From 88d45e99787aa489f1906f92b99da44576b5271b Mon Sep 17 00:00:00 2001 From: defiQUG Date: Mon, 27 Apr 2026 23:12:57 -0700 Subject: [PATCH] docs(capital-efficiency): intake ready; submission tables + policy auditIntakeSubmission Register blocker shift to submission/engagement pending; add signedEngagement placeholders. Made-with: Cursor --- config/capital-efficiency-policy.json | 15 ++++- ...l-efficiency-external-approval-evidence.md | 55 ++++++++++++++++++- 2 files changed, 66 insertions(+), 4 deletions(-) diff --git a/config/capital-efficiency-policy.json b/config/capital-efficiency-policy.json index 3903e87..0d3e29f 100644 --- a/config/capital-efficiency-policy.json +++ b/config/capital-efficiency-policy.json @@ -2,7 +2,7 @@ "$schema": "https://json-schema.org/draft/2020-12/schema", "description": "Simulation-only capital efficiency policy for Chain 138/cW PMM treasury risk modeling. This is not a live leverage or mint/redemption contract configuration.", "version": "1.0.0", - "updated": "2026-04-27", + "updated": "2026-04-28", "defaults": { "paths": 1000, "epochs": 365, @@ -86,6 +86,19 @@ ], "auditEngagementEvidence": null, "auditIntakeUrl": "https://cybersecur.d-bis.org/intake.html", + "auditIntakeSubmission": { + "submittedAt": null, + "receiptOrReference": null, + "contactEmail": null, + "auditFirm": null, + "evidenceDoc": "docs/19-capital-efficiency-external-approval-evidence.md" + }, + "signedEngagement": { + "firm": null, + "engagementReference": null, + "signedAt": null, + "finalScopeSummary": null + }, "governanceApprovalEvidence": null, "riskDashboardEvidence": "docs/18-capital-efficiency-risk-dashboard-and-runbook.md", "operatorRunbookEvidence": "docs/18-capital-efficiency-risk-dashboard-and-runbook.md", diff --git a/docs/19-capital-efficiency-external-approval-evidence.md b/docs/19-capital-efficiency-external-approval-evidence.md index ccd4b1d..7ac3919 100644 --- a/docs/19-capital-efficiency-external-approval-evidence.md +++ b/docs/19-capital-efficiency-external-approval-evidence.md @@ -1,16 +1,56 @@ # Capital Efficiency External Approval Evidence -Status: external evidence required. +**Status:** intake path **ready** (CyberSecur Global form live). **Submission / signed engagement** still pending — this register tracks evidence as it arrives. This file is the canonical evidence register for the remaining non-local blockers. Populate it with signed references before changing `liveExecutionGuard.status` away from `simulation_only`. -## Audit Engagement +## Audit intake path (ready) | Field | Value | |---|---| -| Firm | CyberSecur Global intake identified | +| Audit firm (requested) | CyberSecur Global | | Intake URL | `https://cybersecur.d-bis.org/intake.html` | +| Security contact | `https://cybersecur.d-bis.org/.well-known/security.txt` | | Intake fields | Organization, contact email, repository URL, chains/deployments, timeline, notes | +| Blocker class | ~~Intake path unknown~~ → **submission / engagement pending** | + +### Requested scope (for manual submission) + +Use normal browser submission (Web3Forms may reject scripted POSTs). Notes should reference at minimum: + +- **Chain 138** deployments and RPC/explorer context you want reviewed. +- **cW/c\* PMM mesh** — routing surfaces and reserves relevant to capital-efficiency claims. +- **Capital-efficiency simulator** — this repo’s Monte Carlo overlay (`config/capital-efficiency-policy.json`, scenarios, validators). +- **Future blueprint** — treasury / liquidity / leverage / risk / keeper alignment (design and audit-readiness; live leverage contracts remain gated). + +## Intake submission record (pending) + +Fill when submitted: + +| Field | Value | +|---|---| +| Submission date | | +| Intake receipt / reference | (email confirmation, ticket id, or Web3Forms reference if provided) | +| Contact email | | +| Audit firm name | CyberSecur Global (expected) | +| Evidence URI / path | This file + policy JSON keys below | + +## Audit engagement (signed) + +Fill when a statement of work or engagement letter exists: + +| Field | Value | +|---|---| +| Firm | | +| Engagement reference | | +| Signed date | | +| Final scope (short) | | +| Evidence URI | | + +Historical placeholder row (superseded by tables above): + +| Field | Value | +|---|---| | Engagement reference | Pending external engagement | | Signed date | Pending external engagement | | Scope | Treasury engine, liquidity engine, leverage engine, risk engine, keeper/deleverage flow, oracle/circuit breaker integration | @@ -41,3 +81,12 @@ Use the CyberSecur Global intake form to request the audit. The request should i - `config/capital-efficiency-policy.json` keeps `liveExecutionGuard.status = simulation_only`. - `scripts/validate-capital-efficiency.cjs` requires dashboard, runbook, and liquidity commitment evidence paths. - Live leverage contracts remain blocked until the pending audit and governance evidence is real, dated, and reviewable. + +## Operator checklist (Web3Forms) + +1. Rotate access key in Web3Forms dashboard if needed. +2. Set `CYBERSECUR_WEB3FORMS_ACCESS_KEY` in operator dotenv (see project `.env.master.example`). +3. Redeploy static site: `scripts/deployment/sync-cybersecur-global-to-ct7810.sh` from proxmox repo (renders intake when key is set). +4. Verify: `curl -I https://cybersecur.d-bis.org/intake.html` and `curl -I https://cybersecur.d-bis.org/.well-known/security.txt`. + +**Gitea mirror non-fast-forward** on parent repo is separate hygiene — not a capital-efficiency blocker unless you require mirror parity before submission.