# DBIS Web and Institution Master Blueprint

**Status:** Executable design baseline (2026-03-30)  
**Primary domain:** https://d-bis.org  
**Purpose:** Canonical map for the multi-portal DBIS institutional web surface, data APIs, developer program, and machine-readable trust layer — aligned with deployed Chain 138 and Proxmox operations.

---

## Canonical cross-references

| Topic | Document |
|--------|-----------|
| Chain 138, Besu, Hyperledger, VMIDs | [dbis_chain_138_technical_master_plan.md](../../dbis_chain_138_technical_master_plan.md) |
| FQDN inventory and verifier | [docs/04-configuration/E2E_ENDPOINTS_LIST.md](../04-configuration/E2E_ENDPOINTS_LIST.md), [scripts/verify/verify-end-to-end-routing.sh](../../scripts/verify/verify-end-to-end-routing.sh) |
| Institutional subdomain rollout | [docs/04-configuration/DBIS_INSTITUTIONAL_SUBDOMAINS.md](../04-configuration/DBIS_INSTITUTIONAL_SUBDOMAINS.md) |
| Data API contract (OpenAPI) | [config/dbis-data-api/openapi.yaml](../../config/dbis-data-api/openapi.yaml) |
| Trust / governance / settlement / address-registry JSON schemas | [config/dbis-institutional/schemas/](../../config/dbis-institutional/schemas/), [config/dbis-institutional/README.md](../../config/dbis-institutional/README.md) |
| OMNL + Core + Chain 138 + RTGS + Smart Vaults (narrative) | [OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md](../03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md) |
| Members portal (OIDC, BFF, secure.d-bis.org) | [docs/03-deployment/DBIS_MEMBERS_PORTAL_RUNBOOK.md](../03-deployment/DBIS_MEMBERS_PORTAL_RUNBOOK.md) |
| Developers + Gitea org scaffolding | [docs/03-deployment/DBIS_DEVELOPERS_PORTAL_AND_GITEA_SCAFFOLDING.md](../03-deployment/DBIS_DEVELOPERS_PORTAL_AND_GITEA_SCAFFOLDING.md) |
| Sandbox and interoperability | [docs/03-deployment/DBIS_SANDBOX_INTEROP_RUNBOOK.md](../03-deployment/DBIS_SANDBOX_INTEROP_RUNBOOK.md) |
| Compliance / governance engine | [docs/03-deployment/DBIS_COMPLIANCE_ENGINE_ALIGNMENT.md](../03-deployment/DBIS_COMPLIANCE_ENGINE_ALIGNMENT.md) |
| HYBX compliance sidecar (technical) | [hybx_compliance_routing_sidecar_technical_plan.md](../../hybx_compliance_routing_sidecar_technical_plan.md) |

---

## 1. Layered architecture

| Layer | Authority | Notes |
|-------|-----------|--------|
| Public narrative + IA | Gov Web Portals DBIS app (Next.js), future per-subdomain frontends | Mandate, members directory, GRU storytelling, research UI |
| Settlement / ledger truth | smom-dbis-138, Besu QBFT, Hyperledger runbooks | Not replaced by web tier |
| APIs and data products | dbis-api, token-aggregation, future data.d-bis.org service | Classify: on-chain observed vs policy vs modelled |
| Developer source of truth | gitea.d-bis.org | Code, CI, releases |

---

## 2. Subdomain authority map

| Host | Boundary | First deliverable |
|------|-----------|-------------------|
| d-bis.org | Global public apex | Public portal build + trust JSON links |
| members.d-bis.org | Authenticated members | OIDC BFF; see members runbook |
| developers.d-bis.org | SDK + OpenAPI + sandbox signup | Curated site; links to Gitea |
| data.d-bis.org | Statistics + datasets | Postgres/Timescale + OpenAPI v1 |
| research.d-bis.org | Working papers | CMS or MDX pipeline |
| policy.d-bis.org | Policy publications + manifests | Versioned policy.json |
| ops.d-bis.org | Staff operations | SSO; internal runbook links |
| identity.d-bis.org | Trust anchors, DID registry reads | Docs + read API; Indy/Aries per identity runbooks |
| status.d-bis.org | SLO / uptime | Statuspage or self-hosted |
| sandbox.d-bis.org | Isolated test execution | After public read APIs stable |
| interop.d-bis.org | CBDC / cross-chain lab | CCIP / bridge runbooks |
| gitea.d-bis.org | Source control | Existing |
| docs.d-bis.org | Technical documentation | Existing |
| explorer.d-bis.org | Chain transparency | Existing |
| dbis-api.d-bis.org | Operational APIs | Existing |

---

## 3. Information architecture (public routes)

Routes implemented or specified for the DBIS portal:

- **About:** `/about`, `/governance`, `/legal`, `/timeline`, `/headquarters` (headquarters may alias contact/regions initially).
- **Members:** `/members`, `/members/[slug]` — typed directory (JSON v1 → CMS later).
- **GRU:** `/gru/overview`, `/gru/monetary-policy`, `/gru/operations`, `/gru/technical` — content-first until legal/on-chain alignment.
- **Dashboard:** `/dashboard` — role-gated shell; public “monetary snapshot” widgets link to data.d-bis.org when live.

---

## 4. Member directory metadata schema

Minimum fields (JSON Schema in repo: `config/dbis-institutional/schemas/member-directory-entry.schema.json`):

- `memberId`, `lei`, `name`, `jurisdiction`, `memberStatus`, `participationType`, `settlementRole`, `currencyParticipation`, `validatorRole`, `tier`, `roles[]`, `logoUrl` (optional).

Example institution: Organisation Mondiale du Numérique (OMNL) — seed in portal `data/members.json`.

---

## 5. Machine-readable trust layer

| Resource | Path (on apex or policy host) | Schema |
|----------|-------------------------------|--------|
| Trust anchors + endpoints | `/.well-known/trust.json` | trust.schema.json |
| Governance structure | `/governance.json` | governance.schema.json |
| Policy pointers + hashes | `/policy.json` | policy-manifest.schema.json |

Examples under `config/dbis-institutional/examples/`. Production copies served from CDN/NPM upstream with signed rotation procedures in ops runbooks.

---

## 6. Data classification (APIs)

All published metrics must declare **lineage**:

1. **on_chain** — Derived from indexer / RPC / explorer-compatible sources.  
2. **policy** — Published by policy officers; versioned documents.  
3. **modelled** — Simulations or aggregates not asserted as settlement truth.

OpenAPI `x-dbis-lineage` extension documents this per operation (see `config/dbis-data-api/openapi.yaml`).

---

## 7. Phased delivery (summary)

| Phase | Focus |
|-------|--------|
| 0 | This blueprint + schemas + OpenAPI stub + subdomain inventory |
| 1 | Public portal IA (DBIS app), static trust JSON, NPM apex |
| 2 | data.d-bis.org service + Timescale ingest |
| 3 | developers.d-bis.org + Gitea org/topics |
| 4 | members.d-bis.org MVP |
| 5 | policy, research, ops, status hosts |
| 6 | Compliance sidecar + interop lab |

---

## 8. Risk register (early decisions)

- **GRU:** Legal and communications stance before binding any “supply” metric to on-chain state.  
- **members vs secure.d-bis.org:** Complement or supersede — see [DBIS_MEMBERS_PORTAL_RUNBOOK.md](../03-deployment/DBIS_MEMBERS_PORTAL_RUNBOOK.md).  
- **Kubernetes:** Proxmox-first until a cluster program exists; avoid dual orchestration overhead.

---

*This document is the web/institution counterpart to the Chain 138 technical master plan; keep cross-links updated after major deploys.*