Migrate CLI to product-sdk#148
Merged
UtkarshBhardwaj007 merged 11 commits intomainfrom May 9, 2026
Merged
Conversation
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub. |
Contributor
|
Dev build ready — try this branch: |
Contributor
E2E Test Pass · ❌ FAILTag:
Sentry traces: view spans for this run |
charlesHetterich
force-pushed
the
migrate-to-product-sdk
branch
from
1d9f7ef to
0b5960c
Compare
…dProof The published @parity/product-sdk-terminal@0.1.0 funnels every signing op through session.signRaw, which the mobile wallet wraps with <Bytes>...</Bytes> (anti-phishing envelope, see polkadot-app-android-v2's MessageSigningContext.kt::generalUntrustedMessage). For tx payloads that produces a signature the chain rejects as BadProof. Mirror the upstream fix (paritytech/product-sdk a33edf3) locally in auth.ts: build a PJS signer with split callbacks — tx via session.signPayload (no envelope), bytes via session.signRaw (envelope correct for free-form data). Drop back to createSessionSignerForAccount once the upstream fix ships on npm. Also: pin @parity/product-sdk-* to exact versions (pre-1.0 SDK; carets let patch bumps silently flip wire shape), bump changeset to minor (the PR is a runtime SDK swap), refresh CLAUDE.md and README.md to reflect the product-sdk surface and the still-load-bearing <Bytes> invariant.
…, tests - AGENTS.md: refresh dependency rules (drop stale @polkadot-apps/chain-client reference, document the @dotdm/contracts/PAPI-1.x blocker), update the metadata-upload rule to point at calculateCid + direct PAPI submit, and add a Runtime Safety entry for the still-load-bearing <Bytes> mobile-wrap invariant + the createPlaygroundSigner workaround. - tools/list-registry-apps.ts: drop the inline fetchJsonFromGateway (own goal in commit ac4aaaa) and reuse src/utils/bulletinGateway.ts, which reads the gateway URL from getChainConfig() instead of hardcoding paseo. - src/utils/auth.ts: mark makeSignPayloadCallback / makeSignRawCallback @internal, mirroring the existing clearLocalAppStorage convention so the test seams aren't mistaken for a public API. - src/utils/bulletinGateway.test.ts: cover URL composition, 2xx/non-2xx paths, abort-on-timeout, and JSON parsing — 8 new tests, all passing.
… logout
@parity/product-sdk-terminal@0.1.0::destroy() tears down the underlying
polkadot-api client without awaiting in-flight statement-subscription
unsubscribes. PAPI's raw-client disconnect() then errors every pending
request with `new DestroyedError("Client destroyed")`
(@polkadot-api/raw-client/dist/esm/createClient.mjs:58 —
`responses.forEach((r) => r.onError(new DestroyedError()))`), which
surfaces as an unhandled promise rejection right above our "✓ signed
out" line.
The error is benign: the actual logout already succeeded, this fires
purely as a teardown-race artifact. DestroyedError is exclusive to
PAPI's raw-client teardown path (only `disconnect()` constructs and
throws this class), so matching the bare error name in our existing
benign-unsubscription filter is safe.
Same family as the UnsubscriptionError / Not connected and DisjointError
shapes we already suppress for `dot deploy`. Real upstream fix is for
product-sdk-terminal's destroy() to drain statement-subscription
teardowns before disconnecting the lazy client; tracking that
separately.
@parity/product-sdk-terminal 0.2.0 ships both fixes the CLI was
working around:
- createSessionSignerForAccount now uses a split-callback PJS signer
(tx → session.signPayload, bytes → session.signRaw) under the hood,
so the local PJS-based replacement in auth.ts is gone — back to a
one-line SDK call.
- destroy() is now async and awaits lazyClient.awaitPendingUnsubs()
between sessions.dispose() and lazyClient.disconnect(), so the
DestroyedError unhandled rejection on `dot logout` no longer fires.
The corresponding suppression in isBenignUnsubscriptionError is
removed; if DestroyedError ever resurfaces it's now a real
regression and must escalate.
Bumped the rest of @parity/product-sdk-* within their existing caret
ranges (bulletin/chain-client/contracts/descriptors 0.2.0 → 0.2.1).
Updated CLAUDE.md, AGENTS.md, README.md to reflect the simpler shape.
@dotdm/contracts published 1.1.1-dev.1778274929 from the CDM migrate-to-product-sdk PR (paritytech/contract-dependency-manager#13) which drops the entire @polkadot-apps/* line in favor of @parity/product-sdk-{bulletin,contracts,descriptors,tx} on PAPI 2.x. Pinning to that exact dev tag because the `latest` stable (1.1.1) still pulls the legacy stack — switch back to a caret/latest once the maintainer promotes the migrated build. Add a `pnpm.overrides` block forcing @novasamatech/{host-api,host-papp, product-sdk,scale,statement-store,storage-adapter} to 0.7.8-2 (the current latest). They come in transitively from product-sdk-terminal whose `^0.7.7` caret doesn't auto-widen across patches in lockfile updates, so an explicit override is required to align the tree. Result: `grep '@polkadot-apps/' pnpm-lock.yaml` returns 0 hits. The lockfile still resolves polkadot-api@1.23.3 but only because @parity/dotns-cli (a bundled CLI binary) declares it; the bundle inlines all its deps and never resolves them at runtime, so the CLI process is effectively PAPI 2.x-only. CLAUDE.md / AGENTS.md / README.md refreshed to reflect the new shape: the @polkadot-apps/* invariant is now stated as fact rather than "transient via @dotdm/contracts", the upgrade rule for polkadot-api no longer references the @dotdm-blocked compat constraint, and the @dotdm/contracts dev-pin and Novasama override are documented.
- auth.ts: wrap findSession's `await adapter.destroy()` in try/catch on the no-session path, mirroring waitForLogout's teardown. A hypothetical destroy-time throw would otherwise propagate to lookupSession in commands/logout/index.ts and misreport "no account is signed in" as "Could not reach the login service". - @parity/dotns-cli pin: bump 0.6.0 → 0.6.1 to match the version bulletin-deploy@0.7.13 declares (`^0.6.1`). Eliminates the duplicate dotns-cli resolution we previously had (top-level pin landed 0.6.0, bulletin-deploy's transitive resolution landed 0.6.1) and aligns Bun's bundle path (src/dotns-cli-dispatch.ts) with bulletin-deploy's runtime `_require.resolve` lookup. Both 0.6.0 and 0.6.1 still ship the broken `file:.papi/descriptors` manifest, so the existing stub override stays load-bearing — CLAUDE.md updated to reflect that the workaround applies to both versions. - json-rpc-provider override: investigated removing it. The override is still load-bearing — without it, pnpm resolves three versions (0.0.1 optional / 0.0.4 / 0.2.0) for different transitive consumers in the PAPI 2.x ecosystem. Documented in CLAUDE.md why it stays. No code-behavior changes beyond the auth.ts try/catch. dotns-cli bump is a patch within the same broken-manifest range; bundle path resolves the same way.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
closes #144
closes #145
Summary
@polkadot-apps/*dependencies/imports to@parity/product-sdk-*playground.dotwhile preserving thedot-clisession namespaceVerification
pnpm installnpx tsc --noEmitpnpm testpnpm format:checkpnpm buildpnpm cli:installbun run src/index.ts deploy --helpbun run src/index.ts logout --helpbun run src/index.ts init --help~/.polkadot/bin/dot --helpNotes
pnpm-lock.yamlstill contains transitive@polkadot-apps/*entries through@dotdm/contracts@1.0.1; direct app/runtime imports are migrated.