrCode
+} from "@parity/product-sdk-terminal";
+
+// src/auth/vendor/sessionSigner.ts
+import { deriveProductAccountPublicKey } from "@parity/product-sdk-keys";
+var INCOMPLETE_SESSION_MESSAGE = 'Stored login session is missing the root account public key. Run "logout" and then "login" to pair again.';
+function sessionRootPublicKey(session) {
+  const rootAccountId = session.rootAccountId;
+  const publicKey = rootAccountId ? new Uint8Array(rootAccountId) : new Uint8Array();
+  if (publicKey.length !== 32) {
+    throw new Error(INCOMPLETE_SESSION_MESSAGE);
+  }
+  return publicKey;
+}
+function deriveProductPublicKey(rootAccountId, ref) {
+  return deriveProductAccountPublicKey(rootAccountId, ref.productId, ref.derivationIndex);
+}
+function createSessionSigner(session, ref) {
+  const publicKey = deriveProductPublicKey(sessionRootPublicKey(session), ref);
+  const productAccountId = [ref.productId, ref.derivationIndex];
+  const signTx = async (callData, signedExtensions, _metadata, _atBlockNumber) => {
+    const genesisHash = signedExtensions["CheckGenesis"]?.additionalSigned ?? new Uint8Array(32);
+    const extensions = Object.entries(signedExtensions).map(([id, { value, additionalSigned }]) => ({
+      id,
+      extra: value,
+      additionalSigned
+    }));
+    const result = await session.createTransaction({
+      payload: {
+        tag: "v1",
+        value: {
+          signer: productAccountId,
+          genesisHash,
+          callData,
+          extensions,
+          txExtVersion: 0
+        }
+      }
+    });
+    if (result.isErr()) {
+      throw new Error(`Mobile signing rejected: ${result.error.message}`);
+    }
+    return result.value;
+  };
+  const signBytes = async (data) => {
+    const result = await session.signRaw({
+      productAccountId,
+      data: { tag: "Bytes", value: data }
+    });
+    if (result.isErr()) {
+      throw new Error(`Mobile signing rejected: ${result.error.message}`);
+    }
+    return result.value.signature;
+  };
+  return { publicKey, signTx, signBytes };
+}
+
+// src/auth/vendor/allocations.ts
+var DEFAULT_RESOURCES = [
+  { tag: "BulletInAllowance", value: void 0 },
+  { tag: "StatementStoreAllowance", value: void 0 },
+  // derivation index 0 = the default product account.
+  { tag: "SmartContractAllowance", value: 0 }
+];
+async function requestResourceAllocation(session, productId, resources = DEFAULT_RESOURCES, onExisting = "Ignore") {
+  const result = await session.requestResourceAllocation({
+    callingProductId: productId,
+    resources,
+    onExisting
+  });
+  if (result.isErr()) {
+    throw new Error(`Resource allocation request failed: ${result.error.message}`);
+  }
+  return result.value;
+}
+function summarizeOutcomes(outcomes, resources) {
+  const granted = [];
+  const rejected = [];
+  const unavailable = [];
+  outcomes.forEach((outcome, i) => {
+    const resource = resources[i];
+    if (!resource) return;
+    if (outcome.tag === "Allocated") granted.push(resource);
+    else if (outcome.tag === "Rejected") rejected.push(resource);
+    else unavailable.push(resource);
+  });
+  return { granted, rejected, unavailable };
+}
+
+// src/auth/vendor/auth.ts
+var QR_TIMEOUT_MS = 6e4;
+function createAuthClient(config) {
+  const ref = { productId: config.productId, derivationIndex: config.derivationIndex };
+  function createAdapter() {
+    return createTerminalAdapter({
+      appId: config.dappId,
+      metadataUrl: config.metadataUrl,
+      endpoints: config.peopleEndpoints
+    });
+  }
+  function deriveSessionAddresses(session) {
+    const rootBytes = sessionRootPublicKey(session);
+    const productPubkey = deriveProductPublicKey(rootBytes, ref);
+    return {
+      rootAddress: ss58Encode(rootBytes),
+      productAddress: ss58Encode(productPubkey),
+      productH160: deriveH160(productPubkey)
+    };
+  }
+  function createSigner(session) {
+    return createSessionSigner(session, ref);
+  }
+  function sessionRemoteAddress(session) {
+    const raw = session.remoteAccount?.accountId;
+    const accountId = raw ? new Uint8Array(raw) : new Uint8Array();
+    return accountId.length === 32 ? ss58Encode(accountId) : null;
+  }
+  function sessionLogoutAddress(session) {
+    try {
+      return deriveSessionAddresses(session).productAddress;
+    } catch {
+      return sessionRemoteAddress(session) ?? "(stored session)";
+    }
+  }
+  async function connect() {
+    const adapter = createAdapter();
+    const sessions = await waitForSessions(adapter);
+    if (sessions.length > 0) {
+      const addresses = deriveSessionAddresses(sessions[0]);
+      return { kind: "existing", address: addresses.productAddress, addresses };
+    }
+    const authPromise = adapter.sso.authenticate();
+    try {
+      const qrCode = await Promise.race([
+        new Promise((resolve) => {
+          let done = false;
+          let unsub;
+          unsub = adapter.sso.pairingStatus.subscribe(async (status) => {
+            if (status.step === "pairing" && !done) {
+              done = true;
+              unsub?.();
+              resolve(await renderQrCode(status.payload));
+            }
+          });
+        }),
+        new Promise(
+          (_, reject) => setTimeout(
+            () => reject(
+              new Error(
+                `Login service did not respond within ${Math.round(
+                  QR_TIMEOUT_MS / 1e3
+                )}s \u2014 try again`
+              )
+            ),
+            QR_TIMEOUT_MS
+          )
+        )
+      ]);
+      return { kind: "qr", qrCode, login: { adapter, authPromise } };
+    } catch (err) {
+      adapter.destroy().catch(() => {
+      });
+      throw err;
+    }
+  }
+  async function waitForLogin({ adapter, authPromise }, onStatus) {
+    onStatus({ step: "waiting" });
+    const unsubPairing = adapter.sso.pairingStatus.subscribe((status) => {
+      if (status.step === "finished") {
+        onStatus({ step: "paired" });
+      } else if (status.step === "pending") {
+        onStatus({ step: "pending", stage: status.stage });
+      } else if (status.step === "pairingError") {
+        onStatus({ step: "error", message: status.message });
+      }
+    });
+    let authenticated = false;
+    let address = null;
+    try {
+      const result = await authPromise;
+      result.match(
+        (session) => {
+          if (session) {
+            authenticated = true;
+          }
+        },
+        (error) => {
+          onStatus({ step: "error", message: error.message });
+        }
+      );
+      if (authenticated) {
+        const sessions = await waitForSessions(adapter, 3e3);
+        if (sessions.length > 0) {
+          const addresses = deriveSessionAddresses(sessions[0]);
+          address = addresses.productAddress;
+          onStatus({ step: "success", address, addresses });
+        } else {
+          onStatus({
+            step: "error",
+            message: "Login succeeded but the local session was not available"
+          });
+        }
+      }
+    } finally {
+      unsubPairing();
+    }
+    return address;
+  }
+  async function getSessionSigner() {
+    const adapter = createAdapter();
+    const sessions = await waitForSessions(adapter, 3e3);
+    if (sessions.length === 0) {
+      adapter.destroy().catch(() => {
+      });
+      return null;
+    }
+    const session = sessions[0];
+    const signer = createSigner(session);
+    const addresses = deriveSessionAddresses(session);
+    let destroyed = false;
+    const destroy = () => {
+      if (destroyed) return;
+      destroyed = true;
+      adapter.destroy().catch(() => {
+      });
+    };
+    return {
+      address: addresses.productAddress,
+      addresses,
+      signer,
+      userSession: session,
+      destroy
+    };
+  }
+  async function requestAllocation(session, resources = DEFAULT_RESOURCES, onExisting = "Ignore") {
+    return requestResourceAllocation(session, config.productId, resources, onExisting);
+  }
+  async function findSession() {
+    const adapter = createAdapter();
+    const sessions = await waitForSessions(adapter, 3e3);
+    if (sessions.length === 0) {
+      try {
+        await adapter.destroy();
+      } catch {
+      }
+      return null;
+    }
+    const session = sessions[0];
+    const address = sessionLogoutAddress(session);
+    return { adapter, address, session };
+  }
+  async function waitForLogout(handle, onStatus) {
+    const { adapter, address, session } = handle;
+    try {
+      onStatus({ step: "disconnecting", address });
+      const result = await adapter.sessions.disconnect(session);
+      if (result.isOk()) {
+        await clearLocalAppStorage();
+        onStatus({ step: "success", address });
+        return;
+      }
+      const reason = result.error.message || "remote unreachable";
+      await clearLocalAppStorage();
+      onStatus({ step: "partial", address, reason });
+    } catch (err) {
+      const reason = err instanceof Error ? err.message : String(err);
+      try {
+        await clearLocalAppStorage();
+        onStatus({ step: "partial", address, reason });
+      } catch (cleanupErr) {
+        const msg = cleanupErr instanceof Error ? cleanupErr.message : String(cleanupErr);
+        onStatus({ step: "error", message: msg });
+      }
+    } finally {
+      try {
+        await adapter.destroy();
+      } catch {
+      }
+    }
+  }
+  async function clearLocalAppStorage(dir = join(homedir(), ".polkadot-apps")) {
+    let entries;
+    try {
+      entries = await readdir(dir, { withFileTypes: true });
+    } catch {
+      return;
+    }
+    const prefix = `${config.dappId}_`;
+    await Promise.all(
+      entries.filter((entry) => entry.isFile() && entry.name.startsWith(prefix)).map(
+        (entry) => unlink(join(dir, entry.name)).catch(() => {
+        })
+      )
+    );
+  }
+  return {
+    connect,
+    waitForLogin,
+    getSessionSigner,
+    findSession,
+    waitForLogout,
+    requestAllocation,
+    clearLocalAppStorage
+  };
+}
+
+// src/auth/vendor/signer.ts
+import { ss58Encode as ss58Encode2 } from "@parity/product-sdk-address";
+import { createDevSigner, getDevPublicKey } from "@parity/product-sdk-tx";
+import { seedToAccount } from "@parity/product-sdk-keys";
+var SignerNotAvailableError = class extends Error {
+  constructor() {
+    super('No signer available. Run "login" to sign in, or pass --suri //Alice for dev.');
+    this.name = "SignerNotAvailableError";
+  }
+};
+var DEV_NAMES = ["Alice", "Bob", "Charlie", "Dave", "Eve", "Ferdie"];
+function parseDevAccountName(suri) {
+  const name = suri.replace(/^\/\//, "");
+  return DEV_NAMES.find((n) => n.toLowerCase() === name.toLowerCase()) ?? null;
+}
+async function resolveSigner(authClient, options) {
+  if (options?.suri) {
+    const devName = parseDevAccountName(options.suri);
+    if (devName) {
+      return {
+        signer: createDevSigner(devName),
+        address: ss58Encode2(getDevPublicKey(devName)),
+        source: "dev",
+        destroy() {
+        }
+      };
+    }
+    const sepIdx = options.suri.indexOf("//");
+    const mnemonic = (sepIdx === -1 ? options.suri : options.suri.slice(0, sepIdx)).trim();
+    const path = sepIdx === -1 ? "" : options.suri.slice(sepIdx);
+    try {
+      const account = seedToAccount(mnemonic, path);
+      return {
+        signer: account.signer,
+        address: ss58Encode2(account.publicKey),
+        source: "dev",
+        destroy() {
+        }
+      };
+    } catch {
+      throw new Error(
+        `Unrecognized SURI "${options.suri}". Expected a dev name (${DEV_NAMES.join(", ")}) or a BIP-39 mnemonic.`
+      );
+    }
+  }
+  const session = await authClient.getSessionSigner();
+  if (session) {
+    return { ...session, source: "session" };
+  }
+  throw new SignerNotAvailableError();
+}
+
+export {
+  INCOMPLETE_SESSION_MESSAGE,
+  sessionRootPublicKey,
+  deriveProductPublicKey,
+  createSessionSigner,
+  DEFAULT_RESOURCES,
+  requestResourceAllocation,
+  summarizeOutcomes,
+  createAuthClient,
+  SignerNotAvailableError,
+  parseDevAccountName,
+  resolveSigner
+};

package/dist/{chunk-6XDIJYDO.js → chunk-BI5SDZMM.js}

@@ -2,11 +2,11 @@ import {
   classifyErrorArea,
   isInteractive,
   promptYesNo
-} from "./chunk-YUIBBHS2.js";
+} from "./chunk-HEKCOME3.js";
 import {
   VERSION,
   getCurrentSentryTraceId
-} from "./chunk-M6DM2NUT.js";
+} from "./chunk-W4MILLXD.js";
 
 // src/bug-report.ts
 import { execSync, execFileSync } from "child_process";

package/dist/{chunk-22CE57IY.js → chunk-C2DA2PRC.js}

@@ -1,6 +1,6 @@
 import {
   captureWarning
-} from "./chunk-M6DM2NUT.js";
+} from "./chunk-W4MILLXD.js";
 
 // src/chunk-probe.ts
 import { Twox128, Blake2128Concat, decAnyMetadata, unifyMetadata } from "@polkadot-api/substrate-bindings";

package/dist/{chunk-YUIBBHS2.js → chunk-HEKCOME3.js}

@@ -1,6 +1,6 @@
 import {
   VERSION
-} from "./chunk-M6DM2NUT.js";
+} from "./chunk-W4MILLXD.js";
 
 // src/version-check.ts
 import { execSync, execFileSync } from "child_process";

package/dist/{chunk-3TOFKDMY.js → chunk-OBCWAZQE.js}

@@ -8,7 +8,7 @@ import {
   setDeploySentryTag,
   truncateAddress,
   withSpan
-} from "./chunk-M6DM2NUT.js";
+} from "./chunk-W4MILLXD.js";
 import {
   validateContractAddresses
 } from "./chunk-5K3RI5C2.js";

package/dist/{chunk-L5Z3TJD7.js → chunk-OCKCB72S.js}

@@ -1,18 +1,18 @@
 import {
   buildAliasProofMessage,
   getProofValidAtSec
-} from "./chunk-SLE4P6MO.js";
+} from "./chunk-EJI3MX4G.js";
+import {
+  bytesToHex,
+  encodeMembers,
+  hexToBytes
+} from "./chunk-ZYVGHDMU.js";
 import {
   PEOPLE_MEMBER_IDENTIFIER_HEX,
   PGAS_ASSET_ID,
   PGAS_ASSET_LOCATION,
   PROOF_BYTES
 } from "./chunk-SI2ZUOYD.js";
-import {
-  bytesToHex,
-  encodeMembers,
-  hexToBytes
-} from "./chunk-ZYVGHDMU.js";
 
 // src/personhood/bind-paid-alias.ts
 import { getSs58AddressInfo, Binary } from "polkadot-api";

package/dist/{chunk-LX77LVIM.js → chunk-OPMGKRYY.js}

@@ -6,7 +6,7 @@ import * as path from "path";
 // package.json
 var package_default = {
   name: "@parity/product-deploy",
-  version: "0.8.3-rc.6",
+  version: "0.8.3-rc.7",
   private: false,
   repository: {
     type: "git",
@@ -49,10 +49,10 @@ var package_default = {
     "tools/release-retry-wrapper.mjs"
   ],
   scripts: {
-    build: "tsup src/index.ts src/deploy.ts src/dotns.ts src/pool.ts src/telemetry.ts src/memory-report.ts src/merkle.ts src/gh-pages-mirror.ts src/version-check.ts src/bug-report.ts src/run-state.ts src/environments.ts src/errors.ts src/manifest.ts src/chunk-probe.ts src/manifest-embed.ts src/manifest-fetch.ts src/manifest-roundtrip.ts src/incremental-stats.ts src/chunker.ts src/personhood/encoding.ts src/personhood/hashing.ts src/personhood/constants.ts src/personhood/member-key.ts src/personhood/people-client.ts src/personhood/proof-validity.ts src/personhood/reprove.ts src/personhood/bind-personal-id.ts src/personhood/claim-pgas.ts src/personhood/bind-paid-alias.ts src/personhood/bootstrap.ts src/personhood/chain-prereqs.ts src/manifest/types.ts src/manifest/schema.ts src/manifest/byte-budget.ts src/manifest/config-load.ts src/manifest/publish.ts --format esm --dts --clean --target node22",
+    build: "tsup src/index.ts src/deploy.ts src/dotns.ts src/pool.ts src/telemetry.ts src/memory-report.ts src/merkle.ts src/gh-pages-mirror.ts src/version-check.ts src/bug-report.ts src/run-state.ts src/environments.ts src/errors.ts src/manifest.ts src/chunk-probe.ts src/manifest-embed.ts src/manifest-fetch.ts src/manifest-roundtrip.ts src/incremental-stats.ts src/chunker.ts src/personhood/encoding.ts src/personhood/hashing.ts src/personhood/constants.ts src/personhood/member-key.ts src/personhood/people-client.ts src/personhood/proof-validity.ts src/personhood/reprove.ts src/personhood/bind-personal-id.ts src/personhood/claim-pgas.ts src/personhood/bind-paid-alias.ts src/personhood/bootstrap.ts src/personhood/chain-prereqs.ts src/manifest/types.ts src/manifest/schema.ts src/manifest/byte-budget.ts src/manifest/config-load.ts src/manifest/publish.ts src/auth/index.ts src/auth/vendor/index.ts src/auth/vendor/ui/index.ts src/auth-config.ts src/commands/login.ts src/commands/logout.ts src/commands/whoami.ts src/storage-signer.ts --format esm --dts --clean --target node22",
     "refresh-environments": "node scripts/refresh-environments.mjs",
     prepare: "npm run build",
-    test: "npm run build && node --test test/test.js test/cli-help.test.js test/helpers/e2e-helpers.test.js test/environments.test.js test/refresh-environments.test.js test/chunk-sharing-report.test.js test/product-manifest.test.js test/cache-savings-totals.test.js test/error-pattern-signature.test.js test/exit-codes.test.js test/probe-env-health.test.js test/e2e-chain-calls.test.js",
+    test: "npm run build && node --test test/test.js test/cli-help.test.js test/helpers/e2e-helpers.test.js test/environments.test.js test/refresh-environments.test.js test/chunk-sharing-report.test.js test/product-manifest.test.js test/cache-savings-totals.test.js test/error-pattern-signature.test.js test/exit-codes.test.js test/probe-env-health.test.js test/e2e-chain-calls.test.js test/auth-config.test.js test/whoami.test.js test/login.test.js test/logout.test.js test/auth-resolve.test.js",
     "test:e2e": "npm run build && node --test test/e2e.test.js",
     "test:e2e:smoke": "bash scripts/e2e-pass.sh smoke",
     "test:e2e:pr": "bash scripts/e2e-pass.sh pr",
@@ -63,6 +63,10 @@ var package_default = {
     "@ipld/car": "^5.4.3",
     "@ipld/dag-pb": "^4.1.3",
     "@noble/hashes": "^1.7.2",
+    "@parity/product-sdk-address": "^0.1.1",
+    "@parity/product-sdk-keys": "^0.3.0",
+    "@parity/product-sdk-terminal": "^0.2.1",
+    "@parity/product-sdk-tx": "^0.2.4",
     "@polkadot-api/metadata-builders": "^0.14.2",
     "@polkadot-api/substrate-bindings": "^0.20.2",
     "@polkadot-labs/hdkd": "^0.0.28",
@@ -82,8 +86,18 @@ var package_default = {
     "@types/node": "^22.0.0",
     tsup: "^8.5.0",
     typescript: "^5.9.3",
+    vitest: "^3.0.0",
     ws: "^8.20.1"
   },
+  overrides: {
+    "@polkadot-api/json-rpc-provider": "^0.2.0",
+    "@novasamatech/host-api": "0.7.9-4",
+    "@novasamatech/host-papp": "0.7.9-4",
+    "@novasamatech/product-sdk": "0.7.9-4",
+    "@novasamatech/scale": "0.7.9-4",
+    "@novasamatech/statement-store": "0.7.9-4",
+    "@novasamatech/storage-adapter": "0.7.9-4"
+  },
   minimumVersion: "0.5.6",
   engines: {
     node: ">=22"

package/dist/chunk-RIRDBSBG.js

@@ -0,0 +1,36 @@
+// src/auth/vendor/ui/qr.ts
+import { renderQrCode } from "@parity/product-sdk-terminal";
+
+// src/auth/vendor/ui/status.ts
+function renderLoginStatus(status) {
+  switch (status.step) {
+    case "waiting":
+      return "Waiting for you to scan the QR code with your phone\u2026";
+    case "paired":
+      return "Paired \u2014 finishing sign-in\u2026";
+    case "pending":
+      return `Working: ${status.stage}\u2026`;
+    case "success":
+      return `Signed in as ${status.address}`;
+    case "error":
+      return `Sign-in failed: ${status.message}`;
+  }
+}
+function renderLogoutStatus(status) {
+  switch (status.step) {
+    case "disconnecting":
+      return `Signing out ${status.address}\u2026`;
+    case "success":
+      return `Signed out ${status.address}`;
+    case "partial":
+      return `Signed out locally (${status.address}); the phone was not notified: ${status.reason}`;
+    case "error":
+      return `Sign-out error: ${status.message}`;
+  }
+}
+
+export {
+  renderQrCode,
+  renderLoginStatus,
+  renderLogoutStatus
+};