118 lines
15 KiB
Markdown
118 lines
15 KiB
Markdown
# DBIS RTGS E2E Requirements Matrix
|
|
|
|
**Last updated:** 2026-03-29
|
|
**Purpose:** Canonical implementation matrix for the full DBIS RTGS stack across Chain 138, OMNL / Fineract, HYBX sidecars, and the related Hyperledger layers. This document turns the RTGS TODO section into an executable requirements and production-gate artifact.
|
|
|
|
## Status legend
|
|
|
|
- `Complete` — implemented and verified enough to be used in production for the stated role
|
|
- `Partial` — exists or works in a narrow slice, but not yet enough for full production use
|
|
- `Planned` — intentionally in scope, but not yet deployed or validated
|
|
- `Reserved placeholder` — inventory exists, but is not an active deployed workload
|
|
- `Retired / standby` — not active; retained only as reserve inventory until rebuilt
|
|
|
|
## Core matrix
|
|
|
|
| Component | Current status | Owner | Current source / repo artifact | Main blockers | Production-gate criteria |
|
|
|-----------|----------------|-------|--------------------------------|---------------|--------------------------|
|
|
| Chain 138 Besu validator / sentry / RPC baseline | Complete | DBIS / infra ops | [check-chain138-rpc-health.sh](../../scripts/verify/check-chain138-rpc-health.sh), [DBIS_PHASES_1_TO_3_PRODUCTION_GATE.md](DBIS_PHASES_1_TO_3_PRODUCTION_GATE.md) | None for baseline | Public and core RPC healthy, head spread `0`, peer counts healthy, required wallet/explorer methods working |
|
|
| Explorer / Blockscout | Complete | DBIS / explorer ops | `explorer-monorepo`, explorer routing/API runbooks | Ongoing normal maintenance only | Explorer routes, API, token metadata, and RPC capability metadata remain healthy |
|
|
| FireFly primary `6200` | Partial | DBIS workflow / infra ops | [DBIS_HYPERLEDGER_RUNTIME_STATUS.md](DBIS_HYPERLEDGER_RUNTIME_STATUS.md) | Minimal local gateway only; no proven multiparty production workflow yet | API healthy, config preserved, event model defined, cross-system orchestration validated |
|
|
| FireFly secondary `6201` | Retired / standby | DBIS workflow / infra ops | [DBIS_HYPERLEDGER_RUNTIME_STATUS.md](DBIS_HYPERLEDGER_RUNTIME_STATUS.md) | Empty rootfs; no valid deployment payload | Either rebuilt as a real secondary node and verified, or left explicitly retired in all architecture claims |
|
|
| Fabric `6000-6002` | Reserved placeholder | DBIS architecture / infra ops | [DBIS_HYPERLEDGER_RUNTIME_STATUS.md](DBIS_HYPERLEDGER_RUNTIME_STATUS.md), [DBIS_NODE_ROLE_MATRIX.md](../02-architecture/DBIS_NODE_ROLE_MATRIX.md) | No app payload, no listeners, no active peer/orderer processes | Either deploy real Fabric workloads and validate them, or keep them stopped and excluded from “active stack” claims |
|
|
| Indy `6400-6402` | Reserved placeholder | DBIS architecture / infra ops | [DBIS_HYPERLEDGER_RUNTIME_STATUS.md](DBIS_HYPERLEDGER_RUNTIME_STATUS.md), [DBIS_NODE_ROLE_MATRIX.md](../02-architecture/DBIS_NODE_ROLE_MATRIX.md) | No app payload, no listeners, no active Indy processes | Either deploy real Indy workloads and validate them, or keep them stopped and excluded from “active stack” claims |
|
|
| Aries | Planned | Identity architecture lead | [DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md](DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md), [TODO_TASK_LIST_MASTER.md](../00-meta/TODO_TASK_LIST_MASTER.md) | No deployed Aries runtime, no agent model defined | Decide in/out of scope; if in, deploy agents, define DID/wallet/protocol model, validate credential flows |
|
|
| AnonCreds | Planned | Identity architecture lead | [DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md](DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md), [TODO_TASK_LIST_MASTER.md](../00-meta/TODO_TASK_LIST_MASTER.md) | No deployed credential flow, no issuer/holder/verifier model frozen | Decide in/out of scope; if in, define schema/credential lifecycle and validation path |
|
|
| Ursa | Planned | Identity / cryptography architecture lead | [DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md](DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md), [TODO_TASK_LIST_MASTER.md](../00-meta/TODO_TASK_LIST_MASTER.md) | No explicit runtime control or deployment model defined | Decide in/out of scope; if in, document cryptographic role and operational dependency model |
|
|
| Cacti | Planned | Interoperability architecture lead | [dbis_chain_138_technical_master_plan.md](../../dbis_chain_138_technical_master_plan.md) | Not proven as current live interoperability engine | Decide in/out of scope; if in, deploy and validate real cross-ledger integration path |
|
|
| Caliper | Planned | Performance / QA lead | [CALIPER_CHAIN138_PERF_HOOK.md](CALIPER_CHAIN138_PERF_HOOK.md) | Hook exists, benchmark harness not yet routine | Add benchmark harness and run approved RTGS workload profiles |
|
|
| OMNL / Fineract API rail | Partial | OMNL / banking ops | [HYBX_BATCH_001_OPERATOR_CHECKLIST.md](../04-configuration/mifos-omnl-central-bank/HYBX_BATCH_001_OPERATOR_CHECKLIST.md), [scripts/omnl](../../scripts/omnl), [API_DOCUMENTATION.md](../11-references/API_DOCUMENTATION.md) | Full production package flow and participant model are not yet frozen as the canonical RTGS rail | Office / GL / JE / snapshot / package flow runs cleanly against live API and is operator-repeatable |
|
|
| Mifos X frontend / Fineract tenant | Partial | OMNL / banking ops | [ALL_VMIDS_ENDPOINTS.md](../04-configuration/ALL_VMIDS_ENDPOINTS.md), Mifos deployment docs | Authenticated tenant is now proven live for sidecar posting, but operator runbook and production participant model remain incomplete | UI/API confirmed healthy, tenant/auth stable, operator runbook complete |
|
|
| HYBX participant / office / treasury model | Planned | Banking architecture lead | OMNL scripts and central-bank config | Participant model and treasury structure not yet frozen end-to-end | Office IDs, treasury accounts, GL mapping, nostro/vostro model, and settlement roles are documented and accepted |
|
|
| Mojaloop integration | Planned | Payments interoperability lead | [DBIS_MOJALOOP_INTEGRATION_STATUS.md](DBIS_MOJALOOP_INTEGRATION_STATUS.md) | No proven live Mojaloop switch endpoint set or callback contract in repo-backed state | Endpoint/auth contract documented, quote/transfer/callback flow integrated, settlement-window behavior mapped to accounting and chain settlement |
|
|
| HYBX sidecar layer | Partial | HYBX app / integration lead | [DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md](DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md) | Sidecars available, but full orchestration and system-of-record ownership not yet frozen | Sidecar-by-sidecar purpose, auth, ingress/egress, retries, and system-of-record ownership documented and validated |
|
|
| `mifos-fineract-sidecar` | Partial | HYBX integration lead | [DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md](DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md), [DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md](DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md) | Runtime is deployed on Proxmox, healthy, and has completed one authenticated live OMNL posting, but chain-settlement and evidence legs are still open | Sidecar API and event flow documented, at least one authenticated live transfer completed, and downstream settlement/evidence path validated |
|
|
| `mt103-hardcopy-sidecar` | Partial | HYBX integration lead | [DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md](DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md) | Ingestion path not yet tied into canonical RTGS workflow | MT103 ingest to settlement and evidence path is documented and tested |
|
|
| `off-ledger-2-on-ledger-sidecar` | Partial | HYBX integration lead | [DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md](DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md), [DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md](DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md) | Runtime is deployed on Proxmox and healthy, but canonical off-ledger source event and authenticated Fineract flow are not yet frozen | Canonical mapping from off-ledger event to Chain 138 settlement defined and tested |
|
|
| `securitization-engine-sidecar` | Partial | HYBX integration lead | [DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md](DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md) | Regulatory/accounting role not yet tied into RTGS runbook | Accounting and reporting responsibilities explicitly mapped and validated |
|
|
| `card-networks-sidecar` | Partial | HYBX integration lead | [DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md](DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md) | Not yet placed in RTGS path | Include only if card-network settlement is in scope and integrated |
|
|
| `server-funds-sidecar` | Partial | HYBX integration lead | [DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md](DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md), [DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md](DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md) | Runtime is deployed on Proxmox and healthy, but its final treasury/system-of-record boundary is not yet frozen | Define and validate if it is needed for treasury/funding orchestration |
|
|
| Chain 138 settlement contracts | Partial | Chain 138 / settlement lead | `smom-dbis-138`, `alltra-lifi-settlement`, [CONTRACTS_TO_DEPLOY.md](../11-references/CONTRACTS_TO_DEPLOY.md) | Canonical RTGS path not yet frozen across off-ledger ↔ on-ledger events | Final contract set chosen, deployed addresses frozen, flow tested end-to-end |
|
|
| MerchantSettlementRegistry | Partial | Chain 138 / settlement lead | `alltra-lifi-settlement` docs and deploy scripts | Need explicit placement in RTGS canonical flow | Registry integrated into business flow with verified inputs/outputs |
|
|
| WithdrawalEscrow | Partial | Chain 138 / settlement lead | `alltra-lifi-settlement` docs and deploy scripts | Need explicit placement in RTGS canonical flow | Escrow flow validated in settlement and withdrawal scenarios |
|
|
| DBIS / compliant settlement tokens | Partial | Chain 138 / monetary architecture lead | token/contract references throughout repo | Need final RTGS instrument selection per use case | Final instrument selection, mint/burn/reserve rules, and reconciliation path are frozen |
|
|
| Reserve / oracle dependencies | Partial | Monetary controls lead | Chain 138 reserve/oracle docs and scripts | RTGS-specific dependency mapping not yet frozen | Reserve attestations and oracle dependencies are documented and operational |
|
|
| FireFly / sidecar / chain event model | Planned | Workflow architecture lead | TODOs and FireFly docs | No single canonical correlation model yet | Event catalog, IDs, retries, and compensating actions defined |
|
|
| ISO 20022 evidence and vault path | Partial | Regulatory / compliance lead | [INDONESIA_PACKAGE_4_995_EVIDENCE_STANDARD.md](../04-configuration/mifos-omnl-central-bank/INDONESIA_PACKAGE_4_995_EVIDENCE_STANDARD.md) | Need full institution-ready production completion | ISO vault manifest, hashes, and legal evidence path complete and reproducible |
|
|
| Institutional 4.995 package path | Partial | Regulatory / compliance lead | same standard + OMNL scripts | Requires real institution attestation and submission-grade evidence | `--strict` readiness passes with real institution materials |
|
|
| RTGS production gate | Planned | DBIS program owner | this matrix + [DBIS_PHASES_1_TO_3_PRODUCTION_GATE.md](DBIS_PHASES_1_TO_3_PRODUCTION_GATE.md) | Not all subsystems are green | All mandatory rows for the chosen RTGS architecture are `Complete` |
|
|
|
|
## First-slice implementation note
|
|
|
|
The current recommended first production slice is frozen in:
|
|
|
|
- [DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md](DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md)
|
|
- [DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md](DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md)
|
|
|
|
As of 2026-03-29, the following first-slice sidecars are deployed on Proxmox VE and runtime-healthy:
|
|
|
|
- `mifos-fineract-sidecar`
|
|
- `server-funds-sidecar`
|
|
- `off-ledger-2-on-ledger-sidecar`
|
|
|
|
Additional proven fact for the first slice:
|
|
|
|
- `mifos-fineract-sidecar` has completed at least one authenticated live transfer into OMNL / Fineract with verified debit/credit journal entries (`transactionId: a16a10b3bc47`).
|
|
|
|
This is still not equivalent to full RTGS production completion. The deployment checklist remains the gate for chain settlement, evidence output, and the remaining sidecar lanes.
|
|
|
|
## Immediate execution priorities
|
|
|
|
### Priority 1 — Freeze the canonical banking rail
|
|
|
|
1. Freeze the canonical HYBX batch / settlement operator flow on top of the now-proven OMNL tenant/auth path.
|
|
2. Lock the participant / treasury / GL model.
|
|
3. Extend authenticated business-flow validation beyond SCSM into the remaining in-scope sidecars.
|
|
|
|
### Priority 2 — Freeze the interoperability path
|
|
|
|
1. Decide whether Mojaloop is in-scope now or a later phase.
|
|
2. Decide which HYBX sidecars are truly part of the initial RTGS path.
|
|
3. Decide whether Aries / AnonCreds / Ursa are required in the first production slice.
|
|
|
|
### Priority 3 — Freeze the settlement path
|
|
|
|
1. Define the exact off-ledger to on-ledger mapping.
|
|
2. Freeze the Chain 138 contract path used by RTGS.
|
|
3. Define reconciliation and evidence outputs for each settlement batch.
|
|
|
|
## Minimum “full RTGS E2E” green criteria
|
|
|
|
The RTGS stack can be called fully end-to-end only when all of the following are true:
|
|
|
|
1. The Fineract / OMNL operator flow runs cleanly against the intended live tenant.
|
|
2. The participant / treasury / GL model is frozen and documented.
|
|
3. The required HYBX sidecars are integrated and their boundaries are documented.
|
|
4. If Mojaloop is in scope, quote / transfer / callback / settlement logic is live and validated.
|
|
5. The Chain 138 settlement path is frozen and validated.
|
|
6. Required Hyperledger identity/workflow layers are either:
|
|
- deployed and validated, or
|
|
- explicitly out of scope for the first production slice.
|
|
7. Regulatory evidence generation passes at submission grade.
|
|
8. The final production gate is updated to reflect those facts.
|
|
|
|
## Related artifacts
|
|
|
|
- [dbis_chain_138_technical_master_plan.md](../../dbis_chain_138_technical_master_plan.md)
|
|
- [docs/00-meta/TODO_TASK_LIST_MASTER.md](../00-meta/TODO_TASK_LIST_MASTER.md)
|
|
- [docs/03-deployment/DBIS_PHASES_1_TO_3_PRODUCTION_GATE.md](DBIS_PHASES_1_TO_3_PRODUCTION_GATE.md)
|
|
- [docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md](DBIS_HYPERLEDGER_RUNTIME_STATUS.md)
|
|
- [docs/04-configuration/mifos-omnl-central-bank/HYBX_BATCH_001_OPERATOR_CHECKLIST.md](../04-configuration/mifos-omnl-central-bank/HYBX_BATCH_001_OPERATOR_CHECKLIST.md)
|
|
- [docs/04-configuration/mifos-omnl-central-bank/INDONESIA_PACKAGE_4_995_EVIDENCE_STANDARD.md](../04-configuration/mifos-omnl-central-bank/INDONESIA_PACKAGE_4_995_EVIDENCE_STANDARD.md)
|
|
- [docs/11-references/GITEA_HYBX_ORGANIZATION_AND_REPOS.md](../11-references/GITEA_HYBX_ORGANIZATION_AND_REPOS.md)
|
|
- [DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md](DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md)
|
|
- [DBIS_MOJALOOP_INTEGRATION_STATUS.md](DBIS_MOJALOOP_INTEGRATION_STATUS.md)
|
|
- [DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md](DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md)
|
|
- [DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md](DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md)
|
|
- [DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md](DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md)
|