smom-dbis-138/scripts/bridge/trustless/operations/deploy-multisig-production.sh

#!/usr/bin/env bash
# Deploy Multisig for Production
# Complete multisig deployment procedure

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../../../../.." && pwd)"

source "$PROJECT_ROOT/.env" 2>/dev/null || true

NETWORK="${1:-mainnet}"
CONFIG_FILE="${2:-$SCRIPT_DIR/../multisig/multisig-config.json}"

if [ ! -f "$CONFIG_FILE" ]; then
    echo "Error: Multisig config file not found: $CONFIG_FILE"
    echo ""
    echo "Create config file first using:"
    echo "  ./scripts/bridge/trustless/multisig/deploy-multisig.sh $NETWORK <signer1> <signer2> [signer3] ..."
    exit 1
fi

echo "Production Multisig Deployment"
echo "=============================="
echo "Network: $NETWORK"
echo "Config: $CONFIG_FILE"
echo ""

# Read config
THRESHOLD=$(jq -r '.threshold' "$CONFIG_FILE")
SIGNERS=$(jq -r '.signers[]' "$CONFIG_FILE")
SIGNER_COUNT=$(echo "$SIGNERS" | wc -l)

echo "Configuration:"
echo "  Type: ${SIGNER_COUNT}-of-${SIGNER_COUNT} (threshold: $THRESHOLD)"
echo "  Signers:"
echo "$SIGNERS" | while read -r signer; do
    echo "    - $signer"
done
echo ""

# Deployment checklist
echo "Pre-Deployment Checklist:"
echo "  [ ] All signers have hardware wallets"
echo "  [ ] All signers have tested on testnet"
echo "  [ ] All signers understand multisig operations"
echo "  [ ] Backup signers identified (if needed)"
echo "  [ ] Emergency procedures documented"
echo ""

# Deployment steps
echo "Deployment Steps:"
echo ""
echo "1. Deploy Gnosis Safe via Web Interface:"
echo "   - Go to https://app.safe.global/"
echo "   - Connect wallet (use one of the signers)"
echo "   - Create new Safe"
echo "   - Network: $NETWORK"
echo ""
echo "2. Add Signers:"
for signer in $SIGNERS; do
    echo "   - Add signer: $signer"
done
echo ""
echo "3. Set Threshold:"
echo "   - Threshold: $THRESHOLD"
echo "   - Verify: ${SIGNER_COUNT}-of-${SIGNER_COUNT} multisig"
echo ""
echo "4. Deploy Safe:"
echo "   - Review configuration"
echo "   - Execute deployment transaction"
echo "   - Save Safe address"
echo ""
echo "5. Verify Deployment:"
echo "   - Verify Safe address on explorer"
echo "   - Test with small transaction"
echo "   - Verify all signers can sign"
echo ""

# Save deployment info
DEPLOYMENT_FILE="$SCRIPT_DIR/../multisig/deployment-$(date +%Y%m%d-%H%M%S).json"
cat > "$DEPLOYMENT_FILE" <<EOF
{
  "network": "$NETWORK",
  "deploymentDate": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
  "config": $(cat "$CONFIG_FILE"),
  "safeAddress": null,
  "deploymentTx": null,
  "status": "pending"
}
EOF

echo "Deployment tracking file created: $DEPLOYMENT_FILE"
echo ""
echo "After deployment, update the file with:"
echo "  - safeAddress: Deployed Safe address"
echo "  - deploymentTx: Deployment transaction hash"
echo "  - status: 'deployed'"
echo ""
echo "Next Steps After Deployment:"
echo "1. Transfer contract ownership to multisig"
echo "2. Test multisig operations"
echo "3. Document multisig address"
echo "4. Set up monitoring for multisig"