bulletin-deploy 0.10.1-dev.0 → 0.11.0-rc.1

package/dist/{chunk-XZXMZ2EN.js → chunk-VJNXVT3F.js}

@@ -1,6 +1,6 @@
 import {
   preflightSssAllowance
-} from "./chunk-Y3GVAWTH.js";
+} from "./chunk-XCK7YHBD.js";
 import {
   statementSigningAccount
 } from "./chunk-GRPLHUYC.js";
@@ -29,21 +29,27 @@ import {
   classifyFile,
   parseManifest
 } from "./chunk-S7EM5VMW.js";
-import {
-  DOT_PRODUCT_ID,
-  STALE_SESSION_MESSAGE,
-  getPeopleChainEndpoints,
-  hasPersistedSession
-} from "./chunk-TE5ILRKP.js";
 import {
   setDeployContext
-} from "./chunk-H73WL3JM.js";
+} from "./chunk-5SWXGBOO.js";
 import {
   probeChunks
-} from "./chunk-R74IZLP4.js";
+} from "./chunk-IMHVYM7Q.js";
 import {
   packSection
 } from "./chunk-C2TS5MER.js";
+import {
+  resolveStorageSigner
+} from "./chunk-UWAZDGBT.js";
+import {
+  createSlotAccountSigner,
+  requestResourceAllocation
+} from "./chunk-5FLTDWWP.js";
+import {
+  STALE_SESSION_MESSAGE,
+  getPeopleChainEndpoints,
+  hasPersistedSession
+} from "./chunk-4PLUBND7.js";
 import {
   CLI_NAME
 } from "./chunk-TSPERKUS.js";
@@ -56,7 +62,7 @@ import {
   parseDomainName,
   popStatusName,
   verifyNonceAdvanced
-} from "./chunk-Q5JW6NOW.js";
+} from "./chunk-TXJ6KQWM.js";
 import {
   derivePoolAccounts,
   detectTestnet,
@@ -78,7 +84,7 @@ import {
   truncateAddress,
   withDeploySpan,
   withSpan
-} from "./chunk-LDMBTCMO.js";
+} from "./chunk-7H6UYIDE.js";
 import {
   DEFAULT_ENV_ID,
   getPopSelfServeConfig,
@@ -601,8 +607,11 @@ function isPhoneSignerActive(options) {
 function shouldHandoverName(opts) {
   return !!opts.transferTo && opts.registeredFresh;
 }
-function formatStorageSignerLine(slotAddress, failReason) {
-  if (slotAddress) return `   Storage signer: allowance slot ${slotAddress}`;
+function formatStorageSignerLine(slotAddress, failReason, owned) {
+  if (slotAddress) {
+    const prefix = owned ? "your allowance slot" : "allowance slot";
+    return `   Storage signer: ${prefix} ${slotAddress}`;
+  }
   return `   Storage signer: pool fallback (${failReason ?? "no session"})`;
 }
 function selectStorageReconnect(options) {
@@ -936,7 +945,18 @@ async function storeChunkedContent(chunks, { client: existingClient, unsafeApi:
       }
       console.log(`   Cache check: ${confirmedCount} confirmed, ${tier2Fallback} missing${tier2Fallback > 0 ? " (will upload)" : ""}`);
     }
-    const assignedNonces = assignDenseNonces(stored, startNonce);
+    let assignedNonces = assignDenseNonces(stored, startNonce);
+    const doReconnectAndRebase = async () => {
+      const prevSS58 = ss58;
+      await doReconnect();
+      const currentNonce = await _fetchNonce(BULLETIN_ENDPOINTS, ss58);
+      const changed = ss58 !== prevSS58;
+      if (changed) {
+        assignedNonces = assignDenseNonces(stored, currentNonce);
+        startNonce = currentNonce;
+      }
+      return { changed, currentNonce };
+    };
     const uploadTotal = stored.filter((s) => s === null).length;
     let uploadEmitted = 0;
     const nonceAdvanceIndices = /* @__PURE__ */ new Set();
@@ -979,18 +999,19 @@ async function storeChunkedContent(chunks, { client: existingClient, unsafeApi:
       const failures = results.map((r, j) => r.status === "rejected" ? { index: batchIndices[j], chunkData: batchChunks[j], error: r.reason } : null).filter(Boolean);
       const needsReconnect = failures.some((f) => isConnectionError(f.error));
       if (needsReconnect && reconnect && reconnectionsUsed < MAX_RECONNECTIONS) {
-        await doReconnect();
-        const currentNonce = await _fetchNonce(BULLETIN_ENDPOINTS, ss58);
-        for (const idx of batchIndices) {
-          const chunkNonce = assignedNonces.get(idx);
-          if (chunkNonce !== void 0 && chunkNonce < currentNonce && stored[idx] === null) {
-            console.log(`   Chunk ${idx + 1}: nonce ${chunkNonce} consumed (current=${currentNonce}), treating as included`);
-            stored[idx] = { cid: createCID(chunks[idx], CID_CONFIG.codec, 18), len: chunks[idx].length, viaFallback: true };
-            nonceAdvanceIndices.add(idx);
-            assignedNonces.delete(idx);
+        const { changed, currentNonce } = await doReconnectAndRebase();
+        if (!changed) {
+          for (const idx of batchIndices) {
+            const chunkNonce = assignedNonces.get(idx);
+            if (chunkNonce !== void 0 && chunkNonce < currentNonce && stored[idx] === null) {
+              console.log(`   Chunk ${idx + 1}: nonce ${chunkNonce} consumed (current=${currentNonce}), treating as included`);
+              stored[idx] = { cid: createCID(chunks[idx], CID_CONFIG.codec, 18), len: chunks[idx].length, viaFallback: true };
+              nonceAdvanceIndices.add(idx);
+              assignedNonces.delete(idx);
+            }
           }
+          startNonce = Math.max(startNonce, currentNonce);
         }
-        startNonce = Math.max(startNonce, currentNonce);
         if (failures.some((f) => stored[f.index] === null)) {
           continue;
         }
@@ -1017,9 +1038,10 @@ async function storeChunkedContent(chunks, { client: existingClient, unsafeApi:
           const retryDelay = Math.min(RETRY_BASE_DELAY_MS * Math.pow(2, attempt - 1), RETRY_MAX_DELAY_MS);
           console.log(`   Retrying chunk ${fail.index + 1} (attempt ${attempt}/${MAX_CHUNK_RETRIES}) in ${(retryDelay / 1e3).toFixed(0)}s...`);
           await new Promise((r) => setTimeout(r, retryDelay));
+          let perRetryChanged = false;
           if (isConnectionError(fail.error) && reconnect && reconnectionsUsed < MAX_RECONNECTIONS) {
             try {
-              await doReconnect();
+              ({ changed: perRetryChanged } = await doReconnectAndRebase());
             } catch (reconnectErr) {
               console.log(`   Reconnect failed: ${reconnectErr.message?.slice(0, 80)}`);
               break;
@@ -1028,7 +1050,7 @@ async function storeChunkedContent(chunks, { client: existingClient, unsafeApi:
           try {
             const currentNonce = await _fetchNonce(BULLETIN_ENDPOINTS, ss58);
             const originalNonce = assignedNonces.get(fail.index);
-            if (originalNonce !== void 0 && originalNonce < currentNonce) {
+            if (!perRetryChanged && originalNonce !== void 0 && originalNonce < currentNonce) {
               console.log(`   Chunk ${fail.index + 1}: nonce ${originalNonce} consumed (current=${currentNonce}), treating as included`);
               stored[fail.index] = { cid: createCID(fail.chunkData, CID_CONFIG.codec, 18), len: fail.chunkData.length, viaFallback: true };
               nonceAdvanceIndices.add(fail.index);
@@ -1083,6 +1105,10 @@ async function storeChunkedContent(chunks, { client: existingClient, unsafeApi:
           collision_count: missingResults.length
         });
       }
+      if (wsHaltDetected && reconnect && reconnectionsUsed < MAX_RECONNECTIONS) {
+        wsHaltDetected = false;
+        await doReconnect();
+      }
       let reuploadCount = 0;
       for (const m of missingResults) {
         const idx = cidToIndex.get(m.cid);
@@ -1095,6 +1121,12 @@ async function storeChunkedContent(chunks, { client: existingClient, unsafeApi:
             reuploadCount++;
             break;
           } catch (e) {
+            if (isConnectionError(e) && reconnect && reconnectionsUsed < MAX_RECONNECTIONS) {
+              try {
+                await doReconnect();
+              } catch {
+              }
+            }
             if (attempt === MAX_REPROBE_RETRIES) {
               throw new Error(`Nonce-collision re-upload of chunk ${idx + 1} failed after ${MAX_REPROBE_RETRIES} attempts: ${e.message?.slice(0, 100)}`);
             }
@@ -1652,33 +1684,46 @@ async function storeDirectoryV2(directoryPath, opts = {}) {
           const roundSuffix = round > 1 ? ` (round ${round}/${GRANDPA_REUPLOAD_MAX_ROUNDS}, retry after fork)` : "";
           console.log(`   ${missingCids.size} chunks still missing after wait \u2014 re-uploading${roundSuffix}`);
           const reuploadList = [...missingCids];
-          for (let i = 0; i < reuploadList.length; i++) {
-            const cid = reuploadList[i];
-            const freshNonce = await fetchNonceFn(BULLETIN_ENDPOINTS, phaseALiveProvider.ss58);
-            if (cid === storageCid) {
-              const rootTx = phaseALiveProvider.unsafeApi.tx.TransactionStorage.store_with_cid_config({
-                cid: { codec: BigInt(112), hashing: toHashingEnum(rootHashCode) },
-                data: rootDagBytes
-              });
-              await watchTransaction(rootTx, phaseALiveProvider.signer, { mortality: { mortal: true, period: 256 }, nonce: freshNonce }, () => storageCid, {
-                label: "root-reupload",
-                rpc: BULLETIN_ENDPOINTS,
-                senderSS58: phaseALiveProvider.ss58,
-                expectedNonce: freshNonce,
-                timeoutMs: CHUNK_TIMEOUT_MS,
-                fetchNonce: phaseALiveProvider.fetchNonce
-              });
-            } else {
-              const chunkBytes = phaseBChunkByCid.get(cid);
-              if (!chunkBytes) {
-                throw new Error(
-                  `Deploy verification failed: chunk ${cid.slice(0, 20)}\u2026 missing at finalised head and its bytes are not in phaseB.chunks (cannot re-upload). This indicates an internal state issue.`
-                );
+          try {
+            for (let i = 0; i < reuploadList.length; i++) {
+              const cid = reuploadList[i];
+              const freshNonce = await fetchNonceFn(BULLETIN_ENDPOINTS, phaseALiveProvider.ss58);
+              if (cid === storageCid) {
+                const rootTx = phaseALiveProvider.unsafeApi.tx.TransactionStorage.store_with_cid_config({
+                  cid: { codec: BigInt(112), hashing: toHashingEnum(rootHashCode) },
+                  data: rootDagBytes
+                });
+                await watchTransaction(rootTx, phaseALiveProvider.signer, { mortality: { mortal: true, period: 256 }, nonce: freshNonce }, () => storageCid, {
+                  label: "root-reupload",
+                  rpc: BULLETIN_ENDPOINTS,
+                  senderSS58: phaseALiveProvider.ss58,
+                  expectedNonce: freshNonce,
+                  timeoutMs: CHUNK_TIMEOUT_MS,
+                  fetchNonce: phaseALiveProvider.fetchNonce
+                });
+              } else {
+                const chunkBytes = phaseBChunkByCid.get(cid);
+                if (!chunkBytes) {
+                  throw new Error(
+                    `Deploy verification failed: chunk ${cid.slice(0, 20)}\u2026 missing at finalised head and its bytes are not in phaseB.chunks (cannot re-upload). This indicates an internal state issue.`
+                  );
+                }
+                await storeChunk(phaseALiveProvider.unsafeApi, phaseALiveProvider.signer, chunkBytes, freshNonce, phaseALiveProvider.ss58, { fetchNonce: phaseALiveProvider.fetchNonce });
               }
-              await storeChunk(phaseALiveProvider.unsafeApi, phaseALiveProvider.signer, chunkBytes, freshNonce, phaseALiveProvider.ss58, { fetchNonce: phaseALiveProvider.fetchNonce });
+              reuploadCount++;
+              console.log(`      [${i + 1}/${reuploadList.length}] re-uploaded ${cid.slice(0, 20)}\u2026 (nonce ${freshNonce})`);
             }
-            reuploadCount++;
-            console.log(`      [${i + 1}/${reuploadList.length}] re-uploaded ${cid.slice(0, 20)}\u2026 (nonce ${freshNonce})`);
+          } catch (e) {
+            if (isConnectionError(e) && phaseALiveProvider.reconnect) {
+              try {
+                phaseALiveProvider.client.destroy();
+              } catch {
+              }
+              const fresh = await phaseALiveProvider.reconnect();
+              phaseALiveProvider = { ...phaseALiveProvider, ...fresh };
+              continue;
+            }
+            throw e;
           }
           const reuploadStart = Date.now();
           while (Date.now() - reuploadStart < GRANDPA_REUPLOAD_TIMEOUT_MS && missingCids.size > 0) {
@@ -2038,29 +2083,28 @@ async function deploy(content, domainName = null, options = {}) {
     }
   }
   if (!options.storageSigner) {
-    let storageLine = null;
-    try {
-      if (resolvedUserSession?.userSession && resolvedUserSession?.adapter) {
-        const { ss58Encode } = await import("@parity/product-sdk-address");
-        const signerResult = await resolvedUserSession.adapter.allowance.getBulletinSigner(
-          resolvedUserSession.userSession.id,
-          DOT_PRODUCT_ID
-        );
-        if (signerResult.isOk()) {
-          const slotSigner = signerResult.value;
-          const slotAddress = ss58Encode(slotSigner.publicKey);
-          options = { ...options, storageSigner: slotSigner, storageSignerAddress: slotAddress };
-          storageLine = formatStorageSignerLine(slotAddress);
-        } else {
-          storageLine = formatStorageSignerLine(null, signerResult.error.reason);
+    const { ss58Encode } = await import("@parity/product-sdk-address");
+    const slotResult = await resolveStorageSigner(
+      resolvedUserSession ?? null,
+      {
+        getBulletinSigner: (sessionId, productId, adapter) => adapter.allowance.getBulletinSigner(sessionId, productId),
+        requestResourceAllocation,
+        createSlotAccountSigner,
+        ss58Encode: (pk) => ss58Encode(pk),
+        promptBeforeAllocation: () => {
+          console.log(
+            `
+\u26A0  Your account has no Bulletin allowance. Approve one on your phone to deploy with your own account, or press Ctrl-C to use the shared pool.`
+          );
         }
-      } else {
-        storageLine = formatStorageSignerLine(null);
       }
-    } catch {
-      storageLine = formatStorageSignerLine(null, "error");
+    );
+    if (slotResult) {
+      options = { ...options, storageSigner: slotResult.signer, storageSignerAddress: slotResult.slotAddress };
+      console.log(formatStorageSignerLine(slotResult.slotAddress, void 0, slotResult.owned));
+    } else {
+      console.log(formatStorageSignerLine(null, resolvedUserSession ? "no allowance" : void 0));
     }
-    if (storageLine) console.log(storageLine);
   }
   initTelemetry();
   const randomSuffix = Math.floor(Math.random() * 100).toString().padStart(2, "0");
@@ -2173,17 +2217,7 @@ async function deploy(content, domainName = null, options = {}) {
         }
         if (phoneSignerActive) {
           const steps = computePhoneSigningSteps(dotnsPreflight, preflightPublishNeeded);
-          if (steps.length === 1) {
-            console.log(`
-Have your phone ready \u2014 1 signature needed (${steps[0].toLowerCase()})`);
-          } else if (steps.length > 1) {
-            const display = steps.flatMap(
-              (s, i) => s === "Register" && steps[i - 1] === "Commitment" ? ["(wait)", s] : [s]
-            );
-            console.log(`
-Have your phone ready \u2014 ${steps.length} signatures needed`);
-            console.log(`   ${display.map((s) => s.toLowerCase()).join(" \xB7 ")}`);
-          }
+          options.onPhoneSignaturePlan?.(steps);
         }
         provider = await reconnect();
         const providerWithReconnect = { ...provider, reconnect };
@@ -2392,13 +2426,10 @@ Have your phone ready \u2014 ${steps.length} signatures needed`);
             };
             await ownerDotns.connect({
               ...resolveDotnsConnectOptions({ ...options, signer: owner.signer, signerAddress: owner.address }, envAssetHub, envAutoAccountMapping, envContracts, envNativeToEthRatio, envId, envPopSelfServe, envRegisterStorageDeposit),
-              onPhoneSigningRequired: (label) => console.log(`
-   Check your phone \u2192 ${label}`)
+              confirmPhoneReady: options.confirmPhoneReady
             });
             const willPublish = !!(options.publish && parsed && preflightPublishNeeded !== false);
-            console.log(willPublish ? `
-Have your phone ready \u2014 2 signatures needed (link content \xB7 publish)` : `
-Have your phone ready \u2014 1 signature needed (link content)`);
+            ownerDotns.setPhoneSignatureTotal(willPublish ? 2 : 1);
             const contenthashHex2 = `0x${encodeContenthash(cid)}`;
             await ownerDotns.setContenthash(name, contenthashHex2, { feeAsset: "pgas" });
             if (willPublish) await publish(ownerDotns, parsed, options.failOnPublishError);
@@ -2407,11 +2438,11 @@ Have your phone ready \u2014 1 signature needed (link content)`);
           const dotns = new DotNS();
           await dotns.connect({
             ...resolveDotnsConnectOptions(options, envAssetHub, envAutoAccountMapping, envContracts, envNativeToEthRatio, envId, envPopSelfServe, envRegisterStorageDeposit),
-            // Per-step "check your phone" reminder — only for a phone-backed signer
-            // (see phoneSignerActive); a transfer-mode local worker signs locally.
-            ...phoneSignerActive ? { onPhoneSigningRequired: (label) => console.log(`
-   Check your phone \u2192 ${label}`) } : {}
+            confirmPhoneReady: options.confirmPhoneReady
           });
+          if (phoneSignerActive) {
+            dotns.setPhoneSignatureTotal(computePhoneSigningSteps(dotnsPreflight, preflightPublishNeeded).length);
+          }
           let registeredFresh = false;
           if (parsed?.isSubdomain) {
             const { owned, owner } = await dotns.checkSubdomainOwnership(parsed.sublabel, parsed.parentLabel);

package/dist/{chunk-Y3GVAWTH.js → chunk-XCK7YHBD.js}

@@ -3,7 +3,7 @@ import {
 } from "./chunk-GRPLHUYC.js";
 import {
   DOT_DAPP_ID
-} from "./chunk-TE5ILRKP.js";
+} from "./chunk-4PLUBND7.js";
 
 // src/sss-allowance-cache.ts
 import { mkdir, readFile, writeFile, unlink } from "fs/promises";

package/dist/chunk-probe.js

@@ -5,9 +5,9 @@ import {
   _decodeStorageValue,
   _resetProbeSession,
   probeChunks
-} from "./chunk-R74IZLP4.js";
-import "./chunk-LDMBTCMO.js";
-import "./chunk-VHW7K7JW.js";
+} from "./chunk-IMHVYM7Q.js";
+import "./chunk-7H6UYIDE.js";
+import "./chunk-U2JW2FSV.js";
 export {
   ChainProbeCrossValidationError,
   ChainProbeMetadataError,

package/dist/commands/login.js

@@ -1,23 +1,12 @@
 import {
   startSpinner
 } from "../chunk-J7CYVTAW.js";
-import "../chunk-JQKKMUCT.js";
-import {
-  BULLETIN_RESOURCE,
-  DEFAULT_RESOURCES,
-  createSlotAccountSigner,
-  requestResourceAllocation,
-  summarizeOutcomes
-} from "../chunk-5FLTDWWP.js";
-import {
-  renderLoginStatus
-} from "../chunk-RIRDBSBG.js";
 import {
   waitForBulletinAuthorization
-} from "../chunk-XZXMZ2EN.js";
+} from "../chunk-VJNXVT3F.js";
 import {
   preflightSssAllowance
-} from "../chunk-Y3GVAWTH.js";
+} from "../chunk-XCK7YHBD.js";
 import {
   statementSigningAccount
 } from "../chunk-GRPLHUYC.js";
@@ -26,24 +15,36 @@ import "../chunk-IW3X2MJF.js";
 import "../chunk-KOSF5FDO.js";
 import "../chunk-J3NIXHZZ.js";
 import "../chunk-S7EM5VMW.js";
+import "../chunk-5SWXGBOO.js";
+import "../chunk-BJXJ7ZLD.js";
+import "../chunk-IMHVYM7Q.js";
+import "../chunk-C2TS5MER.js";
+import "../chunk-UWAZDGBT.js";
+import "../chunk-JQKKMUCT.js";
+import {
+  BULLETIN_RESOURCE,
+  DEFAULT_RESOURCES,
+  createSlotAccountSigner,
+  requestResourceAllocation,
+  summarizeOutcomes
+} from "../chunk-5FLTDWWP.js";
+import {
+  renderLoginStatus
+} from "../chunk-RIRDBSBG.js";
 import {
   DOT_PRODUCT_ID,
   getAuthClient,
   getPeopleChainEndpoints,
   resolveBulletinEndpoints
-} from "../chunk-TE5ILRKP.js";
-import "../chunk-H73WL3JM.js";
-import "../chunk-UCRSE6CA.js";
-import "../chunk-R74IZLP4.js";
-import "../chunk-C2TS5MER.js";
+} from "../chunk-4PLUBND7.js";
 import {
   CLI_NAME
 } from "../chunk-TSPERKUS.js";
-import "../chunk-Q5JW6NOW.js";
+import "../chunk-TXJ6KQWM.js";
 import "../chunk-SI2ZUOYD.js";
 import "../chunk-4IUTMHVB.js";
-import "../chunk-LDMBTCMO.js";
-import "../chunk-VHW7K7JW.js";
+import "../chunk-7H6UYIDE.js";
+import "../chunk-U2JW2FSV.js";
 import {
   loadEnvironments
 } from "../chunk-QRKI6MMK.js";

package/dist/commands/logout.js

@@ -1,18 +1,18 @@
+import {
+  clearSssAllowanceCache
+} from "../chunk-XCK7YHBD.js";
+import "../chunk-GRPLHUYC.js";
 import "../chunk-JQKKMUCT.js";
 import "../chunk-5FLTDWWP.js";
 import {
   renderLogoutStatus
 } from "../chunk-RIRDBSBG.js";
-import {
-  clearSssAllowanceCache
-} from "../chunk-Y3GVAWTH.js";
-import "../chunk-GRPLHUYC.js";
 import {
   getAuthClient
-} from "../chunk-TE5ILRKP.js";
+} from "../chunk-4PLUBND7.js";
 import "../chunk-TSPERKUS.js";
-import "../chunk-LDMBTCMO.js";
-import "../chunk-VHW7K7JW.js";
+import "../chunk-7H6UYIDE.js";
+import "../chunk-U2JW2FSV.js";
 import "../chunk-QRKI6MMK.js";
 import "../chunk-ZOC4GITL.js";
 

package/dist/commands/transfer.js

@@ -4,11 +4,11 @@ import {
 import {
   DEFAULT_MNEMONIC,
   DotNS
-} from "../chunk-Q5JW6NOW.js";
+} from "../chunk-TXJ6KQWM.js";
 import "../chunk-SI2ZUOYD.js";
 import "../chunk-4IUTMHVB.js";
-import "../chunk-LDMBTCMO.js";
-import "../chunk-VHW7K7JW.js";
+import "../chunk-7H6UYIDE.js";
+import "../chunk-U2JW2FSV.js";
 import {
   getPopSelfServeConfig,
   loadEnvironments,

package/dist/commands/whoami.js

@@ -2,12 +2,12 @@ import {
   STALE_SESSION_MESSAGE,
   getAuthClient,
   hasPersistedSession
-} from "../chunk-TE5ILRKP.js";
+} from "../chunk-4PLUBND7.js";
 import {
   CLI_NAME
 } from "../chunk-TSPERKUS.js";
-import "../chunk-LDMBTCMO.js";
-import "../chunk-VHW7K7JW.js";
+import "../chunk-7H6UYIDE.js";
+import "../chunk-U2JW2FSV.js";
 import "../chunk-QRKI6MMK.js";
 import "../chunk-ZOC4GITL.js";
 

package/dist/deploy-actors.d.ts

@@ -1,8 +1,8 @@
 import { A as AuthClient } from './auth-CA_YKtM2.js';
+import { PolkadotSigner } from 'polkadot-api';
 import { R as ResolvedSigner } from './signer-Duup0hgQ.js';
+import { A as AllocatableResource } from './allocations-CEPeZr6T.js';
 import '@parity/product-sdk-terminal';
-import 'polkadot-api';
-import './allocations-CEPeZr6T.js';
 import '@parity/product-sdk-tx';
 
 declare class MainnetDefaultWorkerError extends Error {
@@ -20,5 +20,86 @@ interface ResolveDeployActorsOptions {
     sessionPresent: boolean;
 }
 declare function resolveDeployActors(authClient: AuthClient, { suri, transferEnabled, isTestnet, sessionPresent }: ResolveDeployActorsOptions): Promise<DeployActors>;
+/**
+ * Result returned by resolveStorageSigner when a Bulletin slot signer was found.
+ *
+ * `owned` is true when the slot comes from the user's own session (cache-hit or
+ * freshly allocated via step-4 prompt). It is used by formatStorageSignerLine to
+ * distinguish "your allowance slot" (owned) from "allowance slot" (explicitly
+ * injected by a programmatic caller).
+ */
+interface StorageSignerResult {
+    signer: PolkadotSigner;
+    slotAddress: string;
+    /** true when the slot comes from the user's own session (not a pre-injected slot). */
+    owned: true;
+}
+/**
+ * Injectable dependencies for resolveStorageSigner.
+ * All fields are optional — defaults are used when not provided (deploy path).
+ * Injecting stubs lets unit tests drive every branch without a real adapter.
+ */
+interface StorageSignerDeps {
+    /**
+     * Calls adapter.allowance.getBulletinSigner(sessionId, productId).
+     * Returns an Ok/Err result (product-sdk shape).
+     */
+    getBulletinSigner: (sessionId: string, productId: string, adapter: any) => Promise<{
+        isOk(): boolean;
+        isErr(): boolean;
+        value?: PolkadotSigner;
+        error?: {
+            reason: string;
+        };
+    }>;
+    /**
+     * Triggers a phone prompt to allocate the BulletInAllowance resource.
+     * Returns AllocationOutcome[] — one per resource in order.
+     */
+    requestResourceAllocation: (userSession: any, adapter: any, resources: AllocatableResource[]) => Promise<{
+        tag: string;
+        value?: unknown;
+    }[]>;
+    /**
+     * Read the cached slot account signer written by requestResourceAllocation.
+     * Returns null on a miss (graceful fallback).
+     */
+    createSlotAccountSigner?: (adapter: any, resource: AllocatableResource) => Promise<PolkadotSigner | null>;
+    /** Encode a public key as SS58. */
+    ss58Encode: (publicKey: Uint8Array) => string;
+    /**
+     * Called BEFORE requestResourceAllocation to print the user-facing prompt.
+     * Should print the "check your phone" warning so the user knows what's coming.
+     * Ctrl-C will interrupt the subsequent requestResourceAllocation call directly.
+     */
+    promptBeforeAllocation: () => void;
+}
+/**
+ * Resolve a user-owned Bulletin slot signer from the active session.
+ *
+ * Implements steps 3–4 of the storage-signer precedence:
+ *   3. Cache-hit: adapter.allowance.getBulletinSigner(sessionId) → slot signer.
+ *   4. Cache-miss (NotAvailable / Rejected): prompt then requestResourceAllocation
+ *      ([BulletInAllowance]) → newly-allocated slot signer.
+ *   5. Fall through: returns null → caller falls back to pool.
+ *
+ * Non-goals: explicit storageSigner / signer / mnemonic paths — those are handled
+ * upstream by selectStorageReconnect. This function only handles session-derived slots.
+ *
+ * Layer-3 isolation is preserved: when `session` is null (no session file on disk,
+ * no --suri), this function returns null immediately without touching the SSO stack.
+ *
+ * @param session  The resolved session object from resolveDeployActors (or null when
+ *                 no session is present). Must have { userSession, adapter } shape.
+ * @param deps     Injectable dependencies for testing. Production callers pass
+ *                 undefined to use the real auth functions.
+ * @returns        A { signer, slotAddress, owned: true } result or null (→ pool).
+ */
+declare function resolveStorageSigner(session: {
+    userSession: {
+        id: string;
+    };
+    adapter: any;
+} | null | undefined, deps: StorageSignerDeps): Promise<StorageSignerResult | null>;
 
-export { type DeployActors, MainnetDefaultWorkerError, type ResolveDeployActorsOptions, resolveDeployActors };
+export { type DeployActors, MainnetDefaultWorkerError, type ResolveDeployActorsOptions, type StorageSignerDeps, type StorageSignerResult, resolveDeployActors, resolveStorageSigner };

package/dist/deploy-actors.js

@@ -1,45 +1,22 @@
-import "./chunk-JQKKMUCT.js";
 import {
-  resolveSigner
-} from "./chunk-5FLTDWWP.js";
+  MainnetDefaultWorkerError,
+  resolveDeployActors,
+  resolveStorageSigner
+} from "./chunk-UWAZDGBT.js";
+import "./chunk-JQKKMUCT.js";
+import "./chunk-5FLTDWWP.js";
 import "./chunk-RIRDBSBG.js";
+import "./chunk-4PLUBND7.js";
 import "./chunk-TSPERKUS.js";
-import {
-  DEFAULT_MNEMONIC
-} from "./chunk-Q5JW6NOW.js";
+import "./chunk-TXJ6KQWM.js";
 import "./chunk-SI2ZUOYD.js";
 import "./chunk-4IUTMHVB.js";
-import "./chunk-LDMBTCMO.js";
-import "./chunk-VHW7K7JW.js";
+import "./chunk-7H6UYIDE.js";
+import "./chunk-U2JW2FSV.js";
 import "./chunk-QRKI6MMK.js";
 import "./chunk-ZOC4GITL.js";
-
-// src/deploy-actors.ts
-var DEFAULT_WORKER_SURI = DEFAULT_MNEMONIC;
-var MainnetDefaultWorkerError = class extends Error {
-  constructor() {
-    super(
-      "Refusing to default the deploy worker to Alice on a non-testnet environment. Pass --mnemonic <a funded, sufficiently-verified key> to do the transfer flow, or --no-transfer-to-signedin-user to sign directly with your mobile session."
-    );
-    this.name = "MainnetDefaultWorkerError";
-  }
-};
-async function resolveDeployActors(authClient, { suri, transferEnabled, isTestnet, sessionPresent }) {
-  if (sessionPresent && transferEnabled) {
-    if (!suri && !isTestnet) throw new MainnetDefaultWorkerError();
-    const worker2 = await resolveSigner(authClient, { suri: suri ?? DEFAULT_WORKER_SURI });
-    const handle = await authClient.getSessionSigner();
-    if (!handle) throw new Error("transfer mode active but no session resolved; pass --no-transfer-to-signedin-user.");
-    try {
-      return { worker: worker2, recipientH160: handle.addresses.productH160 };
-    } finally {
-      handle.destroy();
-    }
-  }
-  const worker = await resolveSigner(authClient, { suri });
-  return { worker };
-}
 export {
   MainnetDefaultWorkerError,
-  resolveDeployActors
+  resolveDeployActors,
+  resolveStorageSigner
 };