d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fbe027bf04d72efa644d1593d35178ea336eca3f
proxmox/docs/00-meta/ALL_REQUIREMENTS.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

245 lines
12 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# All Requirements — Master List
**Last Updated:** 2026-02-05
**Purpose:** Single source for all project requirements. Use for compliance, traceability, and execution.
**Sources:** MASTER_PLAN, PHASES_AND_TASKS_MASTER, TODO_TASK_LIST_MASTER, [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md), MISSING_CONTAINERS_LIST, CCIP_DEPLOYMENT_SPEC, IMPLEMENTATION_CHECKLIST, OPERATIONAL_RUNBOOKS, MASTER_SECRETS_INVENTORY, FULL_PARALLEL_EXECUTION_ORDER.
---
## 1. Foundation (Phase 0) — ✅ Done
| ID | Requirement | Source | Status |
|----|-------------|--------|--------|
| F-1 | Proxmox management accessible (ml110, r630-01, r630-02) | PHASES_AND_TASKS_MASTER | ✅ Done |
| F-2 | Edge: UDM Pro; port forward 76.53.10.36:80/443 → 192.168.11.167 (NPMplus) | DEPLOYMENT_STATUS_MASTER | ✅ Done |
| F-3 | Basic Besu containers deployed (validators, sentries, RPC per inventory) | DEPLOYMENT_STATUS_MASTER | ✅ Done |
| F-4 | config/ip-addresses.conf and .env.example present; validation passes | run-all-validation.sh | ✅ Done |
---
## 2. Security Requirements
| ID | Requirement | Source | Priority |
|----|-------------|--------|----------|
| S-1 | .env permissions: chmod 600 | IMPLEMENTATION_CHECKLIST | Required |
| S-2 | Validator key permissions: chmod 600, chown besu; use secure-validator-keys.sh | OPERATIONAL_RUNBOOKS § Phase 2 | Required |
| S-3 | SSH key-based auth; disable password (coordinate to avoid lockout) | setup-ssh-key-auth.sh | Required |
| S-4 | Firewall: restrict Proxmox API port 8006 to admin CIDR | firewall-proxmox-8006.sh | Required |
| S-5 | No real API keys in .env.example; document in MASTER_SECRETS_INVENTORY | MASTER_PLAN §3.1 | Required |
| S-6 | Rotate any exposed keys; private keys not in docs | MASTER_SECRETS_INVENTORY | Critical |
| S-7 | smom: Security audits VLT-024, ISO-024 | PHASES_AND_TASKS_MASTER | Critical |
| S-8 | smom: Bridge integrations BRG-VLT, BRG-ISO | PHASES_AND_TASKS_MASTER | High |
| S-9 | Network segmentation (VLANs): plan and migrate per NETWORK_ARCHITECTURE | IMPLEMENTATION_CHECKLIST | Optional |
---
## 3. Deployment Requirements
### 3.1 Missing Containers (canonical: 3 only)
| ID | Requirement | VMID | Spec | Source |
|----|-------------|------|------|--------|
| D-1 | Create besu-rpc-luis (Luis 0x1) | 2506 | 16GB, 4 CPU, 200GB; JWT required | MISSING_CONTAINERS_LIST |
| D-2 | Create besu-rpc-putu (Putu 0x8a) | 2507 | Same | MISSING_CONTAINERS_LIST |
| D-3 | Create besu-rpc-putu (Putu 0x1) | 2508 | Same | MISSING_CONTAINERS_LIST |
### 3.2 Phase 1 — VLAN (optional)
| ID | Requirement | Source |
|----|-------------|--------|
| D-4 | UDM Pro VLAN config | PHASES_AND_TASKS_MASTER |
| D-5 | VLAN-aware bridge on Proxmox | PHASES_AND_TASKS_MASTER |
| D-6 | Services migrated to VLANs per NETWORK_ARCHITECTURE | DEPLOYMENT_STATUS_MASTER |
### 3.3 Phase 2 — Observability (required)
| ID | Requirement | Source |
|----|-------------|--------|
| D-7 | Monitoring stack: Prometheus, Grafana, Loki, Alertmanager | PHASES_AND_TASKS_MASTER |
| D-8 | Prometheus scrape Besu 9545; config in config/monitoring/ | phase2-observability.sh |
| D-9 | Grafana published via Cloudflare Access | PHASES_AND_TASKS_MASTER |
| D-10 | Alerts configured (Alertmanager, email/webhook) | OPERATIONAL_RUNBOOKS § Phase 2 |
### 3.4 Phase 3 — CCIP Fleet (required)
| ID | Requirement | VMIDs / scope | Source |
|----|-------------|----------------|--------|
| D-11 | CCIP Ops/Admin deployed | 5400-5401 | CCIP_DEPLOYMENT_SPEC |
| D-12 | CCIP Monitoring nodes | 5402-5403 | CCIP_DEPLOYMENT_SPEC |
| D-13 | 16 Commit nodes | 5410-5425 | CCIP_DEPLOYMENT_SPEC |
| D-14 | 16 Execute nodes | 5440-5455 | CCIP_DEPLOYMENT_SPEC |
| D-15 | 7 RMN nodes | 5470-5476 | CCIP_DEPLOYMENT_SPEC |
| D-16 | NAT pools configured (blocks #2#4 per NETWORK_ARCHITECTURE) | CCIP_DEPLOYMENT_SPEC |
| D-17 | Env: CCIP_ETH_ROUTER, CCIP_ETH_LINK_TOKEN, ETH_MAINNET_SELECTOR (mainnet CCIP) | ccip-deploy-checklist.sh |
### 3.5 Phase 4 — Sovereign Tenants (required)
| ID | Requirement | Source |
|----|-------------|--------|
| D-18 | Sovereign VLANs configured (200203) | phase4-sovereign-tenants.sh, OPERATIONAL_RUNBOOKS |
| D-19 | Tenant isolation enforced; access control | PHASES_AND_TASKS_MASTER |
| D-20 | Block #6 egress NAT; verify tenant isolation | NETWORK_ARCHITECTURE |
---
## 4. Backup & Maintenance Requirements
| ID | Requirement | Frequency / scope | Source |
|----|-------------|-------------------|--------|
| B-1 | Automated config backup (Proxmox configs) | On demand or cron | automated-backup.sh |
| B-2 | NPMplus backup (export/config) when NPMplus up | NPM_PASSWORD; schedule-npmplus-backup-cron.sh | Wave 0 / W1-8 |
| B-3 | Backup validator keys (encrypted); 30-day retention | IMPLEMENTATION_CHECKLIST | Required |
| B-4 | Daily maintenance checks: explorer sync, RPC 2201 | Daily 08:00 | schedule-daily-weekly-cron.sh |
| B-5 | Weekly: Config API uptime, review explorer logs | Sun 09:00 | daily-weekly-checks.sh weekly |
| B-6 | Token list: validate; update as needed (token-lists/lists/dbis-138.tokenlist.json) | As needed | OPERATIONAL_RUNBOOKS [139] |
---
## 5. Configuration & Secrets Requirements
| ID | Requirement | Source |
|----|-------------|--------|
| C-1 | config/ip-addresses.conf present and sourced | validate-config-files.sh |
| C-2 | .env from .env.example; no real keys in repo | MASTER_SECRETS_INVENTORY |
| C-3 | ADMIN_CENTRAL_API_KEY, DBIS_CENTRAL_URL for portal/token-agg/multi-chain | MASTER_PLAN §9 |
| C-4 | PRIVATE_KEY (deployer) for bridge/sendCrossChain; LINK approved for fee | run-send-cross-chain.sh |
| C-5 | NPM_PASSWORD for NPMplus backup/export | backup-npmplus.sh |
| C-6 | PROXMOX_* optional for API; SSH used for host access | config validation |
| C-7 | JWT auth for RPC 25032508; nginx reverse proxy | CHAIN138_JWT_AUTH_REQUIREMENTS |
---
## 6. Codebase Requirements
| ID | Requirement | Component | Priority |
|----|-------------|-----------|----------|
| R-1 | Security audits VLT-024, ISO-024 | smom-dbis-138 | Critical |
| R-2 | Bridge integrations BRG-VLT, BRG-ISO | smom-dbis-138 | High |
| R-3 | CCIP AMB full implementation | smom-dbis-138 | High |
| R-4 | Vault/ISO test suites exist | smom-dbis-138 | ✅ Done |
| R-5 | deploy-vault-system.sh (VLT-010018, ISO-009018) | smom-dbis-138 | ✅ Done |
| R-6 | IRU remaining tasks (OFAC/sanctions/AML) | dbis_core | High |
| R-7 | TypeScript/Prisma fixes (~1186 errors) or defer | dbis_core | High |
| R-8 | REST API backend, migrations, VITE_USE_REAL_API | OMNIS | ✅ Scaffold |
| R-9 | Sankofa Phoenix SDK auth (VITE_SANKOFA_*) | OMNIS | High |
| R-10 | Placeholders: AlltraAdapter setBridgeFee; smart accounts kit; TezosRelayService; quote-service Fabric chainId | PLACEHOLDERS_AND_TBD | High |
---
## 7. Protection Layer & Admin Requirements (MASTER_PLAN)
| ID | Requirement | Target |
|----|-------------|--------|
| P-1 | Central policy and audit: permission check API, audit append/query | dbis_core Admin Central |
| P-2 | Orchestration portal: JWT + central permission + audit (replace x-admin-token) | MASTER_PLAN §2.2 |
| P-3 | Token-aggregation admin: auth + audit for admin endpoints | MASTER_PLAN §2.2 |
| P-4 | Multi-chain-execution admin: JWT or client-credentials + audit | MASTER_PLAN §2.2 |
| P-5 | Org-level panel: global identity, role matrix, central audit viewer | admin-console-frontend-plan Phase 4/6 |
| P-6 | Admin runner for scripts/MCP: identity + permission + audit log | OPERATIONAL_RUNBOOKS, MASTER_PLAN §2.4 |
---
## 8. Wave Execution Requirements
### Wave 0 (gates; run from LAN when creds ready)
| ID | Requirement | Command / note |
|----|-------------|----------------|
| W0-1 | Apply NPMplus RPC fix (405) | From LAN: `bash scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh` |
| W0-2 | Execute sendCrossChain (real) | Omit `--dry-run`; PRIVATE_KEY, LINK approved |
| W0-3 | NPMplus backup | NPM_PASSWORD; `automated-backup.sh --with-npmplus` or backup-npmplus.sh |
### Wave 1 (full parallel)
| ID | Requirement | Ref |
|----|-------------|-----|
| W1-1 | SSH key auth (--apply on hosts) | S-3 |
| W1-2 | Firewall 8006 (--apply) | S-4 |
| W1-5W1-7 | Monitoring config (Prometheus, Grafana, Loki, Alertmanager) | D-7D-10 |
| W1-8 | Backup cron: daily-weekly + NPMplus (--install when NPM_PASSWORD set) | B-1B-5 |
| W1-11W1-13 | Docs: consolidation, quick refs, IP matrix, runbooks | ALL_IMPROVEMENTS 6874, 7581 |
| W1-14W1-17 | Codebase: dbis_core TS, smom placeholders, IRU | R-6R-10 |
| W1-18W1-21 | Progress indicators, validator keys, secret audit, config validation | IMPLEMENTATION_CHECKLIST |
| W1-27W1-44 | ALL_IMPROVEMENTS 1139 by range | ALL_IMPROVEMENTS_AND_GAPS_INDEX |
### Wave 2 (infra / deploy)
| ID | Requirement | Ref |
|----|-------------|-----|
| W2-1 | Deploy monitoring stack | D-7D-10 |
| W2-2 | Grafana + Cloudflare Access; alerts | D-9, D-10 |
| W2-3 | VLAN enablement and migration | D-4D-6 |
| W2-4 | CCIP Ops/Admin (5400-5401); NAT; scripts | D-11D-17 |
| W2-5 | Phase 4 sovereign VLANs | D-18D-20 |
| W2-6 | Create missing containers 2506, 2507, 2508 | D-1D-3 |
| W2-7 | DBIS services start; Hyperledger | DEPLOYMENT_STATUS_MASTER |
| W2-8 | NPMplus HA (Keepalived, 10234) | Optional |
### Wave 3 (after Wave 2)
| ID | Requirement | Ref |
|----|-------------|-----|
| W3-1 | CCIP Fleet full deploy: commit, execute, RMN nodes | D-11D-15 |
| W3-2 | Phase 4 tenant isolation enforcement | D-18D-20 |
### Ongoing
| ID | Requirement | Status |
|----|-------------|--------|
| O-1O-5 | Daily/weekly checks; explorer logs; token list | ✅ Cron installed; token list validated |
---
## 9. Validation & Acceptance Requirements
| ID | Requirement | Command |
|----|-------------|---------|
| V-1 | CI / pre-deploy validation | `bash scripts/verify/run-all-validation.sh [--skip-genesis]` |
| V-2 | Config files | `bash scripts/validation/validate-config-files.sh` |
| V-3 | Full verification (DNS, UDM Pro, NPMplus, etc.) | `bash scripts/verify/run-full-verification.sh` |
| V-4 | E2E routing (Cloudflare domains) | `bash scripts/verify/verify-end-to-end-routing.sh` |
| V-5 | Backend VMs | `bash scripts/verify/verify-backend-vms.sh` |
| V-6 | Genesis (smom-dbis-138) | `bash smom-dbis-138/scripts/validation/validate-genesis.sh` |
| V-7 | Besu peers | `bash scripts/besu-verify-peers.sh http://192.168.11.211:8545` |
| V-8 | CCIP deploy order and env | `bash scripts/ccip/ccip-deploy-checklist.sh` |
---
## 10. Optional / External Requirements
| ID | Requirement | Source |
|----|-------------|--------|
| X-1 | API keys: Li.Fi, Jumper, 1inch (API_KEYS_REQUIRED.md) | NEXT_STEPS_MASTER |
| X-2 | Paymaster deploy (smart accounts) | SMART_ACCOUNTS_DEPLOYMENT_NOTE |
| X-3 | Token-aggregation: CoinGecko/CMC submission | COINGECKO_SUBMISSION.md |
| X-4 | Explorer: dark mode, network selector, sync indicator | ALL_IMPROVEMENTS 92105 |
| X-5 | Tezos/Etherlink CCIP (finality, routes, DON, metrics) | TEZOS_CCIP_REMAINING_ITEMS |
| X-6 | External integrations: Li.Fi, LayerZero, Wormhole, Uniswap, 1inch, MoonPay/Ramp | PHASES_AND_TASKS_MASTER |
| X-7 | Resource/network/database optimization | TODO_TASK_LIST_MASTER |
---
## 11. Requirement Index by Source
| Document | Section in this file |
|----------|----------------------|
| [MASTER_PLAN.md](MASTER_PLAN.md) | §2 (Protection), §7 (Wave), §3.1 (Config) |
| [PHASES_AND_TASKS_MASTER.md](PHASES_AND_TASKS_MASTER.md) | §2 (Security), §3 (Deployment), §6 (Codebase), §10 (Optional) |
| [MISSING_CONTAINERS_LIST.md](../03-deployment/MISSING_CONTAINERS_LIST.md) | §3.1 (D-1D-3) |
| [CCIP_DEPLOYMENT_SPEC.md](../07-ccip/CCIP_DEPLOYMENT_SPEC.md) | §3.4 (D-11D-17) |
| [IMPLEMENTATION_CHECKLIST.md](../10-best-practices/IMPLEMENTATION_CHECKLIST.md) | §2 (Security), §4 (Backup), §8 (Wave 1) |
| [OPERATIONAL_RUNBOOKS.md](../03-deployment/OPERATIONAL_RUNBOOKS.md) | §2, §4, §8 |
| [MASTER_SECRETS_INVENTORY.md](../04-configuration/MASTER_SECRETS_INVENTORY.md) | §5 (Configuration) |
| [FULL_PARALLEL_EXECUTION_ORDER.md](FULL_PARALLEL_EXECUTION_ORDER.md) | §8 (Wave 03, Ongoing) |
| [REMAINING_ITEMS_FULL_PARALLEL_LIST.md](REMAINING_ITEMS_FULL_PARALLEL_LIST.md) | §8 (detailed task IDs) |
---
**Use this document to:**
- Trace requirements to source docs
- Check off completion (update status in source docs or add a REQUIREMENTS_STATUS.md)
- Drive compliance and runbooks
- Onboard: one place for “what must be true” before and after deployment
**Last Updated:** 2026-02-05
Reference in New Issue View Git Blame Copy Permalink