2026-03-04 02:03:08 -08:00
# Operator Credentials and Secrets — Checklist
**Purpose:** Before running Operator/LAN tasks, confirm you have the required credentials and access. **Does Operator/LAN have all necessary creds? ** Use this checklist; if any row is **No ** , obtain or set that credential before running the task.
**Where to set:** Unless noted, use `smom-dbis-138/.env` (gitignored). Copy from `smom-dbis-138/.env.example` or see [REMAINING_WORK_DETAILED_STEPS ](REMAINING_WORK_DETAILED_STEPS.md ) for per-step blockers.
**Operator scripts load dotenv automatically:** [run-all-operator-tasks-from-lan.sh ](../../scripts/run-all-operator-tasks-from-lan.sh ) and [run-operator-tasks-from-lan.sh ](../../scripts/run-operator-tasks-from-lan.sh ) source `scripts/lib/load-project-env.sh` , which loads repo root `.env` and `smom-dbis-138/.env` . No need to `source .env` before running.
docs: update master documentation and push to Gitea (2026-03-06)
- MASTER_INDEX: Last Updated 2026-03-06; status 59/59 contracts; add NEXT_STEPS_LIST, CONTRACT_NEXT_STEPS_LIST
- docs/README, NEXT_STEPS_INDEX, 06-besu/MASTER_INDEX: Last Updated 2026-03-06
- Contract check script: 59 addresses (PMM, vault/reserve, CompliantFiatTokens); canonical CCIP/router
- New docs: EXECUTION_CHECKLIST, NEXT_STEPS_LIST, DOTENV_AUDIT, ADDITIONAL_PATHS, deployer gas runbook, WEMIX_ACQUISITION_TABLED, etc.
- Config: deployer-gas-routes, cro-wemix-swap-routes, routing-registry, token-mapping
- Scripts: check-contracts-on-chain-138, check-pmm-pool-balances-chain138, deployer-gas-auto-route, acquire-cro-and-wemix-gas
- Operator rule: operator-lan-access-check.mdc
Made-with: Cursor
2026-03-06 19:11:25 -08:00
**Required secrets for operator (full lists):** For a complete list of all env variables by area (root, smom-dbis-138, services, frontend, config-ready chains, bridge quote), see [DOTENV_FILES_REFERENCE.md ](../04-configuration/DOTENV_FILES_REFERENCE.md ). For deployment and bridge addresses see [ENV_EXAMPLE_CONTENT.md ](../../smom-dbis-138/docs/deployment/ENV_EXAMPLE_CONTENT.md ) and [env.additions.example ](../../smom-dbis-138/env.additions.example ).
2026-03-04 02:03:08 -08:00
---
## Required credentials (summary)
| Credential / access | Used for | Where to set / get |
|--------------------|----------|---------------------|
| **LAN (192.168.11.x) ** | NPMplus API, RPC, Blockscout, Proxmox | Be on same network or VPN |
| **PRIVATE_KEY ** (64-char hex, no 0x) | Chain 138 deploy, bridge send, any `forge script --broadcast` | `smom-dbis-138/.env` |
| **RPC_URL_138 ** (Chain 138 Core) | Deploy, verify, on-chain check | e.g. `http://192.168.11.211:8545` in `.env` |
| **NPM_PASSWORD ** | NPMplus backup, proxy host updates (502 fix) | `smom-dbis-138/.env` or root `.env` ; from NPMplus UI |
| **SSH to Proxmox ** (e.g. root@192 .168.11.10) | run-all-maintenance-via-proxmox-ssh, VM/CT creation, token-aggregation fix | SSH key or password to Proxmox host |
| **LINK ** (on Chain 138 for bridge) | sendCrossChain (real); CCIP fees | Deployer wallet must hold LINK and approve bridge |
| **Native gas (ETH/138) ** | All Chain 138 deploys and txs | Deployer `0x4A66...` funded on 138 |
| **Per-chain RPC + gas (Celo, Wemix, Gnosis) ** | CCIP bridges deploy | CELO ~0.1, WEMIX ~0.4; RPC URLs in .env |
| **ADD_LIQUIDITY_* amounts + token balance ** | Add liquidity to PMM pools | Deployer holds cUSDT/cUSDC/USDT/USDC; set in .env or runbook |
---
## Per-task requirements (Operator/LAN)
| Task | LAN | PRIVATE_KEY | NPM_PASSWORD | RPC_URL_138 | SSH Proxmox | Other |
|------|-----|-------------|--------------|-------------|-------------|--------|
| Full deployment order (Phase 0–
| Add liquidity (PMM pools) | Yes | Yes | — | Yes | — | Token balance; ADD_LIQUIDITY_BASE_AMOUNT, ADD_LIQUIDITY_QUOTE_AMOUNT |
| run-all-operator-tasks-from-lan (backup + verify) | Yes | — | Yes (backup) | Yes (verify) | Optional | Blockscout reachable |
| run-all-operator-tasks-from-lan --deploy | Yes | Yes | Yes | Yes | Optional | Gas on 138 |
| E2E 502 fix (address-all-remaining-502s) | Yes | — | Yes (NPMplus proxy update) | — | Yes (Besu fix) | Proxmox reachable |
| Blockscout verification only | Yes | — | — | Yes | — | Host can reach explorer.d-bis.org |
| Gnosis / Celo / Wemix CCIP bridges | Yes | Yes | — | Yes + per-chain RPC | — | Per-chain gas (xDAI, CELO, WEMIX); CCIP router/LINK addresses in .env |
| LINK support on Mainnet relay | Yes | Yes (if deploy) | — | Yes | Yes (restart relay) | Mainnet RPC; LINK on mainnet if funding relay |
| sendCrossChain (real) | Yes | Yes | — | Yes | — | LINK approved for bridge; recipient address |
| NPMplus backup | Yes | — | Yes | — | — | NPMplus API reachable |
| NPMplus RPC proxy fix (405) | Yes | — | Yes | — | — | — |
| Token-aggregation DB + migrations | Yes | — | — | — | Yes | PostgreSQL on VMID 5000 or same host; DATABASE_URL |
| Explorer Wallet link (edit nav) | — | — | — | — | Yes (to explorer VM) | SSH to VMID 5000 or host serving explorer |
| E2E flow waves E1–
**—** = not required for that task.
---
## Quick verification (do you have them?)
```bash
# From repo root, with smom-dbis-138/.env present:
source smom-dbis-138/.env 2>/dev/null
echo "PRIVATE_KEY set: $( [ -n "$PRIVATE_KEY" ] && echo yes || echo no )"
echo "NPM_PASSWORD set: $( [ -n "$NPM_PASSWORD" ] && echo yes || echo no )"
echo "RPC_URL_138 set: $( [ -n "$RPC_URL_138" ] && echo yes || echo no )"
# LAN: ping or curl from your machine to 192.168.11.211:8545 (or your RPC host)
# SSH: ssh root@192.168.11.10 (or your Proxmox host) echo ok
```
---
## References
- **Operator commands:** [OPERATOR_READY_CHECKLIST.md ](OPERATOR_READY_CHECKLIST.md )
- **LAN + secrets steps:** [STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md ](STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md )
- **Wave 0 (sendCrossChain, backup):** [REMAINING_WORK_DETAILED_STEPS.md ](REMAINING_WORK_DETAILED_STEPS.md ) § W0-2, W0-3
- **Remaining summary:** [REMAINING_SUMMARY.md ](REMAINING_SUMMARY.md )
