xytara 2.6.0 → 2.7.0

package/RELEASE_NOTES.md

@@ -1,3 +1,14 @@
+# xytara 2.7.0 Release Notes
+
+`xytara` 2.7.0 is the expansion-closeout release line for package-hardening, clean-consumer release smoke testing, and disciplined adapter/product claim boundaries.
+
+Highlights:
+
+- ships `scripts/` in the npm artifact so packaged verification commands are available to consumers
+- adds release-candidate guards that fail if required verifier scripts are missing from `npm pack`
+- participates in the Naxytra release-smoke harness that installs packed tarballs into a clean consumer project before synchronized release
+- keeps the 2.6.0 expansion capabilities and adapter surfaces intact while closing the packaging reliability gap
+
 # xytara 2.6.0 Release Notes
 
 `xytara` 2.6.0 is the expansion release line for first-run execution polish, provider-backed adapter depth, and framework reference adapters while preserving the existing machine-commerce, settlement, observability, and release surfaces.

package/lib/release_history.js

@@ -10,6 +10,18 @@ function buildReleaseHistory() {
     current_version: packageJson.version,
     release_track: "public_release",
     history: [
+      {
+        version: "2.7.0",
+        channel: "public_release",
+        maturity_posture: "expansion_closeout",
+        headline: "expansion-closeout release with package-hardening, clean-consumer release smoke testing, and disciplined adapter claim boundaries",
+        milestone_refs: [
+          "npm_packaged_verification_scripts",
+          "release_candidate_packaging_guard",
+          "clean_consumer_release_smoke",
+          "expansion_closeout_claim_boundaries"
+        ]
+      },
       {
         version: "2.6.0",
         channel: "public_release",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "xytara",
-  "version": "2.6.0",
+  "version": "2.7.0",
   "description": "Agent-commerce runtime for quote, pay, execute, deliver, meter, and integrate.",
   "main": "index.js",
   "bin": {
@@ -35,6 +35,7 @@
     "client.js",
     "server.js",
     "bin/",
+    "scripts/",
     "fixtures/",
     "integrations/",
     "lib/",

package/scripts/generate_treasury_destinations.js

@@ -0,0 +1,195 @@
+"use strict";
+
+const fs = require("fs");
+const path = require("path");
+const readline = require("readline/promises");
+const { stdin: input, stdout: output } = require("process");
+
+const TEMPLATE_PATH = path.resolve(__dirname, "..", "TREASURY_DESTINATIONS.production.template.json");
+const DEFAULT_OUTPUT_PATH = path.resolve(__dirname, "..", "TREASURY_DESTINATIONS.production.json");
+
+const RAIL_ORDER = [
+  "bsv_teranode",
+  "evm",
+  "base",
+  "usdc",
+  "dai",
+  "solana_payment",
+  "xpr_payment",
+  "antelope_payment",
+  "monero"
+];
+
+const RAIL_HELP = {
+  bsv_teranode: "BSV treasury receive address or paymail.",
+  evm: "Ethereum mainnet treasury receive address.",
+  base: "Base treasury receive address.",
+  usdc: "USDC treasury receive address on the chain you actually use.",
+  dai: "DAI treasury receive address on the chain you actually use.",
+  solana_payment: "Solana treasury receive address.",
+  xpr_payment: "Proton/XPR treasury account or address.",
+  antelope_payment: "Antelope treasury account or address.",
+  monero: "Monero treasury receive address. Keep this internal-only unless truly needed."
+};
+
+function loadTemplate() {
+  return JSON.parse(fs.readFileSync(TEMPLATE_PATH, "utf8"));
+}
+
+function parseArgs(argv) {
+  const args = { outputPath: DEFAULT_OUTPUT_PATH };
+  for (let i = 0; i < argv.length; i += 1) {
+    const part = argv[i];
+    if (part === "--output" && argv[i + 1]) {
+      args.outputPath = path.resolve(process.cwd(), argv[i + 1]);
+      i += 1;
+    } else if (part === "--include-monero") {
+      args.includeMonero = true;
+    }
+  }
+  return args;
+}
+
+function slugFromRail(rail) {
+  return String(rail || "").replace(/_payment$/, "").replace(/[^a-z0-9]+/gi, "_").replace(/^_+|_+$/g, "").toLowerCase();
+}
+
+function defaultRef(prefix, rail, suffix = "primary") {
+  return `${prefix}.${slugFromRail(rail)}.${suffix}`;
+}
+
+function defaultStorageClassForRail(rail) {
+  if (rail === "bsv_teranode") return "cold_primary";
+  if (rail === "monero") return "isolated_policy_gated";
+  return "warm_operational";
+}
+
+function defaultProviderRefForRail(rail) {
+  if (rail === "bsv_teranode") return "";
+  if (rail === "usdc" || rail === "dai") return "";
+  return defaultRef("rpc", rail);
+}
+
+function defaultWalletRefForRail(rail) {
+  if (rail === "bsv_teranode") return "";
+  if (rail === "monero") return "";
+  return defaultRef("wallet", rail);
+}
+
+function defaultReportingRefForRail(rail) {
+  if (rail === "monero") return "ledger.monero.internal";
+  return defaultRef("ledger", rail);
+}
+
+function defaultCustodyRefForRail(rail) {
+  if (rail === "monero") return "vault.monero.policy_gated";
+  return defaultRef("vault", rail);
+}
+
+function validateLikelyAddress(rail, value) {
+  if (!value) return null;
+  if (rail === "evm" || rail === "base" || rail === "usdc" || rail === "dai") {
+    return /^0x[a-fA-F0-9]{40}$/.test(value) ? null : "Expected a 0x-prefixed 20-byte EVM address.";
+  }
+  if (rail === "solana_payment") {
+    return /^[1-9A-HJ-NP-Za-km-z]{32,44}$/.test(value) ? null : "Expected a likely Solana base58 address.";
+  }
+  return null;
+}
+
+async function ask(rl, prompt, fallback = "") {
+  const suffix = fallback ? ` [${fallback}]` : "";
+  const answer = (await rl.question(`${prompt}${suffix}: `)).trim();
+  return answer || fallback;
+}
+
+async function askYesNo(rl, prompt, fallback = true) {
+  const hint = fallback ? "Y/n" : "y/N";
+  const answer = (await rl.question(`${prompt} [${hint}]: `)).trim().toLowerCase();
+  if (!answer) return fallback;
+  return answer === "y" || answer === "yes";
+}
+
+function pruneEmptyStrings(entry) {
+  return Object.fromEntries(
+    Object.entries(entry).filter(([, value]) => value !== "")
+  );
+}
+
+async function buildRailEntry(rl, rail, templateEntry, args) {
+  if (rail === "monero" && !args.includeMonero) {
+    const wantsMonero = await askYesNo(rl, "Include Monero in this treasury file?", false);
+    if (!wantsMonero) return templateEntry;
+  }
+
+  output.write(`\n[${rail}] ${RAIL_HELP[rail] || ""}\n`);
+  const shouldConfigure = await askYesNo(rl, `Configure ${rail} now?`, rail !== "monero");
+  if (!shouldConfigure) return templateEntry;
+
+  const entry = { ...templateEntry };
+  const externalRef = await ask(rl, "external_ref", entry.external_ref || "");
+  const validationMessage = validateLikelyAddress(rail, externalRef);
+  if (validationMessage) {
+    output.write(`  Warning: ${validationMessage}\n`);
+  }
+  entry.external_ref = externalRef;
+
+  if (entry.destination_id) {
+    entry.destination_id = await ask(rl, "destination_id", entry.destination_id);
+  }
+  if (entry.destination_kind) {
+    entry.destination_kind = await ask(rl, "destination_kind", entry.destination_kind);
+  }
+  if (Object.prototype.hasOwnProperty.call(entry, "network")) {
+    entry.network = await ask(rl, "network", entry.network || "mainnet");
+  }
+  if (Object.prototype.hasOwnProperty.call(entry, "chain_id")) {
+    entry.chain_id = await ask(rl, "chain_id", entry.chain_id || "");
+  }
+  if (Object.prototype.hasOwnProperty.call(entry, "asset_symbol")) {
+    entry.asset_symbol = await ask(rl, "asset_symbol", entry.asset_symbol || "");
+  }
+  if (Object.prototype.hasOwnProperty.call(entry, "policy_scope")) {
+    entry.policy_scope = await ask(rl, "policy_scope", entry.policy_scope || "internal_optional_privacy_reserve");
+  }
+
+  entry.custody_ref = await ask(rl, "custody_ref", defaultCustodyRefForRail(rail));
+  entry.reporting_ref = await ask(rl, "reporting_ref", defaultReportingRefForRail(rail));
+
+  if (Object.prototype.hasOwnProperty.call(entry, "wallet_ref")) {
+    entry.wallet_ref = await ask(rl, "wallet_ref", defaultWalletRefForRail(rail));
+  }
+  if (Object.prototype.hasOwnProperty.call(entry, "provider_ref")) {
+    entry.provider_ref = await ask(rl, "provider_ref", defaultProviderRefForRail(rail));
+  }
+
+  entry.storage_class = await ask(rl, "storage_class", defaultStorageClassForRail(rail));
+  return pruneEmptyStrings(entry);
+}
+
+async function main() {
+  const args = parseArgs(process.argv.slice(2));
+  const template = loadTemplate();
+  const rl = readline.createInterface({ input, output });
+
+  output.write("xytara treasury destination generator\n");
+  output.write("This script does not create wallets or keys. It builds TREASURY_DESTINATIONS.production.json from the receive destinations you already control.\n");
+  output.write(`Template: ${TEMPLATE_PATH}\n`);
+  output.write(`Output:   ${args.outputPath}\n`);
+
+  const result = {};
+  for (const rail of RAIL_ORDER) {
+    result[rail] = await buildRailEntry(rl, rail, template[rail], args);
+  }
+
+  await rl.close();
+
+  fs.writeFileSync(args.outputPath, `${JSON.stringify(result, null, 2)}\n`, "utf8");
+  output.write(`\nWrote ${args.outputPath}\n`);
+  output.write("Upload this file to Render Secret Files, then set XYTARA_TREASURY_DESTINATIONS_PATH=./TREASURY_DESTINATIONS.production.json\n");
+}
+
+main().catch((error) => {
+  console.error(error && error.stack ? error.stack : error);
+  process.exitCode = 1;
+});

package/scripts/registry_cli.js

@@ -0,0 +1,275 @@
+"use strict";
+
+const fs = require("fs");
+const path = require("path");
+const {
+  createIntegrationRegistrySnapshotFromBundles,
+  exportIntegrationSubmissionBundleSet,
+  importIntegrationSubmissionBundle,
+  summarizeIntegrationPromotionActionPreview,
+  summarizeIntegrationPromotionActionSet,
+  summarizeIntegrationPromotionActionSetList,
+  summarizeIntegrationPromotionReadiness,
+  summarizeIntegrationPromotionWorkflow,
+  summarizeIntegrationPromotionWorkflowList,
+  summarizeIntegrationRegistrySnapshotReview,
+  summarizeIntegrationSubmissionBundleReview,
+  summarizeIntegrationSubmissionBundleSetReview,
+  validateIntegrationSubmissionBundle
+} = require("../integrations/registry");
+
+function readJson(filePath) {
+  return JSON.parse(fs.readFileSync(filePath, "utf8"));
+}
+
+function writeJson(payload) {
+  process.stdout.write(`${JSON.stringify(payload, null, 2)}\n`);
+}
+
+function resolveExampleBundle(name) {
+  const filename = name === "settlement"
+    ? "example-third-party-settlement-registration.submission-bundle.json"
+    : name === "identity"
+      ? "example-third-party-identity-registration.submission-bundle.json"
+    : "example-third-party-registration.submission-bundle.json";
+  return path.resolve(__dirname, "..", "adapters", "examples", filename);
+}
+
+function importExampleBundles() {
+  return [
+    importIntegrationSubmissionBundle(readJson(resolveExampleBundle("protocol")), {
+      source: "third_party_example",
+      protocols: ["mcp"],
+      execution_backends: ["mcp"],
+      adapter_lanes: ["mcp"],
+      task_refs: ["adapter.mcp.invoke"]
+    }),
+    importIntegrationSubmissionBundle(readJson(resolveExampleBundle("identity")), {
+      source: "third_party_example",
+      protocols: [],
+      execution_backends: ["http", "chain"],
+      adapter_lanes: ["http", "chain"],
+      task_refs: ["registry.register", "trust.handoff.emit", "trust.handoff.validate"]
+    }),
+    importIntegrationSubmissionBundle(readJson(resolveExampleBundle("settlement")), {
+      source: "third_party_example",
+      protocols: [],
+      execution_backends: ["chain"],
+      adapter_lanes: ["chain"],
+      task_refs: ["anchoring.submit"]
+    })
+  ];
+}
+
+function parseArgs(argv) {
+  const [command, ...rest] = argv;
+  const options = {};
+  for (let index = 0; index < rest.length; index += 1) {
+    const token = rest[index];
+    if (!token.startsWith("--")) continue;
+    const key = token.slice(2);
+    const next = rest[index + 1];
+    if (!next || next.startsWith("--")) {
+      options[key] = true;
+      continue;
+    }
+    options[key] = next;
+    index += 1;
+  }
+  return {
+    command: command || "",
+    options
+  };
+}
+
+function runValidateBundle(options) {
+  const filePath = options.file
+    ? path.resolve(process.cwd(), options.file)
+    : resolveExampleBundle(options.example === "settlement" ? "settlement" : options.example === "identity" ? "identity" : "protocol");
+  const bundle = readJson(filePath);
+  const validation = validateIntegrationSubmissionBundle(bundle);
+  writeJson({
+    ok: validation.ok,
+    file: filePath,
+    errors: validation.errors
+  });
+  process.exitCode = validation.ok ? 0 : 1;
+}
+
+function runExportBundleSet(options) {
+  const payload = exportIntegrationSubmissionBundleSet({
+    source: "third_party_example",
+    bundled: "false"
+  }, options.notes || "generated by registry_cli");
+  writeJson(payload);
+}
+
+function runExportSnapshot(options) {
+  const snapshot = createIntegrationRegistrySnapshotFromBundles(
+    importExampleBundles(),
+    { source: "third_party_example" },
+    { source: "third_party_example" }
+  );
+  writeJson({
+    generated_by: "registry_cli",
+    mode: options.mode || "examples",
+    snapshot
+  });
+}
+
+function runReviewBundle(options) {
+  const filePath = options.file
+    ? path.resolve(process.cwd(), options.file)
+    : resolveExampleBundle(options.example === "settlement" ? "settlement" : options.example === "identity" ? "identity" : "protocol");
+  const bundle = readJson(filePath);
+  writeJson({
+    file: filePath,
+    review: summarizeIntegrationSubmissionBundleReview(bundle)
+  });
+}
+
+function runReviewBundleSet(options) {
+  const payload = exportIntegrationSubmissionBundleSet({
+    source: "third_party_example",
+    bundled: "false"
+  }, options.notes || "generated by registry_cli");
+  writeJson({
+    review: summarizeIntegrationSubmissionBundleSetReview(payload)
+  });
+}
+
+function runReviewSnapshot() {
+  const snapshot = createIntegrationRegistrySnapshotFromBundles(
+    importExampleBundles(),
+    { source: "third_party_example" },
+    { source: "third_party_example" }
+  );
+  writeJson({
+    review: summarizeIntegrationRegistrySnapshotReview(snapshot)
+  });
+}
+
+function runPromotionReadiness(options) {
+  const integrationId = options.integration || "partner.protocol.acme_mcp";
+  writeJson({
+    integration_id: integrationId,
+    review: summarizeIntegrationPromotionReadiness(integrationId)
+  });
+}
+
+function runPromotionWorkflow(options) {
+  const integrationId = options.integration || "partner.protocol.acme_mcp";
+  writeJson({
+    integration_id: integrationId,
+    review: summarizeIntegrationPromotionWorkflow(integrationId)
+  });
+}
+
+function runPromotionWorkflowSummary(options) {
+  writeJson({
+    review: summarizeIntegrationPromotionWorkflowList({
+      source: options.source || "",
+      bundled: options.bundled || ""
+    })
+  });
+}
+
+function runPromotionActionPreview(options) {
+  writeJson({
+    review: summarizeIntegrationPromotionActionPreview({
+      integration_id: options.integration || "partner.protocol.acme_mcp",
+      action: options.action || "complete_certification"
+    })
+  });
+}
+
+function runPromotionActionSet(options) {
+  const integrationId = options.integration || "partner.protocol.acme_mcp";
+  writeJson({
+    integration_id: integrationId,
+    review: summarizeIntegrationPromotionActionSet(integrationId)
+  });
+}
+
+function runPromotionActionSetSummary(options) {
+  writeJson({
+    review: summarizeIntegrationPromotionActionSetList({
+      source: options.source || "",
+      bundled: options.bundled || ""
+    })
+  });
+}
+
+function main() {
+  const { command, options } = parseArgs(process.argv.slice(2));
+  if (command === "validate-bundle") {
+    runValidateBundle(options);
+    return;
+  }
+  if (command === "export-bundle-set") {
+    runExportBundleSet(options);
+    return;
+  }
+  if (command === "export-snapshot") {
+    runExportSnapshot(options);
+    return;
+  }
+  if (command === "review-bundle") {
+    runReviewBundle(options);
+    return;
+  }
+  if (command === "review-bundle-set") {
+    runReviewBundleSet(options);
+    return;
+  }
+  if (command === "review-snapshot") {
+    runReviewSnapshot();
+    return;
+  }
+  if (command === "promotion-readiness") {
+    runPromotionReadiness(options);
+    return;
+  }
+  if (command === "promotion-workflow") {
+    runPromotionWorkflow(options);
+    return;
+  }
+  if (command === "promotion-workflow-summary") {
+    runPromotionWorkflowSummary(options);
+    return;
+  }
+  if (command === "promotion-action-preview") {
+    runPromotionActionPreview(options);
+    return;
+  }
+  if (command === "promotion-action-set") {
+    runPromotionActionSet(options);
+    return;
+  }
+  if (command === "promotion-action-set-summary") {
+    runPromotionActionSetSummary(options);
+    return;
+  }
+
+  writeJson({
+    ok: false,
+    usage: [
+      "node scripts/registry_cli.js validate-bundle [--file <path>] [--example protocol|settlement]",
+      "node scripts/registry_cli.js validate-bundle [--file <path>] [--example identity]",
+      "node scripts/registry_cli.js export-bundle-set [--notes <text>]",
+      "node scripts/registry_cli.js export-snapshot",
+      "node scripts/registry_cli.js review-bundle [--file <path>] [--example protocol|identity|settlement]",
+      "node scripts/registry_cli.js review-bundle-set [--notes <text>]",
+      "node scripts/registry_cli.js review-snapshot",
+      "node scripts/registry_cli.js promotion-readiness [--integration <integration_id>]",
+      "node scripts/registry_cli.js promotion-workflow [--integration <integration_id>]",
+      "node scripts/registry_cli.js promotion-workflow-summary [--source <source>] [--bundled true|false]",
+      "node scripts/registry_cli.js promotion-action-preview [--integration <integration_id>] [--action <action>]",
+      "node scripts/registry_cli.js promotion-action-set [--integration <integration_id>]",
+      "node scripts/registry_cli.js promotion-action-set-summary [--source <source>] [--bundled true|false]"
+    ]
+  });
+  process.exitCode = 1;
+}
+
+main();