# Detailed List: All Tasks for Full E2E Completion **Last Updated:** 2026-02-05 **Purpose:** Single detailed checklist of every task required for all possible end-to-end completions. Use for planning, assignment, and status tracking. **Execution order:** [FULL_PARALLEL_EXECUTION_ORDER.md](FULL_PARALLEL_EXECUTION_ORDER.md) — Wave 0 → 1 → 2 → 3 → Ongoing. Within each wave, run tasks in parallel where possible. **Sources:** TODO_TASK_LIST_MASTER.md, WAVE2_WAVE3_OPERATOR_CHECKLIST.md, PLACEHOLDERS_AND_REQUIRED_ADDITIONS_LIST.md, REMAINING_TASKS_NEXT_STEPS_PHASES_REVIEW.md, NEXT_STEPS_MASTER.md, ALL_IMPROVEMENTS_AND_GAPS_INDEX.md, MISSING_CONTAINERS_LIST.md. --- ## Legend | Symbol | Meaning | |--------|---------| | **Op** | Operator (run on Proxmox/LAN/host with credentials) | | **Auto** | Script/automation exists; run or schedule | | **Code** | Code/config change required | | **Doc** | Documentation or design only | | **Def** | Deferred (backlog or external dependency) | --- ## Blockers (for tasks that do NOT require API keys) Tasks below do **not** depend on obtaining API keys (Li.Fi, CoinGecko, etc.). Their blockers are environment or credentials only. **If a task is not listed here, it has no blocker** for automated/dry-run execution from this environment. | Blocker | Affected tasks | How to clear | |---------|----------------|--------------| | **LAN required** | W0-1 (NPMplus RPC fix), W0-3 (NPMplus backup — also needs NPM_PASSWORD) | Run from host on same network as NPMplus (192.168.11.x). | | **PRIVATE_KEY + LINK approved** | W0-2 (sendCrossChain real) | Set in .env; omit `--dry-run` from run-send-cross-chain.sh. | | **NPM_PASSWORD + NPMplus up** | W0-3, W1-8 (backup run) | Set NPM_PASSWORD in .env; ensure NPMplus container is running. | | **Proxmox host (root / pct)** | W1-1 apply, W1-2 apply, W1-19 (secure-validator-keys), W2-* (all), W3-* (all), CT-1a restore | Run scripts on Proxmox node or via SSH from LAN. | | **Crontab (user)** | W1-8 cron install (schedule-npmplus-backup-cron --install, schedule-daily-weekly-cron --install) | Run --install on host where cron should live. | | **Deferred / backlog** | W1-3, W1-4, W1-14 (dbis_core TS), W1-15–W1-17 (part), smom audits, BRG integrations | Assign to backlog or external owner. | **No blocker (can run from anywhere):** All validation commands (run-all-validation, validate-config-files, run-full-verification steps 0–2, verify-end-to-end-routing), run-wave0-from-lan.sh --dry-run, schedule-*-cron.sh --show, phase4-sovereign-tenants.sh --show-steps, run-shellcheck.sh --optional, check-dependencies, daily-weekly-checks.sh daily (RPC check may pass; explorer may SKIP off-LAN). Doc/design tasks (W1-9–W1-13) are already done or doc-only. **Unblocked run (2026-02-05, full parallel):** check-dependencies, validate-config-files, run-wave0-from-lan --dry-run, schedule-npmplus-backup-cron --show, schedule-daily-weekly-cron --show, phase4-sovereign-tenants --show-steps, run-shellcheck --optional, daily-weekly-checks daily, run-all-validation (with and without --skip-genesis), validate-genesis (smom-dbis-138), verify-end-to-end-routing (25 DNS pass, 14 HTTPS pass, 6 RPC fail until W0-1 from LAN) — all completed. run-full-verification: steps 0–2 pass; step 3 (NPMplus) fails off-LAN as expected. --- ## Part 1 — Critical & Gate Tasks (Do First) ### 1.1 CT 2301 (besu-rpc-private-1) | ID | Task | Type | Command / reference | |----|------|------|---------------------| | CT-1a | Restore from backup (if exists) | Op | `pct restore 2301 /path/to/backup.tar.zst --storage local-lvm` | | CT-1b | Recreate container (Option B) | ✅ Done | `scripts/recreate-ct-2301.sh` (2026-02-04). [scripts/README.md](../../scripts/README.md) § CT 2301. | ### 1.2 Wave 0 — Gates (credentials / LAN) | ID | Task | Type | Prerequisite | Command / note | |----|------|------|--------------|----------------| | **W0-1** | NPMplus RPC fix (405) | Op | Host on LAN | `bash scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh` — or `bash scripts/run-wave0-from-lan.sh` (omit `--skip-rpc-fix`). | | **W0-2** | sendCrossChain (real) | Op | PRIVATE_KEY, LINK approved for fee | `scripts/bridge/run-send-cross-chain.sh [recipient]` — omit `--dry-run`. Bridge: `0xcacfd227A040002e49e2e01626363071324f820a`. | | **W0-3** | NPMplus backup | Op | NPM_PASSWORD in .env, NPMplus up | `bash scripts/verify/backup-npmplus.sh`. Or `scripts/run-wave0-from-lan.sh` (omit `--skip-backup`). | **Combined (W0-1 + W0-3):** `bash scripts/run-wave0-from-lan.sh` from LAN (options: `--dry-run`, `--skip-backup`, `--skip-rpc-fix`). --- ## Part 2 — Wave 1 (Full Parallel: Security, Monitoring Config, Backup, Docs, Codebase) ### 2.1 Security (W1-1 – W1-4) | ID | Task | Type | Command / reference | |----|------|------|---------------------| | W1-1 | SSH key-based auth; disable password | Op | `scripts/security/setup-ssh-key-auth.sh [--dry-run|--apply]`. Deploy keys first; test before disabling password. [OPERATIONAL_RUNBOOKS.md](../03-deployment/OPERATIONAL_RUNBOOKS.md) § Access Control. | | W1-2 | Firewall: restrict Proxmox API 8006 | Op | `scripts/security/firewall-proxmox-8006.sh [--dry-run|--apply] [CIDR]`. Restrict to admin IPs. | | W1-3 | smom: Security audits VLT-024, ISO-024 | Def | smom backlog. | | W1-4 | smom: Bridge integrations BRG-VLT, BRG-ISO | Def | smom backlog. | ### 2.2 Monitoring config (W1-5 – W1-7) | ID | Task | Type | Command / reference | |----|------|------|---------------------| | W1-5 | Prometheus scrape (Besu 9545); alert rules | Auto/Doc | `scripts/monitoring/prometheus-besu-config.yml`, `smom-dbis-138/monitoring/prometheus/`. export-prometheus-targets.sh. | | W1-6 | Grafana dashboards; Alertmanager config | Doc | smom-dbis-138/monitoring/grafana/, alertmanager/alertmanager.yml. | | W1-7 | Loki/Alertmanager config (no deploy) | Doc | smom-dbis-138/monitoring/loki/, alertmanager/. | ### 2.3 Backup (W1-8) | ID | Task | Type | Command / reference | |----|------|------|---------------------| | W1-8 | Automated backup; NPMplus backup cron; daily/weekly cron | Op/Auto | `scripts/verify/backup-npmplus.sh` when NPMplus up. **Cron:** `scripts/maintenance/schedule-npmplus-backup-cron.sh [--install|--show]` (daily 03:00). `scripts/maintenance/schedule-daily-weekly-cron.sh [--install|--show]` (daily 08:00, weekly Sun 09:00). `scripts/backup/automated-backup.sh [--with-npmplus]`. | ### 2.4 Phase 1 optional (W1-9 – W1-10) | ID | Task | Type | Reference | |----|------|------|-----------| | W1-9 | VLAN enablement: UDM Pro VLAN config; Proxmox VLAN-aware bridge design | Doc | NETWORK_ARCHITECTURE.md §3–5. | | W1-10 | VLAN migration plan (per-service table) | Doc | UDM_PRO_VLAN_MIGRATION_PLAN.md, MISSING_CONTAINERS_LIST.md. | ### 2.5 Documentation (W1-11 – W1-13) | ID | Task | Type | Reference | |----|------|------|-----------| | W1-11 | Doc consolidation; archive old status | Auto/Doc | ARCHIVE_CANDIDATES.md; move agreed items. | | W1-12 | Quick reference cards; decision trees; config templates | Doc | QUICK_REFERENCE_CARDS.md, CONFIGURATION_DECISION_TREE, 04-configuration README. | | W1-13 | Final IP assignments; connectivity matrix; runbooks | Doc | NETWORK_ARCHITECTURE.md §7, OPERATIONAL_RUNBOOKS.md, MISSING_CONTAINERS_LIST. | ### 2.6 Codebase (W1-14 – W1-17) | ID | Task | Type | Reference | |----|------|------|-----------| | W1-14 | dbis_core: TypeScript/Prisma fixes | Code | ~1186 TS errors; parallelize by module/file. | | W1-15 | smom: EnhancedSwapRouter quoter; AlltraAdapter fee | Code/Def | PLACEHOLDERS_AND_TBD.md; setBridgeFee done. | | W1-16 | smom: IRU remaining tasks | Code/Def | Per smom backlog. | | W1-17 | Placeholders: canonical addresses env-only; AlltraAdapter fee; smart accounts kit; quote service Fabric 999; .bak deprecation | Code | REQUIRED_FIXES_UPDATES_GAPS.md; PLACEHOLDERS_AND_REQUIRED_ADDITIONS_LIST.md §1. | ### 2.7 Quick wins & implementation checklist (W1-18 – W1-21) | ID | Task | Type | Command / reference | |----|------|------|---------------------| | W1-18 | Progress indicators; config validation in CI | ✅ Done | run-full-verification.sh Step 0; validate-config-files.sh. | | W1-19 | Secure validator key permissions (chmod 600, chown besu) | Op | On Proxmox host as root: `scripts/secure-validator-keys.sh [--dry-run]` (VMIDs 1000–1004). | | W1-20 | Secret audit; input validation; security scanning (shellcheck) | Auto | `scripts/verify/run-shellcheck.sh [--optional]` or `run-shellcheck-docker.sh`. Install shellcheck when available. | | W1-21 | Config validation (JSON/YAML); env standardization | Doc/Auto | validate-config-files.sh; ENV_STANDARDIZATION docs. | ### 2.8 MetaMask / explorer optional (W1-22 – W1-26) | ID | Task | Type | Reference | |----|------|------|-----------| | W1-22 | Token-aggregation hardening; CoinGecko submission | Code | COINGECKO_SUBMISSION.md. | | W1-23 | Chain 138 Snap: market data UI; swap quotes; bridge routes; testing & distribution | Code | metamask-integration. | | W1-24 | Explorer: dark mode, network selector, sync indicator | Code | explorer-monorepo. | | W1-25 | Paymaster deploy (optional) | Op | `forge script script/smart-accounts/DeployPaymaster.s.sol --rpc-url $RPC_URL_138 --broadcast` from smom-dbis-138. SMART_ACCOUNTS_DEPLOYMENT_NOTE. | | W1-26 | API keys: Li.Fi, Jumper, 1inch (obtain and set in .env) | Op | reports/API_KEYS_REQUIRED.md; .env.example placeholders exist. | ### 2.9 Improvements index 1–35 (W1-27 – W1-30) | ID | Task | Type | Reference | |----|------|------|-----------| | W1-27 | ALL_IMPROVEMENTS 1–11 (Proxmox high: .env, validator keys, SSH, firewall, VLANs, metrics, backup, runbooks) | Op | Run from LAN/Proxmox per ALL_IMPROVEMENTS_AND_GAPS_INDEX.md. | | W1-28 | ALL_IMPROVEMENTS 12–20 (medium: error handling, logging, Loki, CI/CD) | Code/Doc | | | W1-29 | ALL_IMPROVEMENTS 21–30 (low: auto-scale, load balancing, HSM, audit) | Code/Doc | | | W1-30 | ALL_IMPROVEMENTS 31–35 (quick wins) | ✅ Partial | Progress indicators, --dry-run, config validation, FAQ. | ### 2.10 Improvements index 36–67 (W1-31 – W1-34) | ID | Task | Type | Reference | |----|------|------|-----------| | W1-31 | Script shebang; set -euo; shellcheck | Auto | Many scripts updated; run-shellcheck when installed. | | W1-32 – W1-34 | Doc consolidation; security; logging; metrics; backup review | Doc/Code | ALL_IMPROVEMENTS 44–67. | ### 2.11 Improvements index 68–91 (W1-35 – W1-38) | ID | Task | Type | Reference | |----|------|------|-----------| | W1-35 | Quick ref, decision trees, config templates (68–74) | ✅ Done | QUICK_REFERENCE_CARDS, CONFIGURATION_DECISION_TREE. | | W1-36 | Phase 1–4 design; missing containers list (75–81) | Doc | MISSING_CONTAINERS_LIST.md; NETWORK_ARCHITECTURE. | | W1-37 – W1-38 | smom/dbis/placeholders (82–91) | Code/Def | Same as W1-14–W1-17. | ### 2.12 Improvements index 92–139 (W1-39 – W1-44) | ID | Task | Type | Reference | |----|------|------|-----------| | W1-39 | MetaMask/explorer (92–105) | Code | pnpm install + hardhat for tests; parallel by task. | | W1-40 | Tezos/Etherlink/CCIP (106–121) | Code/Config | TEZOS_CCIP_REMAINING_ITEMS.md; configs and scripts. | | W1-41 | Besu/blockchain (122–126) | Code/Doc | docs/06-besu. | | W1-42 | RPC translator (127–130) | Code | rpc-translator-138. | | W1-43 | Orchestration portal (131–134) | Code | | | W1-44 | Maintenance procedures (135–139) | ✅ Done | OPERATIONAL_RUNBOOKS § Maintenance; daily-weekly-checks.sh; schedule-daily-weekly-cron.sh. | --- ## Part 3 — Wave 2 (Infra / Deploy; Parallel by Host or Component) | ID | Task | Type | Parallelize by | Command / reference | |----|------|------|----------------|---------------------| | **W2-1** | Deploy monitoring stack (Prometheus, Grafana, Loki, Alertmanager) | Op | By component | smom-dbis-138/monitoring/; scripts/monitoring/. phase2-observability.sh (config exists). | | **W2-2** | Grafana via Cloudflare Access; alerts configured | Op | After W2-1 | Alertmanager routes; Cloudflare Access. | | **W2-3** | VLAN enablement: UDM Pro VLAN config; Proxmox bridge; migrate services | Op | By VLAN/host | NETWORK_ARCHITECTURE.md §3–5; UDM_PRO_VLAN_* docs. | | **W2-4** | Phase 3 CCIP: Ops/Admin (5400-5401); NAT pools; commit/execute/RMN script expansion | Op | Ops first, then NAT, then scripts | `scripts/ccip/ccip-deploy-checklist.sh`. [CCIP_DEPLOYMENT_SPEC.md](../07-ccip/CCIP_DEPLOYMENT_SPEC.md). | | **W2-5** | Phase 4: Sovereign tenant VLANs; isolation; access control | Op | By tenant/VLAN | `scripts/deployment/phase4-sovereign-tenants.sh [--show-steps|--dry-run]`. OPERATIONAL_RUNBOOKS § Phase 4; UDM_PRO_FIREWALL_MANUAL_CONFIGURATION. | | **W2-6** | Missing containers: 2506, 2507, 2508 only | Op | By VMID/host | [MISSING_CONTAINERS_LIST.md](../03-deployment/MISSING_CONTAINERS_LIST.md). Create besu-rpc-luis, besu-rpc-putu (x2) per spec. | | **W2-7** | DBIS services (10100–10151); Hyperledger | Op | By host | Per deployment runbooks. | | **W2-8** | NPMplus HA (Keepalived, 10234) | Op | Optional | NPMPLUS_HA_SETUP_GUIDE.md. | --- ## Part 4 — Wave 3 (After Wave 2) | ID | Task | Type | Depends on | Command / reference | |----|------|------|------------|---------------------| | **W3-1** | CCIP Fleet: 16 commit (5410-5425), 16 execute (5440-5455), 7 RMN (5470-5476) | Op | W2-4 (Ops/Admin, NAT) | CCIP_DEPLOYMENT_SPEC.md. | | **W3-2** | Phase 4 tenant isolation enforcement; access control | Op | W2-3 / W2-5 | Firewall rules; ACLs; deny east-west. | --- ## Part 5 — Ongoing (No Wave) | ID | Task | Type | Frequency | Command / reference | |----|------|------|-----------|---------------------| | **O-1** | Monitor explorer sync | Auto | Daily | `scripts/maintenance/daily-weekly-checks.sh daily`. Cron: schedule-daily-weekly-cron.sh --install. | | **O-2** | Monitor RPC 2201 | Auto | Daily | Same script. | | **O-3** | Config API uptime | Auto | Weekly | `scripts/maintenance/daily-weekly-checks.sh weekly`. | | O-4 | Review explorer logs | Op | Weekly | Runbook: OPERATIONAL_RUNBOOKS § Maintenance [138]. | | O-5 | Update token list | Op | As needed | token-list.json / explorer config; runbook [139]. | --- ## Part 6 — Placeholders & Code Completions (for E2E) ### 6.1 smom-dbis-138 | Item | Location | Action | |------|----------|--------| | Canonical addresses env-only | token-aggregation canonical-tokens.ts | Document required env or add fallback (config/DB). | | AlltraAdapter fee | AlltraAdapter.sol | Set actual ALL Mainnet fee via setBridgeFee after verification. | | Smart accounts kit | DeploySmartAccountsKit.s.sol | Deploy EntryPoint, AccountFactory, Paymaster; set in .env. | | Quote service Fabric | quote-service.ts | Set FABRIC_CHAIN_ID or keep 999 until Fabric integrated. | | EnhancedSwapRouter / DODOPMMProvider | EnhancedSwapRouter.sol, DODOPMMProvider.sol | Replace placeholder fee/size logic when oracle/pool ready. | | WETH bridges mainnet receiver | DeployWETHBridges.s.sol | Set MAINNET_WETH9_BRIDGE_ADDRESS, MAINNET_WETH10_BRIDGE_ADDRESS in env. | | .bak restoration/deprecation | Various | BAK_FILES_DEPRECATION.md. | ### 6.2 dbis_core | Item | Action | |------|--------| | Prometheus/Redis/PagerDuty/AS4 | Wire when monitoring stack deployed; implement Redis client, PagerDuty API. | | TypeScript errors | Fix ~1186 TS errors by module (deferred). | ### 6.3 the-order (legal-documents) | Item | Action | |------|--------| | E-signature | Integrate DocuSign/Adobe Sign; set E_SIGNATURE_BASE_URL. | | Court e-filing | Integrate court e-filing system; E_FILING_ENABLED. | | Document security/export | PDF watermarking, redaction, export (pdfkit/docx). | | Security routes | Implement watermarking/redaction handlers. | ### 6.4 OMNIS | Item | Action | |------|--------| | Sankofa Phoenix SDK | Integrate when available for post-Azure parity. | ### 6.5 multi-chain-execution / Tezos | Item | Action | |------|--------| | TezosRelayService | Add native Tezos mint/transfer relay when implemented. | --- ## Part 7 — API Keys & Secrets (Obtain and Set) **Full list:** [reports/API_KEYS_REQUIRED.md](../../reports/API_KEYS_REQUIRED.md). All variable names are in .env.example; obtain values and set in .env. | Category | Variables | Where used | |----------|-----------|------------| | Cross-chain/DeFi | LIFI_API_KEY, JUMPER_API_KEY, ONEINCH_API_KEY | alltra-lifi-settlement, chain138-quote.service | | Fiat ramp | MOONPAY_*, RAMP_NETWORK_API_KEY, ONRAMPER_API_KEY | metamask-integration/ramps | | E-signature | E_SIGNATURE_BASE_URL + provider API key | the-order/legal-documents | | Alerts | SLACK_WEBHOOK_URL, PAGERDUTY_INTEGRATION_KEY, EMAIL_ALERT_* | dbis_core alert.service | | Explorers/price | ETHERSCAN_API_KEY, COINGECKO_API_KEY, COINMARKETCAP_API_KEY | Verification, token-aggregation | | OTC | CRYPTO_COM_API_KEY, CRYPTO_COM_API_SECRET | dbis_core | | Bridge (optional) | LayerZero, Wormhole | When integrating | --- ## Part 8 — Phases Summary (Infrastructure) | Phase | Required | Tasks | |-------|----------|-------| | **Phase 1** | Optional | UDM Pro VLAN config; VLAN-aware bridge Proxmox; migrate services to VLANs. | | **Phase 2** | Required | Deploy Prometheus, Grafana, Loki, Alertmanager; Grafana via Cloudflare Access; configure alerts. | | **Phase 3** | Required | CCIP Ops/Admin (5400-5401); 16 commit, 16 execute, 7 RMN; NAT pools. | | **Phase 4** | Required | Sovereign VLANs 200–203; tenant isolation; access control. | --- ## Part 9 — Validation & Verification Commands | Check | Command | |-------|---------| | All validation (CI) | `bash scripts/verify/run-all-validation.sh [--skip-genesis]` | | Full verification (6 steps) | `bash scripts/verify/run-full-verification.sh` | | E2E routing only | `bash scripts/verify/verify-end-to-end-routing.sh` | | Config files | `bash scripts/validation/validate-config-files.sh` | | Genesis (smom-dbis-138) | `bash smom-dbis-138/scripts/validation/validate-genesis.sh` | | Wave 0 from LAN | `bash scripts/run-wave0-from-lan.sh [--dry-run] [--skip-backup] [--skip-rpc-fix]` | | NPMplus backup cron | `bash scripts/maintenance/schedule-npmplus-backup-cron.sh [--install|--show]` | | Daily/weekly cron | `bash scripts/maintenance/schedule-daily-weekly-cron.sh [--install|--show]` | --- ## Part 10 — Reference Documents | Doc | Purpose | |-----|---------| | [FULL_PARALLEL_EXECUTION_ORDER.md](FULL_PARALLEL_EXECUTION_ORDER.md) | Wave order; run in parallel within each wave. | | [WAVE2_WAVE3_OPERATOR_CHECKLIST.md](WAVE2_WAVE3_OPERATOR_CHECKLIST.md) | Operator checklist for W0, W2, W3, Ongoing. | | [TODO_TASK_LIST_MASTER.md](TODO_TASK_LIST_MASTER.md) | Consolidated TODO with validation commands. | | [PLACEHOLDERS_AND_REQUIRED_ADDITIONS_LIST.md](PLACEHOLDERS_AND_REQUIRED_ADDITIONS_LIST.md) | Placeholders and required additions. | | [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](../ALL_IMPROVEMENTS_AND_GAPS_INDEX.md) | Items 1–139 detail. | | [MISSING_CONTAINERS_LIST.md](../03-deployment/MISSING_CONTAINERS_LIST.md) | Canonical missing VMIDs: 2506, 2507, 2508. | | [OPERATIONAL_RUNBOOKS.md](../03-deployment/OPERATIONAL_RUNBOOKS.md) | Procedures and maintenance. | | [CCIP_DEPLOYMENT_SPEC.md](../07-ccip/CCIP_DEPLOYMENT_SPEC.md) | Phase 3 CCIP fleet. | | [reports/API_KEYS_REQUIRED.md](../../reports/API_KEYS_REQUIRED.md) | API keys and sign-up URLs. | --- **Completion rule:** All tasks in Parts 1–7 that are not Deferred (Def) must be done or explicitly accepted as optional for E2E. Wave 0 gates unblock many verifications; Wave 2/3 unblock full CCIP and tenant isolation. Ongoing (Part 5) runs indefinitely. **Detailed steps for each remaining task:** [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md) — step-by-step instructions for W0, W1, W2, W3, Ongoing, cron installs, CT-1a, API keys, and placeholders.