xytara 2.8.0 → 2.10.0

package/README.md

@@ -778,7 +778,7 @@ node examples/quickstart.js
 For a direct one-line machine run against a live service, use the bundled CLI:
 
 ```bash
-xytara-run --url https://xytara.onrender.com --account acct_demo --command "cli-run" --task trust.verify --body-json '{"subject_id":"subject-1"}' --wallet-id merchant_wallet_main --wallet-secret YOUR_LOCAL_SIGNED_SECRET --txid YOUR_BSV_TXID
+xytara first-run --run-quote --account ACCOUNT_REF --pretty
 ```
 
 The quickstart exercises:

package/RELEASE_NOTES.md

@@ -1,63 +1,11 @@
-# xytara 2.8.0 Release Notes
+# xytara 2.10.0 Release Notes
 
-`xytara` 2.8.0 is the release-boundary hardening line for live-provider promotion discipline, treasury/operator public-claim safety, and pricing experiment guardrails.
+`xytara` 2.10.0 is the release-hygiene and launch-polish line for current-release-only package notes, safer first-contact docs, and stronger release-candidate packaging checks.
 
 Highlights:
 
-- adds framework-provider promotion evidence gates so LangGraph/LangChain style claims stay reference-contract until endpoint, auth, health, latency, failure, and proof-fact evidence exists
-- hardens pricing experiment planning and launch gates so optimization remains sample-maturity and operator-review gated
-- hardens treasury public claim boundaries so public surfaces do not leak landing/custody/provider refs or promote readiness-only/internal rails as live
-- hardens operator observability boundaries so read-only views cannot drift into mutation, settlement submission, fund movement, unsafe attention actions, or secret-bearing control behavior
-- keeps the 2.7.0 clean-consumer packaging and release-smoke posture intact while making expansion claims more defensible
-
-# xytara 2.7.0 Release Notes
-
-`xytara` 2.7.0 is the expansion-closeout release line for package-hardening, clean-consumer release smoke testing, and disciplined adapter/product claim boundaries.
-
-Highlights:
-
-- ships `scripts/` in the npm artifact so packaged verification commands are available to consumers
-- adds release-candidate guards that fail if required verifier scripts are missing from `npm pack`
-- participates in the Naxytra release-smoke harness that installs packed tarballs into a clean consumer project before synchronized release
-- keeps the 2.6.0 expansion capabilities and adapter surfaces intact while closing the packaging reliability gap
-
-# xytara 2.6.0 Release Notes
-
-`xytara` 2.6.0 is the expansion release line for first-run execution polish, provider-backed adapter depth, and framework reference adapters while preserving the existing machine-commerce, settlement, observability, and release surfaces.
-
-Highlights:
-
-- umbrella CLI entrypoint with `xytara start-here`, plus `xytara run` and `xytara release`
-- public first-run quote and credits-first execution posture for outside builders
-- provider-backed `adapter.mcp.invoke` depth with concrete MCP tool binding
-- executable LangGraph and LangChain reference framework adapters with manifests and proof-compatible execution facts
-- adapter verifier coverage for provider and framework execution posture
-- read-only operator observability across activity, payment, delivery, settlement, external credit grants, adapter failures, and pricing telemetry
-- first-class public contract lanes for `OpenAPI`, `AsyncAPI`, and `CloudEvents`
-- first-class provider, framework, protocol, and integration-matrix discovery surfaces
-- surfaced runtime breadth across `MCP`, `A2A`, `A2C`, `x402`, `Stripe MPP`, stablecoins, major rails, treasury, and registry-backed integrations
-- surfaced framework and ecosystem breadth including `LangGraph`, `LangChain`, `AutoGen`, `Semantic Kernel`, `CrewAI`, and `LlamaIndex`
-- surfaced protocol and transport breadth including `ACP`, `gRPC`, `Kafka`, `NATS`, `MQTT`, `ROS2`, and webhook event bus posture
-- first-class observability, provenance, artifact-distribution, shared-signals, and feature-control lanes
-- clearer install-and-use posture for humans, developers, and agents without widening the native runtime core
-- existing wallet / authority / identity / trust / capability / pricing / participation foundations remain in place
-
-Recommended first checks:
-
-1. `npm install xytara`
-2. `xytara start-here`
-3. `npm run verify:release-candidate`
-4. `node examples/partner_launch_walkthrough.js`
-5. inspect `/v1/providers`, `/v1/frameworks`, `/v1/protocols`, and `/v1/integration-matrix`
-6. inspect `/v1/adapter-depth/summary` and `/v1/operator-observability/summary`
-7. inspect `/v1/mcp`, `/v1/a2a`, `/v1/a2c`, `/v1/x402`, and `/v1/settlement`
-8. inspect `/v1/telemetry`, `/v1/provenance`, `/v1/artifact-distribution`, `/v1/shared-signals`, and `/v1/feature-control`
-9. inspect `/v1/economics/accounts/:account_id/wallet-ledger-bundle`
-10. inspect `/v1/economics/accounts/:account_id/network-participation-package`
-
-Recommended first docs:
-
-- `PROGRAM_COMPLETE_RELEASE.md`
-- `FINAL_CONTRACT.md`
-- `WHY_XYTARA_XOONYA.md`
-- `PARTNER_READY_PATH.md`
+- keeps `RELEASE_NOTES.md` scoped to the current release so npm and GitHub release notes do not read like a rolling changelog
+- adds a release-candidate guard that fails when package release notes contain prior release headings or drift from the package version
+- replaces the remaining soft-launch wallet-secret and txid example with the quote-first public first-run path
+- keeps the canonical `https://naxytra.com/xytara` public product URL and website polish intact
+- prepares the synchronized Naxytra 2.10.0 line for a cleaner npm, GitHub, website, and post-deploy verification pass

package/lib/announcement_pack.js

@@ -9,7 +9,7 @@ function buildAnnouncementPack() {
     category: "machine-commerce-announcement-pack",
     public_quickstart: {
       install: "npm install xytara",
-      first_cli: "xytara-run --url https://xytara.onrender.com --account acct_demo --command \"cli-run\" --task trust.verify --body-json '{\"subject_id\":\"subject-1\"}' --wallet-id merchant_wallet_main --wallet-secret YOUR_LOCAL_SIGNED_SECRET --txid YOUR_BSV_TXID",
+      first_cli: "xytara first-run --run-quote --account ACCOUNT_REF --pretty",
       first_release_view: "xytara-release --center --summary",
       first_http: "/v1/release-center/summary"
     },

package/lib/ecosystem_entry.js

@@ -13,7 +13,7 @@ function buildEcosystemEntryPack() {
         why_now: "needs a first paid machine capability path with governed execution and proof-aware followthrough",
         first_path_ref: "scenario.direct_pay.trust_verify",
         first_http_entrypoint: "/v1/release-pack/scenarios/summary",
-        first_cli_entrypoint: "xytara-run --url https://xytara.onrender.com --account acct_demo --command \"cli-run\" --task trust.verify --body-json '{\"subject_id\":\"subject-1\"}' --wallet-id merchant_wallet_main --wallet-secret YOUR_LOCAL_SIGNED_SECRET --txid YOUR_BSV_TXID"
+        first_cli_entrypoint: "xytara first-run --run-quote --account ACCOUNT_REF --pretty"
       },
       {
         audience_ref: "marketplace_or_tool_author",

package/lib/launch_narrative.js

@@ -17,7 +17,7 @@ function buildLaunchNarrativePack() {
     first_proof_to_run: {
       path_ref: "scenario.direct_pay.trust_verify",
       why_this_first: "smallest strong-signal run that shows paid machine execution, inspectable records, and proof-aware followthrough",
-      cli: "xytara-run --url https://xytara.onrender.com --account acct_demo --command \"cli-run\" --task trust.verify --body-json '{\"subject_id\":\"subject-1\"}' --wallet-id merchant_wallet_main --wallet-secret YOUR_LOCAL_SIGNED_SECRET --txid YOUR_BSV_TXID"
+      cli: "xytara first-run --run-quote --account ACCOUNT_REF --pretty"
     },
     first_success_looks_like: [
       "one capability is discovered and quoted",

package/lib/outreach_message_pack.js

@@ -47,7 +47,7 @@ function buildOutreachMessagePack() {
       "xytara-release --center --summary",
       "xytara-release --adapter-partners --summary",
       "xytara-release --outreach-proof --summary",
-      "xytara-run --url https://xytara.onrender.com --account acct_demo --command \"cli-run\" --task trust.verify --body-json '{\"subject_id\":\"subject-1\"}' --wallet-id merchant_wallet_main --wallet-secret YOUR_LOCAL_SIGNED_SECRET --txid YOUR_BSV_TXID"
+      "xytara first-run --run-quote --account ACCOUNT_REF --pretty"
     ]
   };
 }

package/lib/outreach_proof.js

@@ -33,7 +33,7 @@ function buildOutreachProofPack() {
     credible_public_proof_path: {
       path_ref: "scenario.direct_pay.trust_verify",
       why_credible: "smallest public run that already aligns with the demonstrated live payment and settlement posture",
-      cli: "xytara-run --url https://xytara.onrender.com --account acct_demo --command \"cli-run\" --task trust.verify --body-json '{\"subject_id\":\"subject-1\"}' --wallet-id merchant_wallet_main --wallet-secret YOUR_LOCAL_SIGNED_SECRET --txid YOUR_BSV_TXID"
+      cli: "xytara first-run --run-quote --account ACCOUNT_REF --pretty"
     },
     trust_today_vs_later: {
       trust_today: [

package/lib/outreach_target_pack.js

@@ -12,7 +12,7 @@ function buildOutreachTargetPack() {
         target_ref: "agent_builders",
         why_now: "need a first paid capability path with governed execution and proof-aware followthrough",
         first_artifact: "/v1/release-center/summary",
-        first_cli: "xytara-run --url https://xytara.onrender.com --account acct_demo --command \"cli-run\" --task trust.verify --body-json '{\"subject_id\":\"subject-1\"}' --wallet-id merchant_wallet_main --wallet-secret YOUR_LOCAL_SIGNED_SECRET --txid YOUR_BSV_TXID"
+        first_cli: "xytara first-run --run-quote --account ACCOUNT_REF --pretty"
       },
       {
         target_ref: "adapter_authors",

package/lib/phase_1_ecosystem_pack.js

@@ -20,7 +20,7 @@ function buildPhase1EcosystemPack() {
         ],
         first_cli: [
           "xytara-release --center --summary",
-          "xytara-run --url https://xytara.onrender.com --account acct_demo --command \"cli-run\" --task trust.verify --body-json '{\"subject_id\":\"subject-1\"}' --wallet-id merchant_wallet_main --wallet-secret YOUR_LOCAL_SIGNED_SECRET --txid YOUR_BSV_TXID"
+          "xytara first-run --run-quote --account ACCOUNT_REF --pretty"
         ]
       },
       {

package/lib/phase_1_openai_codex_pack.js

@@ -28,7 +28,7 @@ function buildPhase1OpenaiCodexPack() {
       first_commands: [
         "xytara-release --center --summary",
         "xytara-release --phase-1-openai-codex --summary",
-        "xytara-run --url https://xytara.onrender.com --account acct_demo --command \"cli-run\" --task trust.verify --body-json '{\"subject_id\":\"subject-1\"}' --wallet-id merchant_wallet_main --wallet-secret YOUR_LOCAL_SIGNED_SECRET --txid YOUR_BSV_TXID"
+        "xytara first-run --run-quote --account ACCOUNT_REF --pretty"
       ]
     },
     done_means: [

package/lib/phase_1_openai_codex_runtime_pack.js

@@ -19,7 +19,7 @@ function buildPhase1OpenaiCodexRuntimePack() {
       ],
       first_cli_sequence: [
         "xytara-release --phase-1-openai-codex-runtime --summary",
-        "xytara-run --url https://xytara.onrender.com --account acct_demo --command \"cli-run\" --task trust.verify --body-json '{\"subject_id\":\"subject-1\"}' --wallet-id merchant_wallet_main --wallet-secret YOUR_LOCAL_SIGNED_SECRET --txid YOUR_BSV_TXID"
+        "xytara first-run --run-quote --account ACCOUNT_REF --pretty"
       ],
       expected_signals: [
         "quote and spend-aware execution result",

package/lib/release_history.js

@@ -10,6 +10,30 @@ function buildReleaseHistory() {
     current_version: packageJson.version,
     release_track: "public_release",
     history: [
+      {
+        version: "2.10.0",
+        channel: "public_release",
+        maturity_posture: "release_hygiene",
+        headline: "release-hygiene line with current-release-only notes, package verifier guards, and safer first-contact soft-launch guidance",
+        milestone_refs: [
+          "current_release_only_release_notes",
+          "release_notes_packaging_guard",
+          "soft_launch_quote_first_guidance",
+          "synchronized_2_10_release_prep"
+        ]
+      },
+      {
+        version: "2.9.0",
+        channel: "public_release",
+        maturity_posture: "public_polish",
+        headline: "public-polish release with canonical Naxytra product URLs and safer quote-first runtime first contact",
+        milestone_refs: [
+          "canonical_naxytra_product_url",
+          "standalone_product_domain_guard",
+          "quote_first_public_first_contact",
+          "release_summary_secretless_first_contact"
+        ]
+      },
       {
         version: "2.8.0",
         channel: "public_release",

package/lib/release_pack.js

@@ -172,7 +172,7 @@ function buildScenarioPack() {
           "run xytara-run for trust.verify",
           "inspect transaction, payment, and settlement records"
         ],
-        entrypoint: "xytara-run --url https://xytara.onrender.com --account acct_demo --command \"cli-run\" --task trust.verify --body-json '{\"subject_id\":\"subject-1\"}' --wallet-id merchant_wallet_main --wallet-secret YOUR_LOCAL_SIGNED_SECRET --txid YOUR_BSV_TXID",
+        entrypoint: "xytara first-run --run-quote --account ACCOUNT_REF --pretty",
         surfaces: [
           "/v1/catalog/summary",
           "/x402/commands/execute",
@@ -349,7 +349,7 @@ function buildReleasePack() {
     },
     first_contact: {
       install: "npm install xytara",
-      direct_run_cli: "xytara-run --url https://xytara.onrender.com --account acct_demo --command \"cli-run\" --task trust.verify --body-json '{\"subject_id\":\"subject-1\"}' --wallet-id merchant_wallet_main --wallet-secret YOUR_LOCAL_SIGNED_SECRET --txid YOUR_BSV_TXID",
+      direct_run_cli: "xytara first-run --run-quote --account ACCOUNT_REF --pretty",
       discovery_surface: "/v1/catalog/summary",
       transaction_center_surface: "/v1/transaction-center/summary",
       economics_surface: "/v1/transaction-center/economics/summary",

package/lib/soft_launch_pack.js

@@ -39,7 +39,7 @@ function buildSoftLaunchPack() {
       outreach_proof: "/v1/outreach-proof/summary",
       adapter_partners: "/v1/adapter-partners/summary",
       first_cli: "xytara-release --center --summary",
-      first_run_cli: "xytara-run --url https://xytara.onrender.com --account acct_demo --command \"cli-run\" --task trust.verify --body-json '{\"subject_id\":\"subject-1\"}' --wallet-id merchant_wallet_main --wallet-secret YOUR_LOCAL_SIGNED_SECRET --txid YOUR_BSV_TXID"
+      first_run_cli: "xytara first-run --run-quote --account ACCOUNT_REF --pretty"
     },
     outreach_sequence: [
       "send the short pitch and first proof path to a small builder set",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "xytara",
-  "version": "2.8.0",
+  "version": "2.10.0",
   "description": "Agent-commerce runtime for quote, pay, execute, deliver, meter, and integrate.",
   "main": "index.js",
   "bin": {
@@ -10,10 +10,10 @@
   },
   "type": "commonjs",
   "license": "Apache-2.0",
-  "homepage": "https://xytara.com",
+  "homepage": "https://naxytra.com/xytara",
   "funding": {
     "type": "individual",
-    "url": "https://xytara.com"
+    "url": "https://naxytra.com/xytara"
   },
   "keywords": [
     "agent-commerce",

package/scripts/verify_release_candidate.js

@@ -1,6 +1,7 @@
 "use strict";
 
 const assert = require("assert");
+const fs = require("fs");
 const path = require("path");
 const { execFileSync, execSync } = require("child_process");
 const packageJson = require("../package.json");
@@ -14,6 +15,29 @@ function parsePackDryRun() {
   return Array.isArray(parsed) ? parsed[0] : parsed;
 }
 
+function verifyReleaseNotes() {
+  const notesPath = path.resolve(__dirname, "..", "RELEASE_NOTES.md");
+  const notes = fs.readFileSync(notesPath, "utf8");
+  const headings = (notes.match(/^#\s+xytara\s+\d+\.\d+\.\d+\s+Release Notes\s*$/gm) || [])
+    .map((heading) => heading.trim());
+  assert.deepStrictEqual(
+    headings,
+    [`# xytara ${packageJson.version} Release Notes`],
+    "RELEASE_NOTES.md must contain only the current xytara release heading"
+  );
+  assert.strictEqual(
+    notes.includes(`xytara\` ${packageJson.version}`),
+    true,
+    "RELEASE_NOTES.md must mention the current package version"
+  );
+  const mentionedVersions = notes.match(/\b\d+\.\d+\.\d+\b/g) || [];
+  assert.strictEqual(
+    mentionedVersions.every((version) => version === packageJson.version),
+    true,
+    "RELEASE_NOTES.md must not mention prior package versions"
+  );
+}
+
 function main() {
   const releaseOutput = execFileSync(process.execPath, [
     path.resolve(__dirname, "..", "bin", "xytara-release.js"),
@@ -27,6 +51,7 @@ function main() {
   assert.strictEqual(releaseCandidate.product, "xytara", "release candidate product mismatch");
   assert.strictEqual(releaseCandidate.publish_access, "public", "release candidate publish access mismatch");
   assert.strictEqual(releaseCandidate.checklist_count >= 5, true, "release candidate checklist count mismatch");
+  verifyReleaseNotes();
 
   const dryRun = parsePackDryRun();
   assert.strictEqual(dryRun.name, packageJson.name, "npm pack dry-run name mismatch");