proxmox/config/jvmtm-regulatory-closure

JVMTM / regulatory closure artifacts (E2E archive)

Regulators accept execution evidence, not intent. JSON schemas and templates are the sockets; generated reconciliations, vendor KYT exports, and executed BCP drills are the current. Read first: OPERATIONAL_EVIDENCE_VS_TEMPLATES.md.

Audit engagement 018215821582 / INAAUDJVMTM / 2025 — Tables B, C, D: row-by-row closure matrix (weakness vs standard, transaction flow, systemic risk → archive artefacts and honest limits): INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md (bundled in the E2E zip and listed in SETTLEMENT_CLOSURE.json).

Transaction-grade operator pack

This directory now includes a transaction-operator layer that sits between the audit closure matrix and live settlement execution:

Artifact	Purpose
JVMTM_TRANSACTION_GRADE_COMPLIANCE_MATRIX.md	Human-readable operator matrix grouped by transaction phase.
transaction-compliance-matrix.json	Canonical machine-readable control library.
transaction-compliance-matrix.csv	Spreadsheet-friendly export generated from the canonical JSON.
schemas/transaction-compliance-execution.schema.json	Per-transfer execution envelope schema.
examples/transaction-compliance-execution.example.json	Ready / pass example envelope.
examples/transaction-compliance-execution.blocked.example.json	Blocked / fail example envelope.

Design rule: JSON is canonical; CSV is convenience-only. The execution envelope references evidence by path or slot and should not inline full vendor exports or duplicate settlement-event payloads. Every envelope must carry an instruction_ref; settlement_event_ref is optional until a canonical settlement event actually exists.

Event-generated evidence (run before zipping)

Goal	Command
3-way from Fineract + chain (+ optional bank file/env)	bash scripts/omnl/generate-3way-reconciliation-evidence.sh → output/jvmtm-evidence/latest-3way-result.json
ACK before credit vs journal	bash scripts/omnl/verify-ack-before-credit.sh acknowledgements/pre-settlement-ack.json <journalEntryId>
KYT vendor (refuses if unset)	bash scripts/omnl/fetch-kyt-vendor-report.sh
RPC reachability / secondary smoke	bash scripts/omnl/bcp-rpc-failover-smoke.sh

Then run build-omnl-e2e-settlement-audit-archive.sh (it picks up latest-3way-result.json as reconciliation/3way-result.json when present).

Mandatory four (archive paths)

Archive path	Schema	Example (source)
reconciliation/daily-3way-reconciliation-report.json	schemas/daily-3way-reconciliation-report.schema.json	examples/daily-3way-reconciliation-report.example.json
liquidity/prefunding-proof.json	schemas/prefunding-proof.schema.json	examples/prefunding-proof.example.json
acknowledgements/pre-settlement-ack.json	schemas/pre-settlement-ack.schema.json	examples/pre-settlement-ack.example.json
exceptions/exception-policy.md	— (Markdown)	policies/exception-policy.md
exceptions/sample-exception-event.json	schemas/sample-exception-event.schema.json	examples/sample-exception-event.example.json

Optional supplementary (same audit mapping):

Archive path	Schema	Example
validation/kyt-screening-result.json	schemas/kyt-screening-result.schema.json	examples/kyt-screening-result.example.json
bcp/recovery-time-report.json	schemas/recovery-time-report.schema.json	examples/recovery-time-report.example.json
bcp/failover-test-log.txt	—	examples/failover-test-log.example.txt
disaster-recovery/DR-simulation-report.json	schemas/dr-simulation-report.schema.json	examples/dr-simulation-report.example.json
monitoring/real-time-balance-snapshot.json	schemas/real-time-balance-snapshot.schema.json	examples/real-time-balance-snapshot.example.json

Operator workflow

1. Generate or collect live evidence:

   • bash scripts/omnl/generate-3way-reconciliation-evidence.sh
   • bash scripts/omnl/verify-ack-before-credit.sh acknowledgements/pre-settlement-ack.json <journalEntryId>
   • bash scripts/omnl/fetch-kyt-vendor-report.sh
   • bash scripts/omnl/bcp-rpc-failover-smoke.sh

2. Fill a per-transaction execution envelope using:

   • examples/transaction-compliance-execution.example.json
   • examples/transaction-compliance-execution.blocked.example.json
   • blocked / pre-exec cases should keep instruction_ref and omit settlement_event_ref

3. Copy examples to a private directory; fill with live figures, bank statements, chain refs, named reviewers, and place live transaction envelopes under transactions/.

4. Point the archive builder at that directory:

   JVMTM_CLOSURE_DIR=/path/to/live-closure-evidence \
     bash scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh
   

   Expected filenames inside JVMTM_CLOSURE_DIR (same basenames as archive):

   • daily-3way-reconciliation-report.json
   • prefunding-proof.json
   • pre-settlement-ack.json
   • sample-exception-event.json (optional override)
   • kyt-screening-result.json, recovery-time-report.json, DR-simulation-report.json, real-time-balance-snapshot.json, failover-test-log.txt (optional)
   • transactions/*.json (optional live transaction execution envelopes)

   If JVMTM_CLOSURE_DIR is unset, the builder stages repo examples (clearly placeholders — replace for real examination).

5. Run validation:

   bash scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh
   

   This now validates:

   • the existing JVMTM example/schema pairs when check-jsonschema is installed
   • the transaction execution schema against both example envelopes
   • the transaction-grade pack consistency (unique control_id, JSON/CSV sync, valid repo paths/runtime slots, example control references, and Markdown control coverage)

Validation

bash scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh

Uses check-jsonschema when installed (pip install check-jsonschema). The script also runs scripts/validation/validate-jvmtm-transaction-compliance-pack.py to verify the canonical JSON matrix, CSV export, and execution-envelope examples stay synchronized. CI runs this in validate-config.yml.

Policy

See policies/exception-policy.md and OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md.