@parity/product-deploy 0.8.3-rc.8 → 0.9.0-rc.0

package/dist/{chunk-RPU72Z4B.js → chunk-RD2QHYTL.js}

@@ -1,3 +1,6 @@
+import {
+  checkSSSAllowance
+} from "./chunk-G56VYTUD.js";
 import {
   MirrorSkipped,
   mirrorToGitHubPages,
@@ -24,28 +27,30 @@ import {
   parseManifest
 } from "./chunk-S7EM5VMW.js";
 import {
-  DOT_DAPP_ID,
   DOT_PRODUCT_ID,
+  STALE_SESSION_MESSAGE,
+  getPeopleChainEndpoints,
   hasPersistedSession
-} from "./chunk-327NAPBD.js";
+} from "./chunk-H4LWILH4.js";
 import {
   setDeployContext
-} from "./chunk-T4PAK4YK.js";
+} from "./chunk-O2NWQLYB.js";
 import {
   probeChunks
-} from "./chunk-3OWKSL7K.js";
+} from "./chunk-NP4SLURL.js";
 import {
   packSection
 } from "./chunk-C2TS5MER.js";
 import {
   DotNS,
+  PUBLISHER_ABI,
   PublisherNotSupportedError,
   TX_TIMEOUT_MS,
   fetchNonce,
   parseDomainName,
   popStatusName,
   verifyNonceAdvanced
-} from "./chunk-EGNMZHMR.js";
+} from "./chunk-WZBAQCA5.js";
 import {
   derivePoolAccounts,
   detectTestnet,
@@ -67,13 +72,13 @@ import {
   truncateAddress,
   withDeploySpan,
   withSpan
-} from "./chunk-WHMNBSG7.js";
+} from "./chunk-LCKLYFAZ.js";
 import {
   DEFAULT_ENV_ID,
   getPopSelfServeConfig,
   loadEnvironments,
   resolveEndpoints
-} from "./chunk-5K3RI5C2.js";
+} from "./chunk-GL3U7K2B.js";
 import {
   NonRetryableError
 } from "./chunk-ZOC4GITL.js";
@@ -104,6 +109,7 @@ import { base32 } from "multiformats/bases/base32";
 import { base58btc } from "multiformats/bases/base58";
 import * as dagPB from "@ipld/dag-pb";
 import { UnixFS } from "ipfs-unixfs";
+import { keccak256, toBytes } from "viem";
 import { cryptoWaitReady } from "@polkadot/util-crypto";
 import { getPolkadotSigner as getPolkadotSigner2 } from "polkadot-api/signer";
 import { sr25519CreateDerive as sr25519CreateDerive2 } from "@polkadot-labs/hdkd";
@@ -247,10 +253,80 @@ function extractBulletinSlotKey(outcomes) {
     if (allocated?.tag !== "BulletInAllowance") continue;
     const key = allocated.value?.slotAccountKey;
     if (!(key instanceof Uint8Array)) continue;
-    return toHex(normalizeSchnorrkelKey(key));
+    return toHex(key);
   }
   return null;
 }
+var BulletinSlotAuthError = class extends Error {
+  reason;
+  /** The on-chain expiration block (only set when reason === "expired"). */
+  expiration;
+  constructor(reason, ss58, expiration) {
+    const detail = reason === "expired" && expiration != null ? `expired at block ${expiration}` : "no on-chain authorization found";
+    super(`Slot account ${ss58} not authorized on Bulletin (${detail})`);
+    this.reason = reason;
+    this.expiration = expiration;
+    this.name = "BulletinSlotAuthError";
+  }
+};
+function isBulletinAuthActive(auth, blockNumber) {
+  if (auth == null) return { active: false, reason: "missing" };
+  const exp = Number(auth.expiration ?? 0);
+  if (exp <= blockNumber) return { active: false, reason: "expired", expiration: exp };
+  return { active: true, expiration: exp };
+}
+async function pollUntilBulletinAuthorized(queryFn, opts = {}) {
+  const { pollMs = 2e3, timeoutMs = 9e4 } = opts;
+  const debug = Boolean(process.env.DOT_DEBUG);
+  const deadline = Date.now() + timeoutMs;
+  while (Date.now() < deadline) {
+    try {
+      const { auth, blockNumber } = await queryFn();
+      const result = isBulletinAuthActive(auth, blockNumber);
+      if (result.active) {
+        if (debug) console.error(`[auth-poll] active expiration=${result.expiration}`);
+        return { authorized: true, expiration: result.expiration };
+      }
+      if (debug) {
+        console.error(
+          `[auth-poll] not-active reason=${result.reason}` + (result.expiration != null ? ` expiration=${result.expiration}` : "")
+        );
+      }
+    } catch (e) {
+      if (debug) console.error(`[auth-poll] query-errored: ${e instanceof Error ? e.message : String(e)}`);
+    }
+    const remaining = deadline - Date.now();
+    if (remaining <= 0) break;
+    await new Promise((r) => setTimeout(r, Math.min(pollMs, remaining)));
+  }
+  return { authorized: false, reason: "timeout" };
+}
+async function waitForBulletinAuthorization(ss58, opts = {}) {
+  const { quiet, endpoints, ...pollOpts } = opts;
+  const eps = endpoints && endpoints.length > 0 ? endpoints : BULLETIN_ENDPOINTS;
+  const primary = eps[0];
+  const onStatusChanged = quiet ? () => {
+  } : makeBulletinStatusHandler(primary);
+  const client = createPolkadotClient(getWsProvider(
+    eps,
+    { heartbeatTimeout: WS_HEARTBEAT_TIMEOUT_MS, onStatusChanged }
+  ));
+  const unsafeApi = client.getUnsafeApi();
+  try {
+    return await pollUntilBulletinAuthorized(
+      async () => {
+        const [auth, block] = await Promise.all([
+          unsafeApi.query.TransactionStorage.Authorizations.getValue(Enum("Account", ss58)),
+          client.getFinalizedBlock()
+        ]);
+        return { auth, blockNumber: block.number };
+      },
+      pollOpts
+    );
+  } finally {
+    client.destroy();
+  }
+}
 async function getSlotSignerProvider(signer, ss58) {
   const primary = BULLETIN_ENDPOINTS[0];
   console.log(`   Connecting to Bulletin (slot signer): ${primary}`);
@@ -263,12 +339,12 @@ async function getSlotSignerProvider(signer, ss58) {
     unsafeApi.query.TransactionStorage.Authorizations.getValue(Enum("Account", ss58)),
     client.getFinalizedBlock()
   ]);
-  const now = currentBlock.number;
-  if (!auth || Number(auth.expiration ?? 0) <= now) {
+  const result = isBulletinAuthActive(auth, currentBlock.number);
+  if (!result.active) {
     client.destroy();
-    throw new Error(`Slot account ${ss58} not authorized on Bulletin`);
+    throw new BulletinSlotAuthError(result.reason, ss58, result.expiration);
   }
-  console.log(`   Using slot signer: ${ss58} (authorized until block ${Number(auth?.expiration ?? 0)})`);
+  console.log(`   Using slot signer: ${ss58} (authorized until block ${result.expiration})`);
   setDeployAttribute("deploy.signer.mode", "slot");
   setDeployAttribute("deploy.signer.address", truncateAddress(ss58));
   return { client, unsafeApi, signer, ss58 };
@@ -452,8 +528,41 @@ async function getDirectProvider(mnemonic, derivationPath = "") {
   setDeployAttribute("deploy.signer.address", truncateAddress(ss58));
   return { client, unsafeApi, signer, ss58 };
 }
+async function getSignerProvider(signer, ss58) {
+  const primary = BULLETIN_ENDPOINTS[0];
+  console.log(`   Connecting to Bulletin: ${primary}`);
+  const client = createPolkadotClient2(getWsProvider2(
+    BULLETIN_ENDPOINTS,
+    { heartbeatTimeout: WS_HEARTBEAT_TIMEOUT_MS, onStatusChanged: makeBulletinStatusHandler(primary) }
+  ));
+  const unsafeApi = client.getUnsafeApi();
+  console.log(`   Using external signer: ${ss58}`);
+  let [auth, currentBlock] = await Promise.all([
+    unsafeApi.query.TransactionStorage.Authorizations.getValue(Enum2("Account", ss58)),
+    client.getFinalizedBlock()
+  ]);
+  let now = currentBlock.number;
+  if (!auth || Number(auth.expiration ?? 0) <= now) {
+    try {
+      await ensureAuthorized(unsafeApi, ss58, "external signer");
+      [auth, currentBlock] = await Promise.all([
+        unsafeApi.query.TransactionStorage.Authorizations.getValue(Enum2("Account", ss58)),
+        client.getFinalizedBlock()
+      ]);
+      now = currentBlock.number;
+    } catch (e) {
+      client.destroy();
+      throw new NonRetryableError(`Account ${ss58} is not authorized for Bulletin storage and auto-authorization failed: ${e.message}`);
+    }
+  }
+  console.log(`   Authorization: expires at block ${Number(auth?.expiration ?? 0)} (current: ${now})`);
+  setDeployAttribute("deploy.signer.mode", "external");
+  setDeployAttribute("deploy.signer.address", truncateAddress(ss58));
+  return { client, unsafeApi, signer, ss58 };
+}
 function __selectStorageProviderModeForTest(options) {
   if (options.storageSigner && options.storageSignerAddress) return "storageSigner";
+  if (options.signer && options.signerAddress) return "signer";
   if (options.mnemonic) return "direct";
   return "pool";
 }
@@ -464,6 +573,10 @@ function chooseSignerInput(opts) {
   if (opts.hasSession) return "resolve";
   return "pool";
 }
+function formatStorageSignerLine(slotAddress, failReason) {
+  if (slotAddress) return `   Storage signer: allowance slot ${slotAddress}`;
+  return `   Storage signer: pool fallback (${failReason ?? "no session"})`;
+}
 function selectStorageReconnect(options) {
   if (options.storageSigner && options.storageSignerAddress) {
     let useSlot = true;
@@ -471,13 +584,26 @@ function selectStorageReconnect(options) {
       if (!useSlot) return getProvider();
       try {
         return await getSlotSignerProvider(options.storageSigner, options.storageSignerAddress);
-      } catch {
+      } catch (e) {
         useSlot = false;
         setDeployAttribute("deploy.signer.mode", "pool-fallback");
+        let reason;
+        if (e instanceof BulletinSlotAuthError) {
+          reason = e.reason === "expired" && e.expiration != null ? `expired at block ${e.expiration}` : "no on-chain authorization found";
+        } else {
+          reason = e instanceof Error ? e.message : String(e);
+        }
+        console.warn(
+          `\u26A0  Bulletin allowance slot not usable: ${reason}
+   Falling back to the shared pool account for storage (fine on testnet).
+   To use your own allowance, run: bulletin-deploy logout && bulletin-deploy login`
+        );
         return getProvider();
       }
     };
   }
+  if (options.signer && options.signerAddress)
+    return () => getSignerProvider(options.signer, options.signerAddress);
   if (options.mnemonic)
     return () => getDirectProvider(options.mnemonic, options.derivationPath);
   return () => getProvider();
@@ -1687,8 +1813,7 @@ async function publish(dotns, parsed, failOnError) {
     setDeployAttribute("deploy.publish.status", "failed");
     if (failOnError) throw e;
     const msg = e?.message ?? String(e);
-    console.error(`   Warning: publish failed (non-fatal): ${msg}`);
-    captureWarning("publish failed", { error: msg.slice(0, 200) });
+    console.log(`   Publish failed: ${msg}`);
   }
 }
 async function unpublish(domainName, options = {}) {
@@ -1830,36 +1955,56 @@ async function deploy(content, domainName = null, options = {}) {
     } catch (e) {
       if (options.suri) throw e;
       if (e?.name === "SignerNotAvailableError") {
-        console.log(
-          "   Login session unavailable or expired \u2014 falling back to pool. Run `bulletin-deploy login` to use your identity."
-        );
+        if (hasSession) {
+          console.error(STALE_SESSION_MESSAGE);
+        } else {
+          console.log(
+            "   Login session unavailable or expired \u2014 falling back to pool. Run `bulletin-deploy login` to use your identity."
+          );
+        }
       } else {
         throw e;
       }
     }
   }
+  if (resolvedUserSession && options.signer) {
+    try {
+      const productPubkey = options.signer.publicKey;
+      const peopleEndpoints = await getPeopleChainEndpoints(envId);
+      const allowed = await checkSSSAllowance(productPubkey, peopleEndpoints);
+      if (allowed === false) {
+        throw new NonRetryableError(
+          "Session signing allowance has expired (~2-3 days after login). Run `bulletin-deploy login` to renew."
+        );
+      }
+    } catch (e) {
+      if (e instanceof NonRetryableError) throw e;
+    }
+  }
   if (!options.storageSigner) {
+    let storageLine = null;
     try {
-      let slotResult = await readBulletinSlotSigner(DOT_DAPP_ID);
-      if (!slotResult && resolvedUserSession?.userSession) {
-        const { requestResourceAllocation } = await import("./auth/index.js");
-        console.log("Requesting Bulletin storage allowance \u2014 check your phone to approve");
-        const outcomes = await requestResourceAllocation(
-          resolvedUserSession.userSession,
-          DOT_PRODUCT_ID,
-          [{ tag: "BulletInAllowance", value: void 0 }]
+      if (resolvedUserSession?.userSession && resolvedUserSession?.adapter) {
+        const { ss58Encode } = await import("@parity/product-sdk-address");
+        const signerResult = await resolvedUserSession.adapter.allowance.getBulletinSigner(
+          resolvedUserSession.userSession.id,
+          DOT_PRODUCT_ID
         );
-        const hexKey = extractBulletinSlotKey(outcomes);
-        if (hexKey) {
-          await writeBulletinSlotKey(DOT_DAPP_ID, hexKey);
-          slotResult = await readBulletinSlotSigner(DOT_DAPP_ID);
+        if (signerResult.isOk()) {
+          const slotSigner = signerResult.value;
+          const slotAddress = ss58Encode(slotSigner.publicKey);
+          options = { ...options, storageSigner: slotSigner, storageSignerAddress: slotAddress };
+          storageLine = formatStorageSignerLine(slotAddress);
+        } else {
+          storageLine = formatStorageSignerLine(null, signerResult.error.reason);
         }
-      }
-      if (slotResult) {
-        options = { ...options, storageSigner: slotResult.signer, storageSignerAddress: slotResult.ss58 };
+      } else {
+        storageLine = formatStorageSignerLine(null);
       }
     } catch {
+      storageLine = formatStorageSignerLine(null, "error");
     }
+    if (storageLine) console.log(storageLine);
   }
   initTelemetry();
   const randomSuffix = Math.floor(Math.random() * 100).toString().padStart(2, "0");
@@ -1894,6 +2039,7 @@ async function deploy(content, domainName = null, options = {}) {
       const reconnect = selectStorageReconnect(options);
       let dotnsPreflight = null;
       let previousContenthashCid = null;
+      let preflightPublishNeeded = false;
       try {
         console.log("\n" + "=".repeat(60));
         console.log("Preflight");
@@ -1919,10 +2065,34 @@ async function deploy(content, domainName = null, options = {}) {
           }
           console.log(`   Mode: subdomain (parent ${parsed.parentLabel}.dot owned by signer)`);
         } else {
+          preflightPublishNeeded = false;
           try {
             dotnsPreflight = await preflight.preflight(name);
             previousContenthashCid = await readPreviousContenthashSafe(preflight, name);
             setDeployAttribute("deploy.incremental", previousContenthashCid ? "true" : "false");
+            if (options.publish && parsed && !parsed.isSubdomain) {
+              const publisher = preflight._contracts?.PUBLISHER;
+              const zeroAddr = "0x0000000000000000000000000000000000000000";
+              if (!publisher || publisher === zeroAddr) {
+                console.log(`   Publish: not supported on this environment \u2014 will be skipped`);
+              } else {
+                const labelhash = keccak256(toBytes(name));
+                try {
+                  const alreadyPublished = await preflight.contractCall(
+                    publisher,
+                    PUBLISHER_ABI,
+                    "isPublished",
+                    [labelhash]
+                  );
+                  preflightPublishNeeded = !alreadyPublished;
+                  if (!preflightPublishNeeded) {
+                    console.log(`   Publish: already published \u2014 will be skipped`);
+                  }
+                } catch {
+                  preflightPublishNeeded = true;
+                }
+              }
+            }
           } finally {
             preflight.disconnect();
           }
@@ -1944,6 +2114,20 @@ async function deploy(content, domainName = null, options = {}) {
             );
           }
         }
+        if (options.signer && options.signerAddress) {
+          const steps = computePhoneSigningSteps(dotnsPreflight, preflightPublishNeeded);
+          if (steps.length === 1) {
+            console.log(`
+\u{1F4F1} Have your phone ready \u2014 1 signature needed (${steps[0].toLowerCase()})`);
+          } else if (steps.length > 1) {
+            const display = steps.flatMap(
+              (s, i) => s === "Register" && steps[i - 1] === "Commitment" ? ["(wait)", s] : [s]
+            );
+            console.log(`
+\u{1F4F1} Have your phone ready \u2014 ${steps.length} signatures needed`);
+            console.log(`   ${display.map((s) => s.toLowerCase()).join(" \xB7 ")}`);
+          }
+        }
         provider = await reconnect();
         const providerWithReconnect = { ...provider, reconnect };
         const isTestnet = await detectTestnet(provider.unsafeApi);
@@ -2128,7 +2312,11 @@ async function deploy(content, domainName = null, options = {}) {
         console.log("=".repeat(60));
         await withSpan("deploy.dotns", "2. dotns", { "deploy.domain": name, "deploy.subdomain": String(parsed?.isSubdomain ?? false) }, async () => {
           const dotns = new DotNS();
-          await dotns.connect(resolveDotnsConnectOptions(options, envAssetHub, envAutoAccountMapping, envContracts, envNativeToEthRatio, envId, envPopSelfServe, envRegisterStorageDeposit));
+          await dotns.connect({
+            ...resolveDotnsConnectOptions(options, envAssetHub, envAutoAccountMapping, envContracts, envNativeToEthRatio, envId, envPopSelfServe, envRegisterStorageDeposit),
+            ...options.signer && options.signerAddress ? { onPhoneSigningRequired: (label) => console.log(`
+   Check your phone \u2192 ${label}`) } : {}
+          });
           if (parsed?.isSubdomain) {
             const { owned, owner } = await dotns.checkSubdomainOwnership(parsed.sublabel, parsed.parentLabel);
             if (owned) {
@@ -2153,7 +2341,9 @@ async function deploy(content, domainName = null, options = {}) {
           const contenthashHex = `0x${encodeContenthash(cid)}`;
           await dotns.setContenthash(name, contenthashHex);
           if (options.publish && parsed) {
-            await publish(dotns, parsed, options.failOnPublishError);
+            if (preflightPublishNeeded !== false) {
+              await publish(dotns, parsed, options.failOnPublishError);
+            }
           }
           dotns.disconnect();
         });
@@ -2219,6 +2409,16 @@ async function deploy(content, domainName = null, options = {}) {
     sessionCleanup?.();
   }
 }
+function computePhoneSigningSteps(dotnsPreflight, publishNeeded) {
+  if (!dotnsPreflight || dotnsPreflight.plannedAction === "abort") return [];
+  const steps = [];
+  if (dotnsPreflight.plannedAction === "register") {
+    steps.push("Commitment", "Register");
+  }
+  steps.push("Link content");
+  if (publishNeeded) steps.push("Publish to registry");
+  return steps;
+}
 
 // src/merkle.ts
 var CidPreservingBlockstore = class {
@@ -2620,6 +2820,10 @@ export {
   readBulletinSlotSigner,
   writeBulletinSlotKey,
   extractBulletinSlotKey,
+  BulletinSlotAuthError,
+  isBulletinAuthActive,
+  pollUntilBulletinAuthorized,
+  waitForBulletinAuthorization,
   getSlotSignerProvider,
   friendlyChainError,
   DEFAULT_BULLETIN_RPC,
@@ -2643,6 +2847,7 @@ export {
   encryptContent,
   __selectStorageProviderModeForTest,
   chooseSignerInput,
+  formatStorageSignerLine,
   storeFile,
   __assignDenseNoncesForTest,
   storeChunkedContent,
@@ -2664,5 +2869,6 @@ export {
   browserUrlFor,
   interpretBitswapResult,
   probeP2pRetrieval,
-  deploy
+  deploy,
+  computePhoneSigningSteps
 };

package/dist/{chunk-EGNMZHMR.js → chunk-WZBAQCA5.js}

@@ -8,10 +8,10 @@ import {
   setDeploySentryTag,
   truncateAddress,
   withSpan
-} from "./chunk-WHMNBSG7.js";
+} from "./chunk-LCKLYFAZ.js";
 import {
   validateContractAddresses
-} from "./chunk-5K3RI5C2.js";
+} from "./chunk-GL3U7K2B.js";
 import {
   NonRetryableError
 } from "./chunk-ZOC4GITL.js";
@@ -759,8 +759,8 @@ var ReviveClientWrapper = class _ReviveClientWrapper {
         const decision = classifyTxRetryDecision(e);
         if (decision === "abort" || attempt === DOTNS_TX_MAX_ATTEMPTS) break;
         const ms = dotnsRetryBackoffMs(attempt);
-        const short = (e?.message ?? String(e)).slice(0, 80);
-        console.log(`   ${label}: attempt ${attempt}/${DOTNS_TX_MAX_ATTEMPTS} failed (${short}), retrying in ${ms}ms\u2026`);
+        const msg = e?.message ?? String(e);
+        console.log(`   ${label}: attempt ${attempt}/${DOTNS_TX_MAX_ATTEMPTS} failed (${msg}), retrying in ${ms}ms\u2026`);
         await new Promise((r) => setTimeout(r, ms));
       }
     }
@@ -958,6 +958,7 @@ var DotNS = class {
   _environmentId = null;
   _popSelfServe = null;
   _registerStorageDeposit = MINIMUM_REGISTER_STORAGE_DEPOSIT;
+  _onPhoneSigningRequired = void 0;
   // Test-only seam: consumed once by classifyAliasAccountState() then cleared.
   // Mirrors the __setDeployRootSpanForTest / __setSentryForTest pattern.
   _classifyOverrideForTest = null;
@@ -1005,6 +1006,9 @@ var DotNS = class {
     if (options.registerStorageDeposit !== void 0) {
       this._registerStorageDeposit = options.registerStorageDeposit;
     }
+    if (options.onPhoneSigningRequired !== void 0) {
+      this._onPhoneSigningRequired = options.onPhoneSigningRequired;
+    }
     const rpc = options.rpc || process.env.DOTNS_RPC || this.assetHubEndpoints[0];
     this.rpc = rpc;
     this._usesExternalSigner = Boolean(options.signer && options.signerAddress);
@@ -1657,6 +1661,9 @@ var DotNS = class {
           await new Promise((r) => setTimeout(r, POLL_INTERVAL_MS));
         }
       };
+      console.log(`
+   Linking content...`);
+      this._onPhoneSigningRequired?.("Link content");
       const txRes = await this.contractTransaction(this._contracts.DOTNS_CONTENT_RESOLVER, 0n, DOTNS_CONTENT_RESOLVER_ABI, "setContenthash", [node, contenthashHex], (s) => console.log(`      ${s}`), { useNoncePolling: true, verifyEffect });
       const finalOnChain = (await this.getContenthash(domainName) || "0x").toLowerCase();
       if (finalOnChain !== expected) {
@@ -1884,6 +1891,7 @@ var DotNS = class {
         }
       };
       try {
+        this._onPhoneSigningRequired?.("Publish to registry");
         const txRes = await this.contractTransaction(publisher, 0n, PUBLISHER_ABI, "publish", [label], (s) => console.log(`      ${s}`), { useNoncePolling: true, verifyEffect });
         const finalPublished = await withTimeout(
           this.contractCall(publisher, PUBLISHER_ABI, "isPublished", [labelhash]),
@@ -2028,6 +2036,7 @@ var DotNS = class {
     this.ensureConnected();
     console.log(`
    Submitting commitment...`);
+    this._onPhoneSigningRequired?.("Commitment");
     const commitTxRes = await this.contractTransaction(this._contracts.DOTNS_REGISTRAR_CONTROLLER, 0n, DOTNS_REGISTRAR_CONTROLLER_ABI, "commit", [commitment], (s) => console.log(`      ${s}`));
     logTxResolution(commitTxRes);
     console.log(`   Committed at: ${(/* @__PURE__ */ new Date()).toISOString()}`);
@@ -2122,6 +2131,7 @@ var DotNS = class {
     setDeployAttribute("deploy.payment_wei", priceWei.toString());
     console.log(`   Oracle price: ${formatEther(priceWei)} PAS`);
     console.log(`   Paying: ${formatEther(bufferedPaymentWei)} PAS`);
+    this._onPhoneSigningRequired?.("Register");
     const registerTxRes = await this.contractTransaction(this._contracts.DOTNS_REGISTRAR_CONTROLLER, bufferedPaymentNative, DOTNS_REGISTRAR_CONTROLLER_ABI, "register", [registration], (s) => console.log(`      ${s}`));
     logTxResolution(registerTxRes);
     if (registerTxRes.kind === TX_KIND_HASH) {
@@ -2545,6 +2555,7 @@ var DotNS = class {
       this.connected = false;
     }
     this._usesExternalSigner = false;
+    this._onPhoneSigningRequired = void 0;
   }
 };
 var dotns = new DotNS();

package/dist/{chunk-YOQLRCQV.js → chunk-YIKGVALU.js}

@@ -6,15 +6,15 @@ import {
   resolveDotnsConnectOptions,
   storeDirectory,
   storeFile
-} from "./chunk-RPU72Z4B.js";
+} from "./chunk-RD2QHYTL.js";
 import {
   DotNS
-} from "./chunk-EGNMZHMR.js";
+} from "./chunk-WZBAQCA5.js";
 import {
   getPopSelfServeConfig,
   loadEnvironments,
   resolveEndpoints
-} from "./chunk-5K3RI5C2.js";
+} from "./chunk-GL3U7K2B.js";
 import {
   NonRetryableError
 } from "./chunk-ZOC4GITL.js";

package/dist/chunk-probe.js

@@ -5,9 +5,9 @@ import {
   _decodeStorageValue,
   _resetProbeSession,
   probeChunks
-} from "./chunk-3OWKSL7K.js";
-import "./chunk-WHMNBSG7.js";
-import "./chunk-YXGNQZZF.js";
+} from "./chunk-NP4SLURL.js";
+import "./chunk-LCKLYFAZ.js";
+import "./chunk-2SR5D4CP.js";
 export {
   ChainProbeCrossValidationError,
   ChainProbeMetadataError,

package/dist/commands/login.d.ts

@@ -1,6 +1,3 @@
-import { b as AllocationSummary } from '../allocations-B65Is4Md.js';
-import '@parity/product-sdk-terminal';
-
 /**
  * login — QR/mobile sign-in command.
  *
@@ -8,15 +5,43 @@ import '@parity/product-sdk-terminal';
  *  1. connect() → existing session (already logged in) OR QR code
  *  2. Print QR → user scans on phone
  *  3. waitForLogin() → phone approves → paired
- *  4. requestAllocation() — REQUIRED before the fresh session can sign (RFC-0010)
- *  5. Print summarizeLogin()
- *  6. destroy()
+ *  4. getBulletinSigner() — resolves the slot account from host-papp's allowance service.
+ *     Uses DOT_PRODUCT_ID ("playground.dot") as callingProductId, which matches what the
+ *     mobile wallet allocated during pairing. A 60s timeout prevents hanging on unresponsive phones.
+ *  5. Print summarizeLogin() + slot address on success; map AllowanceError.reason → message on failure
+ *  6. Destroy adapters and exit
  */
-
+/**
+ * Map an AllowanceError.reason to a user-facing message.
+ *
+ * - NoSession: the paired session was not found (should not happen right after login)
+ * - Rejected: the user dismissed the wallet prompt
+ * - NotAvailable: the wallet has no allocation for this product (re-pair needed)
+ * - UnexpectedResponse: protocol-level error in the wire exchange
+ */
+declare function allocationErrorMessage(reason: string): string;
 /**
  * Format a post-login summary. Pure function, unit-testable.
+ *
+ * @param address       SS58 product address (the identity signing on-chain)
+ * @param slotAddress   SS58 slot account address for Bulletin storage, or null if not obtained
+ */
+declare function summarizeLogin(address: string, slotAddress: string | null): string;
+/**
+ * Produce the on-chain authorization result message shown after the active-wait completes.
+ * Pure function — unit-testable without a real WS connection.
+ *
+ * - authorized = true  → ✓ success message with expiration block (exit-0, show summarizeLogin).
+ * - authorized = false → soft-warning: active wait timed out before the authorization landed.
+ *   Login is still valid — the slot is deterministic and often already authorized; the deploy
+ *   path re-probes before use and falls back to the pool if still absent. isWarning=true so
+ *   callers know it's a non-fatal outcome. The timeout bound (timeoutSeconds) is embedded in
+ *   the message so users understand the ceiling that was used.
  */
-declare function summarizeLogin(address: string, summary: AllocationSummary): string;
+declare function bulletinAuthSummary(authorized: boolean, expiration?: number, timeoutSeconds?: number): {
+    message: string;
+    isWarning: boolean;
+};
 interface LoginOptions {
     suri?: string;
 }
@@ -25,4 +50,4 @@ interface LoginOptions {
  */
 declare function runLogin(envId: string, _opts?: LoginOptions): Promise<void>;
 
-export { type LoginOptions, runLogin, summarizeLogin };
+export { type LoginOptions, allocationErrorMessage, bulletinAuthSummary, runLogin, summarizeLogin };