fix(deploy): zero-tap dev-signer deploys (stop bulletin-deploy resolving the phone session)

[UtkarshBhardwaj007]

Problem

playground deploy --signer dev (and playground decentralise dev mode) started asking for 3-4 phone approvals, defeating the whole point of the dev signer.

Root cause

Dev mode passed empty auth options to bulletin-deploy.deploy(), relying on its old "empty = DEFAULT_MNEMONIC / pool" fallback. bulletin-deploy 0.8.x added two implicit fallbacks that fire on empty options:

1. Session capture (deploy.ts chooseSignerInput): no mnemonic / signer / suri + a persisted SSO session file at ~/.polkadot-apps/dot-cli_SsoSessions.json (written by playground init; bulletin-deploy reuses the dot-cli namespace) means it loads the SSO stack and phone-signs DotNS with the user's session. Every logged-in user therefore got phone taps in dev mode.
2. Slot-key auto-read: whenever storageSigner is absent, it picks up the user's cached BulletInAllowance slot key and signs chunk uploads with it, silently burning the small phone-granted quota (~10 txs / 4 MiB per grant) on dev deploys. This also affected --suri deploys.

Fix

All in src/utils/deploy/signerMode.ts (the designated signer-matrix boundary):

• Dev mode passes mnemonic: DEFAULT_MNEMONIC explicitly, which wins bulletin-deploy's signer resolution outright, so the session file is never read. The on-chain identity is unchanged: the mnemonic's bare root (5DfhGyQd… = DEV_PUBLISH_ADDRESS) is exactly what the old empty-options path used for DotNS.
• resolveStorageSignerOptions now pins storageSigner in every mode: the BulletInAllowance slot key (phone+session, unchanged), the --suri key, or the dev bare-root. The bare-root carries its own Bulletin authorization on paseo-next-v2 (verified on-chain: 2366 txs / 868 MB remaining); if it ever lapses, bulletin-deploy's committed-signer wrapper silently falls back to the shared pool (the pre-0.8 dev storage path).
• runDecentralize flows through the same two functions, so it is fixed by the same change; its displayed signer address now resolves the mnemonic case to DEV_PUBLISH_ADDRESS.

Unchanged by design:

• Phone mode is byte-for-byte identical.
• Dev mode with an active session still claims the user's productH160 as owner, so the app shows in MyApps.
• Dev publishes still pass is_dev_signer = true, so the registry awards no XP.

Testing

• New regression tests pin the contract: explicit mnemonic (no signer key, so the phone-approval proxy never wraps dev deploys), pinned storage signer per mode, and the merged auth shape reaching runStorageDeploy in both runDeploy and runDecentralize.
• pnpm test: 645/645 passing. pnpm format:check and pnpm lint:license clean. tsc --noEmit error count unchanged at the 13-error baseline.

Includes a changeset and a new CLAUDE.md invariant documenting the gotcha.

[github-actions]

Dev build ready — try this branch:

curl -fsSL https://raw.githubusercontent.com/paritytech/playground-cli/main/install.sh | VERSION=dev/fix/dev-signer-zero-phone-taps bash

[github-actions]

E2E Test Pass · ✅ PASS

Tag: e2e-ci-pr · Branch: fix/dev-signer-zero-phone-taps · Commit: ab69790 · Run logs

Cell	Result	Time
pr-deploy-cdm	✅ PASS	4m05s
pr-deploy-foundry	✅ PASS	0m45s
pr-mod	✅ PASS	1m24s
pr-deploy-frontend	✅ PASS	7m14s
pr-init-session	✅ PASS	1m51s
pr-install	✅ PASS	0m49s
pr-preflight	✅ PASS	3m35s
${{ matrix.cell }}	⏭️ SKIP	0m00s
${{ matrix.cell }}	⏭️ SKIP	0m00s

Sentry traces: view spans for this run