bulletin-deploy 0.7.3 → 0.7.4

package/dist/chunk-YREZFNCC.js

@@ -0,0 +1,869 @@
+import {
+  captureWarning,
+  setDeployAttribute,
+  withSpan
+} from "./chunk-DHQ3JGF4.js";
+import {
+  isTestnetSpecName
+} from "./chunk-JHNW2EKY.js";
+
+// src/dotns.ts
+import { spawn } from "child_process";
+import { readFileSync } from "fs";
+import { dirname, join } from "path";
+import { createClient } from "polkadot-api";
+import { getPolkadotSigner } from "polkadot-api/signer";
+import { getWsProvider } from "polkadot-api/ws-provider";
+import { Keyring } from "@polkadot/keyring";
+import { cryptoWaitReady } from "@polkadot/util-crypto";
+import { Binary } from "polkadot-api";
+import {
+  encodeFunctionData,
+  decodeFunctionResult,
+  keccak256,
+  toBytes,
+  isAddress,
+  bytesToHex,
+  isHex,
+  toHex,
+  zeroAddress,
+  namehash,
+  concatHex
+} from "viem";
+import { CID } from "multiformats/cid";
+import { createRequire } from "module";
+var _require = createRequire(import.meta.url);
+var _dotnsCliPath;
+var _dotnsCliVersion;
+try {
+  _dotnsCliPath = _require.resolve("@parity/dotns-cli");
+  const pkgDir = dirname(dirname(_dotnsCliPath));
+  const pkg = JSON.parse(readFileSync(join(pkgDir, "package.json"), "utf-8"));
+  _dotnsCliVersion = pkg.version;
+} catch (err) {
+  _dotnsCliVersion = "unknown";
+  _dotnsCliPath = "dotns";
+  console.warn(`[bulletin-deploy] @parity/dotns-cli not found in node_modules \u2014 falling back to "dotns" in PATH. Install with: npm install @parity/dotns-cli. Underlying: ${err.message}`);
+}
+var RPC_ENDPOINTS = [
+  "wss://asset-hub-paseo.dotters.network",
+  "wss://sys.ibp.network/asset-hub-paseo",
+  "wss://pas-rpc.stakeworld.io/assethub"
+];
+var CONTRACTS = {
+  DOTNS_REGISTRAR: "0x329aAA5b6bEa94E750b2dacBa74Bf41291E6c2BD",
+  DOTNS_REGISTRAR_CONTROLLER: "0xd09e0F1c1E6CE8Cf40df929ef4FC778629573651",
+  DOTNS_REGISTRY: "0x4Da0d37aBe96C06ab19963F31ca2DC0412057a6f",
+  DOTNS_RESOLVER: "0x95645C7fD0fF38790647FE13F87Eb11c1DCc8514",
+  DOTNS_CONTENT_RESOLVER: "0x7756DF72CBc7f062e7403cD59e45fBc78bed1cD7",
+  DOTNS_REVERSE_RESOLVER: "0x95D57363B491CF743970c640fe419541386ac8BF",
+  STORE_FACTORY: "0x030296782F4d3046B080BcB017f01837561D9702",
+  POP_RULES: "0x4e8920B1E69d0cEA9b23CBFC87A17Ee6fE02d2d3"
+};
+var DECIMALS = 12n;
+var NATIVE_TO_ETH_RATIO = 1000000n;
+var CONNECTION_TIMEOUT_MS = 3e4;
+var OPERATION_TIMEOUT_MS = 3e5;
+var TX_TIMEOUT_MS = 9e4;
+var TX_CHAIN_TIME_BUDGET_MS = 18e4;
+var TX_WALL_CLOCK_CEILING_MS = 10 * 60 * 1e3;
+var WS_HEARTBEAT_TIMEOUT_MS = 3e5;
+var DOTNS_TX_MAX_ATTEMPTS = 3;
+function classifyTxRetryDecision(err) {
+  const msg = err instanceof Error ? err.message : String(err);
+  const lower = msg.toLowerCase();
+  if (/\bstale\b/.test(lower)) return "retry";
+  if (/"type"\s*:\s*"future"|\binvalid::future\b/.test(lower)) return "retry";
+  if (lower.includes("websocket") || lower.includes("connection") || lower.includes("socket closed") || lower.includes("disconnect")) return "retry";
+  if (lower.includes("timed out") || lower.includes("timeout")) return "retry";
+  return "abort";
+}
+var DEFAULT_MNEMONIC = "bottom drive obey lake curtain smoke basket hold race lonely fit walk";
+var _rpcIdCounter = 0;
+async function fetchNonceFromEndpoint(rpc, ss58Address) {
+  const WS = globalThis.WebSocket ?? (await import("./wrapper-IFSKR7DG.js")).default;
+  return new Promise((resolve, reject) => {
+    let done = false;
+    const settle = (fn, ...args) => {
+      if (done) return;
+      done = true;
+      clearTimeout(timer);
+      try {
+        ws.close();
+      } catch {
+      }
+      fn(...args);
+    };
+    const timer = setTimeout(() => settle(reject, new Error(`fetchNonce timed out after 8s for ${rpc}`)), 8e3);
+    const ws = new WS(rpc);
+    const id = ++_rpcIdCounter;
+    ws.onopen = () => ws.send(JSON.stringify({ jsonrpc: "2.0", id, method: "system_accountNextIndex", params: [ss58Address] }));
+    ws.onmessage = (e) => {
+      const d = typeof e.data === "string" ? e.data : e.data.toString();
+      const r = JSON.parse(d);
+      if (r.id === id) {
+        r.error ? settle(reject, new Error(r.error.message)) : settle(resolve, r.result);
+      }
+    };
+    ws.onerror = () => settle(reject, new Error(`WebSocket to ${rpc} failed`));
+    ws.onclose = () => settle(reject, new Error(`WebSocket to ${rpc} closed before response`));
+  });
+}
+async function fetchNonce(rpc, ss58Address) {
+  if (Array.isArray(rpc)) return Promise.any(rpc.map((ep) => fetchNonceFromEndpoint(ep, ss58Address)));
+  return fetchNonceFromEndpoint(rpc, ss58Address);
+}
+async function verifyNonceAdvanced(endpoints, ss58Address, originalNonce) {
+  const results = await Promise.allSettled(
+    endpoints.map((ep) => fetchNonceFromEndpoint(ep, ss58Address).then((n) => ({ n, ep })))
+  );
+  for (const r of results) {
+    if (r.status === "fulfilled" && r.value.n > originalNonce) {
+      return { advanced: true, witnessRpc: r.value.ep };
+    }
+  }
+  return { advanced: false };
+}
+var ProofOfPersonhoodStatus = {
+  NoStatus: 0,
+  ProofOfPersonhoodLite: 1,
+  ProofOfPersonhoodFull: 2,
+  Reserved: 3
+};
+var POP_RULES_ABI = [
+  { inputs: [{ name: "name", type: "string" }], name: "isBaseNameReserved", outputs: [{ name: "isReserved", type: "bool" }, { name: "reservationOwner", type: "address" }, { name: "expiryTimestamp", type: "uint64" }], stateMutability: "view", type: "function" }
+];
+var DOTNS_REGISTRY_ABI = [
+  { inputs: [{ name: "node", type: "bytes32" }], name: "owner", outputs: [{ name: "", type: "address" }], stateMutability: "view", type: "function" }
+];
+function convertToHexString(value) {
+  if (!value) return "0x";
+  if (typeof value?.asHex === "function") return value.asHex();
+  if (typeof value?.toHex === "function") return value.toHex();
+  if (typeof value === "string" && isHex(value)) return value;
+  if (value instanceof Uint8Array) return bytesToHex(value);
+  try {
+    return toHex(value);
+  } catch {
+    return "0x";
+  }
+}
+function convertToBigInt(value, fallback = 0n) {
+  try {
+    if (typeof value === "bigint") return value;
+    if (typeof value === "number") return BigInt(value);
+    if (typeof value === "string") return BigInt(value);
+    if (value && typeof value.toString === "function") return BigInt(value.toString());
+    return fallback;
+  } catch {
+    return fallback;
+  }
+}
+function normalizeWeight(weight) {
+  const referenceTime = weight?.ref_time ?? weight?.refTime ?? 0;
+  const proofSize = weight?.proof_size ?? weight?.proofSize ?? 0;
+  return { referenceTime: convertToBigInt(referenceTime, 0n), proofSize: convertToBigInt(proofSize, 0n) };
+}
+function extractStorageDepositCharge(rawStorageDeposit) {
+  if (!rawStorageDeposit) return 0n;
+  if (typeof rawStorageDeposit?.isCharge === "boolean") {
+    if (rawStorageDeposit.isCharge && rawStorageDeposit.asCharge != null) return convertToBigInt(rawStorageDeposit.asCharge, 0n);
+    return 0n;
+  }
+  if (rawStorageDeposit.charge != null) return convertToBigInt(rawStorageDeposit.charge, 0n);
+  if (rawStorageDeposit.Charge != null) return convertToBigInt(rawStorageDeposit.Charge, 0n);
+  if (rawStorageDeposit.value != null) return convertToBigInt(rawStorageDeposit.value, 0n);
+  return 0n;
+}
+function unwrapExecutionResult(rawResult) {
+  if (!rawResult) return { ok: null, err: null, successFlag: null };
+  if (typeof rawResult.success === "boolean") {
+    return rawResult.success ? { ok: rawResult.value ?? null, err: null, successFlag: true } : { ok: null, err: rawResult.error ?? rawResult.value ?? null, successFlag: false };
+  }
+  if (typeof rawResult.isOk === "boolean") {
+    return rawResult.isOk ? { ok: rawResult.value ?? null, err: null, successFlag: true } : { ok: null, err: rawResult.value ?? null, successFlag: false };
+  }
+  if (rawResult.ok != null) return { ok: rawResult.ok, err: null, successFlag: true };
+  if (rawResult.err != null) return { ok: null, err: rawResult.err, successFlag: false };
+  return { ok: null, err: rawResult, successFlag: null };
+}
+function withTimeout(promise, timeoutMs, operationName) {
+  let timer;
+  const timeoutPromise = new Promise((_, reject) => {
+    timer = setTimeout(() => reject(new Error(`${operationName} timed out after ${timeoutMs}ms`)), timeoutMs);
+  });
+  return Promise.race([promise, timeoutPromise]).finally(() => clearTimeout(timer));
+}
+var DOT_NODE = "0x3fce7d1364a893e213bc4212792b517ffc88f5b13b86c8ef9c8d390c3a1370ce";
+function convertWeiToNative(weiValue) {
+  return weiValue / NATIVE_TO_ETH_RATIO;
+}
+function computeDomainTokenId(label) {
+  const labelhash = keccak256(toBytes(label));
+  const node = keccak256(concatHex([DOT_NODE, labelhash]));
+  return BigInt(node);
+}
+function countTrailingDigits(label) {
+  let count = 0;
+  for (let i = label.length - 1; i >= 0; i--) {
+    const code = label.charCodeAt(i);
+    if (code >= 48 && code <= 57) count++;
+    else break;
+  }
+  return count;
+}
+function stripTrailingDigits(label) {
+  return label.replace(/\d+$/, "").replace(/-$/, "");
+}
+function sanitizeDomainLabel(label) {
+  const trailingDigitCount = countTrailingDigits(label);
+  if (trailingDigitCount > 2) {
+    const sanitized = stripTrailingDigits(label) + label.slice(-2);
+    console.log(`   Domain label sanitized: "${label}" \u2192 "${sanitized}" (stripped excess trailing digits)`);
+    return sanitized;
+  }
+  return label;
+}
+function validateDomainLabel(label) {
+  if (!/^[a-z0-9-]{3,}$/.test(label)) throw new Error("Invalid domain label: must contain only lowercase letters, digits, and hyphens, min 3 chars");
+  if (label.startsWith("-") || label.endsWith("-")) throw new Error("Invalid domain label: cannot start or end with hyphen");
+  return sanitizeDomainLabel(label);
+}
+function isCommitmentMature(chainNowSeconds, commitTimestampSeconds, minimumAgeSeconds) {
+  return chainNowSeconds > commitTimestampSeconds + minimumAgeSeconds;
+}
+function classifyDotnsLabel(label) {
+  const totalLength = label.length;
+  const trailingDigits = countTrailingDigits(label);
+  if (trailingDigits > 2) {
+    return {
+      status: ProofOfPersonhoodStatus.Reserved,
+      message: `Name has ${trailingDigits} trailing digits; DotNS allows at most 2 trailing digits. Use a base name with 0-2 trailing digits.`
+    };
+  }
+  const baselength = totalLength - trailingDigits;
+  if (baselength <= 5) {
+    return {
+      status: ProofOfPersonhoodStatus.Reserved,
+      message: `Base name is ${baselength} char${baselength === 1 ? "" : "s"}; DotNS reserves base names of 5 chars or fewer for governance (PopRules). Use a base name of 6+ chars \u2014 role prefixes like 'rc<N>pool' / 'rc<N>dir' / 'nightly-<role>' work well.`
+    };
+  }
+  if (baselength >= 6 && baselength <= 8) {
+    if (trailingDigits === 2) return { status: ProofOfPersonhoodStatus.ProofOfPersonhoodLite, message: "Requires Light personhood verification" };
+    return { status: ProofOfPersonhoodStatus.ProofOfPersonhoodFull, message: "Requires Full personhood verification" };
+  }
+  if (trailingDigits === 2) return { status: ProofOfPersonhoodStatus.NoStatus, message: "Available to all" };
+  return { status: ProofOfPersonhoodStatus.ProofOfPersonhoodFull, message: "Requires Full personhood verification" };
+}
+function canRegister(requiredStatus, userStatus, trailingDigits) {
+  if (requiredStatus === ProofOfPersonhoodStatus.Reserved) return false;
+  if (requiredStatus === ProofOfPersonhoodStatus.ProofOfPersonhoodFull) {
+    return userStatus === ProofOfPersonhoodStatus.ProofOfPersonhoodFull;
+  }
+  if (requiredStatus === ProofOfPersonhoodStatus.ProofOfPersonhoodLite) {
+    return userStatus === ProofOfPersonhoodStatus.ProofOfPersonhoodLite || userStatus === ProofOfPersonhoodStatus.ProofOfPersonhoodFull;
+  }
+  return trailingDigits !== 0 && userStatus !== ProofOfPersonhoodStatus.ProofOfPersonhoodLite;
+}
+function simulateUserStatus(currentStatus, requiredStatus, options) {
+  const max = (a, b) => a > b ? a : b;
+  if (options.explicitStatus !== void 0) {
+    return max(currentStatus, options.explicitStatus);
+  }
+  if (requiredStatus === ProofOfPersonhoodStatus.NoStatus && currentStatus === ProofOfPersonhoodStatus.ProofOfPersonhoodLite && options.isTestnet) {
+    return ProofOfPersonhoodStatus.ProofOfPersonhoodFull;
+  }
+  if (requiredStatus !== ProofOfPersonhoodStatus.NoStatus) {
+    return max(currentStatus, requiredStatus);
+  }
+  return currentStatus;
+}
+function parseDomainName(input) {
+  const name = input.replace(/\.dot$/, "");
+  const parts = name.split(".");
+  if (parts.length === 1) {
+    validateDomainLabel(parts[0]);
+    return { isSubdomain: false, label: parts[0], sublabel: null, parentLabel: null, fullName: `${parts[0]}.dot` };
+  }
+  if (parts.length === 2) {
+    validateDomainLabel(parts[0]);
+    validateDomainLabel(parts[1]);
+    return { isSubdomain: true, label: name, sublabel: parts[0], parentLabel: parts[1], fullName: `${name}.dot` };
+  }
+  throw new Error(`Invalid domain: only one level of subdomains supported (got ${parts.length} labels)`);
+}
+function parseProofOfPersonhoodStatus(status) {
+  const s = (status ?? "none").toLowerCase();
+  if (s === "none" || s === "nostatus") return ProofOfPersonhoodStatus.NoStatus;
+  if (s === "lite" || s === "poplite") return ProofOfPersonhoodStatus.ProofOfPersonhoodLite;
+  if (s === "full" || s === "popfull") return ProofOfPersonhoodStatus.ProofOfPersonhoodFull;
+  throw new Error("Invalid status. Use none, lite, or full");
+}
+function popStatusName(status) {
+  return Object.keys(ProofOfPersonhoodStatus).find((k) => ProofOfPersonhoodStatus[k] === status) ?? String(status);
+}
+var ReviveClientWrapper = class _ReviveClientWrapper {
+  static DRY_RUN_STORAGE_LIMIT = 18446744073709551615n;
+  static DRY_RUN_WEIGHT_LIMIT = { ref_time: 18446744073709551615n, proof_size: 18446744073709551615n };
+  client;
+  mappedAccounts;
+  constructor(client) {
+    this.client = client;
+    this.mappedAccounts = /* @__PURE__ */ new Set();
+  }
+  async getEvmAddress(substrateAddress) {
+    if (isAddress(substrateAddress)) return substrateAddress;
+    const address = await this.client.apis.ReviveApi.address(substrateAddress);
+    return address.asHex();
+  }
+  async performDryRunCall(originSubstrateAddress, contractAddress, value, encodedData) {
+    if (isAddress(originSubstrateAddress)) throw new Error("performDryRunCall requires SS58 Substrate address, not EVM H160 address");
+    const executionResults = await this.client.apis.ReviveApi.call(originSubstrateAddress, Binary.fromHex(contractAddress), value, _ReviveClientWrapper.DRY_RUN_WEIGHT_LIMIT, _ReviveClientWrapper.DRY_RUN_STORAGE_LIMIT, Binary.fromHex(encodedData));
+    const { ok, err, successFlag } = unwrapExecutionResult(executionResults.result);
+    const flags = ok?.flags ? convertToBigInt(ok.flags, 0n) : 0n;
+    const returnData = convertToHexString(ok?.data);
+    const didRevert = ok ? (flags & 1n) === 1n : true;
+    const gasConsumed = normalizeWeight(executionResults.weight_consumed);
+    const gasRequired = normalizeWeight(executionResults.weight_required ?? executionResults.weight_consumed);
+    const storageDepositValue = extractStorageDepositCharge(executionResults.storage_deposit);
+    const isOk = !!ok && !didRevert;
+    const isErr = !ok || didRevert || !!err || (typeof successFlag === "boolean" ? !successFlag : false);
+    return { gasConsumed, gasRequired, storageDeposit: { value: storageDepositValue }, result: { isOk, isErr, value: { data: ok ? returnData : "0x", flags: ok ? flags : 1n } } };
+  }
+  async checkIfAccountMapped(substrateAddress) {
+    try {
+      const evmAddress = await this.getEvmAddress(substrateAddress);
+      const key = Binary.fromHex(evmAddress);
+      const mappedAccount = await this.client.query.Revive.OriginalAccount.getValue(key);
+      return mappedAccount !== null && mappedAccount !== void 0;
+    } catch {
+      return false;
+    }
+  }
+};
+async function runDotnsCli(argv, env) {
+  return new Promise((resolve, reject) => {
+    const proc = spawn(process.execPath, [_dotnsCliPath, ...argv], {
+      stdio: ["ignore", "pipe", "pipe"],
+      env: { ...process.env, ...env }
+    });
+    let stdout = "";
+    let stderr = "";
+    proc.stdout.on("data", (chunk) => {
+      stdout += chunk.toString();
+    });
+    proc.stderr.on("data", (chunk) => {
+      stderr += chunk.toString();
+    });
+    proc.on("close", (code) => {
+      const out = stdout.trim();
+      const err = stderr.trim();
+      if (code === 0) {
+        if (!out) {
+          resolve({});
+          return;
+        }
+        try {
+          resolve(JSON.parse(out));
+        } catch {
+          resolve({ raw: out });
+        }
+        return;
+      }
+      let errorMsg = `dotns ${argv[0] ?? ""} failed (exit ${code})`;
+      if (err) {
+        try {
+          const parsed = JSON.parse(err);
+          if (parsed?.error) errorMsg = parsed.error;
+        } catch {
+          errorMsg = err.slice(0, 500) || errorMsg;
+        }
+      } else if (out) {
+        errorMsg = out.slice(0, 500);
+      }
+      reject(new Error(errorMsg));
+    });
+    proc.on("error", (err) => reject(new Error(`Failed to spawn dotns CLI: ${err.message}`)));
+  });
+}
+function buildAuthEnv(opts) {
+  const env = {};
+  if (opts.keyUri) {
+    env.DOTNS_KEY_URI = opts.keyUri;
+  } else if (opts.mnemonic) {
+    env.DOTNS_MNEMONIC = opts.mnemonic;
+  }
+  return env;
+}
+function rpcFlag(rpc) {
+  return rpc ? ["--rpc", rpc] : [];
+}
+var DotNS = class {
+  client;
+  clientWrapper;
+  rpc;
+  substrateAddress;
+  evmAddress;
+  signer;
+  connected;
+  // Stored credentials for CLI subprocess calls. Never logged or exposed.
+  _mnemonic = null;
+  _keyUri = null;
+  constructor() {
+    this.client = null;
+    this.clientWrapper = null;
+    this.rpc = null;
+    this.substrateAddress = null;
+    this.evmAddress = null;
+    this.signer = null;
+    this.connected = false;
+  }
+  async connect(options = {}) {
+    if (options.signer || options.signerAddress) {
+      throw new Error("External signer mode is not supported with dotns-cli subprocess \u2014 tracked as a follow-up (#158 regression notice)");
+    }
+    const rpc = options.rpc || process.env.DOTNS_RPC || RPC_ENDPOINTS[0];
+    this.rpc = rpc;
+    const mnemonicArg = options.mnemonic || process.env.DOTNS_MNEMONIC || process.env.MNEMONIC;
+    const keyUriArg = options.keyUri || process.env.DOTNS_KEY_URI;
+    const source = keyUriArg || mnemonicArg || DEFAULT_MNEMONIC;
+    const isKeyUri = Boolean(keyUriArg);
+    this._keyUri = isKeyUri ? source : null;
+    this._mnemonic = isKeyUri ? null : source;
+    if (options.derivationPath && !isKeyUri && this._mnemonic) {
+      this._keyUri = `${this._mnemonic}${options.derivationPath}`;
+      this._mnemonic = null;
+    }
+    const authEnv = buildAuthEnv({ mnemonic: this._mnemonic ?? void 0, keyUri: this._keyUri ?? void 0 });
+    const popInfo = await withTimeout(
+      runDotnsCli(["pop", "info", "--json", ...rpcFlag(rpc)], authEnv),
+      CONNECTION_TIMEOUT_MS,
+      "pop info (connect)"
+    );
+    this.substrateAddress = popInfo.substrate;
+    this.evmAddress = popInfo.evm;
+    console.log(`   SS58 Address: ${this.substrateAddress}`);
+    console.log(`   H160 Address: ${this.evmAddress}`);
+    try {
+      await cryptoWaitReady();
+      const keyring = new Keyring({ type: "sr25519" });
+      const account = isKeyUri || this._keyUri ? keyring.addFromUri(this._keyUri ?? source) : keyring.addFromMnemonic(source);
+      this.signer = getPolkadotSigner(account.publicKey, "Sr25519", async (input) => account.sign(input));
+      this.client = createClient(getWsProvider(rpc, { heartbeatTimeout: WS_HEARTBEAT_TIMEOUT_MS }));
+      const unsafeApi = this.client.getUnsafeApi();
+      this.clientWrapper = new ReviveClientWrapper(unsafeApi);
+    } catch (e) {
+      captureWarning("DotNS polkadot-api client setup failed (contractCall / checkIfAccountMapped unavailable)", { error: e.message?.slice(0, 200) });
+    }
+    try {
+      await runDotnsCli(["account", "map", ...rpcFlag(rpc)], authEnv);
+    } catch (e) {
+      const msg = e.message?.toLowerCase() ?? "";
+      if (!msg.includes("already") && !msg.includes("mapped")) {
+        captureWarning("account map failed during connect", { error: e.message?.slice(0, 200) });
+      }
+    }
+    try {
+      setDeployAttribute("deploy.dotns_cli.version", _dotnsCliVersion);
+    } catch {
+    }
+    this.connected = true;
+    return this;
+  }
+  ensureConnected() {
+    if (!this.connected) throw new Error("Not connected. Call connect() first.");
+  }
+  // Returns true when the DotNS chain (Asset Hub) reports a testnet spec_name.
+  // Used to gate test-only behaviors like self-granting Full PoP on a Lite
+  // signer for a NoStatus label.
+  _testnetCache = null;
+  async isTestnet() {
+    if (this._testnetCache !== null) return this._testnetCache;
+    this.ensureConnected();
+    if (this.clientWrapper) {
+      try {
+        const version = await this.clientWrapper.client.constants.System.Version();
+        const raw = version?.spec_name ?? version?.specName;
+        const specName = typeof raw === "string" ? raw : raw?.asText?.() ?? String(raw ?? "");
+        this._testnetCache = isTestnetSpecName(specName);
+        return this._testnetCache;
+      } catch {
+      }
+    }
+    const rpc = this.rpc ?? "";
+    this._testnetCache = isTestnetSpecName(rpc) || rpc.includes("paseo") || rpc.includes("westend") || rpc.includes("rococo");
+    return this._testnetCache;
+  }
+  async contractCall(contractAddress, contractAbi, functionName, args = []) {
+    this.ensureConnected();
+    if (!this.clientWrapper) throw new Error("contractCall: polkadot-api client not available");
+    const encodedCallData = encodeFunctionData({ abi: contractAbi, functionName, args });
+    const callResult = await this.clientWrapper.performDryRunCall(this.substrateAddress, contractAddress, 0n, encodedCallData);
+    if (!callResult.result.isOk) {
+      const errorData = callResult.result.value;
+      const flags = errorData?.flags ?? 0n;
+      const revertData = errorData?.data ?? "0x";
+      const isRevert = (flags & 1n) === 1n;
+      if (isRevert) throw new Error(`Contract reverted (flags=${flags}) with data: ${revertData}`);
+      throw new Error(`Contract call failed (flags=${flags}) with data: ${revertData}`);
+    }
+    return decodeFunctionResult({ abi: contractAbi, functionName, data: callResult.result.value.data });
+  }
+  async checkOwnership(label, ownerAddress = null) {
+    this.ensureConnected();
+    const checkAddress = (ownerAddress || this.evmAddress).toLowerCase();
+    try {
+      const result = await runDotnsCli(
+        ["lookup", "owner-of", label, "--json", ...rpcFlag(this.rpc)]
+      );
+      if (!result.registered) return { owned: false, owner: null };
+      const owner = result.ownerEvm;
+      const owned = owner.toLowerCase() === checkAddress;
+      return { owned, owner };
+    } catch {
+      return { owned: false, owner: null };
+    }
+  }
+  async getUserPopStatus(ownerAddress = null) {
+    this.ensureConnected();
+    if (ownerAddress && ownerAddress.toLowerCase() !== (this.evmAddress ?? "").toLowerCase()) {
+      if (!this.clientWrapper) return 0;
+      return 0;
+    }
+    const authEnv = buildAuthEnv({ mnemonic: this._mnemonic ?? void 0, keyUri: this._keyUri ?? void 0 });
+    const info = await runDotnsCli(
+      ["pop", "info", "--json", ...rpcFlag(this.rpc)],
+      authEnv
+    );
+    return info.statusCode ?? 0;
+  }
+  async setUserPopStatus(status) {
+    this.ensureConnected();
+    console.log(`
+   Checking current PoP status...`);
+    const currentStatus = await this.getUserPopStatus();
+    const currentStatusName = popStatusName(currentStatus);
+    const desiredStatusName = popStatusName(status);
+    console.log(`   Current: ${currentStatusName}`);
+    console.log(`   Desired: ${desiredStatusName}`);
+    if (currentStatus === status) {
+      console.log(`   Status already set, skipping update`);
+      return;
+    }
+    if (currentStatus > status) {
+      console.log(`   Current status already satisfies desired, skipping downgrade`);
+      return;
+    }
+    console.log(`   Setting PoP status to ${desiredStatusName}...`);
+    const statusStr = desiredStatusName.replace("ProofOfPersonhood", "").toLowerCase() || "none";
+    const authEnv = buildAuthEnv({ mnemonic: this._mnemonic ?? void 0, keyUri: this._keyUri ?? void 0 });
+    const result = await runDotnsCli(
+      ["pop", "set", statusStr, "--json", ...rpcFlag(this.rpc)],
+      authEnv
+    );
+    console.log(`   PoP status set: ${result.statusCode}`);
+  }
+  async checkSubdomainOwnership(sublabel, parentLabel) {
+    this.ensureConnected();
+    if (!this.clientWrapper) return { owned: false, owner: null };
+    const node = namehash(`${sublabel}.${parentLabel}.dot`);
+    try {
+      const owner = await withTimeout(this.contractCall(CONTRACTS.DOTNS_REGISTRY, DOTNS_REGISTRY_ABI, "owner", [node]), 3e4, "owner");
+      if (!owner || owner === zeroAddress) return { owned: false, owner: null };
+      const owned = owner.toLowerCase() === this.evmAddress.toLowerCase();
+      return { owned, owner };
+    } catch {
+      return { owned: false, owner: null };
+    }
+  }
+  async registerSubdomain(sublabel, parentLabel) {
+    return withSpan("deploy.dotns.register-subdomain", `2a. register ${sublabel}.${parentLabel}.dot`, {}, async () => {
+      this.ensureConnected();
+      console.log(`
+   Registering subdomain ${sublabel}.${parentLabel}.dot...`);
+      const authEnv = buildAuthEnv({ mnemonic: this._mnemonic ?? void 0, keyUri: this._keyUri ?? void 0 });
+      const result = await runDotnsCli(
+        ["register", "subname", "-n", sublabel, "-p", parentLabel, "--json", ...rpcFlag(this.rpc)],
+        authEnv
+      );
+      console.log(`   Subdomain registered: ${result.domain}`);
+      return { sublabel, parentLabel, owner: result.owner ?? this.evmAddress };
+    });
+  }
+  async setContenthash(domainName, contenthashHex) {
+    return withSpan("deploy.dotns.set-contenthash", "2b. set-contenthash", {}, async () => {
+      this.ensureConnected();
+      const node = namehash(`${domainName}.dot`);
+      let ipfsCid = null;
+      if (contenthashHex && contenthashHex !== "0x") {
+        const bytes = Buffer.from(contenthashHex.slice(2), "hex");
+        if (bytes[0] === 227 && bytes.length >= 4) {
+          const cidBytes = bytes.slice(2);
+          ipfsCid = CID.decode(cidBytes).toString();
+        }
+      }
+      if (!ipfsCid) throw new Error(`setContenthash: cannot decode contenthash ${contenthashHex} to an IPFS CID`);
+      console.log(`   Setting contenthash: ${ipfsCid}`);
+      const authEnv = buildAuthEnv({ mnemonic: this._mnemonic ?? void 0, keyUri: this._keyUri ?? void 0 });
+      const setResult = await runDotnsCli(
+        ["content", "set", domainName, ipfsCid, "--json", ...rpcFlag(this.rpc)],
+        authEnv
+      );
+      console.log(`   Tx: ${setResult.txHash}`);
+      const viewResult = await runDotnsCli(
+        ["content", "view", domainName, "--json", ...rpcFlag(this.rpc)]
+      );
+      const onChainCid = viewResult.cid;
+      if (!onChainCid || onChainCid !== ipfsCid) {
+        throw new Error(
+          `Post-deploy verification failed for ${domainName}.dot: on-chain CID is ${onChainCid ?? "null"}, not the ${ipfsCid} we just wrote. The setContenthash tx may have silently failed, or another party overwrote the domain. Re-run the deploy to retry.`
+        );
+      }
+      console.log(`   Verified on-chain: ${ipfsCid}
+`);
+      return { node };
+    });
+  }
+  async getContenthash(domainName) {
+    this.ensureConnected();
+    const result = await runDotnsCli(
+      ["content", "view", domainName, "--json", ...rpcFlag(this.rpc)]
+    );
+    return result.contenthash ?? "0x";
+  }
+  // View-only readiness check. Runs every chain read needed to predict whether
+  // `register(label)` will succeed, so the caller can fail-fast BEFORE the
+  // Bulletin chunk upload. Never writes to chain. See issue #100.
+  async preflight(label, explicitStatusOverride) {
+    return withSpan("deploy.dotns.preflight", `preflight ${label}.dot`, {}, async () => {
+      this.ensureConnected();
+      const validated = validateDomainLabel(label);
+      const trailingDigits = countTrailingDigits(validated);
+      const baselength = validated.length - trailingDigits;
+      const classification = classifyDotnsLabel(validated);
+      if (classification.status === ProofOfPersonhoodStatus.Reserved) {
+        const sanitizeTrail = label !== validated ? `Input "${label}" was sanitized to "${validated}" (excess trailing digits trimmed). ` : "";
+        return {
+          label: validated,
+          classification,
+          userStatus: 0,
+          trailingDigits,
+          baselength,
+          isAvailable: false,
+          existingOwner: null,
+          isBaseNameReserved: false,
+          reservationOwner: null,
+          isTestnet: false,
+          canProceed: false,
+          reason: `${sanitizeTrail}${classification.message}`,
+          plannedAction: "abort",
+          needsPopUpgrade: false
+        };
+      }
+      const baseName = stripTrailingDigits(validated);
+      const [userStatus, baseReservation, ownership, isTestnet] = await Promise.all([
+        this.getUserPopStatus(),
+        withTimeout(this.contractCall(CONTRACTS.POP_RULES, POP_RULES_ABI, "isBaseNameReserved", [baseName]), 3e4, "isBaseNameReserved"),
+        this.checkOwnership(validated),
+        this.isTestnet()
+      ]);
+      const [isReserved, reservationOwnerRaw] = baseReservation;
+      const reservationOwner = isReserved ? reservationOwnerRaw.toLowerCase() : null;
+      const ownerRaw = ownership.owner?.toLowerCase() ?? null;
+      const existingOwner = ownerRaw && ownerRaw !== zeroAddress ? ownerRaw : null;
+      const selfAddress = this.evmAddress.toLowerCase();
+      if (existingOwner !== null && existingOwner !== selfAddress) {
+        return {
+          label: validated,
+          classification,
+          userStatus,
+          trailingDigits,
+          baselength,
+          isAvailable: false,
+          existingOwner,
+          isBaseNameReserved: isReserved,
+          reservationOwner,
+          isTestnet,
+          canProceed: false,
+          reason: `Domain ${validated}.dot is already owned by ${existingOwner}.`,
+          plannedAction: "abort",
+          needsPopUpgrade: false
+        };
+      }
+      if (existingOwner !== null && existingOwner === selfAddress) {
+        return {
+          label: validated,
+          classification,
+          userStatus,
+          trailingDigits,
+          baselength,
+          isAvailable: true,
+          existingOwner,
+          isBaseNameReserved: isReserved,
+          reservationOwner,
+          isTestnet,
+          canProceed: true,
+          plannedAction: "already-owned-by-us",
+          needsPopUpgrade: false
+        };
+      }
+      if (isReserved && reservationOwner !== selfAddress) {
+        return {
+          label: validated,
+          classification,
+          userStatus,
+          trailingDigits,
+          baselength,
+          isAvailable: true,
+          existingOwner: null,
+          isBaseNameReserved: true,
+          reservationOwner,
+          isTestnet,
+          canProceed: false,
+          reason: `Base name ${baseName} is reserved for ${reservationOwner}.`,
+          plannedAction: "abort",
+          needsPopUpgrade: false
+        };
+      }
+      const explicitStatus = explicitStatusOverride ?? process.env.DOTNS_STATUS;
+      const explicitStatusNum = explicitStatus ? parseProofOfPersonhoodStatus(explicitStatus) : void 0;
+      const targetPopStatus = simulateUserStatus(userStatus, classification.status, { explicitStatus: explicitStatusNum, isTestnet });
+      if (!canRegister(classification.status, targetPopStatus, trailingDigits)) {
+        const className = popStatusName(classification.status);
+        return {
+          label: validated,
+          classification,
+          userStatus,
+          trailingDigits,
+          baselength,
+          isAvailable: true,
+          existingOwner: null,
+          isBaseNameReserved: isReserved,
+          reservationOwner,
+          isTestnet,
+          canProceed: false,
+          reason: `${validated}.dot classifies as ${className}; this signer cannot register it (PopRules.priceWithCheck gate). Remediations: use a signer with Full PoP, or pick a base name of 6-8 chars + trailing 00 (which classifies as PopLite).`,
+          plannedAction: "abort",
+          needsPopUpgrade: false,
+          targetPopStatus
+        };
+      }
+      return {
+        label: validated,
+        classification,
+        userStatus,
+        trailingDigits,
+        baselength,
+        isAvailable: true,
+        existingOwner: null,
+        isBaseNameReserved: isReserved,
+        reservationOwner,
+        isTestnet,
+        canProceed: true,
+        plannedAction: "register",
+        needsPopUpgrade: targetPopStatus !== userStatus,
+        targetPopStatus
+      };
+    });
+  }
+  async register(label, options = {}) {
+    return withSpan("deploy.dotns.register", `2a. register ${label}.dot`, {}, async () => {
+      if (!this.connected) await this.connect(options);
+      label = validateDomainLabel(label);
+      const trailingDigitCount = countTrailingDigits(label);
+      const preClassification = classifyDotnsLabel(label);
+      if (preClassification.status === ProofOfPersonhoodStatus.NoStatus) {
+        const userStatus = await this.getUserPopStatus();
+        if (trailingDigitCount === 0 || userStatus === ProofOfPersonhoodStatus.ProofOfPersonhoodLite) {
+          throw new Error("Personhood Lite cannot register base names \u2014 this name class requires a Full or NoStatus signer");
+        }
+      }
+      const explicitStatus = options.status || process.env.DOTNS_STATUS;
+      const reverse = options.reverse ?? (process.env.DOTNS_REVERSE ?? "false").toLowerCase() === "true";
+      const statusArgs = explicitStatus ? ["-s", explicitStatus] : [];
+      const reverseArgs = reverse ? ["-r"] : [];
+      console.log(`
+   Registering ${label}.dot via dotns CLI...`);
+      const authEnv = buildAuthEnv({ mnemonic: this._mnemonic ?? void 0, keyUri: this._keyUri ?? void 0 });
+      const userSetBuffer = !!process.env.DOTNS_COMMITMENT_BUFFER;
+      if (!userSetBuffer) {
+        authEnv.DOTNS_COMMITMENT_BUFFER = "30";
+      }
+      const runRegister = async (bufferSeconds) => {
+        const env = bufferSeconds ? { ...authEnv, DOTNS_COMMITMENT_BUFFER: bufferSeconds } : authEnv;
+        return await runDotnsCli(
+          ["register", "domain", "-n", label, "--json", ...statusArgs, ...reverseArgs, ...rpcFlag(this.rpc)],
+          env
+        );
+      };
+      let result;
+      try {
+        result = await runRegister();
+      } catch (err) {
+        const msg = err.message;
+        if (!/CommitmentTooNew/i.test(msg)) throw err;
+        const retryBuffer = userSetBuffer ? void 0 : "60";
+        console.log(`   CommitmentTooNew on first attempt \u2014 retrying register once${retryBuffer ? ` with DOTNS_COMMITMENT_BUFFER=${retryBuffer}s` : ""} (block-time lag typically resolves within a block or two).`);
+        try {
+          result = await runRegister(retryBuffer);
+        } catch (retryErr) {
+          const retryMsg = retryErr.message;
+          if (!/CommitmentTooNew/i.test(retryMsg)) throw retryErr;
+          throw new Error(
+            `DotNS commit-reveal race: the chain's block timestamps are lagging wall-clock by more than 30s across two register attempts. This is usually a transient block-production slowdown. Retry in a minute, or set DOTNS_COMMITMENT_BUFFER=60 (or higher) to absorb longer drift. Upstream fix tracked at paritytech/dotns-sdk#105. Underlying: ${retryMsg}`
+          );
+        }
+      }
+      console.log(`
+   Registration complete! Owner: ${result.owner}`);
+      return { label, owner: result.owner };
+    });
+  }
+  disconnect() {
+    if (this.client) {
+      this.client.destroy();
+      this.client = null;
+      this.clientWrapper = null;
+      this.connected = false;
+    }
+    this._mnemonic = null;
+    this._keyUri = null;
+  }
+};
+var dotns = new DotNS();
+
+export {
+  RPC_ENDPOINTS,
+  CONTRACTS,
+  DECIMALS,
+  NATIVE_TO_ETH_RATIO,
+  CONNECTION_TIMEOUT_MS,
+  OPERATION_TIMEOUT_MS,
+  TX_TIMEOUT_MS,
+  TX_CHAIN_TIME_BUDGET_MS,
+  TX_WALL_CLOCK_CEILING_MS,
+  WS_HEARTBEAT_TIMEOUT_MS,
+  DOTNS_TX_MAX_ATTEMPTS,
+  classifyTxRetryDecision,
+  DEFAULT_MNEMONIC,
+  fetchNonce,
+  verifyNonceAdvanced,
+  ProofOfPersonhoodStatus,
+  DOT_NODE,
+  convertWeiToNative,
+  computeDomainTokenId,
+  countTrailingDigits,
+  stripTrailingDigits,
+  sanitizeDomainLabel,
+  validateDomainLabel,
+  isCommitmentMature,
+  classifyDotnsLabel,
+  canRegister,
+  simulateUserStatus,
+  parseDomainName,
+  parseProofOfPersonhoodStatus,
+  popStatusName,
+  runDotnsCli,
+  DotNS,
+  dotns
+};