@parity/product-deploy 0.9.0-rc.5 → 0.9.0-rc.6

package/dist/auth-config.js

@@ -9,9 +9,9 @@ import {
   getPeopleChainEndpoints,
   hasPersistedSession,
   resolveBulletinEndpoints
-} from "./chunk-QFHJ6UZR.js";
-import "./chunk-7NKTNSFV.js";
-import "./chunk-PIMDUGXF.js";
+} from "./chunk-HGEYWE2P.js";
+import "./chunk-ZL7KBV52.js";
+import "./chunk-ELX3YZQG.js";
 import "./chunk-GL3U7K2B.js";
 import "./chunk-ZOC4GITL.js";
 export {

package/dist/bug-report.js

@@ -9,10 +9,10 @@ import {
   offerBugReport,
   scrubSecrets,
   setDeployContext
-} from "./chunk-KOPUAI2J.js";
-import "./chunk-4ALSZUMX.js";
-import "./chunk-7NKTNSFV.js";
-import "./chunk-PIMDUGXF.js";
+} from "./chunk-NEWDQKA3.js";
+import "./chunk-LIAEGW76.js";
+import "./chunk-ZL7KBV52.js";
+import "./chunk-ELX3YZQG.js";
 export {
   buildCliFlagsSummary,
   buildLabels,

package/dist/{chunk-GCB2CBWY.js → chunk-2XBLLNDK.js}

@@ -6,10 +6,10 @@ import {
   resolveDotnsConnectOptions,
   storeDirectory,
   storeFile
-} from "./chunk-RXCSEXK5.js";
+} from "./chunk-NRDXKYWQ.js";
 import {
   DotNS
-} from "./chunk-BEJBYAB5.js";
+} from "./chunk-T4WUEPAS.js";
 import {
   getPopSelfServeConfig,
   loadEnvironments,

package/dist/chunk-6GGRUTTC.js

@@ -0,0 +1,65 @@
+import {
+  checkSSSAllowance
+} from "./chunk-GRPLHUYC.js";
+import {
+  DOT_DAPP_ID
+} from "./chunk-HGEYWE2P.js";
+
+// src/sss-allowance-cache.ts
+import { mkdir, readFile, writeFile, unlink } from "fs/promises";
+import { homedir } from "os";
+import { dirname, join } from "path";
+var SECONDS_PER_DAY = 86400;
+var CACHE_FILE = `${DOT_DAPP_ID}_SssAllowanceCheck.json`;
+function sssPeriodEndSec(nowSec) {
+  return (Math.floor(nowSec / SECONDS_PER_DAY) + 1) * SECONDS_PER_DAY;
+}
+function cacheFilePath(storageDir) {
+  return join(storageDir ?? homedir(), ".polkadot-apps", CACHE_FILE);
+}
+function accountHex(account) {
+  return Buffer.from(account).toString("hex");
+}
+async function isSssAllowanceCacheValid(account, nowSec = Math.floor(Date.now() / 1e3), storageDir) {
+  try {
+    const raw = await readFile(cacheFilePath(storageDir), "utf-8");
+    const cached = JSON.parse(raw);
+    return cached.account === accountHex(account) && typeof cached.validUntilSec === "number" && nowSec < cached.validUntilSec;
+  } catch {
+    return false;
+  }
+}
+async function writeSssAllowanceCache(account, nowSec = Math.floor(Date.now() / 1e3), storageDir) {
+  const payload = JSON.stringify({
+    account: accountHex(account),
+    validUntilSec: sssPeriodEndSec(nowSec)
+  });
+  const path = cacheFilePath(storageDir);
+  try {
+    await mkdir(dirname(path), { recursive: true, mode: 448 });
+    await writeFile(path, payload, "utf-8");
+  } catch {
+  }
+}
+async function clearSssAllowanceCache(storageDir) {
+  try {
+    await unlink(cacheFilePath(storageDir));
+  } catch {
+  }
+}
+async function preflightSssAllowance(account, getPeopleEndpoints) {
+  if (!account) return null;
+  if (await isSssAllowanceCacheValid(account)) return true;
+  const allowed = await checkSSSAllowance(account, await getPeopleEndpoints());
+  if (allowed === true) await writeSssAllowanceCache(account);
+  else if (allowed === false) await clearSssAllowanceCache();
+  return allowed;
+}
+
+export {
+  sssPeriodEndSec,
+  isSssAllowanceCacheValid,
+  writeSssAllowanceCache,
+  clearSssAllowanceCache,
+  preflightSssAllowance
+};

package/dist/{chunk-PIMDUGXF.js → chunk-ELX3YZQG.js}

@@ -6,7 +6,7 @@ import * as path from "path";
 // package.json
 var package_default = {
   name: "@parity/product-deploy",
-  version: "0.9.0-rc.5",
+  version: "0.9.0-rc.6",
   private: false,
   repository: {
     type: "git",
@@ -50,11 +50,11 @@ var package_default = {
     "tools/release-retry-wrapper.mjs"
   ],
   scripts: {
-    build: "tsup src/index.ts src/deploy.ts src/dotns.ts src/pool.ts src/telemetry.ts src/memory-report.ts src/merkle.ts src/gh-pages-mirror.ts src/version-check.ts src/bug-report.ts src/run-state.ts src/environments.ts src/errors.ts src/manifest.ts src/chunk-probe.ts src/manifest-embed.ts src/manifest-fetch.ts src/manifest-roundtrip.ts src/incremental-stats.ts src/chunker.ts src/personhood/encoding.ts src/personhood/hashing.ts src/personhood/constants.ts src/personhood/member-key.ts src/personhood/people-client.ts src/personhood/proof-validity.ts src/personhood/reprove.ts src/personhood/bind-personal-id.ts src/personhood/claim-pgas.ts src/personhood/bind-paid-alias.ts src/personhood/bootstrap.ts src/personhood/chain-prereqs.ts src/manifest/types.ts src/manifest/schema.ts src/manifest/byte-budget.ts src/manifest/config-load.ts src/manifest/publish.ts src/auth/index.ts src/auth/vendor/index.ts src/auth/vendor/ui/index.ts src/auth-config.ts src/commands/login.ts src/commands/logout.ts src/commands/whoami.ts src/storage-signer.ts src/spinner.ts src/sss-allowance.ts --format esm --dts --clean --target node22",
+    build: "tsup src/index.ts src/deploy.ts src/dotns.ts src/pool.ts src/telemetry.ts src/memory-report.ts src/merkle.ts src/gh-pages-mirror.ts src/version-check.ts src/bug-report.ts src/run-state.ts src/environments.ts src/errors.ts src/manifest.ts src/chunk-probe.ts src/manifest-embed.ts src/manifest-fetch.ts src/manifest-roundtrip.ts src/incremental-stats.ts src/chunker.ts src/personhood/encoding.ts src/personhood/hashing.ts src/personhood/constants.ts src/personhood/member-key.ts src/personhood/people-client.ts src/personhood/proof-validity.ts src/personhood/reprove.ts src/personhood/bind-personal-id.ts src/personhood/claim-pgas.ts src/personhood/bind-paid-alias.ts src/personhood/bootstrap.ts src/personhood/chain-prereqs.ts src/manifest/types.ts src/manifest/schema.ts src/manifest/byte-budget.ts src/manifest/config-load.ts src/manifest/publish.ts src/auth/index.ts src/auth/vendor/index.ts src/auth/vendor/ui/index.ts src/auth-config.ts src/commands/login.ts src/commands/logout.ts src/commands/whoami.ts src/storage-signer.ts src/spinner.ts src/sss-allowance.ts src/sss-allowance-cache.ts --format esm --dts --clean --target node22",
     "refresh-environments": "node scripts/refresh-environments.mjs",
     postinstall: "patch-package || true",
     prepare: "npm run build",
-    test: "npm run build && node --test test/test.js test/cli-help.test.js test/helpers/e2e-helpers.test.js test/environments.test.js test/refresh-environments.test.js test/chunk-sharing-report.test.js test/product-manifest.test.js test/cache-savings-totals.test.js test/error-pattern-signature.test.js test/exit-codes.test.js test/probe-env-health.test.js test/e2e-chain-calls.test.js test/auth-config.test.js test/whoami.test.js test/login.test.js test/logout.test.js test/auth-resolve.test.js test/storage-signer.test.js test/spinner.test.js test/sss-allowance.test.js && npm run test:vendor",
+    test: "npm run build && node --test test/test.js test/cli-help.test.js test/helpers/e2e-helpers.test.js test/environments.test.js test/refresh-environments.test.js test/chunk-sharing-report.test.js test/product-manifest.test.js test/cache-savings-totals.test.js test/error-pattern-signature.test.js test/exit-codes.test.js test/probe-env-health.test.js test/e2e-chain-calls.test.js test/auth-config.test.js test/whoami.test.js test/login.test.js test/logout.test.js test/auth-resolve.test.js test/storage-signer.test.js test/spinner.test.js test/sss-allowance.test.js test/sss-allowance-cache.test.js && npm run test:vendor",
     "test:e2e": "npm run build && node --test test/e2e.test.js",
     "test:e2e:smoke": "bash scripts/e2e-pass.sh smoke",
     "test:e2e:pr": "bash scripts/e2e-pass.sh pr",

package/dist/{chunk-G56VYTUD.js → chunk-GRPLHUYC.js}

@@ -1,5 +1,12 @@
 // src/sss-allowance.ts
 import WebSocket from "ws";
+function statementSigningAccount(userSession) {
+  const accountId = userSession?.localAccount?.accountId;
+  if (accountId instanceof Uint8Array && accountId.length === 32) {
+    return accountId;
+  }
+  return null;
+}
 var SSS_PREFIX = new TextEncoder().encode(":statement_allowance:");
 function sssStorageKey(pubkey) {
   if (pubkey.length !== 32) {
@@ -70,6 +77,7 @@ function checkSSSAllowance(pubkey, peopleEndpoints, timeoutMs = 5e3) {
 }
 
 export {
+  statementSigningAccount,
   sssStorageKey,
   checkSSSAllowance
 };

package/dist/{chunk-QFHJ6UZR.js → chunk-HGEYWE2P.js}

@@ -1,6 +1,6 @@
 import {
   VERSION
-} from "./chunk-7NKTNSFV.js";
+} from "./chunk-ZL7KBV52.js";
 import {
   loadEnvironments
 } from "./chunk-GL3U7K2B.js";

package/dist/{chunk-4ALSZUMX.js → chunk-LIAEGW76.js}

@@ -1,6 +1,6 @@
 import {
   VERSION
-} from "./chunk-7NKTNSFV.js";
+} from "./chunk-ZL7KBV52.js";
 
 // src/version-check.ts
 import { execSync, execFileSync } from "child_process";

package/dist/{chunk-KOPUAI2J.js → chunk-NEWDQKA3.js}

@@ -2,11 +2,11 @@ import {
   classifyErrorArea,
   isInteractive,
   promptYesNo
-} from "./chunk-4ALSZUMX.js";
+} from "./chunk-LIAEGW76.js";
 import {
   VERSION,
   getCurrentSentryTraceId
-} from "./chunk-7NKTNSFV.js";
+} from "./chunk-ZL7KBV52.js";
 
 // src/bug-report.ts
 import { execSync, execFileSync } from "child_process";

package/dist/{chunk-RXCSEXK5.js → chunk-NRDXKYWQ.js}

@@ -1,6 +1,9 @@
 import {
-  checkSSSAllowance
-} from "./chunk-G56VYTUD.js";
+  preflightSssAllowance
+} from "./chunk-6GGRUTTC.js";
+import {
+  statementSigningAccount
+} from "./chunk-GRPLHUYC.js";
 import {
   MirrorSkipped,
   mirrorToGitHubPages,
@@ -31,13 +34,13 @@ import {
   STALE_SESSION_MESSAGE,
   getPeopleChainEndpoints,
   hasPersistedSession
-} from "./chunk-QFHJ6UZR.js";
+} from "./chunk-HGEYWE2P.js";
 import {
   setDeployContext
-} from "./chunk-KOPUAI2J.js";
+} from "./chunk-NEWDQKA3.js";
 import {
   probeChunks
-} from "./chunk-BFFM47OS.js";
+} from "./chunk-SHQZFLPN.js";
 import {
   packSection
 } from "./chunk-C2TS5MER.js";
@@ -50,7 +53,7 @@ import {
   parseDomainName,
   popStatusName,
   verifyNonceAdvanced
-} from "./chunk-BEJBYAB5.js";
+} from "./chunk-T4WUEPAS.js";
 import {
   derivePoolAccounts,
   detectTestnet,
@@ -72,7 +75,7 @@ import {
   truncateAddress,
   withDeploySpan,
   withSpan
-} from "./chunk-7NKTNSFV.js";
+} from "./chunk-ZL7KBV52.js";
 import {
   DEFAULT_ENV_ID,
   getPopSelfServeConfig,
@@ -1979,14 +1982,17 @@ async function deploy(content, domainName = null, options = {}) {
       }
     }
   }
-  if (resolvedUserSession && options.signer) {
+  const statementAccount = resolvedUserSession && options.signer ? statementSigningAccount(resolvedUserSession.userSession) : null;
+  if (statementAccount) {
     try {
-      const productPubkey = options.signer.publicKey;
-      const peopleEndpoints = await getPeopleChainEndpoints(envId);
-      const allowed = await checkSSSAllowance(productPubkey, peopleEndpoints);
+      if (process.env.DOT_DEBUG) {
+        const { ss58Encode } = await import("@parity/product-sdk-address");
+        console.log(`   [sss] checking statement-store allowance for ${ss58Encode(statementAccount)}`);
+      }
+      const allowed = await preflightSssAllowance(statementAccount, () => getPeopleChainEndpoints(envId));
       if (allowed === false) {
         throw new NonRetryableError(
-          "Session signing allowance has expired (~2-3 days after login). Run `bulletin-deploy login` to renew."
+          "Session signing allowance has expired (~2-3 days after login). Run `bulletin-deploy logout`, then `bulletin-deploy login`, to renew (login alone won't refresh a stale session)."
         );
       }
     } catch (e) {

package/dist/{chunk-L5Z3TJD7.js → chunk-OCKCB72S.js}

@@ -1,18 +1,18 @@
 import {
   buildAliasProofMessage,
   getProofValidAtSec
-} from "./chunk-SLE4P6MO.js";
+} from "./chunk-EJI3MX4G.js";
+import {
+  bytesToHex,
+  encodeMembers,
+  hexToBytes
+} from "./chunk-ZYVGHDMU.js";
 import {
   PEOPLE_MEMBER_IDENTIFIER_HEX,
   PGAS_ASSET_ID,
   PGAS_ASSET_LOCATION,
   PROOF_BYTES
 } from "./chunk-SI2ZUOYD.js";
-import {
-  bytesToHex,
-  encodeMembers,
-  hexToBytes
-} from "./chunk-ZYVGHDMU.js";
 
 // src/personhood/bind-paid-alias.ts
 import { getSs58AddressInfo, Binary } from "polkadot-api";

package/dist/{chunk-BFFM47OS.js → chunk-SHQZFLPN.js}

@@ -1,6 +1,6 @@
 import {
   captureWarning
-} from "./chunk-7NKTNSFV.js";
+} from "./chunk-ZL7KBV52.js";
 
 // src/chunk-probe.ts
 import { Twox128, Blake2128Concat, decAnyMetadata, unifyMetadata } from "@polkadot-api/substrate-bindings";

package/dist/{chunk-BEJBYAB5.js → chunk-T4WUEPAS.js}

@@ -8,7 +8,7 @@ import {
   setDeploySentryTag,
   truncateAddress,
   withSpan
-} from "./chunk-7NKTNSFV.js";
+} from "./chunk-ZL7KBV52.js";
 import {
   validateContractAddresses
 } from "./chunk-GL3U7K2B.js";

package/dist/{chunk-7NKTNSFV.js → chunk-ZL7KBV52.js}

@@ -1,7 +1,7 @@
 import {
   package_default,
   writeRunState
-} from "./chunk-PIMDUGXF.js";
+} from "./chunk-ELX3YZQG.js";
 
 // src/memory-report.ts
 import * as fs2 from "fs";

package/dist/chunk-probe.js

@@ -5,9 +5,9 @@ import {
   _decodeStorageValue,
   _resetProbeSession,
   probeChunks
-} from "./chunk-BFFM47OS.js";
-import "./chunk-7NKTNSFV.js";
-import "./chunk-PIMDUGXF.js";
+} from "./chunk-SHQZFLPN.js";
+import "./chunk-ZL7KBV52.js";
+import "./chunk-ELX3YZQG.js";
 export {
   ChainProbeCrossValidationError,
   ChainProbeMetadataError,

package/dist/commands/login.js

@@ -8,10 +8,13 @@ import {
 } from "../chunk-J7CYVTAW.js";
 import {
   waitForBulletinAuthorization
-} from "../chunk-RXCSEXK5.js";
+} from "../chunk-NRDXKYWQ.js";
 import {
-  checkSSSAllowance
-} from "../chunk-G56VYTUD.js";
+  preflightSssAllowance
+} from "../chunk-6GGRUTTC.js";
+import {
+  statementSigningAccount
+} from "../chunk-GRPLHUYC.js";
 import "../chunk-HOTQDYHD.js";
 import "../chunk-IW3X2MJF.js";
 import "../chunk-KOSF5FDO.js";
@@ -22,15 +25,15 @@ import {
   getAuthClient,
   getPeopleChainEndpoints,
   resolveBulletinEndpoints
-} from "../chunk-QFHJ6UZR.js";
-import "../chunk-KOPUAI2J.js";
-import "../chunk-4ALSZUMX.js";
-import "../chunk-BFFM47OS.js";
+} from "../chunk-HGEYWE2P.js";
+import "../chunk-NEWDQKA3.js";
+import "../chunk-LIAEGW76.js";
+import "../chunk-SHQZFLPN.js";
 import "../chunk-C2TS5MER.js";
-import "../chunk-BEJBYAB5.js";
+import "../chunk-T4WUEPAS.js";
 import "../chunk-4PVJ2JBZ.js";
-import "../chunk-7NKTNSFV.js";
-import "../chunk-PIMDUGXF.js";
+import "../chunk-ZL7KBV52.js";
+import "../chunk-ELX3YZQG.js";
 import {
   loadEnvironments
 } from "../chunk-GL3U7K2B.js";
@@ -90,9 +93,8 @@ async function runLogin(envId, _opts = {}) {
     const sessionHandle = await client.getSessionSigner();
     if (sessionHandle) {
       try {
-        const productPubkey = sessionHandle.signer.publicKey;
-        const peopleEndpoints = await getPeopleChainEndpoints(envId);
-        const allowed = await checkSSSAllowance(productPubkey, peopleEndpoints);
+        const statementAccount = statementSigningAccount(sessionHandle.userSession);
+        const allowed = await preflightSssAllowance(statementAccount, () => getPeopleChainEndpoints(envId));
         if (allowed === false) {
           console.error(
             `

package/dist/commands/logout.js

@@ -3,11 +3,15 @@ import "../chunk-DHY2ZXVZ.js";
 import {
   renderLogoutStatus
 } from "../chunk-RIRDBSBG.js";
+import {
+  clearSssAllowanceCache
+} from "../chunk-6GGRUTTC.js";
+import "../chunk-GRPLHUYC.js";
 import {
   getAuthClient
-} from "../chunk-QFHJ6UZR.js";
-import "../chunk-7NKTNSFV.js";
-import "../chunk-PIMDUGXF.js";
+} from "../chunk-HGEYWE2P.js";
+import "../chunk-ZL7KBV52.js";
+import "../chunk-ELX3YZQG.js";
 import "../chunk-GL3U7K2B.js";
 import "../chunk-ZOC4GITL.js";
 
@@ -31,6 +35,7 @@ async function runLogout(envId) {
       await client.clearLocalAppStorage();
     } catch {
     }
+    await clearSssAllowanceCache();
   }
 }
 export {

package/dist/commands/whoami.js

@@ -2,9 +2,9 @@ import {
   STALE_SESSION_MESSAGE,
   getAuthClient,
   hasPersistedSession
-} from "../chunk-QFHJ6UZR.js";
-import "../chunk-7NKTNSFV.js";
-import "../chunk-PIMDUGXF.js";
+} from "../chunk-HGEYWE2P.js";
+import "../chunk-ZL7KBV52.js";
+import "../chunk-ELX3YZQG.js";
 import "../chunk-GL3U7K2B.js";
 import "../chunk-ZOC4GITL.js";
 

package/dist/deploy.js

@@ -45,22 +45,23 @@ import {
   storeDirectoryV2,
   storeFile,
   unpublish
-} from "./chunk-RXCSEXK5.js";
-import "./chunk-G56VYTUD.js";
+} from "./chunk-NRDXKYWQ.js";
+import "./chunk-6GGRUTTC.js";
+import "./chunk-GRPLHUYC.js";
 import "./chunk-HOTQDYHD.js";
 import "./chunk-IW3X2MJF.js";
 import "./chunk-KOSF5FDO.js";
 import "./chunk-J3NIXHZZ.js";
 import "./chunk-S7EM5VMW.js";
-import "./chunk-QFHJ6UZR.js";
-import "./chunk-KOPUAI2J.js";
-import "./chunk-4ALSZUMX.js";
-import "./chunk-BFFM47OS.js";
+import "./chunk-HGEYWE2P.js";
+import "./chunk-NEWDQKA3.js";
+import "./chunk-LIAEGW76.js";
+import "./chunk-SHQZFLPN.js";
 import "./chunk-C2TS5MER.js";
-import "./chunk-BEJBYAB5.js";
+import "./chunk-T4WUEPAS.js";
 import "./chunk-4PVJ2JBZ.js";
-import "./chunk-7NKTNSFV.js";
-import "./chunk-PIMDUGXF.js";
+import "./chunk-ZL7KBV52.js";
+import "./chunk-ELX3YZQG.js";
 import "./chunk-GL3U7K2B.js";
 import {
   EXIT_CODE_NO_RETRY,

package/dist/dotns.js

@@ -50,10 +50,10 @@ import {
   stripTrailingDigits,
   validateDomainLabel,
   verifyNonceAdvanced
-} from "./chunk-BEJBYAB5.js";
+} from "./chunk-T4WUEPAS.js";
 import "./chunk-4PVJ2JBZ.js";
-import "./chunk-7NKTNSFV.js";
-import "./chunk-PIMDUGXF.js";
+import "./chunk-ZL7KBV52.js";
+import "./chunk-ELX3YZQG.js";
 import "./chunk-GL3U7K2B.js";
 import "./chunk-ZOC4GITL.js";
 export {

package/dist/index.js

@@ -5,9 +5,14 @@ import {
   loadProductConfig,
   tryLoadProductConfig
 } from "./chunk-MMAZFJDG.js";
+import {
+  validateExecutableManifest,
+  validateProductConfig,
+  validateRootManifest
+} from "./chunk-LZJMVPYW.js";
 import {
   publishManifest
-} from "./chunk-GCB2CBWY.js";
+} from "./chunk-2XBLLNDK.js";
 import {
   DEFAULT_TEXT_RECORD_BUDGET_BYTES,
   PLACEHOLDER_CID,
@@ -15,17 +20,13 @@ import {
   getTextRecordBudgetBytes,
   pessimisticSizePreflight
 } from "./chunk-RI3ZLNPN.js";
-import {
-  validateExecutableManifest,
-  validateProductConfig,
-  validateRootManifest
-} from "./chunk-LZJMVPYW.js";
 import {
   deploy,
   merkleizeJS,
   merkleizeWithStableOrder
-} from "./chunk-RXCSEXK5.js";
-import "./chunk-G56VYTUD.js";
+} from "./chunk-NRDXKYWQ.js";
+import "./chunk-6GGRUTTC.js";
+import "./chunk-GRPLHUYC.js";
 import "./chunk-HOTQDYHD.js";
 import {
   computeStats,
@@ -48,19 +49,19 @@ import {
   isVolatilePath,
   parseManifest
 } from "./chunk-S7EM5VMW.js";
-import "./chunk-QFHJ6UZR.js";
-import "./chunk-KOPUAI2J.js";
-import "./chunk-4ALSZUMX.js";
+import "./chunk-HGEYWE2P.js";
+import "./chunk-NEWDQKA3.js";
+import "./chunk-LIAEGW76.js";
 import {
   probeChunks
-} from "./chunk-BFFM47OS.js";
+} from "./chunk-SHQZFLPN.js";
 import "./chunk-C2TS5MER.js";
 import {
   DEFAULT_MNEMONIC,
   DotNS,
   parseDomainName,
   sanitizeDomainLabel
-} from "./chunk-BEJBYAB5.js";
+} from "./chunk-T4WUEPAS.js";
 import {
   bootstrapPool,
   derivePoolAccounts,
@@ -68,7 +69,7 @@ import {
   fetchPoolAuthorizations,
   selectAccount
 } from "./chunk-4PVJ2JBZ.js";
-import "./chunk-7NKTNSFV.js";
+import "./chunk-ZL7KBV52.js";
 import {
   VERSION,
   loadRunState,
@@ -78,7 +79,7 @@ import {
   shouldSkipStaleWarning,
   stateFilePath,
   writeRunState
-} from "./chunk-PIMDUGXF.js";
+} from "./chunk-ELX3YZQG.js";
 import {
   DEFAULT_ENV_ID,
   deepMergeEnvironments,

package/dist/manifest/publish.js

@@ -1,23 +1,24 @@
 import {
   publishManifest
-} from "../chunk-GCB2CBWY.js";
+} from "../chunk-2XBLLNDK.js";
 import "../chunk-RI3ZLNPN.js";
-import "../chunk-RXCSEXK5.js";
-import "../chunk-G56VYTUD.js";
+import "../chunk-NRDXKYWQ.js";
+import "../chunk-6GGRUTTC.js";
+import "../chunk-GRPLHUYC.js";
 import "../chunk-HOTQDYHD.js";
 import "../chunk-IW3X2MJF.js";
 import "../chunk-KOSF5FDO.js";
 import "../chunk-J3NIXHZZ.js";
 import "../chunk-S7EM5VMW.js";
-import "../chunk-QFHJ6UZR.js";
-import "../chunk-KOPUAI2J.js";
-import "../chunk-4ALSZUMX.js";
-import "../chunk-BFFM47OS.js";
+import "../chunk-HGEYWE2P.js";
+import "../chunk-NEWDQKA3.js";
+import "../chunk-LIAEGW76.js";
+import "../chunk-SHQZFLPN.js";
 import "../chunk-C2TS5MER.js";
-import "../chunk-BEJBYAB5.js";
+import "../chunk-T4WUEPAS.js";
 import "../chunk-4PVJ2JBZ.js";
-import "../chunk-7NKTNSFV.js";
-import "../chunk-PIMDUGXF.js";
+import "../chunk-ZL7KBV52.js";
+import "../chunk-ELX3YZQG.js";
 import "../chunk-GL3U7K2B.js";
 import "../chunk-ZOC4GITL.js";
 export {

package/dist/memory-report.js

@@ -5,8 +5,8 @@ import {
   maybeWriteMemoryReport,
   safeHeap,
   sampleFromBytes
-} from "./chunk-7NKTNSFV.js";
-import "./chunk-PIMDUGXF.js";
+} from "./chunk-ZL7KBV52.js";
+import "./chunk-ELX3YZQG.js";
 export {
   DEFAULT_THRESHOLD_MB,
   buildMemoryReport,

package/dist/merkle.js

@@ -6,22 +6,23 @@ import {
   merkleizeKuboBackend,
   merkleizeWithStableOrder,
   rebuildOrderedCarFromBytes
-} from "./chunk-RXCSEXK5.js";
-import "./chunk-G56VYTUD.js";
+} from "./chunk-NRDXKYWQ.js";
+import "./chunk-6GGRUTTC.js";
+import "./chunk-GRPLHUYC.js";
 import "./chunk-HOTQDYHD.js";
 import "./chunk-IW3X2MJF.js";
 import "./chunk-KOSF5FDO.js";
 import "./chunk-J3NIXHZZ.js";
 import "./chunk-S7EM5VMW.js";
-import "./chunk-QFHJ6UZR.js";
-import "./chunk-KOPUAI2J.js";
-import "./chunk-4ALSZUMX.js";
-import "./chunk-BFFM47OS.js";
+import "./chunk-HGEYWE2P.js";
+import "./chunk-NEWDQKA3.js";
+import "./chunk-LIAEGW76.js";
+import "./chunk-SHQZFLPN.js";
 import "./chunk-C2TS5MER.js";
-import "./chunk-BEJBYAB5.js";
+import "./chunk-T4WUEPAS.js";
 import "./chunk-4PVJ2JBZ.js";
-import "./chunk-7NKTNSFV.js";
-import "./chunk-PIMDUGXF.js";
+import "./chunk-ZL7KBV52.js";
+import "./chunk-ELX3YZQG.js";
 import "./chunk-GL3U7K2B.js";
 import "./chunk-ZOC4GITL.js";
 export {

package/dist/personhood/bind-paid-alias.js

@@ -1,10 +1,10 @@
 import {
   PaidAliasBindingError,
   bindPaidAliasToAccount
-} from "../chunk-L5Z3TJD7.js";
-import "../chunk-SLE4P6MO.js";
-import "../chunk-SI2ZUOYD.js";
+} from "../chunk-OCKCB72S.js";
+import "../chunk-EJI3MX4G.js";
 import "../chunk-ZYVGHDMU.js";
+import "../chunk-SI2ZUOYD.js";
 export {
   PaidAliasBindingError,
   bindPaidAliasToAccount

package/dist/personhood/bind-personal-id.js

@@ -2,9 +2,9 @@ import {
   PersonalIdBindingError,
   bindPersonalIdToAccount,
   buildAsPersonExtensionValue
-} from "../chunk-LHLCPDGL.js";
-import "../chunk-SI2ZUOYD.js";
+} from "../chunk-7URNKK6J.js";
 import "../chunk-ZYVGHDMU.js";
+import "../chunk-SI2ZUOYD.js";
 export {
   PersonalIdBindingError,
   bindPersonalIdToAccount,

package/dist/personhood/bootstrap.js

@@ -5,31 +5,31 @@ import {
 import "../chunk-UPWEOGLQ.js";
 import {
   bindPaidAliasToAccount
-} from "../chunk-L5Z3TJD7.js";
-import "../chunk-SLE4P6MO.js";
+} from "../chunk-OCKCB72S.js";
+import "../chunk-EJI3MX4G.js";
 import {
   bindPersonalIdToAccount
-} from "../chunk-LHLCPDGL.js";
+} from "../chunk-7URNKK6J.js";
 import {
   runChainPrereqProbes
 } from "../chunk-XAB7WM3S.js";
 import {
   claimPgas
-} from "../chunk-7Y7RDOGT.js";
+} from "../chunk-EATOPQFR.js";
+import {
+  bytesToHex
+} from "../chunk-ZYVGHDMU.js";
 import {
   DOTNS_CONTEXT_BYTES,
   PEOPLE_MEMBER_IDENTIFIER_HEX,
   PGAS_ASSET_ID
 } from "../chunk-SI2ZUOYD.js";
-import {
-  bytesToHex
-} from "../chunk-ZYVGHDMU.js";
 import {
   WS_HEARTBEAT_TIMEOUT_MS
-} from "../chunk-BEJBYAB5.js";
+} from "../chunk-T4WUEPAS.js";
 import "../chunk-4PVJ2JBZ.js";
-import "../chunk-7NKTNSFV.js";
-import "../chunk-PIMDUGXF.js";
+import "../chunk-ZL7KBV52.js";
+import "../chunk-ELX3YZQG.js";
 import {
   loadEnvironments
 } from "../chunk-GL3U7K2B.js";

package/dist/personhood/claim-pgas.js

@@ -3,9 +3,9 @@ import {
   buildAsPgasClaimExtensionValue,
   buildImplicationExclude,
   claimPgas
-} from "../chunk-7Y7RDOGT.js";
-import "../chunk-SI2ZUOYD.js";
+} from "../chunk-EATOPQFR.js";
 import "../chunk-ZYVGHDMU.js";
+import "../chunk-SI2ZUOYD.js";
 export {
   PgasClaimError,
   buildAsPgasClaimExtensionValue,

package/dist/personhood/people-client.js

@@ -1,9 +1,9 @@
 import {
   WS_HEARTBEAT_TIMEOUT_MS
-} from "../chunk-BEJBYAB5.js";
+} from "../chunk-T4WUEPAS.js";
 import "../chunk-4PVJ2JBZ.js";
-import "../chunk-7NKTNSFV.js";
-import "../chunk-PIMDUGXF.js";
+import "../chunk-ZL7KBV52.js";
+import "../chunk-ELX3YZQG.js";
 import {
   loadEnvironments
 } from "../chunk-GL3U7K2B.js";

package/dist/personhood/proof-validity.js

@@ -2,9 +2,9 @@ import {
   buildAliasProofMessage,
   getProofValidAtSec,
   u64LeBytes
-} from "../chunk-SLE4P6MO.js";
-import "../chunk-SI2ZUOYD.js";
+} from "../chunk-EJI3MX4G.js";
 import "../chunk-ZYVGHDMU.js";
+import "../chunk-SI2ZUOYD.js";
 export {
   buildAliasProofMessage,
   getProofValidAtSec,

package/dist/personhood/reprove.js

@@ -1,16 +1,16 @@
 import {
   buildAliasProofMessage,
   getProofValidAtSec
-} from "../chunk-SLE4P6MO.js";
-import {
-  PEOPLE_MEMBER_IDENTIFIER_HEX,
-  PROOF_BYTES
-} from "../chunk-SI2ZUOYD.js";
+} from "../chunk-EJI3MX4G.js";
 import {
   bytesToHex,
   encodeMembers,
   hexToBytes
 } from "../chunk-ZYVGHDMU.js";
+import {
+  PEOPLE_MEMBER_IDENTIFIER_HEX,
+  PROOF_BYTES
+} from "../chunk-SI2ZUOYD.js";
 
 // src/personhood/reprove.ts
 import { getSs58AddressInfo, Binary } from "polkadot-api";

package/dist/run-state.js

@@ -7,7 +7,7 @@ import {
   shouldSkipStaleWarning,
   stateFilePath,
   writeRunState
-} from "./chunk-PIMDUGXF.js";
+} from "./chunk-ELX3YZQG.js";
 export {
   VERSION,
   loadRunState,

package/dist/sss-allowance-cache.d.ts

@@ -0,0 +1,70 @@
+/**
+ * Conservative same-period cache for the SSS allowance preflight.
+ *
+ * The SSS allowance is a 1-day-period resource on the People chain (period =
+ * floor(unix_secs / 86_400), UTC-midnight-aligned) plus a chain-side grace
+ * window (~2 days, `StmtStoreGraceWindow`). The on-chain value carries NO
+ * expiry — expiry is enforced by *pruning* the key at period rollover + grace.
+ *
+ * We cannot read an authoritative expiry (unlike Bulletin, which stores one),
+ * and we must not bake the grace constant into the CLI (it lives in someone
+ * else's runtime and already changed once, in people PR #1022). But one fact is
+ * stable and safe: an allowance confirmed present during the current period
+ * CANNOT be pruned before the period ends (grace only extends validity beyond
+ * that). So "valid until the end of the current period" (next UTC midnight) is
+ * a STRICT lower bound — it deliberately discards the volatile grace, so it can
+ * never over-estimate even if the grace constant changes again.
+ *
+ * Within that window we skip the (sub-second) People-chain read; after it we
+ * fall through to the authoritative `checkSSSAllowance`. The cache is keyed by
+ * the statement-signing account so a different session never reads a stale hit.
+ *
+ * Clock skew: for a fresh grant (claimed this period, valid through +2 days of
+ * grace) the period boundary has ~2 days of slack, so skew is immaterial. The
+ * one tight case is the oldest still-valid grant — claimed two periods ago, it
+ * expires exactly at our boundary — where a local clock running behind chain
+ * time gives a skew-sized over-estimate. That residual is covered by the
+ * sessionSigner `NoAllowanceError` fast-fail backstop, not by this cache.
+ *
+ * The marker lives next to the bulletin slot cache (`~/.polkadot-apps`).
+ */
+/**
+ * End of the current SSS 1-day allowance period, in unix seconds. Equals the
+ * next UTC-midnight boundary. An allowance present in the current period is
+ * valid at least until this instant (grace extends it further), so it is a
+ * safe lower bound for skipping the chain read.
+ */
+declare function sssPeriodEndSec(nowSec: number): number;
+/**
+ * True when a cached confirmation says THIS account's allowance is valid for
+ * the current period — letting the preflight skip the chain read. Conservative:
+ * only trusts the cache within the granting period. Any read/parse error or
+ * account mismatch → false (fall through to the authoritative check).
+ */
+declare function isSssAllowanceCacheValid(account: Uint8Array, nowSec?: number, storageDir?: string): Promise<boolean>;
+/**
+ * Record that THIS account's allowance was confirmed present on-chain; valid
+ * (conservatively) until the end of the current 1-day period. Best-effort — a
+ * write failure just means the next deploy re-reads the chain.
+ */
+declare function writeSssAllowanceCache(account: Uint8Array, nowSec?: number, storageDir?: string): Promise<void>;
+/**
+ * Drop the cached confirmation (e.g. when the chain reports the allowance is
+ * gone) so the next preflight re-reads the chain rather than trusting a hit.
+ */
+declare function clearSssAllowanceCache(storageDir?: string): Promise<void>;
+/**
+ * Cached SSS allowance preflight, shared by the deploy and login paths.
+ *
+ *   `true`  — allowance present (same-period cache hit, or chain-confirmed and
+ *             cache refreshed)
+ *   `false` — chain-confirmed absent/expired (cache cleared); caller should
+ *             surface the "run logout/login" guidance
+ *   `null`  — no statement account, or People chain unreachable → don't block
+ *
+ * On a cache hit it skips BOTH the chain read and the endpoint resolution, so
+ * `getPeopleEndpoints` is a thunk evaluated only on a miss.
+ */
+declare function preflightSssAllowance(account: Uint8Array | null, getPeopleEndpoints: () => Promise<string[]>): Promise<boolean | null>;
+
+export { clearSssAllowanceCache, isSssAllowanceCacheValid, preflightSssAllowance, sssPeriodEndSec, writeSssAllowanceCache };

package/dist/sss-allowance-cache.js

@@ -0,0 +1,20 @@
+import {
+  clearSssAllowanceCache,
+  isSssAllowanceCacheValid,
+  preflightSssAllowance,
+  sssPeriodEndSec,
+  writeSssAllowanceCache
+} from "./chunk-6GGRUTTC.js";
+import "./chunk-GRPLHUYC.js";
+import "./chunk-HGEYWE2P.js";
+import "./chunk-ZL7KBV52.js";
+import "./chunk-ELX3YZQG.js";
+import "./chunk-GL3U7K2B.js";
+import "./chunk-ZOC4GITL.js";
+export {
+  clearSssAllowanceCache,
+  isSssAllowanceCacheValid,
+  preflightSssAllowance,
+  sssPeriodEndSec,
+  writeSssAllowanceCache
+};

package/dist/sss-allowance.d.ts

@@ -7,8 +7,39 @@
  * We can check this via a single `state_getStorage` RPC call — no transaction,
  * no phone dialog. Non-null, non-"0x" result means the allowance is present.
  *
+ * The stored value is `(used_bytes: u32, max_bytes: u32)` (e.g. `(2, 512000)`)
+ * — there is no expiry block in the value. Expiry is enforced chain-side by
+ * *pruning* the key when the allowance lapses, so key-present ⇔ allowance valid
+ * (and not expired). Verified empirically against paseo-next-v2 People.
+ *
+ * IMPORTANT — which account: the allowance belongs to the **statement-signing
+ * account** (the session's `localAccount`), NOT the product account. The
+ * product account signs on-chain extrinsics (DotNS records); it never writes
+ * to the statement store and therefore never holds an SSS allowance (its key
+ * is always null). The mobile-signing transport rides the statement store: the
+ * terminal publishes Request statements signed by `localAccount`, so that is
+ * the account the chain grants the allowance to at login. Use
+ * `statementSigningAccount(userSession)` to pick it — checking the product
+ * account is a false-negative that blocks every valid session.
+ *
  * Reference: substrate/primitives/statement-store/src/lib.rs
  */
+/**
+ * The account whose SSS allowance gates statement publishing for a session:
+ * the session's local (statement-signing) account. This is the account that
+ * signs the Request statements relayed to the phone — the one the chain grants
+ * `StatementStoreAllowance` to at login. Returns its raw 32-byte public key, or
+ * `null` if the session shape lacks a usable local account.
+ *
+ * Typed structurally (just the field we read) rather than importing the
+ * concrete `UserSession` type from `@parity/product-sdk-terminal`, keeping the
+ * SDK out of the headless deploy/login hot paths.
+ */
+declare function statementSigningAccount(userSession: {
+    localAccount?: {
+        accountId?: Uint8Array;
+    };
+} | null | undefined): Uint8Array | null;
 /**
  * Build the hex-encoded storage key for an SSS allowance check.
  *
@@ -26,4 +57,4 @@ declare function sssStorageKey(pubkey: Uint8Array): string;
  */
 declare function checkSSSAllowance(pubkey: Uint8Array, peopleEndpoints: string[], timeoutMs?: number): Promise<boolean | null>;
 
-export { checkSSSAllowance, sssStorageKey };
+export { checkSSSAllowance, sssStorageKey, statementSigningAccount };

package/dist/sss-allowance.js

@@ -1,8 +1,10 @@
 import {
   checkSSSAllowance,
-  sssStorageKey
-} from "./chunk-G56VYTUD.js";
+  sssStorageKey,
+  statementSigningAccount
+} from "./chunk-GRPLHUYC.js";
 export {
   checkSSSAllowance,
-  sssStorageKey
+  sssStorageKey,
+  statementSigningAccount
 };

package/dist/storage-signer.js

@@ -7,22 +7,23 @@ import {
   readBulletinSlotSigner,
   waitForBulletinAuthorization,
   writeBulletinSlotKey
-} from "./chunk-RXCSEXK5.js";
-import "./chunk-G56VYTUD.js";
+} from "./chunk-NRDXKYWQ.js";
+import "./chunk-6GGRUTTC.js";
+import "./chunk-GRPLHUYC.js";
 import "./chunk-HOTQDYHD.js";
 import "./chunk-IW3X2MJF.js";
 import "./chunk-KOSF5FDO.js";
 import "./chunk-J3NIXHZZ.js";
 import "./chunk-S7EM5VMW.js";
-import "./chunk-QFHJ6UZR.js";
-import "./chunk-KOPUAI2J.js";
-import "./chunk-4ALSZUMX.js";
-import "./chunk-BFFM47OS.js";
+import "./chunk-HGEYWE2P.js";
+import "./chunk-NEWDQKA3.js";
+import "./chunk-LIAEGW76.js";
+import "./chunk-SHQZFLPN.js";
 import "./chunk-C2TS5MER.js";
-import "./chunk-BEJBYAB5.js";
+import "./chunk-T4WUEPAS.js";
 import "./chunk-4PVJ2JBZ.js";
-import "./chunk-7NKTNSFV.js";
-import "./chunk-PIMDUGXF.js";
+import "./chunk-ZL7KBV52.js";
+import "./chunk-ELX3YZQG.js";
 import "./chunk-GL3U7K2B.js";
 import "./chunk-ZOC4GITL.js";
 export {

package/dist/telemetry.js

@@ -33,8 +33,8 @@ import {
   truncateAddress,
   withDeploySpan,
   withSpan
-} from "./chunk-7NKTNSFV.js";
-import "./chunk-PIMDUGXF.js";
+} from "./chunk-ZL7KBV52.js";
+import "./chunk-ELX3YZQG.js";
 export {
   VERSION,
   __setDeployRootSpanForTest,

package/dist/version-check.js

@@ -11,9 +11,9 @@ import {
   isPreReleaseVersion,
   preReleaseWarning,
   promptYesNo
-} from "./chunk-4ALSZUMX.js";
-import "./chunk-7NKTNSFV.js";
-import "./chunk-PIMDUGXF.js";
+} from "./chunk-LIAEGW76.js";
+import "./chunk-ZL7KBV52.js";
+import "./chunk-ELX3YZQG.js";
 export {
   assessVersion,
   checkNodeVersion,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@parity/product-deploy",
-  "version": "0.9.0-rc.5",
+  "version": "0.9.0-rc.6",
   "private": false,
   "repository": {
     "type": "git",
@@ -44,11 +44,11 @@
     "tools/release-retry-wrapper.mjs"
   ],
   "scripts": {
-    "build": "tsup src/index.ts src/deploy.ts src/dotns.ts src/pool.ts src/telemetry.ts src/memory-report.ts src/merkle.ts src/gh-pages-mirror.ts src/version-check.ts src/bug-report.ts src/run-state.ts src/environments.ts src/errors.ts src/manifest.ts src/chunk-probe.ts src/manifest-embed.ts src/manifest-fetch.ts src/manifest-roundtrip.ts src/incremental-stats.ts src/chunker.ts src/personhood/encoding.ts src/personhood/hashing.ts src/personhood/constants.ts src/personhood/member-key.ts src/personhood/people-client.ts src/personhood/proof-validity.ts src/personhood/reprove.ts src/personhood/bind-personal-id.ts src/personhood/claim-pgas.ts src/personhood/bind-paid-alias.ts src/personhood/bootstrap.ts src/personhood/chain-prereqs.ts src/manifest/types.ts src/manifest/schema.ts src/manifest/byte-budget.ts src/manifest/config-load.ts src/manifest/publish.ts src/auth/index.ts src/auth/vendor/index.ts src/auth/vendor/ui/index.ts src/auth-config.ts src/commands/login.ts src/commands/logout.ts src/commands/whoami.ts src/storage-signer.ts src/spinner.ts src/sss-allowance.ts --format esm --dts --clean --target node22",
+    "build": "tsup src/index.ts src/deploy.ts src/dotns.ts src/pool.ts src/telemetry.ts src/memory-report.ts src/merkle.ts src/gh-pages-mirror.ts src/version-check.ts src/bug-report.ts src/run-state.ts src/environments.ts src/errors.ts src/manifest.ts src/chunk-probe.ts src/manifest-embed.ts src/manifest-fetch.ts src/manifest-roundtrip.ts src/incremental-stats.ts src/chunker.ts src/personhood/encoding.ts src/personhood/hashing.ts src/personhood/constants.ts src/personhood/member-key.ts src/personhood/people-client.ts src/personhood/proof-validity.ts src/personhood/reprove.ts src/personhood/bind-personal-id.ts src/personhood/claim-pgas.ts src/personhood/bind-paid-alias.ts src/personhood/bootstrap.ts src/personhood/chain-prereqs.ts src/manifest/types.ts src/manifest/schema.ts src/manifest/byte-budget.ts src/manifest/config-load.ts src/manifest/publish.ts src/auth/index.ts src/auth/vendor/index.ts src/auth/vendor/ui/index.ts src/auth-config.ts src/commands/login.ts src/commands/logout.ts src/commands/whoami.ts src/storage-signer.ts src/spinner.ts src/sss-allowance.ts src/sss-allowance-cache.ts --format esm --dts --clean --target node22",
     "refresh-environments": "node scripts/refresh-environments.mjs",
     "postinstall": "patch-package || true",
     "prepare": "npm run build",
-    "test": "npm run build && node --test test/test.js test/cli-help.test.js test/helpers/e2e-helpers.test.js test/environments.test.js test/refresh-environments.test.js test/chunk-sharing-report.test.js test/product-manifest.test.js test/cache-savings-totals.test.js test/error-pattern-signature.test.js test/exit-codes.test.js test/probe-env-health.test.js test/e2e-chain-calls.test.js test/auth-config.test.js test/whoami.test.js test/login.test.js test/logout.test.js test/auth-resolve.test.js test/storage-signer.test.js test/spinner.test.js test/sss-allowance.test.js && npm run test:vendor",
+    "test": "npm run build && node --test test/test.js test/cli-help.test.js test/helpers/e2e-helpers.test.js test/environments.test.js test/refresh-environments.test.js test/chunk-sharing-report.test.js test/product-manifest.test.js test/cache-savings-totals.test.js test/error-pattern-signature.test.js test/exit-codes.test.js test/probe-env-health.test.js test/e2e-chain-calls.test.js test/auth-config.test.js test/whoami.test.js test/login.test.js test/logout.test.js test/auth-resolve.test.js test/storage-signer.test.js test/spinner.test.js test/sss-allowance.test.js test/sss-allowance-cache.test.js && npm run test:vendor",
     "test:e2e": "npm run build && node --test test/e2e.test.js",
     "test:e2e:smoke": "bash scripts/e2e-pass.sh smoke",
     "test:e2e:pr": "bash scripts/e2e-pass.sh pr",

package/dist/{chunk-LHLCPDGL.js → chunk-7URNKK6J.js}

@@ -1,6 +1,3 @@
-import {
-  BANDERSNATCH_SIGNATURE_BYTES
-} from "./chunk-SI2ZUOYD.js";
 import {
   buildImplicationMessage,
   buildV5GeneralExtrinsic,
@@ -9,6 +6,9 @@ import {
   readExtensionOrder,
   toHex
 } from "./chunk-ZYVGHDMU.js";
+import {
+  BANDERSNATCH_SIGNATURE_BYTES
+} from "./chunk-SI2ZUOYD.js";
 
 // src/personhood/bind-personal-id.ts
 import { Enum } from "polkadot-api";

package/dist/{chunk-7Y7RDOGT.js → chunk-EATOPQFR.js}

@@ -1,8 +1,3 @@
-import {
-  PEOPLE_MEMBER_IDENTIFIER_HEX,
-  PGAS_ASSET_ID,
-  PROOF_BYTES
-} from "./chunk-SI2ZUOYD.js";
 import {
   buildImplicationMessage,
   buildV5GeneralExtrinsic,
@@ -12,6 +7,11 @@ import {
   readExtensionOrder,
   toHex
 } from "./chunk-ZYVGHDMU.js";
+import {
+  PEOPLE_MEMBER_IDENTIFIER_HEX,
+  PGAS_ASSET_ID,
+  PROOF_BYTES
+} from "./chunk-SI2ZUOYD.js";
 
 // src/personhood/claim-pgas.ts
 import * as verifiable from "verifiablejs/nodejs";

package/dist/{chunk-SLE4P6MO.js → chunk-EJI3MX4G.js}

@@ -1,10 +1,10 @@
-import {
-  ALIAS_PROOF_TAG
-} from "./chunk-SI2ZUOYD.js";
 import {
   blake2_256,
   concatBytes
 } from "./chunk-ZYVGHDMU.js";
+import {
+  ALIAS_PROOF_TAG
+} from "./chunk-SI2ZUOYD.js";
 
 // src/personhood/proof-validity.ts
 var u64LeBytes = (v) => {