Map composer into HYBX sidecar plans

Add RTGS later-phase sidecar deployment scaffolding
Add RTGS control-plane deployment scaffolding
2026-03-29 03:34:23 -07:00 · 2026-03-29 02:28:15 -07:00 · 2026-03-29 02:24:12 -07:00 · 2026-03-29 02:12:45 -07:00 · 2026-03-29 02:10:40 -07:00 · 2026-03-29 01:23:57 -07:00
1908 changed files with 29334 additions and 48429 deletions
--- a/.cursor/rules/chain138-tokens-and-pmm.mdc
+++ b/.cursor/rules/chain138-tokens-and-pmm.mdc
@@ -10,8 +10,10 @@ alwaysApply: true
 - **cUSDT:** `0x93E66202A11B1772E55407B32B44e5Cd8eda7f22` (6 decimals)
 - **cUSDC:** `0xf22258f57794CC8E06237084b353Ab30fFfa640b` (6 decimals)
-**DODOPMMIntegration:** `0x79cdbaFBaA0FdF9F55D26F360F54cddE5c743F7D` — on-chain verified 2026-03-04: `compliantUSDT()` / `compliantUSDC()` return the canonical addresses above.
+**DODOPMMIntegration:** `0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d` — reconciled with `docs/11-references/ADDRESS_MATRIX_AND_STATUS.md` (on-chain verification 2026-03-26); `compliantUSDT()` / `compliantUSDC()` return the canonical cUSDT/cUSDC above.
-**PMM pools:** cUSDT/cUSDC `0x9fcB06Aa1FD5215DC0E91Fd098aeff4B62fEa5C8` | cUSDT/USDT `0xa3Ee6091696B28e5497b6F491fA1e99047250c59` | cUSDC/USDC `0x90bd9Bf18Daa26Af3e814ea224032d015db58Ea5`
+**PMM pools (live funded public):** cUSDT/cUSDC `0xff8d3b8fDF7B112759F076B69f4271D4209C0849` | cUSDT/USDT `0x6fc60DEDc92a2047062294488539992710b99D71` | cUSDC/USDC `0x9f74Be42725f2Aa072a9E0CdCce0E7203C510263` — see `docs/11-references/ADDRESS_MATRIX_AND_STATUS.md` / `PMM_DEX_ROUTING_STATUS.md`.
 **cXAUC / cXAUT (XAU):** `0x290E52a8819A4fbD0714E517225429aA2B70EC6b`, `0x94e408E26c6FD8F4ee00b54dF19082FDA07dC96E` (6 decimals). **1 full token = 1 troy ounce Au** — not USD face value; see `EXPLORER_TOKEN_LIST_CROSSCHECK.md` section 5.1.
 **RPC (deploy):** `RPC_URL_138=http://192.168.11.211:8545`. **Deployer:** `0x4A666F96fC8764181194447A7dFdb7d471b301C8`. Add-liquidity reads tokens from the integration contract, not env. Do not use non-canonical Blockscout addresses (§2 of EXPLORER_TOKEN_LIST_CROSSCHECK).
--- a/.env.master.example
+++ b/.env.master.example
@@ -17,6 +17,8 @@ PROXMOX_TOKEN_VALUE=
 PROXMOX_ALLOW_ELEVATED=
 # --- Cloudflare ---
 # Prefer CLOUDFLARE_API_TOKEN scoped to Zone:DNS:Edit on the zones you use (avoid global Account API key when possible).
 # Bulk DNS script: scripts/update-all-dns-to-public-ip.sh — use --dry-run and --zone-only=sankofa.nexus (etc.) before wide updates.
 CLOUDFLARE_API_TOKEN=
 CLOUDFLARE_EMAIL=
 CLOUDFLARE_API_KEY=
--- a/.gitignore
+++ b/.gitignore
@@ -16,6 +16,9 @@ yarn.lock
 *.log
 logs/
 # NPMplus backups (backup-npmplus.sh — tarballs and extracted trees; may contain certs/DB)
 backups/npmplus/
 # OS files
 .DS_Store
 Thumbs.db
@@ -57,6 +60,9 @@ docs/04-configuration/coingecko/logos/*.png
 # Ephemeral phase markers
 .phase1-event-status
 # DBIS Phase 1 discovery — timestamped reports (run scripts/verify/run-phase1-discovery.sh)
 reports/phase1-discovery/phase1-discovery-*.md
 # OMNL operator rail (env-specific IDs, reconciliation, audit packets, posted refs)
 ids.env
 reconciliation/
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,7 +1,7 @@
 [submodule "explorer-monorepo"]
 	path = explorer-monorepo
-	url = https://github.com/Order-of-Hospitallers/chain-138-explorer.git
+	url = https://gitea.d-bis.org/d-bis/explorer-monorepo.git
-	# Note: If remote repository doesn't exist, this is a local-only submodule
+	# Primary integration remote is Gitea; use GitHub only as an optional mirror when available.
 [submodule "mcp-proxmox"]
 	path = mcp-proxmox
 	url = https://github.com/gilby125/mcp-proxmox.git
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -0,0 +1,43 @@
 # Proxmox workspace — agent instructions
 Single canonical copy for Cursor/Codex. (If your editor also loads `.cursor/rules`, treat those as overlays.)
 ## Scope
 Orchestration for Proxmox VE, Chain 138 (`smom-dbis-138/`), explorers, NPMplus, and deployment runbooks.
 ## Quick pointers
 | Need | Location |
 |------|-----------|
 | Doc index | `docs/MASTER_INDEX.md` |
 | cXAUC/cXAUT unit | 1 full token = 1 troy oz Au — `docs/11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md` (section 5.1) |
 | PMM mesh 6s tick | `smom-dbis-138/scripts/reserve/pmm-mesh-6s-automation.sh` — `docs/integration/ORACLE_AND_KEEPER_CHAIN138.md` (PMM mesh automation) |
 | VMID / IP / FQDN | `docs/04-configuration/ALL_VMIDS_ENDPOINTS.md` |
 | Ops template + JSON | `docs/03-deployment/PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md`, `config/proxmox-operational-template.json` |
 | Live vs template (read-only SSH) | `bash scripts/verify/audit-proxmox-operational-template.sh` |
 | Config validation | `bash scripts/validation/validate-config-files.sh` |
 | FQDN / NPM E2E verifier | `bash scripts/verify/verify-end-to-end-routing.sh --profile=public` — inventory: `docs/04-configuration/E2E_ENDPOINTS_LIST.md`. Gitea Actions URLs (no API): `bash scripts/verify/print-gitea-actions-urls.sh` |
 | Submodule trees clean (CI / post-merge) | `bash scripts/verify/submodules-clean.sh` |
 | Submodule + explorer remotes | `docs/00-meta/SUBMODULE_HYGIENE.md` |
 | smom-dbis-138 `.env` in bash scripts | Prefer `source smom-dbis-138/scripts/lib/deployment/dotenv.sh` + `load_deployment_env --repo-root "$PROJECT_ROOT"` (trims RPC URL line endings). From an interactive shell: `source smom-dbis-138/scripts/load-env.sh`. Proxmox root scripts: `source scripts/lib/load-project-env.sh` (also trims common RPC vars). |
 | Sankofa portal → CT 7801 (build + restart) | `./scripts/deployment/sync-sankofa-portal-7801.sh` (`--dry-run` first); sets `NEXTAUTH_URL` on CT via `sankofa-portal-ensure-nextauth-on-ct.sh` |
 | CCIP relay (r630-01 host) | Unit: `config/systemd/ccip-relay.service` → `/etc/systemd/system/ccip-relay.service`; `systemctl enable --now ccip-relay` |
 | TsunamiSwap VM 5010 check | `./scripts/deployment/tsunamiswap-vm-5010-provision.sh` (inventory only until VM exists) |
 | The Order portal (`https://the-order.sankofa.nexus`) | OSJ management UI (secure auth); source repo **the_order** at `~/projects/the_order`. NPM upstream defaults to **order-haproxy** CT **10210** (`IP_ORDER_HAPROXY:80`); use `THE_ORDER_UPSTREAM_*` to point at the Sankofa portal if 10210 is down. Provision HAProxy: `scripts/deployment/provision-order-haproxy-10210.sh`. **`www.the-order.sankofa.nexus`** → **301** apex (same as www.sankofa / www.phoenix). |
 | Portal login + Keycloak systemd + `.env` (prints password once) | `./scripts/deployment/enable-sankofa-portal-login-7801.sh` (`--dry-run` first) |
 | Completable (no LAN) | `./scripts/run-completable-tasks-from-anywhere.sh` |
 | Operator (LAN + secrets) | `./scripts/run-all-operator-tasks-from-lan.sh` (use `--skip-backup` if `NPM_PASSWORD` unset) |
 | Cloudflare bulk DNS → `PUBLIC_IP` | `./scripts/update-all-dns-to-public-ip.sh` — use **`--dry-run`** and **`--zone-only=sankofa.nexus`** (or `d-bis.org` / `mim4u.org` / `defi-oracle.io`) to limit scope; see script header. Prefer scoped **`CLOUDFLARE_API_TOKEN`** (see `.env.master.example`). |
 ## Git submodules
 Most submodules are **pinned commits**; `git submodule update --init --recursive` often leaves **detached HEAD** — that is normal. To **change** a submodule: check out a branch inside it, commit, **push the submodule first**, then commit and push the **parent** submodule pointer. Do not embed credentials in `git remote` URLs; use SSH or a credential helper. Explorer Gitea vs GitHub and token cleanup: `docs/00-meta/SUBMODULE_HYGIENE.md`.
 ## Rules of engagement
 - Review scripts before running; prefer `--dry-run` where supported.
 - Do not run the full operator flow when everything is healthy unless the user explicitly wants broad fixes (NPM/nginx/RPC churn).
 - Chain 138 deploy RPC: `http://192.168.11.211:8545` (Core). Read-only / non-deploy checks may use public RPC per project rules.
 Full detail: see embedded workspace rules and `docs/00-meta/OPERATOR_READY_CHECKLIST.md`.
--- a/README.md
+++ b/README.md
@@ -8,7 +8,7 @@ This workspace contains multiple Proxmox-related projects managed as a monorepo
 - **`ProxmoxVE/`** - ProxmoxVE Helper Scripts - Collection of scripts and frontend for managing Proxmox containers and VMs
 - **`smom-dbis-138/`** - Blockchain network and services (Chain 138); **`smom-dbis-138-proxmox/`** - Deployment scripts (if present)
 - For the full submodule list and relationships, see [docs/11-references/SUBMODULE_RELATIONSHIP_MAP.md](docs/11-references/SUBMODULE_RELATIONSHIP_MAP.md)
- **Documentation:** [docs/README.md](docs/README.md) · [docs/MASTER_INDEX.md](docs/MASTER_INDEX.md) · Next steps: [docs/00-meta/NEXT_STEPS_INDEX.md](docs/00-meta/NEXT_STEPS_INDEX.md). Root status reports moved to [docs/archive/](docs/archive/README.md) (2026-02-20).
+- **Documentation:** [docs/README.md](docs/README.md) · [docs/MASTER_INDEX.md](docs/MASTER_INDEX.md) · Next steps: [docs/00-meta/NEXT_STEPS_INDEX.md](docs/00-meta/NEXT_STEPS_INDEX.md). Historical files live under `docs/archive/` on disk — inventory: [docs/00-meta/ARCHIVE_CANDIDATES.md](docs/00-meta/ARCHIVE_CANDIDATES.md) (do not treat archive paths as primary doc links).
 ## Prerequisites
--- a/2
+++ b/2
--- a/backups/npmplus/npmplus-backup-20260119_005333.tar.gz
+++ b/backups/npmplus/npmplus-backup-20260119_005333.tar.gz
--- a/backups/npmplus/npmplus-backup-20260119_012539.tar.gz
+++ b/backups/npmplus/npmplus-backup-20260119_012539.tar.gz
--- a/config/aggregator-route-matrix.csv
+++ b/config/aggregator-route-matrix.csv
@@ -0,0 +1,26 @@
 kind,routeId,status,routeType,fromChainId,toChainId,tokenInSymbol,tokenInAddress,tokenOutSymbol,tokenOutAddress,hopCount,bridgeType,bridgeAddress,aggregatorFamilies,tags,intermediateSymbols,legRefs,notesOrReason
 liveSwapRoute,138-cUSDT-cUSDC-direct,live,swap,138,138,cUSDT,0x93E66202A11B1772E55407B32B44e5Cd8eda7f22,cUSDC,0xf22258f57794CC8E06237084b353Ab30fFfa640b,1,,,1inch|0x|LiFi,stable|direct|public,,0xff8d3b8fDF7B112759F076B69f4271D4209C0849,
 liveSwapRoute,138-cUSDT-USDT-direct,live,swap,138,138,cUSDT,0x93E66202A11B1772E55407B32B44e5Cd8eda7f22,USDT,0x004b63A7B5b0E06f6bB6adb4a5F9f590BF3182D1,1,,,1inch|0x|LiFi,stable|official-mirror|public,,0x6fc60DEDc92a2047062294488539992710b99D71,
 liveSwapRoute,138-cUSDC-USDC-direct,live,swap,138,138,cUSDC,0xf22258f57794CC8E06237084b353Ab30fFfa640b,USDC,0x71D6687F38b93CCad569Fa6352c876eea967201b,1,,,1inch|0x|LiFi,stable|official-mirror|public,,0x0309178ae30302D83c76d6Dd402a684eF3160eec,
 liveSwapRoute,138-cUSDT-cXAUC-direct,live,swap,138,138,cUSDT,0x93E66202A11B1772E55407B32B44e5Cd8eda7f22,cXAUC,0x290E52a8819A4fbD0714E517225429aA2B70EC6b,1,,,1inch|0x|LiFi,xau-hub|public,,0x1AA55E2001E5651349AfF5A63FD7A7Ae44f0F1b0,
 liveSwapRoute,138-cUSDC-cXAUC-direct,live,swap,138,138,cUSDC,0xf22258f57794CC8E06237084b353Ab30fFfa640b,cXAUC,0x290E52a8819A4fbD0714E517225429aA2B70EC6b,1,,,1inch|0x|LiFi,xau-hub|public,,0xEA9Ac6357CaCB42a83b9082B870610363B177cBa,
 liveSwapRoute,138-cEURT-cXAUC-direct,live,swap,138,138,cEURT,0xdf4b71c61E5912712C1Bdd451416B9aC26949d72,cXAUC,0x290E52a8819A4fbD0714E517225429aA2B70EC6b,1,,,1inch|0x|LiFi,xau-hub|public,,0xbA99bc1eAAC164569d5AcA96C806934DDaF970Cf,
 liveSwapRoute,138-cEURT-cUSDT-via-cXAUC,live,swap,138,138,cEURT,0xdf4b71c61E5912712C1Bdd451416B9aC26949d72,cUSDT,0x93E66202A11B1772E55407B32B44e5Cd8eda7f22,2,,,1inch|0x|LiFi,multihop|xau-hub|public,cXAUC,0xbA99bc1eAAC164569d5AcA96C806934DDaF970Cf|0x1AA55E2001E5651349AfF5A63FD7A7Ae44f0F1b0,Inferred from two live public pools.
 liveSwapRoute,138-cEURT-cUSDC-via-cXAUC,live,swap,138,138,cEURT,0xdf4b71c61E5912712C1Bdd451416B9aC26949d72,cUSDC,0xf22258f57794CC8E06237084b353Ab30fFfa640b,2,,,1inch|0x|LiFi,multihop|xau-hub|public,cXAUC,0xbA99bc1eAAC164569d5AcA96C806934DDaF970Cf|0xEA9Ac6357CaCB42a83b9082B870610363B177cBa,Inferred from two live public pools.
 liveSwapRoute,138-cUSDT-cUSDC-via-cXAUC,live,swap,138,138,cUSDT,0x93E66202A11B1772E55407B32B44e5Cd8eda7f22,cUSDC,0xf22258f57794CC8E06237084b353Ab30fFfa640b,2,,,1inch|0x|LiFi,multihop|xau-hub|public|alternate,cXAUC,0x1AA55E2001E5651349AfF5A63FD7A7Ae44f0F1b0|0xEA9Ac6357CaCB42a83b9082B870610363B177cBa,Alternate path to the deeper direct cUSDT/cUSDC pool.
 liveBridgeRoute,138-WETH-1-ccip,live,bridge,138,1,WETH,0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2,WETH,0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2,,CCIP,0xcacfd227A040002e49e2e01626363071324f820a,LiFi,,,,
 liveBridgeRoute,138-WETH-56-ccip,live,bridge,138,56,WETH,0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2,WETH,0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2,,CCIP,0xcacfd227A040002e49e2e01626363071324f820a,LiFi,,,,
 liveBridgeRoute,138-WETH-137-ccip,live,bridge,138,137,WETH,0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2,WETH,0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2,,CCIP,0xcacfd227A040002e49e2e01626363071324f820a,LiFi,,,,
 liveBridgeRoute,138-WETH-10-ccip,live,bridge,138,10,WETH,0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2,WETH,0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2,,CCIP,0xcacfd227A040002e49e2e01626363071324f820a,LiFi,,,,
 liveBridgeRoute,138-WETH-42161-ccip,live,bridge,138,42161,WETH,0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2,WETH,0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2,,CCIP,0xcacfd227A040002e49e2e01626363071324f820a,LiFi,,,,
 liveBridgeRoute,138-WETH-43114-ccip,live,bridge,138,43114,WETH,0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2,WETH,0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2,,CCIP,0xcacfd227A040002e49e2e01626363071324f820a,LiFi,,,,
 liveBridgeRoute,138-WETH-8453-ccip,live,bridge,138,8453,WETH,0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2,WETH,0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2,,CCIP,0xcacfd227A040002e49e2e01626363071324f820a,LiFi,,,,
 liveBridgeRoute,138-WETH-100-ccip,live,bridge,138,100,WETH,0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2,WETH,0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2,,CCIP,0xcacfd227A040002e49e2e01626363071324f820a,LiFi,,,,
 liveBridgeRoute,138-WETH-25-ccip,live,bridge,138,25,WETH,0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2,WETH,0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2,,CCIP,0xcacfd227A040002e49e2e01626363071324f820a,LiFi,,,,
 liveBridgeRoute,138-WETH-42220-ccip,live,bridge,138,42220,WETH,0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2,WETH,0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2,,CCIP,0xcacfd227A040002e49e2e01626363071324f820a,LiFi,,,,
 liveBridgeRoute,138-WETH-651940-alltra,live,bridge,138,651940,WETH,0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2,WETH,0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2,,ALT,0x66FEBA2fC9a0B47F26DD4284DAd24F970436B8Dc,LiFi,,,,
 liveBridgeRoute,138-WETH10-1-ccip,live,bridge,138,1,WETH10,0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9f,WETH10,0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9f,,CCIP,0xe0E93247376aa097dB308B92e6Ba36bA015535D0,LiFi,,,,
 blockedOrPlannedRoute,138-compliant-stable-to-weth-bridgeable,blocked,swap-bridge-swap,138,1,cUSDT|cUSDC|cEURT,,,,,,,,,,,"No live public cUSDT/WETH, cUSDC/WETH, or cEURT/WETH pool on Chain 138."
 blockedOrPlannedRoute,651940-public-dex-routes,planned,swap,651940,651940,,,,,,,,,,,,Uniswap V2/V3 and DODO are env placeholders only; no pool addresses are documented in-repo.
 blockedOrPlannedRoute,cw-edge-pools-public-chains,planned,swap,1,43114,,,,,,,,,,,,"cW* token addresses exist on several public chains, but deployment-status.json contains no PMM pools."
 blockedOrPlannedRoute,138-weth-1111-ccip,planned,bridge,138,1111,,,,,,,,,,,,Wemix bridge is pending funding and deployment.
--- a/config/aggregator-route-matrix.json
+++ b/config/aggregator-route-matrix.json
@@ -0,0 +1,678 @@
 {
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "description": "Canonical route matrix for 1inch/0x/LiFi-style adapter ingestion. Captures live Chain 138 public DEX routes, live bridge lanes, and planned-but-not-live routes that should be filtered out by executors.",
  "version": "1.0.0",
  "updated": "2026-03-27",
  "homeChainId": 138,
  "metadata": {
    "generatedFrom": [
      "docs/11-references/LIQUIDITY_POOLS_MASTER_MAP.md",
      "docs/11-references/DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md",
      "config/routing-registry.json",
      "config/token-mapping-multichain.json",
      "cross-chain-pmm-lps/config/deployment-status.json"
    ],
    "verification": {
      "verifiedAt": "2026-03-27",
      "verifiedBy": "scripts/verify/check-pmm-pool-balances-chain138.sh",
      "rpc": "http://192.168.11.211:8545"
    },
    "adapterNotes": [
      "Executors should ingest only entries with status=live.",
      "Entries with status=planned or blocked are included to make missing routes explicit and prevent false discovery.",
      "Chain 138 has live DODO PMM pools but no native 1inch/0x support in this repo; adapter layers must map these routes into their own quote/execution abstractions."
    ]
  },
  "chains": {
    "138": {
      "name": "SMOM-DBIS-138 (DeFi Oracle Meta)",
      "rpc": "https://rpc-core.d-bis.org",
      "nativeDexes": [
        {
          "dexId": "dodo_pmm_chain138",
          "type": "dodo_pmm",
          "integrationAddress": "0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d",
          "providerAddress": "0x5CAe6Ce155b7f08D3a956F5Dc82fC9945f29B381",
          "status": "live"
        }
      ]
    },
    "651940": {
      "name": "ALL Mainnet (Alltra)",
      "nativeDexes": [
        {
          "dexId": "allmainnet_uniswap_v2",
          "type": "uniswap_v2",
          "status": "planned"
        },
        {
          "dexId": "allmainnet_uniswap_v3",
          "type": "uniswap_v3",
          "status": "planned"
        },
        {
          "dexId": "allmainnet_dodo",
          "type": "dodo_pmm",
          "status": "planned"
        }
      ]
    }
  },
  "tokens": {
    "138": {
      "cUSDT": {
        "address": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
        "decimals": 6
      },
      "cUSDC": {
        "address": "0xf22258f57794CC8E06237084b353Ab30fFfa640b",
        "decimals": 6
      },
      "USDT": {
        "address": "0x004b63A7B5b0E06f6bB6adb4a5F9f590BF3182D1",
        "decimals": 6
      },
      "USDC": {
        "address": "0x71D6687F38b93CCad569Fa6352c876eea967201b",
        "decimals": 6
      },
      "cXAUC": {
        "address": "0x290E52a8819A4fbD0714E517225429aA2B70EC6b",
        "decimals": 6
      },
      "cEURT": {
        "address": "0xdf4b71c61E5912712C1Bdd451416B9aC26949d72",
        "decimals": 6
      },
      "WETH": {
        "address": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2",
        "decimals": 18
      },
      "WETH10": {
        "address": "0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9f",
        "decimals": 18
      }
    }
  },
  "liveSwapRoutes": [
    {
      "routeId": "138-cUSDT-cUSDC-direct",
      "status": "live",
      "aggregatorFamilies": [
        "1inch",
        "0x",
        "LiFi"
      ],
      "fromChainId": 138,
      "toChainId": 138,
      "tokenInSymbol": "cUSDT",
      "tokenInAddress": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
      "tokenOutSymbol": "cUSDC",
      "tokenOutAddress": "0xf22258f57794CC8E06237084b353Ab30fFfa640b",
      "routeType": "swap",
      "hopCount": 1,
      "legs": [
        {
          "kind": "swap",
          "protocol": "dodo_pmm",
          "executor": "DODOPMMIntegration",
          "executorAddress": "0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d",
          "poolAddress": "0xff8d3b8fDF7B112759F076B69f4271D4209C0849",
          "tokenInAddress": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
          "tokenOutAddress": "0xf22258f57794CC8E06237084b353Ab30fFfa640b",
          "reserves": {
            "cUSDT": "10000000.000000",
            "cUSDC": "10000000.000000"
          }
        }
      ],
      "tags": [
        "stable",
        "direct",
        "public"
      ]
    },
    {
      "routeId": "138-cUSDT-USDT-direct",
      "status": "live",
      "aggregatorFamilies": [
        "1inch",
        "0x",
        "LiFi"
      ],
      "fromChainId": 138,
      "toChainId": 138,
      "tokenInSymbol": "cUSDT",
      "tokenInAddress": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
      "tokenOutSymbol": "USDT",
      "tokenOutAddress": "0x004b63A7B5b0E06f6bB6adb4a5F9f590BF3182D1",
      "routeType": "swap",
      "hopCount": 1,
      "legs": [
        {
          "kind": "swap",
          "protocol": "dodo_pmm",
          "executor": "DODOPMMIntegration",
          "executorAddress": "0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d",
          "poolAddress": "0x6fc60DEDc92a2047062294488539992710b99D71",
          "tokenInAddress": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
          "tokenOutAddress": "0x004b63A7B5b0E06f6bB6adb4a5F9f590BF3182D1",
          "reserves": {
            "cUSDT": "10000000.000000",
            "USDT": "10000000.000000"
          }
        }
      ],
      "tags": [
        "stable",
        "official-mirror",
        "public"
      ]
    },
    {
      "routeId": "138-cUSDC-USDC-direct",
      "status": "live",
      "aggregatorFamilies": [
        "1inch",
        "0x",
        "LiFi"
      ],
      "fromChainId": 138,
      "toChainId": 138,
      "tokenInSymbol": "cUSDC",
      "tokenInAddress": "0xf22258f57794CC8E06237084b353Ab30fFfa640b",
      "tokenOutSymbol": "USDC",
      "tokenOutAddress": "0x71D6687F38b93CCad569Fa6352c876eea967201b",
      "routeType": "swap",
      "hopCount": 1,
      "legs": [
        {
          "kind": "swap",
          "protocol": "dodo_pmm",
          "executor": "DODOPMMIntegration",
          "executorAddress": "0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d",
          "poolAddress": "0x0309178ae30302D83c76d6Dd402a684eF3160eec",
          "tokenInAddress": "0xf22258f57794CC8E06237084b353Ab30fFfa640b",
          "tokenOutAddress": "0x71D6687F38b93CCad569Fa6352c876eea967201b",
          "reserves": {
            "cUSDC": "10000000.000000",
            "USDC": "10000000.000000"
          }
        }
      ],
      "tags": [
        "stable",
        "official-mirror",
        "public"
      ]
    },
    {
      "routeId": "138-cUSDT-cXAUC-direct",
      "status": "live",
      "aggregatorFamilies": [
        "1inch",
        "0x",
        "LiFi"
      ],
      "fromChainId": 138,
      "toChainId": 138,
      "tokenInSymbol": "cUSDT",
      "tokenInAddress": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
      "tokenOutSymbol": "cXAUC",
      "tokenOutAddress": "0x290E52a8819A4fbD0714E517225429aA2B70EC6b",
      "routeType": "swap",
      "hopCount": 1,
      "legs": [
        {
          "kind": "swap",
          "protocol": "dodo_pmm",
          "executor": "DODOPMMIntegration",
          "executorAddress": "0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d",
          "poolAddress": "0x1AA55E2001E5651349AfF5A63FD7A7Ae44f0F1b0",
          "tokenInAddress": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
          "tokenOutAddress": "0x290E52a8819A4fbD0714E517225429aA2B70EC6b",
          "reserves": {
            "cUSDT": "2666965.000000",
            "cXAUC": "519.477000"
          }
        }
      ],
      "tags": [
        "xau-hub",
        "public"
      ]
    },
    {
      "routeId": "138-cUSDC-cXAUC-direct",
      "status": "live",
      "aggregatorFamilies": [
        "1inch",
        "0x",
        "LiFi"
      ],
      "fromChainId": 138,
      "toChainId": 138,
      "tokenInSymbol": "cUSDC",
      "tokenInAddress": "0xf22258f57794CC8E06237084b353Ab30fFfa640b",
      "tokenOutSymbol": "cXAUC",
      "tokenOutAddress": "0x290E52a8819A4fbD0714E517225429aA2B70EC6b",
      "routeType": "swap",
      "hopCount": 1,
      "legs": [
        {
          "kind": "swap",
          "protocol": "dodo_pmm",
          "executor": "DODOPMMIntegration",
          "executorAddress": "0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d",
          "poolAddress": "0xEA9Ac6357CaCB42a83b9082B870610363B177cBa",
          "tokenInAddress": "0xf22258f57794CC8E06237084b353Ab30fFfa640b",
          "tokenOutAddress": "0x290E52a8819A4fbD0714E517225429aA2B70EC6b",
          "reserves": {
            "cUSDC": "1000000.000000",
            "cXAUC": "194.782554"
          }
        }
      ],
      "tags": [
        "xau-hub",
        "public"
      ]
    },
    {
      "routeId": "138-cEURT-cXAUC-direct",
      "status": "live",
      "aggregatorFamilies": [
        "1inch",
        "0x",
        "LiFi"
      ],
      "fromChainId": 138,
      "toChainId": 138,
      "tokenInSymbol": "cEURT",
      "tokenInAddress": "0xdf4b71c61E5912712C1Bdd451416B9aC26949d72",
      "tokenOutSymbol": "cXAUC",
      "tokenOutAddress": "0x290E52a8819A4fbD0714E517225429aA2B70EC6b",
      "routeType": "swap",
      "hopCount": 1,
      "legs": [
        {
          "kind": "swap",
          "protocol": "dodo_pmm",
          "executor": "DODOPMMIntegration",
          "executorAddress": "0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d",
          "poolAddress": "0xbA99bc1eAAC164569d5AcA96C806934DDaF970Cf",
          "tokenInAddress": "0xdf4b71c61E5912712C1Bdd451416B9aC26949d72",
          "tokenOutAddress": "0x290E52a8819A4fbD0714E517225429aA2B70EC6b",
          "reserves": {
            "cEURT": "1000000.000000",
            "cXAUC": "225.577676"
          }
        }
      ],
      "tags": [
        "xau-hub",
        "public"
      ]
    },
    {
      "routeId": "138-cEURT-cUSDT-via-cXAUC",
      "status": "live",
      "aggregatorFamilies": [
        "1inch",
        "0x",
        "LiFi"
      ],
      "fromChainId": 138,
      "toChainId": 138,
      "tokenInSymbol": "cEURT",
      "tokenInAddress": "0xdf4b71c61E5912712C1Bdd451416B9aC26949d72",
      "tokenOutSymbol": "cUSDT",
      "tokenOutAddress": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
      "routeType": "swap",
      "hopCount": 2,
      "intermediateSymbols": [
        "cXAUC"
      ],
      "legs": [
        {
          "kind": "swap",
          "protocol": "dodo_pmm",
          "executorAddress": "0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d",
          "poolAddress": "0xbA99bc1eAAC164569d5AcA96C806934DDaF970Cf",
          "tokenInAddress": "0xdf4b71c61E5912712C1Bdd451416B9aC26949d72",
          "tokenOutAddress": "0x290E52a8819A4fbD0714E517225429aA2B70EC6b"
        },
        {
          "kind": "swap",
          "protocol": "dodo_pmm",
          "executorAddress": "0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d",
          "poolAddress": "0x1AA55E2001E5651349AfF5A63FD7A7Ae44f0F1b0",
          "tokenInAddress": "0x290E52a8819A4fbD0714E517225429aA2B70EC6b",
          "tokenOutAddress": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22"
        }
      ],
      "tags": [
        "multihop",
        "xau-hub",
        "public"
      ],
      "notes": [
        "Inferred from two live public pools."
      ]
    },
    {
      "routeId": "138-cEURT-cUSDC-via-cXAUC",
      "status": "live",
      "aggregatorFamilies": [
        "1inch",
        "0x",
        "LiFi"
      ],
      "fromChainId": 138,
      "toChainId": 138,
      "tokenInSymbol": "cEURT",
      "tokenInAddress": "0xdf4b71c61E5912712C1Bdd451416B9aC26949d72",
      "tokenOutSymbol": "cUSDC",
      "tokenOutAddress": "0xf22258f57794CC8E06237084b353Ab30fFfa640b",
      "routeType": "swap",
      "hopCount": 2,
      "intermediateSymbols": [
        "cXAUC"
      ],
      "legs": [
        {
          "kind": "swap",
          "protocol": "dodo_pmm",
          "executorAddress": "0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d",
          "poolAddress": "0xbA99bc1eAAC164569d5AcA96C806934DDaF970Cf",
          "tokenInAddress": "0xdf4b71c61E5912712C1Bdd451416B9aC26949d72",
          "tokenOutAddress": "0x290E52a8819A4fbD0714E517225429aA2B70EC6b"
        },
        {
          "kind": "swap",
          "protocol": "dodo_pmm",
          "executorAddress": "0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d",
          "poolAddress": "0xEA9Ac6357CaCB42a83b9082B870610363B177cBa",
          "tokenInAddress": "0x290E52a8819A4fbD0714E517225429aA2B70EC6b",
          "tokenOutAddress": "0xf22258f57794CC8E06237084b353Ab30fFfa640b"
        }
      ],
      "tags": [
        "multihop",
        "xau-hub",
        "public"
      ],
      "notes": [
        "Inferred from two live public pools."
      ]
    },
    {
      "routeId": "138-cUSDT-cUSDC-via-cXAUC",
      "status": "live",
      "aggregatorFamilies": [
        "1inch",
        "0x",
        "LiFi"
      ],
      "fromChainId": 138,
      "toChainId": 138,
      "tokenInSymbol": "cUSDT",
      "tokenInAddress": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
      "tokenOutSymbol": "cUSDC",
      "tokenOutAddress": "0xf22258f57794CC8E06237084b353Ab30fFfa640b",
      "routeType": "swap",
      "hopCount": 2,
      "intermediateSymbols": [
        "cXAUC"
      ],
      "legs": [
        {
          "kind": "swap",
          "protocol": "dodo_pmm",
          "executorAddress": "0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d",
          "poolAddress": "0x1AA55E2001E5651349AfF5A63FD7A7Ae44f0F1b0",
          "tokenInAddress": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
          "tokenOutAddress": "0x290E52a8819A4fbD0714E517225429aA2B70EC6b"
        },
        {
          "kind": "swap",
          "protocol": "dodo_pmm",
          "executorAddress": "0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d",
          "poolAddress": "0xEA9Ac6357CaCB42a83b9082B870610363B177cBa",
          "tokenInAddress": "0x290E52a8819A4fbD0714E517225429aA2B70EC6b",
          "tokenOutAddress": "0xf22258f57794CC8E06237084b353Ab30fFfa640b"
        }
      ],
      "tags": [
        "multihop",
        "xau-hub",
        "public",
        "alternate"
      ],
      "notes": [
        "Alternate path to the deeper direct cUSDT/cUSDC pool."
      ]
    }
  ],
  "liveBridgeRoutes": [
    {
      "routeId": "138-WETH-1-ccip",
      "status": "live",
      "aggregatorFamilies": [
        "LiFi"
      ],
      "fromChainId": 138,
      "toChainId": 1,
      "assetSymbol": "WETH",
      "assetAddress": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2",
      "routeType": "bridge",
      "bridgeType": "CCIP",
      "bridgeAddress": "0xcacfd227A040002e49e2e01626363071324f820a",
      "label": "CCIPWETH9Bridge"
    },
    {
      "routeId": "138-WETH-56-ccip",
      "status": "live",
      "aggregatorFamilies": [
        "LiFi"
      ],
      "fromChainId": 138,
      "toChainId": 56,
      "assetSymbol": "WETH",
      "assetAddress": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2",
      "routeType": "bridge",
      "bridgeType": "CCIP",
      "bridgeAddress": "0xcacfd227A040002e49e2e01626363071324f820a",
      "label": "CCIPWETH9Bridge"
    },
    {
      "routeId": "138-WETH-137-ccip",
      "status": "live",
      "aggregatorFamilies": [
        "LiFi"
      ],
      "fromChainId": 138,
      "toChainId": 137,
      "assetSymbol": "WETH",
      "assetAddress": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2",
      "routeType": "bridge",
      "bridgeType": "CCIP",
      "bridgeAddress": "0xcacfd227A040002e49e2e01626363071324f820a",
      "label": "CCIPWETH9Bridge"
    },
    {
      "routeId": "138-WETH-10-ccip",
      "status": "live",
      "aggregatorFamilies": [
        "LiFi"
      ],
      "fromChainId": 138,
      "toChainId": 10,
      "assetSymbol": "WETH",
      "assetAddress": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2",
      "routeType": "bridge",
      "bridgeType": "CCIP",
      "bridgeAddress": "0xcacfd227A040002e49e2e01626363071324f820a",
      "label": "CCIPWETH9Bridge"
    },
    {
      "routeId": "138-WETH-42161-ccip",
      "status": "live",
      "aggregatorFamilies": [
        "LiFi"
      ],
      "fromChainId": 138,
      "toChainId": 42161,
      "assetSymbol": "WETH",
      "assetAddress": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2",
      "routeType": "bridge",
      "bridgeType": "CCIP",
      "bridgeAddress": "0xcacfd227A040002e49e2e01626363071324f820a",
      "label": "CCIPWETH9Bridge"
    },
    {
      "routeId": "138-WETH-43114-ccip",
      "status": "live",
      "aggregatorFamilies": [
        "LiFi"
      ],
      "fromChainId": 138,
      "toChainId": 43114,
      "assetSymbol": "WETH",
      "assetAddress": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2",
      "routeType": "bridge",
      "bridgeType": "CCIP",
      "bridgeAddress": "0xcacfd227A040002e49e2e01626363071324f820a",
      "label": "CCIPWETH9Bridge"
    },
    {
      "routeId": "138-WETH-8453-ccip",
      "status": "live",
      "aggregatorFamilies": [
        "LiFi"
      ],
      "fromChainId": 138,
      "toChainId": 8453,
      "assetSymbol": "WETH",
      "assetAddress": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2",
      "routeType": "bridge",
      "bridgeType": "CCIP",
      "bridgeAddress": "0xcacfd227A040002e49e2e01626363071324f820a",
      "label": "CCIPWETH9Bridge"
    },
    {
      "routeId": "138-WETH-100-ccip",
      "status": "live",
      "aggregatorFamilies": [
        "LiFi"
      ],
      "fromChainId": 138,
      "toChainId": 100,
      "assetSymbol": "WETH",
      "assetAddress": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2",
      "routeType": "bridge",
      "bridgeType": "CCIP",
      "bridgeAddress": "0xcacfd227A040002e49e2e01626363071324f820a",
      "label": "CCIPWETH9Bridge"
    },
    {
      "routeId": "138-WETH-25-ccip",
      "status": "live",
      "aggregatorFamilies": [
        "LiFi"
      ],
      "fromChainId": 138,
      "toChainId": 25,
      "assetSymbol": "WETH",
      "assetAddress": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2",
      "routeType": "bridge",
      "bridgeType": "CCIP",
      "bridgeAddress": "0xcacfd227A040002e49e2e01626363071324f820a",
      "label": "CCIPWETH9Bridge"
    },
    {
      "routeId": "138-WETH-42220-ccip",
      "status": "live",
      "aggregatorFamilies": [
        "LiFi"
      ],
      "fromChainId": 138,
      "toChainId": 42220,
      "assetSymbol": "WETH",
      "assetAddress": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2",
      "routeType": "bridge",
      "bridgeType": "CCIP",
      "bridgeAddress": "0xcacfd227A040002e49e2e01626363071324f820a",
      "label": "CCIPWETH9Bridge"
    },
    {
      "routeId": "138-WETH-651940-alltra",
      "status": "live",
      "aggregatorFamilies": [
        "LiFi"
      ],
      "fromChainId": 138,
      "toChainId": 651940,
      "assetSymbol": "WETH",
      "assetAddress": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2",
      "routeType": "bridge",
      "bridgeType": "ALT",
      "bridgeAddress": "0x66FEBA2fC9a0B47F26DD4284DAd24F970436B8Dc",
      "label": "AlltraAdapter"
    },
    {
      "routeId": "138-WETH10-1-ccip",
      "status": "live",
      "aggregatorFamilies": [
        "LiFi"
      ],
      "fromChainId": 138,
      "toChainId": 1,
      "assetSymbol": "WETH10",
      "assetAddress": "0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9f",
      "routeType": "bridge",
      "bridgeType": "CCIP",
      "bridgeAddress": "0xe0E93247376aa097dB308B92e6Ba36bA015535D0",
      "label": "CCIPWETH10Bridge"
    }
  ],
  "blockedOrPlannedRoutes": [
    {
      "routeId": "138-compliant-stable-to-weth-bridgeable",
      "status": "blocked",
      "fromChainId": 138,
      "toChainId": 1,
      "tokenInSymbols": [
        "cUSDT",
        "cUSDC",
        "cEURT"
      ],
      "routeType": "swap-bridge-swap",
      "reason": "No live public cUSDT/WETH, cUSDC/WETH, or cEURT/WETH pool on Chain 138."
    },
    {
      "routeId": "651940-public-dex-routes",
      "status": "planned",
      "fromChainId": 651940,
      "toChainId": 651940,
      "routeType": "swap",
      "reason": "Uniswap V2/V3 and DODO are env placeholders only; no pool addresses are documented in-repo."
    },
    {
      "routeId": "cw-edge-pools-public-chains",
      "status": "planned",
      "fromChainId": 1,
      "toChainId": 43114,
      "routeType": "swap",
      "reason": "cW* token addresses exist on several public chains, but deployment-status.json contains no PMM pools."
    },
    {
      "routeId": "138-weth-1111-ccip",
      "status": "planned",
      "fromChainId": 138,
      "toChainId": 1111,
      "routeType": "bridge",
      "reason": "Wemix bridge is pending funding and deployment."
    }
  ]
 }
--- a/config/besu-node-lists/permissions-nodes.toml
+++ b/config/besu-node-lists/permissions-nodes.toml
@@ -1,6 +1,6 @@
 # Node Permissioning — SINGLE SOURCE OF TRUTH for all Besu nodes
 # Must match config/besu-node-lists/static-nodes.json and be deployed to every node.
-# Generated by scripts/besu/collect-enodes-from-all-besu-nodes.sh — 30 nodes (203/204 removed, VMIDs destroyed).
+# Generated by scripts/besu/collect-enodes-from-all-besu-nodes.sh — 34 enodes (incl. Putu RPC 2307/2308 .237/.238).
 nodes-allowlist=[
  "enode://2221dd9fc65c9082d4a937832cba9f6759981888df6798407c390bd153f4332c152ea5d03dd9d9cda74d7990fb3479a5c4ba7166269322be9790eed9ebdcfe24@192.168.11.100:30303",
@@ -25,6 +25,8 @@ nodes-allowlist=[
  "enode://4dc4b9f8cffbc53349f6535ab9aa7785cbc0ae92928dcf4ef6f90638ace9fc69ff7d19c49a8bda54f78a000579c557ef25fce3c971c6ab0026b6e70c8e6e5cac@192.168.11.234:30303?discport=0",
  "enode://2de9fc2be46c2cedce182af65ac1f5fc5ed258d21cdf0ac2687a16618382159dae1f730650e6730cf7fc5dccb6b97bffd20e271e3eb4df5a69f38a8c4cba91b5@192.168.11.235:30303?discport=0",
  "enode://38bd43b934feaaccb978917c66b0abbf9b62e39bce6064a6d3ec557f61e13b75e293cbb2ab382278adda5ce51f451528c7c37d991255a0c31e9578b85fc1dd5a@192.168.11.236:30303?discport=0",
  "enode://f7edb80de20089cb0b3a28b03e0491fafa1c9eb9a0344dadf343757ee2a44b577a861514fd7747a86f631c9e34519aef25a5f8996f20bc8dd460cd2bdc1bd490@192.168.11.237:30303",
  "enode://4e2d4e94909813b7145e0e9cd7e56724f64ba91dd7dca0e70bd70742f930450cf57311f2c220cfe24a20e9f668a8e170755d626f84660aa1fbea85f75557eb8d@192.168.11.238:30303",
  "enode://38e138ea5a4b0b244e4484b5c327631b5d3c849dcb188ff3d9ff0a8b6ad7edb738303a1a948888c269aa7555e5ff47d75b7b63dbd579d05580b5442b3fa0ebfc@192.168.11.240:30303",
  "enode://159b282c4187ece6c1b3668428b8273264f04af67d45a6b17e348c5f9d733da5b5163de01b9eeff6ab0724d9dbc1abed5a2998737c095285f003ae723ae6b04c@192.168.11.241:30303",
  "enode://d41f330dc8c7a8fa84b83bbc1de9da2eba2ddc7258a94fc0024be95164cc7e0f15925c1b0d0f29d347a839734385db2eca05cbf31acbdb807cec44a13d78a898@192.168.11.242:30303",
--- a/config/besu-node-lists/static-nodes.json
+++ b/config/besu-node-lists/static-nodes.json
@@ -21,6 +21,8 @@
  "enode://4dc4b9f8cffbc53349f6535ab9aa7785cbc0ae92928dcf4ef6f90638ace9fc69ff7d19c49a8bda54f78a000579c557ef25fce3c971c6ab0026b6e70c8e6e5cac@192.168.11.234:30303?discport=0",
  "enode://2de9fc2be46c2cedce182af65ac1f5fc5ed258d21cdf0ac2687a16618382159dae1f730650e6730cf7fc5dccb6b97bffd20e271e3eb4df5a69f38a8c4cba91b5@192.168.11.235:30303?discport=0",
  "enode://38bd43b934feaaccb978917c66b0abbf9b62e39bce6064a6d3ec557f61e13b75e293cbb2ab382278adda5ce51f451528c7c37d991255a0c31e9578b85fc1dd5a@192.168.11.236:30303?discport=0",
  "enode://f7edb80de20089cb0b3a28b03e0491fafa1c9eb9a0344dadf343757ee2a44b577a861514fd7747a86f631c9e34519aef25a5f8996f20bc8dd460cd2bdc1bd490@192.168.11.237:30303",
  "enode://4e2d4e94909813b7145e0e9cd7e56724f64ba91dd7dca0e70bd70742f930450cf57311f2c220cfe24a20e9f668a8e170755d626f84660aa1fbea85f75557eb8d@192.168.11.238:30303",
  "enode://38e138ea5a4b0b244e4484b5c327631b5d3c849dcb188ff3d9ff0a8b6ad7edb738303a1a948888c269aa7555e5ff47d75b7b63dbd579d05580b5442b3fa0ebfc@192.168.11.240:30303",
  "enode://159b282c4187ece6c1b3668428b8273264f04af67d45a6b17e348c5f9d733da5b5163de01b9eeff6ab0724d9dbc1abed5a2998737c095285f003ae723ae6b04c@192.168.11.241:30303",
  "enode://d41f330dc8c7a8fa84b83bbc1de9da2eba2ddc7258a94fc0024be95164cc7e0f15925c1b0d0f29d347a839734385db2eca05cbf31acbdb807cec44a13d78a898@192.168.11.242:30303",
--- a/config/haproxy/order-haproxy-10210.cfg.template
+++ b/config/haproxy/order-haproxy-10210.cfg.template
@@ -0,0 +1,27 @@
 # HAProxy on VMID 10210 (order-haproxy @ 192.168.11.39).
 # NPMplus terminates TLS and forwards HTTP to :80 here; we proxy to the Sankofa/Order Next.js portal.
 # Deploy: scripts/deployment/provision-order-haproxy-10210.sh (substitutes __BACKEND_HOST__ / __BACKEND_PORT__).
 global
    log stdout format raw local0
    maxconn 4096
 defaults
    log     global
    mode    http
    option  httplog
    option  dontlognull
    option  forwardfor
    timeout connect 10s
    timeout client  300s
    timeout server  300s
    timeout tunnel  3600s
 frontend fe_http
    bind *:80
    # Client used HTTPS at NPM; help Next.js / auth callbacks
    http-request set-header X-Forwarded-Proto https if !{ hdr(X-Forwarded-Proto) -m found }
    default_backend be_portal
 backend be_portal
    server portal __BACKEND_HOST__:__BACKEND_PORT__ check inter 10s fall 3 rise 2 maxconn 1000
--- a/config/ip-addresses.conf
+++ b/config/ip-addresses.conf
@@ -85,12 +85,13 @@ IP_VAULT_PHOENIX_2="192.168.11.201"
 # Order Service IPs
 ORDER_POSTGRES_PRIMARY="192.168.11.44"
 ORDER_POSTGRES_REPLICA="192.168.11.45"
 # Dedicated order-redis LXC (e.g. VMID 10020) not present on cluster as of 2026-03; reserve for scripts / future CT
 ORDER_REDIS_IP="192.168.11.38"
 # DBIS Service IPs
 DBIS_POSTGRES_PRIMARY="192.168.11.105"
 DBIS_POSTGRES_REPLICA="192.168.11.106"
-DBIS_REDIS_IP="192.168.11.120"
+DBIS_REDIS_IP="192.168.11.125"
 # Load this file in scripts:
 # source "$(dirname "$0")/../config/ip-addresses.conf"
@@ -133,7 +134,9 @@ NETWORK_192_168_11_0="192.168.11.0"
 IP_INDY="192.168.11.68"
 IP_FABRIC="192.168.11.65"
 IP_CACTI="192.168.11.64"
-ORDER_REDIS_REPLICA="192.168.11.46"
+# VMID 10200 order-prometheus (NOT Redis). Legacy scripts use ORDER_REDIS_REPLICA for this IP — prefer IP_ORDER_PROMETHEUS.
 IP_ORDER_PROMETHEUS="192.168.11.46"
 ORDER_REDIS_REPLICA="${IP_ORDER_PROMETHEUS}"
 # VMIDs 2506, 2507, 2508 destroyed 2026-02-08; IPs freed for reuse
 RPC_PUTU_1="192.168.11.203"
 RPC_PUTU_2="192.168.11.204"
@@ -166,9 +169,21 @@ PUBLIC_IP_MIFOS="76.53.10.41"
 # DApp LXC (VMID 5801) — frontend-dapp for Chain 138 bridge. See docs/03-deployment/DAPP_LXC_DEPLOYMENT.md; E2E: tunnel + NPMplus dapp.d-bis.org
 IP_DAPP_LXC="192.168.11.58"
 # Phoenix / Sankofa public edge (NPMplus → CT 7800 API, 7801 portal). Legacy scripts use IP_SERVICE_50 / IP_SERVICE_51.
 # SolaceScanScout / Blockscout is IP_BLOCKSCOUT:80 — do NOT point sankofa.nexus or phoenix.sankofa.nexus there.
 IP_SERVICE_50="${IP_SERVICE_50:-192.168.11.50}"
 IP_SERVICE_51="${IP_SERVICE_51:-192.168.11.51}"
 SANKOFA_PHOENIX_API_PORT="${SANKOFA_PHOENIX_API_PORT:-4000}"
 SANKOFA_PORTAL_PORT="${SANKOFA_PORTAL_PORT:-3000}"
 IP_SANKOFA_PHOENIX_API="${IP_SANKOFA_PHOENIX_API:-$IP_SERVICE_50}"
 IP_SANKOFA_PORTAL="${IP_SANKOFA_PORTAL:-$IP_SERVICE_51}"
 # Gov Portals dev (VMID 7804) — DBIS, ICCC, OMNL, XOM at *.xom-dev.phoenix.sankofa.nexus
 IP_GOV_PORTALS_DEV="192.168.11.54"
 # Order legal (VMID 10070) — **not** .54 (that is exclusive to VMID 7804 gov-portals). Fixed duplicate ARP 2026-03-25.
 IP_ORDER_LEGAL="192.168.11.87"
 # Sankofa Studio (VMID 7805) — FusionAI Creator / Phoenix Marketplace SaaS at studio.sankofa.nexus
 # Note: 192.168.11.55 is used by VMID 10230 (order-vault); .72 chosen to avoid conflict.
 IP_SANKOFA_STUDIO="192.168.11.72"
--- a/config/proxmox-operational-template.json
+++ b/config/proxmox-operational-template.json
--- a/config/public-sector-program-manifest.json
+++ b/config/public-sector-program-manifest.json
@@ -0,0 +1,75 @@
 {
  "schemaVersion": "1.0.0",
  "updated": "2026-03-25",
  "description": "Registry of public-sector and eIDAS-related programs outside or beside proxmox; used by runbooks and docs. Verify repoUrl on Gitea if a repo is renamed. Unauthenticated HTTP to gitea.d-bis.org may return 404 for private or missing repos — confirm in Gitea UI or with credentials.",
  "programs": [
    {
      "id": "smoa",
      "displayName": "Secure Mobile Operations Application (SMOA)",
      "role": "Android credential-holder / mission client; Spring Boot backend",
      "repoUrl": "https://gitea.d-bis.org/Sankofa_Phoenix/SMOA.git",
      "localPathHint": "../smoa",
      "proxmoxDocRefs": [
        "docs/02-architecture/SERVICE_DESCRIPTIONS.md",
        "docs/02-architecture/PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md"
      ],
      "externalDocRefs": [
        "backend/docs/LXC-PROXMOX-CONTAINERS.md",
        "docs/compliance/evidence/eidas-compliance-evidence.md"
      ]
    },
    {
      "id": "complete-credential",
      "displayName": "Complete Credential (umbrella program)",
      "role": "eIDAS / SMOA / credential integration program documentation and services",
      "repoUrl": "https://gitea.d-bis.org/Sankofa_Phoenix/complete-credential.git",
      "localPathHint": "../complete-credential",
      "proxmoxDocRefs": [
        "docs/11-references/COMPLETE_CREDENTIAL_EIDAS_PROGRAM_REPOS.md"
      ],
      "externalDocRefs": []
    },
    {
      "id": "cc-eidas-connector",
      "displayName": "eIDAS SAML connector (receiving MS)",
      "role": "SAML ACS / connector implementation (E-05 / E-05b roadmap)",
      "repoUrl": "https://gitea.d-bis.org/Sankofa_Phoenix/cc-eidas-connector.git",
      "localPathHint": "../complete-credential/submodules/cc-eidas-connector",
      "proxmoxDocRefs": [
        "docs/11-references/COMPLETE_CREDENTIAL_EIDAS_PROGRAM_REPOS.md"
      ],
      "externalDocRefs": [
        "docs/E05B_SAML_VERIFICATION_ROADMAP.md"
      ]
    }
  ],
  "catalogSkus": [
    {
      "id": "cc-phase1-lab",
      "displayName": "Complete Credential Phase 1 lab (compose)",
      "programManifestId": "complete-credential",
      "deploymentProfile": "A",
      "artifactKind": "compose_profile",
      "artifactRef": "integration/docker-compose.phase1.yml",
      "specRef": "complete-credential/docs/integrations/PHOENIX_SERVICE_CATALOG_SPEC.md"
    },
    {
      "id": "cc-phase2-lab",
      "displayName": "Complete Credential Phase 2 lab (NFC + device-registry stubs + Phase 1)",
      "programManifestId": "complete-credential",
      "deploymentProfile": "A",
      "artifactKind": "compose_profile",
      "artifactRef": "integration/docker-compose.phase1.yml + integration/docker-compose.phase2.lab.yml",
      "specRef": "complete-credential/docs/integrations/PHOENIX_SERVICE_CATALOG_SPEC.md"
    },
    {
      "id": "cc-eidas-connector-stack",
      "displayName": "eIDAS connector (reference submodule)",
      "programManifestId": "cc-eidas-connector",
      "deploymentProfile": "B",
      "artifactKind": "manual_runbook",
      "artifactRef": "complete-credential/docs/integrations/EIDAS_CONNECTOR_DEPTH_RUNBOOK.md",
      "specRef": "complete-credential/docs/integrations/PHOENIX_SERVICE_CATALOG_SPEC.md"
    }
  ]
 }
--- a/config/systemd/ccip-relay.service
+++ b/config/systemd/ccip-relay.service
@@ -0,0 +1,23 @@
 # Install on Proxmox host (e.g. r630-01) where /opt/smom-dbis-138/services/relay exists:
 #   sudo cp config/systemd/ccip-relay.service /etc/systemd/system/ccip-relay.service
 #   sudo systemctl daemon-reload && sudo systemctl enable --now ccip-relay
 #
 # Uses start-relay.sh (loads parent .env and relay/.env.local).
 [Unit]
 Description=CCIP relay service (Chain 138 to Mainnet)
 After=network-online.target
 Wants=network-online.target
 [Service]
 Type=simple
 User=root
 WorkingDirectory=/opt/smom-dbis-138/services/relay
 ExecStart=/bin/bash /opt/smom-dbis-138/services/relay/start-relay.sh
 Restart=on-failure
 RestartSec=15
 StartLimitIntervalSec=300
 StartLimitBurst=5
 [Install]
 WantedBy=multi-user.target
--- a/config/systemd/chain138-pmm-mesh-automation.service.example
+++ b/config/systemd/chain138-pmm-mesh-automation.service.example
@@ -0,0 +1,33 @@
 # Copy to /etc/systemd/system/chain138-pmm-mesh-automation.service (or ~/.config/systemd/user/)
 # Adjust paths and EnvironmentFile to your host.
 #
 # sudo cp chain138-pmm-mesh-automation.service.example /etc/systemd/system/chain138-pmm-mesh-automation.service
 # sudo systemctl daemon-reload
 # sudo systemctl enable --now chain138-pmm-mesh-automation.service
 # journalctl -u chain138-pmm-mesh-automation -f
 [Unit]
 Description=Chain 138 PMM mesh — oracle/keeper/WETH poll every 6s
 After=network-online.target
 Wants=network-online.target
 [Service]
 Type=simple
 User=YOUR_UNIX_USER
 WorkingDirectory=/ABSOLUTE/PATH/TO/proxmox/smom-dbis-138
 Environment=PMM_MESH_INTERVAL_SEC=6
 Environment=MESH_CAST_GAS_PRICE=2gwei
 # Set to 0 until ETH-USD oracle allows your key as transmitter (see update-oracle-price.sh output).
 Environment=ENABLE_MESH_ORACLE_TICK=1
 Environment=ENABLE_MESH_KEEPER_TICK=1
 Environment=ENABLE_MESH_PMM_READS=1
 Environment=ENABLE_MESH_WETH_READS=1
 # Prefer EnvironmentFile over committing secrets:
 EnvironmentFile=-/ABSOLUTE/PATH/TO/proxmox/smom-dbis-138/.env
 # Required in .env: PRIVATE_KEY, AGGREGATOR_ADDRESS; recommended: PRICE_FEED_KEEPER_ADDRESS (see ORACLE_AND_KEEPER_CHAIN138.md)
 ExecStart=/bin/bash /ABSOLUTE/PATH/TO/proxmox/smom-dbis-138/scripts/reserve/pmm-mesh-6s-automation.sh
 Restart=always
 RestartSec=3
 [Install]
 WantedBy=multi-user.target
--- a/2
+++ b/2
--- a/dbis_chain_138_technical_master_plan.md
+++ b/dbis_chain_138_technical_master_plan.md
@@ -0,0 +1,811 @@
 # DBIS Chain 138 Technical Master Plan
 ## Purpose
 This document is the governance and execution baseline for DBIS Chain 138 infrastructure. It is intentionally grounded in repo-backed and operator-verified reality, so it can be used for audits, deployment planning, and readiness decisions without confusing `currently deployed`, `under validation`, and `future-state` work.
 The objective is to move from architecture theory to a production-grade sovereign deployment program that is evidence-based, phased, and operationally auditable.
 ---
 # SECTION 1 — MASTER OBJECTIVES
 ## Primary objectives
 1. Inventory currently installed stack components and host placement.
 2. Validate actual service readiness, not just declared architecture.
 3. Standardize Proxmox VE deployment topology and preferred workload placement.
 4. Assign infrastructure ownership across ecosystem entities once governance is finalized.
 5. Define production-grade deployment and verification workflows.
 6. Track the gap between today’s footprint and sovereign target-state architecture.
 7. Produce auditable artifacts that operators can regenerate and maintain.
 ---
 # SECTION 2 — CURRENT STACK STATUS
 ## Deployed now
 - Hyperledger Besu (QBFT, Chain 138)
 - Hyperledger Fabric containers and VMIDs are allocated
 - Hyperledger Indy containers and VMIDs are allocated
 - Hyperledger FireFly primary container footprint exists
 - Blockscout / explorer stack
 - Hyperledger Caliper hook and performance guidance (documentation only)
 ## Partially deployed / under validation
 - Hyperledger FireFly:
  - primary `6200` is restored as a minimal local FireFly API footprint
  - secondary `6201` is present in inventory but currently behaves like a retired / standby shell with no valid deployment payload
 - Hyperledger Fabric:
  - `6000`, `6001`, `6002` are present in inventory but are now intentionally stopped as reserved placeholders
  - current app-level verification did not show active Fabric peer / orderer workloads or meaningful Fabric payloads inside those CTs
 - Hyperledger Indy:
  - `6400`, `6401`, `6402` are present in inventory but are now intentionally stopped as reserved placeholders
  - current app-level verification did not show active Indy node listeners or meaningful Indy payloads inside those CTs
 ## Planned / aspirational
 - Hyperledger Aries as a proven deployed service tier
 - Hyperledger AnonCreds as an operationally verified deployed layer
 - Hyperledger Ursa as a required runtime dependency
 - Hyperledger Quilt
 - Hyperledger Avalon
 - Hyperledger Cacti as a proven live interoperability layer
 - Full multi-region sovereignized Proxmox with Ceph-backed storage and segmented production VLANs
 ---
 # SECTION 3 — CURRENT ENVIRONMENT DISCOVERY
 ## Canonical discovery artifacts
 The source-of-truth discovery path for current state is:
 - [docs/02-architecture/DBIS_NODE_ROLE_MATRIX.md](docs/02-architecture/DBIS_NODE_ROLE_MATRIX.md)
 - [docs/03-deployment/PHASE1_DISCOVERY_RUNBOOK.md](docs/03-deployment/PHASE1_DISCOVERY_RUNBOOK.md)
 - [docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md](docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md)
 - [scripts/verify/run-phase1-discovery.sh](scripts/verify/run-phase1-discovery.sh)
 - [config/proxmox-operational-template.json](config/proxmox-operational-template.json)
 - [docs/04-configuration/ALL_VMIDS_ENDPOINTS.md](docs/04-configuration/ALL_VMIDS_ENDPOINTS.md)
 - [docs/02-architecture/PHYSICAL_HARDWARE_INVENTORY.md](docs/02-architecture/PHYSICAL_HARDWARE_INVENTORY.md)
 ## Discovery scope
 Reality mapping must validate:
 1. Proxmox hosts and cluster health
 2. VMID / CT inventory versus template JSON
 3. Besu validators, sentries, and RPC tiers
 4. Explorer and public RPC availability
 5. Hyperledger CT presence and app-level readiness where possible
 6. Storage topology and current backing stores
 7. Network topology and current LAN / VLAN reality
 8. ML110 role reality versus migration plan
 ## Required outputs
 Every discovery run should produce:
 - Infrastructure inventory report
 - Service state map
 - Dependency context
 - Critical failure summary
 The markdown report is evidence capture; the script exit code is the pass/fail signal.
 ---
 # SECTION 4 — PROXMOX VE DEPLOYMENT DESIGN
 ## Current state
 - Current cluster footprint is smaller than the target sovereign model.
 - Current storage is primarily local ZFS / LVM-based, not Ceph-backed distributed storage.
 - Current workload placement is represented as `preferred host` in the planning template, not guaranteed live placement.
 ## Target model
 - Multi-node Proxmox VE cluster with stable quorum
 - HA-aware workload placement
 - Dedicated roles for core compute, RPC exposure, identity/workflow DLT, ingress, and future storage tiers
 ## Current interpretation rule
 This plan must not describe the target sovereignized Proxmox model as already achieved. All references to HA, Ceph, dedicated storage nodes, or dedicated network nodes are roadmap items unless Phase 1 evidence proves they are already active.
 ---
 # SECTION 5 — NETWORK ARCHITECTURE
 ## Current network reality
 - Primary active management / services LAN is `192.168.11.0/24`
 - Public ingress is fronted through NPMplus / edge services
 - RPC exposure is already tiered across core, public, private, named, and thirdweb-facing nodes
 ## Target network layers
 1. Management network
 2. Storage replication network
 3. Blockchain validator / P2P network
 4. Identity / workflow DLT network
 5. Public access / DMZ network
 6. Validator-only restricted paths
 ## Status
 - Public access and RPC role separation exist in practice.
 - Full sovereign segmentation with dedicated VLANs and zero-trust internal routing remains roadmap work.
 ---
 # SECTION 6 — ENTITY ASSIGNMENT MODEL
 ## Governance model
 The entity-assignment model remains valid as a target governance structure:
 - DBIS Core Authority
 - Central Banks
 - International Financial Institutions
 - Regional Operators
 ## Current status
 - Entity ownership for many deployed workloads is still `TBD` in the operational matrix.
 - Until governance assigns final owners, operator documentation must keep those fields explicitly marked as `TBD` rather than inventing ownership.
 The executable placement artifact is:
 - [docs/02-architecture/DBIS_NODE_ROLE_MATRIX.md](docs/02-architecture/DBIS_NODE_ROLE_MATRIX.md)
 ---
 # SECTION 7 — VM AND CONTAINER DESIGN
 ## Current status by workload family
 ### Deployed now
 - Settlement / Besu VM family
 - Explorer / observability family
 - Ingress / proxy family
 - Application and DBIS-support workloads
 ### Partially deployed / under validation
 - Workflow VM / CT family for FireFly
 - Institutional VM / CT family for Fabric
 - Identity VM / CT family for Indy
 ### Planned / aspirational
 - Identity VM template that includes proven Aries + AnonCreds runtime
 - Interoperability VM template for true Hyperledger Cacti usage
 ## Implementation rule
 Template language in this plan must map to actual repo artifacts and actual VMIDs, not hypothetical inventory.
 ---
 # SECTION 8 — STORAGE ARCHITECTURE
 ## Current state
 - Current guest storage is backed by local Proxmox storage pools.
 - Ceph-backed distributed storage is not yet an achieved platform baseline.
 ## Target state
 - Ceph or equivalent distributed storage tier
 - Snapshot-aware backup strategy by workload class
 - Archive and audit retention policy
 ## Roadmap artifact
 - [docs/02-architecture/DBIS_PHASE2_PROXMOX_SOVEREIGNIZATION_ROADMAP.md](docs/02-architecture/DBIS_PHASE2_PROXMOX_SOVEREIGNIZATION_ROADMAP.md)
 ---
 # SECTION 9 — SECURITY ARCHITECTURE
 ## Current baseline
 - Chain 138 validator, sentry, and RPC tiering exists as an operational pattern.
 - Public RPC capability validation is now script-backed.
 - Explorer and wallet metadata are now explicitly documented and verifiable.
 ## Target-state controls
 - HSM-backed key management
 - stronger secrets segregation
 - certificate hierarchy and operator MFA
 - formalized tier-to-tier firewall policy
 ## Status
 These remain partially implemented and must not be represented as fully complete without separate evidence.
 ---
 # SECTION 10 — GOVERNANCE ARCHITECTURE
 ## Target
 - validator governance across multiple entities
 - admission control
 - key rotation
 - emergency controls
 ## Current state
 - Chain 138 validator topology exists
 - final multi-entity validator governance assignment is still pending
 This section remains a target architecture section, not a statement of fully executed governance.
 ---
 # SECTION 11 — FIREFLY WORKFLOW ARCHITECTURE
 ## Current state
 - FireFly primary footprint exists and now exposes a local API again.
 - Current restored `6200` configuration is a minimal local gateway profile for stability and API availability.
 - Full multiparty FireFly workflow behavior across blockchain, shared storage, and data exchange is not yet evidenced as healthy in the current container deployment.
 ## Program objective
 Use FireFly as the workflow layer only after:
 1. primary and secondary footprint are clearly defined
 2. connector/plugin model is explicit
 3. upstream blockchain and shared-storage dependencies are validated
 ## Current execution artifacts
 - [docs/03-deployment/DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md](docs/03-deployment/DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md)
 - [docs/03-deployment/DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md](docs/03-deployment/DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md)
 ## 11.1 Depository / CSD architecture
 ### Current state
 - A dedicated depository / central securities depository runtime is not currently evidenced as deployed in this environment.
 - The depository role is still implied inside broader settlement, securities, and custody discussions rather than frozen as a first-class production component.
 - The canonical production checklist row is:
  - [Depository / CSD layer](docs/03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md)
 ### Target role
 - maintain the authoritative asset register for in-scope instruments
 - define issuance, transfer, pledge, and lien semantics
 - provide the settlement-touch point between asset ownership and RTGS finality
 ### Required integrations
 - OMNL / Fineract participant and account model
 - custody and safekeeping lifecycle
 - Chain 138 settlement and evidence path where on-ledger finality is in scope
 - external statements, reconciliation, and regulatory evidence outputs
 ### Current gaps
 - No frozen decision yet on whether the depository role is on-ledger, off-ledger, or hybrid.
 - No participant-to-asset-register relationship is yet frozen for custody, pledge, and transfer scenarios.
 ### Execution artifacts
 - [docs/03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](docs/03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md)
 - [docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md](docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md)
 - [docs/03-deployment/DBIS_RTGS_DEPOSITORY_AND_CUSTODY_OPERATING_MODEL.md](docs/03-deployment/DBIS_RTGS_DEPOSITORY_AND_CUSTODY_OPERATING_MODEL.md)
 ### System flow
 ```mermaid
 flowchart LR
    OMNL["OMNL / Fineract"] -->|"participant + account context"| CSD["Depository / CSD"]
    CSD -->|"asset ownership + settlement touch"| RTGS["RTGS Orchestrator"]
    RTGS -->|"cash settlement leg"| BANK["Bank / Correspondent Rail"]
    RTGS -->|"optional finality evidence"| CHAIN["Chain 138 Settlement"]
    CSD -->|"holdings + entitlements"| CUSTODY["Custody / Safekeeping"]
    CUSTODY -->|"statements + evidence"| EVIDENCE["Audit / Reconciliation Package"]
 ```
 ### Contract — Depository asset-register and settlement-touch
 - Owning subsystem: Depository / CSD layer
 - Required integrations: participant model, custody model, settlement orchestration, reconciliation/evidence
 - Canonical business object or event: asset position, transfer instruction, pledge/release instruction
 - Reconciliation / evidence requirement: holdings register must reconcile to settlement state and custody reporting
 - Production completion condition: one canonical asset flow proves issuance/transfer/settlement-touch behavior end to end
 ## 11.2 Global custodian architecture
 ### Current state
 - No explicit global custodian runtime or operating model is currently evidenced as active in the repo-backed deployment state.
 - Custodian responsibilities are currently implied through correspondent-bank and safekeeping language, not frozen as one production role.
 - The canonical production checklist row is:
  - [Global custodian layer](docs/03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md)
 ### Target role
 - manage safekeeping accounts and sub-custody relationships
 - coordinate global bank, correspondent, and asset-servicing obligations
 - provide statement, confirmation, and reconciliation surfaces for institutional holdings
 ### Required integrations
 - depository / CSD role
 - correspondent and global-bank messaging lanes
 - custody / safekeeping / asset-servicing lifecycle
 - OMNL and RTGS reconciliation packages
 ### Current gaps
 - No frozen custody account structure or reporting model exists yet.
 - Corporate-action, entitlement, and asset-servicing obligations are not yet mapped into the RTGS program.
 ### Execution artifacts
 - [docs/03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](docs/03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md)
 - [docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md](docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md)
 - [docs/03-deployment/DBIS_RTGS_DEPOSITORY_AND_CUSTODY_OPERATING_MODEL.md](docs/03-deployment/DBIS_RTGS_DEPOSITORY_AND_CUSTODY_OPERATING_MODEL.md)
 ### Contract — Global custodian account, reporting, and reconciliation
 - Owning subsystem: Global custodian layer
 - Required integrations: correspondent/global-bank path, depository role, custody operations, evidence package
 - Canonical business object or event: custody account statement, holdings advice, settlement confirmation
 - Reconciliation / evidence requirement: custodian statements must reconcile to OMNL and settlement state
 - Production completion condition: one canonical custody flow includes account structure, reporting, and reconciliation outputs
 ## 11.3 FX pricing and dealing architecture
 ### Current state
 - FX pricing, valuation, and revaluation requirements are documented, but no single production pricing/dealing engine contract is yet frozen.
 - Existing materials prove the need for FX handling, not a finalized runtime ownership model.
 - The canonical production checklist row is:
  - [FX pricing / dealing engine](docs/03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md)
 ### Target role
 - own quote generation or ingestion
 - apply spread and pricing policy
 - lock rates, value dates, and booking terms
 - feed OMNL, treasury, and settlement services with the approved FX terms
 ### Required integrations
 - treasury policy and limits
 - participant / office / GL model
 - `server-funds-sidecar` and `off-ledger-2-on-ledger-sidecar`
 - reconciliation and evidence path
 ### Current gaps
 - No frozen source hierarchy yet for rates, triangulation, and overrides.
 - No canonical quote lifecycle is yet mapped from request to booking to reconciliation.
 ### Execution artifacts
 - [docs/03-deployment/DBIS_RTGS_FX_TRANSACTION_CATALOG.md](docs/03-deployment/DBIS_RTGS_FX_TRANSACTION_CATALOG.md)
 - [docs/03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](docs/03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md)
 - [docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md](docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md)
 - [docs/03-deployment/DBIS_RTGS_FX_AND_LIQUIDITY_OPERATING_MODEL.md](docs/03-deployment/DBIS_RTGS_FX_AND_LIQUIDITY_OPERATING_MODEL.md)
 ### Sequence diagram
 ```mermaid
 sequenceDiagram
    participant Client as Initiating System
    participant ORCH as RTGS Orchestrator
    participant FX as FX Pricing / Dealing Engine
    participant TREASURY as Treasury / Funds
    participant OMNL as OMNL / Fineract
    participant SETTLE as Settlement Service
    Client->>ORCH: FX-backed payment request
    ORCH->>FX: Quote request with currencies, amount, value date
    FX-->>ORCH: Locked quote, spread, rate source, expiry
    ORCH->>TREASURY: Liquidity and approval check
    TREASURY-->>ORCH: Funding approval / rejection
    ORCH->>OMNL: Post booked FX and settlement journals
    OMNL-->>ORCH: Accounting confirmation
    ORCH->>SETTLE: Trigger settlement leg with FX references
    SETTLE-->>ORCH: Settlement reference and finality state
 ```
 ### Contract — FX quote, pricing, and booking
 - Owning subsystem: FX pricing / dealing engine
 - Required integrations: treasury, OMNL, sidecars, settlement, reconciliation
 - Canonical business object or event: FX quote, booked FX instruction, revaluation event
 - Reconciliation / evidence requirement: rate source, booked rate, and realized/unrealized P&L must reconcile
 - Production completion condition: one canonical FX transaction completes with frozen inputs, accounting, and reconciliation
 ## 11.4 Liquidity pooling and aggregation architecture
 ### Current state
 - Liquidity and prefunding checks are documented, but no explicit pooling/aggregation engine is yet modeled as a first-class production component.
 - Liquidity sourcing is currently spread across treasury, correspondent, and optional on-chain discussions.
 - The canonical production checklist row is:
  - [Liquidity pooling and aggregation engine](docs/03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md)
 ### Target role
 - evaluate available liquidity sources
 - apply prioritization and eligibility policy
 - allocate funding across internal and external sources
 - expose operator controls for override, hold, and audit
 ### Required integrations
 - treasury account model
 - reserve policy
 - bank and correspondent source adapters
 - optional on-chain liquidity and settlement lanes
 ### Current gaps
 - No source-priority model is yet frozen.
 - No operator control model is yet defined for overrides, holds, or emergency liquidity routing.
 ### Execution artifacts
 - [docs/03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](docs/03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md)
 - [docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md](docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md)
 - [docs/03-deployment/DBIS_RTGS_FX_AND_LIQUIDITY_OPERATING_MODEL.md](docs/03-deployment/DBIS_RTGS_FX_AND_LIQUIDITY_OPERATING_MODEL.md)
 ### Flowchart
 ```mermaid
 flowchart LR
    REQUEST["Funding Request"] --> ENGINE["Liquidity Pooling / Aggregation Engine"]
    ENGINE --> INTERNAL["Internal Treasury Pool"]
    ENGINE --> BANKLINES["Bank Credit / Liquidity Lines"]
    ENGINE --> CORR["Correspondent / Global Bank Sources"]
    ENGINE --> ONCHAIN["Optional On-Chain Liquidity"]
    INTERNAL --> DECISION["Funding Decision"]
    BANKLINES --> DECISION
    CORR --> DECISION
    ONCHAIN --> DECISION
    DECISION --> ORCH["RTGS Orchestrator"]
    ORCH --> OMNL["OMNL / Fineract"]
 ```
 ### Contract — Liquidity-engine source selection and allocation
 - Owning subsystem: Liquidity pooling and aggregation engine
 - Required integrations: treasury policy, source adapters, RTGS orchestrator, OMNL
 - Canonical business object or event: funding request, allocation decision, liquidity hold/release
 - Reconciliation / evidence requirement: chosen source and allocation rationale must be reconstructible
 - Production completion condition: one canonical funding decision path is documented and validated
 ## 11.5 Liquidity source adapter model
 ### Current state
 - Source classes are referenced in treasury and correspondent-bank materials, but no canonical adapter model is yet frozen for each source family.
 - The canonical production checklist row is:
  - [Liquidity source adapters](docs/03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md)
 ### Target role
 - normalize access to internal treasury pools, bank lines, correspondent banks, and optional on-chain liquidity
 - hide transport/auth differences behind one adapter family
 - return funding availability, hold, release, and confirmation events into the liquidity engine
 ### Required integrations
 - liquidity pooling and aggregation engine
 - correspondent-bank and global-bank rails
 - treasury controls and operator policies
 - optional Chain 138 or sidecar/provider adapters
 ### Current gaps
 - No adapter catalog yet exists for source families.
 - No required minimum adapter contract is yet documented.
 ### Execution artifacts
 - [docs/03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](docs/03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md)
 - [docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md](docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md)
 - [docs/03-deployment/DBIS_RTGS_FX_AND_LIQUIDITY_OPERATING_MODEL.md](docs/03-deployment/DBIS_RTGS_FX_AND_LIQUIDITY_OPERATING_MODEL.md)
 ### Contract — Liquidity source adapter
 - Owning subsystem: Treasury / integrations layer
 - Required integrations: liquidity engine, bank/correspondent paths, treasury controls
 - Canonical business object or event: liquidity quote, hold confirmation, release confirmation, failure reason
 - Reconciliation / evidence requirement: source selection and adapter result must be linked to the settlement package
 - Production completion condition: each in-scope source class has a defined adapter contract and mandatory sources are validated
 ## 11.6 Custody / safekeeping / asset servicing architecture
 ### Current state
 - Custody and safekeeping obligations are referenced implicitly in correspondent-bank, securities, and evidence discussions, but not yet frozen as one canonical lifecycle.
 - The canonical production checklist row is:
  - [Custody / safekeeping / asset servicing flow](docs/03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md)
 ### Target role
 - manage safekeeping, transfer, entitlement, and servicing lifecycles
 - bind depository positions, custodian reporting, and settlement state into one auditable trail
 - produce holdings, statements, and servicing evidence for institutional participants
 ### Required integrations
 - depository / CSD layer
 - global custodian layer
 - OMNL participant and account model
 - RTGS settlement and evidence package
 ### Current gaps
 - No canonical custody lifecycle is yet frozen.
 - Corporate-action, entitlement, and servicing events are not yet mapped into reconciliation artifacts.
 ### Execution artifacts
 - [docs/03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](docs/03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md)
 - [docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md](docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md)
 - [docs/03-deployment/DBIS_RTGS_DEPOSITORY_AND_CUSTODY_OPERATING_MODEL.md](docs/03-deployment/DBIS_RTGS_DEPOSITORY_AND_CUSTODY_OPERATING_MODEL.md)
 ### Sequence and state view
 ```mermaid
 sequenceDiagram
    participant DEP as Depository / CSD
    participant CUST as Custodian
    participant ORCH as RTGS Orchestrator
    participant OMNL as OMNL / Fineract
    participant EVIDENCE as Evidence Package
    DEP->>CUST: Position / entitlement update
    CUST->>ORCH: Safekeeping or servicing instruction
    ORCH->>OMNL: Accounting impact or fee posting
    OMNL-->>ORCH: Posting confirmation
    ORCH->>EVIDENCE: Reconciliation and servicing references
    EVIDENCE-->>CUST: Statement / audit package references
 ```
 ```mermaid
 stateDiagram-v2
    [*] --> Registered
    Registered --> Safekept
    Safekept --> Transferred
    Safekept --> Serviced
    Transferred --> Reconciled
    Serviced --> Reconciled
    Reconciled --> Reported
    Reported --> [*]
 ```
 ### Contract — Custody, safekeeping, and asset-servicing lifecycle
 - Owning subsystem: Custody operations / product architecture layer
 - Required integrations: depository, custodian, OMNL, evidence package
 - Canonical business object or event: custody instruction, holdings statement, servicing event
 - Reconciliation / evidence requirement: holdings, statements, and servicing events must reconcile to settlement and participant records
 - Production completion condition: one end-to-end custody lifecycle is documented and validated with reconciliation/evidence output
 ---
 # SECTION 12 — CROSS-CHAIN INTEROPERABILITY DESIGN
 ## Current state
 - CCIP relay and Chain 138 cross-chain infrastructure exist in the broader stack.
 - Hyperledger Cacti is not currently proven as the live interoperability engine for DBIS in this environment.
 ## Planning rule
 This plan must refer to Cacti as `future / optional` until a deployed and validated Cacti environment is evidenced in discovery artifacts.
 ---
 # SECTION 13 — DEVSECOPS PIPELINE
 ## Required execution model
 1. Source control
 2. Build / validation
 3. Security and config review
 4. Service verification
 5. Deployment
 6. Monitoring and readiness evidence
 ## Repo-backed implementation
 - discovery scripts
 - RPC health checks
 - route / explorer verification
 - operator runbooks
 - submodule hygiene and deployment docs
 The pipeline is partially implemented via scripts and runbooks; it is not yet a single unified CI/CD system for every DBIS workload.
 ---
 # SECTION 14 — PERFORMANCE VALIDATION
 ## Current state
 - Hyperledger Caliper is not vendored in this repo.
 - A documented performance hook exists instead of a committed benchmark harness.
 ## Canonical artifact
 - [docs/03-deployment/CALIPER_CHAIN138_PERF_HOOK.md](docs/03-deployment/CALIPER_CHAIN138_PERF_HOOK.md)
 ## Interpretation rule
 Performance benchmarking is planned and documented, but not yet a routine automated readiness gate.
 ---
 # SECTION 15 — MONITORING AND OBSERVABILITY
 ## Deployed now
 - Explorer / Blockscout
 - Besu RPC health verification
 - operational checks and route verification scripts
 ## Partially deployed / under validation
 - Hyperledger-side service health beyond CT status
 - unified status reporting for the broader DLT stack
 ---
 # SECTION 16 — DISASTER RECOVERY DESIGN
 ## Target state
 - RPO / RTO by workload tier
 - cross-site replication
 - cold / standby recovery paths
 ## Current state
 DR remains a program requirement, not a fully evidenced completed deployment capability.
 ---
 # SECTION 17 — PRODUCTION DEPLOYMENT WORKFLOW
 ## Phase 1 — Reality mapping
 Canonical implementation:
 - [scripts/verify/run-phase1-discovery.sh](scripts/verify/run-phase1-discovery.sh)
 - [docs/03-deployment/PHASE1_DISCOVERY_RUNBOOK.md](docs/03-deployment/PHASE1_DISCOVERY_RUNBOOK.md)
 ## Phase 2 — Sovereignization roadmap
 Canonical implementation:
 - [docs/02-architecture/DBIS_PHASE2_PROXMOX_SOVEREIGNIZATION_ROADMAP.md](docs/02-architecture/DBIS_PHASE2_PROXMOX_SOVEREIGNIZATION_ROADMAP.md)
 ## Phase 3 — Liveness and production-simulation wrapper
 Canonical implementation:
 - [scripts/verify/run-dbis-phase3-e2e-simulation.sh](scripts/verify/run-dbis-phase3-e2e-simulation.sh)
 - [docs/03-deployment/DBIS_PHASE3_E2E_PRODUCTION_SIMULATION_RUNBOOK.md](docs/03-deployment/DBIS_PHASE3_E2E_PRODUCTION_SIMULATION_RUNBOOK.md)
 ---
 # SECTION 18 — END-TO-END PRODUCTION FLOW
 ## Reference flow
 1. Identity issued
 2. Credential verified
 3. Workflow triggered
 4. Settlement executed
 5. Cross-chain sync
 6. Compliance recorded
 7. Final settlement confirmed
 ## Current interpretation
 This is the target business flow. Current automation verifies only selected infrastructure slices of that flow:
 - Besu liveness
 - optional FireFly HTTP
 - operator-guided manual follow-ups for Indy / Fabric / CCIP
 - the currently recommended narrow RTGS first slice documented in:
  - [docs/03-deployment/DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md](docs/03-deployment/DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md)
  - [docs/03-deployment/DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md](docs/03-deployment/DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md)
 It must not be represented as fully automated end-to-end execution today.
 ---
 # SECTION 19 — EXECUTION DIRECTIVES
 Cursor / operators should execute the following in order:
 1. Run Phase 1 discovery and review the critical failure summary.
 2. Reconcile node-role matrix conflicts, especially duplicate IP planning entries.
 3. Validate live Hyperledger CTs at the app layer, not only CT status.
 4. Track sovereignization gaps in the Phase 2 roadmap.
 5. Run the Phase 3 liveness wrapper and manual follow-ups.
 6. Produce or refresh readiness evidence.
 These directives must map to repo scripts and docs, not hypothetical tooling.
 ---
 # SECTION 20 — EXPECTED DELIVERABLES
 The executable deliverables in this repository are:
 1. Infrastructure inventory report
 2. Node role assignment map
 3. Phase 2 sovereignization roadmap
 4. Phase 3 liveness simulation runbook
 5. Caliper performance hook
 6. Operator readiness checklist
 Separate security compliance and benchmark reports remain future deliverables unless explicitly generated.
 ---
 # SECTION 21 — CURRENT GAPS
 ## Infrastructure gaps
 - FireFly secondary `6201` is currently stopped and should be treated as retired / standby until intentionally rebuilt.
 - Fabric CTs are present in inventory, but current app-level verification did not prove active Fabric peer or orderer services and did not show meaningful Fabric payloads; they are now intentionally stopped as reserved placeholders.
 - Indy CTs are present in inventory, but current app-level verification did not prove active Indy validator listeners and did not show meaningful Indy payloads; they are now intentionally stopped as reserved placeholders.
 - The current per-node app-level evidence table is maintained in [docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md](docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md).
 ## Platform gaps
 - Ceph-backed distributed storage is still roadmap work.
 - Full VLAN / sovereign network segmentation is still roadmap work.
 - Final entity ownership assignments remain incomplete.
 - The selected first-slice HYBX sidecars are now deployed internally on Proxmox VE and healthy at the runtime level.
 - The `mifos-fineract-sidecar` lane has now completed at least one authenticated live OMNL / Fineract transfer posting, but the broader participant model, Chain 138 settlement leg, reconciliation/evidence output, and the `server-funds-sidecar` / `off-ledger-2-on-ledger-sidecar` business flows are still not frozen end to end.
 ## Planning gaps
 - Future-state architecture items must remain clearly labeled as planned, not deployed.
 ---
 # SECTION 22 — IMPLEMENTATION ARTIFACTS
 Executable counterparts in this repository:
 | Deliverable | Location |
 |-------------|----------|
 | Node Role Matrix | `docs/02-architecture/DBIS_NODE_ROLE_MATRIX.md` |
 | Phase 1 discovery | `scripts/verify/run-phase1-discovery.sh`, `docs/03-deployment/PHASE1_DISCOVERY_RUNBOOK.md`, `reports/phase1-discovery/` |
 | Phase 2 roadmap | `docs/02-architecture/DBIS_PHASE2_PROXMOX_SOVEREIGNIZATION_ROADMAP.md` |
 | Phase 3 liveness wrapper | `scripts/verify/run-dbis-phase3-e2e-simulation.sh`, `docs/03-deployment/DBIS_PHASE3_E2E_PRODUCTION_SIMULATION_RUNBOOK.md` |
 | Production gate | `docs/03-deployment/DBIS_PHASES_1_TO_3_PRODUCTION_GATE.md` |
 | RTGS canonical production checklist | `docs/03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md` |
 | RTGS FX transaction catalog | `docs/03-deployment/DBIS_RTGS_FX_TRANSACTION_CATALOG.md` |
 | RTGS depository and custody operating model | `docs/03-deployment/DBIS_RTGS_DEPOSITORY_AND_CUSTODY_OPERATING_MODEL.md` |
 | RTGS FX and liquidity operating model | `docs/03-deployment/DBIS_RTGS_FX_AND_LIQUIDITY_OPERATING_MODEL.md` |
 | RTGS control-plane deployment checklist | `docs/03-deployment/DBIS_RTGS_CONTROL_PLANE_DEPLOYMENT_CHECKLIST.md` |
 | RTGS control-plane deployment scripts | `scripts/deployment/create-dbis-rtgs-control-plane-lxcs.sh`, `scripts/deployment/deploy-dbis-rtgs-control-plane.sh`, `scripts/verify/check-dbis-rtgs-control-plane.sh` |
 | RTGS later-phase sidecars deployment checklist | `docs/03-deployment/DBIS_RTGS_LATER_PHASE_SIDECARS_DEPLOYMENT_CHECKLIST.md` |
 | RTGS later-phase sidecars deployment scripts | `scripts/deployment/create-dbis-rtgs-later-phase-sidecar-lxcs.sh`, `scripts/deployment/deploy-dbis-rtgs-later-phase-sidecars.sh`, `scripts/verify/check-dbis-rtgs-later-phase-sidecars.sh` |
 | Indonesia / BNI E2E integration blueprint | `docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md` |
 | RTGS first-slice architecture | `docs/03-deployment/DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md` |
 | RTGS first-slice deployment checklist | `docs/03-deployment/DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md` |
 | Caliper hook | `docs/03-deployment/CALIPER_CHAIN138_PERF_HOOK.md`, `scripts/verify/print-caliper-chain138-stub.sh` |
 | Operator readiness checklist | `docs/00-meta/OPERATOR_READY_CHECKLIST.md` section 10 |
--- a/2
+++ b/2
--- a/docs/00-meta/ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md
+++ b/docs/00-meta/ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md
@@ -270,7 +270,7 @@
 | R18 | Ensure Blockscout (VMID 5000) is up and /api reachable | Health checks |
 | R19 | Run forge test before deploying; integration tests where available | Pre-deploy |
 | R20 | NatSpec on public contract functions | Code quality |
-| R21 | When The Order deployed: NPMplus proxy host; document in RPC_ENDPOINTS_MASTER | Sankofa/The Order go-live |
+| R21 | **Done 2026-03:** NPMplus Order via 10210; documented in RPC_ENDPOINTS_MASTER, ALL_VMIDS | Complete |
 | R22 | Document or configure blocks #2–#6 in NETWORK_ARCHITECTURE | When decided |
 | R23 | Scripts: progress indicators; --dry-run; config validation | Script updates |
 | R24 | Keep config/token-mapping.json as single source of truth for 138↔Mainnet | Adding tokens |
@@ -299,8 +299,8 @@
 | Item | Recommendation |
 |------|----------------|
-| the-order.sankofa.nexus | When The Order portal deployed: add NPMplus proxy host; document in RPC_ENDPOINTS_MASTER, ALL_VMIDS_ENDPOINTS |
+| the-order.sankofa.nexus | **Live:** NPM → `192.168.11.39:80` (10210 → portal :3000) |
-| Sankofa cutover plan | Replace &lt;TARGET_IP&gt;, &lt;TARGET_PORT&gt;, TBDs with actual IPs/ports when deployed |
+| Sankofa cutover plan | **Updated** v1.1 (2026-03-27); legacy API snippets may still use &lt;TARGET_*&gt; |
 | sankofa.nexus / phoenix routing | Ensure NPMplus proxy targets 192.168.11.51:3000 and 192.168.11.50:4000 per master docs; only explorer.d-bis.org → 192.168.11.140 |
 | Public blocks #2–#6 | Document in NETWORK_ARCHITECTURE / NETWORK_CONFIGURATION_MASTER when assigned or mark reserved |
--- a/docs/00-meta/ALL_RECOMMENDATIONS_HIGH_PRIORITY.md
+++ b/docs/00-meta/ALL_RECOMMENDATIONS_HIGH_PRIORITY.md
@@ -125,7 +125,7 @@ Full operator actions: **[RECOMMENDATIONS_OPERATOR_CHECKLIST.md](RECOMMENDATIONS
 | R8–R11 | RPC_URL_138; GAS_PRICE on 138; phased deploy; nonce/tx stuck runbooks |
 | R12–R16 | Keep runbooks in sync; document addresses per chain; run verification after deploy; env per env |
 | R17–R20 | Monitor bridges; Blockscout up; forge test pre-deploy; NatSpec |
-| R21–R24 | The Order NPMplus; blocks #2–#6; script progress/dry-run/validation; token-mapping.json source of truth |
+| R21–R24 | **R21 done 2026-03** (Order NPM/10210); R22 blocks #2–#6; R23 script UX/validation; R24 token-mapping.json |
 ---
--- a/docs/00-meta/ALL_RECOMMENDATIONS_OPERATOR_ONLY.md
+++ b/docs/00-meta/ALL_RECOMMENDATIONS_OPERATOR_ONLY.md
@@ -96,9 +96,9 @@
 | # | Action | When |
 |---|--------|------|
-| R21 | The Order / Sankofa NPMplus proxy host | When The Order portal deployed: add proxy; document in RPC_ENDPOINTS_MASTER, ALL_VMIDS_ENDPOINTS |
+| R21 | The Order / Sankofa NPMplus | **Done 2026-03** — Order → 10210 `.39:80`; see ALL_VMIDS, RPC_ENDPOINTS_MASTER |
 | R22 | Document or configure blocks #2–#6 in NETWORK_ARCHITECTURE | When decided |
-| Sankofa cutover | Replace &lt;TARGET_IP&gt;, &lt;TARGET_PORT&gt;, TBDs in SANKOFA_CUTOVER_PLAN | When deployed |
+| Sankofa cutover | **Done** — SANKOFA_CUTOVER_PLAN v1.1; fleet script `update-npmplus-proxy-hosts-api.sh` |
 | 75–81 | VLAN enablement, observability stack, CCIP fleet, sovereign tenants, missing containers | Per NEXT_STEPS_MASTER and deployment phases |
 ---
--- a/docs/00-meta/ARCHIVE_CANDIDATES.md
+++ b/docs/00-meta/ARCHIVE_CANDIDATES.md
@@ -39,11 +39,11 @@
 **Last consolidation run:** 2026-02-05. Moved 32 files from `docs/00-meta/` to `docs/archive/00-meta-status/`. See `docs/archive/00-meta-status/` for the list.
-**2026-02-08 prune/archive:** Superseded 05-network docs → `archive/05-network-superseded/` (stubs in 05-network). **Batch 1:** 10 redundant 00-meta docs → `archive/00-meta-pruned/`. **Batch 2:** 17 planning/script/audit docs (DEPLOYMENT_MASTER_DOC_PLAN, script reduction/audit set, migration/framework set, BREAKING_CHANGES, TODOS_COMPLETION_SUMMARY, etc.) → `archive/00-meta-pruned/`. See `archive/00-meta-pruned/README.md` and `archive/05-network-superseded/README.md`.
+**2026-02-08 prune/archive:** Superseded 05-network docs → `docs/archive/05-network-superseded/` (stubs in `docs/05-network/`). **Batch 1:** 10 redundant 00-meta docs → `docs/archive/00-meta-pruned/`. **Batch 2:** 17 planning/script/audit docs → `docs/archive/00-meta-pruned/`.
 **2026-02-16:** **Batch 3:** 3 Blitzkrieg dated exports (Blitzkrieg_Super_Pro_Max_Plan_2026-02-13.md, .txt, .json) → `archive/00-meta-pruned/`. Canonical plan remains `00-meta/BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN.md`. **Note:** `DOCUMENTATION_FIXES_COMPLETE.md` does not exist; completed fixes are in [DOCUMENTATION_FIX_TASK_LIST.md](DOCUMENTATION_FIX_TASK_LIST.md).
-**2026-02-20:** **Batch 4:** 12 one-off/dated docs from 00-meta → `archive/00-meta-pruned/`: COMPLETION_STATUS_20260215, MASTER_DOCUMENTATION_REVIEW_20260205, DOCUMENTATION_REVIEW_20260216, DOCUMENTATION_REVIEW_CONTINUED_20260216, COMPREHENSIVE_DOCUMENTATION_REVIEW_2026-01-31, DOCUMENTATION_UPGRADE_SUMMARY, DOCUMENTATION_REVIEW, DOCUMENTATION_METRICS, DOCUMENTATION_RELATIONSHIP_MAP (duplicate of DOCUMENT_RELATIONSHIP_MAP), JNA_WHY_NOT_WORKING_REVIEW, VMID_2101_CHANGES_AND_FAILURES, COMPREHENSIVE_PROJECT_REVIEW. **Batch 5:** CONTINUE_AND_COMPLETE, FULL_PARALLEL_RUN_LOG → 00-meta-pruned. **Root cleanup:** ALL_TASKS_COMPLETE → archive/root-status-reports; 40+ root status/temp files + screenshots → [archive/root-cleanup-20260220/](../archive/root-cleanup-20260220/README.md). fix-wsl-ip.sh → scripts/. **Added:** DOCUMENTATION_CONSOLIDATION_PLAN, NEXT_STEPS_INDEX. See archive/00-meta-pruned/README.md Batches 4–5.
+**2026-02-20:** **Batch 4:** 12 one-off/dated docs from 00-meta → `docs/archive/00-meta-pruned/`: COMPLETION_STATUS_20260215, MASTER_DOCUMENTATION_REVIEW_20260205, DOCUMENTATION_REVIEW_20260216, DOCUMENTATION_REVIEW_CONTINUED_20260216, COMPREHENSIVE_DOCUMENTATION_REVIEW_2026-01-31, DOCUMENTATION_UPGRADE_SUMMARY, DOCUMENTATION_REVIEW, DOCUMENTATION_METRICS, DOCUMENTATION_RELATIONSHIP_MAP (duplicate of DOCUMENT_RELATIONSHIP_MAP), JNA_WHY_NOT_WORKING_REVIEW, VMID_2101_CHANGES_AND_FAILURES, COMPREHENSIVE_PROJECT_REVIEW. **Batch 5:** CONTINUE_AND_COMPLETE, FULL_PARALLEL_RUN_LOG → `docs/archive/00-meta-pruned/`. **Root cleanup:** ALL_TASKS_COMPLETE → `docs/archive/root-status-reports/`; 40+ root status/temp files + screenshots → `docs/archive/root-cleanup-20260220/`. fix-wsl-ip.sh → `scripts/fix-wsl-ip.sh`. **Added:** DOCUMENTATION_CONSOLIDATION_PLAN, NEXT_STEPS_INDEX.
 **2026-03-02:** Review only. docs/MASTER_INDEX.md and docs/README.md created; RUNBOOKS_MASTER_INDEX.md added (redirect). Deprecated list in MASTER_INDEX. ALL_IMPROVEMENTS_AND_GAPS_INDEX remains as redirect; canonical = ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.
--- a/docs/00-meta/BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN.md
+++ b/docs/00-meta/BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN.md
@@ -172,7 +172,7 @@ Dry-run deployments and cross-chain reconciliation.
 Source: NOT_CHANGED_BY_DESIGN.
 **Configuration and DNS (R21–R22)**  
-Sankofa alignment and configuration blocks 2–6.  
+Sankofa zone NPM/docs **aligned (R21 done 2026-03)**; blocks #2–#6 still TBD.  
 Source: ALL_REQUIREMENTS.
 **Quick Wins (R23)**  
--- a/docs/00-meta/CONTRIBUTOR_GUIDELINES.md
+++ b/docs/00-meta/CONTRIBUTOR_GUIDELINES.md
@@ -1,7 +1,7 @@
 # Contributor Guidelines
-**Last Updated:** 2025-01-20  
+**Last Updated:** 2026-03-27  
-**Document Version:** 1.0  
+**Document Version:** 1.1  
 **Status:** Active Documentation
 ---
@@ -195,13 +195,25 @@ This document provides guidelines for contributing to the documentation, includi
 ---
 ## Git submodules (proxmox parent repo)
 This workspace vendors many repositories under `git submodule`. Guidelines:
 1. **Detached HEAD** after `git submodule update` is normal when you are not developing inside the submodule.
 2. **To contribute code in a submodule:** `cd` into it, `git checkout main` (or the repo’s default branch), branch/commit as usual, **push that submodule’s remote**, then at the **parent** root run `git add <path>` and commit the updated submodule SHA, then push the parent.
 3. **Never commit secrets** in submodule JSON “reference” files under `config/`; those snapshots are for public addresses only. See [SUBMODULE_HYGIENE.md](SUBMODULE_HYGIENE.md).
 4. **Verify clean trees** before tagging or CI: `bash scripts/verify/submodules-clean.sh` from the parent root.
 ---
 ## Related Documentation
 - **[DOCUMENTATION_STYLE_GUIDE.md](DOCUMENTATION_STYLE_GUIDE.md)** ⭐⭐⭐ - Style guide
 - **[MASTER_INDEX.md](../MASTER_INDEX.md)** ⭐⭐⭐ - Documentation index
- **[DOCUMENTATION_METRICS.md](../archive/00-meta-pruned/DOCUMENTATION_METRICS.md)** ⭐ - Documentation health and review
+- **[SUBMODULE_HYGIENE.md](SUBMODULE_HYGIENE.md)** — submodule workflow, explorer remotes, JSON config notes
 - **[DOCUMENTATION_CONSOLIDATION_PLAN.md](DOCUMENTATION_CONSOLIDATION_PLAN.md)** — consolidation scope; **[DOCUMENTATION_QUALITY_REVIEW.md](DOCUMENTATION_QUALITY_REVIEW.md)** — quality review
 ---
-**Last Updated:** 2025-01-20  
+**Last Updated:** 2026-03-27  
 **Review Cycle:** Quarterly
--- a/docs/00-meta/DOCUMENTATION_CONSOLIDATION_PLAN.md
+++ b/docs/00-meta/DOCUMENTATION_CONSOLIDATION_PLAN.md
@@ -3,7 +3,7 @@
 **Last Updated:** 2026-03-02  
 **Purpose:** Review, consolidate, and prune markdown docs. Single reference for what to keep, merge, or archive.
-**Related:** [ARCHIVE_CANDIDATES.md](ARCHIVE_CANDIDATES.md) | [archive/00-meta-pruned/README.md](../archive/00-meta-pruned/README.md). (Dated review docs, e.g. DOCUMENTATION_REVIEW_20260216, are in archive/00-meta-pruned.)
+**Related:** [ARCHIVE_CANDIDATES.md](ARCHIVE_CANDIDATES.md) — inventory of moved material. Dated review docs from 2026-02 live only on disk under `docs/archive/`; **active runbooks should not link there** — use [MASTER_INDEX.md](../MASTER_INDEX.md) and living paths in this plan.
 ---
@@ -123,7 +123,7 @@ Moved to `docs/archive/00-meta-pruned/` in 2026-02-20 batch:
 **Kept at root:** README.md, PROJECT_STRUCTURE.md, INTEGRATIONS_QUICK_REFERENCE.md, COMPREHENSIVE_STATUS_BRIDGE_READY.md (linked from docs), package.json, pnpm-lock.yaml, pnpm-workspace.yaml, renovate.json, .env.example, claude_desktop_config.json.example, token-list.json, .gitignore, .gitmodules.
-**Moved:** 40+ status/completion/temp files and screenshots → [docs/archive/root-cleanup-20260220/](../archive/root-cleanup-20260220/README.md). **fix-wsl-ip.sh** → scripts/fix-wsl-ip.sh.
+**Moved:** 40+ status/completion/temp files and screenshots → `docs/archive/root-cleanup-20260220/` (on disk; not a doc navigation target). **fix-wsl-ip.sh** → `scripts/fix-wsl-ip.sh`.
 ---
--- a/docs/00-meta/DOCUMENTATION_FIX_TASK_LIST.md
+++ b/docs/00-meta/DOCUMENTATION_FIX_TASK_LIST.md
@@ -234,7 +234,7 @@
 ## 7. Related Documents
- **[COMPREHENSIVE_DOCUMENTATION_REVIEW_2026-01-31.md](../archive/00-meta-pruned/COMPREHENSIVE_DOCUMENTATION_REVIEW_2026-01-31.md)** – Full review methodology and findings
+- **[DOCUMENTATION_CONSOLIDATION_PLAN.md](DOCUMENTATION_CONSOLIDATION_PLAN.md)** — scope and keep/archive decisions; **[DOCUMENTATION_QUALITY_REVIEW.md](DOCUMENTATION_QUALITY_REVIEW.md)** — ongoing quality bar
 - **[DOCUMENTATION_QUALITY_REVIEW.md](DOCUMENTATION_QUALITY_REVIEW.md)** – Duplicates, gaps, inconsistencies
 - **[DOCUMENTATION_ENHANCEMENTS_RECOMMENDATIONS.md](DOCUMENTATION_ENHANCEMENTS_RECOMMENDATIONS.md)** – Content, visual, organization, usability
 - **[DOCUMENTATION_STYLE_GUIDE.md](DOCUMENTATION_STYLE_GUIDE.md)** – Standards for headers, naming, markdown
--- a/docs/00-meta/DOTENV_AND_MARKDOWN_AUDIT_GAPS_AND_RECOMMENDATIONS.md
+++ b/docs/00-meta/DOTENV_AND_MARKDOWN_AUDIT_GAPS_AND_RECOMMENDATIONS.md
@@ -28,7 +28,7 @@
 | **RPC_URL_138** | Deploy, verify, on-chain checks | Use IP:port for deploy: `http://192.168.11.211:8545` |
 | **ETH_MAINNET_RPC_URL** / **ETHEREUM_MAINNET_RPC** | Mainnet verify, CCIP, relay | Infura/Alchemy |
 | **CCIPWETH9_BRIDGE_CHAIN138**, **CCIPWETH10_BRIDGE_CHAIN138** | Bridge scripts, token-aggregation, routing | Canonical: WETH9 `0xcacfd227A040002e49e2e01626363071324f820a`; WETH10 `0xe0E93247376aa097dB308B92e6Ba36bA015535D0` |
-| **CHAIN_138_DODO_PMM_INTEGRATION** | Token-aggregation indexer, quotes | `0x79cdbaFBaA0FdF9F55D26F360F54cddE5c743F7D` |
+| **CHAIN_138_DODO_PMM_INTEGRATION** | Token-aggregation indexer, quotes | `0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d` |
 | **CUSDT_ADDRESS_138**, **CUSDC_ADDRESS_138** | Scripts, token-aggregation | Canonical in EXPLORER_TOKEN_LIST_CROSSCHECK §5 |
 | **DATABASE_URL** | Token-aggregation DB, migrations | When using PostgreSQL (e.g. VMID 5000) |
 | **CRONOS_RPC**, **CELO_RPC**, **WEMIX_RPC**, **GNOSIS_RPC** | complete-config-ready-chains, deployer-gas | Celo: CELO_RPC; Wemix: WEMIX_RPC; etc. |
--- a/docs/00-meta/FULL_PARALLEL_EXECUTION_ORDER.md
+++ b/docs/00-meta/FULL_PARALLEL_EXECUTION_ORDER.md
@@ -5,7 +5,7 @@
 **Sources:** [TODO_TASK_LIST_MASTER.md](TODO_TASK_LIST_MASTER.md), [REMAINING_TASKS_NEXT_STEPS_PHASES_REVIEW.md](REMAINING_TASKS_NEXT_STEPS_PHASES_REVIEW.md), [PARALLEL_TASK_STRUCTURE.md](PARALLEL_TASK_STRUCTURE.md), [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](../ALL_IMPROVEMENTS_AND_GAPS_INDEX.md). **Single plan (required/optional/recommended):** [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md).
-**Run log:** [FULL_PARALLEL_RUN_LOG.md](../archive/00-meta-pruned/FULL_PARALLEL_RUN_LOG.md) (archived) — record of what was executed by wave (2026-02-05).  
+**Run record (2026-02-05):** [REMAINING_ITEMS_FULL_PARALLEL_LIST.md](REMAINING_ITEMS_FULL_PARALLEL_LIST.md) (batch 11 summary); **current validation:** `./scripts/validation/validate-config-files.sh`, `./scripts/verify/run-all-validation.sh`.  
 **Wave 1 status:** [WAVE1_COMPLETION_SUMMARY.md](WAVE1_COMPLETION_SUMMARY.md). **Wave 2/3 checklist:** [WAVE2_WAVE3_OPERATOR_CHECKLIST.md](WAVE2_WAVE3_OPERATOR_CHECKLIST.md).  
 **Full remaining list (all items by wave):** [REMAINING_ITEMS_FULL_PARALLEL_LIST.md](REMAINING_ITEMS_FULL_PARALLEL_LIST.md).
--- a/docs/00-meta/MAINNET_LIQUIDITY_AND_RAMPS_PRIORITY.md
+++ b/docs/00-meta/MAINNET_LIQUIDITY_AND_RAMPS_PRIORITY.md
@@ -36,7 +36,7 @@ Without mainnet liquidity, users cannot receive value when bridging from Chain 1
 | Step | Action |
 |------|--------|
 | 1 | Ensure deployer has WETH on mainnet (swap ETH→WETH or receive WETH). |
-| 2 | Run: `./scripts/bridge/fund-mainnet-relay-bridge.sh [amount_wei]` (omit for full balance). Env: `PRIVATE_KEY`, `ETHEREUM_MAINNET_RPC` (or `RPC_URL_MAINNET`). |
+| 2 | Run: `./scripts/bridge/fund-mainnet-relay-bridge.sh [amount_wei]` (omit for full deployer WETH balance). Env: `PRIVATE_KEY`, `ETHEREUM_MAINNET_RPC` (or `RPC_URL_MAINNET`), `CCIP_RELAY_BRIDGE_MAINNET`. |
 | 3 | Verify bridge balance: `cast call 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2 "balanceOf(address)(uint256)" 0xF9A32F37099c582D28b4dE7Fca6eaC1e5259f939 --rpc-url $ETHEREUM_MAINNET_RPC`. |
 **Refs:** [CCIP_BRIDGE_MAINNET_CONNECTION](../07-ccip/CCIP_BRIDGE_MAINNET_CONNECTION.md), [REMAINING_WORK_BREAKDOWN_AND_ANSWERS](REMAINING_WORK_BREAKDOWN_AND_ANSWERS.md) § 2.6.
@@ -48,6 +48,8 @@ Without mainnet liquidity, users cannot receive value when bridging from Chain 1
 3. Run `fund-mainnet-lp.sh --eth 1 --weth 0.5`.  
 4. Run `fund-mainnet-relay-bridge.sh` if using CCIP relay.
 **Current operator target:** see [FINAL_UNBLOCK_CHECKLIST_MAINNET_BSC](../03-deployment/FINAL_UNBLOCK_CHECKLIST_MAINNET_BSC.md) for exact current-to-target top-up deltas.
 ---
 ## Priority 2 — Wire off-ramps and on-ramps
--- a/docs/00-meta/MASTER_PLAN.md
+++ b/docs/00-meta/MASTER_PLAN.md
@@ -119,7 +119,7 @@ flowchart TB
 Consolidated from [GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md](../GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md), [REQUIRED_FIXES_UPDATES_GAPS.md](../REQUIRED_FIXES_UPDATES_GAPS.md), [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](../ALL_IMPROVEMENTS_AND_GAPS_INDEX.md), and [NEXT_STEPS_MASTER.md](NEXT_STEPS_MASTER.md). Detailed tables stay in those docs; below are the resolution rules.
 - **Secrets and API keys:** No real keys in `.env.example` (token-aggregation, root); use placeholders; document in [MASTER_SECRETS_INVENTORY.md](../04-configuration/MASTER_SECRETS_INVENTORY.md). Rotate any exposed keys.
- **Config/DNS TBDs:** the-order.sankofa.nexus, Sankofa cutover plan `<TARGET_IP>`, RPC_ENDPOINTS_MASTER placeholders — **When The Order / Sankofa deployed, update NPMplus and docs; remove TBD.**
+- **Config/DNS (Sankofa zone):** **Done 2026-03** — the-order via **10210** `192.168.11.39:80`; cutover plan v1.1; RPC_ENDPOINTS_MASTER + ALL_VMIDS updated. Re-run `update-npmplus-proxy-hosts-api.sh` after infra changes. Legacy doc snippets may still show `<TARGET_IP>` in API examples.
 - **Network placeholders:** Public blocks #2–#6 in [NETWORK_ARCHITECTURE.md](../02-architecture/NETWORK_ARCHITECTURE.md) — **Document when assigned or mark reserved.**
 - **Code placeholders:** See Section 3.1 below (one-line resolution table).
 - **Documentation placeholders:** Emergency hotline and example URLs in dbis_core nostro-vostro — Done ("To be configured"). the-order REMAINING_TODOS.md — **Create or archive and fix links.**
@@ -131,8 +131,8 @@ Consolidated from [GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md](../GAPS_AND_RECOMME
 | Item | Location | Resolution |
 |------|----------|------------|
 | API keys in .env.example | token-aggregation, root | Replace with placeholders; document in MASTER_SECRETS_INVENTORY; rotate if exposed. |
-| the-order.sankofa.nexus | RPC_ENDPOINTS_MASTER, ALL_VMIDS_ENDPOINTS | When The Order portal deployed: add NPMplus proxy host and document IP:port. |
+| the-order.sankofa.nexus | RPC_ENDPOINTS_MASTER, ALL_VMIDS_ENDPOINTS | **Done:** NPM → 10210 `.39:80` → portal `:3000`. |
-| Sankofa cutover plan TBDs | SANKOFA_CUTOVER_PLAN | Replace `<TARGET_IP>`, `<TARGET_PORT>` when Sankofa deployed. |
+| Sankofa cutover plan | SANKOFA_CUTOVER_PLAN | **Done v1.1** — live tables; substitute `<TARGET_*>` only if reusing old API curl templates. |
 | sankofa.nexus / phoenix routes | RPC_ENDPOINTS_MASTER | Keep in sync with NPMplus; remove "placeholder (routes to Blockscout)" when pointing to Sankofa/Phoenix. |
 | Public blocks #2–#6 | NETWORK_ARCHITECTURE, NETWORK_CONFIGURATION_MASTER | Document when assigned or mark reserved. |
 | AlltraAdapter fee | AlltraAdapter.sol | Implement configurable setBridgeFee; document in PLACEHOLDERS_AND_TBD. Update when ALL Mainnet fee known. |
--- a/docs/00-meta/MASTER_TODO_EXPANDED.md
+++ b/docs/00-meta/MASTER_TODO_EXPANDED.md
@@ -60,7 +60,7 @@
 | R18 | Explorer health: Blockscout VMID 5000, /api reachable | [ ] |
 | R19 | Test before deploy: forge test smom-dbis-138, alltra-lifi-settlement; integration tests | [x] |
 | R20 | NatSpec on public contract functions | [x] |
-| R21 | Sankofa/The Order: when deployed add NPMplus proxy; RPC_ENDPOINTS_MASTER, SANKOFA_CUTOVER_PLAN TBDs | [ ] |
+| R21 | Sankofa/The Order: NPMplus + docs (10210 HAProxy path) | [x] |
 | R22 | Network placeholders: blocks #2–#6 in NETWORK_ARCHITECTURE when assigned | [ ] |
 | R23 | Scripts: progress indicators; --dry-run where missing; extend config validation | [x] |
@@ -252,9 +252,9 @@
 | Task | Status |
 |------|--------|
-| the-order.sankofa.nexus when portal deployed; NPMplus proxy + RPC_ENDPOINTS_MASTER | [ ] |
+| the-order.sankofa.nexus; NPMplus + RPC_ENDPOINTS_MASTER | [x] |
-| Sankofa cutover: replace TBDs in SANKOFA_CUTOVER_PLAN | [ ] |
+| Sankofa cutover: SANKOFA_CUTOVER_PLAN v1.1 | [x] |
-| NPMplus proxy: sankofa → 7801/.51:3000, phoenix → 7800/.50:4000; only explorer → .140 | [ ] |
+| NPMplus proxy: sankofa → .51:3000, phoenix → .50:4000, the-order → .39:80; only explorer → .140 | [x] |
 | Blocks #2–#6 in NETWORK_ARCHITECTURE when assigned | [ ] |
 ### smom-dbis-138 (GAPS §3)
--- a/docs/00-meta/NEXT_STEPS_ALL.md
+++ b/docs/00-meta/NEXT_STEPS_ALL.md
@@ -2,7 +2,7 @@
 **Last Updated:** 2026-02-08  
 **Purpose:** Single ordered list of everything left to do (Dev/Codespaces + general operator).  
-**Run-order checklist:** [CONTINUE_AND_COMPLETE.md](../archive/00-meta-pruned/CONTINUE_AND_COMPLETE.md) (archived) — commands in order when ready.  
+**Run-order:** [NEXT_STEPS_INDEX.md](NEXT_STEPS_INDEX.md) → [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md); completable first: `./scripts/run-completable-tasks-from-anywhere.sh`, then `./scripts/run-all-operator-tasks-from-lan.sh` from LAN.  
 **References:** [DEV_CODESPACES_NEXT_STEPS_CHECKLIST.md](../04-configuration/DEV_CODESPACES_NEXT_STEPS_CHECKLIST.md) | [NEXT_STEPS_OPERATOR.md](NEXT_STEPS_OPERATOR.md)  
 **Completion evidence:** [DEV_CODESPACES_COMPLETION_20260207.md](../04-configuration/verification-evidence/DEV_CODESPACES_COMPLETION_20260207.md)  
 **Secrets & remaining actions:** [REMAINING_ITEMS_DOTENV_AND_ACTIONS.md](../04-configuration/REMAINING_ITEMS_DOTENV_AND_ACTIONS.md)
--- a/docs/00-meta/NEXT_STEPS_AND_REMAINING_TODOS.md
+++ b/docs/00-meta/NEXT_STEPS_AND_REMAINING_TODOS.md
@@ -1,5 +1,7 @@
 # Next Steps and Remaining TODOs — Consolidated List
 > Historical note (2026-03-26): this consolidated TODO list includes superseded PMM-address references from earlier deployment phases. The current canonical Chain 138 PMM stack is `DODOPMMIntegration=0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d` and `DODOPMMProvider=0x5CAe6Ce155b7f08D3a956F5Dc82fC9945f29B381`.
 **Last Updated:** 2026-03-02  
 **Purpose:** Single checklist of all next steps and remaining tasks. **Single-file task list:** [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md). Items marked **Operator/LAN** require Proxmox access, deploy keys, or external parties; others can be done in-repo (code, config, docs).
@@ -71,7 +73,7 @@ Steps 1–2 and the Chain 138 “all in one” run (step 3) are **done** (2026-0
 |---|------|
 | — | **Preflight:** Passed (RPC Core, dotenv, nonce). |
 | — | **PMM pools:** All three created (cUSDT/cUSDC `0x9fcB…`, cUSDT/USDT `0xa3Ee…`, cUSDC/USDC `0x90bd…`). |
-| — | **DODOPMMProvider:** Deployed at `0x8EF6657D2a86c569F6ffc337EE6b4260Bd2e59d0`; all three pools registered via `RegisterDODOPools.s.sol`. |
+| — | **DODOPMMProvider:** Deployed at `0x5CAe6Ce155b7f08D3a956F5Dc82fC9945f29B381`; corrected canonical stack aligned via desired-state sync. |
 | — | **Operator script:** NPMplus RPC fix + backup + Blockscout verify run. |
 | — | **Wemix:** Re-fetched scan.wemix.com/tokens; WEMIX_TOKEN_VERIFICATION.md updated. |
 | — | **Docs:** PRE_DEPLOYMENT_CHECKLIST, LIQUIDITY_POOLS_MASTER_MAP updated. **Remaining (operator/external):** [WHATS_LEFT_OPERATOR_AND_EXTERNAL.md](WHATS_LEFT_OPERATOR_AND_EXTERNAL.md). |
--- a/docs/00-meta/NEXT_STEPS_INDEX.md
+++ b/docs/00-meta/NEXT_STEPS_INDEX.md
@@ -1,8 +1,10 @@
 # Next Steps — Index
-**Last Updated:** 2026-03-06  
+**Last Updated:** 2026-03-28  
 **Purpose:** Single entry point for "what to do next." Pick by audience and granularity.
 **Latest automation run (2026-03-28):** `./scripts/run-completable-tasks-from-anywhere.sh` completed (config validation, 61/61 on-chain, validation, reconcile print). `./scripts/run-all-operator-tasks-from-lan.sh --skip-backup` completed (NPMplus 40 hosts updated, Blockscout verification batch submitted). **Besu node lists:** push canonical `config/besu-node-lists/*` with `bash scripts/deploy-besu-node-lists-to-all.sh`; reload with `bash scripts/besu/restart-besu-reload-node-lists.sh` during a maintenance window if peers do not pick up static nodes without restart.
 **Documentation index:** [../MASTER_INDEX.md](../MASTER_INDEX.md) — canonical docs, deprecated list, and navigation.
 **Continue and complete (operator/LAN):** (1) `./scripts/run-completable-tasks-from-anywhere.sh` then (2) `./scripts/run-all-operator-tasks-from-lan.sh` (use `--skip-backup` if `NPM_PASSWORD` not set). Operator scripts load dotenv automatically.
--- a/docs/00-meta/NEXT_STEPS_OPERATOR.md
+++ b/docs/00-meta/NEXT_STEPS_OPERATOR.md
@@ -1,18 +1,36 @@
 # Next Steps — Operator Runbook
-**Last Updated:** 2026-02-20  
+**Last Updated:** 2026-03-26  
 **Purpose:** Single runbook of copy-paste commands for all remaining operator/LAN/creds steps. Use after automated steps are done.
 **References:** [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md), [WAVE2_WAVE3_OPERATOR_CHECKLIST.md](WAVE2_WAVE3_OPERATOR_CHECKLIST.md), [INFRA_DEPLOYMENT_LOCKED_AND_LOADED.md](../03-deployment/INFRA_DEPLOYMENT_LOCKED_AND_LOADED.md). **Single fixes checklist (required + optional):** [FIXES_PREPARED.md](../04-configuration/FIXES_PREPARED.md). **Full fixes (validators, block/tx, Sentries, RPCs, network, optional):** [FULL_FIXES_PREPARED.md](../04-configuration/FULL_FIXES_PREPARED.md). **All next steps (consolidated):** [NEXT_STEPS_ALL.md](NEXT_STEPS_ALL.md). **Dev/Codespaces (76.53.10.40):** [DEV_CODESPACES_NEXT_STEPS_CHECKLIST.md](../04-configuration/DEV_CODESPACES_NEXT_STEPS_CHECKLIST.md). **Dev/Codespaces completion evidence:** [DEV_CODESPACES_COMPLETION_20260207.md](../04-configuration/verification-evidence/DEV_CODESPACES_COMPLETION_20260207.md).
 ---
 ## Completed in this session (2026-03-26)
 | Item | Result |
 |------|--------|
 | NPMplus CT recovery | Port `81` on `192.168.11.167` accepted TCP but stalled at HTTP; `pct reboot 10233` on `r630-01` restored the expected `301`. |
 | NPMplus proxy host update | `NPM_URL=https://192.168.11.167:81 bash scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh` completed with **39 hosts updated, 0 failed**. |
 | Sankofa routing | `sankofa.nexus`, `www.sankofa.nexus`, `phoenix.sankofa.nexus`, `www.phoenix.sankofa.nexus`, `studio.sankofa.nexus`, and `the-order.sankofa.nexus` now pass in the public E2E profile. |
 | Public E2E verification | Latest run `bash scripts/verify/verify-end-to-end-routing.sh --profile=public` exited `0`; **Failed: 0**, **DNS passed: 37**, **HTTPS passed: 22**. DBIS, Mifos, and MIM4U public endpoints also passed. Evidence: `docs/04-configuration/verification-evidence/e2e-verification-20260326_115013/`. |
 | Private E2E verification | Latest run `bash scripts/verify/verify-end-to-end-routing.sh --profile=private` exited `0`; **Failed: 0**, **DNS passed: 4**. Private HTTP and WS RPC endpoints all passed. Evidence: `docs/04-configuration/verification-evidence/e2e-verification-20260326_120939/`. |
 | NPMplus backup | Fresh backup completed at `backups/npmplus/backup-20260326_115622.tar.gz`. |
 | Blockscout verification | `./scripts/verify/run-contract-verification-with-proxy.sh` completed; contracts were submitted or skipped if already verified. |
 | Private RPC redirect fix | `rpc-http-prv.d-bis.org` now responds with JSON-RPC `200` after updating the NPMplus host to stop forcing HTTPS redirects on POSTs. |
 | `.env` handling | NPM-only runs should use targeted `NPM_EMAIL` / `NPM_PASSWORD` extraction when exporting the full `.env` causes `Argument list too long`. |
 **Still from LAN:** no public or private E2E follow-up was needed in the latest runs; only re-run the maintenance section if those endpoints regress.
 ---
 ## Completed in this session (2026-02-20)
 | Item | Result |
 |------|--------|
 | Completable tasks | `run-completable-tasks-from-anywhere.sh` — config validation OK, on-chain 45/45, run-all-validation --skip-genesis OK, reconcile-env --print. |
-| Doc consolidation | NEXT_STEPS_INDEX, DOCUMENTATION_CONSOLIDATION_PLAN; Batch 4+5 → 00-meta-pruned; root cleanup → archive/root-cleanup-20260220; ARCHIVE_CANDIDATES "Last reviewed" set. |
+| Doc consolidation | NEXT_STEPS_INDEX, DOCUMENTATION_CONSOLIDATION_PLAN; batches and root cleanup recorded in [ARCHIVE_CANDIDATES.md](ARCHIVE_CANDIDATES.md) ("Last reviewed" set). |
 ## Completed in previous session (2026-02-19)
@@ -25,7 +43,7 @@
 | Optional Phase 9 | Smart accounts kit (informational) — ran; next: deploy EntryPoint/AccountFactory/Paymaster. |
 | E2E verification | `verify-end-to-end-routing.sh` with E2E_ACCEPT_502_INTERNAL=1 — run (report in verification-evidence). |
-**Still from LAN:** NPMplus backup, Blockscout verification, full 502/NPMplus proxy update. See [COMPLETION_STATUS_20260215](../archive/00-meta-pruned/COMPLETION_STATUS_20260215.md).
+**Still from LAN:** NPMplus backup, Blockscout verification, full 502/NPMplus proxy update. **Runbooks:** [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md), [../04-configuration/NPMPLUS_QUICK_REF.md](../04-configuration/NPMPLUS_QUICK_REF.md), [../04-configuration/EXPLORER_LINKS_AND_ISSUES_DIAGNOSTIC.md](../04-configuration/EXPLORER_LINKS_AND_ISSUES_DIAGNOSTIC.md) (`scripts/verify/check-explorer-links.sh`).
 ---
--- a/docs/00-meta/NOT_IMPLEMENTED_FULL_SCOPE.md
+++ b/docs/00-meta/NOT_IMPLEMENTED_FULL_SCOPE.md
@@ -71,7 +71,7 @@
 | Area | Deliverables |
 |------|--------------|
-| **Sankofa / The Order** | Checklist: replace &lt;TARGET_IP&gt;/&lt;TARGET_PORT&gt;; update ALL_VMIDS_ENDPOINTS, RPC_ENDPOINTS_MASTER; NPMplus proxy for the-order.sankofa.nexus; "where to update when done" (PLACEHOLDERS_AND_TBD, REMAINING_COMPONENTS). See [SANKOFA_THE_ORDER_CHECKLIST](../04-configuration/SANKOFA_THE_ORDER_CHECKLIST.md) or SANKOFA_CUTOVER_PLAN. |
+| **Sankofa / The Order** | **Routing done 2026-03** (NPM, ALL_VMIDS, RPC_ENDPOINTS_MASTER, SANKOFA_CUTOVER_PLAN v1.1, [SANKOFA_THE_ORDER_CHECKLIST](../04-configuration/SANKOFA_THE_ORDER_CHECKLIST.md)). This row retained for design-scope doc; implementation of app features (OMNIS SDK, legal vendors, etc.) remains separate. |
 | **OMNIS — Sankofa Phoenix SDK** | Integration spec: required SDK interface (getAuthUrl, validateToken, getUserInfo), env vars, fallback. See [OMNIS_SANKOFA_PHOENIX_SDK_INTEGRATION_SPEC](../04-configuration/OMNIS_SANKOFA_PHOENIX_SDK_INTEGRATION_SPEC.md). Dependency note in PLACEHOLDERS_AND_TBD / PLACEHOLDERS_AND_COMPLETION_MASTER_LIST: "Blocked on Sankofa Phoenix SDK availability." |
 | **the-order — legal-documents** | Vendor/implementation matrix (court-efiling, e-signature, document-security): Option, Prerequisites, Steps, "Where to update when done." See [LEGAL_DOCUMENTS_IMPLEMENTATION](LEGAL_DOCUMENTS_IMPLEMENTATION.md). Update GAPS_AND_RECOMMENDATIONS_CONSOLIDATED, PLACEHOLDERS_AND_COMPLETION_MASTER_LIST when done. |
 | **dbis_core** | Runbook or comment "When to implement": Prometheus when monitoring stack is up; Redis when caching needed. See [DBIS_CORE_WHEN_TO_IMPLEMENT](DBIS_CORE_WHEN_TO_IMPLEMENT.md). No new code; doc/checklist only. |
--- a/docs/00-meta/OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md
+++ b/docs/00-meta/OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md
@@ -39,8 +39,8 @@ Use this checklist when you have operator or LAN access to complete the remainin
 | # | Action | Notes |
 |---|--------|-------|
-| R21 | The Order / Sankofa NPMplus proxy host | When The Order portal deployed: add proxy in NPMplus; document in RPC_ENDPOINTS_MASTER, ALL_VMIDS_ENDPOINTS |
+| R21 | The Order / Sankofa NPMplus | **Done 2026-03** — see ALL_VMIDS, RPC_ENDPOINTS_MASTER, `update-npmplus-proxy-hosts-api.sh` |
-| Sankofa cutover | Replace &lt;TARGET_IP&gt;, &lt;TARGET_PORT&gt;, TBDs in SANKOFA_CUTOVER_PLAN with actual values |
+| Sankofa cutover | **Done** — SANKOFA_CUTOVER_PLAN v1.1 |
 | Blocks #2–#6 | Document in NETWORK_ARCHITECTURE / NETWORK_CONFIGURATION_MASTER when assigned or mark reserved |
 | 75–81 | VLAN enablement, observability stack, CCIP fleet, sovereign tenants, missing containers | Per NEXT_STEPS_MASTER and deployment phases |
--- a/docs/00-meta/OPERATOR_READY_CHECKLIST.md
+++ b/docs/00-meta/OPERATOR_READY_CHECKLIST.md
@@ -1,12 +1,14 @@
 # Operator Ready Checklist — Copy-Paste Commands
-**Last Updated:** 2026-03-04  
+**Last Updated:** 2026-03-28  
 **Purpose:** Single page with exact commands to complete every pending todo. Run from **repo root** on a host with **LAN** access (and `smom-dbis-138/.env` with `PRIVATE_KEY`, `NPM_PASSWORD` where noted).
 **Do you have all necessary creds?** See [OPERATOR_CREDENTIALS_CHECKLIST.md](OPERATOR_CREDENTIALS_CHECKLIST.md) — per-task list of LAN, PRIVATE_KEY, NPM_PASSWORD, RPC_URL_138, SSH, LINK, gas, token balance.
 **From anywhere (no LAN):** `./scripts/run-completable-tasks-from-anywhere.sh`
 **Submodule working trees (no local edits in submodules):** `bash scripts/verify/submodules-clean.sh` — see [SUBMODULE_HYGIENE.md](SUBMODULE_HYGIENE.md).
 **Ensure this machine always has Proxmox SSH access:** `./scripts/security/ensure-proxmox-ssh-access.sh` (verifies key-based SSH to .10, .11, .12; use `--copy` to install key if missing). **NPMplus from this machine (if direct 192.168.11.167:81 unreachable):** `ssh -L 8181:192.168.11.167:81 -N root@192.168.11.11` then use `http://127.0.0.1:8181` for NPMplus API.
 **If deployer needs gas on currently active public chains:** Run `./scripts/deployment/deployer-gas-auto-route.sh` (optional: `--dry-run`, `--chain 138`). See [DEPLOYER_GAS_AUTO_ROUTE_RUNBOOK.md](../03-deployment/DEPLOYER_GAS_AUTO_ROUTE_RUNBOOK.md). **Current policy:** Wemix is deferred.
@@ -15,6 +17,22 @@
 ---
 ## Completed in this session (2026-03-26)
 | Item | Result |
 |------|--------|
 | NPMplus recovery | VMID `10233` was wedged on `192.168.11.167:81` (TCP connect, no HTTP). `pct reboot 10233` on `r630-01` restored the expected `301` response on port `81`. |
 | NPMplus API updater | `NPM_URL=https://192.168.11.167:81 bash scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh` completed with **39 hosts updated, 0 failed**. |
 | Sankofa / Order / Studio routing | **Superseded 2026-03-27:** Order hostnames default to **order-haproxy** `http://192.168.11.39:80` (10210 → `.51:3000`). Through 2026-03-26 NPM pointed Order directly at portal `:3000`. `studio.sankofa.nexus` → `http://192.168.11.72:8000`. |
 | Public E2E | Latest run `bash scripts/verify/verify-end-to-end-routing.sh --profile=public` exited `0` with **Failed: 0**, **DNS passed: 37**, **HTTPS passed: 22**. Sankofa, Phoenix, Studio, The Order, DBIS, Mifos, and MIM4U public endpoints passed. Evidence: `docs/04-configuration/verification-evidence/e2e-verification-20260326_115013/`. |
 | Private E2E | Latest run `bash scripts/verify/verify-end-to-end-routing.sh --profile=private` exited `0` with **Failed: 0** and **DNS passed: 4**. `rpc-http-prv.d-bis.org`, `rpc-fireblocks.d-bis.org`, `rpc-ws-prv.d-bis.org`, and `ws.rpc-fireblocks.d-bis.org` all passed. Evidence: `docs/04-configuration/verification-evidence/e2e-verification-20260326_120939/`. |
 | NPMplus backup | Fresh backup completed: `backups/npmplus/backup-20260326_115622.tar.gz`. API exports succeeded; direct SQLite file copy and certbot path copy were partial/warn-only, but the backup manifest and compressed bundle were created successfully. |
 | Blockscout verification run | `./scripts/verify/run-contract-verification-with-proxy.sh` completed; contracts were submitted or skipped if already verified. `WETH10` returned `The address is not a smart contract`; others like `Multicall`, `Aggregator`, `Proxy`, `CCIPSender`, `CCIPWETH10Bridge`, and `CCIPWETH9Bridge` submitted successfully. |
 | Private RPC redirect fix | `rpc-http-prv.d-bis.org` no longer returns HTTP `301` on JSON-RPC POST. Live NPMplus host `11` was updated to `ssl_forced=false` while preserving upstream `192.168.11.211:8545`. |
 | NPM creds loading | For NPM-only runs, prefer targeted `grep` of `NPM_EMAIL` / `NPM_PASSWORD` if full `.env` export triggers `Argument list too long`. |
 ---
 ## 1. High: Cronos closure + reachable CCIP funding
 **Ref:** [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md)
@@ -84,6 +102,8 @@ Single contract retry: `./scripts/verify/run-contract-verification-with-proxy.sh
 **Runbook:** [502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md](502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md)
 **Current status after 2026-03-26:** no public 502s reproduced in the latest public E2E run. Use this section only if those endpoints regress.
 ---
 ## 5. LAN: Run all operator tasks (backup + verify ± deploy ± create-vms)
@@ -211,8 +231,14 @@ bash scripts/verify/backup-npmplus.sh
 **NPMplus RPC fix (405):** From LAN: `bash scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh`. Verify: `bash scripts/verify/verify-end-to-end-routing.sh`.
 **Status (2026-03-26):** main NPMplus API update completed successfully with `39 hosts updated, 0 failed`; public E2E now passes for Sankofa root, Phoenix, Studio, and The Order. Re-run only when upstream targets or proxy definitions change.
 **Latest backup evidence:** `backups/npmplus/backup-20260326_115622.tar.gz`
 **NPMplus API unreachable (167/169):** Restart Docker inside NPMplus LXC: `./scripts/maintenance/fix-npmplus-services-via-proxmox-ssh.sh` (SSH to r630-01, restarts npmplus in 10233 and 10235).
 **If port 81 accepts TCP but hangs at HTTP:** reboot CT `10233` with `pct reboot 10233` on `r630-01`, then retry the API updater.
 **E2E from LAN (no public DNS):** If E2E fails at DNS (`Could not resolve host`), use [E2E_DNS_FROM_LAN_RUNBOOK.md](../04-configuration/E2E_DNS_FROM_LAN_RUNBOOK.md): append `config/e2e-hosts-append.txt` to `/etc/hosts`, then run `E2E_USE_SYSTEM_RESOLVER=1 ./scripts/verify/verify-end-to-end-routing.sh --profile=public`. Revert with `sudo ./scripts/verify/remove-e2e-hosts-from-etc-hosts.sh`.
 **E2E profiles:** Use `--profile=public` for public endpoints (default) or `--profile=private` for private/admin RPC only. Run sequentially to avoid timestamp collision in evidence dirs. **Known E2E warnings** (502/404 and WS): [E2E_ENDPOINTS_LIST.md](../04-configuration/E2E_ENDPOINTS_LIST.md) § Known E2E warnings and Remediation. MIM4U web 502s and WS test-format warnings are **non-blocking** for contract/pool completion.
@@ -221,6 +247,25 @@ bash scripts/verify/backup-npmplus.sh
 ---
 ## 8.5 PMM mesh (6s oracle / keeper / PMM–WETH poll)
 **Ref:** `smom-dbis-138/docs/integration/ORACLE_AND_KEEPER_CHAIN138.md` (PMM mesh automation)
 ```bash
 cd smom-dbis-138
 # .env should include: PRIVATE_KEY, AGGREGATOR_ADDRESS, PRICE_FEED_KEEPER_ADDRESS (optional: KEEPER_PRIVATE_KEY if different from PRIVATE_KEY)
 ./scripts/reserve/set-price-feed-keeper-interval.sh 6   # once per keeper deployment if interval was 30s
 ./scripts/update-oracle-price.sh   # verify transmitter + gas (Besu needs explicit gas limit in script)
 ./scripts/reserve/sync-weth-mock-price.sh   # if CHAIN138_WETH_MOCK_PRICE_FEED is set (keeper WETH path)
 mkdir -p logs
 nohup ./scripts/reserve/pmm-mesh-6s-automation.sh >> logs/pmm-mesh-automation.log 2>&1 &
 # journalctl equivalent: tail -f logs/pmm-mesh-automation.log
 ```
 **systemd:** `config/systemd/chain138-pmm-mesh-automation.service.example` — copy, set `User` and absolute paths, `enable --now`.
 ---
 ## 9. Wemix token verification (Deferred)
 This is intentionally deferred with the rest of the Wemix path. If the chain is brought back into scope later, open [scan.wemix.com/tokens](https://scan.wemix.com/tokens); confirm WETH, USDT, USDC addresses. If different, update `config/token-mapping-multichain.json` and [WEMIX_TOKEN_VERIFICATION.md](../07-ccip/WEMIX_TOKEN_VERIFICATION.md). Then:
@@ -231,6 +276,21 @@ This is intentionally deferred with the rest of the Wemix path. If the chain is
 ---
 ## 10. DBIS Chain 138 — phased production path (matrix-driven)
 **Ref:** [dbis_chain_138_technical_master_plan.md](../../dbis_chain_138_technical_master_plan.md), [DBIS_NODE_ROLE_MATRIX.md](../02-architecture/DBIS_NODE_ROLE_MATRIX.md)
 | Phase | Action |
 |-------|--------|
 | 1 — Reality mapping | `bash scripts/verify/run-phase1-discovery.sh` (optional: `HYPERLEDGER_PROBE=1`). Reports: `reports/phase1-discovery/`. Runbook: [PHASE1_DISCOVERY_RUNBOOK.md](../03-deployment/PHASE1_DISCOVERY_RUNBOOK.md). |
 | 2 — Sovereignization roadmap | Read [DBIS_PHASE2_PROXMOX_SOVEREIGNIZATION_ROADMAP.md](../02-architecture/DBIS_PHASE2_PROXMOX_SOVEREIGNIZATION_ROADMAP.md); execute milestones (cluster expansion, Ceph, VLANs) as prioritized. |
 | 3 — E2E simulation | `bash scripts/verify/run-dbis-phase3-e2e-simulation.sh` (optional: `RUN_CHAIN138_RPC_HEALTH=1`). Full flow + Indy/Fabric/CCIP manual steps: [DBIS_PHASE3_E2E_PRODUCTION_SIMULATION_RUNBOOK.md](../03-deployment/DBIS_PHASE3_E2E_PRODUCTION_SIMULATION_RUNBOOK.md). |
 | Perf (Caliper) | `bash scripts/verify/print-caliper-chain138-stub.sh` — then [CALIPER_CHAIN138_PERF_HOOK.md](../03-deployment/CALIPER_CHAIN138_PERF_HOOK.md). |
 **Readiness:** Resolve critical **Entity owner** / **Region** **TBD** rows in the Node Role Matrix before claiming multi-entity production governance.
 ---
 ## References
 - [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md) — full plan (required, optional, recommended)
--- a/docs/00-meta/PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md
+++ b/docs/00-meta/PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md
@@ -1,6 +1,6 @@
 # Placeholders and What Needs to Be Completed — Master List
-**Last Updated:** 2026-02-13  
+**Last Updated:** 2026-03-27  
 **Purpose:** Single list of every placeholder and what must be completed (code, config, docs, ops).
 **Completion pass (2026-02-13):** OMNIS backend routes (POST/PUT budgets, POST documents/upload, PATCH profile) done; authController token blacklisting (in-memory + TOKEN_BLACKLIST_ENABLED); TezosRelayService Taquito skeleton + mock gated; Smart accounts .env.example + runbook; dbis_core Redis stub, Prometheus/risk comments, deal-execution tests skipped with ticket; CCIPLogger decision (omit unless monitoring); .bak listed and deprecated in BAK_FILES_DEPRECATION; deployment gaps (env table, TransactionMirror script, DEPLOYMENT_GAPS_COMPLETED); NPMplus HA and storage monitor already have ALERT_EMAIL/ALERT_WEBHOOK; deploy.sh TODO comments for migration/health; the-order legal-documents vendor integration README; root .gitignore (venv, __pycache__, .phase1).
@@ -25,8 +25,8 @@
 | Placeholder | Location | What to complete |
 |-------------|----------|------------------|
-| **the-order.sankofa.nexus** | [ALL_VMIDS_ENDPOINTS](../04-configuration/ALL_VMIDS_ENDPOINTS.md), [RPC_ENDPOINTS_MASTER](../04-configuration/RPC_ENDPOINTS_MASTER.md) | When The Order portal is deployed: add NPMplus proxy host and document IP:port in RPC_ENDPOINTS_MASTER and ALL_VMIDS_ENDPOINTS. |
+| **the-order.sankofa.nexus** | [ALL_VMIDS_ENDPOINTS](../04-configuration/ALL_VMIDS_ENDPOINTS.md), [RPC_ENDPOINTS_MASTER](../04-configuration/RPC_ENDPOINTS_MASTER.md) | **Done 2026-03-27:** NPM → 10210 `192.168.11.39:80` (HAProxy → portal :3000). Keep docs in sync if routing changes. |
-| **Sankofa cutover plan** | [SANKOFA_CUTOVER_PLAN](../04-configuration/SANKOFA_CUTOVER_PLAN.md) | Replace `<TARGET_IP>`, `<TARGET_PORT>`, and table TBDs with actual Sankofa service IPs/ports when deployed. |
+| **Sankofa cutover plan** | [SANKOFA_CUTOVER_PLAN](../04-configuration/SANKOFA_CUTOVER_PLAN.md) | **Done 2026-03-27:** v1.1 lists live backends (incl. The Order via 10210). Legacy API examples may still contain `<TARGET_*>` placeholders—substitute real values if you reuse them. |
 | **sankofa.nexus / phoenix.sankofa.nexus** | [ALL_VMIDS_ENDPOINTS](../04-configuration/ALL_VMIDS_ENDPOINTS.md), [RPC_ENDPOINTS_MASTER](../04-configuration/RPC_ENDPOINTS_MASTER.md), [DNS_NPMPLUS_VM](../04-configuration/DNS_NPMPLUS_VM_COMPREHENSIVE_ARCHITECTURE.md) | **Doc fix done:** Correct targets: sankofa → 192.168.11.51:3000 (VMID 7801), phoenix → 192.168.11.50:4000 (VMID 7800). **Operator:** Ensure NPMplus proxy hosts use these, not 192.168.11.140. Only explorer.d-bis.org → .140. |
 | **Public blocks #2–#6** | [NETWORK_ARCHITECTURE](../02-architecture/NETWORK_ARCHITECTURE.md), [NETWORK_CONFIGURATION_MASTER](../11-references/NETWORK_CONFIGURATION_MASTER.md) | Document when blocks are assigned or mark as “reserved”. |
 | **PROXMOX_HOST / PROXMOX_TOKEN_SECRET** | smom-dbis-138-proxmox/README.md | Keep as `proxmox.example.com`, `your-token-secret`; document in deployment guide. |
--- a/docs/00-meta/PROJECT_AND_SUBMODULES_REVIEW.md
+++ b/docs/00-meta/PROJECT_AND_SUBMODULES_REVIEW.md
@@ -1,5 +1,7 @@
 # Project and Submodules — Full Review
 > Historical note (2026-03-26): this review includes superseded PMM-address references from earlier validation passes. The current canonical Chain 138 PMM stack is `DODOPMMIntegration=0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d` and `DODOPMMProvider=0x5CAe6Ce155b7f08D3a956F5Dc82fC9945f29B381`.
 **Last Updated:** 2026-03-05  
 **Purpose:** Single-document review of the **proxmox** workspace and all submodules (content, roles, and relationships).
@@ -134,7 +136,7 @@
 ## 7. Canonical References (Token / Contracts)
 - **Canonical tokens (138):** cUSDT, cUSDC per [docs/11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md](../11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md) §5 and §8.
- **DODOPMMIntegration:** `0x79cdbaFBaA0FdF9F55D26F360F54cddE5c743F7D` (on-chain verified 2026-03-04).
+- **DODOPMMIntegration:** `0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d` (current canonical corrected stack).
 - **PMM pools:** cUSDT/cUSDC, cUSDT/USDT, cUSDC/USDC addresses in CONTRACT_ADDRESSES_REFERENCE and ADDRESS_MATRIX_AND_STATUS.
 - **Contract source of truth:** `config/smart-contracts-master.json`; overrides via `.env`.
--- a/docs/00-meta/RECOMMENDATIONS_OPERATOR_CHECKLIST.md
+++ b/docs/00-meta/RECOMMENDATIONS_OPERATOR_CHECKLIST.md
@@ -65,7 +65,7 @@
 | # | Action | When |
 |---|--------|------|
-| R21 | When The Order is deployed: NPMplus proxy host; document in RPC_ENDPOINTS_MASTER and ALL_VMIDS_ENDPOINTS; replace SANKOFA_CUTOVER_PLAN TBDs | Sankofa/The Order go-live |
+| R21 | **Done 2026-03:** NPMplus + ALL_VMIDS + RPC_ENDPOINTS_MASTER + SANKOFA_CUTOVER_PLAN v1.1 | Complete |
 | R22 | Document or configure blocks #2–#6 in NETWORK_ARCHITECTURE and NETWORK_CONFIGURATION_MASTER (or mark reserved); see NETWORK_PLACEHOLDERS_DECISION | When decided |
 ## Quick wins (R23)
--- a/docs/00-meta/REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md
+++ b/docs/00-meta/REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md
@@ -166,7 +166,7 @@ See **Part 2** and [GAPS_AND_RECOMMENDATIONS_CONSOLIDATED](../GAPS_AND_RECOMMEND
 | # | Recommendation | Action |
 |---|----------------|--------|
-| R21 | **Sankofa / The Order** | When The Order portal is deployed, add NPMplus proxy host and document in RPC_ENDPOINTS_MASTER and ALL_VMIDS_ENDPOINTS; replace SANKOFA_CUTOVER_PLAN TBDs with actual IPs/ports. |
+| R21 | **Sankofa / The Order** | **Done 2026-03:** NPMplus + docs (ALL_VMIDS, RPC_ENDPOINTS_MASTER, SANKOFA_CUTOVER_PLAN v1.1). HAProxy: `provision-order-haproxy-10210.sh`. |
 | R22 | **Network placeholders** | Document or configure blocks #2–#6 in NETWORK_ARCHITECTURE and NETWORK_CONFIGURATION_MASTER when assigned. |
 ### 2.9 Quick wins (code)
--- a/docs/00-meta/REMAINING_ITEMS_FULL_PARALLEL_LIST.md
+++ b/docs/00-meta/REMAINING_ITEMS_FULL_PARALLEL_LIST.md
@@ -172,4 +172,4 @@
 **Total remaining (actionable):** Wave 0: 3 · Wave 1: 44 · Wave 2: 8 · Wave 3: 2 · Ongoing: 5.
-**Last parallel run (2026-02-05):** Run log batch 11 — CI validation, config validation, security dry-runs (W1-1, W1-2), phase2 config, CCIP checklist, phase4 show-steps, config backup, shellcheck --optional, Wave 0 dry-run. See [FULL_PARALLEL_RUN_LOG.md](../archive/00-meta-pruned/FULL_PARALLEL_RUN_LOG.md) (archived).
+**Last parallel run (2026-02-05):** Batch 11 covered CI validation, `validate-config-files.sh`, security dry-runs, phase2 config, CCIP checklist, phase4 show-steps, config backup, shellcheck --optional, Wave 0 dry-run. **Current checks:** `./scripts/validation/validate-config-files.sh`, `./scripts/verify/run-all-validation.sh` (optional `--skip-genesis`), [WAVE1_COMPLETION_SUMMARY.md](WAVE1_COMPLETION_SUMMARY.md).
--- a/docs/00-meta/REMAINING_TASKS_BREAKDOWN_MISSING_INFO.md
+++ b/docs/00-meta/REMAINING_TASKS_BREAKDOWN_MISSING_INFO.md
@@ -108,13 +108,12 @@
 ---
-## 2. Sankofa cutover (missing TBDs)
+## 2. Sankofa cutover (**documented — 2026-03**)
 | | Detail |
 |---|--------|
-| **Needed** | For each Sankofa domain: target VMID, target IP, target port, service type. |
+| **Status** | Live backends in [SANKOFA_CUTOVER_PLAN.md](../04-configuration/SANKOFA_CUTOVER_PLAN.md) v1.1, [ALL_VMIDS_ENDPOINTS.md](../04-configuration/ALL_VMIDS_ENDPOINTS.md), [RPC_ENDPOINTS_MASTER.md](../04-configuration/RPC_ENDPOINTS_MASTER.md). The Order: NPM → **10210** `192.168.11.39:80` → portal **192.168.11.51:3000**. |
-| **Missing** | **the-order.sankofa.nexus:** VMID, IP, port, service type still **TBD** in [SANKOFA_CUTOVER_PLAN.md](../04-configuration/SANKOFA_CUTOVER_PLAN.md). Other four domains have values (e.g. 7801/192.168.11.51/3000 for sankofa.nexus). |
+| **Ongoing** | If IPs/VMIDs change, run `scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh` and update the master docs. |
 | **Where to get** | Deploy The Order portal; assign VMID and IP; document in SANKOFA_CUTOVER_PLAN.md table; then run cutover steps (replace proxy backends in NPMplus). |
 ---
@@ -227,8 +226,8 @@
   - Run `address-all-remaining-502s.sh --run-besu-fix --e2e` from LAN.  
   - Run Blockscout verification script.
-4. **Fill TBDs**  
+4. **Sankofa / Order**  
-   - Sankofa: set the-order.sankofa.nexus target (VMID, IP, port) in SANKOFA_CUTOVER_PLAN.md.  
+   - **Done:** targets documented; refresh NPM with `update-npmplus-proxy-hosts-api.sh` after infra changes.  
   - CCIP: collect per-chain addresses (CCIP directory) and fund deployer wallets for Gnosis/Celo/Wemix.
 5. **dbis_core**  
--- a/docs/00-meta/REMAINING_WORK_BREAKDOWN_AND_ANSWERS.md
+++ b/docs/00-meta/REMAINING_WORK_BREAKDOWN_AND_ANSWERS.md
@@ -78,11 +78,11 @@
 | Question | Answer |
 |----------|--------|
-| **What is it?** | Sankofa and The Order services deployed; DNS and NPMplus point to real IPs/ports; replace TBDs in docs. |
+| **What is it?** | Sankofa zone on production backends; NPMplus and master docs aligned (incl. The Order via **10210** HAProxy). |
-| **Prerequisites** | Sankofa and The Order deployed; IPs and ports known (e.g. sankofa 192.168.11.51:3000 VMID 7801, phoenix 192.168.11.50:4000 VMID 7800 — already in docs). |
+| **Prerequisites** | LAN + `NPM_PASSWORD` for fleet updater; portal 7801 and Phoenix 7800 healthy. |
-| **Who** | Ops when services are live. |
+| **Who** | Ops for NPM refresh after any VM/IP change. |
-| **Steps to complete** | 1. Deploy Sankofa/The Order per your deployment process. 2. In [SANKOFA_CUTOVER_PLAN](../04-configuration/SANKOFA_CUTOVER_PLAN.md): replace `<TARGET_IP>`, `<TARGET_PORT>`, table TBDs with actual IPs/ports. 3. In NPMplus: ensure proxy hosts for sankofa.nexus and phoenix.sankofa.nexus point to 192.168.11.51:3000 and 192.168.11.50:4000 (not .140). 4. When The Order portal is deployed: add NPMplus proxy for the-order.sankofa.nexus; document in [RPC_ENDPOINTS_MASTER](../04-configuration/RPC_ENDPOINTS_MASTER.md) and [ALL_VMIDS_ENDPOINTS](../04-configuration/ALL_VMIDS_ENDPOINTS.md). |
+| **Steps to complete** | **Done 2026-03:** See [SANKOFA_CUTOVER_PLAN](../04-configuration/SANKOFA_CUTOVER_PLAN.md) v1.1. Maintain with `scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh`. Bypass Order HAProxy if needed: `THE_ORDER_UPSTREAM_IP=192.168.11.51 THE_ORDER_UPSTREAM_PORT=3000`. |
-| **Where to update when done** | [PLACEHOLDERS](PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md) §2; [GAPS](../GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md) §2.1–2.2; [REMAINING](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) R21. |
+| **Where to update when done** | [PLACEHOLDERS](PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md) §2; [GAPS](../GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md) §2.1–2.2; R21 marked **done** in [REMAINING_COMPONENTS](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md). |
 ---
@@ -295,7 +295,7 @@
 | Trust official | Open PR to trustwallet/wallet-core with registry entry (coinId 10000138, chainId 138); run codegen/tests. |
 | CoinGecko/CMC | Submit chain + tokens via CoinGecko (and CMC) process; use COINGECKO_SUBMISSION_GUIDE and token docs. |
 | Consensys | Use CONSENSYS_OUTREACH_PACKAGE; contact Consensys for Swaps/Bridge support for 138. |
-| Sankofa cutover | When deployed: replace TBDs in SANKOFA_CUTOVER_PLAN; set NPMplus proxies to .51/.50; add the-order when live. |
+| Sankofa cutover | **Done:** v1.1 cutover plan + NPM; Order via .39:80 (10210). Re-run updater after changes. |
 | Blockscout verify | From LAN: `source smom-dbis-138/.env; ./scripts/verify/run-contract-verification-with-proxy.sh`. |
 | Multicall vs Oracle | Check explorer for 0x99b35...; document which contract it is in CONTRACT_ADDRESSES_REFERENCE. |
 | AlltraAdapter fee | After deploy: call `setBridgeFee(fee_wei)`; set ALLTRA_BRIDGE_FEE in .env; document in PLACEHOLDERS_AND_TBD. |
--- a/docs/00-meta/REMAINING_WORK_DETAILED_STEPS.md
+++ b/docs/00-meta/REMAINING_WORK_DETAILED_STEPS.md
@@ -38,9 +38,9 @@ These can be done from your current environment (e.g. dev machine, WSL, CI) with
 **Not doable now (need LAN, Proxmox, or creds):** W0-1, W0-2, W0-3, crontab --install, W1-1, W1-2, W1-8 (backup run), W1-19, W2-* (all deploy), W3-* (all), CT-1a, O-4 (explorer logs via SSH). Deferred/backlog (W1-3, W1-4) are “assign to backlog,” not execute now.
-**Completed (2026-02-05):** W1-11 (32 files archived to docs/archive/00-meta-status/), W1-12 (decision tree links, 04-config README, QUICK_REFERENCE_CARDS), W1-9/10/13 (NETWORK_ARCHITECTURE runbook cross-links), W1-20 (shellcheck --optional run), W1-21 (ENV_STANDARDIZATION + validate-config-files ref), W1-22–W1-24 (CoinGecko/Snap/Explorer refs in QUICK_REFERENCE_CARDS), W1-26/API keys (report + .env.example pointer), W1-14 (dbis_core: sample TS fix in cbdc-fx.service.ts; doc for prisma generate + implicit any), W1-15–W1-17 (PLACEHOLDERS canonical env note), CCIP checklist + all validation commands run.
+**Completed (2026-02-05):** W1-11 (32 files consolidated per ARCHIVE_CANDIDATES.md), W1-12 (decision tree links, 04-config README, QUICK_REFERENCE_CARDS), W1-9/10/13 (NETWORK_ARCHITECTURE runbook cross-links), W1-20 (shellcheck --optional run), W1-21 (ENV_STANDARDIZATION + validate-config-files ref), W1-22–W1-24 (CoinGecko/Snap/Explorer refs in QUICK_REFERENCE_CARDS), W1-26/API keys (report + .env.example pointer), W1-14 (dbis_core: sample TS fix in cbdc-fx.service.ts; doc for prisma generate + implicit any), W1-15–W1-17 (PLACEHOLDERS canonical env note), CCIP checklist + all validation commands run.
-**Completed (2026-02-20):** Doc consolidation continued — NEXT_STEPS_INDEX, DOCUMENTATION_CONSOLIDATION_PLAN; Batch 4+5 → 00-meta-pruned; ALL_TASKS_COMPLETE → root-status-reports; project root cleanup → archive/root-cleanup-20260220; fix-wsl-ip.sh → scripts/. Completable-from-anywhere run: config validation OK, on-chain check 45/45, run-all-validation --skip-genesis OK, reconcile-env --print. ARCHIVE_CANDIDATES "Last reviewed" set.
+**Completed (2026-02-20):** Doc consolidation continued — NEXT_STEPS_INDEX, DOCUMENTATION_CONSOLIDATION_PLAN; batches and root cleanup recorded in ARCHIVE_CANDIDATES.md; fix-wsl-ip.sh → scripts/. Completable-from-anywhere run: config validation OK, on-chain check 45/45, run-all-validation --skip-genesis OK, reconcile-env --print. ARCHIVE_CANDIDATES "Last reviewed" set.
 **Completed (plan implementation):** [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md) added; cross-links from PHASES_AND_TASKS_MASTER, TODO_TASK_LIST_MASTER, RECOMMENDATIONS_OPERATOR_CHECKLIST, REMAINING_WORK_DETAILED_STEPS, OPTIONAL_RECOMMENDATIONS_INDEX, RUNBOOKS_MASTER_INDEX, ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST, OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST, FULL_PARALLEL_EXECUTION_ORDER, NEXT_STEPS_INDEX, MASTER_INDEX. Validation: run-all-validation --skip-genesis OK; run-completable-tasks-from-anywhere.sh OK (config, on-chain 36/36, reconcile-env); phase4-sovereign-tenants.sh --show-steps and schedule-daily-weekly-cron.sh --show run.
--- a/docs/00-meta/REMAINING_WORK_DETAILED_TASKS.md
+++ b/docs/00-meta/REMAINING_WORK_DETAILED_TASKS.md
@@ -239,4 +239,4 @@ Use [WAVE2_WAVE3_OPERATOR_CHECKLIST.md](WAVE2_WAVE3_OPERATOR_CHECKLIST.md) and r
 | Wave 3 | 2 (W3-1, W3-2) |
 | Ongoing | 5 (scheduled) |
-**References:** [FULL_PARALLEL_EXECUTION_ORDER.md](FULL_PARALLEL_EXECUTION_ORDER.md) · [WAVE2_WAVE3_OPERATOR_CHECKLIST.md](WAVE2_WAVE3_OPERATOR_CHECKLIST.md) · [REMAINING_ITEMS_FULL_PARALLEL_LIST.md](REMAINING_ITEMS_FULL_PARALLEL_LIST.md) · [MISSING_CONTAINERS_LIST.md](../03-deployment/MISSING_CONTAINERS_LIST.md) · [FULL_PARALLEL_RUN_LOG.md](../archive/00-meta-pruned/FULL_PARALLEL_RUN_LOG.md) (archived)
+**References:** [FULL_PARALLEL_EXECUTION_ORDER.md](FULL_PARALLEL_EXECUTION_ORDER.md) · [WAVE2_WAVE3_OPERATOR_CHECKLIST.md](WAVE2_WAVE3_OPERATOR_CHECKLIST.md) · [REMAINING_ITEMS_FULL_PARALLEL_LIST.md](REMAINING_ITEMS_FULL_PARALLEL_LIST.md) · [MISSING_CONTAINERS_LIST.md](../03-deployment/MISSING_CONTAINERS_LIST.md)
--- a/docs/00-meta/REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md
+++ b/docs/00-meta/REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md
@@ -1,5 +1,7 @@
 # Required Fixes, Gaps, and Additional Deployments — Master List
 > Historical note (2026-03-26): this master list contains older PMM verification snapshots. The current canonical Chain 138 PMM stack is `DODOPMMIntegration=0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d` and `DODOPMMProvider=0x5CAe6Ce155b7f08D3a956F5Dc82fC9945f29B381`.
 **Last Updated:** 2026-03-04  
 **Purpose:** Single consolidated list of all required fixes, gaps, and additional deployments. Sources: REQUIRED_FIXES_AND_DEPLOYMENTS_STATUS, REMAINING_SUMMARY, TOKEN_CONTRACT_DEPLOYMENTS_REMAINING, PRE_DEPLOYMENT_CHECKLIST, RECOMMENDATIONS_AND_FIXES_BEFORE_DEPLOY, DETAILED_GAPS_AND_ISSUES_LIST, GAPS_STATUS, WHATS_LEFT_OPERATOR_AND_EXTERNAL, and token-aggregation build.
@@ -20,7 +22,7 @@ Commands run from repo root on operator/LAN host. Use as baseline; re-run when e
 | Test-all-contracts script | `test -f scripts/deployment/test-all-contracts-before-deploy.sh` | **exists** |
 | Token-aggregation build | `cd smom-dbis-138/services/token-aggregation && npm run build` | **PASSES** (fixed 2026-03-03: token-mapping, bridge route, cross-chain-bridges config, indexer types). See §1.3 for historical ref. |
 | Token-aggregation /health | `curl -s -o /dev/null -w "%{http_code}" http://192.168.11.140:3001/health` (or localhost:3001) | **200** — service running and healthy at tested endpoint. |
-| DODOPMMIntegration token addresses (2026-03-04) | `eth_call` to `compliantUSDT()` / `compliantUSDC()` at `0x79cdbaFBaA0FdF9F55D26F360F54cddE5c743F7D` | **PASSED** — returns canonical cUSDT/cUSDC; Explorer, mint script, and PMM aligned. See [EXPLORER_TOKEN_LIST_CROSSCHECK](../11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md) §8. |
+| DODOPMMIntegration token addresses (2026-03-04) | `eth_call` to `compliantUSDT()` / `compliantUSDC()` at `0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d` | **PASSED** — returns canonical cUSDT/cUSDC; Explorer, mint script, and PMM aligned. See [EXPLORER_TOKEN_LIST_CROSSCHECK](../11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md) §8. |
 **Remaining to complete (verified 2026-03-06):** Add liquidity to PMM pools once deployer has cUSDT/cUSDC (or mint); Celo/Wemix CCIP bridges; LINK relay runbook. **Done:** E2E 502s fixed 2026-03-06; operator run + Blockscout verify run 2026-03-06. **Pending:** external (Ledger, Trust, CoinGecko/CMC, on-ramps). See §4–5 and [TODOS_CONSOLIDATED](TODOS_CONSOLIDATED.md).
@@ -59,7 +61,7 @@ Commands run from repo root on operator/LAN host. Use as baseline; re-run when e
 - **Core RPC = IP:port:** In `smom-dbis-138/.env` set `RPC_URL_138=http://192.168.11.211:8545` (not FQDN). See [RPC_ENDPOINTS_MASTER](../04-configuration/RPC_ENDPOINTS_MASTER.md).
 - **Deployer gas (Chain 138):** ≥ ~0.006 ETH (recommended 1–2 ETH). Check: `./scripts/deployment/check-deployer-balance-chain138-and-funding-plan.sh`.
- **Env from smom-dbis-138/.env only:** Required: `PRIVATE_KEY`, `RPC_URL_138`. For PMM: `DODO_PMM_INTEGRATION_ADDRESS`, `DODO_PMM_PROVIDER_ADDRESS`, pool addresses. Verify: `cd smom-dbis-138 && ./scripts/deployment/check-env-required.sh`.
+- **Env from smom-dbis-138/.env only:** Required: `PRIVATE_KEY`, `RPC_URL_138`. For PMM: `DODO_PMM_INTEGRATION_ADDRESS`, `DODO_PMM_PROVIDER_ADDRESS`, pool addresses. For explorer address/runtime references, use `explorer-monorepo/config/address-inventory.json`, `explorer-monorepo/config/runtime-env.json`, and `explorer-monorepo/config/ccip-destination-matrix.json` instead of rebuilding address-heavy `.env` files. Verify: `cd smom-dbis-138 && ./scripts/deployment/check-env-required.sh`.
 - **POOL_MANAGER_ROLE:** Deployer must have this role on DODOPMMIntegration for pool creation and DODOPMMProvider registration.
 - **TRANSACTION_MIRROR_ADDRESS:** Set in `smom-dbis-138/.env` after deploy (from script output).
--- a/docs/00-meta/ROOT_DIRTY_WORK_REVIEW_2026-03-29.md
+++ b/docs/00-meta/ROOT_DIRTY_WORK_REVIEW_2026-03-29.md
@@ -0,0 +1,117 @@
 # Root Dirty Work Review — 2026-03-29
 **Purpose:** Separate unrelated root-repo dirty work from the DBIS RTGS tranche so operators can review risk and merge intent without conflating changes.
 ## Scope reviewed
 From `git status --short` in the root repo:
 - modified:
  - `docs/04-configuration/GITEA_ACT_RUNNER_SETUP.md`
  - `pnpm-lock.yaml`
  - `scripts/dev-vm/setup-act-runner.sh`
  - `scripts/lib/load-project-env.sh`
  - `smom-dbis-138` submodule pointer dirty
 - untracked:
  - `scripts/dev-vm/bootstrap-gitea-act-runner-site-wide.sh`
  - `scripts/dev-vm/install-act-runner-systemd.sh`
 ## Findings
 ### 1. Gitea act-runner lane
 **Files**
 - [GITEA_ACT_RUNNER_SETUP.md](../04-configuration/GITEA_ACT_RUNNER_SETUP.md)
 - [setup-act-runner.sh](/home/intlc/projects/proxmox/scripts/dev-vm/setup-act-runner.sh)
 - [bootstrap-gitea-act-runner-site-wide.sh](/home/intlc/projects/proxmox/scripts/dev-vm/bootstrap-gitea-act-runner-site-wide.sh)
 - [install-act-runner-systemd.sh](/home/intlc/projects/proxmox/scripts/dev-vm/install-act-runner-systemd.sh)
 **What changed**
 - docs now describe a site-wide bootstrap path
 - setup defaults now target `http://127.0.0.1:3000`
 - runner labels default to `ubuntu-latest`
 - new scripts appear intended to:
  - fetch a registration token via admin API
  - install and daemonize the runner under systemd
 **Assessment**
 - This is a coherent feature lane, not random drift.
 - It should be reviewed and committed as a dedicated `act_runner bootstrap` tranche.
 - It is unrelated to the RTGS sidecar work.
 **Risk**
 - low to medium if kept isolated
 - medium to high if accidentally bundled with RTGS or infra-truth updates
 ### 2. `scripts/lib/load-project-env.sh`
 **What changed**
 - VMID `5700` was added to the `r630-02` host mapping set.
 **Assessment**
 - This appears to be a small support fix for the act-runner / dev-vm lane.
 - It is logically related to the act-runner work above.
 - It should ship with that lane, not with unrelated RTGS work.
 **Risk**
 - low if correct
 - moderate if `5700` is mobile and the mapping is treated as permanently canonical
 ### 3. `pnpm-lock.yaml`
 **What changed**
 - substantial additions for a root importer named `smom-dbis-138`
 - many Hardhat / TypeChain / changesets and related packages
 **Assessment**
 - this is a generated artifact from a package-manager operation
 - it likely belongs to a separate `smom-dbis-138` JavaScript / Hardhat tooling lane
 - it is not tied to the RTGS docs/deployment tranche
 **Risk**
 - medium if committed without the matching `package.json` / workspace intent
 - high if it accidentally lands in the root repo without the team intending to manage `smom-dbis-138` from the root PNPM workspace
 ### 4. `smom-dbis-138` submodule dirty state
 **Observed**
 - deleted contract files:
  - `contracts/emoney/BridgeVault138.sol`
  - `contracts/emoney/ComplianceRegistry.sol`
  - `contracts/emoney/PolicyManager.sol`
  - `contracts/emoney/TokenFactory138.sol`
  - several `contracts/emoney/interfaces/*`
 - modified:
  - `package.json`
  - `package-lock.json`
 - untracked:
  - `playwright-report/`
 **Assessment**
 - this is high-risk and should be treated as a separate active refactor or deletion lane
 - the deleted contracts are core-emoney-surface files, not cosmetic churn
 - do not bundle or auto-commit this with unrelated infra/docs work
 **Risk**
 - high
 ## Recommended split
 1. **Act-runner tranche**
   - docs
   - setup script
   - bootstrap script
   - systemd install script
   - `load-project-env.sh` mapping
 2. **Root JS / lockfile tranche**
   - `pnpm-lock.yaml`
   - only if intentionally paired with a matching workspace/package change
 3. **`smom-dbis-138` contract/package tranche**
   - separate review required
   - verify whether the deletions are intentional refactor, move, or accidental loss
 ## Rule
 Until these lanes are reviewed and intentionally grouped, they should remain excluded from RTGS-sidecar, explorer, and DBIS master-plan commits.
--- a/docs/00-meta/SCRIPT_INVENTORY.md
+++ b/docs/00-meta/SCRIPT_INVENTORY.md
@@ -71,7 +71,7 @@ scripts/archive/
 ## Framework Usage
-All old scripts have been consolidated into unified frameworks. Reference (archived 2026-02-08): [archive/00-meta-pruned/FRAMEWORK_USAGE_GUIDE.md](../archive/00-meta-pruned/FRAMEWORK_USAGE_GUIDE.md), [FRAMEWORK_MIGRATION_GUIDES.md](../archive/00-meta-pruned/FRAMEWORK_MIGRATION_GUIDES.md), [MIGRATION_EXAMPLES.md](../archive/00-meta-pruned/MIGRATION_EXAMPLES.md).
+All old scripts have been consolidated into unified frameworks. **Canonical:** [scripts/README.md](../../scripts/README.md) (framework layout, entrypoints). Historical migration notes remain on disk under `docs/archive/00-meta-pruned/` for forensics only — do not link from runbooks.
 ---
--- a/docs/00-meta/SUBMODULE_HYGIENE.md
+++ b/docs/00-meta/SUBMODULE_HYGIENE.md
@@ -0,0 +1,80 @@
 # Submodule and explorer remote hygiene
 **Last Updated:** 2026-03-27  
 **Purpose:** Operational notes for the many git submodules under the proxmox parent repo: detached HEAD, remotes, pushes, and non-secret JSON env snapshots.
 ---
 ## Detached HEAD is normal
 The parent records each submodule at a **specific commit**. After `git submodule update --init --recursive`, many submodules show `HEAD (no branch)`. That is expected for **read-only** use.
 **If you develop inside a submodule:** check out a named branch first (for example `main` or `master`), commit, push that submodule’s remote, then in the **parent** repo commit the updated submodule pointer and push the parent.
 **Workflow (short):**
 1. `cd <submodule>` → `git checkout main` (or the project default)
 2. Make changes → `git commit` → `git push <remote> <branch>`
 3. `cd ..` (parent root) → `git add <submodule-path>` → `git commit` → `git push`
 ---
 ## Verify clean submodule trees
 From repo root:
 ```bash
 bash scripts/verify/submodules-clean.sh
 ```
 Stricter than `git status -sb` (fails on any porcelain output). Use after large merges or before release tagging.
 ---
 ## explorer-monorepo: Gitea primary, GitHub optional mirror
 - **Parent `.gitmodules` URL:** `https://gitea.d-bis.org/d-bis/explorer-monorepo.git` (primary clone and integration source).
 - **Primary pushes** should go to **Gitea** (`origin` or `gitea` remote → `https://gitea.d-bis.org/d-bis/explorer-monorepo.git`).
 - **GitHub** is optional as a mirror only when that repository exists and your team still needs it.
 If `git push` to a GitHub mirror returns **repository not found**, treat that as a mirror problem, not the primary integration path. Continue using **Gitea** as the source of truth until a valid GitHub mirror URL is confirmed.
 **Do not store credentials in remote URLs.** Use SSH (`git@github.com:...`) or HTTPS with a credential helper. If you see a remote whose name or URL embeds a token, remove it and re-add a clean remote:
 ```bash
 cd explorer-monorepo
 git remote -v
 # git remote remove '<bad-remote-name>'
 git remote add origin https://gitea.d-bis.org/d-bis/explorer-monorepo.git
 ```
 **Rotate** any token that was ever embedded in a saved URL.
 ---
 ## gru-docs branch
 `gru-docs` may track **`docs-review-fixes`** (not `main`) while documentation review is open. The parent submodule pointer is intentional until upstream merges to `main` and the pointer is updated.
 ---
 ## metamask-integration upstream
 This clone may show `main...gitea/main` when **Gitea** is the configured `origin` or tracking remote. Confirm with your team whether **GitHub** (see `.gitmodules`) or **Gitea** is canonical for pushes; align `branch.<name>.remote` if both exist.
 ---
 ## JSON reference files (dotenv cleanup)
 In **`smom-dbis-138/config/`** and **`explorer-monorepo/config/`**, files such as `address-inventory*.json` and `runtime-env*.json` are **non-secret reference snapshots**. They are **not** a substitute for `.env` for secrets. When on-chain or deployment addresses change, update the canonical docs (`docs/11-references/ADDRESS_MATRIX_AND_STATUS.md`, etc.) and refresh these JSON files if you rely on them for scripts.
 See each submodule’s `config/README.md` for a short in-tree note.
 ---
 ## Related
 - **[AGENTS.md](../../AGENTS.md)** — quick pointers including submodule discipline  
 - **[CONTRIBUTOR_GUIDELINES.md](CONTRIBUTOR_GUIDELINES.md)** — submodule section for contributors  
 - **[ADDRESS_MATRIX_AND_STATUS.md](../11-references/ADDRESS_MATRIX_AND_STATUS.md)** — contract address source of truth  
 - **`.cursor/rules/chain138-tokens-and-pmm.mdc`** — agent overlay; must stay aligned with the address matrix
--- a/docs/00-meta/TASK_CHECK_REPORT.md
+++ b/docs/00-meta/TASK_CHECK_REPORT.md
@@ -1,5 +1,7 @@
 # Task Check Report — Remaining Tasks Verified Before Completion
 > Historical note (2026-03-26): this report preserves an earlier PMM status snapshot. The current canonical Chain 138 PMM stack is `DODOPMMIntegration=0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d` and `DODOPMMProvider=0x5CAe6Ce155b7f08D3a956F5Dc82fC9945f29B381`.
 **Date:** 2026-03-02  
 **Purpose:** For each remaining task, verify current state before marking complete or executing. Use this report to decide what still needs to be run by Operator/LAN vs what is already satisfied.
@@ -23,7 +25,7 @@
 | Phase 0 (prereqs) | Satisfied | Preflight passed; .env and RPC OK |
 | Phase 1 (Chain 138 core) | Done | 59/59 contracts present |
 | Phase 2 (TransactionMirror + PMM pools) | Done | Mirror deployed; all three pools created (cUSDT/cUSDC, cUSDT/USDT, cUSDC/USDC) |
-| Phase 3 (Liquidity + DODOPMMProvider) | Partially done | DODOPMMProvider deployed at `0x8EF6657D2a86c569F6ffc337EE6b4260Bd2e59d0`; pools registered. **Remaining:** add liquidity (optional per doc) via `AddLiquidityPMMPoolsChain138.s.sol` or cast |
+| Phase 3 (Liquidity + DODOPMMProvider) | Partially done | DODOPMMProvider deployed at `0x5CAe6Ce155b7f08D3a956F5Dc82fC9945f29B381`; corrected canonical stack aligned. **Remaining:** add liquidity (optional per doc) via `AddLiquidityPMMPoolsChain138.s.sol` or cast |
 | Phase 4–6 | Not run | Optional / other chains; Operator |
 **Conclusion:** Phases 0–3 (required) are done except adding liquidity. Full “completion” of Phase 0–6 requires Operator for Phase 4–6 and, if desired, adding liquidity in Phase 3.
@@ -34,7 +36,7 @@
 | Item | Status | Notes |
 |------|--------|-------|
-| DODOPMMProvider deployed | Done | `0x8EF6657D2a86c569F6ffc337EE6b4260Bd2e59d0`; pools registered (2026-02-28) |
+| DODOPMMProvider deployed | Done | `0x5CAe6Ce155b7f08D3a956F5Dc82fC9945f29B381`; corrected canonical stack live (2026-03-26) |
 | Pools created | Done | 0x9fcB… (cUSDT/cUSDC), 0xa3Ee… (cUSDT/USDT), 0x90bd… (cUSDC/USDC) |
 | Add liquidity | Not run | Script: `smom-dbis-138/script/dex/AddLiquidityPMMPoolsChain138.s.sol`; runbook: [ADD_LIQUIDITY_PMM_CHAIN138_RUNBOOK.md](../03-deployment/ADD_LIQUIDITY_PMM_CHAIN138_RUNBOOK.md). Requires `ADD_LIQUIDITY_BASE_AMOUNT`, `ADD_LIQUIDITY_QUOTE_AMOUNT` in .env and deployer holding base/quote tokens |
--- a/docs/00-meta/TODOS_CONSOLIDATED.md
+++ b/docs/00-meta/TODOS_CONSOLIDATED.md
@@ -1,7 +1,7 @@
 # TODOs — Consolidated Task List
-**Last Updated:** 2026-03-24  
+**Last Updated:** 2026-03-28  
-**Last verification run:** 2026-03-06 (full + optional) — completable ✅, validate-config ✅, check-contracts 59/59 ✅, PMM pool balances ✅ (Pool 1: 2M/2M), preflight ✅, token-aggregation build ✅, deployer-gas dry-run ✅, fund-ccip dry-run ✅, test-all-contracts (unit) 457 passed ✅, E2E flow dry-run ✅, E2E routing ✅ (37 domains, 0 failed), operator script --skip-backup ✅ (NPMplus RPC fix + Blockscout verify). **Mint + add-liquidity** run 2026-03-06: 1M each minted, 500k each added; V2 done. **Next-steps check:** See [NEXT_STEPS_LIST.md](NEXT_STEPS_LIST.md) completion check; B.1/B.2/B.3 blocked (CRO/WEMIX/LINK).  
+**Last verification run:** 2026-03-28 — completable ✅ (61/61 on-chain), operator `--skip-backup` ✅ (NPMplus 40 hosts updated, Blockscout verify batch). Prior 2026-03-06 run: validate-config ✅, check-contracts, PMM pool balances ✅ (Pool 1: 2M/2M), preflight ✅, token-aggregation build ✅, E2E routing ✅ (37 domains, 0 failed). **Mint + add-liquidity** 2026-03-06: 1M each minted, 500k each added. **Next-steps check:** [NEXT_STEPS_LIST.md](NEXT_STEPS_LIST.md); B.1/B.2/B.3 partially blocked (WEMIX tabled; LINK relay runbook pending).  
 **Purpose:** Single checklist of all next steps and remaining tasks. **Indonesia / HYBX-BATCH-001 zip (4.995 ship-ready):** [HYBX-BATCH-001 — transaction package ship-ready](#hybx-batch-001--transaction-package-ship-ready-4995) below. **Full execution order (multiple routes + liquidity):** [EXECUTION_CHECKLIST_MULTIPLE_ROUTES_AND_LIQUIDITY.md](EXECUTION_CHECKLIST_MULTIPLE_ROUTES_AND_LIQUIDITY.md). **Additional paths (registry, LiFi/Jumper, Etherlink, 13×13):** [ADDITIONAL_PATHS_AND_EXTENSIONS.md](../04-configuration/ADDITIONAL_PATHS_AND_EXTENSIONS.md). **Dotenv/markdown audit (required info, gaps, recommendations):** [DOTENV_AND_MARKDOWN_AUDIT_GAPS_AND_RECOMMENDATIONS.md](DOTENV_AND_MARKDOWN_AUDIT_GAPS_AND_RECOMMENDATIONS.md). Source of truth for the full list: [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md). **Token deployments remaining:** [TOKEN_CONTRACT_DEPLOYMENTS_REMAINING.md](../11-references/TOKEN_CONTRACT_DEPLOYMENTS_REMAINING.md). **Routing / swap / cross-chain:** [TASKS_ROUTING_SWAP_CROSSCHAIN.md](TASKS_ROUTING_SWAP_CROSSCHAIN.md) (A1–A5, B1–B8, C1–C8, D1–D3, E1–E2). **Verified list (LAN/Operator):** [REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md](REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md) — run bash/curl to confirm; doc updated 2026-03-03.
 **Quick run:** From anywhere (no LAN): `./scripts/run-completable-tasks-from-anywhere.sh`. Before Chain 138 deploy: `./scripts/deployment/preflight-chain138-deploy.sh [--cost]`. **Chain 138 next steps (all in one):** `./scripts/deployment/run-all-next-steps-chain138.sh [--dry-run] [--skip-mirror] [--skip-register-gru] [--skip-verify]` — preflight → mirror+pool → register c* as GRU → verify. From LAN with secrets: `./scripts/run-all-operator-tasks-from-lan.sh [--deploy] [--create-vms]`. **E2E flows (full parallel):** `./scripts/run-e2e-flow-tasks-full-parallel.sh [--dry-run]` — [TASKS_TO_INCREASE_ALL_E2E_FLOWS](TASKS_TO_INCREASE_ALL_E2E_FLOWS.md).
--- a/docs/00-meta/TODO_TASK_LIST_MASTER.md
+++ b/docs/00-meta/TODO_TASK_LIST_MASTER.md
@@ -8,9 +8,9 @@
 **Execution mode: Full maximum parallel.** Run all remaining items in parallel by wave. See **[FULL_PARALLEL_EXECUTION_ORDER.md](FULL_PARALLEL_EXECUTION_ORDER.md)** for the ordered wave list (Wave 0 → Wave 1 → Wave 2 → Wave 3). Within each wave, execute every item concurrently; no artificial sequencing. Validation commands at bottom.
-**Status:** [FULL_PARALLEL_RUN_LOG.md](../archive/00-meta-pruned/FULL_PARALLEL_RUN_LOG.md) (archived) | [WAVE1_COMPLETION_SUMMARY.md](WAVE1_COMPLETION_SUMMARY.md) | [WAVE2_WAVE3_OPERATOR_CHECKLIST.md](WAVE2_WAVE3_OPERATOR_CHECKLIST.md) | [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md) (step-by-step; 2026-02-05 completion) | **[REMAINING_TASKS_AND_API_FEATURES.md](REMAINING_TASKS_AND_API_FEATURES.md)** (2026-02-10: consolidated remaining tasks + API features inventory). **Single plan (required/optional/recommended):** [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md).
+**Status:** `./scripts/validation/validate-config-files.sh` · `./scripts/verify/run-all-validation.sh` | [WAVE1_COMPLETION_SUMMARY.md](WAVE1_COMPLETION_SUMMARY.md) | [WAVE2_WAVE3_OPERATOR_CHECKLIST.md](WAVE2_WAVE3_OPERATOR_CHECKLIST.md) | [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md) (step-by-step; 2026-02-05 completion) | **[REMAINING_TASKS_AND_API_FEATURES.md](REMAINING_TASKS_AND_API_FEATURES.md)** (2026-02-10: consolidated remaining tasks + API features inventory). **Single plan (required/optional/recommended):** [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md).
-**2026-02-05:** Master documentation updated (MASTER_INDEX v5.8, docs/README, MASTER_PLAN, NEXT_STEPS_MASTER); "Can be accomplished now" list completed; 32 files archived to docs/archive/00-meta-status/.
+**2026-02-05:** Master documentation updated (MASTER_INDEX v5.8, docs/README, MASTER_PLAN, NEXT_STEPS_MASTER); "Can be accomplished now" list completed; 32 files consolidated per [ARCHIVE_CANDIDATES.md](ARCHIVE_CANDIDATES.md).
 **2026-02-23:** Placeholders/fixes sync: TODOS_CONSOLIDATED, NEXT_STEPS_AND_REMAINING_TODOS, NEXT_STEPS_FOR_YOU updated to reference REQUIRED_FIXES_UPDATES_GAPS §4 (canonical addresses, AlltraAdapter, smart accounts, quote FABRIC_CHAIN_ID, .bak — all Done or Documented). Remaining in-repo fixes complete; operator/LAN and deferred items unchanged.
@@ -68,7 +68,7 @@
 - [x] verify-udm-pro: internal failure → warn
 - [x] verify-all-systems: flexible patterns; bash --norc
 - [x] Re-run: `bash scripts/verify/run-full-verification.sh` (2026-02-03)
- [x] **validate-genesis.sh (smom-dbis-138):** Fixed 2026-02-05 — runs standalone; QBFT supported. See [FULL_PARALLEL_RUN_LOG.md](../archive/00-meta-pruned/FULL_PARALLEL_RUN_LOG.md) Wave 1 fifth batch.
+- [x] **validate-genesis.sh (smom-dbis-138):** Fixed 2026-02-05 — runs standalone; QBFT supported. See [WAVE1_COMPLETION_SUMMARY.md](WAVE1_COMPLETION_SUMMARY.md) (Wave 1 verification section).
 - [x] **validate-config-files.sh:** Pass (ip-addresses.conf, .env.example). Optional env warnings only.
 - [x] **E2E routing:** verify-end-to-end-routing.sh run; 25 DNS pass, 14 HTTPS pass, 6 RPC 405 until NPMplus fix from LAN.
 - [x] **502 fix flow:** When E2E 502s persist (dbis-admin, secure, dbis-api, rpc-http-prv, rpc-alltra/hybx), from LAN run `./scripts/maintenance/address-all-remaining-502s.sh` (optionally `--run-besu-fix --e2e`). Runbook: [502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md](502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md).
@@ -98,7 +98,7 @@
 | 131–134 | Orchestration portal | 4 |
 | 135–139 | Maintenance | 5 |
- [ ] **1–139** — Work through [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](../ALL_IMPROVEMENTS_AND_GAPS_INDEX.md) (parallel by cohort where no deps). Docs 68–74 index: [QUICK_REFERENCE_CARDS.md](../12-quick-reference/QUICK_REFERENCE_CARDS.md) §3.1. **CI validation:** `bash scripts/verify/run-all-validation.sh [--skip-genesis]` (dependencies + config + optional genesis). Config only: `scripts/validation/validate-config-files.sh` (set VALIDATE_REQUIRED_FILES for CI/pre-deploy). **Last full parallel run (2026-02-05):** run-all-validation, validate-config-files, security dry-runs, phase2 --config-only, CCIP checklist, phase4 --show-steps, config backup, Wave 0 --dry-run — see [FULL_PARALLEL_RUN_LOG.md](../archive/00-meta-pruned/FULL_PARALLEL_RUN_LOG.md) batch 11.
+- [ ] **1–139** — Work through [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](../ALL_IMPROVEMENTS_AND_GAPS_INDEX.md) (parallel by cohort where no deps). Docs 68–74 index: [QUICK_REFERENCE_CARDS.md](../12-quick-reference/QUICK_REFERENCE_CARDS.md) §3.1. **CI validation:** `bash scripts/verify/run-all-validation.sh [--skip-genesis]` (dependencies + config + optional genesis). Config only: `scripts/validation/validate-config-files.sh` (set VALIDATE_REQUIRED_FILES for CI/pre-deploy). **Last full parallel run (2026-02-05):** run-all-validation, validate-config-files, security dry-runs, phase2 --config-only, CCIP checklist, phase4 --show-steps, config backup, Wave 0 --dry-run — summarized in [REMAINING_ITEMS_FULL_PARALLEL_LIST.md](REMAINING_ITEMS_FULL_PARALLEL_LIST.md) and [WAVE1_COMPLETION_SUMMARY.md](WAVE1_COMPLETION_SUMMARY.md).
 ---
@@ -175,7 +175,202 @@
 ---
-## 12. Maintenance (135–139)
+## 12. DBIS RTGS / HYBX / Hyperledger E2E stack
 **Purpose:** Track everything required for a true end-to-end RTGS stack across DBIS Chain 138, HYBX sidecars, OMNL / Fineract, and the external banking / interoperability integrations we currently have access to.
 ### 12.1 Participant / treasury / GL model
 - [ ] Finalize participant model for RTGS and settlement:
  - central bank / RTGS operator
  - HYBX participant
  - Bank Kanaya and other offices / institutions
 - [ ] Finalize treasury account model:
  - settlement
  - reserve
  - nostro
  - vostro
  - liquidity / prefunding accounts
 - [ ] Finalize GL mappings and JE flows for RTGS settlement in OMNL / Fineract.
 - [ ] Freeze the canonical ID resolution flow using:
  - `scripts/omnl/resolve_ids.sh`
  - `scripts/omnl/omnl-office-create-*.sh`
  - `scripts/omnl/omnl-pvp-post-clearing-bank-kanaya.sh`
 ### 12.1A Depository / CSD layer
 - [ ] Define the depository / CSD operating model for in-scope DBIS instruments.
 - [ ] Freeze whether the depository role is on-ledger, off-ledger, or hybrid.
 - [ ] Freeze issuance, transfer, pledge, lien, and settlement-touch behavior for at least one canonical asset flow.
 - [ ] Define participant-to-asset-register and custody relationships for depository-managed assets.
 ### 12.1B Global custodian layer
 - [ ] Define the global custodian operating model and account structure.
 - [ ] Freeze safekeeping, statement, and asset-servicing obligations across correspondent and global-bank paths.
 - [ ] Define how custodian statements reconcile to OMNL and RTGS settlement state.
 ### 12.1C FX pricing / dealing engine
 - [ ] Freeze the FX pricing hierarchy, approved rate sources, and quote-locking rules.
 - [ ] Freeze the quote lifecycle from request to booking to reconciliation.
 - [ ] Define how the FX engine integrates with OMNL, treasury, and HYBX sidecars.
 ### 12.1D Liquidity pooling and aggregation engine
 - [ ] Define source prioritization, eligibility rules, allocation logic, and operator overrides.
 - [ ] Freeze how liquidity decisions are recorded and reconciled against funding and settlement events.
 - [ ] Decide when on-chain liquidity is part of the funding policy versus optional extension.
 ### 12.1E Liquidity source adapters
 - [ ] Enumerate all in-scope liquidity source families:
  - internal treasury pools
  - bank credit / liquidity lines
  - correspondent-bank sources
  - optional on-chain liquidity
 - [ ] Define one adapter contract per mandatory source class.
 - [ ] Validate at least the mandatory source adapters used by the canonical RTGS rail.
 ### 12.1F Custody / safekeeping / asset servicing flow
 - [ ] Define the canonical lifecycle for safekeeping, transfer, servicing, and statement production.
 - [ ] Freeze custody-to-depository, custody-to-settlement, and custody-to-evidence relationships.
 - [ ] Validate one end-to-end custody lifecycle with reconciliation and evidence output.
 ### 12.2 Mifos / Fineract / OMNL banking rail
 - [ ] Freeze and execute the first-slice deployment checklist:
  - `docs/03-deployment/DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md`
  - `docs/03-deployment/DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md`
 - [ ] Confirm production-grade Mifos/Fineract tenancy, credentials, API reachability, and operator runbook completeness for the current OMNL environment.
 - [ ] Complete the full operator rail using:
  - `scripts/omnl/omnl-operator-rail.sh`
  - `scripts/omnl/omnl-reconciliation-office20.sh`
  - `scripts/omnl/omnl-audit-packet-office20.sh`
 - [ ] Complete the Indonesia / HYBX evidence path:
  - `scripts/omnl/build-transaction-package-zip.sh`
  - `scripts/omnl/verify-transaction-package-commitment.py`
  - `scripts/omnl/check-transaction-package-4995-readiness.sh --strict`
 - [ ] Freeze the source-of-truth API contract from `docs/11-references/API_DOCUMENTATION.md` and the OMNL OpenAPI snapshot.
 ### 12.3 Mojaloop integration
 - [ ] Identify the exact Mojaloop deployment / switch endpoints currently available to HYBX.
 - [ ] Document the live Mojaloop API contract and auth model:
  - quote
  - transfer
  - callback / status
  - settlement window / liquidity behavior
 ### 12.4 First-slice HYBX sidecar promotion
 - [ ] Promote the selected first-slice sidecars from local build verification to real production runtime on Proxmox VE:
  - `mifos-fineract-sidecar`
  - `server-funds-sidecar`
  - `off-ledger-2-on-ledger-sidecar`
 - [ ] Freeze Proxmox runtime targets, Java baseline, secrets/env injection, and restart/logging policy.
 - [ ] Validate each selected sidecar with a stable health/readiness path and one canonical RTGS flow before calling the first slice production-ready.
 - [ ] Define the canonical mapping between Mojaloop events and:
  - Fineract postings
  - sidecar events
  - on-chain settlement events
 - [ ] Add a repo-backed Mojaloop integration runbook once endpoint details are confirmed.
 ### 12.4 HYBX sidecar integration
 - [ ] Audit and document the currently accessible HYBX sidecars:
  - `mifos-fineract-sidecar`
  - `mt103-hardcopy-sidecar`
  - `off-ledger-2-on-ledger-sidecar`
  - `securitization-engine-sidecar`
  - `card-networks-sidecar`
  - `server-funds-sidecar`
  - `securities-sidecar` (if in scope)
  - `flash-loan-xau-sidecar` (if in scope)
 - [ ] Define system boundaries and ownership for each sidecar:
  - system-of-record
  - message ingress / egress
  - retry semantics
  - auth and credential handling
 - [ ] Create a canonical end-to-end sidecar matrix linked from the RTGS runbook.
 ### 12.5 Chain 138 settlement rail
 - [ ] Freeze the canonical on-chain settlement path for RTGS:
  - DBIS / compliant settlement tokens
  - MerchantSettlementRegistry
  - WithdrawalEscrow
  - reserve / oracle dependencies where applicable
 - [ ] Define the exact mapping from off-ledger settlement events to on-chain settlement confirmations.
 - [ ] Decide when `alltra-lifi-settlement` is in the critical RTGS path versus optional cross-chain / liquidity extension.
 - [ ] Produce a repo-backed RTGS settlement sequence diagram spanning Fineract ↔ sidecars ↔ Chain 138.
 ### 12.6 Workflow and orchestration
 - [ ] Keep FireFly `6200` as the active primary workflow layer and preserve its config/image path.
 - [ ] Decide whether to rebuild `6201` as a real secondary FireFly node for HA or leave it permanently retired.
 - [ ] Define the event catalog and correlation model across:
  - Fineract
  - Mojaloop
  - HYBX sidecars
  - FireFly
  - Chain 138
  - regulatory package generation
 - [ ] Add compensating-action / retry design for cross-system failures.
 ### 12.7 Additional Hyperledger layers needed
 - [ ] Decide whether **Hyperledger Aries** is required as an actual deployed identity / agent layer for DBIS RTGS.
 - [ ] If Aries is in scope, define:
  - agent placement
  - wallet / DID model
  - protocol flows
  - relationship to Indy and credential verification
 - [ ] Decide whether **Hyperledger AnonCreds** is required as part of the verifiable credential stack.
 - [ ] If AnonCreds is in scope, define the issuer / holder / verifier model and where credential registries live.
 - [ ] Decide whether **Hyperledger Ursa** is required as an explicit cryptographic dependency versus an indirect library/runtime concern.
 - [ ] If Ursa is in scope, document where it is used in the identity / VC pipeline and what operational control it requires.
 - [ ] Decide whether **Hyperledger Cacti** is actually needed in the RTGS interoperability path or remains optional / future-state.
 - [ ] Keep **Hyperledger Caliper** in the program for RTGS performance validation and benchmark the final path when the stack is complete.
 ### 12.8 Fabric / Indy runtime decision
 - [ ] If Fabric is required for the RTGS target architecture, deploy real workloads onto `6000-6002` and validate peer / orderer health.
 - [ ] If Fabric is not required now, keep `6000-6002` classified as reserved placeholders and remove them from any “active stack” claims.
 - [ ] If Indy is required for the RTGS target architecture, deploy real workloads onto `6400-6402` and validate validator / listener health.
 - [ ] If Indy is not required now, keep `6400-6402` classified as reserved placeholders and remove them from any “active stack” claims.
 ### 12.9 Regulatory / audit / ISO package
 - [ ] Finalize the institutional attestation and evidentiary package path for HYBX submissions.
 - [ ] Finalize ISO 20022 vault manifest generation and hash anchoring policy.
 - [ ] Finalize AML / sanctions / legal-finality memo workflow for production submissions.
 - [ ] Ensure the RTGS path has a reproducible audit packet per settlement batch.
 ### 12.10 Production gate
 - [x] Canonical RTGS production checklist created and now maintained in [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](../03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md) with columns:
  - component
  - current state
  - required integration
  - remaining task
  - owner
  - production gate
 - [x] Initial HYBX sidecar boundary matrix created: [DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md](../03-deployment/DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md)
 - [x] Initial Mojaloop status artifact created: [DBIS_MOJALOOP_INTEGRATION_STATUS.md](../03-deployment/DBIS_MOJALOOP_INTEGRATION_STATUS.md)
 - [x] Initial identity-stack decision artifact created: [DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md](../03-deployment/DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md)
 - [ ] Add a single “full RTGS E2E” production gate that only turns green when:
  - Fineract / OMNL is complete
  - HYBX sidecars are integrated
  - Mojaloop integration is real and validated
  - Chain 138 settlement path is validated
  - required Hyperledger identity/workflow layers are deployed
  - regulatory package generation passes
 ---
 ## 13. Maintenance (135–139)
 - [x] **Runbook and script:** [OPERATIONAL_RUNBOOKS.md](../03-deployment/OPERATIONAL_RUNBOOKS.md) § Maintenance; `scripts/maintenance/daily-weekly-checks.sh [daily|weekly|all]` for 135–137. Schedule via cron (e.g. daily 08:00).
 - [x] **Script tested:** daily-weekly-checks.sh daily (explorer SKIP off-LAN, RPC OK).
--- a/docs/00-meta/UNBLOCK_MAINNET_RPC_403.md
+++ b/docs/00-meta/UNBLOCK_MAINNET_RPC_403.md
@@ -41,4 +41,4 @@ Examples (no API key or key without private-key restriction):
 ---
-**Refs:** [OPTIONAL_DEPLOYMENTS_START_HERE](../07-ccip/OPTIONAL_DEPLOYMENTS_START_HERE.md) §2C | [COMPLETION_STATUS_20260215](../archive/00-meta-pruned/COMPLETION_STATUS_20260215.md)
+**Refs:** [OPTIONAL_DEPLOYMENTS_START_HERE](../07-ccip/OPTIONAL_DEPLOYMENTS_START_HERE.md) §2C | [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md)
--- a/docs/00-meta/WAVE1_COMPLETION_SUMMARY.md
+++ b/docs/00-meta/WAVE1_COMPLETION_SUMMARY.md
@@ -1,7 +1,7 @@
 # Wave 1 — Completion Summary
 **Last Updated:** 2026-02-05  
-**Purpose:** Status of every Wave 1 task from the full parallel run. Used with [FULL_PARALLEL_EXECUTION_ORDER.md](FULL_PARALLEL_EXECUTION_ORDER.md) and [FULL_PARALLEL_RUN_LOG.md](../archive/00-meta-pruned/FULL_PARALLEL_RUN_LOG.md) (archived).
+**Purpose:** Status of every Wave 1 task from the full parallel run. Used with [FULL_PARALLEL_EXECUTION_ORDER.md](FULL_PARALLEL_EXECUTION_ORDER.md) and [REMAINING_ITEMS_FULL_PARALLEL_LIST.md](REMAINING_ITEMS_FULL_PARALLEL_LIST.md) (2026-02-05 batch summary).
 **Legend:** ✅ Done (this run or prior) | ⏳ Operator (SSH/creds/LAN) | 📄 Documented (config/design exists; no code change) | ➖ Deferred
--- a/docs/00-meta/WAVE2_WAVE3_OPERATOR_CHECKLIST.md
+++ b/docs/00-meta/WAVE2_WAVE3_OPERATOR_CHECKLIST.md
@@ -60,5 +60,5 @@
 ## References
 - [FULL_PARALLEL_EXECUTION_ORDER.md](FULL_PARALLEL_EXECUTION_ORDER.md) — Full wave definitions
- [FULL_PARALLEL_RUN_LOG.md](../archive/00-meta-pruned/FULL_PARALLEL_RUN_LOG.md) (archived) — What was run and results
+- `./scripts/validation/validate-config-files.sh` · `./scripts/verify/run-all-validation.sh` — current validation; [WAVE1_COMPLETION_SUMMARY.md](WAVE1_COMPLETION_SUMMARY.md) — Wave 1 outcomes
 - [OPERATIONAL_RUNBOOKS.md](../03-deployment/OPERATIONAL_RUNBOOKS.md) — Procedures and maintenance
--- a/docs/00-meta/WHATS_LEFT_OPERATOR_AND_EXTERNAL.md
+++ b/docs/00-meta/WHATS_LEFT_OPERATOR_AND_EXTERNAL.md
@@ -1,5 +1,7 @@
 # What’s Left — Operator and External Only
 > Historical note (2026-03-26): this status snapshot includes superseded PMM-address references from the earlier three-pool stack. The current canonical Chain 138 PMM stack is `DODOPMMIntegration=0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d` and `DODOPMMProvider=0x5CAe6Ce155b7f08D3a956F5Dc82fC9945f29B381`.
 **Last Updated:** 2026-02-27  
 **Purpose:** After completing in-repo and on-chain tasks (preflight, PMM pools, DODOPMMProvider, operator script NPMplus/backup/verify, Wemix re-check), these items require **operator (LAN/Proxmox/credentials)** or **you (third-party)**. **Short summary:** [REMAINING_SUMMARY.md](REMAINING_SUMMARY.md).
@@ -9,7 +11,7 @@
 - **Preflight:** Passed (RPC Core, dotenv, nonce consistent).
 - **PMM pools:** All three created (cUSDT/cUSDC, cUSDT/USDT, cUSDC/USDC) and addresses documented.
- **DODOPMMProvider:** Deployed at `0x8EF6657D2a86c569F6ffc337EE6b4260Bd2e59d0`; all three pools registered via `RegisterDODOPools.s.sol`.
+- **DODOPMMProvider:** Deployed at `0x5CAe6Ce155b7f08D3a956F5Dc82fC9945f29B381`; corrected canonical stack aligned via desired-state sync.
 - **Operator script:** NPMplus RPC fix + backup + Blockscout verify run (see `run-all-operator-tasks-from-lan.sh`).
 - **Wemix:** Re-fetched scan.wemix.com/tokens; WWEMIX confirmed; doc updated.
 - **Docs:** PRE_DEPLOYMENT_CHECKLIST, LIQUIDITY_POOLS_MASTER_MAP updated with new pool and provider addresses.
--- a/docs/01-getting-started/CHAIN138_QUICK_START.md
+++ b/docs/01-getting-started/CHAIN138_QUICK_START.md
@@ -152,8 +152,8 @@ pct exec <VMID> -- chmod 644 /var/lib/besu/permissions/permissioned-nodes.json
 ## 📖 Full Documentation
- **Complete Guide:** [CHAIN138_BESU_CONFIGURATION.md](../06-besu/CHAIN138_BESU_CONFIGURATION.md)
+- **Complete guide:** [CHAIN138_BESU_CONFIGURATION.md](../06-besu/CHAIN138_BESU_CONFIGURATION.md)
- **Summary:** [CHAIN138_CONFIGURATION_SUMMARY.md](../archive/configuration/CHAIN138_CONFIGURATION_SUMMARY.md)
+- **Wallet / env validation:** [CHAIN138_WALLET_CONFIG_VALIDATION.md](../04-configuration/CHAIN138_WALLET_CONFIG_VALIDATION.md)
 ---
--- a/docs/02-architecture/AI_AGENTS_57XX_MCP_CONTRACTS_AND_CHAINS.md
+++ b/docs/02-architecture/AI_AGENTS_57XX_MCP_CONTRACTS_AND_CHAINS.md
@@ -22,7 +22,7 @@ The MCP supports one chain at a time via `CHAIN` and `RPC_URL`. To support multi
 | Item | Status | Notes |
 |------|--------|--------|
-| **DODOPMMIntegration** | Deployed | `0x79cdbaFBaA0FdF9F55D26F360F54cddE5c743F7D` — creates and owns PMM pools |
+| **DODOPMMIntegration** | Deployed | `0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d` — canonical corrected integration for Chain 138 PMM pools |
 | **Pools** | Created via integration | Call `createPool` / `createCUSDTCUSDCPool` etc.; pool addresses from creation or `pools(base, quote)` |
 | **Base tokens (cUSDT, cUSDC, …)** | Deployed (core) | e.g. cUSDT `0x93E66202A11B1772E55407B32B44e5Cd8eda7f22`, cUSDC `0xf22258f57794CC8E06237084b353Ab30fFfa640b` (see [CHAIN138_TOKEN_ADDRESSES](../11-references/CHAIN138_TOKEN_ADDRESSES.md)) |
 | **Quote tokens (USDT, USDC)** | On-chain | Use addresses from Chain 138 config / token API |
--- a/docs/02-architecture/ARCHITECTURAL_INTENT.md
+++ b/docs/02-architecture/ARCHITECTURAL_INTENT.md
@@ -1,7 +1,7 @@
 # Architectural Intent — Sankofa Phoenix
-**Last Updated:** 2026-01-31  
+**Last Updated:** 2026-03-25  
-**Document Version:** 1.0  
+**Document Version:** 1.1  
 **Status:** Active Documentation
 ---
@@ -43,6 +43,8 @@ This document describes **intended architectural roles and boundaries** for Sank
 - Future: May evolve to include public UI, delegated access, or other interfaces
 - No permanent restriction on access patterns
 **Public sector baseline:** Tenancy, **service catalog vs public marketing** (NON_GOALS §9), SMOA / Complete Credential repo registry: [PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md](PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md), [../../config/public-sector-program-manifest.json](../../config/public-sector-program-manifest.json).
 ---
 ### 2. Sankofa Brand & Access Layer
@@ -177,10 +179,12 @@ These are **possible futures**, not commitments:
 ### Possible Future Evolutions
-1. **Public Marketing Split**
+1. **Sankofa / Phoenix hostname split (canonical intent)**
-   - `www.sankofa.nexus` → Public marketing
+   - `sankofa.nexus` → public **Sovereign Technologies** web
-   - `portal.sankofa.nexus` → Authenticated portal
+   - `phoenix.sankofa.nexus` → public **Phoenix Cloud Services** division web
-   - Or maintain unified model
+   - `portal.sankofa.nexus` / `admin.sankofa.nexus` → **client SSO** (Keycloak IdP at `keycloak.sankofa.nexus`)
   - `dash.sankofa.nexus` → **IP-gated** systems admin + **MFA**
   - Detail: [EXPECTED_WEB_CONTENT.md](EXPECTED_WEB_CONTENT.md)
 2. **Phoenix UI Evolution**
   - May develop delegated UI interfaces
--- a/docs/02-architecture/BRAND_RELATIONSHIP.md
+++ b/docs/02-architecture/BRAND_RELATIONSHIP.md
@@ -129,6 +129,8 @@ Backend Services:
 **Sankofa Phoenix** is a sovereign cloud platform that combines corporate identity (Sankofa) with cloud infrastructure capabilities (Phoenix), providing a complete alternative to major cloud providers while maintaining sovereign identity and independence.
 **Regulatory / tenancy baseline (public sector, catalog wording, external repos):** [PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md](PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md)
 ---
-**Last Updated:** 2026-01-20
+**Last Updated:** 2026-03-25
--- a/docs/02-architecture/COMPREHENSIVE_INFRASTRUCTURE_REVIEW.md
+++ b/docs/02-architecture/COMPREHENSIVE_INFRASTRUCTURE_REVIEW.md
@@ -205,7 +205,7 @@ This document provides a comprehensive review of:
 |------|------|----|----|---------|-------|
 | 10100 | dbis-postgres-primary | 192.168.11.100 | ✅ Running | PostgreSQL Primary | Located on ml110 (192.168.11.10) |
 | 10101 | dbis-postgres-replica-1 | 192.168.11.101 | ✅ Running | PostgreSQL Replica | Located on ml110 (192.168.11.10) |
-| 10120 | dbis-redis | 192.168.11.120 | ✅ Running | Redis Cache | Located on ml110 (192.168.11.10) |
+| 10120 | dbis-redis | 192.168.11.125 | ✅ Running | Redis Cache | r630-01 (see ALL_VMIDS_ENDPOINTS) |
 | 10130 | dbis-frontend | 192.168.11.130 | ✅ Running | Frontend Admin | Located on ml110 (192.168.11.10) |
 | 10150 | dbis-api-primary | 192.168.11.150 | ✅ Running | API Primary | Located on ml110 (192.168.11.10) |
 | 10151 | dbis-api-secondary | 192.168.11.151 | ✅ Running | API Secondary | Located on ml110 (192.168.11.10) |
--- a/docs/02-architecture/DBIS_NODE_ROLE_MATRIX.md
+++ b/docs/02-architecture/DBIS_NODE_ROLE_MATRIX.md
@@ -0,0 +1,169 @@
 # DBIS Node Role Matrix
 **Last updated:** 2026-03-29 (UTC) — regenerate machine-derived rows: `bash scripts/docs/generate-dbis-node-role-matrix-md.sh`  
 **Status:** Active — infrastructure constitution for DBIS Chain 138 and colocated workloads.
 ## Purpose
 This matrix assigns **node type**, **preferred host placement**, **validator/signing role** (for Besu), and **security tier** per workload. It implements the entity-placement model in [dbis_chain_138_technical_master_plan.md](../../dbis_chain_138_technical_master_plan.md) (Sections 6–7) in a form operators can maintain.
 **Canonical pairs (keep in sync):**
 - Human detail and status: [ALL_VMIDS_ENDPOINTS.md](../04-configuration/ALL_VMIDS_ENDPOINTS.md)
 - Machine-readable services: [config/proxmox-operational-template.json](../../config/proxmox-operational-template.json)
 When you change VMID, IP, hostname, or placement, update **ALL_VMIDS** and **operational-template.json** first, then regenerate the table below with this script (or edit the static sections manually).
 ## Columns
 | Column | Meaning |
 |--------|---------|
 | **Entity owner** | DBIS Core, Central Bank, IFI, Regional Operator, etc. — use **TBD** until governance assigns. |
 | **Region** | Geographic or site label — **TBD** until multi-site is formalized. |
 | **IP note** | Flags duplicate IPv4 entries in the planning template. A duplicate means **shared or historical mapping**, not concurrent ownership — verify live owner in ALL_VMIDS or on-cluster. |
 | **Runtime state** | Current disposition from the planning template, e.g. active, placeholder CT only, or retired standby. |
 | **Preferred host** | Preferred Proxmox node (`r630-01`, `r630-02`, `ml110`, `any`). This is a planning target, not an assertion of current placement. |
 | **Validator / signing** | For Chain 138 Besu: QBFT signer, sentry (no signer), RPC-only, or N/A. |
 | **Security tier** | High-level zone: validator-tier, DMZ/RPC, edge ingress, identity/DLT, application, etc. |
 ## Proxmox hypervisor nodes
 | Hostname | MGMT IP | Cluster | Role (summary) |
 |----------|---------|---------|------------------|
 | ml110 | 192.168.11.10 | h — verify | legacy_cluster_member_or_wan_aggregator |
 | r630-01 | 192.168.11.11 | h | primary_compute_chain138_rpc_ccip_relay_sankofa |
 | r630-02 | 192.168.11.12 | h | firefly_npmplus_secondary_mim4u_mifos_support |
 ## Workloads (from operational template)
 Machine-derived rows below come from `services[]` in `config/proxmox-operational-template.json`. Duplicate IPv4 notes are warnings that the planning template still contains alternative or legacy ownership for the same address; they must not be read as concurrent live allocations.
 | VMID | Hostname | IPv4 | IP note | Node type | Runtime state | Entity owner | Region | Preferred host | Validator / signing | Security tier |
 |------|----------|------|---------|-----------|---------------|--------------|--------|----------------|---------------------|---------------|
 | — | order-redis-primary | 192.168.11.38 | unique in template | The Order service | unspecified | TBD | TBD | r630-01 | N/A | application |
 | 100 | proxmox-mail-gateway | 192.168.11.32 | unique in template | Infra LXC | unspecified | TBD | TBD | r630-02 | N/A | management / secrets |
 | 101 | proxmox-datacenter-manager | 192.168.11.33 | unique in template | Infra LXC | unspecified | TBD | TBD | r630-02 | N/A | management / secrets |
 | 102 | cloudflared | 192.168.11.34 | unique in template | Cloudflare tunnel | unspecified | TBD | TBD | r630-01 | N/A | edge ingress |
 | 103 | omada | 192.168.11.30 | unique in template | Infra LXC | unspecified | TBD | TBD | r630-02 | N/A | management / secrets |
 | 104 | gitea | 192.168.11.31 | unique in template | Infra LXC | unspecified | TBD | TBD | r630-02 | N/A | management / secrets |
 | 105 | nginxproxymanager | 192.168.11.26 | unique in template | Legacy NPM | unspecified | TBD | TBD | r630-02 | N/A | standard internal |
 | 130 | monitoring-1 | 192.168.11.27 | unique in template | Monitoring | unspecified | TBD | TBD | r630-02 | N/A | standard internal |
 | 1000 | besu-validator-1 | 192.168.11.100 | unique in template | Besu validator | unspecified | TBD | TBD | r630-01 | QBFT signer | validator-tier |
 | 1001 | besu-validator-2 | 192.168.11.101 | unique in template | Besu validator | unspecified | TBD | TBD | r630-01 | QBFT signer | validator-tier |
 | 1002 | besu-validator-3 | 192.168.11.102 | unique in template | Besu validator | unspecified | TBD | TBD | r630-01 | QBFT signer | validator-tier |
 | 1003 | besu-validator-4 | 192.168.11.103 | unique in template | Besu validator | unspecified | TBD | TBD | r630-01 | QBFT signer | validator-tier |
 | 1004 | besu-validator-5 | 192.168.11.104 | unique in template | Besu validator | unspecified | TBD | TBD | r630-01 | QBFT signer | validator-tier |
 | 1500 | besu-sentry-1 | 192.168.11.150 | unique in template | Besu sentry | unspecified | TBD | TBD | r630-01 | Sentry (no signer) | validator-tier |
 | 1501 | besu-sentry-2 | 192.168.11.151 | unique in template | Besu sentry | unspecified | TBD | TBD | r630-01 | Sentry (no signer) | validator-tier |
 | 1502 | besu-sentry-3 | 192.168.11.152 | unique in template | Besu sentry | unspecified | TBD | TBD | r630-01 | Sentry (no signer) | validator-tier |
 | 1503 | besu-sentry-4 | 192.168.11.153 | unique in template | Besu sentry | unspecified | TBD | TBD | r630-01 | Sentry (no signer) | validator-tier |
 | 1504 | besu-sentry-ali | 192.168.11.154 | unique in template | Besu sentry | unspecified | TBD | TBD | r630-01 | Sentry (no signer) | validator-tier |
 | 1505 | besu-sentry-alltra-1 | 192.168.11.213 | unique in template | Besu sentry | unspecified | TBD | TBD | r630-01 | Sentry (no signer) | validator-tier |
 | 1506 | besu-sentry-alltra-2 | 192.168.11.214 | unique in template | Besu sentry | unspecified | TBD | TBD | r630-01 | Sentry (no signer) | validator-tier |
 | 1507 | besu-sentry-hybx-1 | 192.168.11.244 | unique in template | Besu sentry | unspecified | TBD | TBD | ml110 | Sentry (no signer) | validator-tier |
 | 1508 | besu-sentry-hybx-2 | 192.168.11.245 | unique in template | Besu sentry | unspecified | TBD | TBD | ml110 | Sentry (no signer) | validator-tier |
 | 2101 | besu-rpc-core-1 | 192.168.11.211 | unique in template | Besu RPC (rpc_core) | unspecified | TBD | TBD | r630-01 | RPC only | DMZ / RPC exposure |
 | 2102 | besu-rpc-core-2 | 192.168.11.212 | unique in template | Besu RPC (rpc_core) | unspecified | TBD | TBD | r630-01 | RPC only | DMZ / RPC exposure |
 | 2103 | besu-rpc-core-thirdweb | 192.168.11.217 | unique in template | Besu RPC (rpc_core) | unspecified | TBD | TBD | r630-01 | RPC only | DMZ / RPC exposure |
 | 2201 | besu-rpc-public-1 | 192.168.11.221 | unique in template | Besu RPC (rpc_public) | unspecified | TBD | TBD | r630-01 | RPC only | DMZ / RPC exposure |
 | 2301 | besu-rpc-private-1 | 192.168.11.232 | unique in template | Besu RPC (rpc_private) | unspecified | TBD | TBD | r630-01 | RPC only | DMZ / RPC exposure |
 | 2303 | besu-rpc-ali-0x8a | 192.168.11.233 | unique in template | Besu RPC (rpc_named) | unspecified | TBD | TBD | r630-01 | RPC only | DMZ / RPC exposure |
 | 2304 | besu-rpc-ali-0x1 | 192.168.11.234 | unique in template | Besu RPC (rpc_named) | unspecified | TBD | TBD | r630-01 | RPC only | DMZ / RPC exposure |
 | 2305 | besu-rpc-luis-0x8a | 192.168.11.235 | unique in template | Besu RPC (rpc_named) | unspecified | TBD | TBD | r630-01 | RPC only | DMZ / RPC exposure |
 | 2306 | besu-rpc-luis-0x1 | 192.168.11.236 | unique in template | Besu RPC (rpc_named) | unspecified | TBD | TBD | r630-01 | RPC only | DMZ / RPC exposure |
 | 2307 | besu-rpc-putu-0x8a | 192.168.11.237 | unique in template | Besu RPC (rpc_named) | unspecified | TBD | TBD | r630-01 | RPC only | DMZ / RPC exposure |
 | 2308 | besu-rpc-putu-0x1 | 192.168.11.238 | unique in template | Besu RPC (rpc_named) | unspecified | TBD | TBD | r630-01 | RPC only | DMZ / RPC exposure |
 | 2400 | thirdweb-rpc-1 | 192.168.11.240 | unique in template | Besu RPC (rpc_thirdweb) | unspecified | TBD | TBD | r630-01 | RPC only | DMZ / RPC exposure |
 | 2401 | besu-rpc-thirdweb-0x8a-1 | 192.168.11.241 | unique in template | Besu RPC (rpc_thirdweb) | unspecified | TBD | TBD | r630-01 | RPC only | DMZ / RPC exposure |
 | 2402 | besu-rpc-thirdweb-0x8a-2 | 192.168.11.242 | unique in template | Besu RPC (rpc_thirdweb) | unspecified | TBD | TBD | r630-01 | RPC only | DMZ / RPC exposure |
 | 2403 | besu-rpc-thirdweb-0x8a-3 | 192.168.11.243 | unique in template | Besu RPC (rpc_thirdweb) | unspecified | TBD | TBD | r630-01 | RPC only | DMZ / RPC exposure |
 | 2500 | besu-rpc-alltra-1 | 192.168.11.172 | unique in template | Besu RPC (rpc_alltra_hybx) | unspecified | TBD | TBD | r630-01 | RPC only | DMZ / RPC exposure |
 | 2501 | besu-rpc-alltra-2 | 192.168.11.173 | unique in template | Besu RPC (rpc_alltra_hybx) | unspecified | TBD | TBD | r630-01 | RPC only | DMZ / RPC exposure |
 | 2502 | besu-rpc-alltra-3 | 192.168.11.174 | unique in template | Besu RPC (rpc_alltra_hybx) | unspecified | TBD | TBD | r630-01 | RPC only | DMZ / RPC exposure |
 | 2503 | besu-rpc-hybx-1 | 192.168.11.246 | unique in template | Besu RPC (rpc_alltra_hybx) | unspecified | TBD | TBD | r630-01 | RPC only | DMZ / RPC exposure |
 | 2504 | besu-rpc-hybx-2 | 192.168.11.247 | unique in template | Besu RPC (rpc_alltra_hybx) | unspecified | TBD | TBD | r630-01 | RPC only | DMZ / RPC exposure |
 | 2505 | besu-rpc-hybx-3 | 192.168.11.248 | unique in template | Besu RPC (rpc_alltra_hybx) | unspecified | TBD | TBD | r630-01 | RPC only | DMZ / RPC exposure |
 | 3000 | ml-node-1 | 192.168.11.60 | unique in template | ML node | unspecified | TBD | TBD | ml110 | N/A | standard internal |
 | 3001 | ml-node-2 | 192.168.11.61 | unique in template | ML node | unspecified | TBD | TBD | ml110 | N/A | standard internal |
 | 3002 | ml-node-3 | 192.168.11.62 | unique in template | ML node | unspecified | TBD | TBD | ml110 | N/A | standard internal |
 | 3003 | ml-node-4 | 192.168.11.63 | unique in template | ML node | unspecified | TBD | TBD | ml110 | N/A | standard internal |
 | 3500 | oracle-publisher-1 | 192.168.11.29 | unique in template | Oracle publisher | unspecified | TBD | TBD | r630-02 | N/A | standard internal |
 | 3501 | ccip-monitor-1 | 192.168.11.28 | unique in template | CCIP monitor | unspecified | TBD | TBD | r630-02 | N/A | standard internal |
 | 5000 | blockscout-1 | 192.168.11.140 | unique in template | Blockscout | unspecified | TBD | TBD | r630-01 | N/A | standard internal |
 | 5010 | tsunamiswap | 192.168.11.91 | unique in template | DeFi | unspecified | TBD | TBD | r630-01 | N/A | standard internal |
 | 5200 | cacti-1 | 192.168.11.80 | unique in template | Cacti | unspecified | TBD | TBD | r630-02 | N/A | standard internal |
 | 5201 | cacti-alltra-1 | 192.168.11.177 | unique in template | Cacti | unspecified | TBD | TBD | r630-02 | N/A | standard internal |
 | 5202 | cacti-hybx-1 | 192.168.11.251 | unique in template | Cacti | unspecified | TBD | TBD | r630-02 | N/A | standard internal |
 | 5700 | dev-vm-gitops | 192.168.11.59 | unique in template | Dev | unspecified | TBD | TBD | any | N/A | standard internal |
 | 5702 | ai-inf-1 | 192.168.11.82 | unique in template | AI infra | unspecified | TBD | TBD | r630-01 | N/A | standard internal |
 | 5705 | ai-inf-2 | 192.168.11.86 | unique in template | AI infra | unspecified | TBD | TBD | r630-01 | N/A | standard internal |
 | 5800 | mifos-fineract | 192.168.11.85 | unique in template | Mifos | unspecified | TBD | TBD | r630-02 | N/A | standard internal |
 | 5801 | dapp-smom | 192.168.11.58 | unique in template | DApp | unspecified | TBD | TBD | r630-02 | N/A | standard internal |
 | 6000 | fabric-1 | 192.168.11.65 | unique in template | Fabric | reserved_placeholder_stopped | TBD | TBD | r630-02 | N/A | identity / workflow DLT |
 | 6001 | fabric-alltra-1 | 192.168.11.178 | unique in template | Fabric | reserved_placeholder_stopped | TBD | TBD | r630-02 | N/A | identity / workflow DLT |
 | 6002 | fabric-hybx-1 | 192.168.11.252 | unique in template | Fabric | reserved_placeholder_stopped | TBD | TBD | r630-02 | N/A | identity / workflow DLT |
 | 6200 | firefly-1 | 192.168.11.35 | shared / non-concurrent mapping — verify live owner | FireFly | active_minimal_gateway | TBD | TBD | r630-02 | N/A | identity / workflow DLT |
 | 6201 | firefly-ali-1 | 192.168.11.57 | unique in template | FireFly | retired_standby_until_rebuilt | TBD | TBD | r630-02 | N/A | identity / workflow DLT |
 | 6400 | indy-1 | 192.168.11.64 | unique in template | Indy | reserved_placeholder_stopped | TBD | TBD | r630-02 | N/A | identity / workflow DLT |
 | 6401 | indy-alltra-1 | 192.168.11.179 | unique in template | Indy | reserved_placeholder_stopped | TBD | TBD | r630-02 | N/A | identity / workflow DLT |
 | 6402 | indy-hybx-1 | 192.168.11.253 | unique in template | Indy | reserved_placeholder_stopped | TBD | TBD | r630-02 | N/A | identity / workflow DLT |
 | 7800 | sankofa-api-1 | 192.168.11.50 | unique in template | Sankofa / Phoenix | unspecified | TBD | TBD | r630-01 | N/A | application |
 | 7801 | sankofa-portal-1 | 192.168.11.51 | unique in template | Sankofa / Phoenix | unspecified | TBD | TBD | r630-01 | N/A | application |
 | 7802 | sankofa-keycloak-1 | 192.168.11.52 | unique in template | Sankofa / Phoenix | unspecified | TBD | TBD | r630-01 | N/A | application |
 | 7803 | sankofa-postgres-1 | 192.168.11.53 | unique in template | Sankofa / Phoenix | unspecified | TBD | TBD | r630-01 | N/A | application |
 | 7804 | gov-portals-dev | 192.168.11.54 | unique in template | Sankofa / Phoenix | unspecified | TBD | TBD | r630-01 | N/A | application |
 | 7805 | sankofa-studio | 192.168.11.72 | unique in template | Sankofa / Phoenix | unspecified | TBD | TBD | r630-01 | N/A | application |
 | 7810 | mim-web-1 | 192.168.11.37 | shared / non-concurrent mapping — verify live owner | MIM4U | unspecified | TBD | TBD | r630-02 | N/A | standard internal |
 | 7811 | mim-api-1 | 192.168.11.36 | shared / non-concurrent mapping — verify live owner | MIM4U | unspecified | TBD | TBD | r630-02 | N/A | standard internal |
 | 8640 | vault-phoenix-1 | 192.168.11.200 | unique in template | HashiCorp Vault | unspecified | TBD | TBD | r630-01 | N/A | management / secrets |
 | 8641 | vault-phoenix-2 | 192.168.11.215 | unique in template | HashiCorp Vault | unspecified | TBD | TBD | r630-01 | N/A | management / secrets |
 | 8642 | vault-phoenix-3 | 192.168.11.202 | unique in template | HashiCorp Vault | unspecified | TBD | TBD | r630-01 | N/A | management / secrets |
 | 10030 | order-identity | 192.168.11.40 | unique in template | The Order service | unspecified | TBD | TBD | r630-01 | N/A | application |
 | 10040 | order-intake | 192.168.11.41 | unique in template | The Order service | unspecified | TBD | TBD | r630-01 | N/A | application |
 | 10050 | order-finance | 192.168.11.49 | unique in template | The Order service | unspecified | TBD | TBD | r630-01 | N/A | application |
 | 10060 | order-dataroom | 192.168.11.42 | unique in template | The Order service | unspecified | TBD | TBD | r630-01 | N/A | application |
 | 10070 | order-legal | 192.168.11.87 | unique in template | The Order service | unspecified | TBD | TBD | r630-01 | N/A | application |
 | 10080 | order-eresidency | 192.168.11.43 | unique in template | The Order service | unspecified | TBD | TBD | r630-01 | N/A | application |
 | 10090 | order-portal-public | 192.168.11.36 | shared / non-concurrent mapping — verify live owner | The Order service | unspecified | TBD | TBD | r630-01 | N/A | application |
 | 10091 | order-portal-internal | 192.168.11.35 | shared / non-concurrent mapping — verify live owner | The Order service | unspecified | TBD | TBD | r630-01 | N/A | application |
 | 10092 | order-mcp-legal | 192.168.11.37 | shared / non-concurrent mapping — verify live owner | The Order service | unspecified | TBD | TBD | r630-01 | N/A | application |
 | 10100 | dbis-postgres-primary | 192.168.11.105 | unique in template | DBIS stack | unspecified | TBD | TBD | r630-01 | N/A | application |
 | 10101 | dbis-postgres-replica-1 | 192.168.11.106 | unique in template | DBIS stack | unspecified | TBD | TBD | r630-01 | N/A | application |
 | 10120 | dbis-redis | 192.168.11.125 | unique in template | DBIS stack | unspecified | TBD | TBD | r630-01 | N/A | application |
 | 10130 | dbis-frontend | 192.168.11.130 | unique in template | DBIS stack | unspecified | TBD | TBD | r630-01 | N/A | application |
 | 10150 | dbis-api-primary | 192.168.11.155 | unique in template | DBIS stack | unspecified | TBD | TBD | r630-01 | N/A | application |
 | 10151 | dbis-api-secondary | 192.168.11.156 | unique in template | DBIS stack | unspecified | TBD | TBD | r630-01 | N/A | application |
 | 10200 | order-prometheus | 192.168.11.46 | unique in template | The Order service | unspecified | TBD | TBD | r630-01 | N/A | application |
 | 10201 | order-grafana | 192.168.11.47 | unique in template | The Order service | unspecified | TBD | TBD | r630-01 | N/A | application |
 | 10202 | order-opensearch | 192.168.11.48 | unique in template | The Order service | unspecified | TBD | TBD | r630-01 | N/A | application |
 | 10210 | order-haproxy | 192.168.11.39 | unique in template | The Order service | unspecified | TBD | TBD | r630-01 | N/A | application |
 | 10230 | order-vault | 192.168.11.55 | unique in template | The Order service | unspecified | TBD | TBD | r630-01 | N/A | application |
 | 10232 | ct10232 | 192.168.11.56 | unique in template | General CT | unspecified | TBD | TBD | r630-01 | N/A | standard internal |
 | 10233 | npmplus-primary | 192.168.11.167 | unique in template | NPMplus ingress | unspecified | TBD | TBD | r630-01 | N/A | edge ingress |
 | 10234 | npmplus-secondary | 192.168.11.168 | unique in template | NPMplus ingress | unspecified | TBD | TBD | r630-02 | N/A | edge ingress |
 | 10235 | npmplus-alltra-hybx | 192.168.11.169 | unique in template | NPMplus ingress | unspecified | TBD | TBD | r630-02 | N/A | edge ingress |
 | 10236 | npmplus-fourth-dev | 192.168.11.170 | unique in template | NPMplus ingress | unspecified | TBD | TBD | r630-02 | N/A | edge ingress |
 | 10237 | npmplus-mifos | 192.168.11.171 | unique in template | NPMplus ingress | unspecified | TBD | TBD | r630-02 | N/A | edge ingress |
 ## Supplementary rows (not in template JSON)
 These appear in [ALL_VMIDS_ENDPOINTS.md](../04-configuration/ALL_VMIDS_ENDPOINTS.md) but are not modeled as `services[]` entries in `proxmox-operational-template.json`. They are **manual supplements**, not generator-backed source of truth.
 | VMID | Hostname | IPv4 | IP note | Node type | Runtime state | Entity owner | Region | Preferred host | Validator / signing | Security tier |
 |------|----------|------|---------|-----------|---------------|--------------|--------|----------------|---------------------|---------------|
 | 106 | redis-rpc-translator | 192.168.11.110 | manual supplement | RPC translator (Redis) | manual supplement | TBD | TBD | r630-01 (per ALL_VMIDS) | N/A | DMZ / RPC exposure |
 | 107 | web3signer-rpc-translator | 192.168.11.111 | manual supplement | RPC translator (Web3Signer) | manual supplement | TBD | TBD | r630-01 | N/A | DMZ / RPC exposure |
 | 108 | vault-rpc-translator | 192.168.11.112 | manual supplement | RPC translator (Vault) | manual supplement | TBD | TBD | r630-01 | N/A | management / secrets |
 ## Host-level services (no VMID)
 | Name | Location | Node type | Notes |
 |------|----------|-----------|-------|
 | CCIP relay | r630-01 host `/opt/smom-dbis-138/services/relay` | Cross-chain relay | Uses RPC (e.g. VMID 2201); see [NETWORK_CONFIGURATION_MASTER.md](../11-references/NETWORK_CONFIGURATION_MASTER.md), [docs/07-ccip/](../07-ccip/). |
 ## Related
 - [dbis_chain_138_technical_master_plan.md](../../dbis_chain_138_technical_master_plan.md)
 - [CHAIN138_CANONICAL_NETWORK_ROLES_VALIDATORS_SENTRY_AND_RPC.md](CHAIN138_CANONICAL_NETWORK_ROLES_VALIDATORS_SENTRY_AND_RPC.md)
 - [VMID_ALLOCATION_FINAL.md](VMID_ALLOCATION_FINAL.md)
--- a/docs/02-architecture/DBIS_PHASE2_PROXMOX_SOVEREIGNIZATION_ROADMAP.md
+++ b/docs/02-architecture/DBIS_PHASE2_PROXMOX_SOVEREIGNIZATION_ROADMAP.md
@@ -0,0 +1,69 @@
 # DBIS Phase 2 — Proxmox sovereignization roadmap
 **Last updated:** 2026-03-28  
 **Purpose:** Close the gap between **today’s** Proxmox footprint (2–3 active cluster nodes, ZFS/LVM-backed guests, VLAN 11 LAN) and the **target** in [dbis_chain_138_technical_master_plan.md](../../dbis_chain_138_technical_master_plan.md) Sections 4–5 and 8 (multi-node HA, Ceph-backed storage, stronger segmentation, standardized templates).
 **Current ground truth:** [PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md](../03-deployment/PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md), [config/proxmox-operational-template.json](../../config/proxmox-operational-template.json), [STORAGE_GROWTH_AND_HEALTH.md](../04-configuration/STORAGE_GROWTH_AND_HEALTH.md).
 ---
 ## Current state (summary)
 | Area | As deployed (typical) | Master plan target |
 |------|----------------------|-------------------|
 | Cluster | Corosync cluster **h** on ml110 + r630-01 + r630-02 (ml110 **may** be repurposed — verify Phase 1) | 3+ control-oriented nodes, odd quorum, HA services |
 | Storage | Local ZFS / LVM thin pools per host | Ceph OSD tier + pools for VM disks and/or RBD |
 | Network | Primary **192.168.11.0/24**, VLAN 11, UDM Pro edge, NPMplus ingress | Additional VLANs: storage replication, validator-only, identity, explicit DMZ mapping |
 | Workloads | Chain 138 Besu validators/RPC, Hyperledger CTs, apps — see [DBIS_NODE_ROLE_MATRIX.md](DBIS_NODE_ROLE_MATRIX.md) | Same roles, **template-standardized** provisioning |
 ---
 ## Milestone 1 — Cluster quorum and fleet expansion
 - Bring **r630-03+** online per [R630_13_NODE_DOD_HA_MASTER_PLAN.md](R630_13_NODE_DOD_HA_MASTER_PLAN.md) and [11-references/13_NODE_AND_ASSETS_BRING_ONLINE_CHECKLIST.md](../11-references/13_NODE_AND_ASSETS_BRING_ONLINE_CHECKLIST.md).
 - Maintain **odd** node count for Corosync quorum; use qdevice if temporarily even-count during ml110 migration ([UDM_PRO_PROXMOX_CLUSTER.md](../04-configuration/UDM_PRO_PROXMOX_CLUSTER.md)).
 ---
 ## Milestone 2 — ML110 migration / WAN aggregator
 - **Before** repurposing ml110 to OPNsense/pfSense ([ML110_OPNSENSE_PFSENSE_WAN_AGGREGATOR.md](../11-references/ML110_OPNSENSE_PFSENSE_WAN_AGGREGATOR.md)): migrate all remaining CT/VM to R630s ([NETWORK_CONFIGURATION_MASTER.md](../11-references/NETWORK_CONFIGURATION_MASTER.md)).
 - Re-document **physical inventory** row for `.10` after cutover ([PHYSICAL_HARDWARE_INVENTORY.md](PHYSICAL_HARDWARE_INVENTORY.md)).
 ---
 ## Milestone 3 — Ceph introduction (decision + prerequisites)
 - **Decision record:** whether Ceph replaces or complements ZFS/LVM for new workloads; minimum network (10G storage net, jumbo frames if used), disk layout, and JBOD attachment per [HARDWARE_INVENTORY_MASTER.md](../11-references/HARDWARE_INVENTORY_MASTER.md).
 - Pilot: non-production pool → migrate one test CT → expand OSD count.
 ---
 ## Milestone 4 — Network segmentation (incremental)
 Map master plan layers to implementable steps:
 1. Dedicated **storage replication** VLAN (Ceph backhaul or ZFS sync).
 2. **Validator / P2P** constraints (firewall rules between sentry and RPC tiers — align [CHAIN138_CANONICAL_NETWORK_ROLES_VALIDATORS_SENTRY_AND_RPC.md](CHAIN138_CANONICAL_NETWORK_ROLES_VALIDATORS_SENTRY_AND_RPC.md)).
 3. **Identity / Indy** tier isolation when multi-entity governance requires it.
 ---
 ## Milestone 5 — VM / CT templates (Section 7 of master plan)
 - Align [PROXMOX_VM_CREATION_RUNBOOK.md](../03-deployment/PROXMOX_VM_CREATION_RUNBOOK.md) with template types: Identity (Indy/Aries), Settlement (Besu), Institutional (Fabric), Workflow (FireFly), Observability (Explorer/monitoring).
 - Encode **preferred_node** and sizing in [DBIS_NODE_ROLE_MATRIX.md](DBIS_NODE_ROLE_MATRIX.md) and sync [proxmox-operational-template.json](../../config/proxmox-operational-template.json).
 ---
 ## Milestone 6 — Backup and DR alignment (master plan Sections 8, 16)
 - Hourly/daily snapshot policy per guest tier; cross-site replication targets (RPO/RTO) documented outside this file when available.
 - Reference: existing backup scripts for NPMplus and operator checklist.
 ---
 ## Related
 - [PHASE1_DISCOVERY_RUNBOOK.md](../03-deployment/PHASE1_DISCOVERY_RUNBOOK.md)
 - [DBIS_PHASE3_E2E_PRODUCTION_SIMULATION_RUNBOOK.md](../03-deployment/DBIS_PHASE3_E2E_PRODUCTION_SIMULATION_RUNBOOK.md)
--- a/docs/02-architecture/DOMAIN_STRUCTURE.md
+++ b/docs/02-architecture/DOMAIN_STRUCTURE.md
@@ -70,7 +70,7 @@ This document defines the domain structure for the infrastructure, clarifying wh
 **Related Documentation:**
 - [Cloudflare Tunnel Setup](../04-configuration/cloudflare/CLOUDFLARE_TUNNEL_CONFIGURATION_GUIDE.md)
 - [RPC Configuration](/docs/04-configuration/RPC_DNS_CONFIGURATION.md)
- [Blockscout Setup](../archive/completion/BLOCKSCOUT_COMPLETE_SUMMARY.md)
+- [EXPLORER_LINKS_AND_ISSUES_DIAGNOSTIC.md](../04-configuration/EXPLORER_LINKS_AND_ISSUES_DIAGNOSTIC.md) · [EXPLORER_FRONTEND_404_FIX_RUNBOOK.md](../03-deployment/EXPLORER_FRONTEND_404_FIX_RUNBOOK.md)
 ---
--- a/docs/02-architecture/EXPECTED_WEB_CONTENT.md
+++ b/docs/02-architecture/EXPECTED_WEB_CONTENT.md
@@ -1,7 +1,7 @@
 # Web Properties — Ground Truth & Validation
-**Last Updated:** 2026-01-31  
+**Last Updated:** 2026-03-27  
-**Document Version:** 1.0  
+**Document Version:** 1.5  
 **Status:** Active Documentation
 ---
@@ -10,78 +10,128 @@ _Last reviewed: authoritative alignment checkpoint_
 This document reconciles **expected intent**, **current deployment state**, and **functional role** for each public-facing or semi-public web property.
 **Quick matrix (every FQDN: web vs API vs RPC, and what clients should see):** [FQDN_EXPECTED_CONTENT.md](../04-configuration/FQDN_EXPECTED_CONTENT.md).
 ---
-## 1. phoenix.sankofa.nexus
+## Sankofa.nexus and Phoenix — hostname model (canonical)
 **Service Name:** Phoenix API / Cloud Platform Portal  
 **Role:** Cloud Service Provider (CSP) for Sankofa  
 **Comparable To:** AWS Console, Azure Portal, GCP Console
-### Intended Function
+| Hostname | Tier | Access | Expected content |
- Sovereign-grade cloud infrastructure control plane
+|----------|------|--------|------------------|
- Multi-tenant resource provisioning
+| `sankofa.nexus` | **Public web** | Unauthenticated visitors | **Sankofa — Sovereign Technologies:** corporate / brand public site (marketing, narrative, entry points). |
- Service orchestration and lifecycle management
+| `phoenix.sankofa.nexus` | **Public web** | Unauthenticated visitors (for public pages) | **Phoenix Cloud Services** (a division of Sankofa): public-facing web for the cloud services division. |
 | `the-order.sankofa.nexus` | **Public web** (program portal) | Secure auth (product-dependent) | **OSJ / Order management** portal; application source **the_order**. **NPM** → VMID **10210** order-haproxy `192.168.11.39:80` → Sankofa portal stack **192.168.11.51:3000** (7801). See `scripts/deployment/provision-order-haproxy-10210.sh`. |
 | `www.the-order.sankofa.nexus` | **Redirect** | Browser follows 301 | **301** → `https://the-order.sankofa.nexus` (same policy as `www.sankofa` / `www.phoenix`). |
 | `studio.sankofa.nexus` | **Public web** (tooling) | Unauthenticated or app auth per product | **Sankofa Studio** (FusionAI); VMID **7805**, `192.168.11.72:8000`, UI under `/studio/`. |
 | `keycloak.sankofa.nexus` | **SSO infrastructure** (IdP) | Browser hits login + token flows; operators use admin | **Keycloak:** OIDC/SAML identity provider behind client SSO. Serves realm login UI, well-known and token endpoints, and **admin console** at `/admin`. **Consumes:** `admin.sankofa.nexus` and `portal.sankofa.nexus` (and other registered clients) redirect here for authentication; it does **not** replace those hostnames. |
 | `admin.sankofa.nexus` | **Client SSO** | SSO (system-mediated) | **Client administration of access:** who can access what (invites, roles, org settings, access policy). |
 | `portal.sankofa.nexus` | **Client SSO** | SSO | **Client workspace:** Phoenix cloud services, Sankofa Marketplace subscriptions, and other **client-facing** services behind one SSO boundary. |
 | `dash.sankofa.nexus` | **Operator / systems** | **IP allowlisting** + **system authentication** + **MFA** | **Internal systems dashboard:** administration across Sankofa, Phoenix, Gitea, and additional platform systems—not the same trust boundary as client `admin` / `portal`. |
-### Expected Capabilities
+**Placement of Keycloak:** Treat `keycloak.sankofa.nexus` as the **shared IdP** for the **SSO-gated client tier** (`admin`, `portal`). Users often see Keycloak only during login redirects. **`dash.sankofa.nexus`** is a separate, stricter surface (network + MFA); it may integrate with Keycloak or other system identity depending on implementation, but the **documented intent** is IP-gated operator admin, not “client self-service SSO” like `portal`.
 - GraphQL API endpoint: `/graphql`
 - WebSocket endpoint: `/graphql-ws`
 - Health check endpoint: `/health`
 - Cloud resource management (compute, network, storage)
 - Tenant, IAM, and billing controls
 - Internal service catalog / marketplace
-### Current Deployment
+---
- **Status:** ✅ Deployed and active
+
- **VMID:** 7800
+## 1. sankofa.nexus (public — Sovereign Technologies)
- **Address:** 192.168.11.50:4000
+
- **Access Model:** API-first (not a marketing site)
+**Role:** Public corporate web for **Sankofa — Sovereign Technologies.**  
 **Comparable to:** Company apex domain (e.g. microsoft.com).
 ### Expected content
 - Brand, mission, Sovereign Technologies positioning  
 - Philosophy narrative (**Remember → Retrieve → Restore → Rise**)  
 - Paths into Phoenix and commercial / program entry points (links may target `phoenix.sankofa.nexus`, `portal.sankofa.nexus`, etc.)
 ### Current deployment (typical)
 - **VMID:** 7801 · **Port:** 3000 (Next.js) — see [ALL_VMIDS_ENDPOINTS.md](../04-configuration/ALL_VMIDS_ENDPOINTS.md)
 ### Notes
- This is **not** a public brochure site  
+- **Unauthenticated public web** is the **intent** for this hostname; authenticated client work belongs on **`portal.sankofa.nexus`**.
 - UI is assumed to be console-style or API-driven  
 - Sovereign / operator-facing only
 ---
-## 2. sankofa.nexus
+## 2. phoenix.sankofa.nexus (public — Phoenix Cloud Services)
 **Service Name:** Sankofa Portal  
 **Role:** Corporate & Product Website  
 **Comparable To:** Microsoft.com, Google.com, Amazon.com
-### Intended Function
+**Role:** Public-facing web for **Phoenix Cloud Services**, a division of Sankofa.  
- Public-facing corporate presence
+**Comparable to:** Public cloud division landing (e.g. azure.microsoft.com style), not the raw JSON-RPC layer.
 - Brand narrative and philosophy
 - Product overview and entry point to Phoenix
-### Expected Content
+### Expected content
- Company overview and mission
+- Division branding, service overview, how Phoenix fits under Sankofa  
- Sankofa brand philosophy:
+- Clear separation from corporate apex (`sankofa.nexus`)
  **"Remember → Retrieve → Restore → Rise"**
 - Phoenix product introduction
 - Navigation to services
 - Contact and inquiry paths
-### Current Deployment
+### Technical note (same origin today)
- **Status:** ✅ Deployed
+- **VMID 7800** historically exposes **API-first** surfaces (`/health`, `/graphql`, `/graphql-ws`). Public **marketing or division web** may be served from the same stack or split later; this document states **product intent** for the hostname. Prefer not to present the apex `sankofa.nexus` portal app as if it were “Phoenix public web.”
 - **VMID:** 7801
 - **Address:** 192.168.11.51:3000
 - **Technology:** Next.js
 ### Observed Behavior
 - Portal currently presents a **login-gated interface**
 - Authentication handled via **Keycloak**
 - Dashboard requires credentials
 ### Alignment Note
 - ⚠️ **Decision point:**
  - Either split into:
    - `www.sankofa.nexus` (public marketing)
    - `portal.sankofa.nexus` (authenticated)
  - Or intentionally maintain a gated-first model
 ---
-## 3. explorer.d-bis.org
+## 2b. the-order.sankofa.nexus (public hostname — OSJ / Order portal)
 **Role:** Public hostname for the **Order** / OSJ management experience (secure auth as implemented in **the_order**).  
 **Comparable to:** A dedicated program or division portal—not the corporate apex (`sankofa.nexus`) and not the generic client SSO workspace (`portal.sankofa.nexus`) unless product explicitly converges them.
 ### Expected content
 - Order/OSJ management UI and flows behind authentication as defined by the app  
 - Same **Next.js portal stack** as Sankofa public site today, reached via **HAProxy** so NPM and headers can be tuned independently
 ### Current deployment (typical)
 - **Edge:** VMID **10210** (order-haproxy) · **192.168.11.39:80** — proxies to **192.168.11.51:3000** (VMID **7801** portal)  
 - **NPMplus:** `update-npmplus-proxy-hosts-api.sh` defaults `THE_ORDER_UPSTREAM_*` to **.39:80**; bypass with `THE_ORDER_UPSTREAM_IP=192.168.11.51` `THE_ORDER_UPSTREAM_PORT=3000` if 10210 is down
 ### Notes
 - **`www.the-order.sankofa.nexus`** is only for **canonical URL** policy (301 → apex); do not treat it as a separate product surface.
 ---
 ## 3. keycloak.sankofa.nexus (SSO — identity provider)
 **Role:** **OIDC/SAML IdP** for the Sankofa / Phoenix client ecosystem.  
 **VMID:** 7802 (typical)
 ### Expected content / behavior
 - End-user **login** (realm themes), **logout**, **token** and **well-known** endpoints  
 - **Admin console** at `/admin` for realm and client configuration (operator-controlled)
 ### Relationship
 - **`admin.sankofa.nexus`** and **`portal.sankofa.nexus`** are the **client-facing apps**; Keycloak is where **authentication** completes for those SSO flows.
 ---
 ## 4. admin.sankofa.nexus (client SSO — access administration)
 **Role:** **SSO-authenticated** surface for **clients** to **administer access** (users, groups, delegations, tenant access policy as productized).
 ### Expected content
 - IAM-style administration for client orgs (not raw Keycloak admin—that remains on Keycloak’s `/admin` for platform operators).
 ---
 ## 5. portal.sankofa.nexus (client SSO — services and marketplace)
 **Role:** **SSO-authenticated** **client portal** for day-to-day use of subscribed services.
 ### Expected content
 - **Phoenix cloud** service entry and consoles (as entitled)  
 - **Sankofa Marketplace** subscriptions and management  
 - Other **client-facing** services behind the same SSO boundary
 **Public URL policy (env):** NextAuth / OIDC public URL may be set to `https://portal.sankofa.nexus` (see `scripts/deployment/sync-sankofa-portal-7801.sh`).
 ---
 ## 6. dash.sankofa.nexus (IP-gated — system admin + MFA)
 **Role:** **Operator and systems administration** across Sankofa, Phoenix, Gitea, and related infrastructure.
 ### Access model
 - **IP address gating** (allowlisted networks / VPN / office)  
 - **System authentication** + **MFA** (stricter than public internet client SSO)
 ### Expected content
 - Unified or linked **admin** views for platform systems—not a substitute for `portal.sankofa.nexus` client self-service.
 ---
 ## 7. explorer.d-bis.org
 **Service Name:** SolaceScanScout  
 **Role:** Block Explorer for ChainID 138  
 **Technology:** Blockscout-based  
@@ -112,7 +162,7 @@ This document reconciles **expected intent**, **current deployment state**, and
 ---
-## 4. blockscout.defi-oracle.io
+## 8. blockscout.defi-oracle.io
 **Service Name:** Blockscout Explorer (Generic)  
 **Role:** Independent / Reference Blockscout Instance
@@ -131,22 +181,48 @@ This document reconciles **expected intent**, **current deployment state**, and
 ---
 ## 8b. public-2138.defi-oracle.io & rpc.public-2138.defi-oracle.io (testnet)
 **Role:** Public explorer UI and JSON-RPC for **Defi Oracle Meta Testnet** (chain ID **2138**, hex `0x85a`). Not the Chain 138 explorer (`explorer.d-bis.org`).
 ### Intended function
 - Explorer: `https://public-2138.defi-oracle.io` (per `pr-workspace/chains/_data/chains/eip155-2138.json`)
 - RPC: `https://rpc.public-2138.defi-oracle.io`, `wss://rpc.public-2138.defi-oracle.io`
 ### References
 - `docs/04-configuration/CHAIN2138_WALLET_CONFIG_VALIDATION.md`
 - `docs/testnet/DEFI_ORACLE_META_TESTNET_2138_RUNBOOK.md`
 ---
 ## Canonical Alignment Summary
-| Domain | Purpose | Public | Auth Required | Canonical |
+| Domain | Purpose | Public web | Auth model | Canonical |
-|--------|---------|--------|---------------|-----------|
+|--------|---------|------------|------------|-------------|
-| sankofa.nexus | Corporate / Brand | Yes | Partial | ✅ |
+| sankofa.nexus | Sovereign Technologies (corporate) | Yes (intended) | None for public pages | ✅ |
-| phoenix.sankofa.nexus | Cloud Control Plane | No | Yes | ✅ |
+| phoenix.sankofa.nexus | Phoenix Cloud Services (division) | Yes (intended) | None for public pages | ✅ |
 | the-order.sankofa.nexus | OSJ / Order management portal | Yes (app UI) | Per **the_order** | ✅ |
 | www.the-order.sankofa.nexus | Redirect to apex | — | — | ✅ |
 | studio.sankofa.nexus | Sankofa Studio (FusionAI) | Yes (`/studio/`) | Per app | ✅ |
 | keycloak.sankofa.nexus | IdP for client SSO | Login UI only | IdP + admin | ✅ |
 | admin.sankofa.nexus | Client access administration | No | SSO | ✅ |
 | portal.sankofa.nexus | Client services + marketplace | No | SSO | ✅ |
 | dash.sankofa.nexus | Systems / operator admin | No | IP + system auth + MFA | ✅ |
 | explorer.d-bis.org | ChainID 138 Explorer | Yes | No | ✅ |
 | public-2138.defi-oracle.io | ChainID 2138 Testnet Explorer | Yes | No | ⚠️ Per chainlist |
 | rpc.public-2138.defi-oracle.io | ChainID 2138 JSON-RPC | API | No | ⚠️ Per chainlist |
 | blockscout.defi-oracle.io | Generic Explorer | Yes | No | ❌ |
 ---
 ## Confirmed Architectural Intent
- **Phoenix** = infrastructure + API + control plane  
+- **sankofa.nexus** = public brand for **Sankofa — Sovereign Technologies**  
- **Sankofa** = sovereign-facing brand & access layer  
+- **phoenix.sankofa.nexus** = public web for **Phoenix Cloud Services** (division of Sankofa); API surfaces may share deployment  
 - **the-order.sankofa.nexus** = **Order / OSJ** program portal at a dedicated hostname; **edge** at 10210 (HAProxy) then portal **7801** unless bypassed for maintenance  
 - **portal / admin** = **client SSO** tier; **Keycloak** = shared IdP  
 - **dash** = **IP-gated** operator systems admin with **MFA**  
 - **DBIS Explorer** = public transparency + settlement inspection  
- **No accidental overlap** between marketing, control, and transparency layers
+- **No accidental overlap** between public marketing, client SSO, operator dash, explorer transparency, and **Order** program hostname (unless product explicitly merges flows)
 ---
@@ -154,33 +230,17 @@ This document reconciles **expected intent**, **current deployment state**, and
 **Critical:** These decisions remain **explicitly unresolved**. Do not collapse them prematurely.
-### 1. Public vs Gated Split for `sankofa.nexus`
+### 1. Phoenix UI vs API on `phoenix.sankofa.nexus`
-**Status:** Open decision point
+**Status:** Implementation may still be API-first on VMID 7800 while **hostname intent** is public division web; reconcile with a dedicated static/marketing upstream or path split if needed.
 **Options:**
 - Option A: Split into public marketing site and authenticated portal
 - Option B: Maintain gated-first model with selective public content
 - Option C: Evolve to unified model with public sections
 **Authority:** Governance decision, not implementation drift
 **Note:** Auth is a policy boundary, not a permanent architectural constraint.
 ---
-### 2. Phoenix UI Exposure
+### 2. Rich console UI for Phoenix (beyond public division web)
 **Status:** Open decision point
-**Question:** Whether Phoenix ever exposes a human UI beyond operators
+**Question:** Whether authenticated **Phoenix product consoles** live primarily on **`portal.sankofa.nexus`** (SSO) vs additional surfaces.
-**Current State:** API-first, operator-facing
+**Flexibility:** Public division web on `phoenix.sankofa.nexus` does not preclude deep consoles behind **`portal`** SSO.
 **Flexibility:**
 - API-first does not preclude future UI
 - Console-based access patterns are possible
 - Delegated interfaces are not precluded
 **Note:** Intent document states: "This does not preclude future public or delegated interfaces."
 ---
@@ -202,7 +262,8 @@ This document reconciles **expected intent**, **current deployment state**, and
 These are **possible futures**, not commitments:
- Public marketing split (`www` vs `portal`)
+- NPM `www.*` → apex **301** policy (incl. `www.sankofa`, `www.phoenix`, `www.the-order`) vs additional marketing hostnames
 - `admin` / `portal` / `dash` upstream targets on NPM (when split from legacy single-host deployments)
 - Delegated Phoenix UI development
 - Explorer rebrand or federation
 - Additional service surfaces
@@ -221,24 +282,27 @@ Internet
   ↓
 NPMplus (Reverse Proxy + SSL)
   ↓
-   ├─→ sankofa.nexus → Sankofa Portal
+   ├─→ sankofa.nexus              → Public web: Sankofa — Sovereign Technologies
-   │                     └─→ Corporate Brand / Product Website
+   ├─→ phoenix.sankofa.nexus      → Public web: Phoenix Cloud Services (division)
-   │                     └─→ ⚠️ Currently: Login-gated
+   ├─→ the-order.sankofa.nexus    → Order/OSJ portal (10210 HAProxy → portal 7801)
   ├─→ www.the-order.sankofa.nexus → 301 → the-order apex
   ├─→ studio.sankofa.nexus       → Studio (7805 /studio/)
   │
-   ├─→ phoenix.sankofa.nexus → Phoenix API
+   ├─→ admin.sankofa.nexus        → Client SSO: administer access
-   │                            └─→ Cloud Control Plane (API-first)
+   ├─→ portal.sankofa.nexus       → Client SSO: Phoenix cloud + marketplace + client services
-   │                            └─→ Operator-facing only
+   │        └─ (redirects) ──→ keycloak.sankofa.nexus  (OIDC/SAML IdP, VMID 7802)
   │
-   ├─→ explorer.d-bis.org → SolaceScanScout
+   ├─→ dash.sankofa.nexus         → IP allowlist + system auth + MFA: operator systems admin
-   │                         └─→ Public Block Explorer (ChainID 138)
+   │        (Sankofa, Phoenix, Gitea, …)
   │                         └─→ No auth required
   │
-   └─→ blockscout.defi-oracle.io → Generic Blockscout
+   ├─→ explorer.d-bis.org         → SolaceScanScout (ChainID 138, no login for browse)
-                                    └─→ Reference instance (not canonical)
+   └─→ blockscout.defi-oracle.io  → Generic Blockscout (not canonical 138 explorer)
-Backend Services:
+Backend (typical):
-   ├─→ Keycloak (Authentication) - VMID 7802
+   ├─→ Keycloak VMID 7802, PostgreSQL VMID 7803
-   └─→ PostgreSQL (Database) - VMID 7803
+   ├─→ Phoenix API VMID 7800, Sankofa web VMID 7801
   └─→ Order edge VMID 10210 (HAProxy .39:80 → .51:3000); Studio VMID 7805
   (until admin/portal/dash are split to own upstreams)
 ```
 ---
@@ -247,12 +311,20 @@ Backend Services:
 ### Active Services
-| Service | Domain | VMID | IP | Port | Status | Public Access |
+| Service | Domain | VMID | IP | Port | Status | Access model |
-|---------|--------|------|-----|------|--------|---------------|
+|---------|--------|------|-----|------|--------|----------------|
-| **Phoenix API** | phoenix.sankofa.nexus | 7800 | 192.168.11.50 | 4000 | ✅ Active | Authenticated |
+| **Phoenix** (API today; division hostname) | phoenix.sankofa.nexus | 7800 | 192.168.11.50 | 4000 | ✅ Active | Public web **intent**; API paths coexist |
-| **Sankofa Portal** | sankofa.nexus | 7801 | 192.168.11.51 | 3000 | ✅ Active | Partially Public |
+| **Sankofa public web** | sankofa.nexus | 7801 | 192.168.11.51 | 3000 | ✅ Active | Public **intent** (see hostname model) |
 | **The Order (edge)** | the-order.sankofa.nexus | 10210 → 7801 | 192.168.11.39:80 → .51:3000 | 80 → 3000 | ✅ Active | HAProxy then portal; see §2b |
 | **Sankofa Studio** | studio.sankofa.nexus | 7805 | 192.168.11.72 | 8000 | ✅ Active | `/studio/` |
 | **Keycloak IdP** | keycloak.sankofa.nexus | 7802 | (see ALL_VMIDS) | 8080 | ✅ Active | IdP + `/admin` |
 | **Client admin (SSO)** | admin.sankofa.nexus | — | — | — | 🔶 **Intent** — NPM + app upstream not pinned in VM inventory; may share portal stack (**7801**) until split (see §4, Open Decisions §4) | SSO |
 | **Client portal (SSO)** | portal.sankofa.nexus | **7801** (typical) | 192.168.11.51 | 3000 | ✅ **Active** when NPM routes this hostname to the Sankofa portal stack; `NEXTAUTH_URL` / public OIDC URL per `scripts/deployment/sync-sankofa-portal-7801.sh` | SSO |
 | **Operator dash** | dash.sankofa.nexus | — | — | — | 🔶 **Intent** — IP allowlist + system auth + MFA; **VMID/IP not fixed** in this matrix until NPM/upstream is wired (see §6) | IP + MFA |
 | **SolaceScanScout** | explorer.d-bis.org | 5000 | 192.168.11.140 | 80/4000 | ✅ Active | Public |
-| **Blockscout** | blockscout.defi-oracle.io | ⚠️ TBD | ⚠️ TBD | ⚠️ TBD | ⚠️ Separate | Public |
+| **Blockscout (generic hostname)** | blockscout.defi-oracle.io | **5000** | 192.168.11.140 | **80** (TLS at NPM) | ✅ **Active** when NPM proxies here; **same class** of Blockscout UI as §7 but **not** canonical **SolaceScanScout / Chain 138** branding (see §8) | Public |
 **Table notes:** `admin` / `dash` rows stay **non-numeric** on VMID until inventory and NPM proxy rows are authoritative in [ALL_VMIDS_ENDPOINTS.md](../04-configuration/ALL_VMIDS_ENDPOINTS.md) and your NPM export. **`blockscout.defi-oracle.io`** has been documented in routing summaries as terminating on **VMID 5000** (`192.168.11.140:80`); confirm live NPM if behavior differs.
 ---
@@ -262,12 +334,15 @@ Backend Services:
 **Phoenix** = Cloud Platform/Product (like Azure, GCP, AWS)  
 **Sankofa Phoenix** = Complete Product (like Microsoft Azure, Google Cloud Platform, Amazon Web Services)
- **sankofa.nexus** = Company website (like Microsoft.com)
+- **sankofa.nexus** = Public company site — **Sankofa — Sovereign Technologies**
- **phoenix.sankofa.nexus** = Cloud platform portal (like Azure Portal)
+- **phoenix.sankofa.nexus** = Public division site — **Phoenix Cloud Services**
 - **portal.sankofa.nexus** / **admin.sankofa.nexus** = **Client SSO** apps (Keycloak as IdP)
 - **dash.sankofa.nexus** = **IP-gated** operator systems admin (**MFA**)
 - **the-order.sankofa.nexus** = **Order / OSJ** portal hostname (edge **10210** → portal **7801**)
 - **studio.sankofa.nexus** = **Studio** tooling (**7805**)
 - **explorer.d-bis.org** = Blockchain explorer (like Etherscan)
 - **blockscout.defi-oracle.io** = Generic explorer instance
 ---
 **Last Updated:** 2026-01-20  
 **Review Status:** Authoritative alignment checkpoint
--- a/docs/02-architecture/NON_GOALS.md
+++ b/docs/02-architecture/NON_GOALS.md
@@ -1,7 +1,7 @@
 # Non-Goals — Sankofa Phoenix
-**Last Updated:** 2026-01-31  
+**Last Updated:** 2026-03-25  
-**Document Version:** 1.0  
+**Document Version:** 1.1  
 **Status:** Active Documentation
 ---
@@ -174,6 +174,21 @@ This document explicitly states **what Sankofa Phoenix is NOT intended to be**,
 ---
 ### 9. Phoenix IS Allowed an Internal Service Catalog (Not a Public Marketing Site)
 **Clarification (2026-03-25):** Non-goal **§1** means Phoenix is **not** a **public brochure** or **anonymous consumer storefront**. It does **not** exclude:
 - An **authenticated internal service catalog** (sometimes called “marketplace” in product language)
 - **Entitlement management** and **provisioning APIs** for **public sector tenants**
 **Wording discipline:** Prefer **service catalog** + **entitlements** in external/regulatory packs until **procurement-backed billing** exists. See [PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md](PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md).
 **Why This Matters:**
 - Reconciles [EXPECTED_WEB_CONTENT.md](EXPECTED_WEB_CONTENT.md) (“internal service catalog / marketplace”) with **§1** without turning Phoenix into a public marketing site.
 ---
 ### 8. We Are NOT Encoding Technology Choices in Names
 **What We Use:**
@@ -219,6 +234,7 @@ This document does **not** mean:
 - `ARCHITECTURAL_INTENT.md` — What we intend to build
 - `EXPECTED_WEB_CONTENT.md` — What each service should provide
 - `BRAND_RELATIONSHIP.md` — Brand/product structure
 - `PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md` — Tenancy, catalog vs marketing, repo boundaries
 **Together They:**
 - Define intent without constraining implementation
@@ -240,5 +256,5 @@ This document does **not** mean:
 ---
-**Last Updated:** 2026-01-20  
+**Last Updated:** 2026-03-25  
 **Status:** Explicit Non-Goals (Preserves Optionality)
--- a/docs/02-architecture/PHYSICAL_HARDWARE_INVENTORY.md
+++ b/docs/02-architecture/PHYSICAL_HARDWARE_INVENTORY.md
@@ -1,7 +1,7 @@
 # Physical Hardware Inventory
-**Last Updated:** 2026-02-13  
+**Last Updated:** 2026-03-28  
-**Document Version:** 1.1  
+**Document Version:** 1.2  
 **Status:** Active Documentation
 ---
@@ -14,12 +14,12 @@ This document is the placeholder for the physical hardware inventory (hosts, IPs
 | Host | IP | Role | NICs |
 |------|-----|------|------|
-| ml110 | 192.168.11.10 | Proxmox, Besu nodes | 2× Broadcom BCM5717 1GbE |
+| ml110 | 192.168.11.10 | **Transitional:** historically Proxmox + Besu/sentry/ML workloads; **target** is OPNsense/pfSense WAN aggregator between cable modems and dual UDM Pro — see [NETWORK_CONFIGURATION_MASTER.md](../11-references/NETWORK_CONFIGURATION_MASTER.md). Confirm live role with `pvecm status` / `pct list` on `.10` (Phase 1: `scripts/verify/run-phase1-discovery.sh`). | 2× Broadcom BCM5717 1GbE |
-| r630-01 | 192.168.11.11 | Infrastructure, RPC | 4× Broadcom BCM5720 1GbE |
+| r630-01 | 192.168.11.11 | Infrastructure, Chain 138 RPC, Sankofa/Order, CCIP relay host | 4× Broadcom BCM5720 1GbE |
-| r630-02 | 192.168.11.12 | Firefly, NPMplus secondary | 4× Broadcom BCM57800 1/10GbE |
+| r630-02 | 192.168.11.12 | FireFly, Fabric/Indy/Cacti, NPMplus instances, MIM4U, Mifos | 4× Broadcom BCM57800 1/10GbE |
 | UDM Pro (edge) | 76.53.10.34 | Edge router | — |
-**See:** [PROXMOX_HOSTS_COMPLETE_HARDWARE_CONFIG.md](PROXMOX_HOSTS_COMPLETE_HARDWARE_CONFIG.md), [NETWORK_CONFIGURATION_MASTER.md](../11-references/NETWORK_CONFIGURATION_MASTER.md), [NETWORK_ARCHITECTURE.md](NETWORK_ARCHITECTURE.md), [VMID_ALLOCATION_FINAL.md](VMID_ALLOCATION_FINAL.md).
+**See:** [PROXMOX_HOSTS_COMPLETE_HARDWARE_CONFIG.md](PROXMOX_HOSTS_COMPLETE_HARDWARE_CONFIG.md), [NETWORK_CONFIGURATION_MASTER.md](../11-references/NETWORK_CONFIGURATION_MASTER.md), [NETWORK_ARCHITECTURE.md](NETWORK_ARCHITECTURE.md), [VMID_ALLOCATION_FINAL.md](VMID_ALLOCATION_FINAL.md), [DBIS_NODE_ROLE_MATRIX.md](DBIS_NODE_ROLE_MATRIX.md).
 ---
--- a/docs/02-architecture/PROXMOX_COMPREHENSIVE_REVIEW.md
+++ b/docs/02-architecture/PROXMOX_COMPREHENSIVE_REVIEW.md
@@ -63,7 +63,7 @@ ssh root@192.168.11.12 "hostname"  # Returns: r630-02 ✅
 | 192.168.11.100-104 | 5 | Besu Validators |
 | 192.168.11.105-106 | 2 | DBIS PostgreSQL |
 | 192.168.11.112 | 1 | Fabric |
-| 192.168.11.120 | 1 | DBIS Redis |
+| 192.168.11.125 | 1 | DBIS Redis (VMID 10120) |
 | 192.168.11.130 | 1 | DBIS Frontend |
 | 192.168.11.150-154 | 5 | Besu Sentries |
 | 192.168.11.155-156 | 2 | DBIS API |
--- a/docs/02-architecture/PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md
+++ b/docs/02-architecture/PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md
@@ -0,0 +1,95 @@
 # Public sector tenancy, service catalog, and deployment baseline
 **Last Updated:** 2026-03-25  
 **Status:** Canonical baseline (reconciles assurance, Phoenix intent, and repo boundaries)  
 **Related:** [NON_GOALS.md](NON_GOALS.md), [EXPECTED_WEB_CONTENT.md](EXPECTED_WEB_CONTENT.md), [SERVICE_DESCRIPTIONS.md](SERVICE_DESCRIPTIONS.md), [BRAND_RELATIONSHIP.md](BRAND_RELATIONSHIP.md), [../11-references/COMPLETE_CREDENTIAL_EIDAS_PROGRAM_REPOS.md](../11-references/COMPLETE_CREDENTIAL_EIDAS_PROGRAM_REPOS.md), [config/public-sector-program-manifest.json](../../config/public-sector-program-manifest.json)
 ---
 ## Purpose
 This document **closes documented gaps** between:
 - **Assurance claims** (e.g. SMOA eIDAS evidence: partial / QTSP pending — see SMOA repo `docs/compliance/evidence/eidas-compliance-evidence.md`)
 - **Platform intent** (Phoenix as CSP-style control plane with tenant/IAM/catalog expectations)
 - **Repository reality** (Complete Credential / eIDAS connector code lives **outside** this `proxmox` tree)
 It does **not** replace legal advice, DPIAs, or national eID supervision requirements.
 ---
 ## Official-style descriptors (use in contracts and external comms)
 | Avoid (ambiguous) | Prefer |
 |-------------------|--------|
 | Government client | **Public sector organization**, **procuring entity** (procurement context), **data controller** (GDPR context) |
 | Subdivision | **Organizational unit**, **child public body**, **agency** (if legally distinct) |
 | Phoenix portal (colloquial) | **Phoenix control plane** / **Phoenix API** (API-first); **Sankofa Portal** for brand site (`sankofa.nexus`) |
 | Marketplace (product) | **Service catalog** + **entitlement management** until procurement-backed billing is implemented; use **marketplace** only if contractually defined |
 | Wallet (in gov packs) | **Credential holder application**, **authenticator**, **SMOA client** — do not mix with **self-custody cryptocurrency wallet** language from Chain 138 / DeFi docs |
 ---
 ## Deployment profiles (flexibility bridge)
 | Profile | Use when | Isolation |
 |---------|----------|-----------|
 | **A — Shared platform** | Pilot, single legal controller, non-qualified flows | Multi-tenant logical separation; **per-tenant** keys and metadata |
 | **B — Dedicated stack** | Jurisdiction rule, qualified-trust boundary, or security classification | Separate LXC/VM (or cluster) per **controller** or **Member State** deployment |
 | **C — Hybrid** | Shared orchestration (Phoenix), isolated crypto/PII | Phoenix + shared IdP; **connector + HSM/DB** isolated per tenant |
 **Promotion path:** tenant IDs and APIs should allow moving **A → B** without rewriting mobile or portal clients.
 ---
 ## Illustrative reference topology (time-scoped)
 _Label: **Illustrative — as of 2026-Q1**. Per [NON_GOALS.md](NON_GOALS.md) §4, this is not an immutable enterprise diagram; update when VMIDs/FQDNs change._
 ```
                    [ Internet / VPN ]
                            |
                     NPMplus / Edge
                            |
        +-------------------+-------------------+
        |                   |                   |
  sankofa.nexus      phoenix.sankofa.nexus   api.smoa… (example)
  (Portal 7801)      (Phoenix API 7800)      (SMOA edge LXC — see SMOA repo)
        |                   |                   |
   Keycloak 7802       GraphQL / health         SMOA API / DB (LXC)
        |
   PostgreSQL 7803
        |
  [Optional: Complete Credential / eIDAS connector — dedicated LXC; not on Phoenix VMIDs]
 ```
 **SMOA** Proxmox LXC layout (edge, API, DB, optional TURN/signal): see **SMOA** repository `backend/docs/LXC-PROXMOX-CONTAINERS.md` (not duplicated here).
 **Complete Credential / eIDAS connector:** register in [public-sector-program-manifest.json](../../config/public-sector-program-manifest.json) and deploy per [COMPLETE_CREDENTIAL_EIDAS_PROGRAM_REPOS.md](../11-references/COMPLETE_CREDENTIAL_EIDAS_PROGRAM_REPOS.md).
 ---
 ## Regulatory-aligned defaults (summary)
 1. **Credential / connector deployment:** isolate by **legal controller** and **jurisdiction** for qualified or sensitive PII; use **Profile B** when in doubt.
 2. **Service catalog:** **entitlements** tied to **contracts / purchase orders** before automated public payment rails; same **SKU** model can later attach **e-invoicing / payment**.
 3. **SMOA APK:** prefer **MDM / managed distribution** for production public-sector devices; public download only for **pilot / low classification** with explicit scope.
 ---
 ## Known technical gaps (tracked)
 | ID | Gap | Mitigation owner |
 |----|-----|------------------|
 | G1 | SMOA eIDAS: QTSP, EU trust lists, qualified timestamping — **partial** in evidence doc | SMOA + legal + QTSP partnership |
 | G2 | Phoenix: **billing** in EXPECTED_WEB_CONTENT is **roadmap**, not implemented | Phoenix product + procurement counsel |
 | G3 | **proxmox** repo does not contain Complete Credential source | Use manifest + sibling clone; deploy via runbook |
 | G4 | Terminology: **wallet** in DeFi docs vs **credential app** in gov context | Use this doc + review gov-facing PDFs |
 | G5 | Single **sovereign reference diagram** in one place | This file + SERVICE_DESCRIPTIONS VM table; refresh quarterly |
 ---
 ## Review cadence
 - **Quarterly** or when VMID/DNS/procurement model changes: update manifest FQDN hints and this diagram note.
 - **After** QTSP or national eID milestone: update G1 and external-facing assurance statements.
--- a/docs/02-architecture/SERVICE_DESCRIPTIONS.md
+++ b/docs/02-architecture/SERVICE_DESCRIPTIONS.md
@@ -1,6 +1,6 @@
 # Sankofa Services - Service Descriptions
-**Last Updated:** 2026-01-31
+**Last Updated:** 2026-03-25
 **Status:** Active Documentation
 ---
@@ -53,6 +53,8 @@ This document describes the purpose and function of each service in the Sankofa
  - GraphQL WebSocket: `/graphql-ws`
  - Health: `/health`
 **Cross-reference:** Public-sector tenancy, **service catalog vs marketing** boundaries, and **SMOA / Complete Credential** repo pointers: [PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md](PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md), [../11-references/COMPLETE_CREDENTIAL_EIDAS_PROGRAM_REPOS.md](../11-references/COMPLETE_CREDENTIAL_EIDAS_PROGRAM_REPOS.md), [../../config/public-sector-program-manifest.json](../../config/public-sector-program-manifest.json).
 ---
 ### 3. SolaceScanScout (Explorer)
--- a/docs/03-deployment/ADD_LIQUIDITY_PMM_CHAIN138_RUNBOOK.md
+++ b/docs/03-deployment/ADD_LIQUIDITY_PMM_CHAIN138_RUNBOOK.md
@@ -1,5 +1,7 @@
 # Add Liquidity to PMM Pools (Chain 138) — Runbook
 > Historical note (2026-03-26): this runbook originated during the earlier three-pool PMM phase. Current canonical Chain 138 PMM addresses are `DODOPMMIntegration=0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d` and `DODOPMMProvider=0x5CAe6Ce155b7f08D3a956F5Dc82fC9945f29B381`.
 **Purpose:** Add base/quote liquidity to the three DODO PMM pools on Chain 138 (cUSDT/cUSDC, cUSDT/USDT, cUSDC/USDC).
 **Prerequisites:**
@@ -36,9 +38,9 @@ Add or set in `smom-dbis-138/.env`:
 ```bash
 # Pool addresses (from PRE_DEPLOYMENT_CHECKLIST / create-all-pmm-pools-chain138.sh)
-POOL_CUSDTCUSDC=0x9fcB06Aa1FD5215DC0E91Fd098aeff4B62fEa5C8
+POOL_CUSDTCUSDC=0xff8d3b8fDF7B112759F076B69f4271D4209C0849
-POOL_CUSDTUSDT=0xa3Ee6091696B28e5497b6F491fA1e99047250c59
+POOL_CUSDTUSDT=0x6fc60DEDc92a2047062294488539992710b99D71
-POOL_CUSDCUSDC=0x90bd9Bf18Daa26Af3e814ea224032d015db58Ea5
+POOL_CUSDCUSDC=0x9f74Be42725f2Aa072a9E0CdCce0E7203C510263
 # Amounts in base units (6 decimals): 1M tokens = 1000000000000
 ADD_LIQUIDITY_BASE_AMOUNT=1000000000000
--- a/docs/03-deployment/CALIPER_CHAIN138_PERF_HOOK.md
+++ b/docs/03-deployment/CALIPER_CHAIN138_PERF_HOOK.md
@@ -0,0 +1,23 @@
 # Caliper performance hook — Chain 138 (Besu)
 **Last updated:** 2026-03-28  
 **Purpose:** Satisfy [dbis_chain_138_technical_master_plan.md](../../dbis_chain_138_technical_master_plan.md) Section 14 without vendoring Caliper into this repository.
 ## Approach
 1. Use upstream [Hyperledger Caliper](https://github.com/hyperledger/caliper) (npm package `/@hyperledger/caliper-cli`).
 2. Create a **separate** working directory (or CI job) with:
   - `networkconfig.json` pointing `url` to Chain 138 HTTP RPC (prefer an isolated load-test node, not production public RPC).
   - `benchmarks/` with a minimal `read` workload (`eth_blockNumber`, `eth_getBlockByNumber`) before write-heavy contracts.
 3. Run: `npx caliper launch manager --caliper-workspace . --caliper-networkconfig networkconfig.json --caliper-benchconfig benchmarks/config.yaml`
 4. Archive results (HTML/JSON) next to Phase 1 discovery reports if desired: `reports/phase1-discovery/` or `reports/caliper/`.
 ## Safety
 - Use **low** transaction rates first; Besu validators and RPC tier are production assets.
 - Do not point Caliper at **validator** JSON-RPC ports; use **RPC tier** only.
 - Align gas and chain ID with `smom-dbis-138/.env` and [DEPLOYMENT_ORDER_OF_OPERATIONS.md](DEPLOYMENT_ORDER_OF_OPERATIONS.md).
 ## Wrapper
 `bash scripts/verify/print-caliper-chain138-stub.sh` prints this path and suggested env vars (no network I/O).
--- a/docs/03-deployment/CHAIN138_AUTOMATION_SCRIPTS.md
+++ b/docs/03-deployment/CHAIN138_AUTOMATION_SCRIPTS.md
@@ -218,10 +218,10 @@ If configuration files are missing:
 ## Related Documentation
- [Next Steps](../archive/historical/CHAIN138_NEXT_STEPS.md)
+- [DEPLOYMENT_ORDER_OF_OPERATIONS.md](DEPLOYMENT_ORDER_OF_OPERATIONS.md)
 - [Missing Containers List](MISSING_CONTAINERS_LIST.md)
 - [JWT Authentication Requirements](../04-configuration/CHAIN138_JWT_AUTH_REQUIREMENTS.md)
- [Complete Implementation](../archive/completion/CHAIN138_COMPLETE_IMPLEMENTATION.md)
+- [CHAIN138_BESU_CONFIGURATION.md](../06-besu/CHAIN138_BESU_CONFIGURATION.md) · [CONTRACT_NEXT_STEPS_LIST.md](../11-references/CONTRACT_NEXT_STEPS_LIST.md)
 ---
--- a/docs/03-deployment/CHAIN138_OFFICIAL_STABLE_BLOCKER_REMOVAL_PATH.md
+++ b/docs/03-deployment/CHAIN138_OFFICIAL_STABLE_BLOCKER_REMOVAL_PATH.md
@@ -0,0 +1,152 @@
 # Chain 138 Official Stable Blocker Removal Path
 **Purpose:** Remove the last local PMM blocker on Chain 138 by replacing stale placeholder addresses with live quote-side ERC-20 contracts and then redeploying the integration against them.
 ---
 ## 1. The blocker, stated plainly
 The current local PMM path for:
 - `cUSDT / USDT`
 - `cUSDC / USDC`
 is blocked because the integration is wired to addresses that are **not live ERC-20 contracts on Chain 138**.
 That means:
 - the pools may exist in metadata
 - the integration can still report those addresses
 - but liquidity add and swap flows will fail locally because the quote-side token has no bytecode
 ---
 ## 2. What is real in the repo today
 ### Live on Chain 138
 - `cUSDT`
 - `cUSDC`
 - `cXAUC`
 - `cXAUT`
 - `DODOPMMIntegration`
 - live funded `cUSDT / cUSDC`
 - live funded XAU-side pools
 ### Not present as live local ERC-20s
 - a real local `USDT` contract for Chain 138 official-pair PMM use
 - a real local `USDC` contract for Chain 138 official-pair PMM use
 ### Not valid for this PMM blocker
 - `MainnetTether.sol`
  - this is a state anchor, not an ERC-20 token
 - `StablecoinReserveVault.sol`
  - this is for mainnet reserve custody/redemption, not a local Chain 138 quote token
 ---
 ## 3. Exact contract/deploy path
 ### Step 1. Deploy local Chain 138 quote-side mirrors
 Deploy these contracts:
 - [OfficialStableMirrorToken.sol](/home/intlc/projects/proxmox/smom-dbis-138/contracts/tokens/OfficialStableMirrorToken.sol)
 - [DeployOfficialUSDT138.s.sol](/home/intlc/projects/proxmox/smom-dbis-138/script/DeployOfficialUSDT138.s.sol)
 - [DeployOfficialUSDC138.s.sol](/home/intlc/projects/proxmox/smom-dbis-138/script/DeployOfficialUSDC138.s.sol)
 These tokens are:
 - lightweight ERC-20s
 - 6 decimals
 - owner-mintable
 - meant only to provide live local quote-side assets for Chain 138 PMM pools
 They are intentionally separate from the compliant token layer.
 ### Step 2. Persist live addresses
 Write these into `smom-dbis-138/.env`:
 ```bash
 OFFICIAL_USDT_ADDRESS=0x...
 OFFICIAL_USDC_ADDRESS=0x...
 ```
 ### Step 3. Redeploy PMM integration against the live local quote assets
 Use:
 - [DeployDODOPMMIntegration.s.sol](/home/intlc/projects/proxmox/smom-dbis-138/script/dex/DeployDODOPMMIntegration.s.sol)
 Important: this deploy script no longer falls back to stale hardcoded Chain 138 addresses. The operator must supply real addresses explicitly through env.
 ### Step 4. Create the stable pools on the new integration
 Use:
 - [CreateCUSDTUSDTPool.s.sol](/home/intlc/projects/proxmox/smom-dbis-138/script/dex/CreateCUSDTUSDTPool.s.sol)
 - [CreateCUSDCUSDCPool.s.sol](/home/intlc/projects/proxmox/smom-dbis-138/script/dex/CreateCUSDCUSDCPool.s.sol)
 - [CreateCUSDTCUSDCPool.s.sol](/home/intlc/projects/proxmox/smom-dbis-138/script/dex/CreateCUSDTCUSDCPool.s.sol)
 ### Step 5. Fund in this order
 1. `cUSDT / cUSDC`
 2. `cUSDT / USDT`
 3. `cUSDC / USDC`
 Use:
 - [AddLiquidityPMMPoolsChain138.s.sol](/home/intlc/projects/proxmox/smom-dbis-138/script/dex/AddLiquidityPMMPoolsChain138.s.sol)
 ---
 ## 4. Verification gates
 Before PMM redeploy:
 ```bash
 cast code "$OFFICIAL_USDT_ADDRESS" --rpc-url "$RPC_URL_138"
 cast code "$OFFICIAL_USDC_ADDRESS" --rpc-url "$RPC_URL_138"
 cast call "$OFFICIAL_USDT_ADDRESS" "symbol()(string)" --rpc-url "$RPC_URL_138"
 cast call "$OFFICIAL_USDC_ADDRESS" "symbol()(string)" --rpc-url "$RPC_URL_138"
 ```
 After PMM redeploy:
 ```bash
 cast call "$DODO_PMM_INTEGRATION_ADDRESS" "officialUSDT()(address)" --rpc-url "$RPC_URL_138"
 cast call "$DODO_PMM_INTEGRATION_ADDRESS" "officialUSDC()(address)" --rpc-url "$RPC_URL_138"
 ```
 After pool creation:
 ```bash
 cast call "$DODO_PMM_INTEGRATION_ADDRESS" "pools(address,address)(address)" \
  "$COMPLIANT_USDT_ADDRESS" "$OFFICIAL_USDT_ADDRESS" --rpc-url "$RPC_URL_138"
 cast call "$DODO_PMM_INTEGRATION_ADDRESS" "pools(address,address)(address)" \
  "$COMPLIANT_USDC_ADDRESS" "$OFFICIAL_USDC_ADDRESS" --rpc-url "$RPC_URL_138"
 ```
 After funding:
 ```bash
 cast call "$OFFICIAL_USDT_ADDRESS" "balanceOf(address)(uint256)" "$POOL_CUSDTUSDT" --rpc-url "$RPC_URL_138"
 cast call "$OFFICIAL_USDC_ADDRESS" "balanceOf(address)(uint256)" "$POOL_CUSDCUSDC" --rpc-url "$RPC_URL_138"
 ```
 ---
 ## 5. Recommendation
 The safe path is:
 1. stop relying on the stale Chain 138 placeholder addresses
 2. deploy explicit local quote-side mirror tokens
 3. redeploy PMM integration using those real local token addresses
 4. create and fund the stable pools
 That is the narrowest change that removes the blocker without redefining the compliant token layer or pretending a non-existent Chain 138 official stable already exists.
--- a/docs/03-deployment/CHAIN138_PMM_REDEPLOY_AND_POOL_FUNDING_RUNBOOK.md
+++ b/docs/03-deployment/CHAIN138_PMM_REDEPLOY_AND_POOL_FUNDING_RUNBOOK.md
@@ -0,0 +1,475 @@
 # Chain 138 PMM Redeploy and Pool Funding Runbook
 **Purpose:** Execute the live on-chain PMM remediation and funding sequence on Chain 138 in the correct order:
 1. deploy live Chain 138 quote-side `USDT` and `USDC` ERC-20 mirror tokens  
 2. redeploy `DODOPMMIntegration` with those live Chain 138 official stable addresses  
 3. recreate the usable public stable pools on the new integration  
 4. create public XAU pools using `cXAUC` or `cXAUT` as the Chain 138 XAU anchor  
 5. deploy the `PrivatePoolRegistry` and register the XAU private stabilization pools  
 6. fund the pools in the correct order
 **Primary chain:** Chain 138  
 **Operator requirement:** deployer EOA with `PRIVATE_KEY`, gas, and the required token balances / mint authority.
 ---
 ## 0. Preconditions
 ### 0.1 Required environment
 From `smom-dbis-138/.env`:
 ```bash
 PRIVATE_KEY=0x...
 RPC_URL_138=http://...
 DODO_VENDING_MACHINE_ADDRESS=0x...
 COMPLIANT_USDT_ADDRESS=0x93E66202A11B1772E55407B32B44e5Cd8eda7f22
 COMPLIANT_USDC_ADDRESS=0xf22258f57794CC8E06237084b353Ab30fFfa640b
 OFFICIAL_USDT_ADDRESS=0x...
 OFFICIAL_USDC_ADDRESS=0x...
 ```
 ### 0.2 XAU anchor selection
 Choose one Chain 138 XAU anchor for the PMM and private stabilization pools:
 ```bash
 # Preferred default
 XAU_ADDRESS_138=0x290E52a8819A4fbD0714E517225429aA2B70EC6b   # cXAUC
 # Optional alternate
 CXAUT_ADDRESS_138=0x94e408E26c6FD8F4ee00b54dF19082FDA07dC96E  # cXAUT
 ```
 If `XAU_ADDRESS_138` is unset, the scripts default to `cXAUC` on Chain 138.
 ### 0.3 Stop conditions
 Stop immediately if any of these checks fail:
 ```bash
 cd /home/intlc/projects/proxmox/smom-dbis-138
 source .env
 cast wallet address "$PRIVATE_KEY"
 cast code "$DODO_VENDING_MACHINE_ADDRESS" --rpc-url "$RPC_URL_138"
 cast code "$COMPLIANT_USDT_ADDRESS" --rpc-url "$RPC_URL_138"
 cast code "$COMPLIANT_USDC_ADDRESS" --rpc-url "$RPC_URL_138"
 cast code "$OFFICIAL_USDT_ADDRESS" --rpc-url "$RPC_URL_138"
 cast code "$OFFICIAL_USDC_ADDRESS" --rpc-url "$RPC_URL_138"
 cast code "${XAU_ADDRESS_138:-0x290E52a8819A4fbD0714E517225429aA2B70EC6b}" --rpc-url "$RPC_URL_138"
 ```
 Expected result: each `cast code` returns non-empty bytecode.
 ### 0.4 Important blocker note
 Do **not** use the historical placeholder addresses `0x15DF...` or `0xA0b8...` on Chain 138 unless `cast code` proves they are live ERC-20 contracts on Chain 138.
 The local PMM integration requires live quote-side ERC-20s on Chain 138. If `OFFICIAL_USDT_ADDRESS` and `OFFICIAL_USDC_ADDRESS` have no bytecode, deploy the local mirror tokens first.
 ---
 ## 1. Snapshot the current state
 Record the current integration and pool state before redeploying:
 ```bash
 cd /home/intlc/projects/proxmox/smom-dbis-138
 source .env
 echo "Current integration: ${DODO_PMM_INTEGRATION_ADDRESS:-${DODO_PMM_INTEGRATION:-unset}}"
 echo "Current cUSDT/cUSDC pool: ${POOL_CUSDTCUSDC:-unset}"
 echo "Current cUSDT/USDT pool: ${POOL_CUSDTUSDT:-unset}"
 echo "Current cUSDC/USDC pool: ${POOL_CUSDCUSDC:-unset}"
 ```
 If the current integration exists, record its immutable token addresses:
 ```bash
 INT="${DODO_PMM_INTEGRATION_ADDRESS:-${DODO_PMM_INTEGRATION:-}}"
 [ -n "$INT" ] && cast call "$INT" "officialUSDT()(address)" --rpc-url "$RPC_URL_138"
 [ -n "$INT" ] && cast call "$INT" "officialUSDC()(address)" --rpc-url "$RPC_URL_138"
 ```
 ---
 ## 1. Deploy the Chain 138 official stable mirrors
 Deploy the local quote-side assets first. These are lightweight ERC-20 mirrors used only to unblock local PMM pools on Chain 138.
 ```bash
 cd /home/intlc/projects/proxmox/smom-dbis-138
 source .env
 forge script script/DeployOfficialUSDT138.s.sol:DeployOfficialUSDT138 \
  --rpc-url "$RPC_URL_138" \
  --broadcast \
  --private-key "$PRIVATE_KEY" \
  --with-gas-price "${GAS_PRICE_138:-1000000000}" \
  --legacy \
  -vv
 forge script script/DeployOfficialUSDC138.s.sol:DeployOfficialUSDC138 \
  --rpc-url "$RPC_URL_138" \
  --broadcast \
  --private-key "$PRIVATE_KEY" \
  --with-gas-price "${GAS_PRICE_138:-1000000000}" \
  --legacy \
  -vv
 ```
 Persist the deployed addresses into `.env`:
 ```bash
 OFFICIAL_USDT_ADDRESS=0x...
 OFFICIAL_USDC_ADDRESS=0x...
 ```
 Verify both:
 ```bash
 cast code "$OFFICIAL_USDT_ADDRESS" --rpc-url "$RPC_URL_138"
 cast code "$OFFICIAL_USDC_ADDRESS" --rpc-url "$RPC_URL_138"
 cast call "$OFFICIAL_USDT_ADDRESS" "symbol()(string)" --rpc-url "$RPC_URL_138"
 cast call "$OFFICIAL_USDC_ADDRESS" "symbol()(string)" --rpc-url "$RPC_URL_138"
 ```
 Expected result:
 - both return non-empty bytecode
 - symbols return `USDT` and `USDC`
 ---
 ## 2. Redeploy PMM integration on Chain 138
 This step creates a fresh `DODOPMMIntegration` using the corrected Chain 138 official stable addresses.
 ```bash
 cd /home/intlc/projects/proxmox/smom-dbis-138
 source .env
 forge script script/dex/DeployDODOPMMIntegration.s.sol:DeployDODOPMMIntegration \
  --rpc-url "$RPC_URL_138" \
  --broadcast \
  --private-key "$PRIVATE_KEY" \
  --with-gas-price "${GAS_PRICE_138:-1000000000}" \
  --legacy \
  -vv
 ```
 After deployment, update `.env` with the new integration address:
 ```bash
 DODO_PMM_INTEGRATION_ADDRESS=0x...
 DODO_PMM_INTEGRATION=0x...
 ```
 Verify the new immutables:
 ```bash
 INT="${DODO_PMM_INTEGRATION_ADDRESS:-${DODO_PMM_INTEGRATION:-}}"
 cast call "$INT" "officialUSDT()(address)" --rpc-url "$RPC_URL_138"
 cast call "$INT" "officialUSDC()(address)" --rpc-url "$RPC_URL_138"
 cast call "$INT" "compliantUSDT()(address)" --rpc-url "$RPC_URL_138"
 cast call "$INT" "compliantUSDC()(address)" --rpc-url "$RPC_URL_138"
 ```
 Expected result:
 - `officialUSDT` = the live `OFFICIAL_USDT_ADDRESS` you just deployed or verified
 - `officialUSDC` = the live `OFFICIAL_USDC_ADDRESS` you just deployed or verified
 ---
 ## 3. Create the corrected public stable pools
 Create the three public PMM pools on the **new** integration:
 ```bash
 cd /home/intlc/projects/proxmox/smom-dbis-138
 source .env
 forge script script/dex/CreateCUSDTCUSDCPool.s.sol:CreateCUSDTCUSDCPool \
  --rpc-url "$RPC_URL_138" --broadcast --private-key "$PRIVATE_KEY" --with-gas-price "${GAS_PRICE_138:-1000000000}" -vv
 forge script script/dex/CreateCUSDTUSDTPool.s.sol:CreateCUSDTUSDTPool \
  --rpc-url "$RPC_URL_138" --broadcast --private-key "$PRIVATE_KEY" --with-gas-price "${GAS_PRICE_138:-1000000000}" -vv
 forge script script/dex/CreateCUSDCUSDCPool.s.sol:CreateCUSDCUSDCPool \
  --rpc-url "$RPC_URL_138" --broadcast --private-key "$PRIVATE_KEY" --with-gas-price "${GAS_PRICE_138:-1000000000}" -vv
 ```
 Record the new pool addresses:
 ```bash
 INT="${DODO_PMM_INTEGRATION_ADDRESS:-${DODO_PMM_INTEGRATION:-}}"
 POOL_CUSDTCUSDC=$(cast call "$INT" "pools(address,address)(address)" \
  "$COMPLIANT_USDT_ADDRESS" "$COMPLIANT_USDC_ADDRESS" --rpc-url "$RPC_URL_138" | cast --to-addr)
 POOL_CUSDTUSDT=$(cast call "$INT" "pools(address,address)(address)" \
  "$COMPLIANT_USDT_ADDRESS" "$OFFICIAL_USDT_ADDRESS" --rpc-url "$RPC_URL_138" | cast --to-addr)
 POOL_CUSDCUSDC=$(cast call "$INT" "pools(address,address)(address)" \
  "$COMPLIANT_USDC_ADDRESS" "$OFFICIAL_USDC_ADDRESS" --rpc-url "$RPC_URL_138" | cast --to-addr)
 echo "$POOL_CUSDTCUSDC"
 echo "$POOL_CUSDTUSDT"
 echo "$POOL_CUSDCUSDC"
 ```
 Persist them into `.env`.
 ---
 ## 4. Create the public XAU pools
 Use the new public XAU script so the XAU side is explicit as `cXAUC` or `cXAUT`.
 ```bash
 cd /home/intlc/projects/proxmox/smom-dbis-138
 source .env
 forge script script/dex/CreatePublicXAUPoolsChain138.s.sol:CreatePublicXAUPoolsChain138 \
  --rpc-url "$RPC_URL_138" \
  --broadcast \
  --private-key "$PRIVATE_KEY" \
  --with-gas-price "${GAS_PRICE_138:-1000000000}" \
  --legacy \
  -vv
 ```
 Optional controls:
 ```bash
 CREATE_CUSDT_XAU=true
 CREATE_CUSDC_XAU=true
 CREATE_CEURT_XAU=true
 ```
 Verify the created public XAU pools:
 ```bash
 INT="${DODO_PMM_INTEGRATION_ADDRESS:-${DODO_PMM_INTEGRATION:-}}"
 XAU="${XAU_ADDRESS_138:-0x290E52a8819A4fbD0714E517225429aA2B70EC6b}"
 cast call "$INT" "pools(address,address)(address)" "$COMPLIANT_USDT_ADDRESS" "$XAU" --rpc-url "$RPC_URL_138"
 cast call "$INT" "pools(address,address)(address)" "$COMPLIANT_USDC_ADDRESS" "$XAU" --rpc-url "$RPC_URL_138"
 cast call "$INT" "pools(address,address)(address)" "0xdf4b71c61E5912712C1Bdd451416B9aC26949d72" "$XAU" --rpc-url "$RPC_URL_138"
 ```
 Persist the returned pool addresses if they are non-zero.
 ---
 ## 5. Deploy `PrivatePoolRegistry` and register private XAU pools
 ```bash
 cd /home/intlc/projects/proxmox/smom-dbis-138
 source .env
 forge script script/dex/DeployPrivatePoolRegistryAndPools.s.sol:DeployPrivatePoolRegistryAndPools \
  --rpc-url "$RPC_URL_138" \
  --broadcast \
  --private-key "$PRIVATE_KEY" \
  --with-gas-price "${GAS_PRICE_138:-1000000000}" \
  --legacy \
  -vv
 ```
 Record:
 ```bash
 PRIVATE_POOL_REGISTRY=0x...
 ```
 Verify registrations:
 ```bash
 REG="$PRIVATE_POOL_REGISTRY"
 XAU="${XAU_ADDRESS_138:-0x290E52a8819A4fbD0714E517225429aA2B70EC6b}"
 cast call "$REG" "getPool(address,address)(address)" "$COMPLIANT_USDT_ADDRESS" "$XAU" --rpc-url "$RPC_URL_138"
 cast call "$REG" "getPool(address,address)(address)" "$COMPLIANT_USDC_ADDRESS" "$XAU" --rpc-url "$RPC_URL_138"
 cast call "$REG" "getPool(address,address)(address)" "0xdf4b71c61E5912712C1Bdd451416B9aC26949d72" "$XAU" --rpc-url "$RPC_URL_138"
 ```
 ---
 ## 6. Fund the pools in the correct order
 ### 6.1 Funding order
 Fund in this order:
 1. `cUSDT / cUSDC`
 2. `cUSDT / USDT`
 3. `cUSDC / USDC`
 4. public XAU pools:
   - `cUSDT / XAU`
   - `cUSDC / XAU`
   - `cEURT / XAU`
 5. private stabilization pools last
 Reason:
 - `cUSDT/cUSDC` establishes the base compliant market first
 - official stable pools come next after the corrected addresses are live
 - XAU public pools should discover price before private stabilization paths are seeded
 ### 6.2 Mint compliant balances
 Mint the compliant side first:
 ```bash
 cd /home/intlc/projects/proxmox/smom-dbis-138
 source .env
 MINT_CUSDT_AMOUNT=2000000 \
 MINT_CUSDC_AMOUNT=2000000 \
 ./scripts/mint-for-liquidity.sh
 ```
 Mint additional compliant assets as needed:
 ```bash
 DEPLOYER=$(cast wallet address "$PRIVATE_KEY")
 cast send 0xdf4b71c61E5912712C1Bdd451416B9aC26949d72 \
  "mint(address,uint256)" "$DEPLOYER" 1000000000000 \
  --rpc-url "$RPC_URL_138" --private-key "$PRIVATE_KEY"
 ```
 ### 6.3 Acquire / verify non-mintable sides
 Before adding liquidity, confirm balances of:
 - `OFFICIAL_USDT_ADDRESS`
 - `OFFICIAL_USDC_ADDRESS`
 - `XAU_ADDRESS_138` (`cXAUC` or `cXAUT`)
 ```bash
 DEPLOYER=$(cast wallet address "$PRIVATE_KEY")
 cast call "$OFFICIAL_USDT_ADDRESS" "balanceOf(address)(uint256)" "$DEPLOYER" --rpc-url "$RPC_URL_138"
 cast call "$OFFICIAL_USDC_ADDRESS" "balanceOf(address)(uint256)" "$DEPLOYER" --rpc-url "$RPC_URL_138"
 cast call "${XAU_ADDRESS_138:-0x290E52a8819A4fbD0714E517225429aA2B70EC6b}" "balanceOf(address)(uint256)" "$DEPLOYER" --rpc-url "$RPC_URL_138"
 ```
 Do **not** proceed on a pool until both sides have sufficient balance.
 ### 6.4 Fund `cUSDT / cUSDC`
 Use the existing add-liquidity script first:
 ```bash
 export ADD_LIQUIDITY_CUSDTCUSDC_BASE=1000000000000
 export ADD_LIQUIDITY_CUSDTCUSDC_QUOTE=1000000000000
 forge script script/dex/AddLiquidityPMMPoolsChain138.s.sol:AddLiquidityPMMPoolsChain138 \
  --rpc-url "$RPC_URL_138" \
  --broadcast \
  --private-key "$PRIVATE_KEY" \
  --with-gas-price "${GAS_PRICE_138:-1000000000}" \
  -vv
 ```
 ### 6.5 Fund `cUSDT / USDT` and `cUSDC / USDC`
 Set per-pool liquidity amounts:
 ```bash
 export ADD_LIQUIDITY_CUSDTUSDT_BASE=1000000000000
 export ADD_LIQUIDITY_CUSDTUSDT_QUOTE=1000000000000
 export ADD_LIQUIDITY_CUSDCUSDC_BASE=1000000000000
 export ADD_LIQUIDITY_CUSDCUSDC_QUOTE=1000000000000
 ```
 Then run the same liquidity script:
 ```bash
 forge script script/dex/AddLiquidityPMMPoolsChain138.s.sol:AddLiquidityPMMPoolsChain138 \
  --rpc-url "$RPC_URL_138" \
  --broadcast \
  --private-key "$PRIVATE_KEY" \
  --with-gas-price "${GAS_PRICE_138:-1000000000}" \
  -vv
 ```
 ### 6.6 Fund public XAU pools
 For each public XAU pool:
 1. approve both tokens to the integration  
 2. call `addLiquidity(pool, baseAmount, quoteAmount)`
 Example for `cUSDT / XAU`:
 ```bash
 INT="${DODO_PMM_INTEGRATION_ADDRESS:-${DODO_PMM_INTEGRATION:-}}"
 XAU="${XAU_ADDRESS_138:-0x290E52a8819A4fbD0714E517225429aA2B70EC6b}"
 POOL=$(cast call "$INT" "pools(address,address)(address)" "$COMPLIANT_USDT_ADDRESS" "$XAU" --rpc-url "$RPC_URL_138" | cast --to-addr)
 cast send "$COMPLIANT_USDT_ADDRESS" "approve(address,uint256)" "$INT" 1000000000000 --rpc-url "$RPC_URL_138" --private-key "$PRIVATE_KEY"
 cast send "$XAU" "approve(address,uint256)" "$INT" 1000000000000 --rpc-url "$RPC_URL_138" --private-key "$PRIVATE_KEY"
 cast send "$INT" "addLiquidity(address,uint256,uint256)" "$POOL" 1000000000000 1000000000000 --rpc-url "$RPC_URL_138" --private-key "$PRIVATE_KEY"
 ```
 Repeat for:
 - `cUSDC / XAU`
 - `cEURT / XAU`
 ### 6.7 Seed private stabilization pools last
 Only after the public pools have been created and seeded:
 1. verify private registry entries exist  
 2. approve both sides  
 3. fund the corresponding private pool addresses with smaller initial depth than the public pools
 Use the same `addLiquidity(address,uint256,uint256)` pattern against the registered pool addresses.
 ---
 ## 7. Post-funding verification
 ### 7.1 Pool reserves
 ```bash
 cast call "$POOL_CUSDTCUSDC" "getVaultReserve()(uint256,uint256)" --rpc-url "$RPC_URL_138"
 cast call "$POOL_CUSDTUSDT" "getVaultReserve()(uint256,uint256)" --rpc-url "$RPC_URL_138"
 cast call "$POOL_CUSDCUSDC" "getVaultReserve()(uint256,uint256)" --rpc-url "$RPC_URL_138"
 ```
 Repeat for each XAU pool address.
 ### 7.2 Explorer alignment
 After successful execution, update:
 - [ADDRESS_MATRIX_AND_STATUS.md](../11-references/ADDRESS_MATRIX_AND_STATUS.md)
 - [DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md](../11-references/DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md)
 Also update the explorer pool inventory if new pool addresses were created.
 ---
 ## 8. Rollback / abort guidance
 Abort if any of the following occurs:
 - official token bytecode missing on 138
 - integration deployed with wrong immutables
 - pool creation returns zero or reverts unexpectedly
 - deployer lacks balance for either side of a target pool
 If the new integration is deployed but pool creation fails, stop there and do **not** fund the old incorrect pools.
 ---
 ## 9. References
 - [DeployDODOPMMIntegration.s.sol](../../smom-dbis-138/script/dex/DeployDODOPMMIntegration.s.sol)
 - [CreateCUSDTCUSDCPool.s.sol](../../smom-dbis-138/script/dex/CreateCUSDTCUSDCPool.s.sol)
 - [CreateCUSDTUSDTPool.s.sol](../../smom-dbis-138/script/dex/CreateCUSDTUSDTPool.s.sol)
 - [CreateCUSDCUSDCPool.s.sol](../../smom-dbis-138/script/dex/CreateCUSDCUSDCPool.s.sol)
 - [CreatePublicXAUPoolsChain138.s.sol](../../smom-dbis-138/script/dex/CreatePublicXAUPoolsChain138.s.sol)
 - [DeployPrivatePoolRegistryAndPools.s.sol](../../smom-dbis-138/script/dex/DeployPrivatePoolRegistryAndPools.s.sol)
 - [AddLiquidityPMMPoolsChain138.s.sol](../../smom-dbis-138/script/dex/AddLiquidityPMMPoolsChain138.s.sol)
 - [ADD_LIQUIDITY_PMM_CHAIN138_RUNBOOK.md](/home/intlc/projects/proxmox/docs/03-deployment/ADD_LIQUIDITY_PMM_CHAIN138_RUNBOOK.md)
--- a/docs/03-deployment/CHAIN138_XAU_POOL_STATUS_AND_PUBLIC_CREATION_PATH.md
+++ b/docs/03-deployment/CHAIN138_XAU_POOL_STATUS_AND_PUBLIC_CREATION_PATH.md
@@ -0,0 +1,247 @@
 # Chain 138 XAU Pool Status and Public Creation Path
 **Date:** 2026-03-26  
 **Scope:** Verify live private and public XAU pools on Chain 138 and record the exact creation/funding path used.
 ## Current live state
 ### Private XAU pools: live on-chain now
 Verified against:
 - `PrivatePoolRegistry`: `0xb27057B27db09e8Df353AF722c299f200519882A`
 - `cXAUC`: `0x290E52a8819A4fbD0714E517225429aA2B70EC6b`
 Registered private pools:
 - `cUSDT / cXAUC`
  - pool: `0x94316511621430423a2cff0C036902BAB4aA70c2`
 - `cUSDC / cXAUC`
  - pool: `0x7867D58567948e5b9908F1057055Ee4440de0851`
 - `cEURT / cXAUC`
  - pool: `0x505403093826D494983A93b43Aa0B8601078A44e`
 Code verification:
 - all three pool addresses return non-empty bytecode on Chain 138
 Observed reserves:
 - `cUSDT / cXAUC`
  - `cUSDT`: `2,666,965`
  - `cXAUC`: `519.477`
 - `cUSDC / cXAUC`
  - `cUSDC`: `1,000,000`
  - `cXAUC`: `194.782554`
 - `cEURT / cXAUC`
  - `cEURT`: `1,000,000`
  - `cXAUC`: `225.577676`
 ### Public XAU pools: now created and funded in the live PMM integration
 Verified against:
 - `DODOPMMIntegration`: `0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d`
 Current mapping state:
 - `pools(cUSDT, cXAUC) = 0x1AA55E2001E5651349AfF5A63FD7A7Ae44f0F1b0`
 - `pools(cUSDC, cXAUC) = 0xEA9Ac6357CaCB42a83b9082B870610363B177cBa`
 - `pools(cEURT, cXAUC) = 0xbA99bc1eAAC164569d5AcA96C806934DDaF970Cf`
 All three public pool addresses return non-empty bytecode on Chain 138.
 Observed public reserves:
 - `cUSDT / cXAUC`
  - `cUSDT`: `2,666,965`
  - `cXAUC`: `519.477`
 - `cUSDC / cXAUC`
  - `cUSDC`: `1,000,000`
  - `cXAUC`: `194.782554`
 - `cEURT / cXAUC`
  - `cEURT`: `1,000,000`
  - `cXAUC`: `225.577676`
 The explorer should now show these rows with:
 - real pool address
 - `Funded (live)`
 - notes derived from live integration mapping and reserves
 ## Exact creation and funding path used for the three public XAU pools
 ### 1. Preconditions
 Confirm the required contracts and tokens are already live:
 - `DODOPMMIntegration`: `0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d`
 - `cUSDT`: `0x93E66202A11B1772E55407B32B44e5Cd8eda7f22`
 - `cUSDC`: `0xf22258f57794CC8E06237084b353Ab30fFfa640b`
 - `cEURT`: `0xdf4b71c61E5912712C1Bdd451416B9aC26949d72`
 - `cXAUC`: `0x290E52a8819A4fbD0714E517225429aA2B70EC6b`
 Recommended env:
 ```bash
 export RPC_URL_138=http://192.168.11.211:8545
 export DODOPMM_INTEGRATION=0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d
 export COMPLIANT_USDT_ADDRESS=0x93E66202A11B1772E55407B32B44e5Cd8eda7f22
 export COMPLIANT_USDC_ADDRESS=0xf22258f57794CC8E06237084b353Ab30fFfa640b
 export cEURT_ADDRESS_138=0xdf4b71c61E5912712C1Bdd451416B9aC26949d72
 export XAU_ADDRESS_138=0x290E52a8819A4fbD0714E517225429aA2B70EC6b
 ```
 ### 2. Create the public XAU pools
 Use the existing script:
 - [CreatePublicXAUPoolsChain138.s.sol](../../smom-dbis-138/script/dex/CreatePublicXAUPoolsChain138.s.sol)
 Run:
 ```bash
 cd /home/intlc/projects/proxmox/smom-dbis-138
 source .env
 forge script script/dex/CreatePublicXAUPoolsChain138.s.sol:CreatePublicXAUPoolsChain138 \
  --rpc-url "$RPC_URL_138" \
  --broadcast \
  --private-key "$PRIVATE_KEY" \
  --with-gas-price "${GAS_PRICE_138:-1000000000}" \
  --legacy \
  -vv
 ```
 Optional toggles:
 ```bash
 export CREATE_CUSDT_XAU=true
 export CREATE_CUSDC_XAU=true
 export CREATE_CEURT_XAU=true
 ```
 ### 3. Verify creation immediately
 ```bash
 INT="${DODOPMM_INTEGRATION:-$DODOPMM_INTEGRATION_ADDRESS}"
 XAU="${XAU_ADDRESS_138:-0x290E52a8819A4fbD0714E517225429aA2B70EC6b}"
 cast call "$INT" "pools(address,address)(address)" "$COMPLIANT_USDT_ADDRESS" "$XAU" --rpc-url "$RPC_URL_138"
 cast call "$INT" "pools(address,address)(address)" "$COMPLIANT_USDC_ADDRESS" "$XAU" --rpc-url "$RPC_URL_138"
 cast call "$INT" "pools(address,address)(address)" "0xdf4b71c61E5912712C1Bdd451416B9aC26949d72" "$XAU" --rpc-url "$RPC_URL_138"
 ```
 Each result should now be a non-zero pool address.
 Persist them into `.env` or the relevant operator notes.
 ### 4. Public pool addresses created
 - `cUSDT / cXAUC`
  - pool: `0x1AA55E2001E5651349AfF5A63FD7A7Ae44f0F1b0`
  - create tx: `0xb38df32e7f51cff2ec283aa70ebf0e98b195721efa58d9b0a6e1df7fb55c05a1`
 - `cUSDC / cXAUC`
  - pool: `0xEA9Ac6357CaCB42a83b9082B870610363B177cBa`
  - create tx: `0xae16081faf9762500d14883be814393695d6a854afe84c9c1521ec5486babe23`
 - `cEURT / cXAUC`
  - pool: `0xbA99bc1eAAC164569d5AcA96C806934DDaF970Cf`
  - create tx: `0x1adaca76b3e34acd0807d5e11e334dd773b2146e4aeb45d67d5a54c1934d0e55`
 ## Exact funding path for the public XAU pools
 ### 5. Funding order
 Fund public XAU pools before changing private stabilization depth:
 1. `cUSDT / cXAUC`
 2. `cUSDC / cXAUC`
 3. `cEURT / cXAUC`
 4. only then revisit private stabilization depth if needed
 ### 6. Funding method
 The public XAU pools use the same PMM integration liquidity path:
 1. approve both tokens to `DODOPMMIntegration`
 2. call `addLiquidity(pool, baseAmount, quoteAmount)`
 Example for `cUSDT / cXAUC`:
 ```bash
 INT="${DODOPMM_INTEGRATION:-$DODOPMM_INTEGRATION_ADDRESS}"
 XAU="${XAU_ADDRESS_138:-0x290E52a8819A4fbD0714E517225429aA2B70EC6b}"
 POOL=$(cast call "$INT" "pools(address,address)(address)" "$COMPLIANT_USDT_ADDRESS" "$XAU" --rpc-url "$RPC_URL_138" | cast --to-addr)
 cast send "$COMPLIANT_USDT_ADDRESS" "approve(address,uint256)" "$INT" 1000000000000 --rpc-url "$RPC_URL_138" --private-key "$PRIVATE_KEY"
 cast send "$XAU" "approve(address,uint256)" "$INT" 1000000000000 --rpc-url "$RPC_URL_138" --private-key "$PRIVATE_KEY"
 cast send "$INT" "addLiquidity(address,uint256,uint256)" "$POOL" 1000000000000 1000000000000 --rpc-url "$RPC_URL_138" --private-key "$PRIVATE_KEY"
 ```
 Repeat the same pattern for:
 - `cUSDC / cXAUC`
 - `cEURT / cXAUC`
 ### 7. Funding completed
 Successful funding transactions:
 - `cUSDT / cXAUC`
  - fund tx: `0x7e00ec7a97fada7a9c238638bc019c6755feeb68be06c4b69e519b0eec6dd3b6`
  - final reserves: `2,666,965 cUSDT / 519.477 cXAUC`
 - `cUSDC / cXAUC`
  - fund tx: `0x87ec3a710dfb785de6adaa4f191440cd4968e090c0afb1f21ba02c8e0501f7eb`
  - final reserves: `1,000,000 cUSDC / 194.782554 cXAUC`
 - `cEURT / cXAUC`
  - fund tx: `0x995b785ab49f0ffc8f782a7d573259cf09fc57176d4fae19c1f6b274712e9e93`
  - final reserves: `1,000,000 cEURT / 225.577676 cXAUC`
 Supporting approvals:
 - `cXAUC` approval: `0xd194c80b8246816ef88141736eb17dece478183b37053cfbe1fffd6efe2abc99`
 - `cEURT` approval: `0x922d530cd65fdd139ff4e8c43a219b254d0c3df4e461a45f02f7832205735983`
 ### 8. Suggested bootstrap amounts
 Use the same scale already proven on the private side unless treasury wants a different public depth target.
 Reasonable bootstrap examples:
 - `cUSDT / cXAUC`
  - base: `1,000,000e6`
  - quote: `200e6` to `500e6` depending on desired starting depth
 - `cUSDC / cXAUC`
  - base: `1,000,000e6`
  - quote: `150e6` to `250e6`
 - `cEURT / cXAUC`
  - base: `1,000,000e6`
  - quote: `200e6` to `250e6`
 Final quote-side amounts should be treasury/policy-driven. The exact `cXAUC` depth can be calibrated against the current private pool ratios if parity is desired.
 ## Post-funding verification
 After funding, verify:
 ```bash
 cast call "$COMPLIANT_USDT_ADDRESS" "balanceOf(address)(uint256)" "$POOL_CUSDT_XAU" --rpc-url "$RPC_URL_138"
 cast call "$COMPLIANT_USDC_ADDRESS" "balanceOf(address)(uint256)" "$POOL_CUSDC_XAU" --rpc-url "$RPC_URL_138"
 cast call "0xdf4b71c61E5912712C1Bdd451416B9aC26949d72" "balanceOf(address)(uint256)" "$POOL_CEURT_XAU" --rpc-url "$RPC_URL_138"
 cast call "$XAU" "balanceOf(address)(uint256)" "$POOL_CUSDT_XAU" --rpc-url "$RPC_URL_138"
 cast call "$XAU" "balanceOf(address)(uint256)" "$POOL_CUSDC_XAU" --rpc-url "$RPC_URL_138"
 cast call "$XAU" "balanceOf(address)(uint256)" "$POOL_CEURT_XAU" --rpc-url "$RPC_URL_138"
 ```
 Then verify the explorer `/pools` page shows:
 - real pool address
 - `Funded (live)`
 - a live note path derived from the integration mapping instead of the old `Not created` state
 ## References
 - [CreatePublicXAUPoolsChain138.s.sol](../../smom-dbis-138/script/dex/CreatePublicXAUPoolsChain138.s.sol)
 - [DeployPrivatePoolRegistryAndPools.s.sol](../../smom-dbis-138/script/dex/DeployPrivatePoolRegistryAndPools.s.sol)
 - [AddLiquidityPMMPoolsChain138.s.sol](../../smom-dbis-138/script/dex/AddLiquidityPMMPoolsChain138.s.sol)
 - [CHAIN138_PMM_REDEPLOY_AND_POOL_FUNDING_RUNBOOK.md](./CHAIN138_PMM_REDEPLOY_AND_POOL_FUNDING_RUNBOOK.md)
--- a/docs/03-deployment/CONTRACT_DEPLOYMENT_RUNBOOK.md
+++ b/docs/03-deployment/CONTRACT_DEPLOYMENT_RUNBOOK.md
@@ -179,6 +179,42 @@ Deployer must have `VAULT_DEPLOYER_ROLE` on VaultFactory. Each configured base t
 When Uniswap V3, Balancer, or DODO PMM pools exist on Chain 138 / 651940, configure the router and provider so on-chain quotes and swaps work.
 **Chain 138 dry-run helper (safe preflight):**
 ```bash
 cd smom-dbis-138
 bash scripts/deployment/dry-run-enhanced-swap-router-chain138.sh
 ```
 This helper loads `smom-dbis-138/.env`, verifies the minimum required env (`PRIVATE_KEY`, `RPC_URL_138`), prints the exact token/provider vars the deploy script will use, and shows the sourced non-broadcast `forge script` command for a safe Chain 138 dry-run. It also distinguishes "env preflight passed" from "router would actually be usable after deploy". The updated deploy script now preloads the live 2026-03-26 DODO pair map on Chain 138:
 - `cUSDT ↔ cUSDC`
 - `cUSDT ↔ USDT`
 - `cUSDC ↔ USDC`
 - `cUSDT ↔ cXAUC`
 - `cUSDC ↔ cXAUC`
 - `cEURT ↔ cXAUC`
 If provider env vars like `DODOEX_ROUTER`, `DODO_PMM_PROVIDER_ADDRESS`, `UNISWAP_V3_ROUTER`, `BALANCER_VAULT`, `CURVE_3POOL`, or `ONEINCH_ROUTER` are unset, the deploy script uses placeholders and disables those providers after deployment. This keeps the Chain 138 deployment honest: token-to-token DODO pairs are registered immediately, while `swapToStablecoin()` still requires real `WETH -> stable` routes before it is operational.
 For current Chain 138, prefer `DODO_PMM_PROVIDER_ADDRESS` when the deployed `DODOPMMProvider` is available. The router now supports that provider as its DODO backend on Chain 138. If neither `DODO_PMM_PROVIDER_ADDRESS` nor `DODOEX_ROUTER` is set, the router can still deploy and register the live pair map, but the DODO provider will be disabled and no DODO execution path will remain enabled.
 The dry-run helper also probes the live `DODOPMMProvider` over `RPC_URL_138` for `WETH -> stable` support. This is important because the current public/private PMM set is stable/stable and stable/XAU; `swapToStablecoin()` is still only operational when at least one live `WETH -> stable` route exists.
 To run the sourced non-broadcast Forge simulation directly from the helper:
 ```bash
 cd smom-dbis-138
 bash scripts/deployment/dry-run-enhanced-swap-router-chain138.sh --run
 ```
 You can increase visibility or the timeout if compilation/simulation is slow:
 ```bash
 cd smom-dbis-138
 bash scripts/deployment/dry-run-enhanced-swap-router-chain138.sh --run --timeout-seconds 180 --verbosity -vvv
 ```
 **EnhancedSwapRouter** (set by address with `ROUTING_MANAGER_ROLE`):
 | Config | Method | Env (optional) | When |
@@ -199,6 +235,8 @@ cd smom-dbis-138 && source .env
 **DODOPMMProvider:** Register existing DODO PMM pools so `getQuote` / `executeSwap` work. Address with `POOL_MANAGER_ROLE` calls `registerPool(tokenIn, tokenOut, pool)`.
 The corrected `RegisterDODOPools.s.sol` now reads `DODOPMMIntegration.getAllPools()` and `getPoolConfig(pool)` on-chain, then registers both directions for every discovered pool. That means it covers the current 2026-03-26 public live set and any future c* full-mesh pools already created in the integration. This is required because `DODOPMMProvider` stores routes as `pools[tokenIn][tokenOut]`. If the dry-run helper shows a documented live pair as missing, rerun this script before treating the provider as fully reconciled.
 ```bash
 # After DODO pool is deployed (e.g. cUSDT↔USDT)
 cast send "$DODO_PMM_PROVIDER_ADDRESS" "registerPool(address,address,address)" "<CUSDT>" "<USDT>" "<POOL_ADDRESS>" --rpc-url "$RPC_URL_138" --private-key "$PRIVATE_KEY" --gas-price 1000000000
--- a/docs/03-deployment/DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md
+++ b/docs/03-deployment/DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md
@@ -0,0 +1,61 @@
 # DBIS HYBX Sidecar Boundary Matrix
 **Last updated:** 2026-03-28  
 **Purpose:** Define the current boundary, role, and likely RTGS relevance of the HYBX sidecar repositories currently available in the local workspace. This is a repo-backed companion to the RTGS E2E requirements matrix.
 ## Interpretation
 - `Available locally` means the repository exists in `/home/intlc/projects/HYBX_Sidecars`.
 - `RTGS relevance` means whether the sidecar is likely part of the initial production RTGS slice, not whether it is interesting or strategically useful.
 - `Boundary frozen` means the sidecar has a sufficiently clear place in the RTGS architecture to be used in implementation planning.
 ## Matrix
 | Sidecar | Local repo state | Core purpose | Key internal modules / evidence | RTGS relevance | Boundary frozen? | Notes |
 |---------|------------------|--------------|----------------------------------|----------------|------------------|-------|
 | `mifos-fineract-sidecar` | Available locally | Compliance and settlement sidecar for Mifos/Fineract | `scsm-api`, `scsm-gateway`, `scsm-compliance`, `scsm-posting`, `scsm-fineract`, `scsm-settlement`, `scsm-reconciliation`, `scsm-audit`, `scsm-events`, `scsm-observability`, `scsm-app` | **High** | **Partial** | This is the strongest candidate for the canonical OMNL/HYBX RTGS sidecar because it already models compliance, posting, settlement, reconciliation, audit, and Fineract integration. |
 | `mt103-hardcopy-sidecar` | Available locally | MT-103 hardcopy ingest and deposit-envelope correlation | Go service with document/deposit/payload/submit flows | **Medium** | Partial | Useful for evidence/audit and documentary payment flows, but not necessarily a mandatory first-slice RTGS core dependency. |
 | `off-ledger-2-on-ledger-sidecar` | Available locally | XAU-collateralized off-ledger to on-ledger conversion | Collateral registry, orchestrator, ledger adapter, API plan | **High** | Partial | Strong candidate for the bridge between off-ledger payment events and on-ledger liquidity/settlement on Chain 138. |
 | `securitization-engine-sidecar` | Available locally | Regulatory accounting and securitization engine | Asset classification, risk/capital, accounting, securitization, reporting | **Medium** | Partial | Important for structured products, capital treatment, and reporting, but likely adjacent to core RTGS rather than in the narrowest first production slice. |
 | `card-networks-sidecar` | Available locally | Card auth, clearing, settlement, disputes | `cardnet-auth`, `cardnet-clearing`, `cardnet-fineract`, `cardnet-settlement`, `cardnet-reconciliation`, `cardnet-posting`, `cardnet-audit` | **Medium** | Partial | Highly relevant if card-network settlement is part of the DBIS/HYBX program; otherwise a later rail-specific extension. |
 | `server-funds-sidecar` | Available locally | Multi-rail transfers and settlement events | `funds-api`, `funds-transfers`, `funds-settlement`, `funds-reconciliation`, `funds-posting`, `funds-fineract` | **High** | Partial | Strong candidate for server-to-server treasury/funds movement and may be central if the RTGS program uses server-funds orchestration. |
 | `securities-sidecar` | Available locally | Securities instruction, settlement, and reconciliation | `securities-instruments`, `securities-instructions`, `securities-settlement`, `securities-reconciliation`, `securities-posting` | **Low/Medium** | Planned | More naturally a securities-settlement extension than a mandatory first RTGS slice. |
 | `flash-loan-xau-sidecar` | Available locally | Atomic XAU / LiXAU flash-loan flows | `xau-atomic`, `xau-settlement`, `xau-reconciliation`, `xau-posting` | **Low/Medium** | Planned | Valuable for specialized liquidity/XAU flows, but not required for the narrowest RTGS baseline. |
 ## Recommended first production slice
 For the narrowest credible RTGS implementation, the strongest initial sidecar candidates are:
 1. `mifos-fineract-sidecar`
 2. `server-funds-sidecar`
 3. `off-ledger-2-on-ledger-sidecar`
 Those three cover the most direct path across:
 - Fineract integration
 - compliance / posting / settlement / reconciliation
 - treasury/server-funds orchestration
 - off-ledger to on-ledger conversion
 ## Recommended later-phase sidecars
 - `mt103-hardcopy-sidecar`
 - `card-networks-sidecar`
 - `securitization-engine-sidecar`
 - `securities-sidecar`
 - `flash-loan-xau-sidecar`
 These should be added only when the RTGS program confirms those rails or reporting models are actually in scope.
 ## Boundary decisions still needed
 1. Which sidecar owns the canonical settlement orchestration record?
 2. Which sidecar owns final posting responsibility versus suggested-entry generation?
 3. Which sidecar emits the canonical event consumed by FireFly or on-chain settlement?
 4. Which sidecar is system-of-record versus adapter versus evidence generator?
 ## Related artifacts
 - [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md)
 - [GITEA_HYBX_ORGANIZATION_AND_REPOS.md](../11-references/GITEA_HYBX_ORGANIZATION_AND_REPOS.md)
 - [HYBX_BATCH_001_OPERATOR_CHECKLIST.md](../04-configuration/mifos-omnl-central-bank/HYBX_BATCH_001_OPERATOR_CHECKLIST.md)
--- a/docs/03-deployment/DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md
+++ b/docs/03-deployment/DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md
@@ -0,0 +1,98 @@
 # DBIS Hyperledger Identity Stack Decision
 **Last updated:** 2026-03-28  
 **Purpose:** Make the Aries / AnonCreds / Ursa decision path explicit for the DBIS RTGS program so these layers do not remain vague “maybe required” items.
 ## Current conclusion
 For the current DBIS RTGS program, the identity stack is **not yet frozen** beyond the placeholder Indy inventory. The repo and live environment do **not** currently prove:
 - a deployed Aries agent layer
 - a deployed AnonCreds issuance / verification flow
 - an explicit Ursa runtime dependency that operators must manage directly
 ## Recommended decision framework
 ### Option A — Minimal first production slice
 Use:
 - Chain 138 / Besu
 - FireFly primary
 - OMNL / Fineract
 - selected HYBX sidecars
 Do **not** require Aries / AnonCreds / Ursa in the first production slice.
 Use this option if:
 - the initial RTGS program does not require decentralized credential exchange
 - institution identity and compliance are satisfied through existing banking / regulatory processes
 - the team wants to avoid holding up settlement on unresolved identity-stack deployment work
 ### Option B — Identity-enhanced RTGS slice
 Include:
 - Aries agents
 - AnonCreds issuer / holder / verifier roles
 - Ursa-backed cryptographic path if required by the selected stack
 Use this option if:
 - the RTGS design requires verifiable credentials as a first-class runtime dependency
 - participant admission, authorization, or compliance checks depend on decentralized identity flows
 - DBIS wants credential verification to be part of the operational settlement path, not only a future capability
 ## Recommended default
 **Recommended default:** Option A for the first production slice.
 Reason:
 - Aries / AnonCreds / Ursa are not currently deployed or proven in this environment.
 - Requiring them now would expand the critical path materially.
 - The current gating problems are still in banking-rail orchestration and interoperability, not identity-agent runtime.
 ## What must be decided if Option B is chosen
 ### Aries
 - agent placement
 - wallet / DID model
 - mediation / routing model
 - protocol set used in production
 - operational ownership and observability
 ### AnonCreds
 - issuer role
 - holder role
 - verifier role
 - schema and credential-definition lifecycle
 - revocation model
 ### Ursa
 - whether it is an explicit operator-managed dependency
 - whether it is only an indirect library/runtime concern
 - what cryptographic controls or attestations it adds to the program
 ## Production-gate rule
 - If Option A is chosen:
  - Aries / AnonCreds / Ursa are marked `out of scope for first production slice`
  - they do not block first RTGS activation
 - If Option B is chosen:
  - none of them can stay as planning-only items
  - they must have:
    - deployment runbooks
    - runtime health checks
    - ownership
    - end-to-end validation
 ## Related artifacts
 - [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md)
 - [dbis_chain_138_technical_master_plan.md](../../dbis_chain_138_technical_master_plan.md)
 - [TODO_TASK_LIST_MASTER.md](../00-meta/TODO_TASK_LIST_MASTER.md)
--- a/docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md
+++ b/docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md
@@ -0,0 +1,68 @@
 # DBIS Hyperledger Runtime Status
 **Last Reviewed:** 2026-03-28  
 **Purpose:** Concise app-level status table for the non-Besu Hyperledger footprint currently hosted on Proxmox. This complements the VMID inventory and discovery runbooks by recording what was actually verified inside the running containers.
 ## Scope
 This document summarizes the latest operator verification for:
 - FireFly CTs: `6200`, `6201`
 - Fabric CTs: `6000`, `6001`, `6002`
 - Indy CTs: `6400`, `6401`, `6402`
 The checks were based on:
 - `pct status`
 - in-container process checks
 - in-container listener checks
 - FireFly API / Postgres / IPFS checks where applicable
 ## Current status table
 | VMID | Service family | CT status | App-level status | Listening ports / probe | Notes |
 |------|----------------|-----------|------------------|--------------------------|-------|
 | `6200` | FireFly primary | Running | Healthy minimal local gateway | `5000/tcp` FireFly API, `5432/tcp` Postgres, `5001/tcp` IPFS | `firefly-core` restored on `ghcr.io/hyperledger/firefly:v1.2.0`; `GET /api/v1/status` returned `200`; Postgres `pg_isready` passed; IPFS version probe passed |
 | `6201` | FireFly secondary | Stopped | Formally retired until rebuilt | None verified | CT exists in inventory, but the rootfs is effectively empty and no valid FireFly deployment footprint was found. Treat this as retired / standby metadata only until it is intentionally rebuilt as a real secondary node. |
 | `6000` | Fabric primary | Stopped | Reserved placeholder | None active | App-native checks found no active Fabric peer/orderer/couchdb processes, no expected listeners such as `7050` / `7051`, and no meaningful Fabric payload under `/opt`, `/etc`, or `/var`. The CT has now been stopped and retained only as a reserved placeholder. |
 | `6001` | Fabric secondary | Stopped | Reserved placeholder | None active | Same disposition as `6000`: no proven Fabric application payload or listeners, now stopped and reserved only as placeholder inventory. |
 | `6002` | Fabric tertiary | Stopped | Reserved placeholder | None active | Same disposition as `6000`: no proven Fabric application payload or listeners, now stopped and reserved only as placeholder inventory. |
 | `6400` | Indy primary | Stopped | Reserved placeholder | None active | App-native checks found no active Indy-related processes, no expected listeners such as `9701`-`9708`, and no meaningful Indy payload under `/opt`, `/etc`, or `/var`. The CT has now been stopped and retained only as a reserved placeholder. |
 | `6401` | Indy secondary | Stopped | Reserved placeholder | None active | Same disposition as `6400`: no proven Indy application payload or listeners, now stopped and reserved only as placeholder inventory. |
 | `6402` | Indy tertiary | Stopped | Reserved placeholder | None active | Same disposition as `6400`: no proven Indy application payload or listeners, now stopped and reserved only as placeholder inventory. |
 ## Interpretation
 ### Confirmed working now
 - FireFly primary (`6200`) is restored enough to provide a working local FireFly API backed by Postgres and IPFS.
 ### Present only as reserved placeholders right now
 - Fabric CTs (`6000`-`6002`)
 - Indy CTs (`6400`-`6402`)
 These should be described as reserved placeholder inventory only, not as active Fabric or Indy application nodes. Current app-native validation found no meaningful service payload, processes, or expected listeners inside those CTs, and they have now been stopped to match that reality.
 ### Not currently active
 - FireFly secondary (`6201`) should be treated as formally retired / standby metadata unless it is intentionally rebuilt and verified.
 ## Operational follow-up
 1. Keep `6200` under observation and preserve its working config/image path.
 2. Do not force `6201` online unless its intended role and deployment assets are re-established from scratch.
 3. For Fabric and Indy, the next step is no longer generic validation. It is either:
   - deploy real app payloads onto these reserved CTs and verify them, or
   - leave them stopped and classified as reserved placeholders rather than active DLT workloads.
 4. Any governance or architecture document should distinguish:
   - `deployed and app-healthy`
   - `container present only`
   - `planned / aspirational`
 ## Related artifacts
 - [docs/02-architecture/DBIS_NODE_ROLE_MATRIX.md](../02-architecture/DBIS_NODE_ROLE_MATRIX.md)
 - [docs/03-deployment/PHASE1_DISCOVERY_RUNBOOK.md](PHASE1_DISCOVERY_RUNBOOK.md)
 - [docs/03-deployment/DBIS_PHASE3_E2E_PRODUCTION_SIMULATION_RUNBOOK.md](DBIS_PHASE3_E2E_PRODUCTION_SIMULATION_RUNBOOK.md)
 - [dbis_chain_138_technical_master_plan.md](../../dbis_chain_138_technical_master_plan.md)
--- a/docs/03-deployment/DBIS_MOJALOOP_INTEGRATION_STATUS.md
+++ b/docs/03-deployment/DBIS_MOJALOOP_INTEGRATION_STATUS.md
@@ -0,0 +1,71 @@
 # DBIS Mojaloop Integration Status
 **Last updated:** 2026-03-28  
 **Purpose:** Record the current status of Mojaloop in the DBIS RTGS program so that the architecture does not imply a live switch integration that has not yet been evidenced in the repository or current environment.
 ## Current conclusion
 **Mojaloop is in scope as a target payments interoperability layer, but it is not yet evidenced as a live, repo-backed DBIS integration path in this workspace.**
 ## What is currently available
 - DBIS / OMNL / Fineract operator scripts and documentation
 - HYBX sidecar repositories
 - Chain 138 settlement baseline
 - RTGS planning artifacts that mention Mojaloop as a required integration category
 ## What is not yet evidenced
 - live Mojaloop switch endpoint URLs
 - live auth / credential model
 - callback contract for transfer state changes
 - quote / transfer / settlement-window payload mapping
 - a repo-backed Mojaloop runbook in this workspace
 - a confirmed mapping from Mojaloop transfer lifecycle to:
  - Fineract posting
  - HYBX sidecar orchestration
  - Chain 138 settlement confirmation
 ## Required inputs before implementation
 1. Exact Mojaloop environment(s) available to HYBX / DBIS
 2. Endpoint list:
   - quotes
   - transfers
   - parties
   - callbacks / notifications
   - settlement or hub-side reporting endpoints
 3. Auth model:
   - mTLS
   - bearer/token
   - header and signature requirements
 4. Canonical settlement semantics:
   - prefunded or net settlement
   - window / batch behavior
   - reversal rules
 5. Event ownership:
   - which system is source of truth for transfer state
   - which system triggers on-chain settlement
 ## Decision rule
 Until the above is available, Mojaloop should be treated as:
 - `Planned` in the RTGS matrix
 - `not yet a production blocker for the narrowest non-Mojaloop RTGS slice`
 - `a production blocker for any RTGS claim that explicitly includes Mojaloop interoperability`
 ## Next implementation steps
 1. Obtain the exact Mojaloop endpoint and auth contract currently available to HYBX.
 2. Create a DBIS/HYBX Mojaloop integration runbook in this repo.
 3. Freeze the message mapping between Mojaloop events and:
   - Fineract / OMNL journal events
   - HYBX sidecar events
   - Chain 138 settlement events
 4. Add a testable production gate row once a real endpoint contract exists.
 ## Related artifacts
 - [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md)
 - [TODO_TASK_LIST_MASTER.md](../00-meta/TODO_TASK_LIST_MASTER.md)
--- a/docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md
+++ b/docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md
@@ -0,0 +1,433 @@
 # DBIS OMNL → Indonesia / BNI E2E Integration Blueprint
 **Last updated:** 2026-03-29  
 **Purpose:** Detailed end-to-end integration blueprint for moving value from OMNL as central-bank / settlement authority to Indonesian beneficiary banks, with FX, correspondent banking, messaging, reconciliation, and optional Chain 138 settlement augmentation.
 ## 1. Scope
 This blueprint covers the full production path for:
 - OMNL as settlement and banking ledger authority
 - Indonesian beneficiary institutions such as Bank Kanaya and BNI-connected flows
 - FX conversion and revaluation
 - domestic and correspondent-bank settlement
 - HYBX sidecar orchestration
 - optional Chain 138 anchoring / settlement confirmation
 This document is intentionally broader than the current deployed slice. It defines everything required to make the system fully production-complete.
 ## 2. Participant model
 ### Mandatory participant classes
 1. **OMNL / central bank rail**
   - source of settlement authority
   - operator of Fineract ledger
   - owner of reserve, treasury, and reporting policy
 2. **HYBX / sidecar integration layer**
   - compliance
   - posting
   - settlement orchestration
   - reconciliation
   - audit package generation
 3. **Indonesian beneficiary bank**
   - Bank Kanaya in current repo-backed materials
   - BNI or BNI-connected domestic banking path for broader production rollout
 4. **Global correspondent / liquidity banks**
   - USD / EUR / multicurrency correspondents
   - nostro / vostro counterparties
   - statement and confirmation providers
 5. **Chain 138 settlement lane**
   - optional but strategically important if on-ledger finality is part of the regulated operating model
 6. **Depository / custody / liquidity-control layers**
   - depository / CSD role for asset-register and settlement-touch scenarios
   - global custodian role for safekeeping, statements, and asset servicing
   - FX pricing / dealing engine for rate ownership and booking policy
   - liquidity pooling and aggregation engine plus source adapters for funding decisions
 ## 3. Full end-to-end stages
 ### Stage 0 — Static setup
 Required before live value movement:
 - OMNL tenant and credentials frozen
 - participant offices created
 - beneficiary offices mapped
 - GL chart complete
 - FX reserve / revaluation accounts complete
 - FX pricing hierarchy and quote-locking policy frozen
 - liquidity source inventory and prioritization policy frozen
 - depository / custody operating model frozen for any in-scope asset-backed or safekeeping flow
 - payment types and maker-checker policy frozen
 - sidecar-to-Fineract auth contract frozen
 - external bank routing matrix frozen
 - regulatory package template frozen
 ### Stage 1 — Payment or settlement initiation
 Possible initiators:
 - OMNL treasury operator
 - HYBX sidecar
 - external banking system
 - Mojaloop switch if later included
 - ISO 20022 or MT gateway
 Required artifacts:
 - instruction id
 - end-to-end id
 - message id
 - correlation id
 - counterparty and beneficiary identifiers
 - amount, currency, value date
 - purpose / regulatory narrative
 ### Stage 2 — Compliance and sanctions controls
 Required checks:
 - KYC / KYB status
 - sanctions and watchlist screening
 - limit checks
 - liquidity and prefunding check
 - source-of-liquidity selection and approval
 - market conduct / rate authorization check
 - jurisdictional eligibility
 Required outputs:
 - compliance decision
 - reason codes
 - approval / rejection metadata
 - audit payload hash
 ### Stage 3 — FX pricing and trade capture
 Required capabilities:
 - direct or triangulated rate determination
 - XAU-based triangulation where required by current OMNL methodology
 - rate-source reference
 - trade timestamp and value date
 - spread / fee logic
 - approved trader / operator identity
 - pricing-engine or dealer ownership of the approved quote
 Required records:
 - source currency
 - destination currency
 - quoted amount
 - settlement amount
 - rate
 - fee / spread component
 - realized vs unrealized P&L handling
 - quote id and liquidity-decision reference
 ### Stage 4 — OMNL accounting and posting
 Required journal-entry families:
 1. source debit
 2. beneficiary or settlement credit
 3. due-to / due-from interoffice leg where applicable
 4. FX reserve / treasury leg where applicable
 5. realized FX gain/loss leg where applicable
 6. accrued fee leg where applicable
 Mandatory OMNL data points:
 - `officeId`
 - `glAccountId`
 - `transactionDate`
 - `currencyCode`
 - `comments`
 - transaction reference
 ### Stage 5 — External banking message exchange
 #### 5.1 Domestic Indonesia path
 For Bank Kanaya / BNI-style domestic beneficiary credit:
 - payment or settlement instruction generated
 - local beneficiary validation completed
 - beneficiary account / institution reference resolved
 - domestic reporting obligations attached
 #### 5.2 Correspondent-bank path
 For global-bank and cross-border settlement:
 - route to correspondent or settlement bank selected
 - nostro / vostro account chosen
 - prefunding / cover logic confirmed
 - message dispatched and acknowledged
 - custody / safekeeping instructions attached where the flow involves held assets or global-custodian reporting
 ### Stage 6 — Funds movement and settlement confirmation
 Required evidence:
 - bank acceptance / status message
 - credit confirmation or rejection
 - statement extract or advice
 - confirmation of beneficiary-bank receipt
 - unresolved exception queue if delayed
 - custody statement / servicing reference where applicable
 ### Stage 7 — Reconciliation and package generation
 Required reconciliations:
 1. sidecar request vs OMNL journal
 2. OMNL journal vs office balances
 3. FX trade blotter vs accounting postings
 4. external bank confirmations vs OMNL settlement state
 5. on-chain event vs OMNL event where chain leg exists
 6. asset register / custody statement vs settlement state where depository flows apply
 7. liquidity decision vs selected funding source vs actual settlement usage
 Required evidence outputs:
 - transaction package snapshot
 - journal detail
 - recent journal entries
 - computed balances
 - payload hash files
 - ISO / SWIFT message archive references
 - prudential and BI/OJK crosswalks
 ## 4. Required message families
 ### ISO 20022
 | Message | Role in flow |
 |--------|---------------|
 | `pain.001` | customer or enterprise initiation |
 | `pacs.008` | FI-to-FI customer credit transfer |
 | `pacs.009` | interbank settlement |
 | `pacs.002` | status |
 | `camt.052` | intraday report |
 | `camt.053` | statement |
 | `camt.054` | debit/credit notification |
 ### SWIFT Fin / legacy
 | Message | Role in flow |
 |--------|---------------|
 | `MT103` | customer transfer |
 | `MT202` / `MT202 COV` | bank transfer / cover |
 | `MT910` | credit confirmation where needed |
 | `MT950` | statement where legacy paths require it |
 ### Internal / platform-specific
 | Message | Role |
 |--------|------|
 | sidecar transfer envelope | canonical business payload |
 | OMNL journal response | accounting confirmation |
 | settlement reference manifest | cross-system correlation |
 | chain settlement event | optional on-ledger finality evidence |
 ## 5. BNI-specific and Indonesia-specific requirements
 ### What must exist for a BNI-connected production path
 1. **BNI counterparty profile**
   - institution identifiers
   - beneficiary validation rules
   - account structure
   - allowed currency pairs
   - reporting obligations
 2. **Domestic payment / settlement route definition**
   - whether BNI is:
     - direct beneficiary bank
     - intermediary settlement bank
     - correspondent / nostro bank
   - final message set per route
 3. **Indonesia regulatory obligations**
   - BI reporting crosswalk
   - OJK prudential bridge
   - FX reporting obligations
   - large exposure / related-party handling
   - settlement finality memo
 4. **Operational controls**
   - cut-off times
   - business dates / value dates
   - holiday calendars
   - exception and return handling
   - maker-checker approvals
 ### Current state
 - Bank Kanaya path is documented in repo-backed material.
 - BNI-specific live endpoint, auth, and correspondent contract are not yet evidenced in this workspace.
 - Therefore the BNI lane is a required integration blueprint item, not a completed deployment.
 ## 6. Required funds-movement model
 ### 6.1 OMNL-only book transfer
 Used when both parties settle on OMNL books.
 Required:
 - interoffice mapping
 - due-to / due-from treatment
 - no external correspondent required
 ### 6.2 OMNL to domestic beneficiary bank
 Required:
 - beneficiary institution mapping
 - outbound settlement message
 - inbound confirmation
 - domestic regulatory reference
 ### 6.3 OMNL to global correspondent / global bank
 Required:
 - nostro selection
 - cover / prefunding policy
 - message dispatch
 - statement reconciliation
 - confirmation of receipt / finality
 ## 7. Required sidecar integrations
 ### `mifos-fineract-sidecar`
 Required responsibilities:
 - canonical transfer ingest
 - compliance check invocation
 - OMNL posting
 - transaction status tracking
 - audit payload preservation
 ### `server-funds-sidecar`
 Required responsibilities:
 - treasury approval and release
 - limit checks
 - prefunding and source-of-funds orchestration
 - status / approval / exception workflow
 - handoff to liquidity pooling and source-adapter decisions
 ### `off-ledger-2-on-ledger-sidecar`
 Required responsibilities:
 - translate approved off-ledger event into on-ledger settlement action
 - attach rates, conversion basis, and settlement refs
 - record chain transaction linkage
 - preserve depository / custody / liquidity references where those roles are in scope
 ### Additional required control layers
 Required responsibilities:
 - FX pricing / dealing engine owns quote generation or approved rate ingest
 - liquidity pooling and aggregation engine owns funding-source selection
 - liquidity source adapters normalize bank-line, correspondent, internal-pool, and optional on-chain liquidity access
 - depository / CSD layer owns asset-register and settlement-touch behavior for in-scope instruments
 - global custodian layer owns safekeeping, statements, and asset-servicing obligations
 ### Optional or later
 - `mt103-hardcopy-sidecar`
 - `card-networks-sidecar`
 - `securitization-engine-sidecar`
 - Mojaloop connector
 ## 8. Required Chain 138 integration
 If on-ledger settlement is in scope, the following must be true:
 1. settlement contract path is frozen
 2. instrument selection is frozen
 3. reserve / oracle dependencies are frozen
 4. sidecar correlation id maps to chain tx hash
 5. evidence package includes chain settlement proof
 6. depository / CSD touch point is frozen where asset-backed flows exist
 7. custody / safekeeping statement linkage is frozen where custody applies
 8. liquidity-source decision reference is preserved in the evidence package
 ## 9. Reconciliation requirements
 ### Mandatory reconciliation layers
 1. **Accounting reconciliation**
   - OMNL JEs vs intended posting matrix
 2. **FX reconciliation**
   - rate source vs booked rate
   - realized / unrealized P&L correctness
 3. **Bank reconciliation**
   - statement / advice vs OMNL settlement state
 4. **Operational reconciliation**
   - sidecar correlation IDs vs journal refs vs package refs
 5. **On-ledger reconciliation**
   - chain tx vs off-ledger settlement event
 6. **Custody / depository reconciliation**
   - asset register vs custody statement vs settlement state
 7. **Liquidity reconciliation**
   - selected funding source vs liquidity decision vs actual settlement usage
 ## 10. Full production-complete gate
 The OMNL → Indonesia / BNI → global-bank flow is only fully complete when:
 1. one domestic Indonesia beneficiary flow is live and repeatable
 2. one BNI-connected path is live and repeatable
 3. one global correspondent-bank flow is live and repeatable
 4. FX pricing, accounting, and revaluation are frozen and audited
 5. all required ISO/SWIFT messages are archived and correlated
 6. reconciliation package is reproducible
 7. if chain settlement is in scope, the chain leg is included in the same evidence package
 ## 11. Current blockers
 - no live BNI endpoint/auth contract captured in repo-backed state
 - no live global correspondent-bank endpoint/auth contract captured in repo-backed state
 - treasury / funds sidecar lane not yet validated end to end
 - on-ledger settlement leg not yet included in the canonical transaction
 - participant / office / treasury model not yet frozen across all counterparties
 - depository / custody operating model not yet frozen
 - FX pricing engine and liquidity aggregation ownership not yet frozen
 ## 12. Execution order
 1. freeze participant / office / GL / nostro-vostro model
 2. freeze depository / custody / FX / liquidity-control layers
 3. freeze OMNL operator runbook
 4. validate `server-funds-sidecar`
 5. validate `off-ledger-2-on-ledger-sidecar`
 6. acquire and document BNI / correspondent-bank endpoint and auth contracts
 7. run one domestic Indonesia beneficiary-bank flow
 8. run one correspondent-bank flow
 9. add Chain 138 settlement leg if in scope
 10. generate and sign the final evidence package
 ## Related artifacts
 - [DBIS_RTGS_FX_TRANSACTION_CATALOG.md](DBIS_RTGS_FX_TRANSACTION_CATALOG.md)
 - [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md)
 - [HYBX_BATCH_001_OPERATOR_CHECKLIST.md](../04-configuration/mifos-omnl-central-bank/HYBX_BATCH_001_OPERATOR_CHECKLIST.md)
 - [BANK_KANAYA_OFFICE_RUNBOOK.md](../04-configuration/mifos-omnl-central-bank/BANK_KANAYA_OFFICE_RUNBOOK.md)
 - [PvP_MULTILATERAL_NET_SETTLEMENT_BANK_KANAYA.md](../04-configuration/mifos-omnl-central-bank/PvP_MULTILATERAL_NET_SETTLEMENT_BANK_KANAYA.md)
 - [FX_AND_VALUATION.md](../04-configuration/mifos-omnl-central-bank/FX_AND_VALUATION.md)
 - [INDONESIA_PACKAGE_4_995_EVIDENCE_STANDARD.md](../04-configuration/mifos-omnl-central-bank/INDONESIA_PACKAGE_4_995_EVIDENCE_STANDARD.md)
 - [SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md](../04-configuration/SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md)
--- a/docs/03-deployment/DBIS_PHASE3_E2E_PRODUCTION_SIMULATION_RUNBOOK.md
+++ b/docs/03-deployment/DBIS_PHASE3_E2E_PRODUCTION_SIMULATION_RUNBOOK.md
@@ -0,0 +1,76 @@
 # DBIS Phase 3 — End-to-end production simulation
 **Last updated:** 2026-03-28  
 **Purpose:** Operationalize [dbis_chain_138_technical_master_plan.md](../../dbis_chain_138_technical_master_plan.md) Section 18 (example flow) and Sections 14, 17 as **repeatable liveness and availability checks** — not a single product build or a full business-E2E execution harness.
 **Prerequisites:** LAN access where noted; [DBIS_NODE_ROLE_MATRIX.md](../02-architecture/DBIS_NODE_ROLE_MATRIX.md) for IPs/VMIDs; operator env via `scripts/lib/load-project-env.sh` for on-chain steps.
 ---
 ## Section 18 flow → concrete checks
 | Step | Master plan | Verification (repo-aligned) |
 |------|-------------|-----------------------------|
 | 1 | Identity issued (Indy) | Indy steward / node RPC on VMID **6400** (192.168.11.64); pool genesis tools — **manual** until automated issuer script exists. Current CTs `6400/6401/6402` are present, but app-level Indy listener verification is still pending. |
 | 2 | Credential verified (Aries) | Aries agents (if colocated): confirm stack on Indy/FireFly integration path — **TBD** per deployment. |
 | 3 | Workflow triggered (FireFly) | FireFly API on **6200** (currently restored as a minimal local gateway profile at `http://192.168.11.35:5000`). VMID **6201** is presently stopped / standby and should not be assumed active. |
 | 4 | Settlement executed (Besu) | JSON-RPC `eth_chainId`, `eth_blockNumber`, optional test transaction via `smom-dbis-138` with `RPC_URL_138=http://192.168.11.211:8545`. PMM/oracle: [ORACLE_AND_KEEPER_CHAIN138.md](../../smom-dbis-138/docs/integration/ORACLE_AND_KEEPER_CHAIN138.md). |
 | 5 | Cross-chain sync (Cacti) | Cacti = network monitoring here (VMID **5200**); **Hyperledger Cacti** interoperability is **future/optional** — track separately if deployed. **CCIP:** relay on r630-01 per [CCIP_RELAY_DEPLOYMENT.md](../07-ccip/CCIP_RELAY_DEPLOYMENT.md). |
 | 6 | Compliance recorded (Fabric) | Fabric CTs `6000/6001/6002` are present, but current app-level verification has not yet proven active peer / orderer workloads inside those CTs. Treat Fabric business-flow validation as manual until that gap is closed. |
 | 7 | Final settlement confirmed | Re-check Besu head on **2101** and **2201**; Blockscout **5000** for tx receipt if applicable. |
 ---
 ## Automated wrapper (partial)
 From repo root:
 ```bash
 bash scripts/verify/run-dbis-phase3-e2e-simulation.sh
 ```
 Optional:
 ```bash
 RUN_CHAIN138_RPC_HEALTH=1 bash scripts/verify/run-dbis-phase3-e2e-simulation.sh
 ```
 The script **does not** replace Indy/Fabric business transactions; it proves **liveness** of RPC, optional FireFly HTTP, and prints manual follow-ups. Treat it as a wrapper for infrastructure availability, not as proof that the complete seven-step business flow succeeded.
 ---
 ## Performance slice (Section 14 — Caliper)
 Hyperledger Caliper is **not** vendored in this repo. To add benchmarks:
 1. Install Caliper in a throwaway directory or CI image.
 2. Point a Besu **SUT** at `http://192.168.11.211:8545` (deploy/core RPC only) or a dedicated load-test RPC.
 3. Start with `simple` contract scenarios; record **TPS**, **latency p95**, and **error rate**.
 **Suggested initial thresholds (tune per governance):**
 | Metric | Initial gate (lab) |
 |--------|-------------------|
 | RPC error rate under steady load | less than 1% for 5 min |
 | Block production | no stall > 30s (QBFT) |
 | Public RPC `eth_blockNumber` lag vs core | within documented spread ([check-chain138-rpc-health.sh](../../scripts/verify/check-chain138-rpc-health.sh) defaults) |
 Details: [CALIPER_CHAIN138_PERF_HOOK.md](CALIPER_CHAIN138_PERF_HOOK.md).
 ---
 ## Production readiness certification (matrix-driven)
 Use [OPERATOR_READY_CHECKLIST.md](../00-meta/OPERATOR_READY_CHECKLIST.md) section **10** plus:
 - Phase 1 report timestamped under `reports/phase1-discovery/`.
 - Phase 2 milestones acknowledged (Ceph/segmentation may be partial).
 - Node Role Matrix: no critical **TBD** for entity-owned validators without a documented interim owner.
 ---
 ## Related
 - [PHASE1_DISCOVERY_RUNBOOK.md](PHASE1_DISCOVERY_RUNBOOK.md)
 - [DBIS_PHASE2_PROXMOX_SOVEREIGNIZATION_ROADMAP.md](../02-architecture/DBIS_PHASE2_PROXMOX_SOVEREIGNIZATION_ROADMAP.md)
 - [verify-end-to-end-routing.sh](../../scripts/verify/verify-end-to-end-routing.sh) — public/private ingress
--- a/docs/03-deployment/DBIS_PHASES_1_TO_3_PRODUCTION_GATE.md
+++ b/docs/03-deployment/DBIS_PHASES_1_TO_3_PRODUCTION_GATE.md
@@ -0,0 +1,124 @@
 # DBIS Chain 138 — Phases 1-3 Production Gate
 **Last updated:** 2026-03-28  
 **Purpose:** Convert the DBIS master plan into an operational production gate. This document records which Phase 1-3 conditions are currently satisfied, which are partially satisfied, and which still block an honest production declaration.
 ## Overall status
 **Current conclusion:** DBIS Chain 138 has a healthy Besu production base and a working Phase 3 liveness slice, but it is **not yet fully production-complete across the broader DBIS Hyperledger stack**.
 ### What is genuinely production-capable now
 - Chain 138 Besu validators / sentries / RPC tiers
 - Public RPC feature baseline including:
  - `eth_chainId`
  - `eth_gasPrice`
  - `eth_maxPriorityFeePerGas`
  - `eth_feeHistory`
  - trace methods used by the explorer
 - Explorer / Blockscout surfaces
 - FireFly primary minimal local gateway (`6200`) restored and serving API health
 ### What is not yet proven production-ready
 - FireFly secondary failover footprint (`6201`) is not deployed; it is currently retired / standby until rebuilt
 - Fabric peer / orderer workload health inside `6000-6002`; those CTs are now intentionally stopped as reserved placeholders
 - Indy validator / node listener health inside `6400-6402`; those CTs are now intentionally stopped as reserved placeholders
 - Sovereignized Phase 2 platform baseline:
  - Ceph-backed storage
  - final VLAN segmentation
  - final entity ownership mapping
 ## Phase 1 — Reality mapping gate
 ### Required conditions
 | Gate | Status | Evidence |
 |------|--------|----------|
 | Proxmox discovery automation exists | Complete | [scripts/verify/run-phase1-discovery.sh](../../scripts/verify/run-phase1-discovery.sh) |
 | Discovery has critical-failure exit semantics | Complete | same script now exits non-zero on critical failures |
 | Node-role matrix is machine-regenerated | Complete | [scripts/docs/generate-dbis-node-role-matrix-md.sh](../../scripts/docs/generate-dbis-node-role-matrix-md.sh), [docs/02-architecture/DBIS_NODE_ROLE_MATRIX.md](../02-architecture/DBIS_NODE_ROLE_MATRIX.md) |
 | Duplicate-IP planning conflicts are explicitly labeled | Complete | [docs/02-architecture/DBIS_NODE_ROLE_MATRIX.md](../02-architecture/DBIS_NODE_ROLE_MATRIX.md) |
 | Hyperledger CT status is verified beyond `pct status` | Complete | [docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md](DBIS_HYPERLEDGER_RUNTIME_STATUS.md) |
 ### Phase 1 conclusion
 **Phase 1 is operationally complete** as a discovery and truth-mapping phase.
 ## Phase 2 — Sovereignization gate
 ### Required conditions
 | Gate | Status | Evidence / blocker |
 |------|--------|--------------------|
 | Quorum / fleet expansion roadmap exists | Complete | [docs/02-architecture/DBIS_PHASE2_PROXMOX_SOVEREIGNIZATION_ROADMAP.md](../02-architecture/DBIS_PHASE2_PROXMOX_SOVEREIGNIZATION_ROADMAP.md) |
 | ML110 migration path documented | Complete | same roadmap + [docs/02-architecture/PHYSICAL_HARDWARE_INVENTORY.md](../02-architecture/PHYSICAL_HARDWARE_INVENTORY.md) |
 | Ceph decision and pilot completed | Blocked | roadmap exists, but Ceph is not yet deployed |
 | Network segmentation implemented | Blocked | roadmap exists, but full sovereign VLAN segmentation is not yet live |
 | Final entity assignment completed | Blocked | still `TBD` in parts of the matrix |
 | Template-standardized workload placement completed | Partial | preferred placement exists, but not all live placement is standardized |
 ### Phase 2 conclusion
 **Phase 2 is planned but not complete.** The roadmap exists, but sovereignization has not yet been executed to the level required for a full production declaration.
 ## Phase 3 — Production simulation gate
 ### Required conditions
 | Gate | Status | Evidence / blocker |
 |------|--------|--------------------|
 | Automated liveness wrapper exists | Complete | [scripts/verify/run-dbis-phase3-e2e-simulation.sh](../../scripts/verify/run-dbis-phase3-e2e-simulation.sh) |
 | Besu liveness passes | Complete | direct script output and [scripts/verify/check-chain138-rpc-health.sh](../../scripts/verify/check-chain138-rpc-health.sh) |
 | FireFly HTTP liveness passes | Complete | `6200` returns `HTTP 200` on `/api/v1/status` |
 | Fabric app-native business flow validation passes | Blocked | Current checks found no active Fabric payload, processes, or listeners; CTs are now intentionally stopped as reserved placeholders |
 | Indy app-native business flow validation passes | Blocked | Current checks found no active Indy payload, processes, or listeners; CTs are now intentionally stopped as reserved placeholders |
 | Cross-chain / Cacti business flow validation passes | Blocked | not currently proven as deployed live DBIS path |
 | Full business E2E has been demonstrated | Blocked | current wrapper is intentionally liveness-only |
 ### Phase 3 conclusion
 **Phase 3 is partially complete.** Infrastructure liveness is demonstrated for Besu and FireFly primary, but not full DBIS business E2E.
 ## Production blockers
 The following items still prevent a full “DBIS Chain 138 production complete” declaration:
 1. `6201` is not a verified active secondary FireFly node and is currently treated as retired / standby until rebuilt.
 2. Fabric `6000-6002` are not active peer/orderer workloads; current evidence showed placeholder CTs only, and they have now been stopped and retained as reserve inventory.
 3. Indy `6400-6402` are not active validator workloads; current evidence showed placeholder CTs only, and they have now been stopped and retained as reserve inventory.
 4. Phase 2 sovereignization is still roadmap work, not completed platform state.
 5. The current Phase 3 wrapper is liveness validation, not end-to-end business certification.
 ## What can be declared complete now
 It is accurate to declare:
 - **Chain 138 Besu production baseline:** complete and healthy
 - **DBIS Phase 1 discovery / reality-mapping:** complete
 - **DBIS Phase 3 liveness wrapper for Besu + FireFly primary:** complete
 It is **not** yet accurate to declare:
 - full DBIS Hyperledger production completion
 - full multi-entity sovereignized infrastructure completion
 - full end-to-end DBIS business workflow certification
 ## Next production-closing actions
 1. Decide whether `6201` is to be rebuilt as a real secondary FireFly node or left retired as a reserve inventory slot.
 2. Either deploy real Fabric workloads inside `6000-6002` and validate them, or leave those CTs stopped as reserved placeholders.
 3. Either deploy real Indy workloads inside `6400-6402` and validate them, or leave those CTs stopped as reserved placeholders.
 4. Execute the first real Phase 2 platform milestone:
   - fleet expansion, or
   - Ceph pilot, or
   - VLAN segmentation tranche
 5. Only after those steps, rerun Phase 1 and Phase 3 evidence and update the production gate.
 ## Related artifacts
 - [dbis_chain_138_technical_master_plan.md](../../dbis_chain_138_technical_master_plan.md)
 - [docs/03-deployment/PHASE1_DISCOVERY_RUNBOOK.md](PHASE1_DISCOVERY_RUNBOOK.md)
 - [docs/03-deployment/DBIS_PHASE3_E2E_PRODUCTION_SIMULATION_RUNBOOK.md](DBIS_PHASE3_E2E_PRODUCTION_SIMULATION_RUNBOOK.md)
 - [docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md](DBIS_HYPERLEDGER_RUNTIME_STATUS.md)
 - [docs/02-architecture/DBIS_PHASE2_PROXMOX_SOVEREIGNIZATION_ROADMAP.md](../02-architecture/DBIS_PHASE2_PROXMOX_SOVEREIGNIZATION_ROADMAP.md)
--- a/docs/03-deployment/DBIS_RTGS_CONTROL_PLANE_DEPLOYMENT_CHECKLIST.md
+++ b/docs/03-deployment/DBIS_RTGS_CONTROL_PLANE_DEPLOYMENT_CHECKLIST.md
@@ -0,0 +1,69 @@
 # DBIS RTGS Control Plane Deployment Checklist
 **Last updated:** 2026-03-29  
 **Purpose:** Deployment checklist for the next RTGS control-plane services beyond the first-slice sidecars:
 - RTGS orchestrator
 - FX pricing / dealing engine
 - liquidity pooling and aggregation engine
 This checklist does not claim these services are already built. It exists so the platform can self-deploy them as soon as artifacts are available.
 ## 1. Target components
 | Component | Default role | Expected health path |
 |-----------|--------------|----------------------|
 | `rtgs-orchestrator` | canonical transaction-state owner and cross-system workflow coordinator | `GET /actuator/health` |
 | `rtgs-fx-engine` | quote generation / approved-rate ingest / booking references | `GET /actuator/health` |
 | `rtgs-liquidity-engine` | funding-source selection, allocation, and adapter coordination | `GET /actuator/health` |
 ## 2. Runtime expectations
 - Proxmox target host defaults to `r630-02`
 - packaging expectation: Java application JAR per service
 - runtime expectation: systemd-managed service with env file under `/etc/dbis-rtgs`
 - health expectation: local HTTP readiness on port `8080`
 ## 3. Required inputs before deployment
 - built JAR for each selected control-plane service
 - OMNL / Fineract base URL and tenant/auth contract
 - Redis and persistence choices
 - per-service env vars for role-specific configuration
 - decision on target CT VMIDs and host placement
 ## 4. Deployment sequence
 1. create target CTs if they do not already exist
 2. copy application artifact into `/opt/dbis-rtgs/<service>`
 3. push env file into `/etc/dbis-rtgs/<service>.env`
 4. install systemd unit
 5. restart service
 6. verify local health endpoint
 7. verify Fineract or downstream reachability where applicable
 ## 5. Validation checklist
 - [ ] `rtgs-orchestrator` artifact is present and versioned
 - [ ] `rtgs-fx-engine` artifact is present and versioned
 - [ ] `rtgs-liquidity-engine` artifact is present and versioned
 - [ ] CT targets are chosen and reachable
 - [ ] env files are frozen for the chosen environment
 - [ ] health endpoints return `UP`
 - [ ] Fineract/downstream reachability is verified
 - [ ] operator can restart and inspect each service via systemd
 ## 6. Scripts
 - [create-dbis-rtgs-control-plane-lxcs.sh](/home/intlc/projects/proxmox/scripts/deployment/create-dbis-rtgs-control-plane-lxcs.sh)
 - [deploy-dbis-rtgs-control-plane.sh](/home/intlc/projects/proxmox/scripts/deployment/deploy-dbis-rtgs-control-plane.sh)
 - [check-dbis-rtgs-control-plane.sh](/home/intlc/projects/proxmox/scripts/verify/check-dbis-rtgs-control-plane.sh)
 ## 7. Production gate
 This control-plane tranche is only complete when:
 1. all selected services are deployed on Proxmox
 2. health checks pass
 3. their interfaces are frozen against the canonical RTGS docs
 4. at least one canonical flow uses them end to end
--- a/docs/03-deployment/DBIS_RTGS_DEPOSITORY_AND_CUSTODY_OPERATING_MODEL.md
+++ b/docs/03-deployment/DBIS_RTGS_DEPOSITORY_AND_CUSTODY_OPERATING_MODEL.md
@@ -0,0 +1,162 @@
 # DBIS RTGS Depository and Custody Operating Model
 **Last updated:** 2026-03-29  
 **Purpose:** Implementation-grade operating model for the depository / CSD, global custodian, and custody / safekeeping / asset-servicing layers referenced by the DBIS RTGS canonical production checklist.
 ## 1. Scope
 This document freezes the intended runtime boundaries for:
 - `Depository / CSD layer`
 - `Global custodian layer`
 - `Custody / safekeeping / asset servicing flow`
 It does not claim these layers are already deployed. It defines the operating contract they must satisfy before they can be marked `Complete` in the canonical checklist.
 ## 2. Canonical role split
 ### Depository / CSD layer
 Owns:
 - authoritative asset register for in-scope instruments
 - issuance, transfer, pledge, lien, and release semantics
 - linkage between asset ownership state and RTGS settlement-touch state
 Does not own:
 - cash ledger posting
 - bank-message transport
 - treasury funding decisions
 ### Global custodian layer
 Owns:
 - safekeeping account hierarchy
 - sub-custody and global-bank/correspondent custody relationships
 - statements, confirmations, and servicing references
 Does not own:
 - canonical cash settlement
 - pricing or liquidity decisions
 - on-chain anchoring
 ### Custody / safekeeping / asset servicing flow
 Owns:
 - holdings lifecycle from registration to reporting
 - statement generation and custody evidence references
 - servicing events such as entitlement, transfer instruction, and post-settlement reporting
 Does not own:
 - participant master data
 - FX price formation
 - liquidity source selection
 ## 3. Canonical business objects
 | Object | Primary owner | Required downstream link |
 |--------|---------------|--------------------------|
 | `asset_position` | Depository / CSD | custody statement, settlement-touch reference |
 | `transfer_instruction` | Depository / CSD | RTGS orchestrator, OMNL posting reference |
 | `custody_account` | Global custodian | participant / office / account mapping |
 | `custody_statement` | Global custodian | reconciliation package, audit evidence |
 | `servicing_event` | Custody flow | holdings state, evidence package |
 | `settlement_touch_reference` | Depository / CSD | chain/off-ledger settlement evidence |
 ## 4. Required integrations
 ### Upstream
 - OMNL participant / office / treasury model
 - RTGS orchestrator correlation IDs
 - external institution master data
 ### Downstream
 - OMNL / Fineract postings
 - external bank statements or confirmations
 - Chain 138 settlement evidence where on-ledger finality is in scope
 - ISO 20022 / institutional evidence package
 ## 5. Canonical flow
 ```mermaid
 flowchart LR
    REQUEST["Transfer / Asset Instruction"] --> CSD["Depository / CSD"]
    CSD -->|"asset ownership update"| CUST["Global Custodian"]
    CSD -->|"settlement touch reference"| ORCH["RTGS Orchestrator"]
    ORCH -->|"cash posting"| OMNL["OMNL / Fineract"]
    ORCH -->|"bank or chain settlement"| SETTLE["Settlement Rail"]
    CUST -->|"statement / servicing output"| EVIDENCE["Evidence / Reconciliation"]
    OMNL --> EVIDENCE
    SETTLE --> EVIDENCE
 ```
 ## 6. Minimum interface contract
 ### Depository asset-register and settlement-touch contract
 - Input:
  - participant reference
  - instrument reference
  - action type: issue / transfer / pledge / release
  - quantity / amount
  - correlation id
 - Output:
  - asset position id
  - settlement-touch reference
  - depository state
 - Failure contract:
  - reject with reason code and no settlement-touch reference
 ### Global custodian account/reporting contract
 - Input:
  - participant or sub-custody account reference
  - position or servicing reference
  - reporting period or event type
 - Output:
  - custody statement reference
  - servicing reference
  - reconciliation reference
 - Failure contract:
  - produce exception state with unresolved custody item
 ### Custody lifecycle contract
 - Input:
  - custody account reference
  - position reference
  - servicing action
  - correlation id
 - Output:
  - custody lifecycle state
  - statement/evidence reference
 - Failure contract:
  - unresolved servicing queue with operator-visible reason
 ## 7. Deployment expectations
 Before these layers can be considered active:
 1. one implementation boundary must be selected for the depository role:
   - on-ledger
   - off-ledger
   - hybrid
 2. one implementation boundary must be selected for the global custodian role
 3. one canonical custody flow must be bound to OMNL and RTGS settlement
 4. reconciliation outputs must include holdings and statement references
 ## 8. Production gate
 This operating model is complete only when:
 1. one canonical asset flow uses the depository touch point
 2. one canonical custody flow generates statements/evidence
 3. holdings, settlement, and accounting reconcile in the same package
 4. the canonical production checklist rows for these layers can move from `Planned` to `Partial` or `Complete` with evidence
--- a/docs/03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md
+++ b/docs/03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md
@@ -0,0 +1,79 @@
 # DBIS RTGS Canonical Production Checklist
 **Last updated:** 2026-03-29  
 **Purpose:** Canonical production-readiness checklist for the full DBIS RTGS stack across Chain 138, OMNL / Fineract, HYBX sidecars, Indonesia / BNI banking flows, and optional Hyperledger identity and interoperability layers.
 ## Status guidance
 - Use `Complete` only for production-capable roles that are implemented and verified.
 - Use `Partial` when a slice exists or works narrowly, but is not yet enough for full production use.
 - Use `Planned` for intentionally in-scope components not yet deployed or validated.
 - Use `Reserved placeholder` for inventory that exists but is not an active workload.
 - Use `Retired / standby` for inventory that is intentionally inactive until rebuilt.
 ## Canonical checklist
 | Component | Current state | Required integration | Remaining task | Owner | Production gate |
 |-----------|---------------|----------------------|----------------|-------|-----------------|
 | Chain 138 Besu validator / sentry / RPC baseline | Complete. Validator, sentry, core, public, and named RPC tiers are live and script-verified. | Ongoing RPC, validator, and public wallet/explorer compatibility only. | Maintain health, peer spread, fee support, and public RPC method coverage. | DBIS / infra ops | Public and core RPC healthy, head spread `0`, peer counts healthy, wallet/explorer-required methods working. |
 | Explorer / Blockscout | Complete. Explorer routes, APIs, token metadata, and RPC capability metadata are live. | Ongoing explorer API, token metadata, and wallet metadata compatibility. | Maintain explorer health, indexing freshness, metadata accuracy, and route stability. | DBIS / explorer ops | Explorer routes, APIs, and metadata remain healthy and consistent with Chain 138 runtime. |
 | FireFly primary `6200` | Partial. Restored as a minimal local FireFly API footprint, not yet a proven multiparty production workflow engine. | FireFly event/orchestration model, sidecar and banking workflow correlation, and HA strategy. | Define event model, validate orchestration role, and decide whether FireFly is mandatory in slice 1. | DBIS workflow / infra ops | API healthy, config preserved, orchestration role defined, and real cross-system workflow validated. |
 | FireFly secondary `6201` | Retired / standby. Inventory exists, but current rootfs does not contain a valid deployment payload. | Rebuild contract for a real secondary FireFly node if HA is required. | Either rebuild as a true secondary and validate failover, or keep explicitly retired in all architecture claims. | DBIS workflow / infra ops | Either rebuilt and verified as a real secondary, or formally excluded from active-stack claims. |
 | Fabric `6000-6002` | Reserved placeholder. VMIDs exist, but app-level verification did not show active peer / orderer services or meaningful Fabric payloads. | Actual Fabric peer/orderer deployment model if Fabric is required by the RTGS target architecture. | Either deploy real Fabric workloads and validate them, or keep them stopped and excluded from active-stack claims. | DBIS architecture / infra ops | Real Fabric workloads deployed and validated, or the footprint remains explicitly placeholder-only. |
 | Indy `6400-6402` | Reserved placeholder. VMIDs exist, but app-level verification did not show active Indy listeners or meaningful Indy payloads. | Actual Indy validator / identity runtime only if Indy is required by the RTGS target architecture. | Either deploy real Indy workloads and validate them, or keep them stopped and excluded from active-stack claims. | DBIS architecture / infra ops | Real Indy workloads deployed and validated, or the footprint remains explicitly placeholder-only. |
 | Aries | Planned. No deployed Aries runtime is currently evidenced. | Identity-agent model, DID/wallet strategy, and credential-exchange role in RTGS workflows. | Decide in or out of scope for production slice 1; if in, deploy agents and validate flows. | Identity architecture lead | Scope decision is frozen, and if in scope the deployed agent model and flows are validated. |
 | AnonCreds | Planned. No deployed credential flow is currently evidenced. | Issuer / holder / verifier model and credential lifecycle. | Decide in or out of scope for production slice 1; if in, freeze schema and verification flow. | Identity architecture lead | Scope decision is frozen, and if in scope the credential lifecycle is validated end to end. |
 | Ursa | Planned. No explicit runtime dependency or operating model is currently evidenced. | Cryptographic runtime role, library dependency model, and operational controls. | Decide in or out of scope; if in, document and validate the cryptographic dependency model. | Identity / cryptography architecture lead | Scope decision is frozen, and if in scope the cryptographic dependency is documented and validated. |
 | Cacti | Planned. Not currently proven as a live interoperability engine. | Cross-ledger interoperability contract and deployment model. | Decide whether Cacti is needed for production slice 1; if in, deploy and validate the real path. | Interoperability architecture lead | Scope decision is frozen, and if in scope the live interoperability path is deployed and tested. |
 | Caliper | Planned. Documentation hook exists, but no routine benchmark harness is active. | Benchmark workload definitions for RTGS and Chain 138 settlement paths. | Build the approved benchmark harness and run accepted workload profiles. | Performance / QA lead | Benchmark harness exists and approved RTGS workloads have been executed and recorded. |
 | OMNL / Fineract API rail | Partial. Live tenant and authenticated posting path are now proven, but the canonical RTGS operator rail is not fully frozen. | Stable OMNL tenant/auth contract, operator flow, office/GL mapping, and reconciliation package path. | Freeze tenant, operator runbook, participant model, and reproducible OMNL settlement rail. | OMNL / banking ops | Office / GL / JE / snapshot / package flow runs cleanly and repeatably against the intended live tenant. |
 | Mifos X frontend / Fineract tenant | Partial. Runtime is live and sidecars can authenticate, but production operator model is not fully frozen. | Stable UI/API tenant contract, secrets, and operator procedures. | Finalize tenant/auth, operator usage, and runbook completeness. | OMNL / banking ops | UI/API healthy, tenant/auth stable, and operator procedures are complete and repeatable. |
 | HYBX participant / office / treasury model | Planned. Participant, office, reserve, settlement, and treasury roles are not yet frozen end to end. | OMNL participant model, office mappings, GL mappings, and treasury structure. | Freeze participant classes, office IDs, treasury accounts, and nostro/vostro model. | Banking architecture lead | Participant, treasury, reserve, and GL structures are documented, accepted, and used by the canonical rail. |
 | Depository / CSD layer | Planned. No dedicated depository or CSD runtime and no frozen asset-register model are yet evidenced in the current RTGS stack. | Securities ownership model, settlement-finality link, asset register, and participant/custody relationships. | Define whether the depository role is on-ledger, off-ledger, or hybrid; freeze issuance, transfer, pledge, and settlement-touch points. | Securities / market-infrastructure architecture lead | Depository role, participant model, and settlement interaction are documented and validated in at least one canonical asset flow. |
 | Global custodian layer | Planned. No explicit global custodian runtime, account model, or reporting path is yet frozen in repo-backed state. | Correspondent banks, global custodians, safekeeping accounts, corporate-action handling, and asset-servicing obligations. | Define the custody operating model, account structure, reporting obligations, and reconciliation with OMNL and RTGS settlement. | Custody / institutional banking integration lead | Custody account model, reconciliation path, and reporting obligations are frozen and tested in a canonical custody flow. |
 | FX pricing / dealing engine | Planned. FX flow requirements are documented, but no single pricing/dealing engine contract is yet frozen as the production source of rates and booking rules. | Treasury policy, rate sources, quote locking, spreads, value dates, and gain/loss accounting. | Freeze the pricing hierarchy, quote lifecycle, booking rules, and integration into OMNL and sidecars. | FX / treasury architecture lead | One canonical FX transaction runs with frozen pricing inputs, accounting, and reconciliation. |
 | Liquidity pooling and aggregation engine | Planned. Liquidity sourcing is implied across treasury and correspondent flows, but no explicit pooling/aggregation engine is yet modeled as a production component. | Treasury policy, reserve policy, liquidity providers, internal pools, external bank lines, and optional on-chain liquidity. | Define source prioritization, eligibility rules, allocation logic, and operator controls. | Liquidity architecture lead | Liquidity sourcing logic is documented and one canonical funding decision path is validated. |
 | Liquidity source adapters | Planned. No source-by-source adapter contract has been frozen for bank lines, treasury pools, correspondent banks, or optional on-chain liquidity. | Bank lines, correspondent banks, internal treasury pools, optional on-chain pools, and optional sidecar/provider adapters. | Enumerate source families and define one adapter contract per source class. | Treasury / integrations lead | Each in-scope liquidity source class has a defined adapter contract and at least the mandatory sources are validated. |
 | Custody / safekeeping / asset servicing flow | Planned. Custody, safekeeping, and servicing obligations are referenced indirectly through settlement and correspondent flows, but not yet modeled as one canonical lifecycle. | Depository, custodian, participant accounts, statements, corporate actions, holdings reconciliation, and evidence path. | Define the canonical lifecycle for safekeeping, transfer, servicing, and statement production. | Custody operations / product architecture lead | One end-to-end custody lifecycle is documented and validated with reconciliation/evidence output. |
 | Mojaloop integration | Planned. No live Mojaloop switch endpoint/auth/callback contract is yet evidenced here. | Mojaloop quote, transfer, callback, and settlement-window contract. | Document live Mojaloop endpoints/auth and integrate them if Mojaloop remains in scope. | Payments interoperability lead | Endpoint/auth contract is frozen and quote/transfer/callback/settlement behavior is validated. |
 | HYBX sidecar layer | Partial. Sidecar families are known, and first-slice sidecars are deployed, but full boundaries and ownership are not yet frozen. | Sidecar-by-sidecar ingress/egress, retries, auth, and system-of-record ownership. | Freeze sidecar boundaries, orchestration model, and canonical RTGS event path. | HYBX app / integration lead | Sidecar purposes, auth, retries, and system-of-record ownership are documented and validated. |
 | `mifos-fineract-sidecar` | Partial. Deployed on Proxmox, healthy, and has completed an authenticated live OMNL posting. | OMNL/Fineract tenant contract and downstream settlement/evidence path. | Extend validation from posting success to the full settlement/evidence path. | HYBX integration lead | Sidecar API and event flow documented, and at least one authenticated live transfer completes through downstream settlement/evidence. |
 | `server-funds-sidecar` | Partial. Deployed on Proxmox and healthy, but treasury/system-of-record boundaries are not yet frozen. | OMNL treasury/funding orchestration contract and participant model. | Freeze whether it is mandatory in the first RTGS slice and validate its business flow. | HYBX integration lead | Treasury/funding role is defined and a real authenticated business flow is validated. |
 | `off-ledger-2-on-ledger-sidecar` | Partial. Deployed on Proxmox, healthy, and able to drive the first Chain 138 settlement leg with safe pending-anchor degradation. | Canonical off-ledger event source, OMNL/Fineract posting contract, and Chain 138 settlement finality path. | Freeze the canonical off-ledger source event and complete final receipt/finality handling. | HYBX integration lead | Off-ledger event to Chain 138 settlement is frozen and tested end to end with durable evidence output. |
 | `mt103-hardcopy-sidecar` | Partial. Known sidecar, but not yet tied into the canonical RTGS path. | MT103 ingest, bank-message archive, and settlement/evidence mapping. | Decide whether it is in scope and, if yes, integrate MT103 ingest into the canonical RTGS flow. | HYBX integration lead | MT103 ingestion path is documented, integrated, and tested if in scope. |
 | `securitization-engine-sidecar` | Partial. Known sidecar, but regulatory/accounting role in RTGS is not yet frozen. | Accounting, collateral, and reporting responsibilities in the RTGS operating model. | Define whether it participates in RTGS slice 1 and validate the required role if so. | HYBX integration lead | Its RTGS responsibility is either validated or explicitly out of scope. |
 | `card-networks-sidecar` | Partial. Known sidecar, but not yet placed in the RTGS path. | Card-network settlement role only if card rails are included in scope. | Include only if card settlement is part of production scope; otherwise keep it out of the canonical path. | HYBX integration lead | Scope decision is frozen, and if included the settlement path is validated. |
 | `securities-sidecar` | Partial. Known sidecar with runnable application shape, but its depository/custody placement in the RTGS architecture is not yet frozen. | Instrument resolution, securities instructions, settlement events, and position reconciliation linked to the depository/custody operating model. | Freeze whether it is the runtime boundary for depository/custody flows and validate one canonical securities/custody path if so. | HYBX integration lead | Scope decision is frozen, and if included one canonical securities or custody flow is validated. |
 | `flash-loan-xau-sidecar` | Planned. Runnable sidecar exists locally, but its role in the RTGS production path is still specialized and optional. | XAU-specific liquidity, conversion, and settlement logic only if retained as part of the target architecture. | Decide whether it remains a specialized liquidity extension or enters the canonical RTGS path; validate if retained. | HYBX integration lead | Scope decision is frozen, and if included the XAU liquidity path is validated end to end. |
 | Chain 138 settlement contracts | Partial. Contract families exist, but the exact RTGS contract path is not yet frozen as one canonical settlement lane. | Final contract path between OMNL-side events and on-chain settlement evidence. | Freeze the exact contract set and document how each business flow reaches Chain 138. | Chain 138 / settlement lead | Final contract set is frozen, deployed addresses are accepted, and the path is tested end to end. |
 | MerchantSettlementRegistry | Partial. Available contract family, but exact placement in the canonical RTGS flow is not yet frozen. | RTGS settlement workflow and evidence mapping. | Decide exactly when and how the registry is invoked in RTGS settlement. | Chain 138 / settlement lead | Registry path is integrated into the business flow with verified inputs and outputs. |
 | WithdrawalEscrow | Partial. Available contract family, but exact placement in RTGS withdrawal scenarios is not yet frozen. | Withdrawal / release / payout semantics in the RTGS model. | Freeze the escrow role for settlement and withdrawal scenarios. | Chain 138 / settlement lead | Escrow flow is validated in the chosen settlement and withdrawal scenarios. |
 | DBIS / compliant settlement tokens | Partial. Candidate instruments exist, but the final RTGS instrument set is not yet frozen by use case. | Monetary architecture, reserve rules, mint/burn policy, and reconciliation policy. | Select the final RTGS instruments and freeze their control and reconciliation model. | Chain 138 / monetary architecture lead | Final instrument selection, reserve rules, and reconciliation path are documented and validated. |
 | Reserve / oracle dependencies | Partial. Reserve and oracle systems exist, but the RTGS-specific dependency mapping is not yet frozen. | RTGS dependency model for reserve attestations, price references, and control policy. | Freeze which reserve/oracle controls are required for RTGS settlement and FX support. | Monetary controls lead | RTGS reserve/oracle dependencies are documented, accepted, and operational. |
 | FireFly / sidecar / chain event model | Planned. No single canonical correlation and retry model is yet frozen. | Shared IDs, correlation, retry, compensating actions, and event archive policy. | Define one canonical event model across OMNL, sidecars, and Chain 138. | Workflow architecture lead | Event catalog, IDs, retries, and compensating actions are defined and validated. |
 | ISO 20022 evidence and vault path | Partial. Evidence standard exists, but full institution-ready production completion is not yet frozen. | ISO 20022 archive, manifest, vaulting, and hash anchoring contract. | Complete ISO evidence packaging and archive references for the RTGS path. | Regulatory / compliance lead | ISO manifests, hashes, archive references, and legal evidence path are complete and reproducible. |
 | Institutional 4.995 package path | Partial. Package standards and scripts exist, but real institution submission-grade completion is not yet frozen. | Institutional attestation, submission package, and strict readiness contract. | Complete the evidence path with real institution-ready materials and `--strict` readiness. | Regulatory / compliance lead | `--strict` readiness passes with real institution materials and reproducible evidence output. |
 | Indonesia / BNI domestic banking path | Planned. Blueprint exists, but live BNI endpoint/auth/message contract is not yet evidenced. | BNI institution profile, domestic route definition, auth, account validation, and reporting obligations. | Freeze the BNI-connected route and message/auth contract for production. | Indonesia banking integration lead | Live BNI contract is documented, validated, and used in the canonical Indonesia payment flow. |
 | Global correspondent / liquidity bank path | Planned. Blueprint exists, but live correspondent endpoint/auth/message contract is not yet evidenced. | SWIFT / ISO / correspondent-bank endpoint, auth, nostro/vostro, and confirmation contract. | Freeze the correspondent-bank route and integrate it with OMNL, sidecars, and reconciliation. | Cross-border banking integration lead | Live correspondent contract is documented and a real cross-border flow is validated. |
 | RTGS production gate | Planned. The gate exists conceptually, but not all mandatory lanes are green yet. | All mandatory banking, sidecar, settlement, evidence, and external-bank integrations for the chosen production architecture. | Turn all mandatory rows for the chosen production architecture to `Complete`. | DBIS program owner | All mandatory checklist rows for the chosen RTGS production architecture are `Complete`. |
 ## Immediate execution priority
 1. Freeze the canonical banking rail on the now-proven OMNL tenant/auth path.
 2. Freeze the participant / treasury / GL model plus the depository, custody, FX, and liquidity-control layers.
 3. Complete the canonical settlement path from HYBX sidecars into Chain 138 and evidence output.
 ## Related artifacts
 - [dbis_chain_138_technical_master_plan.md](../../dbis_chain_138_technical_master_plan.md)
 - [docs/00-meta/TODO_TASK_LIST_MASTER.md](../00-meta/TODO_TASK_LIST_MASTER.md)
 - [docs/03-deployment/DBIS_PHASES_1_TO_3_PRODUCTION_GATE.md](DBIS_PHASES_1_TO_3_PRODUCTION_GATE.md)
 - [docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md](DBIS_HYPERLEDGER_RUNTIME_STATUS.md)
 - [docs/04-configuration/mifos-omnl-central-bank/HYBX_BATCH_001_OPERATOR_CHECKLIST.md](../04-configuration/mifos-omnl-central-bank/HYBX_BATCH_001_OPERATOR_CHECKLIST.md)
 - [docs/04-configuration/mifos-omnl-central-bank/INDONESIA_PACKAGE_4_995_EVIDENCE_STANDARD.md](../04-configuration/mifos-omnl-central-bank/INDONESIA_PACKAGE_4_995_EVIDENCE_STANDARD.md)
 - [docs/11-references/GITEA_HYBX_ORGANIZATION_AND_REPOS.md](../11-references/GITEA_HYBX_ORGANIZATION_AND_REPOS.md)
 - [DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md](DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md)
 - [DBIS_MOJALOOP_INTEGRATION_STATUS.md](DBIS_MOJALOOP_INTEGRATION_STATUS.md)
 - [DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md](DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md)
 - [DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md](DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md)
 - [DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md](DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md)
--- a/docs/03-deployment/DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md
+++ b/docs/03-deployment/DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md
@@ -0,0 +1,110 @@
 # DBIS RTGS First Slice Architecture
 **Last updated:** 2026-03-28  
 **Purpose:** Freeze the narrowest credible first production slice for the DBIS RTGS program using the assets currently available in the repository and local environment.
 ## Design principle
 The first production slice should avoid expanding the critical path with systems that are not yet deployed or not yet evidenced in the workspace. The goal is to get to a real end-to-end settlement slice with the minimum number of moving parts.
 ## Included in first slice
 ### Core runtime
 - Chain 138 / Hyperledger Besu
 - Explorer / Blockscout
 - FireFly primary (`6200`)
 - Mifos / Fineract / OMNL rail
 ### Selected HYBX sidecars
 - `mifos-fineract-sidecar`
 - `server-funds-sidecar`
 - `off-ledger-2-on-ledger-sidecar`
 ## Deferred from first slice
 - FireFly secondary (`6201`)
 - Fabric runtime
 - Indy runtime
 - Mojaloop integration
 - Aries / AnonCreds / Ursa runtime
 - Cacti runtime
 - card-network, securities, and flash-loan specialized sidecars
 ## Why these sidecars
 ### `mifos-fineract-sidecar`
 This is the strongest general-purpose banking sidecar for the first slice because it already models:
 - compliance
 - posting
 - settlement
 - reconciliation
 - audit
 - Fineract integration
 - events
 - observability
 ### `server-funds-sidecar`
 This is the best fit for treasury/funds movement orchestration because it already exposes:
 - transfer initiation
 - approvals
 - settlement events
 - reconciliation
 - Fineract integration
 ### `off-ledger-2-on-ledger-sidecar`
 This is the best fit for the off-ledger to on-ledger bridge because it already frames:
 - collateral or source-of-value lock
 - conversion initiation
 - settlement
 - extinguish/release flow
 ## First-slice interaction flow
 1. Participant/office exists in OMNL / Fineract.
 2. A transfer or settlement intent enters through the canonical banking rail.
 3. `mifos-fineract-sidecar` validates, screens, posts, and settles the banking-side event.
 4. `server-funds-sidecar` coordinates treasury/server-funds transfer semantics where needed.
 5. `off-ledger-2-on-ledger-sidecar` maps qualifying off-ledger value into the Chain 138 settlement path.
 6. Chain 138 settlement contracts record or confirm the on-ledger leg.
 7. Reconciliation and audit artifacts are produced.
 8. The regulatory package path is generated from the resulting evidence set.
 ## Immediate implementation sequence
 ### Sequence A — Banking rail
 1. Freeze the OMNL / Fineract tenant and operator path.
 2. Freeze the participant / treasury / GL model.
 3. Validate the `HYBX-BATCH-001` operator flow end to end.
 ### Sequence B — Sidecar baseline
 1. Build and validate `mifos-fineract-sidecar`.
 2. Build and validate `server-funds-sidecar`.
 3. Build and validate `off-ledger-2-on-ledger-sidecar`.
 4. Record runtime dependencies, health endpoints, and deployment units.
 ### Sequence C — Settlement mapping
 1. Freeze the canonical Chain 138 settlement contracts used by RTGS.
 2. Define the exact event handoff from sidecars to on-chain settlement.
 3. Define reconciliation outputs and operator evidence.
 ## Exclusion rule
 Anything not listed in “Included in first slice” must not be treated as a blocker for initial RTGS activation unless governance explicitly changes scope.
 ## Related artifacts
 - [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md)
 - [DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md](DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md)
 - [DBIS_MOJALOOP_INTEGRATION_STATUS.md](DBIS_MOJALOOP_INTEGRATION_STATUS.md)
 - [DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md](DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md)
--- a/docs/03-deployment/DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md
+++ b/docs/03-deployment/DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md
@@ -0,0 +1,283 @@
 # DBIS RTGS First Slice Deployment Checklist
 **Last updated:** 2026-03-29  
 **Purpose:** Convert the first-slice RTGS architecture into a deployable checklist for Proxmox VE and live operator validation. This document is intentionally narrower than the full RTGS program. It only covers the components chosen for the initial production slice.
 ## Scope
 This checklist applies to the following first-slice components:
 - Chain 138 / Hyperledger Besu
 - Explorer / Blockscout
 - FireFly primary (`6200`)
 - OMNL / Fineract banking rail
 - `mifos-fineract-sidecar`
 - `server-funds-sidecar`
 - `off-ledger-2-on-ledger-sidecar`
 This checklist does **not** assume that the following are part of the first production slice:
 - FireFly secondary (`6201`)
 - Fabric runtime
 - Indy runtime
 - Mojaloop integration
 - Aries / AnonCreds / Ursa runtime
 - Cacti runtime
 - specialized HYBX sidecars outside the chosen first slice
 ## Build verification completed
 The following sidecars were built successfully on 2026-03-28 with Maven and `-DskipTests`:
 ### `mifos-fineract-sidecar`
 - Build command:
  - `cd /home/intlc/projects/HYBX_Sidecars/mifos-fineract-sidecar && mvn -q -DskipTests package`
 - Verified runnable artifact:
  - `/home/intlc/projects/HYBX_Sidecars/mifos-fineract-sidecar/scsm-app/target/scsm-app-1.0.0-SNAPSHOT.jar`
 ### `server-funds-sidecar`
 - Build command:
  - `cd /home/intlc/projects/HYBX_Sidecars/server-funds-sidecar && mvn -q -DskipTests package`
 - Verified runnable artifact:
  - `/home/intlc/projects/HYBX_Sidecars/server-funds-sidecar/funds-app/target/funds-app-1.0.0-SNAPSHOT.jar`
 ### `off-ledger-2-on-ledger-sidecar`
 - Build command:
  - `cd /home/intlc/projects/HYBX_Sidecars/off-ledger-2-on-ledger-sidecar && mvn -q -DskipTests package`
 - Verified runnable artifact:
  - `/home/intlc/projects/HYBX_Sidecars/off-ledger-2-on-ledger-sidecar/target/off-ledger-2-on-ledger-sidecar-0.1.0-SNAPSHOT.jar`
 ## Current deployment status
 As of 2026-03-28/29:
 - `5802` `rtgs-scsm-1` is deployed on `r630-02`
  - systemd: `dbis-rtgs-scsm`
  - Redis: active
  - health: `UP`
 - `5803` `rtgs-funds-1` is deployed on `r630-02`
  - systemd: `dbis-rtgs-funds`
  - Redis: active
  - health: `UP`
 - `5804` `rtgs-xau-1` is deployed on `r630-02`
  - systemd: `dbis-rtgs-xau`
  - Redis: active
  - health: `UP`
 What is now proven:
 - the canonical authenticated OMNL / Fineract tenant flow is live for the SCSM lane:
  - base URL: `https://omnl.hybxfinance.io/fineract-provider/api/v1`
  - tenant: `omnl`
  - user: `app.omnl`
 - `rtgs-scsm-1` can post authenticated journal-entry batches into OMNL / Fineract
 - one canonical live transfer has completed through the deployed sidecar runtime:
  - sidecar response:
    - `messageId: c6e44bc8-aa04-4eba-b983-6293967f24b7`
    - `transactionId: a16a10b3bc47`
    - `status: COMPLETED`
  - verified OMNL journal entries:
    - debit `GL 1410` amount `1.11`
    - credit `GL 2100` amount `1.11`
    - comments `SCSM transfer c6e44bc8-aa04-4eba-b983-6293967f24b7`
 What is still not complete:
 - the participant / office / treasury / GL model is not yet frozen as the full RTGS production model
 - `server-funds-sidecar` and `off-ledger-2-on-ledger-sidecar` are runtime-healthy, but do not yet have equivalent authenticated business-flow validation
 - the canonical RTGS flow is not yet complete across OMNL / Fineract, sidecar logic, Chain 138 settlement, and final evidence output
 ## Runtime deployment baseline
 ### Besu / explorer / FireFly
 - [x] Chain 138 Besu production baseline is healthy
 - [x] Explorer / Blockscout is live
 - [x] FireFly primary `6200` is healthy enough to serve as the first-slice workflow/event anchor
 - [ ] Freeze the exact role FireFly will play in the first slice:
  - event broker only
  - process/workflow orchestrator
  - audit/event persistence layer
 ### OMNL / Fineract
 - [x] Confirm the exact production tenant, auth path, and base URL
 - [ ] Freeze the operator runbook and canonical batch flow
 - [ ] Confirm the participant / office / treasury / GL model used by the sidecars
 ## Sidecar runtime requirements
 ### `mifos-fineract-sidecar`
 **Reference repo:**
 - `/home/intlc/projects/HYBX_Sidecars/mifos-fineract-sidecar`
 **Run command:**
 - `java -jar scsm-app/target/scsm-app-1.0.0-SNAPSHOT.jar`
 **Health endpoints:**
 - `GET /actuator/health`
 - `GET /actuator/health/liveness`
 - `GET /actuator/health/readiness`
 **Key dependencies from repo-backed docs/config:**
 - database:
  - default H2 in-memory
  - production path should use `DB_URL` for PostgreSQL
 - Redis:
  - required for idempotency
  - `REDIS_HOST`, `REDIS_PORT`
 - Kafka:
  - optional
  - `KAFKA_BOOTSTRAP_SERVERS`
 - Fineract:
  - `FINERACT_BASE_URL`
 **Deployment gate before Proxmox promotion:**
 - [ ] Confirm production DB target
 - [ ] Confirm Redis target
 - [x] Confirm Fineract base URL and tenant/auth
 - [x] Prove `/actuator/health/readiness` healthy with production-like dependencies
 - [x] Validate one canonical transfer request path against the intended Fineract rail
 - [ ] Eliminate the current hard-stop / forced-restart workaround needed for some jar upgrades on the SCSM systemd unit
 ### `server-funds-sidecar`
 **Reference repo:**
 - `/home/intlc/projects/HYBX_Sidecars/server-funds-sidecar`
 **Run command:**
 - `java -jar funds-app/target/funds-app-1.0.0-SNAPSHOT.jar`
 **Health endpoints:**
 - `GET /actuator/health/liveness`
 - `GET /actuator/health/readiness`
 **Key dependencies from repo-backed docs/config:**
 - database:
  - default H2 in-memory
  - production path should use `DB_URL` for PostgreSQL
 - Redis:
  - required for idempotency
  - `REDIS_HOST`
 - Kafka:
  - optional
  - `KAFKA_BOOTSTRAP_SERVERS`
 - Fineract adapter:
  - present in repo structure and must be wired to the selected banking rail
 **Deployment gate before Proxmox promotion:**
 - [ ] Decide whether this sidecar is required in the initial funds/treasury path
 - [ ] Freeze its system-of-record boundary versus `mifos-fineract-sidecar`
 - [ ] Validate initiate/approve/status flow against the chosen RTGS participant model
 - [ ] Validate settlement event and reconciliation behavior
 ### `off-ledger-2-on-ledger-sidecar`
 **Reference repo:**
 - `/home/intlc/projects/HYBX_Sidecars/off-ledger-2-on-ledger-sidecar`
 **Run command:**
 - `mvn spring-boot:run`
  - or use the built jar:
  - `java -jar target/off-ledger-2-on-ledger-sidecar-0.1.0-SNAPSHOT.jar`
 **Current config evidence:**
 - `config/application.yaml`
 - default `server.port: 8080`
 - `FINERACT_BASE_URL`
 - `XAU_FEED_URL`
 - GL and risk configuration under `config/`
 **Health/readiness note:**
 - repo runbook calls out adding Spring Boot Actuator as optional
 - production deployment should not proceed until there is a stable health/readiness path
 **Deployment gate before Proxmox promotion:**
 - [ ] Confirm this sidecar’s role in the first production slice
 - [ ] Freeze the exact off-ledger source event and on-ledger settlement target
 - [ ] Confirm Fineract connectivity and XAU pricing/oracle strategy
 - [ ] Add or verify production-grade health endpoint support
 - [ ] Validate one canonical conversion/session flow end to end
 ## Proxmox deployment checklist
 ### Pre-deploy
 - [ ] Choose the actual Proxmox target(s) for the three sidecars
 - [ ] Decide container vs VM packaging for each sidecar
 - [ ] Freeze Java runtime baseline
 - [ ] Freeze secrets/env injection method
 - [ ] Freeze logging and restart policy
 ### Dependency wiring
 - [ ] Postgres target(s) available if not using H2
 - [ ] Redis target(s) available
 - [ ] Kafka decision made:
  - optional and deferred, or
  - required for the chosen event model
 - [ ] Fineract API reachability proven from the chosen Proxmox runtime
 - [ ] FireFly integration point frozen if FireFly is part of the event path
 ### Runtime verification
 - [x] Process starts under systemd / container supervisor
 - [x] Health endpoints return healthy
 - [x] `mifos-fineract-sidecar` API base path responds for a canonical business flow
 - [ ] `server-funds-sidecar` and `off-ledger-2-on-ledger-sidecar` API base paths respond for canonical business flows
 - [x] Logs show no dependency boot failures for current runtime boot
 - [x] Sidecar can reach Fineract at the HTTP layer
 - [x] Sidecar can reach required local Redis dependency
 - [ ] Sidecar can reach final production DB / Kafka dependencies if those are required by the chosen slice
 ### Functional verification
 - [x] `mifos-fineract-sidecar` processes one canonical transfer
 - [ ] `server-funds-sidecar` processes one canonical funds/approval flow if in scope
 - [ ] `off-ledger-2-on-ledger-sidecar` processes one canonical conversion/settlement flow
 - [ ] Chain 138 receives and records the intended settlement leg where applicable
 - [ ] Reconciliation and audit outputs are captured
 ## Verification command
 Use:
 ```bash
 bash scripts/verify/check-dbis-rtgs-first-slice.sh
 ```
 This verifies:
 - CT status
 - systemd service status
 - local Redis status
 - local actuator health
 - live Fineract HTTP reachability from each sidecar CT
 ## First-slice production gate
 The first RTGS production slice should be treated as deployable only when all of the following are true:
 1. Besu, explorer, and FireFly primary remain healthy.
 2. OMNL / Fineract tenant, auth, and operator path are frozen.
 3. The participant / treasury / GL model is frozen.
 4. The selected sidecars are deployed to Proxmox VE or an equivalent production runtime.
 5. Each selected sidecar has a stable health/readiness path.
 6. One canonical RTGS flow executes successfully across:
   - Fineract / OMNL
   - selected sidecar(s)
   - Chain 138 settlement path
   - reconciliation / evidence output
 7. Any deferred components remain explicitly deferred in architecture and runbooks.
 ## Related artifacts
 - [DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md](DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md)
 - [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md)
 - [DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md](DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md)
 - [DBIS_MOJALOOP_INTEGRATION_STATUS.md](DBIS_MOJALOOP_INTEGRATION_STATUS.md)
 - [DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md](DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md)
--- a/docs/03-deployment/DBIS_RTGS_FX_AND_LIQUIDITY_OPERATING_MODEL.md
+++ b/docs/03-deployment/DBIS_RTGS_FX_AND_LIQUIDITY_OPERATING_MODEL.md
@@ -0,0 +1,187 @@
 # DBIS RTGS FX and Liquidity Operating Model
 **Last updated:** 2026-03-29  
 **Purpose:** Implementation-grade operating model for the FX pricing / dealing engine, liquidity pooling and aggregation engine, and liquidity source adapters referenced by the DBIS RTGS canonical production checklist.
 ## 1. Scope
 This document freezes the intended runtime boundaries for:
 - `FX pricing / dealing engine`
 - `Liquidity pooling and aggregation engine`
 - `Liquidity source adapters`
 It defines the minimum behavior required before these layers can be promoted from architecture intent into a validated production lane.
 ## 2. Canonical role split
 ### FX pricing / dealing engine
 Owns:
 - quote generation or approved rate ingest
 - source hierarchy for rates
 - spread / fee policy application
 - quote locking, expiry, and value-date semantics
 - booking references for OMNL and settlement
 Does not own:
 - final accounting ledger
 - final liquidity-source selection
 - final settlement transport
 ### Liquidity pooling and aggregation engine
 Owns:
 - evaluate available liquidity sources
 - prioritize and allocate funding
 - enforce eligibility and operator override rules
 - emit the canonical funding decision reference
 Does not own:
 - FX quote formation
 - bank-message transport
 - settlement evidence packaging
 ### Liquidity source adapters
 Owns:
 - normalize access to internal treasury pools
 - normalize access to bank lines and correspondent-bank sources
 - normalize access to optional on-chain liquidity
 - return funding availability, hold, release, and failure states
 Does not own:
 - aggregate funding decisions
 - journal posting
 - orchestration state
 ## 3. Canonical business objects
 | Object | Primary owner | Required downstream link |
 |--------|---------------|--------------------------|
 | `fx_quote` | FX engine | OMNL booking, settlement refs |
 | `fx_booking_reference` | FX engine | journal refs, evidence package |
 | `funding_request` | Liquidity engine | source adapter calls |
 | `funding_decision` | Liquidity engine | OMNL posting, settlement rail, evidence package |
 | `liquidity_adapter_result` | Source adapter | funding decision |
 | `rate_source_reference` | FX engine | FX reconciliation |
 ## 4. Required source classes
 Mandatory source classes to model:
 1. internal treasury pools
 2. bank credit / liquidity lines
 3. correspondent-bank liquidity
 4. optional on-chain liquidity if it remains in the target production path
 Each class must have:
 - auth model
 - request contract
 - response contract
 - failure code mapping
 - hold/release semantics
 ## 5. Canonical flow
 ```mermaid
 flowchart LR
    REQ["Payment / Settlement Request"] --> ORCH["RTGS Orchestrator"]
    ORCH --> FX["FX Pricing / Dealing Engine"]
    FX -->|"locked quote"| ORCH
    ORCH --> LQE["Liquidity Pooling / Aggregation Engine"]
    LQE --> AD1["Internal Treasury Adapter"]
    LQE --> AD2["Bank Line Adapter"]
    LQE --> AD3["Correspondent Adapter"]
    LQE --> AD4["Optional On-Chain Adapter"]
    AD1 --> LQE
    AD2 --> LQE
    AD3 --> LQE
    AD4 --> LQE
    LQE -->|"funding decision"| ORCH
    ORCH --> OMNL["OMNL / Fineract"]
    ORCH --> SETTLE["Settlement Rail"]
 ```
 ## 6. Minimum interface contract
 ### FX quote/pricing/booking contract
 - Input:
  - source currency
  - destination currency
  - amount
  - value date
  - participant / route context
 - Output:
  - quote id
  - rate
  - spread / fee
  - expiry
  - booking reference
 - Failure contract:
  - reject quote with explicit reason and no booking reference
 ### Liquidity-engine source-selection and allocation contract
 - Input:
  - funding request id
  - route context
  - required amount / currency
  - value date
  - constraints / policy flags
 - Output:
  - funding decision id
  - selected source set
  - allocation amounts
  - operator action requirement if needed
 - Failure contract:
  - insufficient-liquidity or policy-rejected state
 ### Liquidity source adapter contract
 - Input:
  - funding request
  - hold/release action
  - source account or line reference
 - Output:
  - adapter result id
  - availability / hold / release confirmation
  - failure code
 - Failure contract:
  - adapter error with retriable vs terminal distinction
 ## 7. Reconciliation requirements
 Required reconciliations:
 1. rate source vs booked rate
 2. quote id vs OMNL posting reference
 3. funding decision vs selected source confirmations
 4. source holds/releases vs actual settlement usage
 5. FX gain/loss and fee treatment vs final accounting outputs
 ## 8. Deployment expectations
 Before these layers can be considered active:
 1. the canonical rate hierarchy must be frozen
 2. the canonical funding-source priority model must be frozen
 3. mandatory source adapters must be enumerated and assigned
 4. one canonical FX-backed transfer must run end to end with quote and funding references preserved
 ## 9. Production gate
 This operating model is complete only when:
 1. one canonical FX transaction completes with frozen pricing inputs
 2. one canonical funding decision is emitted and reconciled
 3. mandatory liquidity source adapters are validated
 4. the canonical production checklist rows for these layers can move from `Planned` to `Partial` or `Complete` with evidence
--- a/docs/03-deployment/DBIS_RTGS_FX_TRANSACTION_CATALOG.md
+++ b/docs/03-deployment/DBIS_RTGS_FX_TRANSACTION_CATALOG.md
@@ -0,0 +1,285 @@
 # DBIS RTGS FX Transaction Catalog
 **Last updated:** 2026-03-29  
 **Purpose:** Canonical transaction catalog for FX, cross-border banking, and RTGS-adjacent settlement flows across OMNL, HYBX sidecars, Chain 138, and Indonesia-facing beneficiary banks such as Bank Kanaya and BNI-connected correspondent paths.
 ## Scope
 This document describes the full transaction families required for a production-grade FX and cross-border RTGS stack:
 - OMNL / Fineract journal-entry flows
 - HYBX sidecar business flows
 - ISO 20022 and SWIFT Fin message flows
 - FX valuation and revaluation flows
 - correspondent-banking and nostro / vostro flows
 - Chain 138 settlement augmentation where on-ledger finality is in scope
 This document is not a statement that every flow is already deployed. It is the execution catalog for what must exist to call the stack fully end to end.
 ## Status legend
 - `Implemented now`
 - `Partially implemented`
 - `Required next`
 ## 1. Core transaction families
 | Family | Description | Current status | Primary systems |
 |--------|-------------|----------------|-----------------|
 | Opening balance / reserve migration | Initial OMNL funding and reserve booking | Implemented now | OMNL / Fineract |
 | M0 to M1 conversion | Central-bank style monetary conversion and allocation | Implemented now | OMNL / Fineract |
 | Interoffice settlement | HO to branch / institution due-to / due-from settlement | Implemented now | OMNL / Fineract |
 | PvP multilateral net settlement | Beneficiary office receives net cleared position | Partially implemented | OMNL / Fineract |
 | Sidecar-initiated RTGS posting | Business-side RTGS transfer posted into OMNL via sidecar | Partially implemented | `mifos-fineract-sidecar`, OMNL |
 | Treasury / funding orchestration | Treasury approval, prefunding, limits, release | Required next | `server-funds-sidecar`, OMNL |
 | Off-ledger to on-ledger conversion | External event to Chain 138 settlement leg | Required next | `off-ledger-2-on-ledger-sidecar`, Chain 138 |
 | FX valuation / revaluation | Spot, triangulated, and end-of-day revaluation | Required next | OMNL, rate feeds |
 | Correspondent-bank settlement | Nostro / vostro reconciliation with domestic / global banks | Required next | OMNL, bank APIs, ISO/SWIFT rails |
 | Regulatory evidence package | Indonesia / institution-ready package and submission | Partially implemented | OMNL scripts, evidence tooling |
 ## 2. Full FX transaction classes
 ### 2.1 Internal treasury FX conversion
 **Purpose**
 - Convert between currencies inside OMNL treasury books.
 - Support central treasury reserve management and internal balance-sheet positioning.
 **Required legs**
 1. Debit source currency reserve / treasury account.
 2. Credit target currency reserve / treasury account.
 3. Post realized or unrealized FX P&L where applicable.
 4. Update revaluation basis and audit trail.
 **Key GL patterns**
 - `12010` / `12020` / `12090` — FX reserve detail
 - `13010` — FX settlement nostro
 - `42000` / `51000` — realized FX gain / loss
 - `42100` / `52100` — unrealized FX gain / loss
 **Required messages / records**
 - Internal treasury instruction
 - Rate source reference
 - value date / trade date
 - dealing reference
 - settlement reference
 **Status**
 - GL and valuation framework are documented.
 - End-to-end booked treasury FX conversion flow is not yet proven in production.
 ### 2.2 Domestic beneficiary settlement in Indonesia
 **Purpose**
 - Credit Indonesian beneficiary institutions such as Bank Kanaya on OMNL books.
 - Support domestic regulatory reporting and beneficiary balance confirmation.
 **Required legs**
 1. Clear multilateral or bilateral obligation.
 2. Post OMNL journal entries to beneficiary office.
 3. Attach settlement reference and supporting evidence.
 4. Reconcile beneficiary office balances and produce regulator-facing package.
 **Current repo-backed example**
 - `HYBX-BATCH-001`
 - beneficiary office `22` Bank Kanaya
 - `USD 1,000,000,000.00`
 - PvP multilateral net narrative in [PvP_MULTILATERAL_NET_SETTLEMENT_BANK_KANAYA.md](../04-configuration/mifos-omnl-central-bank/PvP_MULTILATERAL_NET_SETTLEMENT_BANK_KANAYA.md)
 **Status**
 - Repo-backed posting and package path exists.
 - Live authenticated sidecar-to-OMNL posting now exists.
 - Full production beneficiary-bank operating model is still not frozen.
 ### 2.3 Cross-border commercial-bank FX payment
 **Purpose**
 - Move value from OMNL / central-bank context through a domestic or correspondent bank path to an external bank.
 **Required legs**
 1. Payment initiation or settlement instruction received.
 2. FX quote / rate locked.
 3. Compliance and sanctions checks.
 4. Nostro / vostro and prefunding checks.
 5. Debit source balance / reserve.
 6. Credit beneficiary bank or correspondent account.
 7. Reconcile statement and confirmation messages.
 8. Produce audit and regulatory evidence.
 **Required message families**
 - ISO 20022:
  - `pain.001`
  - `pacs.008`
  - `pacs.009`
  - `pacs.002`
  - `camt.052`
  - `camt.053`
  - `camt.054`
 - SWIFT Fin where needed:
  - `MT103`
  - `MT202` / `MT202 COV`
  - optionally statement or advice equivalents off-platform
 **Status**
 - Message methodology is documented.
 - A production cross-border message rail is not yet fully deployed in this workspace.
 ### 2.4 Chain-anchored RTGS settlement
 **Purpose**
 - Add on-ledger finality or settlement confirmation on Chain 138 after OMNL-side accounting.
 **Required legs**
 1. Off-ledger business event finalized in OMNL.
 2. Canonical settlement event created with stable identifiers.
 3. Chain 138 contract path selected.
 4. Settlement token / registry / escrow action executed.
 5. On-chain transaction hash captured in evidence package.
 6. Reconciliation ties OMNL transaction, sidecar correlation ID, and chain tx hash together.
 **Likely on-chain components**
 - `MerchantSettlementRegistry`
 - `WithdrawalEscrow`
 - compliant settlement token set
 - reserve / oracle controls where minting or conversion is involved
 **Status**
 - Contract inventory exists.
 - Canonical RTGS chain leg is not yet frozen end to end.
 ## 3. Message-by-message transaction detail
 ### 3.1 `pain.001` customer initiation
 **Used for**
 - bank or enterprise payment initiation into the RTGS workflow
 **Minimum mapped fields**
 - debtor / creditor
 - debtor account / creditor account
 - amount
 - currency
 - end-to-end id
 - purpose
 **Downstream**
 - mapped into canonical payload
 - feeds compliance and posting workflow
 ### 3.2 `pacs.008` FI-to-FI customer credit transfer
 **Used for**
 - primary credit-settlement instruction between institutions
 **Required downstream records**
 - instructionId
 - MsgId
 - UETR if available
 - amount / currency
 - settlement method
 - account references
 **Expected system impacts**
 - OMNL posting
 - sidecar audit event
 - optional chain settlement event
 ### 3.3 `pacs.009` interbank settlement
 **Used for**
 - bank-to-bank settlement leg
 - high-value RTGS interbank flow
 **Indonesia / correspondent context**
 - preferred for institution-facing settlement instruction where OMNL to beneficiary bank mapping exists
 ### 3.4 `pacs.002` status reporting
 **Used for**
 - accept / reject / pending / completed status
 **Required use**
 - update business workflow state
 - feed operator dashboards and evidence package
 ### 3.5 `camt.053` / `camt.054`
 **Used for**
 - statement and debit/credit advice reconciliation
 **Required use**
 - external-bank and nostro/vostro reconciliation
 - proof of receipt / settlement confirmation
 ### 3.6 `MT103` / `MT202`
 **Used for**
 - legacy correspondent banking or hybrid gateway participation
 **Required use**
 - normalize into the same canonical struct as MX messages
 - preserve raw message hash and field mapping in the evidence chain
 ## 4. Required reconciliation outputs
 Every production FX / RTGS transaction family must produce:
 1. business request payload
 2. authenticated API request / response evidence
 3. OMNL journal-entry ids and journal-entry payload
 4. sidecar correlation id / message id / idempotency key
 5. rate source and value date
 6. beneficiary / counterparty office and account mapping
 7. statement / confirmation artifact where external banks are involved
 8. on-chain tx hash where Chain 138 is involved
 9. package-ready manifest entry
 ## 5. Required identifiers
 The following identifiers must be stable across systems:
 - `instructionId`
 - `messageId`
 - `correlationId`
 - `idempotencyKey`
 - `settlementRef`
 - `transactionId` (OMNL / Fineract)
 - `UETR` where applicable
 - chain transaction hash where applicable
 ## 6. Minimum production-complete FX criteria
 The FX stack is not production-complete until all of the following are true:
 1. rate source and valuation policy are frozen
 2. participant / office / treasury / GL model is frozen
 3. domestic beneficiary-bank flow is repeatable
 4. correspondent-bank flow is documented and tested
 5. reconciliation captures all identifiers and statement evidence
 6. regulatory package includes FX-specific reporting and prudential mapping
 7. chain settlement leg is either fully implemented or explicitly out of scope
 ## 7. Current truth
 ### Proven now
 - OMNL tenant/auth is live and usable
 - `mifos-fineract-sidecar` has completed an authenticated live OMNL posting
 - the accounting side of a canonical business transfer can be initiated from a deployed sidecar on Proxmox VE
 ### Still open
 - full treasury / funds orchestration
 - off-ledger to Chain 138 settlement leg
 - correspondent-bank and BNI-specific external settlement path
 - full evidence package covering banking message + accounting + on-chain finality in one run
 ## Related artifacts
 - [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md)
 - [DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md](DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md)
 - [HYBX_BATCH_001_OPERATOR_CHECKLIST.md](../04-configuration/mifos-omnl-central-bank/HYBX_BATCH_001_OPERATOR_CHECKLIST.md)
 - [OMNL_TRANSACTION_SEQUENCE_FULL.md](../04-configuration/mifos-omnl-central-bank/OMNL_TRANSACTION_SEQUENCE_FULL.md)
 - [PvP_MULTILATERAL_NET_SETTLEMENT_BANK_KANAYA.md](../04-configuration/mifos-omnl-central-bank/PvP_MULTILATERAL_NET_SETTLEMENT_BANK_KANAYA.md)
 - [FX_AND_VALUATION.md](../04-configuration/mifos-omnl-central-bank/FX_AND_VALUATION.md)
 - [SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md](../04-configuration/SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md)
--- a/docs/03-deployment/DBIS_RTGS_LATER_PHASE_SIDECARS_DEPLOYMENT_CHECKLIST.md
+++ b/docs/03-deployment/DBIS_RTGS_LATER_PHASE_SIDECARS_DEPLOYMENT_CHECKLIST.md
@@ -0,0 +1,54 @@
 # DBIS RTGS Later-Phase Sidecars Deployment Checklist
 **Last updated:** 2026-03-29  
 **Purpose:** Deployment checklist for the next sidecar tranche beyond the currently deployed first-slice services.
 ## 1. Target sidecars
 | Sidecar | Runtime type | Expected artifact | Health path |
 |---------|--------------|-------------------|-------------|
 | `securities-sidecar` | Java / Spring Boot | `securities-app/target/securities-app-1.0.0-SNAPSHOT.jar` | `GET /actuator/health` |
 | `card-networks-sidecar` | Java / Spring Boot | `cardnet-app/target/cardnet-app-1.0.0-SNAPSHOT.jar` | `GET /actuator/health` |
 | `mt103-hardcopy-sidecar` | Go binary | `./server` built from `cmd/server` | `GET /health` |
 ## 2. Intended role in DBIS RTGS
 - `securities-sidecar`
  - later-phase depository / custody / securities instruction lane
 - `card-networks-sidecar`
  - later-phase card-rail settlement lane
 - `mt103-hardcopy-sidecar`
  - evidence and hardcopy-bank-message archive lane
 ## 3. Target runtime
 Suggested default Proxmox targets on `r630-02`:
 - `5808` `rtgs-securities-1`
 - `5809` `rtgs-cardnet-1`
 - `5810` `rtgs-mt103-1`
 ## 4. Required inputs before deployment
 - built JAR for `securities-sidecar`
 - built JAR for `card-networks-sidecar`
 - built Go binary for `mt103-hardcopy-sidecar`
 - OMNL / Fineract tenant/auth contract for the Java sidecars
 - PostgreSQL decision for `mt103-hardcopy-sidecar`
 - Redis host/port for Java sidecars
 ## 5. Deployment gates
 - [ ] each artifact exists and is versioned
 - [ ] each target CT exists and is reachable
 - [ ] each service can start under systemd
 - [ ] health endpoint returns success
 - [ ] Fineract reachability is proven for Java sidecars
 - [ ] storage/database reachability is proven for the MT103 sidecar
 - [ ] one canonical later-phase business flow is identified per sidecar before production claims are made
 ## 6. Scripts
 - [create-dbis-rtgs-later-phase-sidecar-lxcs.sh](/home/intlc/projects/proxmox/scripts/deployment/create-dbis-rtgs-later-phase-sidecar-lxcs.sh)
 - [deploy-dbis-rtgs-later-phase-sidecars.sh](/home/intlc/projects/proxmox/scripts/deployment/deploy-dbis-rtgs-later-phase-sidecars.sh)
 - [check-dbis-rtgs-later-phase-sidecars.sh](/home/intlc/projects/proxmox/scripts/verify/check-dbis-rtgs-later-phase-sidecars.sh)
--- a/docs/03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md
+++ b/docs/03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md
@@ -1,5 +1,7 @@
 # Full Deployment Order of Operations
 > Historical note (2026-03-26): this run order includes earlier PMM deployment phases. The current canonical Chain 138 PMM stack is `DODOPMMIntegration=0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d` and `DODOPMMProvider=0x5CAe6Ce155b7f08D3a956F5Dc82fC9945f29B381`. Use [ADDRESS_MATRIX_AND_STATUS.md](../11-references/ADDRESS_MATRIX_AND_STATUS.md) for live addresses.
 **Last Updated:** 2026-02-28  
 **Purpose:** Single canonical sequence for deploying and completing the system: prerequisites → Chain 138 core → PMM/pools → provider → optional → cW* → verification. Use this as the master order; other runbooks give per-step detail.
@@ -42,7 +44,7 @@ Execute in any order where no dependency; all must be satisfied before Phase 1
 |---|------|--------|
 | 0.1 | **RPC 2101 (Core) writable** | If read-only: `./scripts/maintenance/make-rpc-vmids-writable-via-ssh.sh` then `./scripts/maintenance/health-check-rpc-2101.sh`. See [RPC_2101_READONLY_FIX.md](RPC_2101_READONLY_FIX.md). |
 | 0.2 | **Deployer wallet funded (Chain 138)** | ≥ ~0.006 ETH (recommended 1–2 ETH). Check: `cd smom-dbis-138 && ./scripts/deployment/check-balances-gas-and-deploy.sh`. |
-| 0.3 | **Env configured** | `smom-dbis-138/.env` only: `PRIVATE_KEY`, `RPC_URL_138` (Core); for PMM: `DODO_PMM_INTEGRATION_ADDRESS=0x79cdbaFBaA0FdF9F55D26F360F54cddE5c743F7D`. Optional: `GAS_PRICE_138`, `GAS_PRICE`. Run: `cd smom-dbis-138 && ./scripts/deployment/check-env-required.sh`. Or from repo root: `./scripts/deployment/preflight-chain138-deploy.sh`. |
+| 0.3 | **Env configured** | `smom-dbis-138/.env` only: `PRIVATE_KEY`, `RPC_URL_138` (Core); for PMM: `DODO_PMM_INTEGRATION_ADDRESS=0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d`, `DODO_PMM_PROVIDER_ADDRESS=0x5CAe6Ce155b7f08D3a956F5Dc82fC9945f29B381`. Optional: `GAS_PRICE_138`, `GAS_PRICE`. Run: `cd smom-dbis-138 && ./scripts/deployment/check-env-required.sh`. Or from repo root: `./scripts/deployment/preflight-chain138-deploy.sh`. |
 | 0.4 | **Gas / cost estimate** | Run cost estimate before deploy: `cd smom-dbis-138 && ./scripts/deployment/calculate-costs-consolidated.sh` (or see [DEPLOYMENT_GAS_COSTS_REALTIME](../11-references/DEPLOYMENT_GAS_COSTS_REALTIME.md)). Chain 138 uses min 1 gwei; script gives estimated total cost. |
 | 0.5 | **POOL_MANAGER_ROLE** | Deployer must have POOL_MANAGER_ROLE on DODOPMMIntegration for pool creation and provider registration. |
 | 0.6 | **No stuck transactions** | If nonce has pending txs or "Replacement transaction underpriced": run `./scripts/clear-all-transaction-pools.sh` then wait ~60s. Use Core RPC only (no Public fallback). Prefer deploy scripts that check nonce (e.g. `deploy-transaction-mirror-and-pmm-pool-after-txpool-clear.sh`). |
--- a/docs/03-deployment/EXPLORER_FRONTEND_404_FIX_RUNBOOK.md
+++ b/docs/03-deployment/EXPLORER_FRONTEND_404_FIX_RUNBOOK.md
@@ -23,7 +23,7 @@ This deployment uses a **custom frontend** (SolaceScanScout), not the built-in B
 - `explorer-monorepo/scripts/fix-nginx-serve-custom-frontend.sh` — nginx config that serves `/var/www/html` for `/` and SPA paths.
 - `explorer-monorepo/scripts/fix-nginx-conflicts-vmid5000.sh` — current “conflicts” config: proxies `location /` to :4000 (no static root).
 - `explorer-monorepo/scripts/deploy-frontend-to-vmid5000.sh` — deploys frontend files and can apply the custom-frontend nginx config.
- `docs/archive/fixes/BLOCKSCOUT_WEB_INTERFACE_404_FIX.md` — historical 404 investigation.
+- This runbook replaces ad-hoc 404 notes; use `explorer-monorepo/scripts/` above for nginx and deploy.
 - `explorer-monorepo/docs/BLOCKSCOUT_START_AND_BUILD.md` — Blockscout container/assets; UI in this setup is the custom frontend, not Blockscout’s own UI.
 ---
--- a/Show More
+++ b/Show More
`@@ -172,4 +172,4 @@`

	`Total remaining (actionable): Wave 0: 3 · Wave 1: 44 · Wave 2: 8 · Wave 3: 2 · Ongoing: 5.`	`Total remaining (actionable): Wave 0: 3 · Wave 1: 44 · Wave 2: 8 · Wave 3: 2 · Ongoing: 5.`

	`Last parallel run (2026-02-05): Run log batch 11 — CI validation, config validation, security dry-runs (W1-1, W1-2), phase2 config, CCIP checklist, phase4 show-steps, config backup, shellcheck --optional, Wave 0 dry-run. See [FULL_PARALLEL_RUN_LOG.md](../archive/00-meta-pruned/FULL_PARALLEL_RUN_LOG.md) (archived).`	Last parallel run (2026-02-05): Batch 11 covered CI validation, `validate-config-files.sh`, security dry-runs, phase2 config, CCIP checklist, phase4 show-steps, config backup, shellcheck --optional, Wave 0 dry-run. Current checks: `./scripts/validation/validate-config-files.sh`, `./scripts/verify/run-all-validation.sh` (optional `--skip-genesis`), [WAVE1_COMPLETION_SUMMARY.md](WAVE1_COMPLETION_SUMMARY.md).
`@@ -41,4 +41,4 @@ Examples (no API key or key without private-key restriction):`

	`---`	`---`

	`Refs: [OPTIONAL_DEPLOYMENTS_START_HERE](../07-ccip/OPTIONAL_DEPLOYMENTS_START_HERE.md) §2C \| [COMPLETION_STATUS_20260215](../archive/00-meta-pruned/COMPLETION_STATUS_20260215.md)`	`Refs: [OPTIONAL_DEPLOYMENTS_START_HERE](../07-ccip/OPTIONAL_DEPLOYMENTS_START_HERE.md) §2C \| [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md)`