# Wave 2 & Wave 3 — Operator Checklist

**Last Updated:** 2026-02-05  
**Purpose:** Ordered checklist for running Wave 2 and Wave 3 from a host with Proxmox/SSH/LAN access. Use after [Wave 0](FULL_PARALLEL_EXECUTION_ORDER.md#wave-0--gates--credentials-run-in-parallel-where-different-owners) and [Wave 1](WAVE1_COMPLETION_SUMMARY.md) are complete where possible.

**Execution model:** Within each wave, run tasks in parallel by host or component. Wave 3 depends on Wave 2 outputs.

---

## Wave 0 (gates — do first when creds allow)

| # | Task | Command / note |
|---|------|----------------|
| W0-1 | NPMplus RPC fix (405) | From host on LAN: `bash scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh` |
| W0-2 | sendCrossChain (real) | PRIVATE_KEY + LINK; remove `--dry-run` from run-send-cross-chain.sh |
| W0-3 | NPMplus backup | NPM_PASSWORD in .env; `bash scripts/verify/backup-npmplus.sh` when NPMplus is up |

**Or run W0-1 + W0-3 from LAN:** `bash scripts/run-wave0-from-lan.sh` (options: `--dry-run`, `--skip-backup`, `--skip-rpc-fix`). W0-2: run `scripts/bridge/run-send-cross-chain.sh` without `--dry-run` when ready.

**NPMplus backup cron (W1-8):** `bash scripts/maintenance/schedule-npmplus-backup-cron.sh --show` to print line; `--install` to add to crontab (e.g. daily 03:00).

---

## Wave 2 — Infra / deploy (parallel by host or component)

| ID | Task | Parallelize by | Notes |
|----|------|----------------|-------|
| W2-1 | Deploy monitoring stack (Prometheus, Grafana, Loki, Alertmanager) | By component | Use smom-dbis-138/monitoring/ configs; scripts/monitoring/ |
| W2-2 | Grafana via Cloudflare Access; alerts | After W2-1 | Configure Alertmanager routes |
| W2-3 | VLAN enablement: UDM Pro VLAN config; Proxmox bridge; migrate services | By VLAN / host | NETWORK_ARCHITECTURE.md §3–5; UDM_PRO_VLAN_* docs |
| W2-4 | Phase 3 CCIP: Ops/Admin (5400-5401); NAT pools; commit/execute/RMN scripts | Ops first, then NAT, then scripts | CCIP_DEPLOYMENT_SPEC.md |
| W2-5 | Phase 4: Sovereign tenant VLANs; isolation | By tenant/VLAN | After W2-3 |
| W2-6 | ~~2506–2508~~ Destroyed 2026-02-08; RPC 2500–2505 only. No action. | — | MISSING_CONTAINERS_LIST.md |
| W2-7 | DBIS services (10100–10151); Hyperledger | By host | Per deployment runbooks |
| W2-8 | NPMplus HA (Keepalived, 10234) | Optional | NPMPLUS_HA_SETUP_GUIDE.md |

---

## Wave 3 — After Wave 2

| ID | Task | Depends on |
|----|------|------------|
| W3-1 | CCIP Fleet: 16 commit (5410-5425), 16 execute (5440-5455), 7 RMN (5470-5476) | W2-4 (Ops/Admin, NAT) |
| W3-2 | Phase 4 tenant isolation enforcement; access control | W2-3 / W2-5 |

---

## Ongoing (no wave)

| ID | Task | Frequency |
|----|------|-----------|
| O-1 | Monitor explorer sync | Daily |
| O-2 | Monitor RPC 2201 | Daily |
| O-3 | Config API uptime | Weekly |

**Cron for O-1–O-3:** `bash scripts/maintenance/schedule-daily-weekly-cron.sh --show` to print; `--install` to add (daily 08:00, weekly Sun 09:00).

---

## References

- [FULL_PARALLEL_EXECUTION_ORDER.md](FULL_PARALLEL_EXECUTION_ORDER.md) — Full wave definitions
- `./scripts/validation/validate-config-files.sh` · `./scripts/verify/run-all-validation.sh` — current validation; [WAVE1_COMPLETION_SUMMARY.md](WAVE1_COMPLETION_SUMMARY.md) — Wave 1 outcomes
- [OPERATIONAL_RUNBOOKS.md](../03-deployment/OPERATIONAL_RUNBOOKS.md) — Procedures and maintenance