# All Additional Improvements and Gaps — Recommended or Suggested for Optimization

**Last Updated:** 2026-02-03  
**Purpose:** Single consolidated list of all recommended/suggested improvements, gaps, and optimizations across the repo.

**Master entry points:**
- [GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md](GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md) — **Gaps, placeholders, and recommendations (single reference)**
- [OPTIONAL_RECOMMENDATIONS_INDEX.md](OPTIONAL_RECOMMENDATIONS_INDEX.md) — Optional tasks and recommendations index
- [REMAINING_TASKS.md](REMAINING_TASKS.md) — Optional/enhancement tasks and maintenance
- [00-meta/NEXT_STEPS_MASTER.md](00-meta/NEXT_STEPS_MASTER.md) — Consolidated next steps
- [10-best-practices/IMPLEMENTATION_CHECKLIST.md](10-best-practices/IMPLEMENTATION_CHECKLIST.md) — Checklist by priority
- [REQUIRED_FIXES_UPDATES_GAPS.md](REQUIRED_FIXES_UPDATES_GAPS.md) — Required fixes and placeholders in code
- [PLACEHOLDERS_AND_TBD.md](PLACEHOLDERS_AND_TBD.md) — Placeholder and TBD items

---

## 1. Proxmox / Validated Set (docs/10-best-practices, docs/)

### High priority (implement soon)

| # | Item | Source | Notes |
|---|------|--------|------|
| 1 | Secure .env file permissions | IMPLEMENTATION_CHECKLIST, QUICK_WINS | `chmod 600 ~/.env` |
| 2 | Secure validator key permissions | IMPLEMENTATION_CHECKLIST, QUICK_WINS | chmod 600, chown besu |
| 3 | SSH key-based authentication (disable password) | IMPLEMENTATION_CHECKLIST, RECOMMENDATIONS_AND_SUGGESTIONS | |
| 4 | Firewall rules for Proxmox API (port 8006) | IMPLEMENTATION_CHECKLIST | Restrict to specific IPs |
| 5 | Network segmentation (VLANs) | IMPLEMENTATION_CHECKLIST, NEXT_STEPS_MASTER | VLAN enablement phase |
| 6 | Basic metrics collection (Prometheus, Besu 9545) | IMPLEMENTATION_CHECKLIST, QUICK_WINS | |
| 7 | Health check monitoring + alerting | IMPLEMENTATION_CHECKLIST, QUICK_WINS | |
| 8 | Automated backup script + encrypted validator keys | IMPLEMENTATION_CHECKLIST, QUICK_WINS | |
| 9 | Backup configuration files + version control | IMPLEMENTATION_CHECKLIST | |
| 10 | Integration tests for deployment scripts | IMPLEMENTATION_CHECKLIST | |
| 11 | Runbooks (add/remove validator, upgrade Besu, key rotation, recovery, consensus) | IMPLEMENTATION_CHECKLIST, RECOMMENDATIONS_AND_SUGGESTIONS | |

### Medium priority (next quarter)

| # | Item | Source | Notes |
|---|------|--------|------|
| 12 | Enhanced error handling (retry, timeout, circuit breaker, rollback) | IMPLEMENTATION_CHECKLIST, RECOMMENDATIONS_AND_SUGGESTIONS | retry_with_backoff.sh exists |
| 13 | Structured logging (levels, JSON, IDs, rotation) | IMPLEMENTATION_CHECKLIST, RECOMMENDATIONS_AND_SUGGESTIONS | |
| 14 | Centralized log collection (Loki/ELK) | IMPLEMENTATION_CHECKLIST | |
| 15 | Resource optimization (right-size, CPU pinning, quotas) | IMPLEMENTATION_CHECKLIST, RECOMMENDATIONS_AND_SUGGESTIONS | |
| 16 | Network optimization (P2P, buffers, jumbo frames, static-nodes) | IMPLEMENTATION_CHECKLIST | |
| 17 | Database optimization (size, cache, backups, pruning) | IMPLEMENTATION_CHECKLIST | |
| 18 | Java/Besu tuning (heap, GC, flight recorder) | IMPLEMENTATION_CHECKLIST, RECOMMENDATIONS_AND_SUGGESTIONS | |
| 19 | CI/CD pipeline (testing, blue-green, rollback, canary) | IMPLEMENTATION_CHECKLIST, RECOMMENDATIONS_AND_SUGGESTIONS | |
| 20 | CLI tool for operations | IMPLEMENTATION_CHECKLIST | |

### Low priority (future)

| # | Item | Source | Notes |
|---|------|--------|------|
| 21 | Auto-scaling for sentries/RPC nodes | IMPLEMENTATION_CHECKLIST | |
| 22 | Dynamic validator set changes | IMPLEMENTATION_CHECKLIST | |
| 23 | Load balancing for RPC nodes | IMPLEMENTATION_CHECKLIST | |
| 24 | Multi-region deployments | IMPLEMENTATION_CHECKLIST | |
| 25 | HA validators (failover) | IMPLEMENTATION_CHECKLIST | |
| 26 | Support for network upgrades | IMPLEMENTATION_CHECKLIST | |
| 27 | Web UI for management | IMPLEMENTATION_CHECKLIST | |
| 28 | HSM support for validator keys | IMPLEMENTATION_CHECKLIST | |
| 29 | Advanced audit logging | IMPLEMENTATION_CHECKLIST | |
| 30 | Security scanning + compliance checking | IMPLEMENTATION_CHECKLIST | |

### Quick wins (pending)

| # | Item | Source | Notes |
|---|------|--------|------|
| 31 | Add progress indicators to scripts | IMPLEMENTATION_CHECKLIST, QUICK_WINS | |
| 32 | Integrate --dry-run into deployment/change scripts | IMPLEMENTATION_CHECKLIST | dry-run-example.sh exists |
| 33 | Integrate config validation into CI/pre-deploy | IMPLEMENTATION_CHECKLIST | validate-config-files.sh exists |
| 34 | Create troubleshooting FAQ | QUICK_WINS | |
| 35 | Add inline comments to complex scripts | QUICK_WINS | |

---

## 2. Code quality & scripts (smom-dbis-138/docs/ADDITIONAL_OPTIMIZATION_RECOMMENDATIONS.md)

### Code quality & standardization

| # | Item | Priority | Notes |
|---|------|----------|------|
| 36 | Script shebang: standardize on `#!/usr/bin/env bash` | Medium | 296 vs 35 scripts |
| 37 | Error handling: standardize on `set -euo pipefail` + traps | High | |
| 38 | Script header template (metadata, usage, exit codes) | Medium | |
| 39 | Code formatting & linting (shellcheck, shfmt, pre-commit, yamllint) | Medium | |

### Script optimization

| # | Item | Priority | Notes |
|---|------|----------|------|
| 40 | Script consolidation (140 deployment scripts, reduce overlap) | Medium | |
| 41 | Expand shared function library (scripts/lib/) | Medium | log_*, validate_*, retry_*, wait_for_* |
| 42 | Script performance (profile, parallelize, cache) | Low | |
| 43 | Auto-generate script documentation | Low | |

### Documentation (non-deployment)

| # | Item | Priority | Notes |
|---|------|----------|------|
| 44 | Documentation consolidation (1,729 MD files; archive old status) | Medium | |
| 45 | Documentation accuracy review (quarterly, links, obsolete removal) | Medium | |
| 46 | Inline code documentation | Low | |
| 47 | API documentation (RPC, contracts, examples) | Medium | |

### Security (non-deployment)

| # | Item | Priority | Notes |
|---|------|----------|------|
| 48 | Secret management audit (no hardcoded secrets, rotation, CI scanning) | High | git-secrets, truffleHog, gitleaks |
| 49 | Input validation in all scripts | High | |
| 50 | Security scanning automation (CI, container image scanning) | High | bandit, safety, npm audit, trivy |
| 51 | Access control review (RBAC, least privilege) | Medium | |

### Configuration & testing (non-deployment)

| # | Item | Priority | Notes |
|---|------|----------|------|
| 52 | Configuration validation (JSON/YAML schema, pre-deploy) | High | |
| 53 | Configuration templates / .example expansion | Medium | |
| 54 | Environment management standardization | Medium | |
| 55 | Test coverage (unit, integration, E2E, performance) | Medium | |
| 56 | Automate all tests in CI | Medium | |
| 57 | Test data management (fixtures, generators) | Low | |

### Monitoring & developer experience

| # | Item | Priority | Notes |
|---|------|----------|------|
| 58 | Logging standardization (structured, levels, rotation) | Medium | |
| 59 | Metrics collection for script execution | Low | |
| 60 | Health check enhancement (dependencies, dashboard) | Medium | |
| 61 | Dev environment setup (script, DevContainer, quick start) | Medium | |
| 62 | IDE configuration (VS Code, editorconfig) | Low | |
| 63 | Developer documentation (guide, standards, architecture) | Medium | |

### Maintenance & operations

| # | Item | Priority | Notes |
|---|------|----------|------|
| 64 | Dependency updates (dependabot/renovate, process doc) | Medium | |
| 65 | Formalize code review process | Medium | |
| 66 | Change management (changelog, versioning) | Low | |
| 67 | Backup & recovery review and testing | High | |

---

## 3. Documentation enhancements (docs/00-meta/DOCUMENTATION_ENHANCEMENTS_RECOMMENDATIONS.md)

| # | Item | Priority | Notes |
|---|------|----------|------|
| 68 | Quick reference cards (network, VMID, commands, troubleshooting) | High | |
| 69 | Decision trees (troubleshooting, configuration, deployment) | Medium | Mermaid/ASCII |
| 70 | Configuration templates (ER605, Proxmox, Cloudflare, Besu) | High | |
| 71 | Examples and use cases (deployment, troubleshooting, migration) | Medium | |
| 72 | Glossary and terminology | Medium | |
| 73 | Visual elements (diagrams, tables, flowcharts) | Various | |
| 74 | Organization (TOC, cross-links, maintenance schedule) | Various | |

---

## 4. Infrastructure & deployment (NEXT_STEPS_MASTER, REMAINING_TASKS)

### Deployment phases

| # | Item | Phase | Status |
|---|------|--------|--------|
| 75 | VLAN enablement (UDM Pro, Proxmox bridge, service migration) | Phase 1 | Optional |
| 76 | Observability (Prometheus, Grafana, Loki, Alertmanager, Cloudflare Access, alerts) | Phase 2 | Required |
| 77 | CCIP fleet (VMID 5400–5476: Ops, commit, execute, RMN, NAT pools) | Phase 3 | Required |
| 78 | Sovereign tenants (VLANs, isolation, access control) | Phase 4 | Required |

### Missing containers

| # | Item | Priority | Notes |
|---|------|----------|------|
| 79 | Besu RPC — 3 missing (2506, 2507, 2508); canonical list: MISSING_CONTAINERS_LIST.md | High | |
| 80 | Hyperledger (Firefly, Cacti, Fabric, Indy) — 5 | High/Medium | |
| 81 | Blockscout (5000) — 1 | High | |

### Codebase & scripts (smom-dbis-138)

| # | Item | Priority | Notes |
|---|------|----------|------|
| 82 | Security audits (VLT-024, ISO-024) | Critical | |
| 83 | Bridge integrations (BRG-VLT, BRG-ISO) | High | |
| 84 | CCIP AMB full implementation | High | |
| 85 | dbis_core TypeScript/Prisma fixes | High | ~1186 errors |
| 86 | IRU remaining tasks | High | |

### Placeholders / required fixes

| # | Item | Location | Priority |
|---|------|----------|----------|
| 87 | Canonical addresses env-only | token-aggregation canonical-tokens.ts | Medium |
| 88 | AlltraAdapter fee (TODO: actual fee) | AlltraAdapter.sol | Medium |
| 89 | Smart accounts kit placeholders | DeploySmartAccountsKit.s.sol | Medium |
| 90 | Quote service Fabric chainId 999 | quote-service.ts | Low |
| 91 | .bak script/test restoration or deprecation | Various | Low |

---

## 5. MetaMask & explorer (REMAINING_TASKS, OPTIONAL_RECOMMENDATIONS_INDEX)

| # | Item | Priority | Effort |
|---|------|----------|--------|
| 92 | Token-aggregation production deployment | Medium | 2–3 h |
| 93 | Token-aggregation: external API keys (CoinGecko, CMC, DexScreener) | Medium | 30 min |
| 94 | Chain 138 Snap: market data UI | Low | 4–6 h |
| 95 | Chain 138 Snap: swap quotes | Low | 8–12 h |
| 96 | Chain 138 Snap: bridge routes | Low | 8–12 h |
| 97 | Chain 138 Snap: testing & distribution | Low | 2–4 h |
| 98 | CoinGecko submission (Chain 138) | Low | 1–2 h |
| 99 | Consensys outreach (Swaps/Bridge support) | Low | 1 h |
| 100 | Paymaster deployment (gas abstraction) | Low | 2–3 h |
| 101 | Explorer: add "Wallet" link to navbar | Low | 15 min |
| 102 | Explorer: sync status indicator | Low | 1 h |
| 103 | Explorer: network selector | Low | 2–3 h |
| 104 | Explorer: dark mode toggle | Low | 2–3 h |
| 105 | Token-aggregation: monitoring, auth for admin endpoints | Low | 1–3 h |

---

## 6. Tezos / Etherlink / CCIP (TEZOS_CCIP_REMAINING_ITEMS.md)

| # | Item | Category |
|---|------|----------|
| 106 | Verify Etherlink in CCIP supported networks | External verification |
| 107 | Verify Jumper API support (138, 651940, 42793, Tezos) | External verification |
| 108 | Verify LiFi for Etherlink (chain 42793) | External verification |
| 109 | Run InitializeRegistry (BridgeRegistry Etherlink + Tezos L1) | Contracts |
| 110 | Run DeployAllAdapters (TezosAdapter, EVMAdapter 42793) | Contracts |
| 111 | Etherlink receiver contracts (CCIP or custom relay) | Contracts |
| 112 | Token list governance (Etherlink/Tezos tokens) | Contracts |
| 113 | Set Etherlink finality (confirmation blocks) | Contracts |
| 114 | Tezos L1 relay service (implement and run) | Off-chain |
| 115 | Etherlink custom relay service (if no CCIP) | Off-chain |
| 116 | Rate limits and caps per destination (Tezos/Etherlink) | Routing |
| 117 | Jumper API integration (real quotes when supported) | Routing |
| 118 | DON registration for Etherlink (if CCIP); RMN policy | DON/ops |
| 119 | Tezos/Etherlink metrics, dashboards, alerts | Monitoring |
| 120 | Enable Tezos/Etherlink in production (flags, rate limits) | Production |
| 121 | TezosAdapter unit tests in CI; integration tests; Ghostnet E2E; security review | Testing |

---

## 7. Besu / blockchain (docs/06-besu)

| # | Item | Status / Notes |
|---|------|----------------|
| 122 | RPC config file location (for tx pool) | Needs investigation |
| 123 | Transaction pool clearing / gas price verification | Pending |
| 124 | Layered tx-pool tuning, gas price, network connectivity | Phase 2 remediation |
| 125 | Automated monitoring setup (cron/systemd) for health script | Phase 3 |
| 126 | Logging configuration for monitoring | Phase 3 |

---

## 8. RPC translator (rpc-translator-138/ALL_RECOMMENDATIONS.md)

| # | Item | Priority |
|---|------|----------|
| 127 | ~~Investigate Cloudflare Tunnel (502 errors, pool, timeouts)~~ **Addressed:** Fastly/direct migration; tunnel deprecated. See [05-network/CLOUDFLARE_ROUTING_MASTER.md](05-network/CLOUDFLARE_ROUTING_MASTER.md), [05-network/EDGE_PORT_VERIFICATION_RUNBOOK.md](05-network/EDGE_PORT_VERIFICATION_RUNBOOK.md) | Done |
| 128 | Client-side retry logic (exponential backoff, 502) | High |
| 129 | Set up monitoring/alerting | High |
| 130 | Short/medium/long-term improvements (see ALL_RECOMMENDATIONS.md) | Various |

---

## 9. Orchestration portal (smom-dbis-138/orchestration/portal)

| # | Item | Source |
|---|------|--------|
| 131 | P0: Auth, state, real-time, error handling, security headers, validation, testing, CI/CD | RECOMMENDATIONS_SUMMARY |
| 132 | P1: Advanced components, PostgreSQL migration, Redis caching, background jobs, performance, monitoring | RECOMMENDATIONS_SUMMARY |
| 133 | P2: GraphQL, i18n, PWA, multi-tenancy, microservices | RECOMMENDATIONS_SUMMARY |
| 134 | Quick wins (see QUICK_WINS.md in portal) | RECOMMENDATIONS_SUMMARY |

---

## 10. Maintenance (ongoing)

| # | Task | Frequency |
|---|------|-----------|
| 135 | Monitor explorer sync status | Daily |
| 136 | Monitor RPC node health (e.g. VMID 2201) | Daily |
| 137 | Check config API uptime | Weekly |
| 138 | Review explorer logs | Weekly |
| 139 | Update token list | As needed |

---

## Summary counts

| Category | Count |
|----------|--------|
| Proxmox / validated set (high/medium/low/quick) | 35 |
| Code quality & scripts (ADDITIONAL_OPTIMIZATION) | 32 |
| Documentation enhancements | 7 |
| Infrastructure & deployment | 17 |
| MetaMask & explorer | 14 |
| Tezos / Etherlink / CCIP | 16 |
| Besu / blockchain | 5 |
| RPC translator | 4 |
| Orchestration portal | 4 |
| Maintenance | 5 |
| **Total distinct items** | **~139** |

---

## Where to read more

- **Proxmox / validated set:** [10-best-practices/RECOMMENDATIONS_AND_SUGGESTIONS.md](10-best-practices/RECOMMENDATIONS_AND_SUGGESTIONS.md), [10-best-practices/QUICK_WINS.md](10-best-practices/QUICK_WINS.md), [10-best-practices/IMPLEMENTATION_CHECKLIST.md](10-best-practices/IMPLEMENTATION_CHECKLIST.md)
- **Code/scripts (non-deployment):** [smom-dbis-138/docs/ADDITIONAL_OPTIMIZATION_RECOMMENDATIONS.md](../smom-dbis-138/docs/ADDITIONAL_OPTIMIZATION_RECOMMENDATIONS.md)
- **Docs:** [00-meta/DOCUMENTATION_ENHANCEMENTS_RECOMMENDATIONS.md](00-meta/DOCUMENTATION_ENHANCEMENTS_RECOMMENDATIONS.md)
- **Next steps / phases:** [00-meta/NEXT_STEPS_MASTER.md](00-meta/NEXT_STEPS_MASTER.md), [REMAINING_TASKS.md](REMAINING_TASKS.md)
- **Optional index:** [OPTIONAL_RECOMMENDATIONS_INDEX.md](OPTIONAL_RECOMMENDATIONS_INDEX.md)
- **Tezos/CCIP:** [07-ccip/TEZOS_CCIP_REMAINING_ITEMS.md](07-ccip/TEZOS_CCIP_REMAINING_ITEMS.md)
- **Besu:** [06-besu/COMPLETE_RECOMMENDATIONS_SUMMARY.md](06-besu/COMPLETE_RECOMMENDATIONS_SUMMARY.md)
- **Orchestration:** [smom-dbis-138/orchestration/portal/RECOMMENDATIONS_SUMMARY.md](../smom-dbis-138/orchestration/portal/RECOMMENDATIONS_SUMMARY.md)
- **RPC translator:** [rpc-translator-138/ALL_RECOMMENDATIONS.md](../rpc-translator-138/ALL_RECOMMENDATIONS.md)

---

**Document Status:** Active  
**Maintained By:** Infrastructure Team  
**Review:** Update when new recommendation docs are added or items are completed.