cross-chain-pmm-lps/docs/19-capital-efficiency-external-approval-evidence.md

Capital Efficiency External Approval Evidence

Status: intake path ready (CyberSecur Global form live). Submission / signed engagement still pending — this register tracks evidence as it arrives.

This file is the canonical evidence register for the remaining non-local blockers. Populate it with signed references before changing liveExecutionGuard.status away from simulation_only.

Audit intake path (ready)

Field	Value
Audit firm (requested)	CyberSecur Global
Intake URL	https://cybersecur.d-bis.org/intake.html
Security contact	https://cybersecur.d-bis.org/.well-known/security.txt
Intake fields	Organization, contact email, repository URL, chains/deployments, timeline, notes
Blocker class	Intake path unknown → submission / engagement pending

Requested scope (for manual submission)

Use normal browser submission (Web3Forms may reject scripted POSTs). Notes should reference at minimum:

• Chain 138 deployments and RPC/explorer context you want reviewed.
• cW/c* PMM mesh — routing surfaces and reserves relevant to capital-efficiency claims.
• Capital-efficiency simulator — this repo’s Monte Carlo overlay (config/capital-efficiency-policy.json, scenarios, validators).
• Future blueprint — treasury / liquidity / leverage / risk / keeper alignment (design and audit-readiness; live leverage contracts remain gated).

Intake submission record (pending)

Fill when submitted:

Field	Value
Submission date
Intake receipt / reference	(email confirmation, ticket id, or Web3Forms reference if provided)
Contact email
Audit firm name	CyberSecur Global (expected)
Evidence URI / path	This file + policy JSON keys below

Audit engagement (signed)

Fill when a statement of work or engagement letter exists:

Field	Value
Firm
Engagement reference
Signed date
Final scope (short)
Evidence URI

Historical placeholder row (superseded by tables above):

Field	Value
Engagement reference	Pending external engagement
Signed date	Pending external engagement
Scope	Treasury engine, liquidity engine, leverage engine, risk engine, keeper/deleverage flow, oracle/circuit breaker integration
Evidence URI	Pending submitted intake receipt / signed engagement

Audit Intake Package

Use the CyberSecur Global intake form to request the audit. The request should include:

• Organization: DBIS / Chain 138 capital-efficiency simulation and future leverage blueprint.
• Repository URL: canonical repository or private review bundle URI.
• Chains / deployments: Chain 138, cW/c* PMM mesh, DODO PMM surfaces, vault/reserve/liquidation references.
• Timeline: simulation review first; Solidity blueprint review only after governance approval.
• Notes: live leverage contracts are blocked; requested scope is design/risk/audit-readiness plus future contract blueprint review.

Governance Approval

Field	Value
Body	Pending governance action
Resolution ID	Pending governance action
Approval date	Pending governance action
Approved policy cap	Simulation-only, max deployable leverage 1.5x
Evidence URI	Pending governance action

Current Enforcement

• config/capital-efficiency-policy.json keeps liveExecutionGuard.status = simulation_only.
• scripts/validate-capital-efficiency.cjs requires dashboard, runbook, and liquidity commitment evidence paths.
• Live leverage contracts remain blocked until the pending audit and governance evidence is real, dated, and reviewable.

Operator checklist (Web3Forms)

1. Rotate access key in Web3Forms dashboard if needed.
2. Set CYBERSECUR_WEB3FORMS_ACCESS_KEY in operator dotenv (see project .env.master.example).
3. Redeploy static site: scripts/deployment/sync-cybersecur-global-to-ct7810.sh from proxmox repo (renders intake when key is set).
4. Verify: curl -I https://cybersecur.d-bis.org/intake.html and curl -I https://cybersecur.d-bis.org/.well-known/security.txt.

Gitea mirror non-fast-forward on parent repo is separate hygiene — not a capital-efficiency blocker unless you require mirror parity before submission.