@parity/product-deploy 0.9.0 → 0.10.0-rc.1

package/dist/{chunk-C7UJ6WZR.js → chunk-64RSUZN4.js}

@@ -1,7 +1,7 @@
 import {
   package_default,
   writeRunState
-} from "./chunk-A3O7TLCS.js";
+} from "./chunk-RX3ZUVVS.js";
 
 // src/memory-report.ts
 import * as fs2 from "fs";
@@ -46,7 +46,14 @@ function isInternalContext() {
 }
 var OPT_OUT = process.env.BULLETIN_DEPLOY_TELEMETRY === "0" || process.env.BULLETIN_DEPLOY_TELEMETRY === "off";
 var OPT_IN = process.env.BULLETIN_DEPLOY_TELEMETRY === "1";
-var DISABLED = OPT_OUT || !OPT_IN && !isInternalContext();
+var DO_NOT_TRACK = !!process.env.DO_NOT_TRACK && process.env.DO_NOT_TRACK !== "0" && process.env.DO_NOT_TRACK !== "";
+function isTelemetryDisabled(s) {
+  if (s.optOut) return true;
+  if (s.optIn) return false;
+  if (s.doNotTrack) return true;
+  return !s.internalContext;
+}
+var DISABLED = isTelemetryDisabled({ optIn: OPT_IN, optOut: OPT_OUT, doNotTrack: DO_NOT_TRACK, internalContext: isInternalContext() });
 var CONVENTIONAL_BRANCH_PREFIXES = /* @__PURE__ */ new Set([
   "fix",
   "feat",
@@ -719,6 +726,7 @@ export {
   VERSION,
   isInternalContextFromSignals,
   isInternalContext,
+  isTelemetryDisabled,
   scrubPaths,
   truncateAddress,
   sanitizeBranch,

package/dist/{chunk-D7KZZDU7.js → chunk-HA7BNUK3.js}

@@ -1,6 +1,6 @@
 import {
   captureWarning
-} from "./chunk-C7UJ6WZR.js";
+} from "./chunk-64RSUZN4.js";
 
 // src/chunk-probe.ts
 import { Twox128, Blake2128Concat, decAnyMetadata, unifyMetadata } from "@polkadot-api/substrate-bindings";

package/dist/{chunk-5UE2IWNB.js → chunk-HEUKYXEZ.js}

@@ -3,7 +3,7 @@ import {
 } from "./chunk-GRPLHUYC.js";
 import {
   DOT_DAPP_ID
-} from "./chunk-56QBW25C.js";
+} from "./chunk-2GDPXSW3.js";
 
 // src/sss-allowance-cache.ts
 import { mkdir, readFile, writeFile, unlink } from "fs/promises";

package/dist/{chunk-UC2AYO2P.js → chunk-HOO5NKN3.js}

@@ -1,6 +1,6 @@
 import {
   VERSION
-} from "./chunk-C7UJ6WZR.js";
+} from "./chunk-64RSUZN4.js";
 
 // src/version-check.ts
 import { execSync, execFileSync } from "child_process";

package/dist/{chunk-GL3U7K2B.js → chunk-QRKI6MMK.js}

@@ -137,6 +137,35 @@ var environments_default = {
         PUBLISHER: "0xa616254fd98724c7a3d295c98ca393a486096b68"
       }
     },
+    {
+      id: "summit",
+      name: "Summit",
+      network: "testnet",
+      description: "Web3 Summit Network",
+      e2eEligible: false,
+      ipfs: "https://summit-ipfs.polkadot.io",
+      autoAccountMapping: true,
+      nativeToEthRatio: 1e8,
+      registerStorageDeposit: 2e12,
+      contracts: {
+        DOTNS_PROTOCOL_REGISTRY: "0x09f1AE947950eA2d1f010fE2abC00fDd5A745820",
+        DOTNS_REGISTRAR: "0xf3969bCBE60463302306663C62A6A8ef91ab9aA5",
+        DOTNS_REGISTRAR_CONTROLLER: "0xA68a5b2A6be6d014be0dB07c0ed4bacc4A6A570A",
+        DOTNS_REGISTRY: "0xFb7AB7E142ED0248D77198CA8722D67C1930D783",
+        DOTNS_POP_CONTROLLER: "0xC7DD78B145ed109092A2d1E79324E5FE219B9518",
+        ROOT_GATEWAY_DISPATCHER: "0x22362162032ED2442b43f5902b3421be5aCF1b60",
+        DOTNS_RESOLVER: "0xC7f1C3B16BFd0c5910EE37a4a2033f4506AcE94d",
+        DOTNS_CONTENT_RESOLVER: "0xf110e5799c3f0adb8ED885C02c45Ecfe7fD86226",
+        DOTNS_REVERSE_RESOLVER: "0x5aa444C6cbA9bd703d1a0B5E5C643FB886F80bB4",
+        DOTNS_POP_RESOLVER: "0x03FD2ed7B1b848c59A2428224162dE00D11a8133",
+        DOTNS_NAME_ESCROW: "0xDbE911007f8cd9876D384b8c025d3BB157DCCcA4",
+        POP_RULES: "0x6331e51C9AfC73BfE12562fd160BA2c66A73f984",
+        STORE_FACTORY: "0x2947af3CBFb45b89610524a25921C32cB65C4C39",
+        LABEL_STORE_BEACON: "0x670Dab225ea4f2EeB0e6Df2e49AA595aB2CAa5cb",
+        USER_STORE_BEACON: "0x31e392736889c973A25509861C7D6E6F2EaD951C",
+        MULTICALL3: "0x1C1044BEa5bDe0F435436bB52A8340fBE1D59847"
+      }
+    },
     {
       id: "polkadot",
       name: "Polkadot",
@@ -175,6 +204,9 @@ var environments_default = {
           wss: "wss://paseo-rpc.n.dwellir.com",
           uptimeUrl: "https://stats.uptimerobot.com/UrEXbl6Xyt"
         },
+        summit: {
+          wss: "wss://summit-rpc.polkadot.io"
+        },
         polkadot: {
           wss: [
             "wss://polkadot-rpc.n.dwellir.com",
@@ -222,6 +254,9 @@ var environments_default = {
           wss: "wss://paseo-asset-hub-next-rpc.polkadot.io",
           parachainId: 1500
         },
+        summit: {
+          wss: "wss://summit-asset-hub-rpc.polkadot.io"
+        },
         polkadot: {
           wss: [
             "wss://asset-hub-polkadot-rpc.n.dwellir.com",
@@ -335,6 +370,9 @@ var environments_default = {
           wss: "wss://paseo-people-next-system-rpc.polkadot.io",
           parachainId: 1502
         },
+        summit: {
+          wss: "wss://summit-people-rpc.polkadot.io"
+        },
         polkadot: {
           wss: [
             "wss://people-polkadot-rpc.n.dwellir.com",
@@ -385,6 +423,9 @@ var environments_default = {
           wss: "wss://paseo-bulletin-next-rpc.polkadot.io",
           parachainId: 1501
         },
+        summit: {
+          wss: "wss://summit-bulletin-rpc.polkadot.io"
+        },
         custom: {
           wss: "wss://previewnet.substrate.dev/bulletin",
           parachainId: 2487

package/dist/{chunk-A3O7TLCS.js → chunk-RX3ZUVVS.js}

@@ -6,7 +6,7 @@ import * as path from "path";
 // package.json
 var package_default = {
   name: "@parity/product-deploy",
-  version: "0.9.0",
+  version: "0.10.0-rc.1",
   private: false,
   repository: {
     type: "git",
@@ -47,14 +47,15 @@ var package_default = {
     "docs",
     "assets",
     "patches",
+    "DEPLOYMENT.md",
     "tools/release-retry-wrapper.mjs"
   ],
   scripts: {
-    build: "tsup src/index.ts src/deploy.ts src/dotns.ts src/pool.ts src/telemetry.ts src/memory-report.ts src/merkle.ts src/gh-pages-mirror.ts src/version-check.ts src/bug-report.ts src/run-state.ts src/environments.ts src/errors.ts src/manifest.ts src/chunk-probe.ts src/manifest-embed.ts src/manifest-fetch.ts src/manifest-roundtrip.ts src/incremental-stats.ts src/chunker.ts src/personhood/encoding.ts src/personhood/hashing.ts src/personhood/constants.ts src/personhood/member-key.ts src/personhood/people-client.ts src/personhood/proof-validity.ts src/personhood/reprove.ts src/personhood/bind-personal-id.ts src/personhood/claim-pgas.ts src/personhood/bind-paid-alias.ts src/personhood/bootstrap.ts src/personhood/chain-prereqs.ts src/manifest/types.ts src/manifest/schema.ts src/manifest/byte-budget.ts src/manifest/config-load.ts src/manifest/publish.ts src/auth/index.ts src/auth/vendor/index.ts src/auth/vendor/ui/index.ts src/auth-config.ts src/commands/login.ts src/commands/logout.ts src/commands/whoami.ts src/storage-signer.ts src/spinner.ts src/sss-allowance.ts src/sss-allowance-cache.ts --format esm --dts --clean --target node22",
+    build: "tsup src/index.ts src/deploy.ts src/dotns.ts src/pool.ts src/telemetry.ts src/memory-report.ts src/merkle.ts src/gh-pages-mirror.ts src/version-check.ts src/bug-report.ts src/run-state.ts src/environments.ts src/errors.ts src/manifest.ts src/chunk-probe.ts src/manifest-embed.ts src/manifest-fetch.ts src/manifest-roundtrip.ts src/incremental-stats.ts src/chunker.ts src/personhood/encoding.ts src/personhood/hashing.ts src/personhood/constants.ts src/personhood/member-key.ts src/personhood/people-client.ts src/personhood/proof-validity.ts src/personhood/reprove.ts src/personhood/bind-personal-id.ts src/personhood/claim-pgas.ts src/personhood/bind-paid-alias.ts src/personhood/bootstrap.ts src/personhood/chain-prereqs.ts src/manifest/types.ts src/manifest/schema.ts src/manifest/byte-budget.ts src/manifest/config-load.ts src/manifest/publish.ts src/auth/index.ts src/auth/vendor/index.ts src/auth/vendor/ui/index.ts src/auth-config.ts src/commands/login.ts src/commands/logout.ts src/commands/whoami.ts src/commands/transfer.ts src/storage-signer.ts src/spinner.ts src/sss-allowance.ts src/sss-allowance-cache.ts src/deploy-actors.ts --format esm --dts --clean --target node22",
     "refresh-environments": "node scripts/refresh-environments.mjs",
     postinstall: "patch-package || true",
     prepare: "npm run build",
-    test: "npm run build && node --test test/test.js test/cli-help.test.js test/helpers/e2e-helpers.test.js test/environments.test.js test/refresh-environments.test.js test/chunk-sharing-report.test.js test/product-manifest.test.js test/cache-savings-totals.test.js test/error-pattern-signature.test.js test/exit-codes.test.js test/probe-env-health.test.js test/e2e-chain-calls.test.js test/auth-config.test.js test/whoami.test.js test/login.test.js test/logout.test.js test/auth-resolve.test.js test/storage-signer.test.js test/spinner.test.js test/sss-allowance.test.js test/sss-allowance-cache.test.js && npm run test:vendor",
+    test: "npm run build && node --test test/test.js test/cli-help.test.js test/helpers/e2e-helpers.test.js test/environments.test.js test/refresh-environments.test.js test/chunk-sharing-report.test.js test/product-manifest.test.js test/cache-savings-totals.test.js test/error-pattern-signature.test.js test/exit-codes.test.js test/probe-env-health.test.js test/e2e-chain-calls.test.js test/auth-config.test.js test/whoami.test.js test/login.test.js test/logout.test.js test/auth-resolve.test.js test/storage-signer.test.js test/spinner.test.js test/sss-allowance.test.js test/sss-allowance-cache.test.js test/dotns-transfer.test.js test/deploy-actors.test.js test/transfer-command.test.js test/dotns-register-fee.test.js test/deploy-label-ordering.test.js test/benign-teardown.test.js && npm run test:vendor",
     "test:e2e": "npm run build && node --test test/e2e.test.js",
     "test:e2e:smoke": "bash scripts/e2e-pass.sh smoke",
     "test:e2e:pr": "bash scripts/e2e-pass.sh pr",

package/dist/{chunk-FNCBSJ6R.js → chunk-S42FFXAR.js}

@@ -2,11 +2,11 @@ import {
   classifyErrorArea,
   isInteractive,
   promptYesNo
-} from "./chunk-UC2AYO2P.js";
+} from "./chunk-HOO5NKN3.js";
 import {
   VERSION,
   getCurrentSentryTraceId
-} from "./chunk-C7UJ6WZR.js";
+} from "./chunk-64RSUZN4.js";
 
 // src/bug-report.ts
 import { execSync, execFileSync } from "child_process";

package/dist/{chunk-AQHBKIFF.js → chunk-VHAKRWRH.js}

@@ -6,15 +6,15 @@ import {
   resolveDotnsConnectOptions,
   storeDirectory,
   storeFile
-} from "./chunk-WAKSNE7F.js";
+} from "./chunk-ZF2SEY7S.js";
 import {
   DotNS
-} from "./chunk-GCKWJS2T.js";
+} from "./chunk-4ADUQDYJ.js";
 import {
   getPopSelfServeConfig,
   loadEnvironments,
   resolveEndpoints
-} from "./chunk-GL3U7K2B.js";
+} from "./chunk-QRKI6MMK.js";
 import {
   NonRetryableError
 } from "./chunk-ZOC4GITL.js";

package/dist/{chunk-WAKSNE7F.js → chunk-ZF2SEY7S.js}

@@ -1,6 +1,6 @@
 import {
   preflightSssAllowance
-} from "./chunk-5UE2IWNB.js";
+} from "./chunk-HEUKYXEZ.js";
 import {
   statementSigningAccount
 } from "./chunk-GRPLHUYC.js";
@@ -34,13 +34,13 @@ import {
   STALE_SESSION_MESSAGE,
   getPeopleChainEndpoints,
   hasPersistedSession
-} from "./chunk-56QBW25C.js";
+} from "./chunk-2GDPXSW3.js";
 import {
   setDeployContext
-} from "./chunk-FNCBSJ6R.js";
+} from "./chunk-S42FFXAR.js";
 import {
   probeChunks
-} from "./chunk-D7KZZDU7.js";
+} from "./chunk-HA7BNUK3.js";
 import {
   packSection
 } from "./chunk-C2TS5MER.js";
@@ -53,7 +53,7 @@ import {
   parseDomainName,
   popStatusName,
   verifyNonceAdvanced
-} from "./chunk-GCKWJS2T.js";
+} from "./chunk-4ADUQDYJ.js";
 import {
   derivePoolAccounts,
   detectTestnet,
@@ -75,13 +75,13 @@ import {
   truncateAddress,
   withDeploySpan,
   withSpan
-} from "./chunk-C7UJ6WZR.js";
+} from "./chunk-64RSUZN4.js";
 import {
   DEFAULT_ENV_ID,
   getPopSelfServeConfig,
   loadEnvironments,
   resolveEndpoints
-} from "./chunk-GL3U7K2B.js";
+} from "./chunk-QRKI6MMK.js";
 import {
   NonRetryableError
 } from "./chunk-ZOC4GITL.js";
@@ -412,6 +412,11 @@ function isConnectionError(error) {
   const msg = error?.message || String(error);
   return /heartbeat timeout|WS halt|Unable to connect|ChainHead disjointed/i.test(msg);
 }
+function isBenignTeardownError(error) {
+  if (isConnectionError(error)) return true;
+  const s = error instanceof Error ? `${error.name ?? ""} ${error.message ?? ""}` : String(error);
+  return /DestroyedError|Client destroyed/.test(s);
+}
 var CID_CONFIG = { version: 1, codec: 85, hashCode: 18, hashLength: 32 };
 function deriveRootSigner(mnemonic, path3 = "") {
   const entropy = mnemonicToEntropy(mnemonic);
@@ -585,6 +590,9 @@ function chooseSignerInput(opts) {
   if (opts.hasSession) return "resolve";
   return "pool";
 }
+function isPhoneSignerActive(options) {
+  return !!(options.signer && options.signerAddress && !options.transferTo);
+}
 function formatStorageSignerLine(slotAddress, failReason) {
   if (slotAddress) return `   Storage signer: allowance slot ${slotAddress}`;
   return `   Storage signer: pool fallback (${failReason ?? "no session"})`;
@@ -1948,6 +1956,7 @@ async function deploy(content, domainName = null, options = {}) {
   BULLETIN_ENDPOINTS = userRpc ? [userRpc, ...envBulletin.filter((e) => e !== userRpc)] : envBulletin;
   _deployRpcFailedOver = false;
   POOL_SIZE = options.poolSize ?? parseInt(process.env.BULLETIN_POOL_SIZE ?? String(DEFAULT_POOL_SIZE), 10);
+  const parsed = domainName ? parseDomainName(domainName) : null;
   let sessionCleanup;
   const hasSession = hasPersistedSession();
   const signerChoice = chooseSignerInput({
@@ -1958,25 +1967,36 @@ async function deploy(content, domainName = null, options = {}) {
   });
   let resolvedUserSession = void 0;
   if (signerChoice === "resolve") {
-    const { resolveSigner: resolveSignerFn } = await import("./auth/index.js");
+    const { resolveDeployActors } = await import("./deploy-actors.js");
     const { getAuthClient } = await import("./auth-config.js");
     const authClient = await getAuthClient(envId);
+    const isTestnetEnv = envNetwork === "testnet";
+    const transferEnabled = options.transferToSignedInUser !== false;
     try {
-      const resolved = await resolveSignerFn(authClient, { suri: options.suri });
-      options = { ...options, signer: resolved.signer, signerAddress: resolved.address };
-      sessionCleanup = resolved.destroy.bind(resolved);
-      console.log(`   Using ${resolved.source} signer: ${resolved.address}`);
-      if (resolved.source === "session") resolvedUserSession = resolved;
+      const actors = await resolveDeployActors(authClient, {
+        suri: options.suri,
+        transferEnabled,
+        isTestnet: isTestnetEnv,
+        sessionPresent: hasSession
+      });
+      options = {
+        ...options,
+        signer: actors.worker.signer,
+        signerAddress: actors.worker.address,
+        ...actors.recipientH160 ? { transferTo: actors.recipientH160 } : {}
+      };
+      sessionCleanup = actors.worker.destroy.bind(actors.worker);
+      if (actors.worker.source === "session") resolvedUserSession = actors.worker;
+      if (actors.recipientH160) {
+        console.log(`   Worker: ${actors.worker.source} signer ${actors.worker.address} \u2192 will transfer ${domainName ?? "the name"} to ${actors.recipientH160}`);
+      } else {
+        console.log(`   Using ${actors.worker.source} signer: ${actors.worker.address}`);
+      }
     } catch (e) {
       if (options.suri) throw e;
       if (e?.name === "SignerNotAvailableError") {
-        if (hasSession) {
-          console.error(STALE_SESSION_MESSAGE);
-        } else {
-          console.log(
-            "   Login session unavailable or expired \u2014 falling back to pool. Run `bulletin-deploy login` to use your identity."
-          );
-        }
+        if (hasSession) console.error(STALE_SESSION_MESSAGE);
+        else console.log("   Login session unavailable or expired \u2014 falling back to pool. Run `bulletin-deploy login` to use your identity.");
       } else {
         throw e;
       }
@@ -2026,8 +2046,8 @@ async function deploy(content, domainName = null, options = {}) {
   }
   initTelemetry();
   const randomSuffix = Math.floor(Math.random() * 100).toString().padStart(2, "0");
-  const parsed = domainName ? parseDomainName(domainName) : null;
   const name = parsed ? parsed.label : `test-domain-${Date.now().toString(36)}${randomSuffix}`;
+  const phoneSignerActive = isPhoneSignerActive(options);
   try {
     return await withDeploySpan(name, async () => {
       const deployTag = options.tag ?? process.env.DEPLOY_TAG;
@@ -2040,6 +2060,7 @@ async function deploy(content, domainName = null, options = {}) {
       setDeployAttribute("deploy.subdomain", String(parsed?.isSubdomain ?? false));
       if (envNetwork) setDeployAttribute("deploy.network", envNetwork);
       if (envSource) setDeployAttribute("deploy.environments_source", envSource);
+      setDeployAttribute("deploy.transfer.enabled", options.transferTo ? "true" : "false");
       let cid;
       let ipfsCid;
       let mirrorPromise = Promise.resolve(null);
@@ -2085,7 +2106,7 @@ async function deploy(content, domainName = null, options = {}) {
         } else {
           preflightPublishNeeded = false;
           try {
-            dotnsPreflight = await preflight.preflight(name);
+            dotnsPreflight = await preflight.preflight(name, { transferRecipientH160: options.transferTo });
             previousContenthashCid = await readPreviousContenthashSafe(preflight, name);
             setDeployAttribute("deploy.incremental", previousContenthashCid ? "true" : "false");
             if (options.publish && parsed && !parsed.isSubdomain) {
@@ -2118,13 +2139,13 @@ async function deploy(content, domainName = null, options = {}) {
             setDeployAttribute("deploy.dotns.preflight.action", dotnsPreflight.plannedAction);
             setDeployAttribute("deploy.dotns.preflight.classification", popStatusName(dotnsPreflight.classification.status));
           }
-          const alreadyOwned = dotnsPreflight.plannedAction === "already-owned-by-us";
+          const alreadyOwned = dotnsPreflight.plannedAction === "already-owned-by-us" || dotnsPreflight.plannedAction === "already-owned-by-recipient";
           const reqSuffix = alreadyOwned ? " (already owned, requirement not enforced)" : "";
           console.log(`   DotNS: ${name}.dot requires ${popStatusName(dotnsPreflight.classification.status)}${reqSuffix}`);
           if (dotnsPreflight.canProceed) {
             const fromName = popStatusName(dotnsPreflight.userStatus);
             console.log(`   Your PoP: ${fromName}`);
-            console.log(`   Domain: ${dotnsPreflight.plannedAction === "already-owned-by-us" ? "owned by you" : "available"}`);
+            console.log(`   Domain: ${alreadyOwned ? "owned by you" : "available"}`);
           }
           if (!dotnsPreflight.canProceed) {
             throw new NonRetryableError(
@@ -2132,17 +2153,17 @@ async function deploy(content, domainName = null, options = {}) {
             );
           }
         }
-        if (options.signer && options.signerAddress) {
+        if (phoneSignerActive) {
           const steps = computePhoneSigningSteps(dotnsPreflight, preflightPublishNeeded);
           if (steps.length === 1) {
             console.log(`
-\u{1F4F1} Have your phone ready \u2014 1 signature needed (${steps[0].toLowerCase()})`);
+Have your phone ready \u2014 1 signature needed (${steps[0].toLowerCase()})`);
           } else if (steps.length > 1) {
             const display = steps.flatMap(
               (s, i) => s === "Register" && steps[i - 1] === "Commitment" ? ["(wait)", s] : [s]
             );
             console.log(`
-\u{1F4F1} Have your phone ready \u2014 ${steps.length} signatures needed`);
+Have your phone ready \u2014 ${steps.length} signatures needed`);
             console.log(`   ${display.map((s) => s.toLowerCase()).join(" \xB7 ")}`);
           }
         }
@@ -2329,10 +2350,48 @@ async function deploy(content, domainName = null, options = {}) {
         console.log("DotNS");
         console.log("=".repeat(60));
         await withSpan("deploy.dotns", "2. dotns", { "deploy.domain": name, "deploy.subdomain": String(parsed?.isSubdomain ?? false) }, async () => {
+          if (dotnsPreflight?.plannedAction === "already-owned-by-recipient") {
+            console.log(`   You already own ${name}.dot \u2014 updating its content needs your signature.`);
+            const { getAuthClient } = await import("./auth-config.js");
+            const { resolveSigner } = await import("./auth/index.js");
+            const authClient = await getAuthClient(envId);
+            const owner = await resolveSigner(authClient, {});
+            const ownerDotns = new DotNS();
+            const prevSessionCleanup = sessionCleanup;
+            sessionCleanup = () => {
+              try {
+                prevSessionCleanup?.();
+              } catch {
+              }
+              try {
+                ownerDotns.disconnect();
+              } catch {
+              }
+              try {
+                owner.destroy();
+              } catch {
+              }
+            };
+            await ownerDotns.connect({
+              ...resolveDotnsConnectOptions({ ...options, signer: owner.signer, signerAddress: owner.address }, envAssetHub, envAutoAccountMapping, envContracts, envNativeToEthRatio, envId, envPopSelfServe, envRegisterStorageDeposit),
+              onPhoneSigningRequired: (label) => console.log(`
+   Check your phone \u2192 ${label}`)
+            });
+            const willPublish = !!(options.publish && parsed && preflightPublishNeeded !== false);
+            console.log(willPublish ? `
+Have your phone ready \u2014 2 signatures needed (link content \xB7 publish)` : `
+Have your phone ready \u2014 1 signature needed (link content)`);
+            const contenthashHex2 = `0x${encodeContenthash(cid)}`;
+            await ownerDotns.setContenthash(name, contenthashHex2, { feeAsset: "pgas" });
+            if (willPublish) await publish(ownerDotns, parsed, options.failOnPublishError);
+            return;
+          }
           const dotns = new DotNS();
           await dotns.connect({
             ...resolveDotnsConnectOptions(options, envAssetHub, envAutoAccountMapping, envContracts, envNativeToEthRatio, envId, envPopSelfServe, envRegisterStorageDeposit),
-            ...options.signer && options.signerAddress ? { onPhoneSigningRequired: (label) => console.log(`
+            // Per-step "check your phone" reminder — only for a phone-backed signer
+            // (see phoneSignerActive); a transfer-mode local worker signs locally.
+            ...phoneSignerActive ? { onPhoneSigningRequired: (label) => console.log(`
    Check your phone \u2192 ${label}`) } : {}
           });
           if (parsed?.isSubdomain) {
@@ -2363,6 +2422,31 @@ async function deploy(content, domainName = null, options = {}) {
               await publish(dotns, parsed, options.failOnPublishError);
             }
           }
+          if (options.transferTo) {
+            const transferTo = options.transferTo;
+            await withSpan("deploy.transfer", `3. transfer ${name}.dot`, { "deploy.transfer.to": transferTo }, async () => {
+              setDeployAttribute("deploy.transfer.worker", truncateAddress(options.signerAddress ?? ""));
+              setDeployAttribute("deploy.transfer.to", transferTo);
+              try {
+                const transferRes = await dotns.transferName(name, transferTo, (s) => console.log(`   ${s}`));
+                setDeployAttribute("deploy.transfer.status", transferRes.status);
+                if (transferRes.feeWei != null) setDeployAttribute("deploy.transfer.fee_wei", transferRes.feeWei.toString());
+                console.log(`   Handed ${name}.dot to ${transferTo} (${transferRes.status}${transferRes.txHash ? `, tx ${transferRes.txHash}` : ""}).`);
+              } catch (e) {
+                setDeployAttribute("deploy.transfer.status", "failed");
+                const recover = `bulletin-deploy transfer ${name} --env ${envId}` + (options.suri ? ` --mnemonic "<your worker key>"` : "");
+                try {
+                  dotns.disconnect();
+                } catch {
+                }
+                throw new NonRetryableError(
+                  `Deploy succeeded but the handover to ${transferTo} failed: ${e.message}
+   The name is owned by the worker with content set. Recover with:
+   ${recover}`
+                );
+              }
+            });
+          }
           dotns.disconnect();
         });
         await withSpan("deploy.p2p-check", "3. p2p-check", { "deploy.domain": name }, async () => {
@@ -2413,7 +2497,7 @@ async function deploy(content, domainName = null, options = {}) {
         console.log("\n" + "=".repeat(60));
         console.log("DEPLOYMENT COMPLETE!");
         console.log("=".repeat(60));
-        console.log("\n\u{1F53A} Polkadot Triangle");
+        console.log("\nPolkadot Triangle");
         console.log(`   - Polkadot Desktop: ${name}.dot`);
         console.log(`   - Polkadot Browser: ${browserUrlFor(name, envId)}`);
         console.log("\n" + "=".repeat(60) + "\n");
@@ -2853,6 +2937,7 @@ export {
   WS_HEARTBEAT_TIMEOUT_MS,
   retryBudgetExhausted,
   isConnectionError,
+  isBenignTeardownError,
   deriveRootSigner,
   createCID,
   encodeContenthash,
@@ -2865,6 +2950,7 @@ export {
   encryptContent,
   __selectStorageProviderModeForTest,
   chooseSignerInput,
+  isPhoneSignerActive,
   formatStorageSignerLine,
   storeFile,
   __assignDenseNoncesForTest,

package/dist/chunk-probe.js

@@ -5,9 +5,9 @@ import {
   _decodeStorageValue,
   _resetProbeSession,
   probeChunks
-} from "./chunk-D7KZZDU7.js";
-import "./chunk-C7UJ6WZR.js";
-import "./chunk-A3O7TLCS.js";
+} from "./chunk-HA7BNUK3.js";
+import "./chunk-64RSUZN4.js";
+import "./chunk-RX3ZUVVS.js";
 export {
   ChainProbeCrossValidationError,
   ChainProbeMetadataError,

package/dist/commands/login.d.ts

@@ -1,3 +1,7 @@
+import { b as AllocationSummary } from '../allocations-CEPeZr6T.js';
+import 'polkadot-api';
+import '@parity/product-sdk-terminal';
+
 /**
  * login — QR/mobile sign-in command.
  *
@@ -5,12 +9,17 @@
  *  1. connect() → existing session (already logged in) OR QR code
  *  2. Print QR → user scans on phone
  *  3. waitForLogin() → phone approves → paired
- *  4. getBulletinSigner() — resolves the slot account from host-papp's allowance service.
- *     Uses DOT_PRODUCT_ID ("playground.dot") as callingProductId, which matches what the
- *     mobile wallet allocated during pairing. A 60s timeout prevents hanging on unresponsive phones.
- *  5. Print summarizeLogin() + slot address on success; map AllowanceError.reason → message on failure
- *  6. Destroy adapters and exit
+ *  4. requestResourceAllocation(DEFAULT_RESOURCES) — one batched claim for all three deploy
+ *     allowances (BulletInAllowance, StatementStoreAllowance, SmartContractAllowance). Triggers
+ *     a single wallet prompt; granted key material is cached by product-sdk-terminal so later
+ *     deploys find it without re-prompting. Non-fatal: Rejected/NotAvailable → log + continue.
+ *  5. createSlotAccountSigner(BULLETIN_RESOURCE) — reads the now-cached Bulletin slot from the
+ *     terminal cache written in step 4 (pure cache-hit, no phone prompt). Falls back to
+ *     getBulletinSigner() only on a rare cache miss.
+ *  6. Print summarizeLogin() + slot address on success; map AllowanceError.reason → message on failure
+ *  7. Destroy adapters and exit
  */
+
 /**
  * Map an AllowanceError.reason to a user-facing message.
  *
@@ -20,6 +29,33 @@
  * - UnexpectedResponse: protocol-level error in the wire exchange
  */
 declare function allocationErrorMessage(reason: string): string;
+/**
+ * Soft-warning message shown when the post-sign-in allowance pre-warm steps fail.
+ * The user IS already signed in; this is non-fatal.
+ * Pure function, unit-testable.
+ */
+declare function allocationFailedMessage(reason: string): string;
+/**
+ * Format the up-front batched allocation result as a human-readable log line.
+ * Pure function, unit-testable.
+ *
+ * Granted resources are logged with ✓; rejected/unavailable are logged as warnings.
+ * Non-fatal: callers should log the message but NEVER process.exit on a non-empty
+ * rejected or unavailable list — deploys can still fall back.
+ */
+declare function formatAllocationSummary(summary: AllocationSummary): string;
+/**
+ * Race `promise` against a timeout, clearing the timer once either side settles.
+ *
+ * CRITICAL: `Promise.race` does not cancel the loser, and `setTimeout` fires on
+ * wall-clock from creation. A bare `race([p, timeoutPromise])` leaves the timer
+ * armed after `p` wins — it then rejects an un-awaited promise later, surfacing as
+ * an `unhandledRejection`. In login that rejection ("…timed out…") is NOT a benign
+ * teardown string, so bin's `unhandledRejection` guard treats it as fatal → exit 1
+ * AFTER a successful login (the on-chain authorization wait can push total elapsed
+ * past the 60s window). `clearTimeout` in `finally` closes that window.
+ */
+declare function withTimeout<T>(promise: PromiseLike<T>, ms: number, message: string): Promise<T>;
 /**
  * Format a post-login summary. Pure function, unit-testable.
  *
@@ -50,4 +86,4 @@ interface LoginOptions {
  */
 declare function runLogin(envId: string, _opts?: LoginOptions): Promise<void>;
 
-export { type LoginOptions, allocationErrorMessage, bulletinAuthSummary, runLogin, summarizeLogin };
+export { type LoginOptions, allocationErrorMessage, allocationFailedMessage, bulletinAuthSummary, formatAllocationSummary, runLogin, summarizeLogin, withTimeout };