bulletin-deploy 0.7.21 → 0.7.22-rc.0

package/dist/personhood/member-key.js

@@ -0,0 +1,10 @@
+import {
+  deriveMemberEntropy,
+  deriveMemberKey
+} from "../chunk-EJ5TNGAY.js";
+import "../chunk-UPWEOGLQ.js";
+import "../chunk-T7EEVWNU.js";
+export {
+  deriveMemberEntropy,
+  deriveMemberKey
+};

package/dist/personhood/people-client.d.ts

@@ -0,0 +1,14 @@
+import { PolkadotClient } from 'polkadot-api';
+
+interface PeopleClientResult {
+    client: PolkadotClient;
+    unsafeApi: ReturnType<PolkadotClient["getUnsafeApi"]>;
+    disconnect: () => void;
+}
+/**
+ * Open a People-chain polkadot-api client for the given environment.
+ * The caller must call `disconnect()` when done to release the WS connection.
+ */
+declare function connectPeopleClient(environmentId: string): Promise<PeopleClientResult>;
+
+export { type PeopleClientResult, connectPeopleClient };

package/dist/personhood/people-client.js

@@ -0,0 +1,48 @@
+import {
+  WS_HEARTBEAT_TIMEOUT_MS
+} from "../chunk-4YO5SOAY.js";
+import "../chunk-WVCIU6WM.js";
+import "../chunk-3LGLMHQI.js";
+import "../chunk-LZO2QX4T.js";
+import {
+  loadEnvironments
+} from "../chunk-F36C363Y.js";
+import "../chunk-ZOC4GITL.js";
+
+// src/personhood/people-client.ts
+import { createClient } from "polkadot-api";
+import { getWsProvider } from "polkadot-api/ws";
+async function connectPeopleClient(environmentId) {
+  const { doc } = await loadEnvironments();
+  const peopleChain = doc.chains.find((c) => c.id === "people");
+  if (!peopleChain) {
+    throw new Error(
+      `environments.json has no 'people' chain entry for env '${environmentId}'`
+    );
+  }
+  const entry = peopleChain.endpoints[environmentId];
+  if (!entry) {
+    throw new Error(
+      `No People-chain endpoint for environment '${environmentId}'. Bootstrap is only available on paseo-next-v2.`
+    );
+  }
+  const rawWss = entry.wss;
+  const wss = Array.isArray(rawWss) ? rawWss[0] : rawWss;
+  const client = createClient(
+    getWsProvider(wss, { heartbeatTimeout: WS_HEARTBEAT_TIMEOUT_MS })
+  );
+  const unsafeApi = client.getUnsafeApi();
+  return {
+    client,
+    unsafeApi,
+    disconnect: () => {
+      try {
+        client.destroy();
+      } catch {
+      }
+    }
+  };
+}
+export {
+  connectPeopleClient
+};

package/dist/personhood/reprove.d.ts

@@ -0,0 +1,43 @@
+import { SS58String, PolkadotSigner } from 'polkadot-api';
+
+type ReproveAliasErrorKind = "NoStoredAlias" | "NotPaid" | "RingRootNotFound" | "RevisionNotAdvanced" | "AliasMismatch" | "NotARecognizedPerson" | "BadProof" | "DispatchError" | "RpcError" | "ClientError" | "Unknown";
+declare class ReproveAliasError extends Error {
+    readonly kind: ReproveAliasErrorKind;
+    readonly dispatchError?: unknown;
+    constructor(message: string, options?: ErrorOptions & {
+        kind?: ReproveAliasErrorKind;
+        dispatchError?: unknown;
+    });
+}
+type RingExponent = 9 | 10 | 14;
+interface BuildRingProofInput {
+    ringExponent: RingExponent;
+    members: Uint8Array;
+    context: Uint8Array;
+    msg: Uint8Array;
+}
+type BuildRingProof = (input: BuildRingProofInput) => Promise<{
+    proof: Uint8Array;
+    alias: Uint8Array;
+}>;
+interface ReproveAliasProgress {
+    onBroadcasted?: () => void;
+    onBestBlock?: (blockHash: string) => void;
+}
+interface ReproveAliasParams {
+    peopleUnsafeApi: unknown;
+    ahUnsafeApi: unknown;
+    account: SS58String;
+    memberKey: Uint8Array;
+    signCall: PolkadotSigner;
+    buildRingProof: BuildRingProof;
+    progress?: ReproveAliasProgress;
+}
+interface ReproveAliasResult {
+    blockHash: string;
+    oldRevision: number;
+    newRevision: number;
+}
+declare const reproveAliasToAccount: ({ peopleUnsafeApi, ahUnsafeApi, account, memberKey, signCall, buildRingProof, progress, }: ReproveAliasParams) => Promise<ReproveAliasResult>;
+
+export { type BuildRingProof, type BuildRingProofInput, ReproveAliasError, type ReproveAliasErrorKind, type ReproveAliasParams, type ReproveAliasProgress, type ReproveAliasResult, type RingExponent, reproveAliasToAccount };

package/dist/personhood/reprove.js

@@ -0,0 +1,225 @@
+import {
+  blake2_256,
+  bytesToHex,
+  concatBytes,
+  encodeMembers,
+  hexToBytes
+} from "../chunk-ZYVGHDMU.js";
+import {
+  PAID_PROOF_TAG,
+  PEOPLE_MEMBER_IDENTIFIER_HEX,
+  PROOF_BYTES
+} from "../chunk-T7EEVWNU.js";
+
+// src/personhood/reprove.ts
+import { getSs58AddressInfo } from "polkadot-api";
+var ReproveAliasError = class extends Error {
+  kind;
+  dispatchError;
+  constructor(message, options = {}) {
+    super(message, options);
+    this.name = "ReproveAliasError";
+    this.kind = options.kind ?? "Unknown";
+    this.dispatchError = options.dispatchError;
+  }
+};
+var reproveAliasToAccount = async ({
+  peopleUnsafeApi,
+  ahUnsafeApi,
+  account,
+  memberKey,
+  signCall,
+  buildRingProof,
+  progress
+}) => {
+  const people = peopleUnsafeApi;
+  const ah = ahUnsafeApi;
+  if (memberKey.length !== 32) {
+    throw new ReproveAliasError("memberKey must be 32 bytes", {
+      kind: "ClientError"
+    });
+  }
+  const stored = await ah.query.AliasAccounts.AccountToAlias.getValue(
+    account,
+    { at: "best" }
+  );
+  if (!stored) {
+    throw new ReproveAliasError(
+      "no AccountToAlias row for this account \u2014 bind first",
+      { kind: "NoStoredAlias" }
+    );
+  }
+  if (!stored.paid) {
+    throw new ReproveAliasError(
+      "AccountToAlias row is not paid \u2014 reprove_alias_account is only for paid aliases",
+      { kind: "NotPaid" }
+    );
+  }
+  const contextBytes = hexToBytes(stored.ca.context);
+  const storedRevision = stored.revision;
+  const storedRing = stored.ring;
+  const storedAliasHex = stored.ca.alias.toLowerCase();
+  const position = await people.query.Members.Members.getValue(
+    PEOPLE_MEMBER_IDENTIFIER_HEX,
+    bytesToHex(memberKey),
+    { at: "best" }
+  );
+  if (!position || position.type !== "Included") {
+    throw new ReproveAliasError(
+      `member position is '${position?.type ?? "absent"}', expected 'Included'`,
+      { kind: "NotARecognizedPerson" }
+    );
+  }
+  const ringIndex = position.value.ring_index;
+  const allEntries = await people.query.Members.RingKeys.getEntries({
+    at: "best"
+  });
+  const pages = [];
+  const identHex = PEOPLE_MEMBER_IDENTIFIER_HEX.toLowerCase();
+  for (const entry of allEntries) {
+    if (entry.keyArgs[0].toLowerCase() !== identHex) continue;
+    if (Number(entry.keyArgs[1]) !== ringIndex) continue;
+    pages.push([Number(entry.keyArgs[2]), [...entry.value]]);
+  }
+  pages.sort((a, b) => a[0] - b[0]);
+  const ringKeys = pages.flatMap(([, ks]) => ks);
+  if (ringKeys.length === 0) {
+    throw new ReproveAliasError("ring has no members on People", {
+      kind: "ClientError"
+    });
+  }
+  const membersBytes = encodeMembers(ringKeys.map((k) => hexToBytes(k)));
+  const ringExp = await ah.constants.AliasAccounts.PeopleRingExponent();
+  const ringExponent = ringExp.type === "R2e9" ? 9 : ringExp.type === "R2e10" ? 10 : 14;
+  const ringRoots = await ah.query.MembersSubscriber.RingRoots.getValue(
+    stored.collection,
+    ringIndex,
+    { at: "best" }
+  );
+  if (!ringRoots || ringRoots.length === 0) {
+    throw new ReproveAliasError(
+      "AH has no RingRoots for this (collection, ring_index)",
+      { kind: "RingRootNotFound" }
+    );
+  }
+  const latest = ringRoots[ringRoots.length - 1];
+  const newRevision = latest.revision;
+  if (newRevision <= storedRevision && ringIndex === storedRing) {
+    throw new ReproveAliasError(
+      `latest revision ${newRevision} is not strictly greater than stored ${storedRevision} on the same ring`,
+      { kind: "RevisionNotAdvanced" }
+    );
+  }
+  const ss58Info = getSs58AddressInfo(account);
+  if (!ss58Info.isValid) {
+    throw new ReproveAliasError(`invalid SS58: ${account}`, {
+      kind: "ClientError"
+    });
+  }
+  const paidMsg = blake2_256(concatBytes(PAID_PROOF_TAG, ss58Info.publicKey));
+  const { proof, alias } = await buildRingProof({
+    ringExponent,
+    members: membersBytes,
+    context: contextBytes,
+    msg: paidMsg
+  });
+  if (proof.length !== PROOF_BYTES) {
+    throw new ReproveAliasError(
+      `ring proof must be ${PROOF_BYTES} bytes, got ${proof.length}`,
+      { kind: "ClientError" }
+    );
+  }
+  if (bytesToHex(alias).toLowerCase() !== storedAliasHex) {
+    throw new ReproveAliasError(
+      `regenerated alias ${bytesToHex(alias)} differs from stored ${storedAliasHex} \u2014 would fail ReproveMismatch`,
+      { kind: "AliasMismatch" }
+    );
+  }
+  const tx = ah.tx.AliasAccounts.reprove_alias_account({
+    proof: bytesToHex(proof),
+    ring_index: ringIndex,
+    ring_revision: newRevision
+  });
+  const blockHash = await new Promise((resolve, reject) => {
+    let settled = false;
+    const fail = (err) => {
+      if (settled) return;
+      settled = true;
+      reject(err);
+    };
+    const succeed = (h) => {
+      if (settled) return;
+      settled = true;
+      resolve(h);
+    };
+    tx.signSubmitAndWatch(signCall).subscribe({
+      next: (event) => {
+        if (settled) return;
+        const ev = event;
+        if (ev.type === "broadcasted") {
+          progress?.onBroadcasted?.();
+          return;
+        }
+        if (ev.type === "txBestBlocksState" && ev.found) {
+          if (ev.ok === false) {
+            fail(
+              new ReproveAliasError(
+                "reprove_alias_account dispatched but failed in-block",
+                {
+                  kind: narrowDispatchError(ev.dispatchError),
+                  dispatchError: ev.dispatchError
+                }
+              )
+            );
+            return;
+          }
+          if (ev.block) progress?.onBestBlock?.(ev.block.hash);
+          return;
+        }
+        if (ev.type === "finalized") {
+          if (ev.ok === false) {
+            fail(
+              new ReproveAliasError(
+                "reprove_alias_account failed at finalization",
+                {
+                  kind: narrowDispatchError(ev.dispatchError),
+                  dispatchError: ev.dispatchError
+                }
+              )
+            );
+            return;
+          }
+          if (ev.block) succeed(ev.block.hash);
+        }
+      },
+      error: (err) => {
+        fail(
+          err instanceof ReproveAliasError ? err : new ReproveAliasError(
+            err instanceof Error ? `RPC rejected extrinsic: ${err.message}` : "RPC error during submitAndWatch",
+            { cause: err, kind: "RpcError" }
+          )
+        );
+      }
+    });
+  });
+  return { blockHash, oldRevision: storedRevision, newRevision };
+};
+var narrowDispatchError = (dispatchError) => {
+  if (typeof dispatchError === "object" && dispatchError !== null && "type" in dispatchError) {
+    const d = dispatchError;
+    if (d.type === "Module" && typeof d.value === "object" && d.value !== null) {
+      const v = d.value;
+      if (v.type === "AliasAccounts") {
+        if (v.value?.type === "BadProof") return "BadProof";
+        if (v.value?.type === "ReproveMismatch") return "AliasMismatch";
+        if (v.value?.type === "AliasAccountAlreadySet")
+          return "RevisionNotAdvanced";
+      }
+    }
+  }
+  return "DispatchError";
+};
+export {
+  ReproveAliasError,
+  reproveAliasToAccount
+};

package/dist/pool.d.ts

@@ -14,6 +14,11 @@ interface PoolAuthorization extends PoolAccount {
     expiration: number;
 }
 declare function derivePoolAccounts(poolSize?: number, mnemonic?: string): PoolAccount[];
+interface AuthorizationCheck {
+    needs?: AuthorizationNeeds;
+    bulletinAuthorizeV2?: boolean;
+}
+declare function isAuthorizationSufficient(auth: any, currentBlock: number, check?: AuthorizationCheck): boolean;
 declare function selectAccount(authorizations: PoolAuthorization[], random?: () => number, currentBlock?: number): PoolAuthorization | null;
 declare function fetchPoolAuthorizations(api: any, accounts: PoolAccount[]): Promise<PoolAuthorization[]>;
 interface AuthorizationNeeds {
@@ -32,11 +37,11 @@ declare function classifyAliceTxError(err: unknown): TxRetryDecision;
 declare function isTestnetSpecName(specName: string | undefined | null): boolean;
 declare function detectTestnet(api: any): Promise<boolean>;
 declare function _resetTestnetCacheForTests(): void;
-declare function ensureAuthorized(api: any, address: string, label?: string, bulletinAuthorizeV2?: boolean): Promise<void>;
+declare function ensureAuthorized(api: any, address: string, label?: string, bulletinAuthorizeV2?: boolean, needs?: AuthorizationNeeds): Promise<void>;
 declare function topUpBy(api: any, address: string, needs: AuthorizationNeeds, label?: string, bulletinAuthorizeV2?: boolean): Promise<void>;
 interface BootstrapOptions {
     bulletinAuthorizeV2?: boolean;
 }
 declare function bootstrapPool(bulletinRpc: string, poolSize?: number, mnemonic?: string, opts?: BootstrapOptions): Promise<void>;
 
-export { type AuthorizationNeeds, type BootstrapOptions, type PoolAccount, type PoolAuthorization, type TxRetryDecision, _resetTestnetCacheForTests, bootstrapPool, classifyAliceTxError, computeTopUpTarget, derivePoolAccounts, detectTestnet, ensureAuthorized, fetchPoolAuthorizations, formatPasBalance, isTestnetSpecName, selectAccount, topUpBy };
+export { type AuthorizationCheck, type AuthorizationNeeds, type BootstrapOptions, type PoolAccount, type PoolAuthorization, type TxRetryDecision, _resetTestnetCacheForTests, bootstrapPool, classifyAliceTxError, computeTopUpTarget, derivePoolAccounts, detectTestnet, ensureAuthorized, fetchPoolAuthorizations, formatPasBalance, isAuthorizationSufficient, isTestnetSpecName, selectAccount, topUpBy };

package/dist/pool.js

@@ -8,10 +8,11 @@ import {
   ensureAuthorized,
   fetchPoolAuthorizations,
   formatPasBalance,
+  isAuthorizationSufficient,
   isTestnetSpecName,
   selectAccount,
   topUpBy
-} from "./chunk-4TS6R26J.js";
+} from "./chunk-WVCIU6WM.js";
 export {
   _resetTestnetCacheForTests,
   bootstrapPool,
@@ -22,6 +23,7 @@ export {
   ensureAuthorized,
   fetchPoolAuthorizations,
   formatPasBalance,
+  isAuthorizationSufficient,
   isTestnetSpecName,
   selectAccount,
   topUpBy

package/dist/run-state.js

@@ -7,7 +7,7 @@ import {
   shouldSkipStaleWarning,
   stateFilePath,
   writeRunState
-} from "./chunk-G2P5UIPX.js";
+} from "./chunk-LZO2QX4T.js";
 export {
   VERSION,
   loadRunState,

package/dist/telemetry.d.ts

@@ -1,7 +1,9 @@
+import * as _sentry_node from '@sentry/node';
 import { DeployContextForReport } from './memory-report.js';
 import 'node:v8';
 
 declare const VERSION: string;
+type SentryModule = typeof _sentry_node | null;
 interface InternalContextSignals {
     githubRepository?: string;
     runnerName?: string;
@@ -27,6 +29,9 @@ type DeployErrorCategory = 'user' | 'environment' | 'internal' | 'unknown';
 declare function classifyDeployError(msg: string): DeployErrorCategory;
 declare function classifySadReason(message: string): string;
 declare function computeDeployOutcome(errorCategory: DeployErrorCategory | null, isSad: boolean, sadReason: string): string;
+type DeployErrorKind = 'contract-revert' | 'chain-timeout' | 'nonce-stale' | 'connection' | 'unknown';
+declare function classifyErrorKind(msg: string): DeployErrorKind;
+declare function sanitizeErrorMessage(msg: string): string;
 declare function withSpan<T>(op: string, description: string, attributes: Record<string, string | number | boolean | undefined>, fn: () => T | Promise<T>): Promise<T>;
 declare function sampleMemory(stage: string): void;
 declare function withDeploySpan<T>(domain: string, fn: () => T | Promise<T>): Promise<T>;
@@ -35,9 +40,10 @@ declare function setDeployReportContext(patch: Partial<DeployContextForReport> &
 }): void;
 declare function setDeployAttribute(key: string, value: string | number | boolean): void;
 declare function __setDeployRootSpanForTest(span: any | null): void;
+declare function __setSentryForTest(stub: any): SentryModule;
 declare function getCurrentSentryTraceId(): string | undefined;
 declare function setDeploySentryTag(key: string, value: string): void;
 declare function captureWarning(message: string, context?: Record<string, unknown>): void;
 declare function flush(): Promise<void>;
 
-export { type DeployErrorCategory, type InternalContextSignals, VERSION, __setDeployRootSpanForTest, captureWarning, classifyDeployError, classifySadReason, closeTelemetry, computeDeployOutcome, flush, getCurrentSentryTraceId, getDeployAttributes, initTelemetry, isExpectedError, isInternalContext, isInternalContextFromSignals, markRelaunchOomHintShown, resolveRepo, resolveRunner, resolveRunnerType, sampleMemory, sanitizeBranch, sanitizeRepo, scrubPaths, setDeployAttribute, setDeployReportContext, setDeploySentryTag, setRunStateActive, truncateAddress, withDeploySpan, withSpan };
+export { type DeployErrorCategory, type DeployErrorKind, type InternalContextSignals, VERSION, __setDeployRootSpanForTest, __setSentryForTest, captureWarning, classifyDeployError, classifyErrorKind, classifySadReason, closeTelemetry, computeDeployOutcome, flush, getCurrentSentryTraceId, getDeployAttributes, initTelemetry, isExpectedError, isInternalContext, isInternalContextFromSignals, markRelaunchOomHintShown, resolveRepo, resolveRunner, resolveRunnerType, sampleMemory, sanitizeBranch, sanitizeErrorMessage, sanitizeRepo, scrubPaths, setDeployAttribute, setDeployReportContext, setDeploySentryTag, setRunStateActive, truncateAddress, withDeploySpan, withSpan };

package/dist/telemetry.js

@@ -1,8 +1,10 @@
 import {
   VERSION,
   __setDeployRootSpanForTest,
+  __setSentryForTest,
   captureWarning,
   classifyDeployError,
+  classifyErrorKind,
   classifySadReason,
   closeTelemetry,
   computeDeployOutcome,
@@ -19,6 +21,7 @@ import {
   resolveRunnerType,
   sampleMemory,
   sanitizeBranch,
+  sanitizeErrorMessage,
   sanitizeRepo,
   scrubPaths,
   setDeployAttribute,
@@ -28,13 +31,15 @@ import {
   truncateAddress,
   withDeploySpan,
   withSpan
-} from "./chunk-2VNGK2MU.js";
-import "./chunk-G2P5UIPX.js";
+} from "./chunk-3LGLMHQI.js";
+import "./chunk-LZO2QX4T.js";
 export {
   VERSION,
   __setDeployRootSpanForTest,
+  __setSentryForTest,
   captureWarning,
   classifyDeployError,
+  classifyErrorKind,
   classifySadReason,
   closeTelemetry,
   computeDeployOutcome,
@@ -51,6 +56,7 @@ export {
   resolveRunnerType,
   sampleMemory,
   sanitizeBranch,
+  sanitizeErrorMessage,
   sanitizeRepo,
   scrubPaths,
   setDeployAttribute,

package/dist/version-check.js

@@ -9,9 +9,9 @@ import {
   isPreReleaseVersion,
   preReleaseWarning,
   promptYesNo
-} from "./chunk-RJAFD4LO.js";
-import "./chunk-2VNGK2MU.js";
-import "./chunk-G2P5UIPX.js";
+} from "./chunk-SL7LV4DS.js";
+import "./chunk-3LGLMHQI.js";
+import "./chunk-LZO2QX4T.js";
 export {
   assessVersion,
   checkNodeVersion,

package/docs/e2e-bootstrap.md

@@ -41,7 +41,11 @@ Expected output: Bob's SS58, his H160 (`0x41dccbd49b26c50d34355ed86ff0fa9e489d1e
 
 The S3 negative scenario asserts that `bulletin-deploy` refuses to deploy to a domain owned by a different account (exit 78 with transfer guidance). Have Bob register the label with a DotNS registration tool outside `bulletin-deploy` — no Alice intermediary, no Bulletin content needed (S3 never reads content).
 
-Expected: `e2eowned.dot` is owned by Bob's H160 `0x41dccbd49b26c50d34355ed86ff0fa9e489d1e01`. If you use an upstream/manual DotNS tool for comparison, it is a bootstrap convenience only; `bulletin-deploy` itself does not require `@parity/dotns-cli`.
+```bash
+node tools/register-test-fixture-paseo-next-v2.mjs e2eowned
+```
+
+Expected: `e2eowned.dot` is owned by Bob's H160 `0x41dccbd49b26c50d34355ed86ff0fa9e489d1e01`. The `e2eowned.dot` label requires PoP Full status and a mature commitment (the tool waits 30s after the minimum commitment age). The tool is idempotent: it exits 0 immediately if Bob already owns it, and transfers the label from Alice back to Bob if fixture drift is detected.
 
 If S3 ever fails because `e2eowned.dot` was transferred back to Alice by mistake, re-run this step to restore Bob's ownership.
 
@@ -51,7 +55,9 @@ If S3 ever fails because `e2eowned.dot` was transferred back to Alice by mistake
 
 Paseo Next v2 uses a separate Asset Hub (`wss://paseo-asset-hub-next-rpc.polkadot.io`) and Bulletin chain (`wss://paseo-bulletin-next-rpc.polkadot.io`) with different contract addresses. The `map_account` extrinsic does not exist on this chain — account mapping is triggered automatically when an account submits its first on-chain transaction.
 
-> **Note on PoP grants:** The paseo-next-v2 `POP_RULES` contract (`0x2002C1c15b88632Ad01c7770f6EbE1Ca05c8472E`) is **not permissionless** — `setUserPopStatus` can only be called by the contract owner (`0x4a519c30da0ec16aa9a73c26ea6ca6f701cce099`). CI uses NoStatus-compatible labels instead of expecting `bulletin-deploy` to upgrade the signer.
+> **Note on PoP grants:** The paseo-next-v2 `POP_RULES` contract (`0x2002C1c15b88632Ad01c7770f6EbE1Ca05c8472E`) is **not permissionless** — `setUserPopStatus` can only be called by the contract owner (`0x4a519c30da0ec16aa9a73c26ea6ca6f701cce099`). `bulletin-deploy` itself cannot upgrade a signer; the chain team flips the Personhood precompile out of band. CI scenarios pick labels via `pickStableLabel`/`pickDirectLabel`/`pickIncLabel`/`pickRotLabel`, which auto-select between a PoP-Full base name (e.g. `e2epool.dot`) and a NoStatus fallback (e.g. `e2epoolns01.dot`) based on what `Personhood.personhoodStatus(<signer>)` returns at test start. The setup below covers both modes.
+
+> **⚠ Testnet wipes reset everything.** When paseo-next-v2 is reset (which happens periodically), Alice's Personhood precompile status drops to NoStatus *and* every `e2e*.dot` registration is gone. Re-run the relevant steps below after each wipe — there is no on-chain self-recovery. Issue #381 traces back to exactly this: Alice's status came back as Full but `e2epool.dot` was unregistered, so `setContenthash` reverted with `ERC721NonexistentToken`. As long as ownership stays in lockstep with Alice's PoP grade (Full ↔ PoP-Full labels registered; NoStatus ↔ NoStatus labels auto-register on first deploy), the nightly stays green.
 
 ### Prerequisites
 
@@ -68,13 +74,23 @@ This grants each pool account `TransactionStorage` quota on Bulletin Next. Alice
 
 ### 2. Verify Alice PoP status
 
-Alice does not need PoP Full for the current v2 CI labels. They are deliberately shaped as NoStatus labels, for example `e2epoolns01.dot` (base length >= 9 with exactly two trailing digits).
-
 ```bash
 node tools/check-pop-status.mjs --env paseo-next-v2
 ```
 
-Expected: Alice's H160 and whatever status the chain currently reports. `NoStatus (0)` is valid for the NoStatus E2E labels.
+What you see decides which labels need pre-registration:
+
+- **`NoStatus (0)`** → no extra work. The tests pick the NoStatus fallback labels (`e2epoolns01`, `e2edirect01`, `e2eincpool01`, `e2erotpool01`) which auto-register on first deploy because their shape (base length ≥ 9 with two trailing digits) bypasses the `Requires Full personhood verification` gate.
+- **`ProofOfPersonhoodFull (2)`** → the chain team has flipped Alice on the Personhood precompile. The tests will now pick the PoP-Full stable labels (`e2epool`, `e2edirect`, `e2einc`, `e2erot`), and those **must already be registered to Alice** before the matrix runs. Register them once:
+
+  ```bash
+  # Pre-built fixture is fine — it's the contenthash, not the content, that the tests overwrite.
+  for label in e2epool e2edirect e2einc e2erot; do
+    node bin/bulletin-deploy test/fixtures/e2e-spa "${label}.dot" --env paseo-next-v2 --js-merkle
+  done
+  ```
+
+  Skipping this leaves `setContenthash` reverting with `ERC721NonexistentToken` on whichever PoP-Full label the scenario picks (issue #381).
 
 ### 3. Fund Bob and trigger his account mapping
 
@@ -91,18 +107,27 @@ Expected output: Bob's SS58, his H160 (`0x41dccbd49b26c50d34355ed86ff0fa9e489d1e
 
 ### 4. Verify Bob PoP status
 
-Bob also does not need PoP Full for the current S3 fixture. The v2 owned-elsewhere test uses `e2eownedns02.dot`, which is a NoStatus-compatible label.
+Bob owns both `e2eownedns02.dot` (NoStatus, used by S3 when Alice is NoStatus) and `e2eowned.dot` (PoP-Full, used by S3 when the Personhood precompile has flipped Alice to Full). The NoStatus branch needs no admin help; the PoP-Full branch needed Bob to register it back when the chain team granted him Full status once. After that one-shot registration the label persists until expiry, so Bob can stay NoStatus going forward — ownership and PoP-grade are decoupled after registration.
 
 ### 5. Register `e2eownedns02.dot` directly as Bob
 
-Register the domain using the dedicated tool (dotns-cli does not support custom contract addresses):
+Register the domain using the dedicated tool:
 
 ```bash
-node tools/register-e2eownedns02-paseo-next-v2.mjs
+node tools/register-test-fixture-paseo-next-v2.mjs e2eownedns02
 ```
 
 Expected: `e2eownedns02.dot` is owned by Bob (`0x41dccbd49b26c50d34355ed86ff0fa9e489d1e01`).
-The `e2eownedns02.dot` helper is idempotent: it leaves Bob-owned state alone and transfers the label back to Bob if a failed S3 fixture run accidentally left it owned by Alice.
+The tool is idempotent: it leaves Bob-owned state alone and transfers the label back to Bob if a failed S3 fixture run accidentally left it owned by Alice.
+
+### 6. Ensure Bob owns `e2eowned.dot` on paseo-next-v2
+
+S3 picks `e2eowned.dot` when Alice is PoP-Full at test start. If the label is unregistered, Alice's deploy gets routed through the full register flow and her own H160 lands as owner — at which point every subsequent S3 run on the Full path "succeeds" cleanly (`exit 0`) instead of being rejected (`exit 78`), and the test fails. Bob must own this label.
+
+If Bob already owns it (`ownerOf` on `DOTNS_REGISTRAR` returns `0x41dccbd…`), skip. Otherwise:
+
+- **If nobody owns it yet:** registration needs Bob to hold Full PoP. Coordinate with the chain team to flip Bob's Personhood precompile to Full, then run `node tools/register-e2eowned-paseo-next-v2.mjs` (the script targets Bob via `//Bob`). After registration Bob can drop back to NoStatus.
+- **If Alice (or anyone other than Bob) is squatting:** the owner can call `transferFrom(<current>, Bob, tokenId)` on `DOTNS_REGISTRAR`. ERC721 transfer is unconditional on the recipient (no PoP check) and doesn't need Bob's signer. `tools/transfer-e2eowned-to-bob.mjs` does this for Alice → Bob in one shot (was added to recover from a botched PR-CI run on 2026-05-17, see issue #381 thread).
 
 ---
 
@@ -121,8 +146,9 @@ E2E=1 E2E_SIGNER=pool E2E_MERKLE=js E2E_SCENARIO=s1 \
 # Paseo Next v2
 E2E=1 E2E_SIGNER=pool E2E_MERKLE=js E2E_SCENARIO=s1 \
   BULLETIN_RPC=wss://paseo-bulletin-next-rpc.polkadot.io \
-  DOTNS_ENV=paseo-next-v2 \
+  BULLETIN_DEPLOY_ENV=paseo-next-v2 \
   npm run test:e2e
+# Previously named DOTNS_ENV; kept as deprecated alias for one release.
 ```
 
 Vary `E2E_SCENARIO` (`s1`, `s2`, `s3`), `E2E_SIGNER` (`pool`, `direct`), and `E2E_MERKLE` (`js`, `kubo`) to cover the full CI matrix.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "bulletin-deploy",
-  "version": "0.7.21",
+  "version": "0.7.22-rc.0",
   "private": false,
   "repository": {
     "type": "git",
@@ -30,11 +30,11 @@
     "assets"
   ],
   "scripts": {
-    "build": "tsup src/index.ts src/deploy.ts src/dotns.ts src/pool.ts src/telemetry.ts src/memory-report.ts src/merkle.ts src/gh-pages-mirror.ts src/version-check.ts src/bug-report.ts src/run-state.ts src/environments.ts src/errors.ts src/manifest.ts src/chunk-probe.ts src/manifest-embed.ts src/manifest-fetch.ts src/manifest-roundtrip.ts src/incremental-stats.ts src/chunker.ts src/mirror.ts --format esm --dts --clean --target node22",
+    "build": "tsup src/index.ts src/deploy.ts src/dotns.ts src/pool.ts src/telemetry.ts src/memory-report.ts src/merkle.ts src/gh-pages-mirror.ts src/version-check.ts src/bug-report.ts src/run-state.ts src/environments.ts src/errors.ts src/manifest.ts src/chunk-probe.ts src/manifest-embed.ts src/manifest-fetch.ts src/manifest-roundtrip.ts src/incremental-stats.ts src/chunker.ts src/mirror.ts src/personhood/encoding.ts src/personhood/hashing.ts src/personhood/constants.ts src/personhood/member-key.ts src/personhood/people-client.ts src/personhood/reprove.ts src/personhood/bind-personal-id.ts src/personhood/claim-pgas.ts src/personhood/bind-paid-alias.ts src/personhood/bootstrap.ts --format esm --dts --clean --target node22",
     "refresh-environments": "node scripts/refresh-environments.mjs",
     "check:watched-dependencies": "node tools/check-watched-dependencies.mjs",
     "prepare": "npm run build",
-    "test": "npm run build && node --test test/test.js test/cli-help.test.js test/helpers/e2e-helpers.test.js test/environments.test.js test/refresh-environments.test.js test/watched-dependencies.test.js",
+    "test": "npm run build && node --test test/test.js test/cli-help.test.js test/helpers/e2e-helpers.test.js test/environments.test.js test/refresh-environments.test.js test/watched-dependencies.test.js test/chunk-sharing-report.test.js",
     "test:e2e": "npm run build && node --test test/e2e.test.js",
     "test:e2e:smoke": "bash scripts/e2e-pass.sh smoke",
     "test:e2e:pr": "bash scripts/e2e-pass.sh pr",
@@ -56,6 +56,7 @@
     "ipfs-unixfs-importer": "^16.1.4",
     "multiformats": "^13.4.1",
     "polkadot-api": "^2.1.3",
+    "verifiablejs": "^1.2.0",
     "viem": "^2.30.5"
   },
   "devDependencies": {