Update version and publish package

Signed-off-by: Aivin V. Solatorio <avsolatorio@gmail.com>

Author: avsolatorio

README.md

@@ -43,11 +43,11 @@ PCN enforces numeric fidelity by placing verification in the **renderer**, not t
 
 This monorepo contains the **PCN ecosystem**:
 
-- **TypeScript packages** (`packages/*`) — Published to npm under `@pcn/*`
-  - `@pcn/core` — Core PCN implementation
-  - `@pcn/data360` — Data360 preset: Data360ClaimsProvider + extractor for get_data (claim_id/OBS_VALUE/REF_AREA/TIME_PERIOD)
-  - `@pcn/fixtures` — Shared test fixtures
-  - `@pcn/ui` — React UI components for verified/pending claims
+- **TypeScript packages** (`packages/*`) — Published to npm under `@pcn-js/*`
+  - `@pcn-js/core` — Core PCN implementation
+  - `@pcn-js/data360` — Data360 preset: Data360ClaimsProvider + extractor for get_data (claim_id/OBS_VALUE/REF_AREA/TIME_PERIOD)
+  - `@pcn-js/fixtures` — Shared test fixtures
+  - `@pcn-js/ui` — React UI components for verified/pending claims
 
 - **Python packages** (`python/*`) — Published to PyPI under `pcn-*`
   - `pcn-core` — Core PCN implementation for Python
@@ -110,6 +110,7 @@ PCN is designed for **numerically sensitive settings** where accuracy matters:
 Comprehensive documentation is available:
 
 - [Documentation](docs/) — Detailed guides and reference materials
+- [Publishing to npm](docs/publishing.md) — How to publish `@pcn/*` so apps can install from npm
 - [Policy Reference](docs/reference/policies.md) — Understanding PCN verification policies
 - [Contributing Guide](CONTRIBUTING.md) — How to contribute to PCN
 - [Code of Conduct](CODE_OF_CONDUCT.md) — Community guidelines

docs/publishing.md

@@ -0,0 +1,164 @@
+# Publishing PCN to npm
+
+The PCN monorepo uses [Changesets](https://github.com/changesets/changesets) for versioning and publishing. Packages are published under the scope `@pcn-js/*` (e.g. `@pcn-js/core`, `@pcn-js/ui`, `@pcn-js/data360`, `@pcn-js/fixtures`).
+
+## Prerequisites
+
+- **npm account** — for [public npm](https://www.npmjs.com/) you need an account.
+- **Scope / org** — packages use the scope `@pcn-js/*`. You must [create an npm organization](https://www.npmjs.com/org/create) named **`pcn-js`** (same as the scope) **before** the first publish; otherwise publish returns **E404 Not Found**. If that name is not available, use an [alternative scope](#organization-name-not-available) (e.g. your user scope or a different org name).
+- **Build** — ensure all packages build: from repo root run `pnpm build`.
+
+## Option A: Publish to the public npm registry (registry.npmjs.org)
+
+Use this so any app can install with `npm install @pcn-js/core @pcn-js/ui @pcn-js/data360` (or pnpm/yarn).
+
+1. **Log in to npm** (public registry):
+
+   ```bash
+   npm login
+   # Use your npmjs.com credentials; this targets registry.npmjs.org
+   ```
+
+2. **Add changesets** for the changes you want to release:
+
+   ```bash
+   pnpm changeset
+   # Follow prompts: select packages, choose bump type (major/minor/patch), add summary
+   ```
+
+3. **Version packages** (updates `package.json` versions and CHANGELOGs):
+
+   ```bash
+   pnpm version-packages
+   ```
+
+4. **Publish** to the public registry. Override the registry so publish goes to npm (not your `.npmrc` default, e.g. Artifactory):
+
+   ```bash
+   npm config set registry https://registry.npmjs.org/
+   pnpm release
+   npm config delete registry   # optional: restore previous default
+   ```
+
+   Or in one go without changing global config:
+
+   ```bash
+   npm publish -w @pcn-js/core --registry https://registry.npmjs.org/
+   npm publish -w @pcn-js/ui --registry https://registry.npmjs.org/
+   npm publish -w @pcn-js/data360 --registry https://registry.npmjs.org/
+   npm publish -w @pcn-js/fixtures --registry https://registry.npmjs.org/
+   ```
+
+   With Changesets, the usual flow is `pnpm release`, which runs `changeset publish` (and will use whatever registry is currently configured). So set registry to `https://registry.npmjs.org/` before `pnpm release` when publishing to public npm.
+
+5. **Commit and push** the version bumps and changelogs (and tag if your CI does it):
+
+   ```bash
+   git add . && git commit -m "chore: release @pcn-js/*" && git push
+   ```
+
+## Option B: Publish to an internal registry (e.g. Artifactory)
+
+If your repo `.npmrc` points to an internal registry (e.g. Artifactory), you can publish there so internal apps can install `@pcn-js/*` from that registry.
+
+1. **Authenticate** to the internal registry (e.g. `npm login` against Artifactory, or use `.npmrc` with `_auth` as already configured).
+
+2. **Add changesets** and **version** as above:
+
+   ```bash
+   pnpm changeset
+   pnpm version-packages
+   ```
+
+3. **Publish** (uses registry from `.npmrc`):
+
+   ```bash
+   pnpm release
+   ```
+
+4. **Commit and push** version and changelog updates.
+
+## Installing in an app after publishing
+
+- **From public npm:**
+  In the app (e.g. vercel-ai-chatbot frontend), replace `file:` links with version ranges:
+
+  ```json
+  {
+    "dependencies": {
+      "@pcn-js/core": "^0.1.0",
+      "@pcn-js/ui": "^0.1.0",
+      "@pcn-js/data360": "^0.1.0"
+    }
+  }
+  ```
+
+  Then run `pnpm install` (or `npm install`). Remove any `pnpm.overrides` that pointed at `file:../../pcn/...` for these packages.
+
+- **From internal registry:**
+  Ensure the app’s npm/pnpm config uses the same registry and auth; then use the same version ranges and install as above.
+
+## Summary
+
+| Step               | Command                                        |
+| ------------------ | ---------------------------------------------- |
+| Add changesets     | `pnpm changeset`                               |
+| Bump versions      | `pnpm version-packages`                        |
+| Publish (public)   | Set registry to npmjs.org, then `pnpm release` |
+| Publish (internal) | `pnpm release` (with registry in `.npmrc`)     |
+
+Each package has `"publishConfig": { "access": "public" }` so the scoped packages `@pcn-js/*` are published as public when the target registry supports it (e.g. npm).
+
+## Troubleshooting (public npm)
+
+### E403: Two-factor authentication or granular access token required
+
+npm requires one of the following to publish:
+
+1. **Enable 2FA on your npm account** (recommended):
+   - Go to [npm → Account Settings → Two-Factor Authentication](https://www.npmjs.com/settings/~yourusername/account)
+   - Turn on “Require two-factor authentication for writes (publishing)”
+   - Run `npm login` again; npm will prompt for your OTP when you publish.
+
+2. **Use a granular access token with publish and “bypass 2FA”** (for CI or headless use):
+   - Go to [npm → Access Tokens](https://www.npmjs.com/settings/~yourusername/tokens)
+   - Create token → “Granular access token”
+   - Set permissions: **Packages and scopes** → Read and write for `@pcn-js` (or your scope)
+   - Enable “Bypass two-factor authentication when publishing from the command line”
+   - Use the token when logging in: `npm login --auth-type=legacy` and paste the token as the password (username can be your npm username or `_authToken`-style usage), or set in `.npmrc`:
+     `//registry.npmjs.org/:_authToken=YOUR_TOKEN`
+
+After changing 2FA or creating a token, run **`npm login`** again (with registry set to `https://registry.npmjs.org/` if needed), then retry `pnpm release`.
+
+### E404: Not Found when publishing @pcn-js/*
+
+If you see **404 Not Found - PUT https://registry.npmjs.org/@pcn-js%2f...** or "The requested resource '@pcn-js/...' could not be found or you do not have permission":
+
+- The scope `@pcn-js` must exist on npm. [Create an organization](https://www.npmjs.com/org/create) named **`pcn-js`** (same as the scope). Until the org exists, npm returns 404 for PUT.
+- Ensure you're logged in (`npm login` with registry `https://registry.npmjs.org/`) with the account that owns that org (or is a member with publish rights).
+
+### Organization name not available
+
+If the organization name **pcn** is not available on npm, you can publish under a different scope:
+
+1. **User scope (no org needed)** — Use your npm username. For example, if your username is `avsolatorio`, rename packages to `@avsolatorio/pcn-core`, `@avsolatorio/pcn-ui`, `@avsolatorio/pcn-data360`, `@avsolatorio/pcn-fixtures`. You can publish under your user scope without creating an organization.
+2. **Different org name** — Create an organization with another name (e.g. `pcn-js`, `proof-carrying-numbers`) and use that as the scope: `@pcn-js/core`, `@pcn-js/ui`, etc.
+3. **Unscoped packages** — Publish without a scope: `pcn-core`, `pcn-ui`, `pcn-data360`, `pcn-fixtures`. Install with `npm install pcn-core pcn-ui pcn-data360`. Unscoped names must be globally unique on npm.
+
+To switch scope, update the `name` field in each package's `package.json`, update internal references (e.g. `@pcn-js/core` → `@yourscope/core` in dependencies), and update any docs or app `package.json` that install these packages.
+
+### One-time password (OTP) when 2FA is enabled
+
+If you see **"This operation requires a one-time password from your authenticator"**:
+
+- npm is asking for your 2FA code. Run `pnpm release` in an **interactive** terminal and enter the 6-digit code from your authenticator when prompted.
+- If the prompt doesn't appear (e.g. in a non-interactive or CI environment), pass the OTP for that run:
+  `NPM_CONFIG_OTP=123456 pnpm release`
+  (Replace `123456` with the current code; it changes every ~30 seconds.)
+
+### Access token expired or revoked
+
+If you see “Access token expired or revoked. Please try logging in again”:
+
+- Run `npm login` (with registry `https://registry.npmjs.org/`).
+- If you use a token in `.npmrc`, generate a new token at [npm Access Tokens](https://www.npmjs.com/settings/~yourusername/tokens) and update the value.

examples/chat-app/CHANGELOG.md

@@ -0,0 +1,19 @@
+# pcn-example-chat-app
+
+## 0.0.2
+
+### Patch Changes
+
+- Updated dependencies
+  - @pcn-js/data360@0.1.1
+  - @pcn-js/core@0.1.1
+  - @pcn-js/ui@0.1.1
+
+## 0.0.1
+
+### Patch Changes
+
+- Updated dependencies
+  - @pcn-js/data360@0.1.1
+  - @pcn-js/core@0.1.1
+  - @pcn-js/ui@0.1.1

examples/chat-app/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pcn-example-chat-app",
-  "version": "0.0.0",
+  "version": "0.0.2",
   "private": true,
   "type": "module",
   "scripts": {
@@ -10,9 +10,9 @@
     "typecheck": "tsc -p tsconfig.json --noEmit"
   },
   "dependencies": {
-    "@pcn/core": "workspace:*",
-    "@pcn/data360": "workspace:*",
-    "@pcn/ui": "workspace:*",
+    "@pcn-js/core": "workspace:*",
+    "@pcn-js/data360": "workspace:*",
+    "@pcn-js/ui": "workspace:*",
     "react": "^18.3.0",
     "react-dom": "^18.3.0"
   },

examples/chat-app/src/App.tsx

@@ -1,5 +1,5 @@
-import { Data360ClaimsProvider, DATA360_GET_DATA_TOOL } from "@pcn/data360";
-import { IngestToolOutput } from "@pcn/ui";
+import { Data360ClaimsProvider, DATA360_GET_DATA_TOOL } from "@pcn-js/data360";
+import { IngestToolOutput } from "@pcn-js/ui";
 import { MessageWithClaims } from "./MessageWithClaims";
 
 /** Simulated Data360 get_data tool result. */

examples/chat-app/src/MessageWithClaims.tsx

@@ -1,4 +1,4 @@
-import { ClaimMark } from "@pcn/ui";
+import { ClaimMark } from "@pcn-js/ui";
 
 /**
  * Renders a simple "assistant" message that contains numeric claims.

packages/core/CHANGELOG.md

@@ -0,0 +1,13 @@
+# @pcn-js/core
+
+## 0.1.1
+
+### Patch Changes
+
+- First public release of the Proof-Carrying Numbers (PCN) SDK.
+
+## 0.1.1
+
+### Patch Changes
+
+- First public release of the Proof-Carrying Numbers (PCN) SDK.

packages/core/README.md

@@ -1,4 +1,4 @@
-# @pcn/core
+# @pcn-js/core
 
 Core PCN implementation: verification engine, claims manager, and HTML processing.
 
@@ -7,7 +7,7 @@ Core PCN implementation: verification engine, claims manager, and HTML processin
 Central cache and lookup for claims. Register claims by id (e.g. from tool results that include `claim_id`), then use `get`/`getAll` when processing content or with `@pcn/ui` components.
 
 ```ts
-import { ClaimsManager, createDataPointExtractor } from "@pcn/core";
+import { ClaimsManager, createDataPointExtractor } from "@pcn-js/core";
 
 const manager = new ClaimsManager();
 

packages/core/package.json

@@ -1,6 +1,6 @@
 {
-  "name": "@pcn/core",
-  "version": "0.1.0",
+  "name": "@pcn-js/core",
+  "version": "0.1.1",
   "description": "Proof-Carrying Numbers (PCN): core engine for verifying numeric claims and annotating HTML <claim> tags.",
   "license": "Apache-2.0",
   "type": "module",
@@ -19,6 +19,9 @@
     "README.md",
     "LICENSE"
   ],
+  "publishConfig": {
+    "access": "public"
+  },
   "sideEffects": false,
   "dependencies": {
     "cheerio": "^1.1.2",

packages/data360/CHANGELOG.md

@@ -0,0 +1,19 @@
+# @pcn-js/data360
+
+## 0.1.1
+
+### Patch Changes
+
+- First public release of the Proof-Carrying Numbers (PCN) SDK.
+- Updated dependencies
+  - @pcn-js/core@0.1.1
+  - @pcn-js/ui@0.1.1
+
+## 0.1.1
+
+### Patch Changes
+
+- First public release of the Proof-Carrying Numbers (PCN) SDK.
+- Updated dependencies
+  - @pcn-js/core@0.1.1
+  - @pcn-js/ui@0.1.1