proxmox/docs/00-meta/TODO_TASK_LIST_MASTER.md

# Master TODO Task List

**Last Updated:** 2026-03-02  
**Purpose:** Consolidated list of all fixes, enhancements, improvements, optimizations, recommendations, and missed steps.  
**Full index (1–139):** [ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md). **Full deployment order:** [DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) (Phase 0–6); before deploy run `./scripts/deployment/preflight-chain138-deploy.sh [--cost]`.

**Fully expanded checklist (everything conceivable):** **[MASTER_TODO_EXPANDED.md](MASTER_TODO_EXPANDED.md)** — Blitzkrieg Steps 0–19, R1–R23, tasks 1–30, Ledger 8–17, DEX/TransactionMirror, Tezos/CCIP, CONTRACT_NEXT_STEPS, GAPS, Supreme Command, Absolute Air Superiority, ALL_REQUIREMENTS, and validation commands.

**Execution mode: Full maximum parallel.** Run all remaining items in parallel by wave. See **[FULL_PARALLEL_EXECUTION_ORDER.md](FULL_PARALLEL_EXECUTION_ORDER.md)** for the ordered wave list (Wave 0 → Wave 1 → Wave 2 → Wave 3). Within each wave, execute every item concurrently; no artificial sequencing. Validation commands at bottom.

**Status:** `./scripts/validation/validate-config-files.sh` · `./scripts/verify/run-all-validation.sh` | [WAVE1_COMPLETION_SUMMARY.md](WAVE1_COMPLETION_SUMMARY.md) | [WAVE2_WAVE3_OPERATOR_CHECKLIST.md](WAVE2_WAVE3_OPERATOR_CHECKLIST.md) | [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md) (step-by-step; 2026-02-05 completion) | **[REMAINING_TASKS_AND_API_FEATURES.md](REMAINING_TASKS_AND_API_FEATURES.md)** (2026-02-10: consolidated remaining tasks + API features inventory). **Single plan (required/optional/recommended):** [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md).

**2026-02-05:** Master documentation updated (MASTER_INDEX v5.8, docs/README, MASTER_PLAN, NEXT_STEPS_MASTER); "Can be accomplished now" list completed; 32 files consolidated per [ARCHIVE_CANDIDATES.md](ARCHIVE_CANDIDATES.md).

**2026-02-23:** Placeholders/fixes sync: TODOS_CONSOLIDATED, NEXT_STEPS_AND_REMAINING_TODOS, NEXT_STEPS_FOR_YOU updated to reference REQUIRED_FIXES_UPDATES_GAPS §4 (canonical addresses, AlltraAdapter, smart accounts, quote FABRIC_CHAIN_ID, .bak — all Done or Documented). Remaining in-repo fixes complete; operator/LAN and deferred items unchanged.

**2026-02-28:** Master documentation refresh — MASTER_INDEX 6.6; REPOSITORIES_AND_PRS_CHAIN138; pr-ready (eip155-138 public RPC only, Trust Wallet); set-missing-dotenv-chain138.sh; deploy-bridges-config-ready-chains.sh; ENV_CONFIG_READY_CHAINS (Gnosis/Celo/Wemix); WHATS_LEFT_OPERATOR_AND_EXTERNAL, NEXT_STEPS_INDEX updated.

**2026-02-27:** Deployment order of operations ([DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md)) and preflight script (`preflight-chain138-deploy.sh`) added. Deployment safety: correct RPC (Core only), correct dotenv (smom-dbis-138/.env), gas/cost estimate before deploy, do not deploy when stuck. NEXT_STEPS_AND_REMAINING_TODOS, TODOS_CONSOLIDATED updated with next-steps table and 2026-02-27 completion.

---

## 1. Critical Fixes (Do First)

### CT 2301 (besu-rpc-private-1) — Corrupted Rootfs

- [ ] **Option A:** Restore from backup (if exists): `pct restore 2301 /path/to/backup.tar.zst --storage local-lvm`
- [x] **Option B:** Recreate container: Done 2026-02-04 via scripts/recreate-ct-2301.sh. See [scripts/README.md](../../scripts/README.md) § CT 2301.

### dbis-frontend (10130) — ✅ Deployed and Serving

- [x] Provision script: `./scripts/dbis/provision-dbis-frontend-container-10130.sh` (nginx, /opt/dbis-core)
- [x] Deploy script: python3 http.server fallback when nginx absent (improved to start reliably)
- [x] **Deployment complete:** Frontend built, pushed to `/tmp/dbis-frontend/dist`, python3 http.server running on port 80. Health check: 200 from container. Access: http://192.168.11.130 (on same network).

### Contract Verification on Blockscout

- [x] Script ready: `./scripts/verify/run-contract-verification-with-proxy.sh` (starts proxy if needed; --only/--skip supported)
- [x] **Executed:** Ran verification; some contracts may need manual verification (Blockscout API format/Invalid JSON). Use `--only ContractName` to retry individual contracts.

---

## 2. Gas & Deployment Steps

- [x] Verify validators have `min-gas-price=0` (scripts/verify/verify-min-gas-price.sh)
- [x] Use `GAS_PRICE=1000000000` when deploying (bridge script defaults to this)
- [x] **Bridge dry-run verified:** `GAS_PRICE=1000000000 ./scripts/bridge/run-send-cross-chain.sh <amount> [recipient] --dry-run`
- [x] **Real transfer:** Omit `--dry-run` to execute sendCrossChain; documented in [scripts/README.md](../../scripts/README.md) §8. Ensure LINK approved for fee token if needed.
- [ ] **Paymaster (optional):** `forge script script/smart-accounts/DeployPaymaster.s.sol --rpc-url $RPC_URL_138 --broadcast` — requires contract sources; see [SMART_ACCOUNTS_DEPLOYMENT_NOTE.md](../../metamask-integration/docs/SMART_ACCOUNTS_DEPLOYMENT_NOTE.md)

### Undeployed contracts — pre-deployment (test, gas check, gas API, dry-run)

**Full checklist:** [UNDEPLOYED_CONTRACTS_PRE_DEPLOYMENT_TASKS.md](../03-deployment/UNDEPLOYED_CONTRACTS_PRE_DEPLOYMENT_TASKS.md)

- [x] **Check deployer wallet for gas** on Chain 138 and all target chains: `cd smom-dbis-138 && ./scripts/deployment/check-balances-gas-and-deploy.sh`
- [x] **Use gas API to estimate** all undeployed contract deployment costs: `./scripts/deployment/get-multichain-gas-prices.sh`; optionally `update-gas-estimates.sh`; estimate per-script gas (forge/cast) for PMM pool creation, TransactionMirror, EnhancedSwapRouter, DODOPMMProvider, and any multichain cW*/PMM.
- [x] **Dry-run Chain 138 deployments:** `deploy-contracts-unified.sh --dry-run` (RPC + init fixes applied); DeployDeterministicCore simulated; PMM pool creation: set `DODO_PMM_INTEGRATION_ADDRESS` then `DRY_RUN=true ./scripts/create-all-dodo-pools-from-token-api.sh`; TransactionMirror script (no --broadcast); `deploy-optional-future-all.sh --dry-run`; `fund-ccip-bridges-with-link.sh --dry-run`.
- [ ] **Dry-run mainnet/multichain** (if applicable): `dry-run-mainnet-deployment.sh` (requires ETHEREUM_MAINNET_RPC, PRIVATE_KEY) or per-script `forge script ... --dry-run` for each target chain.
- [x] **Test not-deployed components:** Run `check-contracts-on-chain-138.sh` after any new deploy (36/36 present). Validate PMM pool creation path when pools created; DODOPMMProvider when implemented; TransactionMirror receive path after deploy; EnhancedSwapRouter when pools exist.

---

## 3. Verification Fixes (Applied — Verify)

- [x] Forge proxy: v2 API first for flattened code
- [x] verify-backend-vms: IP from net0; nginx sanitization; rpc-thirdweb path
- [x] export-npmplus: skip when NPM_PASSWORD missing
- [x] verify-udm-pro: internal failure → warn
- [x] verify-all-systems: flexible patterns; bash --norc
- [x] Re-run: `bash scripts/verify/run-full-verification.sh` (2026-02-03)
- [x] **validate-genesis.sh (smom-dbis-138):** Fixed 2026-02-05 — runs standalone; QBFT supported. See [WAVE1_COMPLETION_SUMMARY.md](WAVE1_COMPLETION_SUMMARY.md) (Wave 1 verification section).
- [x] **validate-config-files.sh:** Pass (ip-addresses.conf, .env.example). Optional env warnings only.
- [x] **E2E routing:** verify-end-to-end-routing.sh run; 25 DNS pass, 14 HTTPS pass, 6 RPC 405 until NPMplus fix from LAN.
- [x] **502 fix flow:** When E2E 502s persist (dbis-admin, secure, dbis-api, rpc-http-prv, rpc-alltra/hybx), from LAN run `./scripts/maintenance/address-all-remaining-502s.sh` (optionally `--run-besu-fix --e2e`). Runbook: [502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md](502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md).
- [x] **Full verification includes config:** run-full-verification.sh Step 0 runs validate-config-files.sh (6 steps total).
- [x] **Maintenance script:** daily-weekly-checks.sh [daily|weekly|all] — tested; RPC check OK.
- [x] **shellcheck (optional):** `bash scripts/verify/run-shellcheck.sh` or `run-shellcheck-docker.sh`; use `--optional` to exit 0 when shellcheck not installed.

---

## 4. All Improvements & Gaps (1–139) — Full Checklist

**Run in full parallel where possible.** See [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](../ALL_IMPROVEMENTS_AND_GAPS_INDEX.md) for details and [PARALLEL_TASK_STRUCTURE.md](PARALLEL_TASK_STRUCTURE.md) for cohorts.

| Range | Category | Count |
|-------|----------|-------|
| 1–11 | Proxmox high priority | 11 |
| 12–20 | Proxmox medium | 9 |
| 21–30 | Proxmox low | 10 |
| 31–35 | Quick wins | 5 |
| 36–67 | Code quality & scripts | 32 |
| 68–74 | Documentation enhancements | 7 |
| 75–91 | Infrastructure & deployment | 17 |
| 92–105 | MetaMask & explorer | 14 |
| 106–121 | Tezos / Etherlink / CCIP | 16 |
| 122–126 | Besu / blockchain | 5 |
| 127–130 | RPC translator | 4 |
| 131–134 | Orchestration portal | 4 |
| 135–139 | Maintenance | 5 |

- [ ] **1–139** — Work through [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](../ALL_IMPROVEMENTS_AND_GAPS_INDEX.md) (parallel by cohort where no deps). Docs 68–74 index: [QUICK_REFERENCE_CARDS.md](../12-quick-reference/QUICK_REFERENCE_CARDS.md) §3.1. **CI validation:** `bash scripts/verify/run-all-validation.sh [--skip-genesis]` (dependencies + config + optional genesis). Config only: `scripts/validation/validate-config-files.sh` (set VALIDATE_REQUIRED_FILES for CI/pre-deploy). **Last full parallel run (2026-02-05):** run-all-validation, validate-config-files, security dry-runs, phase2 --config-only, CCIP checklist, phase4 --show-steps, config backup, Wave 0 --dry-run — summarized in [REMAINING_ITEMS_FULL_PARALLEL_LIST.md](REMAINING_ITEMS_FULL_PARALLEL_LIST.md) and [WAVE1_COMPLETION_SUMMARY.md](WAVE1_COMPLETION_SUMMARY.md).

---

## 5. Security (High Priority)

- [x] chmod 600 .env (2026-02-03)
- [x] **SSH/firewall scripts:** `./scripts/security/setup-ssh-key-auth.sh [--dry-run|--apply]`, `./scripts/security/firewall-proxmox-8006.sh [--dry-run|--apply] [CIDR]`
- [ ] smom: Security audits VLT-024, ISO-024; Bridge integrations BRG-VLT, BRG-ISO

---

## 6. Monitoring & Backup

- [x] **Monitoring:** `./scripts/deployment/phase2-observability.sh [--config-only]` → config/monitoring/; runbook OPERATIONAL_RUNBOOKS § Phase 2
- [x] Besu metrics 9545; Prometheus: scripts/monitoring/prometheus-besu-config.yml
- [x] Health alerting: ALERT_EMAIL/ALERT_WEBHOOK in storage-monitor, npmplus monitor
- [x] **Automated backup:** `./scripts/backup/automated-backup.sh [--with-npmplus]`; runbook OPERATIONAL_RUNBOOKS

---

## 7. Infrastructure Phases

- [x] **Phase 2:** Monitoring config + runbook; backup script; SSH/firewall scripts (see §5, §6).
- [x] **Phase 3 CCIP checklist:** `./scripts/ccip/ccip-deploy-checklist.sh` — validates env, prints deployment order; full deploy per [CCIP_DEPLOYMENT_SPEC.md](../07-ccip/CCIP_DEPLOYMENT_SPEC.md).
- [x] **Phase 4 (runbook):** [OPERATIONAL_RUNBOOKS.md](../03-deployment/OPERATIONAL_RUNBOOKS.md) § Phase 4; `scripts/deployment/phase4-sovereign-tenants.sh [--show-steps|--dry-run]`; NETWORK_ARCHITECTURE, ORCHESTRATION_DEPLOYMENT_GUIDE, UDM_PRO_FIREWALL_MANUAL_CONFIGURATION.

---

## 8. Codebase

- [ ] dbis_core: ~1186 TS errors remain (deferred)
- [x] smom: EnhancedSwapRouter/DODOPMMProvider/Quote Service documented in [PLACEHOLDERS_AND_TBD.md](../PLACEHOLDERS_AND_TBD.md); AlltraAdapter setBridgeFee done
- [x] Scripts: --dry-run (create-chain138-containers, deploy-weth9, backup-proxmox-configs); sendCrossChain real transfer documented

---

## 9. Documentation (see also MASTER_TODO_EXPANDED §12)

- [x] Update NEXT_STEPS_MASTER with 2026-02-03 completions (2026-02-05)
- [x] Sync VM_RESTART known-issue #1 (Corrupted rootfs) — Resolved 2026-02-04; VM_RESTART doc updated
- [x] Add fix-ct-2301 to scripts/README

---

## 10. Blitzkrieg, DEX, Supreme Command (full list in MASTER_TODO_EXPANDED)

- [ ] **Blitzkrieg trail:** Steps 0–19 (env freeze, canonical registry, token lists, GRU M1, CCIP, W-Tokens, wallet ingestion, Blockscout, bridge hardening, CI/CD, monitoring, security, dry-run done; optional Tezos/DODO)
- [ ] **Recommendations R1–R23:** Verification, single source of truth, on-chain check, secrets, RPC/gas/order, runbooks, automation, monitoring, tests, Sankofa/network placeholders
- [ ] **DEX / cross-chain:** TransactionMirror (Mainnet verify, Chain 138 deploy if needed); DODO (DODOPMMIntegration + Provider); EnhancedSwapRouter when pools exist; full trustless stack; Jumper/FABRIC_CHAIN_ID. **Before any Chain 138 deploy:** run `./scripts/deployment/preflight-chain138-deploy.sh [--cost]`; follow [DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) Phase 0–6.
- [ ] **Tezos/CCIP:** External verification (CCIP/Jumper/LiFi); InitializeRegistry/DeployAllAdapters; Etherlink receivers; relay; DON; monitoring; testing
- [ ] **Supreme Command:** Deployment matrix, risk scoreboard, RAG dashboard, reconciliation, prod vs testnet, war-room
- [ ] **Absolute Air Superiority:** Sentinel, canonical anchoring, circuit breaker, stress test, time-to-containment, formal verification, sovereign continuity

**Detail and every sub-task:** [MASTER_TODO_EXPANDED.md](MASTER_TODO_EXPANDED.md).

---

## 10b. Chain 138 deployment (smom-dbis-138)

- [x] **Verify script:** Optional checks (CCIPTxReporter, genesis.json) → warnings; log_* fallbacks; unset-var safe (2026-02-16).
- [x] **@emoney/interfaces:** Relative imports in ReserveTokenIntegration.sol and DeployReserveSystem.s.sol for Hardhat/CCIPLogger.
- [x] **.env.example:** CHAIN138_CCIP_REPORTER and DODO_VENDING_MACHINE_ADDRESS documented.
- [x] **Optional (completed where possible):** CCIPLogger deployed (mainnet); CCIPTxReporter contract added and deployed (Chain 138); LINK funding script run (transfers need deployer LINK); PMM still requires DODO_VENDING_MACHINE_ADDRESS from operator.

**Warnings and optional tasks:** [smom-dbis-138/docs/deployment/WARNINGS_AND_OPTIONAL_TASKS.md](../../smom-dbis-138/docs/deployment/WARNINGS_AND_OPTIONAL_TASKS.md).

---

## 11. Optional / Enhancements

- [x] **Token-aggregation:** Admin routes use strict rate limit; [COINGECKO_SUBMISSION.md](../../smom-dbis-138/services/token-aggregation/docs/COINGECKO_SUBMISSION.md) for CoinGecko listing steps.
- [x] **API key placeholders:** All vars from [API_KEYS_REQUIRED.md](../../reports/API_KEYS_REQUIRED.md) added to root `.env.example`, `dbis_core/.env.example`, `the-order/services/legal-documents/.env.example` (see [API_KEYS_DOTENV_STATUS.md](API_KEYS_DOTENV_STATUS.md)). Obtaining keys remains operator task.
- [ ] Resource/network/database optimization

---

## 12. DBIS RTGS / HYBX / Hyperledger E2E stack

**Purpose:** Track everything required for a true end-to-end RTGS stack across DeFi Oracle Meta Mainnet (Chain 138), HYBX sidecars, OMNL / Fineract, and the external banking / interoperability integrations we currently have access to.

### 12.1 Participant / treasury / GL model

- [ ] Finalize participant model for RTGS and settlement:
  - central bank / RTGS operator
  - HYBX participant
  - Bank Kanaya and other offices / institutions
- [ ] Finalize treasury account model:
  - settlement
  - reserve
  - nostro
  - vostro
  - liquidity / prefunding accounts
- [ ] Finalize GL mappings and JE flows for RTGS settlement in OMNL / Fineract.
- [ ] Freeze the canonical ID resolution flow using:
  - `scripts/omnl/resolve_ids.sh`
  - `scripts/omnl/omnl-office-create-*.sh`
  - `scripts/omnl/omnl-pvp-post-clearing-bank-kanaya.sh`

### 12.1A Depository / CSD layer

- [ ] Define the depository / CSD operating model for in-scope DBIS instruments.
- [ ] Freeze whether the depository role is on-ledger, off-ledger, or hybrid.
- [ ] Freeze issuance, transfer, pledge, lien, and settlement-touch behavior for at least one canonical asset flow.
- [ ] Define participant-to-asset-register and custody relationships for depository-managed assets.

### 12.1B Global custodian layer

- [ ] Define the global custodian operating model and account structure.
- [ ] Freeze safekeeping, statement, and asset-servicing obligations across correspondent and global-bank paths.
- [ ] Define how custodian statements reconcile to OMNL and RTGS settlement state.

### 12.1C FX pricing / dealing engine

- [ ] Freeze the FX pricing hierarchy, approved rate sources, and quote-locking rules.
- [ ] Freeze the quote lifecycle from request to booking to reconciliation.
- [ ] Define how the FX engine integrates with OMNL, treasury, and HYBX sidecars.

### 12.1D Liquidity pooling and aggregation engine

- [ ] Define source prioritization, eligibility rules, allocation logic, and operator overrides.
- [ ] Freeze how liquidity decisions are recorded and reconciled against funding and settlement events.
- [ ] Decide when on-chain liquidity is part of the funding policy versus optional extension.

### 12.1E Liquidity source adapters

- [ ] Enumerate all in-scope liquidity source families:
  - internal treasury pools
  - bank credit / liquidity lines
  - correspondent-bank sources
  - optional on-chain liquidity
- [ ] Define one adapter contract per mandatory source class.
- [ ] Validate at least the mandatory source adapters used by the canonical RTGS rail.

### 12.1F Custody / safekeeping / asset servicing flow

- [ ] Define the canonical lifecycle for safekeeping, transfer, servicing, and statement production.
- [ ] Freeze custody-to-depository, custody-to-settlement, and custody-to-evidence relationships.
- [ ] Validate one end-to-end custody lifecycle with reconciliation and evidence output.

### 12.2 Mifos / Fineract / OMNL banking rail

- [ ] Freeze and execute the first-slice deployment checklist:
  - `docs/03-deployment/DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md`
  - `docs/03-deployment/DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md`
- [ ] Confirm production-grade Mifos/Fineract tenancy, credentials, API reachability, and operator runbook completeness for the current OMNL environment.
- [ ] Complete the full operator rail using:
  - `scripts/omnl/omnl-operator-rail.sh`
  - `scripts/omnl/omnl-reconciliation-office20.sh`
  - `scripts/omnl/omnl-audit-packet-office20.sh`
- [ ] Complete the Indonesia / HYBX evidence path:
  - `scripts/omnl/build-transaction-package-zip.sh`
  - `scripts/omnl/verify-transaction-package-commitment.py`
  - `scripts/omnl/check-transaction-package-4995-readiness.sh --strict`
- [ ] Freeze the source-of-truth API contract from `docs/11-references/API_DOCUMENTATION.md` and the OMNL OpenAPI snapshot.

### 12.3 Mojaloop integration

- [ ] Identify the exact Mojaloop deployment / switch endpoints currently available to HYBX.
- [ ] Document the live Mojaloop API contract and auth model:
  - quote
  - transfer
  - callback / status
  - settlement window / liquidity behavior

### 12.4 First-slice HYBX sidecar promotion

- [ ] Promote the selected first-slice sidecars from local build verification to real production runtime on Proxmox VE:
  - `mifos-fineract-sidecar`
  - `server-funds-sidecar`
  - `off-ledger-2-on-ledger-sidecar`
- [ ] Freeze Proxmox runtime targets, Java baseline, secrets/env injection, and restart/logging policy.
- [ ] Validate each selected sidecar with a stable health/readiness path and one canonical RTGS flow before calling the first slice production-ready.
- [ ] Define the canonical mapping between Mojaloop events and:
  - Fineract postings
  - sidecar events
  - on-chain settlement events
- [ ] Add a repo-backed Mojaloop integration runbook once endpoint details are confirmed.

### 12.4 HYBX sidecar integration

- [ ] Audit and document the currently accessible HYBX sidecars:
  - `mifos-fineract-sidecar`
  - `mt103-hardcopy-sidecar`
  - `off-ledger-2-on-ledger-sidecar`
  - `securitization-engine-sidecar`
  - `card-networks-sidecar`
  - `server-funds-sidecar`
  - `securities-sidecar` (if in scope)
  - `flash-loan-xau-sidecar` (if in scope)
- [ ] Define system boundaries and ownership for each sidecar:
  - system-of-record
  - message ingress / egress
  - retry semantics
  - auth and credential handling
- [ ] Create a canonical end-to-end sidecar matrix linked from the RTGS runbook.

### 12.5 Chain 138 settlement rail

- [ ] Freeze the canonical on-chain settlement path for RTGS:
  - DBIS / compliant settlement tokens
  - MerchantSettlementRegistry
  - WithdrawalEscrow
  - reserve / oracle dependencies where applicable
- [ ] Define the exact mapping from off-ledger settlement events to on-chain settlement confirmations.
- [ ] Decide when `alltra-lifi-settlement` is in the critical RTGS path versus optional cross-chain / liquidity extension.
- [ ] Produce a repo-backed RTGS settlement sequence diagram spanning Fineract ↔ sidecars ↔ Chain 138.

### 12.6 Workflow and orchestration

- [ ] Keep FireFly `6200` as the active primary workflow layer and preserve its config/image path.
- [ ] Decide whether to rebuild `6201` as a real secondary FireFly node for HA or leave it permanently retired.
- [ ] Define the event catalog and correlation model across:
  - Fineract
  - Mojaloop
  - HYBX sidecars
  - FireFly
  - Chain 138
  - regulatory package generation
- [ ] Add compensating-action / retry design for cross-system failures.

### 12.7 Additional Hyperledger layers needed

- [ ] Decide whether **Hyperledger Aries** is required as an actual deployed identity / agent layer for DBIS RTGS.
- [ ] If Aries is in scope, define:
  - agent placement
  - wallet / DID model
  - protocol flows
  - relationship to Indy and credential verification
- [ ] Decide whether **Hyperledger AnonCreds** is required as part of the verifiable credential stack.
- [ ] If AnonCreds is in scope, define the issuer / holder / verifier model and where credential registries live.
- [ ] Decide whether **Hyperledger Ursa** is required as an explicit cryptographic dependency versus an indirect library/runtime concern.
- [ ] If Ursa is in scope, document where it is used in the identity / VC pipeline and what operational control it requires.
- [ ] Decide whether **Hyperledger Cacti** is actually needed in the RTGS interoperability path or remains optional / future-state.
- [ ] Keep **Hyperledger Caliper** in the program for RTGS performance validation and benchmark the final path when the stack is complete.

### 12.8 Fabric / Indy runtime decision

- [ ] If Fabric is required for the RTGS target architecture, deploy real workloads onto `6000-6002` and validate peer / orderer health.
- [ ] If Fabric is not required now, keep `6000-6002` classified as reserved placeholders and remove them from any “active stack” claims.
- [ ] If Indy is required for the RTGS target architecture, deploy real workloads onto `6400-6402` and validate validator / listener health.
- [ ] If Indy is not required now, keep `6400-6402` classified as reserved placeholders and remove them from any “active stack” claims.

### 12.9 Regulatory / audit / ISO package

- [ ] Finalize the institutional attestation and evidentiary package path for HYBX submissions.
- [ ] Finalize ISO 20022 vault manifest generation and hash anchoring policy.
- [ ] Finalize AML / sanctions / legal-finality memo workflow for production submissions.
- [ ] Ensure the RTGS path has a reproducible audit packet per settlement batch.

### 12.10 Production gate

- [x] Canonical RTGS production checklist created and now maintained in [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](../03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md) with columns:
  - component
  - current state
  - required integration
  - remaining task
  - owner
  - production gate
- [x] Initial HYBX sidecar boundary matrix created: [DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md](../03-deployment/DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md)
- [x] Initial Mojaloop status artifact created: [DBIS_MOJALOOP_INTEGRATION_STATUS.md](../03-deployment/DBIS_MOJALOOP_INTEGRATION_STATUS.md)
- [x] Initial identity-stack decision artifact created: [DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md](../03-deployment/DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md)
- [ ] Add a single “full RTGS E2E” production gate that only turns green when:
  - Fineract / OMNL is complete
  - HYBX sidecars are integrated
  - Mojaloop integration is real and validated
  - Chain 138 settlement path is validated
  - required Hyperledger identity/workflow layers are deployed
  - regulatory package generation passes

---

## 13. Maintenance (135–139)

- [x] **Runbook and script:** [OPERATIONAL_RUNBOOKS.md](../03-deployment/OPERATIONAL_RUNBOOKS.md) § Maintenance; `scripts/maintenance/daily-weekly-checks.sh [daily|weekly|all]` for 135–137. Schedule via cron (e.g. daily 08:00).
- [x] **Script tested:** daily-weekly-checks.sh daily (explorer SKIP off-LAN, RPC OK).
- [x] **Ongoing scheduled (2026-02-05):** `schedule-daily-weekly-cron.sh --install` — daily 08:00, weekly Sun 09:00.
- [x] Monitor explorer sync — Daily (cron runs daily-weekly-checks.sh daily)
- [x] Monitor RPC 2201 — Daily (same script)
- [x] Config API uptime — Weekly (cron runs weekly)
- [x] Review explorer logs — Weekly (runbook: OPERATIONAL_RUNBOOKS § Maintenance [138])
- [x] Update token list — Validated token-lists/lists/dbis-138.tokenlist.json; update as needed per runbook [139]

---

## Validation Commands

| Check | Command |
|-------|---------|
| All validation (CI) | `bash scripts/verify/run-all-validation.sh [--skip-genesis]` |
| Dependencies | `bash scripts/verify/check-dependencies.sh` |
| Backend VMs | `bash scripts/verify/verify-backend-vms.sh` |
| Full verification | `bash scripts/verify/run-full-verification.sh` |
| E2E routing only | `bash scripts/verify/verify-end-to-end-routing.sh` |
| All systems | `bash scripts/verify-all-systems.sh` |
| Config files | `bash scripts/validation/validate-config-files.sh` |
| Genesis (smom-dbis-138) | `bash smom-dbis-138/scripts/validation/validate-genesis.sh` |
| Chain 138 full deploy verify | `bash smom-dbis-138/scripts/deployment/verify-chain138-full-deployment.sh` |
| Besu peers | `bash scripts/besu-verify-peers.sh ${RPC_URL_138:-http://192.168.11.211:8545}` |
| Shellcheck (optional) | `bash scripts/verify/run-shellcheck.sh [--optional]` or `bash scripts/verify/run-shellcheck-docker.sh` |
| Wave 0 from LAN | `bash scripts/run-wave0-from-lan.sh [--dry-run] [--skip-backup] [--skip-rpc-fix]` |
| NPMplus backup cron | `bash scripts/maintenance/schedule-npmplus-backup-cron.sh [--install|--show]` |
| Daily/weekly checks cron | `bash scripts/maintenance/schedule-daily-weekly-cron.sh [--install|--show]` |

---

**Related:** [MASTER_TODO_EXPANDED.md](MASTER_TODO_EXPANDED.md) (fully expanded checklist) | [REMAINING_TASKS_AND_API_FEATURES.md](REMAINING_TASKS_AND_API_FEATURES.md) (remaining tasks + Phoenix/OMNL/Explorer API inventory) | [NEXT_STEPS_MASTER.md](NEXT_STEPS_MASTER.md) | [PARALLEL_TASK_STRUCTURE.md](PARALLEL_TASK_STRUCTURE.md) | [IMPLEMENTATION_CHECKLIST.md](../10-best-practices/IMPLEMENTATION_CHECKLIST.md) | [REMAINING_TASKS.md](../REMAINING_TASKS.md) | [reports/status/VM_RESTART_AND_VERIFICATION_20260203.md](../../reports/status/VM_RESTART_AND_VERIFICATION_20260203.md).