- 371889d: Refine the post-install prompt: the "next step" box now surfaces a single canonical command (
playground init) and notes thepgalias once on a dimmed tip line, instead of presentingplayground initandpg initas co-equal commands with a "both work the same" line.
- b9929d8: Rename the CLI command from
dottoplayground, withpgas a short alias. Bothplaygroundandpginvoke the same binary, soplayground initandpg init(and every other subcommand) are interchangeable. The curl installer now symlinks both names onto your PATH and prints a yellow "next step" box showing that either command works. Release artifacts are still published asdot-<os>-<arch>; only the installed command names changed. The olddotcommand is no longer installed.
- 372a332: Bump
bulletin-deployfrom0.7.24to0.7.29. The API surface the CLI consumes (deploy(),DeployContent/DeployOptions/DeployResult,DEFAULT_MNEMONIC, and theDotNSmethodsconnect/checkOwnership/getUserPopStatus/isTestnet/disconnect) is unchanged across the bump; all upstream changes are additive (new manifest-publish exports, new optional fields). No CLI code changes were required.
- 0d13595: Point
dot deploy --playgroundanddot modat the current CDM meta-registry. The playground-app and playground-constellation migrated to a freshly deployed meta-registry (0xf62c…) where the playground-registry contract was redeployed with additive lineage methods (getLineage/getLineageCount). The CLI was still resolving live contract addresses from the old meta-registry (0xa7ae…), so it published to a stale registry the app no longer reads from. The bundledcdm.jsonnow targets the new meta-registry and the latest@w3s/playground-registryABI, and@dotdm/envis bumped to2.0.2sodot contractdefaults match. Thepublish()signature is unchanged, so mod lineage continues to flow through themodded_fromargument. - 6d2d6dd: Fix
dot deploy --playgroundnot recording mod lineage on-chain. Themodded_fromargument to the registrypublish()call was read from a never-set option instead of themoddedFromvaluedot modcaptures indot.json, so the contract always received""and never awarded the source owner the "your app is modded" XP. The deploy now passes the captured source domain through to the registry.
-
b8ed87f:
dot decentralizeis now interactive when invoked with no--siteflag. Runningdot decentralizeon its own opens a TUI that walks through a short flow — a yellow "about this command" callout explaining that the command mirrors a live static site (https URL) and republishes it as a .dot site, then prompts for the site URL, a signer (dev / your phone), and a.dotname. Domain availability is checked inline against the chain (same path asdot deploy); leaving the name blank auto-generates a free hostname-derived label as before. The pipeline then runs the same mirror + Bulletin upload + DotNS register the headless path uses, and prints a final summary card with the live URL, IPFS CID, and gateway.dot decentralize --site=…(with or without--dot/--suri) keeps the existing headless contract — the demo service that passes--suri=//Bobis unchanged.
-
439ae1c:
dot initnow prompts you to claim a playground.dot username when one isn't already set on the registry. If you accept, the CLI signs asetUsernametx against the registry contract and surfaces the chosen name in the top breadcrumb alongside the command, network, and version. Runs that find an existing username read it from the registry (best-block freshness, same as the playground-app) and skip the prompt — your handle just shows in the header.Declining is non-destructive: pick "No" and
dot initcontinues as before. The choice is not persisted, so re-runningdot initwill prompt again until a name is claimed.
- 77b5241:
dot modnow records the source app's domain indot.json, anddot deploy --playgroundpublishes it as amoddedFromfield in the on-chain metadata. The playground-app can use this to display "Modded from: " attribution on app detail pages. The value is shape-validated through the samenormalizeDomainrules as the deploying domain, so a hand-editeddot.jsoncan't sneak XSS payloads into shared metadata.
-
82afc4d:
dot initnow shows the user's registry username (the handle set on the playground.dot profile) when one has been claimed, falling back to the People-parachain identity name and then to the H160, same precedence as the playground-app. Also surfaces an "account in use" row with the derivation path + H160 so the user can verify the exact account that signs on their behalf.dot deploy --playgroundnow matches the v11 registry contract's 7-argpublish()signature (addsmodded_from,is_moddable,is_dev_signer), which unblocks publishes against the freshly deployed playground registry on Paseo Asset Hub Next.cdm.jsonis refreshed to the v11 manifest; the runtime keeps resolving the live contract address from the on-chain meta-registry.
- 9459445:
dot deploy --signer dev --playgroundnow requires zero phone taps when an active phone session exists. The CLI signs every on-chain step with a synthesised Alice signer (matching bulletin-deploy's default identity) but passes the user's session H160 as the registry contract's newownerargument, so the published app still appears in the user's MyApps view in playground-app. Phone mode is unchanged; dev mode with--suriis unchanged. Requires the redeployed playground registry contract (newpublish(domain, metadata_uri, visibility, owner: Option<Address>)signature) on Paseo Next v2.
- bd4bf44: Run
dot contract installthrough dot's native TUI and the released CDM install backend instead of spawning the CDM CLI.dot initnow installscargo-pvm-contractdirectly instead of running the CDM CLI installer.
- eb02538: Move contract deployment out of
dot deployand add CDM-backeddot contract deploy/installcommands.dot contract deploynow calls CDM's deploy pipeline with dot's signer and Bulletin allowance signer, uses CDM's current registry defaults from@dotdm/env, renders a CDM-style Ink progress table using dot's shared TUI primitives, anddot contract installdelegates to CDM's installer.
- Request Bulletin allowance through the mobile resource-allocation flow, normalize returned slot-account keys before caching/signing, and point users back to mobile approval when the returned account is not usable on-chain.
-
481d08b:
dot deployanddot buildnow runpnpm install(or the project's package manager equivalent) before every build, not just whennode_modules/is missing. A stalenode_modules/left over from a branch switch or a lockfile bump used to slip past the missing-folder guard and produce opaque Vite/Rollup errors like"X is not exported by ..."; the only fix was to re-runpnpm installby hand. The install step is idempotent (~1s when nothing has changed), so the happy path is essentially unaffected.Also surfaces more of the failing build's output in the CLI error message (40 lines instead of 10), so when a build does fail the actual error line — not just the trailing stack trace — makes it into the rendered output. And the same error no longer renders twice in the deploy TUI: the per-section row marks which step failed with
✕, and the bottomdeploy failedrow carries the message once.
- 3b73614: Keep Bulletin out of the mobile allowance request, show the Bulletin authorization faucet for the locally cached Bulletin account, and let
dot logoutrecover from stale sessions missing the product-derivation root key.
-
9f1e4dc: Make
dot initsurvive Bulletin allowance propagation lag, and fix a React setState warning that landed in the previous account-derivation PR.dot initno longer aborts when the RFC-0010 Bulletin slot account is returned by mobile but the on-chain authorization hasn't propagated to Bulletin Chain yet. The slot key + marker are persisted regardless (so the nextdot deploypicks them up), and the funding/mapping step continues to run. The row shows a soft-failure warning with the slot account SS58 and a faucet URL.- New
BULLETIN_AUTHORIZATION_URL+bulletinAuthorizationHelp(slotAddress)so timeout / cached-key-not-authorized errors point athttps://paritytech.github.io/polkadot-bulletin-chain/authorizationswith the exact slot SS58 to authorize manually. requestAndStoreBulletinAllowanceSignerpersists the slot key before waiting for chain confirmation. A propagation timeout no longer discards a valid key the mobile already derived.storeSlotAccountKeysFromOutcomesis now a single read-modify-write so two slot keys returned in one call (e.g. BulletInAllowance + StatementStoreAllowance) can't race-clobber each other inallowance-keys.json.- Fix a "Cannot update a component while rendering a different component" warning from
QrLogin: it was calling the parent'sonDone(setState)from insidesetStatus(updater). The handler now captures the resolved addresses in auseRefand callsonDoneafter the promise resolves, outside any updater function.
-
b6cbcc2: Fix the
dot initidentity block:- Stop double-deriving the product account. The "product account" line previously ran
deriveProductAccountPublicKeyon the already-product-derived SS58, producing a ghost address whose SS58 + H160 didn't match what the playground-app actually uses. Both are now taken straight off the auth-derived pubkey via a sharedderivePlaygroundProductPublicKeyhelper, so the signer that signs on-chain and the display the user sees can no longer drift. - Show the SSO wallet root on the "logged in" line instead of the product account. The product account is on its own row underneath with the full SS58 + H160. The root is also what the username lookup is keyed on.
- Fix the username lookup key. Usernames live at
Resources.Consumers[<rootAccountId>]on the People parachain; the lookup was previously running against the product account and would never find a match. It now uses the wallet root, matching polkadot-desktop'suseSessionIdentity.
- Stop double-deriving the product account. The "product account" line previously ran
- 6f97144: Fix
dot initidentity block: print the full product-account SS58 and 0x-prefixed H160 instead of truncated5DHk4g...CzE1 (0x8849...29dc), and fix the username lookup so it actually queriesResources.Consumerscorrectly. The previous code routed the SS58 throughAccountId().dec(...)(which is meant for0x-hex input, not SS58) and silently corrupted the storage key, so every lookup surfaced as(lookup failed). Now the SS58 is passed straight togetValues, matching the polkadot-desktop / dotli / triangle-js-sdks pattern.
- 7d7e7eb: Internal: bump
@parity/product-sdk-*packages andbulletin-deployto current latest, and consumederiveProductAccountPublicKeyfrom@parity/product-sdk-keysinstead of a local mirror. No user-visible behaviour change; output is byte-identical for production inputs.
-
f618038:
dot initnow shows your username and your product account address alongside the existing "logged in" confirmation.- Username comes from your on-chain identity on People parachain (
Resources.Consumersstorage). If you haven't registered a username yet you'll see(no username set on chain); if the lookup fails or times out (5s) it falls back to(lookup failed). - Product account is the SS58 + truncated H160 derived locally from your root account via the same sr25519 soft-derivation path that the mobile wallet uses privately. The address you see here is the SAME one
playground-appresolves for "My apps" and the SAME one your CLI signs as on-chain — so a quick eyeball is enough to confirm both clients agree on your identity.
- Username comes from your on-chain identity on People parachain (
- d8fbc44: Use cached RFC-0010 Bulletin allowance keys for Playground metadata uploads instead of signing Bulletin storage with the product account.
-
2ad4a8e: Fix
dot initanddot deploy --signer phoneto target the same product-derived account that actually signs on-chain.session.remoteAccount.accountIdcarries the user's wallet account, not the per-app product account the mobile signs with. The CLI was funding / allowance-marking / displaying the wallet address while the chain saw a differentFrom. The CLI now soft-derives the product-account public key locally fromsession.rootAccountIdusing the same"/product/{productId}/{derivationIndex}"path the mobile wallet derives privately, so all three flows (dot init,dot deploy --signer phone, and the deployed playground-app'sHostProvider.getProductAccount) resolve to the SAME SS58 for a given user.PLAYGROUND_PRODUCT_IDis also aligned to"playground.dot"to match the deployed playground-app.The deploy summary now shows the signing SS58 (e.g.
Signer Your phone signer (5HRBs5…)) so users can verify the account before approving. Bulletin-deploy's preflight log line that showed the dev-master fallback address (SS58 Address: 5DfhG…) during the availability check is silenced; only the real deploy's signing address surfaces.
- efca48c: Bump
bulletin-deployfrom0.7.20-rc.4to0.7.20stable. The notable change vs rc.4 is PR #369, which lands inside bulletin-deploy the same testnet pre-funding patterndot initadopted in the previous release:DotNS.connect({ autoAccountMapping: true })now internally tops up a low-balance signer (attemptTestnetTopUpfrom the bare-master ///Bobof the standard dev mnemonic) before submitting the Revive auto-map trigger on paseo-next-v2. Users who skipdot initand rundot deploydirectly will now get the funding just-in-time from bulletin-deploy; users who rundot initfirst get the same outcome front-loaded by the CLI. Both paths no-op when the recipient already holds ≥0.1 PAS, so they don't double-transfer.
-
4526267:
dot initnow funds the product-derived account from the shared bulletin-deploy dev signer (1 PAS, idempotent: skipped when the recipient already holds ≥0.1 PAS) instead of submitting an explicitRevive.map_account. paseo-next-v2'spallet_revive::AutoMapperhandles the SS58 ↔ H160 mapping on the first state-changing tx; the funding step gives that tx enough PAS to land. A belt-and-bracesRevive.map_accountstill fires ifcheckMappingreturns false after funding, so cold-start accounts that pre-existed the AutoMapper runtime upgrade aren't left stuck.Also silences the recurring
DestroyedError: Client destroyedblock printed on everydot initexit. Root cause was@sentry/node's defaultOnUnhandledRejectionintegration printing the rejection viaconsole.warn+console.error; we now override it withmode: 'none'so Sentry still captures the rejection with the fullmechanism: onunhandledrejectionmetadata but skips the print. Benign polkadot-api teardown artifacts are dropped viabeforeSendso they don't reach the Failures dashboard either.
- baa84fa: Pass the selected deploy environment through to
bulletin-deploy, pin the paseo-next-v2 capablebulletin-deployprerelease, resolve live CDM contracts through the activecdm.jsontarget registry, pass the Asset Hub descriptor to playground registry handles, use the paseo-next-v2 IPFS gateway path for playground metadata reads, use--surisigners for DotNS in dev-mode deploys, and treat bare mnemonic SURIs as the root account.
-
b228817: Migrate to paseo-next-v2 (Asset Hub Next 1500, Bulletin Next 1501, People Next System 1502).
dot initnow requests RFC-0010 resource allowances (Bulletin + Statement Store + smart-contract gas) from the user's mobile wallet before mapping the account; PAS funding from a dedicated funder account is gone. Grants are cached at~/.polkadot/allowances.json(per env, per address, per resource) so repeatdot initruns don't re-prompt.dot modno longer requires login or account-mapping to browse moddable apps.Behind the scenes: bumped
bulletin-deployto 0.7.19 (ships the paseo-next-v2 env withautoAccountMapping/bulletinAuthorizeV2/skipDotnsCliflags),@parity/product-sdk-*to the 0.5.0 facade release (PAPI-native signer fixesAsPgassigned-extension support),@dotdm/contractsto ^2.0.3,@novasamatech/*overrides to 0.7.9-4.
- 6bf3e42: install.sh now runs
dot init --yes(non-interactive dep setup) instead of blocking on the mobile QR scan. A follow-up hint tells users to rundot initfor the full login flow.
- 40d860b: License the CLI under Apache-2.0. Adds the canonical
LICENSEtext, declares"license": "Apache-2.0"inpackage.json, and applies the standard Parity SPDX + copyright header to every tracked source file. CI now runsscripts/check-license-headers.shon every PR (License Headersworkflow); contributors can runpnpm lint:licenselocally and./scripts/check-license-headers.sh --fixto add the header to new files.
- a66d4a1: Bump
bulletin-deployto0.7.14. Internal hardening of the chunked-storage path against WS-halt allocation storms: per-deploy retry-budget circuit breaker, recovery batch-size drop (2→1 in flight after first reconnect), and a synchronous WS-close hook that destroys the PAPI client before its broadcast-replay loop can OOM. No public-API changes.
- 0b5960c: Migrate the CLI runtime from
@polkadot-apps/*packages to@parity/product-sdk-*, including terminal product-account signing forplayground.dot. The QR-paired session signer routes transaction signing throughsession.signPayload(no<Bytes>envelope) so the chain accepts the produced signature, and arbitrary-byte signing throughsession.signRaw(envelope applied by mobile, correct for free-form data). Product-SDK packages use caret ranges so upstream patch and minor releases land automatically on a freshpnpm install.
- dc9eead: Purge
@polkadot-apps/*from the dependency tree.@dotdm/contractsis pinned to1.1.1-dev.1778274929(the dev release from the CDM monorepo's product-sdk migration PR; thelateststable still pulls the legacy stack), and@novasamatech/*is forced to0.7.8-2viapnpm.overridesso transitive consumers come along.grep '@polkadot-apps/' pnpm-lock.yamlnow returns zero hits. The runtime is effectively PAPI 2.x-only — the lockfile still mentionspolkadot-api@1.23.3but only as a vestigial declaration of the bundled@parity/dotns-cliCLI binary, which inlines its deps and never resolves them at runtime. - ac4aaaa: Migrate the diagnostic tools (
tools/list-registry-apps.ts,tools/probe-registry-resolution.ts) off direct@polkadot-apps/*imports onto@parity/product-sdk-{contracts,tx,address}. The list-registry-apps script now hits Paseo's public IPFS gateway directly (since@parity/product-sdk-bulletin'squeryJsonis host-only and these tools run as plain Bun processes). Adds a CI grep guard so direct@polkadot-apps/*imports undersrc/,e2e/,scripts/,tools/fail the Format job. - 2398dce: Upgrade
bulletin-deployfrom0.7.12to0.7.13. The new release adds a--env <id>selector to the upstream CLI binary plus additive deploy span attributes (deploy.env,deploy.network,deploy.environments_source); library consumers see zero behaviour change and the default endpoint resolves to the same paseo-next WSS as before. - cfc487c: Upgrade
@parity/product-sdk-terminalto^0.2.0and the rest of@parity/product-sdk-*to their latest patch releases. The new terminal release includes both fixes the CLI was working around: (1)createSessionSignerForAccountnow uses a split-callback PJS signer (tx →session.signPayload, bytes →session.signRaw), so the local PJS-based replacement we'd inlined is gone; (2)destroy()is now async and drains pending statement-subscription unsubscribes before tearing down the lazy client, eliminating theDestroyedError: Client destroyedunhandled rejection ondot logout. The CLI's local helpers and theDestroyedErrorentry inisBenignUnsubscriptionErrorare removed accordingly.
- a5385ba: Upgrade bulletin-deploy from 0.7.10 to 0.7.12.
- 33bef5c: Improve error reporting when the CDM meta-registry fails to return a live contract address.
- e3c587f: Read current Bulletin authorization allowance fields correctly during deploy preflight.
- 1dfc53d: Rename the deploy source-publishing option and related CLI language to moddable.
- 8f1007c: Preserve explicit installer VERSION overrides such as dev branch release tags.
- 10b2abf:
dot deploy --moddableno longer auto-creates a GitHub repository. The CLI now requires the user to set up a public GitHuboriginthemselves and fails with a clear message iforiginis unset, points to a private repo, or points to a non-GitHub URL. The--repo-nameflag is removed, theghCLI dependency is dropped (no longer installed bydot init, no longer probed for authentication), anddot modnow initialises an empty git history without a baseline commit so users can stage and commit their first revision however they like.
- a4ef800: Fix two telemetry correctness issues in the deploy pipeline: E2E runs now tag bulletin-deploy spans with an
e2e-cli-*label so test traffic is filterable in dashboards, anddeploy.sourceno longer gets incorrectly overwritten with"playground-cli"(it correctly reports"ci"or"local"as intended).
- 7373966: Update
bulletin-deployto 0.7.10 for the latest DotNS/deploy fixes.
-
82036ef: Eliminates every remaining
api.github.comcall from the unauthenticated path sodot mod,dot deploy --moddable, anddot updateno longer contribute to GitHub's 60 req/hour anonymous-IP rate limit. On shared networks (hackathon WiFi, conference NATs) the CLI now works regardless of how many other users are on the same public IP.dot deploy --moddablewrites the deploying branch to metadata asmeta.branch(read viagit rev-parse --abbrev-ref HEAD).dot modreads that field and constructs the codeload tarball URL directly, skipping the previousapi.github.com/repos/{o}/{r}lookup. Old apps withoutmeta.branchfall back tomain.assertPublicGitHubReponow issues aHEAD https://github.com/{o}/{r}against the regular HTML page rather than the API. Same public/private signal (200 vs 404) at zero API quota cost. Anti-abuse limits on the HTML surface are orders of magnitude more generous.dot updateresolves the latest CLI version through jsDelivr's/resolvedendpoint instead ofapi.github.com/.../releases/latest. The binary download stays ongithub.com/.../releases/download/...(also non-API).
The
gh auth tokenopportunistic-header utility and the end-of-dot initrate-limit advisory banner are removed — both were workarounds for API quota issues that no longer exist on the unauthenticated path.gh auth loginis still required for the one remaining authenticated call site (gh repo create --public --pushwhen a fresh moddable repo is created), anddot init's dependency-list row continues to advise it.install.shis updated to resolve the latest tag through jsDelivr first (with the github.comreleases/latestredirect probe as fallback) so concurrent first-time installs at a hackathon — every attendee on the same NAT — never touchapi.github.comat all. The previousapi.github.com/repos/.../releases?per_page=1fallback is removed entirely.
-
eb9760c: Every
dotinvocation now shows a one-line "Update available" banner at the bottom when a newer release exists. The check resolves the latest version through jsDelivr's free public CDN (not GitHub's rate-limited API) with a 1 s timeout, so a flaky network never delays the command. Suppressed in CI / piped output, when runningdot updateitself, and whenDOT_NO_UPDATE_CHECK=1.dot modanddot deploy --moddablenow opportunistically pass anAuthorization: Bearer <token>header read fromgh auth tokenwhen available — logged-in users get GitHub's per-user 5000/hour quota instead of contributing to the shared 60/hour anonymous-IP quota that gets exhausted quickly on hackathon WiFi. Anonymous users continue to work as before.dot deploy --moddablenow fails with an explicit "GitHub rate limit exceeded — rungh auth login" error when the public-repo preflight is denied by the rate limiter, instead of silently passing the check and risking a private repo being published as moddable. Ambiguous 403s and transient 5xx responses still skip the check (unchanged).dot initends with an explicit advisory banner (visually consistent with the new "Update available" banner) explaining the IP-based GitHub rate limit and recommendinggh auth login, but only when the user is not currently authed. The single-row dependency-list warning was too terse to convey why this matters on hackathon / shared-network setups.
- fe6fe64:
dot modno longer prints a misleading[contracts] No origin configured — using dev fallback (Alice) for query dry-runwarning when the user is signed in viadot init. The CDM meta-registry lookup that resolves the live playground registry address now receives the signer's address asdefaultOrigin.dot modalso lazy-probes the picked app's repository between picker dismount and the setup steps, surfacing a clear "private or does not exist" error before any files are written when a publisher has flipped repo visibility after deploying.
- 88d78d3:
dot deploy --moddablenow rejects private GitHub repositories at preflight with a clear error message instead of silently failing later.dot modalso surfaces a more actionable error when it encounters a private or non-existent repository instead of the misleading "pin one in metadata.branch" hint.
- d742e7d: Fix
dot initfailing on a clean macOS/Linux machine whererustupisn't yet installed. The rustup installer writes its binaries to~/.cargo/binand adds that directory to PATH only via shell rc files, which doesn't reach the runningdotprocess. The next two steps (Rust nightly,rust-src) then fail withbash: rustup: command not found. After installing rustup we now prepend$CARGO_HOME/bin(default~/.cargo/bin) toprocess.env.PATHso the rest ofdot initcan resolverustupimmediately.
- 1988832: Remove unreachable null-signer guard in
resolveSignerSetup(signerMode.ts). The deadthrowcould never fire becauseshouldResolveUserSigner()guarantees a signer is resolved beforeresolveSignerSetupis called when--playgroundis set. No user-visible behaviour change.
- b071fff: Adds
docs/e2e-running-tests.mdcovering how to trigger the E2E suite locally and on GitHub. Tables of triggers, modes, flag passthrough, and result-reading. Complementsdocs/e2e-bootstrap.md(maintainer one-time setup).
- 8af7042: Fixed misleading "📱 Approve on your phone" log line during
dot deploy --signer dev --suri X --playground. The session-key funding step now signs directly with the dev keypair instead of wrapping it in the phone-mode signing-event proxy. Phone-session deploys are unchanged.
- b9044f0: Fixed an intermittent
Revive::AccountUnmappedfailure during contract deploys. The per-deploy session key is now persisted to~/.config/dot/accounts.jsononly AFTER itsmap_accountextrinsic is confirmed on chain. Previously the persist happened first, so a failingmap_account(e.g. nonce race, transient chain error) left the on-disk state lying — the retry would find the existing key, skip the mapping step, and fail at the dry-run with AccountUnmapped. Fixes #94.
- 635ca56: CI now validates the consumer install path after every stable release:
e2e-post-release.ymlfires onrelease: published, runsinstall.sh, and runs the same smoke tests ase2e-release.yml(Phase 7) but against the installed binary at~/.polkadot/bin/dot. Catchesinstall.shregressions that the prerelease/SEA-download path doesn't. - e56f7a9: Adds
docs/e2e-bootstrap.md(public maintainer-facing doc covering pre-conditions, idempotent bootstrap commands, and recovery procedures for the E2E suite) and.github/workflows/e2e-cleanup.yml(Sunday 04:00 UTC cron stub for sweeping rotating E2E state — actual sweep logic lands with Phase 5e).
- df38cfa: Adds
DOT_BULLETIN_RPCenv-var override togetChainConfig(), allowing tests (or operators in an emergency) to prepend a custom Bulletin RPC endpoint while keeping the built-in URL as a fallback. The newnightly-chaos-rpccell exercises this by setting an unroutable primary URL and asserting the deploy still completes via failover.
- c5bcff6: CI now validates published RC binaries: a new
e2e-release.ymlworkflow fires onrelease: prereleased, downloads thedot-linux-x64SEA asset, and runse2e/cli/published.test.tssmoke tests (--version,--help). Catches packaging regressions before stable release.
- b591ef3: E2E test setup and bootstrap-tool log strings now correctly use PAS (Paseo's native token symbol) instead of DOT. The numeric values are unchanged (1 PAS = 10^10 plancks); only the displayed unit symbol changes. Closes #96.
- 492ace6: Failed E2E cells now surface forensic detail (CLI subprocess stdout/stderr from
dot-runs.log, junit.xml failure messages, and::error::annotations at the top of the run page) directly in the GH Actions UI. Previously a triager had to download the artefact and untar it locally to see the real root cause. Closes #98. - 68f6417:
dot updatenow creates its install directory if missing instead of failing with ENOENT. Previously the directory was assumed to exist (created byinstall.shduringdot init), causingdot updateto fail on environments that didn't run the installer (e.g. CI runners spawning the CLI directly). Fixes #97.
- 22c0e59: Nightly E2E now exercises the SIGINT cleanup path: a new
nightly-chaos-sigintcell sends SIGINT todot deploymid-flight and asserts the process-guard's runAllCleanupAndExit handler exits cleanly within 5s with code 130 (or SIGINT signal).
- 5c4b491: Nightly E2E now exercises the
--no-contract-builderror path: a newnightly-rejectionscell asserts the integration-level error message when a Foundry project requests skip-build but ships no pre-built artefacts underout/.
- 3751335: Nightly E2E now exercises the multi-contract publish path:
nightly-deploy-multicell publishes bothTokenA.solandTokenB.solfrom the multi-contract fixture to thee2e-cli-multi.dotdomain, exercising the batch contract-instantiate path. Refactored the 3 near-identical contract-deploy tests (foundry, hardhat, multi) into a sharedrunContractDeployTesthelper.
- e5b1b19: Nightly E2E now exercises the Hardhat (EVM) full-deploy path: a new
nightly-deploy-hardhatcell publishes the hardhat fixture's pre-builtLock.solbytecode to thee2e-cli-hardhat.dotdomain on Paseo. Runs on schedule/dispatch only (max-parallel: 1 withpr-deploy-frontend/pr-deploy-foundrysince they share SIGNER), so per-PR runtime is unaffected.
- ac3addc: E2E suite now has a
test-nightly-no-publishmatrix that runs only on the daily schedule (06:00 UTC) andworkflow_dispatch. Adds two nightly-only cells:nightly-mod-miss(registry-miss path for unknown domains) andnightly-diagnostic(DOT_DEPLOY_VERBOSE / DOT_MEMORY_TRACE coverage). Per-PR runs are unaffected.
- 28d7c30: E2E suite now runs as a 7-cell matrix on CI: 4 no-publish cells in parallel + 3 publish cells serial (sharing the registry signer to avoid nonce races). Adds full-deploy tests for the Foundry and CDM backends. Per-cell pass/fail is visible in the sticky PR comment with cell-specific JUnit + forensic logs.
- 8d02aa4: Add
--no-contract-buildflag todot deploy. When set alongside--contracts, the deploy uses pre-existing contract artifacts (foundryout/, hardhatartifacts/contracts/, cdmtarget/<crate>.release.polkavm) instead of running the build toolchain. Useful for CI environments whereforge/cargo-contractaren't installed.
- 7696da3: CI now posts a sticky E2E test-pass comment on every PR with per-test pass/fail counts and Sentry triage links. Nightly schedule failures auto-open a GitHub issue. Per-cell forensic logs (
dot-runs.log) and JUnit XML are uploaded as workflow artefacts. Test traffic is tagged withcli.tag:e2e-ci-{pr|nightly|dispatch}so production Sentry dashboards can filter it out.
- 7151157: Avoid GitHub auth and
git pushduringdot deploy --moddablewhen the project already has anorigin; the existing repository URL is recorded directly.
- 9d0a0ba: Load the logged-in account for
dot deploy --signer dev --playgroundso Playground registry publishes can be signed by the app owner.
- f2f43c4: Suppress the non-fatal
ReviveApi_trace_callcompatibility stack during Playground registry contract dry-runs.
- 2de1408: Resolve the Playground registry address from the live CDM meta-registry before publishing or browsing apps.
- 86abd07:
dot --surinow accepts a BIP-39 mnemonic in addition to the dev names (Alice, Bob, Charlie, Dave, Eve, Ferdie). An optional//<path>derivation suffix is supported, e.g.dot deploy --suri "<12-word phrase>//0". The dev-name fast path is unchanged.
- 934c0db: Add E2E integration test suite covering install, build, init, session, deploy, mod, and diagnostic commands. Tests spawn the CLI as a child process via execa and assert on stdout/stderr/exit codes. Deploy tests verify contract detection for Foundry, Hardhat, and CDM backends. Includes CI workflow, fixture projects, and chain query helpers for Paseo testnet validation.
- 21481ba: Fix
dot deployexiting 1 after a successful deploy. polkadot-api'sclient.destroy()can fire aDisjointError: ChainHead disjointedfrom a still-in-flight chainHead operation after the WS has closed, which surfaces as an unhandled rejection and forced the process to exit 1 even though the deploy completed and printed "Deploy complete". Now suppressed alongside the existing benign-teardown filter forUnsubscriptionError: Not connected. - ba63fec: Fix
dot deployanddot modexiting 0 on failures. Previously the CLI's entry point unconditionally calledprocess.exit(0)after the action returned, overwriting the non-zeroprocess.exitCodeset byscheduleHardExit()(deploy preflight, e.g.SignerNotAvailableErrorfrom a corrupt session) and never set bydot modat all onrunSetupfailures (e.g. registry miss). Both paths now propagate a non-zero exit code so shell scripts and CI pipelines can rely on the result.
- 90f51d4: Fix bundled DotNS CLI dispatch so compiled deploys can run DotNS subprocess commands.
- 1349115: Add privacy-gated Sentry telemetry for
dotcommands and routebulletin-deployspans through the CLI's ambient Sentry client.
- 6715aa2: Bumped
bulletin-deploy0.7.2 → 0.7.6. The new release ships heartbeat-consistency fixes on the WS clients used during preflight tx submission (eliminates the no-heartbeatwithAliceApipath) plus a new bounded reconnect-status handler. Includes a temporarypnpm.overridesworkaround for a transitive publish bug in@parity/dotns-cli@0.5.6that prevents pnpm from installing 0.7.4+ cleanly; see CLAUDE.md for context and removal criteria. - 9d3be83: The memory-watchdog abort message now reliably reaches stderr when the output is redirected to a file. Previously, on a SIGKILL-on-memory-cap path, the
✖ Memory use exceeded …message could be lost from a redirected stderr buffer becauseprocess.stderr.write()queues through the writable-stream layer. The watchdog now usesfs.writeSync(2, …), a blocking syscall that completes before the kill, so users diagnosing memory issues see the full abort context.
- f2e09bd: Bump
@w3s/playground-registryto v6 to match the first release of playground.dot.
-
b9ec23b:
dot modnow downloads source as a fresh project from GitHub via HTTPS — multiple mods of the same starter no longer collide via GitHub's one-fork-per-account limit.gitandghare no longer required to mod an app.dot deploy --playgroundnow asks before publishing source. Pass--moddable(or answer "yes" to the prompt) to publish a public GitHub source repo alongside the deploy so others candot modit. Use--no-moddableto skip the prompt non-interactively. The default is non-moddable. Pass--repo-name <name>to skip the repo-name prompt when creating a fresh repo.The interactive registry picker (
dot modwith no domain) now hides apps that aren't moddable.Removed:
dot mod --clone,--repo-name,--yesflags (no longer needed).
- f6e5adf:
dot modnow keeps the tail ofsetup.shvisible after the step completes — the script's "next steps" / quest progression / doc pointers no longer disappear when the step turns green. The full unfiltered output is also tee'd to<targetDir>/.dot-mod-setup.logfor any output that doesn't fit the on-screen tail. The generic "edit with claude / dot deploy" footer now only prints when the app didn't ship asetup.sh.
- 0dfb9b5:
dot modno longer leaves anupstreamremote behind after fork+clone, sogit checkout quest/level-N(and the commands printed by tutorialsetup.shscripts) work without--track origin/<name>workarounds.
- 60463f7: Add
dot logoutto sign out of the account paired viadot init— no morerm -rf ~/.polkadot-apps. Notifies the mobile app so the paired-connection entry is removed there too, with a best-effort local-only cleanup fallback when the network is unreachable.
-
20bdd11: Refresh remaining
@polkadot-apps/*direct dependencies to their current latest. PR #44 narrowly bumpedchain-client; this widens to pick up the siblings that the monorepo had already co-released via itsworkspace:*+ changesets patch cascade:@polkadot-apps/bulletin0.6.9 → 0.6.10@polkadot-apps/contracts0.3.2 → 0.4.0
Also eliminates the duplicate
chain-client@2.0.4that was being pulled transitively by the old bulletin — single resolved version now (2.0.5).
- 899ca18: Bump
@polkadot-apps/chain-clientto 2.0.5, which rotates the Paseo Asset Hub preset RPC list to live endpoints. Fixesdot inithanging on the funding step with repeated "Unable to connect to …" errors when both previously-configured endpoints (Dwellir,sys.ibp.network) were simultaneously unhealthy.
- b854eae: Upgrade
bulletin-deploypin to0.7.2. Fewer spurious upload failures now that the default chunk timeout covers Bulletin's 24s Aura slots, and a Bun-safe memory-report teardown upstream. No API changes on our side.
- f39d0aa:
dot initnow falls back to a dedicated testnet funder account if Alice is drained on Paseo Asset Hub — so new users aren't blocked the moment someone drains Alice. If both funders are low, the UI points users athttps://faucet.polkadot.io/prefilled with their own address so they can self-fund and move on.dot deploy --signer devgets the same fallback and, on exhaustion, guides the user to switch to the mobile signer instead. Adds a scheduled GitHub Actions workflow that files an issue when the dedicated funder needs topping up.
-
c6cdc06: Add optional contract deploy step to
dot deploy. When the project root contains afoundry.toml, ahardhat.config.*, or aCargo.tomlwith apvm_contractdep, the TUI now asks "deploy contracts?" (default no), anddot deploy --contractsruns it non-interactively. All three paths compile locally (foundry viaforge build --resolc, hardhat vianpx hardhat compile, cdm via@dotdm/contracts) and then hand the PolkaVM bytecode to cdm'sContractDeployer.deployBatch, which weight-aware-chunks the deploys intoUtility.batch_allextrinsics. No constructor args, no contract registry publish, no on-chain metadata in this first cut — they'll land in a follow-up.Contract extrinsics are signed by a persistent on-disk session key at
~/.polkadot/accounts.json, not the mobile signer — today's mobile flow can't handle the encoded size of a batched contract deploy, and the failure is miscategorised as a user-cancel. On first deploy the session key is funded by the user's main signer (one phone tap) or by Alice in pure dev mode; subsequent runs skip funding when the balance is already above the threshold.dot initgains afoundry (polkadot)dependency check that installsfoundryup-polkadot.
- 73ad29b: Fix
dot deploycrashing on Bun-compiled binaries withnode:v8 getHeapSpaceStatistics is not yet implemented in Bun.when running from an internal Parity repo. Move thebulletin-deploytelemetry opt-out into a dedicatedsrc/bootstrap.tsside-effect module imported before any other module, and additionally forceBULLETIN_DEPLOY_MEM_REPORT=0so bulletin-deploy's diagnostic memory-report path can never reach Bun's unimplementedv8.getHeapSpaceStatistics. ExplicitBULLETIN_DEPLOY_TELEMETRY=1/BULLETIN_DEPLOY_MEM_REPORT=1overrides are preserved.
- faae2ed:
dot deploy --playgroundnow inlines the project'sREADME.mdinto the playground metadata so published apps show a rendered readme on their detail page. Readmes up to 20 KB are included automatically; if the file is larger the confirm screen shows a warning ("readme will not be uploaded") and the deploy proceeds without it. No action required — this works for any repo that already has aREADME.mdat its root.
- e113540:
dot build(and the build phase ofdot deploy) now auto-installs the project's dependencies whennode_modules/is missing. The package manager is inferred from the lockfile (pnpm/yarn/bun), falling back tonpm. Previously, an uninstalled project fell through tonpx <framework> build, which ephemerally downloaded the framework binary but then failed with a confusingERR_MODULE_NOT_FOUNDwhile loading the project's own config file (e.g.vite.config.tsimportingvite).
- fdac80d: Bump
bulletin-deploypin from0.6.16to0.7.0. The only breaking change in 0.7.0 is the removal of the--playgroundCLI flag and theplayground?: booleanDeployOption; playground-cli already owns registry publishing via its ownpublishToPlayground()flow, so this is a no-op for the deploy path.
-
e77932d: Fix
dot deployreporting "already registered" on re-deploys made in dev mode when a phone session was also present.The domain-availability preflight was passing the logged-in user's SS58 address as the reference owner for the on-chain ownership check regardless of signer mode. In dev mode bulletin-deploy signs DotNS with its built-in
DEFAULT_MNEMONIC, so the domain is owned by the dev account — not the user — and the preflight incorrectly reported the re-deploy as taken by a different account. We now only pass the user's address when--signer phone(where bulletin-deploy actually uses the user's signer). In dev mode we skip the ownership check and let bulletin-deploy's own preflight classify the re-deploy with the right signer.
- 4cdf839:
dot deploynow asks whether to run the build step before deploying, defaulting to "yes" so the common case is still a single Enter press. Pass--no-buildto skip the build non-interactively (useful when you've already built the project and just want to re-upload existing artifacts frombuildDir). The confirm screen and headless summary both show whether the run will rebuild or reuse existing artifacts.
-
c9c4bcd: Bump
bulletin-deploypin from 0.6.9 → 0.6.16.Picks up a fix for
merkleizeJS(CIDs now preserve their codec so DAG-PB blocks are correctly indexed in the CAR body — the upstream bug ourjsMerkleworkaround was avoiding), on-chain verification after every DotNSsetContenthash, clearer preflight messages on sanitized-to-Reserved labels, chain-time commit-age waits, and an idempotent pooltopUpBy. No API changes required on our side.
- e27c1be: Suppress the cosmetic
UnsubscriptionError: Not connectedstack trace that appeared duringdot deploy's domain-availability check. It came from polkadot-api tearing down its chainHead follow subscription afterdotns.disconnect()had already closed the WebSocket — expected, benign, and surfaced as either anunhandledRejectionoruncaughtExceptiondepending on the runtime. The process now filters that specific rxjs error (UnsubscriptionError whose inner errors are all "Not connected") instead of logging a 40-line stack trace and tearing the deploy down. Unrelated rejections and exceptions still escalate as before; run withDOT_DEPLOY_VERBOSE=1to get a one-line note when a filter fires. Also adds a Troubleshooting section to the README pointing users atDOT_MEMORY_TRACE=1+DOT_DEPLOY_VERBOSE=1for memory / OOM bug reports.
- 440bd12:
dot modnow prompts for the fork repository name after you pick (or pass) an app, with the previously random-suffixed default prefilled — press Enter to keep it, or type your own. The prompt is skipped with--clone(the target is only a local directory anyway), with-y/--yes(non-interactive default), or when you pass--repo-name <name>(which also doubles as the scripted override). Supplied names are validated against GitHub's repository-name rules and against existing directories on disk.
-
13a6c4e: Harden the deploy memory watchdog, add diagnostic logging for freezes / runaway RSS, and fix the phone-signer approval counter when a PoP upgrade is required.
- Watchdog now runs in a
worker_threadsWorker, not asetIntervalon the main thread. Under heavy microtask load (polkadot-api block subscriptions, bulletin-deploy retry loops) the main thread's macrotask queue can be starved for long enough that RSS climbs to 10+ GB between samples — at which point macOS jetsam delivers SIGKILL and the user sees a mysteryzsh: killedwith no guidance. The worker has its own event loop that can't be starved by the main thread, so the 4 GB cap now actually fires with a clear abort message. Sampling rate is also tightened from 5 s → 1 s now that it's off the hot path. - New
DOT_DEPLOY_VERBOSE=1env var writes every bulletin-deploy log line (chunk progress, broadcast / included / finalized transitions, nonce traces, RPC reconnects) to stderr with a[+<seconds>s]timestamp. Previously the interceptor swallowed everything that wasn't a phase banner or[N/M]chunk line to keep the TUI clean; that made "deploy froze at chunk 2/6" reports diagnostically opaque. Pair withDOT_MEMORY_TRACE=1to correlate log events with RSS growth. - Asset Hub client is now destroyed immediately after preflight instead of lingering until deploy cleanup. Nothing in the deploy flow (build, bulletin-deploy's storage + DotNS, our playground publish) uses it between preflight and the publish step — and holding an idle polkadot-api client with a live best-block subscription for the full deploy window was measurable background pressure. Playground publish calls
getConnection()which auto-re-establishes a fresh client at that point. - Phone-signer approval count now matches reality. For a PoP-gated name registered with a signer below the required tier, bulletin-deploy submits an extra
setUserPopStatustx beforeregister()— sodot deploy --signer phone --playgroundactually fires 5 sigs, not 4. The summary card used to advertise "4 approvals" and the phone prompt later said "approve step 5 of 4". Fixed by predictingneedsPopUpgradeduring the availability check (viagetUserPopStatus+ mirroredsimulateUserStatuslogic) and threading that prediction intoresolveSignerSetup, so the approvals list (and the derived summary, and the signing-proxy labels) are variable-length. Added: a belt-and-braces clamp increateSigningCounterthat growstotalwhenstep > total, so even if our prediction mis-estimates for any reason the TUI never shows "step 5 of 4" again. - Re-deploy path now shows a minimal phone tap count. When the availability check reports the domain is already owned by the signer, bulletin-deploy skips
register()entirely and only firessetContenthash. The summary card and counter now reflect that (1 DotNS tap instead of 3).
- Watchdog now runs in a
-
a289cb9: New editorial TUI: every screen now renders through a single theme plug (
src/utils/ui/theme/) — swap that folder to reskin the CLI, stub it to strip styling, zero styling leaks into commands.dot initnow surfaces bulletin attestation status on every run — even for already-signed-in users — showing how long your upload quota is valid for in human-readable form (e.g.~13d 4h · #14,582,331), with warning color when expiry drops under 24 h.Bonus: the terminal tab title updates during long deploys, so
dot deployshows build / upload / publish / ✓ in your tab strip while you tab away to the browser.
-
8944350: Bump
bulletin-deployfrom0.6.9-rc.6to0.6.9(stable). Upstream changes:- fix(dotns) — Lite signers are now correctly rejected on
NoStatuslabels, matching the on-chainPopRulescontract (upstream #101). Previously the check was missing the requirement clause and could let a Lite user through the classifier, only to have the register tx revert later. - feat(dotns) — bulletin-deploy now runs its own
DotNS.preflight(label)before any Bulletin upload (upstream #102). Deploys that were going to fail DotNS registration (wrong label class, reserved base name, domain owned by someone else, unresolvable PoP gate) now abort with zero Bulletin bytes paid, saving users a failed multi-MB upload. A new publicDotNS.preflight()view-only method andsimulateUserStatus()/popStatusName()helpers are also exported.
Our code surface (the
deploy()entrypoint +DotNS.connect/classifyName/checkOwnership/disconnect) is unchanged, so the bump is drop-in. 147/147 tests pass. - fix(dotns) — Lite signers are now correctly rejected on
- dede259: - New
dot buildcommand — auto-detects pnpm/yarn/bun/npm from the project's lockfile and runs thebuildscript. Falls back to direct vite/next/tsc invocation when no build script is defined.- New interactive
dot deployflow. Prompts in order: signer (devdefault /phone), build directory (defaultdist/), domain, and publish-to-playground (y/n). After inputs are chosen the TUI shows a dynamic summary card announcing exactly how many phone approvals will be requested and what each one is for. - Two signer modes for deploy:
--signer dev—0phone approvals if you don't publish to Playground,1if you do. Upload and DotNS are done with shared dev keys.--signer phone—3approvals (DotNS commitment, finalize, setContenthash) +1for Playground publish if enabled.
- Flags:
--signer,--domain,--buildDir,--playground,--suri,--env. Passing all four of--signer,--domain,--buildDir, and--playgroundruns non-interactively. - Publishing to the Playground registry is always signed by the user, so the contract records their address as the app owner. This is what drives the playground-app "my apps" view.
- Domain availability preflight — after you type a domain we hit DotNS's
classifyName+checkOwnership(view calls, no phone taps) so names reserved for governance or already registered by a different account are caught BEFORE we build and upload. Headless mode fails fast with the reason; interactive mode shows the reason inline and lets you type a different name without restarting. - Re-deploying the same domain now works. The availability check used to fall back to bulletin-deploy's default dev mnemonic for the ownership comparison, so a domain owned by the user's own phone signer came back as
taken— blocking every legitimate content update. The caller now passes their SS58 address, we derive the H160 via@polkadot-apps/address::ss58ToH160, andcheckOwnership(label, userH160)returnsowned: truewhen the user is the owner → we surface it as anavailablewith the note "Already owned by you — will update the existing deployment.". - All chain URLs, contract addresses, and the
testnet/mainnetswitch consolidated into a singlesrc/config.ts. - Deploy SDK is importable from
src/utils/deploywithout pulling in React/Ink so WebContainer consumers (RevX) can drive their own UI off the same event stream. - Workaround for Bun compiled-binary TTY stdin bug that prevented
useInput-driven TUIs from receiving keystrokes or Ctrl+C. A no-opreadablelistener is attached at CLI entry as a warm-up. - Bumped
bulletin-deployfrom 0.6.7 to 0.6.9-rc.4. FixesWS halt (3)during chunk upload (heartbeat bumped from 40s to 300s to exceed the 60s chunk timeout) and eliminates nonce-hopping on retries that used to duplicate chunk storage and trigger txpool readiness timeouts. Pin is deliberately on the RC tag — thelatestnpm tag still points at the broken 0.6.8. - Fixed runaway memory use (observed 20+ GB) during long deploys. The TUI was calling
setStateon every build-log and bulletin-deploy console line; verbose frameworks and retry storms produced enough React update backpressure to balloon the process. Info updates are now coalesced to ≤10/sec and capped at 160 chars. - Fixed
Contract execution would revertfailure in the Playground publish step. The metadata-JSON upload was routed throughbulletin-deploy.deploy(), which unconditionally runs a second DotNSregister()+setContenthash()on a randomly generatedtest-domain-<id>label — that's what was reverting. We now upload the metadata via@polkadot-apps/bulletin::upload()(pureTransactionStorage.store, no DotNS) and only invoke DotNS for the user's real domain. The user's phone signer is now correctly driven whenregistry.publish()fires, so the "Check your phone" panel appears as expected. - Fixed
WS halt (3)recurrence after switching the metadata upload to@polkadot-apps/bulletin. That path went through the shared@polkadot-apps/chain-clientBulletin WS, which uses polkadot-api's 40 s default heartbeat — shorter than a singleTransactionStorage.storesubmission. The upload now uses a dedicated Bulletin client built withheartbeatTimeout: 300 sand destroyed immediately after (same valuebulletin-deployuses for its own clients). - Added a multi-layer process-guard (
src/utils/process-guard.ts) to eliminate zombiedotprocesses that had been observed accumulating to 25+ GB of RSS and triggering OS swap-death. (1) SIGINT/SIGTERM/SIGHUP andunhandledRejectionall run cleanup hooks and force-exit within 3 s; (2) after the deploy's main flow returns, anunref'd hard-exit timer kills the process if a leaked WebSocket keeps the event loop alive past a grace period; (3) a 4 GB absolute RSS watchdog aborts the deploy before the machine swaps to death; (4)BULLETIN_DEPLOY_TELEMETRYis defaulted to"0"so Sentry can no longer buffer breadcrumbs; (5) the stdin warmup listener isunref'd so it doesn't hold the loop open on exit. SetDOT_MEMORY_TRACE=1to stream per-sample memory stats (RSS / heap / external) when diagnosing a real leak. - Bumped
bulletin-deployfrom 0.6.9-rc.4 to 0.6.9-rc.6 (picks up DotNS commit-reveal + commitment-age fixes). - Cut the log-event firehose:
DeployLogParsernow only emits events for phase banners and[N/M]chunk progress — NOT for every info prose line bulletin-deploy prints. Previously every line allocated an event object + traversed the orchestrator→TUI pipeline, compounding heap pressure during long chunk uploads. - Fixed deployed sites returning
{"message":"404: Not found"}in Polkadot Desktop. Bulletin-deploy's pure-JS merkleizer (jsMerkle: truepath) produces CARs containing only the raw leaf blocks — the DAG-PB directory/file structural nodes are silently dropped byblockstore-core/memory'sgetAll()iterator. Desktop fetches the CAR, sees the declared root CID, finds no block for it in the CAR, parses zero files, renders 404. We now leavejsMerkleoff so bulletin-deploy uses the Kubo binary path (ipfs add -r ...) which produces a complete, parseable CAR.dot initinstallsipfs, so this works out of the box. Note: this temporarily regresses the RevX WebContainer story for the main storage upload — we'll flipjsMerkle: trueback on once the upstream merkleizer is fixed to collect all blocks, not just leaves.
- New interactive
- ba4f091: -
dot initnow runs account setup after QR login + toolchain install: funds the account from Alice (testnet), signsRevive.map_accountvia the mobile wallet, and grants bulletin allowance.- New
dot updatecommand — self-updates from GitHub releases with atomic write-then-rename, safe to run over the live binary. - Session signer now routes transactions through
signPayloadto avoid the mobile's<Bytes>wrap that producedBadProofon-chain. - Connection singleton with a 30 s timeout and preserved
Error.causefor debugging. install.shpropagates the exit code of the auto-rundot init.- Introduced a vitest suite (73 tests across 9 files).
- New
- 23abf79: Scaffold init, mod, build, and deploy commands
- 8a0e3cc: Initial CLI setup