@parity/product-deploy 0.8.3 → 0.9.0-rc.1

package/dist/storage-signer.js

@@ -1,28 +1,37 @@
 import {
+  BulletinSlotAuthError,
   extractBulletinSlotKey,
   getSlotSignerProvider,
+  isBulletinAuthActive,
+  pollUntilBulletinAuthorized,
   readBulletinSlotSigner,
+  waitForBulletinAuthorization,
   writeBulletinSlotKey
-} from "./chunk-DKGCOGRT.js";
+} from "./chunk-6VYOUYMI.js";
+import "./chunk-G56VYTUD.js";
 import "./chunk-HOTQDYHD.js";
 import "./chunk-IW3X2MJF.js";
 import "./chunk-KOSF5FDO.js";
 import "./chunk-J3NIXHZZ.js";
 import "./chunk-S7EM5VMW.js";
-import "./chunk-YUSHBZBX.js";
-import "./chunk-LRRQP7DH.js";
-import "./chunk-HK3B5MKA.js";
-import "./chunk-3LNKPUZ7.js";
+import "./chunk-VQB3JWK7.js";
+import "./chunk-XKTAIQJ4.js";
+import "./chunk-ODIIC66I.js";
+import "./chunk-AG37IM3H.js";
 import "./chunk-C2TS5MER.js";
-import "./chunk-S7S7WENB.js";
+import "./chunk-NO3BNQFL.js";
 import "./chunk-QS7YU76C.js";
-import "./chunk-WF2XKCEZ.js";
-import "./chunk-XM5MFMMX.js";
-import "./chunk-5K3RI5C2.js";
+import "./chunk-EZ352IGD.js";
+import "./chunk-UFQ4EZP3.js";
+import "./chunk-GL3U7K2B.js";
 import "./chunk-ZOC4GITL.js";
 export {
+  BulletinSlotAuthError,
   extractBulletinSlotKey,
   getSlotSignerProvider,
+  isBulletinAuthActive,
+  pollUntilBulletinAuthorized,
   readBulletinSlotSigner,
+  waitForBulletinAuthorization,
   writeBulletinSlotKey
 };

package/dist/telemetry.js

@@ -33,8 +33,8 @@ import {
   truncateAddress,
   withDeploySpan,
   withSpan
-} from "./chunk-WF2XKCEZ.js";
-import "./chunk-XM5MFMMX.js";
+} from "./chunk-EZ352IGD.js";
+import "./chunk-UFQ4EZP3.js";
 export {
   VERSION,
   __setDeployRootSpanForTest,

package/dist/version-check.d.ts

@@ -3,8 +3,6 @@ import { Readable } from 'node:stream';
 interface VersionInfo {
     latest: string;
     minimumFromRegistry: string | null;
-    minimumFromKillSwitch: string | null;
-    killSwitchMessage: string | null;
 }
 declare function checkNodeVersion(enginesNode: string, currentVersion: string): string | null;
 declare function compareSemver(a: string, b: string): number;
@@ -20,7 +18,6 @@ type VersionVerdict = {
     action: "forced_update";
     currentVersion: string;
     minimumVersion: string;
-    message: string | null;
 } | {
     action: "suggest_update";
     currentVersion: string;

package/dist/version-check.js

@@ -11,9 +11,9 @@ import {
   isPreReleaseVersion,
   preReleaseWarning,
   promptYesNo
-} from "./chunk-HK3B5MKA.js";
-import "./chunk-WF2XKCEZ.js";
-import "./chunk-XM5MFMMX.js";
+} from "./chunk-ODIIC66I.js";
+import "./chunk-EZ352IGD.js";
+import "./chunk-UFQ4EZP3.js";
 export {
   assessVersion,
   checkNodeVersion,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@parity/product-deploy",
-  "version": "0.8.3",
+  "version": "0.9.0-rc.1",
   "private": false,
   "repository": {
     "type": "git",
@@ -40,18 +40,21 @@
     "bin",
     "docs",
     "assets",
+    "patches",
     "tools/release-retry-wrapper.mjs"
   ],
   "scripts": {
-    "build": "tsup src/index.ts src/deploy.ts src/dotns.ts src/pool.ts src/telemetry.ts src/memory-report.ts src/merkle.ts src/gh-pages-mirror.ts src/version-check.ts src/bug-report.ts src/run-state.ts src/environments.ts src/errors.ts src/manifest.ts src/chunk-probe.ts src/manifest-embed.ts src/manifest-fetch.ts src/manifest-roundtrip.ts src/incremental-stats.ts src/chunker.ts src/personhood/encoding.ts src/personhood/hashing.ts src/personhood/constants.ts src/personhood/member-key.ts src/personhood/people-client.ts src/personhood/proof-validity.ts src/personhood/reprove.ts src/personhood/bind-personal-id.ts src/personhood/claim-pgas.ts src/personhood/bind-paid-alias.ts src/personhood/bootstrap.ts src/personhood/chain-prereqs.ts src/manifest/types.ts src/manifest/schema.ts src/manifest/byte-budget.ts src/manifest/config-load.ts src/manifest/publish.ts src/auth/index.ts src/auth/vendor/index.ts src/auth/vendor/ui/index.ts src/auth-config.ts src/commands/login.ts src/commands/logout.ts src/commands/whoami.ts src/storage-signer.ts --format esm --dts --clean --target node22",
+    "build": "tsup src/index.ts src/deploy.ts src/dotns.ts src/pool.ts src/telemetry.ts src/memory-report.ts src/merkle.ts src/gh-pages-mirror.ts src/version-check.ts src/bug-report.ts src/run-state.ts src/environments.ts src/errors.ts src/manifest.ts src/chunk-probe.ts src/manifest-embed.ts src/manifest-fetch.ts src/manifest-roundtrip.ts src/incremental-stats.ts src/chunker.ts src/personhood/encoding.ts src/personhood/hashing.ts src/personhood/constants.ts src/personhood/member-key.ts src/personhood/people-client.ts src/personhood/proof-validity.ts src/personhood/reprove.ts src/personhood/bind-personal-id.ts src/personhood/claim-pgas.ts src/personhood/bind-paid-alias.ts src/personhood/bootstrap.ts src/personhood/chain-prereqs.ts src/manifest/types.ts src/manifest/schema.ts src/manifest/byte-budget.ts src/manifest/config-load.ts src/manifest/publish.ts src/auth/index.ts src/auth/vendor/index.ts src/auth/vendor/ui/index.ts src/auth-config.ts src/commands/login.ts src/commands/logout.ts src/commands/whoami.ts src/storage-signer.ts src/spinner.ts src/sss-allowance.ts --format esm --dts --clean --target node22",
     "refresh-environments": "node scripts/refresh-environments.mjs",
+    "postinstall": "patch-package",
     "prepare": "npm run build",
-    "test": "npm run build && node --test test/test.js test/cli-help.test.js test/helpers/e2e-helpers.test.js test/environments.test.js test/refresh-environments.test.js test/chunk-sharing-report.test.js test/product-manifest.test.js test/cache-savings-totals.test.js test/error-pattern-signature.test.js test/exit-codes.test.js test/probe-env-health.test.js test/e2e-chain-calls.test.js test/auth-config.test.js test/whoami.test.js test/login.test.js test/logout.test.js test/auth-resolve.test.js",
+    "test": "npm run build && node --test test/test.js test/cli-help.test.js test/helpers/e2e-helpers.test.js test/environments.test.js test/refresh-environments.test.js test/chunk-sharing-report.test.js test/product-manifest.test.js test/cache-savings-totals.test.js test/error-pattern-signature.test.js test/exit-codes.test.js test/probe-env-health.test.js test/e2e-chain-calls.test.js test/auth-config.test.js test/whoami.test.js test/login.test.js test/logout.test.js test/auth-resolve.test.js test/storage-signer.test.js test/spinner.test.js test/sss-allowance.test.js && npm run test:vendor",
     "test:e2e": "npm run build && node --test test/e2e.test.js",
     "test:e2e:smoke": "bash scripts/e2e-pass.sh smoke",
     "test:e2e:pr": "bash scripts/e2e-pass.sh pr",
     "test:e2e:nightly": "bash scripts/e2e-pass.sh nightly",
-    "benchmark": "npm run build && node benchmark.js"
+    "benchmark": "npm run build && node benchmark.js",
+    "test:vendor": "vitest run src/auth/vendor"
   },
   "dependencies": {
     "@ipld/car": "^5.4.3",
@@ -59,7 +62,7 @@
     "@noble/hashes": "^1.7.2",
     "@parity/product-sdk-address": "^0.1.1",
     "@parity/product-sdk-keys": "^0.3.0",
-    "@parity/product-sdk-terminal": "^0.2.1",
+    "@parity/product-sdk-terminal": "^0.3.1",
     "@parity/product-sdk-tx": "^0.2.4",
     "@polkadot-api/metadata-builders": "^0.14.2",
     "@polkadot-api/substrate-bindings": "^0.20.2",
@@ -72,28 +75,30 @@
     "ipfs-unixfs-importer": "^16.1.4",
     "jiti": "^2.4.2",
     "multiformats": "^13.4.1",
+    "patch-package": "^8.0.1",
     "polkadot-api": "^2.1.3",
     "verifiablejs": "1.3.0-beta.4",
-    "viem": "^2.30.5"
+    "viem": "^2.30.5",
+    "ws": "^8.20.1"
   },
   "devDependencies": {
     "@types/node": "^22.0.0",
+    "@types/ws": "^8.18.1",
     "tsup": "^8.5.0",
     "typescript": "^5.9.3",
-    "vitest": "^3.0.0",
-    "ws": "^8.20.1"
+    "vitest": "^4.1.0"
   },
   "overrides": {
     "@polkadot-api/json-rpc-provider": "^0.2.0",
-    "@novasamatech/host-api": "0.7.9-4",
-    "@novasamatech/host-papp": "0.7.9-4",
-    "@novasamatech/product-sdk": "0.7.9-4",
-    "@novasamatech/scale": "0.7.9-4",
-    "@novasamatech/statement-store": "0.7.9-4",
-    "@novasamatech/storage-adapter": "0.7.9-4"
+    "@novasamatech/host-api": "0.8.6",
+    "@novasamatech/host-papp": "0.8.6",
+    "@novasamatech/scale": "0.8.6",
+    "@novasamatech/statement-store": "0.8.6",
+    "@novasamatech/storage-adapter": "0.8.6"
   },
   "minimumVersion": "0.5.6",
   "engines": {
     "node": ">=22"
-  }
+  },
+  "license": "GPL-3.0-or-later"
 }

package/patches/@novasamatech+sdk-statement+0.6.0.patch

@@ -0,0 +1,47 @@
+diff --git a/node_modules/@novasamatech/sdk-statement/dist/statement-sdk.js b/node_modules/@novasamatech/sdk-statement/dist/statement-sdk.js
+index 3e6bcd2..5f17175 100644
+--- a/node_modules/@novasamatech/sdk-statement/dist/statement-sdk.js
++++ b/node_modules/@novasamatech/sdk-statement/dist/statement-sdk.js
+@@ -8,7 +8,19 @@ const createStatementSdk = (req, subscribe) => {
+   const api = getApi(req, subscribe);
+   const getStatements = (filter = ANY_FILTER) => new Promise((resolve, reject) => {
+     const statements = [];
+-    const unsubscribe = api.subscribeStatement(
++    // PATCH(bulletin-deploy): `unsubscribe` was a `const` initialized from
++    // api.subscribeStatement(...) while BOTH callbacks reference it. When the
++    // underlying observable settles synchronously at subscribe time (e.g. a
++    // poll fires after the websocket client was destroyed, so subscribe
++    // errors immediately), the callback runs before the const is assigned:
++    // "ReferenceError: Cannot access 'unsubscribe' before initialization",
++    // rethrown by rxjs as an uncaughtException. Hit on Ctrl+C / teardown
++    // during an active pairing poll. `let` + a settled flag covers both the
++    // sync-error and sync-completion shapes. Remove when fixed upstream.
++    // From playground-cli PR #281.
++    let settled = false;
++    let unsubscribe = null;
++    unsubscribe = api.subscribeStatement(
+       filter,
+       (event) => {
+         if (event.event === "newStatements") {
+@@ -19,16 +31,19 @@ const createStatementSdk = (req, subscribe) => {
+             }
+           }
+           if (event.data.remaining === 0 || event.data.remaining === void 0) {
+-            unsubscribe();
++            settled = true;
++            unsubscribe?.();
+             resolve(statements);
+           }
+         }
+       },
+       (error) => {
+-        unsubscribe();
++        settled = true;
++        unsubscribe?.();
+         reject(error);
+       }
+     );
++    if (settled) unsubscribe();
+   });
+   return {
+     /**

package/dist/allocations-B65Is4Md.d.ts

@@ -1,97 +0,0 @@
-import { UserSession } from '@parity/product-sdk-terminal';
-
-/**
- * Thin wrapper over the RFC-0010 `host_request_resource_allocation` call.
- * Lifted from playground-cli `src/utils/allowances/host.ts` (issue #411).
- *
- * `@parity/product-sdk-terminal` does not yet re-export this API at its
- * package root, but the underlying `UserSession` (from `@novasamatech/host-papp`)
- * exposes `requestResourceAllocation()`. We call it directly here and gate the
- * shape locally so consumers stay decoupled from the deep import path. Replace
- * this whole module with a `product-sdk-terminal` re-export once the SDK
- * surfaces the same call.
- *
- * Wire format (SCALE-derived, mirrors host-papp's
- * `dist/sso/sessionManager/scale/resourceAllocation.d.ts`):
- *   request  → { callingProductId, resources: AllocatableResource[], onExisting }
- *   response → AllocationOutcome[] (one per resource, in order)
- *
- * The mobile app handles `hostRequestResourceAllocation` in
- * `AllowanceHostCalls.kt` and routes the user through an approval UI.
- */
-
-/**
- * Structural mirror of host-papp's `ApAllocatableResource` codec type. We
- * declare it locally because host-papp's package root doesn't re-export the
- * codec types yet — when it does (and product-sdk-terminal threads them
- * through) this can be replaced with a direct import.
- *
- *   StatementStoreAllowance — write to the SSS (host_chat, allowance ring).
- *   BulletInAllowance       — write to Bulletin (TransactionStorage.store).
- *   SmartContractAllowance  — PGAS sponsoring for Revive contract calls.
- *                             The `value` is the derivation index of the
- *                             product account (0 for the default account).
- *   AutoSigning             — surrender the product-account signing key to
- *                             the host so it can sign on the user's behalf
- *                             without per-call prompts. Not used today.
- */
-type AllocatableResource = {
-    tag: "StatementStoreAllowance";
-    value: undefined;
-} | {
-    tag: "BulletInAllowance";
-    value: undefined;
-} | {
-    tag: "SmartContractAllowance";
-    value: number;
-} | {
-    tag: "AutoSigning";
-    value: undefined;
-};
-/**
- * Outcome of one allocation. We don't read the inner `Allocated` payload
- * (allowance slot keys, derivation secrets) — the host stores them and uses
- * them transparently on subsequent calls. We just need the tag to know
- * whether the allocation succeeded.
- */
-type AllocationOutcome = {
-    tag: "Allocated";
-    value: unknown;
-} | {
-    tag: "Rejected";
-    value: undefined;
-} | {
-    tag: "NotAvailable";
-    value: undefined;
-};
-/** Tag-only view, handy for downstream code that doesn't care about payloads. */
-type ResourceTag = AllocatableResource["tag"];
-type OnExistingAllowancePolicy = "Ignore" | "Increase";
-/**
- * Default mobile-granted resource set for a CLI product account: write access
- * to the statement store + Bulletin, plus PGAS sponsoring for the default
- * (index 0) product account.
- */
-declare const DEFAULT_RESOURCES: AllocatableResource[];
-/**
- * Send a `host_request_resource_allocation` request over the user's active
- * session. The host (mobile wallet) prompts the user to approve and returns
- * one outcome per requested resource in order.
- *
- * Throws on transport-level failures (Statement Store unreachable, encryption
- * error, etc.). Per-resource refusals are reported as `Rejected`/`NotAvailable`
- * outcomes — callers inspect the array to decide whether to proceed.
- */
-declare function requestResourceAllocation(session: UserSession, productId: string, resources?: AllocatableResource[], onExisting?: OnExistingAllowancePolicy): Promise<AllocationOutcome[]>;
-interface AllocationSummary {
-    granted: AllocatableResource[];
-    rejected: AllocatableResource[];
-    unavailable: AllocatableResource[];
-}
-/**
- * Bucket allocation outcomes by tag. Order-sensitive: `outcomes[i]` maps to
- * `resources[i]`. Outcomes without a matching resource are silently dropped.
- */
-declare function summarizeOutcomes(outcomes: AllocationOutcome[], resources: AllocatableResource[]): AllocationSummary;
-
-export { type AllocatableResource as A, DEFAULT_RESOURCES as D, type OnExistingAllowancePolicy as O, type ResourceTag as R, type AllocationOutcome as a, type AllocationSummary as b, requestResourceAllocation as r, summarizeOutcomes as s };

package/dist/auth-DkRZBK-T.d.ts

@@ -1,122 +0,0 @@
-import { TerminalAdapter, UserSession } from '@parity/product-sdk-terminal';
-import { PolkadotSigner } from 'polkadot-api';
-import { A as AllocatableResource, O as OnExistingAllowancePolicy, a as AllocationOutcome } from './allocations-B65Is4Md.js';
-
-/**
- * Per-product configuration injected into `createAuthClient`. Lifting the
- * sign-in glue out of playground-cli (issue #411) means the env-specific
- * constants playground hard-coded in its `config.ts` (DAPP_ID, product id,
- * metadata URL, People-chain endpoints) become consumer-supplied so the same
- * package serves `playground` and `dot` (and future products) unchanged.
- */
-interface AuthConfig {
-    /** The dApp identity string. Scopes the on-disk session namespace
-     *  (`~/.polkadot-apps/${dappId}_*`) and the SSO pairing — each product
-     *  gets its own, independently-revocable session. */
-    dappId: string;
-    /** Product id used to derive the product account (`/product/{productId}/{index}`). */
-    productId: string;
-    /** Derivation index of the product account (0 = default). */
-    derivationIndex: number;
-    /** Hosted app-metadata doc (name/icon) the mobile wallet reads at pairing. */
-    metadataUrl: string;
-    /** People-parachain RPC endpoints the terminal adapter connects to. */
-    peopleEndpoints: string[];
-}
-
-/**
- * The three addresses we surface from a paired session.
- *
- * - `rootAddress` — SS58 of `session.rootAccountId`, the `rootUserAccountId`
- *   the mobile app sent over the SSO handshake (bare-mnemonic sr25519 root on
- *   current mobile builds). Keyed by `Resources.Consumers` on the People
- *   parachain, so it's the right input for `lookupUsername`.
- * - `productAddress` — SS58 of the product account derived via
- *   `product/{productId}/{index}` from `rootAccountId`. This is what actually
- *   signs on-chain transactions from the CLI.
- * - `productH160` — the same product pubkey as a 20-byte EVM address (Revive /
- *   contracts view). Derived from the SAME pubkey as `productAddress`.
- */
-interface SessionAddresses {
-    rootAddress: string;
-    productAddress: string;
-    productH160: `0x${string}`;
-}
-type ConnectResult = {
-    kind: "existing";
-    address: string;
-    addresses: SessionAddresses;
-} | {
-    kind: "qr";
-    qrCode: string;
-    login: LoginHandle;
-};
-type LoginStatus = {
-    step: "waiting";
-} | {
-    step: "paired";
-} | {
-    step: "pending";
-    stage: string;
-} | {
-    step: "success";
-    address: string;
-    addresses: SessionAddresses;
-} | {
-    step: "error";
-    message: string;
-};
-interface LoginHandle {
-    adapter: TerminalAdapter;
-    /** The authenticate() promise — already running since connect(). */
-    authPromise: ReturnType<TerminalAdapter["sso"]["authenticate"]>;
-}
-/**
- * A session signer bundle — the signer plus an explicit `destroy()` that tears
- * down the long-lived adapter the signer depends on. Callers MUST invoke
- * `destroy()` once done — the WebSocket keeps the event loop alive.
- */
-interface SessionHandle {
-    address: string;
-    addresses: SessionAddresses;
-    signer: PolkadotSigner;
-    userSession: UserSession;
-    destroy(): void;
-}
-type LogoutStatus = {
-    step: "disconnecting";
-    address: string;
-} | {
-    step: "success";
-    address: string;
-} | {
-    step: "partial";
-    address: string;
-    reason: string;
-} | {
-    step: "error";
-    message: string;
-};
-interface LogoutHandle {
-    adapter: TerminalAdapter;
-    address: string;
-    session: UserSession;
-}
-/** The product-bound auth surface returned by `createAuthClient`. */
-interface AuthClient {
-    connect(): Promise<ConnectResult>;
-    waitForLogin(handle: LoginHandle, onStatus: (status: LoginStatus) => void): Promise<string | null>;
-    getSessionSigner(): Promise<SessionHandle | null>;
-    findSession(): Promise<LogoutHandle | null>;
-    waitForLogout(handle: LogoutHandle, onStatus: (status: LogoutStatus) => void): Promise<void>;
-    requestAllocation(session: UserSession, resources?: AllocatableResource[], onExisting?: OnExistingAllowancePolicy): Promise<AllocationOutcome[]>;
-    clearLocalAppStorage(dir?: string): Promise<void>;
-}
-/**
- * Build an auth client bound to a product's `AuthConfig`. All adapter creation,
- * address derivation, and session-storage scoping read from `config`, so the
- * same code serves any product.
- */
-declare function createAuthClient(config: AuthConfig): AuthClient;
-
-export { type AuthClient as A, type ConnectResult as C, type LoginHandle as L, type SessionAddresses as S, type AuthConfig as a, type LoginStatus as b, type LogoutHandle as c, type LogoutStatus as d, type SessionHandle as e, createAuthClient as f };

package/dist/{chunk-EATOPQFR.js → chunk-7Y7RDOGT.js}

@@ -1,3 +1,8 @@
+import {
+  PEOPLE_MEMBER_IDENTIFIER_HEX,
+  PGAS_ASSET_ID,
+  PROOF_BYTES
+} from "./chunk-SI2ZUOYD.js";
 import {
   buildImplicationMessage,
   buildV5GeneralExtrinsic,
@@ -7,11 +12,6 @@ import {
   readExtensionOrder,
   toHex
 } from "./chunk-ZYVGHDMU.js";
-import {
-  PEOPLE_MEMBER_IDENTIFIER_HEX,
-  PGAS_ASSET_ID,
-  PROOF_BYTES
-} from "./chunk-SI2ZUOYD.js";
 
 // src/personhood/claim-pgas.ts
 import * as verifiable from "verifiablejs/nodejs";

package/dist/{chunk-7URNKK6J.js → chunk-LHLCPDGL.js}

@@ -1,3 +1,6 @@
+import {
+  BANDERSNATCH_SIGNATURE_BYTES
+} from "./chunk-SI2ZUOYD.js";
 import {
   buildImplicationMessage,
   buildV5GeneralExtrinsic,
@@ -6,9 +9,6 @@ import {
   readExtensionOrder,
   toHex
 } from "./chunk-ZYVGHDMU.js";
-import {
-  BANDERSNATCH_SIGNATURE_BYTES
-} from "./chunk-SI2ZUOYD.js";
 
 // src/personhood/bind-personal-id.ts
 import { Enum } from "polkadot-api";

package/dist/{chunk-EJI3MX4G.js → chunk-SLE4P6MO.js}

@@ -1,10 +1,10 @@
+import {
+  ALIAS_PROOF_TAG
+} from "./chunk-SI2ZUOYD.js";
 import {
   blake2_256,
   concatBytes
 } from "./chunk-ZYVGHDMU.js";
-import {
-  ALIAS_PROOF_TAG
-} from "./chunk-SI2ZUOYD.js";
 
 // src/personhood/proof-validity.ts
 var u64LeBytes = (v) => {