d-bis/proxmox
4
0
Fork 0
Code Issues 1 Pull Requests 9 Actions Packages Projects Releases Wiki Activity

chore: sync all changes to Gitea
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details

Browse Source 
- Config, docs, scripts, and backup manifests
- Submodule refs unchanged (m = modified content in submodules)

Made-with: Cursor
This commit is contained in:
defiQUG
2026-03-02 11:37:34 -08:00
parent ed85135249
commit b3a8fe4496
883 changed files with 73580 additions and 4796 deletions
Download Patch File Download Diff File Expand all files Collapse all files

373
docs/00-meta/ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md Normal file
View File

@@ -0,0 +1,373 @@
# All Recommendations and Suggestions for Improvements
**Purpose:** Single consolidated list of all recommendations and improvement suggestions referenced across the repository.
**Last Updated:** 2026-02-22
**Source docs:** See links at the end of each section.
**Full plan (required / optional / recommended, execution order):** [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md).
---
## 1. Proxmox / Validated Set (High priority)
| # | Recommendation | Notes |
|---|----------------|------|
| 1 | Secure .env file permissions | `chmod 600 ~/.env` |
| 2 | Secure validator key permissions | chmod 600, chown besu |
| 3 | SSH key-based authentication (disable password) | |
| 4 | Firewall rules for Proxmox API (port 8006) | Restrict to specific IPs |
| 5 | Network segmentation (VLANs) | VLAN enablement phase |
| 6 | Basic metrics collection (Prometheus, Besu 9545) | |
| 7 | Health check monitoring + alerting | |
| 8 | Automated backup script + encrypted validator keys | |
| 9 | Backup configuration files + version control | |
| 10 | Integration tests for deployment scripts | |
| 11 | Runbooks (add/remove validator, upgrade Besu, key rotation, recovery, consensus) | |
**Source:** [10-best-practices/RECOMMENDATIONS_AND_SUGGESTIONS.md](../10-best-practices/RECOMMENDATIONS_AND_SUGGESTIONS.md), [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](../ALL_IMPROVEMENTS_AND_GAPS_INDEX.md)
---
## 2. Proxmox / Validated Set (Medium priority)
| # | Recommendation | Notes |
|---|----------------|------|
| 12 | Enhanced error handling (retry, timeout, circuit breaker, rollback) | retry_with_backoff.sh exists |
| 13 | Structured logging (levels, JSON, IDs, rotation) | |
| 14 | Centralized log collection (Loki/ELK) | |
| 15 | Resource optimization (right-size, CPU pinning, quotas) | |
| 16 | Network optimization (P2P, buffers, jumbo frames, static-nodes) | |
| 17 | Database optimization (size, cache, backups, pruning) | |
| 18 | Java/Besu tuning (heap, GC, flight recorder) | |
| 19 | CI/CD pipeline (testing, blue-green, rollback, canary) | |
| 20 | CLI tool for operations | |
---
## 3. Proxmox / Validated Set (Low priority & quick wins)
| # | Recommendation | Notes |
|---|----------------|------|
| 2130 | Auto-scaling, dynamic validator set, load balancing, multi-region, HA validators, network upgrades, Web UI, HSM, audit logging, security scanning | Future |
| 31 | Add progress indicators to scripts | |
| 32 | Integrate --dry-run into deployment/change scripts | dry-run-example.sh exists |
| 33 | Integrate config validation into CI/pre-deploy | validate-config-files.sh exists |
| 34 | Create troubleshooting FAQ | |
| 35 | Add inline comments to complex scripts | |
---
## 4. Code quality & scripts
| # | Recommendation | Priority |
|---|----------------|----------|
| 36 | Script shebang: standardize on `#!/usr/bin/env bash` | Medium |
| 37 | Error handling: standardize on `set -euo pipefail` + traps | High |
| 38 | Script header template (metadata, usage, exit codes) | Medium |
| 39 | Code formatting & linting (shellcheck, shfmt, pre-commit, yamllint) | Medium |
| 40 | Script consolidation (140 deployment scripts, reduce overlap) | Medium |
| 41 | Expand shared function library (scripts/lib/) | Medium |
| 42 | Script performance (profile, parallelize, cache) | Low |
| 43 | Auto-generate script documentation | Low |
**Source:** [smom-dbis-138/docs/ADDITIONAL_OPTIMIZATION_RECOMMENDATIONS.md](../../smom-dbis-138/docs/ADDITIONAL_OPTIMIZATION_RECOMMENDATIONS.md)
---
## 5. Documentation enhancements
| # | Recommendation | Priority |
|---|----------------|----------|
| 44 | Documentation consolidation (archive old status reports) | Medium |
| 45 | Documentation accuracy review (quarterly, links, obsolete removal) | Medium |
| 46 | Inline code documentation | Low |
| 47 | API documentation (RPC, contracts, examples) | Medium |
| 68 | Quick reference cards (network, VMID, commands, troubleshooting) | High |
| 69 | Decision trees (troubleshooting, configuration, deployment) | Medium |
| 70 | Configuration templates (ER605, Proxmox, Cloudflare, Besu) | High |
| 71 | Examples and use cases (deployment, troubleshooting, migration) | Medium |
| 72 | Glossary and terminology | Medium |
| 73 | Visual elements (diagrams, tables, flowcharts) | Various |
| 74 | Organization (TOC, cross-links, maintenance schedule) | Various |
**Source:** [00-meta/DOCUMENTATION_ENHANCEMENTS_RECOMMENDATIONS.md](DOCUMENTATION_ENHANCEMENTS_RECOMMENDATIONS.md)
---
## 6. Security
| # | Recommendation | Priority |
|---|----------------|----------|
| 48 | Secret management audit (no hardcoded secrets, rotation, CI scanning) | High |
| 49 | Input validation in all scripts | High |
| 50 | Security scanning automation (CI, container image scanning) | High |
| 51 | Access control review (RBAC, least privilege) | Medium |
| 52 | Configuration validation (JSON/YAML schema, pre-deploy) | High |
**Source:** [GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md](../GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md), [04-configuration/MASTER_SECRETS.md](../04-configuration/MASTER_SECRETS.md)
---
## 7. Configuration, testing, monitoring & DX
| # | Recommendation | Priority |
|---|----------------|----------|
| 53 | Configuration templates / .example expansion | Medium |
| 54 | Environment management standardization | Medium |
| 55 | Test coverage (unit, integration, E2E, performance) | Medium |
| 56 | Automate all tests in CI | Medium |
| 57 | Test data management (fixtures, generators) | Low |
| 58 | Logging standardization (structured, levels, rotation) | Medium |
| 59 | Metrics collection for script execution | Low |
| 60 | Health check enhancement (dependencies, dashboard) | Medium |
| 61 | Dev environment setup (script, DevContainer, quick start) | Medium |
| 62 | IDE configuration (VS Code, editorconfig) | Low |
| 63 | Developer documentation (guide, standards, architecture) | Medium |
| 64 | Dependency updates (dependabot/renovate, process doc) | Medium |
| 65 | Formalize code review process | Medium |
| 66 | Change management (changelog, versioning) | Low |
| 67 | Backup & recovery review and testing | High |
---
## 8. Infrastructure & deployment
| # | Recommendation | Notes |
|---|----------------|------|
| 75 | VLAN enablement (UDM Pro, Proxmox bridge, service migration) | Phase 1 optional |
| 76 | Observability (Prometheus, Grafana, Loki, Alertmanager, Cloudflare Access) | Phase 2 |
| 77 | CCIP fleet (VMID 54005476) | Phase 3 |
| 78 | Sovereign tenants (VLANs, isolation, access control) | Phase 4 |
| 79 | Besu RPC — missing containers (canonical list) | High |
| 80 | Hyperledger (Firefly, Cacti, Fabric, Indy) containers | High/Medium |
| 81 | Blockscout (5000) container | High |
---
## 9. Codebase & placeholders
| # | Recommendation | Priority |
|---|----------------|----------|
| 82 | Security audits (VLT-024, ISO-024) | Critical |
| 83 | Bridge integrations (BRG-VLT, BRG-ISO) | High |
| 84 | CCIP AMB full implementation | High |
| 85 | dbis_core TypeScript/Prisma fixes (~1186 errors) | High |
| 86 | IRU remaining tasks | High |
| 87 | Canonical addresses env-only (token-aggregation) | Medium |
| 88 | AlltraAdapter fee (TODO: actual fee) | Medium |
| 89 | Smart accounts kit placeholders | Medium |
| 90 | Quote service Fabric chainId 999 | Low |
| 91 | .bak script/test restoration or deprecation | Low |
---
## 10. MetaMask & explorer
| # | Recommendation | Effort |
|---|----------------|--------|
| 92 | Token-aggregation production deployment | 23 h |
| 93 | Token-aggregation: external API keys (CoinGecko, CMC, DexScreener) | 30 min |
| 94 | Chain 138 Snap: market data UI | 46 h |
| 95 | Chain 138 Snap: swap quotes | 812 h |
| 96 | Chain 138 Snap: bridge routes | 812 h |
| 97 | Chain 138 Snap: testing & distribution | 24 h |
| 98 | CoinGecko submission (Chain 138) | 12 h |
| 99 | Consensys outreach (Swaps/Bridge support) | 1 h |
| 100 | Paymaster deployment (gas abstraction) | 23 h |
| 101 | Explorer: add "Wallet" link to navbar | 15 min |
| 102 | Explorer: sync status indicator | 1 h |
| 103 | Explorer: network selector | 23 h |
| 104 | Explorer: dark mode toggle | 23 h |
| 105 | Token-aggregation: monitoring, auth for admin endpoints | 13 h |
---
## 11. Tezos / Etherlink / CCIP
| # | Recommendation | Category |
|---|----------------|----------|
| 106 | Verify Etherlink in CCIP supported networks | External verification |
| 107 | Verify Jumper API support (138, 651940, 42793, Tezos) | External verification |
| 108 | Verify LiFi for Etherlink (chain 42793) | External verification |
| 109121 | InitializeRegistry, DeployAllAdapters, Etherlink receiver, token list governance, finality, Tezos L1 relay, Etherlink relay, rate limits, Jumper integration, DON registration, metrics, production enablement, tests | Contracts / Off-chain / Routing / Testing |
**Source:** [07-ccip/TEZOS_CCIP_REMAINING_ITEMS.md](../07-ccip/TEZOS_CCIP_REMAINING_ITEMS.md)
---
## 12. Besu / blockchain
| # | Recommendation | Notes |
|---|----------------|------|
| 122 | RPC config file location (for tx pool) | Needs investigation |
| 123 | Transaction pool clearing / gas price verification | Pending |
| 124 | Layered tx-pool tuning, gas price, network connectivity | Phase 2 |
| 125 | Automated monitoring setup (cron/systemd) for health script | Phase 3 |
| 126 | Logging configuration for monitoring | Phase 3 |
**Source:** [06-besu/COMPLETE_RECOMMENDATIONS_SUMMARY.md](../06-besu/COMPLETE_RECOMMENDATIONS_SUMMARY.md)
---
## 13. RPC translator
| # | Recommendation | Priority |
|---|----------------|----------|
| 128 | Client-side retry logic (exponential backoff, 502) | High |
| 129 | Set up monitoring/alerting | High |
| 130 | Short/medium/long-term improvements (see ALL_RECOMMENDATIONS.md) | Various |
**Source:** [rpc-translator-138/ALL_RECOMMENDATIONS.md](../../rpc-translator-138/ALL_RECOMMENDATIONS.md)
---
## 14. Orchestration portal
| # | Recommendation | Priority |
|---|----------------|----------|
| 131 | P0: Auth, state, real-time, error handling, security headers, validation, testing, CI/CD | Must have |
| 132 | P1: Advanced components, PostgreSQL migration, Redis caching, background jobs, performance, monitoring | Should have |
| 133 | P2: GraphQL, i18n, PWA, multi-tenancy, microservices | Nice to have |
| 134 | Quick wins (see QUICK_WINS.md in portal) | — |
**Source:** [smom-dbis-138/orchestration/portal/RECOMMENDATIONS_SUMMARY.md](../../smom-dbis-138/orchestration/portal/RECOMMENDATIONS_SUMMARY.md)
---
## 15. Maintenance (ongoing)
| # | Task | Frequency |
|---|------|-----------|
| 135 | Monitor explorer sync status | Daily |
| 136 | Monitor RPC node health (e.g. VMID 2201) | Daily |
| 137 | Check config API uptime | Weekly |
| 138 | Review explorer logs | Weekly |
| 139 | Update token list | As needed |
---
## 16. Operator checklist (R1R24)
| # | Action | When |
|---|--------|------|
| R1 | Verify every deployed contract on Blockscout | After each deployment |
| R2 | Keep CONTRACT_ADDRESSES_REFERENCE and ADDRESS_MATRIX_AND_STATUS updated | When new contracts deployed/deprecated |
| R3 | Run check-contracts-on-chain-138.sh; fix any MISSING/EMPTY | Periodically or after deploy |
| R4 | Do not use deprecated CCIPWETH9Bridge; use 0x971c... and set env | Always |
| R5 | Never commit .env or private keys; rotate exposed keys | Always |
| R6 | API keys in .env.example placeholders | — |
| R7 | Restrict deployer key and RPC admin access | Access review |
| R8 | Set RPC_URL_138; run from LAN/VPN if needed | Before deploy |
| R9 | Use GAS_PRICE=1000000000 (or current min) on Chain 138 | Every forge script on 138 |
| R10 | Phased core deploy order: 01_DeployCore, set env, 02_DeployBridges | Deploy order |
| R11 | If tx stuck, manage nonce; see DEPLOYMENT_STRATEGY_EVALUATION | Troubleshooting |
| R12 | Keep CONTRACT_DEPLOYMENT_RUNBOOK, BLOCKSCOUT_VERIFICATION_GUIDE in sync | After script/URL changes |
| R13 | Document addresses in CONTRACT_ADDRESSES_REFERENCE per chain | Per-chain deploy |
| R14 | Run run-contract-verification-with-proxy.sh after deployments in CI | CI after deploy |
| R15 | Consider single script: check env → deploy → verify → update config | Automation |
| R16 | Use .env.development / .env.staging / .env.production or JSON per chain | Config hygiene |
| R17 | Monitor critical bridge/oracle events | Ongoing |
| R18 | Ensure Blockscout (VMID 5000) is up and /api reachable | Health checks |
| R19 | Run forge test before deploying; integration tests where available | Pre-deploy |
| R20 | NatSpec on public contract functions | Code quality |
| R21 | When The Order deployed: NPMplus proxy host; document in RPC_ENDPOINTS_MASTER | Sankofa/The Order go-live |
| R22 | Document or configure blocks #2#6 in NETWORK_ARCHITECTURE | When decided |
| R23 | Scripts: progress indicators; --dry-run; config validation | Script updates |
| R24 | Keep config/token-mapping.json as single source of truth for 138↔Mainnet | Adding tokens |
**Source:** [RECOMMENDATIONS_OPERATOR_CHECKLIST.md](RECOMMENDATIONS_OPERATOR_CHECKLIST.md)
---
## 17. Chain 138 Snap (pre-publish)
| Recommendation | Notes |
|----------------|-------|
| Run Snapper / MetaMask security scanner locally before publish | If available |
| Test with real wallet on Chain 138 (small balance) | In-wallet balance, Send page |
| Test from deployed companion site and different origin | CORS, Connected sites |
| Confirm token-aggregation (or API) up; /api/v1/networks, token-list, bridge/routes, quote, tokens | Before release |
| Keep changelog; bump version deliberately; note breaking changes for integrators | |
| When adding tokens: always set logoURI so MetaMask never shows token without logo | |
| When adding/changing chains: set iconUrls; ensure URLs stable and reachable | |
**Source:** [metamask-integration/chain138-snap/docs/PRE_PUBLISH_TESTING.md](../../metamask-integration/chain138-snap/docs/PRE_PUBLISH_TESTING.md) §9
---
## 18. Configuration & DNS (gaps)
| Item | Recommendation |
|------|----------------|
| the-order.sankofa.nexus | When The Order portal deployed: add NPMplus proxy host; document in RPC_ENDPOINTS_MASTER, ALL_VMIDS_ENDPOINTS |
| Sankofa cutover plan | Replace <TARGET_IP>, <TARGET_PORT>, TBDs with actual IPs/ports when deployed |
| sankofa.nexus / phoenix routing | Ensure NPMplus proxy targets 192.168.11.51:3000 and 192.168.11.50:4000 per master docs; only explorer.d-bis.org → 192.168.11.140 |
| Public blocks #2#6 | Document in NETWORK_ARCHITECTURE / NETWORK_CONFIGURATION_MASTER when assigned or mark reserved |
**Source:** [GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md](../GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md)
---
## 19. dbis_core
| Recommendation | Priority |
|----------------|----------|
| HSM Integration | Critical |
| Zero-Trust Authentication | Critical |
| Database Backups | Critical |
| Post-Quantum Cryptography Migration | Critical |
| Data Retention Policies | Critical |
| Database Connection Pooling, Caching, API Rate Limiting, Horizontal Scaling, Logging, Metrics | High |
| Query Optimization, Distributed Tracing, Test Coverage, Documentation | Medium |
| Microservices, Sharding, Refactoring | Low |
**Source:** [dbis_core/docs/RECOMMENDATIONS.md](../../dbis_core/docs/RECOMMENDATIONS.md)
---
## 20. Verification / optional tooling
| Recommendation | Notes |
|----------------|-------|
| Optional tools for automation | sshpass, rsync, dig, ss, sqlite3, **wscat**, websocat, screen, tmux, htop, shellcheck, parallel |
| Run shellcheck | `bash scripts/verify/run-shellcheck.sh --optional` or install shellcheck and fix issues |
| E2E strict mode | Set `E2E_OPTIONAL_WHEN_FAIL=` (empty) for strict domain/RPC pass |
| Public RPC stability | `bash scripts/verify/check-public-rpc-stability-e2e.sh` |
**Source:** [04-configuration/verification-evidence/NEXT_STEPS_RUN_*.md](../04-configuration/verification-evidence/), [09-troubleshooting/README.md](../09-troubleshooting/README.md)
---
## Summary
| Category | Approx. count | Master index |
|----------|---------------|--------------|
| Proxmox / validated set | 35 | ALL_IMPROVEMENTS_AND_GAPS_INDEX §1 |
| Code quality & scripts | 32 | §2 |
| Documentation | 7 + enhancements | §3, DOCUMENTATION_ENHANCEMENTS |
| Security, config, testing, DX | 25 | §47 |
| Infrastructure & deployment | 17 | §8 |
| Codebase & placeholders | 10 | §9 |
| MetaMask & explorer | 14 | §10 |
| Tezos / Etherlink / CCIP | 16 | §11 |
| Besu / blockchain | 5 | §12 |
| RPC translator | 4 | §13 |
| Orchestration portal | 4 | §14 |
| Maintenance | 5 | §15 |
| Operator checklist | 24 | RECOMMENDATIONS_OPERATOR_CHECKLIST |
| Snap pre-publish | 7 | PRE_PUBLISH_TESTING §9 |
| **Total distinct items** | **~139+** | |
---
## Where to read more
- **Derived views:** [ALL_RECOMMENDATIONS_HIGH_PRIORITY.md](ALL_RECOMMENDATIONS_HIGH_PRIORITY.md) (high-priority only) | [ALL_RECOMMENDATIONS_OPERATOR_ONLY.md](ALL_RECOMMENDATIONS_OPERATOR_ONLY.md) (operator/LAN checklist)
- **Legacy index (same 139 items):** [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](../ALL_IMPROVEMENTS_AND_GAPS_INDEX.md) — superseded by this doc
- **Gaps and placeholders:** [GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md](../GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md)
- **Operator checklist:** [RECOMMENDATIONS_OPERATOR_CHECKLIST.md](RECOMMENDATIONS_OPERATOR_CHECKLIST.md)
- **Operator/external-only (what to run from LAN):** [OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md](OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md)
- **Script header template:** [10-best-practices/SCRIPT_HEADER_TEMPLATE.md](../10-best-practices/SCRIPT_HEADER_TEMPLATE.md)
- **Best practices:** [10-best-practices/RECOMMENDATIONS_AND_SUGGESTIONS.md](../10-best-practices/RECOMMENDATIONS_AND_SUGGESTIONS.md), [10-best-practices/IMPLEMENTATION_CHECKLIST.md](../10-best-practices/IMPLEMENTATION_CHECKLIST.md)
- **Next steps / runbooks:** [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md)
- **Optional index:** [OPTIONAL_RECOMMENDATIONS_INDEX.md](../OPTIONAL_RECOMMENDATIONS_INDEX.md)

136
docs/00-meta/ALL_RECOMMENDATIONS_HIGH_PRIORITY.md Normal file
View File

@@ -0,0 +1,136 @@
# All Recommendations — High-Priority Only
**Purpose:** Filtered view of high-priority and critical items from the canonical list.
**Canonical source:** [ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md) (~139 items, 20 sections).
---
## 1. Proxmox / Validated Set (High) — Items 111
| # | Recommendation | Notes |
|---|----------------|------|
| 1 | Secure .env file permissions | `chmod 600 ~/.env` |
| 2 | Secure validator key permissions | chmod 600, chown besu |
| 3 | SSH key-based authentication (disable password) | |
| 4 | Firewall rules for Proxmox API (port 8006) | Restrict to specific IPs |
| 5 | Network segmentation (VLANs) | VLAN enablement phase |
| 6 | Basic metrics collection (Prometheus, Besu 9545) | |
| 7 | Health check monitoring + alerting | |
| 8 | Automated backup script + encrypted validator keys | |
| 9 | Backup configuration files + version control | |
| 10 | Integration tests for deployment scripts | |
| 11 | Runbooks (add/remove validator, upgrade Besu, key rotation, recovery, consensus) | |
---
## 2. Code quality & scripts (High) — Items 3637
| # | Recommendation | Priority |
|---|----------------|----------|
| 36 | Script shebang: standardize on `#!/usr/bin/env bash` | Medium |
| 37 | Error handling: standardize on `set -euo pipefail` + traps | **High** |
---
## 3. Documentation (High) — Items 68, 70
| # | Recommendation | Priority |
|---|----------------|----------|
| 68 | Quick reference cards (network, VMID, commands, troubleshooting) | High |
| 70 | Configuration templates (ER605, Proxmox, Cloudflare, Besu) | High |
---
## 4. Security — Items 4852
| # | Recommendation | Priority |
|---|----------------|----------|
| 48 | Secret management audit (no hardcoded secrets, rotation, CI scanning) | High |
| 49 | Input validation in all scripts | High |
| 50 | Security scanning automation (CI, container image scanning) | High |
| 51 | Access control review (RBAC, least privilege) | Medium |
| 52 | Configuration validation (JSON/YAML schema, pre-deploy) | High |
---
## 5. Configuration, testing & DX (High) — Item 67
| # | Recommendation | Priority |
|---|----------------|----------|
| 67 | Backup & recovery review and testing | High |
---
## 6. Infrastructure & deployment (High) — Items 7981
| # | Recommendation | Notes |
|---|----------------|------|
| 79 | Besu RPC — 25062508 destroyed 2026-02-08; replaced by new VMID structure; RPC 25002505 only. See MISSING_CONTAINERS_LIST.md | Done (doc) |
| 80 | Hyperledger (Firefly, Cacti, Fabric, Indy) containers | High/Medium |
| 81 | Blockscout (5000) container | High |
---
## 7. Codebase & placeholders (Critical/High) — Items 8286
| # | Recommendation | Priority |
|---|----------------|----------|
| 82 | Security audits (VLT-024, ISO-024) | **Critical** |
| 83 | Bridge integrations (BRG-VLT, BRG-ISO) | High |
| 84 | CCIP AMB full implementation | High |
| 85 | dbis_core TypeScript/Prisma fixes (~1186 errors) | High |
| 86 | IRU remaining tasks | High |
---
## 8. RPC translator — Items 128129
| # | Recommendation | Priority |
|---|----------------|----------|
| 128 | Client-side retry logic (exponential backoff, 502) | High |
| 129 | Set up monitoring/alerting | High |
---
## 9. Orchestration portal (P0) — Item 131
| # | Recommendation | Priority |
|---|----------------|----------|
| 131 | P0: Auth, state, real-time, error handling, security headers, validation, testing, CI/CD | Must have |
---
## 10. dbis_core (Critical)
| Recommendation | Priority |
|----------------|----------|
| HSM Integration | Critical |
| Zero-Trust Authentication | Critical |
| Database Backups | Critical |
| Post-Quantum Cryptography Migration | Critical |
| Data Retention Policies | Critical |
**Source:** [dbis_core/docs/RECOMMENDATIONS.md](../../dbis_core/docs/RECOMMENDATIONS.md)
---
## 11. Operator checklist (R1R24)
Full operator actions: **[RECOMMENDATIONS_OPERATOR_CHECKLIST.md](RECOMMENDATIONS_OPERATOR_CHECKLIST.md)** and **[OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md](OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md)**.
| # | Action |
|---|--------|
| R1R3 | Verify contracts on Blockscout; keep CONTRACT_ADDRESSES_REFERENCE and ADDRESS_MATRIX_AND_STATUS updated; run check-contracts-on-chain-138.sh |
| R4R7 | Use 0x971c... CCIPWETH9Bridge only; no .env/keys in repo; restrict deployer/RPC access |
| R8R11 | RPC_URL_138; GAS_PRICE on 138; phased deploy; nonce/tx stuck runbooks |
| R12R16 | Keep runbooks in sync; document addresses per chain; run verification after deploy; env per env |
| R17R20 | Monitor bridges; Blockscout up; forge test pre-deploy; NatSpec |
| R21R24 | The Order NPMplus; blocks #2#6; script progress/dry-run/validation; token-mapping.json source of truth |
---
## Where to read more
- **Full list (all priorities):** [ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md)
- **Operator-only checklist:** [ALL_RECOMMENDATIONS_OPERATOR_ONLY.md](ALL_RECOMMENDATIONS_OPERATOR_ONLY.md)
- **Implementation checkboxes:** [10-best-practices/IMPLEMENTATION_CHECKLIST.md](../10-best-practices/IMPLEMENTATION_CHECKLIST.md)

140
docs/00-meta/ALL_RECOMMENDATIONS_OPERATOR_ONLY.md Normal file
View File

@@ -0,0 +1,140 @@
# All Recommendations — Operator-Only Checklist
**Purpose:** Single checklist for all recommendations that require **LAN/Proxmox access**, **operator credentials**, **external services**, or **ongoing maintenance**. Use when you have operator or LAN access.
**Sources:** [ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md) (items 111, 7581, 9899, 106121, 135139, R1R24), [OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md](OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md), [RECOMMENDATIONS_OPERATOR_CHECKLIST.md](RECOMMENDATIONS_OPERATOR_CHECKLIST.md).
---
## 1. Proxmox / security (LAN or host access)
| # | Action | Command or notes |
|---|--------|------------------|
| 1 | Secure .env permissions | `chmod 600 .env` (and subproject .env files) |
| 2 | Secure validator key permissions | On host: `chmod 600` keys, `chown -R besu:besu` validator dirs |
| 3 | SSH key-only auth | On Proxmox/containers: `PasswordAuthentication no`, `PubkeyAuthentication yes` in sshd_config |
| 4 | Firewall for Proxmox API (8006) | Restrict to specific IPs (iptables or UDM Pro rules) |
| 5 | Network segmentation (VLANs) | Per NETWORK_ARCHITECTURE; switches, Proxmox bridges, ER605 |
| 6 | Metrics (Prometheus, Besu 9545) | Deploy Prometheus scrape; enable Besu metrics port |
| 7 | Health check + alerting | Configure Alertmanager / PagerDuty / Slack per MASTER_SECRETS |
| 8 | Automated backup + encrypted validator keys | Run backup script; store encrypted copies off-host |
| 9 | Backup configs + version control | Commit configs to repo or backup store from LAN |
---
## 2. Deployment and runbooks (operator)
| # | Action | When |
|---|--------|------|
| **Priority** | **Mainnet liquidity + ramps** | [MAINNET_LIQUIDITY_AND_RAMPS_PRIORITY.md](MAINNET_LIQUIDITY_AND_RAMPS_PRIORITY.md), [MAINNET_RAMP_USER_FLOWS.md](../04-configuration/MAINNET_RAMP_USER_FLOWS.md) |
| 10 | Integration tests for deployment scripts | Run from LAN against staging/dev |
| 11 | Runbooks: add/remove validator, upgrade Besu, key rotation, recovery, consensus | Document and run from LAN when needed |
| 1220 | Error handling, logging, Loki, resource/network/DB tuning, CI/CD, CLI tool | Implement on infra from operator environment |
---
## 3. Contracts and verification (R1R3, R8R9, R14)
| # | Action | Command |
|---|--------|--------|
| R1 | Verify every deployed contract on Blockscout | After each deploy when Blockscout reachable |
| R2 | Keep CONTRACT_ADDRESSES_REFERENCE and ADDRESS_MATRIX_AND_STATUS updated | When new contracts deployed or deprecated |
| R3 | Run on-chain check | `./scripts/verify/check-contracts-on-chain-138.sh` (set RPC_URL_138 from LAN) |
| R8 | Set RPC_URL_138; run from LAN if 192.168.11.x not reachable | Before any deploy |
| R9 | Use GAS_PRICE=1000000000 (or current min) on Chain 138 | Every forge script on 138 |
| R14 | Run verification after deploy in CI | When Blockscout reachable from runner |
---
## 4. Security and secrets (R4R7, 4852)
| # | Action | Notes |
|---|--------|-------|
| R4 | Do not use deprecated CCIPWETH9Bridge; use 0x971c... and set env | Always |
| R5 | Never commit .env or private keys; rotate exposed keys | Always |
| R6 | API keys in .env.example placeholders | — |
| R7 | Restrict deployer key and RPC admin access | Access review |
| 4852 | Secret audit, input validation, security scanning, RBAC, config validation | git-secrets, gitleaks, bandit, trivy as applicable |
---
## 5. Documentation and runbooks (R12R13, R15R16)
| # | Action | When |
|---|--------|------|
| R12 | Keep CONTRACT_DEPLOYMENT_RUNBOOK, BLOCKSCOUT_VERIFICATION_GUIDE in sync | After script/URL changes |
| R13 | Document addresses in CONTRACT_ADDRESSES_REFERENCE per chain | Per-chain deploy |
| R15 | Consider single script: check env → deploy → verify → update config | Automation |
| R16 | Use .env.development / .env.staging / .env.production or JSON per chain | Config hygiene |
---
## 6. Monitoring and operations (R17R18, 135139)
| # | Task | Frequency |
|---|------|-----------|
| R17 | Monitor critical bridge/oracle events | Ongoing |
| R18 | Ensure Blockscout (VMID 5000) up and /api reachable | Health checks |
| 135 | Monitor explorer sync status | Daily |
| 136 | Monitor RPC node health (e.g. VMID 2201) | Daily |
| 137 | Check config API uptime | Weekly |
| 138 | Review explorer logs | Weekly |
| 139 | Update token list | As needed |
---
## 7. Testing and quality (R19R20)
| # | Action | When |
|---|--------|------|
| R19 | Run forge test before deploying; integration tests where available | Pre-deploy |
| R20 | NatSpec on public contract functions | Code quality |
---
## 8. Configuration and DNS (R21R22, infrastructure 7581)
| # | Action | When |
|---|--------|------|
| R21 | The Order / Sankofa NPMplus proxy host | When The Order portal deployed: add proxy; document in RPC_ENDPOINTS_MASTER, ALL_VMIDS_ENDPOINTS |
| R22 | Document or configure blocks #2#6 in NETWORK_ARCHITECTURE | When decided |
| Sankofa cutover | Replace <TARGET_IP>, <TARGET_PORT>, TBDs in SANKOFA_CUTOVER_PLAN | When deployed |
| 7581 | VLAN enablement, observability stack, CCIP fleet, sovereign tenants, missing containers | Per NEXT_STEPS_MASTER and deployment phases |
---
## 9. Quick wins and token mapping (R23R24)
| # | Action | When |
|---|--------|------|
| R23 | Scripts: progress indicators; --dry-run; config validation | Script updates |
| R24 | Keep config/token-mapping.json as single source of truth for 138↔Mainnet | Adding tokens |
---
## 10. External services and submissions
| # | Action | Where |
|---|--------|-------|
| 98 | CoinGecko submission (Chain 138) | [CoinGecko](https://www.coingecko.com/) |
| 99 | Consensys outreach (Swaps/Bridge support) | MetaMask/Consensys channels |
| 106108 | Verify Etherlink/Jumper/LiFi for chains 138, 651940, 42793 | External APIs / docs |
| 109121 | Tezos/Etherlink contracts and relay services | Deploy and run from operator env |
---
## 11. Optional tools (install for full automation)
- **shellcheck** — `apt install shellcheck` or `brew install shellcheck`
- **wscat** — `npm i -g wscat` or `npx -y wscat` for WebSocket RPC tests
- **sqlite3, websocat, sshpass, dig, parallel** — per verification evidence NEXT_STEPS_RUN_*.md
---
## Where to read more
- **Full recommendations list:** [ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md)
- **High-priority only:** [ALL_RECOMMENDATIONS_HIGH_PRIORITY.md](ALL_RECOMMENDATIONS_HIGH_PRIORITY.md)
- **Operator runbook (copy-paste):** [NEXT_STEPS_OPERATOR.md](NEXT_STEPS_OPERATOR.md)
- **Operator ready checklist:** [OPERATOR_READY_CHECKLIST.md](../04-configuration/OPERATOR_READY_CHECKLIST.md)
- **Detailed operator/external:** [OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md](OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md)

8
docs/00-meta/ARCHIVE_CANDIDATES.md
View File

@@ -1,7 +1,7 @@
# Documentation Archive Candidates
**Last Updated:** 2026-02-08
**Last reviewed:** 2026-02-20
**Last Updated:** 2026-03-02
**Last reviewed:** 2026-03-02
**Purpose:** List of docs/folders that may be archived to reduce clutter. Review before moving.
**Use:** Run in full parallel with other Wave 1 doc tasks. See [FULL_PARALLEL_EXECUTION_ORDER.md](FULL_PARALLEL_EXECUTION_ORDER.md).
@@ -44,3 +44,7 @@
**2026-02-16:** **Batch 3:** 3 Blitzkrieg dated exports (Blitzkrieg_Super_Pro_Max_Plan_2026-02-13.md, .txt, .json) → `archive/00-meta-pruned/`. Canonical plan remains `00-meta/BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN.md`. **Note:** `DOCUMENTATION_FIXES_COMPLETE.md` does not exist; completed fixes are in [DOCUMENTATION_FIX_TASK_LIST.md](DOCUMENTATION_FIX_TASK_LIST.md).
**2026-02-20:** **Batch 4:** 12 one-off/dated docs from 00-meta → `archive/00-meta-pruned/`: COMPLETION_STATUS_20260215, MASTER_DOCUMENTATION_REVIEW_20260205, DOCUMENTATION_REVIEW_20260216, DOCUMENTATION_REVIEW_CONTINUED_20260216, COMPREHENSIVE_DOCUMENTATION_REVIEW_2026-01-31, DOCUMENTATION_UPGRADE_SUMMARY, DOCUMENTATION_REVIEW, DOCUMENTATION_METRICS, DOCUMENTATION_RELATIONSHIP_MAP (duplicate of DOCUMENT_RELATIONSHIP_MAP), JNA_WHY_NOT_WORKING_REVIEW, VMID_2101_CHANGES_AND_FAILURES, COMPREHENSIVE_PROJECT_REVIEW. **Batch 5:** CONTINUE_AND_COMPLETE, FULL_PARALLEL_RUN_LOG → 00-meta-pruned. **Root cleanup:** ALL_TASKS_COMPLETE → archive/root-status-reports; 40+ root status/temp files + screenshots → [archive/root-cleanup-20260220/](../archive/root-cleanup-20260220/README.md). fix-wsl-ip.sh → scripts/. **Added:** DOCUMENTATION_CONSOLIDATION_PLAN, NEXT_STEPS_INDEX. See archive/00-meta-pruned/README.md Batches 45.
**2026-03-02:** Review only. docs/MASTER_INDEX.md and docs/README.md created; RUNBOOKS_MASTER_INDEX.md added (redirect). Deprecated list in MASTER_INDEX. ALL_IMPROVEMENTS_AND_GAPS_INDEX remains as redirect; canonical = ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.
**2026-03-02:** **Review only.** No new files archived. docs/MASTER_INDEX.md and docs/README.md created; docs/RUNBOOKS_MASTER_INDEX.md added (redirect to OPERATIONAL_RUNBOOKS). Deprecated/superseded list documented in MASTER_INDEX § Deprecated. ALL_IMPROVEMENTS_AND_GAPS_INDEX remains in place as redirect stub; canonical list is 00-meta/ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md.

53
docs/00-meta/BLITZKRIEG_SOURCE_DOCUMENT_INDEX.md
View File

@@ -1,53 +0,0 @@
# Blitzkrieg — Source Document Index (Where to Update When Completed)
**Purpose:** When you complete a task or close a gap from the [BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN](BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN.md) or the Blitzkrieg Execution Plan, update the corresponding source doc below so the repo stays in sync. This file is the single checklist for "where to update when completed."
**Related:** [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) | [PLACEHOLDERS_AND_COMPLETION_MASTER_LIST](PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md) | [MASTER_PLAN](MASTER_PLAN.md) §8
---
## Index: Document → Path → When to update
| Document | Path | When to update |
|----------|------|-----------------|
| REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS | [docs/00-meta/REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) | Mark tasks/recommendations done; Part 14 |
| NOT_CHANGED_BY_DESIGN_ACTIONABLE_STEPS | [docs/00-meta/NOT_CHANGED_BY_DESIGN_ACTIONABLE_STEPS.md](NOT_CHANGED_BY_DESIGN_ACTIONABLE_STEPS.md) | Mark section steps done |
| GAPS_AND_RECOMMENDATIONS_CONSOLIDATED | [docs/GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md](../GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md) | Close security/config/code gaps |
| PLACEHOLDERS_AND_COMPLETION_MASTER_LIST | [docs/00-meta/PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md](PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md) | Mark placeholder completed; §13 "Where to update" |
| CONTRACT_NEXT_STEPS_AND_RECOMMENDATIONS_COMPLETE | [docs/11-references/CONTRACT_NEXT_STEPS_AND_RECOMMENDATIONS_COMPLETE.md](../11-references/CONTRACT_NEXT_STEPS_AND_RECOMMENDATIONS_COMPLETE.md) | Operator/pending status |
| TEZOS_CCIP_REMAINING_ITEMS | [docs/07-ccip/TEZOS_CCIP_REMAINING_ITEMS.md](../07-ccip/TEZOS_CCIP_REMAINING_ITEMS.md) | External/contracts/off-chain/routing/DON/monitoring/testing |
| REQUIRED_FIXES_UPDATES_GAPS | [docs/REQUIRED_FIXES_UPDATES_GAPS.md](../REQUIRED_FIXES_UPDATES_GAPS.md) | Build/canonical/placeholders/docs/tests |
| ALL_REQUIREMENTS | [docs/00-meta/ALL_REQUIREMENTS.md](ALL_REQUIREMENTS.md) | Foundation, security, deployment blocks |
| CONTRACT_ADDRESSES_REFERENCE | [docs/11-references/CONTRACT_ADDRESSES_REFERENCE.md](../11-references/CONTRACT_ADDRESSES_REFERENCE.md) | New/deprecated addresses; canonical source |
| CONTRACT_INVENTORY_AND_VERIFICATION | [docs/11-references/CONTRACT_INVENTORY_AND_VERIFICATION.md](../11-references/CONTRACT_INVENTORY_AND_VERIFICATION.md) | Deployed/verified status |
| BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN | [docs/00-meta/BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN.md](BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN.md) | §2 three-column table; §3 numbered trail; §5 phase/category |
| MASTER_PLAN / MASTER_INDEX | [docs/00-meta/MASTER_PLAN.md](MASTER_PLAN.md), [docs/MASTER_INDEX.md](../MASTER_INDEX.md) | Link to Blitzkrieg; §8 file summary |
| STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS | [docs/00-meta/STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md](STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md) | When LAN/Proxmox steps change |
| OPERATOR_OPTIONAL_CHECKLIST | [docs/11-references/OPERATOR_OPTIONAL_CHECKLIST.md](../11-references/OPERATOR_OPTIONAL_CHECKLIST.md) | Blockscout, trustless, mainnet, CREATE2, Vault, Dodo, etc. |
| PLACEHOLDERS_AND_TBD | [docs/00-meta/PLACEHOLDERS_AND_TBD.md](../PLACEHOLDERS_AND_TBD.md) | AlltraAdapter fee; other TBDs |
| TOKEN_MAPPING_AND_MAINNET_ADDRESSES | [docs/07-ccip/TOKEN_MAPPING_AND_MAINNET_ADDRESSES.md](../07-ccip/TOKEN_MAPPING_AND_MAINNET_ADDRESSES.md) | Token mapping (138↔Mainnet); relay-supported tokens; when adding tokens update this and config/token-mapping.json |
| REMAINING_WORK_BREAKDOWN_AND_ANSWERS | [docs/00-meta/REMAINING_WORK_BREAKDOWN_AND_ANSWERS.md](REMAINING_WORK_BREAKDOWN_AND_ANSWERS.md) | Per-item breakdown: prerequisites, owner, steps to complete, where to update; add "Done [date]" when item completed |
| token-mapping.json | [config/token-mapping.json](../../config/token-mapping.json) | Single source of truth for Chain 138↔Mainnet token addresses; add/update entries when adding tokens or enabling relay for LINK |
---
## Key operator commands (Blitzkrieg steps)
| Step | Action | Command |
|------|--------|---------|
| 0 | Config validation | `./scripts/validation/validate-config-files.sh` |
| 0 / 16 | Completable from anywhere (all 4 steps) | `./scripts/run-completable-tasks-from-anywhere.sh` [`--dry-run`] |
| 11 | On-chain check (Chain 138, 36 addresses) | `./scripts/verify/check-contracts-on-chain-138.sh` (uses `RPC_URL_138`; optional arg overrides) |
| 11 | Blockscout source verification | `source smom-dbis-138/.env 2>/dev/null; ./scripts/verify/run-contract-verification-with-proxy.sh` |
Full command list: [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) Part 3.
---
## Quick reference
- **Tasks 130 / R1R24:** Update [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md).
- **Code placeholders (AlltraAdapter, Smart accounts, TezosRelay, etc.):** Update [NOT_CHANGED_BY_DESIGN_ACTIONABLE_STEPS](NOT_CHANGED_BY_DESIGN_ACTIONABLE_STEPS.md) and [PLACEHOLDERS_AND_COMPLETION_MASTER_LIST](PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md).
- **New contract / address:** Update [CONTRACT_ADDRESSES_REFERENCE](../11-references/CONTRACT_ADDRESSES_REFERENCE.md) and [CONTRACT_INVENTORY_AND_VERIFICATION](../11-references/CONTRACT_INVENTORY_AND_VERIFICATION.md).
- **New token or bridge in the march:** Update [BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN](BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN.md) §2 (three-column table) and §3 (numbered trail).
- **New token (Chain 138 or bridged):** Update [config/token-mapping.json](../../config/token-mapping.json) and optionally [TOKEN_MAPPING_AND_MAINNET_ADDRESSES](../07-ccip/TOKEN_MAPPING_AND_MAINNET_ADDRESSES.md), [CHAIN138_TOKEN_ADDRESSES](../11-references/CHAIN138_TOKEN_ADDRESSES.md).

72
docs/00-meta/COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md Normal file
View File

@@ -0,0 +1,72 @@
# Complete Required, Optional, and Recommended — Index
**Purpose:** Single entry point for the full execution plan (required, optional, and recommended work). Execution order: Wave 0 → Wave 1 → Wave 2 → Wave 3 → Ongoing.
**Sources:** [PHASES_AND_TASKS_MASTER.md](PHASES_AND_TASKS_MASTER.md), [TODO_TASK_LIST_MASTER.md](TODO_TASK_LIST_MASTER.md), [ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md), [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md), [FULL_PARALLEL_EXECUTION_ORDER.md](FULL_PARALLEL_EXECUTION_ORDER.md).
---
## Wave 0 — Gates (do first when creds allow)
| Task | Blocker | Command / doc |
|------|---------|----------------|
| W0-1 NPMplus RPC fix (405) | Host on LAN (192.168.11.x) | [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md) § W0-1. `bash scripts/run-wave0-from-lan.sh` or `bash scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh`. |
| W0-2 sendCrossChain (real) | PRIVATE_KEY, LINK approved | [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md) § W0-2. `bash scripts/bridge/run-send-cross-chain.sh <amount> [recipient]`. Bridge: `0x971cD9D156f193df8051E48043C476e53ECd4693`. |
| W0-3 NPMplus backup | NPM_PASSWORD in .env | [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md) § W0-3. `bash scripts/verify/backup-npmplus.sh` or `scripts/run-wave0-from-lan.sh`. |
---
## Required work
- **Deployment phases:** [PHASES_AND_TASKS_MASTER.md](PHASES_AND_TASKS_MASTER.md) — Phase 2 (observability), Phase 3 (CCIP fleet), Phase 4 (sovereign tenants). Runbooks: [OPERATIONAL_RUNBOOKS.md](../03-deployment/OPERATIONAL_RUNBOOKS.md).
- **Codebase:** smom audits (VLT-024, ISO-024), bridge integrations (BRG-VLT, BRG-ISO); dbis_core IRU + [DBIS_CORE_TS_FIXES_DETAILED_LIST.md](DBIS_CORE_TS_FIXES_DETAILED_LIST.md); OMNIS per PHASES_AND_TASKS_MASTER.
- **Security & verification:** [RECOMMENDATIONS_OPERATOR_CHECKLIST.md](RECOMMENDATIONS_OPERATOR_CHECKLIST.md) R1R24; [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md) § W1-1, W1-2.
---
## Optional work
- **Infrastructure:** Phase 1 VLAN, NPMplus HA. (25062508 destroyed 2026-02-08; RPC 25002505 only.) [OPTIONAL_RECOMMENDATIONS_INDEX.md](../OPTIONAL_RECOMMENDATIONS_INDEX.md), [MISSING_CONTAINERS_LIST.md](../03-deployment/MISSING_CONTAINERS_LIST.md), [NPMPLUS_HA_SETUP_GUIDE.md](../04-configuration/NPMPLUS_HA_SETUP_GUIDE.md).
- **Docs/tooling:** Documentation consolidation; Paymaster deploy when ready.
- **MetaMask/explorer:** Token-aggregation, CoinGecko, Snap features, explorer enhancements. [COINGECKO_SUBMISSION.md](../../smom-dbis-138/services/token-aggregation/docs/COINGECKO_SUBMISSION.md).
---
## Recommended work (139+ items)
- **Full list:** [ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md) (20 sections).
- **High priority only:** [ALL_RECOMMENDATIONS_HIGH_PRIORITY.md](ALL_RECOMMENDATIONS_HIGH_PRIORITY.md).
- **Operator-only (LAN/creds/external):** [OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md](OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md).
- **Parallel order:** [FULL_PARALLEL_EXECUTION_ORDER.md](FULL_PARALLEL_EXECUTION_ORDER.md).
---
## Execution order summary
1. **Wave 0:** W0-1, W0-2, W0-3 when LAN/creds available.
2. **Wave 1 (parallel):** [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md) "Can Be Accomplished Now"; validation: `bash scripts/verify/run-all-validation.sh [--skip-genesis]`, `scripts/validation/validate-config-files.sh`.
3. **Wave 2 / Wave 3:** [WAVE2_WAVE3_OPERATOR_CHECKLIST.md](WAVE2_WAVE3_OPERATOR_CHECKLIST.md).
4. **Ongoing:** Maintenance 135139; `schedule-daily-weekly-cron.sh --install`.
---
## Fixes status (in-repo)
All required fixes in [REQUIRED_FIXES_UPDATES_GAPS.md](../REQUIRED_FIXES_UPDATES_GAPS.md) §§16 are **Done** or **Documented**. Placeholders (canonical addresses, AlltraAdapter, smart accounts, quote FABRIC_CHAIN_ID, .bak) are complete per that doc. Remaining work: operator/LAN tasks, deferred dbis_core TS (~1186), and external (audits, Ledger, CoinGecko).
**Still not done — execution checklist:** [STILL_NOT_DONE_EXECUTION_CHECKLIST.md](STILL_NOT_DONE_EXECUTION_CHECKLIST.md) — copy-paste commands and links for every operator/LAN, dbis_core TS, security-audit, external, and maintenance item.
---
## Key references
| Purpose | Document |
|---------|----------|
| Step-by-step for every task | [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md) |
| Copy-paste operator runbook | [NEXT_STEPS_OPERATOR.md](NEXT_STEPS_OPERATOR.md) |
| Master task list | [TODO_TASK_LIST_MASTER.md](TODO_TASK_LIST_MASTER.md) |
| Required fixes (all Done/Documented) | [REQUIRED_FIXES_UPDATES_GAPS.md](../REQUIRED_FIXES_UPDATES_GAPS.md) |
| Still not done (operator/external/TS) | [STILL_NOT_DONE_EXECUTION_CHECKLIST.md](STILL_NOT_DONE_EXECUTION_CHECKLIST.md) |
| Breakdown: missing info per task | [REMAINING_TASKS_BREAKDOWN_MISSING_INFO.md](REMAINING_TASKS_BREAKDOWN_MISSING_INFO.md) |
| dbis_core TS fixes (deferred) | [DBIS_CORE_TS_FIXES_DETAILED_LIST.md](DBIS_CORE_TS_FIXES_DETAILED_LIST.md) |
| DBIS Rail + project completion (status and full task list, required + optional) | [DBIS_RAIL_AND_PROJECT_COMPLETION_MASTER_V1.md](../dbis-rail/DBIS_RAIL_AND_PROJECT_COMPLETION_MASTER_V1.md) |

118
docs/00-meta/CW_BRIDGE_TASK_LIST.md Normal file
View File

@@ -0,0 +1,118 @@
# cW* Bridge Support — Detailed Task List
**Created:** 2026-02-27
**Updated:** 2026-02-27 — In-repo tasks completed (Phase A, C1, F); operator tasks (D, E, C2C3) have runbook.
**Context:** After setting `CW_BRIDGE_<CHAIN>` from the deployed bridge suite (CCIPRelayBridge on Mainnet, CCIPWETH9_BRIDGE_* on other chains), this document reviews the note that those contracts may need extension for cW* and turns it into a concrete task list.
**Completion summary (in-repo):** Phase A (approach decided and documented), Phase C1 (CompliantWrappedToken.burnFrom added, tests added), Phase F (docs and runbook). Phase B marked N/A (Option 2 chosen). **Remaining steps script:** [run-cw-remaining-steps.sh](../../scripts/deployment/run-cw-remaining-steps.sh) — `--dry-run` (default), `--deploy`, `--update-mapping`, `--verify`. Phase D/E and C2C3: run script with `--deploy` when RPC/keys are set; then set CWUSDT_*/CWUSDC_* in .env and run `--update-mapping`; see [CW_DEPLOY_AND_WIRE_RUNBOOK.md](../07-ccip/CW_DEPLOY_AND_WIRE_RUNBOOK.md).
---
## 1. Note reviewed
**Note (from previous setup):**
*"Mainnet uses CCIPRelayBridge; other chains use CCIPWETH9_BRIDGE_*. Those contracts are currently WETH-oriented; if they do not yet implement cW* mint/burn, they will need to be extended (or replaced with a cW*-capable receiver) before cW* transfers work."*
**Verification (checks performed):**
| Check | Result |
|-------|--------|
| **CCIPRelayBridge.sol** (Mainnet) | `ccipReceive` only accepts `message.tokenAmounts[0].token == weth9` and does `IERC20(weth9).transfer(recipient, amount)`. **Does not call any cW*.mint().** |
| **CCIPWETH9Bridge.sol** (all chains) | Same: validates token == weth9, then `transfer(recipient, amount)`. **Does not mint cW*.** |
| **CCIPWETH10Bridge.sol** | Same for WETH10; no cW* logic. |
| **CompliantWrappedToken.sol** | Has `mint`, `burn`, and `burnFrom` (BURNER_ROLE). `burnFrom` added in Phase C1 for TwoWayTokenBridgeL2 outbound. |
| **TwoWayTokenBridgeL2.sol** | `ccipReceive` calls `IMintableERC20(mirroredToken).mint(recipient, amount)`**would mint cW*** if `mirroredToken` = cWUSDT/cWUSDC. Outbound uses `burnFrom`; CompliantWrappedToken does not implement `burnFrom`. |
| **DeployCWTokens.s.sol** | Grants MINTER_ROLE and BURNER_ROLE to `CW_BRIDGE_ADDRESS` (per-chain in .env). So the *address* we set will have roles, but the *contract code* at that address (CCIPWETH9Bridge/CCIPRelayBridge) never calls `mint`/`burn` on cW*. |
**Conclusion:** The current bridge suite is **WETH-only**. Granting MINTER/BURNER to it allows deployment of cW* but **does not** enable cross-chain mint/burn of cW* until the receiver logic is extended or a dedicated cW* receiver is deployed.
---
## 2. Checks performed (summary)
- [x] **Contract audit:** CCIPRelayBridge, CCIPWETH9Bridge, CCIPWETH10Bridge — ccipReceive only transfers the received token (WETH9/WETH10), no mint path.
- [x] **CompliantWrappedToken:** mint/burn roles and interface; no burnFrom.
- [x] **TwoWayTokenBridgeL2:** Mint-on-receive pattern; requires burnFrom for outbound.
- [x] **.env:** CW_BRIDGE_<CHAIN> set from existing deployed addresses (Mainnet, Cronos, BSC, Polygon, Gnosis, Avalanche, Base, Arbitrum, Optimism).
- [x] **Deploy path:** DeployCWTokens grants roles to CW_BRIDGE_*; deploy script uses per-chain bridge from .env.
---
## 3. Detailed task list
### Phase A: Decide and document approach
| # | Task | Owner | Notes | Status |
|---|------|--------|-------|--------|
| A1 | **Decide cW* receive strategy:** (1) Extend existing CCIPWETH9Bridge/CCIPRelayBridge to support cW* mint in ccipReceive, or (2) Deploy dedicated cW* receiver per chain (e.g. TwoWayTokenBridgeL2 or new CCIPReceiverCW). | Operator/Dev | Option 2 chosen. | ✅ Done |
| A2 | **Document chosen approach** in `docs/07-ccip/CW_BRIDGE_APPROACH.md` (create): flow 138→chain (lock c* on 138, mint cW* on dest), chain→138 (burn cW*, release c*), and which contract(s) implement receive/send. | Dev | | ✅ Done |
### Phase B: Contract changes (if extending existing bridge)
**Not applied** — Option 2 (dedicated receiver) chosen; Phase B is the alternative path if extending existing bridges instead.
| # | Task | Owner | Notes | Status |
|---|------|--------|-------|--------|
| B1 | **Design bridge extension:** In CCIPWETH9Bridge (and/or CCIPRelayBridge), allow ccipReceive to accept more than WETH9: e.g. token whitelist (cWUSDT, cWUSDC) and on receive either transfer (if token is WETH9) or mint (if token is cW* and bridge has MINTER_ROLE). | Dev | Match data encoding (recipient, amount, sender, nonce) with existing. | N/A (Option 2) |
| B2 | **Implement and test:** Add tests for ccipReceive with token = cWUSDT and assert cWUSDT.mint(recipient, amount) and balance increase. | Dev | | N/A (Option 2) |
| B3 | **Deploy upgraded bridge** (or new implementation + upgrade if proxy) on each chain; update .env and config if address changes. | Operator | If new contract, set CW_BRIDGE_<CHAIN> to new address and re-grant MINTER/BURNER on cW* to new bridge. | N/A (Option 2) |
### Phase C: Contract changes (if dedicated cW* receiver)
| # | Task | Owner | Notes | Status |
|---|------|--------|-------|--------|
| C1 | **CompliantWrappedToken:** Add `burnFrom(address from, uint256 amount)` that checks BURNER_ROLE and calls `burn(from, amount)` (or implement ERC20Burnable and grant BURNER to bridge). | Dev | Required if using TwoWayTokenBridgeL2 for outbound. | ✅ Done |
| C2 | **Deploy TwoWayTokenBridgeL2** (or new CCIPReceiverCW) per chain: constructor(router, cWUSDT, feeToken). Configure destination (Chain 138 selector, L1 bridge address). | Operator | TwoWayTokenBridgeL2 is not upgradeable; one deployment per (chain, token) or generic with token in message. See [CW_DEPLOY_AND_WIRE_RUNBOOK.md](CW_DEPLOY_AND_WIRE_RUNBOOK.md). | Pending |
| C3 | **Point CW_BRIDGE_<CHAIN> to new receiver** and re-run DeployCWTokens so MINTER/BURNER are on the new receiver, or grant roles to new receiver after deploy. | Operator | If receiver is separate from CCIPWETH9_BRIDGE, set CW_BRIDGE_<CHAIN> to receiver address. | Pending |
| C4 | **Chain 138 send side:** Ensure a sender/bridge on 138 sends CCIP messages with receiver = new cW* receiver on destination and data encoding (recipient, amount). | Dev/Operator | Documented in [CW_BRIDGE_APPROACH.md](../07-ccip/CW_BRIDGE_APPROACH.md). | ✅ Documented |
### Phase D: Deploy cW* and wire config
| # | Task | Owner | Notes | Status |
|---|------|--------|-------|--------|
| D1 | **Run cW* deploy** on each target chain: `./scripts/deployment/deploy-tokens-and-weth-all-chains-skip-canonical.sh --deploy-cw` (with CW_BRIDGE_<CHAIN> already set). | Operator | Records CWUSDT_<CHAIN>, CWUSDC_<CHAIN> in script output. Runbook: [CW_DEPLOY_AND_WIRE_RUNBOOK.md](../07-ccip/CW_DEPLOY_AND_WIRE_RUNBOOK.md) § D1. | Operator |
| D2 | **Set CWUSDT_<CHAIN> and CWUSDC_<CHAIN>** in smom-dbis-138/.env from deploy output for each chain. | Operator | Runbook § D2. | Operator |
| D3 | **Update token-mapping-multichain.json** for each chain: set `addressTo` for Compliant_USDT_cW, Compliant_USDC_cW (and Compliant_EURC_cW if deployed) from CWUSDT_*/CWUSDC_* addresses. | Operator | Replace 0x0 placeholders. Runbook § D3. | Operator |
| D4 | **Verify on-chain:** On each chain, confirm cWUSDT/cWUSDC exist, and bridge/receiver address has MINTER_ROLE and BURNER_ROLE. | Operator | Runbook § D4. | Operator |
### Phase E: Relay and send path (138 → other chains)
| # | Task | Owner | Notes | Status |
|---|------|--------|-------|--------|
| E1 | **Relay service (138→Mainnet):** If using CCIPRelayBridge for cW*, extend relay to support cUSDT/cUSDC: relay must send CCIP with token = cUSDT (or lock-and-mint semantics) and destination = Mainnet bridge; Mainnet bridge must mint cWUSDT. | Operator/Dev | See RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md pattern (extend bridge or new receiver). Runbook § E1. | Operator |
| E2 | **Direct CCIP (138→chain):** If Chain 138 uses UniversalCCIPBridge or CCIPWETH9Bridge to send c* to destination, add destination config for c* and ensure receiver on destination mints cW*. | Dev | Documented in approach; runbook § E2. | Documented |
| E3 | **Test E2E:** Lock cUSDT on 138, trigger send, verify cWUSDT minted on destination to recipient. | Operator | Runbook § E3. | Operator |
### Phase F: Documentation and runbooks
| # | Task | Owner | Notes | Status |
|---|------|--------|-------|--------|
| F1 | **Update docs/11-references/CW_TOKENS_AND_NETWORKS.md:** Add section "Bridge support status" — which chains have bridge code that mints cW* (none until Phase B or C done). | Dev | | ✅ Done |
| F2 | **Update docs/04-configuration/C_TO_CW_MAPPER_MAPPING.md:** Note that addressTo for _cW is 0x0 until cW* deployed and that bridge must support mint. | Dev | | ✅ Done |
| F3 | **Create runbook** (e.g. docs/07-ccip/CW_DEPLOY_AND_WIRE_RUNBOOK.md): steps to deploy cW* on a new chain, set CW_BRIDGE_<CHAIN>, update token-mapping, verify roles. | Dev | | ✅ Done |
---
## 4. Dependency order
1. **A1 → A2** (decide approach, document).
2. **A1 → B or C** (implementation depends on choice).
3. **B or C → D1** (deploy cW* after bridge/receiver can mint; or deploy cW* and grant roles to existing bridge, then extend bridge later so it actually mints).
4. **D1 → D2, D3, D4** (config and verify).
5. **D + (B or C) → E** (send path and relay).
6. **F** can be done in parallel or after each phase.
**Minimal path to “cW* deployed and roles set” (no cross-chain mint yet):** D1, D2, D4 — already possible with current .env. To **actually mint cW* on receive**, complete Phase A, then B or C, then E.
---
## 5. References
- [CW_TOKENS_AND_NETWORKS.md](../11-references/CW_TOKENS_AND_NETWORKS.md)
- [C_TO_CW_MAPPER_MAPPING.md](../04-configuration/C_TO_CW_MAPPER_MAPPING.md)
- [CW_BRIDGE_APPROACH.md](../07-ccip/CW_BRIDGE_APPROACH.md) — Chosen approach (Option 2) and flows.
- [CW_DEPLOY_AND_WIRE_RUNBOOK.md](../07-ccip/CW_DEPLOY_AND_WIRE_RUNBOOK.md) — Operator steps for D1D4, E1E3.
- [RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md](../07-ccip/RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md) (pattern for extending bridge)
- `smom-dbis-138/contracts/relay/CCIPRelayBridge.sol`, `contracts/ccip/CCIPWETH9Bridge.sol`
- `smom-dbis-138/contracts/bridge/TwoWayTokenBridgeL2.sol`
- `smom-dbis-138/contracts/tokens/CompliantWrappedToken.sol` (includes `burnFrom` for TwoWayTokenBridgeL2)

184
docs/00-meta/DBIS_CORE_TS_FIXES_DETAILED_LIST.md Normal file
View File

@@ -0,0 +1,184 @@
# dbis_core ~1186 TypeScript Errors (Deferred) — Detailed Fix List
**Status:** Deferred (W1-14)
**References:** [TODO_TASK_LIST_MASTER.md](TODO_TASK_LIST_MASTER.md) §8, [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md) W1-14, [dbis_core/TYPESCRIPT_FIXES_PRIORITIZED_PLAN.md](../../dbis_core/TYPESCRIPT_FIXES_PRIORITIZED_PLAN.md), [dbis_core/PROMPT_TYPESCRIPT_FIXES_PHASES_1_4.md](../../dbis_core/PROMPT_TYPESCRIPT_FIXES_PHASES_1_4.md)
**Context:** Phases 14 were executed (2026-01-31); ~1186 TS errors remain. Remaining errors are in **defi**, **exchange**, **governance/msgf**, **gateway**, and other modules.
---
## 1. Prerequisites (Do First)
| # | Fix | Action |
|---|-----|--------|
| 1.1 | **Prisma client** | In `dbis_core/`: run `npx prisma generate` (or `pnpm exec prisma generate`) to fix `@prisma/client` types. If you see `MODULE_NOT_FOUND` for prisma, run `pnpm install` from repo root (or `cd dbis_core && pnpm install`) so Prisma is available, then retry. |
| 1.2 | **Verification** | After any batch of fixes, run `pnpm exec tsc --noEmit` (or `npx tsc --noEmit`) in `dbis_core/` to confirm error count. |
| 1.3 | **Sample reference** | A sample fix was applied in `dbis_core/src/core/admin/dbis-admin/dashboards/cbdc-fx.service.ts`; use as pattern for Prisma/Decimal and explicit return types. |
---
## 2. Priority 1 — Quick Wins (Est. ~5070 errors)
### 2.1 Missing Imports (~1015 errors)
- **Pattern:** Add missing imports.
- **Imports to add where used:**
- `import { v4 as uuidv4 } from 'uuid'`
- `import { Decimal } from '@prisma/client/runtime/library'` (or projects Decimal source)
- `import { Prisma } from '@prisma/client'`
- **Example files:**
`mrecp-harmonization.service.ts`, `multiverse-fx.service.ts`, `multiverse-ssu.service.ts`, and any file using `uuidv4`/`Decimal`/`Prisma` without import.
### 2.2 Missing Return Statements in Routes (~3040 errors)
- **Pattern:** Add `return` before `res.json()`, `res.status().json()`, and `next(error)` in Express route handlers.
- **Example files:**
`dbis-admin.routes.ts`, `scb-admin.routes.ts`, `beie.routes.ts`, `gase.routes.ts`, `rssck.routes.ts`, and all other `*.routes.ts`.
### 2.3 Simple Type Assertions (~1015 errors)
- **Pattern:** Use `as unknown as TargetType` when TS rejects direct cast (e.g. `request as Record<string, unknown>``request as unknown as Record<string, unknown>`).
---
## 3. Priority 2 — Pattern-Based Fixes (Est. ~200250 errors)
### 3.1 JsonValue Type Mismatches (~100120 errors)
- **Pattern:** Cast to `Prisma.InputJsonValue` when assigning to Prisma `Json` fields.
- `Record<string, unknown>``as Prisma.InputJsonValue`
- Nullable: `value ? (value as Prisma.InputJsonValue) : Prisma.JsonNull`
- `JsonValue``as Prisma.InputJsonValue`
- **High-impact files:**
`uhem-encoding.service.ts`, `defi-module.service.ts`, `gdsl-clearing.service.ts`, `gsds-contract.service.ts`, `msgf-*.service.ts` (governance/msgf), and ~4050 other files.
### 3.2 Property Access on Unknown Types (~80100 errors)
- **Pattern:** Add type assertions or type guards: e.g. `(data as Record<string, unknown>).property` or specific interfaces.
- **High-impact files:**
`reporting-engine.service.ts`, `sandbox.service.ts`, `supervision-engine.service.ts`, and ~3040 other files.
### 3.3 Type Conversion via Unknown (~5070 errors)
- **Pattern:** Use `as unknown as TargetType` for conversions TS rejects.
- **Example files:**
`corridor-controls.service.ts`, `gru-controls.service.ts`, `network-controls.service.ts`, `dscn-aml-scanner.service.ts`, `rssck.service.ts`, and ~2030 other files.
---
## 4. Priority 3 — Type System Fixes (Est. ~150200 errors)
### 4.1 Missing Properties on Prisma Types (~6080 errors)
- **Pattern:** Use correct Prisma schema field names and/or add `include` for relations; use type assertions only when schema is correct but types are narrow.
- **Common issues:**
- Use `indexValue` not `price` on index history; include relations for `bondName`/`bondCode`; verify `circuitBreakerEnabled` and filterable fields (e.g. `createdAt`).
- **High-impact files:**
`global-overview.service.ts`, `gru-command.service.ts`, `cbdc-fx.service.ts`, `supervisory-ai.service.ts`, and ~2535 other files.
### 4.2 Prisma UpdateMany Property Errors (~1015 errors)
- **Pattern:** Use correct Prisma update input types; use `update` instead of `updateMany` if the field is not in `*UpdateManyMutationInput`.
- **Known issues:**
- `circuitBreakerEnabled` not in `GruIndexUpdateManyMutationInput`; `issuanceWindowOpen` not in `GruBondUpdateManyMutationInput`.
- **Files:**
`gru-controls.service.ts` and ~35 other files.
### 4.3 Request Type Extensions (~2030 errors)
- **Pattern:** Extend Express `Request` (e.g. in `src/types/express.d.ts`) with `sovereignBankId?: string`, or use `(req as { sovereignBankId?: string }).sovereignBankId`.
- **Files:**
`dbis-admin.routes.ts`, `scb-admin.routes.ts`, and ~1015 other route files.
### 4.4 Null Safety (~1520 errors)
- **Pattern:** Add optional chaining (`?.`), null checks, or non-null assertion (`!`) where “possibly null” is reported.
- **Example files:**
`gru-command.service.ts`, `multiverse-fx.service.ts`, `uhem-analytics.service.ts`, and ~1015 other files.
---
## 5. Priority 4 — Schema & Property Fixes (Est. ~100150 errors)
### 5.1 Prisma Schema Mismatches (~3040 errors)
- **Pattern:** Align code with `prisma/schema.prisma` model and field names; do not change schema unless a field is truly missing.
- **Known mappings:**
- `prisma.settlement``prisma.gasSettlement` (or correct model per schema);
- `prisma.commodityToken` — verify existence;
- `prisma.aiAutonomousAction``prisma.aIAutonomousAction` (or actual schema name);
- Missing fields: e.g. `divergenceAmount`, `realityId` — add to schema only if required.
- **Files:**
`legal-harmonization.service.ts`, `trade-harmonization.service.ts`, `scdc-ai-mandate.service.ts`, `mrecp-convergence.service.ts`, and ~1520 other files.
### 5.2 Complex Type Assignments (~4050 errors)
- **Pattern:** Fix array/object type mismatches (e.g. missing `id` or required fields), object spread types, and function parameter types.
- **Files:**
`global-overview.service.ts`, `gdsl-contract.service.ts`, `gsds-contract.service.ts`, `multiverse-fx.service.ts`, and ~2025 other files.
### 5.3 Decimal Type Operations (~510 errors)
- **Pattern:** Use Decimal API: e.g. `decimal.plus(n)` instead of `decimal + n`, `decimal.toString()` for string conversion.
- **Files:**
`regulatory-equivalence.service.ts`, `zk-balance-proof.service.ts`, and ~35 other files.
---
## 6. Implicit `any` and Callbacks (Documented Strategy)
- **Source:** [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md) W1-14.
- **Action:** Add explicit types for implicit `any` (e.g. callback parameters, event handlers). Tackle by module or file; can be parallelized by file.
---
## 7. Module-Level Focus (Where ~1186 Errors Remain)
After Phases 14, remaining errors are concentrated in:
| Module / Area | Notes |
|---------------|--------|
| **defi** | e.g. `defi-module.service.ts`, arbitrage, tezos-usdtz, sovereign. |
| **exchange** | Exchange adapters, registry, OTC, price adapters. |
| **governance/msgf** | `msgf-*.service.ts` and related governance services. |
| **gateway** | API gateway, admin-central, middleware. |
| **Other** | Compliance, derivatives (gdsl/gsds), economics (uhem, mrecp), admin dashboards, integration. |
**Strategy:** Fix by module (or by file within a module); run `tsc --noEmit` periodically. Prefer parallelizing by file when multiple people work on it.
---
## 8. Execution Order (Recommended)
1. **Prerequisites:** `npx prisma generate` in `dbis_core/`; confirm `tsc --noEmit` baseline.
2. **Priority 1:** Quick wins (imports, route returns, simple assertions).
3. **Priority 2:** Pattern fixes (JsonValue, unknown property access, conversion via `unknown`).
4. **Priority 3:** Type system (Prisma props, Request extension, null safety).
5. **Priority 4:** Schema alignment and complex types (including Decimal).
6. **Sweep:** Implicit `any` and callbacks by module/file.
---
## 9. Risk and Automation
- **Low risk (safe to automate):** Missing imports, missing returns, simple type assertions, JsonValue casts.
- **Medium risk (review):** Property access on unknown, type conversions, null safety.
- **High risk (manual review):** Prisma schema changes, complex type assignments, Request extensions.
---
## 10. References in This Repo
- **Fix plan (in dbis_core):**
[dbis_core/TYPESCRIPT_FIXES_PRIORITIZED_PLAN.md](../../dbis_core/TYPESCRIPT_FIXES_PRIORITIZED_PLAN.md)
[dbis_core/PROMPT_TYPESCRIPT_FIXES_PHASES_1_4.md](../../dbis_core/PROMPT_TYPESCRIPT_FIXES_PHASES_1_4.md)
- **Phase status:**
[reports/REMAINING_TASKS_MASTER_20260201.md](../../reports/REMAINING_TASKS_MASTER_20260201.md) (Phases 14 review).
- **Task tracking:**
[TODO_TASK_LIST_MASTER.md](TODO_TASK_LIST_MASTER.md), [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md) W1-14, [ALL_TASKS_DETAILED_STEPS.md](ALL_TASKS_DETAILED_STEPS.md).
- **Express types:**
[dbis_core/src/types/express.d.ts](../../dbis_core/src/types/express.d.ts) (for Request extension).
---
*Last updated: 2026-02-23. Error count ~1186 is from postPhase 14 state; re-run `tsc --noEmit` in dbis_core for current count.*

17
docs/00-meta/DOCUMENTATION_CONSOLIDATION_PLAN.md
View File

@@ -1,6 +1,6 @@
# Documentation Consolidation Plan
**Last Updated:** 2026-02-20
**Last Updated:** 2026-03-02
**Purpose:** Review, consolidate, and prune markdown docs. Single reference for what to keep, merge, or archive.
**Related:** [ARCHIVE_CANDIDATES.md](ARCHIVE_CANDIDATES.md) | [archive/00-meta-pruned/README.md](../archive/00-meta-pruned/README.md). (Dated review docs, e.g. DOCUMENTATION_REVIEW_20260216, are in archive/00-meta-pruned.)
@@ -134,13 +134,26 @@ Moved to `docs/archive/00-meta-pruned/` in 2026-02-20 batch:
---
## 5. Next steps for maintainers
## 5. Eliminating deprecated and inconsistent content
- **Single entry point:** [docs/MASTER_INDEX.md](../MASTER_INDEX.md) — use as the documentation index; it lists canonical sources and a "Deprecated / superseded" table.
- **Recommendations canonical:** [00-meta/ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md). Do not use [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](../ALL_IMPROVEMENTS_AND_GAPS_INDEX.md) as primary; it is superseded (stub/redirect only).
- **Contract/address status:** [11-references/ADDRESS_MATRIX_AND_STATUS.md](../11-references/ADDRESS_MATRIX_AND_STATUS.md). CONTRACT_INVENTORY_AND_VERIFICATION and SMART_CONTRACTS_INVENTORY are deleted/superseded.
- **Runbooks:** [03-deployment/OPERATIONAL_RUNBOOKS.md](../03-deployment/OPERATIONAL_RUNBOOKS.md) is the single runbook index. [RUNBOOKS_MASTER_INDEX.md](../RUNBOOKS_MASTER_INDEX.md) is a redirect stub for backward compatibility.
- When adding or updating docs, link to MASTER_INDEX and the canonical doc for that topic; avoid creating new "master" or "index" docs that duplicate existing ones.
---
## 6. Next steps for maintainers
1. Run link check quarterly (MASTER_INDEX, docs/README).
2. Each quarter: move clearly one-off/dated 00-meta docs to archive/00-meta-pruned per this plan.
3. Consider merging REMAINING_* and NEXT_STEPS_* into 23 canonical files (entry: NEXT_STEPS_INDEX.md).
4. Add "Last reviewed" to ARCHIVE_CANDIDATES after each consolidation run.
5. **Eliminate deprecated content:** Do not reference ALL_IMPROVEMENTS_AND_GAPS_INDEX, CONTRACT_INVENTORY_AND_VERIFICATION, or SMART_CONTRACTS_INVENTORY as primary sources; use MASTER_INDEX and the canonical docs it points to.
---
**Consolidation run 2026-02-20:** NEXT_STEPS_INDEX.md added; Batch 4 (12 files) archived to 00-meta-pruned; ARCHIVE_CANDIDATES and MASTER_INDEX updated. **Follow-up:** Batch 5 (CONTINUE_AND_COMPLETE, FULL_PARALLEL_RUN_LOG) → 00-meta-pruned; ALL_TASKS_COMPLETE → root-status-reports; project root cleanup → docs/archive/root-cleanup-20260220; fix-wsl-ip.sh → scripts/.
**Consolidation run 2026-03-02:** docs/MASTER_INDEX.md and docs/README.md created; docs/RUNBOOKS_MASTER_INDEX.md added (redirect stub); DOCUMENTATION_CONSOLIDATION_PLAN §5 (eliminating deprecated content) and §6 (maintainers) updated; ARCHIVE_CANDIDATES Last reviewed set to 2026-03-02.

4
docs/00-meta/FULL_PARALLEL_EXECUTION_ORDER.md
View File

@@ -3,7 +3,7 @@
**Last Updated:** 2026-02-05
**Purpose:** Order all remaining tasks into waves so that **within each wave, every item can run in parallel**. Run in full maximum parallel mode: execute all items in Wave 0 concurrently (where different owners), then all in Wave 1, then Wave 2, then Wave 3. No artificial sequencing within a wave.
**Sources:** [TODO_TASK_LIST_MASTER.md](TODO_TASK_LIST_MASTER.md), [REMAINING_TASKS_NEXT_STEPS_PHASES_REVIEW.md](REMAINING_TASKS_NEXT_STEPS_PHASES_REVIEW.md), [PARALLEL_TASK_STRUCTURE.md](PARALLEL_TASK_STRUCTURE.md), [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](../ALL_IMPROVEMENTS_AND_GAPS_INDEX.md).
**Sources:** [TODO_TASK_LIST_MASTER.md](TODO_TASK_LIST_MASTER.md), [REMAINING_TASKS_NEXT_STEPS_PHASES_REVIEW.md](REMAINING_TASKS_NEXT_STEPS_PHASES_REVIEW.md), [PARALLEL_TASK_STRUCTURE.md](PARALLEL_TASK_STRUCTURE.md), [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](../ALL_IMPROVEMENTS_AND_GAPS_INDEX.md). **Single plan (required/optional/recommended):** [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md).
**Run log:** [FULL_PARALLEL_RUN_LOG.md](../archive/00-meta-pruned/FULL_PARALLEL_RUN_LOG.md) (archived) — record of what was executed by wave (2026-02-05).
**Wave 1 status:** [WAVE1_COMPLETION_SUMMARY.md](WAVE1_COMPLETION_SUMMARY.md). **Wave 2/3 checklist:** [WAVE2_WAVE3_OPERATOR_CHECKLIST.md](WAVE2_WAVE3_OPERATOR_CHECKLIST.md).
@@ -142,7 +142,7 @@
| W2-3 | VLAN enablement: apply UDM Pro VLAN config; Proxmox bridge; migrate services to VLANs | By VLAN or by host |
| W2-4 | Phase 3 CCIP: Ops/Admin (5400-5401); NAT pools; commit/execute/RMN script expansion | Ops first, then NAT, then scripts |
| W2-5 | Phase 4: Sovereign tenant VLANs; isolation; access control | By tenant or by VLAN |
| W2-6 | Missing containers: 3 VMIDs only (2506, 2507, 2508) — see MISSING_CONTAINERS_LIST.md | By VMID or by host |
| W2-6 | 25062508 destroyed 2026-02-08; RPC 25002505 only. See MISSING_CONTAINERS_LIST.md | Done (doc) |
| W2-7 | DBIS services start (1010010151, etc.); additional Hyperledger | By host |
| W2-8 | NPMplus HA (Keepalived, secondary 10234) | Optional; single change |

41
docs/00-meta/GAPS_STATUS.md Normal file
View File

@@ -0,0 +1,41 @@
# Gaps Status — Consolidated View
**Last Updated:** 2026-03-02
**Purpose:** Single reference for all gap sources and current status. Use this to see what is fixed in-repo vs what remains operator/external.
---
## Gap sources (canonical)
| Document | Scope | Status |
|----------|--------|--------|
| [REQUIRED_FIXES_UPDATES_GAPS.md](../REQUIRED_FIXES_UPDATES_GAPS.md) | Build, contracts, canonical list, placeholders, docs, tests | All §§16 **Done** or Documented. §9 optional/informational. |
| [04-configuration/DETAILED_GAPS_AND_ISSUES_LIST.md](../04-configuration/DETAILED_GAPS_AND_ISSUES_LIST.md) | Explorer API, token-aggregation, nginx order, tests, CI | §12, 58 **Fixed**. §34 **Addressed** (nginx order documented; Explorer/Wallet timeouts 25s). §9 optional. §12 operator. |
| [04-configuration/VERIFICATION_GAPS_AND_TODOS.md](../04-configuration/VERIFICATION_GAPS_AND_TODOS.md) | Missing scripts, placeholders, runbook .env | backup-npmplus.sh **Created**. Runbook production note **Added** (INGRESS_VERIFICATION_RUNBOOK; VERIFICATION_GAPS doc). Sankofa/TBD remain until services deployed. |
| [00-meta/CW_BRIDGE_TASK_LIST.md](CW_BRIDGE_TASK_LIST.md) | cW* bridge mint/receive | Phases A, C1, F **Done** (in-repo). C2C3, D, E **Operator** (deploy receiver, wire, test E2E). |
| [00-meta/ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md) | 139+ recommendations (Proxmox, code, docs, security, infra) | Many done or ongoing. Track per section; high-priority security/config items in §12, 6. |
---
## Fixes applied in this pass (2026-03-02)
| Gap | Fix |
|-----|-----|
| Explorer homepage / Wallet page tests intermittent | `scripts/verify-all-systems.sh`: timeout for Explorer homepage and Wallet page increased 15s → 25s. |
| Nginx proxy order (§3 DETAILED_GAPS) | Confirmed `fix-nginx-conflicts-vmid5000.sh` has `location /api/v1/` before `location /api/`; status set to Addressed; operator should use this script. |
| Runbook placeholders / .env in production | INGRESS_VERIFICATION_RUNBOOK.md: production note added in Prerequisites. VERIFICATION_GAPS_AND_TODOS: documentation note added. |
---
## Remaining (operator / external)
- **Operator (LAN/Proxmox):** Apply nginx config on VMID 5000; create token_aggregation DB and run migrations; restart token-aggregation; run run-all-operator-tasks-from-lan.sh; deploy TwoWayTokenBridgeL2 (or cW* receiver) per chain; wire CW_BRIDGE_* and test E2E. See [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md), [CW_BRIDGE_TASK_LIST.md](CW_BRIDGE_TASK_LIST.md), [DETAILED_GAPS_AND_ISSUES_LIST.md](../04-configuration/DETAILED_GAPS_AND_ISSUES_LIST.md) §12.
- **External / TBD:** Sankofa cutover placeholders until services deployed; CMC/CoinGecko submission; ramp provider outreach for Chain 138. See [REPOSITORIES_AND_PRS_CHAIN138.md](REPOSITORIES_AND_PRS_CHAIN138.md).
---
## Quick reference
- **In-repo actionable gaps:** Addressed or documented; see REQUIRED_FIXES_UPDATES_GAPS §§16 and this doc.
- **Operator copy-paste:** [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md).
- **Remaining tasks (one page):** [REMAINING_TASKS.md](REMAINING_TASKS.md).

112
docs/00-meta/MAINNET_LIQUIDITY_AND_RAMPS_PRIORITY.md Normal file
View File

@@ -0,0 +1,112 @@
# Priority: Obtain Liquid on Mainnet & Wire Off-Ramps / On-Ramps
**Purpose:** Single priority plan: (1) get liquidity on Ethereum Mainnet so 138→mainnet flows complete, then (2) wire fiat off-ramps and on-ramps so users can move value in and out.
**Status:** Operator-focused. Repo has scripts and contracts; execution depends on deployer mainnet balance and ramp API keys/partnerships.
---
## Priority 1 — Obtain liquid on Mainnet
Without mainnet liquidity, users cannot receive value when bridging from Chain 138 to Mainnet. Two destinations need funding.
### 1.1 Trustless LiquidityPoolETH (Mainnet)
**What it does:** Pays out ETH/WETH to users who lock on 138 and claim on Mainnet (trustless bridge).
**Prerequisite:** Deployer must have **ETH (and optionally WETH)** on Ethereum Mainnet.
| Step | Action |
|------|--------|
| 1 | Fund deployer on mainnet (exchange withdrawal, bridge from L2, or another wallet). See [FUNDING_AND_DEPLOYMENT_CHECKLIST](../03-deployment/FUNDING_AND_DEPLOYMENT_CHECKLIST.md) § Ethereum Mainnet. |
| 2 | Set in `.env`: `LIQUIDITY_POOL_ETH_MAINNET` (or `LIQUIDITY_POOL`), `ETHEREUM_MAINNET_RPC`, `PRIVATE_KEY`. |
| 3 | Run: `cd smom-dbis-138 && ./scripts/deployment/fund-mainnet-lp.sh --eth 1 --weth 0.5` (or interactive; use `--dry-run` first). |
| 4 | Verify: `cast call $LIQUIDITY_POOL_ETH_MAINNET "totalLiquidity()" --rpc-url $ETHEREUM_MAINNET_RPC` (or use [live-test-trustless-bridge.sh](../../smom-dbis-138/scripts/deployment/live-test-trustless-bridge.sh) with `--check`). |
**Scripts:** [fund-mainnet-lp.sh](../../smom-dbis-138/scripts/deployment/fund-mainnet-lp.sh), [FundMainnetLP.s.sol](../../smom-dbis-138/script/bridge/trustless/FundMainnetLP.s.sol).
**Refs:** [LIQUIDITY_POOL_CONTROLS_RUNBOOK](../03-deployment/LIQUIDITY_POOL_CONTROLS_RUNBOOK.md), [trustless DEPLOYMENT_GUIDE](../../smom-dbis-138/docs/bridge/trustless/DEPLOYMENT_GUIDE.md).
### 1.2 Mainnet Relay Bridge (WETH9) — CCIP payouts
**What it does:** Holds WETH9 on Mainnet so CCIP relay can complete 138→mainnet WETH transfers.
**Prerequisite:** Deployer must have **WETH9** on Ethereum Mainnet.
| Step | Action |
|------|--------|
| 1 | Ensure deployer has WETH on mainnet (swap ETH→WETH or receive WETH). |
| 2 | Run: `./scripts/bridge/fund-mainnet-relay-bridge.sh [amount_wei]` (omit for full balance). Env: `PRIVATE_KEY`, `ETHEREUM_MAINNET_RPC` (or `RPC_URL_MAINNET`). |
| 3 | Verify bridge balance: `cast call 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2 "balanceOf(address)(uint256)" 0xF9A32F37099c582D28b4dE7Fca6eaC1e5259f939 --rpc-url $ETHEREUM_MAINNET_RPC`. |
**Refs:** [CCIP_BRIDGE_MAINNET_CONNECTION](../07-ccip/CCIP_BRIDGE_MAINNET_CONNECTION.md), [REMAINING_WORK_BREAKDOWN_AND_ANSWERS](REMAINING_WORK_BREAKDOWN_AND_ANSWERS.md) § 2.6.
### 1.3 One-line summary (Priority 1)
1. Fund deployer with ETH (and WETH) on mainnet.
2. Set `LIQUIDITY_POOL_ETH_MAINNET`, `ETHEREUM_MAINNET_RPC` in .env.
3. Run `fund-mainnet-lp.sh --eth 1 --weth 0.5`.
4. Run `fund-mainnet-relay-bridge.sh` if using CCIP relay.
---
## Priority 2 — Wire off-ramps and on-ramps
Once mainnet has liquidity, 138→mainnet flows can complete. Next: connect fiat entry/exit (on-ramp = fiat→crypto, off-ramp = crypto→fiat).
### 2.1 Current wiring
| Component | Location | Role |
|-----------|----------|------|
| **Ramp API** | `metamask-integration/src/ramps/` | `POST /ramps/on-ramp/session`, `POST /ramps/off-ramp/session`, `GET /ramps/quote`, `GET /ramps/providers`. |
| **Providers** | MoonPay, Ramp Network, Onramper, Transak, Banxa, Coinbase, Stripe, Cybrid, Sardine, HoneyCoin | Require API keys; most support mainnet, not Chain 138. |
| **Chain support** | MetaMask ramp partners | Typically Ethereum, BNB, Polygon, etc. **Chain 138 not natively supported** by most ramp partners. |
**Refs:** [INTEGRATIONS_QUICK_REFERENCE](../../INTEGRATIONS_QUICK_REFERENCE.md), [MASTER_INDEX](../MASTER_INDEX.md) § Fiat On/Off Ramps, [METAMASK_BRIDGE_SWAP](../../smom-dbis-138/docs/operations/integrations/METAMASK_BRIDGE_SWAP.md).
### 2.2 On-ramp wiring (fiat → crypto)
| Step | Action |
|------|--------|
| 1 | **Mainnet path (works today):** User buys ETH/tokens on a supported chain (e.g. mainnet) via ramp → then bridges to Chain 138. Document this path in companion/dApp and [METAMASK_BRIDGE_SWAP](../../smom-dbis-138/docs/operations/integrations/METAMASK_BRIDGE_SWAP.md). |
| 2 | **Ramp API:** Ensure `metamask-integration` ramp server runs (`pnpm ramps:dev` or as part of app). Set API keys in .env: `MOONPAY_API_KEY`, `RAMP_NETWORK_API_KEY`, `ONRAMPER_API_KEY`, etc. See [MASTER_SECRETS_INVENTORY](../04-configuration/MASTER_SECRETS_INVENTORY.md), [API_KEYS_REQUIRED](../../reports/API_KEYS_REQUIRED.md). |
| 3 | **Companion/dApp:** Call `POST /ramps/on-ramp/session` with `chainId: 1` (or supported chain); show widget; instruct user to bridge to 138 if target is 138. |
| 4 | **Chain 138 native (future):** Partner with one or more ramp providers to add Chain 138. See [CONSENSYS_OUTREACH_PACKAGE](../../metamask-integration/docs/CONSENSYS_OUTREACH_PACKAGE.md), [ON_RAMP_INTEGRATION_GUIDE](../../metamask-integration/docs/ON_RAMP_INTEGRATION_GUIDE.md). |
### 2.3 Off-ramp wiring (crypto → fiat)
| Step | Action |
|------|--------|
| 1 | **Mainnet path (works once liquid):** User bridges 138→mainnet (trustless or CCIP), then sells on mainnet via off-ramp. Ensure mainnet liquidity (Priority 1) so bridge payouts succeed. |
| 2 | **Ramp API:** `POST /ramps/off-ramp/session` with `chainId: 1` (mainnet) and users mainnet address (or wallet that received bridged funds). |
| 3 | **Companion/dApp:** After bridge, show “Sell” / off-ramp option targeting mainnet; link to ramp provider or use embedded widget. |
| 4 | **Chain 138 native (future):** Same as on-ramp — partner with providers to support 138 for direct off-ramp from 138. |
### 2.4 Checklist — ramps
- [ ] Deployer/mainnet funded → Priority 1 done.
- [ ] Ramp API keys set in `metamask-integration/.env` (MoonPay, Ramp, etc.).
- [ ] Ramp server reachable from companion/dApp (`/ramps/on-ramp/session`, `/ramps/off-ramp/session`).
- [ ] Companion/dApp: on-ramp flow (buy on mainnet → bridge to 138) documented and linked → **[MAINNET_RAMP_USER_FLOWS.md](../04-configuration/MAINNET_RAMP_USER_FLOWS.md)**.
- [ ] Companion/dApp: off-ramp flow (138 → mainnet bridge → sell on mainnet) documented and linked → **[MAINNET_RAMP_USER_FLOWS.md](../04-configuration/MAINNET_RAMP_USER_FLOWS.md)**.
- [ ] (Optional) Outreach to ramp partners for Chain 138 support.
---
## Order of operations
1. **Obtain liquid on mainnet** — fund LiquidityPoolETH and (if used) Relay Bridge so 138→mainnet completes.
2. **Wire ramps to mainnet** — enable buy on mainnet (on-ramp) and sell on mainnet after bridge (off-ramp).
3. **Document user flows** — “Buy ETH on mainnet → bridge to 138” and “Bridge 138→mainnet → sell”.
4. **Later:** Ramp partner outreach for native Chain 138 on/off-ramp.
---
## Related
- [MAINNET_RAMP_USER_FLOWS](../04-configuration/MAINNET_RAMP_USER_FLOWS.md) — on-ramp and off-ramp user flows (buy on mainnet → bridge to 138; 138→mainnet → sell).
- [ALL_NEXT_STEPS_CURRENT](../../smom-dbis-138/docs/deployment/ALL_NEXT_STEPS_CURRENT.md) — runbook order (G4 fund mainnet LP is step 2).
- [FUNDING_AND_DEPLOYMENT_CHECKLIST](../03-deployment/FUNDING_AND_DEPLOYMENT_CHECKLIST.md) — where to get ETH/WETH per network.
- [LIQUIDITY_POOL_CONTROLS_RUNBOOK](../03-deployment/LIQUIDITY_POOL_CONTROLS_RUNBOOK.md) — LP controls and funding.
- [CHAIN138_ONLY_TO_CANONICAL_OTHER_NETWORKS](../../smom-dbis-138/docs/bridge/CHAIN138_ONLY_TO_CANONICAL_OTHER_NETWORKS.md) — who prefunds (operator).
- [OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST](OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md).

41
docs/00-meta/MASTER_DOCUMENTATION_INDEX.md
View File

@@ -1,41 +0,0 @@
# Master Documentation Index — Source of Truth
**Last Updated:** 2026-02-12
**Purpose:** Treat these documents as the **Bible** for URL, VMID, and port mappings. When fixing placeholders or cleaning up projects, use them as the verifiably correct source.
---
## Domain → VMID:port and infrastructure
| Document | Scope | Use when |
|----------|--------|----------|
| **[ALL_VMIDS_ENDPOINTS.md](../04-configuration/ALL_VMIDS_ENDPOINTS.md)** | Complete VMID, IP, hostname, port, and public domain mapping | Resolving which VMID:port a domain or service must use; checking that **only** explorer points to Blockscout. |
| **[RPC_ENDPOINTS_MASTER.md](../04-configuration/RPC_ENDPOINTS_MASTER.md)** | RPC URLs, public domain → NPMplus backend, canonical .env values | Setting RPC_* in .env, configuring NPMplus proxy hosts, Chain 138 / ThirdWeb / DBIS / Sankofa / MIM4U. |
| **[DNS_NPMPLUS_VM_COMPREHENSIVE_ARCHITECTURE.md](../04-configuration/DNS_NPMPLUS_VM_COMPREHENSIVE_ARCHITECTURE.md)** | DNS → NPMplus → VM table | Aligning NPMplus backend targets with VMIDs; must match ALL_VMIDS and RPC_ENDPOINTS_MASTER. |
---
## Critical rule: Explorer vs other services
**Only** the **Explorer** (Blockscout) should be pointed at **192.168.11.140** (VMID 5000):
- `explorer.d-bis.org` → 192.168.11.140:80 (web), :4000 (API) ✅
**All other domains** must point to their **correct VMID and port** (see the master docs above). Examples of **incorrect** routing (do not use):
- `sankofa.nexus`, `phoenix.sankofa.nexus`~~192.168.11.140~~
- Correct: `sankofa.nexus` → 192.168.11.51:3000 (VMID 7801), `phoenix.sankofa.nexus` → 192.168.11.50:4000 (VMID 7800).
When reviewing or fixing documentation and NPMplus config:
1. Resolve every domain from **ALL_VMIDS_ENDPOINTS** or **RPC_ENDPOINTS_MASTER**.
2. Update any doc or script that points a non-explorer domain to 192.168.11.140.
3. Ensure placeholder lists (e.g. [PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md](PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md), [GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md](../GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md)) reference these master docs and the correct targets.
---
## Related
- [PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md](PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md) — What to complete for each placeholder
- [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) — Remaining tasks and recommendations
- [NETWORK_CONFIGURATION_MASTER.md](../11-references/NETWORK_CONFIGURATION_MASTER.md) — Network and IP reference

6
docs/00-meta/MASTER_PLAN.md
View File

@@ -1,6 +1,6 @@
# Master Plan — Gaps, Protection Layer, and Granular Admin Control
**Last Updated:** 2026-02-05
**Last Updated:** 2026-02-28
**Status:** Active
**Purpose:** Single source of truth for what to do: consolidates gaps, placeholders, and recommendations; defines the full protection layer and granular admin control panels at all levels; provides phased execution with references to detailed indexes.
@@ -15,7 +15,7 @@ This document does not duplicate the full 139-item tables or every recommendatio
| Index / list | Document | Item range or scope |
|--------------|----------|---------------------|
| **All requirements (master)** | [ALL_REQUIREMENTS.md](ALL_REQUIREMENTS.md) | Foundation, security, deployment (phases, CCIP, missing containers), backup, config, codebase, protection layer, waves, validation, optional |
| All improvements and gaps | [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](../ALL_IMPROVEMENTS_AND_GAPS_INDEX.md) | 139 items (111 Proxmox high, 1220 medium, 2130 low, 3135 quick wins, 3667 code/scripts, 6874 docs, 7591 infra, 92105 MetaMask/explorer, 106121 Tezos/CCIP, 122126 Besu, 127130 RPC translator, 131134 orchestration portal, 135139 maintenance) |
| All improvements and gaps (canonical) | [ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md) | 139 items, 20 sections (do not use ALL_IMPROVEMENTS_AND_GAPS_INDEX—deprecated) |
| Gaps and recommendations | [GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md](../GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md) | Security, config/DNS, code TODOs, docs, token aggregation, Tezos, operational |
| Next steps | [NEXT_STEPS_MASTER.md](NEXT_STEPS_MASTER.md) | Immediate, deployment phases, missing containers, codebase, optional, maintenance |
| TODO task list | [TODO_TASK_LIST_MASTER.md](TODO_TASK_LIST_MASTER.md) | Critical fixes, gas, verification, improvements 1139, security, monitoring, phases, codebase, docs |
@@ -185,7 +185,7 @@ All recommendations from [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](../ALL_IMPROVEMENT
| Step | Action | Doc reference |
|------|--------|----------------|
| 3.1 | CCIP fleet: CCIP Ops/Admin (54005401), commit/execute/RMN nodes, NAT pools. | NEXT_STEPS_MASTER Phase 3; [CCIP_DEPLOYMENT_SPEC.md](../07-ccip/CCIP_DEPLOYMENT_SPEC.md) |
| 3.2 | Missing containers: 3 only (2506, 2507, 2508). Canonical list: [MISSING_CONTAINERS_LIST.md](../03-deployment/MISSING_CONTAINERS_LIST.md) | [MISSING_CONTAINERS_LIST.md](../03-deployment/MISSING_CONTAINERS_LIST.md) |
| 3.2 | 25062508 destroyed 2026-02-08; RPC 25002505 only. See [MISSING_CONTAINERS_LIST.md](../03-deployment/MISSING_CONTAINERS_LIST.md) | Done (doc) |
### Phase 4 — Granular admin panels and infra protection

80
docs/00-meta/NEXT_STEPS_2101_AND_STORAGE.md Normal file
View File

@@ -0,0 +1,80 @@
# Concrete Next Steps: RPC 2101 and Storage (thin5 / data)
**Last updated:** 2026-02-28
---
## 1. VMID 2101 (Core RPC) — RPC not responding
**Symptom:** Container running, `besu-rpc` active, but RPC (e.g. `eth_blockNumber`) returns no response from 192.168.11.211:8545.
### Run order (from project root, on LAN with SSH to r630-01)
| Step | Action | Command |
|------|--------|---------|
| 1 | **Diagnose** | `bash scripts/maintenance/health-check-rpc-2101.sh` |
| 2a | If **read-only / database not writable** | `bash scripts/maintenance/make-rpc-vmids-writable-via-ssh.sh` (then re-run step 1) |
| 2b | If **JNA / NoClassDefFoundError** in logs | `bash scripts/maintenance/fix-rpc-2101-jna-reinstall.sh` (then step 3) |
| 3 | **Fix** (start CT if needed, restart Besu, verify) | `bash scripts/maintenance/fix-core-rpc-2101.sh` |
| 4 | **Verify** | `bash scripts/health/check-rpc-vms-health.sh` — 2101 should show block number |
**Optional:** `fix-core-rpc-2101.sh --restart-only` if the container is already running and you only want to restart the Besu service.
**Docs:** `docs/09-troubleshooting/RPC_NODES_BLOCK_PRODUCTION_FIX.md`, `docs/03-deployment/RPC_2101_READONLY_FIX.md` (if present).
---
## 2. r630-02 thin5 — 84.6% used (monitor / reduce)
**Risk:** thin5 is approaching the 85% WARN threshold; LVM thin pools can become slow or fail above ~90%.
### Immediate
| Step | Action | Command / notes |
|------|--------|------------------|
| 1 | **See which containers use thin5** | On r630-02: `ssh root@192.168.11.12 'pct list; for v in $(pct list 2>/dev/null | awk "NR>1{print \$1}"); do grep -l thin5 /etc/pve/lxc/$v.conf 2>/dev/null && echo "VMID $v uses thin5"; done'` |
| 2 | **Check disk usage inside those CTs** | `bash scripts/maintenance/check-disk-all-vmids.sh` — find VMIDs on r630-02 with high % |
| 3 | **Free space inside CTs** (Besu/DB, logs) | Per VMID: `pct exec <vmid> -- du -sh /data /var/log 2>/dev/null`; prune logs, old snapshots, or Besu temp if safe |
| 4 | **Optional: migrate one CT to another thin** | If thin5 stays high: backup CT, restore to thin2/thin3/thin4/thin6 (e.g. `pct restore <vmid> /path/to/dump --storage thin2`) |
### Ongoing
| Step | Action | Command / notes |
|------|--------|------------------|
| 5 | **Track growth** | `bash scripts/monitoring/collect-storage-growth-data.sh --append` (or install cron: `bash scripts/maintenance/schedule-storage-growth-cron.sh --install`) |
| 6 | **Prune old snapshots** (on host) | `bash scripts/monitoring/prune-storage-snapshots.sh` (weekly; keeps last 30 days) |
---
## 3. r630-01 data / local-lvm — 71.9% used (monitor)
**Risk:** Still healthy; monitor so it does not reach 85%+.
### Immediate
| Step | Action | Command / notes |
|------|--------|------------------|
| 1 | **Snapshot + growth check** | `bash scripts/monitoring/collect-storage-growth-data.sh` — review `logs/storage-growth/` |
| 2 | **Identify large CTs on r630-01** | `bash scripts/maintenance/check-disk-all-vmids.sh` — ml110 + r630-01; VMIDs 2101, 25002505 are on r630-01 |
### Ongoing
| Step | Action | Command / notes |
|------|--------|------------------|
| 3 | **Same as thin5** | Use `schedule-storage-growth-cron.sh --install` for weekly collection + prune |
| 4 | **Before new deployments** | Re-run `bash scripts/audit-proxmox-rpc-storage.sh` and check data% / local-lvm% |
---
## Quick reference
| Item | Script | Purpose |
|------|--------|---------|
| 2101 health | `scripts/maintenance/health-check-rpc-2101.sh` | Diagnose Core RPC |
| 2101 fix | `scripts/maintenance/fix-core-rpc-2101.sh` | Restart Besu, verify RPC |
| 2101 read-only | `scripts/maintenance/make-rpc-vmids-writable-via-ssh.sh` | e2fsck RPC VMIDs on r630-01 |
| 2101 JNA | `scripts/maintenance/fix-rpc-2101-jna-reinstall.sh` | Reinstall Besu in 2101 |
| Storage audit | `scripts/audit-proxmox-rpc-storage.sh` | All hosts + RPC rootfs mapping |
| Disk in CTs | `scripts/maintenance/check-disk-all-vmids.sh` | Root / usage per running CT |
| Storage growth | `scripts/monitoring/collect-storage-growth-data.sh` | Snapshot pvesm/lvs/df |
| Growth cron | `scripts/maintenance/schedule-storage-growth-cron.sh --install` | Weekly collect + prune |

6
docs/00-meta/NEXT_STEPS_ALL.md
View File

@@ -81,9 +81,9 @@ Org **d-bis** and 18 repos created. **Pushed** to Gitea: proxmox (master), dbis_
---
## 9. General — 25062508 JWT / identity
## 9. General — 25062508 (destroyed 2026-02-08)
Containers 2506, 2507, 2508 exist. Remaining: JWT auth in front of Besu RPC per [CHAIN138_JWT_AUTH_REQUIREMENTS.md](../04-configuration/CHAIN138_JWT_AUTH_REQUIREMENTS.md); permissioned identity (2506→Luis, 2507/2508→Putu). Use `scripts/generate-jwt-token-for-container.sh`; JWT secrets on containers, not in repo .env. See [MISSING_CONTAINERS_LIST.md](../03-deployment/MISSING_CONTAINERS_LIST.md).
Containers 2506, 2507, 2508 were **destroyed 2026-02-08** on all Proxmox hosts. Besu RPC range is **25002505** only. No JWT/identity action for 25062508. See [MISSING_CONTAINERS_LIST.md](../03-deployment/MISSING_CONTAINERS_LIST.md).
---
@@ -101,7 +101,7 @@ If verification reports "cert files missing": NPMplus at https://192.168.11.167:
## 12. General — Wave 2 & 3
Per [WAVE2_WAVE3_OPERATOR_CHECKLIST.md](WAVE2_WAVE3_OPERATOR_CHECKLIST.md): monitoring stack, Grafana + Cloudflare Access, VLAN enablement, CCIP Ops/Admin (54005401), 25062508 JWT/identity, DBIS services, NPMplus HA (optional), CCIP Fleet, Phase 4 tenant isolation.
Per [WAVE2_WAVE3_OPERATOR_CHECKLIST.md](WAVE2_WAVE3_OPERATOR_CHECKLIST.md): monitoring stack, Grafana + Cloudflare Access, VLAN enablement, CCIP Ops/Admin (54005401), DBIS services, NPMplus HA (optional), CCIP Fleet, Phase 4 tenant isolation. (25062508 destroyed 2026-02-08.)
---

105
docs/00-meta/NEXT_STEPS_AND_REMAINING_TODOS.md
View File

@@ -1,16 +1,111 @@
# Next Steps and Remaining TODOs — Consolidated List
**Last Updated:** 2026-02-20
**Last Updated:** 2026-03-02
**Purpose:** Single checklist of all next steps and remaining tasks. **Single-file task list:** [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md). Items marked **Operator/LAN** require Proxmox access, deploy keys, or external parties; others can be done in-repo (code, config, docs).
**👉 Single list (runbooks not yet run + remaining deployments + recommendations):** [TASKS_RUNBOOKS_REMAINING_AND_RECOMMENDATIONS.md](TASKS_RUNBOOKS_REMAINING_AND_RECOMMENDATIONS.md).
**👉 Single list (runbooks not yet run + remaining deployments + recommendations):** this document ([NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md)).
**See also:** [RECOMMENDED_COMPLETION_CHECKLIST.md](../07-ccip/RECOMMENDED_COMPLETION_CHECKLIST.md) (CCIP/mapper), [NEXT_STEPS_FOR_YOU.md](NEXT_STEPS_FOR_YOU.md), [NEXT_STEPS_OPERATOR.md](NEXT_STEPS_OPERATOR.md), [TODO_TASK_LIST_MASTER.md](TODO_TASK_LIST_MASTER.md), [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md).
**See also:** [DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) (full deployment order Phase 06 + preflight), [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md), [RECOMMENDED_COMPLETION_CHECKLIST.md](../07-ccip/RECOMMENDED_COMPLETION_CHECKLIST.md), [NEXT_STEPS_FOR_YOU.md](NEXT_STEPS_FOR_YOU.md), [NEXT_STEPS_OPERATOR.md](NEXT_STEPS_OPERATOR.md), [TODO_TASK_LIST_MASTER.md](TODO_TASK_LIST_MASTER.md), [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md).
**Single ordered list (runnable):** [OPTIONAL_DEPLOYMENTS_START_HERE §5](../07-ccip/OPTIONAL_DEPLOYMENTS_START_HERE.md#5-next-steps--complete-in-order) — from-anywhere commands (14) then operator/LAN (510). **Operator copy-paste:** [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md).
---
## Remaining tasks (summary)
Steps 12 and the Chain 138 “all in one” run (step 3) are **done** (2026-03-02). **Task check (2026-03-02):** Each remaining task was verified; see [TASK_CHECK_REPORT.md](TASK_CHECK_REPORT.md) for per-task status and what can be completed only by Operator/LAN or externally. What remains:
| # | Task | Who | Command / doc |
|---|------|-----|----------------|
| 4 | **Full deployment order (Phase 06)** | Operator | [DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) — prereqs → core → PMM pools → provider → optional → cW* → verify |
| 5 | **Chain 138 PMM:** add liquidity, ensure DODOPMMProvider registered | Operator/LAN | [PRE_DEPLOYMENT_CHECKLIST.md](../03-deployment/PRE_DEPLOYMENT_CHECKLIST.md); add liquidity per [LIQUIDITY_POOLS_MASTER_MAP](../11-references/LIQUIDITY_POOLS_MASTER_MAP.md) |
| 6 | **Operator tasks:** Blockscout verify, 502 fix, NPMplus backup, optional deploy | Operator/LAN | `./scripts/run-all-operator-tasks-from-lan.sh [--deploy]`; [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md) |
| 7 | **Gnosis, Celo, Wemix CCIP bridges** | Operator/LAN | [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md); DeployWETHBridges + destinations + fund LINK |
| 8 | **LINK support on Mainnet relay** | Operator/LAN | [RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK](../07-ccip/RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md) |
| 9 | **Repos & PRs:** Ledger, Trust Wallet, Chainlist, on-ramps | External | [REPOSITORIES_AND_PRS_CHAIN138.md](REPOSITORIES_AND_PRS_CHAIN138.md) |
| 10 | **PR-ready files:** Chainlist, Trust Wallet forms | Anyone | [04-configuration/pr-ready/README.md](../04-configuration/pr-ready/README.md) |
| 11 | **E2E flow waves E1E7** (add liquidity, CCIP fund, token-aggregation, Blockscout, L2 PMM, bridge UI, docs) | Operator/Dev | `./scripts/run-e2e-flow-tasks-full-parallel.sh`; [TASKS_TO_INCREASE_ALL_E2E_FLOWS.md](TASKS_TO_INCREASE_ALL_E2E_FLOWS.md) |
**Optional / lower priority:** Wemix token verification; mint tokens to deployer for LPs/bridges ([TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER](../11-references/TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER.md)); AddressMapper on other chains; Mainnet trustless stack; cW* on public chains. See [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md).
---
## Next steps (ordered)
| # | Step | Who | Command / doc |
|---|------|-----|----------------|
| 1 | **From anywhere (no LAN):** config + on-chain + validation | Anyone | `./scripts/run-completable-tasks-from-anywhere.sh` |
| 2 | **Before any Chain 138 deploy:** preflight (RPC, dotenv, nonce, optional cost) | Anyone with .env | `./scripts/deployment/preflight-chain138-deploy.sh [--cost]` |
| 3 | **Full deployment order** | Operator | [DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) Phase 06: prereqs → core → PMM pools → provider → optional → cW* → verify |
| 4 | **Chain 138 PMM:** create pools, deploy DODOPMMProvider | Operator/LAN | [PRE_DEPLOYMENT_CHECKLIST.md](../03-deployment/PRE_DEPLOYMENT_CHECKLIST.md); `create-all-pmm-pools-chain138.sh`, then DeployDODOPMMProvider |
| 5 | **Operator tasks (Blockscout, 502, backup, deploy)** | Operator/LAN | `./scripts/run-all-operator-tasks-from-lan.sh [--deploy] [--create-vms]`; [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md) |
---
## Completed in this pass (2026-03-02) — Documentation and completable run
| # | Item |
|---|------|
| — | **Documentation consolidation:** [MASTER_INDEX.md](../MASTER_INDEX.md) and [README.md](../README.md) created; [RUNBOOKS_MASTER_INDEX.md](../RUNBOOKS_MASTER_INDEX.md) added (redirect); [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](../ALL_IMPROVEMENTS_AND_GAPS_INDEX.md) deprecated (redirect stub). DOCUMENTATION_CONSOLIDATION_PLAN §5 (eliminating deprecated content) and ARCHIVE_CANDIDATES updated. |
| — | **Completable-from-anywhere run:** `./scripts/run-completable-tasks-from-anywhere.sh` — config validation OK; on-chain 38/38 (Chain 138); run-all-validation --skip-genesis OK; reconcile-env --print. E2E flow tasks dry-run: `./scripts/run-e2e-flow-tasks-full-parallel.sh --dry-run` (waves E0E7 listed). |
| — | **Preflight:** `./scripts/deployment/preflight-chain138-deploy.sh` — passed (dotenv, RPC Core, nonce consistent). |
| — | **Chain 138 next steps (full run):** `./scripts/deployment/run-all-next-steps-chain138.sh` — Step 1 preflight OK; Step 2 TransactionMirror already deployed, cUSDT/cUSDC pool already exists (continued); Step 3 Register c* as GRU: all 12 c* already registered (skip); Step 4 on-chain verification 38/38. Exit 0. |
---
## Completed in this pass (2026-02-27)
| # | Item |
|---|------|
| — | **Deployment order of operations:** [DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) — full Phase 06 sequence (prereqs → core → PMM/pools → provider → optional → cW* → verification) and remaining recommendations (R1R24, ~139 items). |
| — | **Deployment safety (four rules):** Correct RPC (Core only), correct dotenv (`smom-dbis-138/.env` only), Gas API/cost estimate before deploy, do not deploy when transactions stuck. Documented in DEPLOYMENT_ORDER_OF_OPERATIONS, PRE_DEPLOYMENT_CHECKLIST, CONTRACT_DEPLOYMENT_RUNBOOK. |
| — | **Preflight script:** `./scripts/deployment/preflight-chain138-deploy.sh [--cost]` — checks dotenv, env keys, RPC (Core, chainId 138), deployer nonce (fails if stuck); optional `--cost` runs cost estimate. Linked from runbook and Phase 0. |
| — | **Todo/docs sync:** NEXT_STEPS_AND_REMAINING_TODOS, TODOS_CONSOLIDATED, TODO_TASK_LIST_MASTER updated with 2026-02-27 completion and deployment order/preflight refs. |
| — | **Completable run (2026-02-27):** `run-completable-tasks-from-anywhere.sh` — config validation OK; on-chain 38/38 (Chain 138); run-all-validation --skip-genesis OK; reconcile-env --print. |
---
## Completed in this pass (2026-02-28) — “Whats left” execution
| # | Item |
|---|------|
| — | **Preflight:** Passed (RPC Core, dotenv, nonce). |
| — | **PMM pools:** All three created (cUSDT/cUSDC `0x9fcB…`, cUSDT/USDT `0xa3Ee…`, cUSDC/USDC `0x90bd…`). |
| — | **DODOPMMProvider:** Deployed at `0x8EF6657D2a86c569F6ffc337EE6b4260Bd2e59d0`; all three pools registered via `RegisterDODOPools.s.sol`. |
| — | **Operator script:** NPMplus RPC fix + backup + Blockscout verify run. |
| — | **Wemix:** Re-fetched scan.wemix.com/tokens; WEMIX_TOKEN_VERIFICATION.md updated. |
| — | **Docs:** PRE_DEPLOYMENT_CHECKLIST, LIQUIDITY_POOLS_MASTER_MAP updated. **Remaining (operator/external):** [WHATS_LEFT_OPERATOR_AND_EXTERNAL.md](WHATS_LEFT_OPERATOR_AND_EXTERNAL.md). |
---
## Completed in this pass (2026-02-24)
| # | Item |
|---|------|
| — | **Required next steps (complete):** Re-ran `run-completable-tasks-from-anywhere.sh` — config validation OK, on-chain 36/36 (Chain 138), run-all-validation --skip-genesis OK, reconcile-env --print. All in-repo required checks pass. |
| — | **Completable tasks:** `run-completable-tasks-from-anywhere.sh` — config OK, on-chain 36/36, run-all-validation --skip-genesis OK, reconcile-env. |
| — | **Forge tests:** smom-dbis-138 434 tests passed; alltra-lifi-settlement 8 tests passed. |
| — | **Bridge dry-run:** `run-send-cross-chain.sh 0.01 --dry-run` run (simulation; real send needs PRIVATE_KEY + LINK from LAN). |
| — | **CCIP checklist:** `ccip-deploy-checklist.sh` run — deployment order and VMID ranges confirmed; mainnet CCIP env (CCIP_ETH_ROUTER, CCIP_ETH_LINK_TOKEN, ETH_MAINNET_SELECTOR) noted for operator. |
| — | **Evidence:** [COMPLETION_RUN_20260224_TASKS_AND_TODOS.md](../04-configuration/verification-evidence/COMPLETION_RUN_20260224_TASKS_AND_TODOS.md). |
| — | **Full plan implementation:** [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md) added; cross-links from phases, TODO, operator checklist, runbooks, recommendations. Re-ran run-completable-tasks-from-anywhere.sh (config OK, on-chain 36/36); phase4-sovereign-tenants.sh --show-steps and schedule-daily-weekly-cron.sh --show. |
| — | **Placeholders:** Canonical addresses (env-only) and AlltraAdapter fee (setBridgeFee) marked Done in [PLACEHOLDERS_AND_REQUIRED_ADDITIONS_LIST.md](PLACEHOLDERS_AND_REQUIRED_ADDITIONS_LIST.md). [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md) updated with Wave 0 (sendCrossChain, NPMplus backup, RPC fix) and plan index link. dbis_core TS doc: prisma generate note added for MODULE_NOT_FOUND (run pnpm install first). |
| — | **All fixes (in-repo):** [REQUIRED_FIXES_UPDATES_GAPS.md](../REQUIRED_FIXES_UPDATES_GAPS.md) §§16 already Done/Documented. TODOS_CONSOLIDATED, NEXT_STEPS_AND_REMAINING_TODOS, NEXT_STEPS_FOR_YOU synced to §4 (smart accounts kit, quote FABRIC_CHAIN_ID, .bak). No remaining in-repo fixes; operator/LAN and deferred (dbis_core TS, audits) unchanged. |
## Completed in this pass (2026-02-23)
| # | Item |
|---|------|
| — | **smom-dbis-138 deployment (all steps including optional):** Chain 138 verification (14 ok, 2 warnings); fund CCIP and fund mainnet LP dry-runs; optional G1 PMM on Polygon and run-all-four-gaps G1; optional G2 Trustless on Polygon; run-all-four-gaps and CCIPLogger documented. Report: [COMPLETION_RUN_20260223_ALL_STEPS.md](../../smom-dbis-138/docs/deployment/COMPLETION_RUN_20260223_ALL_STEPS.md). Runbook: [ALL_NEXT_STEPS_CURRENT.md](../../smom-dbis-138/docs/deployment/ALL_NEXT_STEPS_CURRENT.md). |
| — | **Optional and next steps:** Completable run (config OK, on-chain 36/36, run-all-validation --skip-genesis, reconcile-env). Shellcheck with `--optional` made non-fatal so CI and validate pass. Validate via Proxmox SSH: full shellcheck + genesis validation; jq/shellcheck installed on host when missing; genesis passed. TODOS_CONSOLIDATED, OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST, NEXT_STEPS_FOR_YOU, NEXT_STEPS_INDEX, verification evidence updated. |
## Completed in this pass (2026-02-22)
| # | Item |
|---|------|
| — | **DApp production UX:** Single “Connect Wallet” button with modal; nav Bridge \| Swap \| History \| Explorer (Admin/Reserve removed from main nav); text-only tabs; typography and form controls; “Start Bridge Transfer” CTA; trust footer in Layout; mobile layout. |
| — | **DApp console errors (MetaMask):** ObjectMultiplex/StreamMiddleware/“Lost connection” messages are from the MetaMask extension, not the DApp. Added disconnect handling: when the wallet disconnects unexpectedly, the DApp shows a toast (“Wallet disconnected. Please reconnect or reload the page.”). Doc: [DAPP_CONSOLE_ERRORS_METAMASK.md](../09-troubleshooting/DAPP_CONSOLE_ERRORS_METAMASK.md). |
## Completed in this pass (2026-02-20)
| # | Item |
@@ -50,7 +145,7 @@
| 3 | **Bridge UIs / Snap use token-mapping** | ✅ Done | Token-aggregation returns `tokenMappingApi`; Snap has `get_token_mapping`; see REST_API_REFERENCE. |
| 4 | **LINK support on Mainnet relay:** Choose Option A (extend CCIPRelayBridge) or B (separate LINK receiver); implement, deploy, fund LINK; set `relaySupported: true` for LINK in token-mapping.json; update docs. | **Operator/LAN** | [RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK](../07-ccip/RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md) |
| 5 | **Run "from anywhere" checks:** Run `./scripts/run-completable-tasks-from-anywhere.sh` periodically (config, on-chain, validation, reconcile-env). | Anyone | NEXT_STEPS_FOR_YOU §2 |
| 6 | **Placeholders (code):** Canonical addresses in token-aggregation (env); AlltraAdapter fee (set via setBridgeFee); smart accounts kit; quote service Fabric chainId; .bak (see BAK_FILES_DEPRECATION). | Dev | REQUIRED_FIXES_UPDATES_GAPS |
| 6 | **Placeholders (code):** All done or documented per [REQUIRED_FIXES_UPDATES_GAPS.md](../REQUIRED_FIXES_UPDATES_GAPS.md) §4: canonical addresses (env), AlltraAdapter setBridgeFee, smart accounts kit (env + runbook), quote service FABRIC_CHAIN_ID (default 999), .bak (BAK_FILES_DEPRECATION). | Dev | REQUIRED_FIXES_UPDATES_GAPS |
| 7 | **API keys:** Sign up per [reports/API_KEYS_REQUIRED.md](../../reports/API_KEYS_REQUIRED.md); add to `.env`. | Anyone | NEXT_STEPS_FOR_YOU §2 |
---
@@ -110,7 +205,7 @@
| # | Task | Owner | Ref |
|---|------|--------|-----|
| 24 | Work through [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](../ALL_IMPROVEMENTS_AND_GAPS_INDEX.md) as needed; run `bash scripts/verify/run-all-validation.sh [--skip-genesis]`. | Dev/Ops | TODO_TASK_LIST_MASTER |
| 24 | Work through [ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md) (canonical) or [ALL_RECOMMENDATIONS_HIGH_PRIORITY.md](ALL_RECOMMENDATIONS_HIGH_PRIORITY.md) (high-priority only); run `bash scripts/verify/run-all-validation.sh [--skip-genesis]`. | Dev/Ops | TODO_TASK_LIST_MASTER |
| 25 | **Security:** smom audits VLT-024, ISO-024; bridge integrations BRG-VLT, BRG-ISO. | Security | TODO_TASK_LIST_MASTER §5 |
| 26 | **Paymaster (optional):** Deploy per SMART_ACCOUNTS_DEPLOYMENT_NOTE when sources ready. | Optional | TODO_TASK_LIST_MASTER §2 |
| 27 | **dbis_core:** ~1186 TS errors (deferred). | Dev | TODO_TASK_LIST_MASTER §8 |

19
docs/00-meta/NEXT_STEPS_FOR_YOU.md
View File

@@ -1,8 +1,16 @@
# Your next steps — one place
**Last Updated:** 2026-02-20
**Last Updated:** 2026-03-02
**Purpose:** Single list of what **you** need to do next (no infra/automation). Everything else the repo can do has been completed or documented.
**Completed 2026-03-02:** Documentation consolidation: [MASTER_INDEX.md](../MASTER_INDEX.md), [README.md](../README.md), [RUNBOOKS_MASTER_INDEX.md](../RUNBOOKS_MASTER_INDEX.md) created; deprecated content (ALL_IMPROVEMENTS_AND_GAPS_INDEX) marked redirect-only. `run-completable-tasks-from-anywhere.sh` run: config OK, on-chain 38/38, validation OK, reconcile-env. **Preflight** and **run-all-next-steps-chain138.sh** run: preflight passed; mirror/pool already deployed; all 12 c* already registered as GRU; verification 38/38. Next steps index and TODOS_CONSOLIDATED updated.
**Completed 2026-02-27:** Chain 138 "run all next steps" script added: `./scripts/deployment/run-all-next-steps-chain138.sh` (preflight → mirror+pool → register c* as GRU → verify). Docs updated: NEXT_STEPS_INDEX, DEPLOYMENT_ORDER_OF_OPERATIONS, TODOS_CONSOLIDATED, CONTRACT_NEXT_STEPS_LIST.
**Completed 2026-03-01:** Recommended next steps: `run-completable-tasks-from-anywhere.sh` (config OK, on-chain 38/38, validation OK, reconcile-env). Progress indicators added (Step 1/44/4). E2E flow tasks script: `./scripts/run-e2e-flow-tasks-full-parallel.sh [--dry-run] [--wave E1]`. CONTRACT_ADDRESSES_REFERENCE and RECOMMENDATIONS_OPERATOR_CHECKLIST updated to use ADDRESS_MATRIX_AND_STATUS for correlated address matrix.
**Completed 2026-02-23:** Optional and next steps: `run-completable-tasks-from-anywhere.sh` run (config OK, on-chain 36/36, run-all-validation --skip-genesis OK, reconcile-env). Shellcheck with `--optional` now non-fatal (CI and validate pass). Validate via Proxmox SSH: `bash scripts/run-via-proxmox-ssh.sh validate [--host IP]` runs full shellcheck + genesis validation; jq/shellcheck installed on host when missing. TODOS_CONSOLIDATED and OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST updated.
**Completed 2026-02-20:** Documentation consolidation and root cleanup (NEXT_STEPS_INDEX, DOCUMENTATION_CONSOLIDATION_PLAN; 00-meta Batch 4+5 archived; root status/temp files → docs/archive/root-cleanup-20260220; fix-wsl-ip.sh → scripts/). `run-completable-tasks-from-anywhere.sh` run: config validation OK, on-chain 45/45, run-all-validation --skip-genesis OK, reconcile-env --print.
**Completed 2026-02-12:** `run-completable-tasks-from-anywhere.sh` run successfully (config validation, on-chain check 36/36, validation, reconcile-env). app-ethereum README updated with BOLOS_SDK note. See [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) § Completed in this pass.
@@ -28,14 +36,17 @@ These can be run from your current machine (dev, WSL, CI) without Proxmox or Led
| Step | Command / action |
|------|------------------|
| **Run all “from anywhere” checks** | `./scripts/run-completable-tasks-from-anywhere.sh` — config validation, on-chain check (SKIP_EXIT=1 if RPC unreachable), run-all-validation --skip-genesis, reconcile-env --print |
| **On-chain address list (no RPC)** | `./scripts/verify/check-contracts-on-chain-138.sh --dry-run` — lists 36 addresses only |
| **Chain 138 next steps (all in one)** | `./scripts/deployment/run-all-next-steps-chain138.sh` — preflight → mirror+pool (or `--skip-mirror`) → register c* as GRU → verify. Use `--dry-run`; set `TRANSACTION_MIRROR_ADDRESS` if mirror exists. See [TRANSACTION_MIRROR_CHAIN138_COLLISION_FIX](../03-deployment/TRANSACTION_MIRROR_CHAIN138_COLLISION_FIX.md) if CreateCollision. |
| **E2E flows (full parallel)** | `./scripts/run-e2e-flow-tasks-full-parallel.sh [--dry-run] [--wave E1]` — run E2E flow tasks by wave; see [TASKS_TO_INCREASE_ALL_E2E_FLOWS](TASKS_TO_INCREASE_ALL_E2E_FLOWS.md). |
| **On-chain address list (no RPC)** | `./scripts/verify/check-contracts-on-chain-138.sh --dry-run` — lists addresses only (no RPC) |
| **Config validation** | `./scripts/validation/validate-config-files.sh` or `... --dry-run` (print only) |
| **Bridge deploy dry-run** | `./scripts/deploy-and-configure-weth9-bridge-chain138.sh --dry-run` (no keys/network) |
| **Shellcheck (optional)** | `bash scripts/verify/run-shellcheck.sh --optional` — lint scripts; use without `--optional` to fix issues if shellcheck installed |
| **Shellcheck (optional)** | `bash scripts/verify/run-shellcheck.sh --optional` — lint scripts (reports findings, does not fail); use without `--optional` to fail on any finding |
| **Validate via Proxmox SSH** | `bash scripts/run-via-proxmox-ssh.sh validate [--host 192.168.11.10]` — full shellcheck + genesis validation on host; installs jq/shellcheck if missing |
| **CCIP checklist (dry)** | `bash scripts/ccip/ccip-deploy-checklist.sh` — validates env and prints deploy order (no deploy) |
| **Tests** | `cd smom-dbis-138 && forge test` (e2e/integration subset if full suite slow); `cd alltra-lifi-settlement && forge test && npm run test:e2e -- --forceExit` |
| **Quick wins (code)** | Add progress indicators to scripts; add `--dry-run` to scripts that lack it; extend config validation (see [IMPLEMENTATION_CHECKLIST](../10-best-practices/IMPLEMENTATION_CHECKLIST.md)) |
| **Placeholders (code)** | canonical addresses in token-aggregation; AlltraAdapter fee (AlltraAdapter.sol); smart accounts kit placeholders; quote service Fabric chainId 999; .bak deprecation — see [REQUIRED_FIXES_UPDATES_GAPS](../REQUIRED_FIXES_UPDATES_GAPS.md) |
| **Placeholders (code)** | All done or documented — see [REQUIRED_FIXES_UPDATES_GAPS](../REQUIRED_FIXES_UPDATES_GAPS.md) §4 (canonical addresses, AlltraAdapter setBridgeFee, smart accounts env, quote FABRIC_CHAIN_ID, .bak BAK_FILES_DEPRECATION). |
| **API keys** | Sign up at URLs in [reports/API_KEYS_REQUIRED.md](../../reports/API_KEYS_REQUIRED.md); add any new keys to `.env` |
**Reference:** [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md) § “Can Be Accomplished Now”.

42
docs/00-meta/NEXT_STEPS_INDEX.md
View File

@@ -1,8 +1,36 @@
# Next Steps — Index
**Last Updated:** 2026-02-20 (completable run + doc updates completed)
**Last Updated:** 2026-03-02
**Purpose:** Single entry point for "what to do next." Pick by audience and granularity.
**Documentation index:** [../MASTER_INDEX.md](../MASTER_INDEX.md) — canonical docs, deprecated list, and navigation.
---
## Next steps (ordered)
| # | Action | Command / doc | Status |
|---|--------|----------------|--------|
| 1 | From anywhere: config + on-chain + validation | `./scripts/run-completable-tasks-from-anywhere.sh` | Done 2026-03-02 |
| 2 | Before Chain 138 deploy: preflight (RPC, dotenv, nonce, cost) | `./scripts/deployment/preflight-chain138-deploy.sh [--cost]` | Done 2026-03-02 |
| 3 | **Chain 138 next steps (all in one):** preflight → mirror+pool → register c* as GRU → verify | `./scripts/deployment/run-all-next-steps-chain138.sh [--dry-run] [--skip-mirror] [--skip-register-gru] [--skip-verify]` | Done 2026-03-02 |
| 4 | Full deployment order (Phase 06) | [DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) | Remaining (Operator) |
| 5 | Operator: Blockscout, 502 fix, backup, deploy | [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md) | Remaining (Operator/LAN) |
| 6 | Repos & PRs (Ledger, Trust, Chainlist, on-ramps; forms pending) | [REPOSITORIES_AND_PRS_CHAIN138.md](REPOSITORIES_AND_PRS_CHAIN138.md) | Remaining (External) |
| 7 | PR-ready files (Chainlist, Trust Wallet) | [04-configuration/pr-ready/README.md](../04-configuration/pr-ready/README.md) | Remaining |
**Remaining tasks (full list):** [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md) § Remaining tasks.
**Full list:** [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md) § Next steps (ordered). **E2E flows (swap, bridge, swap-bridge-swap):** [TASKS_TO_INCREASE_ALL_E2E_FLOWS.md](TASKS_TO_INCREASE_ALL_E2E_FLOWS.md). Run E2E tasks in full parallel: `./scripts/run-e2e-flow-tasks-full-parallel.sh [--dry-run] [--wave E1]`. **Task list review (deprecated/duplicates):** [TASK_LIST_REVIEW_2026_03_01.md](TASK_LIST_REVIEW_2026_03_01.md).
---
## Priority: Mainnet liquidity & ramps
| Document | Description |
|----------|-------------|
| **[MAINNET_LIQUIDITY_AND_RAMPS_PRIORITY.md](MAINNET_LIQUIDITY_AND_RAMPS_PRIORITY.md)** | Obtain liquid on Mainnet (fund LP + relay bridge), then wire off-ramps and on-ramps. Operator steps, scripts, and ramp API wiring. |
---
## By audience
@@ -16,6 +44,14 @@
---
## Execution plan (required / optional / recommended)
| Document | Description |
|----------|-------------|
| **[COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md)** | Single index: Wave 0 gates, required (phases, codebase, security), optional (VLAN, HA, MetaMask/explorer), recommended (139+ items). Execution order and key refs. |
---
## By granularity
| Document | Granularity | Description |
@@ -40,6 +76,10 @@
## Related
- **Full deployment order of operations:** [DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) — Phase 06 (prerequisites → core → PMM/pools → provider → optional → cW* → verification) and remaining recommendations (R1R24, ~139 items).
- **PMM full parity and deploy all pools:** [NEXT_STEPS_PMM_FULL_PARITY_AND_ALL_POOLS.md](../03-deployment/NEXT_STEPS_PMM_FULL_PARITY_AND_ALL_POOLS.md) — Chain 138 (verify/create pools, add liquidity, register) → multichain (deploy integration + pools on L2s) → XAU/cEURT and cW* mesh.
- **Deployment (Chain 138 / smom-dbis-138):** [PRE_DEPLOYMENT_CHECKLIST (DODO PMM, pools, provider)](../03-deployment/PRE_DEPLOYMENT_CHECKLIST.md) | [All Next Steps (Current)](../../smom-dbis-138/docs/deployment/ALL_NEXT_STEPS_CURRENT.md) | [Completion run 2026-02-23 (all steps + optional)](../../smom-dbis-138/docs/deployment/COMPLETION_RUN_20260223_ALL_STEPS.md)
- **Dev/Codespaces (76.53.10.40):** [../04-configuration/DEV_CODESPACES_NEXT_STEPS_CHECKLIST.md](../04-configuration/DEV_CODESPACES_NEXT_STEPS_CHECKLIST.md)
- **Deployment status:** [../03-deployment/DEPLOYMENT_STATUS_CONSOLIDATED.md](../03-deployment/DEPLOYMENT_STATUS_CONSOLIDATED.md) | [../03-deployment/DEPLOYMENT_STATUS_MASTER.md](../03-deployment/DEPLOYMENT_STATUS_MASTER.md)
- **cW* bridge (note review + task list):** [CW_BRIDGE_TASK_LIST.md](CW_BRIDGE_TASK_LIST.md) — Checks performed, bridge extension vs dedicated receiver, deploy/wire/E2E phases. **Run remaining steps:** `./scripts/deployment/run-cw-remaining-steps.sh [--dry-run|--deploy|--update-mapping|--verify]`.
- **Blitzkrieg / execution spine:** [BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN.md](BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN.md) | [BLITZKRIEG_SOURCE_DOCUMENT_INDEX.md](BLITZKRIEG_SOURCE_DOCUMENT_INDEX.md)

7
docs/00-meta/NEXT_STEPS_MASTER.md
View File

@@ -97,7 +97,7 @@ AddressMapper and MirrorManager deployed. TransactionMirror: deploy when needed;
| Category | Missing | Total | Priority |
|----------|---------|-------|----------|
| Besu RPC (only) | 3 (2506, 2507, 2508) | 19 | High |
| Besu RPC (25062508) | 0 (destroyed 2026-02-08) | 16 | Done — RPC 25002505 only |
| Hyperledger / Blockscout | 0 | 6 | — (deployed) |
**Reference:** MISSING_CONTAINERS_LIST.md for the full list and deployment checklist.
@@ -229,5 +229,6 @@ AddressMapper and MirrorManager deployed. TransactionMirror: deploy when needed;
---
**Last Updated:** 2026-02-16
**Maintained By:** Infrastructure Team
**Last Updated:** 2026-03-02
**Maintained By:** Infrastructure Team
**Entry point:** Use [NEXT_STEPS_INDEX.md](NEXT_STEPS_INDEX.md) as the single entry for "what to do next"; this document is the expanded master list.

122
docs/00-meta/OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md Normal file
View File

@@ -0,0 +1,122 @@
# Operator and External Completion Checklist
**Purpose:** Items from [ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md) that **cannot** be completed from repo-only (e.g. from this workspace). They require **LAN/Proxmox access**, **operator credentials**, **external services**, or **ongoing maintenance**.
Use this checklist when you have operator or LAN access to complete the remaining recommendations.
**Full plan (Wave 03, required/optional/recommended):** [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md).
---
## 1. Proxmox / security (LAN or host access)
| # | Action | Command or notes |
|---|--------|------------------|
| 1 | Secure .env permissions | `chmod 600 .env` (and subproject .env files); run from project root or use `scripts/security/secure-env-permissions.sh` if present |
| 2 | Secure validator key permissions | On host: `chmod 600` keys, `chown -R besu:besu` validator dirs |
| 3 | SSH key-only auth | On Proxmox/containers: set `PasswordAuthentication no`, `PubkeyAuthentication yes` in sshd_config |
| 4 | Firewall for Proxmox API (8006) | Restrict to specific IPs (e.g. iptables or UDM Pro rules) |
| 5 | Network segmentation (VLANs) | Per NETWORK_ARCHITECTURE; configure switches, Proxmox bridges, ER605 |
| 6 | Metrics (Prometheus, Besu 9545) | Deploy/configure Prometheus scrape; enable Besu metrics port |
| 7 | Health check + alerting | Configure Alertmanager / PagerDuty / Slack per MASTER_SECRETS |
| 8 | Automated backup + encrypted validator keys | Run backup script; store encrypted copies off-host |
| 9 | Backup configs + version control | Commit configs to repo or backup store from LAN |
---
## 2. Deployment and runbooks (operator)
| # | Action | When |
|---|--------|------|
| **Priority** | **Mainnet liquidity + ramps** | Fund mainnet LP and relay bridge; wire ramp API; document user flows. See [MAINNET_LIQUIDITY_AND_RAMPS_PRIORITY.md](MAINNET_LIQUIDITY_AND_RAMPS_PRIORITY.md) and [MAINNET_RAMP_USER_FLOWS.md](../04-configuration/MAINNET_RAMP_USER_FLOWS.md). |
| 10 | Integration tests for deployment scripts | Run from LAN against staging/dev |
| 11 | Runbooks: add/remove validator, upgrade Besu, key rotation, recovery, consensus | Document and run from LAN when needed |
| 1220 | Error handling, logging, Loki, resource/network/DB tuning, CI/CD, CLI tool | Implement on infra from operator environment |
---
## 3. Infrastructure and DNS (operator / when services go live)
| # | Action | Notes |
|---|--------|-------|
| R21 | The Order / Sankofa NPMplus proxy host | When The Order portal deployed: add proxy in NPMplus; document in RPC_ENDPOINTS_MASTER, ALL_VMIDS_ENDPOINTS |
| Sankofa cutover | Replace &lt;TARGET_IP&gt;, &lt;TARGET_PORT&gt;, TBDs in SANKOFA_CUTOVER_PLAN with actual values |
| Blocks #2#6 | Document in NETWORK_ARCHITECTURE / NETWORK_CONFIGURATION_MASTER when assigned or mark reserved |
| 7581 | VLAN enablement, observability stack, CCIP fleet, sovereign tenants, missing containers | Per NEXT_STEPS_MASTER and deployment phases |
---
## 4. Contracts and verification (operator / after deploy)
| # | Action | Command |
|---|--------|--------|
| R1 | Verify every deployed contract on Blockscout | After each deploy when Blockscout reachable |
| R2 | Keep CONTRACT_ADDRESSES_REFERENCE and [ADDRESS_MATRIX_AND_STATUS](../11-references/ADDRESS_MATRIX_AND_STATUS.md) updated | When new contracts deployed or deprecated |
| R3 | Run on-chain check | `./scripts/verify/check-contracts-on-chain-138.sh` (set RPC_URL_138 from LAN) |
| R8 | Set RPC_URL_138; run from LAN if 192.168.11.x not reachable | Before any deploy |
| R9 | Use GAS_PRICE=1000000000 (or current min) on Chain 138 | Every forge script on 138 |
| R14 | Run verification after deploy in CI | When Blockscout reachable from runner |
---
## 5. Secrets and access (operator / security)
| # | Action | Notes |
|---|--------|-------|
| R4 | Do not use deprecated CCIPWETH9Bridge; use 0x971c... and set env | Always |
| R5 | Never commit .env or private keys; rotate exposed keys | Always |
| R7 | Restrict deployer key and RPC admin access | Access review |
| 4852 | Secret audit, input validation, security scanning, RBAC, config validation | Run from secure env; use git-secrets, gitleaks, bandit, trivy as applicable |
---
## 6. External services and submissions
| # | Action | Where |
|---|--------|-------|
| 98 | CoinGecko submission (Chain 138) | [CoinGecko](https://www.coingecko.com/) |
| 99 | Consensys outreach (Swaps/Bridge support) | MetaMask/Consensys channels |
| 106108 | Verify Etherlink/Jumper/LiFi for chains 138, 651940, 42793 | External APIs / docs |
| 109121 | Tezos/Etherlink contracts and relay services | Deploy and run from operator env |
---
## 7. Maintenance (ongoing)
| # | Task | Frequency |
|---|------|-----------|
| 135 | Monitor explorer sync status | Daily |
| 136 | Monitor RPC node health (e.g. VMID 2201) | Daily |
| 137 | Check config API uptime | Weekly |
| 138 | Review explorer logs | Weekly |
| 139 | Update token list | As needed |
| R17 | Monitor critical bridge/oracle events | Ongoing |
| R18 | Ensure Blockscout (VMID 5000) up and /api reachable | Health checks |
---
## 8. Optional tools (install for full automation)
Install for scripts that recommend them:
- **shellcheck** — `apt install shellcheck` or `brew install shellcheck`. With `--optional`, run reports findings but does not fail (CI and validate pass).
- **jq** — Required on Proxmox host for genesis validation; `run-via-proxmox-ssh.sh validate` installs it when missing.
- **wscat** — `npm i -g wscat` or use `npx -y wscat` for WebSocket RPC tests
- **sqlite3, websocat, sshpass, dig, parallel** — per verification evidence NEXT_STEPS_RUN_*.md
---
## What was completed in-repo (no operator needed)
- **Validate via Proxmox SSH (2026-02-23):** `run-via-proxmox-ssh.sh validate` runs full shellcheck on `scripts/verify/*.sh` and genesis validation (smom-dbis-138); installs shellcheck and jq on the host when missing. Shellcheck with `--optional` is non-fatal so CI and validate complete successfully.
- **Mainnet liquidity & ramps priority:** [MAINNET_LIQUIDITY_AND_RAMPS_PRIORITY.md](MAINNET_LIQUIDITY_AND_RAMPS_PRIORITY.md) and [MAINNET_RAMP_USER_FLOWS.md](../04-configuration/MAINNET_RAMP_USER_FLOWS.md) — priority plan (fund LP + relay bridge, wire ramps) and user flows for on-ramp/off-ramp; linked from ALL_NEXT_STEPS_CURRENT, NEXT_STEPS_INDEX, METAMASK_BRIDGE_SWAP, and this checklist.
- **smom-dbis-138 deployment (2026-02-23):** Chain 138 verification, fund CCIP/mainnet LP dry-runs, optional G1 PMM and G2 Trustless on L2s, run-all-four-gaps and CCIPLogger documented. See [COMPLETION_RUN_20260223_ALL_STEPS.md](../../smom-dbis-138/docs/deployment/COMPLETION_RUN_20260223_ALL_STEPS.md) and [ALL_NEXT_STEPS_CURRENT.md](../../smom-dbis-138/docs/deployment/ALL_NEXT_STEPS_CURRENT.md).
- **Shebang:** Active (non-archive) scripts under `scripts/` updated from `#!/bin/bash` to `#!/usr/bin/env bash`.
- **Script header template:** [10-best-practices/SCRIPT_HEADER_TEMPLATE.md](../10-best-practices/SCRIPT_HEADER_TEMPLATE.md) added.
- **Config validation in CI:** `.github/workflows/validate-config.yml` already runs config validation and completable-tasks dry-run; **shellcheck** added as optional step.
- **Documentation:** Quick reference cards, troubleshooting FAQ, and decision tree already exist and are linked from ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md.
- **Operator checklist:** This file; R1R24 and remaining items are in [RECOMMENDATIONS_OPERATOR_CHECKLIST.md](RECOMMENDATIONS_OPERATOR_CHECKLIST.md) and [ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md).
---
**Related:** [NEXT_STEPS_OPERATOR.md](NEXT_STEPS_OPERATOR.md), [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md), [OPERATOR_READY_CHECKLIST.md](../04-configuration/OPERATOR_READY_CHECKLIST.md).

19
docs/00-meta/OPERATOR_CONTEXT_VERIFIED.md Normal file
View File

@@ -0,0 +1,19 @@
# Operator context — verified (remember)
**Last verified:** 2026-03-01
**Purpose:** Record that **this machine** has LAN and Proxmox host access so operator scripts can be run from here.
## LAN access — OK
- **Proxmox hosts (SSH 22):** 192.168.11.10, 192.168.11.11, 192.168.11.12 — reachable
- **Proxmox API (8006):** All three hosts — reachable
- **Chain 138 RPC (Core):** 192.168.11.211:8545 — reachable, `eth_chainId` = 0x8a (138)
- **NPMplus:** 192.168.11.167:80 — reachable
- **Blockscout API:** 192.168.11.140:4000 — reachable
## Proxmox host access — OK
- **SSH:** Login to `root@192.168.11.10` (ml110) succeeded (key-based).
- Operator scripts that require LAN + Proxmox (e.g. `run-all-operator-tasks-from-lan.sh`, contract verification, backup) can be run from this machine when `.env` has the required secrets (e.g. `NPM_PASSWORD`, `PRIVATE_KEY`).
**Re-verify anytime:** From repo root, run TCP checks to the above IPs/ports or use `./scripts/verify/check-contracts-on-chain-138.sh` (uses RPC 192.168.11.211:8545).

39
docs/00-meta/OPERATOR_READY_CHECKLIST.md
View File

@@ -1,6 +1,6 @@
# Operator Ready Checklist — Copy-Paste Commands
**Last Updated:** 2026-02-20
**Last Updated:** 2026-03-02
**Purpose:** Single page with exact commands to complete every pending todo. Run from **repo root** on a host with **LAN** access (and `smom-dbis-138/.env` with `PRIVATE_KEY`, `NPM_PASSWORD` where noted).
**From anywhere (no LAN):** `./scripts/run-completable-tasks-from-anywhere.sh`
@@ -81,6 +81,20 @@ Single contract retry: `./scripts/verify/run-contract-verification-with-proxy.sh
---
## 5b. LAN: Chain 138 next steps (Phase 2: preflight → mirror+pool → register c* as GRU → verify)
**Ref:** [DEPLOYMENT_ORDER_OF_OPERATIONS](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) Phase 2. Use when mirror/pool/GRU registration or verify are pending.
```bash
./scripts/deployment/run-all-next-steps-chain138.sh --dry-run # print steps only
./scripts/deployment/run-all-next-steps-chain138.sh # run all (preflight, deploy mirror+pool, register c*, verify)
./scripts/deployment/run-all-next-steps-chain138.sh --skip-mirror # pool + register + verify only (set TRANSACTION_MIRROR_ADDRESS in smom-dbis-138/.env first)
```
If TransactionMirror deploy fails with **CreateCollision:** set `TRANSACTION_MIRROR_ADDRESS=0xC7f2Cf4845C6db0e1a1e91ED41Bcd0FcC1b0E141` in `smom-dbis-138/.env` and re-run with `--skip-mirror`. See [TRANSACTION_MIRROR_CHAIN138_COLLISION_FIX](../03-deployment/TRANSACTION_MIRROR_CHAIN138_COLLISION_FIX.md).
---
## 6. Low: DODO PMM on Chain 138
**Ref:** [OPTIONAL_DEPLOYMENTS_START_HERE](../07-ccip/OPTIONAL_DEPLOYMENTS_START_HERE.md) §2B
@@ -110,7 +124,27 @@ forge script script/bridge/trustless/DeployTrustlessBridge.s.sol:DeployTrustless
---
## 8. Wemix token verification (High)
## 8. Wave 0: sendCrossChain (real) and NPMplus backup
**sendCrossChain (real):** Requires `PRIVATE_KEY` and LINK approved in `.env`. Bridge: `0x971cD9D156f193df8051E48043C476e53ECd4693`.
```bash
bash scripts/bridge/run-send-cross-chain.sh 0.01 [recipient_address]
# Omit --dry-run to execute. Example: bash scripts/bridge/run-send-cross-chain.sh 0.01 0x...
```
**NPMplus backup:** Requires `NPM_PASSWORD` in `.env` and host on LAN.
```bash
bash scripts/verify/backup-npmplus.sh
# Or combined Wave 0: bash scripts/run-wave0-from-lan.sh
```
**NPMplus RPC fix (405):** From LAN: `bash scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh`. Verify: `bash scripts/verify/verify-end-to-end-routing.sh`.
---
## 9. Wemix token verification (High)
Open [scan.wemix.com/tokens](https://scan.wemix.com/tokens); confirm WETH, USDT, USDC addresses. If different, update `config/token-mapping-multichain.json` and [WEMIX_TOKEN_VERIFICATION.md](../07-ccip/WEMIX_TOKEN_VERIFICATION.md). Then:
@@ -122,6 +156,7 @@ Open [scan.wemix.com/tokens](https://scan.wemix.com/tokens); confirm WETH, USDT,
## References
- [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md) — full plan (required, optional, recommended)
- [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md) — full task list
- [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md) — detail and completed items
- [STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md](STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md) — full LAN steps

4
docs/00-meta/PHASES_AND_TASKS_MASTER.md
View File

@@ -6,6 +6,8 @@
**For parallel execution:** See [PARALLEL_TASK_STRUCTURE.md](PARALLEL_TASK_STRUCTURE.md) — tasks are grouped by cohort; order of operations does not block parallel completion. Split large tasks into smaller units to maximize automation.
**Full plan (required / optional / recommended):** [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md) — Wave 0 gates, phases, codebase, operator checklist.
---
## Deployment Phases
@@ -44,7 +46,7 @@
| 16 execute nodes (5440-5455) | Required | ⏳ Pending | |
| 7 RMN nodes (5470-5476) | Required | ⏳ Pending | |
| NAT pools configured | Required | ⏳ Pending | |
| Missing containers (3 only: 2506, 2507, 2508) | Optional | ⏳ Pending | [MISSING_CONTAINERS_LIST.md](../03-deployment/MISSING_CONTAINERS_LIST.md) |
| 25062508 (destroyed 2026-02-08) | — | Done | [MISSING_CONTAINERS_LIST.md](../03-deployment/MISSING_CONTAINERS_LIST.md) |
### Phase 4 — Sovereign Tenants ⏳

4
docs/00-meta/PLACEHOLDERS_AND_REQUIRED_ADDITIONS_LIST.md
View File

@@ -12,8 +12,8 @@
| Item | Location | Description | Priority |
|------|----------|-------------|----------|
| **Canonical addresses env-only** | `services/token-aggregation/src/config/canonical-tokens.ts` | All token addresses from env (e.g. `CUSDC_ADDRESS_138`, `WETH_ADDRESS_138`). Unset → filtered out. **Required env:** see `services/token-aggregation/README.md` and root/smom `.env.example`; document any new tokens in env or add fallback (config/DB). | Medium |
| **AlltraAdapter fee** | `contracts/bridge/adapters/evm/AlltraAdapter.sol` | `getBridgeFee()` / `setBridgeFee()` — update with actual ALL Mainnet fee after verification. Default 0.001 ALL. | Medium |
| **Canonical addresses env-only** | `services/token-aggregation/src/config/canonical-tokens.ts` | **Implemented:** Addresses from env via `SYMBOL_ADDRESS_CHAINID` (e.g. `CUSDC_ADDRESS_138`); unset → filtered out. Fallbacks in FALLBACK_ADDRESSES for 138/651940/25. See `services/token-aggregation/README.md` and `.env.example`. | Done |
| **AlltraAdapter fee** | `contracts/bridge/adapters/evm/AlltraAdapter.sol` | **Implemented:** `getBridgeFee()` / `setBridgeFee()` (admin); default 0.001 ALL. Operator: call `setBridgeFee(actualFee)` after verifying ALL Mainnet fee structure. | Done |
| **Smart accounts kit** | `script/smart-accounts/DeploySmartAccountsKit.s.sol` | EntryPoint, AccountFactory, Paymaster from env; deploy and set in .env if not already. | Medium |
| **Quote service Fabric chainId** | `orchestration/bridge/quote-service.ts` | Uses `FABRIC_CHAIN_ID` or fallback 999 until Fabric integrated. | Low |
| **EnhancedSwapRouter / DODOPMMProvider** | `contracts/bridge/trustless/EnhancedSwapRouter.sol`, `DODOPMMProvider.sol` | Some fee/size logic returns 0 or “placeholder”; optimize when oracle/pool config ready. | Low |

8
docs/00-meta/RECOMMENDATIONS_OPERATOR_CHECKLIST.md
View File

@@ -2,7 +2,7 @@
**Purpose:** Single checklist for all recommendations from [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) Part 2. Use when deploying, verifying, or operating.
**Related:** [CONTRACT_DEPLOYMENT_RUNBOOK](../03-deployment/CONTRACT_DEPLOYMENT_RUNBOOK.md) | [BLOCKSCOUT_VERIFICATION_GUIDE](../08-monitoring/BLOCKSCOUT_VERIFICATION_GUIDE.md) | [MASTER_SECRETS_INVENTORY](../04-configuration/MASTER_SECRETS_INVENTORY.md)
**Related:** [CONTRACT_DEPLOYMENT_RUNBOOK](../03-deployment/CONTRACT_DEPLOYMENT_RUNBOOK.md) | [BLOCKSCOUT_VERIFICATION_GUIDE](../08-monitoring/BLOCKSCOUT_VERIFICATION_GUIDE.md) | [MASTER_SECRETS_INVENTORY](../04-configuration/MASTER_SECRETS_INVENTORY.md) | [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md) (full plan: required / optional / recommended).
---
@@ -11,7 +11,7 @@
| # | Action | When |
|---|--------|------|
| R1 | Verify every deployed contract on Blockscout (Forge Verification Proxy or BLOCKSCOUT_VERIFICATION_GUIDE) | After each deployment when Blockscout is reachable |
| R2 | Keep CONTRACT_ADDRESSES_REFERENCE and SMART_CONTRACTS_INVENTORY_ALL_CHAINS updated; reconcile duplicate .env entries | When new contracts are deployed or deprecated |
| R2 | Keep [CONTRACT_ADDRESSES_REFERENCE](../11-references/CONTRACT_ADDRESSES_REFERENCE.md) and [ADDRESS_MATRIX_AND_STATUS](../11-references/ADDRESS_MATRIX_AND_STATUS.md) updated; reconcile duplicate .env entries | When new contracts are deployed or deprecated |
| R3 | Run `./scripts/verify/check-contracts-on-chain-138.sh [RPC]`; fix any MISSING/EMPTY | Periodically or after deploy |
## Security and secrets (R4R7)
@@ -37,7 +37,7 @@
| # | Action | When |
|---|--------|------|
| R12 | Keep CONTRACT_DEPLOYMENT_RUNBOOK, BLOCKSCOUT_VERIFICATION_GUIDE, BLOCKSCOUT_FIX_RUNBOOK in sync with scripts and Blockscout URL | After script or URL changes |
| R13 | When deploying to mainnet or other chains, document addresses in CONTRACT_ADDRESSES_REFERENCE or chain-specific doc; link from SMART_CONTRACTS_INVENTORY_ALL_CHAINS | Per-chain deploy |
| R13 | When deploying to mainnet or other chains, document addresses in CONTRACT_ADDRESSES_REFERENCE or chain-specific doc; update [ADDRESS_MATRIX_AND_STATUS](../11-references/ADDRESS_MATRIX_AND_STATUS.md) | Per-chain deploy |
## Automation and CI/CD (R14R16)
@@ -72,7 +72,7 @@
| # | Action | When |
|---|--------|------|
| R23 | Scripts: add progress indicators; add --dry-run where missing; extend config validation (IMPLEMENTATION_CHECKLIST) | Script updates |
| R23 | Scripts: add progress indicators; add --dry-run where missing; extend config validation (IMPLEMENTATION_CHECKLIST). **Done:** `run-completable-tasks-from-anywhere.sh` has Step 1/44/4; `validate-config-files.sh`, `run-e2e-flow-tasks-full-parallel.sh`, `run-all-operator-tasks-from-lan.sh` support `--dry-run`. | Script updates |
## Token mapping (R24)

4
docs/00-meta/REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md
View File

@@ -112,7 +112,7 @@ See **Part 2** and [GAPS_AND_RECOMMENDATIONS_CONSOLIDATED](../GAPS_AND_RECOMMEND
| # | Recommendation | Action |
|---|----------------|--------|
| R1 | **Verify every deployed contract on Blockscout** | Use [BLOCKSCOUT_VERIFICATION_GUIDE](../08-monitoring/BLOCKSCOUT_VERIFICATION_GUIDE.md) and Forge Verification Proxy so source is public and matches bytecode. |
| R2 | **Single source of truth** | Keep [CONTRACT_ADDRESSES_REFERENCE](../11-references/CONTRACT_ADDRESSES_REFERENCE.md) and [SMART_CONTRACTS_INVENTORY_ALL_CHAINS](../11-references/SMART_CONTRACTS_INVENTORY_ALL_CHAINS.md) updated when new contracts are deployed or deprecated; reconcile duplicate .env entries. |
| R2 | **Single source of truth** | Keep [CONTRACT_ADDRESSES_REFERENCE](../11-references/CONTRACT_ADDRESSES_REFERENCE.md) and [ADDRESS_MATRIX_AND_STATUS](../11-references/ADDRESS_MATRIX_AND_STATUS.md) updated when new contracts are deployed or deprecated; reconcile duplicate .env entries. |
| R3 | **On-chain confirmation** | Periodically run on-chain checklist or `check-contracts-on-chain-138.sh`; fix any MISSING/EMPTY. |
### 2.2 Security and secrets
@@ -138,7 +138,7 @@ See **Part 2** and [GAPS_AND_RECOMMENDATIONS_CONSOLIDATED](../GAPS_AND_RECOMMEND
| # | Recommendation | Action |
|---|----------------|--------|
| R12 | **Runbooks in sync** | Keep [CONTRACT_DEPLOYMENT_RUNBOOK](../03-deployment/CONTRACT_DEPLOYMENT_RUNBOOK.md), [BLOCKSCOUT_VERIFICATION_GUIDE](../08-monitoring/BLOCKSCOUT_VERIFICATION_GUIDE.md), [BLOCKSCOUT_FIX_RUNBOOK](../03-deployment/BLOCKSCOUT_FIX_RUNBOOK.md) in sync with scripts and Blockscout URL. |
| R13 | **Per-chain addresses** | When deploying to mainnet or other chains, document addresses in CONTRACT_ADDRESSES_REFERENCE or chain-specific doc and link from SMART_CONTRACTS_INVENTORY_ALL_CHAINS. |
| R13 | **Per-chain addresses** | When deploying to mainnet or other chains, document addresses in CONTRACT_ADDRESSES_REFERENCE or chain-specific doc and update ADDRESS_MATRIX_AND_STATUS. |
### 2.5 Automation and CI/CD

2
docs/00-meta/REMAINING_ITEMS_FULL_PARALLEL_LIST.md
View File

@@ -121,7 +121,7 @@
| W2-3 | VLAN enablement: UDM Pro VLAN; Proxmox bridge; migrate services to VLANs | By VLAN/host |
| W2-4 | Phase 3 CCIP: Ops/Admin (5400-5401); NAT pools; commit/execute/RMN scripts | Ops → NAT → scripts |
| W2-5 | Phase 4: Sovereign tenant VLANs; isolation; access control | By tenant/VLAN |
| W2-6 | **Missing containers: 3 only (2506, 2507, 2508)** [MISSING_CONTAINERS_LIST.md](../03-deployment/MISSING_CONTAINERS_LIST.md) | By VMID/host |
| W2-6 | ~~25062508~~ Destroyed 2026-02-08; RPC 25002505 only. [MISSING_CONTAINERS_LIST.md](../03-deployment/MISSING_CONTAINERS_LIST.md) | Done (doc) |
| W2-7 | DBIS services start (1010010151); Hyperledger | By host |
| W2-8 | NPMplus HA (Keepalived, 10234) | Optional |

31
docs/00-meta/REMAINING_TASKS.md Normal file
View File

@@ -0,0 +1,31 @@
# Remaining Tasks
**Last Updated:** 2026-03-02
**Purpose:** Single-page list of what is left to do. Completed: preflight, run-all-next-steps-chain138 (38/38 on-chain, 12 c* GRU-registered).
**Detail:** [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md) § Remaining tasks · **Operator commands:** [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md).
**Task check (2026-03-02):** Each task below was verified before completion. See **[TASK_CHECK_REPORT.md](TASK_CHECK_REPORT.md)** for per-task status, what is already done (e.g. Phase 03, DODOPMMProvider, pools), and what still requires Operator/LAN or external submission. Completable + preflight both passed.
---
## Remaining (ordered)
| # | Task | Who | Command / doc |
|---|------|-----|----------------|
| 1 | **Full deployment order (Phase 06)** | Operator | [DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) |
| 2 | **Chain 138 PMM:** add liquidity, DODOPMMProvider | Operator/LAN | [PRE_DEPLOYMENT_CHECKLIST.md](../03-deployment/PRE_DEPLOYMENT_CHECKLIST.md), [LIQUIDITY_POOLS_MASTER_MAP](../11-references/LIQUIDITY_POOLS_MASTER_MAP.md) |
| 3 | **Operator tasks:** Blockscout verify, 502 fix, NPMplus backup, deploy | Operator/LAN | `./scripts/run-all-operator-tasks-from-lan.sh [--deploy]` · [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md) |
| 4 | **Gnosis, Celo, Wemix CCIP bridges** | Operator/LAN | [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md) |
| 5 | **LINK support on Mainnet relay** | Operator/LAN | [RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK](../07-ccip/RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md) |
| 6 | **Repos & PRs:** Ledger, Trust Wallet, Chainlist, on-ramps | External | [REPOSITORIES_AND_PRS_CHAIN138.md](REPOSITORIES_AND_PRS_CHAIN138.md) |
| 7 | **PR-ready files:** Chainlist, Trust Wallet | Anyone | [04-configuration/pr-ready/README.md](../04-configuration/pr-ready/README.md) |
| 8 | **E2E flow waves E1E7** | Operator/Dev | `./scripts/run-e2e-flow-tasks-full-parallel.sh` · [TASKS_TO_INCREASE_ALL_E2E_FLOWS.md](TASKS_TO_INCREASE_ALL_E2E_FLOWS.md) |
---
## Optional / lower priority
- Wemix token verification (scan.wemix.com/tokens)
- Mint tokens to deployer for LPs/bridges: [TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER](../11-references/TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER.md)
- AddressMapper on other chains; Mainnet trustless stack; cW* on public chains
See [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md) for the full task list.

248
docs/00-meta/REMAINING_TASKS_BREAKDOWN_MISSING_INFO.md Normal file
View File

@@ -0,0 +1,248 @@
# Remaining Tasks — Breakdown and Missing Information
**Purpose:** For each remaining task, this doc states **what is needed**, **what is missing**, and **where to get it or what to create** so you can start completing everything.
**Source:** [STILL_NOT_DONE_EXECUTION_CHECKLIST.md](STILL_NOT_DONE_EXECUTION_CHECKLIST.md), [OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md](OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md), [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md), [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md).
---
## How to use this doc
- **Needed** = inputs/access required to run the task.
- **Missing** = what you dont have yet (or is TBD).
- **Where to get / What to do** = concrete action to obtain the missing piece or create it.
---
## 1. Operator / LAN — Wave 0 and runbooks
### W0-1: NPMplus RPC fix (405)
| | Detail |
|---|--------|
| **Needed** | Host on LAN (192.168.11.x); script exists: `scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh`. |
| **Missing** | 1) Physical/VPN access to 192.168.11.x. 2) `NPM_PASSWORD` (and optionally `NPM_URL`, `NPM_EMAIL`) in root `.env` so the script can call NPMplus API. |
| **Where to get** | **LAN:** Use a machine on the same network as NPMplus (e.g. office, VPN, or jump host). **NPM_PASSWORD:** From whoever manages NPMplus (default admin password or reset via container). If you have it but its hardcoded in a script, move it to `.env` only; see [MASTER_SECRETS_INVENTORY.md](../04-configuration/MASTER_SECRETS_INVENTORY.md). |
| **Doc** | [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md) § W0-1. |
### W0-2: sendCrossChain (real)
| | Detail |
|---|--------|
| **Needed** | `PRIVATE_KEY` in `.env` (wallet with gas + LINK for fees); bridge `0x971cD9D156f193df8051E48043C476e53ECd4693`; recipient address. |
| **Missing** | 1) A wallet private key you control. 2) LINK approved for the bridge fee (if the bridge charges LINK). 3) Optional: recipient address (script may have default). |
| **Where to get** | **PRIVATE_KEY:** Create or use an existing funded wallet; set in root or `smom-dbis-138/.env`. **LINK:** On Chain 138, approve LINK for the bridge contract (amount depends on fee). **Recipient:** Any valid address on the destination chain. |
| **Doc** | [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md) § W0-2; [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md) §8. |
### W0-3: NPMplus backup
| | Detail |
|---|--------|
| **Needed** | `NPM_PASSWORD` in `.env`; host that can reach NPMplus API (LAN). |
| **Missing** | Same as W0-1: LAN access and NPM_PASSWORD. |
| **Where to get** | Same as W0-1. Script: `scripts/verify/backup-npmplus.sh` or `scripts/run-wave0-from-lan.sh` (no `--skip-backup`). |
### Blockscout verification
| | Detail |
|---|--------|
| **Needed** | Blockscout reachable (e.g. from LAN or via proxy); `smom-dbis-138/.env` with keys if verification uses Etherscan/Blockscout API. |
| **Missing** | 1) Network path to Blockscout (or proxy). 2) Any API key/token if Blockscout requires it for verification. |
| **Where to get** | Run from LAN: `source smom-dbis-138/.env 2>/dev/null; ./scripts/verify/run-contract-verification-with-proxy.sh`. Retry one contract: `--only ContractName`. If Blockscout is only on 192.168.11.x, run from a host that can reach that IP. |
### Fix E2E 502s
| | Detail |
|---|--------|
| **Needed** | SSH from your machine to Proxmox hosts (r630-01, r630-02, ml110); optional: `NPM_PASSWORD` for NPMplus proxy update step. |
| **Missing** | 1) SSH access (key or password) to root@192.168.11.11, .12, and ml110. 2) Which backends are actually down (can discover by running the script with --dry-run or diagnose-only). |
| **Where to get** | **SSH:** Use same credentials as for Proxmox management. **Discovery:** Run `./scripts/maintenance/address-all-remaining-502s.sh --run-besu-fix --e2e` (or first `diagnose-and-fix-502s-via-ssh.sh --diagnose-only`). Runbook: [502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md](502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md). |
### Run all operator tasks
| | Detail |
|---|--------|
| **Needed** | LAN; `.env` with NPM_PASSWORD and optionally PRIVATE_KEY; SSH to Proxmox. |
| **Missing** | Same as above: LAN, NPM_PASSWORD, SSH, and (for deploy) PRIVATE_KEY. |
| **Where to get** | `./scripts/run-all-operator-tasks-from-lan.sh --dry-run` to print steps; then run without `--dry-run`, optionally `--deploy` or `--create-vms`. |
### Gnosis, Celo, Wemix CCIP bridges
| | Detail |
|---|--------|
| **Needed** | Per chain: RPC URL, CCIP Router address, LINK token address, WETH9/WETH10 addresses, deployer private key with **native gas** (xDAI, CELO, WEMIX). |
| **Missing** | 1) **CCIP Router + LINK + WETH9/WETH10** for each chain — from [Chainlink CCIP supported networks](https://docs.chain.link/ccip/supported-networks). 2) **Deployer wallets** funded with native gas on Gnosis, Celo, Wemix. 3) After deploy: bridge addresses for Step 2/3 (add destinations, fund LINK). |
| **Where to get** | **Addresses:** CCIP directory + chain docs (e.g. Gnosis/Celo/Wemix WETH contracts). **Gas:** Send xDAI/CELO/WEMIX to deployer. **Steps:** [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md) Step 14. |
### LINK support on Mainnet relay
| | Detail |
|---|--------|
| **Needed** | Code/contract change (extend CCIPRelayBridge for LINK or deploy LINK receiver); deploy; set `relaySupported: true` for LINK in `config/token-mapping.json`; restart relay on r630-01. |
| **Missing** | 1) Decision: Option A (extend bridge) vs Option B (separate LINK receiver). 2) Mainnet deployer key and gas. 3) Access to relay host (r630-01) to restart service. |
| **Where to get** | **Spec:** [RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md](../07-ccip/RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md). **Contract:** `smom-dbis-138/contracts/relay/CCIPRelayBridge.sol`. **Relay path:** `/opt/smom-dbis-138/services/relay` (restart from LAN/SSH). |
### Wemix token verification
| | Detail |
|---|--------|
| **Needed** | Correct WETH, USDT, USDC contract addresses on Wemix; update `config/token-mapping-multichain.json` and [WEMIX_TOKEN_VERIFICATION.md](../07-ccip/WEMIX_TOKEN_VERIFICATION.md) if different. |
| **Missing** | Confirmation that addresses in config match [scan.wemix.com/tokens](https://scan.wemix.com/tokens). |
| **Where to get** | Open scan.wemix.com/tokens; look up WETH, USDT, USDC; compare to repo config; edit JSON + doc; run `./scripts/validation/validate-config-files.sh`. |
### Phase 24 deployment
| | Detail |
|---|--------|
| **Needed** | Prometheus/Grafana/Loki/Alertmanager configs; VLAN design (UDM Pro + Proxmox); Phase 4 tenant list; SSH to Proxmox; optional CCIP NAT pools (ER605 Blocks #24). |
| **Missing** | 1) **Phase 2:** Which host(s) run monitoring stack; Alertmanager routes (email/Slack/PagerDuty). 2) **Phase 3:** NAT pool IPs/ranges for ER605 if not already set. 3) **Phase 4:** UDM Pro VLAN IDs (200203 docd); which containers map to which tenant. |
| **Where to get** | **Configs:** `smom-dbis-138/monitoring/`, `scripts/monitoring/`; [OPERATIONAL_RUNBOOKS.md](../03-deployment/OPERATIONAL_RUNBOOKS.md); [WAVE2_WAVE3_OPERATOR_CHECKLIST.md](WAVE2_WAVE3_OPERATOR_CHECKLIST.md). **Phase 4 steps:** `bash scripts/deployment/phase4-sovereign-tenants.sh --show-steps`. **VLANs:** [NETWORK_ARCHITECTURE.md](../02-architecture/NETWORK_ARCHITECTURE.md) §35; [UDM_PRO_FIREWALL_MANUAL_CONFIGURATION.md](../04-configuration/UDM_PRO_FIREWALL_MANUAL_CONFIGURATION.md). |
### Proxmox/security (19)
| | Detail |
|---|--------|
| **Needed** | Root/SSH to Proxmox hosts; list of allowed IPs/CIDRs for API 8006; validator VMIDs and paths; backup destination. |
| **Missing** | 1) **CIDR for 8006:** Which IPs may access Proxmox API (e.g. 192.168.11.0/24 or admin VPN). 2) **Validator key paths** on each host (e.g. /var/lib/besu on VMIDs 10001004). 3) **Backup store** for configs and encrypted validator keys. |
| **Where to get** | **Checklist:** [OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md](OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md) §1. **Scripts:** `scripts/security/secure-env-permissions.sh`, `scripts/security/setup-ssh-key-auth.sh`, `scripts/security/firewall-proxmox-8006.sh`, `scripts/secure-validator-keys.sh`. **Backup:** `scripts/backup/automated-backup.sh`; decide where to store outputs (off-host, encrypted). |
---
## 2. Sankofa cutover (missing TBDs)
| | Detail |
|---|--------|
| **Needed** | For each Sankofa domain: target VMID, target IP, target port, service type. |
| **Missing** | **the-order.sankofa.nexus:** VMID, IP, port, service type still **TBD** in [SANKOFA_CUTOVER_PLAN.md](../04-configuration/SANKOFA_CUTOVER_PLAN.md). Other four domains have values (e.g. 7801/192.168.11.51/3000 for sankofa.nexus). |
| **Where to get** | Deploy The Order portal; assign VMID and IP; document in SANKOFA_CUTOVER_PLAN.md table; then run cutover steps (replace proxy backends in NPMplus). |
---
## 3. dbis_core TypeScript (~1186 errors)
| | Detail |
|---|--------|
| **Needed** | `npx prisma generate` succeeding in `dbis_core/`; then systematic edits per [DBIS_CORE_TS_FIXES_DETAILED_LIST.md](DBIS_CORE_TS_FIXES_DETAILED_LIST.md). |
| **Missing** | 1) **Prisma generate:** Currently fails with “path argument must be of type string. Received undefined” (possible Prisma + large schema). Fix: try Prisma 5.22+ or ensure `DATABASE_URL` in `dbis_core/.env`; or run from a clean `cd dbis_core && npm install` and retry. 2) **Bulk fixes:** Prioritized list exists; need to apply Priority 14 by module (imports, return statements, JsonValue, Prisma types, etc.). |
| **Where to get** | **Prisma:** Set `DATABASE_URL` in `dbis_core/.env` (e.g. postgresql://user:pass@host:5432/dbis_core); try `npx prisma generate` again; if still failing, try upgrading Prisma. **Fixes:** [DBIS_CORE_TS_FIXES_DETAILED_LIST.md](DBIS_CORE_TS_FIXES_DETAILED_LIST.md); sample return fixes already applied in market-admin, peg-admin, bridge-admin routes. **Verify:** `pnpm exec tsc --noEmit` in dbis_core. |
---
## 4. Security audits and bridge integrations
| | Detail |
|---|--------|
| **Needed** | Assignee/owner for smom audits (VLT-024, ISO-024) and bridge items (BRG-VLT, BRG-ISO); no repo automation. |
| **Missing** | Decision on who runs or commissions the audits; backlog/roadmap slot. |
| **Where to get** | Track in smom backlog; see [TODO_TASK_LIST_MASTER.md](TODO_TASK_LIST_MASTER.md) §5. |
---
## 5. External / third-party
### Ledger
| | Detail |
|---|--------|
| **Needed** | Tally form submitted; Ledgers response and agreement/integration steps. |
| **Missing** | Ledgers reply and next steps (form already submitted per [ADD_CHAIN138_TO_LEDGER_LIVE.md](../04-configuration/ADD_CHAIN138_TO_LEDGER_LIVE.md)). |
| **Where to get** | Wait for Ledger; follow any link/instructions they send. |
### Trust Wallet
| | Detail |
|---|--------|
| **Needed** | PR to [trustwallet/wallet-core](https://github.com/trustwallet/wallet-core) with Chain 138 registry entry (CoinID 10000138, etc.). |
| **Missing** | PR not yet opened; repo fork and branch; chain 138 JSON/config per Trusts “new EVM chain” docs. |
| **Where to get** | [ADD_CHAIN138_TO_TRUST_WALLET.md](../04-configuration/ADD_CHAIN138_TO_TRUST_WALLET.md) (steps + CoinID 10000138); clone wallet-core, add chain 138, open PR. |
### Consensys (MetaMask Swaps/Bridge)
| | Detail |
|---|--------|
| **Needed** | Outreach to Consensys/MetaMask for native Swaps/Bridge support for Chain 138. |
| **Missing** | Contact channel (form, email, or partner program) and a short pitch (chain live, RPC, explorer, use case). |
| **Where to get** | [metamask-integration/docs/CONSENSYS_OUTREACH_PACKAGE.md](../../metamask-integration/docs/CONSENSYS_OUTREACH_PACKAGE.md); MetaMask/Consensys partner or developer pages. |
### CoinGecko / CMC
| | Detail |
|---|--------|
| **Needed** | Token Aggregation report API reachable; chain + token data; 512×512 logos; CoinGecko/CMC submission forms. |
| **Missing** | 1) **Report API:** Service running and URL (e.g. for `/api/v1/report/coingecko?chainId=138`). 2) **Platform support:** CoinGecko/CMC may not list Chain 138/651940 until they add the chain. 3) **Logos:** Per-token and chain logos in required format. |
| **Where to get** | **Runbook:** [docs/04-configuration/coingecko/CMC_COINGECKO_SUBMISSION_RUNBOOK.md](../04-configuration/coingecko/CMC_COINGECKO_SUBMISSION_RUNBOOK.md); [smom-dbis-138/services/token-aggregation/docs/COINGECKO_SUBMISSION.md](../../smom-dbis-138/services/token-aggregation/docs/COINGECKO_SUBMISSION.md). **Export:** `curl "https://<token-aggregation-url>/api/v1/report/coingecko?chainId=138"`. If platforms dont support 138 yet, keep runbook and submit when they do. |
---
## 6. API keys (for scripts and services)
| | Detail |
|---|--------|
| **Needed** | Keys for Li.Fi, Jumper, 1inch, MoonPay, Ramp, DocuSign, Slack, PagerDuty, Etherscan, CoinGecko, CMC, etc., in root and subproject `.env`. |
| **Missing** | Actual key values; sign-up and approval for each service. |
| **Where to get** | [reports/API_KEYS_REQUIRED.md](../../reports/API_KEYS_REQUIRED.md) (sign-up URLs and env var names); [docs/00-meta/API_KEYS_DOTENV_STATUS.md](API_KEYS_DOTENV_STATUS.md). Copy into `.env` (never commit); restart services that use them. |
---
## 7. Maintenance (cron and ongoing)
| | Detail |
|---|--------|
| **Needed** | Host where crontab can be installed (e.g. jump host or Proxmox node); scripts exist. |
| **Missing** | Decision on which host runs daily/weekly cron; one-time install. |
| **Where to get** | **Cron install (once, from LAN):** `bash scripts/maintenance/schedule-daily-weekly-cron.sh --show` then `--install`. **NPMplus backup cron:** `scripts/maintenance/schedule-npmplus-backup-cron.sh --install`. **Checks:** `scripts/maintenance/daily-weekly-checks.sh daily` / `weekly`. |
---
## 8. Quick reference: scripts that exist
| Script | Purpose |
|--------|--------|
| `scripts/run-wave0-from-lan.sh` | W0-1 + W0-3 (RPC fix + backup); run from LAN. |
| `scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh` | NPMplus RPC fix only; needs NPM_PASSWORD. |
| `scripts/verify/backup-npmplus.sh` | NPMplus backup only. |
| `scripts/bridge/run-send-cross-chain.sh` | sendCrossChain; omit --dry-run to execute. |
| `scripts/verify/run-contract-verification-with-proxy.sh` | Blockscout verification. |
| `scripts/maintenance/address-all-remaining-502s.sh` | Fix 502s (+ optional --run-besu-fix --e2e). |
| `scripts/maintenance/run-all-maintenance-via-proxmox-ssh.sh --e2e` | Full maintenance + E2E. |
| `scripts/run-all-operator-tasks-from-lan.sh` | Backup + verify ± deploy ± create-vms. |
| `scripts/security/setup-ssh-key-auth.sh` | SSH key-only auth (--dry-run then --apply). |
| `scripts/security/firewall-proxmox-8006.sh` | Restrict Proxmox API to CIDR. |
| `scripts/secure-validator-keys.sh` | chmod 600 + chown besu for validator keys. |
| `scripts/maintenance/schedule-daily-weekly-cron.sh` | Daily/weekly checks cron. |
---
## 9. One-page “start here” order
1. **Get unblocked on LAN and secrets**
- Arrange VPN or machine on 192.168.11.x.
- Get NPM_PASSWORD (and optionally PRIVATE_KEY) into `.env` (never commit).
2. **Wave 0**
- Run `scripts/run-wave0-from-lan.sh` (or RPC fix + backup separately).
- Run sendCrossChain once if you have PRIVATE_KEY and LINK.
3. **502s and verification**
- Run `address-all-remaining-502s.sh --run-besu-fix --e2e` from LAN.
- Run Blockscout verification script.
4. **Fill TBDs**
- Sankofa: set the-order.sankofa.nexus target (VMID, IP, port) in SANKOFA_CUTOVER_PLAN.md.
- CCIP: collect per-chain addresses (CCIP directory) and fund deployer wallets for Gnosis/Celo/Wemix.
5. **dbis_core**
- Fix Prisma generate (DATABASE_URL, Prisma version); then apply TS fixes by priority.
6. **External**
- Trust Wallet: open wallet-core PR.
- CoinGecko/CMC: get report API URL and logos; submit when platform supports 138.
- Consensys: send outreach using CONSENSYS_OUTREACH_PACKAGE.
- Ledger: follow up when they respond.
7. **Maintenance**
- Install cron for daily/weekly checks and NPMplus backup on chosen host.
---
**Related:** [STILL_NOT_DONE_EXECUTION_CHECKLIST.md](STILL_NOT_DONE_EXECUTION_CHECKLIST.md) | [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md) | [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md)

6
docs/00-meta/REMAINING_WORK_BREAKDOWN_AND_ANSWERS.md
View File

@@ -96,7 +96,7 @@
| **Prerequisites** | Host that can reach Blockscout (explorer.d-bis.org or LAN); `smom-dbis-138/.env` loaded. |
| **Who** | Ops or dev from LAN. |
| **Steps to complete** | From repo root: `source smom-dbis-138/.env 2>/dev/null; ./scripts/verify/run-contract-verification-with-proxy.sh`. If one fails: `.../run-contract-verification-with-proxy.sh --only ContractName`. See [BLOCKSCOUT_VERIFICATION_GUIDE](../08-monitoring/BLOCKSCOUT_VERIFICATION_GUIDE.md) and [CONTRACT_DEPLOYMENT_RUNBOOK](../03-deployment/CONTRACT_DEPLOYMENT_RUNBOOK.md). |
| **Where to update when done** | [CONTRACT_INVENTORY_AND_VERIFICATION](../11-references/CONTRACT_INVENTORY_AND_VERIFICATION.md) — set “Verified” for each; [CONTRACT_NEXT_STEPS_LIST](../11-references/CONTRACT_NEXT_STEPS_LIST.md) — check “Blockscout verification”. |
| **Where to update when done** | [ADDRESS_MATRIX_AND_STATUS](../11-references/ADDRESS_MATRIX_AND_STATUS.md) — set “Verified” for each; [CONTRACT_NEXT_STEPS_LIST](../11-references/CONTRACT_NEXT_STEPS_LIST.md) — check “Blockscout verification”. |
**Ref:** [STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS](STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md) §2.
@@ -110,7 +110,7 @@
| **Prerequisites** | Access to explorer (e.g. https://explorer.d-bis.org/address/0x99b3511a2d315a497c8112c1fdd8d508d4b1e506). |
| **Who** | Operator or dev. |
| **Steps to complete** | 1. Open the explorer link; check contract name/source. 2. Document in [CONTRACT_ADDRESSES_REFERENCE](../11-references/CONTRACT_ADDRESSES_REFERENCE.md) (and CONTRACT_INVENTORY if needed): “At 0x99b35... the contract is [Multicall | Oracle Aggregator].” Remove or qualify the other. |
| **Where to update when done** | CONTRACT_ADDRESSES_REFERENCE § Pre-Deployed / Newly Deployed; CONTRACT_INVENTORY_AND_VERIFICATION; [REMAINING](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) task 19. |
| **Where to update when done** | CONTRACT_ADDRESSES_REFERENCE § Pre-Deployed / Newly Deployed; ADDRESS_MATRIX_AND_STATUS; [REMAINING](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) task 19. |
---
@@ -279,7 +279,7 @@
## 5. Optional / when needed
- **Trustless bridge:** Deploy from `script/bridge/trustless/` when you adopt that stack; document addresses. Ref: CONTRACT_NEXT_STEPS § Pending, [OPERATOR_OPTIONAL_CHECKLIST](../11-references/OPERATOR_OPTIONAL_CHECKLIST.md) §2.
- **Mainnet/multichain deploys:** Deploy to other chains with chain-specific scripts; document in CONTRACT_ADDRESSES_REFERENCE and SMART_CONTRACTS_INVENTORY_ALL_CHAINS. Ref: R13, CONTRACT_NEXT_STEPS.
- **Mainnet/multichain deploys:** Deploy to other chains with chain-specific scripts; document in CONTRACT_ADDRESSES_REFERENCE and ADDRESS_MATRIX_AND_STATUS. Ref: R13, CONTRACT_NEXT_STEPS.
- **PaymentChannelManager / GenericStateChannelManager:** Deploy when channel features are needed; use `--with-gas-price 1000000000` on 138. Ref: CONTRACT_NEXT_STEPS_LIST.
- **LINK on mainnet relay bridge:** Follow [RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK](../07-ccip/RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md); then set `relaySupported: true` for LINK in config/token-mapping.json.
- **Chain 138 Snap E2E:** Run full E2E (Playwright + MetaMask Flask) when needed; unit tests already pass. Ref: [chain138-snap/TESTING_INSTRUCTIONS](../../metamask-integration/chain138-snap/TESTING_INSTRUCTIONS.md).

6
docs/00-meta/REMAINING_WORK_DETAILED_STEPS.md
View File

@@ -1,11 +1,13 @@
# Remaining Work — Detailed Steps for Each Task
**Last Updated:** 2026-02-20
**Last Updated:** 2026-02-28
**Purpose:** Single list of all remaining work with step-by-step instructions.
**Sources:** [E2E_COMPLETION_TASKS_DETAILED_LIST.md](E2E_COMPLETION_TASKS_DETAILED_LIST.md), [WAVE2_WAVE3_OPERATOR_CHECKLIST.md](WAVE2_WAVE3_OPERATOR_CHECKLIST.md), [TODO_TASK_LIST_MASTER.md](TODO_TASK_LIST_MASTER.md).
**Copy-paste runbook:** For a single page of ready-to-run commands, see **[NEXT_STEPS_OPERATOR.md](NEXT_STEPS_OPERATOR.md)**.
**Full plan (required / optional / recommended):** [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md) — Wave 0 gates, required phases/codebase/security, optional, recommended (139+ items).
**Execution order:** Wave 0 → Wave 1 → Wave 2 → Wave 3 → Ongoing. Within each wave, run tasks in parallel where possible.
**Infra deployment readiness:** For a single checklist of what is already in place (templates on all hosts, deps, scripts) vs what unblocks completion (LAN, SSH, creds), see **[03-deployment/INFRA_DEPLOYMENT_LOCKED_AND_LOADED.md](../03-deployment/INFRA_DEPLOYMENT_LOCKED_AND_LOADED.md)**.
@@ -40,6 +42,8 @@ These can be done from your current environment (e.g. dev machine, WSL, CI) with
**Completed (2026-02-20):** Doc consolidation continued — NEXT_STEPS_INDEX, DOCUMENTATION_CONSOLIDATION_PLAN; Batch 4+5 → 00-meta-pruned; ALL_TASKS_COMPLETE → root-status-reports; project root cleanup → archive/root-cleanup-20260220; fix-wsl-ip.sh → scripts/. Completable-from-anywhere run: config validation OK, on-chain check 45/45, run-all-validation --skip-genesis OK, reconcile-env --print. ARCHIVE_CANDIDATES "Last reviewed" set.
**Completed (plan implementation):** [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md) added; cross-links from PHASES_AND_TASKS_MASTER, TODO_TASK_LIST_MASTER, RECOMMENDATIONS_OPERATOR_CHECKLIST, REMAINING_WORK_DETAILED_STEPS, OPTIONAL_RECOMMENDATIONS_INDEX, RUNBOOKS_MASTER_INDEX, ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST, OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST, FULL_PARALLEL_EXECUTION_ORDER, NEXT_STEPS_INDEX, MASTER_INDEX. Validation: run-all-validation --skip-genesis OK; run-completable-tasks-from-anywhere.sh OK (config, on-chain 36/36, reconcile-env); phase4-sovereign-tenants.sh --show-steps and schedule-daily-weekly-cron.sh --show run.
---
## Wave 0 — Gates (Do First When Credentials Allow)

4
docs/00-meta/REMAINING_WORK_DETAILED_TASKS.md
View File

@@ -167,7 +167,7 @@ Containers **2506, 2507, 2508** were **removed and destroyed** on all Proxmox ho
| **W2-3** | VLAN enablement | Apply UDM Pro VLAN config; Proxmox VLAN-aware bridge; migrate services to VLANs (by VLAN/host). See NETWORK_ARCHITECTURE.md §35. |
| **W2-4** | Phase 3 CCIP | 1) Deploy Ops/Admin (5400, 5401). 2) NAT pools. 3) Expand commit/execute/RMN scripts. Order: Ops first, then NAT, then scripts. See [CCIP_DEPLOYMENT_SPEC.md](../07-ccip/CCIP_DEPLOYMENT_SPEC.md). |
| **W2-5** | Phase 4 sovereign tenants | Sovereign tenant VLANs; isolation; access control (by tenant/VLAN). After W2-3. |
| **W2-6** | Missing containers 25062508 | ✅ Created on r630-01 with .202/.203/.204. Remaining: post-create steps above (Besu config, JWT, discovery off, identity). |
| **W2-6** | 25062508 | 🗑️ Destroyed 2026-02-08; RPC 25002505 only. No action. See MISSING_CONTAINERS_LIST.md. |
| **W2-7** | DBIS services / Hyperledger | Start DBIS services (1010010151, etc.); additional Hyperledger per deployment runbooks (by host). |
| **W2-8** | NPMplus HA | Optional: Keepalived, secondary 10234. See NPMPLUS_HA_SETUP_GUIDE.md. |
@@ -207,7 +207,7 @@ Containers **2506, 2507, 2508** were **removed and destroyed** on all Proxmox ho
All tasks that can run without LAN, SSH to Proxmox, or live credentials have been executed (config cleanup, validation, cron install, dry-runs, checklists). **What remains** requires you or a host with access:
- **Wave 0:** W0-2 sendCrossChain real (`run-send-cross-chain.sh` without `--dry-run`), W0-3 run backup when NPMplus is up.
- **Post-create 25062508:** **Done 2026-02-06.** Besu configure run on r630-01 and ml110: `PROXMOX_HOST=192.168.11.11 bash scripts/run-configure-besu-on-host.sh` and `PROXMOX_HOST=192.168.11.10 bash scripts/run-configure-besu-on-host.sh`. Static-nodes.json and permissioned-nodes.json deployed to all running Besu nodes; discovery disabled for 2500, 25032508. RPC enodes (25002508) are not in the enode list (extraction skipped); validators + sentries only. Remaining: JWT/nginx for 25062508 if required; verify discovery and identity per container.
- **25062508:** Containers were **destroyed 2026-02-08** on all hosts. RPC range is 25002505 only. No post-create steps. See [MISSING_CONTAINERS_LIST.md](../03-deployment/MISSING_CONTAINERS_LIST.md).
- **Wave 1 apply:** W1-1 `setup-ssh-key-auth.sh --apply`, W1-2 `firewall-proxmox-8006.sh --apply` (per host).
- **Wave 2 & 3:** Deploy monitoring, VLAN, CCIP, Phase 4, DBIS, NPMplus HA; then CCIP Fleet and Phase 4 isolation.

148
docs/00-meta/REPOSITORIES_AND_PRS_CHAIN138.md Normal file
View File

@@ -0,0 +1,148 @@
# Repositories and Pull Requests — Chain 138 (Forms Submitted, Awaiting Feedback)
**Last Updated:** 2026-02-28
**Purpose:** Single reference for all repositories you can add, connect, or submit PRs to for Chain 138 support — including wallets, explorers, on-ramps/off-ramps. **Forms have been submitted where applicable; we are awaiting feedback.** Use this doc to open or connect PRs when partners respond or when you are ready to contribute.
---
## Status: Forms submitted, awaiting feedback
| Integration | Form / submission | Status |
|-------------|-------------------|--------|
| **Ledger Live** | [Tally form](https://tally.so/r/mORpv8) — submitted 2026-02-13 | Awaiting Ledger response; do not start code without signed agreement |
| **Trust Wallet** | PR to wallet-core (materials ready) | Can open PR anytime; [ADD_CHAIN138_TO_TRUST_WALLET](../04-configuration/ADD_CHAIN138_TO_TRUST_WALLET.md) |
| **Consensys / MetaMask** | Outreach (contact form, business@consensys.io) | Awaiting response; no public “add chain” PR repo for Swaps/Bridge |
| **CoinGecko / CMC** | Submission via platform forms (chain/token listing) | Manual submit when ready; [CMC_COINGECKO_SUBMISSION_RUNBOOK](../04-configuration/coingecko/CMC_COINGECKO_SUBMISSION_RUNBOOK.md) |
---
## 1. Ledger (form submitted — await response)
**Form:** https://tally.so/r/mORpv8 (submitted 2026-02-13)
**Repositories (for after Ledger confirms):**
| Repo | Purpose | PR / connect |
|------|--------|--------------|
| **LedgerHQ/ledger-live** | Ledger Live desktop/mobile; chain list, RPC, explorer | Add Chain 138 entry per their contribution guide after agreement |
| **LedgerHQ/app-ethereum** | Device app (chain IDs, signing) | Add chain 138 to `network.c` / chain list if they request |
| **LedgerHQ/wallet-api** | Wallet API (Ethereum family, chainId) | Extend for chainId 138 when Ledger specifies |
| **bis-innovations/LedgerLive** | Your public repo for Ledger team review | Push Chain 138 materials (cryptoassets, config, patches); share with Ledger when they ask for code |
**Docs:** [ADD_CHAIN138_TO_LEDGER_LIVE.md](../04-configuration/ADD_CHAIN138_TO_LEDGER_LIVE.md), [LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE.md](../11-references/LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE.md)
**Do not** open PRs to LedgerHQ repos until Ledger has accepted the request and signed agreement.
---
## 2. Trust Wallet (PR when ready)
**Repository:** https://github.com/trustwallet/wallet-core
| Action | Details |
|--------|---------|
| **Add chain** | Add Chain 138 to `registry.json` (or current registry path); use `id`, `chainId`, `explorer`, `info.rpc` etc. |
| **Codegen** | `./tools/new-evmchain dfiometa` (use registry id; requires Rust) |
| **Tests** | Extend derivation tests for Chain 138 |
| **PR** | Open PR with registry change + generated files + test updates |
**Sample PRs:** [wallet-core #2307](https://github.com/trustwallet/wallet-core/pull/2307), [wallet-core #2157](https://github.com/trustwallet/wallet-core/pull/2157)
**Optional — token/chain logos:** https://github.com/trustwallet/assets — submit via [assets.trustwallet.com](https://assets.trustwallet.com) for Chain 138 native tokens.
**PR-ready file:** [docs/04-configuration/pr-ready/trust-wallet-registry-chain138.json](../04-configuration/pr-ready/trust-wallet-registry-chain138.json) — add to registry in wallet-core. See [pr-ready/README.md](../04-configuration/pr-ready/README.md).
**Doc:** [ADD_CHAIN138_TO_TRUST_WALLET.md](../04-configuration/ADD_CHAIN138_TO_TRUST_WALLET.md)
---
## 3. Chainlist / Ethereum Lists (chain metadata)
**Repository:** https://github.com/ethereum-lists/chains
**PR-ready file:** [docs/04-configuration/pr-ready/eip155-138.json](../04-configuration/pr-ready/eip155-138.json) — copy to `_data/chains/eip155-138.json` in your fork. See [pr-ready/README.md](../04-configuration/pr-ready/README.md).
Chain 138 may already be listed (see chainlist.org/chain/138). If you need to add or update:
| Action | Details |
|--------|--------|
| **Add/update chain** | Add or edit `_data/chains/eip155-138.json` with name, chainId, rpc, explorers, nativeCurrency, etc. |
| **PR** | Fork ethereum-lists/chains, add/update file, open PR; follow their CONTRIBUTING.md |
**Local spec:** `pr-workspace/chains/_data/chains/eip155-138.json` in this repo (use as source for PR content).
---
## 4. Consensys / MetaMask (outreach — no public “add chain” PR)
**Contact:** https://consensys.io/contact/ , business@consensys.io; MetaMask: https://support.metamask.io , https://developers.metamask.io
**Repositories (reference only; Swaps/Bridge/on-ramp are Consensys-controlled):**
| Repo | Purpose |
|------|--------|
| **MetaMask Snaps** | Your Snap can already support Chain 138; no PR to “add chain” to native Swaps/Bridge |
| **Consensys** | Native Swaps, Bridge, Buy/Sell for Chain 138 require partnership/outreach; no public PR repo for “add network” to those products |
**Outreach package:** [metamask-integration/docs/CONSENSYS_OUTREACH_PACKAGE.md](../../metamask-integration/docs/CONSENSYS_OUTREACH_PACKAGE.md) — use for email/contact form. Await response before expecting technical PR steps.
---
## 5. Price Feed — MetaMask and All Wallets
**Master doc:** [PRICE_FEED_CHAIN138_METAMASK_AND_WALLETS.md](../04-configuration/PRICE_FEED_CHAIN138_METAMASK_AND_WALLETS.md) — single reference for adding Chain 138 USD prices to MetaMask and wallets.
---
## 6. CoinGecko / CoinMarketCap (submission, not PR)
**Submission (not GitHub PR):**
| Platform | URL / process |
|----------|----------------|
| **CoinGecko** | https://www.coingecko.com/en/coins/new — chain and token listing request |
| **CoinMarketCap** | Use CMC listing/submission process (DEX or token form) |
**Runbook:** [CMC_COINGECKO_SUBMISSION_RUNBOOK.md](../04-configuration/coingecko/CMC_COINGECKO_SUBMISSION_RUNBOOK.md) — export from report API (`/api/v1/report/coingecko`, `/api/v1/report/cmc`), then submit via platform forms. Chains 138 and 651940 may need to be supported by the platform first.
---
## 7. On-ramps and off-ramps (connect / add network)
Most on-ramp/off-ramp providers do not accept public PRs to “add a chain”; they use partner/API or internal chain lists. Use this list to **request** or **connect** Chain 138.
| Provider | How to add / connect Chain 138 | Repo / link (if any) |
|----------|--------------------------------|----------------------|
| **MoonPay** | Partner/API; request network support | https://www.moonpay.com/contact — no public chain-list PR repo |
| **Ramp Network** | Partner integration; request network | https://ramp.network/ — developer/partner contact |
| **Transak** | Partner; add network via dashboard or partner API | https://transak.com/ — partner/listing request |
| **Onramper** | API; check if they support custom RPC/chainId | https://onramper.com/ |
| **Banxa** | Partner integration | https://banxa.com/ |
| **Coinbase Pay / Onramp** | Partner; add supported networks via Coinbase | https://docs.cdp.coinbase.com/ |
| **MetaMask Buy (Consensys)** | Covered by Consensys outreach above | Same as §4 |
**Current path (no native 138):** Users buy on a supported chain (e.g. mainnet) via ramp → then bridge to Chain 138. Off-ramp: bridge 138→mainnet → sell on mainnet. See [MAINNET_LIQUIDITY_AND_RAMPS_PRIORITY.md](MAINNET_LIQUIDITY_AND_RAMPS_PRIORITY.md), [MAINNET_RAMP_USER_FLOWS.md](../04-configuration/MAINNET_RAMP_USER_FLOWS.md).
**Ramp API in repo:** `metamask-integration/src/ramps/``POST /ramps/on-ramp/session`, `POST /ramps/off-ramp/session`; set API keys (MOONPAY_API_KEY, RAMP_NETWORK_API_KEY, etc.) in .env.
---
## 8. Summary — what you can do now
| Item | Action |
|------|--------|
| **Ledger** | Wait for response; then use LedgerHQ repos + bis-innovations/LedgerLive as instructed |
| **Trust Wallet** | Open PR to [trustwallet/wallet-core](https://github.com/trustwallet/wallet-core) with registry + codegen + tests |
| **Chainlist** | If 138 missing or outdated, open PR to [ethereum-lists/chains](https://github.com/ethereum-lists/chains) with `eip155-138.json` |
| **Consensys** | Use [CONSENSYS_OUTREACH_PACKAGE](../../metamask-integration/docs/CONSENSYS_OUTREACH_PACKAGE.md); await response |
| **Price Feed (MetaMask/wallets)** | See [PRICE_FEED_CHAIN138_METAMASK_AND_WALLETS.md](../04-configuration/PRICE_FEED_CHAIN138_METAMASK_AND_WALLETS.md); CoinGecko, CMC, Consensys |
| **CoinGecko/CMC** | Export from report API; submit via platform forms per runbook |
| **On-ramps/off-ramps** | Contact each provider (MoonPay, Ramp, Transak, etc.) to request Chain 138; no public PR repos |
---
## See also
- [ADD_CHAIN138_TO_LEDGER_LIVE.md](../04-configuration/ADD_CHAIN138_TO_LEDGER_LIVE.md)
- [ADD_CHAIN138_TO_TRUST_WALLET.md](../04-configuration/ADD_CHAIN138_TO_TRUST_WALLET.md)
- [WHATS_LEFT_OPERATOR_AND_EXTERNAL.md](WHATS_LEFT_OPERATOR_AND_EXTERNAL.md)
- [MAINNET_LIQUIDITY_AND_RAMPS_PRIORITY.md](MAINNET_LIQUIDITY_AND_RAMPS_PRIORITY.md)

84
docs/00-meta/STILL_NOT_DONE_EXECUTION_CHECKLIST.md Normal file
View File

@@ -0,0 +1,84 @@
# Still Not Done — Execution Checklist
**Purpose:** Single checklist of every remaining item that could not be completed from repo-only (no LAN, no secrets, no external access). Use this when you have **LAN**, **credentials**, or **external accounts** to complete them.
**Source:** [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md), [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md), [OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md](OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md).
---
## 1. Operator / LAN (Wave 0 and runbooks)
**Blocker:** Host on LAN (192.168.11.x) and/or `NPM_PASSWORD`, `PRIVATE_KEY` in `.env`.
| # | Task | Command / doc |
|---|------|----------------|
| 1 | **W0-1 NPMplus RPC fix (405)** | From LAN: `bash scripts/run-wave0-from-lan.sh` or `bash scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh`. Verify: `bash scripts/verify/verify-end-to-end-routing.sh`. |
| 2 | **W0-2 sendCrossChain (real)** | `bash scripts/bridge/run-send-cross-chain.sh <amount> [recipient]` (omit `--dry-run`). Requires PRIVATE_KEY and LINK approved. Bridge: `0x971cD9D156f193df8051E48043C476e53ECd4693`. |
| 3 | **W0-3 NPMplus backup** | `bash scripts/verify/backup-npmplus.sh` or `bash scripts/run-wave0-from-lan.sh` (no `--skip-backup`). Requires NPM_PASSWORD. |
| 4 | **Blockscout verification** | `source smom-dbis-138/.env 2>/dev/null; ./scripts/verify/run-contract-verification-with-proxy.sh`. Retry one: `--only ContractName`. |
| 5 | **Fix E2E 502s** | `./scripts/maintenance/run-all-maintenance-via-proxmox-ssh.sh --e2e` or `./scripts/maintenance/address-all-remaining-502s.sh --run-besu-fix --e2e`. Runbook: [502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md](502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md). |
| 6 | **Run all operator tasks** | `./scripts/run-all-operator-tasks-from-lan.sh [--deploy] [--create-vms]`. Use `--dry-run` to print steps. |
| 7 | **Gnosis, Celo, Wemix CCIP bridges** | Per chain: set RPC, CCIP Router, LINK, WETH9/WETH10; run DeployWETHBridges; add destinations; fund LINK. Runbook: [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md). |
| 8 | **LINK support on Mainnet relay** | Implement per [RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK](../07-ccip/RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md); set `relaySupported: true` for LINK in token-mapping.json; restart relay on r630-01. |
| 9 | **Wemix token verification** | Confirm WETH, USDT, USDC on [scan.wemix.com/tokens](https://scan.wemix.com/tokens); update `config/token-mapping-multichain.json` and WEMIX_TOKEN_VERIFICATION.md if needed; run `./scripts/validation/validate-config-files.sh`. |
| 10 | **Phase 24 deployment** | Phase 2 observability, Phase 3 CCIP fleet, Phase 4 sovereign tenants. Runbooks: [OPERATIONAL_RUNBOOKS.md](../03-deployment/OPERATIONAL_RUNBOOKS.md), [WAVE2_WAVE3_OPERATOR_CHECKLIST.md](WAVE2_WAVE3_OPERATOR_CHECKLIST.md). |
| 11 | **Proxmox/security (19)** | .env chmod 600, validator keys, SSH key-only auth, firewall 8006, VLANs, metrics, backup. See [OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md](OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md) §1. |
---
## 2. dbis_core TypeScript (~1186 errors, deferred)
**Blocker:** Fixes are in-repo but deferred; require `npx prisma generate` (and possibly `npm install` in dbis_core first) then systematic edits per plan. **Done in-repo:** Priority 1 “missing return” applied in `market-admin.routes.ts`, `peg-admin.routes.ts`, `bridge-admin.routes.ts`.
| # | Task | Command / doc |
|---|------|----------------|
| 1 | **Prisma generate** | In `dbis_core/`: run `npm install` then `npx prisma generate`. If you see "path argument must be of type string. Received undefined", it may be a Prisma bug with the large schema; try Prisma 5.22+ or set `DATABASE_URL` in `.env` and retry. |
| 2 | **Fix by priority** | Follow [DBIS_CORE_TS_FIXES_DETAILED_LIST.md](DBIS_CORE_TS_FIXES_DETAILED_LIST.md): Priority 1 (imports, route returns, assertions) → 2 (JsonValue, unknown) → 3 (Prisma, Request, null) → 4 (schema, Decimal). Verify: `pnpm exec tsc --noEmit` in dbis_core. |
| 3 | **Reference plan** | [dbis_core/TYPESCRIPT_FIXES_PRIORITIZED_PLAN.md](../../dbis_core/TYPESCRIPT_FIXES_PRIORITIZED_PLAN.md), [dbis_core/PROMPT_TYPESCRIPT_FIXES_PHASES_1_4.md](../../dbis_core/PROMPT_TYPESCRIPT_FIXES_PHASES_1_4.md). |
---
## 3. Security audits and bridge integrations
**Blocker:** smom backlog / external audits; not automatable from repo.
| # | Task | Owner / doc |
|---|------|-------------|
| 1 | **smom Security audits** | VLT-024, ISO-024. Assign to security/audit owner; see [TODO_TASK_LIST_MASTER.md](TODO_TASK_LIST_MASTER.md) §5. |
| 2 | **Bridge integrations** | BRG-VLT, BRG-ISO. Per smom backlog; see same §5. |
---
## 4. External / third-party (you)
**Blocker:** Your signup, form submission, or PR to external services.
| # | Task | Where / doc |
|---|------|-------------|
| 1 | **Ledger** | Await response to Tally form; sign agreement and follow Ledger integration steps. [ADD_CHAIN138_TO_LEDGER_LIVE.md](../04-configuration/ADD_CHAIN138_TO_LEDGER_LIVE.md). |
| 2 | **Trust Wallet** | Open PR to [trustwallet/wallet-core](https://github.com/trustwallet/wallet-core) with Chain 138 registry entry. [ADD_CHAIN138_TO_TRUST_WALLET](../04-configuration/ADD_CHAIN138_TO_TRUST_WALLET.md) (if present). |
| 3 | **Consensys** | Outreach for native Swaps/Bridge for Chain 138. [CONSENSYS_OUTREACH_PACKAGE](../04-configuration/CONSENSYS_OUTREACH_PACKAGE.md) or MetaMask/Consensys channels. |
| 4 | **CoinGecko/CMC** | Submit Chain 138 and tokens for MetaMask USD. [COINGECKO_SUBMISSION.md](../../smom-dbis-138/services/token-aggregation/docs/COINGECKO_SUBMISSION.md), [CMC_COINGECKO_SUBMISSION_RUNBOOK](../04-configuration/coingecko/CMC_COINGECKO_SUBMISSION_RUNBOOK.md). |
---
## 5. Maintenance (ongoing)
| # | Task | Frequency | Command / note |
|---|------|-----------|----------------|
| 1 | Monitor explorer sync | Daily | `scripts/maintenance/daily-weekly-checks.sh daily` |
| 2 | Monitor RPC (e.g. VMID 2201) | Daily | Same script |
| 3 | Config API uptime | Weekly | `daily-weekly-checks.sh weekly` |
| 4 | Review explorer logs | Weekly | Runbook: OPERATIONAL_RUNBOOKS § Maintenance |
| 5 | Update token list | As needed | token-lists; runbook [139] |
| 6 | **Cron install** | Once from LAN | `bash scripts/maintenance/schedule-daily-weekly-cron.sh --install` |
---
## Quick links
- **Breakdown — where the missing info is:** [REMAINING_TASKS_BREAKDOWN_MISSING_INFO.md](REMAINING_TASKS_BREAKDOWN_MISSING_INFO.md) — for each task: whats needed, whats missing, where to get it.
- **Copy-paste commands:** [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md)
- **Operator/external list:** [OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md](OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md)
- **Full plan:** [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md)
- **Step-by-step:** [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md)

142
docs/00-meta/TASKS_RUNBOOKS_REMAINING_AND_RECOMMENDATIONS.md
View File

@@ -1,142 +0,0 @@
# Tasks, Runbooks, Remaining Deployments, and Recommendations
**Purpose:** Single list of (1) runbooks/tasks not yet run, (2) completed items, (3) remaining deployments, and (4) recommendations and suggestions.
**Last updated:** 2026-02-20
**Related:** [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md) | [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md) | [TODO_TASK_LIST_MASTER.md](TODO_TASK_LIST_MASTER.md) | [RECOMMENDATIONS_OPERATOR_CHECKLIST.md](RECOMMENDATIONS_OPERATOR_CHECKLIST.md) | [RUNBOOKS_MASTER_INDEX.md](../RUNBOOKS_MASTER_INDEX.md)
---
## 1. Runbooks / tasks not yet run (operator or when-ready)
These have runbooks or scripts ready; execution is operator/LAN or when blockers clear.
| # | Task | Runbook / command | Owner / blocker |
|---|------|-------------------|-----------------|
| 1 | **Wemix token verification** | Open [scan.wemix.com/tokens](https://scan.wemix.com/tokens); update `config/token-mapping-multichain.json` and [WEMIX_TOKEN_VERIFICATION.md](../07-ccip/WEMIX_TOKEN_VERIFICATION.md) if needed; run `./scripts/validation/validate-config-files.sh` | Operator |
| 2 | **Gnosis, Celo, Wemix CCIP bridges** | [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md) — deploy WETH bridges, add destinations, fund LINK | Operator/LAN |
| 3 | **LINK support on Mainnet relay** | [RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md](../07-ccip/RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md) — Option A or B, implement, deploy, set `relaySupported: true` for LINK | Operator/LAN |
| 4 | **Blockscout verification** | `source smom-dbis-138/.env 2>/dev/null; ./scripts/verify/run-contract-verification-with-proxy.sh` | Operator/LAN |
| 5 | **Fix E2E 502s** | `./scripts/maintenance/run-all-maintenance-via-proxmox-ssh.sh --e2e` or `./scripts/maintenance/address-all-remaining-502s.sh`; runbook: [502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md](502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md) | Operator/LAN |
| 6 | **Run all operator tasks** | `./scripts/run-all-operator-tasks-from-lan.sh [--deploy] [--create-vms]` — backup, verify, optional deploy/VMs; [STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md](STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md) | Operator/LAN |
| 7 | **DODO PMM on Chain 138** (create pools if not done) | Set `DODO_VENDING_MACHINE_ADDRESS`, `COMPLIANT_*` in smom-dbis-138/.env; `./scripts/deployment/run-pmm-and-pools.sh` or `scripts/setup-dodo-pools.sh`; [CUSDT_CUSDC_MULTICHAIN_LIQUIDITY_RUNBOOK](../../smom-dbis-138/docs/deployment/CUSDT_CUSDC_MULTICHAIN_LIQUIDITY_RUNBOOK.md) | Operator |
| 8 | **PMM / DODO on L2s (G1)** | Set per-chain RPC + DVM + USDT/USDC; `./smom-dbis-138/scripts/deployment/deploy-pmm-all-l2s.sh`; [OPERATOR_NEXT_STEPS_RUNBOOK](../../smom-dbis-138/docs/deployment/OPERATOR_NEXT_STEPS_RUNBOOK.md) G1 | Operator |
| 9 | **Trustless Inbox + LP on L2s (G2)** | `./smom-dbis-138/scripts/deployment/deploy-trustless-l2s.sh` | Operator |
| 10 | **Lockbox on L2s (G3)** | `TRUSTLESS_DEPLOY_LOCKBOX=1 ./smom-dbis-138/scripts/deployment/deploy-trustless-l2s.sh` | Operator |
| 11 | **Fund mainnet Liquidity Pool (G4)** | `./smom-dbis-138/scripts/deployment/fund-mainnet-lp.sh`; [LIQUIDITY_POOL_CONTROLS_RUNBOOK](../03-deployment/LIQUIDITY_POOL_CONTROLS_RUNBOOK.md) | Operator |
| 12 | **Mainnet trustless stack** | Deploy Lockbox138 (138) + InboxETH, BondManager, LiquidityPoolETH (Mainnet); [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md) §7 | Operator |
| 13 | **cUSDT/cUSDC to other chains + Uniswap/Balancer/Curve** | [CUSDT_CUSDC_MULTICHAIN_LIQUIDITY_RUNBOOK](../../smom-dbis-138/docs/deployment/CUSDT_CUSDC_MULTICHAIN_LIQUIDITY_RUNBOOK.md); scripts: `deploy-cusdt-cusdc-all-chains.sh`, `create-uniswap-v3-pool-cusdt-cusdc.sh` | Operator |
| 14 | **CCIPLogger on Mainnet, BSC, Polygon, Gnosis** | `forge script script/DeployCCIPLogger.s.sol --rpc-url <RPC> --broadcast` per chain | Operator |
| 15 | **AddressMapper on other chains** (optional) | DeployAddressMapperOtherChain.s.sol per chain; update `config/smart-contracts-master.json` | Optional |
| 16 | **Paymaster (optional)** | `forge script script/smart-accounts/DeployPaymaster.s.sol --rpc-url $RPC_URL_138 --broadcast` when sources ready | Optional |
---
## 2. Blocked or when-stuck-tx-cleared
| # | Task | Blocker | When unblocked |
|---|------|---------|-----------------|
| 17 | **Chain 138 deployments (Phase 6/8, trustless, vault, etc.)** | Stuck tx / "Replacement transaction underpriced" | Flush mempool from RPC host or use fresh wallet; then `./smom-dbis-138/scripts/deployment/run-all-deployments-parallel.sh chain138` |
| 18 | **eMoney TokenFactory138, bridge, vault, reserve** | Same stuck tx on 138 | [cancel-pending-transactions.sh](../../scripts/cancel-pending-transactions.sh) or resolve from RPC node; [TODO_TASKS_STATUS](../../smom-dbis-138/docs/deployment/TODO_TASKS_STATUS.md) |
| 19 | **Cronos: ISO-4217W, Compliant Fiat, CCIPLogger** | Nonce / insufficient CRO | `./smom-dbis-138/scripts/deployment/fix-nonce-and-retry.sh cronos "script/...";` fund CRO |
---
## 3. Completed (summary)
- **From-anywhere:** `run-completable-tasks-from-anywhere.sh` (config validation, on-chain check, validation, reconcile-env).
- **Token-mapping API:** Bridge UIs/Snap use token-mapping; token-aggregation exposes API; doc hygiene (MAPPER_GAPS, Wemix scan).
- **AddressMapper on Cronos:** Deployed; config updated.
- **Runbooks and indexes:** OPERATIONAL_RUNBOOKS, RUNBOOKS_MASTER_INDEX, CUSDT multichain runbook, LIQUIDITY_POOL_CONTROLS, operator checklist.
- **Chain 138:** Core contracts, CCIP, Oracle, Mock DVM + DODOPMMIntegration (pools can be created); CCIPTxReporter deployed.
- **Canonical tokens (L2):** cUSDT/cUSDC supported in token-aggregation for chains 1, 56, 137, 10, 42161, 8453, 43114, 25, 100 when env set.
---
## 4. Remaining deployments (by area)
| Area | What remains | Runbook / ref |
|------|-------------------------------|----------------|
| **CCIP** | Gnosis, Celo, Wemix WETH9/WETH10 bridges; add destinations; fund LINK | CONFIG_READY_CHAINS_COMPLETION_RUNBOOK |
| **Relay** | LINK support on Mainnet (extend or new receiver); fund; token-mapping `relaySupported: true` | RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK |
| **Trustless** | Mainnet: InboxETH, BondManager, LiquidityPoolETH; optional Lockbox/Inbox on L2s | OPERATOR_READY_CHECKLIST §7; deploy-trustless-l2s.sh |
| **PMM** | Chain 138: create cUSDT/cUSDC pools if not done; L2s: deploy DODOPMMIntegration per chain | CUSDT_CUSDC_MULTICHAIN_LIQUIDITY_RUNBOOK; deploy-pmm-all-l2s.sh |
| **Liquidity** | Fund mainnet LiquidityPoolETH (ETH/WETH) | fund-mainnet-lp.sh |
| **cUSDT/cUSDC multichain** | Deploy tokens to BSC, Polygon, Base, etc.; create Uniswap/Balancer/Curve pools | CUSDT_CUSDC_MULTICHAIN_LIQUIDITY_RUNBOOK; deploy-cusdt-cusdc-all-chains.sh |
| **Optional** | AddressMapper other chains; CCIPLogger other chains; Paymaster; vault/reserve/Keeper per chain | OPERATOR_OPTIONAL_CHECKLIST; OPTIONAL_DEPLOYMENTS_START_HERE |
---
## 5. External / third-party (not runnable in-repo)
| # | Task | Action | Ref |
|---|------|--------|-----|
| 20 | **Ledger** | Await response to Tally form; sign and follow integration steps | ADD_CHAIN138_TO_LEDGER_LIVE |
| 21 | **Trust Wallet** | Open PR to trustwallet/wallet-core with Chain 138 registry entry | ADD_CHAIN138_TO_TRUST_WALLET |
| 22 | **Consensys** | Outreach for native Swaps/Bridge for Chain 138 | CONSENSYS_OUTREACH_PACKAGE |
| 23 | **CoinGecko/CMC** | Submit Chain 138 and tokens for MetaMask USD | COINGECKO_SUBMISSION_GUIDE; CMC_COINGECKO_SUBMISSION_RUNBOOK |
---
## 6. Tezos / Etherlink (when scoped)
| # | Task | Ref |
|---|------|-----|
| 24 | Verify Etherlink (42793) on CCIP; record selector/Router or "custom relay only" | TEZOS_CCIP_REMAINING_ITEMS |
| 25 | Verify Jumper and LiFi for 138, 651940, 42793; update config/matrix | TEZOS_CCIP_REMAINING_ITEMS |
| 26 | InitializeRegistry, DeployAllAdapters, Etherlink receiver, relay services | TEZOS_CCIP_RUNBOOKS_INDEX |
---
## 7. Recommendations and suggestions (R1R24 and more)
**Source:** [RECOMMENDATIONS_OPERATOR_CHECKLIST.md](RECOMMENDATIONS_OPERATOR_CHECKLIST.md) (R1R24) and [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md).
| # | Recommendation | When |
|---|-----------------|------|
| R1 | Verify every deployed contract on Blockscout (proxy or BLOCKSCOUT_VERIFICATION_GUIDE) | After each deployment when Blockscout reachable |
| R2 | Keep CONTRACT_ADDRESSES_REFERENCE and SMART_CONTRACTS_INVENTORY updated; reconcile .env | When new contracts deployed or deprecated |
| R3 | Run `./scripts/verify/check-contracts-on-chain-138.sh [RPC]`; fix any MISSING/EMPTY | Periodically or after deploy |
| R4 | Do not use deprecated CCIPWETH9Bridge; use only current and set CCIPWETH9_BRIDGE_CHAIN138 | Always |
| R5 | Never commit .env or private keys; use MASTER_SECRETS_INVENTORY; rotate if exposed | Always |
| R8 | Set RPC_URL_138 (Core); run from LAN/VPN if 192.168.11.x not reachable | Before deploy |
| R9 | Use GAS_PRICE=1000000000 (or current min) on Chain 138 | Every forge script on 138 |
| R10 | Deploy order: 01_DeployCore first, set env, then 02_DeployBridges; alltra: MerchantSettlementRegistry before WithdrawalEscrow | Deploy order |
| R12 | Keep CONTRACT_DEPLOYMENT_RUNBOOK, BLOCKSCOUT_VERIFICATION_GUIDE, BLOCKSCOUT_FIX_RUNBOOK in sync with scripts/URL | After script or URL changes |
| R14 | Run run-contract-verification-with-proxy.sh after deployments when Blockscout reachable | CI after deploy |
| R17 | Monitor bridge/oracle events (TransferInitiated, TransferCompleted, price updates) | Ongoing |
| R18 | Ensure Blockscout (VMID 5000) up and /api reachable | Health checks |
| R19 | Run `forge test` in smom-dbis-138 and alltra-lifi-settlement before deploying | Pre-deploy |
| R21 | When The Order deployed: NPMplus proxy host; document in RPC_ENDPOINTS_MASTER, ALL_VMIDS_ENDPOINTS; replace SANKOFA_CUTOVER_PLAN TBDs | Sankofa/The Order go-live |
| R24 | Keep config/token-mapping.json single source of truth for 138↔Mainnet; update when adding tokens | Adding tokens |
**Additional suggestions:**
- Run `./scripts/run-completable-tasks-from-anywhere.sh` periodically (no LAN).
- Work through [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](../ALL_IMPROVEMENTS_AND_GAPS_INDEX.md) as needed; run `bash scripts/verify/run-all-validation.sh [--skip-genesis]`.
- Security: smom audits VLT-024, ISO-024; bridge integrations BRG-VLT, BRG-ISO (TODO_TASK_LIST_MASTER §5).
- dbis_core: ~1186 TS errors (deferred).
- Scripts: add progress indicators; add `--dry-run` where missing (R23).
---
## 8. Quick command reference
| Goal | Command |
|------|---------|
| From anywhere (no LAN) | `./scripts/run-completable-tasks-from-anywhere.sh` |
| Operator backup + verify | `./scripts/run-all-operator-tasks-from-lan.sh` |
| Operator + deploy | `./scripts/run-all-operator-tasks-from-lan.sh --deploy` |
| Blockscout verify | `source smom-dbis-138/.env 2>/dev/null; ./scripts/verify/run-contract-verification-with-proxy.sh` |
| E2E 502 fix | `./scripts/maintenance/run-all-maintenance-via-proxmox-ssh.sh --e2e` |
| Config validation | `./scripts/validation/validate-config-files.sh` |
| On-chain check 138 | `./scripts/verify/check-contracts-on-chain-138.sh` |
| Full validation | `bash scripts/verify/run-all-validation.sh [--skip-genesis]` |
| Deploy cUSDT/cUSDC all chains | `./smom-dbis-138/scripts/deployment/deploy-cusdt-cusdc-all-chains.sh` |
| PMM on L2s | `./smom-dbis-138/scripts/deployment/deploy-pmm-all-l2s.sh` |
| Fund mainnet LP | `./smom-dbis-138/scripts/deployment/fund-mainnet-lp.sh` |
---
**Single-page operator copy-paste:** [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md).
**All runbooks:** [RUNBOOKS_MASTER_INDEX.md](../RUNBOOKS_MASTER_INDEX.md).

160
docs/00-meta/TASKS_TO_INCREASE_ALL_E2E_FLOWS.md Normal file
View File

@@ -0,0 +1,160 @@
# Tasks Required to Increase All End-to-End Flows
**Last Updated:** 2026-02-28
**Purpose:** Single list of all tasks needed to complete and improve every E2E flow (same-chain swap, bridge-only, swapbridgeswap).
**Flows:** [DEX_AND_AGGREGATORS_CHAIN138_EXPLAINER.md](../04-configuration/DEX_AND_AGGREGATORS_CHAIN138_EXPLAINER.md) §6 — Flow A (swap on 138), Flow B (bridge from 138), Flow C (swap → bridge → swap).
---
## Legend
| Type | Meaning |
|------|---------|
| **Op** | Operator (LAN/Proxmox, credentials) |
| **Auto** | Script exists; run or schedule |
| **Code** | Code or config change |
| **Doc** | Documentation / design |
| **Def** | Blocked or deferred |
---
## Flow A: Swap on Chain 138 only (same chain)
**Goal:** User can resolve tokens → get quote → execute swap on 138 (cUSDT↔cUSDC, cUSDT↔USDT, cUSDC↔USDC).
| # | Task | Type | Notes |
|---|------|------|-------|
| A1 | Ensure Core RPC (138) writable and reachable | Op | [REQUIRED_FIXES_AND_DEPLOYMENTS_STATUS](../03-deployment/REQUIRED_FIXES_AND_DEPLOYMENTS_STATUS.md). `make-rpc-vmids-writable-via-ssh.sh`, `health-check-rpc-2101.sh`. |
| A2 | Verify or create three PMM pools on 138 | Op/Auto | cUSDT/cUSDC, cUSDT/USDT, cUSDC/USDC. `CreateCUSDTCUSDCPool.s.sol`, `CreateCUSDTUSDTPool.s.sol`, `CreateCUSDCUSDCPool.s.sol` or `setup-dodo-pools.sh`. [NEXT_STEPS_PMM_FULL_PARITY](../03-deployment/NEXT_STEPS_PMM_FULL_PARITY_AND_ALL_POOLS.md). |
| A3 | Register pools with DODOPMMProvider | Op | Set `POOL_CUSDTCUSDC`, `POOL_CUSDTUSDT`, `POOL_CUSDCUSDC` in .env; run `RegisterDODOPools.s.sol`. |
| A4 | Add liquidity to all three PMM pools | Op | `AddLiquidityPMMPoolsChain138.s.sol` with `ADD_LIQUIDITY_BASE_AMOUNT`, `ADD_LIQUIDITY_QUOTE_AMOUNT`; or `run-pmm-full-parity-all-phases.sh` with amounts set. |
| A5 | Ensure token-aggregation indexes DODO on 138 | Op/Code | Set `CHAIN_138_DODO_PMM_INTEGRATION` in env; run indexer so `GET /api/v1/quote` returns DODO quotes. |
| A6 | Expose token-aggregation API for dApps/Snap | Op | Proxy `/api/v1/*` (e.g. from explorer.d-bis.org) to token-aggregation service; or set `GATSBY_SNAP_API_BASE_URL`. |
| A7 | (Optional) Deploy EnhancedSwapRouter on 138 | Op/Def | Only after Uniswap/Balancer pools exist on 138; configure quoter and pool IDs. |
| A8 | (Optional) Add N-hop quote/pathfinding | Code | Token-aggregation today is single-hop only; add graph-based A→B→C pathfinding if needed. |
---
## Flow B: Bridge from Chain 138 (no destination swap)
**Goal:** User can get bridge routes → (optional) resolve token mapping → send bridge tx 138 → destination.
| # | Task | Type | Notes |
|---|------|------|-------|
| B1 | Ensure CCIP bridges on 138 configured and funded | Op | CCIPWETH9Bridge, CCIPWETH10Bridge; destinations set; bridges funded with LINK. [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md). |
| B2 | Run bridge destination config (138 ↔ Gnosis/Cronos/Celo/Wemix etc.) | Op | `complete-config-ready-chains.sh`; fund remote bridges with LINK (`fund-ccip-bridges-with-link.sh`, `check-link-balance-config-ready-chains.sh`). |
| B3 | Ensure relay (138→Mainnet) operational if using relay path | Op | Relay service running; Mainnet CCIPRelayBridge funded with WETH. |
| B4 | Token-aggregation: `GET /api/v1/bridge/routes` returns correct Chain 138 bridges | Code/Op | Set `BRIDGE_LIST_JSON_URL` or built-in routes; verify response has `chain138Bridges`. |
| B5 | Token mapping API for 138↔destination | Code/Op | `GET /api/v1/token-mapping`, `token-mapping/resolve`; ensure `token-mapping-multichain.json` or loader includes 138 and target chains. |
| B6 | Frontend/dApp: wire Bridge UI to routes + token mapping | Code | Use `/api/v1/bridge/routes` and `/api/v1/token-mapping/resolve`; show supported tokens and destination addresses. |
| B7 | Test 138→destination and destination→138 with small amounts | Op | Run [T1_2_BRIDGE_RESOLUTION_TASKS](../06-besu/T1_2_BRIDGE_RESOLUTION_TASKS_DETAILED.md) § Task 3.5; document tx hashes. |
---
## Flow C: Swap on 138 → bridge → swap on destination
**Goal:** User gets full quote (source swap + bridge + destination swap), then executes (or coordinator does in one tx).
| # | Task | Type | Notes |
|---|------|------|-------|
| C1 | Complete Flow A (liquidity and quote on 138) | — | Prerequisite: swap on 138 must work. |
| C2 | Complete Flow B (bridge configured and funded) | — | Prerequisite: bridge must work. |
| C3 | Orchestration: `POST /api/bridge/quote` returns sourceSwapQuote and destinationSwapQuote | Code/Op | Set `BRIDGE_REGISTRY_ADDRESS`; optional `ENHANCED_SWAP_ROUTER_ADDRESS` (source), `DESTINATION_RPC_URL`, `DESTINATION_SWAP_ROUTER_ADDRESS`. QuoteService already supports optional swap quotes. |
| C4 | (Optional) Deploy SwapBridgeSwapCoordinator on-chain | Op | One tx: swap (source) → bridge → swap (destination). [DODO_PMM_NEXT_STEPS](../../smom-dbis-138/docs/bridge/DODO_PMM_NEXT_STEPS.md); deploy when full E2E on-chain flow is required. |
| C5 | Destination-chain DEX/aggregator for destinationSwapQuote | Code/Op | Ensure destination chain has DEX or aggregator API; wire QuoteService to it for `destinationSwapQuote`. |
| C6 | Frontend: “Get full path quote” and execute (or submit coordinator tx) | Code | Call `POST /api/bridge/quote`; display minReceived, sourceSwapQuote, destinationSwapQuote; button to execute steps or coordinator. |
| C7 | E2E test: swap on 138 → bridge → swap on destination | Op/Auto | Automated or manual test; document success and tx hashes. |
---
## Cross-cutting (all flows)
### Infrastructure and verification
| # | Task | Type | Notes |
|---|------|------|-------|
| X1 | RPC 2101 (Core) writable and healthy | Op | [RPC_2101_READONLY_FIX](../03-deployment/RPC_2101_READONLY_FIX.md); health-check-rpc-2101.sh. |
| X2 | On-chain contract verification (Blockscout) | Op | `run-contract-verification-with-proxy.sh` from LAN; [DEPLOY_CONFIRM_AND_FULL_E2E_RUNBOOK](DEPLOY_CONFIRM_AND_FULL_E2E_RUNBOOK.md) §2. |
| X3 | E2E routing (DNS + HTTPS + RPC) | Auto | `verify-end-to-end-routing.sh`; fix 502s from LAN if needed. [TASKS_TO_COMPLETE_AND_FIX](TASKS_TO_COMPLETE_AND_FIX.md). |
| X4 | Explorer E2E (homepage, API, SPA) | Auto | `explorer-monorepo/scripts/e2e-test-explorer.sh`; [DEPLOY_CONFIRM_AND_FULL_E2E_RUNBOOK](DEPLOY_CONFIRM_AND_FULL_E2E_RUNBOOK.md) §5. |
| X5 | Token-aggregation health and DB | Op | PostgreSQL/TimescaleDB; indexer running; `GET /health` and `/api/v1/chains` succeed. |
| X6 | TransactionMirror (if used) deployed and address in .env | Op | Deploy via `deploy-transaction-mirror-and-pmm-pool-after-txpool-clear.sh`; set `TRANSACTION_MIRROR_ADDRESS`. |
| X7 | Deployer/admin funded on 138 and on destination chains (for deploy/tests) | Op | Gas tokens; LINK where needed for bridge fees. |
### Token list and discovery
| # | Task | Type | Notes |
|---|------|------|-------|
| X8 | Public token list URL for Chain 138 (MetaMask, dApps) | Op/Code | `GET /api/v1/report/token-list?chainId=138` or static list; point MetaMask/dApp to this URL. [TOKEN_LIST_AUTHORING_GUIDE](../11-references/TOKEN_LIST_AUTHORING_GUIDE.md). |
| X9 | Canonical token addresses in config and .env | Op | [ADDRESS_MATRIX_AND_STATUS](../11-references/ADDRESS_MATRIX_AND_STATUS.md); reconcile config/smart-contracts-master.json and .env. |
### Multichain (extend flows to L2s)
| # | Task | Type | Notes |
|---|------|------|-------|
| X10 | Deploy cUSDT/cUSDC on each target L2 | Op | [NEXT_STEPS_PMM_FULL_PARITY](../03-deployment/NEXT_STEPS_PMM_FULL_PARITY_AND_ALL_POOLS.md) Phase 2; `deploy-cusdt-cusdc-all-chains.sh`. |
| X11 | Deploy DODOPMMIntegration + pools + provider + liquidity on each L2 | Op | `deploy-pmm-all-l2s.sh`; create pools; deploy provider; register; add liquidity. Enables Flow A and C on L2s. |
| X12 | Token-aggregation and bridge quote support for new chains | Code/Op | Add chain IDs and RPCs; token mapping for 138↔L2; bridge routes for new chains. |
### Documentation and runbooks
| # | Task | Type | Notes |
|---|------|------|-------|
| X13 | Update PMM_DEX_ROUTING_STATUS when pools + liquidity are live | Doc | Set “pools created” and “liquidity added”; update CONTRACT_ADDRESSES / ADDRESS_MATRIX if new addresses. |
| X14 | Runbooks for operator: swap, bridge, swap-bridge-swap | Doc | Point operators to [DEX_AND_AGGREGATORS_CHAIN138_EXPLAINER](../04-configuration/DEX_AND_AGGREGATORS_CHAIN138_EXPLAINER.md), [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md), [NEXT_STEPS_PMM_FULL_PARITY](../03-deployment/NEXT_STEPS_PMM_FULL_PARITY_AND_ALL_POOLS.md). |
---
## Summary by flow
| Flow | Description | Key tasks |
|------|-------------|-----------|
| **A** | Swap on Chain 138 only | A1A6 (RPC, pools, liquidity, token-aggregation, API exposure); A7A8 optional. |
| **B** | Bridge from 138 | B1B7 (CCIP config, funding, relay, routes API, token mapping, UI, test). |
| **C** | Swap → bridge → swap | C1C7 (depends on A+B; quote API with swap quotes; optional coordinator; destination DEX; E2E test). |
| **Cross-cutting** | Infra, tokens, multichain, docs | X1X14. |
---
## Execution order (suggested)
1. **Gates:** X1 (RPC), X6 (TransactionMirror if needed), X7 (fund deployer).
2. **Flow A:** A1 → A2 → A3 → A4 → A5 → A6; then A7A8 if desired.
3. **Flow B:** B1 → B2 → B3 → B4 → B5; B6 (frontend); B7 (test).
4. **Flow C:** C1, C2 → C3 → C5, C6 → C4 (optional) → C7.
5. **Cross-cutting:** X2X5, X8X9 (any time); X10X12 (multichain when ready); X13X14 (docs).
**Parallel:** A2A4 can use `run-pmm-full-parity-all-phases.sh` (Phase 1). B1B2 and bridge funding can run per chain in parallel where scripts support it.
---
## Full Parallel execution (waves)
Run **all items in a wave in parallel**; then run the next wave. Script: `./scripts/run-e2e-flow-tasks-full-parallel.sh` (from repo root).
| Wave | Tasks (run in parallel) | Notes |
|------|-------------------------|--------|
| **E0 — Gates** | X1, X6, X7; A1 | RPC writable, TransactionMirror, deployer funded; Core RPC reachable. Operator. |
| **E1 — Flow A (Chain 138 DEX)** | A2, A3, A4 | Create pools, register, add liquidity: `run-pmm-full-parity-all-phases.sh` Phase 1 (internal parallel: pool create, then register, then add). |
| **E2 — Flow B (bridge)** | B1, B2 | CCIP config + destinations; fund bridges: `complete-config-ready-chains.sh`, `fund-ccip-bridges-with-link.sh`. Per-chain parallel where supported. |
| **E3 — Code/config (no LAN)** | A5, B4, B5, C3, X8 | Token-aggregation env (`CHAIN_138_DODO_PMM_INTEGRATION`); bridge routes API; token mapping; quote API; token list URL; reconcile .env. |
| **E4 — Infra/verify** | X2, X3, X4, X5 | Blockscout verify; E2E routing; explorer E2E; token-aggregation health. Operator/LAN. |
| **E5 — Multichain** | X10, X11, X12 | Deploy cUSDT/cUSDC + PMM on L2s; token-aggregation + bridge for new chains. `run-pmm-full-parity-all-phases.sh` Phase 2 (parallel per chain). |
| **E6 — Frontend + test** | B6, B7, C5, C6, C7 | Wire Bridge UI; test 138↔dest; destination DEX; full path quote UI; E2E test. |
| **E7 — Docs** | X13, X14 | Update PMM_DEX_ROUTING_STATUS; runbooks. |
**Automated (script):** E1 (Phase 1), E2 (per-chain scripts), E3 (env/config edits), E5 (Phase 2). E0, E4, E6 require operator/LAN where indicated.
---
## References
| Doc | Content |
|-----|---------|
| [DEX_AND_AGGREGATORS_CHAIN138_EXPLAINER](../04-configuration/DEX_AND_AGGREGATORS_CHAIN138_EXPLAINER.md) | Flows A, B, C and routing |
| [NEXT_STEPS_PMM_FULL_PARITY_AND_ALL_POOLS](../03-deployment/NEXT_STEPS_PMM_FULL_PARITY_AND_ALL_POOLS.md) | PMM pools and liquidity |
| [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md) | CCIP bridge config and LINK |
| [DEPLOY_CONFIRM_AND_FULL_E2E_RUNBOOK](DEPLOY_CONFIRM_AND_FULL_E2E_RUNBOOK.md) | Deploy, verify, E2E tests |
| [E2E_COMPLETION_TASKS_DETAILED_LIST](E2E_COMPLETION_TASKS_DETAILED_LIST.md) | Full E2E task breakdown (waves) |
| [PMM_DEX_ROUTING_STATUS](../11-references/PMM_DEX_ROUTING_STATUS.md) | DEX/PMM status |
| `scripts/run-e2e-flow-tasks-full-parallel.sh` | Run E2E flow tasks by wave (full parallel); `--dry-run`, `--wave E1` |

130
docs/00-meta/TASK_CHECK_REPORT.md Normal file
View File

@@ -0,0 +1,130 @@
# Task Check Report — Remaining Tasks Verified Before Completion
**Date:** 2026-03-02
**Purpose:** For each remaining task, verify current state before marking complete or executing. Use this report to decide what still needs to be run by Operator/LAN vs what is already satisfied.
---
## Checks run (2026-03-02)
| Check | Result |
|-------|--------|
| **run-completable-tasks-from-anywhere.sh** | Passed — config OK, 38/38 on-chain (Chain 138), validation OK, reconcile-env printed |
| **preflight-chain138-deploy.sh** | Passed — dotenv exists, RPC Core (chainId 138), nonce consistent, no stuck txs |
---
## Per-task status (after check)
### 1. Full deployment order (Phase 06)
| Item | Status | Notes |
|------|--------|-------|
| Phase 0 (prereqs) | Satisfied | Preflight passed; .env and RPC OK |
| Phase 1 (Chain 138 core) | Done | 38/38 contracts present |
| Phase 2 (TransactionMirror + PMM pools) | Done | Mirror deployed; all three pools created (cUSDT/cUSDC, cUSDT/USDT, cUSDC/USDC) |
| Phase 3 (Liquidity + DODOPMMProvider) | Partially done | DODOPMMProvider deployed at `0x8EF6657D2a86c569F6ffc337EE6b4260Bd2e59d0`; pools registered. **Remaining:** add liquidity (optional per doc) via `AddLiquidityPMMPoolsChain138.s.sol` or cast |
| Phase 46 | Not run | Optional / other chains; Operator |
**Conclusion:** Phases 03 (required) are done except adding liquidity. Full “completion” of Phase 06 requires Operator for Phase 46 and, if desired, adding liquidity in Phase 3.
---
### 2. Chain 138 PMM: add liquidity, DODOPMMProvider
| Item | Status | Notes |
|------|--------|-------|
| DODOPMMProvider deployed | Done | `0x8EF6657D2a86c569F6ffc337EE6b4260Bd2e59d0`; pools registered (2026-02-28) |
| Pools created | Done | 0x9fcB… (cUSDT/cUSDC), 0xa3Ee… (cUSDT/USDT), 0x90bd… (cUSDC/USDC) |
| Add liquidity | Not run | Script: `smom-dbis-138/script/dex/AddLiquidityPMMPoolsChain138.s.sol`; runbook: [ADD_LIQUIDITY_PMM_CHAIN138_RUNBOOK.md](../03-deployment/ADD_LIQUIDITY_PMM_CHAIN138_RUNBOOK.md). Requires `ADD_LIQUIDITY_BASE_AMOUNT`, `ADD_LIQUIDITY_QUOTE_AMOUNT` in .env and deployer holding base/quote tokens |
**Conclusion:** Provider and pools are in place. Only “add liquidity” remains; Operator/LAN with token balance and .env amounts.
---
### 3. Operator tasks: Blockscout verify, 502 fix, NPMplus backup, deploy
| Item | Status | Notes |
|------|--------|-------|
| Script exists | Yes | `./scripts/run-all-operator-tasks-from-lan.sh` |
| Dry-run | Run | Would run: run-wave0-from-lan.sh (NPMplus RPC fix + backup), then Blockscout verification |
| Requires | LAN, smom-dbis-138/.env (PRIVATE_KEY, NPM_PASSWORD for backup) | Cannot be run from this host without LAN |
**Conclusion:** Script is present and dry-run succeeds. Execution is Operator/LAN only.
---
### 4. Gnosis, Celo, Wemix CCIP bridges
| Item | Status | Notes |
|------|--------|-------|
| Runbook | Exists | [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md) |
| Scripts | DeployWETHBridges.s.sol; complete-config-ready-chains.sh; fund-ccip-bridges-with-link.sh | Per runbook |
| Requires | Per-chain RPC, CCIP Router, LINK, WETH9/WETH10, deployer gas (xDAI, CELO, WEMIX) | Operator/LAN |
**Conclusion:** Documented and scripted; not run in this check. Operator/LAN.
---
### 5. LINK support on Mainnet relay
| Item | Status | Notes |
|------|--------|-------|
| Runbook | Exists | [RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md](../07-ccip/RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md) |
| Requires | Implement option A or B, deploy, fund LINK, set relaySupported for LINK, restart relay | Operator/LAN |
**Conclusion:** Not run. Operator/LAN.
---
### 6. Repos & PRs: Ledger, Trust Wallet, Chainlist, on-ramps
| Item | Status | Notes |
|------|--------|-------|
| Doc | [REPOSITORIES_AND_PRS_CHAIN138.md](REPOSITORIES_AND_PRS_CHAIN138.md) | External submissions; forms/PRs |
| Action | Submit PRs / forms per doc | External / manual |
**Conclusion:** No automated check; external.
---
### 7. PR-ready files: Chainlist, Trust Wallet
| Item | Status | Notes |
|------|--------|-------|
| Chainlist | Present | `docs/04-configuration/pr-ready/eip155-138.json` |
| Trust Wallet | Present | `docs/04-configuration/pr-ready/trust-wallet-registry-chain138.json` |
| README | Present | [pr-ready/README.md](../04-configuration/pr-ready/README.md) with submission steps |
**Conclusion:** Files exist and are PR-ready; submission is external (fork, PR, forms).
---
### 8. E2E flow waves E1E7
| Item | Status | Notes |
|------|--------|-------|
| Script | Exists | `./scripts/run-e2e-flow-tasks-full-parallel.sh` |
| Dry-run | Run | Lists waves E0E7; E3 reports CHAIN_138_DODO_PMM_INTEGRATION set, suggests BRIDGE_REGISTRY_ADDRESS for Flow C |
| Execution | Operator/LAN for E0, E2, E4, E5, E6 | Waves include RPC, backup, Blockscout, routing, L2 PMM, bridge UI |
**Conclusion:** Script and dry-run OK; live execution is Operator/LAN for most waves.
---
## Summary
| Task | Checked | Can complete from here? | Action |
|------|--------|--------------------------|--------|
| 1. Full deployment order Phase 06 | Yes | No (Phase 46 + liquidity = Operator) | Document: Phases 03 done; add liquidity + Phase 46 = Operator |
| 2. Chain 138 PMM add liquidity | Yes | No (needs tokens + .env amounts) | Operator runs AddLiquidityPMMPoolsChain138 or cast |
| 3. Operator tasks | Yes | No (LAN required) | Operator runs run-all-operator-tasks-from-lan.sh |
| 4. Gnosis/Celo/Wemix CCIP | Yes | No | Operator per runbook |
| 5. LINK Mainnet relay | Yes | No | Operator per runbook |
| 6. Repos & PRs | Yes | No (external) | Submit per REPOSITORIES_AND_PRS_CHAIN138 |
| 7. PR-ready files | Yes | N/A (files exist) | Submit PRs using pr-ready/ files |
| 8. E2E waves E1E7 | Yes | No (Operator for most) | Operator runs run-e2e-flow-tasks-full-parallel.sh |
**Completed in this environment:** Preflight and run-completable-tasks-from-anywhere passed; no remaining tasks can be fully “completed” from this host without LAN/Operator or external submission.
**Next step for operator:** Run `./scripts/run-all-operator-tasks-from-lan.sh` (and optionally `--deploy`) from a host on LAN; add liquidity when base/quote amounts and tokens are ready; run E2E waves as needed.

63
docs/00-meta/TASK_LIST_REVIEW_2026_03_01.md Normal file
View File

@@ -0,0 +1,63 @@
# Task List Review — Deprecated and Duplicates Resolved
**Date:** 2026-03-01
**Purpose:** Audit of remaining tasks across master documentation; removal of deprecated items and duplicate wording. Single source for “what was fixed.”
---
## 1. Deprecated tasks corrected
### 2506, 2507, 2508 (Besu RPC containers)
- **Status:** These containers were **destroyed 2026-02-08** on all Proxmox hosts (script: `destroy-vmids-2506-2508.sh`). RPC range is **25002505** only; function replaced by new VMID structure (2101, 2201, 2301, 23032308, 24002403).
- **Issue:** Multiple docs still listed “Missing containers 25062508” or “create 25062508” as pending/high.
- **Changes:** All references updated to “destroyed 2026-02-08” or “Done (doc)” and W2-6 / optional infra text adjusted. No create action.
**Files updated:**
TODOS_CONSOLIDATED, MASTER_PLAN, COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX, FULL_PARALLEL_EXECUTION_ORDER, PHASES_AND_TASKS_MASTER, WAVE2_WAVE3_OPERATOR_CHECKLIST, REMAINING_ITEMS_FULL_PARALLEL_LIST, REMAINING_WORK_DETAILED_TASKS, NEXT_STEPS_ALL, NEXT_STEPS_MASTER, ALL_IMPROVEMENTS_AND_GAPS_INDEX, ALL_RECOMMENDATIONS_HIGH_PRIORITY.
---
## 2. Deleted document references
### CONTRACT_INVENTORY_AND_VERIFICATION / SMART_CONTRACTS_INVENTORY
- **Status:** CONTRACT_INVENTORY_AND_VERIFICATION.md was removed. **ADDRESS_MATRIX_AND_STATUS.md** is the correlated address and status source.
- **Issue:** Multiple docs and R2/R13 still pointed to CONTRACT_INVENTORY_AND_VERIFICATION or SMART_CONTRACTS_INVENTORY_ALL_CHAINS.
- **Changes:** Replaced with ADDRESS_MATRIX_AND_STATUS (or “update ADDRESS_MATRIX_AND_STATUS”) in task text and Related sections.
**Files updated:**
CONTRACT_ADDRESSES_REFERENCE, RECOMMENDATIONS_OPERATOR_CHECKLIST (R13), ALL_RECOMMENDATIONS_HIGH_PRIORITY (R1R3), OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST, ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST, ALL_RECOMMENDATIONS_OPERATOR_ONLY, REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS, BLITZKRIEG_SOURCE_DOCUMENT_INDEX, REMAINING_WORK_BREAKDOWN_AND_ANSWERS, CONTRACT_DEPLOYMENT_RUNBOOK, CHAIN138_TOKEN_ADDRESSES, LIQUIDITY_POOLS_MASTER_MAP, DEX_AND_CROSS_CHAIN_CONTRACTS_NEEDED, MASTER_INDEX, OPERATOR_OPTIONAL_CHECKLIST, QUICK_REFERENCE_CARDS, CCIP_SENDER_CONTRACT_REFERENCE, CCIP_SECURITY_DOCUMENTATION.
**Not updated (optional / archive):**
CONTRACT_NEXT_STEPS_AND_RECOMMENDATIONS_COMPLETE, SMART_CONTRACTS_INVENTORY_SIMPLE, MASTER_TODO_EXPANDED, BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN, and files under `docs/archive/` — can be updated in a later pass if those docs are still in use.
---
## 3. Duplicate / outdated task wording
### DODO PMM on 138 (TODOS_CONSOLIDATED task 13)
- **Status:** DODOPMMIntegration and the three PMM pools (cUSDT/cUSDC, cUSDT/USDT, cUSDC/USDC) and DODOPMMProvider were **already deployed 2026-02-28** (see NEXT_STEPS_AND_REMAINING_TODOS completed section).
- **Issue:** Task 13 still said “Deploy DODOPMMIntegration; … create cUSDT/cUSDC pools” as if not done.
- **Change:** Task 13 text updated to “Integration and pools **already deployed**. Remaining: add liquidity (AddLiquidityPMMPoolsChain138 / run-pmm-full-parity); document in LIQUIDITY_POOLS_MASTER_MAP.” Ref set to NEXT_STEPS_PMM_FULL_PARITY_AND_ALL_POOLS.
---
## 4. Canonical task sources (after review)
- **Single task list:** [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md)
- **Operator copy-paste:** [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md)
- **Still not done (LAN/external):** [STILL_NOT_DONE_EXECUTION_CHECKLIST.md](STILL_NOT_DONE_EXECUTION_CHECKLIST.md)
- **E2E flows:** [TASKS_TO_INCREASE_ALL_E2E_FLOWS.md](TASKS_TO_INCREASE_ALL_E2E_FLOWS.md)
- **Full plan:** [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md)
- **Address/contract status:** [ADDRESS_MATRIX_AND_STATUS.md](../11-references/ADDRESS_MATRIX_AND_STATUS.md) (replaces CONTRACT_INVENTORY_AND_VERIFICATION)
- **Containers 25062508:** [MISSING_CONTAINERS_LIST.md](../03-deployment/MISSING_CONTAINERS_LIST.md) — destroyed 2026-02-08; RPC 25002505 only.
---
## 5. Optional follow-ups
- **config/smart-contracts-master.json:** Referenced in several places; if this file is removed or optional, consider adding “(when present)” or “config and .env” in task text so tasks remain valid.
- **CONTRACT_NEXT_STEPS_AND_RECOMMENDATIONS_COMPLETE, SMART_CONTRACTS_INVENTORY_SIMPLE:** Still reference CONTRACT_INVENTORY_AND_VERIFICATION / SMART_CONTRACTS_INVENTORY; update if those docs stay in use.
- **Archive:** Files under `docs/archive/` were not changed; update only if you reuse them.

84
docs/00-meta/TODOS_CONSOLIDATED.md
View File

@@ -1,16 +1,46 @@
# TODOs — Consolidated Task List
**Last Updated:** 2026-02-20
**Purpose:** Single checklist of all next steps and remaining tasks. Source of truth for the full list: [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md).
**Last Updated:** 2026-03-02
**Purpose:** Single checklist of all next steps and remaining tasks. Source of truth for the full list: [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md). **Token deployments remaining:** [TOKEN_CONTRACT_DEPLOYMENTS_REMAINING.md](../11-references/TOKEN_CONTRACT_DEPLOYMENTS_REMAINING.md).
**Quick run:** From anywhere (no LAN): `./scripts/run-completable-tasks-from-anywhere.sh`. From LAN with secrets: `./scripts/run-all-operator-tasks-from-lan.sh [--deploy] [--create-vms]`.
**Quick run:** From anywhere (no LAN): `./scripts/run-completable-tasks-from-anywhere.sh`. Before Chain 138 deploy: `./scripts/deployment/preflight-chain138-deploy.sh [--cost]`. **Chain 138 next steps (all in one):** `./scripts/deployment/run-all-next-steps-chain138.sh [--dry-run] [--skip-mirror] [--skip-register-gru] [--skip-verify]` — preflight → mirror+pool → register c* as GRU → verify. From LAN with secrets: `./scripts/run-all-operator-tasks-from-lan.sh [--deploy] [--create-vms]`. **E2E flows (full parallel):** `./scripts/run-e2e-flow-tasks-full-parallel.sh [--dry-run]` — [TASKS_TO_INCREASE_ALL_E2E_FLOWS](TASKS_TO_INCREASE_ALL_E2E_FLOWS.md).
**Last completable run (2026-02-20):** Config validation OK; on-chain 45/45; run-all-validation --skip-genesis OK; reconcile-env --print. Doc consolidation and root cleanup completed (see NEXT_STEPS_FOR_YOU, ARCHIVE_CANDIDATES).
**Full deployment order:** [DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) — Phase 06 (prereqs → core → PMM pools → provider → optional → cW* → verify). **Full plan (required/optional/recommended):** [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md).
**Last completable run (2026-03-02):** Config validation OK; on-chain 38/38; run-all-validation --skip-genesis OK; reconcile-env. **Preflight** and **run-all-next-steps-chain138.sh** run: preflight passed; mirror/pool present; 12 c* already GRU-registered; verification 38/38. Documentation: MASTER_INDEX, README, RUNBOOKS_MASTER_INDEX created; deprecated list and consolidation plan updated. Progress indicators (Step 1/44/4) in run-completable-tasks-from-anywhere.sh. E2E flow tasks script and doc updates (ADDRESS_MATRIX_AND_STATUS, RECOMMENDATIONS R2, NEXT_STEPS_FOR_YOU) completed. **Optional completed (2026-02-27 / 2026-03-01):** DeployCompliantFiatTokens (10 tokens); Blockscout verification; MCP allowlist-138; add-liquidity runbook; token-aggregation fallbacks + ENV_EXAMPLE_CONTENT; E2E routing verification; PMM_DEX_ROUTING_STATUS + REQUIRED_FIXES_AND_DEPLOYMENTS_STATUS updated; cCADT line (commented) in DeployCompliantFiatTokens.s.sol. **Within-scope list (2026-02-27):** CompliantWrappedToken.sol; DeployCompliantFiatTokensForChain.s.sol (c* any chain); DeployCWTokens.s.sol (cWUSDT/cWUSDC); deploy-tokens-and-weth-all-chains-skip-canonical.sh extended with --deploy-c, --deploy-cw, 651940 env validation; TOKENS_DEPLOYER_DEPLOYED_ON_OTHER_CHAINS §6 implemented; ENV_EXAMPLE_CONTENT c*/cW*/651940 vars. **2026-02-27:** Deployment order doc, preflight script, deployment safety added; todos synced.
**Operator copy-paste commands:** [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md) — one page with exact commands for every pending todo.
---
## First (before any Chain 138 deploy)
| # | Task | Owner | Ref |
|---|------|--------|-----|
| 0a | **Check deployer gas (Chain 138):** Run balance/gas check using **Core RPC only**. | Operator/LAN | `RPC_URL_138=http://192.168.11.211:8545 ./scripts/deployment/check-deployer-balance-chain138-and-funding-plan.sh` or `cd smom-dbis-138 && ./scripts/deployment/check-balances-gas-and-deploy.sh` |
| 0b | **Core Besu RPC (VMID 2101) use IP:port, not FQDN:** Set `RPC_URL_138=http://192.168.11.211:8545` in `smom-dbis-138/.env` for admin/deploy. Do not use `https://rpc-core.d-bis.org` for deployment (DNS/tunnel can fail; IP is direct to node). | Operator | [RPC_ENDPOINTS_MASTER](../04-configuration/RPC_ENDPOINTS_MASTER.md), [VMID_IP_FIXED_REFERENCE](../11-references/VMID_IP_FIXED_REFERENCE.md) |
| 0c | **Test all contracts before deploying:** Run from repo root (see commands below). Full run can take 515+ min; use `--no-match` for unit-only. | Anyone | [DEPLOYMENT_ORDER_OF_OPERATIONS](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) § Phase 0.8 |
**Test-all-contracts commands (from repo root):**
```bash
# Full build + test (can take 515+ minutes)
./scripts/deployment/test-all-contracts-before-deploy.sh
# Quick check: print commands only
./scripts/deployment/test-all-contracts-before-deploy.sh --dry-run
# Faster: unit tests only (skip Fork/Mainnet/Integration/e2e)
./scripts/deployment/test-all-contracts-before-deploy.sh --no-match "Fork|Mainnet|Integration|e2e"
# Include alltra-lifi-settlement
./scripts/deployment/test-all-contracts-before-deploy.sh --alltra
```
| 0 | **Before Chain 138 deploy:** Run preflight (RPC, dotenv, nonce, optional cost). Preflight defaults to `http://192.168.11.211:8545` when `RPC_URL_138` unset. | Anyone | `./scripts/deployment/preflight-chain138-deploy.sh [--cost]`; [DEPLOYMENT_ORDER_OF_OPERATIONS](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) § Phase 0 |
---
## High priority
| # | Task | Owner | Ref |
@@ -26,7 +56,7 @@
|---|------|--------|-----|
| 3 | **LINK support on Mainnet relay:** Option A or B per runbook; implement, deploy, fund LINK; set `relaySupported: true` for LINK in token-mapping.json; update docs. | Operator/LAN | RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK |
| 4 | **Run "from anywhere" checks periodically:** `./scripts/run-completable-tasks-from-anywhere.sh` | Anyone | NEXT_STEPS_FOR_YOU §2 |
| 5 | **Placeholders (code):** Canonical addresses in token-aggregation (env); AlltraAdapter fee (setBridgeFee); smart accounts kit; quote service Fabric chainId; .bak (BAK_FILES_DEPRECATION). | Dev | REQUIRED_FIXES_UPDATES_GAPS |
| 5 | **Placeholders (code):** All done or documented per [REQUIRED_FIXES_UPDATES_GAPS.md](../REQUIRED_FIXES_UPDATES_GAPS.md) §4: canonical addresses (env), AlltraAdapter setBridgeFee, smart accounts kit (env + runbook), quote service FABRIC_CHAIN_ID (default 999), .bak ([BAK_FILES_DEPRECATION.md](../../smom-dbis-138/docs/BAK_FILES_DEPRECATION.md)). | Dev | REQUIRED_FIXES_UPDATES_GAPS |
| 6 | **API keys:** Sign up per reports/API_KEYS_REQUIRED.md; add to `.env`. | Anyone | NEXT_STEPS_FOR_YOU §2 |
---
@@ -40,6 +70,42 @@
| 9 | **Operator tasks script:** `./scripts/run-all-operator-tasks-from-lan.sh [--deploy] [--create-vms]` | Operator/LAN | STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS |
| 10 | **sendCrossChain (real):** `bash scripts/bridge/run-send-cross-chain.sh 0.01` (when PRIVATE_KEY and LINK ready) | Operator/LAN | NEXT_STEPS_OPERATOR W0-2 |
| 11 | **NPMplus backup:** `bash scripts/verify/backup-npmplus.sh` | Operator/LAN | NEXT_STEPS_OPERATOR W0-3 |
| 12 | **Mint tokens to deployer for liquidity/bridges:** See [TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER](../11-references/TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER.md) — Chain 138: owner mint (cUSDT, cUSDC, cEURC, …); Cronos: MintController (D-WIN W); other chains: acquire via wrap/bridge/DEX. | Operator/LAN | TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER |
---
## E2E Flows (Full Parallel)
All tasks from [TASKS_TO_INCREASE_ALL_E2E_FLOWS.md](TASKS_TO_INCREASE_ALL_E2E_FLOWS.md). Run in waves; within each wave run in **full parallel** when possible. Script: `./scripts/run-e2e-flow-tasks-full-parallel.sh [--dry-run]`.
| Wave | Tasks | Run in parallel |
|------|--------|-----------------|
| E0 | X1, X6, X7, A1 — RPC writable, TransactionMirror, deployer funded, Core RPC | Op |
| E1 | A2, A3, A4 — PMM pools create, register, add liquidity (Chain 138) | run-pmm-full-parity-all-phases.sh Phase 1 |
| E2 | B1, B2 — CCIP config and fund bridges (per chain parallel) | complete-config-ready-chains.sh, fund-ccip-bridges-with-link.sh |
| E3 | A5, B4, B5, C3, X8 — token-aggregation env, bridge routes, token mapping, quote API, token list | Code/Op |
| E4 | X2, X3, X4, X5 — Blockscout verify, E2E routing, explorer E2E, token-aggregation health | Op/LAN |
| E5 | X10, X11, X12 — cUSDT/cUSDC and PMM on L2s; token-aggregation for new chains | run-pmm-full-parity Phase 2 (parallel per chain) |
| E6 | B6, B7, C5, C6, C7 — Bridge UI, test bridge, destination DEX, full path quote UI, E2E test | Code/Op |
| E7 | X13, X14 — Update PMM_DEX_ROUTING_STATUS; runbooks | Doc |
Flow A (swap 138): A1A6; A7A8 optional. Flow B (bridge): B1B7. Flow C (swap-bridge-swap): C1C7 (depends on A+B).
---
## Token contract deployments (remaining)
Full list: [TOKEN_CONTRACT_DEPLOYMENTS_REMAINING.md](../11-references/TOKEN_CONTRACT_DEPLOYMENTS_REMAINING.md).
| # | Task | Owner | Ref |
|---|------|--------|-----|
| T1 | **DeployCompliantFiatTokens (Chain 138):** cEURC, cEURT, cGBPC, cGBPT, cAUDC, cJPYC, cCHFC, cCADC, cXAUC, cXAUT. Prereq: CREATE2_FACTORY_ADDRESS. Use Core RPC (IP:port). | ✅ Done 2026-02-27 | TOKEN_CONTRACT_DEPLOYMENTS_REMAINING §1 |
| T2 | **Optional cCADT:** Uncomment cCADT line in DeployCompliantFiatTokens.s.sol and re-run script when needed (Tether-style CAD). | Dev/Op | TOKEN_CONTRACT_DEPLOYMENTS_REMAINING §1.2 |
| T3 | **cAUSDT:** Deploy or env when Alltra compliant USD token defined; no script in repo. | TBD | TOKEN_CONTRACT_DEPLOYMENTS_REMAINING §1.3 |
| T4 | **ACADT (ALL Mainnet 651940):** No script in repo; address TBD when Alltra adds CAD token. | TBD | TOKEN_CONTRACT_DEPLOYMENTS_REMAINING §2 |
| T5 | **cW* on public chains:** Deploy/bridge cW* per chain; create PMM edge pools per pool-matrix. | Operator | TOKEN_CONTRACT_DEPLOYMENTS_REMAINING §3 |
| T6 | **D-WIN W on 138/651940 (optional):** Extend DeployISO4217WSystem for Chain 138 or 651940 if desired. | Planned | TOKEN_CONTRACT_DEPLOYMENTS_REMAINING §4 |
| T7 | **Vault ac*/vdc*/sdc* for new base tokens:** After DeployCompliantFiatTokens, extend DeployAcVdcSdcVaults for each new base. | Operator/LAN | TOKEN_CONTRACT_DEPLOYMENTS_REMAINING §5 |
---
@@ -48,7 +114,7 @@
| # | Task | Owner | Ref |
|---|------|--------|-----|
| 12 | **AddressMapper on other chains:** Deploy via DeployAddressMapperOtherChain; set `mapper` in smart-contracts-master.json. (Cronos done.) | Planned | OPTIONAL_DEPLOYMENTS_START_HERE §A |
| 13 | **DODO PMM on 138:** Deploy DODOPMMIntegration; set env; create cUSDT/cUSDC pools; document in LIQUIDITY_POOLS_MASTER_MAP. | Planned | OPTIONAL_DEPLOYMENTS_START_HERE §B |
| 13 | **DODO PMM on 138:** Integration and pools **already deployed** (2026-02-28). Remaining: add liquidity (AddLiquidityPMMPoolsChain138 / run-pmm-full-parity); document in LIQUIDITY_POOLS_MASTER_MAP. | Planned | NEXT_STEPS_PMM_FULL_PARITY_AND_ALL_POOLS |
| 14 | **Mainnet trustless stack:** Deploy Lockbox138 (138) + InboxETH, BondManager, LiquidityPoolETH (Mainnet) per runbook; fund liquidity. | Planned | OPTIONAL_DEPLOYMENTS_START_HERE §C |
---
@@ -82,7 +148,7 @@
| Phase 2 — Observability | Monitoring stack; Grafana via Cloudflare Access; alerts | ⏳ Pending |
| Phase 3 — CCIP fleet | CCIP Ops/Admin; commit/execute/RMN nodes; NAT pools | ⏳ Pending |
| Phase 4 — Sovereign tenants | Sovereign VLANs; tenant isolation; access control | ⏳ Pending |
| Missing containers | 2506, 2507, 2508 (Besu RPC) — see MISSING_CONTAINERS_LIST.md | High |
| ~~Missing~~ containers 25062508 | **Destroyed 2026-02-08**; replaced by new RPC structure (2101, 2201, 2301, 23032308, 24002403). RPC range 25002505 only. No create action. See [MISSING_CONTAINERS_LIST.md](../03-deployment/MISSING_CONTAINERS_LIST.md). | Done (doc only) |
---
@@ -115,15 +181,19 @@ Cron: `schedule-daily-weekly-cron.sh --install`; NPMplus backup: `schedule-npmpl
| Check | Command |
|-------|---------|
| Completable from anywhere | `./scripts/run-completable-tasks-from-anywhere.sh` |
| Validate (Proxmox SSH) | `bash scripts/run-via-proxmox-ssh.sh validate [--host IP]` — shellcheck (full) + genesis validation; installs jq/shellcheck on host if missing |
| All validation (CI) | `bash scripts/verify/run-all-validation.sh [--skip-genesis]` |
| Config files | `bash scripts/validation/validate-config-files.sh` |
| On-chain (Chain 138) | `./scripts/verify/check-contracts-on-chain-138.sh` |
| E2E routing | `./scripts/verify/verify-end-to-end-routing.sh` |
| **Test all contracts (before deploy)** | `./scripts/deployment/test-all-contracts-before-deploy.sh` — use `--dry-run` / `--no-match "Fork|Mainnet|Integration|e2e"` / `--alltra` |
---
## References
- [RECOMMENDATIONS_AND_FIXES_BEFORE_DEPLOY.md](../03-deployment/RECOMMENDATIONS_AND_FIXES_BEFORE_DEPLOY.md) — all recommendations and fixes before deploying smart contracts and PMM pools
- [TOKEN_CONTRACT_DEPLOYMENTS_REMAINING.md](../11-references/TOKEN_CONTRACT_DEPLOYMENTS_REMAINING.md) — remaining token deployments by category
- [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md) — copy-paste commands for all operator/LAN tasks
- [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md) — full detail and completed items
- [NEXT_STEPS_MASTER.md](NEXT_STEPS_MASTER.md) — master list and phases

24
docs/00-meta/TODO_TASK_LIST_MASTER.md
View File

@@ -1,17 +1,23 @@
# Master TODO Task List
**Last Updated:** 2026-02-13
**Last Updated:** 2026-03-02
**Purpose:** Consolidated list of all fixes, enhancements, improvements, optimizations, recommendations, and missed steps.
**Full index (1139):** [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](../ALL_IMPROVEMENTS_AND_GAPS_INDEX.md)
**Full index (1139):** [ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md). **Full deployment order:** [DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) (Phase 06); before deploy run `./scripts/deployment/preflight-chain138-deploy.sh [--cost]`.
**Fully expanded checklist (everything conceivable):** **[MASTER_TODO_EXPANDED.md](MASTER_TODO_EXPANDED.md)** — Blitzkrieg Steps 019, R1R23, tasks 130, Ledger 817, DEX/TransactionMirror, Tezos/CCIP, CONTRACT_NEXT_STEPS, GAPS, Supreme Command, Absolute Air Superiority, ALL_REQUIREMENTS, and validation commands.
**Execution mode: Full maximum parallel.** Run all remaining items in parallel by wave. See **[FULL_PARALLEL_EXECUTION_ORDER.md](FULL_PARALLEL_EXECUTION_ORDER.md)** for the ordered wave list (Wave 0 → Wave 1 → Wave 2 → Wave 3). Within each wave, execute every item concurrently; no artificial sequencing. Validation commands at bottom.
**Status:** [FULL_PARALLEL_RUN_LOG.md](../archive/00-meta-pruned/FULL_PARALLEL_RUN_LOG.md) (archived) | [WAVE1_COMPLETION_SUMMARY.md](WAVE1_COMPLETION_SUMMARY.md) | [WAVE2_WAVE3_OPERATOR_CHECKLIST.md](WAVE2_WAVE3_OPERATOR_CHECKLIST.md) | [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md) (step-by-step; 2026-02-05 completion) | **[REMAINING_TASKS_AND_API_FEATURES.md](REMAINING_TASKS_AND_API_FEATURES.md)** (2026-02-10: consolidated remaining tasks + API features inventory).
**Status:** [FULL_PARALLEL_RUN_LOG.md](../archive/00-meta-pruned/FULL_PARALLEL_RUN_LOG.md) (archived) | [WAVE1_COMPLETION_SUMMARY.md](WAVE1_COMPLETION_SUMMARY.md) | [WAVE2_WAVE3_OPERATOR_CHECKLIST.md](WAVE2_WAVE3_OPERATOR_CHECKLIST.md) | [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md) (step-by-step; 2026-02-05 completion) | **[REMAINING_TASKS_AND_API_FEATURES.md](REMAINING_TASKS_AND_API_FEATURES.md)** (2026-02-10: consolidated remaining tasks + API features inventory). **Single plan (required/optional/recommended):** [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md).
**2026-02-05:** Master documentation updated (MASTER_INDEX v5.8, docs/README, MASTER_PLAN, NEXT_STEPS_MASTER); "Can be accomplished now" list completed; 32 files archived to docs/archive/00-meta-status/.
**2026-02-23:** Placeholders/fixes sync: TODOS_CONSOLIDATED, NEXT_STEPS_AND_REMAINING_TODOS, NEXT_STEPS_FOR_YOU updated to reference REQUIRED_FIXES_UPDATES_GAPS §4 (canonical addresses, AlltraAdapter, smart accounts, quote FABRIC_CHAIN_ID, .bak — all Done or Documented). Remaining in-repo fixes complete; operator/LAN and deferred items unchanged.
**2026-02-28:** Master documentation refresh — MASTER_INDEX 6.6; REPOSITORIES_AND_PRS_CHAIN138; pr-ready (eip155-138 public RPC only, Trust Wallet); set-missing-dotenv-chain138.sh; deploy-bridges-config-ready-chains.sh; ENV_CONFIG_READY_CHAINS (Gnosis/Celo/Wemix); WHATS_LEFT_OPERATOR_AND_EXTERNAL, NEXT_STEPS_INDEX updated.
**2026-02-27:** Deployment order of operations ([DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md)) and preflight script (`preflight-chain138-deploy.sh`) added. Deployment safety: correct RPC (Core only), correct dotenv (smom-dbis-138/.env), gas/cost estimate before deploy, do not deploy when stuck. NEXT_STEPS_AND_REMAINING_TODOS, TODOS_CONSOLIDATED updated with next-steps table and 2026-02-27 completion.
---
## 1. Critical Fixes (Do First)
@@ -42,6 +48,16 @@
- [x] **Real transfer:** Omit `--dry-run` to execute sendCrossChain; documented in [scripts/README.md](../../scripts/README.md) §8. Ensure LINK approved for fee token if needed.
- [ ] **Paymaster (optional):** `forge script script/smart-accounts/DeployPaymaster.s.sol --rpc-url $RPC_URL_138 --broadcast` — requires contract sources; see [SMART_ACCOUNTS_DEPLOYMENT_NOTE.md](../../metamask-integration/docs/SMART_ACCOUNTS_DEPLOYMENT_NOTE.md)
### Undeployed contracts — pre-deployment (test, gas check, gas API, dry-run)
**Full checklist:** [UNDEPLOYED_CONTRACTS_PRE_DEPLOYMENT_TASKS.md](../03-deployment/UNDEPLOYED_CONTRACTS_PRE_DEPLOYMENT_TASKS.md)
- [x] **Check deployer wallet for gas** on Chain 138 and all target chains: `cd smom-dbis-138 && ./scripts/deployment/check-balances-gas-and-deploy.sh`
- [x] **Use gas API to estimate** all undeployed contract deployment costs: `./scripts/deployment/get-multichain-gas-prices.sh`; optionally `update-gas-estimates.sh`; estimate per-script gas (forge/cast) for PMM pool creation, TransactionMirror, EnhancedSwapRouter, DODOPMMProvider, and any multichain cW*/PMM.
- [x] **Dry-run Chain 138 deployments:** `deploy-contracts-unified.sh --dry-run` (RPC + init fixes applied); DeployDeterministicCore simulated; PMM pool creation: set `DODO_PMM_INTEGRATION_ADDRESS` then `DRY_RUN=true ./scripts/create-all-dodo-pools-from-token-api.sh`; TransactionMirror script (no --broadcast); `deploy-optional-future-all.sh --dry-run`; `fund-ccip-bridges-with-link.sh --dry-run`.
- [ ] **Dry-run mainnet/multichain** (if applicable): `dry-run-mainnet-deployment.sh` (requires ETHEREUM_MAINNET_RPC, PRIVATE_KEY) or per-script `forge script ... --dry-run` for each target chain.
- [x] **Test not-deployed components:** Run `check-contracts-on-chain-138.sh` after any new deploy (36/36 present). Validate PMM pool creation path when pools created; DODOPMMProvider when implemented; TransactionMirror receive path after deploy; EnhancedSwapRouter when pools exist.
---
## 3. Verification Fixes (Applied — Verify)
@@ -131,7 +147,7 @@
- [ ] **Blitzkrieg trail:** Steps 019 (env freeze, canonical registry, token lists, GRU M1, CCIP, W-Tokens, wallet ingestion, Blockscout, bridge hardening, CI/CD, monitoring, security, dry-run done; optional Tezos/DODO)
- [ ] **Recommendations R1R23:** Verification, single source of truth, on-chain check, secrets, RPC/gas/order, runbooks, automation, monitoring, tests, Sankofa/network placeholders
- [ ] **DEX / cross-chain:** TransactionMirror (Mainnet verify, Chain 138 deploy if needed); DODO (DODOPMMIntegration + Provider); EnhancedSwapRouter when pools exist; full trustless stack; Jumper/FABRIC_CHAIN_ID
- [ ] **DEX / cross-chain:** TransactionMirror (Mainnet verify, Chain 138 deploy if needed); DODO (DODOPMMIntegration + Provider); EnhancedSwapRouter when pools exist; full trustless stack; Jumper/FABRIC_CHAIN_ID. **Before any Chain 138 deploy:** run `./scripts/deployment/preflight-chain138-deploy.sh [--cost]`; follow [DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) Phase 06.
- [ ] **Tezos/CCIP:** External verification (CCIP/Jumper/LiFi); InitializeRegistry/DeployAllAdapters; Etherlink receivers; relay; DON; monitoring; testing
- [ ] **Supreme Command:** Deployment matrix, risk scoreboard, RAG dashboard, reconciliation, prod vs testnet, war-room
- [ ] **Absolute Air Superiority:** Sentinel, canonical anchoring, circuit breaker, stress test, time-to-containment, formal verification, sovereign continuity

2
docs/00-meta/WAVE2_WAVE3_OPERATOR_CHECKLIST.md
View File

@@ -30,7 +30,7 @@
| W2-3 | VLAN enablement: UDM Pro VLAN config; Proxmox bridge; migrate services | By VLAN / host | NETWORK_ARCHITECTURE.md §35; UDM_PRO_VLAN_* docs |
| W2-4 | Phase 3 CCIP: Ops/Admin (5400-5401); NAT pools; commit/execute/RMN scripts | Ops first, then NAT, then scripts | CCIP_DEPLOYMENT_SPEC.md |
| W2-5 | Phase 4: Sovereign tenant VLANs; isolation | By tenant/VLAN | After W2-3 |
| W2-6 | Missing containers: 3 VMIDs only (2506, 2507, 2508) — see MISSING_CONTAINERS_LIST.md | By VMID / host | MISSING_CONTAINERS_LIST.md |
| W2-6 | ~~25062508~~ Destroyed 2026-02-08; RPC 25002505 only. No action. | — | MISSING_CONTAINERS_LIST.md |
| W2-7 | DBIS services (1010010151); Hyperledger | By host | Per deployment runbooks |
| W2-8 | NPMplus HA (Keepalived, 10234) | Optional | NPMPLUS_HA_SETUP_GUIDE.md |

59
docs/00-meta/WHATS_LEFT_OPERATOR_AND_EXTERNAL.md Normal file
View File

@@ -0,0 +1,59 @@
# Whats Left — Operator and External Only
**Last Updated:** 2026-02-28
**Purpose:** After completing in-repo and on-chain tasks (preflight, PMM pools, DODOPMMProvider, operator script NPMplus/backup/verify, Wemix re-check), these items require **operator (LAN/Proxmox/credentials)** or **you (third-party)**.
---
## Completed in this pass (2026-02-28)
- **Preflight:** Passed (RPC Core, dotenv, nonce consistent).
- **PMM pools:** All three created (cUSDT/cUSDC, cUSDT/USDT, cUSDC/USDC) and addresses documented.
- **DODOPMMProvider:** Deployed at `0x8EF6657D2a86c569F6ffc337EE6b4260Bd2e59d0`; all three pools registered via `RegisterDODOPools.s.sol`.
- **Operator script:** NPMplus RPC fix + backup + Blockscout verify run (see `run-all-operator-tasks-from-lan.sh`).
- **Wemix:** Re-fetched scan.wemix.com/tokens; WWEMIX confirmed; doc updated.
- **Docs:** PRE_DEPLOYMENT_CHECKLIST, LIQUIDITY_POOLS_MASTER_MAP updated with new pool and provider addresses.
- **Dotenv:** `set-missing-dotenv-chain138.sh` run — DODO_PMM_PROVIDER_ADDRESS, POOL_* appended to `smom-dbis-138/.env`.
- **Repositories/PRs:** [REPOSITORIES_AND_PRS_CHAIN138.md](REPOSITORIES_AND_PRS_CHAIN138.md) — Ledger, Trust, Chainlist, Consensys, CoinGecko/CMC, on-ramps/off-ramps (forms submitted; awaiting feedback).
- **Bridges:** ENV_CONFIG_READY_CHAINS.example filled with Gnosis/Celo/Wemix CCIP router, LINK, and WETH9/WETH10 (WXDAI, WCELO, WWEMIX). **Gnosis deployed 2026-02-28:** CCIPWETH9=0xE37c332a88f112F9e039C5d92D821402A89c7052, CCIPWETH10=0x04B2AE3c3bb3d70Df506FAd8717b0FBFC78ED7E6; destinations 138↔Gnosis configured. **Celo/Wemix:** Fund deployer with CELO (~0.1) and WEMIX (~0.4) then run `deploy-bridges-config-ready-chains.sh celo` and `wemix`, then `complete-config-ready-chains.sh`.
- **PR-ready:** [04-configuration/pr-ready/](../04-configuration/pr-ready/) — eip155-138.json (Chainlist) and trust-wallet-registry-chain138.json (Trust Wallet); see README for submission steps.
- **Maintenance:** `run-all-maintenance-via-proxmox-ssh.sh --e2e` was started via SSH; check `/tmp/proxmox-maintenance-out.log` for progress (steps 04 run; E2E runs at step 5).
---
## Operator / LAN only
| # | Task | Command / doc |
|---|------|----------------|
| 1 | **E2E 502 fix** | `./scripts/maintenance/run-all-maintenance-via-proxmox-ssh.sh --e2e` or `./scripts/maintenance/address-all-remaining-502s.sh --run-besu-fix --e2e` (requires SSH to Proxmox). Runbook: [502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md](502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md). |
| 2 | **Celo, Wemix CCIP bridges** | Gnosis done. Per chain: fund deployer (CELO ~0.1, WEMIX ~0.4), run `deploy-bridges-config-ready-chains.sh [celo|wemix]`, then `complete-config-ready-chains.sh`, fund LINK. [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md). |
| 3 | **LINK support on Mainnet relay** | Option A or B per [RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md](../07-ccip/RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md); implement, deploy, fund; set `relaySupported: true` for LINK; restart relay. |
| 4 | **Set DODO_PMM_PROVIDER_ADDRESS in .env** | Run `./scripts/deployment/set-missing-dotenv-chain138.sh` to append provider and pool addresses (already run 2026-02-28). |
---
## External / third-party (you)
| # | Task | Doc |
|---|------|-----|
| 5 | **Ledger** | Tally form submitted; await response. Repos: LedgerHQ/ledger-live, app-ethereum, wallet-api; review repo: bis-innovations/LedgerLive. [ADD_CHAIN138_TO_LEDGER_LIVE](../04-configuration/ADD_CHAIN138_TO_LEDGER_LIVE.md). |
| 6 | **Trust Wallet** | Open PR to [trustwallet/wallet-core](https://github.com/trustwallet/wallet-core). [ADD_CHAIN138_TO_TRUST_WALLET](../04-configuration/ADD_CHAIN138_TO_TRUST_WALLET.md). |
| 7 | **Consensys** | Outreach (contact form / business@consensys.io). [CONSENSYS_OUTREACH_PACKAGE](../../metamask-integration/docs/CONSENSYS_OUTREACH_PACKAGE.md). |
| 8 | **CoinGecko/CMC** | Submit via platform forms (not PR). [CMC_COINGECKO_SUBMISSION_RUNBOOK](../04-configuration/coingecko/CMC_COINGECKO_SUBMISSION_RUNBOOK.md). |
| 9 | **On-ramps/off-ramps** | Request Chain 138: MoonPay, Ramp, Transak, etc. (no public PR repos). [REPOSITORIES_AND_PRS_CHAIN138.md](REPOSITORIES_AND_PRS_CHAIN138.md). |
---
## Planned (when scoped)
- **AddressMapper on other chains** (Cronos done); deploy via DeployAddressMapperOtherChain.s.sol.
- **Mainnet trustless stack:** Lockbox138 + InboxETH, BondManager, LiquidityPoolETH (Mainnet).
- **Tezos/Etherlink:** InitializeRegistry, DeployAllAdapters; Etherlink receiver; relay services.
---
## Quick reference
- **Operator copy-paste:** [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md).
- **Full deployment order:** [DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md).
- **Full next steps:** [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md).