@parity/product-deploy 0.8.3-rc.8 → 0.9.0-rc.0

package/dist/personhood/bootstrap.js

@@ -1,9 +1,3 @@
-import {
-  bindPersonalIdToAccount
-} from "../chunk-7URNKK6J.js";
-import {
-  runChainPrereqProbes
-} from "../chunk-XAB7WM3S.js";
 import {
   claimPgas
 } from "../chunk-EATOPQFR.js";
@@ -16,9 +10,15 @@ import {
   bindPaidAliasToAccount
 } from "../chunk-OCKCB72S.js";
 import "../chunk-EJI3MX4G.js";
+import {
+  bindPersonalIdToAccount
+} from "../chunk-7URNKK6J.js";
 import {
   bytesToHex
 } from "../chunk-ZYVGHDMU.js";
+import {
+  runChainPrereqProbes
+} from "../chunk-XAB7WM3S.js";
 import {
   DOTNS_CONTEXT_BYTES,
   PEOPLE_MEMBER_IDENTIFIER_HEX,
@@ -26,13 +26,13 @@ import {
 } from "../chunk-SI2ZUOYD.js";
 import {
   WS_HEARTBEAT_TIMEOUT_MS
-} from "../chunk-EGNMZHMR.js";
+} from "../chunk-WZBAQCA5.js";
 import "../chunk-QS7YU76C.js";
-import "../chunk-WHMNBSG7.js";
-import "../chunk-YXGNQZZF.js";
+import "../chunk-LCKLYFAZ.js";
+import "../chunk-2SR5D4CP.js";
 import {
   loadEnvironments
-} from "../chunk-5K3RI5C2.js";
+} from "../chunk-GL3U7K2B.js";
 import "../chunk-ZOC4GITL.js";
 
 // src/personhood/bootstrap.ts

package/dist/personhood/people-client.js

@@ -1,12 +1,12 @@
 import {
   WS_HEARTBEAT_TIMEOUT_MS
-} from "../chunk-EGNMZHMR.js";
+} from "../chunk-WZBAQCA5.js";
 import "../chunk-QS7YU76C.js";
-import "../chunk-WHMNBSG7.js";
-import "../chunk-YXGNQZZF.js";
+import "../chunk-LCKLYFAZ.js";
+import "../chunk-2SR5D4CP.js";
 import {
   loadEnvironments
-} from "../chunk-5K3RI5C2.js";
+} from "../chunk-GL3U7K2B.js";
 import "../chunk-ZOC4GITL.js";
 
 // src/personhood/people-client.ts

package/dist/run-state.js

@@ -7,7 +7,7 @@ import {
   shouldSkipStaleWarning,
   stateFilePath,
   writeRunState
-} from "./chunk-YXGNQZZF.js";
+} from "./chunk-2SR5D4CP.js";
 export {
   VERSION,
   loadRunState,

package/dist/{signer-CriGqahj.d.ts → signer-vR6KKC7V.d.ts}

@@ -1,6 +1,6 @@
 import { DevAccountName } from '@parity/product-sdk-tx';
 import { PolkadotSigner } from 'polkadot-api';
-import { e as SessionHandle, S as SessionAddresses, A as AuthClient } from './auth-DkRZBK-T.js';
+import { h as SessionHandle, S as SessionAddresses, c as AuthClient } from './auth-C-Pel0AT.js';
 
 type SignerSource = "dev" | "session";
 interface ResolvedSigner {

package/dist/spinner.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Minimal terminal spinner with an elapsed-time readout.
+ *
+ * Renders `⠙ <label>… (3s)` on a single line via carriage-return redraw, in the
+ * style of Claude Code's live status. Built for awaiting a single async op
+ * (e.g. polling on-chain authorization during login).
+ *
+ * Footgun-safe by design:
+ *  - the redraw interval is .unref()'d, so it never keeps the Node event loop
+ *    alive — callers that process.exit() still exit cleanly.
+ *  - stop() is idempotent and always clears the interval.
+ *  - in a non-TTY (CI / piped output) it prints one static line and no \r
+ *    animation, so logs stay clean.
+ */
+interface Spinner {
+    /** Stop the spinner, clear the line, and optionally print a final line. */
+    stop(finalLine?: string): void;
+}
+declare function startSpinner(label: string, stream?: NodeJS.WriteStream): Spinner;
+
+export { type Spinner, startSpinner };

package/dist/spinner.js

@@ -0,0 +1,6 @@
+import {
+  startSpinner
+} from "./chunk-J7CYVTAW.js";
+export {
+  startSpinner
+};

package/dist/sss-allowance.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Statement Store (SSS) allowance preflight — pure storage read, no signing.
+ *
+ * The People chain stores SSS allowances under a deterministic key:
+ *   b":statement_allowance:" ++ raw_32_byte_account_pubkey
+ *
+ * We can check this via a single `state_getStorage` RPC call — no transaction,
+ * no phone dialog. Non-null, non-"0x" result means the allowance is present.
+ *
+ * Reference: substrate/primitives/statement-store/src/lib.rs
+ */
+/**
+ * Build the hex-encoded storage key for an SSS allowance check.
+ *
+ * Format: 0x + hex(":statement_allowance:" + pubkey_32_bytes)
+ * No twox/blake2 hashing — the key is the raw concatenation.
+ */
+declare function sssStorageKey(pubkey: Uint8Array): string;
+/**
+ * Check whether a Statement Store allowance is present on the People chain.
+ *
+ * @returns
+ *   - `true`  — allowance present (continue)
+ *   - `false` — allowance absent / expired (user must re-login)
+ *   - `null`  — could not determine (network error or timeout; caller decides whether to block)
+ */
+declare function checkSSSAllowance(pubkey: Uint8Array, peopleEndpoints: string[], timeoutMs?: number): Promise<boolean | null>;
+
+export { checkSSSAllowance, sssStorageKey };

package/dist/sss-allowance.js

@@ -0,0 +1,8 @@
+import {
+  checkSSSAllowance,
+  sssStorageKey
+} from "./chunk-G56VYTUD.js";
+export {
+  checkSSSAllowance,
+  sssStorageKey
+};

package/dist/storage-signer.d.ts

@@ -5,6 +5,11 @@ import { PolkadotSigner } from 'polkadot-api';
  * Returns null when not cached. storageDir defaults to os.homedir().
  *
  * Cache format: @parity/product-sdk-terminal host-cache.ts v1.
+ *
+ * NOTE: reads the pre-0.8.6 plaintext cache format (_AllowanceKeys.json). On host-papp 0.8.6+
+ * the cache is AES-encrypted and keyed by sessionId (_AllowanceKeys_<sessionId>.json), so
+ * this function returns null on 0.8.6+ installations. Use adapter.allowance.getBulletinSigner()
+ * for runtime checks instead.
  */
 declare function readBulletinSlotSigner(appId: string, storageDir?: string): Promise<{
     signer: PolkadotSigner;
@@ -24,9 +29,96 @@ declare function extractBulletinSlotKey(outcomes: {
     tag: string;
     value: unknown;
 }[]): `0x${string}` | null;
+/**
+ * Typed error thrown by getSlotSignerProvider when the slot account is not
+ * usably authorized on-chain.  The `reason` field lets callers produce
+ * targeted messages without string-matching.
+ *
+ *  "missing"  — no Authorizations entry found for the slot account.
+ *  "expired"  — entry exists but expiration ≤ current finalized block.
+ */
+declare class BulletinSlotAuthError extends Error {
+    readonly reason: "missing" | "expired";
+    /** The on-chain expiration block (only set when reason === "expired"). */
+    readonly expiration?: number;
+    constructor(reason: "missing" | "expired", ss58: string, expiration?: number);
+}
+/**
+ * Pure active-test for a Bulletin Authorizations entry.
+ * Shared by getSlotSignerProvider (single probe) and the poll loop in
+ * waitForBulletinAuthorization (repeated probes).
+ *
+ * @param auth  Raw value from TransactionStorage.Authorizations.getValue — null when absent.
+ * @param blockNumber  Current finalized block number.
+ */
+declare function isBulletinAuthActive(auth: {
+    expiration?: bigint | number;
+} | null | undefined, blockNumber: number): {
+    active: true;
+    expiration: number;
+} | {
+    active: false;
+    reason: "missing" | "expired";
+    expiration?: number;
+};
+/**
+ * Internal poll loop for waitForBulletinAuthorization.
+ * Injecting the query function keeps the loop unit-testable without a real WS connection.
+ *
+ * @param queryFn  Async function that returns {auth, blockNumber} — mock in tests.
+ * @param opts     pollMs (default 2000), timeoutMs (default 90000).
+ *
+ * Transient query errors (thrown by queryFn) are retried until the deadline — a
+ * flaky WS read is NOT treated as "unauthorized". Only a clean active-check
+ * returning false advances toward timeout.
+ */
+declare function pollUntilBulletinAuthorized(queryFn: () => Promise<{
+    auth: {
+        expiration?: bigint | number;
+    } | null | undefined;
+    blockNumber: number;
+}>, opts?: {
+    timeoutMs?: number;
+    pollMs?: number;
+}): Promise<{
+    authorized: true;
+    expiration: number;
+} | {
+    authorized: false;
+    reason: "timeout";
+}>;
+/**
+ * Open a Bulletin WS connection, poll Authorizations until the slot account's
+ * authorization lands on-chain, then destroy the connection and return.
+ *
+ * Intended for the fresh-login path in src/commands/login.ts to gate the
+ * success summary until the authorization is finalized (avoids the first-run
+ * race where deploy checks immediately after phone approval but before the
+ * on-chain tx is included).
+ *
+ * Does NOT print any progress — the caller (login.ts) owns the output via a
+ * spinner. Pass `quiet: true` to suppress connection status chatter so the
+ * caller's spinner owns the line.
+ *
+ * @returns `{ authorized: true, expiration }` on success;
+ *          `{ authorized: false, reason: "timeout" }` after the configured timeout.
+ */
+declare function waitForBulletinAuthorization(ss58: string, opts?: {
+    timeoutMs?: number;
+    pollMs?: number;
+    quiet?: boolean;
+    endpoints?: string[];
+}): Promise<{
+    authorized: true;
+    expiration: number;
+} | {
+    authorized: false;
+    reason: "timeout";
+}>;
 /**
  * Create a Bulletin WS connection for the slot-account signer.
- * No authorization checks — pool fallback is handled by the caller (selectStorageReconnect).
+ * Checks on-chain authorization (single probe — no poll). Throws BulletinSlotAuthError
+ * with reason "missing" | "expired" so callers can distinguish and produce targeted messages.
  */
 declare function getSlotSignerProvider(signer: PolkadotSigner, ss58: string): Promise<{
     client: any;
@@ -35,4 +127,4 @@ declare function getSlotSignerProvider(signer: PolkadotSigner, ss58: string): Pr
     ss58: string;
 }>;
 
-export { extractBulletinSlotKey, getSlotSignerProvider, readBulletinSlotSigner, writeBulletinSlotKey };
+export { BulletinSlotAuthError, extractBulletinSlotKey, getSlotSignerProvider, isBulletinAuthActive, pollUntilBulletinAuthorized, readBulletinSlotSigner, waitForBulletinAuthorization, writeBulletinSlotKey };

package/dist/storage-signer.js

@@ -1,28 +1,37 @@
 import {
+  BulletinSlotAuthError,
   extractBulletinSlotKey,
   getSlotSignerProvider,
+  isBulletinAuthActive,
+  pollUntilBulletinAuthorized,
   readBulletinSlotSigner,
+  waitForBulletinAuthorization,
   writeBulletinSlotKey
-} from "./chunk-RPU72Z4B.js";
+} from "./chunk-RD2QHYTL.js";
+import "./chunk-G56VYTUD.js";
 import "./chunk-HOTQDYHD.js";
 import "./chunk-IW3X2MJF.js";
 import "./chunk-KOSF5FDO.js";
 import "./chunk-J3NIXHZZ.js";
 import "./chunk-S7EM5VMW.js";
-import "./chunk-327NAPBD.js";
-import "./chunk-T4PAK4YK.js";
-import "./chunk-OFVBJOFB.js";
-import "./chunk-3OWKSL7K.js";
+import "./chunk-H4LWILH4.js";
+import "./chunk-O2NWQLYB.js";
+import "./chunk-6NW5M3F5.js";
+import "./chunk-NP4SLURL.js";
 import "./chunk-C2TS5MER.js";
-import "./chunk-EGNMZHMR.js";
+import "./chunk-WZBAQCA5.js";
 import "./chunk-QS7YU76C.js";
-import "./chunk-WHMNBSG7.js";
-import "./chunk-YXGNQZZF.js";
-import "./chunk-5K3RI5C2.js";
+import "./chunk-LCKLYFAZ.js";
+import "./chunk-2SR5D4CP.js";
+import "./chunk-GL3U7K2B.js";
 import "./chunk-ZOC4GITL.js";
 export {
+  BulletinSlotAuthError,
   extractBulletinSlotKey,
   getSlotSignerProvider,
+  isBulletinAuthActive,
+  pollUntilBulletinAuthorized,
   readBulletinSlotSigner,
+  waitForBulletinAuthorization,
   writeBulletinSlotKey
 };

package/dist/telemetry.js

@@ -33,8 +33,8 @@ import {
   truncateAddress,
   withDeploySpan,
   withSpan
-} from "./chunk-WHMNBSG7.js";
-import "./chunk-YXGNQZZF.js";
+} from "./chunk-LCKLYFAZ.js";
+import "./chunk-2SR5D4CP.js";
 export {
   VERSION,
   __setDeployRootSpanForTest,

package/dist/version-check.d.ts

@@ -3,8 +3,6 @@ import { Readable } from 'node:stream';
 interface VersionInfo {
     latest: string;
     minimumFromRegistry: string | null;
-    minimumFromKillSwitch: string | null;
-    killSwitchMessage: string | null;
 }
 declare function checkNodeVersion(enginesNode: string, currentVersion: string): string | null;
 declare function compareSemver(a: string, b: string): number;
@@ -20,7 +18,6 @@ type VersionVerdict = {
     action: "forced_update";
     currentVersion: string;
     minimumVersion: string;
-    message: string | null;
 } | {
     action: "suggest_update";
     currentVersion: string;

package/dist/version-check.js

@@ -11,9 +11,9 @@ import {
   isPreReleaseVersion,
   preReleaseWarning,
   promptYesNo
-} from "./chunk-OFVBJOFB.js";
-import "./chunk-WHMNBSG7.js";
-import "./chunk-YXGNQZZF.js";
+} from "./chunk-6NW5M3F5.js";
+import "./chunk-LCKLYFAZ.js";
+import "./chunk-2SR5D4CP.js";
 export {
   assessVersion,
   checkNodeVersion,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@parity/product-deploy",
-  "version": "0.8.3-rc.8",
+  "version": "0.9.0-rc.0",
   "private": false,
   "repository": {
     "type": "git",
@@ -43,15 +43,17 @@
     "tools/release-retry-wrapper.mjs"
   ],
   "scripts": {
-    "build": "tsup src/index.ts src/deploy.ts src/dotns.ts src/pool.ts src/telemetry.ts src/memory-report.ts src/merkle.ts src/gh-pages-mirror.ts src/version-check.ts src/bug-report.ts src/run-state.ts src/environments.ts src/errors.ts src/manifest.ts src/chunk-probe.ts src/manifest-embed.ts src/manifest-fetch.ts src/manifest-roundtrip.ts src/incremental-stats.ts src/chunker.ts src/personhood/encoding.ts src/personhood/hashing.ts src/personhood/constants.ts src/personhood/member-key.ts src/personhood/people-client.ts src/personhood/proof-validity.ts src/personhood/reprove.ts src/personhood/bind-personal-id.ts src/personhood/claim-pgas.ts src/personhood/bind-paid-alias.ts src/personhood/bootstrap.ts src/personhood/chain-prereqs.ts src/manifest/types.ts src/manifest/schema.ts src/manifest/byte-budget.ts src/manifest/config-load.ts src/manifest/publish.ts src/auth/index.ts src/auth/vendor/index.ts src/auth/vendor/ui/index.ts src/auth-config.ts src/commands/login.ts src/commands/logout.ts src/commands/whoami.ts src/storage-signer.ts --format esm --dts --clean --target node22",
+    "build": "tsup src/index.ts src/deploy.ts src/dotns.ts src/pool.ts src/telemetry.ts src/memory-report.ts src/merkle.ts src/gh-pages-mirror.ts src/version-check.ts src/bug-report.ts src/run-state.ts src/environments.ts src/errors.ts src/manifest.ts src/chunk-probe.ts src/manifest-embed.ts src/manifest-fetch.ts src/manifest-roundtrip.ts src/incremental-stats.ts src/chunker.ts src/personhood/encoding.ts src/personhood/hashing.ts src/personhood/constants.ts src/personhood/member-key.ts src/personhood/people-client.ts src/personhood/proof-validity.ts src/personhood/reprove.ts src/personhood/bind-personal-id.ts src/personhood/claim-pgas.ts src/personhood/bind-paid-alias.ts src/personhood/bootstrap.ts src/personhood/chain-prereqs.ts src/manifest/types.ts src/manifest/schema.ts src/manifest/byte-budget.ts src/manifest/config-load.ts src/manifest/publish.ts src/auth/index.ts src/auth/vendor/index.ts src/auth/vendor/ui/index.ts src/auth-config.ts src/commands/login.ts src/commands/logout.ts src/commands/whoami.ts src/storage-signer.ts src/spinner.ts src/sss-allowance.ts --format esm --dts --clean --target node22",
     "refresh-environments": "node scripts/refresh-environments.mjs",
+    "postinstall": "patch-package",
     "prepare": "npm run build",
-    "test": "npm run build && node --test test/test.js test/cli-help.test.js test/helpers/e2e-helpers.test.js test/environments.test.js test/refresh-environments.test.js test/chunk-sharing-report.test.js test/product-manifest.test.js test/cache-savings-totals.test.js test/error-pattern-signature.test.js test/exit-codes.test.js test/probe-env-health.test.js test/e2e-chain-calls.test.js test/auth-config.test.js test/whoami.test.js test/login.test.js test/logout.test.js test/auth-resolve.test.js",
+    "test": "npm run build && node --test test/test.js test/cli-help.test.js test/helpers/e2e-helpers.test.js test/environments.test.js test/refresh-environments.test.js test/chunk-sharing-report.test.js test/product-manifest.test.js test/cache-savings-totals.test.js test/error-pattern-signature.test.js test/exit-codes.test.js test/probe-env-health.test.js test/e2e-chain-calls.test.js test/auth-config.test.js test/whoami.test.js test/login.test.js test/logout.test.js test/auth-resolve.test.js test/storage-signer.test.js test/spinner.test.js test/sss-allowance.test.js && npm run test:vendor",
     "test:e2e": "npm run build && node --test test/e2e.test.js",
     "test:e2e:smoke": "bash scripts/e2e-pass.sh smoke",
     "test:e2e:pr": "bash scripts/e2e-pass.sh pr",
     "test:e2e:nightly": "bash scripts/e2e-pass.sh nightly",
-    "benchmark": "npm run build && node benchmark.js"
+    "benchmark": "npm run build && node benchmark.js",
+    "test:vendor": "vitest run src/auth/vendor"
   },
   "dependencies": {
     "@ipld/car": "^5.4.3",
@@ -59,7 +61,7 @@
     "@noble/hashes": "^1.7.2",
     "@parity/product-sdk-address": "^0.1.1",
     "@parity/product-sdk-keys": "^0.3.0",
-    "@parity/product-sdk-terminal": "^0.2.1",
+    "@parity/product-sdk-terminal": "^0.3.1",
     "@parity/product-sdk-tx": "^0.2.4",
     "@polkadot-api/metadata-builders": "^0.14.2",
     "@polkadot-api/substrate-bindings": "^0.20.2",
@@ -74,26 +76,28 @@
     "multiformats": "^13.4.1",
     "polkadot-api": "^2.1.3",
     "verifiablejs": "1.3.0-beta.4",
-    "viem": "^2.30.5"
+    "viem": "^2.30.5",
+    "ws": "^8.20.1"
   },
   "devDependencies": {
     "@types/node": "^22.0.0",
+    "@types/ws": "^8.18.1",
+    "patch-package": "^8.0.1",
     "tsup": "^8.5.0",
     "typescript": "^5.9.3",
-    "vitest": "^3.0.0",
-    "ws": "^8.20.1"
+    "vitest": "^4.1.0"
   },
   "overrides": {
     "@polkadot-api/json-rpc-provider": "^0.2.0",
-    "@novasamatech/host-api": "0.7.9-4",
-    "@novasamatech/host-papp": "0.7.9-4",
-    "@novasamatech/product-sdk": "0.7.9-4",
-    "@novasamatech/scale": "0.7.9-4",
-    "@novasamatech/statement-store": "0.7.9-4",
-    "@novasamatech/storage-adapter": "0.7.9-4"
+    "@novasamatech/host-api": "0.8.6",
+    "@novasamatech/host-papp": "0.8.6",
+    "@novasamatech/scale": "0.8.6",
+    "@novasamatech/statement-store": "0.8.6",
+    "@novasamatech/storage-adapter": "0.8.6"
   },
   "minimumVersion": "0.5.6",
   "engines": {
     "node": ">=22"
-  }
+  },
+  "license": "GPL-3.0-or-later"
 }

package/dist/allocations-B65Is4Md.d.ts

@@ -1,97 +0,0 @@
-import { UserSession } from '@parity/product-sdk-terminal';
-
-/**
- * Thin wrapper over the RFC-0010 `host_request_resource_allocation` call.
- * Lifted from playground-cli `src/utils/allowances/host.ts` (issue #411).
- *
- * `@parity/product-sdk-terminal` does not yet re-export this API at its
- * package root, but the underlying `UserSession` (from `@novasamatech/host-papp`)
- * exposes `requestResourceAllocation()`. We call it directly here and gate the
- * shape locally so consumers stay decoupled from the deep import path. Replace
- * this whole module with a `product-sdk-terminal` re-export once the SDK
- * surfaces the same call.
- *
- * Wire format (SCALE-derived, mirrors host-papp's
- * `dist/sso/sessionManager/scale/resourceAllocation.d.ts`):
- *   request  → { callingProductId, resources: AllocatableResource[], onExisting }
- *   response → AllocationOutcome[] (one per resource, in order)
- *
- * The mobile app handles `hostRequestResourceAllocation` in
- * `AllowanceHostCalls.kt` and routes the user through an approval UI.
- */
-
-/**
- * Structural mirror of host-papp's `ApAllocatableResource` codec type. We
- * declare it locally because host-papp's package root doesn't re-export the
- * codec types yet — when it does (and product-sdk-terminal threads them
- * through) this can be replaced with a direct import.
- *
- *   StatementStoreAllowance — write to the SSS (host_chat, allowance ring).
- *   BulletInAllowance       — write to Bulletin (TransactionStorage.store).
- *   SmartContractAllowance  — PGAS sponsoring for Revive contract calls.
- *                             The `value` is the derivation index of the
- *                             product account (0 for the default account).
- *   AutoSigning             — surrender the product-account signing key to
- *                             the host so it can sign on the user's behalf
- *                             without per-call prompts. Not used today.
- */
-type AllocatableResource = {
-    tag: "StatementStoreAllowance";
-    value: undefined;
-} | {
-    tag: "BulletInAllowance";
-    value: undefined;
-} | {
-    tag: "SmartContractAllowance";
-    value: number;
-} | {
-    tag: "AutoSigning";
-    value: undefined;
-};
-/**
- * Outcome of one allocation. We don't read the inner `Allocated` payload
- * (allowance slot keys, derivation secrets) — the host stores them and uses
- * them transparently on subsequent calls. We just need the tag to know
- * whether the allocation succeeded.
- */
-type AllocationOutcome = {
-    tag: "Allocated";
-    value: unknown;
-} | {
-    tag: "Rejected";
-    value: undefined;
-} | {
-    tag: "NotAvailable";
-    value: undefined;
-};
-/** Tag-only view, handy for downstream code that doesn't care about payloads. */
-type ResourceTag = AllocatableResource["tag"];
-type OnExistingAllowancePolicy = "Ignore" | "Increase";
-/**
- * Default mobile-granted resource set for a CLI product account: write access
- * to the statement store + Bulletin, plus PGAS sponsoring for the default
- * (index 0) product account.
- */
-declare const DEFAULT_RESOURCES: AllocatableResource[];
-/**
- * Send a `host_request_resource_allocation` request over the user's active
- * session. The host (mobile wallet) prompts the user to approve and returns
- * one outcome per requested resource in order.
- *
- * Throws on transport-level failures (Statement Store unreachable, encryption
- * error, etc.). Per-resource refusals are reported as `Rejected`/`NotAvailable`
- * outcomes — callers inspect the array to decide whether to proceed.
- */
-declare function requestResourceAllocation(session: UserSession, productId: string, resources?: AllocatableResource[], onExisting?: OnExistingAllowancePolicy): Promise<AllocationOutcome[]>;
-interface AllocationSummary {
-    granted: AllocatableResource[];
-    rejected: AllocatableResource[];
-    unavailable: AllocatableResource[];
-}
-/**
- * Bucket allocation outcomes by tag. Order-sensitive: `outcomes[i]` maps to
- * `resources[i]`. Outcomes without a matching resource are silently dropped.
- */
-declare function summarizeOutcomes(outcomes: AllocationOutcome[], resources: AllocatableResource[]): AllocationSummary;
-
-export { type AllocatableResource as A, DEFAULT_RESOURCES as D, type OnExistingAllowancePolicy as O, type ResourceTag as R, type AllocationOutcome as a, type AllocationSummary as b, requestResourceAllocation as r, summarizeOutcomes as s };

package/dist/auth-DkRZBK-T.d.ts

@@ -1,122 +0,0 @@
-import { TerminalAdapter, UserSession } from '@parity/product-sdk-terminal';
-import { PolkadotSigner } from 'polkadot-api';
-import { A as AllocatableResource, O as OnExistingAllowancePolicy, a as AllocationOutcome } from './allocations-B65Is4Md.js';
-
-/**
- * Per-product configuration injected into `createAuthClient`. Lifting the
- * sign-in glue out of playground-cli (issue #411) means the env-specific
- * constants playground hard-coded in its `config.ts` (DAPP_ID, product id,
- * metadata URL, People-chain endpoints) become consumer-supplied so the same
- * package serves `playground` and `dot` (and future products) unchanged.
- */
-interface AuthConfig {
-    /** The dApp identity string. Scopes the on-disk session namespace
-     *  (`~/.polkadot-apps/${dappId}_*`) and the SSO pairing — each product
-     *  gets its own, independently-revocable session. */
-    dappId: string;
-    /** Product id used to derive the product account (`/product/{productId}/{index}`). */
-    productId: string;
-    /** Derivation index of the product account (0 = default). */
-    derivationIndex: number;
-    /** Hosted app-metadata doc (name/icon) the mobile wallet reads at pairing. */
-    metadataUrl: string;
-    /** People-parachain RPC endpoints the terminal adapter connects to. */
-    peopleEndpoints: string[];
-}
-
-/**
- * The three addresses we surface from a paired session.
- *
- * - `rootAddress` — SS58 of `session.rootAccountId`, the `rootUserAccountId`
- *   the mobile app sent over the SSO handshake (bare-mnemonic sr25519 root on
- *   current mobile builds). Keyed by `Resources.Consumers` on the People
- *   parachain, so it's the right input for `lookupUsername`.
- * - `productAddress` — SS58 of the product account derived via
- *   `product/{productId}/{index}` from `rootAccountId`. This is what actually
- *   signs on-chain transactions from the CLI.
- * - `productH160` — the same product pubkey as a 20-byte EVM address (Revive /
- *   contracts view). Derived from the SAME pubkey as `productAddress`.
- */
-interface SessionAddresses {
-    rootAddress: string;
-    productAddress: string;
-    productH160: `0x${string}`;
-}
-type ConnectResult = {
-    kind: "existing";
-    address: string;
-    addresses: SessionAddresses;
-} | {
-    kind: "qr";
-    qrCode: string;
-    login: LoginHandle;
-};
-type LoginStatus = {
-    step: "waiting";
-} | {
-    step: "paired";
-} | {
-    step: "pending";
-    stage: string;
-} | {
-    step: "success";
-    address: string;
-    addresses: SessionAddresses;
-} | {
-    step: "error";
-    message: string;
-};
-interface LoginHandle {
-    adapter: TerminalAdapter;
-    /** The authenticate() promise — already running since connect(). */
-    authPromise: ReturnType<TerminalAdapter["sso"]["authenticate"]>;
-}
-/**
- * A session signer bundle — the signer plus an explicit `destroy()` that tears
- * down the long-lived adapter the signer depends on. Callers MUST invoke
- * `destroy()` once done — the WebSocket keeps the event loop alive.
- */
-interface SessionHandle {
-    address: string;
-    addresses: SessionAddresses;
-    signer: PolkadotSigner;
-    userSession: UserSession;
-    destroy(): void;
-}
-type LogoutStatus = {
-    step: "disconnecting";
-    address: string;
-} | {
-    step: "success";
-    address: string;
-} | {
-    step: "partial";
-    address: string;
-    reason: string;
-} | {
-    step: "error";
-    message: string;
-};
-interface LogoutHandle {
-    adapter: TerminalAdapter;
-    address: string;
-    session: UserSession;
-}
-/** The product-bound auth surface returned by `createAuthClient`. */
-interface AuthClient {
-    connect(): Promise<ConnectResult>;
-    waitForLogin(handle: LoginHandle, onStatus: (status: LoginStatus) => void): Promise<string | null>;
-    getSessionSigner(): Promise<SessionHandle | null>;
-    findSession(): Promise<LogoutHandle | null>;
-    waitForLogout(handle: LogoutHandle, onStatus: (status: LogoutStatus) => void): Promise<void>;
-    requestAllocation(session: UserSession, resources?: AllocatableResource[], onExisting?: OnExistingAllowancePolicy): Promise<AllocationOutcome[]>;
-    clearLocalAppStorage(dir?: string): Promise<void>;
-}
-/**
- * Build an auth client bound to a product's `AuthConfig`. All adapter creation,
- * address derivation, and session-storage scoping read from `config`, so the
- * same code serves any product.
- */
-declare function createAuthClient(config: AuthConfig): AuthClient;
-
-export { type AuthClient as A, type ConnectResult as C, type LoginHandle as L, type SessionAddresses as S, type AuthConfig as a, type LoginStatus as b, type LogoutHandle as c, type LogoutStatus as d, type SessionHandle as e, createAuthClient as f };