xytara 2.7.0 → 2.8.0

package/lib/release_history.js

@@ -10,6 +10,19 @@ function buildReleaseHistory() {
     current_version: packageJson.version,
     release_track: "public_release",
     history: [
+      {
+        version: "2.8.0",
+        channel: "public_release",
+        maturity_posture: "release_boundary_hardened",
+        headline: "release-boundary hardening with provider promotion evidence gates, pricing experiment guardrails, treasury public-claim safety, and read-only operator observability boundaries",
+        milestone_refs: [
+          "framework_provider_promotion_evidence_gate",
+          "pricing_experiment_plan_gate",
+          "pricing_experiment_launch_gate",
+          "treasury_public_claim_boundary",
+          "operator_observability_read_only_boundary"
+        ]
+      },
       {
         version: "2.7.0",
         channel: "public_release",

package/lib/treasury_destinations_contract.js

@@ -177,6 +177,30 @@ const RAIL_PROFILES = [
   }
 ];
 
+const TREASURY_PUBLIC_BOUNDARY_REJECTION_CODES = [
+  "public_custody_destination_leak",
+  "public_external_ref_leak",
+  "public_custody_ref_leak",
+  "public_reporting_ref_leak",
+  "public_wallet_ref_leak",
+  "public_provider_ref_leak",
+  "internal_rail_public_claimed",
+  "readiness_only_rail_public_claimed",
+  "claim_boundary_mismatch",
+  "unsupported_live_claim_rail",
+  "operator_visibility_rule_missing"
+];
+
+const SENSITIVE_PUBLIC_DESTINATION_FIELDS = [
+  "external_ref",
+  "custody_ref",
+  "reporting_ref",
+  "wallet_ref",
+  "provider_ref",
+  "merchant_address",
+  "merchant_paymail"
+];
+
 function classifyDestinationSource(profile, paymentConfig) {
   const settlementMode = profile.settlement_mode;
   const mapEntry = paymentConfig.treasury_destinations_by_settlement_mode[settlementMode];
@@ -432,6 +456,7 @@ function buildOperatorTreasuryDestinationsPack() {
       ? "claim_only_the_rails_with_real_configured_destinations_as_live_landing_paths"
       : "no_multi-rail_operational_claims_until_real_destinations_exist",
     custody_visibility_rule: "do_not_expose_real_external_refs_or_custody_refs_on_public_surfaces",
+    deterministic_rejection_codes: TREASURY_PUBLIC_BOUNDARY_REJECTION_CODES.slice(),
     config_examples: Object.fromEntries(RAIL_PROFILES.map((profile) => [profile.settlement_mode, profile.config_template]))
   };
 }
@@ -458,6 +483,7 @@ function buildTreasuryDestinationsPack() {
     operator_rule: operatorPack.operator_rule,
     claim_discipline_rule: "unsupported_or_unconfigured_rails_may_be_listed_as_architecture_but_not_as_live_landing_paths",
     privacy_rule: "public_surfaces_must_not_expose_real_treasury_landing_refs_or_custody_provider_refs",
+    deterministic_rejection_codes: TREASURY_PUBLIC_BOUNDARY_REJECTION_CODES.slice(),
     config_examples: operatorPack.config_examples
   };
 }
@@ -475,6 +501,7 @@ function summarizeTreasuryDestinationsPack() {
     readiness_only_profile_count: pack.readiness_summary.readiness_only_profile_count,
     reporting_gap_count: pack.readiness_summary.reporting_gap_count,
     internal_only_profile_count: pack.profiles.filter((entry) => entry.compliance_posture === "internal_only_policy_gated").length,
+    deterministic_rejection_code_count: pack.deterministic_rejection_codes.length,
     public_claim_boundary: pack.public_claim_boundary,
     linked_surfaces: pack.supported_surfaces
   };
@@ -493,6 +520,7 @@ function summarizeOperatorTreasuryDestinationsPack() {
     readiness_only_profile_count: pack.readiness_summary.readiness_only_profile_count,
     reporting_gap_count: pack.readiness_summary.reporting_gap_count,
     internal_only_profile_count: pack.profiles.filter((entry) => entry.compliance_posture === "internal_only_policy_gated").length,
+    deterministic_rejection_code_count: pack.deterministic_rejection_codes.length,
     public_claim_boundary: pack.public_claim_boundary,
     linked_surfaces: pack.supported_surfaces
   };
@@ -534,10 +562,80 @@ function buildTreasuryDestinationValidationPreview(input) {
   }
 }
 
+function arraysEqual(left, right) {
+  const leftSorted = (Array.isArray(left) ? left : []).slice().sort();
+  const rightSorted = (Array.isArray(right) ? right : []).slice().sort();
+  return leftSorted.length === rightSorted.length && leftSorted.every((entry, index) => entry === rightSorted[index]);
+}
+
+function validateTreasuryDestinationPublicBoundary(packInput) {
+  const pack = packInput || buildTreasuryDestinationsPack();
+  const profiles = Array.isArray(pack.profiles) ? pack.profiles : [];
+  const boundary = pack.public_claim_boundary || {};
+  const rejectionCodes = [];
+  const liveClaimableRails = profiles.filter((entry) => entry && entry.public_claim_allowed).map((entry) => entry.rail_id);
+  const internalOnlyRails = profiles
+    .filter((entry) => entry && entry.compliance_posture === "internal_only_policy_gated")
+    .map((entry) => entry.rail_id);
+  const readinessOnlyRails = profiles
+    .filter((entry) => entry && !entry.public_claim_allowed && entry.compliance_posture !== "internal_only_policy_gated")
+    .map((entry) => entry.rail_id);
+
+  for (const profile of profiles) {
+    if (!profile) continue;
+    if (profile.custody_destination != null) {
+      rejectionCodes.push("public_custody_destination_leak");
+    }
+    const visibility = profile.destination_visibility || {};
+    for (const fieldName of SENSITIVE_PUBLIC_DESTINATION_FIELDS) {
+      if (visibility[fieldName] != null) {
+        rejectionCodes.push(`public_${fieldName}_leak`);
+      }
+      if (profile[fieldName] != null) {
+        rejectionCodes.push(`public_${fieldName}_leak`);
+      }
+    }
+    if (profile.compliance_posture === "internal_only_policy_gated" && profile.public_claim_allowed === true) {
+      rejectionCodes.push("internal_rail_public_claimed");
+    }
+    if (boundary.readiness_only_rails && boundary.readiness_only_rails.includes(profile.rail_id) && profile.public_claim_allowed === true) {
+      rejectionCodes.push("readiness_only_rail_public_claimed");
+    }
+  }
+
+  const boundaryLiveRails = Array.isArray(boundary.live_claimable_rails) ? boundary.live_claimable_rails : [];
+  const boundaryReadinessRails = Array.isArray(boundary.readiness_only_rails) ? boundary.readiness_only_rails : [];
+  const boundaryInternalRails = Array.isArray(boundary.internal_only_rails) ? boundary.internal_only_rails : [];
+  if (
+    !arraysEqual(liveClaimableRails, boundaryLiveRails)
+    || !arraysEqual(readinessOnlyRails, boundaryReadinessRails)
+    || !arraysEqual(internalOnlyRails, boundaryInternalRails)
+  ) {
+    rejectionCodes.push("claim_boundary_mismatch");
+  }
+  if (boundaryLiveRails.some((railId) => !profiles.some((entry) => entry && entry.rail_id === railId && entry.public_claim_allowed === true))) {
+    rejectionCodes.push("unsupported_live_claim_rail");
+  }
+  if (pack.category === "machine-commerce-operator-treasury-destinations-pack"
+    && pack.custody_visibility_rule !== "do_not_expose_real_external_refs_or_custody_refs_on_public_surfaces") {
+    rejectionCodes.push("operator_visibility_rule_missing");
+  }
+
+  return {
+    validation_version: "xytara-treasury-public-boundary-validation-v1",
+    public_boundary_valid: rejectionCodes.length === 0,
+    rejection_codes: Array.from(new Set(rejectionCodes)),
+    deterministic_rejection_codes: TREASURY_PUBLIC_BOUNDARY_REJECTION_CODES.slice(),
+    public_claim_boundary: boundary,
+    boundary: "public_treasury_surfaces_must_not_expose_landing_or_custody_refs_and_must_match_claim_allowed_state"
+  };
+}
+
 module.exports = {
   buildOperatorTreasuryDestinationsPack,
   summarizeOperatorTreasuryDestinationsPack,
   buildTreasuryDestinationsPack,
   summarizeTreasuryDestinationsPack,
-  buildTreasuryDestinationValidationPreview
+  buildTreasuryDestinationValidationPreview,
+  validateTreasuryDestinationPublicBoundary
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "xytara",
-  "version": "2.7.0",
+  "version": "2.8.0",
   "description": "Agent-commerce runtime for quote, pay, execute, deliver, meter, and integrate.",
   "main": "index.js",
   "bin": {
@@ -72,12 +72,16 @@
     "verify:package": "node scripts/verify_all.js",
     "verify:integrations": "node scripts/verify_integrations.js",
     "verify:adapters": "node scripts/verify_adapters.js",
+    "verify:framework-provider-promotion": "node scripts/verify_framework_provider_promotion.js",
+    "verify:operator-observability-boundary": "node scripts/verify_operator_observability_boundary.js",
+    "verify:pricing-experiment-plan": "node scripts/verify_pricing_experiment_plan.js",
+    "verify:treasury-public-boundary": "node scripts/verify_treasury_public_boundary.js",
     "verify:tooling": "node scripts/verify_tooling.js",
     "verify:examples": "node scripts/verify_examples.js",
     "verify:service": "node scripts/verify_service.js",
     "verify:release-candidate": "node scripts/verify_release_candidate.js",
     "verify:production-readiness": "node scripts/verify_production_readiness.js",
-    "verify:all": "node scripts/verify_all.js && node scripts/verify_integrations.js && node scripts/verify_adapters.js && node scripts/verify_tooling.js && node scripts/verify_examples.js && node scripts/verify_service.js",
+    "verify:all": "node scripts/verify_all.js && node scripts/verify_integrations.js && node scripts/verify_adapters.js && node scripts/verify_framework_provider_promotion.js && node scripts/verify_operator_observability_boundary.js && node scripts/verify_pricing_experiment_plan.js && node scripts/verify_treasury_public_boundary.js && node scripts/verify_tooling.js && node scripts/verify_examples.js && node scripts/verify_service.js",
     "prepublishOnly": "npm run verify:release-candidate"
   }
 }

package/scripts/verify_framework_provider_promotion.js

@@ -0,0 +1,152 @@
+"use strict";
+
+const assert = require("assert");
+const {
+  FRAMEWORK_PROVIDER_CANDIDATES,
+  buildFrameworkProviderPromotionPack,
+  summarizeFrameworkProviderPromotionPack,
+  validateFrameworkProviderPromotionEvidence
+} = require("../lib/framework_provider_promotion");
+
+function normalizeUrl(baseUrl, healthPath) {
+  const url = new URL(baseUrl);
+  const normalizedPath = String(healthPath || "/health").startsWith("/")
+    ? String(healthPath || "/health")
+    : `/${healthPath}`;
+  url.pathname = normalizedPath;
+  return url.toString();
+}
+
+async function checkHealth(candidate, env) {
+  const endpoint = env[candidate.endpoint_env];
+  const token = env[candidate.auth_env];
+  const healthPath = env[candidate.health_path_env] || "/health";
+  const started = Date.now();
+  const response = await fetch(normalizeUrl(endpoint, healthPath), {
+    method: "GET",
+    headers: {
+      Authorization: `Bearer ${token}`,
+      Accept: "application/json"
+    }
+  });
+  const latencyMs = Date.now() - started;
+  let body = null;
+  try {
+    body = await response.json();
+  } catch (_error) {
+    body = null;
+  }
+  return {
+    framework_id: candidate.framework_id,
+    adapter_id: candidate.adapter_id,
+    status_code: response.status,
+    latency_ms: latencyMs,
+    health_ok: response.ok && (!body || ["ok", "ready", "auth_required"].includes(String(body.status || body.readiness || "ok"))),
+    body_status: body && (body.status || body.readiness || null)
+  };
+}
+
+function buildValidPromotionEvidence(candidateSummary) {
+  return {
+    framework_id: candidateSummary.framework_id,
+    adapter_id: candidateSummary.adapter_id,
+    task_ref: candidateSummary.task_ref,
+    operator_evidence_ref: `ops.framework_provider.${candidateSummary.framework_id}.2026-04-22`,
+    auth_boundary_ref: `ops.framework_provider.auth_boundary.${candidateSummary.framework_id}.2026-04-22`,
+    health_check: {
+      status_code: 200,
+      health_ok: true
+    },
+    latency_ms: 250,
+    latency_budget_ms: 2000,
+    failure_behavior_ref: `ops.framework_provider.failure_behavior.${candidateSummary.framework_id}.2026-04-22`,
+    proof_fact_shape_ref: `ops.framework_provider.proof_facts.${candidateSummary.framework_id}.2026-04-22`
+  };
+}
+
+function assertRejected(pack, evidence, expectedCode) {
+  const validation = validateFrameworkProviderPromotionEvidence(pack, evidence);
+  assert.strictEqual(validation.promotion_allowed, false, `expected ${expectedCode} to block framework provider promotion`);
+  assert.strictEqual(
+    validation.rejection_codes.includes(expectedCode),
+    true,
+    `missing deterministic rejection code ${expectedCode}`
+  );
+  return validation;
+}
+
+async function main() {
+  const pack = buildFrameworkProviderPromotionPack();
+  const summary = summarizeFrameworkProviderPromotionPack();
+  assert.strictEqual(pack.ok, true, "framework provider promotion pack failed");
+  assert.strictEqual(summary.framework_candidate_count, FRAMEWORK_PROVIDER_CANDIDATES.length, "framework candidate count mismatch");
+  assert.strictEqual(pack.promoted_provider_count, 0, "promotion pack must not auto-promote providers");
+  assert.strictEqual(pack.deterministic_rejection_codes.length >= 13, true, "framework promotion rejection codes missing");
+  assert.strictEqual(summary.deterministic_rejection_code_count, pack.deterministic_rejection_codes.length, "framework promotion summary rejection code count mismatch");
+  assert.strictEqual(
+    pack.strict_boundaries.includes("reference_framework_adapters_do_not_equal_live_provider_integrations"),
+    true,
+    "framework reference boundary missing"
+  );
+
+  assertRejected(pack, buildValidPromotionEvidence(pack.candidates[0]), "candidate_not_live_check_ready");
+  assertRejected(pack, { framework_id: "unknown_framework" }, "framework_not_registered");
+
+  const syntheticEnv = {
+    XYTARA_LANGGRAPH_PROVIDER_URL: "https://provider.example.test",
+    XYTARA_LANGGRAPH_PROVIDER_TOKEN: "configured-token-placeholder",
+    XYTARA_LANGGRAPH_PROVIDER_HEALTH_PATH: "/health"
+  };
+  const promotablePack = buildFrameworkProviderPromotionPack({ env: syntheticEnv });
+  const promotableCandidate = promotablePack.candidates.find((candidate) => candidate.framework_id === "langgraph");
+  const validEvidence = buildValidPromotionEvidence(promotableCandidate);
+  const validValidation = validateFrameworkProviderPromotionEvidence(promotablePack, validEvidence);
+  assert.strictEqual(promotableCandidate.state, "live_check_ready", "synthetic provider should be live-check ready");
+  assert.strictEqual(validValidation.promotion_allowed, true, "complete synthetic evidence should validate");
+  assert.deepStrictEqual(validValidation.rejection_codes, [], "complete synthetic evidence should not carry rejections");
+
+  assertRejected(promotablePack, { ...validEvidence, adapter_id: "wrong.adapter" }, "adapter_id_mismatch");
+  assertRejected(promotablePack, { ...validEvidence, task_ref: "wrong.task" }, "task_ref_mismatch");
+  assertRejected(promotablePack, { ...validEvidence, operator_evidence_ref: null }, "operator_evidence_missing");
+  assertRejected(promotablePack, { ...validEvidence, auth_boundary_ref: null }, "auth_boundary_evidence_missing");
+  assertRejected(promotablePack, { ...validEvidence, health_check: null }, "health_check_missing");
+  assertRejected(promotablePack, { ...validEvidence, health_check: { status_code: 503, health_ok: false } }, "health_check_failed");
+  assertRejected(promotablePack, { ...validEvidence, latency_ms: null }, "latency_measurement_missing");
+  assertRejected(promotablePack, { ...validEvidence, latency_ms: 3000, latency_budget_ms: 1000 }, "latency_budget_exceeded");
+  assertRejected(promotablePack, { ...validEvidence, failure_behavior_ref: null }, "failure_behavior_evidence_missing");
+  assertRejected(promotablePack, { ...validEvidence, proof_fact_shape_ref: null }, "proof_fact_shape_evidence_missing");
+  assertRejected(promotablePack, { ...validEvidence, provider_token: "sk_live_accidental_secret" }, "secret_material_forbidden");
+
+  const readyCandidates = pack.candidates.filter((candidate) => candidate.state === "live_check_ready");
+  if (pack.require_live) {
+    assert.strictEqual(readyCandidates.length > 0, true, "live provider promotion required but no endpoint/auth pair is configured");
+  }
+
+  const live_checks = [];
+  for (const candidate of FRAMEWORK_PROVIDER_CANDIDATES) {
+    const candidateSummary = pack.candidates.find((entry) => entry.framework_id === candidate.framework_id);
+    if (!candidateSummary || candidateSummary.state !== "live_check_ready") continue;
+    const result = await checkHealth(candidate, process.env);
+    assert.strictEqual(result.health_ok, true, `${candidate.framework_id} live health check failed`);
+    live_checks.push(result);
+  }
+
+  const result = {
+    ok: true,
+    product: "xytara",
+    category: "xytara-framework-provider-promotion-verification",
+    status: live_checks.length > 0 ? "live_provider_health_checks_passed" : "no_live_provider_evidence_configured",
+    live_check_count: live_checks.length,
+    promotion_allowed: false,
+    deterministic_rejection_code_count: pack.deterministic_rejection_codes.length,
+    adversarial_case_count: 13,
+    live_checks,
+    boundary: "this_verifier_checks_promotion_evidence_but_does_not_promote_reference_adapters_to_live_provider_claims"
+  };
+  process.stdout.write(`${JSON.stringify(result, null, 2)}\n`);
+}
+
+main().catch((error) => {
+  console.error(error && error.stack ? error.stack : error);
+  process.exit(1);
+});

package/scripts/verify_operator_observability_boundary.js

@@ -0,0 +1,83 @@
+"use strict";
+
+const assert = require("assert");
+const {
+  buildOperatorObservabilityPack,
+  validateOperatorObservabilityBoundary
+} = require("../lib/operator_intelligence");
+const { createRuntimeState } = require("../lib/commerce_runtime");
+
+function clone(value) {
+  return JSON.parse(JSON.stringify(value));
+}
+
+function assertRejected(pack, expectedCode) {
+  const validation = validateOperatorObservabilityBoundary(pack);
+  assert.strictEqual(validation.observability_boundary_valid, false, `expected ${expectedCode} to block operator observability boundary`);
+  assert.strictEqual(
+    validation.rejection_codes.includes(expectedCode),
+    true,
+    `missing deterministic rejection code ${expectedCode}`
+  );
+  return validation;
+}
+
+function main() {
+  const pack = buildOperatorObservabilityPack(createRuntimeState());
+  const validation = validateOperatorObservabilityBoundary(pack);
+  assert.strictEqual(pack.category, "machine-commerce-operator-observability-pack", "operator observability category mismatch");
+  assert.strictEqual(validation.observability_boundary_valid, true, "operator observability boundary should validate");
+  assert.deepStrictEqual(validation.rejection_codes, [], "operator observability boundary should not carry rejections");
+  assert.strictEqual(pack.deterministic_rejection_codes.length >= 8, true, "operator observability rejection codes missing");
+
+  const missingBoundary = clone(pack);
+  missingBoundary.boundary = "unsafe";
+  assertRejected(missingBoundary, "boundary_missing");
+
+  const missingSurface = clone(pack);
+  delete missingSurface.linked_surfaces.payment_ledger_ref;
+  assertRejected(missingSurface, "missing_linked_surface");
+
+  const mutationSurface = clone(pack);
+  mutationSurface.linked_surfaces.payment_ledger_ref = "/v1/payment-ledger/refund";
+  assertRejected(mutationSurface, "mutation_surface_linked");
+
+  const settlementSubmit = clone(pack);
+  settlementSubmit.linked_surfaces.settlement_ref = "/v1/settlement/bsv-teranode/submit";
+  assertRejected(settlementSubmit, "settlement_submission_surface_linked");
+
+  const fundMovement = clone(pack);
+  fundMovement.linked_surfaces.operator_intelligence_ref = "/v1/treasury/release";
+  assertRejected(fundMovement, "fund_movement_surface_linked");
+
+  const unsafeAction = clone(pack);
+  unsafeAction.attention_queue = [{
+    lane: "settlement",
+    priority: "high",
+    action: "submit_settlement_now",
+    surface_ref: "/v1/settlement/bsv-teranode",
+    reason: "bad action"
+  }];
+  assertRejected(unsafeAction, "unsafe_attention_action");
+
+  const secretMaterial = clone(pack);
+  secretMaterial.operator_token = "sk_live_accidental_secret";
+  assertRejected(secretMaterial, "secret_material_forbidden");
+
+  const badCount = clone(pack);
+  badCount.counts.quote_count = "1";
+  assertRejected(badCount, "count_not_number");
+
+  const output = {
+    ok: true,
+    product: "xytara",
+    category: "xytara-operator-observability-boundary-verification",
+    status: "operator_observability_stays_read_only_without_secret_material_or_mutation_surfaces",
+    deterministic_rejection_code_count: pack.deterministic_rejection_codes.length,
+    adversarial_case_count: 8,
+    boundary: validation.boundary
+  };
+  process.stdout.write(`${JSON.stringify(output, null, 2)}\n`);
+}
+
+main();

package/scripts/verify_pricing_experiment_plan.js

@@ -0,0 +1,124 @@
+"use strict";
+
+const assert = require("assert");
+const {
+  buildPricingExperimentPlan,
+  summarizePricingExperimentPlan,
+  validatePricingExperimentLaunchRequest
+} = require("../lib/pricing_optimization_contract");
+const { createRuntimeState } = require("../lib/commerce_runtime");
+
+function populateMaturePricingState(state) {
+  for (let index = 0; index < 100; index += 1) {
+    state.quotes.set(`quote_${index}`, {
+      quote_id: `quote_${index}`,
+      status: index < 50 ? "executed" : "expired",
+      amount_minor: 40,
+      task_refs: ["adapter.mcp.invoke"],
+      payment_protocol: "x402",
+      settlement_mode: "bsv_teranode"
+    });
+  }
+  for (let index = 0; index < 20; index += 1) {
+    state.paymentLedger.push({
+      payment_id: `payment_${index}`,
+      status: "recorded",
+      amount_minor: 40
+    });
+    state.transactions.set(`txn_${index}`, {
+      transaction: {
+        transaction_id: `txn_${index}`,
+        status: "completed"
+      }
+    });
+  }
+}
+
+function buildValidLaunchRequest(candidate) {
+  const rollback_trigger_thresholds = {};
+  for (const trigger of candidate.rollback_triggers) {
+    rollback_trigger_thresholds[trigger] = "operator_defined_threshold";
+  }
+  return {
+    experiment_id: candidate.experiment_id,
+    target_surface: candidate.target_surface,
+    operator_approval_ref: "ops.pricing.approval.2026-04-22",
+    baseline_metrics_ref: "ops.pricing.baseline.2026-04-22",
+    rollback_trigger_thresholds,
+    public_checkout_copy_review_ref: "ops.pricing.copy_review.2026-04-22",
+    post_experiment_review_window_days: 14
+  };
+}
+
+function assertRejected(plan, request, expectedCode) {
+  const validation = validatePricingExperimentLaunchRequest(plan, request);
+  assert.strictEqual(validation.launch_allowed, false, `expected ${expectedCode} to block pricing experiment launch`);
+  assert.strictEqual(
+    validation.rejection_codes.includes(expectedCode),
+    true,
+    `missing deterministic rejection code ${expectedCode}`
+  );
+  return validation;
+}
+
+function main() {
+  const state = createRuntimeState();
+  const plan = buildPricingExperimentPlan(state);
+  const summary = summarizePricingExperimentPlan(state);
+
+  assert.strictEqual(plan.experiment_plan_version, "xytara-pricing-experiment-plan-v1", "pricing experiment plan version mismatch");
+  assert.strictEqual(plan.allow_experiment_launch, false, "empty state must not allow pricing experiments");
+  assert.strictEqual(plan.experiment_state, "blocked_collect_more_live_data", "empty state experiment gate mismatch");
+  assert.strictEqual(plan.required_minimum_live_sample.quote_count, 100, "quote sample floor mismatch");
+  assert.strictEqual(plan.required_minimum_live_sample.payment_ledger_count, 20, "payment sample floor mismatch");
+  assert.strictEqual(plan.required_minimum_live_sample.execution_transaction_count, 20, "execution sample floor mismatch");
+  assert.strictEqual(plan.candidate_experiments.length >= 3, true, "candidate experiments missing");
+  assert.strictEqual(
+    plan.candidate_experiments.every((entry) => entry.allowed_now === false),
+    true,
+    "candidate experiments should be blocked while sparse"
+  );
+  assert.strictEqual(
+    plan.blocked_actions.includes("start_price_ab_test_from_sparse_signals"),
+    true,
+    "sparse-signal blocked action missing"
+  );
+  assert.strictEqual(summary.category, "machine-commerce-pricing-experiment-plan-summary", "summary category mismatch");
+  assert.strictEqual(summary.allow_experiment_launch, false, "summary experiment launch guard mismatch");
+  assert.strictEqual(summary.deterministic_rejection_code_count >= 9, true, "pricing rejection code count missing");
+
+  assertRejected(plan, buildValidLaunchRequest(plan.candidate_experiments[0]), "pricing_sample_too_sparse");
+  assertRejected(plan, { experiment_id: "unknown_experiment" }, "experiment_not_registered");
+
+  const matureState = createRuntimeState();
+  populateMaturePricingState(matureState);
+  const maturePlan = buildPricingExperimentPlan(matureState);
+  const matureCandidate = maturePlan.candidate_experiments[0];
+  const validLaunchRequest = buildValidLaunchRequest(matureCandidate);
+  const validLaunch = validatePricingExperimentLaunchRequest(maturePlan, validLaunchRequest);
+  assert.strictEqual(maturePlan.allow_experiment_launch, true, "mature state should allow operator-reviewed experiments");
+  assert.strictEqual(validLaunch.launch_allowed, true, "valid mature launch request should pass");
+  assert.deepStrictEqual(validLaunch.rejection_codes, [], "valid launch request must not carry rejection codes");
+
+  assertRejected(maturePlan, { ...validLaunchRequest, operator_approval_ref: null }, "operator_approval_missing");
+  assertRejected(maturePlan, { ...validLaunchRequest, baseline_metrics_ref: null }, "baseline_metrics_missing");
+  assertRejected(maturePlan, { ...validLaunchRequest, rollback_trigger_thresholds: {} }, "rollback_trigger_thresholds_missing");
+  assertRejected(maturePlan, { ...validLaunchRequest, public_checkout_copy_review_ref: null }, "public_checkout_copy_review_missing");
+  assertRejected(maturePlan, { ...validLaunchRequest, post_experiment_review_window_days: 0 }, "post_experiment_review_window_missing");
+  assertRejected(maturePlan, { ...validLaunchRequest, target_surface: "wrong_surface" }, "target_surface_mismatch");
+
+  const output = {
+    ok: true,
+    product: "xytara",
+    category: "xytara-pricing-experiment-plan-verification",
+    status: "experiment_plan_blocks_sparse_signal_and_malformed_launch_requests",
+    candidate_experiment_count: plan.candidate_experiments.length,
+    launch_requirement_count: plan.launch_requirements.length,
+    deterministic_rejection_code_count: plan.deterministic_rejection_codes.length,
+    adversarial_case_count: 8,
+    boundary: plan.boundary
+  };
+  process.stdout.write(`${JSON.stringify(output, null, 2)}\n`);
+}
+
+main();

package/scripts/verify_release_candidate.js

@@ -36,7 +36,12 @@ function main() {
   assert.strictEqual(dryRun.files.some((entry) => entry.path === "bin/xytara-first-run.js"), true, "npm pack dry-run missing xytara-first-run");
   assert.strictEqual(dryRun.files.some((entry) => entry.path === "bin/xytara-release.js"), true, "npm pack dry-run missing xytara-release");
   assert.strictEqual(dryRun.files.some((entry) => entry.path === "scripts/verify_release_candidate.js"), true, "npm pack dry-run missing release verifier script");
+  assert.strictEqual(dryRun.files.some((entry) => entry.path === "scripts/verify_framework_provider_promotion.js"), true, "npm pack dry-run missing framework provider promotion verifier script");
+  assert.strictEqual(dryRun.files.some((entry) => entry.path === "scripts/verify_operator_observability_boundary.js"), true, "npm pack dry-run missing operator observability boundary verifier script");
+  assert.strictEqual(dryRun.files.some((entry) => entry.path === "scripts/verify_pricing_experiment_plan.js"), true, "npm pack dry-run missing pricing experiment verifier script");
+  assert.strictEqual(dryRun.files.some((entry) => entry.path === "scripts/verify_treasury_public_boundary.js"), true, "npm pack dry-run missing treasury public boundary verifier script");
   assert.strictEqual(dryRun.files.some((entry) => entry.path === "scripts/verify_all.js"), true, "npm pack dry-run missing package verifier script");
+  assert.strictEqual(dryRun.files.some((entry) => entry.path === "lib/framework_provider_promotion.js"), true, "npm pack dry-run missing framework provider promotion pack");
   assert.strictEqual(dryRun.files.some((entry) => entry.path === "README.md"), true, "npm pack dry-run missing README");
   assert.strictEqual(dryRun.files.some((entry) => entry.path === "RELEASE_NOTES.md"), true, "npm pack dry-run missing release notes");
   assert.strictEqual(dryRun.files.some((entry) => entry.path === "START_HERE.md"), true, "npm pack dry-run missing start-here");

package/scripts/verify_service.js

@@ -269,6 +269,15 @@ async function main() {
     assert.strictEqual(frameworkLaneSummary.status, 200, "framework lane summary route failed");
     assert.strictEqual(frameworkLaneSummary.json.featured_framework_count >= 6, true, "framework lane framework count missing");
 
+    const frameworkProviderPromotion = await getJson(baseUrl, "/v1/framework-provider-promotion");
+    assert.strictEqual(frameworkProviderPromotion.status, 200, "framework provider promotion route failed");
+    assert.strictEqual(frameworkProviderPromotion.json.product, "xytara", "framework provider promotion product missing");
+    assert.strictEqual(frameworkProviderPromotion.json.promoted_provider_count, 0, "framework provider promotion should not auto-promote");
+    assert.strictEqual(frameworkProviderPromotion.json.strict_boundaries.includes("reference_framework_adapters_do_not_equal_live_provider_integrations"), true, "framework provider promotion boundary missing");
+    const frameworkProviderPromotionSummary = await getJson(baseUrl, "/v1/framework-provider-promotion/summary");
+    assert.strictEqual(frameworkProviderPromotionSummary.status, 200, "framework provider promotion summary route failed");
+    assert.strictEqual(frameworkProviderPromotionSummary.json.category, "machine-commerce-framework-provider-promotion-summary", "framework provider promotion summary category missing");
+
     const protocolLane = await getJson(baseUrl, "/v1/protocols");
     assert.strictEqual(protocolLane.status, 200, "protocol lane route failed");
     assert.strictEqual(protocolLane.json.product, "xytara", "protocol lane product missing");
@@ -580,6 +589,19 @@ async function main() {
     assert.strictEqual(Array.isArray(pricingRecommendations.json.recommendations), true, "pricing recommendations list missing");
     assert.strictEqual(pricingRecommendations.json.recommendations.length >= 1, true, "pricing recommendations missing");
 
+    const pricingExperimentPlan = await getJson(baseUrl, "/v1/pricing-optimization/experiment-plan");
+    assert.strictEqual(pricingExperimentPlan.status, 200, "pricing experiment plan route failed");
+    assert.strictEqual(pricingExperimentPlan.json.experiment_plan_version, "xytara-pricing-experiment-plan-v1", "pricing experiment plan version missing");
+    assert.strictEqual(typeof pricingExperimentPlan.json.allow_experiment_launch, "boolean", "pricing experiment launch flag missing");
+    assert.strictEqual(Array.isArray(pricingExperimentPlan.json.candidate_experiments), true, "pricing experiment candidates missing");
+    assert.strictEqual(pricingExperimentPlan.json.candidate_experiments.length >= 3, true, "pricing experiment candidate count missing");
+    assert.strictEqual(pricingExperimentPlan.json.boundary, "pricing_experiments_are_operator_reviewed_and_data_gated_not_automatic_price_changes", "pricing experiment boundary missing");
+
+    const pricingExperimentPlanSummary = await getJson(baseUrl, "/v1/pricing-optimization/experiment-plan/summary");
+    assert.strictEqual(pricingExperimentPlanSummary.status, 200, "pricing experiment plan summary route failed");
+    assert.strictEqual(pricingExperimentPlanSummary.json.category, "machine-commerce-pricing-experiment-plan-summary", "pricing experiment summary category missing");
+    assert.strictEqual(typeof pricingExperimentPlanSummary.json.allow_experiment_launch, "boolean", "pricing experiment summary flag missing");
+
     const treasuryDestinations = await getJson(baseUrl, "/v1/treasury-destinations");
     assert.strictEqual(treasuryDestinations.status, 200, "treasury destinations route failed");
     assert.strictEqual(treasuryDestinations.json.product, "xytara", "treasury destinations product missing");
@@ -618,6 +640,11 @@ async function main() {
       "string",
       "public treasury destinations claim boundary missing"
     );
+    assert.strictEqual(
+      treasuryDestinations.json.deterministic_rejection_codes.includes("public_custody_destination_leak"),
+      true,
+      "public treasury destinations rejection codes missing"
+    );
 
     const treasuryDestinationsSummary = await getJson(baseUrl, "/v1/treasury-destinations/summary");
     assert.strictEqual(treasuryDestinationsSummary.status, 200, "treasury destinations summary route failed");
@@ -630,6 +657,7 @@ async function main() {
     );
     assert.strictEqual(treasuryDestinationsSummary.json.public_claimable_profile_count >= 0, true, "treasury destinations summary public claimable count missing");
     assert.strictEqual(treasuryDestinationsSummary.json.readiness_only_profile_count >= 0, true, "treasury destinations summary readiness-only count missing");
+    assert.strictEqual(treasuryDestinationsSummary.json.deterministic_rejection_code_count >= 11, true, "treasury destinations summary rejection code count missing");
 
     const operatorTreasuryDestinations = await getJson(baseUrl, "/v1/treasury-destinations/operator-pack", operatorHeaders);
     assert.strictEqual(operatorTreasuryDestinations.status, 200, "operator treasury destinations route failed");
@@ -655,6 +683,11 @@ async function main() {
       "only_rails_with_public_claim_allowed_true_should_be_described_as_live_landing_paths",
       "operator treasury destinations claim boundary mismatch"
     );
+    assert.strictEqual(
+      operatorTreasuryDestinations.json.deterministic_rejection_codes.includes("operator_visibility_rule_missing"),
+      true,
+      "operator treasury destinations rejection code missing"
+    );
 
     const operatorTreasuryDestinationsSummary = await getJson(baseUrl, "/v1/treasury-destinations/operator-pack/summary", operatorHeaders);
     assert.strictEqual(operatorTreasuryDestinationsSummary.status, 200, "operator treasury destinations summary route failed");
@@ -712,11 +745,13 @@ async function main() {
     assert.strictEqual(operatorObservability.json.boundary, "read_only_operator_visibility_no_fund_movement_no_settlement_submission_no_secret_material", "operator observability boundary missing");
     assert.strictEqual(typeof operatorObservability.json.counts.quote_count, "number", "operator observability quote count missing");
     assert.strictEqual(typeof operatorObservability.json.linked_surfaces.payment_ledger_ref, "string", "operator observability payment ledger ref missing");
+    assert.strictEqual(operatorObservability.json.deterministic_rejection_codes.includes("mutation_surface_linked"), true, "operator observability rejection codes missing");
 
       const operatorObservabilitySummary = await getJson(baseUrl, "/v1/operator-observability/summary", operatorHeaders);
     assert.strictEqual(operatorObservabilitySummary.status, 200, "operator observability summary route failed");
     assert.strictEqual(operatorObservabilitySummary.json.category, "machine-commerce-operator-observability-pack-summary", "operator observability summary category missing");
     assert.strictEqual(typeof operatorObservabilitySummary.json.attention_item_count, "number", "operator observability summary attention count missing");
+    assert.strictEqual(operatorObservabilitySummary.json.deterministic_rejection_code_count >= 8, true, "operator observability summary rejection code count missing");
 
       const treasuryEgressPolicy = await getJson(baseUrl, "/v1/treasury-egress-policy", operatorHeaders);
     assert.strictEqual(treasuryEgressPolicy.status, 200, "treasury egress policy route failed");