chore: bump bulletin-deploy to 0.6.9 (stable)

[UtkarshBhardwaj007]

Summary

• Bumps bulletin-deploy from 0.6.9-rc.6 → 0.6.9 (now released as stable).
• Drop-in upgrade — our integration surface is unchanged. 147/147 tests pass.
• Updates CLAUDE.md + README to drop "we're on an RC" wording and state the general "pin an explicit version, don't trust latest" rule.

What's in 0.6.9 since our rc.6 pin

Two substantive upstream commits:

1. fix(dotns, #101) — Lite signers are now correctly rejected on NoStatus labels, matching the on-chain PopRules contract. Previously a Lite user could pass the classifier only to have the subsequent register() revert. Internal correctness fix.
2. feat(dotns, #102) — New public DotNS.preflight(label) method, and bulletin-deploy's own deploy() now runs that preflight BEFORE opening the Bulletin WebSocket. Net effect: deploys doomed to fail DotNS registration (bad label, reserved base name, domain owned by someone else, unresolvable PoP gate) now abort with zero Bulletin bytes uploaded. Also exports simulateUserStatus and popStatusName helpers. Additive — no existing API changed.

Full release notes: https://github.com/paritytech/bulletin-deploy/releases/tag/v0.6.9

Breaking changes audit

None for us. We verified the four public APIs we depend on are still present and typed the same way:

• deploy(content, domainName, options) — ✓
• DotNS#connect(options) — ✓
• DotNS#classifyName(label) — ✓
• DotNS#checkOwnership(label, ownerAddress?) — ✓
• DotNS#disconnect() — ✓

Our DeployOptions usage (rpc, signer, signerAddress, mnemonic, attributes) is a strict subset of what 0.6.9 accepts. We still don't pass jsMerkle: true (known-broken, falls back to Kubo binary) — unchanged.

Interplay with our own preflight

We already have our own checkDomainAvailability() that runs at domain-input time in the TUI (and before build in headless mode). bulletin-deploy 0.6.9's internal dotns.preflight() runs later in the pipeline — after the account-mapping check, before getProvider(). These are complementary:

• Ours = eager, UX-friendly (catch before user confirms).
• Theirs = defense in depth (catches edge cases that flip state between our check and the actual deploy).

No deduplication needed.

Test plan

• pnpm install — clean install, lockfile updated
• pnpm exec tsc --noEmit — clean
• pnpm test — 17 files, 147 tests pass
• pnpm format:check — clean
• Smoke: dot deploy against an existing owned domain → "Already owned by you — will update the existing deployment"
• Smoke: dot deploy with a Reserved name → aborts at availability check; no Bulletin bytes

[github-actions]

Dev build ready — try this branch:

curl -fsSL https://raw.githubusercontent.com/paritytech/playground-cli/main/install.sh | VERSION=dev/bump-bulletin-deploy-0.6.9 bash

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	bulletin-deploy@​0.6.9-rc.6 ⏵ 0.6.9	+1		+1	+1

View full report