d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4eead3e53fecdb2b7e629bb9f56b22ff92c61d2e
proxmox/scripts/omnl/check-transaction-package-4995-readiness.sh
defiQUG 95522d3bca
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
feat(omnl): HYBX-BATCH-001 package, rail scripts, regulatory docs, CI 
- Add OMNL/CBK Indonesia submission and audit binder docs, manifests, attestations
- Add scripts/omnl transaction-package pipeline, LEI/PvP helpers, jq/lib fixtures
- Update entity master data, MASTER_INDEX, TODOS, dbis-rail docs and rulebook
- Add proof_package/regulatory skeleton and transaction package zip + snapshot JSON
- validate-omnl-rail workflow, forge-verification-proxy tweak, .gitignore hygiene
- Bump smom-dbis-138 (cronos verify docs/scripts) and explorer-monorepo (SPA + env report)

Made-with: Cursor
2026-03-24 18:11:36 -07:00

118 lines
4.9 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# Verify HYBX-BATCH-001 package meets INDONESIA_PACKAGE_4_995_EVIDENCE_STANDARD.md (--strict).
# Usage:
# bash scripts/omnl/check-transaction-package-4995-readiness.sh <unzipped-root>
# bash scripts/omnl/check-transaction-package-4995-readiness.sh --strict <unzipped-root>
# Exit 0 only if all checks pass.
set -euo pipefail
REPO_ROOT="${REPO_ROOT:-$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)}"
STRICT=0
if [ "${1:-}" = "--strict" ]; then
STRICT=1
shift
fi
ROOT="${1:-}"
if [ -z "$ROOT" ] || [ ! -d "$ROOT" ]; then
echo "Usage: $0 [--strict] <unzipped-package-root>" >&2
exit 2
fi
ROOT=$(cd "$ROOT" && pwd)
fail=0
ok() { echo "PASS: $*"; }
bad() { echo "FAIL: $*" >&2; fail=1; }
need_file() { [ -f "$ROOT/$1" ] || bad "missing $1"; }
need_file "00_Cover/audit_manifest.json"
need_file "00_Cover/HASH_NOTARIZATION_ANCHOR.txt"
need_file "Volume_C/Section_6/hybx_batch_001_ledger.csv"
need_file "Volume_C/Section_6/hybx_ledger_batch_manifest.txt"
need_file "Volume_C/Section_7/merkle_root_HYBX-BATCH-001.txt"
need_file "Volume_C/Section_7/merkle_generation_log.txt"
need_file "Appendix/INDONESIA_PACKAGE_4_995_EVIDENCE_STANDARD.md"
need_file "Appendix/INDONESIA_MASTER_PROOF_MANIFEST.md"
need_file "Appendix/ISO20022_VAULT_MANIFEST_HYBX-BATCH-001.json"
need_file "Appendix/AML_PPATK_EVIDENCE_SCHEDULE_HYBX-BATCH-001.md"
need_file "Appendix/BI_REPORTING_CROSSWALK_HYBX-BATCH-001.md"
need_file "Appendix/MOF_ALIGNMENT_MEMO_HYBX-BATCH-001.md"
need_file "Appendix/OJK_PRUDENTIAL_BRIDGE_HYBX-BATCH-001.md"
need_file "Appendix/LEGAL_FINALITY_COUNSEL_MEMO_REQUIREMENTS_HYBX-BATCH-001.md"
need_file "Appendix/INDEPENDENT_AUDIT_4_995_REQUIREMENTS_HYBX-BATCH-001.md"
need_file "Appendix/INDONESIA_REGULATORY_REFERENCES_ANNEX.md"
if command -v python3 >/dev/null; then
python3 "${REPO_ROOT}/scripts/omnl/verify-transaction-package-commitment.py" "$ROOT" && ok "content commitment" || bad "content commitment"
else
bad "python3 missing — cannot verify commitment"
fi
if ! grep -q '1000000000' "$ROOT/Volume_C/Section_6/hybx_ledger_batch_manifest.txt" 2>/dev/null; then
bad "ledger manifest missing control sum 1000000000"
else ok "control sum line present"; fi
if [ "$STRICT" = 1 ]; then
SNAP="$ROOT/Volume_A/Section_2/omnl_transaction_package_snapshot.json"
need_file "Volume_A/Section_2/omnl_transaction_package_snapshot.json"
if command -v jq >/dev/null; then
src=$(jq -r '.snapshotMeta.source // empty' "$SNAP")
if [ "$src" != "live-api" ]; then
bad "snapshot snapshotMeta.source must be \"live-api\" for 4.995 (got: ${src:-empty})"
else ok "OMNL snapshot live-api"; fi
else bad "jq required for --strict"; fi
ISO="$ROOT/Appendix/ISO20022_VAULT_MANIFEST_HYBX-BATCH-001.json"
if command -v jq >/dev/null; then
jq -e '.messages | length > 0' "$ISO" >/dev/null || bad "ISO manifest: no messages"
while IFS= read -r sha; do
case "$sha" in
REPLACE_*|"") bad "ISO manifest sha256 not finalized: $sha" ;;
esac
done < <(jq -r '.messages[].sha256 // empty' "$ISO")
ok "ISO vault manifest structure"
fi
AML="$ROOT/Appendix/AML_PPATK_EVIDENCE_SCHEDULE_HYBX-BATCH-001.md"
if ! grep -q "Certification" "$AML" || ! grep -q "PPATK" "$AML"; then bad "AML schedule missing required sections"; else ok "AML schedule headings"; fi
ATT="$ROOT/Appendix/INSTITUTIONAL_PACKAGE_SCORE_ATTESTATION_4_995.json"
if [ ! -f "$ATT" ]; then
bad "missing Appendix/INSTITUTIONAL_PACKAGE_SCORE_ATTESTATION_4_995.json (copy from .EXAMPLE.json, complete, remove REPLACE_)"
elif command -v jq >/dev/null; then
tgt=$(jq -r '.targetScorePerCategory // 0' "$ATT")
# float compare via awk
awk -v t="$tgt" 'BEGIN{exit !(t+0 >= 4.995)}' || bad "targetScorePerCategory must be >= 4.995"
jq -e '.certifiedBy | length >= 2' "$ATT" >/dev/null || bad "certifiedBy needs >= 2 entries"
while read -r k v; do
awk -v x="$v" 'BEGIN{exit !(x+0 >= 4.995)}' || bad "categoryScores.$k below 4.995 ($v)"
done < <(jq -r '.categoryScores | to_entries[] | "\(.key) \(.value)"' "$ATT")
for path in legalFinality.counselMemoPdfSha256 independentAudit.reportPdfSha256; do
val=$(jq -r ".$path // empty" "$ATT")
case "$val" in
REPLACE*|"") bad "attestation $path not finalized" ;;
esac
done
ok "institutional attestation JSON"
fi
ANN="$ROOT/Appendix/INDONESIA_REGULATORY_REFERENCES_ANNEX.md"
if grep -F 'INSTITUTION: insert' "$ANN" >/dev/null 2>&1; then
bad "regulatory annex still contains literal \"INSTITUTION: insert\" — replace every cell with real citations"
else
ok "regulatory annex citations completed"
fi
fi
if [ "$fail" = 0 ]; then
echo ""
if [ "$STRICT" = 1 ]; then
echo "=== RESULT: 4.995 STRICT GATE — PASS (all categories attested + structural) ==="
else
echo "=== RESULT: structural checks PASS — run --strict for full 4.995 gate ==="
fi
exit 0
fi
echo "" >&2
echo "=== RESULT: FAIL (see above) ===" >&2
exit 1
Reference in New Issue View Git Blame Copy Permalink