@parity/product-deploy 0.8.3 → 0.9.0-rc.1

package/dist/{chunk-HK3B5MKA.js → chunk-ODIIC66I.js}

@@ -1,12 +1,11 @@
 import {
   VERSION
-} from "./chunk-WF2XKCEZ.js";
+} from "./chunk-EZ352IGD.js";
 
 // src/version-check.ts
 import { execSync, execFileSync } from "child_process";
 import { createInterface } from "readline";
 var REGISTRY_URL = "https://registry.npmjs.org/bulletin-deploy/latest";
-var KILL_SWITCH_URL = "https://raw.githubusercontent.com/paritytech/triangle-deploy/main/min-version.json";
 var FETCH_TIMEOUT = 3e3;
 function checkNodeVersion(enginesNode, currentVersion) {
   const match = enginesNode.match(/(\d+)/);
@@ -58,26 +57,18 @@ async function fetchJson(url) {
   }
 }
 async function fetchVersionInfo() {
-  const [registry, killSwitch] = await Promise.all([
-    fetchJson(REGISTRY_URL),
-    fetchJson(KILL_SWITCH_URL)
-  ]);
-  if (!registry && !killSwitch) return null;
+  const registry = await fetchJson(REGISTRY_URL);
+  if (!registry) return null;
   return {
-    latest: registry?.version ?? VERSION,
-    minimumFromRegistry: registry?.minimumVersion ?? null,
-    minimumFromKillSwitch: killSwitch?.minimumVersion ?? null,
-    killSwitchMessage: killSwitch?.message ?? null
+    latest: registry.version ?? VERSION,
+    minimumFromRegistry: registry.minimumVersion ?? null
   };
 }
 function handlePreflightVersionCheck(info) {
   if (!info) return "ok";
-  const effectiveMinimum = [info.minimumFromRegistry, info.minimumFromKillSwitch].filter(Boolean).sort((a, b) => compareSemver(b, a))[0] ?? null;
-  if (effectiveMinimum && compareSemver(VERSION, effectiveMinimum) < 0) {
+  if (info.minimumFromRegistry && compareSemver(VERSION, info.minimumFromRegistry) < 0) {
     console.error(`
-   bulletin-deploy ${VERSION} is no longer supported (minimum: ${effectiveMinimum}).`);
-    const ks = info.killSwitchMessage;
-    if (ks) console.error(`   Reason: ${ks}`);
+   bulletin-deploy ${VERSION} is no longer supported (minimum: ${info.minimumFromRegistry}).`);
     console.error(`   Please update: npm install -g bulletin-deploy@latest
 `);
     return "abort";
@@ -165,9 +156,8 @@ function classifyErrorArea(msg) {
   return null;
 }
 function assessVersion(currentVersion, info, internal) {
-  const effectiveMinimum = [info.minimumFromRegistry, info.minimumFromKillSwitch].filter(Boolean).sort((a, b) => compareSemver(b, a))[0] ?? null;
-  if (effectiveMinimum && compareSemver(currentVersion, effectiveMinimum) < 0) {
-    return { action: "forced_update", currentVersion, minimumVersion: effectiveMinimum, message: info.killSwitchMessage };
+  if (info.minimumFromRegistry && compareSemver(currentVersion, info.minimumFromRegistry) < 0) {
+    return { action: "forced_update", currentVersion, minimumVersion: info.minimumFromRegistry };
   }
   if (compareSemver(currentVersion, info.latest) < 0) {
     return { action: "suggest_update", currentVersion, latestVersion: info.latest, internal };
@@ -190,7 +180,6 @@ async function handleFailedDeploy(error) {
     case "forced_update":
       console.error(`
    bulletin-deploy ${verdict.currentVersion} is no longer supported (minimum: ${verdict.minimumVersion}).`);
-      if (verdict.message) console.error(`   Reason: ${verdict.message}`);
       console.error(`   Please update: npm install -g bulletin-deploy@latest
 `);
       break;

package/dist/{chunk-XM5MFMMX.js → chunk-UFQ4EZP3.js}

@@ -6,7 +6,7 @@ import * as path from "path";
 // package.json
 var package_default = {
   name: "@parity/product-deploy",
-  version: "0.8.3",
+  version: "0.9.0-rc.1",
   private: false,
   repository: {
     type: "git",
@@ -46,18 +46,21 @@ var package_default = {
     "bin",
     "docs",
     "assets",
+    "patches",
     "tools/release-retry-wrapper.mjs"
   ],
   scripts: {
-    build: "tsup src/index.ts src/deploy.ts src/dotns.ts src/pool.ts src/telemetry.ts src/memory-report.ts src/merkle.ts src/gh-pages-mirror.ts src/version-check.ts src/bug-report.ts src/run-state.ts src/environments.ts src/errors.ts src/manifest.ts src/chunk-probe.ts src/manifest-embed.ts src/manifest-fetch.ts src/manifest-roundtrip.ts src/incremental-stats.ts src/chunker.ts src/personhood/encoding.ts src/personhood/hashing.ts src/personhood/constants.ts src/personhood/member-key.ts src/personhood/people-client.ts src/personhood/proof-validity.ts src/personhood/reprove.ts src/personhood/bind-personal-id.ts src/personhood/claim-pgas.ts src/personhood/bind-paid-alias.ts src/personhood/bootstrap.ts src/personhood/chain-prereqs.ts src/manifest/types.ts src/manifest/schema.ts src/manifest/byte-budget.ts src/manifest/config-load.ts src/manifest/publish.ts src/auth/index.ts src/auth/vendor/index.ts src/auth/vendor/ui/index.ts src/auth-config.ts src/commands/login.ts src/commands/logout.ts src/commands/whoami.ts src/storage-signer.ts --format esm --dts --clean --target node22",
+    build: "tsup src/index.ts src/deploy.ts src/dotns.ts src/pool.ts src/telemetry.ts src/memory-report.ts src/merkle.ts src/gh-pages-mirror.ts src/version-check.ts src/bug-report.ts src/run-state.ts src/environments.ts src/errors.ts src/manifest.ts src/chunk-probe.ts src/manifest-embed.ts src/manifest-fetch.ts src/manifest-roundtrip.ts src/incremental-stats.ts src/chunker.ts src/personhood/encoding.ts src/personhood/hashing.ts src/personhood/constants.ts src/personhood/member-key.ts src/personhood/people-client.ts src/personhood/proof-validity.ts src/personhood/reprove.ts src/personhood/bind-personal-id.ts src/personhood/claim-pgas.ts src/personhood/bind-paid-alias.ts src/personhood/bootstrap.ts src/personhood/chain-prereqs.ts src/manifest/types.ts src/manifest/schema.ts src/manifest/byte-budget.ts src/manifest/config-load.ts src/manifest/publish.ts src/auth/index.ts src/auth/vendor/index.ts src/auth/vendor/ui/index.ts src/auth-config.ts src/commands/login.ts src/commands/logout.ts src/commands/whoami.ts src/storage-signer.ts src/spinner.ts src/sss-allowance.ts --format esm --dts --clean --target node22",
     "refresh-environments": "node scripts/refresh-environments.mjs",
+    postinstall: "patch-package",
     prepare: "npm run build",
-    test: "npm run build && node --test test/test.js test/cli-help.test.js test/helpers/e2e-helpers.test.js test/environments.test.js test/refresh-environments.test.js test/chunk-sharing-report.test.js test/product-manifest.test.js test/cache-savings-totals.test.js test/error-pattern-signature.test.js test/exit-codes.test.js test/probe-env-health.test.js test/e2e-chain-calls.test.js test/auth-config.test.js test/whoami.test.js test/login.test.js test/logout.test.js test/auth-resolve.test.js",
+    test: "npm run build && node --test test/test.js test/cli-help.test.js test/helpers/e2e-helpers.test.js test/environments.test.js test/refresh-environments.test.js test/chunk-sharing-report.test.js test/product-manifest.test.js test/cache-savings-totals.test.js test/error-pattern-signature.test.js test/exit-codes.test.js test/probe-env-health.test.js test/e2e-chain-calls.test.js test/auth-config.test.js test/whoami.test.js test/login.test.js test/logout.test.js test/auth-resolve.test.js test/storage-signer.test.js test/spinner.test.js test/sss-allowance.test.js && npm run test:vendor",
     "test:e2e": "npm run build && node --test test/e2e.test.js",
     "test:e2e:smoke": "bash scripts/e2e-pass.sh smoke",
     "test:e2e:pr": "bash scripts/e2e-pass.sh pr",
     "test:e2e:nightly": "bash scripts/e2e-pass.sh nightly",
-    benchmark: "npm run build && node benchmark.js"
+    benchmark: "npm run build && node benchmark.js",
+    "test:vendor": "vitest run src/auth/vendor"
   },
   dependencies: {
     "@ipld/car": "^5.4.3",
@@ -65,7 +68,7 @@ var package_default = {
     "@noble/hashes": "^1.7.2",
     "@parity/product-sdk-address": "^0.1.1",
     "@parity/product-sdk-keys": "^0.3.0",
-    "@parity/product-sdk-terminal": "^0.2.1",
+    "@parity/product-sdk-terminal": "^0.3.1",
     "@parity/product-sdk-tx": "^0.2.4",
     "@polkadot-api/metadata-builders": "^0.14.2",
     "@polkadot-api/substrate-bindings": "^0.20.2",
@@ -78,30 +81,32 @@ var package_default = {
     "ipfs-unixfs-importer": "^16.1.4",
     jiti: "^2.4.2",
     multiformats: "^13.4.1",
+    "patch-package": "^8.0.1",
     "polkadot-api": "^2.1.3",
     verifiablejs: "1.3.0-beta.4",
-    viem: "^2.30.5"
+    viem: "^2.30.5",
+    ws: "^8.20.1"
   },
   devDependencies: {
     "@types/node": "^22.0.0",
+    "@types/ws": "^8.18.1",
     tsup: "^8.5.0",
     typescript: "^5.9.3",
-    vitest: "^3.0.0",
-    ws: "^8.20.1"
+    vitest: "^4.1.0"
   },
   overrides: {
     "@polkadot-api/json-rpc-provider": "^0.2.0",
-    "@novasamatech/host-api": "0.7.9-4",
-    "@novasamatech/host-papp": "0.7.9-4",
-    "@novasamatech/product-sdk": "0.7.9-4",
-    "@novasamatech/scale": "0.7.9-4",
-    "@novasamatech/statement-store": "0.7.9-4",
-    "@novasamatech/storage-adapter": "0.7.9-4"
+    "@novasamatech/host-api": "0.8.6",
+    "@novasamatech/host-papp": "0.8.6",
+    "@novasamatech/scale": "0.8.6",
+    "@novasamatech/statement-store": "0.8.6",
+    "@novasamatech/storage-adapter": "0.8.6"
   },
   minimumVersion: "0.5.6",
   engines: {
     node: ">=22"
-  }
+  },
+  license: "GPL-3.0-or-later"
 };
 
 // src/run-state.ts

package/dist/{chunk-YUSHBZBX.js → chunk-VQB3JWK7.js}

@@ -1,17 +1,28 @@
+import {
+  VERSION
+} from "./chunk-EZ352IGD.js";
 import {
   loadEnvironments
-} from "./chunk-5K3RI5C2.js";
+} from "./chunk-GL3U7K2B.js";
 
 // src/auth-config.ts
-import { existsSync } from "fs";
+import { existsSync, readdirSync } from "fs";
 import { homedir } from "os";
 import { join } from "path";
 var DOT_DAPP_ID = "dot-cli";
 var DOT_PRODUCT_ID = "playground.dot";
 var DOT_DERIVATION_INDEX = 0;
-var DOT_TERMINAL_METADATA_URL = "https://gist.githubusercontent.com/ReinhardHatko/1967dd3f4afe78683cc0ba14d6ec8744/raw/c1625eb7ed7671b7e09a3fa2a25998dde33c70b8/metadata.json";
+var DOT_HOST_NAME = "bulletin-deploy";
+var STALE_SESSION_MESSAGE = 'Stored login session could not be read \u2014 it may have been written by an older version. Run "bulletin-deploy logout", then "bulletin-deploy login" to pair again.';
 function hasPersistedSession() {
-  return existsSync(join(homedir(), ".polkadot-apps", `${DOT_DAPP_ID}_SsoSessions.json`));
+  const dir = join(homedir(), ".polkadot-apps");
+  if (!existsSync(dir)) return false;
+  const prefix = `${DOT_DAPP_ID}_SsoSessions`;
+  try {
+    return readdirSync(dir).some((f) => f.startsWith(prefix) && f.endsWith(".json"));
+  } catch {
+    return false;
+  }
 }
 function buildAuthConfig(doc, envId) {
   const peopleChain = doc.chains.find((c) => c.id === "people");
@@ -31,10 +42,22 @@ function buildAuthConfig(doc, envId) {
     dappId: DOT_DAPP_ID,
     productId: DOT_PRODUCT_ID,
     derivationIndex: DOT_DERIVATION_INDEX,
-    metadataUrl: DOT_TERMINAL_METADATA_URL,
+    hostName: DOT_HOST_NAME,
+    hostVersion: VERSION,
     peopleEndpoints
   };
 }
+function resolveBulletinEndpoints(doc, envId) {
+  const bulletinChain = doc.chains.find((c) => c.id === "bulletin");
+  const endpoint = bulletinChain?.endpoints[envId];
+  if (!endpoint) return null;
+  return Array.isArray(endpoint.wss) ? endpoint.wss : [endpoint.wss];
+}
+async function getPeopleChainEndpoints(envId) {
+  const { doc } = await loadEnvironments();
+  const config = buildAuthConfig(doc, envId);
+  return config.peopleEndpoints;
+}
 async function getAuthClient(envId) {
   const { createAuthClient } = await import("./auth/index.js");
   const { doc } = await loadEnvironments();
@@ -45,8 +68,11 @@ export {
   DOT_DAPP_ID,
   DOT_PRODUCT_ID,
   DOT_DERIVATION_INDEX,
-  DOT_TERMINAL_METADATA_URL,
+  DOT_HOST_NAME,
+  STALE_SESSION_MESSAGE,
   hasPersistedSession,
   buildAuthConfig,
+  resolveBulletinEndpoints,
+  getPeopleChainEndpoints,
   getAuthClient
 };

package/dist/{chunk-LRRQP7DH.js → chunk-XKTAIQJ4.js}

@@ -2,11 +2,11 @@ import {
   classifyErrorArea,
   isInteractive,
   promptYesNo
-} from "./chunk-HK3B5MKA.js";
+} from "./chunk-ODIIC66I.js";
 import {
   VERSION,
   getCurrentSentryTraceId
-} from "./chunk-WF2XKCEZ.js";
+} from "./chunk-EZ352IGD.js";
 
 // src/bug-report.ts
 import { execSync, execFileSync } from "child_process";

package/dist/chunk-probe.js

@@ -5,9 +5,9 @@ import {
   _decodeStorageValue,
   _resetProbeSession,
   probeChunks
-} from "./chunk-3LNKPUZ7.js";
-import "./chunk-WF2XKCEZ.js";
-import "./chunk-XM5MFMMX.js";
+} from "./chunk-AG37IM3H.js";
+import "./chunk-EZ352IGD.js";
+import "./chunk-UFQ4EZP3.js";
 export {
   ChainProbeCrossValidationError,
   ChainProbeMetadataError,

package/dist/commands/login.d.ts

@@ -1,6 +1,3 @@
-import { b as AllocationSummary } from '../allocations-B65Is4Md.js';
-import '@parity/product-sdk-terminal';
-
 /**
  * login — QR/mobile sign-in command.
  *
@@ -8,15 +5,43 @@ import '@parity/product-sdk-terminal';
  *  1. connect() → existing session (already logged in) OR QR code
  *  2. Print QR → user scans on phone
  *  3. waitForLogin() → phone approves → paired
- *  4. requestAllocation() — REQUIRED before the fresh session can sign (RFC-0010)
- *  5. Print summarizeLogin()
- *  6. destroy()
+ *  4. getBulletinSigner() — resolves the slot account from host-papp's allowance service.
+ *     Uses DOT_PRODUCT_ID ("playground.dot") as callingProductId, which matches what the
+ *     mobile wallet allocated during pairing. A 60s timeout prevents hanging on unresponsive phones.
+ *  5. Print summarizeLogin() + slot address on success; map AllowanceError.reason → message on failure
+ *  6. Destroy adapters and exit
  */
-
+/**
+ * Map an AllowanceError.reason to a user-facing message.
+ *
+ * - NoSession: the paired session was not found (should not happen right after login)
+ * - Rejected: the user dismissed the wallet prompt
+ * - NotAvailable: the wallet has no allocation for this product (re-pair needed)
+ * - UnexpectedResponse: protocol-level error in the wire exchange
+ */
+declare function allocationErrorMessage(reason: string): string;
 /**
  * Format a post-login summary. Pure function, unit-testable.
+ *
+ * @param address       SS58 product address (the identity signing on-chain)
+ * @param slotAddress   SS58 slot account address for Bulletin storage, or null if not obtained
+ */
+declare function summarizeLogin(address: string, slotAddress: string | null): string;
+/**
+ * Produce the on-chain authorization result message shown after the active-wait completes.
+ * Pure function — unit-testable without a real WS connection.
+ *
+ * - authorized = true  → ✓ success message with expiration block (exit-0, show summarizeLogin).
+ * - authorized = false → soft-warning: active wait timed out before the authorization landed.
+ *   Login is still valid — the slot is deterministic and often already authorized; the deploy
+ *   path re-probes before use and falls back to the pool if still absent. isWarning=true so
+ *   callers know it's a non-fatal outcome. The timeout bound (timeoutSeconds) is embedded in
+ *   the message so users understand the ceiling that was used.
  */
-declare function summarizeLogin(address: string, summary: AllocationSummary): string;
+declare function bulletinAuthSummary(authorized: boolean, expiration?: number, timeoutSeconds?: number): {
+    message: string;
+    isWarning: boolean;
+};
 interface LoginOptions {
     suri?: string;
 }
@@ -25,4 +50,4 @@ interface LoginOptions {
  */
 declare function runLogin(envId: string, _opts?: LoginOptions): Promise<void>;
 
-export { type LoginOptions, runLogin, summarizeLogin };
+export { type LoginOptions, allocationErrorMessage, bulletinAuthSummary, runLogin, summarizeLogin };

package/dist/commands/login.js

@@ -1,116 +1,219 @@
 import "../chunk-JQKKMUCT.js";
-import {
-  DEFAULT_RESOURCES,
-  summarizeOutcomes
-} from "../chunk-2OZVKA3D.js";
+import "../chunk-DHY2ZXVZ.js";
 import {
   renderLoginStatus
 } from "../chunk-RIRDBSBG.js";
 import {
-  extractBulletinSlotKey,
-  writeBulletinSlotKey
-} from "../chunk-DKGCOGRT.js";
+  startSpinner
+} from "../chunk-J7CYVTAW.js";
+import {
+  waitForBulletinAuthorization
+} from "../chunk-6VYOUYMI.js";
+import {
+  checkSSSAllowance
+} from "../chunk-G56VYTUD.js";
 import "../chunk-HOTQDYHD.js";
 import "../chunk-IW3X2MJF.js";
 import "../chunk-KOSF5FDO.js";
 import "../chunk-J3NIXHZZ.js";
 import "../chunk-S7EM5VMW.js";
 import {
-  DOT_DAPP_ID,
-  getAuthClient
-} from "../chunk-YUSHBZBX.js";
-import "../chunk-LRRQP7DH.js";
-import "../chunk-HK3B5MKA.js";
-import "../chunk-3LNKPUZ7.js";
+  DOT_PRODUCT_ID,
+  getAuthClient,
+  getPeopleChainEndpoints,
+  resolveBulletinEndpoints
+} from "../chunk-VQB3JWK7.js";
+import "../chunk-XKTAIQJ4.js";
+import "../chunk-ODIIC66I.js";
+import "../chunk-AG37IM3H.js";
 import "../chunk-C2TS5MER.js";
-import "../chunk-S7S7WENB.js";
+import "../chunk-NO3BNQFL.js";
 import "../chunk-QS7YU76C.js";
-import "../chunk-WF2XKCEZ.js";
-import "../chunk-XM5MFMMX.js";
-import "../chunk-5K3RI5C2.js";
+import "../chunk-EZ352IGD.js";
+import "../chunk-UFQ4EZP3.js";
+import {
+  loadEnvironments
+} from "../chunk-GL3U7K2B.js";
 import "../chunk-ZOC4GITL.js";
 
 // src/commands/login.ts
-function summarizeLogin(address, summary) {
-  const lines = [
-    `Signed in as: ${address}`,
-    `Resources granted: ${summary.granted.length}`
-  ];
-  if (summary.rejected.length > 0) {
-    lines.push(`Resources rejected: ${summary.rejected.length} (${summary.rejected.map((r) => r.tag).join(", ")})`);
+import { ss58Encode } from "@parity/product-sdk-address";
+var ALLOCATION_TIMEOUT_MS = 6e4;
+function allocationErrorMessage(reason) {
+  switch (reason) {
+    case "NoSession":
+      return "No active session found \u2014 try logging in again.";
+    case "Rejected":
+      return "Bulletin storage access was declined on your phone. Approve the request to enable storage signing.";
+    case "NotAvailable":
+      return "Bulletin storage is not available for this product on your phone.\n   This may mean the wallet paired under a different product ID.\n   Run: bulletin-deploy logout\n   Then: bulletin-deploy login\n   to re-pair and establish the allocation.";
+    case "UnexpectedResponse":
+      return "Unexpected response from the mobile wallet during storage allocation. Try again.";
+    default:
+      return `Allocation failed (${reason}).`;
   }
-  if (summary.unavailable.length > 0) {
-    lines.push(`Resources unavailable: ${summary.unavailable.length}`);
+}
+function summarizeLogin(address, slotAddress) {
+  const lines = [`Signed in as: ${address}`];
+  if (slotAddress) {
+    lines.push(`Bulletin storage slot: ${slotAddress} \u2713`);
+  } else {
+    lines.push("Bulletin storage slot: not allocated (storage will fall back to pool)");
   }
   return lines.join("\n");
 }
+function bulletinAuthSummary(authorized, expiration, timeoutSeconds = 180) {
+  if (authorized) {
+    return {
+      message: `\u2713 Bulletin allowance authorized (until block ${expiration})`,
+      isWarning: false
+    };
+  }
+  return {
+    message: `   Couldn't confirm on-chain authorization within ${timeoutSeconds}s. Your login is valid \u2014 your next deploy will use the slot once it's authorized, or fall back to the pool meanwhile.`,
+    isWarning: true
+  };
+}
 async function runLogin(envId, _opts = {}) {
+  let tearingDown = false;
+  const teardownFilter = (e) => {
+    const msg = String(e?.message ?? e);
+    if (tearingDown && /not connected|client destroyed|destroyederror/i.test(msg)) return;
+    console.error(e);
+    process.exit(1);
+  };
+  process.on("uncaughtException", teardownFilter);
+  process.on("unhandledRejection", teardownFilter);
   const client = await getAuthClient(envId);
   const result = await client.connect();
   if (result.kind === "existing") {
-    const sessionHandle2 = await client.getSessionSigner();
-    if (sessionHandle2) {
-      let sssExpired = false;
-      const origErr = console.error;
-      console.error = (...args) => {
-        const msg = args.map(String).join(" ");
-        if (msg.includes("NoAllowanceError") || msg.includes("no allowance set")) {
-          sssExpired = true;
-          return;
-        }
-        origErr(...args);
-      };
-      await Promise.race([
-        client.requestAllocation(sessionHandle2.userSession, DEFAULT_RESOURCES).catch(() => {
-        }),
-        new Promise((r) => setTimeout(r, 3e3))
-      ]);
-      console.error = origErr;
-      sessionHandle2.destroy();
-      if (sssExpired) {
-        console.error(
-          `
+    const sessionHandle = await client.getSessionSigner();
+    if (sessionHandle) {
+      try {
+        const productPubkey = sessionHandle.signer.publicKey;
+        const peopleEndpoints = await getPeopleChainEndpoints(envId);
+        const allowed = await checkSSSAllowance(productPubkey, peopleEndpoints);
+        if (allowed === false) {
+          console.error(
+            `
 Statement Store allowance has expired for ${result.address}.
 Run: bulletin-deploy logout
 Then: bulletin-deploy login
 to re-pair and renew (allowance lasts ~2-3 days).`
-        );
-        process.exit(1);
+          );
+          tearingDown = true;
+          sessionHandle.destroy();
+          process.exit(1);
+        }
+        try {
+          await Promise.race([
+            Promise.resolve(
+              sessionHandle.adapter.allowance.getBulletinSigner(sessionHandle.userSession.id, DOT_PRODUCT_ID)
+            ).then((r) => {
+              if (r.isErr()) {
+                console.warn(
+                  `
+Bulletin storage slot allowance not available \u2014 storage will fall back to pool.
+Run: bulletin-deploy logout && bulletin-deploy login
+to re-establish your allowance.`
+                );
+              }
+            }).catch(() => {
+            }),
+            new Promise((r) => setTimeout(r, 3e3))
+          ]);
+        } catch {
+        }
+      } finally {
+        sessionHandle.destroy();
       }
     }
     console.log(`Already signed in as: ${result.address}`);
+    tearingDown = true;
     return;
   }
   console.log(result.qrCode);
-  console.log("Scan the QR code with your Polkadot wallet app.");
-  const address = await client.waitForLogin(result.login, (status) => {
+  console.log("Scan the QR code with your Polkadot mobile app.");
+  const handle = await client.waitForLogin(result.login, (status) => {
     const msg = renderLoginStatus(status);
     if (msg) process.stdout.write(`\r${msg}`);
   });
-  if (!address) {
+  if (!handle) {
+    tearingDown = true;
     console.error("\nLogin failed.");
+    process.exit(1);
     return;
   }
-  const sessionHandle = await client.getSessionSigner();
-  if (sessionHandle) {
-    try {
-      const outcomes = await client.requestAllocation(sessionHandle.userSession, DEFAULT_RESOURCES);
-      const summary = summarizeOutcomes(outcomes, DEFAULT_RESOURCES);
-      console.log("\n" + summarizeLogin(address, summary));
-      const hexKey = extractBulletinSlotKey(outcomes);
-      if (hexKey) {
-        await writeBulletinSlotKey(DOT_DAPP_ID, hexKey);
-        console.log(`   Bulletin storage key cached \u2713`);
+  try {
+    console.log("\nRequesting Bulletin storage allowance \u2014 check your phone to approve.");
+    const bulletinSignerPromise = handle.adapter.allowance.getBulletinSigner(
+      handle.userSession.id,
+      DOT_PRODUCT_ID
+    );
+    const timeoutPromise = new Promise(
+      (_, reject) => setTimeout(
+        () => reject(new Error(
+          `Allocation request timed out after ${Math.round(ALLOCATION_TIMEOUT_MS / 1e3)}s \u2014 ensure your phone is unlocked and the Polkadot mobile app is open, then try logging in again.`
+        )),
+        ALLOCATION_TIMEOUT_MS
+      )
+    );
+    const signerResult = await Promise.race([bulletinSignerPromise, timeoutPromise]);
+    if (signerResult.isOk()) {
+      const slotSigner = signerResult.value;
+      const slotAddress = ss58Encode(slotSigner.publicKey);
+      const { doc } = await loadEnvironments();
+      const bulletinEndpoints = resolveBulletinEndpoints(doc, envId) ?? void 0;
+      const spinner = startSpinner("Confirming Bulletin authorization on-chain");
+      const onSigint = () => {
+        spinner.stop();
+        console.log(
+          "Cancelled \u2014 on-chain authorization not yet confirmed. Your login is saved; your next deploy will use the slot once it's authorized, or fall back to the pool meanwhile."
+        );
+        console.log("\n" + summarizeLogin(handle.address, slotAddress));
+        tearingDown = true;
+        handle.destroy();
+        process.exit(0);
+      };
+      process.once("SIGINT", onSigint);
+      let authResult;
+      try {
+        authResult = await waitForBulletinAuthorization(slotAddress, {
+          timeoutMs: Infinity,
+          quiet: true,
+          endpoints: bulletinEndpoints
+        });
+      } finally {
+        spinner.stop();
+        process.removeListener("SIGINT", onSigint);
       }
-    } finally {
-      sessionHandle.destroy();
+      const summary = bulletinAuthSummary(
+        authResult.authorized,
+        authResult.authorized ? authResult.expiration : void 0
+      );
+      console.log(summary.message);
+      console.log("\n" + summarizeLogin(handle.address, slotAddress));
+    } else {
+      const err = signerResult.error;
+      console.log("\n" + summarizeLogin(handle.address, null));
+      console.warn(`   ${allocationErrorMessage(err.reason)}`);
     }
-  } else {
-    console.log(`
-Signed in as: ${address}`);
+  } catch (err) {
+    await Promise.resolve(handle.userSession.abortPendingRequests()).catch(() => {
+    });
+    tearingDown = true;
+    console.error(`
+Allocation failed: ${err instanceof Error ? err.message : String(err)}`);
+    process.exit(1);
+  } finally {
+    tearingDown = true;
+    handle.destroy();
   }
+  process.exit(0);
 }
 export {
+  allocationErrorMessage,
+  bulletinAuthSummary,
   runLogin,
   summarizeLogin
 };

package/dist/commands/logout.d.ts

@@ -1,7 +1,6 @@
-import { d as LogoutStatus } from '../auth-DkRZBK-T.js';
+import { g as LogoutStatus } from '../auth-C-Pel0AT.js';
 import '@parity/product-sdk-terminal';
 import 'polkadot-api';
-import '../allocations-B65Is4Md.js';
 
 /**
  * logout — sign out the current session.

package/dist/commands/logout.js

@@ -1,12 +1,14 @@
 import "../chunk-JQKKMUCT.js";
-import "../chunk-2OZVKA3D.js";
+import "../chunk-DHY2ZXVZ.js";
 import {
   renderLogoutStatus
 } from "../chunk-RIRDBSBG.js";
 import {
   getAuthClient
-} from "../chunk-YUSHBZBX.js";
-import "../chunk-5K3RI5C2.js";
+} from "../chunk-VQB3JWK7.js";
+import "../chunk-EZ352IGD.js";
+import "../chunk-UFQ4EZP3.js";
+import "../chunk-GL3U7K2B.js";
 import "../chunk-ZOC4GITL.js";
 
 // src/commands/logout.ts

package/dist/commands/whoami.d.ts

@@ -1,7 +1,6 @@
-import { S as SessionAddresses } from '../auth-DkRZBK-T.js';
+import { S as SessionAddresses } from '../auth-C-Pel0AT.js';
 import '@parity/product-sdk-terminal';
 import 'polkadot-api';
-import '../allocations-B65Is4Md.js';
 
 /**
  * whoami — show the currently logged-in session account, or "not logged in".