docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates

- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>

scripts/backup/automated-backup.sh

@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+# Phase 2: Automated backup - configs + optional NPMplus.
+# Usage: ./scripts/backup/automated-backup.sh [--dry-run] [--skip-npmplus]
+# Cron example (daily 02:00): 0 2 * * * /path/to/automated-backup.sh
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
+DRY_RUN=false
+SKIP_NPMPLUS=true
+
+for arg in "$@"; do
+  [[ "$arg" == "--dry-run" ]] && DRY_RUN=true
+  [[ "$arg" == "--skip-npmplus" ]] && SKIP_NPMPLUS=true
+  [[ "$arg" == "--with-npmplus" ]] && SKIP_NPMPLUS=false
+done
+
+BACKUP_SCRIPT="${PROJECT_ROOT}/scripts/backup-proxmox-configs.sh"
+NPMPLUS_SCRIPT="${PROJECT_ROOT}/scripts/verify/backup-npmplus.sh"
+
+echo "[Phase 2] Automated backup $(date -Iseconds)"
+echo "  DRY_RUN=$DRY_RUN SKIP_NPMPLUS=$SKIP_NPMPLUS"
+
+if $DRY_RUN; then
+  echo "[DRY-RUN] Would run: $BACKUP_SCRIPT"
+  [[ "$SKIP_NPMPLUS" == "false" ]] && echo "[DRY-RUN] Would run: $NPMPLUS_SCRIPT"
+  exit 0
+fi
+
+"$BACKUP_SCRIPT" || { echo "[ERROR] Config backup failed"; exit 1; }
+
+if [[ "$SKIP_NPMPLUS" == "false" ]] && [[ -f "$NPMPLUS_SCRIPT" ]]; then
+  if [[ -n "${NPM_PASSWORD:-}" ]] || [[ -f "${PROJECT_ROOT}/.env" ]]; then
+    "$NPMPLUS_SCRIPT" || echo "[WARN] NPMplus backup failed (check NPM_PASSWORD)"
+  else
+    echo "[SKIP] NPMplus backup (NPM_PASSWORD not set)"
+  fi
+fi
+
+echo "[OK] Automated backup complete. See backups/configs/ and backups/npmplus/"

scripts/backup/backup-configs.sh

@@ -1,96 +0,0 @@
-#!/bin/bash
-# Backup Configuration Files and Validator Keys
-# Creates encrypted backups of critical files
-
-set -euo pipefail
-
-SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
-
-# Colors
-GREEN='\033[0;32m'
-BLUE='\033[0;34m'
-YELLOW='\033[1;33m'
-NC='\033[0m'
-
-log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
-log_success() { echo -e "${GREEN}[✓]${NC} $1"; }
-log_warn() { echo -e "${YELLOW}[WARNING]${NC} $1"; }
-
-# Backup configuration
-BACKUP_BASE="${BACKUP_BASE:-/backup/smom-dbis-138}"
-BACKUP_DIR="$BACKUP_BASE/$(date +%Y%m%d-%H%M%S)"
-mkdir -p "$BACKUP_DIR"
-
-log_info "Creating backup in: $BACKUP_DIR"
-
-# Backup deployment configs (if on Proxmox host)
-if [[ -d "$PROJECT_ROOT/config" ]]; then
-    log_info "Backing up deployment configuration files..."
-    tar -czf "$BACKUP_DIR/deployment-configs.tar.gz" -C "$PROJECT_ROOT" config/ || {
-        log_warn "Failed to backup deployment configs (may not be on Proxmox host)"
-    }
-fi
-
-# Backup source project configs (if accessible)
-SOURCE_PROJECT="${SOURCE_PROJECT:-/home/intlc/projects/smom-dbis-138}"
-if [[ -d "$SOURCE_PROJECT/config" ]]; then
-    log_info "Backing up source project configuration files..."
-    tar -czf "$BACKUP_DIR/source-configs.tar.gz" -C "$SOURCE_PROJECT" config/ || {
-        log_warn "Failed to backup source configs"
-    }
-    
-    # Backup validator keys (encrypted if gpg available)
-    if [[ -d "$SOURCE_PROJECT/keys/validators" ]]; then
-        log_info "Backing up validator keys..."
-        if command -v gpg >/dev/null 2>&1; then
-            tar -czf - -C "$SOURCE_PROJECT" keys/validators/ | \
-                gpg -c --cipher-algo AES256 --batch --yes \
-                --passphrase "${BACKUP_PASSPHRASE:-}" \
-                > "$BACKUP_DIR/validator-keys.tar.gz.gpg" 2>/dev/null || {
-                log_warn "GPG encryption failed, backing up without encryption"
-                tar -czf "$BACKUP_DIR/validator-keys.tar.gz" -C "$SOURCE_PROJECT" keys/validators/
-            }
-        else
-            log_warn "GPG not available, backing up without encryption"
-            tar -czf "$BACKUP_DIR/validator-keys.tar.gz" -C "$SOURCE_PROJECT" keys/validators/
-        fi
-    fi
-fi
-
-# Backup container configurations (if pct available)
-if command -v pct >/dev/null 2>&1; then
-    log_info "Backing up container configurations..."
-    mkdir -p "$BACKUP_DIR/containers"
-    for vmid in 1000 1001 1002 1003 1004 1500 1501 1502 1503 2500 2501 2502; do
-        if pct config "$vmid" >/dev/null 2>&1; then
-            pct config "$vmid" > "$BACKUP_DIR/containers/container-$vmid.conf" 2>/dev/null || true
-        fi
-    done
-    log_success "Container configs backed up"
-fi
-
-# Create backup manifest
-cat > "$BACKUP_DIR/manifest.txt" <<MANIFEST
-Backup created: $(date)
-Backup location: $BACKUP_DIR
-Contents:
-  - deployment-configs.tar.gz
-  - source-configs.tar.gz
-  - validator-keys.tar.gz[.gpg]
-  - containers/ (container configurations)
-
-Restore instructions:
-  1. Extract configs: tar -xzf deployment-configs.tar.gz
-  2. Extract source configs: tar -xzf source-configs.tar.gz
-  3. Decrypt and extract keys: gpg -d validator-keys.tar.gz.gpg | tar -xzf -
-  4. Restore container configs from containers/ directory
-MANIFEST
-
-log_success "Backup complete: $BACKUP_DIR"
-
-# Retention policy: Keep backups for 30 days
-log_info "Cleaning up old backups (retention: 30 days)..."
-find "$BACKUP_BASE" -mindepth 1 -maxdepth 1 -type d -mtime +30 -exec rm -rf {} \; 2>/dev/null || true
-
-log_success "Backup process complete!"