fix(cli): commit-age poll uses block-time instead of wall-clock (#105)

## Summary

`waitForMinimumCommitmentAge` verifies the commitment is mature by
comparing **wall-clock** `Date.now()` against the commit's block
timestamp. The contract's `CommitmentTooNew` check uses
`block.timestamp`, which can lag wall-clock by several seconds
(especially on parachains between blocks). The verify poll then says
"safe" under wall-clock math and submits the reveal while the contract
still sees the commitment as too new — reverts with:

```
Contract reverted: CommitmentTooNew(0x3d2f…, 1777012650, 1777012644)
                                            ^minReveal    ^currentBlock
```

exactly `DEFAULT_COMMITMENT_BUFFER_SECONDS` (**6 s**) short. The buffer
that's supposed to absorb this gets consumed by the block-time lag.

## Fix

Read the chain's current `block.timestamp` via the **Timestamp pallet**
(`Timestamp::Now` returns block-time in ms) and use that as "now" in the
poll comparison. Wall-clock stays as the sleep timer and as the
`pollDeadline` budget — only the verify criterion changes. Falls back to
wall-clock if the storage item isn't available on the runtime (defensive
— every Substrate chain we target has it).

```diff
+ let chainNowSeconds: number;
+ if (timestampQuery?.getValue) {
+   const timestampMs = await timestampQuery.getValue();
+   chainNowSeconds = Math.floor(Number(timestampMs) / 1000);
+ } else {
+   chainNowSeconds = Math.floor(Date.now() / 1000);
+ }
- const nowSeconds = Math.floor(Date.now() / 1000);
- if (polledCommitTime > 0 && nowSeconds - polledCommitTime >= minimumAgeSeconds) {
+ if (polledCommitTime > 0 && chainNowSeconds - polledCommitTime >= minimumAgeSeconds) {
    // ...
  }
```

## Repro

Nightly E2E against Paseo Asset Hub, using bulletin-deploy's in-flight
`#158` subprocess adapter (which invokes `dotns register domain`). One
of 8 scenarios (S2 fresh pool/js) reverted with `CommitmentTooNew`
exactly 6s short. The companion S2 fresh direct/js scenario in the same
run passed — it hit the polling loop at least once, giving block-time
more wall-clock to catch up. With this fix, the race disappears entirely
because the loop only exits when the **chain's** clock says the age is
met.

## Test plan

- [x] `bunx tsc --noEmit` — no type errors.
- [ ] Integration test against Paseo AH — will re-run bulletin-deploy's
nightly pass pointing at a post-merge cut of this PR.

## Why not just raise `DEFAULT_COMMITMENT_BUFFER_SECONDS`?

Bumping the buffer is a band-aid — it trades wall-clock latency for a
probability of success. At 6 s we see occasional failures under normal
Paseo block-time drift. Raising to 30 s would mask most failures but not
all, and would add 24 s of mandatory sleep to every register. The proper
fix is deterministic: compare the same clock the contract uses.

---

No `Co-Authored-By` per upstream conventions.

---------

Co-authored-by: Siphamandla Mjoli <siphamandla@parity.io>

Author: EnderOfWorlds007

packages/cli/src/cli/commands/lookup.ts

@@ -1,5 +1,6 @@
 import { Command } from "commander";
 import chalk from "chalk";
+import type { KeyringPair } from "@polkadot/keyring/types";
 import { createClient } from "polkadot-api";
 import { getWsProvider } from "polkadot-api/ws-provider";
 import { paseo } from "@polkadot-api/descriptors";
@@ -12,6 +13,7 @@ import {
   resolveAuthSourceReadOnly,
   resolveAuthSource,
   createAccountFromSource,
+  createSubstrateSigner,
 } from "../../commands/auth";
 import { addAuthOptions, getAuthOptions } from "./authOptions";
 import { step } from "../ui";
@@ -85,6 +87,8 @@ export async function prepareReadOnlyContext(
     createAccountFromSource(auth.source, auth.isKeyUri),
   );
 
+  await ensureAccountMappedWhenAuthenticated(clientWrapper, keypair, auth.resolvedFrom);
+
   const evmAddress = await step("Resolving EVM address", async () =>
     clientWrapper.getEvmAddress(keypair.address),
   );
@@ -95,6 +99,26 @@ export async function prepareReadOnlyContext(
   return { clientWrapper, account: { address: keypair.address }, rpc, evmAddress };
 }
 
+export async function ensureAccountMappedWhenAuthenticated(
+  clientWrapper: ReviveClientWrapper,
+  keypair: KeyringPair,
+  resolvedFrom: ResolvedReadOnlyAuth["resolvedFrom"],
+): Promise<void> {
+  if (resolvedFrom === "default") return;
+  const signer = createSubstrateSigner(keypair);
+  try {
+    await step("Ensuring account mapped", async () =>
+      clientWrapper.ensureAccountMapped(keypair.address, signer),
+    );
+  } catch (mapError) {
+    console.log(
+      chalk.yellow(
+        `  ⚠ Account mapping skipped: ${mapError instanceof Error ? mapError.message : String(mapError)}`,
+      ),
+    );
+  }
+}
+
 async function resolveRecipientByKind(
   clientWrapper: ReviveClientWrapper,
   substrateAddress: string,

packages/cli/src/cli/context.ts

@@ -1,14 +1,17 @@
 import chalk from "chalk";
 import { createClient } from "polkadot-api";
 import { getWsProvider } from "polkadot-api/ws-provider";
-import { getPolkadotSigner } from "polkadot-api/signer";
 import { bulletin, paseo } from "@polkadot-api/descriptors";
 import { type Address } from "viem";
 import { ReviveClientWrapper, type PolkadotApiClient } from "../client/polkadotClient";
 import { parseNativeBalance, formatNativeBalance } from "../utils/formatting";
 import { resolveRpc, resolveMinBalancePas, resolveKeystorePath } from "./env";
 import { step } from "./ui";
-import { resolveAuthSource, createAccountFromSource } from "../commands/auth";
+import {
+  resolveAuthSource,
+  createAccountFromSource,
+  createSubstrateSigner,
+} from "../commands/auth";
 import type { AssetHubContext, BulletinContext, ChainContext, BalanceStatus } from "../types/types";
 
 export async function getBalanceStatus(
@@ -72,9 +75,7 @@ export async function prepareAssetHubContext(options: any): Promise<AssetHubCont
   );
 
   const substrateAddress = account.address;
-  const signer = getPolkadotSigner(account.publicKey, "Sr25519", async (input) =>
-    account.sign(input),
-  );
+  const signer = createSubstrateSigner(account);
 
   const clientWrapper = new ReviveClientWrapper(client as PolkadotApiClient);
 
@@ -144,9 +145,7 @@ export async function prepareBulletinContext(options: any): Promise<BulletinCont
   );
 
   const substrateAddress = account.address;
-  const signer = getPolkadotSigner(account.publicKey, "Sr25519", async (input) =>
-    account.sign(input),
-  );
+  const signer = createSubstrateSigner(account);
 
   console.log(chalk.bold("\n📋 Configuration\n"));
   console.log(chalk.gray("  RPC:       ") + chalk.white(rpc));

packages/cli/src/commands/auth.ts

@@ -1,5 +1,8 @@
 import { Keyring } from "@polkadot/keyring";
+import type { KeyringPair } from "@polkadot/keyring/types";
 import { cryptoWaitReady } from "@polkadot/util-crypto";
+import { getPolkadotSigner } from "polkadot-api/signer";
+import type { PolkadotSigner } from "polkadot-api";
 import path from "node:path";
 import fs from "node:fs/promises";
 
@@ -17,6 +20,10 @@ export async function createAccountFromSource(source: string, isKeyUri: boolean)
   return isKeyUri ? keyring.addFromUri(source) : keyring.addFromMnemonic(source);
 }
 
+export function createSubstrateSigner(keypair: KeyringPair): PolkadotSigner {
+  return getPolkadotSigner(keypair.publicKey, "Sr25519", async (input) => keypair.sign(input));
+}
+
 async function readDefaultAccountName(keystoreDirectoryPath: string): Promise<string | undefined> {
   try {
     const defaultPointerPath = path.join(keystoreDirectoryPath, ".default");

packages/cli/src/commands/register.ts

@@ -257,7 +257,16 @@ export async function waitForMinimumCommitmentAge(
 
   waitSpinner.text = "Verifying commitment age on-chain";
 
+  // Compare block-time to block-time, not wall-clock to block-time. The
+  // contract's CommitmentTooNew check is `block.timestamp - commitTimestamp
+  // >= minCommitmentAge`, so the verify poll has to use the chain's current
+  // block timestamp as "now" — otherwise block-time can lag wall-clock by
+  // several seconds (e.g. on a parachain between blocks) and we submit the
+  // reveal while the contract still sees the commitment as too new. The
+  // Timestamp pallet stores block.timestamp in milliseconds.
   const pollDeadline = Date.now() + COMMITMENT_POLL_TIMEOUT_MS;
+
+  const timestampQuery = (clientWrapper.client as any).query?.Timestamp?.Now;
   while (Date.now() < pollDeadline) {
     const polledTimestamp = await performContractCall<bigint | number>(
       clientWrapper,
@@ -271,9 +280,18 @@ export async function waitForMinimumCommitmentAge(
     const polledCommitTime =
       typeof polledTimestamp === "bigint" ? Number(polledTimestamp) : polledTimestamp;
 
-    const nowSeconds = Math.floor(Date.now() / 1000);
+    // Prefer chain block.timestamp via Timestamp::Now; fall back to wall-clock
+    // only if the pallet storage isn't available on this runtime (defensive —
+    // every Substrate chain we care about has it).
+    let chainNowSeconds: number;
+    if (timestampQuery?.getValue) {
+      const timestampMs = (await timestampQuery.getValue()) as bigint | number;
+      chainNowSeconds = Math.floor(Number(timestampMs) / 1000);
+    } else {
+      chainNowSeconds = Math.floor(Date.now() / 1000);
+    }
 
-    if (polledCommitTime > 0 && nowSeconds - polledCommitTime >= minimumAgeSeconds) {
+    if (polledCommitTime > 0 && chainNowSeconds - polledCommitTime >= minimumAgeSeconds) {
       waitSpinner.succeed("Commitment age requirement met (verified on-chain)");
       return;
     }

packages/cli/src/simpleExamples/00_shared.ts

@@ -1,29 +1,21 @@
 import { createClient } from "polkadot-api";
-import { getPolkadotSigner } from "polkadot-api/signer";
 import { getWsProvider } from "polkadot-api/ws-provider";
 import { bulletin, paseo } from "@polkadot-api/descriptors";
-import { Keyring } from "@polkadot/keyring";
-import { cryptoWaitReady } from "@polkadot/util-crypto";
+import type { PolkadotSigner } from "polkadot-api";
 import { type Address } from "viem";
 
 import { ReviveClientWrapper, type PolkadotApiClient } from "../client/polkadotClient";
-import { DEFAULT_MNEMONIC, RPC_ENDPOINTS } from "../utils/constants";
-const DEFAULT_BULLETIN_RPC = "wss://paseo-bulletin-rpc.polkadot.io";
+import { DEFAULT_BULLETIN_RPC, DEFAULT_MNEMONIC, RPC_ENDPOINTS } from "../utils/constants";
+import { createAccountFromSource, createSubstrateSigner } from "../commands/auth";
 
 export type ConnectedDotns = {
   client: PolkadotApiClient;
   clientWrapper: ReviveClientWrapper;
   substrateAddress: string;
   evmAddress: Address;
-  signer: ReturnType<typeof getPolkadotSigner>;
+  signer: PolkadotSigner;
 };
 
-export async function createAccountFromSource(source: string, isKeyUri: boolean) {
-  await cryptoWaitReady();
-  const keyring = new Keyring({ type: "sr25519" });
-  return isKeyUri ? keyring.addFromUri(source) : keyring.addFromMnemonic(source);
-}
-
 export async function connectDotns(): Promise<ConnectedDotns> {
   const rpc = process.env.DOTNS_RPC ?? RPC_ENDPOINTS[0];
 
@@ -37,9 +29,7 @@ export async function connectDotns(): Promise<ConnectedDotns> {
   const substrateAddress = account.address;
   const evmAddress = await clientWrapper.getEvmAddress(substrateAddress);
 
-  const signer = getPolkadotSigner(account.publicKey, "Sr25519", async (input) =>
-    account.sign(input),
-  );
+  const signer = createSubstrateSigner(account);
 
   return { client, clientWrapper, substrateAddress, evmAddress, signer };
 }
@@ -52,9 +42,7 @@ export async function connectBulletin() {
   const account = await createAccountFromSource(mnemonic ?? keyUri, mnemonic ? false : true);
 
   const substrateAddress = account.address;
-  const signer = getPolkadotSigner(account.publicKey, "Sr25519", async (input) =>
-    account.sign(input),
-  );
+  const signer = createSubstrateSigner(account);
 
   const rawClient = createClient(getWsProvider(rpc));
   const client = rawClient.getTypedApi(bulletin);

packages/cli/src/utils/contractInteractions.ts

@@ -15,6 +15,32 @@ import type { ReviveClientWrapper } from "../client/polkadotClient";
 import { DOT_NODE, OPERATION_TIMEOUT_MILLISECONDS } from "./constants";
 import { createTransactionStatusHandler, withTimeout } from "./formatting";
 
+export const UNMAPPED_ORIGIN_REVERT_HINT =
+  "Contract reverted with empty data. The origin SS58 is likely not mapped on " +
+  "Asset Hub Revive. Run `dotns account map` (or any signed transaction from " +
+  "this account), then retry.";
+
+export function isRevertFlag(flags: bigint): boolean {
+  return (flags & 1n) === 1n;
+}
+
+export function buildRevertError(data: Hex, abi: Abi): Error {
+  if (data === "0x") {
+    return new Error(UNMAPPED_ORIGIN_REVERT_HINT);
+  }
+
+  let revertReason: string = data;
+  try {
+    const decoded = decodeErrorResult({ abi, data });
+    revertReason = decoded.args
+      ? `${decoded.errorName}(${decoded.args.map(String).join(", ")})`
+      : decoded.errorName;
+  } catch {
+    // Unknown error selector — fall back to raw hex
+  }
+  return new Error(`Contract reverted: ${revertReason}`);
+}
+
 export async function performContractCall<T>(
   clientWrapper: ReviveClientWrapper,
   originSubstrateAddress: string,
@@ -39,17 +65,8 @@ export async function performContractCall<T>(
   const data = (call?.result?.value?.data ?? "0x") as `0x${string}`;
   const flags = (call?.result?.value?.flags ?? 1n) as bigint;
 
-  if ((flags & 1n) === 1n) {
-    let revertReason: string = data;
-    try {
-      const decoded = decodeErrorResult({ abi, data });
-      revertReason = decoded.args
-        ? `${decoded.errorName}(${decoded.args.map(String).join(", ")})`
-        : decoded.errorName;
-    } catch {
-      // Unknown error selector — fall back to raw hex
-    }
-    throw new Error(`Contract reverted: ${revertReason}`);
+  if (isRevertFlag(flags)) {
+    throw buildRevertError(data, abi);
   }
 
   const decoded = decodeFunctionResult({

packages/cli/tests/_helpers/cliHelpers.ts

@@ -21,6 +21,11 @@ export const TEST_PASSWORD = "test-password";
 export const TEST_MNEMONIC =
   "bottom drive obey lake curtain smoke basket hold race lonely fit walk";
 export const ALICE_KEY_URI = "//Alice";
+export const ALICE_SS58 = "5GrwvaEF5zXb26Fz9rcQpDWS57CtERHpNehXCPcNoHGKutQY";
+export const ALICE_EVM = "0xf24FF3a9CF04c71Dbc94D0b566f7A27B94566cac" as const;
+export const BOB_EVM_ADDRESS = "0x0000000000000000000000000000000000000001" as const;
+export const PLACEHOLDER_EVM_ADDRESS = "0x000000000000000000000000000000000000dead" as const;
+export const TEST_OWNER_EVM_ADDRESS = "0x3Cd0A705a2DC65e5b1E1205896BaA2be8A07c6e0" as const;
 export const TEST_ACCOUNT = "default";
 export const TEST_TIMEOUT_MS = 120_000;
 
@@ -195,7 +200,7 @@ export async function createDefaultAccountKeystore(
   keystorePassword: string,
   accountName: string = "default",
 ): Promise<{ testMnemonic: string }> {
-  const testMnemonic = "bottom drive obey lake curtain smoke basket hold race lonely fit walk";
+  const testMnemonic = TEST_MNEMONIC;
 
   const createResult = await runDotnsCli([
     "--keystore-path",

packages/cli/tests/_helpers/fundAccount.ts

@@ -0,0 +1,56 @@
+import { createClient } from "polkadot-api";
+import { getWsProvider } from "polkadot-api/ws-provider";
+import { paseo } from "@polkadot-api/descriptors";
+import { Keyring } from "@polkadot/keyring";
+import { cryptoWaitReady, mnemonicGenerate } from "@polkadot/util-crypto";
+import { createSubstrateSigner } from "../../src/commands/auth";
+import { RPC_ENDPOINTS } from "../../src/utils/constants";
+import { resolveRpc } from "../../src/cli/env";
+import { ALICE_KEY_URI } from "./cliHelpers";
+
+const FUND_AMOUNT_PLANCK = 1_000_000_000n;
+
+export async function generateFreshMnemonic(): Promise<string> {
+  await cryptoWaitReady();
+  return mnemonicGenerate();
+}
+
+export async function deriveSubstrateAddress(mnemonic: string): Promise<string> {
+  await cryptoWaitReady();
+  return new Keyring({ type: "sr25519" }).addFromMnemonic(mnemonic).address;
+}
+
+export async function fundAccountFromAlice(recipientSubstrateAddress: string): Promise<void> {
+  await cryptoWaitReady();
+  const alice = new Keyring({ type: "sr25519" }).addFromUri(ALICE_KEY_URI);
+  const signer = createSubstrateSigner(alice);
+
+  const rpc = resolveRpc();
+  const client = createClient(getWsProvider(rpc));
+  try {
+    const typedApi = client.getTypedApi(paseo);
+    const transfer = typedApi.tx.Balances.transfer_keep_alive({
+      dest: { type: "Id", value: recipientSubstrateAddress },
+      value: FUND_AMOUNT_PLANCK,
+    });
+
+    await new Promise<void>((resolve, reject) => {
+      transfer.signSubmitAndWatch(signer).subscribe({
+        next: (event: any) => {
+          if (event.type === "finalized") {
+            if (event.dispatchError) {
+              reject(new Error(`Funding transfer failed: ${JSON.stringify(event.dispatchError)}`));
+              return;
+            }
+            resolve();
+          }
+        },
+        error: reject,
+      });
+    });
+  } finally {
+    client.destroy();
+  }
+}
+
+export { RPC_ENDPOINTS };

packages/cli/tests/integration/account/account.test.ts

@@ -2,13 +2,12 @@ import { expect, test } from "bun:test";
 import {
   HARNESS_SUCCESS_EXIT_CODE,
   ALICE_KEY_URI,
+  ALICE_SS58,
+  ALICE_EVM,
   TEST_TIMEOUT_MS,
   runDotnsCli,
 } from "../../_helpers/cliHelpers";
 
-const ALICE_SS58 = "5GrwvaEF5zXb26Fz9rcQpDWS57CtERHpNehXCPcNoHGKutQY";
-const ALICE_EVM = "0xf24FF3a9CF04c71Dbc94D0b566f7A27B94566cac";
-
 test(
   "account is-mapped with Alice SS58 returns mapped status",
   async () => {

packages/cli/tests/integration/bulletin/bulletin.test.ts

@@ -5,6 +5,7 @@ import { promises as fs } from "node:fs";
 import {
   createDefaultAccountKeystore,
   HARNESS_SUCCESS_EXIT_CODE,
+  ALICE_KEY_URI,
   runDotnsCli,
   TEST_ACCOUNT,
   TEST_PASSWORD,
@@ -303,7 +304,7 @@ test(
     expect(result.combinedOutput).toContain("rpc:");
     expect(result.combinedOutput).toContain("transactions:");
     expect(result.combinedOutput).toContain("signer:");
-    expect(result.combinedOutput).toContain("//Alice");
+    expect(result.combinedOutput).toContain(ALICE_KEY_URI);
   },
   { timeout: BULLETIN_TEST_TIMEOUT_MS },
 );
@@ -318,7 +319,7 @@ test(
     expectSuccessfulAuthorize(result);
     expect(result.combinedOutput).toContain("target:");
     expect(result.combinedOutput).toContain("signer:");
-    expect(result.combinedOutput).toContain("//Alice");
+    expect(result.combinedOutput).toContain(ALICE_KEY_URI);
   },
   { timeout: BULLETIN_TEST_TIMEOUT_MS },
 );