@parity/product-deploy 0.8.3 → 0.9.0-rc.1

package/dist/commands/whoami.js

@@ -1,8 +1,11 @@
 import {
+  STALE_SESSION_MESSAGE,
   getAuthClient,
   hasPersistedSession
-} from "../chunk-YUSHBZBX.js";
-import "../chunk-5K3RI5C2.js";
+} from "../chunk-VQB3JWK7.js";
+import "../chunk-EZ352IGD.js";
+import "../chunk-UFQ4EZP3.js";
+import "../chunk-GL3U7K2B.js";
 import "../chunk-ZOC4GITL.js";
 
 // src/commands/whoami.ts
@@ -29,12 +32,12 @@ async function runWhoami(envId) {
       console.log(formatWhoami(handle.addresses));
       handle.destroy();
     } else {
-      console.log(formatWhoami(null));
+      console.error(STALE_SESSION_MESSAGE);
     }
   } catch (err) {
     const e = err;
     if (e?.name === "SignerNotAvailableError") {
-      console.log(formatWhoami(null));
+      console.error(STALE_SESSION_MESSAGE);
     } else {
       console.log(`Could not reach login service: ${e?.message ?? String(err)}`);
       console.log(formatWhoami(null));

package/dist/deploy.d.ts

@@ -106,6 +106,12 @@ declare function chooseSignerInput(opts: {
     hasInjectedSigner: boolean;
     hasSession?: boolean;
 }): "mnemonic" | "injected" | "resolve" | "pool";
+/**
+ * Produce the one-line storage-signer status printed at resolution time. Exported for unit testing.
+ *   Success: "   Storage signer: allowance slot <ss58>"
+ *   Fallback: "   Storage signer: pool fallback (<reason>)"
+ */
+declare function formatStorageSignerLine(slotAddress: string | null, failReason?: string): string;
 declare function storeFile(contentBytes: Uint8Array, { client: existingClient, unsafeApi: existingApi, signer: existingSigner }?: ExistingProvider): Promise<string>;
 /**
  * Pre-compute dense nonces for chunks that need submission.
@@ -388,4 +394,4 @@ declare function computePhoneSigningSteps(dotnsPreflight: {
     needsPopUpgrade: boolean;
 } | null, publishNeeded: boolean): string[];
 
-export { BULLETIN_ENDPOINTS, type BitswapErrorVariant, type BitswapProbeResult, CHUNK_MORTALITY_PERIOD, DEFAULT_BULLETIN_RPC, DEFAULT_POOL_SIZE, type DeployContent, type DeployOptions, type DeployResult, ENCRYPT_KEY_LEN, ENCRYPT_MAGIC, ENCRYPT_NONCE_LEN, ENCRYPT_PBKDF2_ITERATIONS, ENCRYPT_SALT_LEN, ENCRYPT_TAG_LEN, type SizeDecision, type StoreDirectoryOptions, WS_HEARTBEAT_TIMEOUT_MS, __assignDenseNoncesForTest, __selectStorageProviderModeForTest, applyManifestFetchAttributes, assertSubdomainOwnerMatchesSigner, browserUrlFor, buildFilesMap, checkDeploySize, chooseSignerInput, chunk, computePhoneSigningSteps, computeStorageCid, createCID, deploy, deriveRootSigner, detectFramework, encodeContenthash, encryptContent, estimateUploadBytes, friendlyChainError, hasIPFS, interpretBitswapResult, isConnectionError, makeBulletinStatusHandler, merkleize, probeP2pRetrieval, resolveDotnsConnectOptions, resolveReproducibleTimestamp, retryBudgetExhausted, setWsHaltCallback, storeChunkedContent, storeDirectory, storeDirectoryV2, storeFile, unpublish };
+export { BULLETIN_ENDPOINTS, type BitswapErrorVariant, type BitswapProbeResult, CHUNK_MORTALITY_PERIOD, DEFAULT_BULLETIN_RPC, DEFAULT_POOL_SIZE, type DeployContent, type DeployOptions, type DeployResult, ENCRYPT_KEY_LEN, ENCRYPT_MAGIC, ENCRYPT_NONCE_LEN, ENCRYPT_PBKDF2_ITERATIONS, ENCRYPT_SALT_LEN, ENCRYPT_TAG_LEN, type SizeDecision, type StoreDirectoryOptions, WS_HEARTBEAT_TIMEOUT_MS, __assignDenseNoncesForTest, __selectStorageProviderModeForTest, applyManifestFetchAttributes, assertSubdomainOwnerMatchesSigner, browserUrlFor, buildFilesMap, checkDeploySize, chooseSignerInput, chunk, computePhoneSigningSteps, computeStorageCid, createCID, deploy, deriveRootSigner, detectFramework, encodeContenthash, encryptContent, estimateUploadBytes, formatStorageSignerLine, friendlyChainError, hasIPFS, interpretBitswapResult, isConnectionError, makeBulletinStatusHandler, merkleize, probeP2pRetrieval, resolveDotnsConnectOptions, resolveReproducibleTimestamp, retryBudgetExhausted, setWsHaltCallback, storeChunkedContent, storeDirectory, storeDirectoryV2, storeFile, unpublish };

package/dist/deploy.js

@@ -28,6 +28,7 @@ import {
   encodeContenthash,
   encryptContent,
   estimateUploadBytes,
+  formatStorageSignerLine,
   friendlyChainError,
   hasIPFS,
   interpretBitswapResult,
@@ -44,22 +45,23 @@ import {
   storeDirectoryV2,
   storeFile,
   unpublish
-} from "./chunk-DKGCOGRT.js";
+} from "./chunk-6VYOUYMI.js";
+import "./chunk-G56VYTUD.js";
 import "./chunk-HOTQDYHD.js";
 import "./chunk-IW3X2MJF.js";
 import "./chunk-KOSF5FDO.js";
 import "./chunk-J3NIXHZZ.js";
 import "./chunk-S7EM5VMW.js";
-import "./chunk-YUSHBZBX.js";
-import "./chunk-LRRQP7DH.js";
-import "./chunk-HK3B5MKA.js";
-import "./chunk-3LNKPUZ7.js";
+import "./chunk-VQB3JWK7.js";
+import "./chunk-XKTAIQJ4.js";
+import "./chunk-ODIIC66I.js";
+import "./chunk-AG37IM3H.js";
 import "./chunk-C2TS5MER.js";
-import "./chunk-S7S7WENB.js";
+import "./chunk-NO3BNQFL.js";
 import "./chunk-QS7YU76C.js";
-import "./chunk-WF2XKCEZ.js";
-import "./chunk-XM5MFMMX.js";
-import "./chunk-5K3RI5C2.js";
+import "./chunk-EZ352IGD.js";
+import "./chunk-UFQ4EZP3.js";
+import "./chunk-GL3U7K2B.js";
 import {
   EXIT_CODE_NO_RETRY,
   NonRetryableError
@@ -96,6 +98,7 @@ export {
   encodeContenthash,
   encryptContent,
   estimateUploadBytes,
+  formatStorageSignerLine,
   friendlyChainError,
   hasIPFS,
   interpretBitswapResult,

package/dist/dotns.js

@@ -50,11 +50,11 @@ import {
   stripTrailingDigits,
   validateDomainLabel,
   verifyNonceAdvanced
-} from "./chunk-S7S7WENB.js";
+} from "./chunk-NO3BNQFL.js";
 import "./chunk-QS7YU76C.js";
-import "./chunk-WF2XKCEZ.js";
-import "./chunk-XM5MFMMX.js";
-import "./chunk-5K3RI5C2.js";
+import "./chunk-EZ352IGD.js";
+import "./chunk-UFQ4EZP3.js";
+import "./chunk-GL3U7K2B.js";
 import "./chunk-ZOC4GITL.js";
 export {
   ATTR_TX_RESOLUTION_KIND,

package/dist/environments.js

@@ -9,7 +9,7 @@ import {
   loadEnvironments,
   resolveEndpoints,
   validateContractAddresses
-} from "./chunk-5K3RI5C2.js";
+} from "./chunk-GL3U7K2B.js";
 import "./chunk-ZOC4GITL.js";
 export {
   DEFAULT_ENV_ID,

package/dist/index.js

@@ -1,10 +1,13 @@
+import {
+  defineConfig
+} from "./chunk-GZD2UFLR.js";
 import {
   loadProductConfig,
   tryLoadProductConfig
 } from "./chunk-MMAZFJDG.js";
 import {
   publishManifest
-} from "./chunk-JMHX3M4C.js";
+} from "./chunk-J3WABBZ7.js";
 import {
   DEFAULT_TEXT_RECORD_BUDGET_BYTES,
   PLACEHOLDER_CID,
@@ -17,14 +20,12 @@ import {
   validateProductConfig,
   validateRootManifest
 } from "./chunk-LZJMVPYW.js";
-import {
-  defineConfig
-} from "./chunk-GZD2UFLR.js";
 import {
   deploy,
   merkleizeJS,
   merkleizeWithStableOrder
-} from "./chunk-DKGCOGRT.js";
+} from "./chunk-6VYOUYMI.js";
+import "./chunk-G56VYTUD.js";
 import "./chunk-HOTQDYHD.js";
 import {
   computeStats,
@@ -47,19 +48,19 @@ import {
   isVolatilePath,
   parseManifest
 } from "./chunk-S7EM5VMW.js";
-import "./chunk-YUSHBZBX.js";
-import "./chunk-LRRQP7DH.js";
-import "./chunk-HK3B5MKA.js";
+import "./chunk-VQB3JWK7.js";
+import "./chunk-XKTAIQJ4.js";
+import "./chunk-ODIIC66I.js";
 import {
   probeChunks
-} from "./chunk-3LNKPUZ7.js";
+} from "./chunk-AG37IM3H.js";
 import "./chunk-C2TS5MER.js";
 import {
   DEFAULT_MNEMONIC,
   DotNS,
   parseDomainName,
   sanitizeDomainLabel
-} from "./chunk-S7S7WENB.js";
+} from "./chunk-NO3BNQFL.js";
 import {
   bootstrapPool,
   derivePoolAccounts,
@@ -67,7 +68,7 @@ import {
   fetchPoolAuthorizations,
   selectAccount
 } from "./chunk-QS7YU76C.js";
-import "./chunk-WF2XKCEZ.js";
+import "./chunk-EZ352IGD.js";
 import {
   VERSION,
   loadRunState,
@@ -77,7 +78,7 @@ import {
   shouldSkipStaleWarning,
   stateFilePath,
   writeRunState
-} from "./chunk-XM5MFMMX.js";
+} from "./chunk-UFQ4EZP3.js";
 import {
   DEFAULT_ENV_ID,
   deepMergeEnvironments,
@@ -88,7 +89,7 @@ import {
   loadEnvironments,
   resolveEndpoints,
   validateContractAddresses
-} from "./chunk-5K3RI5C2.js";
+} from "./chunk-GL3U7K2B.js";
 import "./chunk-ZOC4GITL.js";
 export {
   DEFAULT_ENV_ID,

package/dist/manifest/publish.js

@@ -1,23 +1,24 @@
 import {
   publishManifest
-} from "../chunk-JMHX3M4C.js";
+} from "../chunk-J3WABBZ7.js";
 import "../chunk-RI3ZLNPN.js";
-import "../chunk-DKGCOGRT.js";
+import "../chunk-6VYOUYMI.js";
+import "../chunk-G56VYTUD.js";
 import "../chunk-HOTQDYHD.js";
 import "../chunk-IW3X2MJF.js";
 import "../chunk-KOSF5FDO.js";
 import "../chunk-J3NIXHZZ.js";
 import "../chunk-S7EM5VMW.js";
-import "../chunk-YUSHBZBX.js";
-import "../chunk-LRRQP7DH.js";
-import "../chunk-HK3B5MKA.js";
-import "../chunk-3LNKPUZ7.js";
+import "../chunk-VQB3JWK7.js";
+import "../chunk-XKTAIQJ4.js";
+import "../chunk-ODIIC66I.js";
+import "../chunk-AG37IM3H.js";
 import "../chunk-C2TS5MER.js";
-import "../chunk-S7S7WENB.js";
+import "../chunk-NO3BNQFL.js";
 import "../chunk-QS7YU76C.js";
-import "../chunk-WF2XKCEZ.js";
-import "../chunk-XM5MFMMX.js";
-import "../chunk-5K3RI5C2.js";
+import "../chunk-EZ352IGD.js";
+import "../chunk-UFQ4EZP3.js";
+import "../chunk-GL3U7K2B.js";
 import "../chunk-ZOC4GITL.js";
 export {
   publishManifest

package/dist/manifest/types.d.ts

@@ -83,7 +83,7 @@ interface ProductConfig {
  *
  * @example
  *   import { defineConfig } from "bulletin-deploy";
- *   export default defineConfig({ domain: "hackm3.dot", ... });
+ *   export default defineConfig({ domain: "demoapp.dot", ... });
  */
 declare function defineConfig<T extends ProductConfig>(config: T): T;
 

package/dist/memory-report.js

@@ -5,8 +5,8 @@ import {
   maybeWriteMemoryReport,
   safeHeap,
   sampleFromBytes
-} from "./chunk-WF2XKCEZ.js";
-import "./chunk-XM5MFMMX.js";
+} from "./chunk-EZ352IGD.js";
+import "./chunk-UFQ4EZP3.js";
 export {
   DEFAULT_THRESHOLD_MB,
   buildMemoryReport,

package/dist/merkle.js

@@ -6,22 +6,23 @@ import {
   merkleizeKuboBackend,
   merkleizeWithStableOrder,
   rebuildOrderedCarFromBytes
-} from "./chunk-DKGCOGRT.js";
+} from "./chunk-6VYOUYMI.js";
+import "./chunk-G56VYTUD.js";
 import "./chunk-HOTQDYHD.js";
 import "./chunk-IW3X2MJF.js";
 import "./chunk-KOSF5FDO.js";
 import "./chunk-J3NIXHZZ.js";
 import "./chunk-S7EM5VMW.js";
-import "./chunk-YUSHBZBX.js";
-import "./chunk-LRRQP7DH.js";
-import "./chunk-HK3B5MKA.js";
-import "./chunk-3LNKPUZ7.js";
+import "./chunk-VQB3JWK7.js";
+import "./chunk-XKTAIQJ4.js";
+import "./chunk-ODIIC66I.js";
+import "./chunk-AG37IM3H.js";
 import "./chunk-C2TS5MER.js";
-import "./chunk-S7S7WENB.js";
+import "./chunk-NO3BNQFL.js";
 import "./chunk-QS7YU76C.js";
-import "./chunk-WF2XKCEZ.js";
-import "./chunk-XM5MFMMX.js";
-import "./chunk-5K3RI5C2.js";
+import "./chunk-EZ352IGD.js";
+import "./chunk-UFQ4EZP3.js";
+import "./chunk-GL3U7K2B.js";
 import "./chunk-ZOC4GITL.js";
 export {
   buildOrderedCar,

package/dist/personhood/bind-paid-alias.js

@@ -1,10 +1,10 @@
 import {
   PaidAliasBindingError,
   bindPaidAliasToAccount
-} from "../chunk-OCKCB72S.js";
-import "../chunk-EJI3MX4G.js";
-import "../chunk-ZYVGHDMU.js";
+} from "../chunk-L5Z3TJD7.js";
+import "../chunk-SLE4P6MO.js";
 import "../chunk-SI2ZUOYD.js";
+import "../chunk-ZYVGHDMU.js";
 export {
   PaidAliasBindingError,
   bindPaidAliasToAccount

package/dist/personhood/bind-personal-id.js

@@ -2,9 +2,9 @@ import {
   PersonalIdBindingError,
   bindPersonalIdToAccount,
   buildAsPersonExtensionValue
-} from "../chunk-7URNKK6J.js";
-import "../chunk-ZYVGHDMU.js";
+} from "../chunk-LHLCPDGL.js";
 import "../chunk-SI2ZUOYD.js";
+import "../chunk-ZYVGHDMU.js";
 export {
   PersonalIdBindingError,
   bindPersonalIdToAccount,

package/dist/personhood/bootstrap.js

@@ -1,12 +1,3 @@
-import {
-  bindPersonalIdToAccount
-} from "../chunk-7URNKK6J.js";
-import {
-  runChainPrereqProbes
-} from "../chunk-XAB7WM3S.js";
-import {
-  claimPgas
-} from "../chunk-EATOPQFR.js";
 import {
   deriveMemberEntropy,
   deriveMemberKey
@@ -14,25 +5,34 @@ import {
 import "../chunk-UPWEOGLQ.js";
 import {
   bindPaidAliasToAccount
-} from "../chunk-OCKCB72S.js";
-import "../chunk-EJI3MX4G.js";
+} from "../chunk-L5Z3TJD7.js";
+import "../chunk-SLE4P6MO.js";
 import {
-  bytesToHex
-} from "../chunk-ZYVGHDMU.js";
+  bindPersonalIdToAccount
+} from "../chunk-LHLCPDGL.js";
+import {
+  runChainPrereqProbes
+} from "../chunk-XAB7WM3S.js";
+import {
+  claimPgas
+} from "../chunk-7Y7RDOGT.js";
 import {
   DOTNS_CONTEXT_BYTES,
   PEOPLE_MEMBER_IDENTIFIER_HEX,
   PGAS_ASSET_ID
 } from "../chunk-SI2ZUOYD.js";
+import {
+  bytesToHex
+} from "../chunk-ZYVGHDMU.js";
 import {
   WS_HEARTBEAT_TIMEOUT_MS
-} from "../chunk-S7S7WENB.js";
+} from "../chunk-NO3BNQFL.js";
 import "../chunk-QS7YU76C.js";
-import "../chunk-WF2XKCEZ.js";
-import "../chunk-XM5MFMMX.js";
+import "../chunk-EZ352IGD.js";
+import "../chunk-UFQ4EZP3.js";
 import {
   loadEnvironments
-} from "../chunk-5K3RI5C2.js";
+} from "../chunk-GL3U7K2B.js";
 import "../chunk-ZOC4GITL.js";
 
 // src/personhood/bootstrap.ts

package/dist/personhood/claim-pgas.js

@@ -3,9 +3,9 @@ import {
   buildAsPgasClaimExtensionValue,
   buildImplicationExclude,
   claimPgas
-} from "../chunk-EATOPQFR.js";
-import "../chunk-ZYVGHDMU.js";
+} from "../chunk-7Y7RDOGT.js";
 import "../chunk-SI2ZUOYD.js";
+import "../chunk-ZYVGHDMU.js";
 export {
   PgasClaimError,
   buildAsPgasClaimExtensionValue,

package/dist/personhood/people-client.js

@@ -1,12 +1,12 @@
 import {
   WS_HEARTBEAT_TIMEOUT_MS
-} from "../chunk-S7S7WENB.js";
+} from "../chunk-NO3BNQFL.js";
 import "../chunk-QS7YU76C.js";
-import "../chunk-WF2XKCEZ.js";
-import "../chunk-XM5MFMMX.js";
+import "../chunk-EZ352IGD.js";
+import "../chunk-UFQ4EZP3.js";
 import {
   loadEnvironments
-} from "../chunk-5K3RI5C2.js";
+} from "../chunk-GL3U7K2B.js";
 import "../chunk-ZOC4GITL.js";
 
 // src/personhood/people-client.ts

package/dist/personhood/proof-validity.js

@@ -2,9 +2,9 @@ import {
   buildAliasProofMessage,
   getProofValidAtSec,
   u64LeBytes
-} from "../chunk-EJI3MX4G.js";
-import "../chunk-ZYVGHDMU.js";
+} from "../chunk-SLE4P6MO.js";
 import "../chunk-SI2ZUOYD.js";
+import "../chunk-ZYVGHDMU.js";
 export {
   buildAliasProofMessage,
   getProofValidAtSec,

package/dist/personhood/reprove.js

@@ -1,16 +1,16 @@
 import {
   buildAliasProofMessage,
   getProofValidAtSec
-} from "../chunk-EJI3MX4G.js";
+} from "../chunk-SLE4P6MO.js";
+import {
+  PEOPLE_MEMBER_IDENTIFIER_HEX,
+  PROOF_BYTES
+} from "../chunk-SI2ZUOYD.js";
 import {
   bytesToHex,
   encodeMembers,
   hexToBytes
 } from "../chunk-ZYVGHDMU.js";
-import {
-  PEOPLE_MEMBER_IDENTIFIER_HEX,
-  PROOF_BYTES
-} from "../chunk-SI2ZUOYD.js";
 
 // src/personhood/reprove.ts
 import { getSs58AddressInfo, Binary } from "polkadot-api";

package/dist/run-state.js

@@ -7,7 +7,7 @@ import {
   shouldSkipStaleWarning,
   stateFilePath,
   writeRunState
-} from "./chunk-XM5MFMMX.js";
+} from "./chunk-UFQ4EZP3.js";
 export {
   VERSION,
   loadRunState,

package/dist/{signer-CriGqahj.d.ts → signer-vR6KKC7V.d.ts}

@@ -1,6 +1,6 @@
 import { DevAccountName } from '@parity/product-sdk-tx';
 import { PolkadotSigner } from 'polkadot-api';
-import { e as SessionHandle, S as SessionAddresses, A as AuthClient } from './auth-DkRZBK-T.js';
+import { h as SessionHandle, S as SessionAddresses, c as AuthClient } from './auth-C-Pel0AT.js';
 
 type SignerSource = "dev" | "session";
 interface ResolvedSigner {

package/dist/spinner.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Minimal terminal spinner with an elapsed-time readout.
+ *
+ * Renders `⠙ <label>… (3s)` on a single line via carriage-return redraw, in the
+ * style of Claude Code's live status. Built for awaiting a single async op
+ * (e.g. polling on-chain authorization during login).
+ *
+ * Footgun-safe by design:
+ *  - the redraw interval is .unref()'d, so it never keeps the Node event loop
+ *    alive — callers that process.exit() still exit cleanly.
+ *  - stop() is idempotent and always clears the interval.
+ *  - in a non-TTY (CI / piped output) it prints one static line and no \r
+ *    animation, so logs stay clean.
+ */
+interface Spinner {
+    /** Stop the spinner, clear the line, and optionally print a final line. */
+    stop(finalLine?: string): void;
+}
+declare function startSpinner(label: string, stream?: NodeJS.WriteStream): Spinner;
+
+export { type Spinner, startSpinner };

package/dist/spinner.js

@@ -0,0 +1,6 @@
+import {
+  startSpinner
+} from "./chunk-J7CYVTAW.js";
+export {
+  startSpinner
+};

package/dist/sss-allowance.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Statement Store (SSS) allowance preflight — pure storage read, no signing.
+ *
+ * The People chain stores SSS allowances under a deterministic key:
+ *   b":statement_allowance:" ++ raw_32_byte_account_pubkey
+ *
+ * We can check this via a single `state_getStorage` RPC call — no transaction,
+ * no phone dialog. Non-null, non-"0x" result means the allowance is present.
+ *
+ * Reference: substrate/primitives/statement-store/src/lib.rs
+ */
+/**
+ * Build the hex-encoded storage key for an SSS allowance check.
+ *
+ * Format: 0x + hex(":statement_allowance:" + pubkey_32_bytes)
+ * No twox/blake2 hashing — the key is the raw concatenation.
+ */
+declare function sssStorageKey(pubkey: Uint8Array): string;
+/**
+ * Check whether a Statement Store allowance is present on the People chain.
+ *
+ * @returns
+ *   - `true`  — allowance present (continue)
+ *   - `false` — allowance absent / expired (user must re-login)
+ *   - `null`  — could not determine (network error or timeout; caller decides whether to block)
+ */
+declare function checkSSSAllowance(pubkey: Uint8Array, peopleEndpoints: string[], timeoutMs?: number): Promise<boolean | null>;
+
+export { checkSSSAllowance, sssStorageKey };

package/dist/sss-allowance.js

@@ -0,0 +1,8 @@
+import {
+  checkSSSAllowance,
+  sssStorageKey
+} from "./chunk-G56VYTUD.js";
+export {
+  checkSSSAllowance,
+  sssStorageKey
+};

package/dist/storage-signer.d.ts

@@ -5,6 +5,11 @@ import { PolkadotSigner } from 'polkadot-api';
  * Returns null when not cached. storageDir defaults to os.homedir().
  *
  * Cache format: @parity/product-sdk-terminal host-cache.ts v1.
+ *
+ * NOTE: reads the pre-0.8.6 plaintext cache format (_AllowanceKeys.json). On host-papp 0.8.6+
+ * the cache is AES-encrypted and keyed by sessionId (_AllowanceKeys_<sessionId>.json), so
+ * this function returns null on 0.8.6+ installations. Use adapter.allowance.getBulletinSigner()
+ * for runtime checks instead.
  */
 declare function readBulletinSlotSigner(appId: string, storageDir?: string): Promise<{
     signer: PolkadotSigner;
@@ -24,9 +29,96 @@ declare function extractBulletinSlotKey(outcomes: {
     tag: string;
     value: unknown;
 }[]): `0x${string}` | null;
+/**
+ * Typed error thrown by getSlotSignerProvider when the slot account is not
+ * usably authorized on-chain.  The `reason` field lets callers produce
+ * targeted messages without string-matching.
+ *
+ *  "missing"  — no Authorizations entry found for the slot account.
+ *  "expired"  — entry exists but expiration ≤ current finalized block.
+ */
+declare class BulletinSlotAuthError extends Error {
+    readonly reason: "missing" | "expired";
+    /** The on-chain expiration block (only set when reason === "expired"). */
+    readonly expiration?: number;
+    constructor(reason: "missing" | "expired", ss58: string, expiration?: number);
+}
+/**
+ * Pure active-test for a Bulletin Authorizations entry.
+ * Shared by getSlotSignerProvider (single probe) and the poll loop in
+ * waitForBulletinAuthorization (repeated probes).
+ *
+ * @param auth  Raw value from TransactionStorage.Authorizations.getValue — null when absent.
+ * @param blockNumber  Current finalized block number.
+ */
+declare function isBulletinAuthActive(auth: {
+    expiration?: bigint | number;
+} | null | undefined, blockNumber: number): {
+    active: true;
+    expiration: number;
+} | {
+    active: false;
+    reason: "missing" | "expired";
+    expiration?: number;
+};
+/**
+ * Internal poll loop for waitForBulletinAuthorization.
+ * Injecting the query function keeps the loop unit-testable without a real WS connection.
+ *
+ * @param queryFn  Async function that returns {auth, blockNumber} — mock in tests.
+ * @param opts     pollMs (default 2000), timeoutMs (default 90000).
+ *
+ * Transient query errors (thrown by queryFn) are retried until the deadline — a
+ * flaky WS read is NOT treated as "unauthorized". Only a clean active-check
+ * returning false advances toward timeout.
+ */
+declare function pollUntilBulletinAuthorized(queryFn: () => Promise<{
+    auth: {
+        expiration?: bigint | number;
+    } | null | undefined;
+    blockNumber: number;
+}>, opts?: {
+    timeoutMs?: number;
+    pollMs?: number;
+}): Promise<{
+    authorized: true;
+    expiration: number;
+} | {
+    authorized: false;
+    reason: "timeout";
+}>;
+/**
+ * Open a Bulletin WS connection, poll Authorizations until the slot account's
+ * authorization lands on-chain, then destroy the connection and return.
+ *
+ * Intended for the fresh-login path in src/commands/login.ts to gate the
+ * success summary until the authorization is finalized (avoids the first-run
+ * race where deploy checks immediately after phone approval but before the
+ * on-chain tx is included).
+ *
+ * Does NOT print any progress — the caller (login.ts) owns the output via a
+ * spinner. Pass `quiet: true` to suppress connection status chatter so the
+ * caller's spinner owns the line.
+ *
+ * @returns `{ authorized: true, expiration }` on success;
+ *          `{ authorized: false, reason: "timeout" }` after the configured timeout.
+ */
+declare function waitForBulletinAuthorization(ss58: string, opts?: {
+    timeoutMs?: number;
+    pollMs?: number;
+    quiet?: boolean;
+    endpoints?: string[];
+}): Promise<{
+    authorized: true;
+    expiration: number;
+} | {
+    authorized: false;
+    reason: "timeout";
+}>;
 /**
  * Create a Bulletin WS connection for the slot-account signer.
- * No authorization checks — pool fallback is handled by the caller (selectStorageReconnect).
+ * Checks on-chain authorization (single probe — no poll). Throws BulletinSlotAuthError
+ * with reason "missing" | "expired" so callers can distinguish and produce targeted messages.
  */
 declare function getSlotSignerProvider(signer: PolkadotSigner, ss58: string): Promise<{
     client: any;
@@ -35,4 +127,4 @@ declare function getSlotSignerProvider(signer: PolkadotSigner, ss58: string): Pr
     ss58: string;
 }>;
 
-export { extractBulletinSlotKey, getSlotSignerProvider, readBulletinSlotSigner, writeBulletinSlotKey };
+export { BulletinSlotAuthError, extractBulletinSlotKey, getSlotSignerProvider, isBulletinAuthActive, pollUntilBulletinAuthorized, readBulletinSlotSigner, waitForBulletinAuthorization, writeBulletinSlotKey };