diff --git a/.cursor/rules/chain138-tokens-and-pmm.mdc b/.cursor/rules/chain138-tokens-and-pmm.mdc new file mode 100644 index 0000000..ec3fa06 --- /dev/null +++ b/.cursor/rules/chain138-tokens-and-pmm.mdc @@ -0,0 +1,17 @@ +--- +description: Canonical cUSDT/cUSDC addresses, DODOPMMIntegration, and PMM pool addresses for Chain 138 +alwaysApply: true +--- + +# Chain 138 tokens and PMM — single source of truth + +**Canonical tokens (mint / liquidity / Explorer):** Use only these. Single source: `docs/11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md` §5 and §8. + +- **cUSDT:** `0x93E66202A11B1772E55407B32B44e5Cd8eda7f22` (6 decimals) +- **cUSDC:** `0xf22258f57794CC8E06237084b353Ab30fFfa640b` (6 decimals) + +**DODOPMMIntegration:** `0x79cdbaFBaA0FdF9F55D26F360F54cddE5c743F7D` — on-chain verified 2026-03-04: `compliantUSDT()` / `compliantUSDC()` return the canonical addresses above. + +**PMM pools:** cUSDT/cUSDC `0x9fcB06Aa1FD5215DC0E91Fd098aeff4B62fEa5C8` | cUSDT/USDT `0xa3Ee6091696B28e5497b6F491fA1e99047250c59` | cUSDC/USDC `0x90bd9Bf18Daa26Af3e814ea224032d015db58Ea5` + +**RPC (deploy):** `RPC_URL_138=http://192.168.11.211:8545`. **Deployer:** `0x4A666F96fC8764181194447A7dFdb7d471b301C8`. Add-liquidity reads tokens from the integration contract, not env. Do not use non-canonical Blockscout addresses (§2 of EXPLORER_TOKEN_LIST_CROSSCHECK). diff --git a/.cursor/rules/operator-context-lan-proxmox.mdc b/.cursor/rules/operator-context-lan-proxmox.mdc index 93f2ce8..9e2d3fe 100644 --- a/.cursor/rules/operator-context-lan-proxmox.mdc +++ b/.cursor/rules/operator-context-lan-proxmox.mdc @@ -1,5 +1,5 @@ --- -description: This machine has LAN and Proxmox access; operator scripts can be run from here +description: This machine has LAN and Proxmox access; operator scripts load dotenv and can be run from here alwaysApply: true --- @@ -7,4 +7,9 @@ alwaysApply: true **Remember:** This machine **is** LAN/operator — it has LAN and Proxmox access to 192.168.11.x. Operator scripts **can and should** be run from here when the user asks to run operator tasks. -When suggesting or running operator/LAN tasks (e.g. `run-all-operator-tasks-from-lan.sh`, contract verification, NPMplus backup, nginx/VMID 5000, token-aggregation DB, E2E checks), assume this host can reach Proxmox hosts (192.168.11.10–12), Chain 138 RPC (192.168.11.211:8545), NPMplus, and Blockscout. Do not treat operator tasks as "unrunnable from this environment" unless a specific credential or network constraint is missing. Only credentials in `.env` (e.g. `NPM_PASSWORD`, `PRIVATE_KEY`) are required to execute them. +- **Dotenv:** `run-all-operator-tasks-from-lan.sh` and `run-operator-tasks-from-lan.sh` **always load dotenv** via `scripts/lib/load-project-env.sh` (repo `.env` + `smom-dbis-138/.env`). No need to `source .env` before running. +- **Proxmox hosts:** 192.168.11.10 (ML110), .11 (R630-01), .12 (R630-02). Chain 138 RPC: 192.168.11.211:8545. +- **NPMplus password:** In **project root** `.env` — variable `NPM_PASSWORD` (with `NPM_EMAIL`, `NPM_URL`). Operator scripts load it via `load-project-env.sh`; NPMplus API: 192.168.11.167:81 or .166:81. +- **Continue and complete:** (1) `./scripts/run-completable-tasks-from-anywhere.sh` then (2) `./scripts/run-all-operator-tasks-from-lan.sh` (use `--skip-backup` if NPM_PASSWORD not set; add `--deploy` or `--create-vms` as needed). + +When suggesting or running operator/LAN tasks (e.g. `run-all-operator-tasks-from-lan.sh`, contract verification, NPMplus backup, nginx/VMID 5000, token-aggregation DB, E2E checks), assume this host can reach Proxmox hosts (192.168.11.10–12), Chain 138 RPC, NPMplus, and Blockscout. Credentials in `.env` or `smom-dbis-138/.env` (e.g. `NPM_PASSWORD`, `PRIVATE_KEY`) are used automatically when the operator script runs. diff --git a/.cursor/rules/project-doc-and-deployment-refs.mdc b/.cursor/rules/project-doc-and-deployment-refs.mdc new file mode 100644 index 0000000..f123d6a --- /dev/null +++ b/.cursor/rules/project-doc-and-deployment-refs.mdc @@ -0,0 +1,22 @@ +--- +description: Master doc references and deployment phases (A–D) for full network coverage +alwaysApply: true +--- + +# Project doc and deployment references + +When answering token/PMM/deployment questions, prefer these docs over inferring from other files. Cite §5 / §8 for canonical and verification. + +**Canonical / verification:** `docs/11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md` (§5 canonical, §8 on-chain verification) +**Contract addresses:** `docs/11-references/CONTRACT_ADDRESSES_REFERENCE.md` +**Address matrix:** `docs/11-references/ADDRESS_MATRIX_AND_STATUS.md` +**Fixes and deployments:** `docs/00-meta/REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md` +**TODOs:** `docs/00-meta/TODOS_CONSOLIDATED.md` +**Operator commands:** `docs/00-meta/OPERATOR_READY_CHECKLIST.md` +**Doc index:** `docs/MASTER_INDEX.md` + +**Deployment phases (full coverage):** `docs/03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md` +- A: mint + add liquidity (138) — `mint-for-liquidity.sh`, AddLiquidityPMMPoolsChain138 +- B: Celo/Wemix CCIP + LINK (Wemix needs 0.4 WEMIX) +- C: `PHASE_C_CW_AND_EDGE_POOLS_RUNBOOK.md` +- D: `PHASE_D_OPTIONAL_CHECKLIST.md` diff --git a/backups/npmplus/backup-20260303_030001/database/database.sql b/backups/npmplus/backup-20260303_030001/database/database.sql new file mode 100644 index 0000000..77149a3 --- /dev/null +++ b/backups/npmplus/backup-20260303_030001/database/database.sql @@ -0,0 +1 @@ +Database file not found diff --git a/backups/npmplus/backup-20260303_030001/database/database.sqlite b/backups/npmplus/backup-20260303_030001/database/database.sqlite new file mode 100644 index 0000000..e69de29 diff --git a/backups/npmplus/backup-20260303_041205.tar.gz b/backups/npmplus/backup-20260303_041205.tar.gz new file mode 100644 index 0000000..bf84e71 Binary files /dev/null and b/backups/npmplus/backup-20260303_041205.tar.gz differ diff --git a/backups/npmplus/backup-20260303_041205/api/access_lists.json b/backups/npmplus/backup-20260303_041205/api/access_lists.json new file mode 100644 index 0000000..fe51488 --- /dev/null +++ b/backups/npmplus/backup-20260303_041205/api/access_lists.json @@ -0,0 +1 @@ +[] diff --git a/backups/npmplus/backup-20260303_041205/api/certificates.json b/backups/npmplus/backup-20260303_041205/api/certificates.json new file mode 100644 index 0000000..a2f5149 --- /dev/null +++ b/backups/npmplus/backup-20260303_041205/api/certificates.json @@ -0,0 +1,718 @@ +[ + { + "id": 146, + "created_on": "2026-02-07 00:46:21", + "modified_on": "2026-02-25 22:34:54", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cacti-alltra.d-bis.org", + "domain_names": [ + "cacti-alltra.d-bis.org" + ], + "expires_on": "2026-05-08 04:47:55", + "meta": {} + }, + { + "id": 147, + "created_on": "2026-02-07 00:46:43", + "modified_on": "2026-02-25 22:34:50", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cacti-hybx.d-bis.org", + "domain_names": [ + "cacti-hybx.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:19", + "meta": {} + }, + { + "id": 155, + "created_on": "2026-02-20 22:27:52", + "modified_on": "2026-02-20 22:27:52", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "codespaces.d-bis.org", + "domain_names": [ + "codespaces.d-bis.org" + ], + "expires_on": "2026-02-20 22:27:52", + "meta": {} + }, + { + "id": 156, + "created_on": "2026-02-20 22:28:48", + "modified_on": "2026-02-25 22:34:21", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "codespaces.d-bis.org", + "domain_names": [ + "codespaces.d-bis.org" + ], + "expires_on": "2026-05-22 02:30:34", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n", + "letsencrypt_agree": true + } + }, + { + "id": 134, + "created_on": "2026-01-29 22:52:44", + "modified_on": "2026-02-25 22:35:17", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cross-all.defi-oracle.io", + "domain_names": [ + "cross-all.defi-oracle.io" + ], + "expires_on": "2026-04-30 02:54:15", + "meta": {} + }, + { + "id": 162, + "created_on": "2026-02-20 22:36:34", + "modified_on": "2026-02-25 22:36:08", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dapp.d-bis.org", + "domain_names": [ + "dapp.d-bis.org" + ], + "expires_on": "2026-05-22 02:38:20", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 46, + "created_on": "2026-01-16 16:54:36", + "modified_on": "2026-02-25 22:36:19", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-admin.d-bis.org", + "domain_names": [ + "dbis-admin.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:11", + "meta": {} + }, + { + "id": 47, + "created_on": "2026-01-16 16:54:47", + "modified_on": "2026-02-25 22:36:01", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-api-2.d-bis.org", + "domain_names": [ + "dbis-api-2.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:22", + "meta": {} + }, + { + "id": 48, + "created_on": "2026-01-16 16:54:58", + "modified_on": "2026-02-25 22:35:59", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-api.d-bis.org", + "domain_names": [ + "dbis-api.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:33", + "meta": {} + }, + { + "id": 165, + "created_on": "2026-03-01 15:17:51", + "modified_on": "2026-03-01 15:18:11", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis.xom-dev.phoenix.sankofa.nexus", + "domain_names": [ + "dbis.xom-dev.phoenix.sankofa.nexus" + ], + "expires_on": "2026-05-30 19:19:36", + "meta": {} + }, + { + "id": 157, + "created_on": "2026-02-20 22:29:37", + "modified_on": "2026-02-25 22:34:16", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dev.d-bis.org", + "domain_names": [ + "dev.d-bis.org" + ], + "expires_on": "2026-05-22 02:31:22", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 145, + "created_on": "2026-02-06 19:14:04", + "modified_on": "2026-02-25 22:34:59", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "explorer.d-bis.org", + "domain_names": [ + "explorer.d-bis.org" + ], + "expires_on": "2026-05-07 23:15:36", + "meta": { + "letsencrypt_agree": true, + "dns_challenge": true, + "nginx_online": true, + "nginx_err": null, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0" + } + }, + { + "id": 144, + "created_on": "2026-02-06 19:05:50", + "modified_on": "2026-02-25 22:35:01", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "explorer.defi-oracle.io", + "domain_names": [ + "explorer.defi-oracle.io" + ], + "expires_on": "2026-05-07 23:07:35", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 158, + "created_on": "2026-02-20 22:30:18", + "modified_on": "2026-02-25 22:34:14", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "gitea.d-bis.org", + "domain_names": [ + "gitea.d-bis.org" + ], + "expires_on": "2026-05-22 02:32:04", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 50, + "created_on": "2026-01-16 16:55:25", + "modified_on": "2026-02-25 22:35:55", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "mim4u.org", + "domain_names": [ + "mim4u.org" + ], + "expires_on": "2026-04-16 20:57:01", + "meta": {} + }, + { + "id": 51, + "created_on": "2026-01-16 16:55:37", + "modified_on": "2026-02-25 22:35:53", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "phoenix.sankofa.nexus", + "domain_names": [ + "phoenix.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:57:08", + "meta": {} + }, + { + "id": 159, + "created_on": "2026-02-20 22:31:08", + "modified_on": "2026-02-25 22:34:12", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "pve.ml110.d-bis.org", + "domain_names": [ + "pve.ml110.d-bis.org" + ], + "expires_on": "2026-05-22 02:32:54", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 160, + "created_on": "2026-02-20 22:31:51", + "modified_on": "2026-02-25 22:34:08", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "pve.r630-01.d-bis.org", + "domain_names": [ + "pve.r630-01.d-bis.org" + ], + "expires_on": "2026-05-22 02:33:37", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 161, + "created_on": "2026-02-20 22:32:35", + "modified_on": "2026-02-25 22:34:08", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "pve.r630-02.d-bis.org", + "domain_names": [ + "pve.r630-02.d-bis.org" + ], + "expires_on": "2026-05-22 02:34:21", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 148, + "created_on": "2026-02-07 00:46:56", + "modified_on": "2026-02-25 22:34:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-2.d-bis.org", + "domain_names": [ + "rpc-alltra-2.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:31", + "meta": {} + }, + { + "id": 149, + "created_on": "2026-02-07 00:47:10", + "modified_on": "2026-02-25 22:34:45", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-3.d-bis.org", + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:46", + "meta": {} + }, + { + "id": 150, + "created_on": "2026-02-07 08:15:35", + "modified_on": "2026-02-25 22:34:42", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-3.d-bis.org", + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:06", + "meta": {} + }, + { + "id": 151, + "created_on": "2026-02-07 08:15:43", + "modified_on": "2026-02-25 22:34:36", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra.d-bis.org", + "domain_names": [ + "rpc-alltra.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:18", + "meta": {} + }, + { + "id": 163, + "created_on": "2026-02-21 17:45:18", + "modified_on": "2026-02-25 22:36:29", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-fireblocks.d-bis.org", + "domain_names": [ + "rpc-fireblocks.d-bis.org" + ], + "expires_on": "2026-05-22 21:47:15", + "meta": {} + }, + { + "id": 52, + "created_on": "2026-01-16 16:55:45", + "modified_on": "2026-02-25 22:35:50", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-http-prv.d-bis.org", + "domain_names": [ + "rpc-http-prv.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:20", + "meta": {} + }, + { + "id": 53, + "created_on": "2026-01-16 16:55:57", + "modified_on": "2026-02-25 22:35:46", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-http-pub.d-bis.org", + "domain_names": [ + "rpc-http-pub.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:30", + "meta": {} + }, + { + "id": 152, + "created_on": "2026-02-07 08:15:56", + "modified_on": "2026-02-25 22:34:30", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx-2.d-bis.org", + "domain_names": [ + "rpc-hybx-2.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:31", + "meta": {} + }, + { + "id": 153, + "created_on": "2026-02-07 08:16:09", + "modified_on": "2026-02-25 22:34:27", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx-3.d-bis.org", + "domain_names": [ + "rpc-hybx-3.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:45", + "meta": {} + }, + { + "id": 154, + "created_on": "2026-02-07 08:16:22", + "modified_on": "2026-02-25 22:34:24", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx.d-bis.org", + "domain_names": [ + "rpc-hybx.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:58", + "meta": {} + }, + { + "id": 54, + "created_on": "2026-01-16 16:56:06", + "modified_on": "2026-02-25 22:35:44", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-ws-prv.d-bis.org", + "domain_names": [ + "rpc-ws-prv.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:38", + "meta": {} + }, + { + "id": 55, + "created_on": "2026-01-16 16:56:16", + "modified_on": "2026-02-25 22:35:42", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-ws-pub.d-bis.org", + "domain_names": [ + "rpc-ws-pub.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:51", + "meta": {} + }, + { + "id": 141, + "created_on": "2026-01-30 09:33:59", + "modified_on": "2026-02-25 22:35:04", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc.d-bis.org", + "domain_names": [ + "rpc.d-bis.org" + ], + "expires_on": "2026-04-30 13:35:45", + "meta": { + "letsencrypt_agree": true, + "dns_challenge": true, + "nginx_online": false, + "nginx_err": "nginx: [emerg] cannot load certificate \"/data/tls/certbot/live/npm-135/fullchain.pem\": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/data/tls/certbot/live/npm-135/fullchain.pem, r) error:10000080:BIO routines::no such file)\nnginx: configuration file /usr/local/nginx/conf/nginx.conf test failed", + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\ndns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0" + } + }, + { + "id": 56, + "created_on": "2026-01-16 16:56:30", + "modified_on": "2026-02-25 22:35:40", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc.public-0138.defi-oracle.io", + "domain_names": [ + "rpc.public-0138.defi-oracle.io" + ], + "expires_on": "2026-04-16 20:58:05", + "meta": {} + }, + { + "id": 137, + "created_on": "2026-01-29 23:39:01", + "modified_on": "2026-02-25 22:35:14", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc2.d-bis.org", + "domain_names": [ + "rpc2.d-bis.org" + ], + "expires_on": "2026-04-30 03:40:50", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 57, + "created_on": "2026-01-16 16:56:41", + "modified_on": "2026-02-25 22:35:37", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "sankofa.nexus", + "domain_names": [ + "sankofa.nexus" + ], + "expires_on": "2026-04-16 20:58:17", + "meta": {} + }, + { + "id": 58, + "created_on": "2026-01-16 16:56:53", + "modified_on": "2026-02-25 22:35:34", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "secure.d-bis.org", + "domain_names": [ + "secure.d-bis.org" + ], + "expires_on": "2026-04-16 20:58:28", + "meta": {} + }, + { + "id": 59, + "created_on": "2026-01-16 16:57:05", + "modified_on": "2026-02-25 22:35:31", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "secure.mim4u.org", + "domain_names": [ + "secure.mim4u.org" + ], + "expires_on": "2026-04-16 20:58:40", + "meta": {} + }, + { + "id": 166, + "created_on": "2026-03-02 06:21:20", + "modified_on": "2026-03-02 06:22:03", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "studio.sankofa.nexus", + "domain_names": [ + "studio.sankofa.nexus" + ], + "expires_on": "2026-05-31 10:23:29", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 60, + "created_on": "2026-01-16 16:57:17", + "modified_on": "2026-02-25 22:35:29", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "the-order.sankofa.nexus", + "domain_names": [ + "the-order.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:58:53", + "meta": {} + }, + { + "id": 61, + "created_on": "2026-01-16 16:57:31", + "modified_on": "2026-02-25 22:35:28", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "training.mim4u.org", + "domain_names": [ + "training.mim4u.org" + ], + "expires_on": "2026-04-16 20:59:06", + "meta": {} + }, + { + "id": 164, + "created_on": "2026-02-21 17:46:22", + "modified_on": "2026-02-25 22:36:11", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "ws.rpc-fireblocks.d-bis.org", + "domain_names": [ + "ws.rpc-fireblocks.d-bis.org" + ], + "expires_on": "2026-05-22 21:48:21", + "meta": {} + }, + { + "id": 138, + "created_on": "2026-01-29 23:41:20", + "modified_on": "2026-02-25 22:35:13", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "ws.rpc.d-bis.org", + "domain_names": [ + "ws.rpc.d-bis.org" + ], + "expires_on": "2026-04-30 03:43:05", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 139, + "created_on": "2026-01-29 23:42:13", + "modified_on": "2026-02-25 22:35:11", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "ws.rpc2.d-bis.org", + "domain_names": [ + "ws.rpc2.d-bis.org" + ], + "expires_on": "2026-04-30 03:43:58", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 140, + "created_on": "2026-01-29 23:43:09", + "modified_on": "2026-02-25 22:35:07", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "wss.defi-oracle.io", + "domain_names": [ + "wss.defi-oracle.io" + ], + "expires_on": "2026-04-30 03:44:57", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 62, + "created_on": "2026-01-16 16:57:41", + "modified_on": "2026-02-25 22:35:27", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.mim4u.org", + "domain_names": [ + "www.mim4u.org" + ], + "expires_on": "2026-04-16 20:59:17", + "meta": {} + }, + { + "id": 63, + "created_on": "2026-01-16 16:57:52", + "modified_on": "2026-02-25 22:35:24", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.phoenix.sankofa.nexus", + "domain_names": [ + "www.phoenix.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:59:28", + "meta": {} + }, + { + "id": 64, + "created_on": "2026-01-16 16:58:06", + "modified_on": "2026-02-25 22:35:21", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.sankofa.nexus", + "domain_names": [ + "www.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:59:41", + "meta": {} + } +] diff --git a/backups/npmplus/backup-20260303_041205/api/proxy_hosts.json b/backups/npmplus/backup-20260303_041205/api/proxy_hosts.json new file mode 100644 index 0000000..7bba96c --- /dev/null +++ b/backups/npmplus/backup-20260303_041205/api/proxy_hosts.json @@ -0,0 +1,1429 @@ +[ + { + "id": 37, + "created_on": "2026-02-07 00:42:23", + "modified_on": "2026-02-07 00:46:30", + "owner_user_id": 1, + "domain_names": [ + "cacti-alltra.d-bis.org" + ], + "forward_host": "192.168.11.177", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 146, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 38, + "created_on": "2026-02-07 00:42:24", + "modified_on": "2026-02-07 00:46:53", + "owner_user_id": 1, + "domain_names": [ + "cacti-hybx.d-bis.org" + ], + "forward_host": "192.168.11.251", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 147, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 41, + "created_on": "2026-02-07 20:41:16", + "modified_on": "2026-02-20 22:29:09", + "owner_user_id": 1, + "domain_names": [ + "codespaces.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 156, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 22, + "created_on": "2026-01-18 22:19:18", + "modified_on": "2026-01-29 22:52:50", + "owner_user_id": 1, + "domain_names": [ + "cross-all.defi-oracle.io" + ], + "forward_host": "192.168.11.211", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 134, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 49, + "created_on": "2026-02-20 22:27:16", + "modified_on": "2026-02-20 22:37:53", + "owner_user_id": 1, + "domain_names": [ + "dapp.d-bis.org" + ], + "forward_host": "192.168.11.58", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 162, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 13, + "created_on": "2026-01-16 14:41:02", + "modified_on": "2026-03-03 07:11:52", + "owner_user_id": 1, + "domain_names": [ + "dbis-admin.d-bis.org" + ], + "forward_host": "192.168.11.130", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 46, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 15, + "created_on": "2026-01-16 14:41:04", + "modified_on": "2026-03-03 07:11:55", + "owner_user_id": 1, + "domain_names": [ + "dbis-api-2.d-bis.org" + ], + "forward_host": "192.168.11.156", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 47, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 14, + "created_on": "2026-01-16 14:41:03", + "modified_on": "2026-03-03 07:11:54", + "owner_user_id": 1, + "domain_names": [ + "dbis-api.d-bis.org" + ], + "forward_host": "192.168.11.155", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 48, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 45, + "created_on": "2026-02-13 20:32:33", + "modified_on": "2026-03-01 15:18:46", + "owner_user_id": 1, + "domain_names": [ + "dbis.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3001, + "access_list_id": 0, + "certificate_id": 165, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 39, + "created_on": "2026-02-07 20:41:12", + "modified_on": "2026-02-20 22:29:57", + "owner_user_id": 1, + "domain_names": [ + "dev.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 157, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 8, + "created_on": "2026-01-16 14:40:58", + "modified_on": "2026-03-03 07:11:25", + "owner_user_id": 1, + "domain_names": [ + "explorer.d-bis.org" + ], + "forward_host": "192.168.11.140", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 145, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers (unsafe-eval for ethers.js v5)\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 30, + "created_on": "2026-01-31 00:13:09", + "modified_on": "2026-02-06 19:09:43", + "owner_user_id": 1, + "domain_names": [ + "explorer.defi-oracle.io" + ], + "forward_host": "192.168.11.140", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 144, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 40, + "created_on": "2026-02-07 20:41:14", + "modified_on": "2026-02-20 22:30:39", + "owner_user_id": 1, + "domain_names": [ + "gitea.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 158, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 46, + "created_on": "2026-02-13 20:32:35", + "modified_on": "2026-02-13 20:32:35", + "owner_user_id": 1, + "domain_names": [ + "iccc.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3002, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 17, + "created_on": "2026-01-16 14:41:05", + "modified_on": "2026-03-03 07:11:59", + "owner_user_id": 1, + "domain_names": [ + "mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 50, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 47, + "created_on": "2026-02-13 20:32:37", + "modified_on": "2026-02-13 20:32:37", + "owner_user_id": 1, + "domain_names": [ + "omnl.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3003, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 5, + "created_on": "2026-01-16 14:40:55", + "modified_on": "2026-01-16 17:01:49", + "owner_user_id": 1, + "domain_names": [ + "phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.50", + "forward_port": 4000, + "access_list_id": 0, + "certificate_id": 51, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 42, + "created_on": "2026-02-07 20:41:17", + "modified_on": "2026-02-20 22:31:27", + "owner_user_id": 1, + "domain_names": [ + "pve.ml110.d-bis.org" + ], + "forward_host": "192.168.11.10", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 159, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 43, + "created_on": "2026-02-07 20:41:19", + "modified_on": "2026-02-20 22:32:14", + "owner_user_id": 1, + "domain_names": [ + "pve.r630-01.d-bis.org" + ], + "forward_host": "192.168.11.11", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 160, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 44, + "created_on": "2026-02-07 20:41:21", + "modified_on": "2026-02-20 22:32:57", + "owner_user_id": 1, + "domain_names": [ + "pve.r630-02.d-bis.org" + ], + "forward_host": "192.168.11.12", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 161, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 32, + "created_on": "2026-02-07 00:42:16", + "modified_on": "2026-02-07 00:47:07", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra-2.d-bis.org" + ], + "forward_host": "192.168.11.173", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 148, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 33, + "created_on": "2026-02-07 00:42:17", + "modified_on": "2026-02-07 08:15:41", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "forward_host": "192.168.11.174", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 150, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 31, + "created_on": "2026-02-07 00:42:15", + "modified_on": "2026-02-07 08:15:53", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra.d-bis.org" + ], + "forward_host": "192.168.11.172", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 151, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 50, + "created_on": "2026-02-21 17:37:16", + "modified_on": "2026-03-03 07:11:48", + "owner_user_id": 1, + "domain_names": [ + "rpc-fireblocks.d-bis.org" + ], + "forward_host": "192.168.11.232", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 163, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 11, + "created_on": "2026-01-16 14:41:00", + "modified_on": "2026-03-03 07:11:32", + "owner_user_id": 1, + "domain_names": [ + "rpc-http-prv.d-bis.org" + ], + "forward_host": "192.168.11.211", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 52, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 9, + "created_on": "2026-01-16 14:40:59", + "modified_on": "2026-03-03 07:11:28", + "owner_user_id": 1, + "domain_names": [ + "rpc-http-pub.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 53, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 35, + "created_on": "2026-02-07 00:42:20", + "modified_on": "2026-02-07 08:16:06", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx-2.d-bis.org" + ], + "forward_host": "192.168.11.247", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 152, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 36, + "created_on": "2026-02-07 00:42:22", + "modified_on": "2026-02-07 08:16:19", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx-3.d-bis.org" + ], + "forward_host": "192.168.11.248", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 153, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 34, + "created_on": "2026-02-07 00:42:19", + "modified_on": "2026-02-07 08:16:32", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx.d-bis.org" + ], + "forward_host": "192.168.11.246", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 154, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 12, + "created_on": "2026-01-16 14:41:01", + "modified_on": "2026-03-03 07:11:34", + "owner_user_id": 1, + "domain_names": [ + "rpc-ws-prv.d-bis.org" + ], + "forward_host": "192.168.11.211", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 54, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 10, + "created_on": "2026-01-16 14:40:59", + "modified_on": "2026-03-03 07:11:30", + "owner_user_id": 1, + "domain_names": [ + "rpc-ws-pub.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 55, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 26, + "created_on": "2026-01-29 16:35:10", + "modified_on": "2026-03-03 07:11:41", + "owner_user_id": 1, + "domain_names": [ + "rpc.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 141, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\ndns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 24, + "created_on": "2026-01-29 15:38:44", + "modified_on": "2026-03-03 07:11:37", + "owner_user_id": 1, + "domain_names": [ + "rpc.defi-oracle.io" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 56, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 21, + "created_on": "2026-01-16 14:41:09", + "modified_on": "2026-03-03 07:11:35", + "owner_user_id": 1, + "domain_names": [ + "rpc.public-0138.defi-oracle.io" + ], + "forward_host": "192.168.11.240", + "forward_port": 443, + "access_list_id": 0, + "certificate_id": 56, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "https", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 27, + "created_on": "2026-01-29 16:35:11", + "modified_on": "2026-03-03 07:11:42", + "owner_user_id": 1, + "domain_names": [ + "rpc2.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 137, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 3, + "created_on": "2026-01-16 14:40:54", + "modified_on": "2026-01-16 17:01:32", + "owner_user_id": 1, + "domain_names": [ + "sankofa.nexus" + ], + "forward_host": "192.168.11.51", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 57, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "add_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 16, + "created_on": "2026-01-16 14:41:04", + "modified_on": "2026-03-03 07:11:57", + "owner_user_id": 1, + "domain_names": [ + "secure.d-bis.org" + ], + "forward_host": "192.168.11.130", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 58, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 19, + "created_on": "2026-01-16 14:41:07", + "modified_on": "2026-03-03 07:12:02", + "owner_user_id": 1, + "domain_names": [ + "secure.mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 59, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 52, + "created_on": "2026-03-01 15:16:30", + "modified_on": "2026-03-02 06:22:15", + "owner_user_id": 1, + "domain_names": [ + "studio.sankofa.nexus" + ], + "forward_host": "192.168.11.72", + "forward_port": 8000, + "access_list_id": 0, + "certificate_id": 166, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 7, + "created_on": "2026-01-16 14:40:57", + "modified_on": "2026-01-16 17:02:09", + "owner_user_id": 1, + "domain_names": [ + "the-order.sankofa.nexus" + ], + "forward_host": "192.168.11.36", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 60, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 20, + "created_on": "2026-01-16 14:41:08", + "modified_on": "2026-03-03 07:12:04", + "owner_user_id": 1, + "domain_names": [ + "training.mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 61, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 51, + "created_on": "2026-02-21 17:37:45", + "modified_on": "2026-03-03 07:11:49", + "owner_user_id": 1, + "domain_names": [ + "ws.rpc-fireblocks.d-bis.org" + ], + "forward_host": "192.168.11.232", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 164, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 28, + "created_on": "2026-01-29 16:35:12", + "modified_on": "2026-03-03 07:11:44", + "owner_user_id": 1, + "domain_names": [ + "ws.rpc.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 138, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 29, + "created_on": "2026-01-29 16:35:12", + "modified_on": "2026-03-03 07:11:46", + "owner_user_id": 1, + "domain_names": [ + "ws.rpc2.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 139, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 25, + "created_on": "2026-01-29 15:38:45", + "modified_on": "2026-03-03 07:11:39", + "owner_user_id": 1, + "domain_names": [ + "wss.defi-oracle.io" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 140, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 18, + "created_on": "2026-01-16 14:41:06", + "modified_on": "2026-03-03 07:12:01", + "owner_user_id": 1, + "domain_names": [ + "www.mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 62, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 6, + "created_on": "2026-01-16 14:40:56", + "modified_on": "2026-01-16 17:02:17", + "owner_user_id": 1, + "domain_names": [ + "www.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.50", + "forward_port": 4000, + "access_list_id": 0, + "certificate_id": 63, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 4, + "created_on": "2026-01-16 14:40:55", + "modified_on": "2026-01-16 17:02:19", + "owner_user_id": 1, + "domain_names": [ + "www.sankofa.nexus" + ], + "forward_host": "192.168.11.51", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 64, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 48, + "created_on": "2026-02-13 20:32:39", + "modified_on": "2026-02-13 20:32:39", + "owner_user_id": 1, + "domain_names": [ + "xom.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3004, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + } +] diff --git a/backups/npmplus/backup-20260303_041205/certificates/cert_list.txt b/backups/npmplus/backup-20260303_041205/certificates/cert_list.txt new file mode 100644 index 0000000..e69de29 diff --git a/backups/npmplus/backup-20260303_041205/database/database.sql b/backups/npmplus/backup-20260303_041205/database/database.sql new file mode 100644 index 0000000..77149a3 --- /dev/null +++ b/backups/npmplus/backup-20260303_041205/database/database.sql @@ -0,0 +1 @@ +Database file not found diff --git a/backups/npmplus/backup-20260303_041205/database/database.sqlite b/backups/npmplus/backup-20260303_041205/database/database.sqlite new file mode 100644 index 0000000..e69de29 diff --git a/backups/npmplus/backup-20260303_041205/manifest.json b/backups/npmplus/backup-20260303_041205/manifest.json new file mode 100644 index 0000000..1e907fb --- /dev/null +++ b/backups/npmplus/backup-20260303_041205/manifest.json @@ -0,0 +1,19 @@ +{ + "timestamp": "20260303_041205", + "backup_date": "2026-03-03T04:12:14-08:00", + "npmplus_vmid": "10233", + "npmplus_host": "192.168.11.11", + "npm_url": "https://192.168.11.167:81", + "backup_contents": { + "database": { + "sql_dump": "present", + "sqlite_file": "missing" + }, + "api_exports": { + "proxy_hosts": "present", + "certificates": "present", + "access_lists": "present" + }, + "certificate_files": "missing" + } +} diff --git a/backups/npmplus/backup-20260303_041205/volumes/volume_list.txt b/backups/npmplus/backup-20260303_041205/volumes/volume_list.txt new file mode 100644 index 0000000..4545150 --- /dev/null +++ b/backups/npmplus/backup-20260303_041205/volumes/volume_list.txt @@ -0,0 +1 @@ +DRIVER VOLUME NAME diff --git a/backups/npmplus/backup-20260304_011131.tar.gz b/backups/npmplus/backup-20260304_011131.tar.gz new file mode 100644 index 0000000..aecfc2f Binary files /dev/null and b/backups/npmplus/backup-20260304_011131.tar.gz differ diff --git a/backups/npmplus/backup-20260304_011131/api/access_lists.json b/backups/npmplus/backup-20260304_011131/api/access_lists.json new file mode 100644 index 0000000..fe51488 --- /dev/null +++ b/backups/npmplus/backup-20260304_011131/api/access_lists.json @@ -0,0 +1 @@ +[] diff --git a/backups/npmplus/backup-20260304_011131/api/certificates.json b/backups/npmplus/backup-20260304_011131/api/certificates.json new file mode 100644 index 0000000..a2f5149 --- /dev/null +++ b/backups/npmplus/backup-20260304_011131/api/certificates.json @@ -0,0 +1,718 @@ +[ + { + "id": 146, + "created_on": "2026-02-07 00:46:21", + "modified_on": "2026-02-25 22:34:54", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cacti-alltra.d-bis.org", + "domain_names": [ + "cacti-alltra.d-bis.org" + ], + "expires_on": "2026-05-08 04:47:55", + "meta": {} + }, + { + "id": 147, + "created_on": "2026-02-07 00:46:43", + "modified_on": "2026-02-25 22:34:50", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cacti-hybx.d-bis.org", + "domain_names": [ + "cacti-hybx.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:19", + "meta": {} + }, + { + "id": 155, + "created_on": "2026-02-20 22:27:52", + "modified_on": "2026-02-20 22:27:52", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "codespaces.d-bis.org", + "domain_names": [ + "codespaces.d-bis.org" + ], + "expires_on": "2026-02-20 22:27:52", + "meta": {} + }, + { + "id": 156, + "created_on": "2026-02-20 22:28:48", + "modified_on": "2026-02-25 22:34:21", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "codespaces.d-bis.org", + "domain_names": [ + "codespaces.d-bis.org" + ], + "expires_on": "2026-05-22 02:30:34", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n", + "letsencrypt_agree": true + } + }, + { + "id": 134, + "created_on": "2026-01-29 22:52:44", + "modified_on": "2026-02-25 22:35:17", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cross-all.defi-oracle.io", + "domain_names": [ + "cross-all.defi-oracle.io" + ], + "expires_on": "2026-04-30 02:54:15", + "meta": {} + }, + { + "id": 162, + "created_on": "2026-02-20 22:36:34", + "modified_on": "2026-02-25 22:36:08", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dapp.d-bis.org", + "domain_names": [ + "dapp.d-bis.org" + ], + "expires_on": "2026-05-22 02:38:20", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 46, + "created_on": "2026-01-16 16:54:36", + "modified_on": "2026-02-25 22:36:19", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-admin.d-bis.org", + "domain_names": [ + "dbis-admin.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:11", + "meta": {} + }, + { + "id": 47, + "created_on": "2026-01-16 16:54:47", + "modified_on": "2026-02-25 22:36:01", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-api-2.d-bis.org", + "domain_names": [ + "dbis-api-2.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:22", + "meta": {} + }, + { + "id": 48, + "created_on": "2026-01-16 16:54:58", + "modified_on": "2026-02-25 22:35:59", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-api.d-bis.org", + "domain_names": [ + "dbis-api.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:33", + "meta": {} + }, + { + "id": 165, + "created_on": "2026-03-01 15:17:51", + "modified_on": "2026-03-01 15:18:11", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis.xom-dev.phoenix.sankofa.nexus", + "domain_names": [ + "dbis.xom-dev.phoenix.sankofa.nexus" + ], + "expires_on": "2026-05-30 19:19:36", + "meta": {} + }, + { + "id": 157, + "created_on": "2026-02-20 22:29:37", + "modified_on": "2026-02-25 22:34:16", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dev.d-bis.org", + "domain_names": [ + "dev.d-bis.org" + ], + "expires_on": "2026-05-22 02:31:22", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 145, + "created_on": "2026-02-06 19:14:04", + "modified_on": "2026-02-25 22:34:59", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "explorer.d-bis.org", + "domain_names": [ + "explorer.d-bis.org" + ], + "expires_on": "2026-05-07 23:15:36", + "meta": { + "letsencrypt_agree": true, + "dns_challenge": true, + "nginx_online": true, + "nginx_err": null, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0" + } + }, + { + "id": 144, + "created_on": "2026-02-06 19:05:50", + "modified_on": "2026-02-25 22:35:01", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "explorer.defi-oracle.io", + "domain_names": [ + "explorer.defi-oracle.io" + ], + "expires_on": "2026-05-07 23:07:35", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 158, + "created_on": "2026-02-20 22:30:18", + "modified_on": "2026-02-25 22:34:14", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "gitea.d-bis.org", + "domain_names": [ + "gitea.d-bis.org" + ], + "expires_on": "2026-05-22 02:32:04", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 50, + "created_on": "2026-01-16 16:55:25", + "modified_on": "2026-02-25 22:35:55", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "mim4u.org", + "domain_names": [ + "mim4u.org" + ], + "expires_on": "2026-04-16 20:57:01", + "meta": {} + }, + { + "id": 51, + "created_on": "2026-01-16 16:55:37", + "modified_on": "2026-02-25 22:35:53", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "phoenix.sankofa.nexus", + "domain_names": [ + "phoenix.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:57:08", + "meta": {} + }, + { + "id": 159, + "created_on": "2026-02-20 22:31:08", + "modified_on": "2026-02-25 22:34:12", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "pve.ml110.d-bis.org", + "domain_names": [ + "pve.ml110.d-bis.org" + ], + "expires_on": "2026-05-22 02:32:54", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 160, + "created_on": "2026-02-20 22:31:51", + "modified_on": "2026-02-25 22:34:08", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "pve.r630-01.d-bis.org", + "domain_names": [ + "pve.r630-01.d-bis.org" + ], + "expires_on": "2026-05-22 02:33:37", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 161, + "created_on": "2026-02-20 22:32:35", + "modified_on": "2026-02-25 22:34:08", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "pve.r630-02.d-bis.org", + "domain_names": [ + "pve.r630-02.d-bis.org" + ], + "expires_on": "2026-05-22 02:34:21", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 148, + "created_on": "2026-02-07 00:46:56", + "modified_on": "2026-02-25 22:34:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-2.d-bis.org", + "domain_names": [ + "rpc-alltra-2.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:31", + "meta": {} + }, + { + "id": 149, + "created_on": "2026-02-07 00:47:10", + "modified_on": "2026-02-25 22:34:45", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-3.d-bis.org", + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:46", + "meta": {} + }, + { + "id": 150, + "created_on": "2026-02-07 08:15:35", + "modified_on": "2026-02-25 22:34:42", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-3.d-bis.org", + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:06", + "meta": {} + }, + { + "id": 151, + "created_on": "2026-02-07 08:15:43", + "modified_on": "2026-02-25 22:34:36", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra.d-bis.org", + "domain_names": [ + "rpc-alltra.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:18", + "meta": {} + }, + { + "id": 163, + "created_on": "2026-02-21 17:45:18", + "modified_on": "2026-02-25 22:36:29", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-fireblocks.d-bis.org", + "domain_names": [ + "rpc-fireblocks.d-bis.org" + ], + "expires_on": "2026-05-22 21:47:15", + "meta": {} + }, + { + "id": 52, + "created_on": "2026-01-16 16:55:45", + "modified_on": "2026-02-25 22:35:50", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-http-prv.d-bis.org", + "domain_names": [ + "rpc-http-prv.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:20", + "meta": {} + }, + { + "id": 53, + "created_on": "2026-01-16 16:55:57", + "modified_on": "2026-02-25 22:35:46", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-http-pub.d-bis.org", + "domain_names": [ + "rpc-http-pub.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:30", + "meta": {} + }, + { + "id": 152, + "created_on": "2026-02-07 08:15:56", + "modified_on": "2026-02-25 22:34:30", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx-2.d-bis.org", + "domain_names": [ + "rpc-hybx-2.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:31", + "meta": {} + }, + { + "id": 153, + "created_on": "2026-02-07 08:16:09", + "modified_on": "2026-02-25 22:34:27", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx-3.d-bis.org", + "domain_names": [ + "rpc-hybx-3.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:45", + "meta": {} + }, + { + "id": 154, + "created_on": "2026-02-07 08:16:22", + "modified_on": "2026-02-25 22:34:24", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx.d-bis.org", + "domain_names": [ + "rpc-hybx.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:58", + "meta": {} + }, + { + "id": 54, + "created_on": "2026-01-16 16:56:06", + "modified_on": "2026-02-25 22:35:44", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-ws-prv.d-bis.org", + "domain_names": [ + "rpc-ws-prv.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:38", + "meta": {} + }, + { + "id": 55, + "created_on": "2026-01-16 16:56:16", + "modified_on": "2026-02-25 22:35:42", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-ws-pub.d-bis.org", + "domain_names": [ + "rpc-ws-pub.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:51", + "meta": {} + }, + { + "id": 141, + "created_on": "2026-01-30 09:33:59", + "modified_on": "2026-02-25 22:35:04", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc.d-bis.org", + "domain_names": [ + "rpc.d-bis.org" + ], + "expires_on": "2026-04-30 13:35:45", + "meta": { + "letsencrypt_agree": true, + "dns_challenge": true, + "nginx_online": false, + "nginx_err": "nginx: [emerg] cannot load certificate \"/data/tls/certbot/live/npm-135/fullchain.pem\": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/data/tls/certbot/live/npm-135/fullchain.pem, r) error:10000080:BIO routines::no such file)\nnginx: configuration file /usr/local/nginx/conf/nginx.conf test failed", + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\ndns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0" + } + }, + { + "id": 56, + "created_on": "2026-01-16 16:56:30", + "modified_on": "2026-02-25 22:35:40", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc.public-0138.defi-oracle.io", + "domain_names": [ + "rpc.public-0138.defi-oracle.io" + ], + "expires_on": "2026-04-16 20:58:05", + "meta": {} + }, + { + "id": 137, + "created_on": "2026-01-29 23:39:01", + "modified_on": "2026-02-25 22:35:14", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc2.d-bis.org", + "domain_names": [ + "rpc2.d-bis.org" + ], + "expires_on": "2026-04-30 03:40:50", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 57, + "created_on": "2026-01-16 16:56:41", + "modified_on": "2026-02-25 22:35:37", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "sankofa.nexus", + "domain_names": [ + "sankofa.nexus" + ], + "expires_on": "2026-04-16 20:58:17", + "meta": {} + }, + { + "id": 58, + "created_on": "2026-01-16 16:56:53", + "modified_on": "2026-02-25 22:35:34", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "secure.d-bis.org", + "domain_names": [ + "secure.d-bis.org" + ], + "expires_on": "2026-04-16 20:58:28", + "meta": {} + }, + { + "id": 59, + "created_on": "2026-01-16 16:57:05", + "modified_on": "2026-02-25 22:35:31", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "secure.mim4u.org", + "domain_names": [ + "secure.mim4u.org" + ], + "expires_on": "2026-04-16 20:58:40", + "meta": {} + }, + { + "id": 166, + "created_on": "2026-03-02 06:21:20", + "modified_on": "2026-03-02 06:22:03", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "studio.sankofa.nexus", + "domain_names": [ + "studio.sankofa.nexus" + ], + "expires_on": "2026-05-31 10:23:29", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 60, + "created_on": "2026-01-16 16:57:17", + "modified_on": "2026-02-25 22:35:29", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "the-order.sankofa.nexus", + "domain_names": [ + "the-order.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:58:53", + "meta": {} + }, + { + "id": 61, + "created_on": "2026-01-16 16:57:31", + "modified_on": "2026-02-25 22:35:28", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "training.mim4u.org", + "domain_names": [ + "training.mim4u.org" + ], + "expires_on": "2026-04-16 20:59:06", + "meta": {} + }, + { + "id": 164, + "created_on": "2026-02-21 17:46:22", + "modified_on": "2026-02-25 22:36:11", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "ws.rpc-fireblocks.d-bis.org", + "domain_names": [ + "ws.rpc-fireblocks.d-bis.org" + ], + "expires_on": "2026-05-22 21:48:21", + "meta": {} + }, + { + "id": 138, + "created_on": "2026-01-29 23:41:20", + "modified_on": "2026-02-25 22:35:13", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "ws.rpc.d-bis.org", + "domain_names": [ + "ws.rpc.d-bis.org" + ], + "expires_on": "2026-04-30 03:43:05", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 139, + "created_on": "2026-01-29 23:42:13", + "modified_on": "2026-02-25 22:35:11", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "ws.rpc2.d-bis.org", + "domain_names": [ + "ws.rpc2.d-bis.org" + ], + "expires_on": "2026-04-30 03:43:58", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 140, + "created_on": "2026-01-29 23:43:09", + "modified_on": "2026-02-25 22:35:07", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "wss.defi-oracle.io", + "domain_names": [ + "wss.defi-oracle.io" + ], + "expires_on": "2026-04-30 03:44:57", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 62, + "created_on": "2026-01-16 16:57:41", + "modified_on": "2026-02-25 22:35:27", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.mim4u.org", + "domain_names": [ + "www.mim4u.org" + ], + "expires_on": "2026-04-16 20:59:17", + "meta": {} + }, + { + "id": 63, + "created_on": "2026-01-16 16:57:52", + "modified_on": "2026-02-25 22:35:24", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.phoenix.sankofa.nexus", + "domain_names": [ + "www.phoenix.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:59:28", + "meta": {} + }, + { + "id": 64, + "created_on": "2026-01-16 16:58:06", + "modified_on": "2026-02-25 22:35:21", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.sankofa.nexus", + "domain_names": [ + "www.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:59:41", + "meta": {} + } +] diff --git a/backups/npmplus/backup-20260304_011131/api/proxy_hosts.json b/backups/npmplus/backup-20260304_011131/api/proxy_hosts.json new file mode 100644 index 0000000..25d7329 --- /dev/null +++ b/backups/npmplus/backup-20260304_011131/api/proxy_hosts.json @@ -0,0 +1,1429 @@ +[ + { + "id": 37, + "created_on": "2026-02-07 00:42:23", + "modified_on": "2026-02-07 00:46:30", + "owner_user_id": 1, + "domain_names": [ + "cacti-alltra.d-bis.org" + ], + "forward_host": "192.168.11.177", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 146, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 38, + "created_on": "2026-02-07 00:42:24", + "modified_on": "2026-02-07 00:46:53", + "owner_user_id": 1, + "domain_names": [ + "cacti-hybx.d-bis.org" + ], + "forward_host": "192.168.11.251", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 147, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 41, + "created_on": "2026-02-07 20:41:16", + "modified_on": "2026-02-20 22:29:09", + "owner_user_id": 1, + "domain_names": [ + "codespaces.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 156, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 22, + "created_on": "2026-01-18 22:19:18", + "modified_on": "2026-01-29 22:52:50", + "owner_user_id": 1, + "domain_names": [ + "cross-all.defi-oracle.io" + ], + "forward_host": "192.168.11.211", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 134, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 49, + "created_on": "2026-02-20 22:27:16", + "modified_on": "2026-02-20 22:37:53", + "owner_user_id": 1, + "domain_names": [ + "dapp.d-bis.org" + ], + "forward_host": "192.168.11.58", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 162, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 13, + "created_on": "2026-01-16 14:41:02", + "modified_on": "2026-03-04 04:11:18", + "owner_user_id": 1, + "domain_names": [ + "dbis-admin.d-bis.org" + ], + "forward_host": "192.168.11.130", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 46, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 15, + "created_on": "2026-01-16 14:41:04", + "modified_on": "2026-03-04 04:11:22", + "owner_user_id": 1, + "domain_names": [ + "dbis-api-2.d-bis.org" + ], + "forward_host": "192.168.11.156", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 47, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 14, + "created_on": "2026-01-16 14:41:03", + "modified_on": "2026-03-04 04:11:20", + "owner_user_id": 1, + "domain_names": [ + "dbis-api.d-bis.org" + ], + "forward_host": "192.168.11.155", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 48, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 45, + "created_on": "2026-02-13 20:32:33", + "modified_on": "2026-03-01 15:18:46", + "owner_user_id": 1, + "domain_names": [ + "dbis.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3001, + "access_list_id": 0, + "certificate_id": 165, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 39, + "created_on": "2026-02-07 20:41:12", + "modified_on": "2026-02-20 22:29:57", + "owner_user_id": 1, + "domain_names": [ + "dev.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 157, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 8, + "created_on": "2026-01-16 14:40:58", + "modified_on": "2026-03-04 04:10:54", + "owner_user_id": 1, + "domain_names": [ + "explorer.d-bis.org" + ], + "forward_host": "192.168.11.140", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 145, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers (unsafe-eval for ethers.js v5)\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 30, + "created_on": "2026-01-31 00:13:09", + "modified_on": "2026-02-06 19:09:43", + "owner_user_id": 1, + "domain_names": [ + "explorer.defi-oracle.io" + ], + "forward_host": "192.168.11.140", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 144, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 40, + "created_on": "2026-02-07 20:41:14", + "modified_on": "2026-02-20 22:30:39", + "owner_user_id": 1, + "domain_names": [ + "gitea.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 158, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 46, + "created_on": "2026-02-13 20:32:35", + "modified_on": "2026-02-13 20:32:35", + "owner_user_id": 1, + "domain_names": [ + "iccc.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3002, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 17, + "created_on": "2026-01-16 14:41:05", + "modified_on": "2026-03-04 04:11:25", + "owner_user_id": 1, + "domain_names": [ + "mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 50, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 47, + "created_on": "2026-02-13 20:32:37", + "modified_on": "2026-02-13 20:32:37", + "owner_user_id": 1, + "domain_names": [ + "omnl.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3003, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 5, + "created_on": "2026-01-16 14:40:55", + "modified_on": "2026-01-16 17:01:49", + "owner_user_id": 1, + "domain_names": [ + "phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.50", + "forward_port": 4000, + "access_list_id": 0, + "certificate_id": 51, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 42, + "created_on": "2026-02-07 20:41:17", + "modified_on": "2026-02-20 22:31:27", + "owner_user_id": 1, + "domain_names": [ + "pve.ml110.d-bis.org" + ], + "forward_host": "192.168.11.10", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 159, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 43, + "created_on": "2026-02-07 20:41:19", + "modified_on": "2026-02-20 22:32:14", + "owner_user_id": 1, + "domain_names": [ + "pve.r630-01.d-bis.org" + ], + "forward_host": "192.168.11.11", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 160, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 44, + "created_on": "2026-02-07 20:41:21", + "modified_on": "2026-02-20 22:32:57", + "owner_user_id": 1, + "domain_names": [ + "pve.r630-02.d-bis.org" + ], + "forward_host": "192.168.11.12", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 161, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 32, + "created_on": "2026-02-07 00:42:16", + "modified_on": "2026-02-07 00:47:07", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra-2.d-bis.org" + ], + "forward_host": "192.168.11.173", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 148, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 33, + "created_on": "2026-02-07 00:42:17", + "modified_on": "2026-02-07 08:15:41", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "forward_host": "192.168.11.174", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 150, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 31, + "created_on": "2026-02-07 00:42:15", + "modified_on": "2026-02-07 08:15:53", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra.d-bis.org" + ], + "forward_host": "192.168.11.172", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 151, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 50, + "created_on": "2026-02-21 17:37:16", + "modified_on": "2026-03-04 04:11:15", + "owner_user_id": 1, + "domain_names": [ + "rpc-fireblocks.d-bis.org" + ], + "forward_host": "192.168.11.232", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 163, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 11, + "created_on": "2026-01-16 14:41:00", + "modified_on": "2026-03-04 04:10:59", + "owner_user_id": 1, + "domain_names": [ + "rpc-http-prv.d-bis.org" + ], + "forward_host": "192.168.11.211", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 52, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 9, + "created_on": "2026-01-16 14:40:59", + "modified_on": "2026-03-04 04:10:56", + "owner_user_id": 1, + "domain_names": [ + "rpc-http-pub.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 53, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 35, + "created_on": "2026-02-07 00:42:20", + "modified_on": "2026-02-07 08:16:06", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx-2.d-bis.org" + ], + "forward_host": "192.168.11.247", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 152, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 36, + "created_on": "2026-02-07 00:42:22", + "modified_on": "2026-02-07 08:16:19", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx-3.d-bis.org" + ], + "forward_host": "192.168.11.248", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 153, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 34, + "created_on": "2026-02-07 00:42:19", + "modified_on": "2026-02-07 08:16:32", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx.d-bis.org" + ], + "forward_host": "192.168.11.246", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 154, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 12, + "created_on": "2026-01-16 14:41:01", + "modified_on": "2026-03-04 04:11:01", + "owner_user_id": 1, + "domain_names": [ + "rpc-ws-prv.d-bis.org" + ], + "forward_host": "192.168.11.211", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 54, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 10, + "created_on": "2026-01-16 14:40:59", + "modified_on": "2026-03-04 04:10:58", + "owner_user_id": 1, + "domain_names": [ + "rpc-ws-pub.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 55, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 26, + "created_on": "2026-01-29 16:35:10", + "modified_on": "2026-03-04 04:11:08", + "owner_user_id": 1, + "domain_names": [ + "rpc.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 141, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\ndns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 24, + "created_on": "2026-01-29 15:38:44", + "modified_on": "2026-03-04 04:11:05", + "owner_user_id": 1, + "domain_names": [ + "rpc.defi-oracle.io" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 56, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 21, + "created_on": "2026-01-16 14:41:09", + "modified_on": "2026-03-04 04:11:03", + "owner_user_id": 1, + "domain_names": [ + "rpc.public-0138.defi-oracle.io" + ], + "forward_host": "192.168.11.240", + "forward_port": 443, + "access_list_id": 0, + "certificate_id": 56, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "https", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 27, + "created_on": "2026-01-29 16:35:11", + "modified_on": "2026-03-04 04:11:09", + "owner_user_id": 1, + "domain_names": [ + "rpc2.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 137, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 3, + "created_on": "2026-01-16 14:40:54", + "modified_on": "2026-01-16 17:01:32", + "owner_user_id": 1, + "domain_names": [ + "sankofa.nexus" + ], + "forward_host": "192.168.11.51", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 57, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "add_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 16, + "created_on": "2026-01-16 14:41:04", + "modified_on": "2026-03-04 04:11:23", + "owner_user_id": 1, + "domain_names": [ + "secure.d-bis.org" + ], + "forward_host": "192.168.11.130", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 58, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 19, + "created_on": "2026-01-16 14:41:07", + "modified_on": "2026-03-04 04:11:29", + "owner_user_id": 1, + "domain_names": [ + "secure.mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 59, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 52, + "created_on": "2026-03-01 15:16:30", + "modified_on": "2026-03-02 06:22:15", + "owner_user_id": 1, + "domain_names": [ + "studio.sankofa.nexus" + ], + "forward_host": "192.168.11.72", + "forward_port": 8000, + "access_list_id": 0, + "certificate_id": 166, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 7, + "created_on": "2026-01-16 14:40:57", + "modified_on": "2026-01-16 17:02:09", + "owner_user_id": 1, + "domain_names": [ + "the-order.sankofa.nexus" + ], + "forward_host": "192.168.11.36", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 60, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 20, + "created_on": "2026-01-16 14:41:08", + "modified_on": "2026-03-04 04:11:30", + "owner_user_id": 1, + "domain_names": [ + "training.mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 61, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 51, + "created_on": "2026-02-21 17:37:45", + "modified_on": "2026-03-04 04:11:17", + "owner_user_id": 1, + "domain_names": [ + "ws.rpc-fireblocks.d-bis.org" + ], + "forward_host": "192.168.11.232", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 164, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 28, + "created_on": "2026-01-29 16:35:12", + "modified_on": "2026-03-04 04:11:11", + "owner_user_id": 1, + "domain_names": [ + "ws.rpc.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 138, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 29, + "created_on": "2026-01-29 16:35:12", + "modified_on": "2026-03-04 04:11:13", + "owner_user_id": 1, + "domain_names": [ + "ws.rpc2.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 139, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 25, + "created_on": "2026-01-29 15:38:45", + "modified_on": "2026-03-04 04:11:06", + "owner_user_id": 1, + "domain_names": [ + "wss.defi-oracle.io" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 140, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 18, + "created_on": "2026-01-16 14:41:06", + "modified_on": "2026-03-04 04:11:27", + "owner_user_id": 1, + "domain_names": [ + "www.mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 62, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 6, + "created_on": "2026-01-16 14:40:56", + "modified_on": "2026-01-16 17:02:17", + "owner_user_id": 1, + "domain_names": [ + "www.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.50", + "forward_port": 4000, + "access_list_id": 0, + "certificate_id": 63, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 4, + "created_on": "2026-01-16 14:40:55", + "modified_on": "2026-01-16 17:02:19", + "owner_user_id": 1, + "domain_names": [ + "www.sankofa.nexus" + ], + "forward_host": "192.168.11.51", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 64, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 48, + "created_on": "2026-02-13 20:32:39", + "modified_on": "2026-02-13 20:32:39", + "owner_user_id": 1, + "domain_names": [ + "xom.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3004, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + } +] diff --git a/backups/npmplus/backup-20260304_011131/certificates/cert_list.txt b/backups/npmplus/backup-20260304_011131/certificates/cert_list.txt new file mode 100644 index 0000000..e69de29 diff --git a/backups/npmplus/backup-20260304_011131/database/database.sql b/backups/npmplus/backup-20260304_011131/database/database.sql new file mode 100644 index 0000000..77149a3 --- /dev/null +++ b/backups/npmplus/backup-20260304_011131/database/database.sql @@ -0,0 +1 @@ +Database file not found diff --git a/backups/npmplus/backup-20260304_011131/database/database.sqlite b/backups/npmplus/backup-20260304_011131/database/database.sqlite new file mode 100644 index 0000000..e69de29 diff --git a/backups/npmplus/backup-20260304_011131/manifest.json b/backups/npmplus/backup-20260304_011131/manifest.json new file mode 100644 index 0000000..bde7182 --- /dev/null +++ b/backups/npmplus/backup-20260304_011131/manifest.json @@ -0,0 +1,19 @@ +{ + "timestamp": "20260304_011131", + "backup_date": "2026-03-04T01:11:42-08:00", + "npmplus_vmid": "10233", + "npmplus_host": "192.168.11.11", + "npm_url": "https://192.168.11.167:81", + "backup_contents": { + "database": { + "sql_dump": "present", + "sqlite_file": "missing" + }, + "api_exports": { + "proxy_hosts": "present", + "certificates": "present", + "access_lists": "present" + }, + "certificate_files": "missing" + } +} diff --git a/backups/npmplus/backup-20260304_011131/volumes/volume_list.txt b/backups/npmplus/backup-20260304_011131/volumes/volume_list.txt new file mode 100644 index 0000000..4545150 --- /dev/null +++ b/backups/npmplus/backup-20260304_011131/volumes/volume_list.txt @@ -0,0 +1 @@ +DRIVER VOLUME NAME diff --git a/backups/npmplus/backup-20260304_012829.tar.gz b/backups/npmplus/backup-20260304_012829.tar.gz new file mode 100644 index 0000000..d8d66ab Binary files /dev/null and b/backups/npmplus/backup-20260304_012829.tar.gz differ diff --git a/backups/npmplus/backup-20260304_012829/api/access_lists.json b/backups/npmplus/backup-20260304_012829/api/access_lists.json new file mode 100644 index 0000000..fe51488 --- /dev/null +++ b/backups/npmplus/backup-20260304_012829/api/access_lists.json @@ -0,0 +1 @@ +[] diff --git a/backups/npmplus/backup-20260304_012829/api/certificates.json b/backups/npmplus/backup-20260304_012829/api/certificates.json new file mode 100644 index 0000000..a2f5149 --- /dev/null +++ b/backups/npmplus/backup-20260304_012829/api/certificates.json @@ -0,0 +1,718 @@ +[ + { + "id": 146, + "created_on": "2026-02-07 00:46:21", + "modified_on": "2026-02-25 22:34:54", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cacti-alltra.d-bis.org", + "domain_names": [ + "cacti-alltra.d-bis.org" + ], + "expires_on": "2026-05-08 04:47:55", + "meta": {} + }, + { + "id": 147, + "created_on": "2026-02-07 00:46:43", + "modified_on": "2026-02-25 22:34:50", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cacti-hybx.d-bis.org", + "domain_names": [ + "cacti-hybx.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:19", + "meta": {} + }, + { + "id": 155, + "created_on": "2026-02-20 22:27:52", + "modified_on": "2026-02-20 22:27:52", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "codespaces.d-bis.org", + "domain_names": [ + "codespaces.d-bis.org" + ], + "expires_on": "2026-02-20 22:27:52", + "meta": {} + }, + { + "id": 156, + "created_on": "2026-02-20 22:28:48", + "modified_on": "2026-02-25 22:34:21", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "codespaces.d-bis.org", + "domain_names": [ + "codespaces.d-bis.org" + ], + "expires_on": "2026-05-22 02:30:34", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n", + "letsencrypt_agree": true + } + }, + { + "id": 134, + "created_on": "2026-01-29 22:52:44", + "modified_on": "2026-02-25 22:35:17", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cross-all.defi-oracle.io", + "domain_names": [ + "cross-all.defi-oracle.io" + ], + "expires_on": "2026-04-30 02:54:15", + "meta": {} + }, + { + "id": 162, + "created_on": "2026-02-20 22:36:34", + "modified_on": "2026-02-25 22:36:08", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dapp.d-bis.org", + "domain_names": [ + "dapp.d-bis.org" + ], + "expires_on": "2026-05-22 02:38:20", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 46, + "created_on": "2026-01-16 16:54:36", + "modified_on": "2026-02-25 22:36:19", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-admin.d-bis.org", + "domain_names": [ + "dbis-admin.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:11", + "meta": {} + }, + { + "id": 47, + "created_on": "2026-01-16 16:54:47", + "modified_on": "2026-02-25 22:36:01", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-api-2.d-bis.org", + "domain_names": [ + "dbis-api-2.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:22", + "meta": {} + }, + { + "id": 48, + "created_on": "2026-01-16 16:54:58", + "modified_on": "2026-02-25 22:35:59", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-api.d-bis.org", + "domain_names": [ + "dbis-api.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:33", + "meta": {} + }, + { + "id": 165, + "created_on": "2026-03-01 15:17:51", + "modified_on": "2026-03-01 15:18:11", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis.xom-dev.phoenix.sankofa.nexus", + "domain_names": [ + "dbis.xom-dev.phoenix.sankofa.nexus" + ], + "expires_on": "2026-05-30 19:19:36", + "meta": {} + }, + { + "id": 157, + "created_on": "2026-02-20 22:29:37", + "modified_on": "2026-02-25 22:34:16", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dev.d-bis.org", + "domain_names": [ + "dev.d-bis.org" + ], + "expires_on": "2026-05-22 02:31:22", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 145, + "created_on": "2026-02-06 19:14:04", + "modified_on": "2026-02-25 22:34:59", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "explorer.d-bis.org", + "domain_names": [ + "explorer.d-bis.org" + ], + "expires_on": "2026-05-07 23:15:36", + "meta": { + "letsencrypt_agree": true, + "dns_challenge": true, + "nginx_online": true, + "nginx_err": null, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0" + } + }, + { + "id": 144, + "created_on": "2026-02-06 19:05:50", + "modified_on": "2026-02-25 22:35:01", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "explorer.defi-oracle.io", + "domain_names": [ + "explorer.defi-oracle.io" + ], + "expires_on": "2026-05-07 23:07:35", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 158, + "created_on": "2026-02-20 22:30:18", + "modified_on": "2026-02-25 22:34:14", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "gitea.d-bis.org", + "domain_names": [ + "gitea.d-bis.org" + ], + "expires_on": "2026-05-22 02:32:04", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 50, + "created_on": "2026-01-16 16:55:25", + "modified_on": "2026-02-25 22:35:55", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "mim4u.org", + "domain_names": [ + "mim4u.org" + ], + "expires_on": "2026-04-16 20:57:01", + "meta": {} + }, + { + "id": 51, + "created_on": "2026-01-16 16:55:37", + "modified_on": "2026-02-25 22:35:53", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "phoenix.sankofa.nexus", + "domain_names": [ + "phoenix.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:57:08", + "meta": {} + }, + { + "id": 159, + "created_on": "2026-02-20 22:31:08", + "modified_on": "2026-02-25 22:34:12", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "pve.ml110.d-bis.org", + "domain_names": [ + "pve.ml110.d-bis.org" + ], + "expires_on": "2026-05-22 02:32:54", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 160, + "created_on": "2026-02-20 22:31:51", + "modified_on": "2026-02-25 22:34:08", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "pve.r630-01.d-bis.org", + "domain_names": [ + "pve.r630-01.d-bis.org" + ], + "expires_on": "2026-05-22 02:33:37", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 161, + "created_on": "2026-02-20 22:32:35", + "modified_on": "2026-02-25 22:34:08", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "pve.r630-02.d-bis.org", + "domain_names": [ + "pve.r630-02.d-bis.org" + ], + "expires_on": "2026-05-22 02:34:21", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 148, + "created_on": "2026-02-07 00:46:56", + "modified_on": "2026-02-25 22:34:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-2.d-bis.org", + "domain_names": [ + "rpc-alltra-2.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:31", + "meta": {} + }, + { + "id": 149, + "created_on": "2026-02-07 00:47:10", + "modified_on": "2026-02-25 22:34:45", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-3.d-bis.org", + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:46", + "meta": {} + }, + { + "id": 150, + "created_on": "2026-02-07 08:15:35", + "modified_on": "2026-02-25 22:34:42", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-3.d-bis.org", + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:06", + "meta": {} + }, + { + "id": 151, + "created_on": "2026-02-07 08:15:43", + "modified_on": "2026-02-25 22:34:36", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra.d-bis.org", + "domain_names": [ + "rpc-alltra.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:18", + "meta": {} + }, + { + "id": 163, + "created_on": "2026-02-21 17:45:18", + "modified_on": "2026-02-25 22:36:29", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-fireblocks.d-bis.org", + "domain_names": [ + "rpc-fireblocks.d-bis.org" + ], + "expires_on": "2026-05-22 21:47:15", + "meta": {} + }, + { + "id": 52, + "created_on": "2026-01-16 16:55:45", + "modified_on": "2026-02-25 22:35:50", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-http-prv.d-bis.org", + "domain_names": [ + "rpc-http-prv.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:20", + "meta": {} + }, + { + "id": 53, + "created_on": "2026-01-16 16:55:57", + "modified_on": "2026-02-25 22:35:46", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-http-pub.d-bis.org", + "domain_names": [ + "rpc-http-pub.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:30", + "meta": {} + }, + { + "id": 152, + "created_on": "2026-02-07 08:15:56", + "modified_on": "2026-02-25 22:34:30", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx-2.d-bis.org", + "domain_names": [ + "rpc-hybx-2.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:31", + "meta": {} + }, + { + "id": 153, + "created_on": "2026-02-07 08:16:09", + "modified_on": "2026-02-25 22:34:27", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx-3.d-bis.org", + "domain_names": [ + "rpc-hybx-3.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:45", + "meta": {} + }, + { + "id": 154, + "created_on": "2026-02-07 08:16:22", + "modified_on": "2026-02-25 22:34:24", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx.d-bis.org", + "domain_names": [ + "rpc-hybx.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:58", + "meta": {} + }, + { + "id": 54, + "created_on": "2026-01-16 16:56:06", + "modified_on": "2026-02-25 22:35:44", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-ws-prv.d-bis.org", + "domain_names": [ + "rpc-ws-prv.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:38", + "meta": {} + }, + { + "id": 55, + "created_on": "2026-01-16 16:56:16", + "modified_on": "2026-02-25 22:35:42", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-ws-pub.d-bis.org", + "domain_names": [ + "rpc-ws-pub.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:51", + "meta": {} + }, + { + "id": 141, + "created_on": "2026-01-30 09:33:59", + "modified_on": "2026-02-25 22:35:04", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc.d-bis.org", + "domain_names": [ + "rpc.d-bis.org" + ], + "expires_on": "2026-04-30 13:35:45", + "meta": { + "letsencrypt_agree": true, + "dns_challenge": true, + "nginx_online": false, + "nginx_err": "nginx: [emerg] cannot load certificate \"/data/tls/certbot/live/npm-135/fullchain.pem\": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/data/tls/certbot/live/npm-135/fullchain.pem, r) error:10000080:BIO routines::no such file)\nnginx: configuration file /usr/local/nginx/conf/nginx.conf test failed", + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\ndns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0" + } + }, + { + "id": 56, + "created_on": "2026-01-16 16:56:30", + "modified_on": "2026-02-25 22:35:40", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc.public-0138.defi-oracle.io", + "domain_names": [ + "rpc.public-0138.defi-oracle.io" + ], + "expires_on": "2026-04-16 20:58:05", + "meta": {} + }, + { + "id": 137, + "created_on": "2026-01-29 23:39:01", + "modified_on": "2026-02-25 22:35:14", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc2.d-bis.org", + "domain_names": [ + "rpc2.d-bis.org" + ], + "expires_on": "2026-04-30 03:40:50", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 57, + "created_on": "2026-01-16 16:56:41", + "modified_on": "2026-02-25 22:35:37", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "sankofa.nexus", + "domain_names": [ + "sankofa.nexus" + ], + "expires_on": "2026-04-16 20:58:17", + "meta": {} + }, + { + "id": 58, + "created_on": "2026-01-16 16:56:53", + "modified_on": "2026-02-25 22:35:34", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "secure.d-bis.org", + "domain_names": [ + "secure.d-bis.org" + ], + "expires_on": "2026-04-16 20:58:28", + "meta": {} + }, + { + "id": 59, + "created_on": "2026-01-16 16:57:05", + "modified_on": "2026-02-25 22:35:31", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "secure.mim4u.org", + "domain_names": [ + "secure.mim4u.org" + ], + "expires_on": "2026-04-16 20:58:40", + "meta": {} + }, + { + "id": 166, + "created_on": "2026-03-02 06:21:20", + "modified_on": "2026-03-02 06:22:03", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "studio.sankofa.nexus", + "domain_names": [ + "studio.sankofa.nexus" + ], + "expires_on": "2026-05-31 10:23:29", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 60, + "created_on": "2026-01-16 16:57:17", + "modified_on": "2026-02-25 22:35:29", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "the-order.sankofa.nexus", + "domain_names": [ + "the-order.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:58:53", + "meta": {} + }, + { + "id": 61, + "created_on": "2026-01-16 16:57:31", + "modified_on": "2026-02-25 22:35:28", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "training.mim4u.org", + "domain_names": [ + "training.mim4u.org" + ], + "expires_on": "2026-04-16 20:59:06", + "meta": {} + }, + { + "id": 164, + "created_on": "2026-02-21 17:46:22", + "modified_on": "2026-02-25 22:36:11", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "ws.rpc-fireblocks.d-bis.org", + "domain_names": [ + "ws.rpc-fireblocks.d-bis.org" + ], + "expires_on": "2026-05-22 21:48:21", + "meta": {} + }, + { + "id": 138, + "created_on": "2026-01-29 23:41:20", + "modified_on": "2026-02-25 22:35:13", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "ws.rpc.d-bis.org", + "domain_names": [ + "ws.rpc.d-bis.org" + ], + "expires_on": "2026-04-30 03:43:05", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 139, + "created_on": "2026-01-29 23:42:13", + "modified_on": "2026-02-25 22:35:11", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "ws.rpc2.d-bis.org", + "domain_names": [ + "ws.rpc2.d-bis.org" + ], + "expires_on": "2026-04-30 03:43:58", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 140, + "created_on": "2026-01-29 23:43:09", + "modified_on": "2026-02-25 22:35:07", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "wss.defi-oracle.io", + "domain_names": [ + "wss.defi-oracle.io" + ], + "expires_on": "2026-04-30 03:44:57", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 62, + "created_on": "2026-01-16 16:57:41", + "modified_on": "2026-02-25 22:35:27", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.mim4u.org", + "domain_names": [ + "www.mim4u.org" + ], + "expires_on": "2026-04-16 20:59:17", + "meta": {} + }, + { + "id": 63, + "created_on": "2026-01-16 16:57:52", + "modified_on": "2026-02-25 22:35:24", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.phoenix.sankofa.nexus", + "domain_names": [ + "www.phoenix.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:59:28", + "meta": {} + }, + { + "id": 64, + "created_on": "2026-01-16 16:58:06", + "modified_on": "2026-02-25 22:35:21", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.sankofa.nexus", + "domain_names": [ + "www.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:59:41", + "meta": {} + } +] diff --git a/backups/npmplus/backup-20260304_012829/api/proxy_hosts.json b/backups/npmplus/backup-20260304_012829/api/proxy_hosts.json new file mode 100644 index 0000000..61280fa --- /dev/null +++ b/backups/npmplus/backup-20260304_012829/api/proxy_hosts.json @@ -0,0 +1,1429 @@ +[ + { + "id": 37, + "created_on": "2026-02-07 00:42:23", + "modified_on": "2026-02-07 00:46:30", + "owner_user_id": 1, + "domain_names": [ + "cacti-alltra.d-bis.org" + ], + "forward_host": "192.168.11.177", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 146, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 38, + "created_on": "2026-02-07 00:42:24", + "modified_on": "2026-02-07 00:46:53", + "owner_user_id": 1, + "domain_names": [ + "cacti-hybx.d-bis.org" + ], + "forward_host": "192.168.11.251", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 147, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 41, + "created_on": "2026-02-07 20:41:16", + "modified_on": "2026-02-20 22:29:09", + "owner_user_id": 1, + "domain_names": [ + "codespaces.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 156, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 22, + "created_on": "2026-01-18 22:19:18", + "modified_on": "2026-01-29 22:52:50", + "owner_user_id": 1, + "domain_names": [ + "cross-all.defi-oracle.io" + ], + "forward_host": "192.168.11.211", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 134, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 49, + "created_on": "2026-02-20 22:27:16", + "modified_on": "2026-02-20 22:37:53", + "owner_user_id": 1, + "domain_names": [ + "dapp.d-bis.org" + ], + "forward_host": "192.168.11.58", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 162, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 13, + "created_on": "2026-01-16 14:41:02", + "modified_on": "2026-03-04 04:28:15", + "owner_user_id": 1, + "domain_names": [ + "dbis-admin.d-bis.org" + ], + "forward_host": "192.168.11.130", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 46, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 15, + "created_on": "2026-01-16 14:41:04", + "modified_on": "2026-03-04 04:28:19", + "owner_user_id": 1, + "domain_names": [ + "dbis-api-2.d-bis.org" + ], + "forward_host": "192.168.11.156", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 47, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 14, + "created_on": "2026-01-16 14:41:03", + "modified_on": "2026-03-04 04:28:17", + "owner_user_id": 1, + "domain_names": [ + "dbis-api.d-bis.org" + ], + "forward_host": "192.168.11.155", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 48, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 45, + "created_on": "2026-02-13 20:32:33", + "modified_on": "2026-03-01 15:18:46", + "owner_user_id": 1, + "domain_names": [ + "dbis.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3001, + "access_list_id": 0, + "certificate_id": 165, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 39, + "created_on": "2026-02-07 20:41:12", + "modified_on": "2026-02-20 22:29:57", + "owner_user_id": 1, + "domain_names": [ + "dev.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 157, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 8, + "created_on": "2026-01-16 14:40:58", + "modified_on": "2026-03-04 04:27:51", + "owner_user_id": 1, + "domain_names": [ + "explorer.d-bis.org" + ], + "forward_host": "192.168.11.140", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 145, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers (unsafe-eval for ethers.js v5)\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 30, + "created_on": "2026-01-31 00:13:09", + "modified_on": "2026-02-06 19:09:43", + "owner_user_id": 1, + "domain_names": [ + "explorer.defi-oracle.io" + ], + "forward_host": "192.168.11.140", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 144, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 40, + "created_on": "2026-02-07 20:41:14", + "modified_on": "2026-02-20 22:30:39", + "owner_user_id": 1, + "domain_names": [ + "gitea.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 158, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 46, + "created_on": "2026-02-13 20:32:35", + "modified_on": "2026-02-13 20:32:35", + "owner_user_id": 1, + "domain_names": [ + "iccc.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3002, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 17, + "created_on": "2026-01-16 14:41:05", + "modified_on": "2026-03-04 04:28:23", + "owner_user_id": 1, + "domain_names": [ + "mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 50, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 47, + "created_on": "2026-02-13 20:32:37", + "modified_on": "2026-02-13 20:32:37", + "owner_user_id": 1, + "domain_names": [ + "omnl.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3003, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 5, + "created_on": "2026-01-16 14:40:55", + "modified_on": "2026-01-16 17:01:49", + "owner_user_id": 1, + "domain_names": [ + "phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.50", + "forward_port": 4000, + "access_list_id": 0, + "certificate_id": 51, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 42, + "created_on": "2026-02-07 20:41:17", + "modified_on": "2026-02-20 22:31:27", + "owner_user_id": 1, + "domain_names": [ + "pve.ml110.d-bis.org" + ], + "forward_host": "192.168.11.10", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 159, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 43, + "created_on": "2026-02-07 20:41:19", + "modified_on": "2026-02-20 22:32:14", + "owner_user_id": 1, + "domain_names": [ + "pve.r630-01.d-bis.org" + ], + "forward_host": "192.168.11.11", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 160, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 44, + "created_on": "2026-02-07 20:41:21", + "modified_on": "2026-02-20 22:32:57", + "owner_user_id": 1, + "domain_names": [ + "pve.r630-02.d-bis.org" + ], + "forward_host": "192.168.11.12", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 161, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 32, + "created_on": "2026-02-07 00:42:16", + "modified_on": "2026-02-07 00:47:07", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra-2.d-bis.org" + ], + "forward_host": "192.168.11.173", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 148, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 33, + "created_on": "2026-02-07 00:42:17", + "modified_on": "2026-02-07 08:15:41", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "forward_host": "192.168.11.174", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 150, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 31, + "created_on": "2026-02-07 00:42:15", + "modified_on": "2026-02-07 08:15:53", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra.d-bis.org" + ], + "forward_host": "192.168.11.172", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 151, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 50, + "created_on": "2026-02-21 17:37:16", + "modified_on": "2026-03-04 04:28:12", + "owner_user_id": 1, + "domain_names": [ + "rpc-fireblocks.d-bis.org" + ], + "forward_host": "192.168.11.232", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 163, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 11, + "created_on": "2026-01-16 14:41:00", + "modified_on": "2026-03-04 04:27:56", + "owner_user_id": 1, + "domain_names": [ + "rpc-http-prv.d-bis.org" + ], + "forward_host": "192.168.11.211", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 52, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 9, + "created_on": "2026-01-16 14:40:59", + "modified_on": "2026-03-04 04:27:52", + "owner_user_id": 1, + "domain_names": [ + "rpc-http-pub.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 53, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 35, + "created_on": "2026-02-07 00:42:20", + "modified_on": "2026-02-07 08:16:06", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx-2.d-bis.org" + ], + "forward_host": "192.168.11.247", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 152, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 36, + "created_on": "2026-02-07 00:42:22", + "modified_on": "2026-02-07 08:16:19", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx-3.d-bis.org" + ], + "forward_host": "192.168.11.248", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 153, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 34, + "created_on": "2026-02-07 00:42:19", + "modified_on": "2026-02-07 08:16:32", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx.d-bis.org" + ], + "forward_host": "192.168.11.246", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 154, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 12, + "created_on": "2026-01-16 14:41:01", + "modified_on": "2026-03-04 04:27:58", + "owner_user_id": 1, + "domain_names": [ + "rpc-ws-prv.d-bis.org" + ], + "forward_host": "192.168.11.211", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 54, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 10, + "created_on": "2026-01-16 14:40:59", + "modified_on": "2026-03-04 04:27:54", + "owner_user_id": 1, + "domain_names": [ + "rpc-ws-pub.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 55, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 26, + "created_on": "2026-01-29 16:35:10", + "modified_on": "2026-03-04 04:28:05", + "owner_user_id": 1, + "domain_names": [ + "rpc.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 141, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\ndns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 24, + "created_on": "2026-01-29 15:38:44", + "modified_on": "2026-03-04 04:28:01", + "owner_user_id": 1, + "domain_names": [ + "rpc.defi-oracle.io" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 56, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 21, + "created_on": "2026-01-16 14:41:09", + "modified_on": "2026-03-04 04:28:00", + "owner_user_id": 1, + "domain_names": [ + "rpc.public-0138.defi-oracle.io" + ], + "forward_host": "192.168.11.240", + "forward_port": 443, + "access_list_id": 0, + "certificate_id": 56, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "https", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 27, + "created_on": "2026-01-29 16:35:11", + "modified_on": "2026-03-04 04:28:06", + "owner_user_id": 1, + "domain_names": [ + "rpc2.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 137, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 3, + "created_on": "2026-01-16 14:40:54", + "modified_on": "2026-01-16 17:01:32", + "owner_user_id": 1, + "domain_names": [ + "sankofa.nexus" + ], + "forward_host": "192.168.11.51", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 57, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "add_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 16, + "created_on": "2026-01-16 14:41:04", + "modified_on": "2026-03-04 04:28:21", + "owner_user_id": 1, + "domain_names": [ + "secure.d-bis.org" + ], + "forward_host": "192.168.11.130", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 58, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 19, + "created_on": "2026-01-16 14:41:07", + "modified_on": "2026-03-04 04:28:27", + "owner_user_id": 1, + "domain_names": [ + "secure.mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 59, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 52, + "created_on": "2026-03-01 15:16:30", + "modified_on": "2026-03-02 06:22:15", + "owner_user_id": 1, + "domain_names": [ + "studio.sankofa.nexus" + ], + "forward_host": "192.168.11.72", + "forward_port": 8000, + "access_list_id": 0, + "certificate_id": 166, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 7, + "created_on": "2026-01-16 14:40:57", + "modified_on": "2026-01-16 17:02:09", + "owner_user_id": 1, + "domain_names": [ + "the-order.sankofa.nexus" + ], + "forward_host": "192.168.11.36", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 60, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 20, + "created_on": "2026-01-16 14:41:08", + "modified_on": "2026-03-04 04:28:29", + "owner_user_id": 1, + "domain_names": [ + "training.mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 61, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 51, + "created_on": "2026-02-21 17:37:45", + "modified_on": "2026-03-04 04:28:14", + "owner_user_id": 1, + "domain_names": [ + "ws.rpc-fireblocks.d-bis.org" + ], + "forward_host": "192.168.11.232", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 164, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 28, + "created_on": "2026-01-29 16:35:12", + "modified_on": "2026-03-04 04:28:09", + "owner_user_id": 1, + "domain_names": [ + "ws.rpc.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 138, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 29, + "created_on": "2026-01-29 16:35:12", + "modified_on": "2026-03-04 04:28:10", + "owner_user_id": 1, + "domain_names": [ + "ws.rpc2.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 139, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 25, + "created_on": "2026-01-29 15:38:45", + "modified_on": "2026-03-04 04:28:03", + "owner_user_id": 1, + "domain_names": [ + "wss.defi-oracle.io" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 140, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 18, + "created_on": "2026-01-16 14:41:06", + "modified_on": "2026-03-04 04:28:25", + "owner_user_id": 1, + "domain_names": [ + "www.mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 62, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 6, + "created_on": "2026-01-16 14:40:56", + "modified_on": "2026-01-16 17:02:17", + "owner_user_id": 1, + "domain_names": [ + "www.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.50", + "forward_port": 4000, + "access_list_id": 0, + "certificate_id": 63, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 4, + "created_on": "2026-01-16 14:40:55", + "modified_on": "2026-01-16 17:02:19", + "owner_user_id": 1, + "domain_names": [ + "www.sankofa.nexus" + ], + "forward_host": "192.168.11.51", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 64, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 48, + "created_on": "2026-02-13 20:32:39", + "modified_on": "2026-02-13 20:32:39", + "owner_user_id": 1, + "domain_names": [ + "xom.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3004, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + } +] diff --git a/backups/npmplus/backup-20260304_012829/certificates/cert_list.txt b/backups/npmplus/backup-20260304_012829/certificates/cert_list.txt new file mode 100644 index 0000000..e69de29 diff --git a/backups/npmplus/backup-20260304_012829/database/database.sql b/backups/npmplus/backup-20260304_012829/database/database.sql new file mode 100644 index 0000000..77149a3 --- /dev/null +++ b/backups/npmplus/backup-20260304_012829/database/database.sql @@ -0,0 +1 @@ +Database file not found diff --git a/backups/npmplus/backup-20260304_012829/database/database.sqlite b/backups/npmplus/backup-20260304_012829/database/database.sqlite new file mode 100644 index 0000000..e69de29 diff --git a/backups/npmplus/backup-20260304_012829/manifest.json b/backups/npmplus/backup-20260304_012829/manifest.json new file mode 100644 index 0000000..992f04d --- /dev/null +++ b/backups/npmplus/backup-20260304_012829/manifest.json @@ -0,0 +1,19 @@ +{ + "timestamp": "20260304_012829", + "backup_date": "2026-03-04T01:28:39-08:00", + "npmplus_vmid": "10233", + "npmplus_host": "192.168.11.11", + "npm_url": "https://192.168.11.167:81", + "backup_contents": { + "database": { + "sql_dump": "present", + "sqlite_file": "missing" + }, + "api_exports": { + "proxy_hosts": "present", + "certificates": "present", + "access_lists": "present" + }, + "certificate_files": "missing" + } +} diff --git a/backups/npmplus/backup-20260304_012829/volumes/volume_list.txt b/backups/npmplus/backup-20260304_012829/volumes/volume_list.txt new file mode 100644 index 0000000..4545150 --- /dev/null +++ b/backups/npmplus/backup-20260304_012829/volumes/volume_list.txt @@ -0,0 +1 @@ +DRIVER VOLUME NAME diff --git a/config/ip-addresses.conf b/config/ip-addresses.conf index fbe0c9f..def31af 100644 --- a/config/ip-addresses.conf +++ b/config/ip-addresses.conf @@ -8,12 +8,24 @@ PROXMOX_SSH_USER="${PROXMOX_SSH_USER:-root}" # Proxmox Hosts (overridable via .env PROXMOX_ML110, PROXMOX_R630_01, PROXMOX_R630_02) +# NOTE: ML110 (192.168.11.10) is being repurposed to OPNsense/pfSense WAN aggregator; after repurpose .10 is the firewall, not Proxmox. Cluster = r630-01 + r630-02 until more R630s join. PROXMOX_HOST_ML110="${PROXMOX_ML110:-${PROXMOX_HOST_ML110:-192.168.11.10}}" PROXMOX_HOST_R630_01="${PROXMOX_R630_01:-${PROXMOX_HOST_R630_01:-192.168.11.11}}" PROXMOX_HOST_R630_02="${PROXMOX_R630_02:-${PROXMOX_HOST_R630_02:-192.168.11.12}}" PROXMOX_ML110="${PROXMOX_HOST_ML110}" PROXMOX_R630_01="${PROXMOX_HOST_R630_01}" PROXMOX_R630_02="${PROXMOX_HOST_R630_02}" +# WAN aggregator (OPNsense/pfSense on ML110); same IP .10 after repurpose +WAN_AGGREGATOR_ML110="${WAN_AGGREGATOR_ML110:-192.168.11.10}" + +# R630-03..13: 192.168.11.13–.23 (r630-03 … r630-13). Add when nodes are brought online. +# Extended inventory: R750 (3), Dell 7920 (2), UDM Pro #2 (1). See docs/11-references/HARDWARE_INVENTORY_MASTER.md +PROXMOX_HOST_R750_01="${PROXMOX_HOST_R750_01:-192.168.11.24}" +PROXMOX_HOST_R750_02="${PROXMOX_HOST_R750_02:-192.168.11.25}" +PROXMOX_HOST_R750_03="${PROXMOX_HOST_R750_03:-192.168.11.26}" +UDM_PRO_2_IP="${UDM_PRO_2_IP:-192.168.11.2}" +WORKSTATION_01_IP="${WORKSTATION_01_IP:-192.168.11.30}" +WORKSTATION_02_IP="${WORKSTATION_02_IP:-192.168.11.31}" # RPC Endpoints — Chain ID 138 two standards # Core (admin/deploy): RPC_URL_138 — VMID 2101 diff --git a/config/routing-registry.json b/config/routing-registry.json new file mode 100644 index 0000000..dbba177 --- /dev/null +++ b/config/routing-registry.json @@ -0,0 +1,122 @@ +{ + "description": "Routing registry: (fromChain, toChain, asset) -> pathType, bridgeAddress. Used by UI and indexer. See docs/11-references/DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md.", + "routes": [ + { + "fromChain": 138, + "toChain": 651940, + "asset": "WETH", + "pathType": "ALT", + "bridgeAddress": "0x66FEBA2fC9a0B47F26DD4284DAd24F970436B8Dc", + "bridgeChainId": 138, + "label": "AlltraAdapter" + }, + { + "fromChain": 651940, + "toChain": 138, + "asset": "WETH", + "pathType": "ALT", + "bridgeAddress": "0x66FEBA2fC9a0B47F26DD4284DAd24F970436B8Dc", + "bridgeChainId": 651940, + "label": "AlltraAdapter" + }, + { + "fromChain": 138, + "toChain": 1, + "asset": "WETH", + "pathType": "CCIP", + "bridgeAddress": "0x971cD9D156f193df8051E48043C476e53ECd4693", + "bridgeChainId": 138, + "label": "CCIPWETH9Bridge" + }, + { + "fromChain": 138, + "toChain": 56, + "asset": "WETH", + "pathType": "CCIP", + "bridgeAddress": "0x971cD9D156f193df8051E48043C476e53ECd4693", + "bridgeChainId": 138, + "label": "CCIPWETH9Bridge" + }, + { + "fromChain": 138, + "toChain": 137, + "asset": "WETH", + "pathType": "CCIP", + "bridgeAddress": "0x971cD9D156f193df8051E48043C476e53ECd4693", + "bridgeChainId": 138, + "label": "CCIPWETH9Bridge" + }, + { + "fromChain": 138, + "toChain": 10, + "asset": "WETH", + "pathType": "CCIP", + "bridgeAddress": "0x971cD9D156f193df8051E48043C476e53ECd4693", + "bridgeChainId": 138, + "label": "CCIPWETH9Bridge" + }, + { + "fromChain": 138, + "toChain": 42161, + "asset": "WETH", + "pathType": "CCIP", + "bridgeAddress": "0x971cD9D156f193df8051E48043C476e53ECd4693", + "bridgeChainId": 138, + "label": "CCIPWETH9Bridge" + }, + { + "fromChain": 138, + "toChain": 43114, + "asset": "WETH", + "pathType": "CCIP", + "bridgeAddress": "0x971cD9D156f193df8051E48043C476e53ECd4693", + "bridgeChainId": 138, + "label": "CCIPWETH9Bridge" + }, + { + "fromChain": 138, + "toChain": 8453, + "asset": "WETH", + "pathType": "CCIP", + "bridgeAddress": "0x971cD9D156f193df8051E48043C476e53ECd4693", + "bridgeChainId": 138, + "label": "CCIPWETH9Bridge" + }, + { + "fromChain": 138, + "toChain": 100, + "asset": "WETH", + "pathType": "CCIP", + "bridgeAddress": "0x971cD9D156f193df8051E48043C476e53ECd4693", + "bridgeChainId": 138, + "label": "CCIPWETH9Bridge" + }, + { + "fromChain": 138, + "toChain": 25, + "asset": "WETH", + "pathType": "CCIP", + "bridgeAddress": "0x971cD9D156f193df8051E48043C476e53ECd4693", + "bridgeChainId": 138, + "label": "CCIPWETH9Bridge" + }, + { + "fromChain": 138, + "toChain": 42220, + "asset": "WETH", + "pathType": "CCIP", + "bridgeAddress": "0x971cD9D156f193df8051E48043C476e53ECd4693", + "bridgeChainId": 138, + "label": "CCIPWETH9Bridge" + }, + { + "fromChain": 138, + "toChain": 1111, + "asset": "WETH", + "pathType": "CCIP", + "bridgeAddress": "0x971cD9D156f193df8051E48043C476e53ECd4693", + "bridgeChainId": 138, + "label": "CCIPWETH9Bridge" + } + ] +} diff --git a/docs/00-meta/COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md b/docs/00-meta/COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md index b67c802..845b3f5 100644 --- a/docs/00-meta/COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md +++ b/docs/00-meta/COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md @@ -26,9 +26,10 @@ ## Optional work +- **Checklist:** [OPTIONAL_TASKS_CHECKLIST.md](OPTIONAL_TASKS_CHECKLIST.md) — consolidated optional tasks (Done / Pending / Operator-only). - **Infrastructure:** Phase 1 VLAN, NPMplus HA. (2506–2508 destroyed 2026-02-08; RPC 2500–2505 only.) [OPTIONAL_RECOMMENDATIONS_INDEX.md](../OPTIONAL_RECOMMENDATIONS_INDEX.md), [MISSING_CONTAINERS_LIST.md](../03-deployment/MISSING_CONTAINERS_LIST.md), [NPMPLUS_HA_SETUP_GUIDE.md](../04-configuration/NPMPLUS_HA_SETUP_GUIDE.md). - **Docs/tooling:** Documentation consolidation; Paymaster deploy when ready. -- **MetaMask/explorer:** Token-aggregation, CoinGecko, Snap features, explorer enhancements. [COINGECKO_SUBMISSION.md](../../smom-dbis-138/services/token-aggregation/docs/COINGECKO_SUBMISSION.md). +- **MetaMask/explorer:** Token-aggregation, CoinGecko, Snap features, explorer enhancements; Wallet link runbook: [EXPLORER_WALLET_LINK_QUICK_WIN.md](../04-configuration/EXPLORER_WALLET_LINK_QUICK_WIN.md). [COINGECKO_SUBMISSION.md](../../smom-dbis-138/services/token-aggregation/docs/COINGECKO_SUBMISSION.md). --- diff --git a/docs/00-meta/NEXT_STEPS_AND_REMAINING_TODOS.md b/docs/00-meta/NEXT_STEPS_AND_REMAINING_TODOS.md index 6992891..bfeb313 100644 --- a/docs/00-meta/NEXT_STEPS_AND_REMAINING_TODOS.md +++ b/docs/00-meta/NEXT_STEPS_AND_REMAINING_TODOS.md @@ -13,7 +13,7 @@ ## Remaining tasks (summary) -Steps 1–2 and the Chain 138 “all in one” run (step 3) are **done** (2026-03-02). **Task check (2026-03-02):** Each remaining task was verified; see [TASK_CHECK_REPORT.md](TASK_CHECK_REPORT.md) for per-task status and what can be completed only by Operator/LAN or externally. What remains: +Steps 1–2 and the Chain 138 “all in one” run (step 3) are **done** (2026-03-02). **Single-page summary of what remains:** [REMAINING_SUMMARY.md](REMAINING_SUMMARY.md) (operator/LAN and external only). **Task check (2026-03-02):** See [TASK_CHECK_REPORT.md](TASK_CHECK_REPORT.md) for per-task status. What remains: | # | Task | Who | Command / doc | |---|------|-----|----------------| diff --git a/docs/00-meta/NEXT_STEPS_FOR_YOU.md b/docs/00-meta/NEXT_STEPS_FOR_YOU.md index 490725c..8f15003 100644 --- a/docs/00-meta/NEXT_STEPS_FOR_YOU.md +++ b/docs/00-meta/NEXT_STEPS_FOR_YOU.md @@ -3,6 +3,10 @@ **Last Updated:** 2026-03-02 **Purpose:** Single list of what **you** need to do next (no infra/automation). Everything else the repo can do has been completed or documented. +**Completed (next steps run):** `run-completable-tasks-from-anywhere.sh` — config OK, on-chain 38/38, validation OK, reconcile-env. `preflight-chain138-deploy.sh` — passed. `run-all-next-steps-chain138.sh` — preflight passed; TransactionMirror and cUSDT/cUSDC pool already present; all 12 c* already GRU-registered; verification 38/38. `validate-config-files.sh` — passed. `run-e2e-flow-tasks-full-parallel.sh --dry-run` — waves E0–E7 listed. + +**Continue and complete (2026-02-27):** Re-ran `run-completable-tasks-from-anywhere.sh` — all 4 steps passed (config, on-chain 38/38, validation, reconcile-env). Re-ran `run-all-operator-tasks-from-lan.sh --skip-backup` — dotenv loaded automatically; Blockscout verification completed (W0-1 NPMplus failed off-LAN as expected). Docs: REMAINING_SUMMARY "Continue and complete" section added; TODOS_CONSOLIDATED and NEXT_STEPS_FOR_YOU updated for operator script loading dotenv. + **Completed 2026-03-02:** Documentation consolidation: [MASTER_INDEX.md](../MASTER_INDEX.md), [README.md](../README.md), [RUNBOOKS_MASTER_INDEX.md](../RUNBOOKS_MASTER_INDEX.md) created; deprecated content (ALL_IMPROVEMENTS_AND_GAPS_INDEX) marked redirect-only. `run-completable-tasks-from-anywhere.sh` run: config OK, on-chain 38/38, validation OK, reconcile-env. **Preflight** and **run-all-next-steps-chain138.sh** run: preflight passed; mirror/pool already deployed; all 12 c* already registered as GRU; verification 38/38. Next steps index and TODOS_CONSOLIDATED updated. **Completed 2026-02-27:** Chain 138 "run all next steps" script added: `./scripts/deployment/run-all-next-steps-chain138.sh` (preflight → mirror+pool → register c* as GRU → verify). Docs updated: NEXT_STEPS_INDEX, DEPLOYMENT_ORDER_OF_OPERATIONS, TODOS_CONSOLIDATED, CONTRACT_NEXT_STEPS_LIST. @@ -62,7 +66,7 @@ These can be run from your current machine (dev, WSL, CI) without Proxmox or Led - **Lighter option:** `./scripts/maintenance/address-all-remaining-502s.sh` — backends + NPMplus proxy (if `NPM_PASSWORD` in .env) + RPC diagnostics; add `--run-besu-fix --e2e` to fix Besu config and re-run E2E. - Full runbook: [502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md](502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md). -**Single script (from repo root on LAN with smom-dbis-138/.env):** +**Single script (from repo root on LAN; loads dotenv automatically from .env and smom-dbis-138/.env):** - `./scripts/run-all-operator-tasks-from-lan.sh --dry-run` — print steps - `./scripts/run-all-operator-tasks-from-lan.sh` — backup + Blockscout verify - `./scripts/run-all-operator-tasks-from-lan.sh --deploy` — + deploy contracts (phased + TransactionMirror if needed) @@ -77,8 +81,9 @@ These can be run from your current machine (dev, WSL, CI) without Proxmox or Led - **Blockscout verification:** From a host that can reach Blockscout (e.g. LAN), run: ```bash - source smom-dbis-138/.env 2>/dev/null; ./scripts/verify/run-contract-verification-with-proxy.sh + ./scripts/run-all-operator-tasks-from-lan.sh --skip-backup ``` + (Script loads dotenv from .env and smom-dbis-138/.env automatically.) Or run only verify: `./scripts/verify/run-contract-verification-with-proxy.sh` after sourcing .env. Or verify each contract manually at https://explorer.d-bis.org/address/
#verify-contract. - **On-chain contract check:** Re-run when you add new contracts (or to confirm from LAN): diff --git a/docs/00-meta/NEXT_STEPS_INDEX.md b/docs/00-meta/NEXT_STEPS_INDEX.md index c41d684..7aa61d8 100644 --- a/docs/00-meta/NEXT_STEPS_INDEX.md +++ b/docs/00-meta/NEXT_STEPS_INDEX.md @@ -1,10 +1,12 @@ # Next Steps — Index -**Last Updated:** 2026-03-02 +**Last Updated:** 2026-03-04 **Purpose:** Single entry point for "what to do next." Pick by audience and granularity. **Documentation index:** [../MASTER_INDEX.md](../MASTER_INDEX.md) — canonical docs, deprecated list, and navigation. +**Continue and complete (operator/LAN):** (1) `./scripts/run-completable-tasks-from-anywhere.sh` then (2) `./scripts/run-all-operator-tasks-from-lan.sh` (use `--skip-backup` if `NPM_PASSWORD` not set). Operator scripts load dotenv automatically. + --- ## Next steps (ordered) @@ -19,7 +21,7 @@ | 6 | Repos & PRs (Ledger, Trust, Chainlist, on-ramps; forms pending) | [REPOSITORIES_AND_PRS_CHAIN138.md](REPOSITORIES_AND_PRS_CHAIN138.md) | Remaining (External) | | 7 | PR-ready files (Chainlist, Trust Wallet) | [04-configuration/pr-ready/README.md](../04-configuration/pr-ready/README.md) | Remaining | -**Remaining tasks (full list):** [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md) § Remaining tasks. +**Remaining (one page):** [REMAINING_SUMMARY.md](REMAINING_SUMMARY.md) — in-repo complete; operator/LAN and external only. **Remaining tasks (full list):** [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md) § Remaining tasks. **Full list:** [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md) § Next steps (ordered). **E2E flows (swap, bridge, swap-bridge-swap):** [TASKS_TO_INCREASE_ALL_E2E_FLOWS.md](TASKS_TO_INCREASE_ALL_E2E_FLOWS.md). Run E2E tasks in full parallel: `./scripts/run-e2e-flow-tasks-full-parallel.sh [--dry-run] [--wave E1]`. **Task list review (deprecated/duplicates):** [TASK_LIST_REVIEW_2026_03_01.md](TASK_LIST_REVIEW_2026_03_01.md). diff --git a/docs/00-meta/NEXT_STEPS_MASTER.md b/docs/00-meta/NEXT_STEPS_MASTER.md index a90734b..290b581 100644 --- a/docs/00-meta/NEXT_STEPS_MASTER.md +++ b/docs/00-meta/NEXT_STEPS_MASTER.md @@ -11,7 +11,7 @@ This document is the **single source of truth** for all next steps and remaining tasks across the project. Use it for prioritization, sprint planning, and status reporting. -**Consolidated checklist (all next steps + remaining TODOs):** [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md) — single list with Operator/LAN vs in-repo marked. **Single-file task list:** [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md). +**Consolidated checklist (all next steps + remaining TODOs):** [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md) — single list with Operator/LAN vs in-repo marked. **Single-file task list:** [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md). **Optional tasks only (Done / Pending):** [OPTIONAL_TASKS_CHECKLIST.md](OPTIONAL_TASKS_CHECKLIST.md). **Your next actions:** [NEXT_STEPS_FOR_YOU.md](NEXT_STEPS_FOR_YOU.md) — Ledger form ✅ submitted (2026-02-13); all remaining steps optional (Blockscout, on-chain check, etc.). **Remaining components, tasks, and all recommendations:** [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) — single list of what’s left and what to implement. diff --git a/docs/00-meta/OPERATOR_CREDENTIALS_CHECKLIST.md b/docs/00-meta/OPERATOR_CREDENTIALS_CHECKLIST.md new file mode 100644 index 0000000..1443992 --- /dev/null +++ b/docs/00-meta/OPERATOR_CREDENTIALS_CHECKLIST.md @@ -0,0 +1,69 @@ +# Operator Credentials and Secrets — Checklist + +**Purpose:** Before running Operator/LAN tasks, confirm you have the required credentials and access. **Does Operator/LAN have all necessary creds?** Use this checklist; if any row is **No**, obtain or set that credential before running the task. + +**Where to set:** Unless noted, use `smom-dbis-138/.env` (gitignored). Copy from `smom-dbis-138/.env.example` or see [REMAINING_WORK_DETAILED_STEPS](REMAINING_WORK_DETAILED_STEPS.md) for per-step blockers. + +**Operator scripts load dotenv automatically:** [run-all-operator-tasks-from-lan.sh](../../scripts/run-all-operator-tasks-from-lan.sh) and [run-operator-tasks-from-lan.sh](../../scripts/run-operator-tasks-from-lan.sh) source `scripts/lib/load-project-env.sh`, which loads repo root `.env` and `smom-dbis-138/.env`. No need to `source .env` before running. + +--- + +## Required credentials (summary) + +| Credential / access | Used for | Where to set / get | +|--------------------|----------|---------------------| +| **LAN (192.168.11.x)** | NPMplus API, RPC, Blockscout, Proxmox | Be on same network or VPN | +| **PRIVATE_KEY** (64-char hex, no 0x) | Chain 138 deploy, bridge send, any `forge script --broadcast` | `smom-dbis-138/.env` | +| **RPC_URL_138** (Chain 138 Core) | Deploy, verify, on-chain check | e.g. `http://192.168.11.211:8545` in `.env` | +| **NPM_PASSWORD** | NPMplus backup, proxy host updates (502 fix) | `smom-dbis-138/.env` or root `.env`; from NPMplus UI | +| **SSH to Proxmox** (e.g. root@192.168.11.10) | run-all-maintenance-via-proxmox-ssh, VM/CT creation, token-aggregation fix | SSH key or password to Proxmox host | +| **LINK** (on Chain 138 for bridge) | sendCrossChain (real); CCIP fees | Deployer wallet must hold LINK and approve bridge | +| **Native gas (ETH/138)** | All Chain 138 deploys and txs | Deployer `0x4A66...` funded on 138 | +| **Per-chain RPC + gas (Celo, Wemix, Gnosis)** | CCIP bridges deploy | CELO ~0.1, WEMIX ~0.4; RPC URLs in .env | +| **ADD_LIQUIDITY_* amounts + token balance** | Add liquidity to PMM pools | Deployer holds cUSDT/cUSDC/USDT/USDC; set in .env or runbook | + +--- + +## Per-task requirements (Operator/LAN) + +| Task | LAN | PRIVATE_KEY | NPM_PASSWORD | RPC_URL_138 | SSH Proxmox | Other | +|------|-----|-------------|--------------|-------------|-------------|--------| +| Full deployment order (Phase 0–6) | Yes | Yes | — | Yes | Optional | Gas on 138; per-phase env (see runbook) | +| Add liquidity (PMM pools) | Yes | Yes | — | Yes | — | Token balance; ADD_LIQUIDITY_BASE_AMOUNT, ADD_LIQUIDITY_QUOTE_AMOUNT | +| run-all-operator-tasks-from-lan (backup + verify) | Yes | — | Yes (backup) | Yes (verify) | Optional | Blockscout reachable | +| run-all-operator-tasks-from-lan --deploy | Yes | Yes | Yes | Yes | Optional | Gas on 138 | +| E2E 502 fix (address-all-remaining-502s) | Yes | — | Yes (NPMplus proxy update) | — | Yes (Besu fix) | Proxmox reachable | +| Blockscout verification only | Yes | — | — | Yes | — | Host can reach explorer.d-bis.org | +| Gnosis / Celo / Wemix CCIP bridges | Yes | Yes | — | Yes + per-chain RPC | — | Per-chain gas (xDAI, CELO, WEMIX); CCIP router/LINK addresses in .env | +| LINK support on Mainnet relay | Yes | Yes (if deploy) | — | Yes | Yes (restart relay) | Mainnet RPC; LINK on mainnet if funding relay | +| sendCrossChain (real) | Yes | Yes | — | Yes | — | LINK approved for bridge; recipient address | +| NPMplus backup | Yes | — | Yes | — | — | NPMplus API reachable | +| NPMplus RPC proxy fix (405) | Yes | — | Yes | — | — | — | +| Token-aggregation DB + migrations | Yes | — | — | — | Yes | PostgreSQL on VMID 5000 or same host; DATABASE_URL | +| Explorer Wallet link (edit nav) | — | — | — | — | Yes (to explorer VM) | SSH to VMID 5000 or host serving explorer | +| E2E flow waves E1–E7 | Yes | Yes (if deploy/fund) | Yes (if NPM) | Yes | Optional | Depends on wave; see TASKS_TO_INCREASE_ALL_E2E_FLOWS | + +**—** = not required for that task. + +--- + +## Quick verification (do you have them?) + +```bash +# From repo root, with smom-dbis-138/.env present: +source smom-dbis-138/.env 2>/dev/null +echo "PRIVATE_KEY set: $( [ -n "$PRIVATE_KEY" ] && echo yes || echo no )" +echo "NPM_PASSWORD set: $( [ -n "$NPM_PASSWORD" ] && echo yes || echo no )" +echo "RPC_URL_138 set: $( [ -n "$RPC_URL_138" ] && echo yes || echo no )" +# LAN: ping or curl from your machine to 192.168.11.211:8545 (or your RPC host) +# SSH: ssh root@192.168.11.10 (or your Proxmox host) echo ok +``` + +--- + +## References + +- **Operator commands:** [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md) +- **LAN + secrets steps:** [STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md](STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md) +- **Wave 0 (sendCrossChain, backup):** [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md) § W0-2, W0-3 +- **Remaining summary:** [REMAINING_SUMMARY.md](REMAINING_SUMMARY.md) diff --git a/docs/00-meta/OPERATOR_READY_CHECKLIST.md b/docs/00-meta/OPERATOR_READY_CHECKLIST.md index 7c25396..c25af5e 100644 --- a/docs/00-meta/OPERATOR_READY_CHECKLIST.md +++ b/docs/00-meta/OPERATOR_READY_CHECKLIST.md @@ -1,10 +1,14 @@ # Operator Ready Checklist — Copy-Paste Commands -**Last Updated:** 2026-03-02 +**Last Updated:** 2026-03-04 **Purpose:** Single page with exact commands to complete every pending todo. Run from **repo root** on a host with **LAN** access (and `smom-dbis-138/.env` with `PRIVATE_KEY`, `NPM_PASSWORD` where noted). +**Do you have all necessary creds?** See [OPERATOR_CREDENTIALS_CHECKLIST.md](OPERATOR_CREDENTIALS_CHECKLIST.md) — per-task list of LAN, PRIVATE_KEY, NPM_PASSWORD, RPC_URL_138, SSH, LINK, gas, token balance. + **From anywhere (no LAN):** `./scripts/run-completable-tasks-from-anywhere.sh` +**Remaining for full network coverage (13-chain max execution):** [REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md](../03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md) — Phase A (mint + add liquidity 138) → B (Celo/Wemix CCIP + LINK) → C (cW* + edge pools). **2026-03-04:** Celo CCIP bridges ✅ deployed; Phase C runbook and Phase D checklist added. Mint (A.1) retry if timeout; Wemix needs 0.4 WEMIX. + --- ## 1. High: Gnosis, Celo, Wemix CCIP bridges diff --git a/docs/00-meta/OPTIONAL_TASKS_CHECKLIST.md b/docs/00-meta/OPTIONAL_TASKS_CHECKLIST.md new file mode 100644 index 0000000..0af5c71 --- /dev/null +++ b/docs/00-meta/OPTIONAL_TASKS_CHECKLIST.md @@ -0,0 +1,80 @@ +# Optional Tasks — Consolidated Checklist + +**Purpose:** Single checklist of optional tasks across the repo with status (Done / Pending / Operator-only). Use for prioritization and tracking. + +**Sources:** [REMAINING_TASKS.md](../REMAINING_TASKS.md), [DBIS_RAIL_AND_PROJECT_COMPLETION_MASTER_V1.md](../dbis-rail/DBIS_RAIL_AND_PROJECT_COMPLETION_MASTER_V1.md) § B/D/E, [IMPLEMENTATION_CHECKLIST.md](../10-best-practices/IMPLEMENTATION_CHECKLIST.md), [OPTIONAL_RECOMMENDATIONS_INDEX.md](../OPTIONAL_RECOMMENDATIONS_INDEX.md). + +--- + +## Completed (optional) + +| Task | Source | Notes | +|------|--------|--------| +| MCP plan upgrades (8 items: multi-chain allowlist, Uniswap get_pool_state, bot_state, webhook, merge script, rate limits, audit log, router stub) | MCP_AI_POOL_MANAGEMENT_PLAN_UPGRADES §5 | [Implementation status](../03-deployment/MCP_AI_POOL_MANAGEMENT_PLAN_UPGRADES.md#51-implementation-status-all-completed) | +| Allowlist sync with mesh (generate-mcp-allowlist-from-chain138.sh) | PMM plan | Script + doc | +| Per-chain allowlist from deployment-status | SINGLE_SIDED runbook | generate-mcp-allowlist-from-deployment-status.sh | +| Merge multi-chain allowlist script | MCP plan rec #5 | scripts/merge-mcp-allowlist-multichain.sh | +| Explorer Wallet link runbook | Quick win | [EXPLORER_WALLET_LINK_QUICK_WIN.md](../04-configuration/EXPLORER_WALLET_LINK_QUICK_WIN.md) — runbook written; operator still runs steps on VM | + +--- + +## Pending — Quick wins (< 1 hour) + +| Task | Effort | Blocker | Reference | +|------|--------|---------|------------| +| Add Wallet link to explorer navbar | 15 min | SSH to explorer VM | [EXPLORER_WALLET_LINK_QUICK_WIN.md](../04-configuration/EXPLORER_WALLET_LINK_QUICK_WIN.md) | +| CoinGecko submission | 1 hour | External | [COINGECKO_SUBMISSION_GUIDE.md](../04-configuration/coingecko/COINGECKO_SUBMISSION_GUIDE.md) | +| Consensys outreach | 1 hour | External | metamask-integration/docs/CONSENSYS_OUTREACH_PACKAGE.md | +| Test Snap in MetaMask Flask | 1 hour | Local/Flask | REMAINING_TASKS § Quick Wins | + +--- + +## Pending — MetaMask & Explorer (optional) + +| Task | Priority | Reference | +|------|----------|-----------| +| Token-aggregation service deployment | Medium | REMAINING_TASKS § 1; smom-dbis-138/services/token-aggregation | +| Chain 138 Snap: market data, swap, bridge flows | Low | REMAINING_TASKS § 1, § 4 | +| Explorer: sync status indicator, network selector, dark mode | Low | REMAINING_TASKS § 2 | +| Token-aggregation: production deploy, API keys, monitoring, auth | Medium/Low | REMAINING_TASKS § 3 | + +--- + +## Pending — DBIS Rail optional (B, D, E) + +| ID | Task | Reference | +|----|------|-----------| +| B1–B7 | Signer effective-from/revoked-at; idempotency; Merkle root; validator governance; Public Overview PDF; control mapping; code audit | [DBIS_RAIL_AND_PROJECT_COMPLETION_MASTER_V1.md](../dbis-rail/DBIS_RAIL_AND_PROJECT_COMPLETION_MASTER_V1.md) § B | +| D1–D7 | EnhancedSwapRouter; trustless stack; CCIP other chains; LINK relay; cW* edge pools; R1–R24; full 139 recommendations | § D | +| E1–E5 | Wave 0–3 (NPMplus, backup, sendCrossChain, validation); Phase 1 VLAN; NPMplus HA | § E | + +--- + +## Pending — Implementation checklist (security, monitoring, backup) + +| Category | Tasks | Reference | +|----------|--------|-----------| +| Security | .env permissions; validator key permissions; SSH key auth; firewall Proxmox API; VLANs | [IMPLEMENTATION_CHECKLIST.md](../10-best-practices/IMPLEMENTATION_CHECKLIST.md) § High | +| Monitoring | Metrics (9545); health checks; alert script | § High | +| Backup | Automated backup; validator key backup (encrypted); config backup | § High | +| Testing / Docs | Integration tests for deploy scripts; runbooks (validator add/remove, upgrade, key rotation) | § High | +| Medium/Low | Retry/error handling; structured logging; performance; automation; UI/security | § Medium, § Low | + +--- + +## Operator-only (LAN / credentials / external) + +| Task | Notes | +|------|--------| +| Wave 0: NPMplus RPC fix, sendCrossChain (real), NPMplus backup | [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md) | +| Run validation (run-all-validation.sh, validate-config-files.sh) | Wave 1 | +| Add Wallet link (run runbook on explorer VM) | [EXPLORER_WALLET_LINK_QUICK_WIN.md](../04-configuration/EXPLORER_WALLET_LINK_QUICK_WIN.md) | +| Token-aggregation deploy (PostgreSQL, env) | Requires host/DB | +| CoinGecko / Consensys | External submission | + +--- + +## Maintenance + +- Update this checklist when optional items are completed or new ones are added. +- Link from [OPTIONAL_RECOMMENDATIONS_INDEX.md](../OPTIONAL_RECOMMENDATIONS_INDEX.md) and [NEXT_STEPS_MASTER.md](NEXT_STEPS_MASTER.md) as needed. diff --git a/docs/00-meta/REMAINING_SUMMARY.md b/docs/00-meta/REMAINING_SUMMARY.md new file mode 100644 index 0000000..9e30e8c --- /dev/null +++ b/docs/00-meta/REMAINING_SUMMARY.md @@ -0,0 +1,92 @@ +# Remaining Work — Summary + +**Last Updated:** 2026-02-27 +**Purpose:** Single place for what remains. All in-repo runnable tasks are **complete**; remaining work is **operator/LAN** or **external**. + +--- + +## Continue and complete (run these) + +To complete all automatable steps from this repo: + +1. **From anywhere (no LAN):** + `./scripts/run-completable-tasks-from-anywhere.sh` + — Config validation, on-chain 38/38 check, run-all-validation --skip-genesis, reconcile-env. + +2. **From LAN (with dotenv):** + `./scripts/run-all-operator-tasks-from-lan.sh` + — Loads dotenv from repo `.env` and `smom-dbis-138/.env` automatically. Runs NPMplus RPC fix, backup (if NPM_PASSWORD set), Blockscout verification. Add `--deploy` or `--create-vms` as needed. + +Optional: `--skip-backup` if NPM_PASSWORD not set; `--dry-run` to print steps only. + +--- + +## In-repo (complete) + +| Item | Status | +|------|--------| +| Config validation | ✅ `validate-config-files.sh` passed | +| On-chain check (Chain 138) | ✅ 38/38 contracts present | +| run-all-validation (--skip-genesis) | ✅ Passed | +| Preflight (dotenv, RPC, nonce) | ✅ Passed | +| run-all-next-steps-chain138 | ✅ Preflight; mirror/pool present; 12 c* GRU-registered; 38/38 verify | +| run-completable-tasks-from-anywhere | ✅ All 4 steps passed | +| MCP plan upgrades (8 items) | ✅ Implemented (multi-chain, Uniswap, bot_state, webhook, merge script, limits, audit, router stub) | +| Optional docs/runbooks | ✅ Explorer Wallet link runbook; optional tasks checklist; merge allowlist script | + +**Re-run anytime:** `./scripts/run-completable-tasks-from-anywhere.sh`, `./scripts/deployment/preflight-chain138-deploy.sh`, `./scripts/deployment/run-all-next-steps-chain138.sh`. + +--- + +## Operator / LAN — Do you have the necessary creds? + +**Check before running:** [OPERATOR_CREDENTIALS_CHECKLIST.md](OPERATOR_CREDENTIALS_CHECKLIST.md) — per-task list of required credentials (LAN, PRIVATE_KEY, NPM_PASSWORD, RPC_URL_138, SSH to Proxmox, LINK, gas, token balance). If any required credential is missing, obtain or set it first (e.g. in `smom-dbis-138/.env`). + +**Summary of what Operator/LAN typically needs:** +- **LAN** — host on 192.168.11.x (or VPN) to reach NPMplus, RPC, Blockscout, Proxmox. +- **PRIVATE_KEY** — for any deploy or on-chain tx (Chain 138 and bridges). +- **NPM_PASSWORD** — for NPMplus backup and proxy updates (502 fix). +- **RPC_URL_138** — Chain 138 Core RPC (e.g. http://192.168.11.211:8545). +- **SSH to Proxmox** — for maintenance scripts, token-aggregation fix, Explorer VM edit. +- **LINK** (on 138) — for sendCrossChain and CCIP fees; deployer must approve bridge. +- **Gas** — deployer funded on Chain 138 (and on Celo/Wemix/Gnosis if deploying CCIP there). +- **Token balance** — for add liquidity: deployer holds cUSDT/cUSDC/USDT/USDC; set ADD_LIQUIDITY_* in .env. + +--- + +## Remaining — Operator / LAN + +| # | Task | Command / doc | +|---|------|----------------| +| 1 | Full deployment order (Phase 0–6) | [DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) | +| 2 | Add liquidity (PMM pools), ensure DODOPMMProvider registered | [PRE_DEPLOYMENT_CHECKLIST](../03-deployment/PRE_DEPLOYMENT_CHECKLIST.md), [LIQUIDITY_POOLS_MASTER_MAP](../11-references/LIQUIDITY_POOLS_MASTER_MAP.md) | +| 3 | Blockscout verify, 502 fix, NPMplus backup, optional deploy | `./scripts/run-all-operator-tasks-from-lan.sh [--deploy]` · [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md) | +| 4 | E2E 502 fix | `./scripts/maintenance/address-all-remaining-502s.sh [--run-besu-fix] [--e2e]` · [502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md](502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md) | +| 5 | Gnosis / Celo / Wemix CCIP bridges | [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md) | +| 6 | LINK support on Mainnet relay | [RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK](../07-ccip/RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md) | +| 7 | E2E flow waves E1–E7 (liquidity, CCIP fund, token-aggregation, Blockscout, L2 PMM, bridge UI) | `./scripts/run-e2e-flow-tasks-full-parallel.sh` · [TASKS_TO_INCREASE_ALL_E2E_FLOWS.md](TASKS_TO_INCREASE_ALL_E2E_FLOWS.md) | +| 8 | Token-aggregation DB + deploy | `./scripts/apply-token-aggregation-fix.sh` (VMID 5000; may need postgres) | +| 9 | Explorer Wallet link (add to navbar) | [EXPLORER_WALLET_LINK_QUICK_WIN.md](../04-configuration/EXPLORER_WALLET_LINK_QUICK_WIN.md) — run on explorer VM | + +--- + +## Remaining — External / third-party + +| # | Task | Doc | +|---|------|-----| +| 1 | Ledger | Tally form submitted; await response. [ADD_CHAIN138_TO_LEDGER_LIVE](../04-configuration/ADD_CHAIN138_TO_LEDGER_LIVE.md) | +| 2 | Trust Wallet | Open PR to wallet-core. [ADD_CHAIN138_TO_TRUST_WALLET](../04-configuration/ADD_CHAIN138_TO_TRUST_WALLET.md) | +| 3 | Consensys | Outreach for Swaps/Bridge. [CONSENSYS_OUTREACH_PACKAGE](../../metamask-integration/docs/CONSENSYS_OUTREACH_PACKAGE.md) | +| 4 | CoinGecko / CMC | Submit chain and tokens. [COINGECKO_SUBMISSION_GUIDE](../04-configuration/coingecko/COINGECKO_SUBMISSION_GUIDE.md) | +| 5 | Chainlist / PR-ready | [04-configuration/pr-ready/README.md](../04-configuration/pr-ready/README.md) | +| 6 | On-ramps / off-ramps | [REPOSITORIES_AND_PRS_CHAIN138.md](REPOSITORIES_AND_PRS_CHAIN138.md) | + +--- + +## References + +- **Operator credentials (do you have them?):** [OPERATOR_CREDENTIALS_CHECKLIST.md](OPERATOR_CREDENTIALS_CHECKLIST.md) +- **Full remaining list:** [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md) +- **Operator copy-paste:** [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md) +- **What’s left (operator + external):** [WHATS_LEFT_OPERATOR_AND_EXTERNAL.md](WHATS_LEFT_OPERATOR_AND_EXTERNAL.md) +- **Optional tasks:** [OPTIONAL_TASKS_CHECKLIST.md](OPTIONAL_TASKS_CHECKLIST.md) diff --git a/docs/00-meta/REMAINING_TASKS.md b/docs/00-meta/REMAINING_TASKS.md index acebbfa..073c706 100644 --- a/docs/00-meta/REMAINING_TASKS.md +++ b/docs/00-meta/REMAINING_TASKS.md @@ -1,8 +1,8 @@ # Remaining Tasks -**Last Updated:** 2026-03-02 -**Purpose:** Single-page list of what is left to do. Completed: preflight, run-all-next-steps-chain138 (38/38 on-chain, 12 c* GRU-registered), nginx+explorer config, Blockscout verification run, E2E wave E3. -**Detail:** [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md) § Remaining tasks · **Operator commands:** [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md). +**Last Updated:** 2026-02-27 +**Purpose:** Single-page list of what is left to do. **In-repo: complete** (completable tasks, preflight, run-all-next-steps-chain138: 38/38 on-chain, 12 c* GRU-registered; MCP plan upgrades; optional runbooks). +**Summary of all remaining (operator + external):** [REMAINING_SUMMARY.md](00-meta/REMAINING_SUMMARY.md). **Detail:** [NEXT_STEPS_AND_REMAINING_TODOS.md](00-meta/NEXT_STEPS_AND_REMAINING_TODOS.md) § Remaining tasks · **Operator commands:** [OPERATOR_READY_CHECKLIST.md](00-meta/OPERATOR_READY_CHECKLIST.md). **Task check (2026-03-02):** Each task below was verified before completion. See **[TASK_CHECK_REPORT.md](TASK_CHECK_REPORT.md)** for per-task status, what is already done (e.g. Phase 0–3, DODOPMMProvider, pools), and what still requires Operator/LAN or external submission. Completable + preflight both passed. diff --git a/docs/00-meta/REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md b/docs/00-meta/REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md new file mode 100644 index 0000000..33832b1 --- /dev/null +++ b/docs/00-meta/REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md @@ -0,0 +1,180 @@ +# Required Fixes, Gaps, and Additional Deployments — Master List + +**Last Updated:** 2026-03-04 +**Purpose:** Single consolidated list of all required fixes, gaps, and additional deployments. Sources: REQUIRED_FIXES_AND_DEPLOYMENTS_STATUS, REMAINING_SUMMARY, TOKEN_CONTRACT_DEPLOYMENTS_REMAINING, PRE_DEPLOYMENT_CHECKLIST, RECOMMENDATIONS_AND_FIXES_BEFORE_DEPLOY, DETAILED_GAPS_AND_ISSUES_LIST, GAPS_STATUS, WHATS_LEFT_OPERATOR_AND_EXTERNAL, and token-aggregation build. + +--- + +## Verified (LAN/Operator) — 2026-03-03 + +Commands run from repo root on operator/LAN host. Use as baseline; re-run when env or network changes. + +| Check | Command | Result | +|-------|---------|--------| +| Preflight | `./scripts/deployment/preflight-chain138-deploy.sh` | **PASSED** — dotenv, RPC_URL_138, PRIVATE_KEY, nonce consistent, Core RPC chainId 138. | +| Core RPC (2101) | `curl -s -o /dev/null -w "%{http_code}" http://192.168.11.211:8545` | **200/201** — reachable. | +| Deployer balance | `RPC_URL_138=http://192.168.11.211:8545 ./scripts/deployment/check-deployer-balance-chain138-and-funding-plan.sh` | **OK** — native ETH sufficient; WETH/cUSDT/cUSDC = 0 (add liquidity blocked until tokens funded). | +| On-chain contracts | `./scripts/verify/check-contracts-on-chain-138.sh http://192.168.11.211:8545` | **38 present, 0 missing.** | +| Clear tx pool script | `test -f scripts/clear-all-transaction-pools.sh` | **exists** | +| Maintenance scripts | `make-rpc-vmids-writable-via-ssh.sh`, `health-check-rpc-2101.sh` | **exist** | +| Test-all-contracts script | `test -f scripts/deployment/test-all-contracts-before-deploy.sh` | **exists** | +| Token-aggregation build | `cd smom-dbis-138/services/token-aggregation && npm run build` | **PASSES** (fixed 2026-03-03: token-mapping, bridge route, cross-chain-bridges config, indexer types). See §1.3 for historical ref. | +| Token-aggregation /health | `curl -s -o /dev/null -w "%{http_code}" http://192.168.11.140:3001/health` (or localhost:3001) | **200** — service running and healthy at tested endpoint. | +| DODOPMMIntegration token addresses (2026-03-04) | `eth_call` to `compliantUSDT()` / `compliantUSDC()` at `0x79cdbaFBaA0FdF9F55D26F360F54cddE5c743F7D` | **PASSED** — returns canonical cUSDT/cUSDC; Explorer, mint script, and PMM aligned. See [EXPLORER_TOKEN_LIST_CROSSCHECK](../11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md) §8. | + +**Remaining to complete (verified):** Add liquidity to PMM pools once deployer has cUSDT/cUSDC (or mint); Celo/Wemix CCIP bridges; LINK relay; operator run Blockscout verify (run-all-operator-tasks-from-lan.sh); E2E 502 fix; external (Ledger, Trust, CoinGecko/CMC, on-ramps). See §4–5 and [TODOS_CONSOLIDATED](TODOS_CONSOLIDATED.md). + +--- + +## 1. Required fixes (blocking) + +### 1.1 RPC 2101 (Core) — read-only + +- **Status:** Not fixed if host storage I/O errors occur. +- **Action:** Run `./scripts/maintenance/make-rpc-vmids-writable-via-ssh.sh` then `./scripts/maintenance/health-check-rpc-2101.sh`. Do not use Public RPC for deployments. +- **Ref:** [RPC_2101_READONLY_FIX.md](../03-deployment/RPC_2101_READONLY_FIX.md), [REQUIRED_FIXES_AND_DEPLOYMENTS_STATUS.md](../03-deployment/REQUIRED_FIXES_AND_DEPLOYMENTS_STATUS.md). + +### 1.2 Stuck transactions / nonce + +- **Action:** Run `./scripts/clear-all-transaction-pools.sh` (validators + 2101 + 2201); wait ~60s before deploying. Use scripts that check nonce (e.g. `deploy-transaction-mirror-and-pmm-pool-after-txpool-clear.sh`). + +### 1.3 Token-aggregation service — TypeScript build (fixed 2026-03-03) + +**Status: fixed.** The token-aggregation service now builds. Historical fixes applied: + +| Error | File | Fix | +|-------|------|-----| +| Duplicate identifier `require`; `import.meta` not allowed | `src/api/routes/token-mapping.ts` (line 14–15) | Remove or replace `require`/`import.meta` usage; or set tsconfig `module` to `NodeNext`/`ES2020` and fix duplicate. | +| Cannot find module `./routes/bridge` | `src/api/server.ts` | Create `src/api/routes/bridge.ts` or remove the import and route mount if bridge is elsewhere. | +| Cannot find module `../config/cross-chain-bridges` | `src/indexer/cross-chain-indexer.ts` | Create `src/config/cross-chain-bridges.ts` or point to existing bridge config. | +| Parameter implicitly has `any` type | `src/indexer/cross-chain-indexer.ts` (lines 107, 256, 382, 409, 410) | Add explicit types for `l`, `b`, `lane`. | + +**Ref:** `smom-dbis-138/services/token-aggregation/` — run `npm run build` to verify. + +--- + +## 2. Gaps (missing or incomplete) + +### 2.1 Pre-deployment / env + +- **Core RPC = IP:port:** In `smom-dbis-138/.env` set `RPC_URL_138=http://192.168.11.211:8545` (not FQDN). See [RPC_ENDPOINTS_MASTER](../04-configuration/RPC_ENDPOINTS_MASTER.md). +- **Deployer gas (Chain 138):** ≥ ~0.006 ETH (recommended 1–2 ETH). Check: `./scripts/deployment/check-deployer-balance-chain138-and-funding-plan.sh`. +- **Env from smom-dbis-138/.env only:** Required: `PRIVATE_KEY`, `RPC_URL_138`. For PMM: `DODO_PMM_INTEGRATION_ADDRESS`, `DODO_PMM_PROVIDER_ADDRESS`, pool addresses. Verify: `cd smom-dbis-138 && ./scripts/deployment/check-env-required.sh`. +- **POOL_MANAGER_ROLE:** Deployer must have this role on DODOPMMIntegration for pool creation and DODOPMMProvider registration. +- **TRANSACTION_MIRROR_ADDRESS:** Set in `smom-dbis-138/.env` after deploy (from script output). + +### 2.2 Config / canonical + +- **Wemix (1111) token addresses:** Confirm WETH, USDT, USDC on scan.wemix.com; update `config/token-mapping-multichain.json` and WEMIX_TOKEN_VERIFICATION.md if needed. +- **Canonical addresses:** CUSDC_ADDRESS_138, CUSDT_ADDRESS_138 (and others) in env or smart-contracts-master.json; token-aggregation uses env override. +- **CCIPWETH9Bridge:** Use canonical bridge only; set `CCIPWETH9_BRIDGE_CHAIN138` in env. Do not use deprecated address. +- **Token mapping:** When adding tokens, update `config/token-mapping.json` and optionally CHAIN138_TOKEN_ADDRESSES. + +### 2.3 Explorer / token-aggregation ops + +- **Token-aggregation DB:** If `/health` returns "database token_aggregation does not exist", create DB, run migrations, set `DATABASE_URL`, restart service. See [DETAILED_GAPS_AND_ISSUES_LIST](../04-configuration/DETAILED_GAPS_AND_ISSUES_LIST.md) §2. +- **Nginx proxy order (VMID 5000):** Ensure `location /api/v1/` is defined **before** `location /api/` so token-aggregation is used for `/api/v1/`. Use `fix-nginx-conflicts-vmid5000.sh`. + +### 2.4 Real-robinhood / heatmap + +- **Heatmap API:** Implemented in token-aggregation but service must build and run (see §1.3). +- **Bridge/oracle metrics:** `/v1/routes/health` and `/v1/bridges/metrics` currently stub; fill from relay/CCIP telemetry when available. +- **Stabilization dashboard page:** Placeholder until oracle_metrics and peg-band data are wired. + +--- + +## 3. Additional deployments + +**Ordered plan for full network coverage:** [REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE](../03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md) — Phase A (hub liquidity: mint + add liquidity) → Phase B (Celo/Wemix CCIP + LINK fund) → Phase C (cW* + edge pools on public chains) → Phase D (optional: XAU, vaults, trustless). **2026-03-04:** Celo CCIP bridges deployed; Phase C runbook [PHASE_C_CW_AND_EDGE_POOLS_RUNBOOK](../03-deployment/PHASE_C_CW_AND_EDGE_POOLS_RUNBOOK.md); Phase D [PHASE_D_OPTIONAL_CHECKLIST](../03-deployment/PHASE_D_OPTIONAL_CHECKLIST.md). Mint (A.1) attempted, tx timeout—retry; Wemix (B.2) blocked until deployer has 0.4 WEMIX. + +### 3.1 Chain 138 — already done (for reference) + +- TransactionMirror, DODOPMMIntegration, three PMM pools (cUSDT/cUSDC, cUSDT/USDT, cUSDC/USDC), DODOPMMProvider, CompliantFiatTokens (10 tokens). On-chain verification: 38/38. See [REQUIRED_FIXES_AND_DEPLOYMENTS_STATUS](../03-deployment/REQUIRED_FIXES_AND_DEPLOYMENTS_STATUS.md). + +### 3.2 Chain 138 — remaining (optional / follow-on) + +| Item | Status | Script / notes | +|------|--------|----------------| +| **EnhancedSwapRouter** | Not deployed | Deploy when Uniswap/Balancer pools exist on 138; set quoter/poolId. | +| **Add liquidity to PMM pools** | Pending | Use [ADD_LIQUIDITY_PMM_CHAIN138_RUNBOOK](../03-deployment/ADD_LIQUIDITY_PMM_CHAIN138_RUNBOOK.md); set ADD_LIQUIDITY_* in .env; approve and addLiquidity per pool. | +| **Optional cCADT** | Not deployed | Add to DeployCompliantFiatTokens.s.sol if Tether-style CAD needed. | +| **cAUSDT** | Not deployed | No script in repo; deploy when Alltra compliant USD token is defined. | +| **Vault ac* / vdc* / sdc*** | After base tokens | DeployAcVdcSdcVaults; extend for each new base token. | + +### 3.3 Token deployments — remaining (by category) + +| Category | Chain(s) | What | Ref | +|----------|----------|------|-----| +| **Canonical 138 (extra)** | 138 | cEURC, cEURT, cGBP*, cAUD*, cJPY*, cCHF*, cCADC, cXAU* — **Done** via DeployCompliantFiatTokens. Optional: cCADT. | [TOKEN_CONTRACT_DEPLOYMENTS_REMAINING](../11-references/TOKEN_CONTRACT_DEPLOYMENTS_REMAINING.md) | +| **ALL Mainnet (Alltra)** | 651940 | ACADT (and optionally ACADC) — no script in repo; TBD when Alltra adds CAD. | Same. | +| **Compliant Wrapped (cW*)** | 1, 56, 137, 10, 42161, 8453, 43114, etc. | Deploy or bridge cW* per chain; create/fund PMM edge pools per pool-matrix. | Same; [LIQUIDITY_POOLS_MASTER_MAP](../11-references/LIQUIDITY_POOLS_MASTER_MAP.md). | +| **D-WIN W on 138 / 651940** | 138, 651940 | Optional; extend DeployISO4217WSystem if desired. | Same. | + +### 3.4 Cross-chain / CCIP / bridge + +| Item | Status | Action | +|------|--------|--------| +| **Gnosis CCIP bridges** | Deployed (2026-03-04) | WETH9 `0x4ab39b5BaB7b463435209A9039bd40Cf241F5a82`, WETH10 `0xC15ACdBAC59B3C7Cb4Ea4B3D58334A4b143B4b44`; .env updated. Run complete-config when Chain 138 RPC confirms txs. | +| **Celo, Wemix CCIP** | Pending | Fund deployer (CELO ~0.1, WEMIX ~0.4); run `deploy-bridges-config-ready-chains.sh [celo|wemix]`, then `complete-config-ready-chains.sh`; fund LINK. [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md). | +| **LINK support on Mainnet relay** | Pending | [RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK](../07-ccip/RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md). | +| **Fund CCIP bridges with LINK** | Pending | Run `./scripts/deployment/fund-ccip-bridges-with-link.sh` (after dry-run check). | +| **AlltraAdapter setBridgeFee** | After deploy | Call `setBridgeFee(uint256)`; set `ALLTRA_BRIDGE_FEE`, `ALLTRA_ADAPTER_CHAIN138` in .env. | + +### 3.5 Mainnet / L2 dry-run and deploy + +- **Mainnet dry-run:** Run when mainnet RPC is reachable: `./scripts/deployment/dry-run-mainnet-deployment.sh` (or per-script with `--dry-run`). Requires `PRIVATE_KEY`, `ETHEREUM_MAINNET_RPC` in .env. +- **cW* and PMM on public chains:** No deployment from repo yet; when path exists (bridge + factory or DODO), run gas estimate and dry-run per chain. + +--- + +## 4. Operator / LAN tasks (run from host with LAN + creds) + +| # | Task | Command / doc | +|---|------|----------------| +| 1 | Full deployment order (Phase 0–6) | [DEPLOYMENT_ORDER_OF_OPERATIONS](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) | +| 2 | Add liquidity (PMM pools), DODOPMMProvider registered | [PRE_DEPLOYMENT_CHECKLIST](../03-deployment/PRE_DEPLOYMENT_CHECKLIST.md), [ADD_LIQUIDITY_PMM_CHAIN138_RUNBOOK](../03-deployment/ADD_LIQUIDITY_PMM_CHAIN138_RUNBOOK.md) | +| 3 | Blockscout verify, 502 fix, NPMplus backup, optional deploy | `./scripts/run-all-operator-tasks-from-lan.sh [--deploy]` · [OPERATOR_READY_CHECKLIST](OPERATOR_READY_CHECKLIST.md) | +| 4 | E2E 502 fix | `./scripts/maintenance/address-all-remaining-502s.sh [--run-besu-fix] [--e2e]` · 502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES | +| 5 | Token-aggregation DB + migrations + restart | Create DB if needed; run migrations; restart service. [TOKEN_AGGREGATION_REPORT_API_RUNBOOK](../04-configuration/TOKEN_AGGREGATION_REPORT_API_RUNBOOK.md) | +| 6 | Explorer Wallet link (navbar) | [EXPLORER_WALLET_LINK_QUICK_WIN](../04-configuration/EXPLORER_WALLET_LINK_QUICK_WIN.md) — run on explorer VM | +| 7 | Apply nginx + explorer config on VMID 5000 | `./scripts/apply-remaining-operator-fixes.sh` (if not already done) | + +**Credentials:** [OPERATOR_CREDENTIALS_CHECKLIST](OPERATOR_CREDENTIALS_CHECKLIST.md). + +--- + +## 5. External / third-party (outreach or submission) + +| # | Task | Doc | +|---|------|-----| +| 1 | Ledger | Tally form submitted; await response. [ADD_CHAIN138_TO_LEDGER_LIVE](../04-configuration/ADD_CHAIN138_TO_LEDGER_LIVE.md) | +| 2 | Trust Wallet | Open PR to trustwallet/wallet-core. [ADD_CHAIN138_TO_TRUST_WALLET](../04-configuration/ADD_CHAIN138_TO_TRUST_WALLET.md) | +| 3 | Consensys | Outreach for Swaps/Bridge. [CONSENSYS_OUTREACH_PACKAGE](../../metamask-integration/docs/CONSENSYS_OUTREACH_PACKAGE.md) | +| 4 | CoinGecko / CMC | Submit chain and tokens. [CMC_COINGECKO_SUBMISSION_RUNBOOK](../04-configuration/coingecko/CMC_COINGECKO_SUBMISSION_RUNBOOK.md) | +| 5 | Chainlist / PR-ready | [04-configuration/pr-ready/README.md](../04-configuration/pr-ready/README.md) | +| 6 | On-ramps / off-ramps | [REPOSITORIES_AND_PRS_CHAIN138](REPOSITORIES_AND_PRS_CHAIN138.md) | + +--- + +## 6. Quick reference — run before any deploy + +1. **Preflight:** `./scripts/deployment/preflight-chain138-deploy.sh [--cost]` +2. **Test contracts:** `./scripts/deployment/test-all-contracts-before-deploy.sh` (optionally `--no-match "Fork|Mainnet|Integration|e2e"` for unit-only) +3. **Gas check:** `RPC_URL_138=http://192.168.11.211:8545 ./scripts/deployment/check-deployer-balance-chain138-and-funding-plan.sh` +4. **No stuck nonce:** If needed, `./scripts/clear-all-transaction-pools.sh` then wait 60s +5. **Core RPC writable:** If read-only, `./scripts/maintenance/make-rpc-vmids-writable-via-ssh.sh` then `./scripts/maintenance/health-check-rpc-2101.sh` + +--- + +## References + +- [REQUIRED_FIXES_AND_DEPLOYMENTS_STATUS](../03-deployment/REQUIRED_FIXES_AND_DEPLOYMENTS_STATUS.md) +- [REMAINING_SUMMARY](REMAINING_SUMMARY.md) +- [TOKEN_CONTRACT_DEPLOYMENTS_REMAINING](../11-references/TOKEN_CONTRACT_DEPLOYMENTS_REMAINING.md) +- [PRE_DEPLOYMENT_CHECKLIST](../03-deployment/PRE_DEPLOYMENT_CHECKLIST.md) +- [RECOMMENDATIONS_AND_FIXES_BEFORE_DEPLOY](../03-deployment/RECOMMENDATIONS_AND_FIXES_BEFORE_DEPLOY.md) +- [DETAILED_GAPS_AND_ISSUES_LIST](../04-configuration/DETAILED_GAPS_AND_ISSUES_LIST.md) +- [GAPS_STATUS](GAPS_STATUS.md) +- [WHATS_LEFT_OPERATOR_AND_EXTERNAL](WHATS_LEFT_OPERATOR_AND_EXTERNAL.md) +- [OPERATOR_READY_CHECKLIST](OPERATOR_READY_CHECKLIST.md) +- [OPERATOR_CREDENTIALS_CHECKLIST](OPERATOR_CREDENTIALS_CHECKLIST.md) diff --git a/docs/00-meta/STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md b/docs/00-meta/STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md index 92019ff..8457e6a 100644 --- a/docs/00-meta/STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md +++ b/docs/00-meta/STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md @@ -5,7 +5,7 @@ **From anywhere (no LAN/creds):** See [run-completable-tasks-from-anywhere.sh](../../scripts/run-completable-tasks-from-anywhere.sh) — config validation, on-chain check (SKIP_EXIT=1 if RPC unreachable), run-all-validation --skip-genesis, reconcile-env. -**Single script (LAN + secrets):** [run-all-operator-tasks-from-lan.sh](../../scripts/run-all-operator-tasks-from-lan.sh) — optional phases: backup, contract verify, contract deploy, VM/container creation. Use `--dry-run` to print steps. +**Single script (LAN + secrets):** [run-all-operator-tasks-from-lan.sh](../../scripts/run-all-operator-tasks-from-lan.sh) — **always loads dotenv** from repo `.env` and `smom-dbis-138/.env` (NPM_PASSWORD, PRIVATE_KEY, RPC, etc.). Optional phases: backup, contract verify, contract deploy, VM/container creation. Use `--dry-run` to print steps. --- diff --git a/docs/00-meta/TODOS_CONSOLIDATED.md b/docs/00-meta/TODOS_CONSOLIDATED.md index a4d3da2..db0721f 100644 --- a/docs/00-meta/TODOS_CONSOLIDATED.md +++ b/docs/00-meta/TODOS_CONSOLIDATED.md @@ -1,18 +1,33 @@ # TODOs — Consolidated Task List -**Last Updated:** 2026-03-02 -**Purpose:** Single checklist of all next steps and remaining tasks. Source of truth for the full list: [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md). **Token deployments remaining:** [TOKEN_CONTRACT_DEPLOYMENTS_REMAINING.md](../11-references/TOKEN_CONTRACT_DEPLOYMENTS_REMAINING.md). +**Last Updated:** 2026-03-04 +**Purpose:** Single checklist of all next steps and remaining tasks. Source of truth for the full list: [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md). **Token deployments remaining:** [TOKEN_CONTRACT_DEPLOYMENTS_REMAINING.md](../11-references/TOKEN_CONTRACT_DEPLOYMENTS_REMAINING.md). **Verified list (LAN/Operator):** [REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md](REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md) — run bash/curl to confirm; doc updated 2026-03-03. **Quick run:** From anywhere (no LAN): `./scripts/run-completable-tasks-from-anywhere.sh`. Before Chain 138 deploy: `./scripts/deployment/preflight-chain138-deploy.sh [--cost]`. **Chain 138 next steps (all in one):** `./scripts/deployment/run-all-next-steps-chain138.sh [--dry-run] [--skip-mirror] [--skip-register-gru] [--skip-verify]` — preflight → mirror+pool → register c* as GRU → verify. From LAN with secrets: `./scripts/run-all-operator-tasks-from-lan.sh [--deploy] [--create-vms]`. **E2E flows (full parallel):** `./scripts/run-e2e-flow-tasks-full-parallel.sh [--dry-run]` — [TASKS_TO_INCREASE_ALL_E2E_FLOWS](TASKS_TO_INCREASE_ALL_E2E_FLOWS.md). -**Full deployment order:** [DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) — Phase 0–6 (prereqs → core → PMM pools → provider → optional → cW* → verify). **Full plan (required/optional/recommended):** [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md). +**Full deployment order:** [DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) — Phase 0–6. **Remaining for full network coverage:** [REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md](../03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md) — A: mint + add liquidity (138) → B–D. **Status to continue (before Phase A mint):** [REMAINING_DEPLOYMENTS § Status to continue](../03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md) and [CORE_RPC_2101_2102_TXPOOL_ADMIN_STATUS §7](../04-configuration/CORE_RPC_2101_2102_TXPOOL_ADMIN_STATUS.md) — restart validator 1004, clear tx pool, then mint. **Phase execution 2026-03-04:** A.1 attempted (tx timeout); A.2 pending; B.1 Celo ✅; B.2 Wemix blocked; B.3 fund-ccip ready; Phase C/D runbooks. **Full plan:** [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md). **Last completable run (2026-03-02):** Config validation OK; on-chain 38/38; run-all-validation --skip-genesis OK; reconcile-env. **Preflight** and **run-all-next-steps-chain138.sh** run: preflight passed; mirror/pool present; 12 c* already GRU-registered; verification 38/38. Documentation: MASTER_INDEX, README, RUNBOOKS_MASTER_INDEX created; deprecated list and consolidation plan updated. Progress indicators (Step 1/4–4/4) in run-completable-tasks-from-anywhere.sh. E2E flow tasks script and doc updates (ADDRESS_MATRIX_AND_STATUS, RECOMMENDATIONS R2, NEXT_STEPS_FOR_YOU) completed. **Optional completed (2026-02-27 / 2026-03-01):** DeployCompliantFiatTokens (10 tokens); Blockscout verification; MCP allowlist-138; add-liquidity runbook; token-aggregation fallbacks + ENV_EXAMPLE_CONTENT; E2E routing verification; PMM_DEX_ROUTING_STATUS + REQUIRED_FIXES_AND_DEPLOYMENTS_STATUS updated; cCADT line (commented) in DeployCompliantFiatTokens.s.sol. **Within-scope list (2026-02-27):** CompliantWrappedToken.sol; DeployCompliantFiatTokensForChain.s.sol (c* any chain); DeployCWTokens.s.sol (cWUSDT/cWUSDC); deploy-tokens-and-weth-all-chains-skip-canonical.sh extended with --deploy-c, --deploy-cw, 651940 env validation; TOKENS_DEPLOYER_DEPLOYED_ON_OTHER_CHAINS §6 implemented; ENV_EXAMPLE_CONTENT c*/cW*/651940 vars. **2026-02-27:** Deployment order doc, preflight script, deployment safety added; todos synced. +**Verified (LAN/Operator) 2026-03-03:** Preflight ✅; Core RPC 192.168.11.211:8545 ✅; deployer balance script ✅ (native ETH OK; WETH/cUSDT/cUSDC = 0 → add liquidity blocked until funded); on-chain contracts 38/38 ✅; clear-tx-pool + maintenance + test-all-contracts scripts exist ✅; token-aggregation **build** ✅ (fixed 2026-03-03); token-aggregation /health 200 at tested endpoint. **real-robinhood:** Changes committed and pushed to Gitea (dashboard, data, docs). **Next steps run:** run-completable-tasks-from-anywhere.sh ✅; run-all-operator-tasks-from-lan.sh (Wave 0 NPMplus RPC fix running); run-all-next-steps-chain138.sh (preflight + verify) run on 2026-03-04. **On-chain verification 2026-03-04:** DODOPMMIntegration at `0x79cdbaFBaA0FdF9F55D26F360F54cddE5c743F7D` returns canonical cUSDT/cUSDC; Explorer, mint script, and PMM aligned — [EXPLORER_TOKEN_LIST_CROSSCHECK](../11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md) §8. + **Operator copy-paste commands:** [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md) — one page with exact commands for every pending todo. --- +## Remaining to complete (verified 2026-03-03) + +| # | Task | Verified | Notes | +|---|------|----------|--------| +| V1 | **Token-aggregation build** | ✅ Fixed | Fixed 2026-03-03: token-mapping (createRequire + process.cwd), bridge route stub, cross-chain-bridges config, cross-chain-indexer types. `npm run build` passes. | +| V2 | **Add liquidity (Chain 138 PMM)** | ⏳ Blocked | Deployer WETH/cUSDT/cUSDC = 0. Mint/fund per [TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER](../11-references/TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER.md), then run AddLiquidityPMMPoolsChain138. | +| V3 | **RPC 2101 read-only** | ⚠️ If needed | Run `make-rpc-vmids-writable-via-ssh.sh` + `health-check-rpc-2101.sh` only when host I/O errors occur. | +| V4 | **Wemix / Gnosis / Celo CCIP bridges** | 🔄 Partial | Celo + **Gnosis** CCIP bridges deployed (2026-03-04). Gnosis: 0x4ab39b5B… (WETH9), 0xC15ACdBA… (WETH10); .env updated. Wemix blocked (need 0.4 WEMIX). Cronos: set CRONOS_RPC and CCIP_ROUTER_CRONOS in .env then run deploy-bridges-config-ready-chains.sh cronos. complete-config (138→chains) fails while Chain 138 RPC tx confirmation times out. | +| V5 | **LINK relay, E2E 502s, operator run** | ⏳ Pending | LINK support runbook; `run-all-maintenance-via-proxmox-ssh.sh --e2e`; `run-all-operator-tasks-from-lan.sh`. | +| V6 | **External (Ledger, Trust, CoinGecko/CMC, on-ramps)** | ⏳ Pending | Per REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST §4–5. | + +--- + ## First (before any Chain 138 deploy) | # | Task | Owner | Ref | @@ -65,7 +80,7 @@ | # | Task | Owner | Ref | |---|------|--------|-----| -| 7 | **Blockscout verification:** `source smom-dbis-138/.env 2>/dev/null; ./scripts/verify/run-contract-verification-with-proxy.sh` | Operator/LAN | CONTRACT_DEPLOYMENT_RUNBOOK | +| 7 | **Blockscout verification:** `./scripts/run-all-operator-tasks-from-lan.sh` (loads dotenv) or `./scripts/verify/run-contract-verification-with-proxy.sh` | Operator/LAN | CONTRACT_DEPLOYMENT_RUNBOOK | | 8 | **Fix E2E 502s (if needed):** `./scripts/maintenance/run-all-maintenance-via-proxmox-ssh.sh --e2e` or `address-all-remaining-502s.sh` | Operator/LAN | 502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES | | 9 | **Operator tasks script:** `./scripts/run-all-operator-tasks-from-lan.sh [--deploy] [--create-vms]` | Operator/LAN | STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS | | 10 | **sendCrossChain (real):** `bash scripts/bridge/run-send-cross-chain.sh 0.01` (when PRIVATE_KEY and LINK ready) | Operator/LAN | NEXT_STEPS_OPERATOR W0-2 | diff --git a/docs/00-meta/WHATS_LEFT_OPERATOR_AND_EXTERNAL.md b/docs/00-meta/WHATS_LEFT_OPERATOR_AND_EXTERNAL.md index b8235a3..81e90bc 100644 --- a/docs/00-meta/WHATS_LEFT_OPERATOR_AND_EXTERNAL.md +++ b/docs/00-meta/WHATS_LEFT_OPERATOR_AND_EXTERNAL.md @@ -1,7 +1,7 @@ # What’s Left — Operator and External Only -**Last Updated:** 2026-02-28 -**Purpose:** After completing in-repo and on-chain tasks (preflight, PMM pools, DODOPMMProvider, operator script NPMplus/backup/verify, Wemix re-check), these items require **operator (LAN/Proxmox/credentials)** or **you (third-party)**. +**Last Updated:** 2026-02-27 +**Purpose:** After completing in-repo and on-chain tasks (preflight, PMM pools, DODOPMMProvider, operator script NPMplus/backup/verify, Wemix re-check), these items require **operator (LAN/Proxmox/credentials)** or **you (third-party)**. **Short summary:** [REMAINING_SUMMARY.md](REMAINING_SUMMARY.md). --- @@ -15,7 +15,7 @@ - **Docs:** PRE_DEPLOYMENT_CHECKLIST, LIQUIDITY_POOLS_MASTER_MAP updated with new pool and provider addresses. - **Dotenv:** `set-missing-dotenv-chain138.sh` run — DODO_PMM_PROVIDER_ADDRESS, POOL_* appended to `smom-dbis-138/.env`. - **Repositories/PRs:** [REPOSITORIES_AND_PRS_CHAIN138.md](REPOSITORIES_AND_PRS_CHAIN138.md) — Ledger, Trust, Chainlist, Consensys, CoinGecko/CMC, on-ramps/off-ramps (forms submitted; awaiting feedback). -- **Bridges:** ENV_CONFIG_READY_CHAINS.example filled with Gnosis/Celo/Wemix CCIP router, LINK, and WETH9/WETH10 (WXDAI, WCELO, WWEMIX). **Gnosis deployed 2026-02-28:** CCIPWETH9=0xE37c332a88f112F9e039C5d92D821402A89c7052, CCIPWETH10=0x04B2AE3c3bb3d70Df506FAd8717b0FBFC78ED7E6; destinations 138↔Gnosis configured. **Celo/Wemix:** Fund deployer with CELO (~0.1) and WEMIX (~0.4) then run `deploy-bridges-config-ready-chains.sh celo` and `wemix`, then `complete-config-ready-chains.sh`. +- **Bridges:** ENV_CONFIG_READY_CHAINS.example filled with Gnosis/Celo/Wemix CCIP router, LINK, and WETH9/WETH10 (WXDAI, WCELO, WWEMIX). **Gnosis deployed 2026-03-04:** CCIPWETH9=0x4ab39b5BaB7b463435209A9039bd40Cf241F5a82, CCIPWETH10=0xC15ACdBAC59B3C7Cb4Ea4B3D58334A4b143B4b44; .env updated; add destinations via complete-config when 138 RPC confirms. **Celo/Wemix:** Fund deployer with CELO (~0.1) and WEMIX (~0.4) then run `deploy-bridges-config-ready-chains.sh celo` and `wemix`, then `complete-config-ready-chains.sh`. - **PR-ready:** [04-configuration/pr-ready/](../04-configuration/pr-ready/) — eip155-138.json (Chainlist) and trust-wallet-registry-chain138.json (Trust Wallet); see README for submission steps. - **Maintenance:** `run-all-maintenance-via-proxmox-ssh.sh --e2e` was started via SSH; check `/tmp/proxmox-maintenance-out.log` for progress (steps 0–4 run; E2E runs at step 5). diff --git a/docs/02-architecture/AI_AGENTS_57XX_MCP_ADDENDUM.md b/docs/02-architecture/AI_AGENTS_57XX_MCP_ADDENDUM.md new file mode 100644 index 0000000..1646c93 --- /dev/null +++ b/docs/02-architecture/AI_AGENTS_57XX_MCP_ADDENDUM.md @@ -0,0 +1,87 @@ +# AI Agents 57xx — MCP Addendum (Multi-Chain, Uniswap, Automation) + +**Purpose:** Addendum to [AI_AGENTS_57XX_DEPLOYMENT_PLAN.md](AI_AGENTS_57XX_DEPLOYMENT_PLAN.md) and [AI_AGENTS_57XX_MCP_CONTRACTS_AND_CHAINS.md](AI_AGENTS_57XX_MCP_CONTRACTS_AND_CHAINS.md) for: multi-chain MCP, Uniswap pool profile, dashboard/API alignment, and automation triggers. Supports the dedicated MCP/AI for Dodoex and Uniswap pool management per [MCP_AI_POOL_MANAGEMENT_PLAN_UPGRADES.md](../03-deployment/MCP_AI_POOL_MANAGEMENT_PLAN_UPGRADES.md). + +--- + +## 1. Multi-chain MCP + +**Option:** One MCP server that supports **multiple chains** so a single AI can read and manage pools on Chain 138 and on public chains (cW* / HUB) without running one MCP instance per chain. + +- **Allowlist shape:** Each pool entry includes **chainId** (e.g. `"chainId": "138"`, `"chainId": "137"`). The MCP uses the appropriate RPC per chain when calling `get_pool_state`, `quote_add_liquidity`, etc. +- **RPC config:** Maintain a map `chainId → RPC_URL` (e.g. from env `RPC_URL_138`, `POLYGON_MAINNET_RPC`, or a config file). When a tool is invoked for a pool, the MCP looks up the chain and uses the corresponding RPC. +- **Implementation note:** If the current ai-mcp-pmm-controller is single-chain (`CHAIN`, `RPC_URL`), extend the allowlist schema and server to accept `chainId` per pool and to select RPC by `chainId`. Alternatively, run one MCP instance per chain and have the AI/orchestrator call the appropriate MCP by chain. + +**Reference:** [POOL_ACCESS_DASHBOARD_API_MCP.md](../11-references/POOL_ACCESS_DASHBOARD_API_MCP.md); allowlist generation from [generate-mcp-allowlist-from-deployment-status.sh](../../scripts/generate-mcp-allowlist-from-deployment-status.sh) (outputs per-chain fragments that can be merged into one multi-chain allowlist). + +--- + +## 2. Uniswap pool profile + +To allow the MCP to read **Uniswap V2** and **Uniswap V3** pool state (reserves, price, liquidity) so the same AI can manage both DODO and Uniswap pools: + +- **Profile ID:** `uniswap_v2_pair` and/or `uniswap_v3_pool`. +- **Expected view methods (Uniswap V2 pair):** + - `getReserves() → (uint112 reserve0, uint112 reserve1, uint32 blockTimestampLast)` + - `token0() → address` + - `token1() → address` +- **Expected view methods (Uniswap V3 pool):** + - `slot0() → (uint160 sqrtPriceX96, int24 tick, uint16 observationIndex, ...)` + - `liquidity() → uint128` + - `token0() → address`, `token1() → address` +- **MCP behavior:** For allowlisted pools with profile `uniswap_v2_pair` or `uniswap_v3_pool`, the MCP calls the corresponding view methods on the pool contract and returns normalized state (e.g. reserves, derived price) so the AI can reason about liquidity and rebalancing the same way as for DODO pools. + +**Config:** Add entries to `ai-mcp-pmm-controller/config/pool_profiles.json` (see below). Pools created on a chain that uses Uniswap (from token-aggregation indexer or deployment-status) should be added to the allowlist with this profile. + +**Example pool_profiles addition:** + +```json +"uniswap_v2_pair": { + "methods": { + "get_reserves": "getReserves", + "token0": "token0", + "token1": "token1" + } +}, +"uniswap_v3_pool": { + "methods": { + "slot0": "slot0", + "liquidity": "liquidity", + "token0": "token0", + "token1": "token1" + } +} +``` + +--- + +## 3. Dashboard and API alignment + +The **token-aggregation API** and the **MCP** should expose **the same set of pools** for a given chain (DODO + Uniswap once indexed): + +- **Source of truth:** (1) **Chain 138:** DODOPMMIntegration.getAllPools() + poolConfigs (drives both indexer and MCP allowlist via `generate-mcp-allowlist-from-chain138.sh`). (2) **Public chains:** deployment-status.json `pmmPools` (and any Uniswap pool list) drives both indexer config (CHAIN_*_DODO_*, CHAIN_*_UNISWAP_*) and MCP allowlist (via `generate-mcp-allowlist-from-deployment-status.sh`). +- **Practice:** After deploying or creating pools on a chain, (1) update deployment-status.json (and for 138, the integration has the pools on-chain); (2) run the appropriate allowlist generator script; (3) ensure the token-aggregation indexer has the correct factory/integration env for that chain and has been run. Then the custom dashboard (using the API) and the MCP/AI (using the allowlist) see the same pools. + +--- + +## 4. Automation triggers + +How the dedicated AI (pool manager) is **triggered** to read state and optionally execute rebalance/add/remove liquidity: + +| Trigger | Description | +|--------|-------------| +| **Scheduled** | Cron or scheduler (e.g. every 5–15 min) calls MCP/API to get pool state for all allowlisted pools; AI (or a rule engine) decides whether to rebalance, add, or remove liquidity; if allowed by policy, executor submits tx. | +| **Event-driven** | Indexer or chain watcher emits events (e.g. "reserve delta > X" or "price deviation > band"); triggers the AI to fetch state via MCP/API and decide action; executor runs within cooldown and circuit-break rules. | +| **Manual** | Operator asks the AI (via MCP or chat) for a quote or recommendation (e.g. "quote add liquidity for pool X"); AI returns suggestion; operator executes tx manually. | + +**Policy:** Document which triggers are enabled (scheduled vs event vs manual), max trade size, cooldown, and circuit-break so the AI/executor stays within guardrails. See [MCP_AI_POOL_MANAGEMENT_PLAN_UPGRADES.md](../03-deployment/MCP_AI_POOL_MANAGEMENT_PLAN_UPGRADES.md) and allowlist `limits` in allowlist-138.json. + +--- + +## 5. References + +- [AI_AGENTS_57XX_DEPLOYMENT_PLAN.md](AI_AGENTS_57XX_DEPLOYMENT_PLAN.md) +- [AI_AGENTS_57XX_MCP_CONTRACTS_AND_CHAINS.md](AI_AGENTS_57XX_MCP_CONTRACTS_AND_CHAINS.md) +- [MCP_AI_POOL_MANAGEMENT_PLAN_UPGRADES.md](../03-deployment/MCP_AI_POOL_MANAGEMENT_PLAN_UPGRADES.md) +- [POOL_ACCESS_DASHBOARD_API_MCP.md](../11-references/POOL_ACCESS_DASHBOARD_API_MCP.md) +- [PMM_FULL_MESH_AND_PUBLIC_SINGLE_SIDED_PLAN.md](../03-deployment/PMM_FULL_MESH_AND_PUBLIC_SINGLE_SIDED_PLAN.md) §2.9 diff --git a/docs/02-architecture/AI_AGENTS_57XX_MCP_CONTRACTS_AND_CHAINS.md b/docs/02-architecture/AI_AGENTS_57XX_MCP_CONTRACTS_AND_CHAINS.md index babcef7..d8a042c 100644 --- a/docs/02-architecture/AI_AGENTS_57XX_MCP_CONTRACTS_AND_CHAINS.md +++ b/docs/02-architecture/AI_AGENTS_57XX_MCP_CONTRACTS_AND_CHAINS.md @@ -82,6 +82,7 @@ So: **no** new chain-specific contracts are “for the MCP” itself; the MCP on ## 5. References +- [AI_AGENTS_57XX_MCP_ADDENDUM.md](AI_AGENTS_57XX_MCP_ADDENDUM.md) — Multi-chain MCP, Uniswap pool profile, dashboard/API alignment, automation triggers - MCP allowlist shape: `ai-mcp-pmm-controller/config/allowlist.json` - MCP pool profile (view methods): `ai-mcp-pmm-controller/config/pool_profiles.json` - Chain 138 tokens: `docs/11-references/CHAIN138_TOKEN_ADDRESSES.md` diff --git a/docs/02-architecture/R630_13_NODE_DOD_HA_MASTER_PLAN.md b/docs/02-architecture/R630_13_NODE_DOD_HA_MASTER_PLAN.md index 84dfc3e..29d0bb1 100644 --- a/docs/02-architecture/R630_13_NODE_DOD_HA_MASTER_PLAN.md +++ b/docs/02-architecture/R630_13_NODE_DOD_HA_MASTER_PLAN.md @@ -16,6 +16,8 @@ This document defines the target architecture for a **13-node Dell PowerEdge R63 **Scope:** All 13 R630s as Proxmox cluster nodes; optional separate management node (e.g. ml110) or integration of management on a subset of R630s. Design assumes **hyper-converged** (Proxmox + Ceph on same nodes) for shared storage and true HA. +**Extended inventory:** The same site includes 3× Dell R750 servers, 2× Dell Precision 7920 workstations, and 2× UniFi Dream Machine Pro (gateways). See [HARDWARE_INVENTORY_MASTER.md](../11-references/HARDWARE_INVENTORY_MASTER.md), [13_NODE_NETWORK_AND_CABLING_CHECKLIST.md](../11-references/13_NODE_NETWORK_AND_CABLING_CHECKLIST.md), and [13_NODE_AND_ASSETS_BRING_ONLINE_CHECKLIST.md](../11-references/13_NODE_AND_ASSETS_BRING_ONLINE_CHECKLIST.md) for network topology, cabling, and bring-online order. + --- ## 2. Cluster Design — 13 Nodes @@ -45,6 +47,14 @@ This document defines the target architecture for a **13-node Dell PowerEdge R63 - **VLANs:** Same VLAN-aware bridge (e.g. vmbr0) on all nodes so VMs/containers keep IPs when failed over. - **IP plan for 13 R630s:** Reserve 13 consecutive IPs (e.g. 192.168.11.11–192.168.11.23 for r630-01 … r630-13). Document in `config/ip-addresses.conf` and DNS. +### 2.4 Switching (10G backbone) + +**Inventory:** 2 × UniFi XG 10G 16-port switches (see [HARDWARE_INVENTORY_MASTER.md](../11-references/HARDWARE_INVENTORY_MASTER.md)). + +- Use for **Ceph cluster network** and inter-node traffic; connect all 13 R630s via 10G for storage and replication. +- **Redundancy:** Two switches allow dual-attach per node (e.g. one link per switch or LACP) for HA. +- **Management:** Can stay on existing 1G LAN or use 10G for management if NICs support it. + --- ## 3. RAM Specifications — R630 diff --git a/docs/03-deployment/ADD_LIQUIDITY_PMM_CHAIN138_RUNBOOK.md b/docs/03-deployment/ADD_LIQUIDITY_PMM_CHAIN138_RUNBOOK.md index 4f6c302..6e02399 100644 --- a/docs/03-deployment/ADD_LIQUIDITY_PMM_CHAIN138_RUNBOOK.md +++ b/docs/03-deployment/ADD_LIQUIDITY_PMM_CHAIN138_RUNBOOK.md @@ -66,6 +66,7 @@ Ensure the deployer has approved (or the script will approve) base/quote tokens ## 3. References +- [PMM_POOLS_FUNDING_PLAN.md](PMM_POOLS_FUNDING_PLAN.md) — Full funding plan (three pools, amounts, cast commands, checklist) - [DODO_PMM_INTEGRATION.md](../../smom-dbis-138/docs/integration/DODO_PMM_INTEGRATION.md) — `addLiquidity(pool, baseAmount, quoteAmount)` - [PRE_DEPLOYMENT_CHECKLIST](PRE_DEPLOYMENT_CHECKLIST.md) § Step 3 - [DEPLOYMENT_ORDER_OF_OPERATIONS](DEPLOYMENT_ORDER_OF_OPERATIONS.md) § Phase 3.1 diff --git a/docs/03-deployment/CONTRACT_DEPLOYMENT_RUNBOOK.md b/docs/03-deployment/CONTRACT_DEPLOYMENT_RUNBOOK.md index 205e1ad..0409e79 100644 --- a/docs/03-deployment/CONTRACT_DEPLOYMENT_RUNBOOK.md +++ b/docs/03-deployment/CONTRACT_DEPLOYMENT_RUNBOOK.md @@ -9,6 +9,7 @@ ## Chain 138 deployment requirements (learned 2026-02-12) - **Gas price:** Chain 138 enforces a minimum gas price. Always use **`--with-gas-price 1000000000`** (1 gwei) for `forge script` and `forge create` when deploying to Chain 138; otherwise transactions fail with "Gas price below configured minimum gas price". +- **Gas 32xxx when deploying:** If you see gas-related RPC errors (e.g. -32000, execution reverted, or out of gas), add **`--gas-estimate-multiplier 150`** (or 200) to `forge script ... --broadcast` so the broadcast uses a higher gas limit. See [RPC_ERRORS_32001_32602.md](../09-troubleshooting/RPC_ERRORS_32001_32602.md). - **On-chain check:** After deployments, run `./scripts/verify/check-contracts-on-chain-138.sh` (uses `RPC_URL_138`; optional URL arg). Address list comes from `config/smart-contracts-master.json` when available. See [CONTRACT_ADDRESSES_REFERENCE](../11-references/CONTRACT_ADDRESSES_REFERENCE.md), [ADDRESS_MATRIX_AND_STATUS](../11-references/ADDRESS_MATRIX_AND_STATUS.md). - **TransactionMirror:** The deploy script can hit a Forge broadcast constructor-args decode error. If so, deploy manually: `forge create contracts/mirror/TransactionMirror.sol:TransactionMirror --constructor-args --rpc-url $RPC_URL_138 --private-key $PRIVATE_KEY --gas-price 1000000000`. @@ -291,6 +292,7 @@ BLOCKSCOUT_URL=http://192.168.11.140:4000 node forge-verification-proxy/server.j | `No route to host` | Dev machine cannot reach RPC (RPC_URL_138, e.g. 192.168.11.211:8545) | Run from machine on LAN or VPN; or set RPC_URL_138=https://rpc-core.d-bis.org | | `PRIVATE_KEY not set` | Missing in .env | Add deployer key to smom-dbis-138/.env | | `Gas price below configured minimum gas price` | Chain 138 minimum gas not met | Use `--with-gas-price 1000000000` for all `forge script` / `forge create` on Chain 138 | +| RPC -32xxx / out of gas when deploying | Gas estimate too low or estimation failed | Use `--gas-estimate-multiplier 150` (or 200) with `forge script ... --broadcast`; ensure deployer has enough ETH. See [RPC_ERRORS_32001_32602.md](../09-troubleshooting/RPC_ERRORS_32001_32602.md). | | `Failed to decode constructor arguments` (TransactionMirror) | Forge broadcast decode bug | Deploy via `forge create ... --constructor-args --gas-price 1000000000` | | `pam_chauthtok failed` (Blockscout) | Container PAM restriction | Use Proxmox Web UI: Container 5000 → Options → Password | | `pvesm not found` (verify-storage) | Script must run ON Proxmox host | `ssh root@r630-01` then run script | diff --git a/docs/03-deployment/DEFI_AGGREGATOR_DEX_ROUTING_FLOWS_DIAGRAM.md b/docs/03-deployment/DEFI_AGGREGATOR_DEX_ROUTING_FLOWS_DIAGRAM.md new file mode 100644 index 0000000..d7cf8bc --- /dev/null +++ b/docs/03-deployment/DEFI_AGGREGATOR_DEX_ROUTING_FLOWS_DIAGRAM.md @@ -0,0 +1,170 @@ +# DeFi Aggregator and DEX Routing Flows — Visual Reference + +**Purpose:** Single diagram of all DeFi aggregator and DEX routing flows for swaps (Chain 138, public chains, bridge, MCP/AI, and bots). + +--- + +## Full flow diagram (Mermaid) + +```mermaid +flowchart TB + subgraph Users["Entry points"] + U1["User / Frontend / dApp"] + U2["Swap–bridge–swap orchestrator"] + U3["MCP / AI (pool management)"] + U4["Deviation bot (cW* peg)"] + end + + subgraph Aggregators["Aggregator & quote layer"] + direction TB + TA["Token-aggregation API
GET /quote, /tokens, /tokens/:addr/pools
Single-hop quote; indexes DODO + Uniswap"] + BQ["Bridge quote API
POST /api/bridge/quote
sourceSwapQuote + bridge + destinationSwapQuote"] + EXT["External aggregators
1inch, 0x, ParaSwap
(Chain 138 not supported until they add it)"] + BA["Bridge aggregator (explorer backend)
Li.Fi, Socket, Squid, Symbiosis, Relay, Stargate
Bridge routes only"] + end + + subgraph Chain138["Chain 138 (SMOM-DBIS-138)"] + direction TB + INT["DODOPMMIntegration
createPool, addLiquidity, swapExactIn
swapCUSDTForUSDC, swapCUSDTForUSDT, ..."] + PROV["DODOPMMProvider
getQuote, executeSwap
registerPool; routes to integration"] + MESH["Full mesh: 66 c* vs c* pools
+ c* vs official USDT/USDC
All routable via swapExactIn"] + POOLS138["Pools: cUSDT/cUSDC, cUSDT/USDT, cUSDC/USDC
+ full mesh when create-pmm-full-mesh-chain138.sh run"] + INT --> POOLS138 + PROV --> INT + MESH --> INT + end + + subgraph PublicChains["Public chains (1, 56, 137, 10, 100, 25, 42161, 8453, 43114, 42220, 1111)"] + direction TB + CW["cW* / HUB single-sided pools
cWUSDT/USDC, cWUSDC/USDC, ...
Per pool-matrix.json"] + DEX["Native DEXs
Uniswap V2/V3, DODO (if official)
Used for destination swap & aggregator routing"] + CW --> DEX + end + + subgraph Bridge["Bridge layer"] + direction LR + CCIP["CCIP (WETH9/WETH10)"] + LIFI["Li.Fi / Socket / Squid
Symbiosis / Relay / Stargate"] + CCIP --> LIFI + end + + subgraph Optional["Optional (when deployed)"] + ESR["EnhancedSwapRouter
Size/slippage-based: Dodoex, Uniswap, Balancer, Curve
Multi-provider for Chain 138"] + COORD["SwapBridgeSwapCoordinator
Swap source → bridge → swap dest"] + ESR --> INT + end + + subgraph MCP_AI["MCP & AI (pool management)"] + direction TB + ALLOW["Allowlist (per chain)
pool_address, base_token, quote_token, profile"] + TOOLS["MCP tools: get_pool_state, identify_pool_interface
quote_add_liquidity, add_liquidity, remove_liquidity"] + ALLOW --> TOOLS + TOOLS --> INT + TOOLS --> CW + TOOLS --> DEX + end + + subgraph Bot["Bot (cross-chain-pmm-lps)"] + direction TB + WATCH["Deviation watcher
IDLE / ABOVE_BAND / BELOW_BAND"] + ACT["Actions: buy/sell T, inventory adjust
Cooldown, circuit break"] + WATCH --> ACT + ACT --> CW + end + + %% User flows + U1 --> TA + U1 --> BQ + U1 --> EXT + U1 --> BA + TA --> PROV + TA --> POOLS138 + BQ --> INT + BQ --> Bridge + BQ --> DEX + U2 --> BQ + Bridge --> PublicChains + U3 --> ALLOW + U4 --> WATCH + U4 --> TA +``` + +--- + +## Swap routing paths (sequence view) + +```mermaid +sequenceDiagram + participant U as User / dApp + participant API as Token-aggregation API + participant Prov as DODOPMMProvider + participant Int as DODOPMMIntegration + participant Pool as PMM Pool (138) + participant Br as Bridge / Quote API + participant Dest as Destination DEX / cW* pool + + Note over U,Dest: Flow A: Same-chain swap (Chain 138) + U->>API: GET /quote?chainId=138&tokenIn&tokenOut&amountIn + API->>Prov: (indexed pool) + API-->>U: amountOut, poolAddress + U->>Int: approve(tokenIn); swapExactIn(pool, tokenIn, amountIn, minOut) + Int->>Pool: sellBase or sellQuote + Pool-->>Int: amountOut + Int-->>U: transfer tokenOut + + Note over U,Dest: Flow B: Swap–bridge–swap + U->>Br: POST /api/bridge/quote (source=138, dest, token, amount) + Br->>API: source quote (138) + Br->>Dest: destination quote (public chain) + Br-->>U: sourceSwapQuote, bridgeRoute, destinationSwapQuote + U->>Int: swap on 138 (optional) + U->>Br: bridge tx (CCIP / Li.Fi / …) + U->>Dest: swap on destination (optional) + + Note over U,Dest: Flow C: MCP / AI pool management + participant MCP as MCP (allowlist) + U->>MCP: get_pool_state(pool_address) + MCP->>Int: RPC getPoolConfig, getPoolReserves, getMidPrice + Int-->>MCP: config, reserves, price + MCP-->>U: state (for rebalance / add liquidity decision) +``` + +--- + +## Flow descriptions (key paths) + +| Flow | Path | Notes | +|------|------|--------| +| **Same-chain swap (138)** | User → Token-aggregation API (GET /quote) → DODOPMMProvider.getQuote / executeSwap → DODOPMMIntegration (swapExactIn or legacy swap) → Pool | Single-hop; full mesh supported via swapExactIn. | +| **Same-chain swap (public)** | User → External aggregator (1inch, 0x, ParaSwap) or token-aggregation (if chain indexed) → Native DEX (Uniswap/DODO) or cW* / HUB pool | cW* pools used when deployed and indexed. | +| **Swap–bridge–swap** | User → POST /api/bridge/quote → sourceSwapQuote (138: DODOPMMIntegration) → Bridge (CCIP / Li.Fi / …) → destinationSwapQuote (public DEX or cW* pool) | Optional SwapBridgeSwapCoordinator for one-tx. | +| **Bridge only** | User → GET /api/v1/bridge/routes, token-mapping → Bridge (CCIP, etc.) | No DEX swap on 138 or destination. | +| **MCP reads pool state** | AI/MCP → Allowlist → get_pool_state (RPC) → DODOPMMIntegration (138) or cW* pool or Uniswap (public) | One MCP per chain or multi-chain allowlist. | +| **MCP / AI maintenance** | AI → MCP quote_add_liquidity / add_liquidity / remove_liquidity → DODOPMMIntegration or public DEX | Dedicated MCP/AI for Dodoex + Uniswap pool management. | +| **Bot peg maintenance** | Bot → Deviation watcher (pool vs oracle) → buy/sell cW* or inventory adjust → cW* / HUB pools on public chain | State machine: IDLE, ABOVE_BAND, BELOW_BAND, COOLDOWN, CIRCUIT_BREAK. | +| **Multi-provider (future)** | User / Contract → EnhancedSwapRouter → DODOPMMProvider + Uniswap + Balancer + Curve (by size/slippage) → Pools on 138 | When EnhancedSwapRouter deployed and pools exist. | + +--- + +## Component summary + +| Component | Role in routing | +|-----------|------------------| +| **Token-aggregation API** | Single-hop quote aggregator over indexed DODO (and Uniswap) on 138 and configured public chains. | +| **DODOPMMIntegration** | Creates pools, adds liquidity, executes swaps (legacy pairs + swapExactIn for full mesh). | +| **DODOPMMProvider** | Routing front: getQuote, executeSwap; registers pools; uses integration for execution. | +| **Bridge quote API** | Orchestrates source swap + bridge + destination swap; uses token-aggregation or destination DEX for quotes. | +| **External aggregators** | 1inch, 0x, ParaSwap: multi-DEX routing on supported chains; 138 not supported until they add it. | +| **Bridge aggregator** | Explorer backend: Li.Fi, Socket, etc., for bridge routes only. | +| **MCP** | Read (and optionally execute) pool state and liquidity ops; allowlist per chain or multi-chain. | +| **Bot** | Maintains cW* peg on public chains via single-sided cW* / HUB pools; deviation and inventory. | +| **EnhancedSwapRouter** | (Optional) Multi-provider router on 138 when Uniswap/Balancer/Curve pools exist. | + +--- + +## References + +- [DEX_AND_AGGREGATORS_CHAIN138_EXPLAINER.md](../04-configuration/DEX_AND_AGGREGATORS_CHAIN138_EXPLAINER.md) +- [PMM_DEX_ROUTING_STATUS.md](../11-references/PMM_DEX_ROUTING_STATUS.md) +- [PMM_FULL_MESH_AND_PUBLIC_SINGLE_SIDED_PLAN.md](PMM_FULL_MESH_AND_PUBLIC_SINGLE_SIDED_PLAN.md) +- [MCP_AI_POOL_MANAGEMENT_PLAN_UPGRADES.md](MCP_AI_POOL_MANAGEMENT_PLAN_UPGRADES.md) diff --git a/docs/03-deployment/EXPLORER_FRONTEND_404_FIX_RUNBOOK.md b/docs/03-deployment/EXPLORER_FRONTEND_404_FIX_RUNBOOK.md new file mode 100644 index 0000000..a3119c7 --- /dev/null +++ b/docs/03-deployment/EXPLORER_FRONTEND_404_FIX_RUNBOOK.md @@ -0,0 +1,144 @@ +# Explorer frontend 404 fix — runbook + +**Date:** 2026-03-02 +**Issue:** Root path (`/`) at https://explorer.d-bis.org returns 404 "Page not found". +**Cause:** Nginx proxies `/` to Blockscout :4000; Blockscout is API-only and has no route for GET `/`. + +**Status:** ✅ **FIXED** (2026-03-02). Nginx now serves the custom frontend from `/var/www/html` for `/` and SPA paths; `/api/v1/` and `/api/config/*` preserved. All endpoints verified 200. + +--- + +## 1. How the UI is supposed to be served + +This deployment uses a **custom frontend** (SolaceScanScout), not the built-in Blockscout web UI: + +- **Static frontend:** Built files under `/var/www/html/` on VMID 5000: + - `index.html` (main SPA shell, contains "SolaceScanScout") + - `explorer-spa.js`, `favicon.ico`, `apple-touch-icon.png`, `/snap/`, etc. +- **Blockscout (port 4000):** API only. The Phoenix router has no route for `GET /`; it serves `/api/*` and returns 404 for `/`. +- **Nginx:** Should serve the static frontend for `/` and SPA paths, and proxy only `/api/`, `/api/v1/`, `/api/config/*`, `/health` to the appropriate backends (Blockscout :4000, token-aggregation :3001, or static config files). + +**Relevant docs/config:** + +- `explorer-monorepo/scripts/fix-nginx-serve-custom-frontend.sh` — nginx config that serves `/var/www/html` for `/` and SPA paths. +- `explorer-monorepo/scripts/fix-nginx-conflicts-vmid5000.sh` — current “conflicts” config: proxies `location /` to :4000 (no static root). +- `explorer-monorepo/scripts/deploy-frontend-to-vmid5000.sh` — deploys frontend files and can apply the custom-frontend nginx config. +- `docs/archive/fixes/BLOCKSCOUT_WEB_INTERFACE_404_FIX.md` — historical 404 investigation. +- `explorer-monorepo/docs/BLOCKSCOUT_START_AND_BUILD.md` — Blockscout container/assets; UI in this setup is the custom frontend, not Blockscout’s own UI. + +--- + +## 2. What we confirmed on VMID 5000 + +- **Custom frontend present:** `/var/www/html/index.html` exists (~60KB), contains "SolaceScanScout"; `explorer-spa.js`, favicon, `/snap/`, etc. are present. +- **Blockscout logs:** For `GET /` to :4000, Blockscout logs: + `Phoenix.Router.NoRouteError`, "no route found for GET / (BlockScoutWeb.Router)". So 404 for `/` is expected when nginx sends `/` to Blockscout. +- **Live nginx:** HTTPS server block has `location / { proxy_pass http://127.0.0.1:4000; }` with **no** `root` / `try_files` for the frontend. So every request to `/` is proxied to Blockscout and returns 404. + +Conclusion: the frontend files are in place; the **nginx config** is wrong (proxy-only for `/` instead of serving static files). + +--- + +## 3. Fix: make nginx serve the custom frontend for `/` + +Apply a config that, for the HTTPS (and optionally HTTP) server block: + +1. Serves **`/`** from `/var/www/html` (e.g. `location = /` with `root /var/www/html` and `try_files /index.html =404`). +2. Serves **SPA paths** (e.g. `/address`, `/tx`, `/blocks`, …) from the same root with `try_files $uri $uri/ /index.html`. +3. Keeps **`/api/`**, **`/api/v1/`**, **`/api/config/*`**, **`/snap/`**, **`/health`** as they are (proxy or alias). + +**Option A — Apply the full custom-frontend script (recommended)** + +From the repo root, from a host that can SSH to the Proxmox node for VMID 5000 (e.g. r630-02): + +```bash +# Set Proxmox host (r630-02) +export PROXMOX_R630_02=192.168.11.12 # or PROXMOX_HOST_R630_02 + +# Apply nginx config that serves / and SPA from /var/www/html +cd /home/intlc/projects/proxmox/explorer-monorepo +# Copy script into VM and run (requires pct exec) +EXPLORER_VM_HOST=root@192.168.11.12 bash scripts/apply-nginx-explorer-fix.sh +``` + +Or run the fix script **inside** VMID 5000 (e.g. after copying it in): + +```bash +# From Proxmox host +pct exec 5000 -- bash /path/to/fix-nginx-serve-custom-frontend.sh +``` + +**Option B — Manual nginx change (HTTPS server block only)** + +On VMID 5000, edit `/etc/nginx/sites-enabled/blockscout`. In the `server { listen 443 ... }` block, **replace** the single: + +```nginx +location / { + proxy_pass http://127.0.0.1:4000; + ... +} +``` + +with something equivalent to: + +```nginx +# Serve custom frontend for root +location = / { + root /var/www/html; + add_header Cache-Control "no-store, no-cache, must-revalidate"; + try_files /index.html =404; +} + +# SPA paths — serve index.html for client-side routing +location ~ ^/(address|tx|block|token|tokens|blocks|transactions|bridge|weth|watchlist|nft|home|analytics|operator)(/|$) { + root /var/www/html; + try_files /index.html =404; + add_header Cache-Control "no-store, no-cache, must-revalidate"; +} + +# All other non-API paths — static files and SPA fallback +location / { + root /var/www/html; + try_files $uri $uri/ /index.html; +} +``` + +Keep all existing `location /api/`, `location /api/v1/`, `location /api/config/`, `location /snap/`, `location /health` blocks unchanged and **before** the catch-all `location /` (so API and config still proxy correctly). + +Then: + +```bash +nginx -t && systemctl reload nginx +``` + +--- + +## 4. Verify + +- From LAN: + `curl -sk -H "Host: explorer.d-bis.org" https://192.168.11.140:443/` + should return **200** with HTML containing "SolaceScanScout" (or similar), not "Page not found". +- Public: + `https://explorer.d-bis.org/` should show the explorer UI. +- API unchanged: + `curl -s http://192.168.11.140:4000/api/v2/stats` and `https://explorer.d-bis.org/api/v2/stats` should still return JSON. + +--- + +## 5. Summary + +| Item | Status | +|------|--------| +| How UI is served | Custom static frontend in `/var/www/html/` (index.html + SPA); Blockscout :4000 is API-only. | +| Frontend files on VMID 5000 | Present; `index.html` contains SolaceScanScout. | +| Blockscout logs for GET `/` | NoRouteError for GET `/` — expected when nginx proxies `/` to :4000. | +| Nginx fix | Serve `/` and SPA paths from `root /var/www/html` and `try_files`; proxy only `/api/` (and specific locations) to :4000. | +| Script to apply | `fix-nginx-serve-custom-frontend.sh` or `apply-nginx-explorer-fix.sh`; or apply the manual snippet above. | + +--- + +## 6. Completion (2026-03-02) + +- **Applied:** `apply-nginx-explorer-fix.sh` (via `EXPLORER_VM_HOST=root@192.168.11.12`). +- **Script updated:** `fix-nginx-serve-custom-frontend.sh` now includes `location /api/v1/` (token-aggregation :3001) and `location = /api/config/token-list` / `location = /api/config/networks` (static JSON) so config and token-aggregation are not lost on re-apply. +- **Verification:** From LAN, all return 200: `/` (frontend HTML), `/api/config/token-list`, `/api/config/networks`, `/api/v2/stats`, `/api/v1/chains`. diff --git a/docs/03-deployment/MCP_AI_POOL_MANAGEMENT_PLAN_UPGRADES.md b/docs/03-deployment/MCP_AI_POOL_MANAGEMENT_PLAN_UPGRADES.md new file mode 100644 index 0000000..50ab652 --- /dev/null +++ b/docs/03-deployment/MCP_AI_POOL_MANAGEMENT_PLAN_UPGRADES.md @@ -0,0 +1,126 @@ +# MCP and AI Plan Upgrades — Dodoex and Uniswap Liquidity Pool Management + +**Purpose:** Upgrades to the PMM full-mesh and single-sided LP plans so that **MCPs and AIs dedicated to managing and maintaining** all Dodoex (DODO PMM) and Uniswap liquidity pools are explicitly covered and operational. + +**Status:** All planned upgrades (§2) and all additional recommendations (§5) are **implemented**. See §4 and §5.1 for implementation details. Optional tasks index: [OPTIONAL_TASKS_CHECKLIST.md](../00-meta/OPTIONAL_TASKS_CHECKLIST.md). + +**Related:** [PMM_FULL_MESH_AND_PUBLIC_SINGLE_SIDED_PLAN.md](PMM_FULL_MESH_AND_PUBLIC_SINGLE_SIDED_PLAN.md), [AI_AGENTS_57XX_MCP_CONTRACTS_AND_CHAINS.md](../02-architecture/AI_AGENTS_57XX_MCP_CONTRACTS_AND_CHAINS.md), [POOL_ACCESS_DASHBOARD_API_MCP.md](../11-references/POOL_ACCESS_DASHBOARD_API_MCP.md). + +--- + +## 1. Current state (what plans already assume) + +| Component | Role | Plan coverage today | +|-----------|------|----------------------| +| **ai-mcp-pmm-controller** | Read pool state (getMidPrice, reserves, k, fee); optional quote/add/remove liquidity | Allowlist per chain; one chain per MCP instance; profile `dodo_pmm_v2_like` for Chain 138 Mock DVM | +| **Token-aggregation API** | Index DODO (and Uniswap when env set); single-hop quote; tokens/pools discovery | Chain 138 + optional public chains via `CHAIN_*_DODO_PMM_INTEGRATION`, `CHAIN_*_RPC_URL` | +| **cross-chain-pmm-lps bot** | Deviation watcher; buy/sell to compress δ; inventory adjust; circuit break | Design only; not wired to MCP or API for automation | +| **EnhancedSwapRouter** | Multi-provider routing (Dodoex, Uniswap, Balancer, Curve) | Not deployed; no MCP/API integration specified | + +--- + +## 2. Upgrades to the plans + +### 2.1 Full-mesh and single-sided plans (PMM_FULL_MESH_AND_PUBLIC_SINGLE_SIDED_PLAN) + +| Upgrade | Description | +|---------|-------------| +| **Allowlist sync with mesh** | After running `create-pmm-full-mesh-chain138.sh`, **automatically or semi-automatically** update the MCP allowlist (e.g. `ai-mcp-pmm-controller/config/allowlist-138.json`) with every new pool (pool_address, base_token, quote_token, profile). Document a script or MCP tool that: (1) reads `DODOPMMIntegration.getAllPools()` and `getPoolConfig(pool)` on Chain 138, (2) writes the allowlist so the MCP can read state for all mesh pools without manual entry. | +| **Per-chain allowlist for public cW* pools** | When single-sided cW* / HUB pools are deployed on a public chain, extend the plan to: (1) add a **per-chain MCP allowlist** (or multi-chain allowlist) so the dedicated MCP/AI can read pool state on that chain; (2) document the mapping from `cross-chain-pmm-lps/config/deployment-status.json` (and pool-matrix) to the MCP config so one source of truth drives both deployment and MCP visibility. | +| **Uniswap pool indexing and maintenance** | Where the plan says "DODO PMM or Uniswap V2/V3 per chain": (1) add an explicit **Uniswap pool creation and indexing** path: set `CHAIN_*_UNISWAP_V2_FACTORY` / `CHAIN_*_UNISWAP_V3_FACTORY` and run the token-aggregation indexer so Uniswap pools appear in the API; (2) add a **maintenance** subsection: who (or which AI/MCP) is responsible for adding liquidity, rebalancing, or pausing on Uniswap pools on each chain; (3) if an AI/MCP is dedicated to Uniswap pools, define its **inputs** (API quote, pool state from indexer or RPC) and **allowed actions** (e.g. quote only vs. submit tx). | +| **Bot–MCP–API integration** | In the **single-sided** plan (and cross-chain-pmm-lps): (1) specify that the **deviation bot** (v1/v2) can consume **pool state from the MCP** (e.g. `dodo.get_pool_state` for each allowlisted pool) or from the **token-aggregation API** (e.g. `/api/v1/tokens/:address/pools`, reserve/price from indexer); (2) specify that the bot’s **actions** (e.g. trigger buy/sell to compress δ) are either executed by the same AI that uses the MCP or by a separate executor that receives signals from the MCP/AI; (3) add **circuit-break and cooldown** to the MCP/API so the AI can read "pool in CIRCUIT_BREAK" or "cooldown until block X" and avoid sending trades. | +| **Dedicated “pool manager” MCP/AI scope** | Add a short subsection: **Dedicated MCP/AI for Dodoex and Uniswap pool management.** Scope: (1) **Dodoex (Chain 138 + public cW*):** MCP tools for read state, quote add/remove liquidity; allowlist kept in sync with full mesh and single-sided deployments; (2) **Uniswap (per chain where used):** Same idea—allowlist or indexer-driven list of Uniswap V2/V3 pools; MCP or API to read pool state and optionally quote; (3) **Maintenance tasks:** Document that this MCP/AI is the **designated** reader (and optionally executor) for rebalancing, add/remove liquidity, and responding to deviation alerts within policy (slippage, size, circuit break). | + +### 2.2 RUNBOOK and script upgrades (SINGLE_SIDED_LPS_PUBLIC_NETWORKS_RUNBOOK) + +| Upgrade | Description | +|---------|-------------| +| **Post-deploy: update MCP allowlist** | In the runbook checklist, add a step: "After deploying cW* / HUB pools on chain X, update the MCP allowlist for chain X (or the multi-chain config) with pool_address, base_token, quote_token, and profile so the dedicated MCP/AI can read and manage those pools." | +| **Post-deploy: update deployment-status.json** | Already implied; make it explicit that `deployment-status.json` is the **source for MCP allowlist generation** (script: given chainId, read deployment-status and output allowlist fragment). | +| **List Uniswap pools per chain** | If Uniswap is used on a chain, add a step to list Uniswap V2/V3 pools (from factory events or indexer) and add them to the same MCP/API visibility (allowlist or indexer config) so one MCP/AI can "see" both DODO and Uniswap pools. | + +### 2.3 AI_AGENTS_57XX and POOL_ACCESS_DASHBOARD_API_MCP + +| Upgrade | Description | +|---------|-------------| +| **Multi-chain MCP** | Document an option for **one MCP server** that supports **multiple chains**: e.g. allowlist contains `chainId` per pool, and the MCP uses the appropriate RPC per chain when calling `get_pool_state` or `quote_add_liquidity`. This reduces the need to run one MCP instance per chain for Dodoex + Uniswap. | +| **Uniswap pool profile** | Add a **pool profile** (e.g. `uniswap_v2_pair` or `uniswap_v3_pool`) to the MCP: expected view methods (getReserves, token0, token1, or slot0, liquidity, etc.) so the MCP can read Uniswap pool state and expose it to the same AI that manages DODO pools. | +| **Dashboard and API alignment** | State that the **token-aggregation API** and the **MCP** should expose **the same set of pools** for a given chain (DODO + Uniswap once indexed): so the "custom dashboard" and the MCP/AI use one source of truth (allowlist + indexer config) and stay in sync. | +| **Automation triggers** | Document how the dedicated AI is **triggered**: (1) **Scheduled:** cron or scheduler calls MCP/API to get state, then decides rebalance/add/remove; (2) **Event-driven:** indexer or chain watcher emits "reserve delta" or "price deviation" and triggers the AI; (3) **Manual:** operator asks the AI (via MCP) for a quote or recommendation, then executes manually. | + +--- + +## 3. Summary: what to add to the “above” plans + +- **PMM_FULL_MESH_AND_PUBLIC_SINGLE_SIDED_PLAN:** Allowlist sync with full mesh; per-chain allowlist for cW*; Uniswap indexing and maintenance; bot–MCP–API integration; dedicated MCP/AI scope for Dodoex + Uniswap. +- **SINGLE_SIDED_LPS_PUBLIC_NETWORKS_RUNBOOK:** Post-deploy MCP allowlist update; deployment-status as source for allowlist; Uniswap pool listing where applicable. +- **AI_AGENTS_57XX / POOL_ACCESS:** Multi-chain MCP option; Uniswap pool profile; dashboard/API alignment; automation triggers (scheduled, event-driven, manual). + +--- + +## 4. Completed upgrades (implemented) + +| Upgrade | Status | Implementation | +|---------|--------|----------------| +| **Allowlist sync with mesh** | Done | Script `scripts/generate-mcp-allowlist-from-chain138.sh`: reads `allPools(uint256)` and `poolConfigs(pool)` via RPC; outputs allowlist JSON. Use `-o ai-mcp-pmm-controller/config/allowlist-138.json` to write. Documented in PMM plan §1.5. | +| **Per-chain allowlist from deployment-status** | Done | Script `scripts/generate-mcp-allowlist-from-deployment-status.sh [-o path]`: reads `deployment-status.json` pmmPools for that chain; outputs allowlist fragment with limits. Documented in SINGLE_SIDED runbook §5a, §6. | +| **Post-deploy MCP allowlist step** | Done | Runbook §5a: run generate-mcp-allowlist-from-deployment-status.sh after deploying cW* / HUB pools. | +| **deployment-status as source for allowlist** | Done | Runbook §6: explicit that deployment-status.json is source of truth; script generates allowlist from it. | +| **Uniswap pool listing / indexing step** | Done | Runbook §6a: set CHAIN_*_UNISWAP_* env, run indexer; add Uniswap pools to MCP allowlist with profile when available. | +| **Uniswap pool profile** | Done | Added `uniswap_v2_pair` and `uniswap_v3_pool` to `ai-mcp-pmm-controller/config/pool_profiles.json` with expected methods. MCP server must implement reading these methods when profile is used. | +| **PMM plan: Uniswap, Bot–MCP, Pool Manager** | Done | Plan §2.7 (Uniswap indexing and maintenance), §2.8 (Bot–MCP–API integration), §2.9 (Dedicated MCP/AI scope); §1.5 (Allowlist sync with mesh). | +| **Multi-chain MCP, dashboard alignment, automation** | Done | [AI_AGENTS_57XX_MCP_ADDENDUM.md](../02-architecture/AI_AGENTS_57XX_MCP_ADDENDUM.md): multi-chain allowlist/RPC, Uniswap profile reference, dashboard/API alignment, automation triggers (scheduled, event-driven, manual). | + +--- + +## 5. Additional recommendations + +| # | Recommendation | Priority | Notes | +|---|-----------------|----------|--------| +| 1 | **Implement multi-chain allowlist in MCP server** | High | Extend ai-mcp-pmm-controller to accept `chainId` per pool and select RPC by chain so one server can serve Chain 138 and all public cW* chains. | +| 2 | **Wire MCP get_pool_state to Uniswap profiles** | High | In the MCP tool implementation, when profile is `uniswap_v2_pair` or `uniswap_v3_pool`, call getReserves/slot0/liquidity and return normalized state (reserves, derived price) for the AI. | +| 3 | **Expose circuit-break and cooldown in API or MCP** | Medium | Add an endpoint or MCP tool that returns bot state (IDLE, ABOVE_BAND, BELOW_BAND, COOLDOWN, CIRCUIT_BREAK) and cooldown-until block/time so the AI does not submit trades during cooldown or circuit-break. Source: cross-chain-pmm-lps peg-bands and bot state. | +| 4 | **Event-driven trigger for bot/AI** | Medium | When token-aggregation indexer or a chain watcher detects reserve delta or price deviation beyond a threshold, emit an event or call a webhook that triggers the dedicated AI to fetch state (via MCP/API) and decide rebalance; keeps reaction time low without polling. | +| 5 | **Single allowlist file for multi-chain** | Low | Allow one JSON file to contain pools for multiple chains (array of { chainId, pools }) so the MCP can load one file and serve all chains; merge output of generate-mcp-allowlist-from-chain138.sh and generate-mcp-allowlist-from-deployment-status.sh per chain into one manifest. | +| 6 | **Rate limits and gas caps in MCP** | Medium | Enforce allowlist `limits` (max_slippage_bps, max_single_tx_notional_usd, cooldown_seconds, gas_cap_gwei) in the MCP server when the AI requests quote or execute; reject or cap out-of-policy requests. | +| 7 | **Audit trail for AI-driven txs** | Medium | Log all MCP tool calls (get_pool_state, quote_add_liquidity, add_liquidity, etc.) and any executed txs (tx hash, pool, amount, chain) for audit and incident review. | +| 8 | **EnhancedSwapRouter integration with MCP** | Low | When EnhancedSwapRouter is deployed on Chain 138, add it to the MCP/API so the AI can reason about multi-provider routing (Dodoex vs Uniswap vs Balancer) and optionally trigger swaps through the router. | + +### 5.1 Implementation status (all completed) + +| # | Implementation | +|---|----------------| +| 1 | **Multi-chain allowlist:** `config/server.py` supports allowlist format `chains: [ { chainId, pools } ]` and per-pool `chain_id`. RPC per chain via env `RPC_138`, `RPC_137`, etc. or `RPC_BY_CHAIN_PATH` (JSON file). `_get_web3(chain_id)` caches Web3 per chain. | +| 2 | **Uniswap get_pool_state:** In `dodo_get_pool_state`, profiles `uniswap_v2_pair` and `uniswap_v3_pool` use getReserves/slot0/liquidity; return normalized state (reserves, mid_price, liquidity_base/quote). | +| 3 | **Circuit-break and cooldown:** `GET /bot_state` and MCP tool `dodo.get_bot_state` return bot state from `BOT_STATE_PATH` (JSON). Example: `config/bot_state.example.json`. Optional `params.pool` for per-pool state. | +| 4 | **Event-driven trigger:** `POST /webhook/trigger` accepts JSON body `{ "reason", "chain_id", "pool" }`; returns 202 and logs. Wire indexer/watcher to POST here; AI can poll MCP or react to webhook. | +| 5 | **Single multi-chain allowlist:** Allowlist format supports `chains: [ { chainId, pools } ]`. Script `scripts/merge-mcp-allowlist-multichain.sh -o path` merges Chain 138 and other chains into one file. | +| 6 | **Rate limits and gas caps:** `_check_limits_and_cooldown()` enforces notional, cooldown_seconds (via `COOLDOWN_STATE_PATH`), gas_cap_gwei, max_slippage_bps. Used in `dodo_simulate_action`; use `_record_trade_ts(pool)` after writes. | +| 7 | **Audit trail:** Every MCP tool response goes through `_audit_and_return()`; logs to `AUDIT_LOG_PATH` (JSONL) and logger. | +| 8 | **EnhancedSwapRouter stub:** MCP tool `dodo.get_router_quote` returns `configured: true/false` from `ENHANCED_SWAP_ROUTER_ADDRESS`. Add contract calls when router is deployed. | + +--- + +## 6. Next steps (operator / runtime) + +After implementation, operators can: + +1. **Multi-chain MCP:** Set `ALLOWLIST_PATH` to a multi-chain file (from `scripts/merge-mcp-allowlist-multichain.sh -o path`); set `RPC_138`, `RPC_137`, etc. or `RPC_BY_CHAIN_PATH`. +2. **Bot state:** Set `BOT_STATE_PATH` to a JSON file (see `ai-mcp-pmm-controller/config/bot_state.example.json`); update it from your peg-bands/bot or leave default. +3. **Audit / cooldown:** Set `AUDIT_LOG_PATH` and `COOLDOWN_STATE_PATH` if you want persistent audit log and cooldown ledger. +4. **Webhook:** Wire your indexer or chain watcher to `POST /webhook/trigger` with `{ "reason", "chain_id", "pool" }` when reserve or price deviation exceeds threshold. +5. **EnhancedSwapRouter:** When the router is deployed on Chain 138, set `ENHANCED_SWAP_ROUTER_ADDRESS` and extend `dodo.get_router_quote` in the MCP server to call the router contract. + +--- + +## 7. References + +- [PMM_FULL_MESH_AND_PUBLIC_SINGLE_SIDED_PLAN.md](PMM_FULL_MESH_AND_PUBLIC_SINGLE_SIDED_PLAN.md) +- [SINGLE_SIDED_LPS_PUBLIC_NETWORKS_RUNBOOK.md](SINGLE_SIDED_LPS_PUBLIC_NETWORKS_RUNBOOK.md) +- [AI_AGENTS_57XX_MCP_CONTRACTS_AND_CHAINS.md](../02-architecture/AI_AGENTS_57XX_MCP_CONTRACTS_AND_CHAINS.md) +- [AI_AGENTS_57XX_DEPLOYMENT_PLAN.md](../02-architecture/AI_AGENTS_57XX_DEPLOYMENT_PLAN.md) +- [POOL_ACCESS_DASHBOARD_API_MCP.md](../11-references/POOL_ACCESS_DASHBOARD_API_MCP.md) +- [DEX_AND_AGGREGATORS_CHAIN138_EXPLAINER.md](../04-configuration/DEX_AND_AGGREGATORS_CHAIN138_EXPLAINER.md) +- [DEFI_AGGREGATOR_DEX_ROUTING_FLOWS_DIAGRAM.md](DEFI_AGGREGATOR_DEX_ROUTING_FLOWS_DIAGRAM.md) — Mermaid diagram of all DeFi aggregator and DEX routing flows for swaps +- [AI_AGENTS_57XX_MCP_ADDENDUM.md](../02-architecture/AI_AGENTS_57XX_MCP_ADDENDUM.md) — Multi-chain MCP, Uniswap profile, automation triggers +- [OPTIONAL_TASKS_CHECKLIST.md](../00-meta/OPTIONAL_TASKS_CHECKLIST.md) — Consolidated optional tasks (Done / Pending) diff --git a/docs/03-deployment/PHASE_C_CW_AND_EDGE_POOLS_RUNBOOK.md b/docs/03-deployment/PHASE_C_CW_AND_EDGE_POOLS_RUNBOOK.md new file mode 100644 index 0000000..96f75f5 --- /dev/null +++ b/docs/03-deployment/PHASE_C_CW_AND_EDGE_POOLS_RUNBOOK.md @@ -0,0 +1,37 @@ +# Phase C — cW* Tokens and Edge Pools Runbook + +**Last Updated:** 2026-03-04 +**Purpose:** Execute Phase C of REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE: deploy or bridge cW* tokens and create/fund PMM edge pools on public chains for full SBS and arbitrage. + +**Prerequisites:** Phase A (hub liquidity on 138) and Phase B (CCIP bridges + LINK) should be done or in progress. + +--- + +## C.1 Deploy or bridge cW* tokens per chain + +Chains: 1, 56, 137, 10, 42161, 8453, 43114, 100, 25, 42220, 1111. +Tokens: cWUSDT, cWUSDC, cWAUSDT, cWEURC, cWEURT, cWUSDW (per pool-matrix). + +**Steps:** (1) Use cross-chain-pmm-lps config/chains.json and pool-matrix.json. (2) Deploy CompliantWrappedToken (cW*) per chain or use bridge; set addresses in deployment-status.json and smom-dbis-138/.env. (3) Ref: TOKEN_CONTRACT_DEPLOYMENTS_REMAINING §3, CW_DEPLOY_AND_WIRE_RUNBOOK. + +--- + +## C.2 Create and fund PMM edge pools per chain + +**Steps:** (1) From pool-matrix poolsFirst (e.g. cWUSDT/USDC), create DODO PMM or Uniswap pools per chain. (2) Add initial liquidity. (3) Record pool addresses in deployment-status.json chains[chainId].pmmPools. (4) Ensure token-aggregation/heatmap use deployment-status. + +**Ref:** LIQUIDITY_POOLS_MASTER_MAP § Public-chain cW*, pool-matrix.json. + +--- + +## C.3 (Optional) Stabilization bot and peg bands + +Run deviation watcher and peg-band config from cross-chain-pmm-lps when cW* and edge pools are live. + +--- + +## Quick ref + +- Pool matrix: cross-chain-pmm-lps/config/pool-matrix.json +- Deployment status: cross-chain-pmm-lps/config/deployment-status.json +- Recipe: cross-chain-pmm-lps/docs/06-deployment-recipe.md diff --git a/docs/03-deployment/PHASE_D_OPTIONAL_CHECKLIST.md b/docs/03-deployment/PHASE_D_OPTIONAL_CHECKLIST.md new file mode 100644 index 0000000..fa80802 --- /dev/null +++ b/docs/03-deployment/PHASE_D_OPTIONAL_CHECKLIST.md @@ -0,0 +1,50 @@ +# Phase D — Optional Extended Coverage Checklist + +**Last Updated:** 2026-03-04 +**Purpose:** Checklist for Phase D of [REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md](REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md): XAU, vaults, ALL Mainnet, and trustless stack. + +--- + +## D.1 XAU token + XAU-anchored pools (Chain 138) + +| Step | Action | Ref | +|------|--------|-----| +| D.1.1 | Deploy XAU token on Chain 138 (or use oracle-backed representation). | [LIQUIDITY_POOLS_MASTER_MAP](../11-references/LIQUIDITY_POOLS_MASTER_MAP.md) §2, §5 | +| D.1.2 | Create cUSDT/XAU, cUSDC/XAU, cEURT/XAU PMM pools (public and/or private stabilization). | [VAULT_SYSTEM_MASTER_TECHNICAL_PLAN](../02-architecture/VAULT_SYSTEM_MASTER_TECHNICAL_PLAN.md) | +| D.1.3 | Register private stabilization pools in PrivatePoolRegistry; configure Stabilizer. | CONTRACT_DEPLOYMENT_RUNBOOK § Private stabilization pools | + +**Env:** `XAU_ADDRESS_138`, `cEURT_ADDRESS_138`, `DODOPMM_INTEGRATION_ADDRESS`. + +--- + +## D.2 Vault ac* / vdc* / sdc* for new base tokens + +| Step | Action | Ref | +|------|--------|-----| +| D.2.1 | Deploy vault contracts for cEURC, cEURT, etc. (ac*, vdc*, sdc*). | [TOKEN_CONTRACT_DEPLOYMENTS_REMAINING](../11-references/TOKEN_CONTRACT_DEPLOYMENTS_REMAINING.md) §5 | +| D.2.2 | Wire vaults to reserve/backing and oracle feeds. | VAULT_SYSTEM_MASTER_TECHNICAL_PLAN | + +--- + +## D.3 ALL Mainnet (651940) + +| Step | Action | Ref | +|------|--------|-----| +| D.3.1 | ACADT/ACADC when Alltra adds CAD token. | TOKEN_CONTRACT_DEPLOYMENTS_REMAINING §2, §4 | +| D.3.2 | D-WIN W tokens on 138/651940 if desired. | Same | + +--- + +## D.4 Mainnet trustless stack + +| Step | Action | Ref | +|------|--------|-----| +| D.4.1 | Deploy LiquidityPoolETH, InboxETH, BondManager on mainnet for trustless bridge liquidity. | [OPTIONAL_DEPLOYMENTS_START_HERE](../07-ccip/OPTIONAL_DEPLOYMENTS_START_HERE.md) §C | + +--- + +## References + +- [REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md](REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md) Phase D +- [LIQUIDITY_POOLS_MASTER_MAP](../11-references/LIQUIDITY_POOLS_MASTER_MAP.md) +- [VAULT_SYSTEM_MASTER_TECHNICAL_PLAN](../02-architecture/VAULT_SYSTEM_MASTER_TECHNICAL_PLAN.md) diff --git a/docs/03-deployment/PMM_FULL_MESH_AND_PUBLIC_SINGLE_SIDED_PLAN.md b/docs/03-deployment/PMM_FULL_MESH_AND_PUBLIC_SINGLE_SIDED_PLAN.md new file mode 100644 index 0000000..0f639f5 --- /dev/null +++ b/docs/03-deployment/PMM_FULL_MESH_AND_PUBLIC_SINGLE_SIDED_PLAN.md @@ -0,0 +1,159 @@ +# PMM Full Mesh (Chain 138) and Single-Sided LPs (Public Networks) — Plan + +**Purpose:** Define and run the full PMM pool mesh on Chain 138 and the single-sided LP deployment on public networks for aggregator and DEX routing. + +--- + +## Part 1 — Chain 138: Full PMM mesh + +### 1.1 Scope + +- **c* vs c* mesh:** All pairwise pools between the 12 compliant tokens: cUSDT, cUSDC, cEURC, cEURT, cGBPC, cGBPT, cAUDC, cJPYC, cCHFC, cCADC, cXAUC, cXAUT. + - Number of pairs: **66** (12 choose 2). +- **c* vs official (optional):** Each c* vs official USDT and vs official USDC on Chain 138 (if addresses are set). + - Adds up to **24** pools (12×2) when both official tokens are configured. +- **Already created:** The three legacy pools (cUSDT/cUSDC, cUSDT/USDT, cUSDC/USDC) are created separately; the script skips any pair that already has a pool. + +### 1.2 Contracts and roles + +| Contract | Address (Chain 138) | Role | +|----------|---------------------|------| +| DODOPMMIntegration | `0x79cdbaFBaA0FdF9F55D26F360F54cddE5c743F7D` | `createPool(base, quote, ...)`; `swapExactIn(pool, tokenIn, amountIn, minAmountOut)` for generic routing | +| DODOPMMProvider | `0x8EF6657D2a86c569F6ffc337EE6b4260Bd2e59d0` | `registerPool(tokenIn, tokenOut, pool)`; `executeSwap` uses `swapExactIn` for any registered pool | + +- Deployer (or the account that holds **POOL_MANAGER_ROLE** on the integration and **POOL_MANAGER_ROLE** on the provider) must run pool creation and registration. +- **Generic routing:** `DODOPMMIntegration.swapExactIn` allows any registered pool to be used for swaps; `DODOPMMProvider.executeSwap` routes through it when the pair is not one of the six legacy pairs. + +### 1.3 How to create the full mesh + +From repo root (or from `smom-dbis-138/`): + +```bash +# Ensure .env has: PRIVATE_KEY, RPC_URL_138, DODO_PMM_INTEGRATION_ADDRESS, DODO_PMM_PROVIDER_ADDRESS + +# Create all c* vs c* pools and register with provider (and optionally c* vs official USDT/USDC) +./scripts/create-pmm-full-mesh-chain138.sh + +# Only c* vs c* (no official USDT/USDC pairs) +MESH_ONLY_C_STAR=1 ./scripts/create-pmm-full-mesh-chain138.sh + +# Preview only (no transactions) +DRY_RUN=1 ./scripts/create-pmm-full-mesh-chain138.sh +``` + +- The script uses `DODOPMMIntegration.createPool(base, quote, lpFeeRate, initialPrice, k, isOpenTWAP)` with defaults: `lpFeeRate=3`, `initialPrice=1e18`, `k=0.5e18`, `isOpenTWAP=false`. +- After each pool is created, it calls `DODOPMMProvider.registerPool(base, quote, pool)` so the pool is used for quotes and execution. + +### 1.4 Funding the mesh + +- Pools are created empty. Add liquidity per pool via `DODOPMMIntegration.addLiquidity(pool, baseAmount, quoteAmount)`. +- See [PMM_POOLS_FUNDING_PLAN.md](PMM_POOLS_FUNDING_PLAN.md) and [ADD_LIQUIDITY_PMM_CHAIN138_RUNBOOK.md](ADD_LIQUIDITY_PMM_CHAIN138_RUNBOOK.md). +- For the full mesh, prioritize funding the most-used pairs (e.g. cUSDT/cUSDC, cUSDT/USDT, cUSDC/USDC, then other c* vs c* and c* vs official). + +### 1.5 Allowlist sync with mesh (MCP/AI) + +After running `create-pmm-full-mesh-chain138.sh`, update the MCP allowlist so the dedicated MCP/AI can read state for all mesh pools without manual entry: + +- **Script:** `./scripts/generate-mcp-allowlist-from-chain138.sh` reads `DODOPMMIntegration.allPools(uint256)` and `poolConfigs(pool)` via RPC and outputs allowlist JSON (chain 138, profile `dodo_pmm_v2_like`). +- **Write to MCP config:** `./scripts/generate-mcp-allowlist-from-chain138.sh -o ai-mcp-pmm-controller/config/allowlist-138.json` +- **Requires:** `RPC_URL_138`, `DODO_PMM_INTEGRATION_ADDRESS` (or source `smom-dbis-138/.env`). See [MCP_AI_POOL_MANAGEMENT_PLAN_UPGRADES.md](MCP_AI_POOL_MANAGEMENT_PLAN_UPGRADES.md). + +--- + +## Part 2 — Public networks: Single-sided LPs for aggregator and DEX routing + +### 2.1 Goal + +On **each public chain** (Ethereum, BSC, Polygon, Arbitrum, Base, Optimism, Gnosis, Avalanche, Cronos, Celo, Wemix), deploy **single-sided PMM (or equivalent) pools** of the form **cW* / HUB**, where: + +- **cW*** = bridged compliant wrapped tokens (cWUSDT, cWUSDC, cWEURC, cWEURT, etc.). +- **HUB** = the chain’s main stable (e.g. USDC or USDT per chain). + +These pools are used for: + +- **Aggregator and DEX routing:** So 1inch, 0x, ParaSwap, and other DEX aggregators can route through cW* / HUB for swap and bridge flows. +- **Peg stabilization:** Single-sided liquidity on the cW* side; the other side is filled by market/arbitrage. + +### 2.2 Topology and config + +- **Pool topology:** One pool per **cW*** per chain against the chain’s **hub stable** (and optionally extra stables). See [cross-chain-pmm-lps/docs/02-pool-topology.md](../../cross-chain-pmm-lps/docs/02-pool-topology.md). +- **Matrix:** [cross-chain-pmm-lps/config/pool-matrix.json](../../cross-chain-pmm-lps/config/pool-matrix.json) defines per chain: + - `hubStable` (USDC or USDT), + - `poolsFirst`: cW* / HUB pools to deploy first, + - `poolsOptional`: extra quote stables (e.g. USDT, DAI, BUSD) if needed for routing. + +### 2.3 Chains and hub stables (from pool-matrix) + +| ChainId | Network | Hub stable | Priority pools | +|---------|---------|------------|----------------| +| 1 | Ethereum Mainnet | USDC | cWUSDT/USDC, cWUSDC/USDC, cWEURC/USDC, cWEURT/USDC, cWUSDW/USDC, cWAUSDT/USDC | +| 56 | BSC | USDT | cWUSDT/USDT, cWUSDC/USDT, … | +| 137 | Polygon | USDC | cWUSDT/USDC, cWUSDC/USDC, … | +| 10 | Optimism | USDC | same pattern | +| 100 | Gnosis | USDC | same + optional mUSD | +| 25 | Cronos | USDT | cW* / USDT | +| 42161 | Arbitrum One | USDC | cW* / USDC | +| 8453 | Base | USDC | cW* / USDC | +| 43114 | Avalanche | USDC | cW* / USDC | +| 42220 | Celo | USDC | cW* / USDC | +| 1111 | Wemix | USDT | cW* / USDT | + +### 2.4 Deployment steps (per chain) + +1. **Deploy or confirm cW* tokens** on that chain (e.g. via DeployCWTokens or existing addresses). +2. **Resolve HUB stable address** (USDC or USDT) on that chain from your config or chain list. +3. **Create cW* / HUB pool** on the chain’s DEX: + - If the chain uses a **DODO-style PMM**: deploy or use a DVM/factory and create a pool (base = cW*, quote = HUB) with single-sided deposit on the cW* side. + - If the chain uses **Uniswap V2/V3** or another AMM: create a pair/pool and add single-sided liquidity on the cW* side (or use a vault that supports single-sided). +4. **Register pool** in your indexer/aggregator config (token-aggregation, explorer, or external aggregator) so routes use the new pool. +5. **Optional:** Run the **bot** (deviation watcher, rebalancing) as in [cross-chain-pmm-lps/docs/06-deployment-recipe.md](../../cross-chain-pmm-lps/docs/06-deployment-recipe.md). + +### 2.5 Deployment status and script stub + +- **Status:** Per-chain cW* addresses and PMM pool addresses are tracked in [cross-chain-pmm-lps/config/deployment-status.json](../../cross-chain-pmm-lps/config/deployment-status.json). Fill `cwTokens`, `anchorAddresses` (HUB), and `pmmPools` as you deploy. +- **Script stub:** Use [SINGLE_SIDED_LPS_PUBLIC_NETWORKS_RUNBOOK.md](SINGLE_SIDED_LPS_PUBLIC_NETWORKS_RUNBOOK.md) for a step-by-step runbook and a shell stub that outputs the list of pools to create per chain from `pool-matrix.json`. + +### 2.6 Aggregator and DEX routing + +- Once cW* / HUB pools exist and are indexed, aggregators (1inch, 0x, ParaSwap, etc.) can include them in routing when they support that chain. +- For **swap–bridge–swap** and **quote APIs**, point destination-chain quote to the chain’s DEX that hosts the cW* / HUB pools so that routes use these pools for cW* ↔ HUB. + +### 2.7 Uniswap pool indexing and maintenance + +Where the plan uses **Uniswap V2/V3** on a chain (instead of or in addition to DODO PMM): + +- **Indexing:** Set `CHAIN_*_UNISWAP_V2_FACTORY` / `CHAIN_*_UNISWAP_V3_FACTORY` (and optional `_ROUTER`, `_START_BLOCK`) in the token-aggregation service env and run the indexer so Uniswap pools appear in the API (`/api/v1/tokens`, `/api/v1/quote`, `/api/v1/tokens/:address/pools`). +- **Maintenance:** Designate who (or which AI/MCP) is responsible for adding liquidity, rebalancing, or pausing on Uniswap pools on each chain. The dedicated MCP/AI (see §2.9) can use the same allowlist or indexer-driven list for Uniswap pools; define **inputs** (API quote, pool state from indexer or RPC) and **allowed actions** (quote only vs. submit tx) per policy. See [MCP_AI_POOL_MANAGEMENT_PLAN_UPGRADES.md](MCP_AI_POOL_MANAGEMENT_PLAN_UPGRADES.md) §2.1. + +### 2.8 Bot–MCP–API integration + +For the **deviation bot** (cross-chain-pmm-lps v1/v2) that maintains the cW* peg on public chains: + +- **Pool state source:** The bot can consume pool state from (1) the **MCP** (e.g. `dodo.get_pool_state` for each allowlisted pool) or (2) the **token-aggregation API** (e.g. `GET /api/v1/tokens/:address/pools`, reserve/price from indexer). Use one source of truth per chain so the bot and the MCP/AI stay aligned. +- **Actions:** Bot actions (buy/sell to compress δ, inventory adjust) can be executed by the same AI that uses the MCP or by a **separate executor** that receives signals from the MCP/AI. Document which component is authorized to submit txs (and under which circuit-break/cooldown rules). +- **Circuit-break and cooldown:** Expose "pool in CIRCUIT_BREAK" or "cooldown until block X" in the MCP or API (e.g. from peg-bands config or bot state) so the AI can avoid sending trades when the pool is in cooldown or circuit-break. See [cross-chain-pmm-lps/spec/bot-state-machine.md](../../cross-chain-pmm-lps/spec/bot-state-machine.md). + +### 2.9 Dedicated MCP/AI for Dodoex and Uniswap pool management + +A single **dedicated MCP/AI** is the designated reader (and optionally executor) for managing and maintaining all Dodoex and Uniswap liquidity pools: + +- **Dodoex (Chain 138 + public cW*):** MCP tools for read state (`get_pool_state`), quote add/remove liquidity; allowlist kept in sync with full mesh (script §1.5) and single-sided deployments (script `generate-mcp-allowlist-from-deployment-status.sh`). One MCP instance per chain or multi-chain allowlist with `chainId` per pool. +- **Uniswap (per chain where used):** Allowlist or indexer-driven list of Uniswap V2/V3 pools; MCP or API to read pool state (profile `uniswap_v2_pair` / `uniswap_v3_pool` when implemented) and optionally quote. Same MCP/AI can manage both DODO and Uniswap pools for that chain. +- **Maintenance tasks:** This MCP/AI is the **designated** reader (and optionally executor) for rebalancing, add/remove liquidity, and responding to deviation alerts within policy (slippage, size, circuit break). See [MCP_AI_POOL_MANAGEMENT_PLAN_UPGRADES.md](MCP_AI_POOL_MANAGEMENT_PLAN_UPGRADES.md) and [AI_AGENTS_57XX_MCP_ADDENDUM.md](../02-architecture/AI_AGENTS_57XX_MCP_ADDENDUM.md). + +--- + +## References + +| Document | Purpose | +|----------|---------| +| [PMM_POOLS_FUNDING_PLAN.md](PMM_POOLS_FUNDING_PLAN.md) | Funding Chain 138 PMM pools (amounts, cast commands) | +| [ADD_LIQUIDITY_PMM_CHAIN138_RUNBOOK.md](ADD_LIQUIDITY_PMM_CHAIN138_RUNBOOK.md) | Add liquidity to DODO PMM on Chain 138 | +| [SINGLE_SIDED_LPS_PUBLIC_NETWORKS_RUNBOOK.md](SINGLE_SIDED_LPS_PUBLIC_NETWORKS_RUNBOOK.md) | Single-sided LPs on public chains (runbook + script stub) | +| [MCP_AI_POOL_MANAGEMENT_PLAN_UPGRADES.md](MCP_AI_POOL_MANAGEMENT_PLAN_UPGRADES.md) | MCP and AI upgrades for Dodoex and Uniswap pool management | +| [DEFI_AGGREGATOR_DEX_ROUTING_FLOWS_DIAGRAM.md](DEFI_AGGREGATOR_DEX_ROUTING_FLOWS_DIAGRAM.md) | Mermaid: all DeFi aggregator and DEX routing flows for swaps | +| [LIQUIDITY_POOLS_MASTER_MAP.md](../11-references/LIQUIDITY_POOLS_MASTER_MAP.md) | Pool addresses and status | +| [cross-chain-pmm-lps/README.md](../../cross-chain-pmm-lps/README.md) | cW* single-sided PMM mesh design | +| [cross-chain-pmm-lps/docs/02-pool-topology.md](../../cross-chain-pmm-lps/docs/02-pool-topology.md) | Pool topology (cW* / HUB) | +| [cross-chain-pmm-lps/docs/06-deployment-recipe.md](../../cross-chain-pmm-lps/docs/06-deployment-recipe.md) | Deployment recipe and bot | +| [PMM_DEX_ROUTING_STATUS.md](../11-references/PMM_DEX_ROUTING_STATUS.md) | PMM/DEX routing status | diff --git a/docs/03-deployment/PMM_POOLS_FUNDING_PLAN.md b/docs/03-deployment/PMM_POOLS_FUNDING_PLAN.md new file mode 100644 index 0000000..779407a --- /dev/null +++ b/docs/03-deployment/PMM_POOLS_FUNDING_PLAN.md @@ -0,0 +1,154 @@ +# PMM Pools Funding Plan - Chain 138 + +**Purpose:** Step-by-step plan to fund the three DODO PMM liquidity pools on Chain 138. +**Deployer:** `0x4A666F96fC8764181194447A7dFdb7d471b301C8` +**Integration:** `DODOPMMIntegration` at `0x79cdbaFBaA0FdF9F55D26F360F54cddE5c743F7D` + +--- + +## 1. The three pools + +| Pool | Base token | Quote token | Pool address | Fund when | +|------|------------|-------------|--------------|-----------| +| **1. cUSDT/cUSDC** | cUSDT | cUSDC | `0x9fcB06Aa1FD5215DC0E91Fd098aeff4B62fEa5C8` | Deployer has cUSDT + cUSDC (mintable) | +| **2. cUSDT/USDT** | cUSDT | USDT (official) | `0xa3Ee6091696B28e5497b6F491fA1e99047250c59` | Deployer has cUSDT + official USDT | +| **3. cUSDC/USDC** | cUSDC | USDC (official) | `0x90bd9Bf18Daa26Af3e814ea224032d015db58Ea5` | Deployer has cUSDC + official USDC | + +- **Pool 1** uses only c* tokens; you can mint both on Chain 138 and fund fully. +- **Pools 2 and 3** need "official" USDT/USDC on 138 (set in DODOPMMIntegration at deploy time). If those are deployer-owned mocks, mint them too; otherwise fund only from existing balance. + +--- + +## 2. Token addresses (Chain 138) + +| Token | Address | Mintable by deployer? | +|-------|---------|------------------------| +| cUSDT | `0x93E66202A11B1772E55407B32B44e5Cd8eda7f22` | Yes (owner) | +| cUSDC | `0xf22258f57794CC8E06237084b353Ab30fFfa640b` | Yes (owner) | +| Official USDT | From integration: cast call INT "officialUSDT()(address)" | Depends (check owner) | +| Official USDC | From integration: cast call INT "officialUSDC()(address)" | Depends (check owner) | + +--- + +## 3. Current state (as of 2026-03-02) + +- **Pool 1 (cUSDT/cUSDC):** Already funded with 500,000 cUSDT and 500,000 cUSDC (single addLiquidity tx). +- **Pools 2 and 3:** Not funded yet (require deployer balance of official USDT/USDC on 138). +- **Deployer c* supply:** 1M+ of each c* minted (including cUSDT, cUSDC) via mint-all-c-star-138.sh and earlier mints. + +--- + +## 4. Funding plan options + +### Plan A - Fund only Pool 1 (cUSDT/cUSDC) - recommended first + +Use only cUSDT and cUSDC; no official USDT/USDC needed. + +| Step | Action | Command / notes | +|------|--------|------------------| +| 1 | Ensure deployer has enough cUSDT and cUSDC | Mint if needed: ./scripts/mint-for-liquidity.sh or ./scripts/mint-all-c-star-138.sh [amount] | +| 2 | Decide amount per side (base units, 6 decimals) | e.g. 1M each = 1000000000000 (1e12) | +| 3 | Approve integration to spend cUSDT and cUSDC | See section 5 below (cast) or run add-liquidity script | +| 4 | Add liquidity to Pool 1 | addLiquidity(POOL_CUSDTCUSDC, baseAmount, quoteAmount) via cast or Forge script | + +### Plan B - Fund all three pools + +Requires deployer to hold official USDT and USDC on Chain 138 (in addition to cUSDT/cUSDC). + +| Step | Action | Command / notes | +|------|--------|------------------| +| 1 | Check deployer balances | ./scripts/deployment/check-deployer-balance-chain138-and-funding-plan.sh | +| 2 | Mint cUSDT/cUSDC (and official USDT/USDC if deployer is owner) | ./scripts/mint-for-liquidity.sh; mint official tokens if contracts allow | +| 3 | Set .env amounts | ADD_LIQUIDITY_BASE_AMOUNT, ADD_LIQUIDITY_QUOTE_AMOUNT; optionally per-pool overrides | +| 4 | Add liquidity to all three pools | Forge script (if it compiles) or three separate cast addLiquidity calls | + +### Plan C - "Half of balance" rule (from existing doc) + +Use 50% of deployer cUSDT and cUSDC for liquidity; keep the rest for gas/other use. + +1. Run: RPC_URL_138= ./scripts/deployment/check-deployer-balance-chain138-and-funding-plan.sh +2. Copy the printed ADD_LIQUIDITY_BASE_AMOUNT and ADD_LIQUIDITY_QUOTE_AMOUNT (half of current balances) into smom-dbis-138/.env +3. Add liquidity (Pool 1 only if you do not have official USDT/USDC) per section 5. + +--- + +## 5. Commands to add liquidity + +**Prereqs:** smom-dbis-138/.env with PRIVATE_KEY, RPC_URL_138. Deployer must hold at least the amounts you add. + +### Option 1 - Cast (reliable; use if Forge script fails) + +From repo root, with smom-dbis-138/.env sourced: + +```bash +cd smom-dbis-138 && source .env + +INT=0x79cdbaFBaA0FdF9F55D26F360F54cddE5c743F7D +POOL1=0x9fcB06Aa1FD5215DC0E91Fd098aeff4B62fEa5C8 +CUSDT=0x93E66202A11B1772E55407B32B44e5Cd8eda7f22 +CUSDC=0xf22258f57794CC8E06237084b353Ab30fFfa640b +RPC="$RPC_URL_138" +MAX=0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff + +# Approve (once per token) +cast send "$CUSDT" "approve(address,uint256)" "$INT" "$MAX" --rpc-url "$RPC" --private-key "$PRIVATE_KEY" --legacy --gas-limit 100000 +cast send "$CUSDC" "approve(address,uint256)" "$INT" "$MAX" --rpc-url "$RPC" --private-key "$PRIVATE_KEY" --legacy --gas-limit 100000 + +# Add liquidity to Pool 1 (amounts in base units, 6 decimals; e.g. 1M = 1000000000000) +BASE_AMOUNT=1000000000000 +QUOTE_AMOUNT=1000000000000 +cast send "$INT" "addLiquidity(address,uint256,uint256)" "$POOL1" "$BASE_AMOUNT" "$QUOTE_AMOUNT" --rpc-url "$RPC" --private-key "$PRIVATE_KEY" --legacy --gas-limit 500000 +``` + +### Option 2 - Forge script (if it compiles) + +```bash +cd smom-dbis-138 && source .env +export POOL_CUSDTCUSDC=0x9fcB06Aa1FD5215DC0E91Fd098aeff4B62fEa5C8 +export ADD_LIQUIDITY_BASE_AMOUNT=1000000000000 +export ADD_LIQUIDITY_QUOTE_AMOUNT=1000000000000 + +forge script script/dex/AddLiquidityPMMPoolsChain138.s.sol:AddLiquidityPMMPoolsChain138 \ + --rpc-url "$RPC_URL_138" --broadcast --private-key "$PRIVATE_KEY" --with-gas-price 1000000000 --legacy +``` + +### Option 3 - Mint and add in one go (Pool 1 only) + +```bash +./scripts/mint-for-liquidity.sh --add-liquidity +``` + +Uses half of minted amounts for Pool 1; requires DODO_PMM_INTEGRATION and pool addresses set in smom-dbis-138/.env. + +--- + +## 6. Suggested amounts (Pool 1) + +| Goal | Base (cUSDT) | Quote (cUSDC) | Base units each (6 decimals) | +|------|----------------|----------------|------------------------------| +| Light | 100,000 | 100,000 | 100000000000 | +| Medium | 500,000 | 500,000 | 500000000000 | +| Heavy | 1,000,000 | 1,000,000 | 1000000000000 | +| Already added | 500,000 | 500,000 | (done) | + +You can run the Add liquidity step multiple times to add more (e.g. another 500k/500k for Pool 1). + +--- + +## 7. Checklist summary + +- [ ] 1. Run check-deployer-balance-chain138-and-funding-plan.sh and note half-balance amounts. +- [ ] 2. Mint cUSDT/cUSDC if needed: ./scripts/mint-for-liquidity.sh or ./scripts/mint-all-c-star-138.sh +- [ ] 3. (Optional) If funding Pools 2 and 3: obtain or mint official USDT/USDC on 138; approve integration. +- [ ] 4. Approve cUSDT and cUSDC to DODOPMMIntegration (see section 5 Option 1). +- [ ] 5. Add liquidity to Pool 1 (and optionally Pools 2 and 3) via cast or Forge script. +- [ ] 6. Verify on explorer: pool balances or LP tokens for deployer. + +--- + +## 8. References + +- ADD_LIQUIDITY_PMM_CHAIN138_RUNBOOK.md - Add-liquidity runbook +- docs/11-references/DEPLOYER_WALLET_FUNDING_PLAN_PMM_POOLS.md - Deployer balances and 50% rule +- docs/11-references/LIQUIDITY_POOLS_MASTER_MAP.md - Pool addresses and status +- docs/11-references/TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER.md - How to mint c* on 138 diff --git a/docs/03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md b/docs/03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md new file mode 100644 index 0000000..d9abf53 --- /dev/null +++ b/docs/03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md @@ -0,0 +1,146 @@ +# Remaining Deployments for Full Network Coverage + +**Last Updated:** 2026-03-04 +**Purpose:** Ordered list of remaining deployments to achieve **maximum effective execution across all networks** (13-chain hub model: Chain 138 + 12 edge/alt). Use after [REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST](../00-meta/REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md) and [DEPLOYMENT_ORDER_OF_OPERATIONS](DEPLOYMENT_ORDER_OF_OPERATIONS.md). + +**Routing context:** [routing-matrix-13x13.json](../../smom-dbis-138/real-robinhood/data/routing-matrix-13x13.json) — 138↔Celo (42220) **B/SBS** (CCIP bridges deployed 2026-03-04); 138↔Wemix (1111) **TBD** (deployer needs 0.4 WEMIX). Full coverage = all 13 chains with bridge + liquidity where designed. + +--- + +## Phase execution status (2026-03-04) + +| Phase | Step | Status | Notes | +|-------|------|--------|-------| +| A | A.1 Mint cUSDT/cUSDC (138) | ⚠️ Blocked | Mint script now uses `GAS_PRICE_138`; with 500 gwei first tx accepted but confirmation times out while block production is stalled. When blocks advance, run `mint-for-liquidity.sh` (use `GAS_PRICE_138=500000000000` if “Replacement transaction underpriced”). | +| A | A.2 Add liquidity PMM (138) | ⏳ Pending | After A.1 succeeds; run `mint-for-liquidity.sh --add-liquidity` or AddLiquidityPMMPoolsChain138. | +| B | B.1 Celo CCIP bridges | ✅ Done | Deployed; 0xD3AD6831aacB5386B8A25BB8D8176a6C8a026f04 (WETH9), 0xa4B9DD039565AeD9641D45b57061f99d9cA6Df08 (WETH10); .env updated; complete-config Celo→138 OK. | +| B | B.2 Wemix CCIP bridges | ⏳ Blocked | Deployer 0 WEMIX; need 0.4 WEMIX then run `deploy-bridges-config-ready-chains.sh wemix`. | +| B | **Gnosis CCIP bridges** | ✅ Done (2026-03-04) | Deployed: WETH9 `0x4ab39b5BaB7b463435209A9039bd40Cf241F5a82`, WETH10 `0xC15ACdBAC59B3C7Cb4Ea4B3D58334A4b143B4b44`; .env updated. | +| B | B.3 Fund CCIP with LINK | ⏳ Ready | Run `fund-ccip-bridges-with-link.sh` (dry-run done). | +| C | C.1–C.2 cW* + edge pools | 📋 Runbook | [PHASE_C_CW_AND_EDGE_POOLS_RUNBOOK.md](PHASE_C_CW_AND_EDGE_POOLS_RUNBOOK.md). | +| D | D.1–D.4 Optional XAU/vaults/trustless | 📋 Checklist | [PHASE_D_OPTIONAL_CHECKLIST.md](PHASE_D_OPTIONAL_CHECKLIST.md). | + +**Latest run (same session):** A.1 mint retry → timeout again (Chain 138 RPC). complete-config → Step A/B still fail (138 tx timeout or destination already set). Gnosis bridges deployed ✅. fund-ccip → failed (Chain 138 Invalid params; other chains: insufficient LINK or gas). Cronos deploy skipped (set CRONOS_RPC and CCIP_ROUTER_CRONOS in .env). + +--- + +## Status to continue (run these before Phase A mint/deploy) + +| Item | Status | Action | +|------|--------|--------| +| **Core RPC 2101** | ✅ Healthy (container, besu-rpc, port 8545, chain 138, DB writable) | None. Use `RPC_URL_138=http://192.168.11.211:8545`. | +| **Tx pool** | May repopulate after clear | Run `./scripts/clear-all-transaction-pools.sh`; if mint fails with “Replacement transaction underpriced”, use `GAS_PRICE_138=500000000000` (500 gwei) when running mint. | +| **Validators** | 1000–1004 active (1004 restarted 2026-03-04) | If 1004 fails again: `ssh root@192.168.11.10 'pct exec 1004 -- systemctl restart besu-validator'`. | +| **Block production** | Stalled (blocks not advancing) | **Blocker for confirmations.** Run `./scripts/monitoring/monitor-blockchain-health.sh`; when blocks advance, mint/add-liquidity txs will confirm. | + +**Next steps in order:** (1) Ensure blocks are advancing (all 5 validators active, wait for sync). (2) `cd smom-dbis-138 && ./scripts/mint-for-liquidity.sh` (optionally `GAS_PRICE_138=500000000000` if pool has a stuck tx). (3) After mint confirms, optionally `--add-liquidity`. See [CORE_RPC_2101_2102_TXPOOL_ADMIN_STATUS.md](../04-configuration/CORE_RPC_2101_2102_TXPOOL_ADMIN_STATUS.md) §7–8. + +--- + +## Current state (verified) + +| Area | Status | +|------|--------| +| Chain 138 core + PMM | 38/38 contracts; DODOPMMIntegration + 3 pools (cUSDT/cUSDC, cUSDT/USDT, cUSDC/USDC) created; DODOPMMProvider deployed. | +| Chain 138 liquidity | **0** in pools — deployer WETH/cUSDT/cUSDC = 0; add liquidity blocked until mint/fund. | +| CCIP 138 → 1, 56, 137, 10, 42161, 43114, 8453, 100, 25, **42220 (Celo)** | Configured (B/SBS). Celo CCIP bridges deployed 2026-03-04; Gnosis, Cronos config-ready; Wemix (1111) **TBD** (need 0.4 WEMIX). | +| Alltra 138 ↔ 651940 | ALT path live. | +| cW* on public chains | Addresses in .env / design; **deployment-status.json empty** — no cW* pool addresses. | +| LINK for CCIP | Fund bridges per lane so cross-chain messages execute. | + +--- + +## Phase A — Hub liquidity (Chain 138) + +**Goal:** Enable swap execution on Chain 138 (cUSDT↔cUSDC and future pairs). + +| Step | Action | Ref | +|------|--------|-----| +| A.1 | **Mint cUSDT and cUSDC to deployer** (owner mint). | [TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER](../11-references/TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER.md) §1. Use `./scripts/mint-for-liquidity.sh` in smom-dbis-138 (or `mint-to-750m.sh`). | +| A.2 | **Add liquidity to PMM pools** (cUSDT/cUSDC first; then cUSDT/USDT, cUSDC/USDC if official tokens exist on 138). Set `ADD_LIQUIDITY_*` in smom-dbis-138/.env; run AddLiquidityPMMPoolsChain138 or `mint-for-liquidity.sh --add-liquidity`. | [ADD_LIQUIDITY_PMM_CHAIN138_RUNBOOK](ADD_LIQUIDITY_PMM_CHAIN138_RUNBOOK.md) | +| A.3 | **(Optional)** Mint other c* (cEURC, cEURT, cGBP*, etc.) for future pools / bridge; extend PMM mesh if desired. | [TOKEN_CONTRACT_DEPLOYMENTS_REMAINING](../11-references/TOKEN_CONTRACT_DEPLOYMENTS_REMAINING.md) §1; DeployCompliantFiatTokens already run (10 tokens). | + +**Pre-checks:** `./scripts/deployment/preflight-chain138-deploy.sh`; `RPC_URL_138=http://192.168.11.211:8545 ./scripts/deployment/check-deployer-balance-chain138-and-funding-plan.sh`. + +--- + +## Phase B — Bridge coverage (all 13 chains) + +**Goal:** Turn **TBD** into **B/SBS** for Celo and Wemix; ensure LINK-funded lanes so routes execute. + +| Step | Action | Ref | +|------|--------|-----| +| B.1 | **Celo (42220):** Deploy CCIP WETH9/WETH10 bridges on Celo; add 138↔Celo destinations on both sides; fund bridges with LINK. | [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md). Preflight: `./scripts/deployment/preflight-config-ready-chains.sh celo`. Deploy: `./scripts/deployment/deploy-bridges-config-ready-chains.sh celo`; then `complete-config-ready-chains.sh`. | +| B.2 | **Wemix (1111):** Same as B.1 for Wemix. Confirm WETH/USDT/USDC addresses on scan.wemix.com; set in token-mapping and .env. | Same runbook; `deploy-bridges-config-ready-chains.sh wemix`. [REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST](../00-meta/REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md) §2.2 (Wemix tokens). | +| B.3 | **Fund all CCIP bridges with LINK** (138 and each destination). Run `./scripts/deployment/fund-ccip-bridges-with-link.sh` (dry-run first). | [CCIP_BRIDGE_DESTINATIONS_AND_LINK_FUNDING](../../smom-dbis-138/docs/deployment/CCIP_BRIDGE_DESTINATIONS_AND_LINK_FUNDING.md) | +| B.4 | **(Optional)** LINK support on Mainnet relay for LINK transfers. | [RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK](../07-ccip/RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md) | + +**Outcome:** 138↔1, 56, 137, 10, 42161, 43114, 8453, 100, 25, **42220**, **1111** all B/SBS; 138↔651940 remains ALT. Routing matrix TBD cells removed. + +--- + +## Phase C — Public-chain cW* and edge pools + +**Goal:** Enable swap-bridge-swap and arbitrage on **public chains** (cW* tokens + DODO/Uniswap edge pools per pool-matrix). + +| Step | Action | Ref | +|------|--------|-----| +| C.1 | **Deploy or bridge cW* tokens** per chain (1, 56, 137, 10, 42161, 8453, 43114, 100, 25, 42220, 1111). Use cross-chain-pmm-lps token-map and deployment recipe; record addresses in deployment-status.json and .env. | [PHASE_C_CW_AND_EDGE_POOLS_RUNBOOK](PHASE_C_CW_AND_EDGE_POOLS_RUNBOOK.md), [TOKEN_CONTRACT_DEPLOYMENTS_REMAINING](../11-references/TOKEN_CONTRACT_DEPLOYMENTS_REMAINING.md) §3 | +| C.2 | **Create and fund PMM edge pools** (cW*/USDC, cW*/USDT, etc.) per [pool-matrix.json](../../cross-chain-pmm-lps/config/pool-matrix.json). Populate deployment-status.json with pool addresses. | [PHASE_C_CW_AND_EDGE_POOLS_RUNBOOK](PHASE_C_CW_AND_EDGE_POOLS_RUNBOOK.md), [LIQUIDITY_POOLS_MASTER_MAP](../11-references/LIQUIDITY_POOLS_MASTER_MAP.md) § Public-chain cW* | +| C.3 | **Stabilization bot / peg bands** (optional): Run bot and peg-band config from cross-chain-pmm-lps for cW* peg maintenance. | [cross-chain-pmm-lps/README.md](../../cross-chain-pmm-lps/README.md) | + +**Outcome:** Each public chain has cW* and edge pools so SBS and arbitrage can execute on both 138 and edge. + +--- + +## Phase D — Optional (extended coverage) + +| Step | Action | Ref | +|------|--------|-----| +| D.1 | **XAU token + XAU-anchored pools (138):** Deploy XAU; create cUSDT/XAU, cUSDC/XAU, cEURT/XAU PMM pools and private stabilization pools. | [PHASE_D_OPTIONAL_CHECKLIST](PHASE_D_OPTIONAL_CHECKLIST.md), [LIQUIDITY_POOLS_MASTER_MAP](../11-references/LIQUIDITY_POOLS_MASTER_MAP.md) §2, §5 | +| D.2 | **Vault ac* / vdc* / sdc*** for new base tokens (cEURC, cEURT, etc.). | [PHASE_D_OPTIONAL_CHECKLIST](PHASE_D_OPTIONAL_CHECKLIST.md), [TOKEN_CONTRACT_DEPLOYMENTS_REMAINING](../11-references/TOKEN_CONTRACT_DEPLOYMENTS_REMAINING.md) §5 | +| D.3 | **ALL Mainnet (651940):** ACADT/ACADC when Alltra adds CAD; D-WIN W on 138/651940 if desired. | [PHASE_D_OPTIONAL_CHECKLIST](PHASE_D_OPTIONAL_CHECKLIST.md) | +| D.4 | **Mainnet trustless stack:** LiquidityPoolETH, InboxETH, BondManager on mainnet for trustless bridge liquidity. | [PHASE_D_OPTIONAL_CHECKLIST](PHASE_D_OPTIONAL_CHECKLIST.md), [OPTIONAL_DEPLOYMENTS_START_HERE](../07-ccip/OPTIONAL_DEPLOYMENTS_START_HERE.md) §C | + +--- + +## Execution order (recommended) + +1. **A.1 → A.2** (mint + add liquidity on 138) so hub has executable liquidity. +2. **B.1 → B.2 → B.3** (Celo + Wemix CCIP + LINK fund) so all 13 chains are routable and bridges can execute. +3. **C.1 → C.2** (cW* + edge pools) so public chains have full SBS and arbitrage. +4. **D.** as needed for XAU, vaults, and optional chains/tokens. + +--- + +## Quick command reference + +| Task | Command / script | +|------|------------------| +| Preflight (138) | `./scripts/deployment/preflight-chain138-deploy.sh` | +| Mint cUSDT/cUSDC (138) | `cd smom-dbis-138 && ./scripts/mint-for-liquidity.sh` | +| Mint + add liquidity | `./scripts/mint-for-liquidity.sh --add-liquidity` | +| Preflight (config-ready chains) | `cd smom-dbis-138 && ./scripts/deployment/preflight-config-ready-chains.sh [celo|wemix|all]` | +| Deploy bridges (Celo/Wemix) | `./scripts/deployment/deploy-bridges-config-ready-chains.sh [celo|wemix|all]` | +| Complete destinations | `./scripts/deployment/complete-config-ready-chains.sh` | +| Fund CCIP with LINK | `./scripts/deployment/fund-ccip-bridges-with-link.sh` | +| Add liquidity runbook | [ADD_LIQUIDITY_PMM_CHAIN138_RUNBOOK](ADD_LIQUIDITY_PMM_CHAIN138_RUNBOOK.md) | + +--- + +## Phase runbooks + +- **Phase C (cW* + edge pools):** [PHASE_C_CW_AND_EDGE_POOLS_RUNBOOK.md](PHASE_C_CW_AND_EDGE_POOLS_RUNBOOK.md) +- **Phase D (optional XAU, vaults, trustless):** [PHASE_D_OPTIONAL_CHECKLIST.md](PHASE_D_OPTIONAL_CHECKLIST.md) + +--- + +## References + +- [REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST](../00-meta/REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md) +- [DEPLOYMENT_ORDER_OF_OPERATIONS](DEPLOYMENT_ORDER_OF_OPERATIONS.md) +- [TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER](../11-references/TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER.md) +- [DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS](../11-references/DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md) +- [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md) +- [LIQUIDITY_POOLS_MASTER_MAP](../11-references/LIQUIDITY_POOLS_MASTER_MAP.md) +- [TODOS_CONSOLIDATED](../00-meta/TODOS_CONSOLIDATED.md) diff --git a/docs/03-deployment/SINGLE_SIDED_LPS_PUBLIC_NETWORKS_RUNBOOK.md b/docs/03-deployment/SINGLE_SIDED_LPS_PUBLIC_NETWORKS_RUNBOOK.md new file mode 100644 index 0000000..8a1ab24 --- /dev/null +++ b/docs/03-deployment/SINGLE_SIDED_LPS_PUBLIC_NETWORKS_RUNBOOK.md @@ -0,0 +1,86 @@ +# Single-Sided LPs on Public Networks — Runbook (Aggregator and DEX Routing) + +**Purpose:** Deploy **cW* / HUB** single-sided PMM (or AMM) pools on each public chain so aggregators and DEX routing can use them. + +--- + +## 1. What to deploy + +On each public chain: + +- **Pool type:** One pool per **cW*** token against the chain’s **hub stable** (USDC or USDT). +- **Single-sided:** Liquidity is provided on the **cW*** side; the other side is filled by market/arbitrage (and optionally by a bot). +- **Use case:** Aggregator and DEX routing (1inch, 0x, ParaSwap, swap–bridge–swap, etc.) so that cW* ↔ USDC/USDT is routable on each chain. + +--- + +## 2. Per-chain config (pool-matrix) + +The source of truth is **cross-chain-pmm-lps/config/pool-matrix.json**: + +- **chains[chainId].hubStable:** USDC or USDT for that chain. +- **chains[chainId].poolsFirst:** List of pools to deploy first (e.g. `cWUSDT/USDC`, `cWUSDC/USDC`, …). +- **chains[chainId].poolsOptional:** Optional extra quote stables (e.g. `cWUSDT/USDT`, `cWUSDT/DAI`). + +--- + +## 3. Prerequisites per chain + +1. **cW* tokens deployed** on that chain (addresses in `.env` or in `cross-chain-pmm-lps/config/deployment-status.json`). +2. **Hub stable address** (USDC or USDT) on that chain (from chain list or explorer). +3. **DEX/factory** on that chain: + - DODO-style: DVM or PMM factory. + - Uniswap V2: factory + router. + - Uniswap V3: factory + NonfungiblePositionManager (or equivalent). +4. **RPC URL** and **deployer key** (or LP provider key) for that chain. + +--- + +## 4. Steps per chain (checklist) + +For each chain (e.g. 1, 56, 137, 10, 100, 25, 42161, 8453, 43114, 42220, 1111): + +- [ ] 1. Set `CW*_` and `*_RPC` (e.g. `CWUSDT_MAINNET`, `ETHEREUM_MAINNET_RPC`) in `.env`. +- [ ] 2. Resolve hub stable address (e.g. USDC on Ethereum: `0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48`). +- [ ] 3. Choose DEX: DODO PMM vs Uniswap V2 vs Uniswap V3 (per chain). +- [ ] 4. For each pair in `poolsFirst` (e.g. cWUSDT/USDC): + - [ ] Create pool (factory.createPair or DVM.createDVM or V3 factory.createPool). + - [ ] Add single-sided liquidity on the cW* side (or both sides with a 1:1 target). +- [ ] 5. Record pool address in `cross-chain-pmm-lps/config/deployment-status.json` under `chains[chainId].pmmPools` (each entry: `base`, `quote`, `poolAddress` or `base_token`, `quote_token`, `pool_address`). +- [ ] 5a. **Update MCP allowlist for this chain:** Run `./scripts/generate-mcp-allowlist-from-deployment-status.sh -o ai-mcp-pmm-controller/config/allowlist-.json` (or merge into a multi-chain allowlist). So the dedicated MCP/AI can read and manage these pools. See [MCP_AI_POOL_MANAGEMENT_PLAN_UPGRADES.md](MCP_AI_POOL_MANAGEMENT_PLAN_UPGRADES.md). +- [ ] 6. Register pool in token-aggregation API / indexer so quote and routing use it (set `CHAIN_*_DODO_PMM_INTEGRATION` or Uniswap factory env for that chain and run indexer). +- [ ] 6a. **Uniswap (if used on this chain):** List Uniswap V2/V3 pools (from factory events or indexer) and add them to the same MCP/API visibility: set `CHAIN_*_UNISWAP_V2_FACTORY` / `CHAIN_*_UNISWAP_V3_FACTORY` and run indexer; add Uniswap pools to MCP allowlist with profile `uniswap_v2_pair` or `uniswap_v3_pool` when that profile is available. See [MCP_AI_POOL_MANAGEMENT_PLAN_UPGRADES.md](MCP_AI_POOL_MANAGEMENT_PLAN_UPGRADES.md) §2.3. +- [ ] 7. (Optional) Enable bot for that chain (deviation watcher, rebalance). Bot can consume pool state from MCP or token-aggregation API; see plan upgrades § Bot–MCP–API integration. + +--- + +## 5. Script stub: list pools to create + +From repo root, run: + +```bash +./scripts/list-single-sided-pools-by-chain.sh +``` + +This script reads **cross-chain-pmm-lps/config/pool-matrix.json** and prints, per chain, the list of **cW* / HUB** pools to create (and optional pools). Use the output to drive deployment (manual or via a deploy script that calls the appropriate factory on each chain). + +--- + +## 6. Deployment status and MCP allowlist source + +- **Config:** [cross-chain-pmm-lps/config/deployment-status.json](../../cross-chain-pmm-lps/config/deployment-status.json) +- Fill for each chain: + - **cwTokens:** e.g. `{ "cWUSDT": "0x...", "cWUSDC": "0x..." }` + - **anchorAddresses:** e.g. `{ "USDC": "0x...", "USDT": "0x..." }` + - **pmmPools:** array of `{ "base", "quote", "poolAddress", "feeBps", "k", ... }` (or `base_token`, `quote_token`, `pool_address`) +- **MCP allowlist generation:** `deployment-status.json` is the **source of truth** for generating the MCP allowlist per chain. Run `./scripts/generate-mcp-allowlist-from-deployment-status.sh [-o path]` to produce an allowlist fragment (pool_address, base_token, quote_token, profile) so the MCP/AI can read pool state on that chain. + +--- + +## 7. References + +- [PMM_FULL_MESH_AND_PUBLIC_SINGLE_SIDED_PLAN.md](PMM_FULL_MESH_AND_PUBLIC_SINGLE_SIDED_PLAN.md) — Overall plan (Chain 138 mesh + public single-sided). +- [MCP_AI_POOL_MANAGEMENT_PLAN_UPGRADES.md](MCP_AI_POOL_MANAGEMENT_PLAN_UPGRADES.md) — MCP/AI upgrades, allowlist sync, Uniswap, bot integration. +- [cross-chain-pmm-lps/docs/02-pool-topology.md](../../cross-chain-pmm-lps/docs/02-pool-topology.md) — Pool topology. +- [cross-chain-pmm-lps/docs/06-deployment-recipe.md](../../cross-chain-pmm-lps/docs/06-deployment-recipe.md) — Recipe and bot. +- [PMM_DEX_ROUTING_STATUS.md](../11-references/PMM_DEX_ROUTING_STATUS.md) — Routing status. diff --git a/docs/04-configuration/ACTIVITY_FEED_SPEC.md b/docs/04-configuration/ACTIVITY_FEED_SPEC.md new file mode 100644 index 0000000..e27f257 --- /dev/null +++ b/docs/04-configuration/ACTIVITY_FEED_SPEC.md @@ -0,0 +1,91 @@ +# Activity Feed — Event Schema and Ingestion + +**Purpose:** Canonical event model and ingestion spec for the normalized activity feed: transfers, app events, and bridge stitching. Table: `activity_events` (migration 0014). + +**References:** [indexer-architecture.md](../../explorer-monorepo/docs/specs/indexing/indexer-architecture.md), [heatmap-chains.ts](../../smom-dbis-138/services/token-aggregation/src/config/heatmap-chains.ts) (ALT vs B/SBS), [cross-chain-bridges.ts](../../smom-dbis-138/services/token-aggregation/src/config/cross-chain-bridges.ts) (`getRouteFromRegistry`). + +--- + +## 1. Table: `activity_events` + +| Column | Type | Description | +|--------|------|-------------| +| `id` | uuid | Primary key (default gen_random_uuid()) | +| `chain_id` | integer | 138 or 651940 (and others when indexed) | +| `transaction_hash` | varchar(66) | Tx hash | +| `log_index` | integer | Log index (0 for tx-level) | +| `block_number` | bigint | Block number | +| `block_timestamp` | timestamptz | Block time | +| `actor` | varchar(42) | Wallet that initiated the action | +| `subject` | varchar(42) | Optional: user/account/tokenId/resource | +| `event_type` | varchar(32) | TRANSFER, APP_ACTION, CLAIM, BRIDGE_OUT, BRIDGE_IN | +| `contract_address` | varchar(42) | Contract that emitted or was called | +| `data` | jsonb | Parsed event fields | +| `routing` | jsonb | `{ "path": "ALT" | "CCIP", "fromChain", "toChain", "bridgeTxHash"?: string }` | +| `created_at` | timestamptz | Insert time | + +**Unique:** `(chain_id, transaction_hash, log_index)`. + +--- + +## 2. Ingestion + +### 2.1 Transfers + +- **Source:** Existing `token_transfers` (and ERC-721/1155 logs when indexed). +- **Mapping:** For each row: insert into `activity_events` with `event_type = 'TRANSFER'`, `actor = from_address`, `subject = to_address` (or token id for NFT), `data = { from, to, value, tokenContract }`, `contract_address = token_contract`. `routing` = NULL for same-chain transfers. +- **Backfill:** One-time or periodic job: `INSERT INTO activity_events (...) SELECT ... FROM token_transfers WHERE NOT EXISTS (...)`. + +### 2.2 App events + +- **Source:** Application-lifecycle events (create, complete, settle, redeem, etc.) from your contracts. +- **Registry:** Maintain a mapping (event signature → `event_type` + parser). Example: `0x...` → `APP_ACTION`, parse `data` from log topics/data. +- **Insert:** Decode log; set `event_type`, `actor` (e.g. tx from), `subject` (e.g. orderId), `data` (decoded fields), `contract_address`. + +### 2.3 Bridge stitching + +- **Source:** Bridge contracts (AlltraAdapter, CCIP WETH9/WETH10); events such as lock/burn on source, mint/release on destination. +- **Routing:** Use [getRouteFromRegistry](../../smom-dbis-138/services/token-aggregation/src/config/cross-chain-bridges.ts) or [config/routing-registry.json](../../config/routing-registry.json): 138↔651940 → `path: "ALT"`, 138↔others → `path: "CCIP"`. +- **Insert:** For each bridge event, set `routing = { path: "ALT"|"CCIP", fromChain, toChain, bridgeTxHash }`. Optionally correlate "bridge out" and "bridge in" with a shared `data.correlationId` so the API can return one stitched feed item per cross-chain move. + +--- + +## 3. Activity feed API + +**Queries:** + +- **By user:** `WHERE actor = $address OR subject = $address` (paginated). +- **By token/NFT:** `WHERE subject = $tokenId` or `WHERE contract_address = $token AND data->>'tokenId' = $tokenId` (paginated). +- **Global:** `WHERE event_type IN (...)` with pagination by `(block_timestamp DESC, id DESC)`. + +**Pagination:** Cursor-based using `(block_timestamp, id)`; limit e.g. 50 per page. + +**Example (by user):** + +```sql +SELECT * FROM activity_events +WHERE actor = $1 OR subject = $1 +ORDER BY block_timestamp DESC, id DESC +LIMIT 50 OFFSET $2; +``` + +--- + +## 4. Event type enum (logical) + +| event_type | Description | +|------------|-------------| +| TRANSFER | ERC-20/721/1155 transfer | +| APP_ACTION | App-lifecycle (create, complete, settle, etc.) | +| CLAIM | Claim/mint from drop or contract | +| BRIDGE_OUT | Lock/burn on source chain | +| BRIDGE_IN | Mint/release on destination chain | + +--- + +## 5. Migration + +- **Up:** [0014_activity_events.up.sql](../../explorer-monorepo/backend/database/migrations/0014_activity_events.up.sql) +- **Down:** `0014_activity_events.down.sql` + +Run with your existing migration runner (e.g. golang-migrate, node-pg-migrate) against the explorer/backend DB. diff --git a/docs/04-configuration/ALLTRA_SPONSORSHIP_POLICY_MATRIX.md b/docs/04-configuration/ALLTRA_SPONSORSHIP_POLICY_MATRIX.md new file mode 100644 index 0000000..6ab08d3 --- /dev/null +++ b/docs/04-configuration/ALLTRA_SPONSORSHIP_POLICY_MATRIX.md @@ -0,0 +1,105 @@ +# Alltra (651940) Gas Sponsorship — Policy Matrix and Method Allowlist + +**Purpose:** Define the sponsorship policy for Alltra-native gas (ERC-4337 paymaster on chain 651940): three-tier policy, method allowlist, and anti-abuse controls. Use with thirdweb Engine or an ERC-4337 paymaster contract on 651940. + +**References:** [thirdweb Gas Sponsorship](https://portal.thirdweb.com/wallets/sponsor-gas), [ERC-4337 Paymasters](https://docs.erc4337.io/paymasters/index.html), [THIRDWEB_ENGINE_CHAIN_OVERRIDES.md](THIRDWEB_ENGINE_CHAIN_OVERRIDES.md). + +--- + +## 1. Policy groups + +### Policy Group 1 — Always sponsor (low risk, onboarding) + +| Category | Contract | Allowed methods | Notes | +|----------|----------|-----------------|-------| +| Smart account init | AA factory / account | `createAccount`, `initialize` | Required for first use | +| Session / auth proofs | Auth/Session contract (if onchain) | `registerKey`, `rotateKey` | If keys stored onchain | +| First app action | CoreApp contract (TBD) | 1–2 core functions | Keep small initially | + +### Policy Group 2 — Sponsor with caps (medium risk) + +| Category | Contract | Allowed methods | Caps | +|----------|----------|-----------------|------| +| App events writes | CoreApp / Modules | Selected write funcs | Per-user/day tx limit + per-user/day gas limit | +| Claims / mints | Token/NFT drop | `claim`, `mintTo` | Restrict to allowlisted drops only | + +### Policy Group 3 — Do not sponsor (high risk) + +- Arbitrary `approve()` to unknown spenders +- Arbitrary ERC-20 `transfer` / `transferFrom` +- Swaps and bridge calls (user pays gas) + +--- + +## 2. Anti-abuse controls (minimum viable) + +- **Per-user daily max sponsored gas** — e.g. 500k gas/day per wallet. +- **Per-IP / per-device burst limits** — e.g. max N requests per minute from same IP. +- **Contract allowlist only** — only contracts in the allowlist can be called in sponsored userOps. +- **Method allowlist only** — only method selectors in the allowlist (see below) are sponsored. +- **Optional:** After first N sponsored tx, require user to hold a small amount of native gas token before further sponsorship. + +--- + +## 3. Method allowlist (production) + +Configure the paymaster with a **method allowlist** keyed by `(chainId, contract, method selector)`. + +**Chain:** 651940 (Alltra). + +**Contract + method selectors:** To be filled when CoreApp (and optional AA factory, session contract) addresses and method names are known. Example shape: + +| Contract (address) | Method | Selector (4 bytes) | Policy group | +|--------------------|--------|---------------------|--------------| +| TBD (CoreApp) | `doAction` | `0x...` | 1 or 2 | +| TBD (AA factory) | `createAccount` | `0x...` | 1 | +| TBD (AA factory) | `initialize` | `0x...` | 1 | + +**How to add selectors:** For each method, compute `keccak256(methodSignature).slice(0, 10)` (e.g. `doAction(uint256)` → selector). Paste into Engine paymaster policy or into your paymaster contract’s allowlist. + +**Placeholder JSON (allowlist):** When you have contract addresses and method names, add a file e.g. `config/alltra-sponsorship-allowlist.json`: + +```json +{ + "chainId": 651940, + "contracts": [ + { + "address": "0x...", + "label": "CoreApp", + "methods": [ + { "name": "doAction", "selector": "0x..." } + ] + } + ] +} +``` + +--- + +## 4. Per-user / per-day caps (recommended values) + +| Limit | Suggested value | Notes | +|-------|------------------|-------| +| Sponsored gas per user per day | 500_000 | Tune for your app | +| Sponsored tx count per user per day | 10 | For Group 2 | +| Burst (per IP) | 20 req/min | Rate limit | + +--- + +## 5. Implementation checklist + +- [ ] Add chain 651940 to Engine (see [THIRDWEB_ENGINE_CHAIN_OVERRIDES.md](THIRDWEB_ENGINE_CHAIN_OVERRIDES.md)). +- [ ] Create or configure paymaster on 651940 (thirdweb Engine or custom contract). +- [ ] Set Policy Group 1 contracts and method selectors (AA init, optional session). +- [ ] Set Policy Group 2 contracts and method selectors (CoreApp, claims) with per-user/day caps. +- [ ] Enforce contract + method allowlist; reject all other calls. +- [ ] Add per-user daily gas and tx limits; optional per-IP burst limit. + +--- + +## 6. Separation from x402 + +- **Sponsorship:** Pays for **gas** of user’s app actions (onchain writes) on 651940. +- **x402:** User pays **USDC** for API/service access (offchain response gated by onchain payment proof). + +They are independent: x402 payment is a user-funded USDC transfer; sponsored txs are paymaster-funded gas. diff --git a/docs/04-configuration/ALLTRA_X402_OPERATOR_GUIDE.md b/docs/04-configuration/ALLTRA_X402_OPERATOR_GUIDE.md new file mode 100644 index 0000000..4006bef --- /dev/null +++ b/docs/04-configuration/ALLTRA_X402_OPERATOR_GUIDE.md @@ -0,0 +1,44 @@ +# Alltra + x402 Operator Guide + +**Purpose:** Short operator reference for Alltra (651940) and x402: server wallet usage, chain config, and where to look for runbooks. + +--- + +## Server wallet usage + +- Use the **server wallet** (e.g. `SERVER_WALLET_ADDRESS` in x402-api) only for: + - Contract admin (roles, pausing, upgrades) + - Allowlist/signature minting + - Indexer repair jobs + - Operational controls (key rotation, emergency) +- **Do not** use it in user flows; keep keys in KMS/HSM/custody. +- Full policy: [THIRDWEB_WALLETS_INTEGRATION.md](THIRDWEB_WALLETS_INTEGRATION.md) §3.1. + +--- + +## Chains + +- **138:** Hub (DeFi Oracle Meta Mainnet); RPC and Engine overrides: [THIRDWEB_ENGINE_CHAIN_OVERRIDES.md](THIRDWEB_ENGINE_CHAIN_OVERRIDES.md). +- **651940:** Alltra (ALL Mainnet); sponsorship and x402 USDC on this chain. + +--- + +## x402 (Alltra-native) + +- **Env:** `X402_USE_ALLTRA=true`, `SERVER_WALLET_ADDRESS`, optional `CHAIN_651940_RPC_URL`. When Alltra is used, local verification does not require `THIRDWEB_SECRET_KEY`. +- **Spec:** [X402_ALLTRA_ENDPOINT_SPEC.md](X402_ALLTRA_ENDPOINT_SPEC.md) — 402 challenge, PAYMENT-SIGNATURE, local verification on 651940 USDC. +- **API:** x402-api returns 402 + `PAYMENT-REQUIRED` when unpaid; accepts `PAYMENT-SIGNATURE` with `txHash` and verifies settlement on 651940. + +--- + +## Sponsorship (paymaster on 651940) + +- **Policy:** [ALLTRA_SPONSORSHIP_POLICY_MATRIX.md](ALLTRA_SPONSORSHIP_POLICY_MATRIX.md) — three-tier policy, method allowlist, anti-abuse caps. +- **Engine:** Add chain 651940 per [THIRDWEB_ENGINE_CHAIN_OVERRIDES.md](THIRDWEB_ENGINE_CHAIN_OVERRIDES.md) so paymaster and backend wallets work. + +--- + +## Routing and activity feed + +- **Routing registry:** [config/routing-registry.json](../../config/routing-registry.json); ALT for 138↔651940, CCIP for 138↔others. Helper: `getRouteFromRegistry()` in token-aggregation. +- **Activity feed:** [ACTIVITY_FEED_SPEC.md](ACTIVITY_FEED_SPEC.md) — `activity_events` table, ingestion, feed API. diff --git a/docs/04-configuration/CORE_RPC_2101_2102_TXPOOL_ADMIN_STATUS.md b/docs/04-configuration/CORE_RPC_2101_2102_TXPOOL_ADMIN_STATUS.md new file mode 100644 index 0000000..590e979 --- /dev/null +++ b/docs/04-configuration/CORE_RPC_2101_2102_TXPOOL_ADMIN_STATUS.md @@ -0,0 +1,129 @@ +# Core RPC 2101 & 2102 — TXPOOL and ADMIN Status + +**Last Updated:** 2026-03-04 +**Purpose:** Status of Core RPC nodes 2101 and 2102 for tx pool and admin APIs, and whether `txpool_besuClear`, `txpool_clear`, and `admin_removeTransaction` can be supported. + +--- + +## 1. Current status (verified 2026-03-04) + +| Node | IP:Port | Container | rpc_modules (exposed) | Block | +|--------|--------------------|-----------|---------------------------|---------| +| **2101** | 192.168.11.211:8545 | Running | admin, eth, net, txpool, web3 | 2,547,803 | +| **2102** | 192.168.11.212:8545 | Running | admin, eth, net, txpool, web3 | — | + +- **2101** uses `/etc/besu/config-rpc-core.toml` with `rpc-http-api=["ETH","NET","WEB3","ADMIN","DEBUG","TXPOOL"]`. +- **2102** uses `/etc/besu/config-rpc.toml` with `rpc-http-api=["ETH","NET","WEB3","ADMIN","DEBUG","TXPOOL"]`. + +Both nodes already expose the **TXPOOL** and **ADMIN** API groups. No extra config is required for “enabling” these groups. + +--- + +## 2. Requested methods: not implemented in Besu + +You want Core RPC nodes 2101 and 2102 to support: + +- `txpool_besuClear` +- `txpool_clear` +- `admin_removeTransaction` + +**Conclusion: Hyperledger Besu does not implement these JSON-RPC methods.** + +- **txpool_besuClear** and **txpool_clear** are not part of Besu’s JSON-RPC API. Besu only provides: + - `txpool_besuPendingTransactions` + - `txpool_besuStatistics` + - `txpool_besuTransactions` + and does not document or ship a “clear pool” RPC method. +- **admin_removeTransaction** is not documented or implemented in Besu. Admin methods that do exist include things like `admin_peers`, `admin_nodeInfo`, etc., but not transaction removal. + +So **no configuration or version change on 2101/2102 can add these three methods**; they are not available in Besu. + +--- + +## 3. What 2101 and 2102 do support + +- **TXPOOL:** `txpool_besuTransactions`, `txpool_besuStatistics`, `txpool_besuPendingTransactions` (and any other TXPOOL methods Besu implements). These work today when the TXPOOL API group is enabled (as on 2101 and 2102). +- **ADMIN:** All Besu admin methods (e.g. `admin_peers`, `admin_nodeInfo`, etc.) are available; only `admin_removeTransaction` does not exist in Besu. + +Config for Core RPC should keep **TXPOOL** and **ADMIN** (and DEBUG if desired) in `rpc-http-api` and `rpc-ws-api` so that all supported txpool and admin methods remain available. The repo’s canonical config for Core RPC is: + +- **Path:** `smom-dbis-138/config/config-rpc-core.toml` +- **Relevant lines:** + `rpc-http-api=["ETH","NET","WEB3","TXPOOL","QBFT","ADMIN","DEBUG","TRACE"]` + and matching `rpc-ws-api`. + +Ensuring 2101 and 2102 use this (or equivalent) gives maximum supported TXPOOL/ADMIN surface; it does not add the three unsupported methods above. + +--- + +## 4. How to clear stuck transactions (operational workaround) + +Because Besu does not expose a “clear pool” or “remove transaction” RPC: + +1. **Preferred:** Run `./scripts/clear-all-transaction-pools.sh` (clears pool on validators and RPC nodes 2101/2201 by restarting Besu and clearing pool data). Then wait 30–60s before sending new transactions. +2. **Alternative:** Use replacement transactions (same nonce, higher gas) so the new tx replaces the stuck one; see `./scripts/cancel-pending-transactions.sh` if available. +3. **Resolve script:** `./scripts/resolve-stuck-transaction-besu-qbft.sh` will try `txpool_besuClear` / `txpool_clear` / `admin_removeTransaction`; on Besu these return “Method not found”. The script is still useful to inspect nonce and suggest the operational workarounds above. + +--- + +## 5. Can we “continue where we left off”? + +- **If “continue” means:** deploy contracts, mint, add liquidity, or run other scripts that send transactions via 2101/2102: + - **Yes**, as long as: + - No stuck transaction is blocking the deployer nonce. If there is, run `./scripts/clear-all-transaction-pools.sh` (and optionally wait for validators to sync), then retry. + - Block production is progressing (run `./scripts/monitoring/monitor-blockchain-health.sh`); if it’s stalled, see `docs/06-besu/CRITICAL_ISSUE_BLOCK_PRODUCTION_STOPPED.md`. +- **If “continue” means:** having 2101/2102 support `txpool_besuClear`, `txpool_clear`, and `admin_removeTransaction`: + - **No.** Those methods are not implemented in Besu; no further “fixes” or config can add them. Use the operational workarounds in §4 instead. + +--- + +## 6. Ensuring 2101 and 2102 use canonical config + +To keep 2101 and 2102 in sync with the repo and with maximum TXPOOL/ADMIN support (without adding the three unsupported methods): + +- Run: + `./scripts/maintenance/ensure-core-rpc-config-2101-2102.sh` + Options: `--dry-run` (no changes), `--2101-only`, `--2102-only`. + The script sets `rpc-http-api` and `rpc-ws-api` on the node to include ETH, NET, WEB3, TXPOOL, QBFT, ADMIN, DEBUG, TRACE (HTTP) and ETH, NET, WEB3, TXPOOL, QBFT, ADMIN (WS), then restarts Besu. +- After any config change, verify with: + - `./scripts/maintenance/health-check-rpc-2101.sh` + - For 2102: + `curl -s -X POST -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}' http://192.168.11.212:8545` + +--- + +## 7. Status to continue (run these before mint/deploy) + +| Check | Command / target | Last result | Action if fail | +|-------|------------------|------------|----------------| +| Core RPC 2101 healthy | `./scripts/maintenance/health-check-rpc-2101.sh` | All passed | Run `./scripts/maintenance/fix-core-rpc-2101.sh` | +| Tx pool empty | `txpool_besuTransactions` → expect 0 | 1 tx (stuck) | Run `./scripts/clear-all-transaction-pools.sh`; wait 30–60s | +| All 5 validators active | `systemctl is-active besu-validator` on 1000–1004 | 1000–1003 active; **1004 failed** | On ML110: `ssh root@192.168.11.10 'pct exec 1004 -- systemctl restart besu-validator'` | +| Block production | `./scripts/monitoring/monitor-blockchain-health.sh` | Stalled | Ensure all 5 validators active; wait for sync | +| RPC for mint | `RPC_URL_138=http://192.168.11.211:8545` in smom-dbis-138/.env | Set | Use Core RPC only | + +**Order to continue:** (1) Restart validator 1004. (2) Clear tx pool. (3) Re-check tx pool = 0 and validators 5/5. (4) Run monitor-blockchain-health until blocks advance. (5) `cd smom-dbis-138 && ./scripts/mint-for-liquidity.sh` then optionally `--add-liquidity`. + +--- + +## 8. Continue run (2026-03-04) + +- ensure-core-rpc-config: 2101 and 2102 updated and restarted. Health-check-rpc-2101 passed. +- Stuck tx: 1 in pool. Clear via `clear-all-transaction-pools.sh`. Validator 1004: **failed** — restart on ML110. Block production stalled until 1004 up and sync; then retry mint. + +**Continue run (same day, after “Update the Status”):** +- Validator 1004 restarted on ML110. +- `clear-all-transaction-pools.sh` run to completion (validators 1000–1004, RPC 2101, 2201 cleared and restarted). +- Tx pool still showed 1 tx after clear (re-broadcast from peers or RPC 2101 pool repopulated). +- Block production still stalled (monitor: “no new blocks in 5s”). +- Mint failed with “Replacement transaction underpriced” until mint script was updated to pass `--gas-price` (uses `GAS_PRICE_138`, default 1 gwei). With `GAS_PRICE_138=500000000000` (500 gwei), first mint tx was **accepted** but **timed out** waiting for confirmation (blocks not advancing). +- **Next:** When blocks advance, run `cd smom-dbis-138 && GAS_PRICE_138=500000000000 ./scripts/mint-for-liquidity.sh` (or re-run clear then mint with default gas). Optional: `--add-liquidity` after mint confirms. + +--- + +## 9. References + +- Besu transaction pool concepts: https://besu.hyperledger.org/stable/public-networks/concepts/transactions/pool +- Resolve stuck tx (workarounds): `./scripts/resolve-stuck-transaction-besu-qbft.sh` +- Clear all tx pools: `./scripts/clear-all-transaction-pools.sh` +- Health: `./scripts/maintenance/health-check-rpc-2101.sh`, `./scripts/monitoring/monitor-blockchain-health.sh` diff --git a/docs/04-configuration/DETAILED_GAPS_AND_ISSUES_LIST.md b/docs/04-configuration/DETAILED_GAPS_AND_ISSUES_LIST.md index 523154c..a3f85c4 100644 --- a/docs/04-configuration/DETAILED_GAPS_AND_ISSUES_LIST.md +++ b/docs/04-configuration/DETAILED_GAPS_AND_ISSUES_LIST.md @@ -166,6 +166,20 @@ --- +## 11a. Interpreting verification HTTP codes (301, 404, 000) + +When running `verify-backend-vms.sh`, `verify-all-systems.sh`, or NPMplus checks, the following responses are **often expected** and do not necessarily indicate a failure: + +| Code | Meaning | Typical cause | +|------|--------|----------------| +| **301** | Redirect | HTTPS redirect (e.g. nginx on :80 redirecting to HTTPS). Service is up. | +| **404** | Not found | Wrong port or path used in the check; or NPMplus/proxy returns 404 for a bare path. Service may still be healthy. | +| **000** | No response | Connection failed from the host running the script: wrong host (e.g. checking NPMplus admin from off-LAN), firewall, or service bound to localhost only (e.g. NPMplus admin on :81 inside CT). | + +**Summary:** 301 = HTTPS redirect (normal). 404 = incorrect port/path or NPMplus behaviour. 000 = connectivity/context (host, TLS, or port). Treat as failures only when the intended endpoint and client context match. + +--- + ## 12. Remaining Operator Actions (Requires Proxmox/Server Access) 1. **Apply nginx fix and deploy config on VMID 5000:** Run `./scripts/apply-remaining-operator-fixes.sh` from repo root (LAN/operator). **Applied 2026-03-02:** nginx fix and explorer config deploy completed successfully. diff --git a/docs/04-configuration/EXPLORER_TROUBLESHOOTING.md b/docs/04-configuration/EXPLORER_TROUBLESHOOTING.md index 7ba9f93..2bafffb 100644 --- a/docs/04-configuration/EXPLORER_TROUBLESHOOTING.md +++ b/docs/04-configuration/EXPLORER_TROUBLESHOOTING.md @@ -67,6 +67,22 @@ If the NPMplus UI shows **ApiError** with **code: 400** and an empty or vague me If 400 persists, check the NPMplus container logs (e.g. from the Proxmox host: `pct exec 10233 -- tail -100 /data/logs/*.log` or the path your NPMplus uses) for the actual validation or backend error. +**ApiError 400 on dashboard load (already logged in)** + +If you see repeated **ApiError code 400** in the console as soon as the NPMplus UI loads (e.g. "Welcome to NPMplus", "You are logged in as Administrator"), the frontend is calling one or more API endpoints that return 400. Common causes: + +1. **Find the failing request:** In the browser, open **Developer Tools** → **Network** tab → reload the NPMplus page. Filter by "Fetch/XHR". Find any request with status **400** and note the **Request URL** and **Response** body. Typical endpoints the dashboard calls: `/api/nginx/proxy-hosts`, `/api/nginx/certificates`, `/api/nginx/access-lists`, `/api/settings`, etc. +2. **Test the API from the command line** (from a host that can reach NPMplus): + ```bash + # From project root, with NPM_PASSWORD and NPM_EMAIL in .env + NPM_URL="https://192.168.11.167:81" bash scripts/verify/export-npmplus-config.sh + ``` + If the export script succeeds, the same GET endpoints work from curl; the 400 may be limited to a specific endpoint or to the browser (e.g. session, or a different endpoint the UI calls). If the script fails with 400, note which step fails (login vs proxy-hosts vs certificates). +3. **Browser:** Try an **incognito/private** window or another browser; clear cache and log in again. +4. **Backend data:** Sometimes one proxy host or certificate record has invalid or unexpected data and the API returns 400 when returning the list. Check NPMplus container logs (see above). If you have a recent backup, you can compare or restore. + +See also: [NPMPLUS_UI_APIERROR_400_RUNBOOK.md](NPMPLUS_UI_APIERROR_400_RUNBOOK.md) for a short runbook and API test commands. + --- ## Fixes Applied (2026-01-31) diff --git a/docs/04-configuration/EXPLORER_WALLET_LINK_QUICK_WIN.md b/docs/04-configuration/EXPLORER_WALLET_LINK_QUICK_WIN.md new file mode 100644 index 0000000..e3b5db1 --- /dev/null +++ b/docs/04-configuration/EXPLORER_WALLET_LINK_QUICK_WIN.md @@ -0,0 +1,78 @@ +# Explorer "Wallet" Link — Quick Win Runbook + +**Purpose:** Add a Wallet link to the Blockscout/explorer navbar so users can reach the wallet page (e.g. https://explorer.d-bis.org/wallet). +**Effort:** ~15 minutes. +**Prerequisite:** SSH access to the explorer VM (e.g. VMID 5000). + +--- + +## Option A: Blockscout frontend (recommended) + +If the explorer uses a Blockscout frontend with a configurable nav: + +1. SSH to the explorer host: + ```bash + ssh user@explorer-host # or pct exec if container + ``` +2. Locate the frontend config or template that defines the navbar (e.g. env `NAV_LINKS`, or a template under the Blockscout app). +3. Add a Wallet entry. Example (env-style): + ```bash + # If NAV_LINKS or similar is JSON: + # Add {"label":"Wallet","href":"/wallet"} to the links array + ``` +4. Restart the frontend service if required; reload the site. + +--- + +## Option B: Static HTML / proxy landing page + +If the explorer is served by Nginx with a static landing page (e.g. `/var/www/html/index.html`): + +1. SSH to the host that serves the explorer (e.g. VMID 5000 or the NPMplus/proxy host). +2. Find the main HTML file. Common paths: + - `/var/www/html/index.html` + - Nginx root for the explorer vhost +3. Open the file and locate the navigation section (e.g. `| Wallet\n|' /var/www/html/index.html +``` + +Prefer manual edit when the HTML structure is not uniform. + +--- + +## Verify + +- Open https://explorer.d-bis.org (or your explorer URL). +- Confirm "Wallet" appears in the navbar. +- Click it and confirm the wallet page loads (e.g. MetaMask chain-add / token list). + +--- + +## References + +- [REMAINING_TASKS.md](../REMAINING_TASKS.md) § Quick Wins +- [OPTIONAL_RECOMMENDATIONS_INDEX.md](../OPTIONAL_RECOMMENDATIONS_INDEX.md) § Quick win: Explorer "Wallet" link diff --git a/docs/04-configuration/INGRESS_VERIFICATION_RUNBOOK.md b/docs/04-configuration/INGRESS_VERIFICATION_RUNBOOK.md index 730b083..cb523c6 100644 --- a/docs/04-configuration/INGRESS_VERIFICATION_RUNBOOK.md +++ b/docs/04-configuration/INGRESS_VERIFICATION_RUNBOOK.md @@ -429,6 +429,14 @@ wscat -c wss://rpc-ws-pub.d-bis.org - Verify certificate in NPMplus: Check certificate list in API export - Renew certificate if expired: NPMplus UI → SSL Certificates → Renew +### Public URL Timeout (000) — DNS OK but explorer.d-bis.org unreachable + +**Symptoms**: `curl https://explorer.d-bis.org` times out; `dig explorer.d-bis.org` returns 76.53.10.36. + +**Cause**: Often NAT hairpin (client on LAN; router does not loop 76.53.10.36 back to NPMplus), or firewall blocking 443. + +**Solutions**: See [EXPLORER_PUBLIC_URL_UNREACHABLE_FIX.md](../05-network/EXPLORER_PUBLIC_URL_UNREACHABLE_FIX.md): enable hairpin on UDM Pro, or use hosts entry `192.168.11.167 explorer.d-bis.org` for LAN; verify port forward; test from external network. + ### Internal Connectivity Fails **Symptoms**: Cannot connect to NPMplus or backend VMs diff --git a/docs/04-configuration/NPMPLUS_CUSTOM_NGINX_CONFIG.md b/docs/04-configuration/NPMPLUS_CUSTOM_NGINX_CONFIG.md new file mode 100644 index 0000000..3bfd22a --- /dev/null +++ b/docs/04-configuration/NPMPLUS_CUSTOM_NGINX_CONFIG.md @@ -0,0 +1,50 @@ +# NPMplus custom Nginx configuration + +**Purpose:** Reference for editing proxy hosts in NPMplus when adding security headers or custom directives. +**Important:** Adding `location '/'` in custom config **overwrites** the proxy; use headers only or a custom `'/'` location as needed. + +--- + +## Proxy details as Nginx variables + +In **Custom Nginx Configuration** for a proxy host, these variables are available: + +| Variable | Meaning | +|----------|--------| +| `$server` | Backend domain or IP (e.g. `192.168.11.140`) | +| `$port` | Backend port (e.g. `80`) | +| `$forward_scheme` | Scheme to backend: `http` or `https` | +| `$forward_path` | Optional path forwarded to backend | + +Use them if you need to reference the proxy target in custom blocks. + +--- + +## Safe custom config (headers only) + +To add **security headers** (including CSP with `'unsafe-eval'` for ethers.js v5) **without** replacing the proxy, paste the following in **Custom Nginx Configuration**. Do **not** add a `location '/'` block here, or it will overwrite the proxy to the backend. + +```nginx +# Security Headers (unsafe-eval for ethers.js v5) +add_header X-Content-Type-Options "nosniff" always; +add_header X-Frame-Options "SAMEORIGIN" always; +add_header X-XSS-Protection "1; mode=block" always; +add_header Referrer-Policy "strict-origin-when-cross-origin" always; +add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests" always; +``` + +These directives apply in the context where NPMplus injects them (typically the proxy location). If your NPMplus version supports **more_set_headers** (from the headers-more module), you can use that instead of `add_header` for more control. + +--- + +## Caveats (from NPMplus) + +- **Adding `location '/'`** in custom config **overwrites** the proxy configuration for that host. The request will no longer be forwarded to `$server:$port`. +- If you need directives **inside** the `'/'` location, create a **custom location** for `'/'` in the UI (e.g. “Custom locations” → add location path `/`) instead of putting `location / { ... }` in the custom Nginx snippet. +- For **headers only**, prefer the snippet above (or **more_set_headers** if available); no `location` block is needed. + +--- + +## Example use + +- **Explorer (explorer.d-bis.org):** Proxy target `http://192.168.11.140:80`. Pasting the security-headers block above into “Custom Nginx Configuration” adds CSP and other headers without changing the proxy. Backend (VMID 5000) still serves the custom frontend and APIs. diff --git a/docs/04-configuration/NPMPLUS_PROXY_HOSTS_SNAPSHOT_2026-03.md b/docs/04-configuration/NPMPLUS_PROXY_HOSTS_SNAPSHOT_2026-03.md new file mode 100644 index 0000000..2c9a6fe --- /dev/null +++ b/docs/04-configuration/NPMPLUS_PROXY_HOSTS_SNAPSHOT_2026-03.md @@ -0,0 +1,86 @@ +# NPMplus Proxy Hosts — Snapshot (March 2026) + +**Source:** NPMplus UI (main instance, VMID 10233). +**Snapshot date:** 2026-03-02. +**Purpose:** Reference of current proxy destinations and their VMID/service mapping. + +--- + +## Unique backends (destination IP:port) + +Deduplicated by destination. Multiple proxy hosts (domains) can point to the same backend. + +| Destination | TLS | Status | VMID / Service | +|-------------|-----|--------|----------------| +| http://192.168.11.140:80 | Certbot | Online | **5000** blockscout-1 (Explorer) | +| http://192.168.11.211:80 | Certbot | Online | **2101** besu-rpc-core-1 (or legacy web?) | +| http://192.168.11.211:8545 | Certbot | Online | **2101** besu-rpc-core-1 | +| http://192.168.11.211:8546 | Certbot | Online | **2101** besu-rpc-core-1 (WS) | +| http://192.168.11.221:8545 | Certbot | Online | **2201** besu-rpc-public-1 | +| http://192.168.11.221:8546 | Certbot | Online | **2201** besu-rpc-public-1 (WS) | +| http://192.168.11.232:8545 | Certbot | Online | **2301** besu-rpc-private-1 | +| http://192.168.11.232:8546 | Certbot | Online | **2301** besu-rpc-private-1 (WS) | +| http://192.168.11.240:443 | Certbot | Online | **2400** thirdweb-rpc-1 (HTTPS) | +| http://192.168.11.246:8545 | Certbot | Online | **2503** besu-rpc-hybx-1 | +| http://192.168.11.247:8545 | Certbot | Online | **2504** besu-rpc-hybx-2 | +| http://192.168.11.248:8545 | Certbot | Online | **2505** besu-rpc-hybx-3 | +| http://192.168.11.172:8545 | Certbot | Online | **2500** besu-rpc-alltra-1 | +| http://192.168.11.173:8545 | Certbot | Online | **2501** besu-rpc-alltra-2 | +| http://192.168.11.174:8545 | Certbot | Online | **2502** besu-rpc-alltra-3 | +| http://192.168.11.177:80 | Certbot | Online | **5201** cacti-alltra-1 | +| http://192.168.11.251:80 | Certbot | Online | Legacy / verify (2501 destroyed; 2201 → .221) | +| http://192.168.11.58:80 | Certbot | Online | **5801** dapp-smom | +| http://192.168.11.130:80 | Certbot | Online | **10130** dbis-frontend | +| http://192.168.11.155:3000 | Certbot | Online | **10150** dbis-api-primary | +| http://192.168.11.156:3000 | Certbot | Online | **10151** dbis-api-secondary | +| http://192.168.11.54:3001 | Certbot | Public | **7804** Gov Portals (dbis.xom-dev.phoenix.sankofa.nexus) | +| http://192.168.11.54:3002 | HTTP only | **Unknown** | **7804** Gov Portals (iccc.xom-dev) | +| http://192.168.11.54:3003 | HTTP only | **Unknown** | **7804** Gov Portals (omnl.xom-dev) | +| http://192.168.11.54:3004 | HTTP only | **Unknown** | **7804** Gov Portals (xom.xom-dev) | +| http://192.168.11.60:3000 | Certbot | Online | **3000** or **5700** (ML / Dev VM — confirm which has .60) | +| http://192.168.11.37:80 | Certbot | Online | **7810** mim-web-1 (MIM4U) | +| http://192.168.11.36:80 | Certbot | Online | **7811** mim-api-1 | +| http://192.168.11.50:4000 | Certbot | Online | **7800** sankofa-api-1 (Phoenix API) | +| http://192.168.11.51:3000 | Certbot | Online | **7801** sankofa-portal-1 (Sankofa Portal) | +| http://192.168.11.72:8000 | Certbot | Online | **7805** sankofa-studio | +| http://192.168.11.10:8006 | Certbot | Online | Proxmox ml110 API | +| http://192.168.11.11:8006 | Certbot | Online | Proxmox r630-01 API | +| http://192.168.11.12:8006 | Certbot | Online | Proxmox r630-02 API | + +--- + +## Not in this NPMplus instance + +- **192.168.11.85** (Mifos, VMID 5800): Proxied by **NPMplus Mifos (VMID 10237)** at 192.168.11.171, not by main NPMplus (10233). Target is **https://192.168.11.85:443** (Mifos serves HTTPS only on this VM). + +--- + +## Proper ports (from health checks) + +| VMID | Hostname | Use this port for health/NPMplus | +|------|----------|-----------------------------------| +| 5000 | blockscout-1 | **80** (redirect), **443**, **4000** (API) | +| 2400 | thirdweb-rpc-1 | **443** (HTTPS proxy) or **8545** (RPC direct) | +| 5800 | mifos | **443** (HTTPS only; no :80 listener) — on NPMplus 10237 | +| 10130 | dbis-frontend | **80** | +| 10150 | dbis-api-primary | **3000** | +| 10151 | dbis-api-secondary | **3000** | + +--- + +## Status notes + +- **Online:** NPMplus reports the backend as reachable. +- **Unknown:** NPMplus reports Unknown (e.g. 192.168.11.54:3002, :3003, :3004) — may need TLS or backend check. +- **192.168.11.251:80:** Likely legacy; VMID 2501 (besu-rpc-2) was destroyed; core/public RPC are .211 and .221. Confirm or remove. +- **Duplicates in UI:** Same destination can appear multiple times (different domains), e.g. 192.168.11.140:80, 192.168.11.37:80, 192.168.11.221:8545/8546. + +--- + +## Related docs + +- [NPMPLUS_CUSTOM_NGINX_CONFIG.md](NPMPLUS_CUSTOM_NGINX_CONFIG.md) — proxy variables (`$server`, `$port`, `$forward_scheme`, `$forward_path`), safe custom config (headers only), and caveat: do not add `location '/'` or it overwrites the proxy. +- [ALL_VMIDS_ENDPOINTS.md](ALL_VMIDS_ENDPOINTS.md) — canonical VMID ↔ IP:port +- [RPC_ENDPOINTS_MASTER.md](RPC_ENDPOINTS_MASTER.md) — domain → backend +- [NPMPLUS_SERVICE_MAPPING_COMPLETE.md](NPMPLUS_SERVICE_MAPPING_COMPLETE.md) — NPMplus configuration reference +- [DETAILED_GAPS_AND_ISSUES_LIST.md](DETAILED_GAPS_AND_ISSUES_LIST.md) §11a — interpreting 301/404/000 diff --git a/docs/04-configuration/NPMPLUS_UI_APIERROR_400_RUNBOOK.md b/docs/04-configuration/NPMPLUS_UI_APIERROR_400_RUNBOOK.md new file mode 100644 index 0000000..9216142 --- /dev/null +++ b/docs/04-configuration/NPMPLUS_UI_APIERROR_400_RUNBOOK.md @@ -0,0 +1,103 @@ +# NPMplus UI — ApiError 400 runbook + +**Symptom:** NPMplus at https://192.168.11.167:81 shows "Welcome to NPMplus", "You are logged in as Administrator", but the browser console shows repeated **ApiError** with **code: 400** and empty or vague **message**. + +**Meaning:** The UI is logged in, but one or more API calls (e.g. loading proxy hosts, certificates, settings) return HTTP 400 Bad Request. The frontend (main.bundle.js) turns that into ApiError. + +--- + +## 1. Identify which request returns 400 + +1. Open NPMplus in the browser: `https://192.168.11.167:81` +2. Open **Developer Tools** (F12) → **Network** tab +3. Enable "Preserve log" if available +4. Reload the page (or navigate to the tab that triggers the errors) +5. In the Network list, filter by **Fetch/XHR** (or look for requests to `/api/`) +6. Find any request with status **400** (red). Click it and check: + - **Request URL** (e.g. `https://192.168.11.167:81/api/nginx/proxy-hosts`) + - **Response** body (often JSON with an error message or validation detail) + +Note the exact URL and response; that tells you which backend endpoint is failing. + +--- + +## 2. Test the same endpoint from the command line + +From a machine that can reach NPMplus (e.g. on the same LAN), with `NPM_EMAIL` and `NPM_PASSWORD` set (e.g. from `.env`): + +```bash +cd /path/to/proxmox +source .env 2>/dev/null || true +NPM_URL="${NPM_URL:-https://192.168.11.167:81}" + +# Login and get token +TOKEN_RESPONSE=$(curl -s -k -X POST "$NPM_URL/api/tokens" \ + -H "Content-Type: application/json" \ + -d "{\"identity\":\"$NPM_EMAIL\",\"secret\":\"$NPM_PASSWORD\"}") +TOKEN=$(echo "$TOKEN_RESPONSE" | jq -r '.token // empty') + +if [ -z "$TOKEN" ]; then + echo "Login failed: $TOKEN_RESPONSE" + exit 1 +fi +echo "Login OK" + +# Test endpoints the dashboard typically calls +for path in "/api/nginx/proxy-hosts" "/api/nginx/certificates" "/api/nginx/access-lists"; do + CODE=$(curl -s -k -o /tmp/npm_test_body -w "%{http_code}" -X GET "$NPM_URL$path" -H "Authorization: Bearer $TOKEN") + echo "$path -> HTTP $CODE" + [ "$CODE" != "200" ] && echo " Body: $(head -c 500 /tmp/npm_test_body)" +done +``` + +- If **login** fails with 400: credentials or request body may be wrong. +- If **proxy-hosts** or **certificates** returns 400: the backend may be rejecting the request or returning bad data (e.g. invalid record in DB). Check NPMplus logs. + +--- + +## 3. NPMplus container logs + +From the Proxmox host that runs NPMplus (VMID 10233, typically 192.168.11.11): + +```bash +ssh root@192.168.11.11 "pct exec 10233 -- docker logs npmplus --tail 200 2>&1" +``` + +Or, if NPMplus runs without Docker inside the container: + +```bash +ssh root@192.168.11.11 "pct exec 10233 -- tail -200 /data/logs/*.log 2>/dev/null" +``` + +Look for lines containing "400", "Bad Request", or validation errors around the time you load the UI. + +--- + +## 4. Quick fixes to try + +| Action | When it helps | +|--------|----------------| +| **Hard refresh / clear cache** | Cached frontend or bad session | +| **Incognito window** | Extensions or cache affecting requests | +| **Different browser** | Browser-specific behavior | +| **Re-login** | Session or token format issue | +| **Use .166 instead of .167** | If NPMplus is bound to .166 and .167 is a VIP, try `https://192.168.11.166:81` | + +--- + +## 5. If one endpoint always returns 400 + +- **GET /api/nginx/proxy-hosts** or **/api/nginx/certificates** returning 400 can mean the backend has a record that fails validation when serialized. Options: restore from backup, or (if you have DB access) inspect and fix or remove the offending row. See [NPMPLUS_BACKUP_RESTORE.md](NPMPLUS_BACKUP_RESTORE.md). +- **NPMplus version:** You are on 2.12.3+0a85402. Check release notes or issues for that version for known 400s on list endpoints. + +--- + +## 6. Export config (full API test) + +Running the full export script exercises login + proxy-hosts + certificates: + +```bash +NPM_URL="https://192.168.11.167:81" bash scripts/verify/export-npmplus-config.sh +``` + +If this completes without error, the main GET APIs work from curl; the UI 400 may be a different endpoint or browser-specific. If it fails, the script output shows which step returned an error. diff --git a/docs/04-configuration/PROXMOX_ADD_THIRD_FOURTH_R630_DECISION.md b/docs/04-configuration/PROXMOX_ADD_THIRD_FOURTH_R630_DECISION.md new file mode 100644 index 0000000..3d3e0de --- /dev/null +++ b/docs/04-configuration/PROXMOX_ADD_THIRD_FOURTH_R630_DECISION.md @@ -0,0 +1,65 @@ +# Adding a third and/or fourth R630 before migration — decision guide + +**Context:** You are about to balance load by migrating containers from r630-01 to r630-02 (and optionally ml110). You asked whether it makes sense to add a **third** and/or **fourth** R630 to Proxmox **before** starting that migration. + +--- + +## 1. You may already have a third and fourth R630 + +The repo documents **r630-03** (192.168.11.13) and **r630-04** (192.168.11.14): + +- **Status:** Powered off; **not currently in the Proxmox cluster** (only ml110, r630-01, r630-02 are active). +- **Hardware (per report):** Dell R630, 512 GB RAM each, 2×600 GB boot, 6×250 GB SSD. +- **Issues when last used:** Not in cluster, SSL/certificate issues, and others — all with documented fixes. + +**If these servers are still available and you are willing to power them on and fix them:** + +- **Add them to the cluster first** (power on → fix SSL/join cluster per [reports/R630_03_04_POWER_ON_ISSUES_AND_FIXES.md](../../reports/R630_03_04_POWER_ON_ISSUES_AND_FIXES.md)). +- Then you have **four** Proxmox nodes (ml110 + r630-01, -02, -03, -04) or **three R630s + ml110**. Migration can then spread workload to r630-03 and r630-04 as well, instead of only to r630-02 and ml110. +- That gives more headroom and better HA (see below) **without** buying new hardware. + +**If r630-03/04 are decommissioned or unavailable:** Treat this as “add new R630(s)” below. + +--- + +## 2. Does it make sense to add a third/fourth R630 (or bring r630-03/04 online) before migration? + +**Yes, it can make sense**, depending on goals. + +| Goal | Add 3rd/4th R630 before migration? | Notes | +|------|-------------------------------------|--------| +| **Reduce load on r630-01 quickly** | Optional | Migration to **existing** r630-02 (and ml110) already helps. You can migrate first and add nodes later. | +| **More headroom long term** | Yes | With 3–4 R630s (+ ml110), workload is spread across more nodes; no single node is as hot as r630-01 today. | +| **Proxmox HA + Ceph** | Yes (3 min, 4 better) | Per [PROXMOX_HA_CLUSTER_ROADMAP.md](../02-architecture/PROXMOX_HA_CLUSTER_ROADMAP.md): **3 R630s** minimum for HA + Ceph; **4 R630s** better for Ceph recovery. You currently have 2 R630s + ml110; adding a 3rd (and 4th) R630 aligns with that. | +| **Avoid “just moving the problem”** | Yes | If you only move workload to r630-02, r630-02 may become the new bottleneck. Adding nodes gives more capacity so migration actually balances. | +| **Cost / complexity** | Your call | New hardware = cost and setup. Bringing r630-03/04 back = no new purchase, but time to power on, fix, and join cluster. | + +**Practical recommendation:** + +1. **If r630-03 and/or r630-04 exist and are usable:** + **Power them on and add them to the cluster first**, then run migration. You get a 4- (or 5-) node cluster and can move workload to r630-03 and r630-04 as well as r630-02. Use [reports/R630_03_04_POWER_ON_ISSUES_AND_FIXES.md](../../reports/R630_03_04_POWER_ON_ISSUES_AND_FIXES.md) for the fix sequence. + +2. **If you do not have extra R630s (or they’re gone):** + **Migration first** is still valid: move candidates from r630-01 to r630-02 (and optionally ml110) per [PROXMOX_LOAD_BALANCING_RUNBOOK.md](PROXMOX_LOAD_BALANCING_RUNBOOK.md). That reduces r630-01 load with no new hardware. If after that you still want more capacity or HA, **then** add a 3rd (and 4th) R630. + +3. **If you are buying new R630s:** + For HA + Ceph, the docs recommend **at least 3 R630s** (4 is better). So adding a **third** R630 is the minimum for that path; a **fourth** improves Ceph and spread. You can add them before or after the current migration; adding before gives more migration targets. + +--- + +## 3. Order of operations (suggested) + +| Scenario | Order | +|----------|--------| +| **r630-03 / r630-04 exist and you will use them** | 1) Power on r630-03 (and -04). 2) Fix and join cluster. 3) Run load-balance migration (including to r630-03 / -04 if desired). | +| **No extra R630s yet; migration only** | 1) Run migration r630-01 → r630-02 (and optionally ml110). 2) Re-check load. 3) If needed, plan 3rd/4th R630. | +| **Buying new 3rd/4th R630** | 1) Install Proxmox and join cluster. 2) Run migration so new nodes take part of the workload. | + +--- + +## 4. References + +- **r630-03/04 issues and fixes:** [reports/R630_03_04_POWER_ON_ISSUES_AND_FIXES.md](../../reports/R630_03_04_POWER_ON_ISSUES_AND_FIXES.md) +- **HA and how many R630s:** [PROXMOX_HA_CLUSTER_ROADMAP.md](../02-architecture/PROXMOX_HA_CLUSTER_ROADMAP.md) — “At least 3 R630s for full HA with Ceph; 4 is better.” +- **Load-balance migration:** [PROXMOX_LOAD_BALANCING_RUNBOOK.md](PROXMOX_LOAD_BALANCING_RUNBOOK.md) +- **13-node long-term plan:** [R630_13_NODE_DOD_HA_MASTER_PLAN.md](../02-architecture/R630_13_NODE_DOD_HA_MASTER_PLAN.md) diff --git a/docs/04-configuration/PROXMOX_LOAD_BALANCING_RUNBOOK.md b/docs/04-configuration/PROXMOX_LOAD_BALANCING_RUNBOOK.md new file mode 100644 index 0000000..5cdd0f0 --- /dev/null +++ b/docs/04-configuration/PROXMOX_LOAD_BALANCING_RUNBOOK.md @@ -0,0 +1,116 @@ +# Proxmox load balancing runbook + +**Purpose:** Reduce load on the busiest node (r630-01) by migrating selected LXC containers to r630-02. Also frees space on r630-01 when moving to another host. **Note:** ml110 is being repurposed to OPNsense/pfSense (WAN aggregator); migrate workloads *off* ml110 to r630-01/r630-02 before repurpose — see [ML110_OPNSENSE_PFSENSE_WAN_AGGREGATOR.md](../11-references/ML110_OPNSENSE_PFSENSE_WAN_AGGREGATOR.md). + +**Before you start:** If you are considering adding a **third or fourth R630** to the cluster first, see [PROXMOX_ADD_THIRD_FOURTH_R630_DECISION.md](PROXMOX_ADD_THIRD_FOURTH_R630_DECISION.md) — including whether you already have r630-03/r630-04 (powered off) to bring online. + +**Current imbalance (typical):** + +| Node | IP | LXC count | Load (1/5/15) | Notes | +|----------|---------------|-----------|------------------|--------------| +| r630-01 | 192.168.11.11 | 58 | 56 / 81 / 92 | Heavily loaded | +| r630-02 | 192.168.11.12 | 23 | ~4 / 4 / 4 | Light | +| ml110 | 192.168.11.10 | 18 | ~7 / 7 / 9 | **Repurposing to OPNsense/pfSense** — migrate workloads off to r630-01/r630-02 | + +**Ways to balance:** + +1. **Cross-host migration (r630-01 → r630-02)** — Moves workload off r630-01. IP stays the same if the container uses a static IP; only the Proxmox host changes. (ml110 is no longer a migration target; migrate containers *off* ml110 first.) +2. **Same-host storage migration (r630-01 data → thin1)** — Frees space on the `data` pool and can improve I/O; does not reduce CPU/load by much. See [MIGRATION_PLAN_R630_01_DATA.md](MIGRATION_PLAN_R630_01_DATA.md). + +--- + +## 1. Check cluster (live migrate vs backup/restore) + +If all nodes are in the **same Proxmox cluster**, you can try **live migration** (faster, less downtime): + +```bash +ssh root@192.168.11.11 "pvecm status" +ssh root@192.168.11.12 "pvecm status" +``` + +- If both show the **same cluster name** and list each other: use `pct migrate --restart` from any cluster node (run on r630-01 or from a host that SSHs to r630-01). +- If nodes are **not** in a cluster (or migrate fails due to storage): use **backup → copy → restore** with the script below. + +--- + +## 2. Cross-host migration (r630-01 → r630-02) + +**Script (backup/restore; works without shared storage):** + +```bash +cd /path/to/proxmox + +# One container (replace VMID and target storage) +./scripts/maintenance/migrate-ct-r630-01-to-r630-02.sh [target_storage] [--destroy-source] + +# Examples +./scripts/maintenance/migrate-ct-r630-01-to-r630-02.sh 3501 thin1 --dry-run +./scripts/maintenance/migrate-ct-r630-01-to-r630-02.sh 3501 thin1 --destroy-source +``` + +**Target storage on r630-02:** Check with `ssh root@192.168.11.12 "pvesm status"`. Common: `thin1`, `thin2`, `thin5`, `thin6`. + +**If cluster works (live migrate):** + +```bash +ssh root@192.168.11.11 "pct migrate r630-02 --storage thin1 --restart" +# Then remove source CT if desired: pct destroy --purge 1 +``` + +--- + +## 3. Good candidates to move (r630-01 → r630-02) + +Containers that **reduce load** and are **safe to move** (no critical chain/consensus; IP can stay static). Prefer moving several smaller ones rather than one critical RPC. + +| VMID | Name / role | Notes | +|--------|------------------------|-------| +| 3500 | oracle-publisher-1 | Oracle publisher | +| 3501 | ccip-monitor-1 | CCIP monitor | +| 7804 | gov-portals-dev | Gov portals (already migrated in past; verify current host) | +| 8640 | vault-phoenix-1 | Vault (if not critical path) | +| 8642 | vault-phoenix-3 | Vault | +| 10232 | CT10232 | Small service | +| 10235 | npmplus-alltra-hybx | NPMplus instance (has its own NPM; update UDM port forward if needed) | +| 10236 | npmplus-fourth | NPMplus instance | +| 10030–10092 | order-* (identity, intake, finance, etc.) | Order stack; move as a group if desired | +| 10200–10210 | order-prometheus, grafana, opensearch, haproxy | Monitoring/HA; move with order-* or after | + +**Do not move (keep on r630-01 for now):** + +- **10233** — npmplus (main NPMplus; 76.53.10.36 → .167) +- **2101** — besu-rpc-core-1 (core RPC for deploy/admin) +- **2500–2505** — RPC alltra/hybx (critical RPCs) +- **1000–1002, 1500–1502** — validators and sentries (consensus) +- **10130, 10150, 10151** — dbis-frontend, dbis-api (core apps; move only with a plan) +- **100, 101, 102, 103, 104, 105** — mail, datacenter, cloudflared, omada, gitea (infra) + +--- + +## 4. Migrating workloads *off* ml110 (before OPNsense/pfSense repurpose) + +ml110 (192.168.11.10) is being **repurposed to OPNsense/pfSense** (WAN aggregator between 6–10 cable modems and UDM Pros). All containers/VMs on ml110 must be **migrated to r630-01 or r630-02** before the repurpose. + +- **If cluster:** `ssh root@192.168.11.10 "pct migrate r630-01 --storage --restart"` or `... r630-02 ...` +- **If no cluster:** Use backup on ml110, copy to r630-01 or r630-02, restore there (see [MIGRATE_CT_R630_01_TO_R630_02.md](../03-deployment/MIGRATE_CT_R630_01_TO_R630_02.md) and adapt for source=ml110, target=r630-01 or r630-02). + +After all workloads are off ml110, remove ml110 from the cluster (or reinstall the node with OPNsense/pfSense). See [ML110_OPNSENSE_PFSENSE_WAN_AGGREGATOR.md](../11-references/ML110_OPNSENSE_PFSENSE_WAN_AGGREGATOR.md). + +--- + +## 5. After migration + +- **IP:** Containers keep the same IP if they use static IP in the CT config; no change needed for NPM/DNS if they point by IP. +- **Docs:** Update any runbooks or configs that assume “VMID X is on r630-01” (e.g. `config/ip-addresses.conf` comments, backup scripts). +- **Verify:** Re-run `bash scripts/check-all-proxmox-hosts.sh` and confirm load and container counts. + +--- + +## 6. Quick reference + +| Goal | Command / doc | +|------|----------------| +| Check current load | `bash scripts/check-all-proxmox-hosts.sh` | +| Migrate one CT (r630-01 → r630-02) | `./scripts/maintenance/migrate-ct-r630-01-to-r630-02.sh thin1 [--destroy-source]` | +| Same-host (data → thin1) | [MIGRATION_PLAN_R630_01_DATA.md](MIGRATION_PLAN_R630_01_DATA.md), `migrate-ct-r630-01-data-to-thin1.sh` | +| Full migration doc | [MIGRATE_CT_R630_01_TO_R630_02.md](../03-deployment/MIGRATE_CT_R630_01_TO_R630_02.md) | diff --git a/docs/04-configuration/README.md b/docs/04-configuration/README.md index 8db9bd3..bce8567 100644 --- a/docs/04-configuration/README.md +++ b/docs/04-configuration/README.md @@ -21,6 +21,11 @@ This directory contains setup and configuration guides. - **[cloudflare/](cloudflare)** ⭐⭐⭐ - Cloudflare configuration documentation - **[CLOUDFLARE_CREDENTIALS_BOTH_METHODS.md](CLOUDFLARE_CREDENTIALS_BOTH_METHODS.md)** ⭐⭐ - API token vs email+key; Certbot one method per file - **[NPMPLUS_CERTBOT_CLOUDNS_CREDENTIALS.md](NPMPLUS_CERTBOT_CLOUDNS_CREDENTIALS.md)** ⭐ - ClouDNS credentials from .env for NPMplus Certbot DNS challenge +- **[NPMPLUS_PROXY_HOSTS_SNAPSHOT_2026-03.md](NPMPLUS_PROXY_HOSTS_SNAPSHOT_2026-03.md)** - Snapshot of NPMplus proxy destinations (IP:port) and VMID mapping (March 2026) +- **[NPMPLUS_CUSTOM_NGINX_CONFIG.md](NPMPLUS_CUSTOM_NGINX_CONFIG.md)** - NPMplus custom config: proxy variables, security headers (CSP with unsafe-eval for ethers.js), and caveat (do not add `location '/'`) +- **[NPMPLUS_UI_APIERROR_400_RUNBOOK.md](NPMPLUS_UI_APIERROR_400_RUNBOOK.md)** - NPMplus UI ApiError 400 on dashboard load: find failing request, test API with curl, logs, fixes +- **[PROXMOX_LOAD_BALANCING_RUNBOOK.md](PROXMOX_LOAD_BALANCING_RUNBOOK.md)** - Balance Proxmox load: migrate containers from r630-01 to r630-02/ml110; candidates, script, cluster vs backup/restore +- **[PROXMOX_ADD_THIRD_FOURTH_R630_DECISION.md](PROXMOX_ADD_THIRD_FOURTH_R630_DECISION.md)** - Add 3rd/4th R630 before migration? r630-03/04 status, HA/Ceph (3–4 nodes), order of operations - **[ER605_ROUTER_CONFIGURATION.md](ER605_ROUTER_CONFIGURATION.md)** ⭐⭐ - ER605 router configuration - **[OMADA_API_SETUP.md](OMADA_API_SETUP.md)** ⭐⭐ - Omada API integration setup - **[OMADA_HARDWARE_CONFIGURATION_REVIEW.md](OMADA_HARDWARE_CONFIGURATION_REVIEW.md)** ⭐⭐⭐ - Comprehensive Omada hardware and configuration review @@ -96,6 +101,7 @@ This directory contains setup and configuration guides. **Explorer (explorer.d-bis.org):** - **[EXPLORER_FUNCTIONALITY_REVIEW.md](EXPLORER_FUNCTIONALITY_REVIEW.md)** - Routes, API URLs, contract verification, Snap send HTTPS. - **[EXPLORER_GAPS_AND_RECOMMENDATIONS.md](EXPLORER_GAPS_AND_RECOMMENDATIONS.md)** - Loading on all pages, bridge/lanes, **Verify & Publish** (UI) and batch verification (Forge + proxy), user/API key issuance, operator checklist. +- **[EXPLORER_WALLET_LINK_QUICK_WIN.md](EXPLORER_WALLET_LINK_QUICK_WIN.md)** — Add Wallet link to explorer navbar (quick win runbook) - **[EXPLORER_TROUBLESHOOTING.md](EXPLORER_TROUBLESHOOTING.md)** - SSL, NPMplus, 502/verification failures, common errors. - **Contract verification (Forge + Blockscout):** [../08-monitoring/BLOCKSCOUT_VERIFICATION_GUIDE.md](../08-monitoring/BLOCKSCOUT_VERIFICATION_GUIDE.md) — proxy, manual UI, 502/HTML troubleshooting. diff --git a/docs/04-configuration/THIRDWEB_ENGINE_CHAIN_OVERRIDES.md b/docs/04-configuration/THIRDWEB_ENGINE_CHAIN_OVERRIDES.md new file mode 100644 index 0000000..3b73e5b --- /dev/null +++ b/docs/04-configuration/THIRDWEB_ENGINE_CHAIN_OVERRIDES.md @@ -0,0 +1,110 @@ +# thirdweb Engine — Custom Chain Overrides + +**Purpose:** Document chain overrides for thirdweb Engine so it can resolve RPC and metadata for Chain 138 and ALL Mainnet (651940). Required for AA (account abstraction), paymaster, and backend wallet flows on these chains. + +**Reference:** [Custom Chains \| thirdweb Engine](https://portal.thirdweb.com/engine/v2/features/custom-chains). + +--- + +## Why override + +Engine needs to know RPC URLs and chain metadata for every chain your app uses. Public chain lists may not include 138 or 651940; adding overrides prevents "unknown chain" errors and keeps AA + paymaster stable. + +--- + +## Chain override shape + +Per chain, configure at least: + +| Field | Type | Description | +|-------|------|-------------| +| `chainId` | number | 138 or 651940 | +| `rpc` | string[] | Primary RPC first; fallback URLs optional | +| `nativeCurrency` | object | `{ name, symbol, decimals }` | +| `blockExplorers` | array | `[{ name, url }]` (optional but recommended) | +| `name` | string | Human-readable name | +| `slug` | string | Optional; used in logs/APIs | + +--- + +## Chain 138 (DeFi Oracle Meta Mainnet) + +```json +{ + "chainId": 138, + "name": "DeFi Oracle Meta Mainnet", + "slug": "chain-138", + "rpc": [ + "https://rpc-http-pub.d-bis.org", + "https://rpc.d-bis.org", + "https://rpc.defi-oracle.io" + ], + "nativeCurrency": { + "name": "Ether", + "symbol": "ETH", + "decimals": 18 + }, + "blockExplorers": [ + { + "name": "Explorer", + "url": "https://explorer.d-bis.org" + } + ] +} +``` + +**Admin/deployment RPC:** Set via `RPC_URL_138` (e.g. `http://192.168.11.211:8545`) when running from LAN; use public RPC in Engine for external clients. + +--- + +## Chain 651940 (ALL Mainnet / Alltra) + +```json +{ + "chainId": 651940, + "name": "ALL Mainnet", + "slug": "alltra", + "rpc": [ + "https://mainnet-rpc.alltra.global" + ], + "nativeCurrency": { + "name": "Ether", + "symbol": "ETH", + "decimals": 18 + }, + "blockExplorers": [ + { + "name": "Alltra", + "url": "https://alltra.global" + } + ] +} +``` + +**Usage:** Alltra-native sponsorship and x402 USDC payments use this chain. Add fallback RPC in `rpc[]` if Alltra provides one. + +--- + +## Where to configure + +- **Engine dashboard:** Add custom chains in the Engine project settings (Custom Chains / Chain Overrides). +- **Config file:** If your Engine deployment uses a config file, add the above objects to the chain overrides section per [Engine Custom Chains docs](https://portal.thirdweb.com/engine/v2/features/custom-chains). + +--- + +## Checklist + +- [ ] Add chain **138** with production RPC (and fallback if available). +- [ ] Add chain **651940** with production RPC so paymaster and backend wallets work on Alltra. +- [ ] Ensure `nativeCurrency` and `blockExplorers` are set so fee display and explorer links work. + +--- + +## Single source of truth + +RPC and explorer URLs are aligned with: + +- [smom-dbis-138/services/token-aggregation/src/config/chains.ts](../../smom-dbis-138/services/token-aggregation/src/config/chains.ts) — `CHAIN_CONFIGS[138]`, `CHAIN_CONFIGS[651940]` +- [metamask-integration/provider/config/DUAL_CHAIN_NETWORKS.json](../../metamask-integration/provider/config/DUAL_CHAIN_NETWORKS.json) + +Update this doc if you add new RPC endpoints or explorers. diff --git a/docs/04-configuration/THIRDWEB_WALLETS_INTEGRATION.md b/docs/04-configuration/THIRDWEB_WALLETS_INTEGRATION.md index a09093c..9a5e844 100644 --- a/docs/04-configuration/THIRDWEB_WALLETS_INTEGRATION.md +++ b/docs/04-configuration/THIRDWEB_WALLETS_INTEGRATION.md @@ -56,7 +56,26 @@ Relevant for backend or headless flows: **Secrets / env:** - **frontend-dapp:** `VITE_THIRDWEB_CLIENT_ID`, `VITE_WALLETCONNECT_PROJECT_ID` (see [MASTER_SECRETS.md](MASTER_SECRETS.md), [DAPP_LXC_DEPLOYMENT.md](../03-deployment/DAPP_LXC_DEPLOYMENT.md)). -- **x402-api:** `THIRDWEB_SECRET_KEY` (backend only). +- **x402-api:** `THIRDWEB_SECRET_KEY` (backend only), `SERVER_WALLET_ADDRESS` (treasury for x402). When `X402_USE_ALLTRA=true`, local verification does not require `THIRDWEB_SECRET_KEY`. + +--- + +## 3.1 Server wallet (admin signer) — usage policy + +Use the **server wallet** (e.g. the key backing `SERVER_WALLET_ADDRESS` or an Engine backend wallet) only for: + +- **Contract admin actions:** roles, pausing, upgrades. +- **Allowlist / signature minting** (if your contracts support it). +- **Indexer repair jobs** (rare, e.g. backfill or reconciliation). +- **Operational controls:** key rotation, emergency ops. + +**Do not** use it for user flows (no user impersonation). Keep keys in **KMS, HSM, or secure custody**. See [ALLTRA_X402_OPERATOR_GUIDE.md](ALLTRA_X402_OPERATOR_GUIDE.md) for Alltra/x402 operator context. + +**User wallets vs server wallet:** + +- **External connect:** power users (MetaMask, WalletConnect, etc.). +- **Embedded:** email/social/passkeys for smooth onboarding; both are user-controlled. +- **Server wallet:** backend-only; never exposed to or used on behalf of end users. --- diff --git a/docs/04-configuration/X402_ALLTRA_ENDPOINT_SPEC.md b/docs/04-configuration/X402_ALLTRA_ENDPOINT_SPEC.md new file mode 100644 index 0000000..a6788bd --- /dev/null +++ b/docs/04-configuration/X402_ALLTRA_ENDPOINT_SPEC.md @@ -0,0 +1,116 @@ +# x402 Endpoint Contract — Alltra (651940) + USDC + +**Purpose:** Spec for Alltra-native x402 paid endpoints: 402 challenge, retry with PAYMENT-SIGNATURE, and local verification on chain 651940 with USDC. Settlement is on Alltra; no dependency on Base or external facilitator. + +**References:** [coinbase/x402](https://github.com/coinbase/x402), [HTTP 402 — x402](https://docs.x402.org/core-concepts/http-402), [ADDRESS_MATRIX_AND_STATUS.md](../11-references/ADDRESS_MATRIX_AND_STATUS.md) §2.3 (Alltra USDC). + +--- + +## 1. Overview + +- **Chain:** `eip155:651940` (ALL Mainnet / Alltra) +- **Payment token:** USDC at `0xa95EeD79f84E6A0151eaEb9d441F9Ffd50e8e881` +- **Recipient:** Server treasury (e.g. `SERVER_WALLET_ADDRESS`) +- **Verification:** Local (recommended): server verifies signature, intent, and on-chain settlement; optional facilitator-like `/verify` later. + +--- + +## 2. Step 1 — Client calls paid endpoint (unpaid) + +**Request:** `GET /api/resource` (or any paid route) + +**Response when unpaid:** `402 Payment Required` + +**Headers:** + +- `PAYMENT-REQUIRED: ` + +**PaymentRequired (JSON, then base64-encoded):** + +| Field | Type | Description | +|-------|------|-------------| +| `network` | string | `eip155:651940` | +| `asset` | string | USDC contract address (0xa95EeD79f84E6A0151eaEb9d441F9Ffd50e8e881) | +| `amount` | string | Price in base units (e.g. "10000" for 0.01 USDC if 6 decimals) | +| `recipient` | string | Treasury address | +| `nonce` | string | Unique per request (e.g. UUID) | +| `expiresAt` | string | ISO 8601 (e.g. now + 5 minutes) | +| `resourceId` | string | Identifies the resource (e.g. URL or hash) so payment is bound to the request | + +**Example (decoded):** + +```json +{ + "network": "eip155:651940", + "asset": "0xa95EeD79f84E6A0151eaEb9d441F9Ffd50e8e881", + "amount": "10000", + "recipient": "0x...", + "nonce": "550e8400-e29b-41d4-a716-446655440000", + "expiresAt": "2026-03-04T12:05:00.000Z", + "resourceId": "GET /api/premium" +} +``` + +--- + +## 3. Step 2 — Client pays and retries + +Client performs USDC transfer (or authorization) on chain 651940 to `recipient` for `amount`, then retries the same request with: + +**Headers:** + +- `PAYMENT-SIGNATURE: ` + +**PaymentPayload (JSON, then base64-encoded):** + +| Field | Type | Description | +|-------|------|-------------| +| `payer` | string | Payer wallet address | +| `signature` | string | Signature over the payment intent (e.g. EIP-191 or EIP-712 of PaymentRequired or its hash) | +| `paymentRequired` | object | Copy of PaymentRequired so server can verify match | +| `txHash` | string (optional) | Transaction hash on 651940 proving transfer (for on-chain verification) | + +Server uses `txHash` to verify settlement via `eth_getTransactionReceipt` on 651940 when doing local verification. + +--- + +## 4. Step 3 — Server verification (Alltra-native local) + +1. **Decode** PaymentPayload from base64. +2. **Verify signature** — signature belongs to `payer` (recover signer from signature over payment intent). +3. **Verify intent** — PaymentPayload.paymentRequired matches the server-issued PaymentRequired (same amount, asset, chain, recipient, resourceId); `expiresAt` is in the future. +4. **Verify settlement:** + - If `txHash` present: call 651940 RPC `eth_getTransactionReceipt(txHash)`; confirm success and that transfer is to `recipient` for `amount` (USDC) from `payer`. + - If authorization-based: verify authorization and that a transfer occurred (per your scheme). +5. **Replay:** Mark `(payer, resourceId, nonce)` as consumed (store in DB or cache with TTL); reject if already consumed. +6. **Respond:** Return 200 with resource body; optionally set `PAYMENT-RESPONSE` header (per x402) with settlement response. + +--- + +## 5. Replay protection + +- Key: `(payer, resourceId, nonce)`. +- Store consumed keys with expiry ≥ `expiresAt` so the same nonce cannot be reused. +- Production: use Redis or DB; development: in-memory Map with TTL is acceptable. + +--- + +## 6. PAYMENT-RESPONSE (optional) + +Per [docs.x402.org](https://docs.x402.org/core-concepts/http-402), server may return `PAYMENT-RESPONSE` header with settlement confirmation (e.g. txHash, status). Optional for minimal implementation. + +--- + +## 7. Separation from sponsorship + +- **Sponsorship (paymaster):** Covers gas for app actions (e.g. CoreApp writes) on 651940. +- **x402:** User-paid USDC for API/service access; validated by this flow. + +The two are independent: x402 payment tx is user-funded; sponsored txs are paymaster-funded. + +--- + +## 8. Implementation + +- **x402-api:** When `X402_USE_ALLTRA=true`, the server can use this local verification path: return 402 + PAYMENT-REQUIRED when unpaid; on PAYMENT-SIGNATURE, run steps 1–6 and serve the resource on success. +- **USDC decimals:** 6 for Alltra USDC; `amount` in PaymentRequired is in base units (e.g. 10000 = 0.01 USDC). diff --git a/docs/04-configuration/mifos-omnl-central-bank/ADF_ASIAN_PACIFIC_SINGAPORE_OFFICE_RUNBOOK.md b/docs/04-configuration/mifos-omnl-central-bank/ADF_ASIAN_PACIFIC_SINGAPORE_OFFICE_RUNBOOK.md new file mode 100644 index 0000000..5c0b720 --- /dev/null +++ b/docs/04-configuration/mifos-omnl-central-bank/ADF_ASIAN_PACIFIC_SINGAPORE_OFFICE_RUNBOOK.md @@ -0,0 +1,307 @@ +# OMNL HYBX Operational Run Book + +## Office Onboarding – ADF Asian Pacific Holding Singapore PTE LTD + +--- + +## 1. Run Book Overview + +This run book defines the **step-by-step operational procedure** to onboard a new corporate office into the **OMNL HYBX financial infrastructure** running on **Apache Fineract (Mifos X)**. + +The procedure ensures: + +- Consistent office creation +- CIS (Client Information Sheet) verification +- KYC/KYB validation +- Wallet provisioning +- ISO 20022 transaction readiness +- Audit trail compliance + +**Instance:** [omnl.hybxfinance.io](https://omnl.hybxfinance.io/) (or omnl.hybx.global). Set `OMNL_FINERACT_BASE_URL` in `.env` accordingly. + +--- + +## 2. System Environment + +| Component | System | +| --------------------- | -------------------- | +| Core Banking | Apache Fineract | +| Interface | Mifos X | +| Treasury | OMNL HYBX | +| Messaging | ISO 20022 | +| Wallet Infrastructure | HYBX Treasury Wallet | +| Audit Logs | OMNL Ledger | + +--- + +## 3. Office Identity + +| Field | Value | +| ----------------- | -------------------------------------------- | +| Office Name | ADF ASIAN PACIFIC HOLDING SINGAPORE PTE LTD | +| Company Number | 202328126M | +| Representative | MR. ANG KOK YONG | +| Title | CEO | +| Jurisdiction | Singapore | +| Parent Office | OMNL | +| Parent Office ID | 1 | + +--- + +## 4. Roles & Responsibilities + +| Role | Responsibility | +| ---------------------- | ---------------------------- | +| Platform Administrator | Creates Office in Fineract | +| Compliance Officer | Verifies CIS and KYB | +| Treasury Operator | Creates institutional wallet | +| DevOps | Configures ISO-20022 node | +| Risk & Audit | Reviews onboarding log | + +--- + +## 5. Required Documents + +The following documents must be verified prior to office creation: + +1. Client Information Sheet (CIS) +2. Company Registration +3. Director Identification +4. Corporate Address +5. Banking Coordinates +6. Compliance Verification + +Documents are archived in: + +``` +HYBX/KYC/ADF_APAC_SINGAPORE/ +``` + +--- + +## 6. Office Creation Procedure + +### Step 1 — Authenticate to OMNL HYBX + +Ensure API access: load credentials from `omnl-fineract/.env` or repo root `.env` (`OMNL_FINERACT_BASE_URL`, `OMNL_FINERACT_USER`, `OMNL_FINERACT_PASSWORD`, `OMNL_FINERACT_TENANT`). Fineract uses **Basic auth** on each request (no separate token endpoint). Verify access with: + +```bash +curl -s -u "${OMNL_FINERACT_USER}:${OMNL_FINERACT_PASSWORD}" \ + -H "Fineract-Platform-TenantId: ${OMNL_FINERACT_TENANT:-omnl}" \ + "${OMNL_FINERACT_BASE_URL}/offices" +``` + +Expected: HTTP 200 and a JSON array of offices. + +### Step 2 — Create Office + +**Endpoint:** `POST /fineract-provider/api/v1/offices` + +**Payload:** + +```json +{ + "name": "ADF ASIAN PACIFIC HOLDING SINGAPORE PTE LTD", + "parentId": 1, + "openingDate": "2023-07-11", + "dateFormat": "yyyy-MM-dd", + "locale": "en", + "externalId": "202328126M" +} +``` + +**cURL (from repo root with env loaded):** + +```bash +curl -X POST "${OMNL_FINERACT_BASE_URL}/offices" \ + -u "${OMNL_FINERACT_USER}:${OMNL_FINERACT_PASSWORD}" \ + -H "Fineract-Platform-TenantId: ${OMNL_FINERACT_TENANT:-omnl}" \ + -H "Content-Type: application/json" \ + -d '{ + "name": "ADF ASIAN PACIFIC HOLDING SINGAPORE PTE LTD", + "parentId": 1, + "openingDate": "2023-07-11", + "dateFormat": "yyyy-MM-dd", + "locale": "en", + "externalId": "202328126M" + }' +``` + +**Script (recommended, idempotent by externalId):** + +```bash +DRY_RUN=1 bash scripts/omnl/omnl-office-create-adf-singapore.sh # preview +bash scripts/omnl/omnl-office-create-adf-singapore.sh # create +``` + +Optional overrides: `OPENING_DATE`, `ADF_SINGAPORE_EXTERNAL_ID`, `ADF_SINGAPORE_OFFICE_NAME`. Script outputs `OFFICE_ID_ADF_SINGAPORE=` on success. + +### Step 3 — Verify Office Creation + +Confirm via: + +```bash +GET ${OMNL_FINERACT_BASE_URL}/offices +``` + +(e.g. `curl -s -u "..." -H "Fineract-Platform-TenantId: omnl" "${OMNL_FINERACT_BASE_URL}/offices"`) + +**Expected result:** + +- Office ID: <auto-generated> +- Parent Office: OMNL (id: 1) +- externalId: 202328126M +- Status: Active + +Log entry created in **HYBX_LEDGER / OFFICE_REGISTRY**. + +--- + +## 7. Corporate Profile Attachment + +Create additional corporate data using **Fineract Datatable**. + +**Datatable name:** `office_corporate_profile` + +| Field | Value | +| --------------------- | ------------------ | +| representative_name | MR. ANG KOK YONG | +| representative_title | CEO | +| jurisdiction | Singapore | +| entity_type | Private Limited | + +Create the datatable in Fineract (Administration → Register Datatables), link it to the **Office** entity, then populate a row for this office after creation. + +--- + +## 8. Treasury Wallet Creation + +After office creation, create the institutional treasury wallet. + +| Parameter | Value | +| ---------------- | ------------------ | +| Wallet type | Corporate Treasury Wallet | +| Wallet ID format | HYBX-SG-ADF-001 | +| Currency | Multi-Currency | +| Vault | HYBX Treasury | +| Liquidity Access | Enabled | +| Settlement Mode | ISO 20022 | + +*(Wallet creation steps and API are defined in the Institutional Client Onboarding Run Book.)* + +--- + +## 9. ISO-20022 Messaging Enablement + +Configure messaging endpoint for the office. + +**Required channels:** + +| Channel | Purpose | +| -------- | -------------------- | +| pacs.008 | Credit transfer | +| pacs.009 | Interbank settlement | +| camt.053 | Statement reporting | +| camt.056 | Payment recall | + +**Node registration:** `OMNL-HYBX-NODE-SG-ADF` + +--- + +## 10. Compliance Verification + +Compliance officer confirms: + +- ✔ CIS verified +- ✔ Corporate registration validated +- ✔ Representative identity verified +- ✔ Sanctions screening completed + +Compliance approval logged in **HYBX_COMPLIANCE_LEDGER**. + +--- + +## 11. Operational Activation + +Once all steps are completed: + +**System status:** `OFFICE_STATUS = ACTIVE` + +**Operational capabilities enabled:** + +- Wallet transactions +- Treasury participation +- Liquidity routing +- ISO-20022 transfers + +--- + +## 12. Audit Trail + +All steps recorded in: + +- **HYBX_LEDGER** +- **HYBX_AUDIT_LOG** + +Audit data includes: + +- Timestamp +- Operator ID +- API request hash +- System response + +--- + +## 13. Disaster Recovery + +If onboarding fails: + +1. Rollback office creation (if created). +2. Archive CIS and failure details in `HYBX/KYC/ADF_APAC_SINGAPORE/`. +3. Generate failure log. + +**Rollback (delete office):** + +```bash +DELETE /fineract-provider/api/v1/offices/{officeId} +``` + +*Note:* Deleting an office may be restricted if the office has dependent data (clients, accounts). Resolve dependencies in UI/API first or contact platform admin. + +--- + +## 14. Final Validation Checklist + +| Validation | Status | +| ----------------------- | ------ | +| Office created | ☐ | +| Corporate data attached | ☐ | +| Wallet created | ☐ | +| ISO-20022 enabled | ☐ | +| Compliance approved | ☐ | +| Audit logged | ☐ | + +--- + +## 15. Office Hierarchy + +``` +OMNL (Head Office, ID: 1) +│ +└── ADF ASIAN PACIFIC HOLDING SINGAPORE PTE LTD +``` + +--- + +## 16. Run Book Completion + +Run book execution is **complete when all validation checks pass and treasury wallet is active.** + +--- + +## 17. Related Documentation + +- [OMNL_FINERACT_CONFIGURATION.md](../OMNL_FINERACT_CONFIGURATION.md) — Base URL, tenant, credentials. +- [PELICAN_MOTORS_OFFICE_RUNBOOK.md](PELICAN_MOTORS_OFFICE_RUNBOOK.md) — Same POST /offices pattern. +- [OMNL_OFFICES_POPULATE.md](OMNL_OFFICES_POPULATE.md) — Bulk office creation from entity master data. +- **Institutional Client Onboarding Run Book** (when available) — Client creation, wallet provisioning, KYB automation, and ISO-20022 routing under this office. diff --git a/docs/04-configuration/verification-evidence/BESU_NODES_HEALTH_AND_TXPOOL_20260304.md b/docs/04-configuration/verification-evidence/BESU_NODES_HEALTH_AND_TXPOOL_20260304.md new file mode 100644 index 0000000..adef78d --- /dev/null +++ b/docs/04-configuration/verification-evidence/BESU_NODES_HEALTH_AND_TXPOOL_20260304.md @@ -0,0 +1,140 @@ +# Besu Nodes Health, Block Production & Transaction Pool Check + +**Date:** 2026-03-04 +**Scope:** Block production, transaction pools (stuck txs), all Besu VM nodes health, storage. + +--- + +## 1. Block production + +| Check | Result | +|-------|--------| +| **Core RPC (192.168.11.211:8545)** | Reachable; Chain ID 138 | +| **Latest block** | 2,547,803 (0x26e05b) | +| **Block advance (5s window)** | No new blocks (monitor: stalled) | +| **Block advance (12s window)** | No new blocks (diff=0) | + +**Conclusion:** Block production is currently **stalled**. Validators are all active and RPC has 24 peers; likely cause is validators in sync or consensus not producing (see docs/06-besu/CRITICAL_ISSUE_BLOCK_PRODUCTION_STOPPED.md). + +--- + +## 2. Transaction pools / stuck transactions + +| Source | Result | +|-------|--------| +| **txpool_status** | Method not found (Besu uses different APIs) | +| **txpool_besuTransactions** | **1 transaction** in pool | +| **Tx hash** | `0x1c206b659cbb00cbe45557eda3fb3acbab86231820ed0f9ea41e836d7e07f591` | +| **Added to pool** | 2026-03-04T07:44:45.584Z | +| **Deployer pending (monitor)** | 1 pending (nonce 13486) | + +**Conclusion:** One stuck transaction in the RPC node pool. Clearing options: + +- Run `./scripts/clear-all-transaction-pools.sh` (clears pool DB on all nodes; requires restart). +- Or try RPC-side clear first: `./scripts/resolve-stuck-transaction-besu-qbft.sh` (uses `txpool_besuClear` / `txpool_clear` if available on this RPC). + +--- + +## 3. RPC VMID 2101 (Core) health + +| Check | Status | +|-------|--------| +| Container 2101 | Running | +| besu-rpc.service | active | +| Port 8545 | Listening | +| RPC eth_chainId | 0x8a (Chain 138) | +| RPC eth_blockNumber | 0x26e05b | +| Database path /data/besu/database | **Writable** | + +All checks passed (script: `./scripts/maintenance/health-check-rpc-2101.sh`). + +--- + +## 4. All RPC node VMs (health script) + +Run: `bash ./scripts/health/check-rpc-vms-health.sh` + +| VMID | Host | Status | Block | +|------|------|--------|-------| +| 2101 | 192.168.11.11 | running, besu-rpc active | 2547803 | +| 2201 | 192.168.11.12 | running, besu-rpc active | 2547803 | +| 2301 | 192.168.11.10 | running, besu-rpc active | 2547803 | +| 2303 | 192.168.11.12 | running, besu-rpc active | 2547803 | +| 2304–2307, 2400 | 192.168.11.10 / .12 | running, besu-rpc active | 2547803 | +| **2308** | 192.168.11.10 | running, besu-rpc active | **2372719** (behind) | + +**Note:** VMID 2308 is ~175k blocks behind; may need sync or investigation. + +--- + +## 5. Validator status (1000–1004) + +| VMID | Host | Service status | +|------|------|----------------| +| 1000, 1001, 1002 | 192.168.11.11 (R630-01) | besu-validator active | +| 1003, 1004 | 192.168.11.10 (ML110) | besu-validator active | + +All 5 validators reported **active** by `./scripts/monitoring/monitor-blockchain-health.sh`. + +--- + +## 6. Storage (Besu nodes) + +| Node | VMID | Host | Root disk | /data/besu size | +|------|------|------|-----------|-----------------| +| Validator | 1000 | 192.168.11.11 | 98G, 6% used | 3.3G | +| Validator | 1001 | 192.168.11.11 | 98G, 6% used | 3.3G | +| Validator | 1002 | 192.168.11.11 | 98G, 6% used | 3.3G | +| Validator | 1003 | 192.168.11.10 | 98G, 10% used | 3.2G | +| Validator | 1004 | 192.168.11.10 | 98G, 10% used | 3.2G | +| RPC Core | 2101 | 192.168.11.11 | 196G, 4% used | 3.2G | +| RPC Public | 2201 | 192.168.11.12 | 196G, 5% used | 3.1G | + +No storage issues observed; all nodes have ample free space. + +--- + +## 7. Summary and next steps + +| Item | Status | +|------|--------| +| Block production | Stalled (no new blocks in 5s and 12s checks) | +| Stuck tx in pool | 1 tx (hash 0x1c20…f591; nonce 13486) | +| RPC 2101 health | All passed, storage writable | +| RPC VMs (2101, 2201, 230x, 2400) | Running; 2308 behind | +| Validators 1000–1004 | All active | +| Storage (all Besu nodes) | Healthy, sufficient free space | + +**Recommended next steps:** + +1. **Unblock chain:** If block production does not resume, check validator logs (e.g. `journalctl -u besu-validator` on 1000–1004) and docs/06-besu/CRITICAL_ISSUE_BLOCK_PRODUCTION_STOPPED.md. +2. **Clear stuck tx:** Run `./scripts/clear-all-transaction-pools.sh` then wait 30–60s; or try `./scripts/resolve-stuck-transaction-besu-qbft.sh` first (ensure RPC_URL_138 in smom-dbis-138/.env points to Core RPC). +3. **RPC 2308:** Investigate why it is ~175k blocks behind (sync or connectivity). + +--- + +## 8. Recommended steps executed (2026-03-04) + +| Step | Action | Result | +|------|--------|--------| +| **Stuck tx** | Ran `resolve-stuck-transaction-besu-qbft.sh` with RPC_URL_138=Core RPC | TXPOOL + ADMIN enabled; `txpool_besuClear` and `txpool_clear` **Method not found** on this RPC; `admin_removeTransaction` also not found. Nonce 13485 (latest). | +| **Stuck tx** | Ran `clear-all-transaction-pools.sh` | Validators 1000–1004 cleared and restarted ✅. RPC 2101 and 2201 clear runs after validators (script was clearing 2101 when checked). Wait 30–60s then re-check `txpool_besuTransactions`. | +| **Validator logs** | Checked VMID 1000 and 1003 | 1000: had "QBFT mining coordinator not starting while initial sync in progress" then "Starting QBFT mining coordinator following initial sync", "Starting full sync"; then stopped by pool-clear. **Block production stall** is consistent with validators in/after full sync (or restarted and syncing again). See CRITICAL_ISSUE_BLOCK_PRODUCTION_STOPPED.md. | +| **resolve script** | SOURCE_PROJECT | Updated script to use `PROJECT_ROOT_SCRIPT/smom-dbis-138` when present so it runs from proxmox repo. | + +**RPC 2308 (behind ~175k blocks):** No automatic fix run. Options: (1) Let it sync (if it is catching up), (2) Check logs on VMID 2308 for errors, (3) Restart the container if sync is stuck. See `bash ./scripts/health/check-rpc-vms-health.sh` for current block per node. + +--- + +## 9. Status to continue (updated) + +| Check | Result | Action | +|-------|--------|--------| +| RPC 2101 | Healthy | — | +| Tx pool (2101) | May repopulate | If mint fails with “Replacement transaction underpriced”, run mint with `GAS_PRICE_138=500000000000`. | +| Validators 1000–1004 | 1004 **restarted** (2026-03-04) | All 5 active after restart; if 1004 fails again, restart on ML110. | +| Block production | **Stalled** (blocker) | Mint tx accepted with 500 gwei but confirmation times out until blocks advance. Run `./scripts/monitoring/monitor-blockchain-health.sh`; when blocks advance, re-run mint. | + +**Continue run (2026-03-04):** Validator 1004 restarted; `clear-all-transaction-pools.sh` completed (1000–1004, 2101, 2201). Mint script updated to use `GAS_PRICE_138`; with 500 gwei first mint tx was accepted by RPC but timed out waiting for confirmation (blocks not advancing). **Next:** When blocks advance, run `cd smom-dbis-138 && ./scripts/mint-for-liquidity.sh` (optionally `GAS_PRICE_138=500000000000`). + +**Continue with:** [CORE_RPC_2101_2102_TXPOOL_ADMIN_STATUS.md](../CORE_RPC_2101_2102_TXPOOL_ADMIN_STATUS.md) §7–8 and [REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md](../../03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md) “Status to continue”. diff --git a/docs/04-configuration/verification-evidence/UDM_PRO_CHECK_20260303.md b/docs/04-configuration/verification-evidence/UDM_PRO_CHECK_20260303.md new file mode 100644 index 0000000..cede686 --- /dev/null +++ b/docs/04-configuration/verification-evidence/UDM_PRO_CHECK_20260303.md @@ -0,0 +1,47 @@ +# UDM Pro check — 2026-03-03 + +**Checked from:** ASERET (192.168.11.23), LAN. + +--- + +## Summary + +| Check | Result | +|-------|--------| +| **Gateway** | 192.168.11.1 reachable (ping OK) | +| **UDM Pro management** | https://192.168.11.1:443 → **HTTP 200** (UniFi controller) | +| **Public IP from LAN** | https://76.53.10.36:443 → **timeout (000)** — expected without NAT hairpin | +| **NPMplus internal** | 192.168.11.166 / 192.168.11.167:80,443 — not reachable from this host (timeout) | + +--- + +## Expected port forwarding (manual verification in UniFi UI) + +In **UniFi Network** → **Settings** → **Firewall & Security** → **Port Forwarding** confirm: + +| Rule | Destination IP | Dest Port | Forward to IP | Forward to Port | Protocol | +|------|-----------------|-----------|---------------|-----------------|----------| +| NPMplus HTTPS | 76.53.10.36 | 443 | 192.168.11.167 | 443 | TCP | +| NPMplus HTTP | 76.53.10.36 | 80 | 192.168.11.167 | 80 | TCP | + +**Verified 2026-03-03 (screenshot):** UI shows **Nginx HTTP** and **Nginx HTTPS** on 76.53.10.36 → 192.168.11.167:80 and :443. Also present: 76.53.10.38→.169 (Alltra/HYBX), 76.53.10.40→.170/.60 (Dev), 76.53.10.41→.171 (Mifos). Full table: [UDM_PRO_PORT_FORWARDING_SNAPSHOT_20260303.md](UDM_PRO_PORT_FORWARDING_SNAPSHOT_20260303.md). + +--- + +## Interpretation + +- **UDM Pro device:** Online and responding; management at https://192.168.11.1 works. +- **Public URL from LAN:** Traffic to 76.53.10.36 from 192.168.11.23 times out — typical when **NAT hairpin (loopback)** is disabled. Enable it in UniFi if you want explorer.d-bis.org to work from LAN without a hosts entry. +- **External access:** Test from a device off the LAN (e.g. phone on cellular): if https://explorer.d-bis.org works there, port forward and NPMplus are correct and the issue is LAN-only (hairpin). +- **Prior run (2026-02-07):** From another host, internal and public tests all passed — so port forward and NPMplus were working from that segment. + +--- + +## Manual steps + +1. Open **https://192.168.11.1** in a browser (on the LAN). +2. Go to **Settings** → **Firewall & Security** → **Port Forwarding**. +3. Confirm the two rules above exist and are enabled. +4. (Optional) Look for **NAT loopback** / **Hairpin NAT** and enable so LAN clients can reach 76.53.10.36. + +Script: `bash scripts/verify/verify-udm-pro-port-forwarding.sh` (runs connectivity tests and writes evidence to `verification-evidence/udm-pro-verification-*`). diff --git a/docs/04-configuration/verification-evidence/UDM_PRO_PORT_FORWARDING_SNAPSHOT_20260303.md b/docs/04-configuration/verification-evidence/UDM_PRO_PORT_FORWARDING_SNAPSHOT_20260303.md new file mode 100644 index 0000000..a50f4b0 --- /dev/null +++ b/docs/04-configuration/verification-evidence/UDM_PRO_PORT_FORWARDING_SNAPSHOT_20260303.md @@ -0,0 +1,35 @@ +# UDM Pro port forwarding — verified snapshot 2026-03-03 + +**Source:** Screenshot from UniFi Network → Settings → Firewall & Security → Port Forwarding. +**Interface:** Internet 1. Protocol: TCP/UDP. Source: Any. + +--- + +## Rules (as shown in UI) + +| Name | External WAN IP | Ext Port | Forward to (Internal) | Int Port | +|------|------------------|----------|------------------------|----------| +| Nginx HTTP | 76.53.10.36 | 80 | 192.168.11.167 | 80 | +| Nginx HTTPS | 76.53.10.36 | 443 | 192.168.11.167 | 443 | +| NPMplus Alltra/HYBX HTTP | 76.53.10.38 | 80 | 192.168.11.169 | 80 | +| NPMplus Alltra/HYBX HTTPS | 76.53.10.38 | 443 | 192.168.11.169 | 443 | +| NPMplus Alltra/HYBX Admin | 76.53.10.38 | 81 | 192.168.11.169 | 81 | +| NPMplus Dev (HTTP/HTTPS/Admin) | 76.53.10.40 | 80, 443, 81 | 192.168.11.170 | 80, 443, 81 | +| NPMplus Dev (SSH) | 76.53.10.40 | 22 | 192.168.11.60 | 22 | +| NPMplus Dev (port 3000) | 76.53.10.40 | 3000 | 192.168.11.60 | 3000 | +| NPMplus Mifos HTTP | 76.53.10.41 | 80 | 192.168.11.171 | 80 | +| NPMplus Mifos HTTPS | 76.53.10.41 | 443 | 192.168.11.171 | 443 | +| NPMplus Mifos Admin | 76.53.10.41 | 81 | 192.168.11.171 | 81 | + +--- + +## Verification vs docs + +| Item | Doc expectation | Snapshot | Status | +|------|-----------------|----------|--------| +| Explorer / Nginx | 76.53.10.36:80/443 → 192.168.11.167 | Nginx HTTP/HTTPS → .167:80, .167:443 | ✅ Match | +| Alltra/HYBX | 76.53.10.38 → 192.168.11.169 (80, 81, 443) | NPMplus Alltra/HYBX → .169:80, .169:443, .169:81 | ✅ Match | +| Mifos | 76.53.10.41 → 192.168.11.171 | NPMplus Mifos → .171:80, .171:443, .171:81 | ✅ Match | +| Dev | 76.53.10.40 → .170 (and .60 for SSH/3000) | NPMplus Dev → .170 (80,443,81), .60 (22, 3000) | ✅ Match | + +**Conclusion:** Port forwarding for explorer (76.53.10.36 → 192.168.11.167) and for Alltra/HYBX, Mifos, and Dev is correctly configured. Explorer timeout from LAN is due to NAT hairpin not being required for the forward itself; enable NAT loopback on UDM Pro if LAN clients should reach 76.53.10.36 without a hosts entry. diff --git a/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/all_vms_verification.json b/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/all_vms_verification.json new file mode 100644 index 0000000..e84e09d --- /dev/null +++ b/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/all_vms_verification.json @@ -0,0 +1,380 @@ +[ + { + "vmid": 2101, + "hostname": "besu-rpc-core-1", + "host": "r630-01", + "host_ip": "192.168.11.11", + "expected_ip": "192.168.11.211", + "actual_ip": "192.168.11.211", + "status": "running", + "has_nginx": false, + "service_type": "besu", + "config_path": "8545,8546", + "public_domains": [ + "rpc-http-prv.d-bis.org", + "rpc-ws-prv.d-bis.org" + ], + "services": [ + { + "name": "besu-rpc", + "type": "direct", + "status": "running" + } + ], + "listening_ports": [ + { + "port": 8545, + "protocol": "tcp", + "process": "besu" + }, + { + "port": 8546, + "protocol": "tcp", + "process": "besu" + } + ], + "health_endpoints": [ + { + "path": "http://192.168.11.211:8545", + "expected_code": 200, + "actual_code": 200, + "status": "pass" + } + ], + "verified_at": "2026-03-02T14:21:42-08:00" + }, + { + "vmid": 7810, + "hostname": "mim-web-1", + "host": "r630-02", + "host_ip": "192.168.11.12", + "expected_ip": "192.168.11.37", + "actual_ip": "192.168.11.37", + "status": "running", + "has_nginx": true, + "service_type": "nginx", + "config_path": "/etc/nginx/sites-available/mim4u", + "public_domains": [ + "mim4u.org", + "www.mim4u.org", + "secure.mim4u.org", + "training.mim4u.org" + ], + "services": [ + { + "name": "nginx", + "type": "systemd", + "status": "active" + } + ], + "listening_ports": [], + "health_endpoints": [ + { + "path": "http://192.168.11.37:80", + "expected_code": 200, + "actual_code": 200, + "status": "pass" + } + ], + "verified_at": "2026-03-02T14:21:51-08:00" + }, + { + "vmid": 10150, + "hostname": "dbis-api-primary", + "host": "r630-01", + "host_ip": "192.168.11.11", + "expected_ip": "192.168.11.155", + "actual_ip": "192.168.11.155", + "status": "running", + "has_nginx": false, + "service_type": "nodejs", + "config_path": "3000", + "public_domains": [ + "dbis-api.d-bis.org" + ], + "services": [ + { + "name": "nodejs-api", + "type": "systemd", + "status": "running" + } + ], + "listening_ports": [ + { + "port": 3000, + "protocol": "tcp", + "process": "nodejs" + } + ], + "health_endpoints": [ + { + "path": "http://192.168.11.155:3000", + "expected_code": 200, + "actual_code": 0, + "status": "fail" + } + ], + "verified_at": "2026-03-02T14:22:03-08:00" + }, + { + "vmid": 10151, + "hostname": "dbis-api-secondary", + "host": "r630-01", + "host_ip": "192.168.11.11", + "expected_ip": "192.168.11.156", + "actual_ip": "192.168.11.156", + "status": "running", + "has_nginx": false, + "service_type": "nodejs", + "config_path": "3000", + "public_domains": [ + "dbis-api-2.d-bis.org" + ], + "services": [ + { + "name": "nodejs-api", + "type": "systemd", + "status": "running" + } + ], + "listening_ports": [ + { + "port": 3000, + "protocol": "tcp", + "process": "nodejs" + } + ], + "health_endpoints": [ + { + "path": "http://192.168.11.156:3000", + "expected_code": 200, + "actual_code": 0, + "status": "fail" + } + ], + "verified_at": "2026-03-02T14:22:13-08:00" + }, + { + "vmid": 2201, + "hostname": "besu-rpc-public-1", + "host": "r630-02", + "host_ip": "192.168.11.12", + "expected_ip": "192.168.11.221", + "actual_ip": "192.168.11.221", + "status": "running", + "has_nginx": false, + "service_type": "besu", + "config_path": "8545,8546", + "public_domains": [ + "rpc-http-pub.d-bis.org", + "rpc-ws-pub.d-bis.org" + ], + "services": [ + { + "name": "besu-rpc", + "type": "direct", + "status": "running" + } + ], + "listening_ports": [ + { + "port": 8545, + "protocol": "tcp", + "process": "besu" + }, + { + "port": 8546, + "protocol": "tcp", + "process": "besu" + } + ], + "health_endpoints": [ + { + "path": "http://192.168.11.221:8545", + "expected_code": 200, + "actual_code": 200, + "status": "pass" + } + ], + "verified_at": "2026-03-02T14:22:22-08:00" + }, + { + "vmid": 2400, + "hostname": "thirdweb-rpc-1", + "host": "ml110", + "host_ip": "192.168.11.10", + "expected_ip": "192.168.11.240", + "actual_ip": "192.168.11.240", + "status": "running", + "has_nginx": true, + "service_type": "nginx", + "config_path": "/etc/nginx/sites-available/rpc-thirdweb", + "public_domains": [ + "rpc.public-0138.defi-oracle.io" + ], + "services": [ + { + "name": "nginx", + "type": "systemd", + "status": "active" + } + ], + "listening_ports": [], + "health_endpoints": [ + { + "path": "http://192.168.11.240:80", + "expected_code": 200, + "actual_code": 404, + "status": "fail" + } + ], + "verified_at": "2026-03-02T14:22:34-08:00" + }, + { + "vmid": 5800, + "hostname": "mifos", + "host": "r630-02", + "host_ip": "192.168.11.12", + "expected_ip": "192.168.11.85", + "actual_ip": "192.168.11.85", + "status": "running", + "has_nginx": false, + "service_type": "web", + "config_path": "-", + "public_domains": [ + "mifos.d-bis.org" + ], + "services": [ + { + "name": "http", + "type": "direct", + "status": "running" + } + ], + "listening_ports": [ + { + "port": 80, + "protocol": "tcp", + "process": "http" + } + ], + "health_endpoints": [ + { + "path": "http://192.168.11.85:80", + "expected_code": 200, + "actual_code": 0, + "status": "fail" + } + ], + "verified_at": "2026-03-02T14:22:40-08:00" + }, + { + "vmid": 5801, + "hostname": "dapp-smom", + "host": "r630-02", + "host_ip": "192.168.11.12", + "expected_ip": "192.168.11.58", + "actual_ip": "192.168.11.58", + "status": "running", + "has_nginx": false, + "service_type": "web", + "config_path": "-", + "public_domains": [ + "dapp.d-bis.org" + ], + "services": [ + { + "name": "http", + "type": "direct", + "status": "running" + } + ], + "listening_ports": [ + { + "port": 80, + "protocol": "tcp", + "process": "http" + } + ], + "health_endpoints": [ + { + "path": "http://192.168.11.58:80", + "expected_code": 200, + "actual_code": 200, + "status": "pass" + } + ], + "verified_at": "2026-03-02T14:22:46-08:00" + }, + { + "vmid": 10130, + "hostname": "dbis-frontend", + "host": "r630-01", + "host_ip": "192.168.11.11", + "expected_ip": "192.168.11.130", + "actual_ip": "192.168.11.130", + "status": "running", + "has_nginx": false, + "service_type": "web", + "config_path": "/etc/nginx/sites-available/dbis-frontend", + "public_domains": [ + "dbis-admin.d-bis.org", + "secure.d-bis.org" + ], + "services": [ + { + "name": "http", + "type": "direct", + "status": "running" + } + ], + "listening_ports": [ + { + "port": 80, + "protocol": "tcp", + "process": "http" + } + ], + "health_endpoints": [ + { + "path": "http://192.168.11.130:80", + "expected_code": 200, + "actual_code": 0, + "status": "fail" + } + ], + "verified_at": "2026-03-02T14:22:56-08:00" + }, + { + "vmid": 5000, + "hostname": "blockscout-1", + "host": "r630-02", + "host_ip": "192.168.11.12", + "expected_ip": "192.168.11.140", + "actual_ip": "192.168.11.140", + "status": "running", + "has_nginx": true, + "service_type": "nginx", + "config_path": "/etc/nginx/sites-available/blockscout", + "public_domains": [ + "explorer.d-bis.org" + ], + "services": [ + { + "name": "nginx", + "type": "systemd", + "status": "active" + } + ], + "listening_ports": [], + "health_endpoints": [ + { + "path": "http://192.168.11.140:80", + "expected_code": 200, + "actual_code": 301, + "status": "pass" + } + ], + "verified_at": "2026-03-02T14:23:06-08:00" + } +] diff --git a/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/verification_report.md b/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/verification_report.md new file mode 100644 index 0000000..e6f9402 --- /dev/null +++ b/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/verification_report.md @@ -0,0 +1,95 @@ +# Backend VMs Verification Report + +**Date**: 2026-03-02T14:23:06-08:00 +**Verifier**: intlc + +## Summary + +Total VMs verified: 10 + +## VM Verification Results + + +### VMID 2101: besu-rpc-core-1 +- Status: running +- Expected IP: 192.168.11.211 +- Actual IP: 192.168.11.211 +- Has Nginx: false +- Details: See `vmid_2101_verification.json` + +### VMID 7810: mim-web-1 +- Status: running +- Expected IP: 192.168.11.37 +- Actual IP: 192.168.11.37 +- Has Nginx: true +- Details: See `vmid_7810_verification.json` + +### VMID 10150: dbis-api-primary +- Status: running +- Expected IP: 192.168.11.155 +- Actual IP: 192.168.11.155 +- Has Nginx: false +- Details: See `vmid_10150_verification.json` + +### VMID 10151: dbis-api-secondary +- Status: running +- Expected IP: 192.168.11.156 +- Actual IP: 192.168.11.156 +- Has Nginx: false +- Details: See `vmid_10151_verification.json` + +### VMID 2201: besu-rpc-public-1 +- Status: running +- Expected IP: 192.168.11.221 +- Actual IP: 192.168.11.221 +- Has Nginx: false +- Details: See `vmid_2201_verification.json` + +### VMID 2400: thirdweb-rpc-1 +- Status: running +- Expected IP: 192.168.11.240 +- Actual IP: 192.168.11.240 +- Has Nginx: true +- Details: See `vmid_2400_verification.json` + +### VMID 5800: mifos +- Status: running +- Expected IP: 192.168.11.85 +- Actual IP: 192.168.11.85 +- Has Nginx: false +- Details: See `vmid_5800_verification.json` + +### VMID 5801: dapp-smom +- Status: running +- Expected IP: 192.168.11.58 +- Actual IP: 192.168.11.58 +- Has Nginx: false +- Details: See `vmid_5801_verification.json` + +### VMID 10130: dbis-frontend +- Status: running +- Expected IP: 192.168.11.130 +- Actual IP: 192.168.11.130 +- Has Nginx: false +- Details: See `vmid_10130_verification.json` + +### VMID 5000: blockscout-1 +- Status: running +- Expected IP: 192.168.11.140 +- Actual IP: 192.168.11.140 +- Has Nginx: true +- Details: See `vmid_5000_verification.json` + +## Files Generated + +- `all_vms_verification.json` - Complete VM verification results +- `vmid_*_verification.json` - Individual VM verification details +- `vmid_*_listening_ports.txt` - Listening ports output per VM +- `verification_report.md` - This report + +## Next Steps + +1. Review verification results for each VM +2. Investigate any VMs with mismatched IPs or failed health checks +3. Document any missing nginx config paths +4. Update source-of-truth JSON after verification diff --git a/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_10130_listening_ports.txt b/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_10130_listening_ports.txt new file mode 100644 index 0000000..33d6904 --- /dev/null +++ b/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_10130_listening_ports.txt @@ -0,0 +1,2 @@ +LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=130,fd=14)) +LISTEN 0 5 0.0.0.0:80 0.0.0.0:* users:(("python3",pid=1006,fd=3)) diff --git a/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_10130_verification.json b/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_10130_verification.json new file mode 100644 index 0000000..1224b1c --- /dev/null +++ b/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_10130_verification.json @@ -0,0 +1,17 @@ +{ + "vmid": 10130, + "hostname": "dbis-frontend", + "host": "r630-01", + "host_ip": "192.168.11.11", + "expected_ip": "192.168.11.130", + "actual_ip": "192.168.11.130", + "status": "running", + "has_nginx": false, + "service_type": "web", + "config_path": "/etc/nginx/sites-available/dbis-frontend", + "public_domains": ["dbis-admin.d-bis.org","secure.d-bis.org"], + "services": [{"name":"http","type":"direct","status":"running"}], + "listening_ports": [{"port":80,"protocol":"tcp","process":"http"}], + "health_endpoints": [{"path":"http://192.168.11.130:80","expected_code":200,"actual_code":000000,"status":"fail"}], + "verified_at": "2026-03-02T14:22:56-08:00" + } diff --git a/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_2201_listening_ports.txt b/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_2201_listening_ports.txt new file mode 100644 index 0000000..11ef337 --- /dev/null +++ b/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_2201_listening_ports.txt @@ -0,0 +1,13 @@ +LISTEN 0 511 0.0.0.0:80 0.0.0.0:* users:(("nginx",pid=203,fd=10),("nginx",pid=202,fd=10),("nginx",pid=201,fd=10),("nginx",pid=198,fd=10),("nginx",pid=197,fd=10),("nginx",pid=196,fd=10),("nginx",pid=195,fd=10),("nginx",pid=194,fd=10),("nginx",pid=193,fd=10),("nginx",pid=192,fd=10),("nginx",pid=191,fd=10),("nginx",pid=189,fd=10),("nginx",pid=188,fd=10),("nginx",pid=187,fd=10),("nginx",pid=186,fd=10),("nginx",pid=185,fd=10),("nginx",pid=184,fd=10),("nginx",pid=183,fd=10),("nginx",pid=182,fd=10),("nginx",pid=181,fd=10),("nginx",pid=180,fd=10),("nginx",pid=179,fd=10),("nginx",pid=178,fd=10),("nginx",pid=177,fd=10),("nginx",pid=176,fd=10),("nginx",pid=175,fd=10),("nginx",pid=174,fd=10),("nginx",pid=173,fd=10),("nginx",pid=172,fd=10),("nginx",pid=171,fd=10),("nginx",pid=170,fd=10),("nginx",pid=169,fd=10),("nginx",pid=168,fd=10),("nginx",pid=167,fd=10),("nginx",pid=166,fd=10),("nginx",pid=165,fd=10),("nginx",pid=164,fd=10),("nginx",pid=163,fd=10),("nginx",pid=162,fd=10),("nginx",pid=161,fd=10),("nginx",pid=160,fd=10),("nginx",pid=159,fd=10),("nginx",pid=158,fd=10),("nginx",pid=157,fd=10),("nginx",pid=156,fd=10),("nginx",pid=154,fd=10),("nginx",pid=153,fd=10),("nginx",pid=152,fd=10),("nginx",pid=151,fd=10),("nginx",pid=150,fd=10),("nginx",pid=149,fd=10),("nginx",pid=148,fd=10),("nginx",pid=147,fd=10),("nginx",pid=146,fd=10),("nginx",pid=144,fd=10),("nginx",pid=143,fd=10),("nginx",pid=142,fd=10)) +LISTEN 0 511 0.0.0.0:443 0.0.0.0:* users:(("nginx",pid=203,fd=12),("nginx",pid=202,fd=12),("nginx",pid=201,fd=12),("nginx",pid=198,fd=12),("nginx",pid=197,fd=12),("nginx",pid=196,fd=12),("nginx",pid=195,fd=12),("nginx",pid=194,fd=12),("nginx",pid=193,fd=12),("nginx",pid=192,fd=12),("nginx",pid=191,fd=12),("nginx",pid=189,fd=12),("nginx",pid=188,fd=12),("nginx",pid=187,fd=12),("nginx",pid=186,fd=12),("nginx",pid=185,fd=12),("nginx",pid=184,fd=12),("nginx",pid=183,fd=12),("nginx",pid=182,fd=12),("nginx",pid=181,fd=12),("nginx",pid=180,fd=12),("nginx",pid=179,fd=12),("nginx",pid=178,fd=12),("nginx",pid=177,fd=12),("nginx",pid=176,fd=12),("nginx",pid=175,fd=12),("nginx",pid=174,fd=12),("nginx",pid=173,fd=12),("nginx",pid=172,fd=12),("nginx",pid=171,fd=12),("nginx",pid=170,fd=12),("nginx",pid=169,fd=12),("nginx",pid=168,fd=12),("nginx",pid=167,fd=12),("nginx",pid=166,fd=12),("nginx",pid=165,fd=12),("nginx",pid=164,fd=12),("nginx",pid=163,fd=12),("nginx",pid=162,fd=12),("nginx",pid=161,fd=12),("nginx",pid=160,fd=12),("nginx",pid=159,fd=12),("nginx",pid=158,fd=12),("nginx",pid=157,fd=12),("nginx",pid=156,fd=12),("nginx",pid=154,fd=12),("nginx",pid=153,fd=12),("nginx",pid=152,fd=12),("nginx",pid=151,fd=12),("nginx",pid=150,fd=12),("nginx",pid=149,fd=12),("nginx",pid=148,fd=12),("nginx",pid=147,fd=12),("nginx",pid=146,fd=12),("nginx",pid=144,fd=12),("nginx",pid=143,fd=12),("nginx",pid=142,fd=12)) +LISTEN 0 5 127.0.0.1:8888 0.0.0.0:* users:(("python3",pid=108,fd=3)) +LISTEN 0 100 127.0.0.1:25 0.0.0.0:* users:(("master",pid=370,fd=13)) +LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=97,fd=14)) +LISTEN 0 4096 *:30303 *:* users:(("java",pid=14903,fd=359)) +LISTEN 0 4096 *:9545 *:* users:(("java",pid=14903,fd=356)) +LISTEN 0 4096 *:8545 *:* users:(("java",pid=14903,fd=357)) +LISTEN 0 4096 *:8546 *:* users:(("java",pid=14903,fd=358)) +LISTEN 0 100 [::1]:25 [::]:* users:(("master",pid=370,fd=14)) +LISTEN 0 511 [::]:80 [::]:* users:(("nginx",pid=203,fd=11),("nginx",pid=202,fd=11),("nginx",pid=201,fd=11),("nginx",pid=198,fd=11),("nginx",pid=197,fd=11),("nginx",pid=196,fd=11),("nginx",pid=195,fd=11),("nginx",pid=194,fd=11),("nginx",pid=193,fd=11),("nginx",pid=192,fd=11),("nginx",pid=191,fd=11),("nginx",pid=189,fd=11),("nginx",pid=188,fd=11),("nginx",pid=187,fd=11),("nginx",pid=186,fd=11),("nginx",pid=185,fd=11),("nginx",pid=184,fd=11),("nginx",pid=183,fd=11),("nginx",pid=182,fd=11),("nginx",pid=181,fd=11),("nginx",pid=180,fd=11),("nginx",pid=179,fd=11),("nginx",pid=178,fd=11),("nginx",pid=177,fd=11),("nginx",pid=176,fd=11),("nginx",pid=175,fd=11),("nginx",pid=174,fd=11),("nginx",pid=173,fd=11),("nginx",pid=172,fd=11),("nginx",pid=171,fd=11),("nginx",pid=170,fd=11),("nginx",pid=169,fd=11),("nginx",pid=168,fd=11),("nginx",pid=167,fd=11),("nginx",pid=166,fd=11),("nginx",pid=165,fd=11),("nginx",pid=164,fd=11),("nginx",pid=163,fd=11),("nginx",pid=162,fd=11),("nginx",pid=161,fd=11),("nginx",pid=160,fd=11),("nginx",pid=159,fd=11),("nginx",pid=158,fd=11),("nginx",pid=157,fd=11),("nginx",pid=156,fd=11),("nginx",pid=154,fd=11),("nginx",pid=153,fd=11),("nginx",pid=152,fd=11),("nginx",pid=151,fd=11),("nginx",pid=150,fd=11),("nginx",pid=149,fd=11),("nginx",pid=148,fd=11),("nginx",pid=147,fd=11),("nginx",pid=146,fd=11),("nginx",pid=144,fd=11),("nginx",pid=143,fd=11),("nginx",pid=142,fd=11)) +LISTEN 0 4096 *:22 *:* users:(("systemd",pid=1,fd=41)) +LISTEN 0 511 [::]:443 [::]:* users:(("nginx",pid=203,fd=13),("nginx",pid=202,fd=13),("nginx",pid=201,fd=13),("nginx",pid=198,fd=13),("nginx",pid=197,fd=13),("nginx",pid=196,fd=13),("nginx",pid=195,fd=13),("nginx",pid=194,fd=13),("nginx",pid=193,fd=13),("nginx",pid=192,fd=13),("nginx",pid=191,fd=13),("nginx",pid=189,fd=13),("nginx",pid=188,fd=13),("nginx",pid=187,fd=13),("nginx",pid=186,fd=13),("nginx",pid=185,fd=13),("nginx",pid=184,fd=13),("nginx",pid=183,fd=13),("nginx",pid=182,fd=13),("nginx",pid=181,fd=13),("nginx",pid=180,fd=13),("nginx",pid=179,fd=13),("nginx",pid=178,fd=13),("nginx",pid=177,fd=13),("nginx",pid=176,fd=13),("nginx",pid=175,fd=13),("nginx",pid=174,fd=13),("nginx",pid=173,fd=13),("nginx",pid=172,fd=13),("nginx",pid=171,fd=13),("nginx",pid=170,fd=13),("nginx",pid=169,fd=13),("nginx",pid=168,fd=13),("nginx",pid=167,fd=13),("nginx",pid=166,fd=13),("nginx",pid=165,fd=13),("nginx",pid=164,fd=13),("nginx",pid=163,fd=13),("nginx",pid=162,fd=13),("nginx",pid=161,fd=13),("nginx",pid=160,fd=13),("nginx",pid=159,fd=13),("nginx",pid=158,fd=13),("nginx",pid=157,fd=13),("nginx",pid=156,fd=13),("nginx",pid=154,fd=13),("nginx",pid=153,fd=13),("nginx",pid=152,fd=13),("nginx",pid=151,fd=13),("nginx",pid=150,fd=13),("nginx",pid=149,fd=13),("nginx",pid=148,fd=13),("nginx",pid=147,fd=13),("nginx",pid=146,fd=13),("nginx",pid=144,fd=13),("nginx",pid=143,fd=13),("nginx",pid=142,fd=13)) diff --git a/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_2201_verification.json b/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_2201_verification.json new file mode 100644 index 0000000..be5aa0c --- /dev/null +++ b/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_2201_verification.json @@ -0,0 +1,17 @@ +{ + "vmid": 2201, + "hostname": "besu-rpc-public-1", + "host": "r630-02", + "host_ip": "192.168.11.12", + "expected_ip": "192.168.11.221", + "actual_ip": "192.168.11.221", + "status": "running", + "has_nginx": false, + "service_type": "besu", + "config_path": "8545,8546", + "public_domains": ["rpc-http-pub.d-bis.org","rpc-ws-pub.d-bis.org"], + "services": [{"name":"besu-rpc","type":"direct","status":"running"}], + "listening_ports": [{"port":8545,"protocol":"tcp","process":"besu"},{"port":8546,"protocol":"tcp","process":"besu"}], + "health_endpoints": [{"path":"http://192.168.11.221:8545","expected_code":200,"actual_code":200,"status":"pass"}], + "verified_at": "2026-03-02T14:22:22-08:00" + } diff --git a/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_2400_listening_ports.txt b/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_2400_listening_ports.txt new file mode 100644 index 0000000..779fa45 --- /dev/null +++ b/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_2400_listening_ports.txt @@ -0,0 +1,14 @@ +LISTEN 0 4096 127.0.0.1:20241 0.0.0.0:* users:(("cloudflared",pid=543700,fd=3)) +LISTEN 0 511 0.0.0.0:80 0.0.0.0:* users:(("nginx",pid=186,fd=7),("nginx",pid=185,fd=7),("nginx",pid=184,fd=7),("nginx",pid=183,fd=7),("nginx",pid=182,fd=7)) +LISTEN 0 511 0.0.0.0:443 0.0.0.0:* users:(("nginx",pid=186,fd=9),("nginx",pid=185,fd=9),("nginx",pid=184,fd=9),("nginx",pid=183,fd=9),("nginx",pid=182,fd=9)) +LISTEN 0 100 127.0.0.1:25 0.0.0.0:* users:(("master",pid=334,fd=13)) +LISTEN 0 511 *:9645 *:* users:(("node",pid=170005,fd=21)) +LISTEN 0 511 *:9646 *:* users:(("node",pid=170005,fd=20)) +LISTEN 0 4096 *:9547 *:* users:(("java",pid=118,fd=350)) +LISTEN 0 4096 *:8545 *:* users:(("java",pid=118,fd=351)) +LISTEN 0 4096 *:8546 *:* users:(("java",pid=118,fd=352)) +LISTEN 0 100 [::1]:25 [::]:* users:(("master",pid=334,fd=14)) +LISTEN 0 511 [::]:80 [::]:* users:(("nginx",pid=186,fd=8),("nginx",pid=185,fd=8),("nginx",pid=184,fd=8),("nginx",pid=183,fd=8),("nginx",pid=182,fd=8)) +LISTEN 0 4096 *:22 *:* users:(("sshd",pid=194,fd=3),("systemd",pid=1,fd=42)) +LISTEN 0 511 [::]:443 [::]:* users:(("nginx",pid=186,fd=10),("nginx",pid=185,fd=10),("nginx",pid=184,fd=10),("nginx",pid=183,fd=10),("nginx",pid=182,fd=10)) +LISTEN 0 4096 *:30303 *:* users:(("java",pid=118,fd=353)) diff --git a/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_2400_verification.json b/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_2400_verification.json new file mode 100644 index 0000000..9245324 --- /dev/null +++ b/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_2400_verification.json @@ -0,0 +1,17 @@ +{ + "vmid": 2400, + "hostname": "thirdweb-rpc-1", + "host": "ml110", + "host_ip": "192.168.11.10", + "expected_ip": "192.168.11.240", + "actual_ip": "192.168.11.240", + "status": "running", + "has_nginx": true, + "service_type": "nginx", + "config_path": "/etc/nginx/sites-available/rpc-thirdweb", + "public_domains": ["rpc.public-0138.defi-oracle.io"], + "services": [{"name":"nginx","type":"systemd","status":"active"}], + "listening_ports": [], + "health_endpoints": [{"path":"http://192.168.11.240:80","expected_code":200,"actual_code":404,"status":"fail"}], + "verified_at": "2026-03-02T14:22:34-08:00" + } diff --git a/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_5000_listening_ports.txt b/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_5000_listening_ports.txt new file mode 100644 index 0000000..dbc97c8 --- /dev/null +++ b/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_5000_listening_ports.txt @@ -0,0 +1,13 @@ +LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=98,fd=14)) +LISTEN 0 4096 127.0.0.1:34981 0.0.0.0:* users:(("containerd",pid=122,fd=8)) +LISTEN 0 100 127.0.0.1:25 0.0.0.0:* users:(("master",pid=470,fd=13)) +LISTEN 0 4096 0.0.0.0:4000 0.0.0.0:* users:(("docker-proxy",pid=1640248,fd=7)) +LISTEN 0 511 0.0.0.0:80 0.0.0.0:* users:(("nginx",pid=1628657,fd=9),("nginx",pid=1628656,fd=9),("nginx",pid=1628655,fd=9),("nginx",pid=1628654,fd=9),("nginx",pid=1628653,fd=9)) +LISTEN 0 511 0.0.0.0:443 0.0.0.0:* users:(("nginx",pid=1628657,fd=11),("nginx",pid=1628656,fd=11),("nginx",pid=1628655,fd=11),("nginx",pid=1628654,fd=11),("nginx",pid=1628653,fd=11)) +LISTEN 0 100 [::1]:25 [::]:* users:(("master",pid=470,fd=14)) +LISTEN 0 4096 [::]:4000 [::]:* users:(("docker-proxy",pid=1640254,fd=7)) +LISTEN 0 511 *:3001 *:* users:(("node",pid=1676505,fd=18)) +LISTEN 0 511 [::]:80 [::]:* users:(("nginx",pid=1628657,fd=10),("nginx",pid=1628656,fd=10),("nginx",pid=1628655,fd=10),("nginx",pid=1628654,fd=10),("nginx",pid=1628653,fd=10)) +LISTEN 0 4096 *:22 *:* users:(("systemd",pid=1,fd=39)) +LISTEN 0 511 [::]:443 [::]:* users:(("nginx",pid=1628657,fd=12),("nginx",pid=1628656,fd=12),("nginx",pid=1628655,fd=12),("nginx",pid=1628654,fd=12),("nginx",pid=1628653,fd=12)) +LISTEN 0 4096 *:8081 *:* users:(("explorer-config",pid=116,fd=5)) diff --git a/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_5000_verification.json b/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_5000_verification.json new file mode 100644 index 0000000..e0c6012 --- /dev/null +++ b/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_5000_verification.json @@ -0,0 +1,17 @@ +{ + "vmid": 5000, + "hostname": "blockscout-1", + "host": "r630-02", + "host_ip": "192.168.11.12", + "expected_ip": "192.168.11.140", + "actual_ip": "192.168.11.140", + "status": "running", + "has_nginx": true, + "service_type": "nginx", + "config_path": "/etc/nginx/sites-available/blockscout", + "public_domains": ["explorer.d-bis.org"], + "services": [{"name":"nginx","type":"systemd","status":"active"}], + "listening_ports": [], + "health_endpoints": [{"path":"http://192.168.11.140:80","expected_code":200,"actual_code":301,"status":"pass"}], + "verified_at": "2026-03-02T14:23:06-08:00" + } diff --git a/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_5800_listening_ports.txt b/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_5800_listening_ports.txt new file mode 100644 index 0000000..78017b5 --- /dev/null +++ b/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_5800_listening_ports.txt @@ -0,0 +1,8 @@ +LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=80,fd=14)) +LISTEN 0 511 0.0.0.0:443 0.0.0.0:* users:(("nginx",pid=171,fd=6),("nginx",pid=170,fd=6),("nginx",pid=169,fd=6),("nginx",pid=168,fd=6),("nginx",pid=167,fd=6),("nginx",pid=166,fd=6),("nginx",pid=165,fd=6),("nginx",pid=164,fd=6),("nginx",pid=163,fd=6),("nginx",pid=162,fd=6),("nginx",pid=161,fd=6),("nginx",pid=160,fd=6),("nginx",pid=159,fd=6),("nginx",pid=158,fd=6),("nginx",pid=157,fd=6),("nginx",pid=156,fd=6),("nginx",pid=155,fd=6),("nginx",pid=154,fd=6),("nginx",pid=153,fd=6),("nginx",pid=152,fd=6),("nginx",pid=151,fd=6),("nginx",pid=150,fd=6),("nginx",pid=149,fd=6),("nginx",pid=148,fd=6),("nginx",pid=147,fd=6),("nginx",pid=146,fd=6),("nginx",pid=145,fd=6),("nginx",pid=144,fd=6),("nginx",pid=143,fd=6),("nginx",pid=142,fd=6),("nginx",pid=141,fd=6),("nginx",pid=140,fd=6),("nginx",pid=139,fd=6),("nginx",pid=138,fd=6),("nginx",pid=137,fd=6),("nginx",pid=136,fd=6),("nginx",pid=135,fd=6),("nginx",pid=134,fd=6),("nginx",pid=133,fd=6),("nginx",pid=132,fd=6),("nginx",pid=131,fd=6),("nginx",pid=130,fd=6),("nginx",pid=129,fd=6),("nginx",pid=128,fd=6),("nginx",pid=127,fd=6),("nginx",pid=126,fd=6),("nginx",pid=125,fd=6),("nginx",pid=123,fd=6),("nginx",pid=122,fd=6),("nginx",pid=121,fd=6),("nginx",pid=120,fd=6),("nginx",pid=119,fd=6),("nginx",pid=118,fd=6),("nginx",pid=117,fd=6),("nginx",pid=116,fd=6),("nginx",pid=115,fd=6),("nginx",pid=114,fd=6)) +LISTEN 0 4096 0.0.0.0:3308 0.0.0.0:* users:(("docker-proxy",pid=859,fd=8)) +LISTEN 0 100 127.0.0.1:25 0.0.0.0:* users:(("master",pid=357,fd=13)) +LISTEN 0 4096 127.0.0.1:20241 0.0.0.0:* users:(("cloudflared",pid=187,fd=3)) +LISTEN 0 4096 *:22 *:* users:(("systemd",pid=1,fd=48)) +LISTEN 0 4096 [::]:3308 [::]:* users:(("docker-proxy",pid=868,fd=8)) +LISTEN 0 100 [::1]:25 [::]:* users:(("master",pid=357,fd=14)) diff --git a/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_5800_verification.json b/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_5800_verification.json new file mode 100644 index 0000000..e87dc19 --- /dev/null +++ b/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_5800_verification.json @@ -0,0 +1,17 @@ +{ + "vmid": 5800, + "hostname": "mifos", + "host": "r630-02", + "host_ip": "192.168.11.12", + "expected_ip": "192.168.11.85", + "actual_ip": "192.168.11.85", + "status": "running", + "has_nginx": false, + "service_type": "web", + "config_path": "-", + "public_domains": ["mifos.d-bis.org"], + "services": [{"name":"http","type":"direct","status":"running"}], + "listening_ports": [{"port":80,"protocol":"tcp","process":"http"}], + "health_endpoints": [{"path":"http://192.168.11.85:80","expected_code":200,"actual_code":000000,"status":"fail"}], + "verified_at": "2026-03-02T14:22:40-08:00" + } diff --git a/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_5801_listening_ports.txt b/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_5801_listening_ports.txt new file mode 100644 index 0000000..4951037 --- /dev/null +++ b/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_5801_listening_ports.txt @@ -0,0 +1,5 @@ +LISTEN 0 100 127.0.0.1:25 0.0.0.0:* users:(("master",pid=300,fd=13)) +LISTEN 0 511 0.0.0.0:80 0.0.0.0:* users:(("nginx",pid=14267,fd=5),("nginx",pid=14266,fd=5),("nginx",pid=14265,fd=5),("nginx",pid=14264,fd=5),("nginx",pid=1727,fd=5)) +LISTEN 0 100 [::1]:25 [::]:* users:(("master",pid=300,fd=14)) +LISTEN 0 511 [::]:80 [::]:* users:(("nginx",pid=14267,fd=6),("nginx",pid=14266,fd=6),("nginx",pid=14265,fd=6),("nginx",pid=14264,fd=6),("nginx",pid=1727,fd=6)) +LISTEN 0 4096 *:22 *:* users:(("sshd",pid=121,fd=3),("systemd",pid=1,fd=53)) diff --git a/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_5801_verification.json b/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_5801_verification.json new file mode 100644 index 0000000..713d186 --- /dev/null +++ b/docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_5801_verification.json @@ -0,0 +1,17 @@ +{ + "vmid": 5801, + "hostname": "dapp-smom", + "host": "r630-02", + "host_ip": "192.168.11.12", + "expected_ip": "192.168.11.58", + "actual_ip": "192.168.11.58", + "status": "running", + "has_nginx": false, + "service_type": "web", + "config_path": "-", + "public_domains": ["dapp.d-bis.org"], + "services": [{"name":"http","type":"direct","status":"running"}], + "listening_ports": [{"port":80,"protocol":"tcp","process":"http"}], + "health_endpoints": [{"path":"http://192.168.11.58:80","expected_code":200,"actual_code":200,"status":"pass"}], + "verified_at": "2026-03-02T14:22:46-08:00" + } diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/all_e2e_results.json b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/all_e2e_results.json new file mode 100644 index 0000000..13416e7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/all_e2e_results.json @@ -0,0 +1,984 @@ +[ + { + "domain": "ws.rpc-fireblocks.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-04T01:12:49-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc-fireblocks.d-bis.org", + "issuer": "E8", + "expires": "May 22 21:48:21 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true + } + } + }, + { + "domain": "dbis-admin.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-04T01:12:52-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-admin.d-bis.org", + "issuer": "E8", + "expires": "Apr 16 20:56:11 2026 GMT" + }, + "https": { + "status": "warn", + "http_code": 502, + "response_time_seconds": 3.126302 + } + } + }, + { + "domain": "rpc-alltra-3.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-04T01:12:55-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "fail", + "http_code": "502", + "error": "error code: 502" + } + } + }, + { + "domain": "mifos.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-04T01:12:56-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "warn", + "http_code": 502, + "response_time_seconds": 0.125696 + } + } + }, + { + "domain": "rpc-hybx-2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-04T01:12:56-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "fail", + "http_code": "502", + "error": "error code: 502" + } + } + }, + { + "domain": "cacti-hybx.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-04T01:12:57-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "warn", + "http_code": 502, + "response_time_seconds": 0.093134 + } + } + }, + { + "domain": "sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-04T01:12:57-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "sankofa.nexus", + "issuer": "E7", + "expires": "Apr 16 20:58:17 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.089084, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-04T01:12:57-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "fail", + "http_code": "502", + "error": "error code: 502" + } + } + }, + { + "domain": "rpc-http-pub.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-04T01:12:58-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc.public-0138.defi-oracle.io", + "domain_type": "rpc-http", + "timestamp": "2026-03-04T01:12:58-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.91.43", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "defi-oracle.io", + "issuer": "Cloudflare TLS Issuing ECC CA 3", + "expires": "Jun 2 08:38:04 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "studio.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-04T01:12:58-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.39.10", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "sankofa.nexus", + "issuer": "WE1", + "expires": "May 6 03:30:54 2026 GMT" + }, + "https": { + "status": "warn", + "http_code": 404, + "response_time_seconds": 0.130726 + } + } + }, + { + "domain": "dbis-api.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-04T01:12:59-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-api.d-bis.org", + "issuer": "E8", + "expires": "Apr 16 20:56:33 2026 GMT" + }, + "https": { + "status": "warn", + "http_code": 502, + "response_time_seconds": 3.126570 + } + } + }, + { + "domain": "rpc-hybx-3.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-04T01:13:03-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "fail", + "http_code": "502", + "error": "error code: 502" + } + } + }, + { + "domain": "rpc.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-04T01:13:04-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "dapp.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-04T01:13:04-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.119344, + "has_hsts": true, + "has_csp": true, + "has_xfo": false + } + } + }, + { + "domain": "www.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-04T01:13:04-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.sankofa.nexus", + "issuer": "E7", + "expires": "Apr 16 20:59:41 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.075866, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-04T01:13:05-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "mim4u.org", + "issuer": "E7", + "expires": "Apr 16 20:57:01 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.054379, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "ws.rpc.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-04T01:13:06-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc.d-bis.org", + "issuer": "E8", + "expires": "Apr 30 03:43:05 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true + } + } + }, + { + "domain": "phoenix.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-04T01:13:08-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "phoenix.sankofa.nexus", + "issuer": "E8", + "expires": "Apr 16 20:57:08 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.053991, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "www.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-04T01:13:09-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.mim4u.org", + "issuer": "E7", + "expires": "Apr 16 20:59:17 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.033360, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "wss.defi-oracle.io", + "domain_type": "rpc-ws", + "timestamp": "2026-03-04T01:13:09-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "wss.defi-oracle.io", + "issuer": "E8", + "expires": "Apr 30 03:44:57 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true + } + } + }, + { + "domain": "the-order.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-04T01:13:11-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "the-order.sankofa.nexus", + "issuer": "E8", + "expires": "Apr 16 20:58:53 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.031307, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-04T01:13:12-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-ws-pub.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-04T01:13:12-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-ws-pub.d-bis.org", + "issuer": "E7", + "expires": "Apr 16 20:57:51 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true + } + } + }, + { + "domain": "dev.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-04T01:13:14-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.091475, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra-2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-04T01:13:15-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "fail", + "http_code": "502", + "error": "error code: 502" + } + } + }, + { + "domain": "rpc-http-prv.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-04T01:13:15-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "www.phoenix.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-04T01:13:15-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.phoenix.sankofa.nexus", + "issuer": "E8", + "expires": "Apr 16 20:59:28 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.025857, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "gitea.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-04T01:13:16-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.116253, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "secure.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-04T01:13:16-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "secure.mim4u.org", + "issuer": "E8", + "expires": "Apr 16 20:58:40 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.042557, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-fireblocks.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-04T01:13:16-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-fireblocks.d-bis.org", + "issuer": "E8", + "expires": "May 22 21:47:15 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "training.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-04T01:13:16-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "training.mim4u.org", + "issuer": "E7", + "expires": "Apr 16 20:59:06 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.035898, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "explorer.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-04T01:13:17-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "explorer.d-bis.org", + "issuer": "R13", + "expires": "Mar 23 20:48:12 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.010479, + "has_hsts": false, + "has_csp": false, + "has_xfo": false + }, + "blockscout_api": { + "status": "pass", + "http_code": 200 + } + } + }, + { + "domain": "dbis-api-2.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-04T01:13:17-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-api-2.d-bis.org", + "issuer": "E8", + "expires": "Apr 16 20:56:22 2026 GMT" + }, + "https": { + "status": "warn", + "http_code": 502, + "response_time_seconds": 3.094985 + } + } + }, + { + "domain": "secure.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-04T01:13:20-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "secure.d-bis.org", + "issuer": "E7", + "expires": "Apr 16 20:58:28 2026 GMT" + }, + "https": { + "status": "warn", + "http_code": 502, + "response_time_seconds": 3.091145 + } + } + }, + { + "domain": "rpc-hybx.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-04T01:13:24-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "fail", + "http_code": "502", + "error": "error code: 502" + } + } + }, + { + "domain": "codespaces.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-04T01:13:24-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.106187, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "rpc.defi-oracle.io", + "domain_type": "rpc-http", + "timestamp": "2026-03-04T01:13:24-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.91.43", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "rpc.defi-oracle.io", + "issuer": "Cloudflare TLS Issuing ECC CA 3", + "expires": "May 7 09:51:23 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-ws-prv.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-04T01:13:25-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-ws-prv.d-bis.org", + "issuer": "E7", + "expires": "Apr 16 20:57:38 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true + } + } + }, + { + "domain": "cacti-alltra.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-04T01:13:27-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "warn", + "http_code": 502, + "response_time_seconds": 0.105093 + } + } + }, + { + "domain": "ws.rpc2.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-04T01:13:28-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc2.d-bis.org", + "issuer": "E7", + "expires": "Apr 30 03:43:58 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true + } + } + } +] diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/cacti-alltra_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/cacti-alltra_d-bis_org_https_headers.txt new file mode 100644 index 0000000..56586d4 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/cacti-alltra_d-bis_org_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 502 +date: Wed, 04 Mar 2026 09:13:28 GMT +content-type: text/plain; charset=UTF-8 +content-length: 15 +cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 +expires: Thu, 01 Jan 1970 00:00:01 GMT +referrer-policy: same-origin +x-frame-options: SAMEORIGIN +server: cloudflare +cf-ray: 9d6fc3de2eb76d31-LAX +alt-svc: h3=":443"; ma=86400 + + +0.105093 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/cacti-hybx_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/cacti-hybx_d-bis_org_https_headers.txt new file mode 100644 index 0000000..938d4b4 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/cacti-hybx_d-bis_org_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 502 +date: Wed, 04 Mar 2026 09:12:57 GMT +content-type: text/plain; charset=UTF-8 +content-length: 15 +cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 +expires: Thu, 01 Jan 1970 00:00:01 GMT +referrer-policy: same-origin +x-frame-options: SAMEORIGIN +server: cloudflare +cf-ray: 9d6fc31de8ff5126-LAX +alt-svc: h3=":443"; ma=86400 + + +0.093134 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/codespaces_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/codespaces_d-bis_org_https_headers.txt new file mode 100644 index 0000000..3397b49 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/codespaces_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Wed, 04 Mar 2026 09:13:24 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=qcGNKSl%2B1%2FhpZwhct9EaLDagq7IWtDHkEu2oS6Lo%2FUWgaiwE51zIt6Yezia8u7P6opUyzaluK8AprwkuF%2FL0XERSyVu6l3AduDyZS9JCIZYTxBP0"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9d6fc3c95e0e2ec6-LAX +alt-svc: h3=":443"; ma=86400 + + +0.106187 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/dapp_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/dapp_d-bis_org_https_headers.txt new file mode 100644 index 0000000..0f005a5 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/dapp_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Wed, 04 Mar 2026 09:13:04 GMT +content-type: text/html +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' https: wss: http://192.168.11.221:8545 ws://192.168.11.221:8546 https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org; frame-src 'self' https:; frame-ancestors 'self'; +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=KxOr8L%2F%2FUwRNWcWqJJf%2BIFs9ARU6eNty3NSDyo4YVAImfqWN7FF0zQMBLNqcJ1LzrWPqzIzCOxDVYK30Ue3GAZKlJ3nXiUG3ypTGHNe9"}]} +last-modified: Sun, 22 Feb 2026 04:25:15 GMT +vary: Accept-Encoding +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +server: cloudflare +cf-ray: 9d6fc34cde8b19db-LAX +alt-svc: h3=":443"; ma=86400 + + +0.119344 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/dbis-admin_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/dbis-admin_d-bis_org_https_headers.txt new file mode 100644 index 0000000..561764e --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/dbis-admin_d-bis_org_https_headers.txt @@ -0,0 +1,18 @@ +HTTP/2 502 +date: Wed, 04 Mar 2026 09:12:55 GMT +content-type: text/html +content-length: 122 +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +3.126302 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/dbis-api-2_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/dbis-api-2_d-bis_org_https_headers.txt new file mode 100644 index 0000000..185edd7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/dbis-api-2_d-bis_org_https_headers.txt @@ -0,0 +1,18 @@ +HTTP/2 502 +date: Wed, 04 Mar 2026 09:13:20 GMT +content-type: text/html +content-length: 122 +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +3.094985 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/dbis-api_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/dbis-api_d-bis_org_https_headers.txt new file mode 100644 index 0000000..fbd5d11 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/dbis-api_d-bis_org_https_headers.txt @@ -0,0 +1,18 @@ +HTTP/2 502 +date: Wed, 04 Mar 2026 09:13:03 GMT +content-type: text/html +content-length: 122 +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +3.126570 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/dev_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/dev_d-bis_org_https_headers.txt new file mode 100644 index 0000000..e6e3103 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/dev_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Wed, 04 Mar 2026 09:13:15 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=jtptiHBbOF1Y6MMarNhpKn6Yn%2FX9IISgmgj2aYgKE5E8fCTMepKblTf5HzA%2BcphjwRiCiPpmKW%2FwLbT%2Bk2IntjQP0jvzbA8HLELeUrw%3D"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9d6fc38d6a81b8d4-LAX +alt-svc: h3=":443"; ma=86400 + + +0.091475 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/explorer_d-bis_org_blockscout_api.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/explorer_d-bis_org_blockscout_api.txt new file mode 100644 index 0000000..ebe0b43 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/explorer_d-bis_org_blockscout_api.txt @@ -0,0 +1 @@ +{"average_block_time":2.0e3,"coin_image":"https://coin-images.coingecko.com/coins/images/39140/small/ETH.png?1720706783","coin_price":"1969.73","coin_price_change_percentage":-2.89,"gas_price_updated_at":"2026-03-04T09:13:08.999454Z","gas_prices":{"slow":0.01,"average":0.01,"fast":0.01},"gas_prices_update_in":23065,"gas_used_today":"680967","market_cap":"0.000","network_utilization_percentage":0.0,"secondary_coin_image":null,"secondary_coin_price":null,"static_gas_price":null,"total_addresses":"233","total_blocks":"2547804","total_gas_used":"0","total_transactions":"13578","transactions_today":"16","tvl":null} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/explorer_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/explorer_d-bis_org_https_headers.txt new file mode 100644 index 0000000..4f4caac --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/explorer_d-bis_org_https_headers.txt @@ -0,0 +1,12 @@ +HTTP/2 200 +server: nginx/1.18.0 (Ubuntu) +date: Wed, 04 Mar 2026 09:13:17 GMT +content-type: text/html +content-length: 60718 +last-modified: Sun, 01 Mar 2026 19:27:01 GMT +etag: "69a49305-ed2e" +cache-control: no-store, no-cache, must-revalidate +accept-ranges: bytes + + +0.010479 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/gitea_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/gitea_d-bis_org_https_headers.txt new file mode 100644 index 0000000..8f91995 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/gitea_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Wed, 04 Mar 2026 09:13:16 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=DADqu2sx18WR1tYPUg6vJ2ATks9BkJV6XPNvZZ7Ejbd3%2FnSxv5KJ9tZq4sEqcEOKtfRZLk29CKzK6R7mXSSV75EUbrm6gAMO8v4eBrmGqQ%3D%3D"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9d6fc394fd149dfc-LAX +alt-svc: h3=":443"; ma=86400 + + +0.116253 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/mifos_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/mifos_d-bis_org_https_headers.txt new file mode 100644 index 0000000..06ea3e9 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/mifos_d-bis_org_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 502 +date: Wed, 04 Mar 2026 09:12:56 GMT +content-type: text/plain; charset=UTF-8 +content-length: 15 +cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 +expires: Thu, 01 Jan 1970 00:00:01 GMT +referrer-policy: same-origin +x-frame-options: SAMEORIGIN +server: cloudflare +cf-ray: 9d6fc31959f108d0-LAX +alt-svc: h3=":443"; ma=86400 + + +0.125696 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/mim4u_org_https_headers.txt new file mode 100644 index 0000000..c0511da --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Wed, 04 Mar 2026 09:13:06 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/phoenix_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/phoenix_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..f2391d7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/phoenix_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Wed, 04 Mar 2026 09:13:09 GMT +content-type: text/html +content-length: 60718 +vary: Accept-Encoding +last-modified: Sun, 01 Mar 2026 19:27:01 GMT +etag: "69a49305-ed2e" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-alltra-2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-alltra-2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..322c1fe --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-alltra-2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +error code: 502 \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-alltra-3_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-alltra-3_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..322c1fe --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-alltra-3_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +error code: 502 \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-alltra_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-alltra_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..322c1fe --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-alltra_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +error code: 502 \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-fireblocks_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-fireblocks_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-fireblocks_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-http-prv_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-http-prv_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-http-prv_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-http-pub_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-http-pub_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-http-pub_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-hybx-2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-hybx-2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..322c1fe --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-hybx-2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +error code: 502 \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-hybx-3_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-hybx-3_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..322c1fe --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-hybx-3_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +error code: 502 \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-hybx_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-hybx_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..322c1fe --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-hybx_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +error code: 502 \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc_defi-oracle_io_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc_defi-oracle_io_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc_defi-oracle_io_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc_public-0138_defi-oracle_io_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc_public-0138_defi-oracle_io_rpc_response.txt new file mode 100644 index 0000000..a55ebe8 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc_public-0138_defi-oracle_io_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","result":"0x8a","id":1} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..cfe03a0 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/sankofa_nexus_https_headers.txt @@ -0,0 +1,19 @@ +HTTP/2 200 +date: Wed, 04 Mar 2026 09:12:57 GMT +content-type: text/html +content-length: 60718 +vary: Accept-Encoding +last-modified: Sun, 01 Mar 2026 19:27:01 GMT +etag: "69a49305-ed2e" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +strict-transport-security: max-age=63072000; includeSubDomains; preload +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.089084 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/secure_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/secure_d-bis_org_https_headers.txt new file mode 100644 index 0000000..d669592 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/secure_d-bis_org_https_headers.txt @@ -0,0 +1,18 @@ +HTTP/2 502 +date: Wed, 04 Mar 2026 09:13:24 GMT +content-type: text/html +content-length: 122 +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +3.091145 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/secure_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/secure_mim4u_org_https_headers.txt new file mode 100644 index 0000000..c6b8a5f --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/secure_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Wed, 04 Mar 2026 09:13:16 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/studio_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/studio_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..54e893a --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/studio_sankofa_nexus_https_headers.txt @@ -0,0 +1,13 @@ +HTTP/2 404 +date: Wed, 04 Mar 2026 09:12:59 GMT +content-type: application/json +vary: Accept-Encoding +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +cf-cache-status: DYNAMIC +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=uPpiXv3dqzJldasZIWQPpjLwK3Ld%2BicomTPz0JrKuQUXahX98AGj%2BkcuPLqauyotqEl0z2ia8%2F%2BWAb9pMEvr2IwBgY%2FHlvGbvN6%2Be9gJ%2F6MxSeZC"}]} +server: cloudflare +cf-ray: 9d6fc32abb29d4d9-LAX +alt-svc: h3=":443"; ma=86400 + + +0.130726 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/the-order_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/the-order_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..bd6b4df --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/the-order_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Wed, 04 Mar 2026 09:13:12 GMT +content-type: text/html +content-length: 60718 +vary: Accept-Encoding +last-modified: Sun, 01 Mar 2026 19:27:01 GMT +etag: "69a49305-ed2e" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/training_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/training_mim4u_org_https_headers.txt new file mode 100644 index 0000000..93e6963 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/training_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Wed, 04 Mar 2026 09:13:17 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/verification_report.md b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/verification_report.md new file mode 100644 index 0000000..71a0e7f --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/verification_report.md @@ -0,0 +1,321 @@ +# End-to-End Routing Verification Report + +**Date**: 2026-03-04T01:13:30-08:00 +**Public IP**: 76.53.10.36 +**Verifier**: intlc + +## Summary + +- **Total domains tested**: 41 +- **DNS tests passed**: 41 +- **HTTPS tests passed**: 14 +- **Failed tests**: 6 +- **Skipped / optional (not configured or unreachable)**: 0 +- **Average response time**: 0.6263494545454547s + +## Test Results by Domain + + +### ws.rpc-fireblocks.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### dbis-admin.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: warn +- Details: See `all_e2e_results.json` + +### rpc-alltra-3.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: fail +- Details: See `all_e2e_results.json` + +### mifos.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: warn +- Details: See `all_e2e_results.json` + +### rpc-hybx-2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: fail +- Details: See `all_e2e_results.json` + +### cacti-hybx.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: warn +- Details: See `all_e2e_results.json` + +### sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: fail +- Details: See `all_e2e_results.json` + +### rpc-http-pub.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc.public-0138.defi-oracle.io +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### studio.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: warn +- Details: See `all_e2e_results.json` + +### dbis-api.d-bis.org +- Type: api +- DNS: pass +- SSL: pass +- HTTPS: warn +- Details: See `all_e2e_results.json` + +### rpc-hybx-3.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: fail +- Details: See `all_e2e_results.json` + +### rpc.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### dapp.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### ws.rpc.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### phoenix.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### wss.defi-oracle.io +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### the-order.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-ws-pub.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### dev.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra-2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: fail +- Details: See `all_e2e_results.json` + +### rpc-http-prv.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### www.phoenix.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### gitea.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### secure.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-fireblocks.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### training.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### explorer.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Blockscout API: pass +- Details: See `all_e2e_results.json` + +### dbis-api-2.d-bis.org +- Type: api +- DNS: pass +- SSL: pass +- HTTPS: warn +- Details: See `all_e2e_results.json` + +### secure.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: warn +- Details: See `all_e2e_results.json` + +### rpc-hybx.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: fail +- Details: See `all_e2e_results.json` + +### codespaces.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc.defi-oracle.io +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-ws-prv.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### cacti-alltra.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: warn +- Details: See `all_e2e_results.json` + +### ws.rpc2.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +## Files Generated + +- `all_e2e_results.json` - Complete E2E test results +- `*_https_headers.txt` - HTTP response headers per domain +- `*_rpc_response.txt` - RPC response per domain +- `verification_report.md` - This report + +## Notes + +- **Optional domains:** Domains in `E2E_OPTIONAL_WHEN_FAIL` (default: many d-bis.org/sankofa/mim4u/rpc) have any fail treated as skip so the run passes when off-LAN or services unreachable. Set `E2E_OPTIONAL_WHEN_FAIL=` (empty) for strict mode. +- WebSocket tests require `wscat` tool: `npm install -g wscat` +- Internal connectivity tests require access to NPMplus container +- Explorer (explorer.d-bis.org): optional Blockscout API check; use `SKIP_BLOCKSCOUT_API=1` to skip when backend is unreachable (e.g. off-LAN). Fix runbook: docs/03-deployment/BLOCKSCOUT_FIX_RUNBOOK.md + +## Next Steps + +1. Review test results for each domain +2. Investigate any failed tests +3. Test WebSocket connections for RPC WS domains (if wscat available) +4. Test internal connectivity from NPMplus container +5. Update source-of-truth JSON after verification diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/www_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/www_mim4u_org_https_headers.txt new file mode 100644 index 0000000..c7c99e6 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/www_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Wed, 04 Mar 2026 09:13:09 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/www_phoenix_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/www_phoenix_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..429133d --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/www_phoenix_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Wed, 04 Mar 2026 09:13:16 GMT +content-type: text/html +content-length: 60718 +vary: Accept-Encoding +last-modified: Sun, 01 Mar 2026 19:27:01 GMT +etag: "69a49305-ed2e" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/www_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/www_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..2de09fc --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/www_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Wed, 04 Mar 2026 09:13:05 GMT +content-type: text/html +content-length: 60718 +vary: Accept-Encoding +last-modified: Sun, 01 Mar 2026 19:27:01 GMT +etag: "69a49305-ed2e" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/all_e2e_results.json b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/all_e2e_results.json new file mode 100644 index 0000000..00a556d --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/all_e2e_results.json @@ -0,0 +1,984 @@ +[ + { + "domain": "ws.rpc-fireblocks.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-04T01:29:23-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc-fireblocks.d-bis.org", + "issuer": "E8", + "expires": "May 22 21:48:21 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true + } + } + }, + { + "domain": "dbis-admin.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-04T01:29:26-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-admin.d-bis.org", + "issuer": "E8", + "expires": "Apr 16 20:56:11 2026 GMT" + }, + "https": { + "status": "warn", + "http_code": 502, + "response_time_seconds": 3.116652 + } + } + }, + { + "domain": "rpc-alltra-3.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-04T01:29:29-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "fail", + "http_code": "502", + "error": "error code: 502" + } + } + }, + { + "domain": "mifos.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-04T01:29:29-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "warn", + "http_code": 502, + "response_time_seconds": 0.105002 + } + } + }, + { + "domain": "rpc-hybx-2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-04T01:29:29-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "fail", + "http_code": "502", + "error": "error code: 502" + } + } + }, + { + "domain": "cacti-hybx.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-04T01:29:30-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "warn", + "http_code": 502, + "response_time_seconds": 0.106441 + } + } + }, + { + "domain": "sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-04T01:29:30-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "sankofa.nexus", + "issuer": "E7", + "expires": "Apr 16 20:58:17 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.081754, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-04T01:29:31-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "fail", + "http_code": "502", + "error": "error code: 502" + } + } + }, + { + "domain": "rpc-http-pub.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-04T01:29:31-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc.public-0138.defi-oracle.io", + "domain_type": "rpc-http", + "timestamp": "2026-03-04T01:29:31-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.209.228", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "defi-oracle.io", + "issuer": "Cloudflare TLS Issuing ECC CA 3", + "expires": "Jun 2 08:38:04 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "studio.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-04T01:29:32-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.39.10", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "sankofa.nexus", + "issuer": "WE1", + "expires": "May 6 03:30:54 2026 GMT" + }, + "https": { + "status": "warn", + "http_code": 404, + "response_time_seconds": 0.137508 + } + } + }, + { + "domain": "dbis-api.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-04T01:29:32-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-api.d-bis.org", + "issuer": "E8", + "expires": "Apr 16 20:56:33 2026 GMT" + }, + "https": { + "status": "warn", + "http_code": 502, + "response_time_seconds": 3.135939 + } + } + }, + { + "domain": "rpc-hybx-3.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-04T01:29:35-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "fail", + "http_code": "502", + "error": "error code: 502" + } + } + }, + { + "domain": "rpc.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-04T01:29:36-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "dapp.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-04T01:29:36-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.128018, + "has_hsts": true, + "has_csp": true, + "has_xfo": false + } + } + }, + { + "domain": "www.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-04T01:29:36-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.sankofa.nexus", + "issuer": "E7", + "expires": "Apr 16 20:59:41 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.038849, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-04T01:29:37-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "mim4u.org", + "issuer": "E7", + "expires": "Apr 16 20:57:01 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.039079, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "ws.rpc.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-04T01:29:37-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc.d-bis.org", + "issuer": "E8", + "expires": "Apr 30 03:43:05 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true + } + } + }, + { + "domain": "phoenix.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-04T01:29:39-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "phoenix.sankofa.nexus", + "issuer": "E8", + "expires": "Apr 16 20:57:08 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.024291, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "www.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-04T01:29:40-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.mim4u.org", + "issuer": "E7", + "expires": "Apr 16 20:59:17 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.024778, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "wss.defi-oracle.io", + "domain_type": "rpc-ws", + "timestamp": "2026-03-04T01:29:40-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "wss.defi-oracle.io", + "issuer": "E8", + "expires": "Apr 30 03:44:57 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true + } + } + }, + { + "domain": "the-order.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-04T01:29:42-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "the-order.sankofa.nexus", + "issuer": "E8", + "expires": "Apr 16 20:58:53 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.031438, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-04T01:29:43-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-ws-pub.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-04T01:29:43-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-ws-pub.d-bis.org", + "issuer": "E7", + "expires": "Apr 16 20:57:51 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true + } + } + }, + { + "domain": "dev.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-04T01:29:46-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.094902, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra-2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-04T01:29:46-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "fail", + "http_code": "502", + "error": "error code: 502" + } + } + }, + { + "domain": "rpc-http-prv.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-04T01:29:46-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "www.phoenix.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-04T01:29:47-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.phoenix.sankofa.nexus", + "issuer": "E8", + "expires": "Apr 16 20:59:28 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.031716, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "gitea.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-04T01:29:47-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.094488, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "secure.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-04T01:29:47-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "secure.mim4u.org", + "issuer": "E8", + "expires": "Apr 16 20:58:40 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.030639, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-fireblocks.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-04T01:29:48-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-fireblocks.d-bis.org", + "issuer": "E8", + "expires": "May 22 21:47:15 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "training.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-04T01:29:48-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "training.mim4u.org", + "issuer": "E7", + "expires": "Apr 16 20:59:06 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.033677, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "explorer.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-04T01:29:48-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "explorer.d-bis.org", + "issuer": "R13", + "expires": "Mar 23 20:48:12 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.008496, + "has_hsts": false, + "has_csp": false, + "has_xfo": false + }, + "blockscout_api": { + "status": "pass", + "http_code": 200 + } + } + }, + { + "domain": "dbis-api-2.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-04T01:29:48-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-api-2.d-bis.org", + "issuer": "E8", + "expires": "Apr 16 20:56:22 2026 GMT" + }, + "https": { + "status": "warn", + "http_code": 502, + "response_time_seconds": 3.116963 + } + } + }, + { + "domain": "secure.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-04T01:29:52-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "secure.d-bis.org", + "issuer": "E7", + "expires": "Apr 16 20:58:28 2026 GMT" + }, + "https": { + "status": "warn", + "http_code": 502, + "response_time_seconds": 3.088830 + } + } + }, + { + "domain": "rpc-hybx.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-04T01:29:55-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "fail", + "http_code": "502", + "error": "error code: 502" + } + } + }, + { + "domain": "codespaces.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-04T01:29:55-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.117443, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "rpc.defi-oracle.io", + "domain_type": "rpc-http", + "timestamp": "2026-03-04T01:29:55-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.91.43", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "rpc.defi-oracle.io", + "issuer": "Cloudflare TLS Issuing ECC CA 3", + "expires": "May 7 09:51:23 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-ws-prv.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-04T01:29:56-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-ws-prv.d-bis.org", + "issuer": "E7", + "expires": "Apr 16 20:57:38 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true + } + } + }, + { + "domain": "cacti-alltra.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-04T01:29:58-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "warn", + "http_code": 502, + "response_time_seconds": 0.102323 + } + } + }, + { + "domain": "ws.rpc2.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-04T01:29:59-08:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc2.d-bis.org", + "issuer": "E7", + "expires": "Apr 30 03:43:58 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true + } + } + } +] diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/cacti-alltra_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/cacti-alltra_d-bis_org_https_headers.txt new file mode 100644 index 0000000..5147074 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/cacti-alltra_d-bis_org_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 502 +date: Wed, 04 Mar 2026 09:29:58 GMT +content-type: text/plain; charset=UTF-8 +content-length: 15 +cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 +expires: Thu, 01 Jan 1970 00:00:01 GMT +referrer-policy: same-origin +x-frame-options: SAMEORIGIN +server: cloudflare +cf-ray: 9d6fdc0f7fe7f472-LAX +alt-svc: h3=":443"; ma=86400 + + +0.102323 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/cacti-hybx_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/cacti-hybx_d-bis_org_https_headers.txt new file mode 100644 index 0000000..58c8079 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/cacti-hybx_d-bis_org_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 502 +date: Wed, 04 Mar 2026 09:29:30 GMT +content-type: text/plain; charset=UTF-8 +content-length: 15 +cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 +expires: Thu, 01 Jan 1970 00:00:01 GMT +referrer-policy: same-origin +x-frame-options: SAMEORIGIN +server: cloudflare +cf-ray: 9d6fdb5dde2bf644-LAX +alt-svc: h3=":443"; ma=86400 + + +0.106441 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/codespaces_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/codespaces_d-bis_org_https_headers.txt new file mode 100644 index 0000000..4f36ddc --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/codespaces_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Wed, 04 Mar 2026 09:29:55 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=cHY4doyyhvKYjQr8fXfCegmWRrBKkPIka4AVIUx%2F83aq4Jz10UF8EZ5XZ%2B5BvSbngd4hS85rZpmfJVisEZ0G5ktEBaBnwkNX7ntT2XNwp8U4NBY8"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9d6fdbfc5b95792b-LAX +alt-svc: h3=":443"; ma=86400 + + +0.117443 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/dapp_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/dapp_d-bis_org_https_headers.txt new file mode 100644 index 0000000..15caf9c --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/dapp_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Wed, 04 Mar 2026 09:29:36 GMT +content-type: text/html +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' https: wss: http://192.168.11.221:8545 ws://192.168.11.221:8546 https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org; frame-src 'self' https:; frame-ancestors 'self'; +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=WNfI679OrWbBJ9Da%2FI9D2Q6wY%2BKqcUMBZkfFx9UqoPIuf2Sme1dZ58FpaVOP9p85QNhhuNECS0L16LClwlv%2B6iV32IZ7S%2FKvpRrHn2D1"}]} +last-modified: Sun, 22 Feb 2026 04:25:15 GMT +vary: Accept-Encoding +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +server: cloudflare +cf-ray: 9d6fdb854f412b6a-LAX +alt-svc: h3=":443"; ma=86400 + + +0.128018 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/dbis-admin_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/dbis-admin_d-bis_org_https_headers.txt new file mode 100644 index 0000000..df6574c --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/dbis-admin_d-bis_org_https_headers.txt @@ -0,0 +1,18 @@ +HTTP/2 502 +date: Wed, 04 Mar 2026 09:29:29 GMT +content-type: text/html +content-length: 122 +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +3.116652 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/dbis-api-2_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/dbis-api-2_d-bis_org_https_headers.txt new file mode 100644 index 0000000..4849f4e --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/dbis-api-2_d-bis_org_https_headers.txt @@ -0,0 +1,18 @@ +HTTP/2 502 +date: Wed, 04 Mar 2026 09:29:52 GMT +content-type: text/html +content-length: 122 +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +3.116963 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/dbis-api_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/dbis-api_d-bis_org_https_headers.txt new file mode 100644 index 0000000..f01b7e5 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/dbis-api_d-bis_org_https_headers.txt @@ -0,0 +1,18 @@ +HTTP/2 502 +date: Wed, 04 Mar 2026 09:29:35 GMT +content-type: text/html +content-length: 122 +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +3.135939 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/dev_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/dev_d-bis_org_https_headers.txt new file mode 100644 index 0000000..6f3cc22 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/dev_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Wed, 04 Mar 2026 09:29:46 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=QXDHS%2FsWWkgLIKzfmV1O1HBziueE%2BSOa284IyBIOu56U%2BgjUEpF9t7z%2FBldFe9rBqpiDd5jQS2V84d3yzOzOM3n%2BP%2BqvVL6uGBpipwU%3D"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9d6fdbc0399aa158-LAX +alt-svc: h3=":443"; ma=86400 + + +0.094902 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/explorer_d-bis_org_blockscout_api.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/explorer_d-bis_org_blockscout_api.txt new file mode 100644 index 0000000..66df310 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/explorer_d-bis_org_blockscout_api.txt @@ -0,0 +1 @@ +{"average_block_time":2.0e3,"coin_image":"https://coin-images.coingecko.com/coins/images/39140/small/ETH.png?1720706783","coin_price":"1971.35","coin_price_change_percentage":-2.81,"gas_price_updated_at":"2026-03-04T09:29:41.994544Z","gas_prices":{"slow":0.01,"average":0.01,"fast":0.01},"gas_prices_update_in":24828,"gas_used_today":"680967","market_cap":"0.000","network_utilization_percentage":0.0,"secondary_coin_image":null,"secondary_coin_price":null,"static_gas_price":null,"total_addresses":"233","total_blocks":"2547804","total_gas_used":"0","total_transactions":"13578","transactions_today":"16","tvl":null} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/explorer_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/explorer_d-bis_org_https_headers.txt new file mode 100644 index 0000000..e518526 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/explorer_d-bis_org_https_headers.txt @@ -0,0 +1,12 @@ +HTTP/2 200 +server: nginx/1.18.0 (Ubuntu) +date: Wed, 04 Mar 2026 09:29:48 GMT +content-type: text/html +content-length: 60718 +last-modified: Sun, 01 Mar 2026 19:27:01 GMT +etag: "69a49305-ed2e" +cache-control: no-store, no-cache, must-revalidate +accept-ranges: bytes + + +0.008496 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/gitea_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/gitea_d-bis_org_https_headers.txt new file mode 100644 index 0000000..b851ca8 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/gitea_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Wed, 04 Mar 2026 09:29:47 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=RAjSZOkwKCm2mhUUwPf8boBiw0ipXjgVrfgE9y7CQ2GKu%2FJahuDmT3mpyEv7SWHcL0rkSA6IqByxwxZn%2BBcIMtuC3X%2BsBPkJYBmqS8ZWOQ%3D%3D"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9d6fdbc8ca786f97-LAX +alt-svc: h3=":443"; ma=86400 + + +0.094488 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/mifos_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/mifos_d-bis_org_https_headers.txt new file mode 100644 index 0000000..62821aa --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/mifos_d-bis_org_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 502 +date: Wed, 04 Mar 2026 09:29:29 GMT +content-type: text/plain; charset=UTF-8 +content-length: 15 +cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 +expires: Thu, 01 Jan 1970 00:00:01 GMT +referrer-policy: same-origin +x-frame-options: SAMEORIGIN +server: cloudflare +cf-ray: 9d6fdb59ce770fbb-LAX +alt-svc: h3=":443"; ma=86400 + + +0.105002 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/mim4u_org_https_headers.txt new file mode 100644 index 0000000..f72383a --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Wed, 04 Mar 2026 09:29:37 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/phoenix_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/phoenix_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..d27ab14 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/phoenix_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Wed, 04 Mar 2026 09:29:40 GMT +content-type: text/html +content-length: 60718 +vary: Accept-Encoding +last-modified: Sun, 01 Mar 2026 19:27:01 GMT +etag: "69a49305-ed2e" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-alltra-2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-alltra-2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..322c1fe --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-alltra-2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +error code: 502 \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-alltra-3_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-alltra-3_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..322c1fe --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-alltra-3_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +error code: 502 \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-alltra_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-alltra_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..322c1fe --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-alltra_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +error code: 502 \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-fireblocks_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-fireblocks_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-fireblocks_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-http-prv_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-http-prv_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-http-prv_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-http-pub_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-http-pub_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-http-pub_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-hybx-2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-hybx-2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..322c1fe --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-hybx-2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +error code: 502 \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-hybx-3_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-hybx-3_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..322c1fe --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-hybx-3_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +error code: 502 \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-hybx_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-hybx_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..322c1fe --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-hybx_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +error code: 502 \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc_defi-oracle_io_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc_defi-oracle_io_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc_defi-oracle_io_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc_public-0138_defi-oracle_io_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc_public-0138_defi-oracle_io_rpc_response.txt new file mode 100644 index 0000000..a55ebe8 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc_public-0138_defi-oracle_io_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","result":"0x8a","id":1} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..0b0021a --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/sankofa_nexus_https_headers.txt @@ -0,0 +1,19 @@ +HTTP/2 200 +date: Wed, 04 Mar 2026 09:29:30 GMT +content-type: text/html +content-length: 60718 +vary: Accept-Encoding +last-modified: Sun, 01 Mar 2026 19:27:01 GMT +etag: "69a49305-ed2e" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +strict-transport-security: max-age=63072000; includeSubDomains; preload +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.081754 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/secure_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/secure_d-bis_org_https_headers.txt new file mode 100644 index 0000000..41b8373 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/secure_d-bis_org_https_headers.txt @@ -0,0 +1,18 @@ +HTTP/2 502 +date: Wed, 04 Mar 2026 09:29:55 GMT +content-type: text/html +content-length: 122 +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +3.088830 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/secure_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/secure_mim4u_org_https_headers.txt new file mode 100644 index 0000000..45ed966 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/secure_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Wed, 04 Mar 2026 09:29:47 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/studio_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/studio_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..bdb2ef5 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/studio_sankofa_nexus_https_headers.txt @@ -0,0 +1,13 @@ +HTTP/2 404 +date: Wed, 04 Mar 2026 09:29:32 GMT +content-type: application/json +vary: Accept-Encoding +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +cf-cache-status: DYNAMIC +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=uqhaVEPh1X%2BCjhKDlY0e9JNL8WRxayXPVCn8P0etfQwWxvftYVfgjFKiPc2BP6bgJpSEM3zjEuMG8nc5Vn3y2QvMX8UddWWVJgqTBwUbA7YJMOsK"}]} +server: cloudflare +cf-ray: 9d6fdb69fda5e9e1-LAX +alt-svc: h3=":443"; ma=86400 + + +0.137508 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/the-order_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/the-order_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..c6ef2bd --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/the-order_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Wed, 04 Mar 2026 09:29:43 GMT +content-type: text/html +content-length: 60718 +vary: Accept-Encoding +last-modified: Sun, 01 Mar 2026 19:27:01 GMT +etag: "69a49305-ed2e" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/training_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/training_mim4u_org_https_headers.txt new file mode 100644 index 0000000..10efc7f --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/training_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Wed, 04 Mar 2026 09:29:48 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/verification_report.md b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/verification_report.md new file mode 100644 index 0000000..69bf524 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/verification_report.md @@ -0,0 +1,321 @@ +# End-to-End Routing Verification Report + +**Date**: 2026-03-04T01:30:01-08:00 +**Public IP**: 76.53.10.36 +**Verifier**: intlc + +## Summary + +- **Total domains tested**: 41 +- **DNS tests passed**: 41 +- **HTTPS tests passed**: 14 +- **Failed tests**: 6 +- **Skipped / optional (not configured or unreachable)**: 0 +- **Average response time**: 0.6222375454545455s + +## Test Results by Domain + + +### ws.rpc-fireblocks.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### dbis-admin.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: warn +- Details: See `all_e2e_results.json` + +### rpc-alltra-3.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: fail +- Details: See `all_e2e_results.json` + +### mifos.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: warn +- Details: See `all_e2e_results.json` + +### rpc-hybx-2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: fail +- Details: See `all_e2e_results.json` + +### cacti-hybx.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: warn +- Details: See `all_e2e_results.json` + +### sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: fail +- Details: See `all_e2e_results.json` + +### rpc-http-pub.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc.public-0138.defi-oracle.io +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### studio.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: warn +- Details: See `all_e2e_results.json` + +### dbis-api.d-bis.org +- Type: api +- DNS: pass +- SSL: pass +- HTTPS: warn +- Details: See `all_e2e_results.json` + +### rpc-hybx-3.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: fail +- Details: See `all_e2e_results.json` + +### rpc.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### dapp.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### ws.rpc.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### phoenix.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### wss.defi-oracle.io +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### the-order.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-ws-pub.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### dev.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra-2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: fail +- Details: See `all_e2e_results.json` + +### rpc-http-prv.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### www.phoenix.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### gitea.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### secure.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-fireblocks.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### training.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### explorer.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Blockscout API: pass +- Details: See `all_e2e_results.json` + +### dbis-api-2.d-bis.org +- Type: api +- DNS: pass +- SSL: pass +- HTTPS: warn +- Details: See `all_e2e_results.json` + +### secure.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: warn +- Details: See `all_e2e_results.json` + +### rpc-hybx.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: fail +- Details: See `all_e2e_results.json` + +### codespaces.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc.defi-oracle.io +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-ws-prv.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### cacti-alltra.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: warn +- Details: See `all_e2e_results.json` + +### ws.rpc2.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +## Files Generated + +- `all_e2e_results.json` - Complete E2E test results +- `*_https_headers.txt` - HTTP response headers per domain +- `*_rpc_response.txt` - RPC response per domain +- `verification_report.md` - This report + +## Notes + +- **Optional domains:** Domains in `E2E_OPTIONAL_WHEN_FAIL` (default: many d-bis.org/sankofa/mim4u/rpc) have any fail treated as skip so the run passes when off-LAN or services unreachable. Set `E2E_OPTIONAL_WHEN_FAIL=` (empty) for strict mode. +- WebSocket tests require `wscat` tool: `npm install -g wscat` +- Internal connectivity tests require access to NPMplus container +- Explorer (explorer.d-bis.org): optional Blockscout API check; use `SKIP_BLOCKSCOUT_API=1` to skip when backend is unreachable (e.g. off-LAN). Fix runbook: docs/03-deployment/BLOCKSCOUT_FIX_RUNBOOK.md + +## Next Steps + +1. Review test results for each domain +2. Investigate any failed tests +3. Test WebSocket connections for RPC WS domains (if wscat available) +4. Test internal connectivity from NPMplus container +5. Update source-of-truth JSON after verification diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/www_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/www_mim4u_org_https_headers.txt new file mode 100644 index 0000000..8ffa4a9 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/www_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Wed, 04 Mar 2026 09:29:40 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/www_phoenix_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/www_phoenix_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..12393bb --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/www_phoenix_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Wed, 04 Mar 2026 09:29:47 GMT +content-type: text/html +content-length: 60718 +vary: Accept-Encoding +last-modified: Sun, 01 Mar 2026 19:27:01 GMT +etag: "69a49305-ed2e" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/www_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/www_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..99c1269 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/www_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Wed, 04 Mar 2026 09:29:37 GMT +content-type: text/html +content-length: 60718 +vary: Accept-Encoding +last-modified: Sun, 01 Mar 2026 19:27:01 GMT +etag: "69a49305-ed2e" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests diff --git a/docs/04-configuration/verification-evidence/rpc-502-diagnostics-20260304-012058.txt b/docs/04-configuration/verification-evidence/rpc-502-diagnostics-20260304-012058.txt new file mode 100644 index 0000000..b9056d0 --- /dev/null +++ b/docs/04-configuration/verification-evidence/rpc-502-diagnostics-20260304-012058.txt @@ -0,0 +1,4 @@ +============================================== +RPC 502 diagnostics — 2026-03-04T01:20:58-08:00 +============================================== + diff --git a/docs/04-configuration/verification-evidence/udm-pro-verification-20260302_173131/internal_http_test.txt b/docs/04-configuration/verification-evidence/udm-pro-verification-20260302_173131/internal_http_test.txt new file mode 100644 index 0000000..e69de29 diff --git a/docs/04-configuration/verification-evidence/udm-pro-verification-20260302_173131/internal_https_test.txt b/docs/04-configuration/verification-evidence/udm-pro-verification-20260302_173131/internal_https_test.txt new file mode 100644 index 0000000..e69de29 diff --git a/docs/04-configuration/verification-evidence/udm-pro-verification-20260302_173131/public_http_test.txt b/docs/04-configuration/verification-evidence/udm-pro-verification-20260302_173131/public_http_test.txt new file mode 100644 index 0000000..e69de29 diff --git a/docs/04-configuration/verification-evidence/udm-pro-verification-20260302_173131/public_https_test.txt b/docs/04-configuration/verification-evidence/udm-pro-verification-20260302_173131/public_https_test.txt new file mode 100644 index 0000000..e69de29 diff --git a/docs/04-configuration/verification-evidence/udm-pro-verification-20260302_173131/verification_report.md b/docs/04-configuration/verification-evidence/udm-pro-verification-20260302_173131/verification_report.md new file mode 100644 index 0000000..c4edc97 --- /dev/null +++ b/docs/04-configuration/verification-evidence/udm-pro-verification-20260302_173131/verification_report.md @@ -0,0 +1,98 @@ +# UDM Pro Port Forwarding Verification Report + +**Date**: 2026-03-02T17:48:30-08:00 +**Verifier**: intlc + +## Expected Configuration + +| Rule | Public IP:Port | Internal IP:Port | Protocol | +|------|----------------|------------------|----------| +| NPMplus HTTPS | 76.53.10.36:443 | 192.168.11.167:443 | TCP | +| NPMplus HTTP | 76.53.10.36:80 | 192.168.11.167:80 | TCP | + +## Test Results + +| Test | Result | Details | +|------|--------|---------| +| Internal HTTP | ❌ Fail | Connection to 192.168.11.167:80 | +| Internal HTTPS | ❌ Fail | Connection to 192.168.11.167:443 | +| Public HTTP | ⚠️ Cannot test from internal | Connection to 76.53.10.36:80 | +| Public HTTPS | ⚠️ Cannot test from internal | Connection to 76.53.10.36:443 | + +## Manual Verification Steps + +Since UDM Pro doesn't have a public API for port forwarding configuration, manual verification is required: + +### Step 1: Access UDM Pro Web Interface + +1. Open web browser +2. Navigate to UDM Pro web interface (typically `https://192.168.0.1` or your UDM Pro IP) +3. Log in with admin credentials + +### Step 2: Navigate to Port Forwarding + +1. Click **Settings** (gear icon) +2. Go to **Firewall & Security** (or **Networks**) +3. Click **Port Forwarding** (or **Port Forwarding Rules**) + +### Step 3: Verify Rules + +Verify the following rules exist: + +**Rule 1: NPMplus HTTPS** +- Name: NPMplus HTTPS (or similar) +- Source: Any (or specific IP if configured) +- Destination IP: **76.53.10.36** +- Destination Port: **443** +- Forward to IP: **192.168.11.167** +- Forward to Port: **443** +- Protocol: **TCP** +- Interface: WAN + +**Rule 2: NPMplus HTTP** +- Name: NPMplus HTTP (or similar) +- Source: Any (or specific IP if configured) +- Destination IP: **76.53.10.36** +- Destination Port: **80** +- Forward to IP: **192.168.11.167** +- Forward to Port: **80** +- Protocol: **TCP** +- Interface: WAN + +### Step 4: Capture Evidence + +1. Take screenshot of port forwarding rules page +2. Save screenshot as: `/home/intlc/projects/proxmox/docs/04-configuration/verification-evidence/udm-pro-verification-20260302_173131/udm-pro-port-forwarding-screenshot.png` +3. Export UDM Pro config (if available): Settings → Maintenance → Download Backup + +## Troubleshooting + +### Internal connectivity fails + +- Verify NPMplus container is running: `pct status 10233` +- Verify NPMplus is listening on ports 80/443 +- Check firewall rules on Proxmox host +- Verify NPMplus IP address is correct + +### Public IP not reachable + +- Verify UDM Pro WAN IP matches 76.53.10.36 +- Check UDM Pro firewall rules (allow inbound traffic) +- Verify port forwarding rules are enabled +- Check ISP firewall/blocking + +## Files Generated + +- `verification_results.json` - Test results and expected configuration +- `internal_http_test.txt` - Internal HTTP test output +- `internal_https_test.txt` - Internal HTTPS test output +- `public_http_test.txt` - Public HTTP test output (if accessible) +- `public_https_test.txt` - Public HTTPS test output (if accessible) +- `verification_report.md` - This report + +## Next Steps + +1. Complete manual verification via UDM Pro web UI +2. Take screenshots of port forwarding rules +3. Update verification_results.json with manual verification status +4. Update source-of-truth JSON after verification diff --git a/docs/04-configuration/verification-evidence/udm-pro-verification-20260302_173131/verification_results.json b/docs/04-configuration/verification-evidence/udm-pro-verification-20260302_173131/verification_results.json new file mode 100644 index 0000000..b92c45c --- /dev/null +++ b/docs/04-configuration/verification-evidence/udm-pro-verification-20260302_173131/verification_results.json @@ -0,0 +1,37 @@ +{ + "timestamp": "2026-03-02T17:48:30-08:00", + "verifier": "intlc", + "expected_configuration": { + "public_ip": "76.53.10.36", + "npmplus_internal_ip": "192.168.11.167", + "port_forwarding_rules": [ + { + "name": "NPMplus HTTPS", + "public_ip": "76.53.10.36", + "public_port": 443, + "internal_ip": "192.168.11.167", + "internal_port": 443, + "protocol": "TCP", + "status": "documented", + "verified_at": "2026-03-02T17:48:30-08:00" + }, + { + "name": "NPMplus HTTP", + "public_ip": "76.53.10.36", + "public_port": 80, + "internal_ip": "192.168.11.167", + "internal_port": 80, + "protocol": "TCP", + "status": "documented", + "verified_at": "2026-03-02T17:48:30-08:00" + } + ] + }, + "test_results": { + "internal_http": false, + "internal_https": false, + "public_http": false, + "public_https": false + }, + "note": "UDM Pro port forwarding requires manual verification via web UI" +} diff --git a/docs/05-network/EXPLORER_PUBLIC_URL_UNREACHABLE_FIX.md b/docs/05-network/EXPLORER_PUBLIC_URL_UNREACHABLE_FIX.md new file mode 100644 index 0000000..92115a5 --- /dev/null +++ b/docs/05-network/EXPLORER_PUBLIC_URL_UNREACHABLE_FIX.md @@ -0,0 +1,106 @@ +# Explorer public URL unreachable — DNS and connectivity fix + +**Issue:** `https://explorer.d-bis.org/` returns timeout (000) from some hosts. +**Diagnosis (2026-03-02):** DNS is correct; failure is **connectivity** to the WAN IP or NPMplus from the client. + +--- + +## 1. What we know + +| Check | Result | +|-------|--------| +| **DNS** | `explorer.d-bis.org` → **76.53.10.36** ✓ (dig, getent) | +| **Backend** | **192.168.11.140:443** with `Host: explorer.d-bis.org` → **200** ✓ | +| **Curl to 76.53.10.36:443** | **Timeout** (from LAN host 192.168.11.23) | +| **Curl to 192.168.11.167:443** (NPMplus) | **000** / timeout (from same LAN host) | + +So the problem is **not** DNS and **not** the explorer backend. It is **reaching** either the UDM Pro WAN IP (76.53.10.36) or NPMplus (192.168.11.167) on port 443 from the client. + +--- + +## 2. Likely causes + +### A. NAT hairpin (LAN client → WAN IP) + +If the **client is on the same LAN** (e.g. 192.168.11.x): + +- Traffic to **76.53.10.36** goes to the **UDM Pro** (gateway). +- Port forward is: **76.53.10.36:80/443** → **192.168.11.167:80/443** (NPMplus). +- Many routers **do not support NAT hairpin** (NAT loopback): traffic from LAN → WAN IP is not translated back to the forwarded host. Result: **timeout** or no route. + +**Fix options:** + +1. **Enable NAT hairpin / loopback** on UDM Pro if available: + Settings → Firewall & Security (or Routing) → enable “NAT loopback” / “Hairpin NAT” so that traffic from LAN to 76.53.10.36 is forwarded to 192.168.11.167. +2. **Use direct backend for LAN testing:** + `curl -sk -H "Host: explorer.d-bis.org" https://192.168.11.140:443/` (or use a **hosts** entry; see below). +3. **Hosts file (LAN only):** On machines that need to use the domain from LAN, point the domain at NPMplus or the backend so you don’t go through the WAN IP: + - `192.168.11.167 explorer.d-bis.org` (hit NPMplus directly), or + - `192.168.11.140 explorer.d-bis.org` (hit explorer backend directly; only if you’re okay bypassing NPMplus). + +### B. UDM Pro port forward + +- Confirm **76.53.10.36** is the correct WAN IP (or the IP used in DNS for explorer.d-bis.org). +- Confirm **two** port-forward rules: + - **76.53.10.36:80** → **192.168.11.167:80** (TCP) + - **76.53.10.36:443** → **192.168.11.167:443** (TCP) +- If NPMplus runs on **192.168.11.166** and .167 is a VIP, ensure the forward points to the IP where NPMplus actually listens (often .167 as the floating VIP). + +### C. NPMplus / firewall + +- From a host that **can** reach 192.168.11.0/24 (e.g. Proxmox or another VM): + - `curl -sk -H "Host: explorer.d-bis.org" https://192.168.11.167:443/` + - `curl -sk -H "Host: explorer.d-bis.org" https://192.168.11.166:443/` +- If these fail, check: + - NPMplus (and any reverse proxy) is listening on **0.0.0.0:443** (not only 127.0.0.1). + - Firewall on the NPMplus host (and Proxmox host) allows **inbound 443** from the LAN (and from the UDM Pro for WAN-originated traffic). + +### D. Cloudflare Tunnel (if used) + +- If explorer.d-bis.org is **not** using “DNS only” and instead uses a **Cloudflare Tunnel** (CNAME to `*.cfargotunnel.com`), then: + - DNS would resolve to **Cloudflare IPs**, not 76.53.10.36. + - Failure would be tunnel/origin, not UDM Pro port forward. +- Current design in docs: **A record 76.53.10.36, DNS only** (no proxy). So if dig shows 76.53.10.36, tunnel is not in the path; if dig shows Cloudflare IPs, follow the tunnel runbook and check tunnel status and origin URL (e.g. https://192.168.11.167:443 or https://192.168.11.140:443). + +--- + +## 3. Quick fix for LAN clients (hosts file) + +On machines that must use the domain name from the LAN (and where hairpin is not available or not desired): + +```text +# Option A: point domain at NPMplus (recommended if NPMplus is reachable on LAN) +192.168.11.167 explorer.d-bis.org + +# Option B: point domain at explorer backend (bypasses NPMplus) +192.168.11.140 explorer.d-bis.org +``` + +- **Linux:** `echo '192.168.11.167 explorer.d-bis.org' | sudo tee -a /etc/hosts` +- **Windows:** Add line to `C:\Windows\System32\drivers\etc\hosts` (as Admin). + +Then `curl -sk https://explorer.d-bis.org/` will use the IP in hosts and no longer depend on 76.53.10.36 or hairpin. + +--- + +## 4. Verify from external network + +To confirm the **public** path (DNS + UDM Pro + NPMplus) without LAN/hairpin: + +- From a device **off the LAN** (e.g. phone on cellular, or another network): + `curl -sI https://explorer.d-bis.org/` +- If that returns **200/301/302**, the issue is **only** when calling from inside the LAN (hairpin or firewall). If it also fails, the problem is port forward, NPMplus, or firewall for WAN-originated traffic. + +--- + +## 5. Summary + +| Item | Status | +|------|--------| +| DNS | OK (explorer.d-bis.org → 76.53.10.36) | +| Explorer backend | OK (192.168.11.140:443 with Host header) | +| Public URL from LAN | Fails: timeout to 76.53.10.36 or NPMplus | +| Likely cause | NAT hairpin and/or firewall; possibly NPMplus not reachable on .167/.166:443 from this LAN segment | +| Fix | Enable hairpin on UDM Pro and/or use hosts file for LAN; verify port forward and NPMplus listen/firewall; test from external network | + +Related: [INGRESS_VERIFICATION_RUNBOOK.md](../04-configuration/INGRESS_VERIFICATION_RUNBOOK.md), [DNS_NPMPLUS_VM_COMPREHENSIVE_ARCHITECTURE.md](../04-configuration/DNS_NPMPLUS_VM_COMPREHENSIVE_ARCHITECTURE.md). diff --git a/docs/05-network/FIX_ALL_ISSUES_RUNBOOK.md b/docs/05-network/FIX_ALL_ISSUES_RUNBOOK.md new file mode 100644 index 0000000..39e137f --- /dev/null +++ b/docs/05-network/FIX_ALL_ISSUES_RUNBOOK.md @@ -0,0 +1,88 @@ +# Fix All Issues — Single Runbook + +**Purpose:** One place to fix explorer public URL timeout and other documented issues. +**References:** [EXPLORER_PUBLIC_URL_UNREACHABLE_FIX.md](EXPLORER_PUBLIC_URL_UNREACHABLE_FIX.md), [FIXES_PREPARED.md](../04-configuration/FIXES_PREPARED.md), [FULL_FIXES_PREPARED.md](../04-configuration/FULL_FIXES_PREPARED.md). + +--- + +## 1. Explorer public URL timeout (ERR_CONNECTION_TIMED_OUT) + +**Symptom:** Browser shows "explorer.d-bis.org took too long to respond" / ERR_CONNECTION_TIMED_OUT. + +### 1a. This machine (ASERET / Linux WSL) + +- **Already done:** `/etc/hosts` contains `192.168.11.140 explorer.d-bis.org` — curl and Linux tools use the backend directly. +- **If you removed it:** + `echo '192.168.11.140 explorer.d-bis.org' | sudo tee -a /etc/hosts` + +### 1b. Windows (same PC — browser uses Windows hosts) + +So that **Chrome/Edge on Windows** can reach the explorer: + +1. Open Notepad **as Administrator**. +2. Open file: `C:\Windows\System32\drivers\etc\hosts` +3. Add a line: `192.168.11.140 explorer.d-bis.org` +4. Save. Flush DNS: open CMD as Admin → `ipconfig /flushdns` +5. Reload https://explorer.d-bis.org/ in the browser. + +### 1c. Fix for all LAN clients (no hosts on each machine) + +On **UDM Pro**: enable **NAT loopback** (hairpin) so traffic from LAN to 76.53.10.36 is forwarded to 192.168.11.167. + +- UniFi Network → Settings → Firewall & Security (or Routing) → enable **NAT loopback** / **Hairpin NAT** if available. +- Then any device on the LAN can use https://explorer.d-bis.org without a hosts entry. + +### 1d. External access (from internet) + +Confirm **UDM Pro** port forward: + +- **76.53.10.36:80** → **192.168.11.167:80** (TCP) +- **76.53.10.36:443** → **192.168.11.167:443** (TCP) + +Test from a device **off the LAN** (e.g. phone on cellular): `https://explorer.d-bis.org/` → should return 200. + +--- + +## 2. Other required fixes (from FIXES_PREPARED / FULL_FIXES_PREPARED) + +| Item | Action | Doc | +|------|--------|-----| +| UDM Pro port forward (Alltra/HYBX) | Manual: 76.53.10.38 → 192.168.11.169 (80, 81, 443) | [FIXES_PREPARED.md §1](../04-configuration/FIXES_PREPARED.md#1-udm-pro-port-forward-alltrahybx) | +| Alltra/HYBX 502 | Verify backends (2500–2502, 2503–2505, 5201, 5202); fix NPMplus or deploy | [FIXES_PREPARED.md §2](../04-configuration/FIXES_PREPARED.md#2-alltrahybx-502-failures-required) | +| Validators / block production | Run validator fix; ensure 4/5 active | [FULL_FIXES_PREPARED.md §1](../04-configuration/FULL_FIXES_PREPARED.md) | +| Stuck tx / Sentry / RPC nodes | Per FULL_FIXES_PREPARED §§2–4 | [FULL_FIXES_PREPARED.md](../04-configuration/FULL_FIXES_PREPARED.md) | + +--- + +## 3. Optional fixes (scripts from project root) + +From repo root (`/home/intlc/projects/proxmox`): + +```bash +# NPMplus certs (remaining Alltra/HYBX) +FIRST_ONLY=1 NPM_URL=https://192.168.11.167:81 bash scripts/request-npmplus-certificates.sh +NPM_URL=https://192.168.11.167:81 bash scripts/request-npmplus-certificates.sh + +# Explorer SSL +# NPMplus UI → Proxy Hosts → explorer.d-bis.org → SSL tab → request/renew + +# Env permissions +bash scripts/security/secure-env-permissions.sh + +# Shellcheck (optional) +bash scripts/verify/run-shellcheck.sh --optional + +# Full verification +bash scripts/verify/run-full-verification.sh +``` + +--- + +## 4. Quick checklist + +- [ ] **Explorer from this machine:** hosts entry present → curl https://explorer.d-bis.org/ returns 200 +- [ ] **Explorer from Windows browser:** Windows hosts has `192.168.11.140 explorer.d-bis.org` (or use UDM Pro hairpin) +- [ ] **Explorer from all LAN:** UDM Pro NAT loopback enabled (optional) +- [ ] **Explorer from internet:** UDM Pro 76.53.10.36:80/443 → 192.168.11.167 +- [ ] **Other required:** Alltra/HYBX port forward and 502 fixes per FIXES_PREPARED / FULL_FIXES_PREPARED +- [ ] **Optional:** NPMplus certs, Explorer SSL, env permissions, shellcheck, full verification diff --git a/docs/05-network/README.md b/docs/05-network/README.md index 515f7c4..35845c8 100644 --- a/docs/05-network/README.md +++ b/docs/05-network/README.md @@ -16,6 +16,8 @@ This directory contains network infrastructure documentation. - **[EDGE_PORT_VERIFICATION_RUNBOOK.md](EDGE_PORT_VERIFICATION_RUNBOOK.md)** ⭐⭐ - Verify 76.53.10.36:80/443 from internet - **[E2E_CLOUDFLARE_DOMAINS_RUNBOOK.md](E2E_CLOUDFLARE_DOMAINS_RUNBOOK.md)** ⭐⭐⭐ - E2E for all Cloudflare domains (ACCEPT_ANY_DNS=1 when Option B) - **[E2E_RPC_EDGE_LIMITATION.md](E2E_RPC_EDGE_LIMITATION.md)** - When edge blocks RPC POST; Option B / ACCEPT_ANY_DNS +- **[EXPLORER_PUBLIC_URL_UNREACHABLE_FIX.md](EXPLORER_PUBLIC_URL_UNREACHABLE_FIX.md)** - explorer.d-bis.org timeout: DNS vs NAT hairpin / tunnel / port forward +- **[FIX_ALL_ISSUES_RUNBOOK.md](FIX_ALL_ISSUES_RUNBOOK.md)** - Single runbook: explorer timeout (hosts, hairpin), required/optional fixes, script - **[NETWORK_STATUS.md](NETWORK_STATUS.md)** ⭐⭐ - Current network status and configuration - **[NGINX_ARCHITECTURE_RPC.md](NGINX_ARCHITECTURE_RPC.md)** ⭐ - NGINX RPC architecture - **[CLOUDFLARE_NGINX_INTEGRATION.md](CLOUDFLARE_NGINX_INTEGRATION.md)** ⭐ - Cloudflare + NGINX integration diff --git a/docs/06-besu/CRITICAL_ISSUE_BLOCK_PRODUCTION_STOPPED.md b/docs/06-besu/CRITICAL_ISSUE_BLOCK_PRODUCTION_STOPPED.md index 334fb09..87eaecd 100644 --- a/docs/06-besu/CRITICAL_ISSUE_BLOCK_PRODUCTION_STOPPED.md +++ b/docs/06-besu/CRITICAL_ISSUE_BLOCK_PRODUCTION_STOPPED.md @@ -1,18 +1,29 @@ # CRITICAL ISSUE: Block Production Stopped -**Last Updated:** 2026-02-27 -**Document Version:** 1.1 +**Last Updated:** 2026-03-04 +**Document Version:** 1.2 **Status:** Active Documentation --- +## 🔧 Fix: Staggered validator restart (recommended when all 5 at head but no new blocks) + +If **all 5 validators are active** and at chain head but **no new blocks** (e.g. after a full tx-pool clear): + +- **Action:** Restart validators **one at a time**: + `./scripts/maintenance/fix-block-production-staggered-restart.sh` + Then run `./scripts/monitoring/monitor-blockchain-health.sh` until blocks advance. +- **Runbook:** [FIX_BLOCK_PRODUCTION_RUNBOOK.md](FIX_BLOCK_PRODUCTION_RUNBOOK.md) + +--- + ## ✅ Validators syncing (common after restart) If **all 5 validators are active** but the health monitor reports **Block production stalled** and **Transactions not being included**: - **Cause:** Validators are in **full sync**. QBFT does not produce blocks until initial sync completes. - **Logs:** `journalctl -u besu-validator -n 50` shows "Full sync", "QBFT mining coordinator not starting while initial sync in progress", or "Starting full sync". -- **Action:** Wait for sync to complete (can take 10–60+ minutes for 2M+ blocks). Then block production and transaction inclusion resume automatically. +- **Action:** Wait for sync to complete (can take 10–60+ minutes for 2M+ blocks). Or run **staggered restart** (above) so only one node syncs at a time. Then block production and transaction inclusion resume automatically. - **Check:** Run `./scripts/monitoring/monitor-blockchain-health.sh` periodically; when blocks advance in the 5s window, sync has finished. --- diff --git a/docs/06-besu/FIX_BLOCK_PRODUCTION_RUNBOOK.md b/docs/06-besu/FIX_BLOCK_PRODUCTION_RUNBOOK.md new file mode 100644 index 0000000..2b4c1e6 --- /dev/null +++ b/docs/06-besu/FIX_BLOCK_PRODUCTION_RUNBOOK.md @@ -0,0 +1,97 @@ +# Fix Block Production — Runbook + +**Last Updated:** 2026-03-04 +**When:** Block production is stalled on Chain 138 (no new blocks; validators active). + +--- + +## 1. Confirm the problem + +```bash +# Block not advancing (run twice, 10s apart) +cast block-number --rpc-url http://192.168.11.211:8545 +sleep 10 +cast block-number --rpc-url http://192.168.11.211:8545 +# If same → stalled +``` + +```bash +./scripts/monitoring/monitor-blockchain-health.sh +# Look for: "Block production stalled (no new blocks in 5s)" +``` + +--- + +## 2. Check validator status and height + +All 5 validators (1000–1004) must be **active** and ideally at **chain head**: + +```bash +# Service status (from repo root) +for spec in "1000:192.168.11.11" "1001:192.168.11.11" "1002:192.168.11.11" "1003:192.168.11.10" "1004:192.168.11.10"; do + IFS=: read -r vmid host <<< "$spec" + s=$(ssh -o ConnectTimeout=6 root@"$host" "pct exec $vmid -- systemctl is-active besu-validator 2>/dev/null" || echo "?") + echo "Validator $vmid: $s" +done +``` + +Optional: check block height per validator (metrics on port 9545): + +```bash +ssh root@192.168.11.11 "pct exec 1000 -- curl -s -m 4 http://127.0.0.1:9545/metrics" | grep -E '^ethereum_best_known_block_number |^besu_blockchain_difficulty_total ' +# Should be ~2547803 (chain head) +``` + +--- + +## 3. Apply fix: staggered restart + +Restart validators **one at a time** so the rest stay at head and the restarted node syncs quickly. This preserves quorum and avoids "everyone in full sync." + +```bash +cd /home/intlc/projects/proxmox +./scripts/maintenance/fix-block-production-staggered-restart.sh +``` + +- **Dry run:** `./scripts/maintenance/fix-block-production-staggered-restart.sh --dry-run` +- **Duration:** ~7–8 minutes (90s wait between each of 5 restarts + final 30s). +- **Order:** 1004 → 1003 → 1002 → 1001 → 1000 (ML110 first, then R630-01). + +--- + +## 4. Verify block production + +```bash +./scripts/monitoring/monitor-blockchain-health.sh +# Expect: "Block production" advancing (block diff > 0 in 5s window) +``` + +Or: + +```bash +watch -n 5 'cast block-number --rpc-url http://192.168.11.211:8545' +# Block number should increase every ~2s (genesis blockperiodseconds=2) +``` + +--- + +## 5. If still stalled + +1. **Validator peer count:** Validators must peer with each other. On a validator: + `pct exec -- curl -s http://127.0.0.1:9545/metrics | grep besu_peers_connected_total` + Should be several (e.g. 4+). If 0, check static-nodes / permissions and P2P ports (30303). +2. **Check validator logs** for QBFT/consensus errors: + ```bash + ssh root@192.168.11.11 "pct exec 1000 -- journalctl -u besu-validator -n 100 --no-pager" | grep -iE 'qbft|consensus|propos|round|error' + ``` +2. **Check time sync:** QBFT is time-based; ensure NTP on all Proxmox hosts and containers. +3. **Enable INFO logging** (see [CRITICAL_ISSUE_BLOCK_PRODUCTION_STOPPED.md](CRITICAL_ISSUE_BLOCK_PRODUCTION_STOPPED.md) § Enable Verbose Logging) and restart one validator; watch logs for round/proposal messages. +4. **Genesis:** Confirm `config.qbft.blockperiodseconds` (e.g. 2) and validator set in genesis match running nodes. + +--- + +## References + +- [CRITICAL_ISSUE_BLOCK_PRODUCTION_STOPPED.md](CRITICAL_ISSUE_BLOCK_PRODUCTION_STOPPED.md) +- [SOLUTION_QUORUM_LOSS.md](SOLUTION_QUORUM_LOSS.md) — if fewer than 4/5 validators are running +- Script: `scripts/maintenance/fix-block-production-staggered-restart.sh` diff --git a/docs/09-troubleshooting/RPC_ERRORS_32001_32602.md b/docs/09-troubleshooting/RPC_ERRORS_32001_32602.md new file mode 100644 index 0000000..0dcfd97 --- /dev/null +++ b/docs/09-troubleshooting/RPC_ERRORS_32001_32602.md @@ -0,0 +1,117 @@ +# Preventing RPC Errors -32001, -32602, and Gas-Related 32xxx + +**Purpose:** How to avoid and fix common JSON-RPC errors when deploying or sending transactions to Chain 138: **-32001 (Nonce too low)**, **-32602 (Invalid params)**, and **gas-related -32xxx** (e.g. -32000 execution reverted / out of gas). + +--- + +## Gas-related -32xxx (e.g. -32000) when deploying + +**Meaning:** The node rejected the transaction due to **gas**: execution reverted, **out of gas**, or **gas estimation failed**. Error code is often **-32000** (generic) or **-32602** (when the failure happens inside `eth_estimateGas`). + +### Causes + +1. **Gas estimate too low** + Forge uses `eth_estimateGas` and multiplies by 130% by default. On some nodes or for heavy contracts that can still be too low, so the broadcast tx runs out of gas. + +2. **Insufficient balance for gas** + Deployer doesn’t have enough native ETH to pay for (estimate × gas price). + +3. **RPC returns bad estimate** + Some Besu/Chain 138 nodes return a low or failing `eth_estimateGas`, which then leads to a failed or reverted tx. + +### Prevention + +| What you do | How to prevent gas 32xxx | +|-------------|---------------------------| +| **Increase gas estimate multiplier** | Run `forge script` with `--gas-estimate-multiplier 150` or `200` so the broadcast uses 150% or 200% of the estimated gas (default is 130%). Example: `forge script ... --broadcast --with-gas-price 1000000000 --gas-estimate-multiplier 150`. | +| **Fund deployer** | Ensure deployer has enough native ETH on Chain 138. Preflight and `check-balances-gas-and-deploy.sh` check this. Recommended ≥ 0.006 ETH; 1–2 ETH for larger deploys. | +| **Use correct gas price** | Chain 138: use `--with-gas-price 1000000000` (1 gwei). So scripts don’t underpay and get rejected. | +| **Explicit gas limit (cast)** | For `cast send`, pass `--gas-limit ` to avoid relying on `eth_estimateGas` when that call is flaky (-32602). | + +### Fix when it happens + +1. **Retry with higher multiplier:** + `forge script ... --broadcast --with-gas-price 1000000000 --gas-estimate-multiplier 200` +2. **Check deployer balance:** + `cast balance $DEPLOYER --rpc-url $RPC_URL_138` + Fund the deployer if needed. +3. **If estimation keeps failing (-32602):** Use a script that doesn’t rely on estimation (e.g. `cast send` with explicit `--gas-limit`), or use a different RPC that supports `eth_estimateGas` correctly. + +--- + +## -32001: Nonce too low + +**Meaning:** The node rejected the transaction because the nonce you used is **lower** than the next expected nonce for that account (e.g. you used N but the chain already has or has pending txs with N and N+1). + +### Causes + +1. **Back-to-back txs in the same session** + You sent two transactions (e.g. two mints), then immediately ran a third (e.g. add-liquidity). The RPC may still return the old nonce when the broadcast runs, so the third tx is sent with an already-used nonce. + +2. **Stuck or pending transactions** + Earlier txs are stuck in the mempool; the next nonce the RPC returns is still the one already used by the stuck tx. + +3. **Multiple processes or scripts** + Two scripts (or two terminals) sending from the same account at once. + +### Prevention + +| What you do | How to prevent -32001 | +|-------------|------------------------| +| **Run preflight before deploy/script** | `./scripts/deployment/preflight-chain138-deploy.sh` — fails if pending nonce > latest (stuck txs). Fix with `./scripts/clear-all-transaction-pools.sh` then wait ~60s. | +| **Mint then add-liquidity in one script** | Use `./scripts/mint-for-liquidity.sh --add-liquidity`. It sets `NEXT_NONCE` from the **pending** nonce after mints so the add-liquidity broadcast uses the correct next nonce. | +| **Run Forge scripts after other txs** | Export the next nonce before `forge script`: `export NEXT_NONCE=$(cast nonce $DEPLOYER --rpc-url $RPC --block pending)` then run the script. Use scripts that support `NEXT_NONCE` (e.g. `AddLiquidityPMMPoolsChain138`, `DeployTransactionMirror`, `CreateCUSDTCUSDCPool`). | +| **Use deploy scripts that manage nonce** | `./scripts/deployment/deploy-transaction-mirror-and-pmm-pool-after-txpool-clear.sh` reads pending nonce and sets `NEXT_NONCE` for each broadcast. | + +### Fix when it happens + +1. **Check current nonce:** + `cast nonce --rpc-url $RPC_URL_138 --block pending` +2. **If stuck txs:** Run `./scripts/clear-all-transaction-pools.sh`, wait ~60s, then retry. +3. **Retry with explicit nonce:** + `NEXT_NONCE= forge script ... --broadcast ...` + (Only for scripts that support `NEXT_NONCE`; see above.) + +--- + +## -32602: Invalid params + +**Meaning:** The RPC server rejected the request because one or more parameters are invalid (wrong format, wrong chain, or unsupported). + +### Causes + +1. **Wrong RPC / wrong chain** + Using an RPC URL for a different chain (e.g. mainnet) when sending a Chain 138 transaction, or vice versa. + +2. **`eth_estimateGas` or other method returning -32602** + Some Besu/Chain 138 nodes return -32602 for certain calls (e.g. `eth_estimateGas` with a particular tx). Using an explicit gas limit avoids calling `eth_estimateGas`. + +3. **Malformed or missing env** + Typos in `.env` (e.g. `PRIVATE_KEYIT_ID`), or missing `RPC_URL_138` / `PRIVATE_KEY` so the client sends bad params. + +### Prevention + +| What you do | How to prevent -32602 | +|-------------|------------------------| +| **Use the correct RPC** | Chain 138: `RPC_URL_138` (Core), e.g. `http://192.168.11.211:8545`. Verify: `curl -s -X POST $RPC_URL_138 -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'` → `"result":"0x8a"`. | +| **Preflight** | `./scripts/deployment/preflight-chain138-deploy.sh` checks that the RPC returns chainId `0x8a` (138). | +| **Explicit gas limit** | For `cast send`, add `--gas-limit 200000` (or appropriate value) so the client does not call `eth_estimateGas`. Example: `cast send ... --gas-limit 200000`. | +| **Check env** | Run `./scripts/deployment/check-env-required.sh` (or preflight) and fix any missing/typo vars in `smom-dbis-138/.env`. | + +### Fix when it happens + +1. Confirm **RPC URL and chainId** (see above). +2. If the error occurs during **gas estimation**, retry with an explicit **`--gas-limit`** (and, for Forge, `--with-gas-limit` if supported). +3. Double-check **`.env`** and that the script is sourcing the correct file (`smom-dbis-138/.env` for deploy/Chain 138). + +--- + +## Quick checklist before sending Chain 138 transactions + +1. Run **preflight:** + `./scripts/deployment/preflight-chain138-deploy.sh` +2. If you **just sent other txs** from the same account (e.g. mints), use **`NEXT_NONCE`** or a script that sets it (e.g. `mint-for-liquidity.sh --add-liquidity`). +3. Use **Core RPC** for 138 (`RPC_URL_138`), and **explicit gas limit** where you’ve seen -32602 before. +4. For **deployments**, use **`--gas-estimate-multiplier 150`** (or 200) with `forge script ... --broadcast` to avoid gas-related -32xxx; ensure deployer has enough ETH for gas. + +See also: [CONTRACT_DEPLOYMENT_RUNBOOK.md](../03-deployment/CONTRACT_DEPLOYMENT_RUNBOOK.md), [DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md). diff --git a/docs/09-troubleshooting/TROUBLESHOOTING_FAQ.md b/docs/09-troubleshooting/TROUBLESHOOTING_FAQ.md index d9f749b..bbb2ef8 100644 --- a/docs/09-troubleshooting/TROUBLESHOOTING_FAQ.md +++ b/docs/09-troubleshooting/TROUBLESHOOTING_FAQ.md @@ -20,6 +20,7 @@ Common issues and solutions for Besu validated set deployment. 5. ✅ [Configuration Issues](#configuration-issues) - *Configuration troubleshooting* 6. ✅ [Performance Issues](#performance-issues) - *Performance troubleshooting* 7. ✅ [Additional Common Questions](#additional-common-questions) - *More FAQs* +8. [RPC errors -32001 / -32602 / gas 32xxx](RPC_ERRORS_32001_32602.md) - *Nonce too low, Invalid params, gas when deploying* --- diff --git a/docs/11-references/13_NODE_AND_ASSETS_BRING_ONLINE_CHECKLIST.md b/docs/11-references/13_NODE_AND_ASSETS_BRING_ONLINE_CHECKLIST.md new file mode 100644 index 0000000..8082cb5 --- /dev/null +++ b/docs/11-references/13_NODE_AND_ASSETS_BRING_ONLINE_CHECKLIST.md @@ -0,0 +1,125 @@ +# 13-node and full assets — bring-online checklist + +**Last updated:** 2026-03-03 +**Purpose:** Phased checklist to bring r630-03…r630-13, 3× R750, 2× Dell 7920, and second UDM Pro online and into the documented architecture. + +**Related:** [HARDWARE_INVENTORY_MASTER.md](HARDWARE_INVENTORY_MASTER.md) | [13_NODE_NETWORK_AND_CABLING_CHECKLIST.md](13_NODE_NETWORK_AND_CABLING_CHECKLIST.md) | [R630_03_04_POWER_ON_ISSUES_AND_FIXES.md](../../reports/R630_03_04_POWER_ON_ISSUES_AND_FIXES.md) + +--- + +## Overview + +| Asset | Count | IP range | Primary doc / notes | +|-------|-------|----------|---------------------| +| UDM Pro #2 | 1 | 192.168.11.2 | This checklist | +| R630 | 11 (03–13) | .13–.23 | r630-03/04: [R630_03_04_POWER_ON_ISSUES_AND_FIXES.md](../../reports/R630_03_04_POWER_ON_ISSUES_AND_FIXES.md); 05–13: generic steps below | +| GPU/AI tier (R750 or XE9680) | 3 or 2 | .24–.26 (R750) or .24–.25 (XE9680) | [XE9680_VS_R750_DECISION.md](XE9680_VS_R750_DECISION.md); this checklist Phase 3 | +| Dell 7920 | 2 | .30–.31 | This checklist | + +**Already online:** UDM Pro #1 (.1), r630-01 (.11), r630-02 (.12). **ML110 (.10):** Being repurposed to OPNsense/pfSense WAN aggregator; migrate all workloads off ml110 first (see [ML110_OPNSENSE_PFSENSE_WAN_AGGREGATOR.md](ML110_OPNSENSE_PFSENSE_WAN_AGGREGATOR.md)). After repurpose, cluster has 2 Proxmox nodes (r630-01, r630-02) until r630-03+ join. + +--- + +## Phase 0: Prep (no power-on) + +- [ ] **IP and DNS:** Reserve and document 192.168.11.2 (UDM Pro #2), .24–.26 (R750), .30–.31 (7920). Update `config/ip-addresses.conf` and internal DNS. +- [ ] **Cabling:** Complete 10G cabling per [13_NODE_NETWORK_AND_CABLING_CHECKLIST.md](13_NODE_NETWORK_AND_CABLING_CHECKLIST.md) (R630s and R750s to XG #1 / XG #2). +- [ ] **ML110 repurpose (OPNsense/pfSense):** Migrate all containers/VMs off ml110 to r630-01/r630-02; remove ml110 from cluster or reinstall. Install OPNsense or pfSense; add 8–12 GbE (6–10 WAN to Spectrum modems, 1–2 LAN to UDM Pros). See [ML110_OPNSENSE_PFSENSE_WAN_AGGREGATOR.md](ML110_OPNSENSE_PFSENSE_WAN_AGGREGATOR.md). +- [ ] **Second UDM Pro:** Decide role (cold standby, warm standby, or separate segment). Plan WAN/LAN ports; WAN uplink from ML110 after repurpose. + +--- + +## Phase 1: Second UDM Pro + +- [ ] Rack and power UDM Pro #2; connect 1G management to existing LAN. +- [ ] Assign static IP 192.168.11.2 (or DHCP reservation); ensure it does not conflict with gateway .1. +- [ ] If **standby:** Adopt in UniFi Controller; configure same LAN subnet and firewall rules; document failover procedure. +- [ ] If **separate segment:** Configure separate VLAN/subnet and document routing. +- [ ] Update [NETWORK_CONFIGURATION_MASTER.md](NETWORK_CONFIGURATION_MASTER.md) with UDM Pro #2 role and IP. + +--- + +## Phase 2: R630 nodes (r630-03 through r630-13) + +### 2.1 r630-03 and r630-04 (detailed fixes) + +Use the full issue list and fixes in **[R630_03_04_POWER_ON_ISSUES_AND_FIXES.md](../../reports/R630_03_04_POWER_ON_ISSUES_AND_FIXES.md)**. Summary: + +- [ ] **r630-03 (192.168.11.13):** Power on; fix cluster join, SSL certs (e.g. `pvecm updatecerts -f`), hostname in `/etc/hosts`, Proxmox services, firewall, and any storage/network issues per report. Run `./scripts/fix-ssl-certificate-error-596.sh 192.168.11.13` if needed. +- [ ] **r630-04 (192.168.11.14):** Same as r630-03 using the report; verify `pvecm status` and web UI https://192.168.11.14:8006. + +### 2.2 r630-05 through r630-13 (generic bring-online) + +For each node **r630-N** (IP 192.168.11.(10+N), N=5..13): + +- [ ] **Hardware:** Power on; verify 1G and 10G links (cabling checklist). Set hostname `r630-N` and management IP 192.168.11.(10+N). +- [ ] **Proxmox:** Install Proxmox VE (same major version as cluster) if not already installed; ensure `/etc/hosts` has `192.168.11.(10+N) r630-N`. +- [ ] **Cluster join:** On cluster master (e.g. r630-01 at 192.168.11.11, since ml110 is repurposed to OPNsense/pfSense), run `pvecm create join-info` (or get join info); on r630-N run `pvecm add `. Verify `pvecm status`. +- [ ] **SSL:** Run `pvecm updatecerts -f` if joining an existing cluster; restart `pveproxy pvedaemon`. +- [ ] **Firewall / hardening:** Apply project firewall and SSH key scripts (e.g. `scripts/security/run-security-on-proxmox-hosts.sh`); add new host to script list. +- [ ] **Document:** Add to `config/ip-addresses.conf`; update any runbooks that list cluster members. + +**Order suggestion:** Bring r630-03 and r630-04 online first (using the detailed report), then r630-05…r630-13 in sequence to avoid quorum issues; odd number of nodes (e.g. 5, 7, 13) keeps quorum simple. + +--- + +## Phase 3: GPU/AI tier (3× R750 or 2× XE9680) + +**Planned role:** GPU/AI (ML training, inference). See [XE9680_VS_R750_DECISION.md](XE9680_VS_R750_DECISION.md) for choosing 2× XE9680 vs 3× R750. + +**If using 3× R750:** +- [ ] **r750-01 (192.168.11.24):** Power on; connect 1G (mgmt) and 10G (to XG). Install Proxmox VE (or GPU stack); set hostname and IP; install GPUs (e.g. A6000, L40S); document GPU passthrough or container runtime. +- [ ] **r750-02 (192.168.11.25), r750-03 (192.168.11.26):** Same as r750-01. +- [ ] **Config:** Add `PROXMOX_HOST_R750_01`, `_02`, `_03` to `config/ip-addresses.conf`; update cabling checklist with port assignments. + +**If using 2× XE9680 instead:** Assign .24–.25 to the two nodes; connect 100G/200G to fabric (or 10G to XG for mgmt). Document in inventory as GPU tier (XE9680); bring-online steps similar (OS/stack install, GPU drivers, networking). + +- [ ] **Role:** Document GPU tier in architecture (R750 or XE9680); optional cluster join for Proxmox or standalone Kubernetes/ML stack. + +--- + +## Phase 4: Dell Precision 7920 workstations (2×) + +- [ ] **workstation-01 (192.168.11.30):** Power on; connect 1G to management LAN; set static IP .30 (or DHCP reservation). Install OS and tools (admin/dev); optional 10G to XG if needed for large data. +- [ ] **workstation-02 (192.168.11.31):** Same; IP .31. +- [ ] **Document:** Add to inventory and network diagram; no Proxmox cluster join (workstations are clients). + +--- + +## Phase 5: Post–bring-online + +- [ ] **Quorum:** Verify `pvecm status` on all Proxmox nodes; confirm majority quorum (e.g. 7 of 13 for 13-node). +- [ ] **Ceph (if applicable):** When adding R630/R750 to Ceph, follow [R630_13_NODE_DOD_HA_MASTER_PLAN.md](../02-architecture/R630_13_NODE_DOD_HA_MASTER_PLAN.md) Phase 2; add OSDs and configure cluster network on 10G. +- [ ] **HA and fencing:** Configure fence_pve or IPMI for new nodes; add to HA groups per master plan. +- [ ] **Automation:** Extend `scripts/security/run-security-on-proxmox-hosts.sh` and any backup/monitoring to include new host IPs. +- [ ] **Runbooks:** Update PROXMOX_LOAD_BALANCING_RUNBOOK and migration scripts to include r750-01..03 and all r630 nodes. + +--- + +## Quick reference — join cluster (generic) + +```bash +# On cluster master (r630-01; ml110 repurposed to OPNsense/pfSense) +ssh root@192.168.11.11 +pvecm status +# Get join info (one-time or per-node): +# pvecm create join-info # or use existing join info + +# On new node (e.g. r630-05 at 192.168.11.15) +ssh root@192.168.11.15 +# Ensure /etc/hosts: 192.168.11.15 r630-05 +pvecm add +pvecm updatecerts -f +systemctl restart pveproxy pvedaemon +# Verify +pvecm status +``` + +--- + +## References + +- [HARDWARE_INVENTORY_MASTER.md](HARDWARE_INVENTORY_MASTER.md) — full asset list (R630, R750, 7920, UDM Pro x2, XG x2). +- [13_NODE_NETWORK_AND_CABLING_CHECKLIST.md](13_NODE_NETWORK_AND_CABLING_CHECKLIST.md) — VLANs and XG port mapping. +- [R630_03_04_POWER_ON_ISSUES_AND_FIXES.md](../../reports/R630_03_04_POWER_ON_ISSUES_AND_FIXES.md) — detailed fixes for r630-03 and r630-04. +- [R630_13_NODE_DOD_HA_MASTER_PLAN.md](../02-architecture/R630_13_NODE_DOD_HA_MASTER_PLAN.md) — Ceph, HA, and phased implementation. diff --git a/docs/11-references/13_NODE_NETWORK_AND_CABLING_CHECKLIST.md b/docs/11-references/13_NODE_NETWORK_AND_CABLING_CHECKLIST.md new file mode 100644 index 0000000..4b703c7 --- /dev/null +++ b/docs/11-references/13_NODE_NETWORK_AND_CABLING_CHECKLIST.md @@ -0,0 +1,144 @@ +# 13-node + full inventory — network diagram and cabling checklist + +**Last updated:** 2026-03-03 +**Purpose:** VLANs, logical topology, and physical cabling for R630s, R750s, 7920 workstations, 2× UDM Pro, and 2× UniFi XG 10G switches. + +**Related:** [HARDWARE_INVENTORY_MASTER.md](HARDWARE_INVENTORY_MASTER.md) | [R630_13_NODE_DOD_HA_MASTER_PLAN.md](../02-architecture/R630_13_NODE_DOD_HA_MASTER_PLAN.md) + +--- + +## 1. Logical topology (high level) + +``` + [6–10 × Spectrum cable modems] (WAN) + │ + ▼ + [ML110 Gen9: OPNsense/pfSense] 8–12 GbE; multi-WAN → LAN + │ + ▼ + [UDM Pro #1] [UDM Pro #2] .1 (primary) .2 (HA) + │ │ + └──────┬───────┘ + │ 1G management (VLAN 11) + ┌──────┴──────┐ + │ MGMT LAN │ 192.168.11.0/24 + └──────┬──────┘ + │ + ┌───────────┼───────────┬────────────────┬─────────────────┐ + │ │ │ │ │ + [r630-01..13] [r750-01..03] [7920 x2] [NPMplus LXC, etc.] + .11–.23 .24–.26 .30–.31 (existing IPs) + │ │ + └───────────┴───────────────────────────────────────────── + │ + [UniFi XG #1] ←──→ [UniFi XG #2] (10G backbone) + 10G Ceph/VLAN 10G Ceph/VLAN + R630/R750 10G NICs connect to one or both XG switches +``` + +**ML110:** No longer a Proxmox host. ML110 Gen9 runs OPNsense/pfSense as WAN aggregator (8–12 GbE) between cable modems and UDM Pros. See [ML110_OPNSENSE_PFSENSE_WAN_AGGREGATOR.md](ML110_OPNSENSE_PFSENSE_WAN_AGGREGATOR.md). + +- **Management (1G):** All hosts and workstations use existing 1G LAN via UDM Pro; VLAN 11 (MGMT-LAN), 192.168.11.0/24. +- **10G backbone:** Dedicated for Ceph cluster network and inter-node traffic. R630s and R750s use 10G NICs to the XG switches; dual-attach (one link per switch) for HA. + +--- + +## 2. VLAN summary + +| VLAN / purpose | Subnet | Devices | Notes | +|---------------------|-------------------|----------------------------------------------|--------------------------| +| MGMT-LAN (11) | 192.168.11.0/24 | UDM Pro(s), Proxmox hosts, R750s, 7920s, LXC | Current production LAN | +| Ceph cluster (opt.) | e.g. 10.0.1.0/24 | R630/R750 10G interfaces only | Isolate storage traffic | +| Ceph public (opt.) | 192.168.11.0/24 | Same as management if not split | Or separate subnet | + +Ceph VLANs are optional; can run Ceph over management until a dedicated cluster network is defined. + +--- + +## 3. IP allocation summary + +| Asset | Count | IP range / example | Hostnames / role | +|-------------|-------|---------------------------|-------------------------| +| ML110 | 1 | .10 (LAN/mgmt after repurpose) | OPNsense/pfSense WAN aggregator (6–10 modems → UDM Pros) | +| UDM Pro | 2 | .1 (primary), .2 (second) | Gateway / HA; WAN from ML110 | +| R630 | 13 | .11–.23 | r630-01 … r630-13 (Proxmox) | +| R750 | 3 | .24–.26 | r750-01, r750-02, r750-03 | +| Dell 7920 | 2 | .30–.31 | workstation-01, -02 | +| Existing | — | .36–.251 (see NETWORK_CONFIGURATION_MASTER) | LXC, NPMplus, RPC, etc. | + +--- + +## 4. Cabling checklist — UniFi XG 10G switches (2×) + +**Assumption:** Each R630 and R750 has at least one 10G NIC (or dual 10G). 7920 workstations: 10G optional. + +### 4.1 Switch assignment + +| Switch | Role | Ports 1–16 | +|---------------|-------------------|------------| +| **UniFi XG #1** | Primary 10G spine | R630s, R750s, optional 7920, link to XG #2 | +| **UniFi XG #2** | Redundant 10G | Second 10G link from each node; link to XG #1 | + +### 4.2 R630 (13 nodes) — 10G ports + +| Node | IP (mgmt) | XG #1 port (suggested) | XG #2 port (suggested) | Notes | +|---------|-------------|-------------------------|-------------------------|---------| +| r630-01 | 192.168.11.11 | 1 | 1 | Already in use | +| r630-02 | 192.168.11.12 | 2 | 2 | Already in use | +| r630-03 | 192.168.11.13 | 3 | 3 | Power on and cable | +| r630-04 | 192.168.11.14 | 4 | 4 | Power on and cable | +| r630-05 | 192.168.11.15 | 5 | 5 | Bring online | +| r630-06 | 192.168.11.16 | 6 | 6 | Bring online | +| r630-07 | 192.168.11.17 | 7 | 7 | Bring online | +| r630-08 | 192.168.11.18 | 8 | 8 | Bring online | +| r630-09 | 192.168.11.19 | 9 | 9 | Bring online | +| r630-10 | 192.168.11.20 | 10 | 10 | Bring online | +| r630-11 | 192.168.11.21 | 11 | 11 | Bring online | +| r630-12 | 192.168.11.22 | 12 | 12 | Bring online | +| r630-13 | 192.168.11.23 | 13 | 13 | Bring online | + +**Note:** If a node has only one 10G NIC, cable to XG #1 only; add second NIC later for XG #2. + +### 4.3 R750 (3 nodes) — 10G ports + +| Node | IP (mgmt) | XG #1 port | XG #2 port | +|---------|-------------|------------|------------| +| r750-01 | 192.168.11.24 | 14 | 14 | +| r750-02 | 192.168.11.25 | 15 | 15 | +| r750-03 | 192.168.11.26 | 16 | 16 | + +### 4.4 Dell 7920 workstations (2) — optional 10G + +| Workstation | IP (mgmt) | 10G cable | +|-----------------|-------------|-----------------| +| workstation-01 | 192.168.11.30 | Optional: XG #1 port (spare) | +| workstation-02 | 192.168.11.31 | Optional: XG #1 port (spare) | + +### 4.5 Inter-switch link + +- **XG #1** port 15 or 16 ↔ **XG #2** port 15 or 16: 10G uplink between switches (if not already in use for R750). +- Adjust port numbers above so one port per switch is reserved for the inter-switch link. + +--- + +## 5. Management (1G) connectivity + +- **UDM Pro #1:** Existing; gateway 192.168.11.1; all management and VM traffic. +- **UDM Pro #2:** Connect to same LAN (192.168.11.0/24), assign 192.168.11.2; configure as standby or separate segment per design. +- **R630 / R750:** 1G management NIC to existing LAN switch (or UDM Pro LAN ports). **ML110:** After repurpose, 8–12 GbE — 6–10 to cable modems (WAN), 1–2 to UDM Pro WAN ports (LAN). +- **Dell 7920:** 1G to management LAN; static or DHCP reservation .30, .31. + +--- + +## 6. Checklist summary + +- [ ] Document which physical port on each R630/R750 is 1G (mgmt) vs 10G (Ceph). +- [ ] Cable all 13 R630s to XG #1 (and XG #2 if dual 10G). +- [ ] Cable 3× R750 to XG #1 (and XG #2 if dual 10G). +- [ ] Optional: cable 2× 7920 to XG for high-throughput workloads. +- [ ] Connect XG #1 ↔ XG #2 for redundant backbone. +- [ ] Assign 192.168.11.2 to UDM Pro #2 and connect to LAN. +- [ ] Update `config/ip-addresses.conf` and DNS for .24–.26 (R750), .30–.31 (7920), .2 (UDM Pro #2). +- [ ] Configure Ceph cluster network (VLAN or subnet) on 10G interfaces when bringing nodes online. + +See [13_NODE_AND_ASSETS_BRING_ONLINE_CHECKLIST.md](13_NODE_AND_ASSETS_BRING_ONLINE_CHECKLIST.md) for power-on and join-order. diff --git a/docs/11-references/ADDRESS_MATRIX_AND_STATUS.md b/docs/11-references/ADDRESS_MATRIX_AND_STATUS.md index 08362a4..cae4091 100644 --- a/docs/11-references/ADDRESS_MATRIX_AND_STATUS.md +++ b/docs/11-references/ADDRESS_MATRIX_AND_STATUS.md @@ -1,7 +1,7 @@ # Address Matrix and Status — Correlated Reference -**Last Updated:** 2026-02-28 -**Purpose:** Single correlated matrix of all existing contract, token, and pool addresses with deployment status. +**Last Updated:** 2026-03-04 +**Purpose:** Single correlated matrix of all existing contract, token, and pool addresses with deployment status. **On-chain verification (2026-03-04):** DODOPMMIntegration at `0x79cdbaFBaA0FdF9F55D26F360F54cddE5c743F7D` returns canonical cUSDT/cUSDC per [EXPLORER_TOKEN_LIST_CROSSCHECK](EXPLORER_TOKEN_LIST_CROSSCHECK.md) §8. **Sources:** CONTRACT_ADDRESSES_REFERENCE, CHAIN138_TOKEN_ADDRESSES, LIQUIDITY_POOLS_MASTER_MAP, DEPLOYED_COINS_TOKENS_AND_NETWORKS, env examples, PRE_DEPLOYMENT_CHECKLIST. --- @@ -29,9 +29,18 @@ | LINK | Chainlink Token | `0xb7721dD53A8c629d9f1Ba31a5819AFe250002b03` | 18 | ✅ | CCIP fees | | cUSDT | Compliant Tether USD | `0x93E66202A11B1772E55407B32B44e5Cd8eda7f22` | 6 | ✅ | Compliant stablecoin | | cUSDC | Compliant USD Coin | `0xf22258f57794CC8E06237084b353Ab30fFfa640b` | 6 | ✅ | Compliant stablecoin | +| cEURC | Euro Coin (Compliant) | `0x8085961F9cF02b4d800A3c6d386D31da4B34266a` | 6 | ✅ | Compliant stablecoin | +| cEURT | Tether EUR (Compliant) | `0xdf4b71c61E5912712C1Bdd451416B9aC26949d72` | 6 | ✅ | Compliant stablecoin | +| cGBPC | Pound Sterling (Compliant) | `0x003960f16D9d34F2e98d62723B6721Fb92074aD2` | 6 | ✅ | Compliant stablecoin | +| cGBPT | Tether GBP (Compliant) | `0x350f54e4D23795f86A9c03988c7135357CCaD97c` | 6 | ✅ | Compliant stablecoin | +| cAUDC | Australian Dollar (Compliant) | `0xD51482e567c03899eecE3CAe8a058161FD56069D` | 6 | ✅ | Compliant stablecoin | +| cJPYC | Japanese Yen (Compliant) | `0xEe269e1226a334182aace90056EE4ee5Cc8A6770` | 6 | ✅ | Compliant stablecoin | +| cCHFC | Swiss Franc (Compliant) | `0x873990849DDa5117d7C644f0aF24370797C03885` | 6 | ✅ | Compliant stablecoin | +| cCADC | Canadian Dollar (Compliant) | `0x54dBd40cF05e15906A2C21f600937e96787f5679` | 6 | ✅ | Compliant stablecoin | +| cXAUC | Gold (Compliant) | `0x290E52a8819A4fbD0714E517225429aA2B70EC6b` | 6 | ✅ | Compliant | +| cXAUT | Tether XAU (Compliant) | `0x94e408E26c6FD8F4ee00b54dF19082FDA07dC96E` | 6 | ✅ | Compliant | | — | Tether USDT (official, Chain 138) | `0x15DF1D5BFDD8Aa4b380445D4e3E9B38d34283619` | — | ✅ | Reference / mainnet-style | | XAU | Gold (anchor) | — | — | ❌ | Not deployed | -| cEURT | Compliant EUR T | — | — | ❌ | Not deployed | ### 1.2 Core / registry / vault @@ -96,7 +105,7 @@ | Contract / pool | Address | Status | Notes | |-----------------|---------|--------|-------| -| DODOPMMIntegration | `0x79cdbaFBaA0FdF9F55D26F360F54cddE5c743F7D` | ✅ | Mock DVM | +| DODOPMMIntegration | `0x79cdbaFBaA0FdF9F55D26F360F54cddE5c743F7D` | ✅ | Mock DVM; canonical cUSDT/cUSDC verified on-chain 2026-03-04 (EXPLORER_TOKEN_LIST_CROSSCHECK §8) | | DODOPMMProvider | `0x8EF6657D2a86c569F6ffc337EE6b4260Bd2e59d0` | ✅ | Pools registered | | Pool cUSDT/cUSDC | `0x9fcB06Aa1FD5215DC0E91Fd098aeff4B62fEa5C8` | ✅ | Created | | Pool cUSDT/USDT | `0xa3Ee6091696B28e5497b6F491fA1e99047250c59` | ✅ | Created | @@ -108,7 +117,7 @@ | Item | Address | Status | Notes | |------|---------|--------|-------| -| TransactionMirror | From deploy script (e.g. `0xb5876547c52CaBf49d7f40233B6f6a140F403d25`) | ⏳ | Set TRANSACTION_MIRROR_ADDRESS in .env | +| TransactionMirror | `0x7131F887DBEEb2e44c1Ed267D2A68b5b83285afc` | ✅ | Deployed 2026-02-27; set TRANSACTION_MIRROR_ADDRESS in .env | | Deployer / Admin | `0x4A666F96fC8764181194447A7dFdb7d471b301C8` | ✅ | EOA | --- @@ -119,13 +128,13 @@ | Category | Count | Status summary | |----------|-------|-----------------| -| Tokens | 5 live, 2 not deployed (XAU, cEURT) | ✅ cUSDT, cUSDC, WETH, WETH10, LINK | +| Tokens | 16 live (cUSDT, cUSDC, cEURC, cEURT, cGBPC, cGBPT, cAUDC, cJPYC, cCHFC, cCADC, cXAUC, cXAUT, WETH, WETH10, LINK, ETH-USD); 1 not deployed (XAU) | ✅ See §1.1 | | Core / registry | 11+ | ✅ All deployed | | CCIP / bridge | 4 (1 deprecated) | ✅ Use 0x971c… WETH9 bridge | | Governance / deterministic | 9 | ✅ All deployed | | Channels / mirror / reserve / vault | 14+ | ✅ All deployed | | PMM / pools | 1 integration, 1 provider, 3 pools | ✅ Created; add liquidity to pools | -| TransactionMirror | 1 | ⏳ Set from deploy output | +| TransactionMirror | 1 | ✅ `0x7131F887DBEEb2e44c1Ed267D2A68b5b83285afc` | ### 2.2 Ethereum Mainnet (1) diff --git a/docs/11-references/CCIP_138_DESTINATION_RECEIVER_BY_CHAIN_AND_TOKEN.md b/docs/11-references/CCIP_138_DESTINATION_RECEIVER_BY_CHAIN_AND_TOKEN.md new file mode 100644 index 0000000..645b218 --- /dev/null +++ b/docs/11-references/CCIP_138_DESTINATION_RECEIVER_BY_CHAIN_AND_TOKEN.md @@ -0,0 +1,77 @@ +# CCIP 138 → Destination: Receiver Behavior by Chain and Token + +**Last Updated:** 2026-03-04 +**Purpose:** Confirms for each destination chain and token whether the receiver **mints**, **receives-from-CCIP-and-forwards**, or **releases** (pre-fund required). Source: contract code and docs. + +**Source contracts:** `smom-dbis-138/contracts/ccip/CCIPWETH9Bridge.sol`, `CCIPWETH10Bridge.sol`, `contracts/relay/CCIPRelayBridge.sol`; [07-ccip/CW_BRIDGE_APPROACH](../07-ccip/CW_BRIDGE_APPROACH.md), [07-ccip/CCIP_BRIDGE_MAINNET_CONNECTION](../07-ccip/CCIP_BRIDGE_MAINNET_CONNECTION.md), [07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md). + +--- + +## 1. Summary: mechanism by chain and token + +| Chain ID | Chain name | Token(s) | Receiver contract | Mechanism | Pre-fund required? | +|----------|--------------|------------|----------------------------|-----------|---------------------| +| **1** | Ethereum | WETH9, WETH10 | CCIPRelayBridge (Mainnet only) | **Release** from own balance (relay does not deliver tokens) | **Yes** | +| **25** | Cronos | WETH9, WETH10 | CCIPWETH9Bridge, CCIPWETH10Bridge | **Receive from CCIP + forward** (native CCIP delivers token amounts to receiver) | No | +| **56** | BSC | WETH9, WETH10 | CCIPWETH9Bridge, CCIPWETH10Bridge | **Receive from CCIP + forward** | No | +| **100** | Gnosis | WETH9, WETH10 | CCIPWETH9Bridge, CCIPWETH10Bridge | **Receive from CCIP + forward** | No | +| **137** | Polygon | WETH9, WETH10 | CCIPWETH9Bridge, CCIPWETH10Bridge | **Receive from CCIP + forward** | No | +| **10** | Optimism | WETH9, WETH10 | CCIPWETH9Bridge, CCIPWETH10Bridge | **Receive from CCIP + forward** | No | +| **42161**| Arbitrum One | WETH9, WETH10 | CCIPWETH9Bridge, CCIPWETH10Bridge | **Receive from CCIP + forward** | No | +| **8453** | Base | WETH9, WETH10 | CCIPWETH9Bridge, CCIPWETH10Bridge | **Receive from CCIP + forward** | No | +| **43114**| Avalanche | WETH9, WETH10 | CCIPWETH9Bridge, CCIPWETH10Bridge | **Receive from CCIP + forward** | No | +| **42220**| Celo | WETH9, WETH10 | CCIPWETH9Bridge, CCIPWETH10Bridge | **Receive from CCIP + forward** | No | +| **1111** | Wemix | WETH9, WETH10 | CCIPWETH9Bridge, CCIPWETH10Bridge | **Receive from CCIP + forward** | No | + +**cW* (any supported chain, when deployed):** Token cWUSDT, cWUSDC (etc.). Receiver: **TwoWayTokenBridgeL2** (or CCIPReceiverCW). Mechanism: **Mint** (`ccipReceive` → `cW*.mint(recipient, amount)`). Pre-fund: No. +*(Design only; deployment-status empty.)* + +--- + +## 2. Why Mainnet (1) is different + +- **138 → other chains (25, 56, 100, 137, 10, 42161, 8453, 43114, 42220, 1111):** Use **native Chainlink CCIP** end-to-end. The source bridge sends a message with `tokenAmounts` (WETH9/WETH10). The CCIP protocol locks tokens on 138 and **delivers** the token amounts to the **receiver contract** on the destination when the message is executed. The receiver is **CCIPWETH9Bridge** / **CCIPWETH10Bridge** (same code as on 138). In `ccipReceive` it does `IERC20(weth9).transfer(recipient, amount)` — i.e. it **forwards** the tokens it **received from the CCIP router** to the final recipient. So the receiver does **not** mint; it **receives from CCIP and forwards**. No pre-fund. + +- **138 → Mainnet (1):** Uses a **custom relay** (not native CCIP token delivery). The relay service watches 138 for `MessageSent`, then calls **CCIPRelayRouter.relayMessage(CCIPRelayBridge, message)** on Mainnet. The **tokens are not** delivered by the CCIP protocol; only the message is relayed. So **CCIPRelayBridge**’s `ccipReceive` is called with the message, but the bridge **never receives** WETH from any router. It does `IERC20(weth9).transfer(recipient, amount)` from **its own balance**, so it must be **pre-funded with Mainnet WETH**. + +**Code reference:** +- `CCIPWETH9Bridge.sol` / `CCIPWETH10Bridge.sol`: `ccipReceive` → `IERC20(weth9).transfer(recipient, amount)` (receive from router + forward on native CCIP; release from balance on relay path). +- `CCIPRelayBridge.sol`: same `transfer(recipient, amount)` but only called by relay; no token delivery → release only. + +--- + +## 3. Tokens for which the receiver **mints** (no pre-fund) + +| Token(s) | Chain(s) | Receiver | Mechanism | +|---------------|----------|------------------------|-----------| +| **cWUSDT, cWUSDC** (cW*) | 56, 100, 137, 10, 42161, 8453, 43114, 25, 1, etc. (when deployed) | TwoWayTokenBridgeL2 (or CCIPReceiverCW) | `ccipReceive` → `cW*.mint(recipient, amount)`; receiver has MINTER_ROLE | + +**Source:** [CW_BRIDGE_APPROACH](../07-ccip/CW_BRIDGE_APPROACH.md). Deployment status: design only; deployment-status.json empty. + +--- + +## 4. Tokens for which the receiver **receives from CCIP and forwards** (no pre-fund) + +| Token(s) | Chain(s) | Receiver | Mechanism | +|------------|--------------------------------------------------------------|----------------------------------|-----------| +| **WETH9, WETH10** | 25, 56, 100, 137, 10, 42161, 8453, 43114, 42220, 1111 | CCIPWETH9Bridge, CCIPWETH10Bridge | Native CCIP delivers token amounts to receiver; receiver `transfer(recipient, amount)` to forward. No mint. | + +--- + +## 5. Tokens for which the receiver **releases** (pre-fund required) + +| Token(s) | Chain | Receiver | Mechanism | +|------------|-------|-------------------|-----------| +| **WETH9, WETH10** | **1 (Ethereum Mainnet)** | CCIPRelayBridge | Relay calls `ccipReceive`; no token delivery. Bridge `transfer(recipient, amount)` from **own balance** → must be funded with Mainnet WETH. | + +--- + +## 6. References + +| Document | Use | +|----------|-----| +| [ROUTES_NO_PREFUNDED_BRIDGE_REQUIRED](ROUTES_NO_PREFUNDED_BRIDGE_REQUIRED.md) | Routes that do not require bridge pre-funding | +| [DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES](DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md) | Full routes; 138→Mainnet WETH pre-fund prerequisite | +| [07-ccip/CCIP_BRIDGE_MAINNET_CONNECTION](../07-ccip/CCIP_BRIDGE_MAINNET_CONNECTION.md) | Mainnet relay and CCIPRelayBridge | +| [07-ccip/CW_BRIDGE_APPROACH](../07-ccip/CW_BRIDGE_APPROACH.md) | cW* mint-on-receive | +| [07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md) | Deploy CCIPWETH9/WETH10 per chain (Gnosis, Cronos, Celo, Wemix) | diff --git a/docs/11-references/CONTRACT_ADDRESSES_REFERENCE.md b/docs/11-references/CONTRACT_ADDRESSES_REFERENCE.md index 6f8b0c3..da8f6a7 100644 --- a/docs/11-references/CONTRACT_ADDRESSES_REFERENCE.md +++ b/docs/11-references/CONTRACT_ADDRESSES_REFERENCE.md @@ -1,8 +1,8 @@ # Contract Addresses Reference - ChainID 138 -**Last Updated:** 2026-02-28 +**Last Updated:** 2026-03-04 **Document Version:** 1.4 -**Status:** Active Documentation +**Status:** Active Documentation. DODOPMMIntegration token addresses verified on-chain 2026-03-04 — see EXPLORER_TOKEN_LIST_CROSSCHECK §8. --- @@ -93,8 +93,9 @@ Contracts deployed after chain initialization: | Contract | Address | Status / Notes | |----------|---------|----------------| +| **DODOPMMIntegration** | `0x79cdbaFBaA0FdF9F55D26F360F54cddE5c743F7D` | ✅ Deployed; **on-chain verified 2026-03-04:** `compliantUSDT()` = canonical cUSDT, `compliantUSDC()` = canonical cUSDC. See [EXPLORER_TOKEN_LIST_CROSSCHECK](EXPLORER_TOKEN_LIST_CROSSCHECK.md) §8. | | **TransactionMirror** | `0x7131F887DBEEb2e44c1Ed267D2A68b5b83285afc` (Chain 138; deployed 2026-02-27) | Set `TRANSACTION_MIRROR_ADDRESS` in `smom-dbis-138/.env`. Deploy: `./scripts/deployment/deploy-transaction-mirror-and-pmm-pool-after-txpool-clear.sh`. | -| **DODO cUSDT/cUSDC pool** | `0x9fcB06Aa1FD5215DC0E91Fd098aeff4B62fEa5C8` | Pending until CreateCUSDTCUSDCPool succeeds; same script deploys after mirror. See [REQUIRED_FIXES_AND_DEPLOYMENTS_STATUS](../03-deployment/REQUIRED_FIXES_AND_DEPLOYMENTS_STATUS.md). | +| **DODO cUSDT/cUSDC pool** | `0x9fcB06Aa1FD5215DC0E91Fd098aeff4B62fEa5C8` | ✅ Created (deploy-transaction-mirror-and-pmm-pool-after-txpool-clear.sh). See [REQUIRED_FIXES_AND_DEPLOYMENTS_STATUS](../03-deployment/REQUIRED_FIXES_AND_DEPLOYMENTS_STATUS.md). | ### Deployer / Admin (Chain 138) @@ -203,5 +204,5 @@ Chain 138 WETH9 bridges (LINK fee and native ETH fee) have mainnet destination s --- -**Related:** [ADDRESS_MATRIX_AND_STATUS](ADDRESS_MATRIX_AND_STATUS.md) (correlated matrix and status) | [EXPLORER_AND_BLOCKSCAN_REFERENCE](EXPLORER_AND_BLOCKSCAN_REFERENCE.md) (correct explorer vs blockscan.com) | [ADDRESS_MATRIX_AND_STATUS](ADDRESS_MATRIX_AND_STATUS.md) | [CONTRACTS_TO_DEPLOY](CONTRACTS_TO_DEPLOY.md) | [CHAIN138_TOKEN_ADDRESSES](CHAIN138_TOKEN_ADDRESSES.md) | [TOKEN_MAPPING_AND_MAINNET_ADDRESSES](../07-ccip/TOKEN_MAPPING_AND_MAINNET_ADDRESSES.md) (138↔Mainnet token mapping) +**Related:** [DEPLOYER_CONTRACTS_INVENTORY_AND_VERIFICATION_STATUS](DEPLOYER_CONTRACTS_INVENTORY_AND_VERIFICATION_STATUS.md) (all contracts by deployer, network, verified status) | [EXPLORER_TOKEN_LIST_CROSSCHECK](EXPLORER_TOKEN_LIST_CROSSCHECK.md) (Explorer /tokens vs repo token lists) | [ADDRESS_MATRIX_AND_STATUS](ADDRESS_MATRIX_AND_STATUS.md) (correlated matrix and status) | [EXPLORER_AND_BLOCKSCAN_REFERENCE](EXPLORER_AND_BLOCKSCAN_REFERENCE.md) (correct explorer vs blockscan.com) | [ADDRESS_MATRIX_AND_STATUS](ADDRESS_MATRIX_AND_STATUS.md) | [CONTRACTS_TO_DEPLOY](CONTRACTS_TO_DEPLOY.md) | [CHAIN138_TOKEN_ADDRESSES](CHAIN138_TOKEN_ADDRESSES.md) | [TOKEN_MAPPING_AND_MAINNET_ADDRESSES](../07-ccip/TOKEN_MAPPING_AND_MAINNET_ADDRESSES.md) (138↔Mainnet token mapping) diff --git a/docs/11-references/DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md b/docs/11-references/DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md new file mode 100644 index 0000000..4eead65 --- /dev/null +++ b/docs/11-references/DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md @@ -0,0 +1,204 @@ +# Deployed Tokens, Bridges, DODO/Uniswap LPs — Status & Complete Routing Map + +**Last Updated:** 2026-03-04 +**Purpose:** Single reference for (1) deployed tokens/coins and bridges per destination network, (2) DODO and Uniswap LPs with addresses, and (3) a complete mapping of all possible routes for routing **to** and **from** each chain. + +--- + +## 1. Executive summary + +| Area | Status | Notes | +|------|--------|-------| +| **Chain 138 tokens** | ✅ Live | cUSDT, cUSDC, WETH, WETH10, LINK; 10 more compliant tokens deployable (cEURC, cEURT, cGBP*, cAUD*, cJPY*, cCHF*, cCAD*, cAUSDT). | +| **Chain 138 DODO PMM** | ✅ Live | DODOPMMIntegration + 3 pools (cUSDT/cUSDC usable; cUSDT/USDT, cUSDC/USDC use mainnet addresses → no liquidity on 138). DODOPMMProvider deployed; routing cUSDT↔cUSDC live. | +| **Chain 138 → destination bridges** | ✅ CCIP + Alltra | CCIP WETH9/WETH10 to Ethereum, BSC, Polygon, Arbitrum, Optimism, Avalanche, Cronos, **Celo + Gnosis (2026-03-04)**. Gnosis: 0x4ab39b5BaB7b463435209A9039bd40Cf241F5a82 (WETH9), 0xC15ACdBAC59B3C7Cb4Ea4B3D58334A4b143B4b44 (WETH10). AlltraAdapter 138↔651940. Wemix pending (need 0.4 WEMIX). | +| **Destination tokens (cW\*)** | ⚠️ Design / partial | cWUSDT, cWUSDC deployed on 9 chains (1, 25, 56, 137, 100, 43114, 8453, 42161, 10); cWEURC and others partial. Addresses in .env; **deployment-status.json** empty (design-only). | +| **Destination DODO/Uniswap LPs** | ❌ Not deployed | cross-chain-pmm-lps **pool-matrix** defines cW*/USDC, cW*/USDT per chain; **deployment-status.json** has no pool addresses. Public-chain edge pools and bot not live. | +| **Uniswap on 138** | ❌ | No Uniswap V2/V3 factory on Chain 138. | +| **Uniswap on ALL Mainnet (651940)** | ⚠️ Env placeholders | HYDX DEX present; Uniswap V2/V3 and DODO env vars in dex-factories; no pool addresses in repo. | + +--- + +## 2. Deployed tokens and coins by network + +### 2.1 Chain 138 (DeFi Oracle Meta Mainnet) — primary + +| Symbol | Address | Decimals | Status | +|--------|---------|----------|--------| +| WETH | `0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2` | 18 | ✅ Genesis | +| WETH10 | `0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9f` | 18 | ✅ Genesis | +| LINK | `0xb7721dD53A8c629d9f1Ba31a5819AFe250002b03` | 18 | ✅ | +| cUSDT | `0x93E66202A11B1772E55407B32B44e5Cd8eda7f22` | 6 | ✅ | +| cUSDC | `0xf22258f57794CC8E06237084b353Ab30fFfa640b` | 6 | ✅ | +| cEURC, cEURT, cGBPT, cGBPC, cAUDT, cAUDC, cJPYT, cJPYC, cCHFT, cCHFC, cCADT, cCADC, cAUSDT | Script / .env | 6 | ⏳ Deployable via DeployCompliantFiatTokens | + +**Source:** [DEPLOYED_COINS_TOKENS_AND_NETWORKS.md](DEPLOYED_COINS_TOKENS_AND_NETWORKS.md), [CHAIN138_TOKEN_ADDRESSES.md](CHAIN138_TOKEN_ADDRESSES.md). + +### 2.2 Destination networks — supported chain IDs + +| Chain ID | Name | Tokens / bridges | +|----------|------|-------------------| +| **1** | Ethereum Mainnet | WETH, USDT, USDC, DAI; CCIP WETH9/WETH10 bridges; relay router. cW* deployable. | +| **25** | Cronos | USDW, EURW, GBPW, AUDW, JPYW, CHFW, CADW (D-WIN W); cW* deployable. | +| **56** | BSC | cWUSDT, cWUSDC (and other cW* per CW_TOKENS_AND_NETWORKS). | +| **100** | Gnosis | cW* deployable. | +| **137** | Polygon | cW* deployable. | +| **10** | Optimism | cW* deployable. | +| **42161** | Arbitrum One | cW* deployable. | +| **8453** | Base | cW* deployable. | +| **43114** | Avalanche C-Chain | cW* deployable. | +| **42220** | Celo | In pool-matrix; cW* not in deploy script chain list. | +| **1111** | Wemix | In pool-matrix; cW* not in deploy script chain list. | +| **651940** | ALL Mainnet (Alltra) | AUSDT, USDC, WETH, WALL; AlltraAdapter 138↔651940. | + +**Source:** [DEPLOYED_COINS_TOKENS_AND_NETWORKS.md](DEPLOYED_COINS_TOKENS_AND_NETWORKS.md), [CW_TOKENS_AND_NETWORKS.md](CW_TOKENS_AND_NETWORKS.md), [cross-chain-pmm-lps/config/chains.json](../../cross-chain-pmm-lps/config/chains.json). + +--- + +## 3. Bridges — source → destination + +### 3.1 Chain 138 as source + +| Destination | Bridge type | Contract (138) | Status | Notes | +|-------------|-------------|----------------|--------|--------| +| Ethereum (1) | CCIP WETH9 / WETH10 | CCIPWETH9Bridge `0x971cD9D156f193df8051E48043C476e53ECd4693`, CCIPWETH10Bridge `0xe0E93247376aa097dB308B92e6Ba36bA015535D0` | ✅ | Relay path to mainnet (CCIPRelayBridge). | +| BSC (56) | CCIP | Same bridges + addDestination(selector, receiver) | ✅ | Per CCIP_BRIDGE_DESTINATIONS_AND_LINK_FUNDING. | +| Polygon (137) | CCIP | Same | ✅ | | +| Arbitrum (42161) | CCIP | Same | ✅ | | +| Optimism (10) | CCIP | Same | ✅ | | +| Avalanche (43114) | CCIP | Same | ✅ | | +| Cronos (25) | CCIP | Same | ✅ | | +| ALL Mainnet (651940) | AlltraAdapter | AlltraAdapter `0x66FEBA2fC9a0B47F26DD4284DAd24F970436B8Dc` | ✅ | 138 ↔ 651940. | +| Celo (42220) | CCIP | CCIPWETH9Bridge `0xD3AD6831aacB5386B8A25BB8D8176a6C8a026f04`, CCIPWETH10Bridge `0xa4B9DD039565AeD9641D45b57061f99d9cA6Df08` (Celo); 138↔Celo destinations configured 2026-03-04 | ✅ | complete-config-ready-chains.sh Celo→138 OK. | +| Wemix (1111) | CCIP | Bridge addresses in .env when deployed; deployer needs 0.4 WEMIX | ⏳ | Run deploy-bridges-config-ready-chains.sh wemix after funding. | + +### 3.2 Destination → Chain 138 (inbound) + +- **CCIP:** Each destination chain has a CCIP WETH9/WETH10 receiver bridge; 138’s bridges have `addDestination(chainSelector, receiverBridge)` for two-way routing. +- **Alltra:** AlltraAdapter on 138 and corresponding adapter on 651940 for two-way. + +**Source:** [CONTRACT_ADDRESSES_REFERENCE.md](CONTRACT_ADDRESSES_REFERENCE.md), [smom-dbis-138/docs/deployment/CCIP_BRIDGE_DESTINATIONS_AND_LINK_FUNDING.md](../../smom-dbis-138/docs/deployment/CCIP_BRIDGE_DESTINATIONS_AND_LINK_FUNDING.md). + +--- + +## 4. DODO and Uniswap LPs — by chain + +### 4.1 Chain 138 — DODO PMM only + +| Pool pair | Pool address | Base token | Quote token | Status | Routing | +|-----------|--------------|------------|-------------|--------|---------| +| cUSDT / cUSDC | `0x9fcB06Aa1FD5215DC0E91Fd098aeff4B62fEa5C8` | cUSDT | cUSDC | ✅ Created; liquidity addible | **To:** cUSDT→cUSDC. **From:** cUSDC→cUSDT. | +| cUSDT / USDT (official) | `0xa3Ee6091696B28e5497b6F491fA1e99047250c59` | cUSDT | USDT (mainnet addr) | ✅ Created | Not used on 138 (official USDT has no code on 138). | +| cUSDC / USDC (official) | `0x90bd9Bf18Daa26Af3e814ea224032d015db58Ea5` | cUSDC | USDC (mainnet addr) | ✅ Created | Not used on 138 (official USDC has no code on 138). | + +- **DODOPMMIntegration:** `0x79cdbaFBaA0FdF9F55D26F360F54cddE5c743F7D` (Mock DVM). +- **DODOPMMProvider:** `0x8EF6657D2a86c569F6ffc337EE6b4260Bd2e59d0` (all pools registered). +- **Uniswap on 138:** None (no factory documented). + +**MCP allowlist (Chain 138):** [ai-mcp-pmm-controller/config/allowlist-138.json](../../ai-mcp-pmm-controller/config/allowlist-138.json) — lists the three pools; `get_pool_state`, `identify_pool_interface`, quote/add/remove liquidity. + +**Source:** [LIQUIDITY_POOLS_MASTER_MAP.md](LIQUIDITY_POOLS_MASTER_MAP.md), [PMM_DEX_ROUTING_STATUS.md](PMM_DEX_ROUTING_STATUS.md). + +### 4.2 ALL Mainnet (651940) + +| DEX / type | Status | Config | +|------------|--------|--------| +| Uniswap V2/V3 | ⚠️ Env | `CHAIN_651940_UNISWAP_V2_FACTORY`, `_ROUTER`, `_START_BLOCK` | +| DODO PMM | ⚠️ Env | `CHAIN_651940_DODO_POOL_MANAGER`, `_DODO_VENDING_MACHINE` | +| HYDX | Present | Token `0x0d9793861AEB9244AD1B34375a83A6730F6AdD38`; no pool addresses in repo. | + +### 4.3 Public chains (1, 56, 137, 10, 100, 25, 42161, 8453, 43114, 42220, 1111) — cW* edge pools + +**Designed (pool-matrix.json):** Per chain, first-tier pools: cWUSDT/USDC or cWUSDT/USDT, cWUSDC/USDC or cWUSDC/USDT, plus cWAUSDT, cWEURC, cWEURT, cWUSDW vs hub stable. Optional: cW*/USDT, cW*/DAI, cW*/BUSD, cW*/mUSD. + +**Deployment status:** [cross-chain-pmm-lps/config/deployment-status.json](../../cross-chain-pmm-lps/config/deployment-status.json) — **empty** (no cW* addresses, no PMM pool addresses). Design and simulation only; edge pools and bot **not deployed**. + +**Source:** [cross-chain-pmm-lps/config/pool-matrix.json](../../cross-chain-pmm-lps/config/pool-matrix.json), [cross-chain-pmm-lps/config/token-map.json](../../cross-chain-pmm-lps/config/token-map.json). + +--- + +## 5. Complete routing map — to and from + +### 5.1 Same-chain routing (Chain 138) + +| From token | To token | Route | Status | +|------------|----------|--------|--------| +| cUSDT | cUSDC | DODOPMMIntegration / DODOPMMProvider → pool cUSDT/cUSDC | ✅ | +| cUSDC | cUSDT | Same pool | ✅ | +| cUSDT | USDT (official) | Pool exists; **not usable on 138** (no official USDT contract on 138) | — | +| cUSDC | USDC (official) | Pool exists; **not usable on 138** (no official USDC contract on 138) | — | + +### 5.2 Cross-chain routing (138 → destination) + +| From (138) | To (chain) | Bridge | Destination asset | Destination LP (if any) | +|------------|------------|--------|--------------------|---------------------------| +| WETH9 | 1, 56, 137, 10, 42161, 43114, 25 | CCIP WETH9 | WETH | Native DEX / cW* pool when deployed | +| WETH10 | Same | CCIP WETH10 | WETH | Same | +| cUSDT / cUSDC | Any | — | — | No direct bridge for compliant stables; swap to WETH then CCIP, or use Alltra for 651940 | +| Any (138) | 651940 | AlltraAdapter | AUSDT, WETH, WALL, etc. | ALL Mainnet DEX (env placeholders) | + +### 5.3 Cross-chain routing (destination → 138) + +| From (chain) | To (138) | Bridge | 138 asset | +|--------------|----------|--------|-----------| +| WETH (1, 56, 137, …) | 138 | CCIP receiver bridge on 138 | WETH9 / WETH10 | +| 651940 | 138 | AlltraAdapter | Per adapter config | + +### 5.4 Public-chain cW* routing (when deployed) + +| From | To | Route | +|------|-----|--------| +| cW* (e.g. cWUSDT) | USDC / USDT (same chain) | Single-sided cW*/hub pool (pool-matrix); **not deployed**. | +| USDC / USDT | cW* | Same pool (reverse). | +| cW* chain A | cW* chain B | Bridge cW* or bridge underlying + mint cW* on dest; depends on bridge and cW* deployment. | + +### 5.5 Swap–bridge–swap (orchestration) + +- **Flow:** User gets quote (source swap 138 → bridge → destination swap) via `POST /api/bridge/quote`. Source leg: DODOPMMIntegration (138). Destination leg: public DEX or cW* pool when available. +- **Status:** QuoteService implemented; SwapBridgeSwapCoordinator deployable; full E2E depends on destination pools and bridge config. + +**Source:** [DEFI_AGGREGATOR_DEX_ROUTING_FLOWS_DIAGRAM.md](../03-deployment/DEFI_AGGREGATOR_DEX_ROUTING_FLOWS_DIAGRAM.md), [PMM_DEX_ROUTING_STATUS.md](PMM_DEX_ROUTING_STATUS.md). + +--- + +## 6. Summary tables + +### 6.1 Networks and bridge status + +| Chain ID | Name | Tokens deployed | Bridge from 138 | Bridge to 138 | DODO/Uniswap LPs | +|----------|------|------------------|------------------|---------------|-------------------| +| 138 | DeFi Oracle | cUSDT, cUSDC, WETH, WETH10, LINK | — | — | DODO: 3 pools (1 usable: cUSDT/cUSDC) | +| 1 | Ethereum | WETH, USDT, USDC, DAI | ✅ CCIP WETH9/10 | ✅ CCIP relay | Native DEX; cW* design | +| 651940 | ALL Mainnet | AUSDT, USDC, WETH, WALL | ✅ AlltraAdapter | ✅ AlltraAdapter | Env placeholders; HYDX | +| 25 | Cronos | USDW, EURW, …; cW* | ✅ CCIP | ✅ CCIP | cW* design only | +| 56, 100, 137, 10, 42161, 8453, 43114 | BSC, Gnosis, Polygon, Optimism, Arbitrum, Base, Avalanche | cW* (partial) | ✅ CCIP | ✅ CCIP | cW* pool-matrix; not deployed | +| 42220, 1111 | Celo, Wemix | — | Config | Config | pool-matrix only | + +### 6.2 Route matrix (to and from) + +| Direction | Route | Live? | +|-----------|--------|-------| +| **138 same-chain** | cUSDT ↔ cUSDC via DODO PMM | ✅ | +| **138 → 1** | WETH via CCIP WETH9/10 → mainnet | ✅ | +| **138 → 56, 137, 10, 42161, 43114, 25** | WETH via CCIP | ✅ | +| **138 ↔ 651940** | AlltraAdapter | ✅ | +| **1, 56, … → 138** | WETH via CCIP receiver on 138 | ✅ | +| **138 → dest** | cUSDT/cUSDC (swap to WETH then bridge) | ✅ (swap leg); bridge per above | +| **Dest cW* → USDC/USDT** | cW* edge pool (single-sided) | ❌ Pools not deployed | +| **Dest USDC/USDT → cW*** | Same pool | ❌ | + +--- + +## 7. References + +| Document | Purpose | +|----------|---------| +| [DEPLOYED_COINS_TOKENS_AND_NETWORKS.md](DEPLOYED_COINS_TOKENS_AND_NETWORKS.md) | Tokens and networks inventory | +| [LIQUIDITY_POOLS_MASTER_MAP.md](LIQUIDITY_POOLS_MASTER_MAP.md) | Pool map 138 and 651940 | +| [PMM_DEX_ROUTING_STATUS.md](PMM_DEX_ROUTING_STATUS.md) | DEX/PMM routing status | +| [CONTRACT_ADDRESSES_REFERENCE.md](CONTRACT_ADDRESSES_REFERENCE.md) | Contract and bridge addresses | +| [ADDRESS_MATRIX_AND_STATUS.md](ADDRESS_MATRIX_AND_STATUS.md) | Correlated address matrix | +| [DEFI_AGGREGATOR_DEX_ROUTING_FLOWS_DIAGRAM.md](../03-deployment/DEFI_AGGREGATOR_DEX_ROUTING_FLOWS_DIAGRAM.md) | Routing flow diagram | +| [CW_TOKENS_AND_NETWORKS.md](CW_TOKENS_AND_NETWORKS.md) | cW* tokens and networks | +| [cross-chain-pmm-lps/config/](../../cross-chain-pmm-lps/config/) | pool-matrix, deployment-status, token-map, chains | +| [ai-mcp-pmm-controller/config/allowlist-138.json](../../ai-mcp-pmm-controller/config/allowlist-138.json) | MCP allowlist Chain 138 | diff --git a/docs/11-references/DEPLOYER_CONTRACTS_INVENTORY_AND_VERIFICATION_STATUS.md b/docs/11-references/DEPLOYER_CONTRACTS_INVENTORY_AND_VERIFICATION_STATUS.md new file mode 100644 index 0000000..25f2b01 --- /dev/null +++ b/docs/11-references/DEPLOYER_CONTRACTS_INVENTORY_AND_VERIFICATION_STATUS.md @@ -0,0 +1,183 @@ +# Deployer Wallet — Complete Contract List by Network and Verification Status + +**Last Updated:** 2026-02-27 +**Deployer address:** `0x4A666F96fC8764181194447A7dFdb7d471b301C8` +**Purpose:** Single list of all contracts deployed by (or attributed to) the deployer wallet, the network each is on, and whether each is **verified** on the chain’s explorer (Blockscout for Chain 138). + +**Verification:** For Chain 138, verification is done via Blockscout (https://explorer.d-bis.org). Run `./scripts/verify/run-contract-verification-with-proxy.sh` (from LAN with Blockscout reachable) or `./scripts/verify/check-contracts-on-chain-138.sh` to check/verify. **Verified** below means “source code verified on explorer”; **Not verified** means not yet submitted or not yet confirmed; **Unknown** means not yet checked in this repo. + +--- + +## Legend + +| Column | Meaning | +|--------|--------| +| **Contract** | Contract name | +| **Address** | Contract address on the given network | +| **Network** | Chain ID and network name | +| **Deployed by** | **Genesis** = pre-deployed at chain init; **Deployer** = deployed by `0x4A66...` via repo scripts | +| **Verified** | **Yes** = verified on explorer; **No** = not verified; **Unknown** = not checked | + +--- + +## Chain 138 (DeFi Oracle Meta Mainnet) + +Explorer: https://explorer.d-bis.org + +### Tokens (ERC-20) + +| Contract | Address | Deployed by | Verified | +|----------|---------|-------------|----------| +| WETH9 | `0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2` | Genesis | Unknown | +| WETH10 | `0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9f` | Genesis | Unknown | +| LINK | `0xb7721dD53A8c629d9f1Ba31a5819AFe250002b03` | Deployer | Unknown | +| cUSDT (CompliantUSDT) | `0x93E66202A11B1772E55407B32B44e5Cd8eda7f22` | Deployer | Unknown | +| cUSDC (CompliantUSDC) | `0xf22258f57794CC8E06237084b353Ab30fFfa640b` | Deployer | Unknown | + +### Core / registry / compliance + +| Contract | Address | Deployed by | Verified | +|----------|---------|-------------|----------| +| ComplianceRegistry | `0xbc54fe2b6fda157c59d59826bcfdbcc654ec9ea1` | Deployer | Unknown | +| TokenFactory | `0xEBFb5C60dE5f7C4baae180CA328D3BB39E1a5133` | Deployer | Unknown | +| TokenRegistry | `0x91Efe92229dbf7C5B38D422621300956B55870Fa` | Deployer | Unknown | +| BridgeVault | `0x31884f84555210FFB36a19D2471b8eBc7372d0A8` | Deployer | Unknown | +| FeeCollector | `0xF78246eB94c6CB14018E507E60661314E5f4C53f` | Deployer | Unknown | +| DebtRegistry | `0x95BC4A997c0670d5DAC64d55cDf3769B53B63C28` | Deployer | Unknown | +| PolicyManager | `0x0C4FD27018130A00762a802f91a72D6a64a60F14` | Deployer | Unknown | +| TokenImplementation | `0x0059e237973179146237aB49f1322E8197c22b21` | Deployer | Unknown | +| Price Feed Keeper | `0xD3AD6831aacB5386B8A25BB8D8176a6C8a026f04` | Deployer | Unknown | + +### Oracle / Multicall + +| Contract | Address | Deployed by | Verified | +|----------|---------|-------------|----------| +| Multicall | `0x99b3511a2d315a497c8112c1fdd8d508d4b1e506` | Genesis | Unknown | +| Oracle Aggregator | `0x99b3511a2d315a497c8112c1fdd8d508d4b1e506` | Deployer (or same slot as Multicall) | Unknown | +| Oracle Proxy | `0x3304b747e565a97ec8ac220b0b6a1f6ffdb837e6` | Deployer | Unknown | +| Multicall (deploy 2026-02-13) | `0xF4AA429BE277d1a1a1A744C9e5B3aD821a9b96f7` | Deployer | Unknown | +| Oracle Aggregator (deploy 2026-02-13) | `0xaFd9E25ff301a79feaBcc56F46969F34808358CE` | Deployer | Unknown | +| Oracle Proxy (deploy 2026-02-13) | `0x90563867F2ba94ed277303e200f4311c00982E92` | Deployer | Unknown | + +### CCIP / bridge + +| Contract | Address | Deployed by | Verified | +|----------|---------|-------------|----------| +| CCIP Router | `0x8078A09637e47Fa5Ed34F626046Ea2094a5CDE5e` | Deployer | Unknown | +| CCIP Sender | `0x105F8A15b819948a89153505762444Ee9f324684` | Deployer | Unknown | +| CCIPWETH9Bridge | `0x971cD9D156f193df8051E48043C476e53ECd4693` | Deployer | Unknown | +| CCIPWETH10Bridge | `0xe0E93247376aa097dB308B92e6Ba36bA015535D0` | Deployer | Unknown | +| CCIPReceiver (2026-02-13) | `0xC12236C03b28e675d376774FCE2C2C052488430F` | Deployer | Unknown | + +### Governance / phased core / deterministic + +| Contract | Address | Deployed by | Verified | +|----------|---------|-------------|----------| +| UniversalAssetRegistry (proxy) | `0xAEE4b7fBe82E1F8295951584CBc772b8BBD68575` | Deployer | Unknown | +| GovernanceController (proxy) | `0xA6891D5229f2181a34D4FF1B515c3Aa37dd90E0e` | Deployer | Unknown | +| UniversalCCIPBridge (proxy) | `0xCd42e8eD79Dc50599535d1de48d3dAFa0BE156F8` | Deployer | Unknown | +| BridgeOrchestrator (proxy) | `0x89aB428c437f23bAB9781ff8Db8D3848e27EeD6c` | Deployer | Unknown | +| CREATE2Factory | `0x750E4a8adCe9f0e67A420aBE91342DC64Eb90825` | Deployer | Unknown | +| UniversalAssetRegistry (deterministic) | `0xC98602aa574F565b5478E8816BCab03C9De0870f` | Deployer | Unknown | +| UniversalCCIPBridge (deterministic) | `0x532DE218b94993446Be30eC894442f911499f6a3` | Deployer | Unknown | +| MirrorRegistry | `0x6427F9739e6B6c3dDb4E94fEfeBcdF35549549d8` | Deployer | Unknown | +| AlltraAdapter | `0x66FEBA2fC9a0B47F26DD4284DAd24F970436B8Dc` | Deployer | Unknown | + +### Channels / mirror / trustless / reserve / vault + +| Contract | Address | Deployed by | Verified | +|----------|---------|-------------|----------| +| PaymentChannelManager | `0x302aF72966aFd21C599051277a48DAa7f01a5f54` | Deployer | Unknown | +| GenericStateChannelManager | `0xe5e3bB424c8a0259FDE23F0A58F7e36f73B90aBd` | Deployer | Unknown | +| AddressMapper | `0x439Fcb2d2ab2f890DCcAE50461Fa7d978F9Ffe1A` | Deployer | Unknown | +| MirrorManager | `0x6eD905A30c552a6e003061A38FD52A5A427beE56` | Deployer | Unknown | +| Lockbox138 | `0xFce6f50B312B3D936Ea9693C5C9531CF92a3324c` | Deployer | Unknown | +| MerchantSettlementRegistry | `0x16D9A2cB94A0b92721D93db4A6Cd8023D3338800` | Deployer | Unknown | +| WithdrawalEscrow | `0xe77cb26eA300e2f5304b461b0EC94c8AD6A7E46D` | Deployer | Unknown | +| ReserveSystem | `0x607e97cD626f209facfE48c1464815DDE15B5093` | Deployer | Unknown | +| ReserveTokenIntegration | `0x34B73e6EDFd9f85a7c25EeD31dcB13aB6E969b96` | Deployer | Unknown | +| RegulatedEntityRegistry | `0xEA4C892D6c1253797c5D95a05BF3863363080b4B` | Deployer | Unknown | +| VaultFactory | `0xB2Ac70f35A81481B005067ed6567a5043BA32336` | Deployer | Unknown | +| Ledger | `0x67b3831dc64C14FB9352B2a45C6Dd69b3C86B7af` | Deployer | Unknown | +| Liquidation | `0x3aCdbCB749d6037a02F0ef6ea2E5Fb89D31fAB72` | Deployer | Unknown | +| XAU Oracle | `0xf23E1eDa304082ab7a81531dFE6020E6105e77A8` | Deployer | Unknown | +| MultiSig (2026-02-13) | `0xb9E29cFa1f89d369671E640d0BB3aD94Cab43965` | Deployer | Unknown | +| Voting (2026-02-13) | `0x022267b26400114aF01BaCcb92456Fe36cfccD93` | Deployer | Unknown | + +### DODO PMM / liquidity + +| Contract | Address | Deployed by | Verified | +|----------|---------|-------------|----------| +| DODOPMMIntegration | `0x79cdbaFBaA0FdF9F55D26F360F54cddE5c743F7D` | Deployer | Unknown | +| DODOPMMProvider | `0x8EF6657D2a86c569F6ffc337EE6b4260Bd2e59d0` | Deployer | Unknown | +| Pool cUSDT/cUSDC | `0x9fcB06Aa1FD5215DC0E91Fd098aeff4B62fEa5C8` | Deployer | Unknown | +| Pool cUSDT/USDT | `0xa3Ee6091696B28e5497b6F491fA1e99047250c59` | Deployer | Unknown | +| Pool cUSDC/USDC | `0x90bd9Bf18Daa26Af3e814ea224032d015db58Ea5` | Deployer | Unknown | + +### TransactionMirror + +| Contract | Address | Deployed by | Verified | +|----------|---------|-------------|----------| +| TransactionMirror | `0x7131F887DBEEb2e44c1Ed267D2A68b5b83285afc` | Deployer | Unknown | + +### Deprecated (do not use) + +| Contract | Address | Deployed by | Verified | +|----------|---------|-------------|----------| +| CCIPWETH9Bridge (old) | `0x89dd12025bfCD38A168455A44B400e913ED33BE2` | Deployer | — | + +--- + +## Ethereum Mainnet (Chain 1) + +Contracts used as **destinations** for Chain 138 CCIP/relay; may have been deployed by this deployer or by another party. + +| Contract | Address | Network | Deployed by | Verified | +|----------|---------|---------|-------------|----------| +| CCIPRelayRouter | `0xAd9A228CcEB4cbB612cD165FFB72fE090ff10Afb` | 1 (Ethereum Mainnet) | Unknown | Unknown | +| CCIPRelayBridge | `0xF9A32F37099c582D28b4dE7Fca6eaC1e5259f939` | 1 (Ethereum Mainnet) | Unknown | Unknown | + +Explorer: https://etherscan.io (or https://blockscan.com for multi-chain). + +--- + +## Other networks (CCIP / cW* / Cronos) + +Contracts on **other chains** (BSC, Polygon, Cronos, Arbitrum, Optimism, Avalanche, Base, Gnosis, Celo, Wemix) that the deployer may have deployed (e.g. CCIP WETH9/WETH10 bridges, cW* tokens, Cronos D-WIN W) are **not** listed here by address. Addresses are stored in `smom-dbis-138/.env` (e.g. `CCIPWETH9_BRIDGE_BSC`, `CWUSDT_MAINNET`, etc.). See [TOKENS_DEPLOYER_DEPLOYED_ON_OTHER_CHAINS.md](TOKENS_DEPLOYER_DEPLOYED_ON_OTHER_CHAINS.md) and [CW_TOKENS_AND_NETWORKS.md](CW_TOKENS_AND_NETWORKS.md). Verification status on those chains is **per-chain** (Etherscan, BscScan, Polygonscan, etc.) and not tracked in this doc. + +--- + +## Sources of deployment data (dotenv and config) + +Files that contain smart contract addresses or deployment configuration: + +**Primary dotenv:** `smom-dbis-138/.env` (canonical for Chain 138: tokens, CCIP, DODO PMM, pools, vaults, TRANSACTION_MIRROR). Root `.env` and `.env.master.example` hold RPC/keys. + +**Documented examples:** `smom-dbis-138/docs/deployment/ENV_EXAMPLE_CONTENT.md` (full env var reference), `smom-dbis-138/env.additions.example` (DODO/pool addrs), `smom-dbis-138/docs/deployment/ENV_CONFIG_READY_CHAINS.example` (CCIP per chain), `smom-dbis-138/terraform/phases/phase1/.env.chain138` and `config/env.chain138.example`, `config/env.mainnet.example` (138 and mainnet examples). + +**Config JSON:** `config/token-mapping-multichain.json` (138↔651940 and multichain token mapping), `cross-chain-pmm-lps/config/deployment-status.json` (per-chain cW*/pools status), `ai-mcp-pmm-controller/config/allowlist-138.json` (Chain 138 DODO pools for MCP). + +**Script load order:** Scripts use `scripts/lib/load-project-env.sh` (loads root .env, ip-addresses.conf, smom-dbis-138/.env) and optionally `scripts/lib/load-contract-addresses.sh` (reads `config/smart-contracts-master.json` when present; .env overrides). + +**Full index:** [DEPLOYMENT_DATA_SOURCES_INDEX.md](DEPLOYMENT_DATA_SOURCES_INDEX.md). + +--- + +## How to update verification status + +1. **Chain 138:** From a host that can reach Blockscout (e.g. LAN), run: + - `./scripts/verify/run-contract-verification-with-proxy.sh` to submit verification for contracts in the verification config. + - Open https://explorer.d-bis.org/address/
for each contract and confirm “Contract source code verified” (or equivalent). +2. **This doc:** Set **Verified** to **Yes** or **No** for each contract after checking. Leave **Unknown** until checked. + +--- + +## References + +| Document | Purpose | +|----------|---------| +| [CONTRACT_ADDRESSES_REFERENCE.md](CONTRACT_ADDRESSES_REFERENCE.md) | Canonical contract list and .env mapping | +| [ADDRESS_MATRIX_AND_STATUS.md](ADDRESS_MATRIX_AND_STATUS.md) | Correlated address matrix and status | +| [BLOCKSCOUT_VERIFICATION_GUIDE.md](../08-monitoring/BLOCKSCOUT_VERIFICATION_GUIDE.md) | How to verify on Blockscout | +| [DEPLOYER_WALLET_FUNDING_PLAN_PMM_POOLS.md](DEPLOYER_WALLET_FUNDING_PLAN_PMM_POOLS.md) | Deployer address and funding | +| [TOKENS_DEPLOYER_DEPLOYED_ON_OTHER_CHAINS.md](TOKENS_DEPLOYER_DEPLOYED_ON_OTHER_CHAINS.md) | Tokens deployer deployed on other chains | diff --git a/docs/11-references/DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md b/docs/11-references/DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md new file mode 100644 index 0000000..e620a49 --- /dev/null +++ b/docs/11-references/DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md @@ -0,0 +1,158 @@ +# Routes: Deployer Wallet → Public-Network Stablecoins + +**Last Updated:** 2026-03-04 +**Purpose:** Single reference for **all possible routes** from the deployer wallet as **source** (minted/held tokens on all blockchains) **to** public-network stablecoins (USDT, USDC, DAI, AUSDT, etc.) on each chain. Uses Master Documentation and verifiable sources only. + +**Deployer address (source):** `0x4A666F96fC8764181194447A7dFdb7d471b301C8` + +**Sources:** [MASTER_INDEX](MASTER_INDEX.md), [EXPLORER_TOKEN_LIST_CROSSCHECK](EXPLORER_TOKEN_LIST_CROSSCHECK.md) §5/§8, [CONTRACT_ADDRESSES_REFERENCE](CONTRACT_ADDRESSES_REFERENCE.md), [ADDRESS_MATRIX_AND_STATUS](ADDRESS_MATRIX_AND_STATUS.md), [DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS](DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md), [TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER](TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER.md), [DEPLOYER_WALLET_FUNDING_PLAN_PMM_POOLS](DEPLOYER_WALLET_FUNDING_PLAN_PMM_POOLS.md), [LIQUIDITY_POOLS_MASTER_MAP](LIQUIDITY_POOLS_MASTER_MAP.md). + +--- + +## 1. Deployer-held / mintable tokens by chain + +Tokens the deployer **can hold** as source (mintable to deployer on 138/Cronos, or acquirable on other chains): + +| Chain ID | Chain name | Source tokens (deployer as holder) | +|----------|-------------------|------------------------------------| +| **138** | DeFi Oracle (SMOM-DBIS-138) | cUSDT, cUSDC, cEURC, cEURT, cGBPC, cGBPT, cAUDC, cJPYC, cCHFC, cCADC, cXAUC, cXAUT, WETH, WETH10, LINK, native ETH | +| **1** | Ethereum Mainnet | WETH (via CCIP from 138), USDT, USDC, DAI (acquire) | +| **651940** | ALL Mainnet (Alltra) | AUSDT, USDC (AUSDC), WETH, WALL (via AlltraAdapter from 138 or acquire) | +| **25** | Cronos | USDW, EURW, GBPW, AUDW, JPYW, CHFW, CADW (D-WIN W; mintable if MINTER_ROLE), WETH9, WETH10, LINK | +| **56** | BSC | cWUSDT, cWUSDC (design; deployment-status empty), USDT, USDC (acquire) | +| **100** | Gnosis | cW* (design), xDAI, USDC (acquire) | +| **137** | Polygon | cW* (design), USDT, USDC (acquire) | +| **10** | Optimism | cW* (design), USDT, USDC (acquire) | +| **42161**| Arbitrum One | cW* (design), USDT, USDC (acquire) | +| **8453** | Base | cW* (design), USDT, USDC (acquire) | +| **43114**| Avalanche C-Chain | cW* (design), USDT, USDC (acquire) | +| **42220**| Celo | (CCIP config 2026-03-04); USDC, cEUR (acquire) | +| **1111** | Wemix | (pending 0.4 WEMIX); WEMIX, USDT/USDC (acquire) | + +--- + +## 2. Public-network stablecoins (destination) by chain + +| Chain ID | Chain name | Public stablecoins (destination) | +|----------|--------------|-----------------------------------| +| **138** | DeFi Oracle | cUSDT, cUSDC (compliant stables; no native USDT/USDC contract on 138) | +| **1** | Ethereum | USDT `0xdAC17F958D2ee523a2206206994597C13D831ec7`, USDC `0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48`, DAI `0x6B175474E89094C44Da98b954EedeAC495271d0F` | +| **651940** | ALL Mainnet | AUSDT `0x015B1897Ed5279930bC2Be46F661894d219292A6`, USDC (AUSDC) `0xa95EeD79f84E6A0151eaEb9d441F9Ffd50e8e881` | +| **25** | Cronos | USDW, EURW, GBPW, etc. (D-WIN W); native CRO; USDT/USDC if bridged | +| **56** | BSC | USDT, USDC, BUSD (native) | +| **100** | Gnosis | USDC, xDAI | +| **137** | Polygon | USDT, USDC (native) | +| **10** | Optimism | USDT, USDC (native) | +| **42161**| Arbitrum | USDT, USDC (native) | +| **8453** | Base | USDT, USDC (native) | +| **43114**| Avalanche | USDT, USDC (native) | +| **42220**| Celo | USDC, cEUR | +| **1111** | Wemix | USDT, USDC (if listed) | + +--- + +## 3. Routes: deployer source token → public stablecoin + +### 3.1 Chain 138 (same-chain) + +| From (deployer holds) | To (public stable on 138) | Route | Status | +|------------------------|----------------------------|--------|--------| +| cUSDT | cUSDC | DODOPMMIntegration / pool `0x9fcB06Aa1FD5215DC0E91Fd098aeff4B62fEa5C8` | ✅ Live | +| cUSDC | cUSDT | Same pool | ✅ Live | +| cUSDT | “USDT (official)” | Pool `0xa3Ee6091696B28e5497b6F491fA1e99047250c59` exists; **not usable** — no official USDT contract on 138 | — | +| cUSDC | “USDC (official)” | Pool `0x90bd9Bf18Daa26Af3e814ea224032d015db58Ea5` exists; **not usable** — no official USDC on 138 | — | + +**Note:** On 138 the only “public” stablecoin destinations that exist are cUSDT and cUSDC. There is no native USDT/USDC contract on 138. + +--- + +### 3.2 Chain 138 → Ethereum Mainnet (1) + +**Prerequisite:** The route 138 WETH → CCIP → Ethereum **requires that the Mainnet bridge be funded first.** CCIPRelayBridge on chain 1 (`0xF9A32F37099c582D28b4dE7Fca6eaC1e5259f939`) **releases** WETH to recipients when relay messages are delivered; it does not mint WETH. So **Mainnet WETH must be sent to CCIPRelayBridge** (or the relay/release mechanism) before 138→Mainnet transfers can complete. Flow: fund bridge with Mainnet WETH → then 138 WETH can be locked/sent via CCIP → relay delivers message → bridge releases pre-funded Mainnet WETH to recipient. + +| From (138, deployer holds) | To (Mainnet public stable) | Route | Status | +|----------------------------|----------------------------|--------|--------| +| WETH9 | WETH (then DEX) → USDT / USDC / DAI | CCIP WETH9 bridge `0x971cD9D156f193df8051E48043C476e53ECd4693` → Mainnet → swap via native DEX | ✅ Live (bridge); **requires Mainnet WETH funding of CCIPRelayBridge**; swap via DEX | +| WETH10 | Same | CCIP WETH10 bridge `0xe0E93247376aa097dB308B92e6Ba36bA015535D0` → Mainnet → DEX | ✅ Live; **same prerequisite** | +| cUSDT | USDT / USDC / DAI | **No direct bridge.** Swap 138: cUSDT→cUSDC or cUSDT→WETH (no cUSDT→WETH pool documented); or cUSDT→cUSDC then no bridge for cUSDC. **Indirect:** cUSDT→cUSDC (DODO) then no 138→mainnet bridge for compliant stables. Use: **cUSDT/cUSDC → swap to WETH on 138 (no pool today)** then CCIP WETH→mainnet→DEX→USDT/USDC/DAI. | ⚠️ Swap leg on 138 to WETH not documented; bridge leg ✅ | +| cUSDC | USDT / USDC / DAI | Same as cUSDT; need 138 cUSDC→WETH path (not in docs). Then CCIP WETH→mainnet→DEX. | ⚠️ Same | + +**Mainnet relay:** CCIP messages to chain 1 go via CCIPRelayRouter `0xAd9A228CcEB4cbB612cD165FFB72fE090ff10Afb` and CCIPRelayBridge `0xF9A32F37099c582D28b4dE7Fca6eaC1e5259f939` (releases WETH; **must be funded with Mainnet WETH** — see [CONTRACT_ADDRESSES_REFERENCE](CONTRACT_ADDRESSES_REFERENCE.md)). + +--- + +### 3.3 Chain 138 → ALL Mainnet (651940) + +| From (138, deployer holds) | To (651940 public stable) | Route | Status | +|----------------------------|----------------------------|--------|--------| +| Any (cUSDT, cUSDC, WETH, etc.) | AUSDT, USDC (AUSDC) | AlltraAdapter `0x66FEBA2fC9a0B47F26DD4284DAd24F970436B8Dc` (138↔651940) → then DEX on 651940 (env placeholders; HYDX present) | ✅ Bridge live; destination swap via ALL Mainnet DEX | + +--- + +### 3.4 Chain 138 → other public chains (56, 100, 137, 10, 42161, 8453, 43114, 25, 42220, 1111) + +| From (138) | To (destination chain public stable) | Bridge | Status | +|------------|--------------------------------------|--------|--------| +| WETH9 / WETH10 | WETH on dest → USDT/USDC via DEX | CCIP WETH9/WETH10 to BSC, Polygon, Arbitrum, Optimism, Avalanche, Cronos, **Celo**, **Gnosis** | ✅ Live (Celo + Gnosis 2026-03-04) | +| WETH9 / WETH10 | Wemix USDT/USDC | CCIP when Wemix bridges deployed (deployer needs 0.4 WEMIX) | ⏳ Pending | +| cUSDT / cUSDC | Any dest public stable | No direct bridge for compliant stables; must swap to WETH on 138 then CCIP (see 3.2). | ⚠️ Same as 3.2 | + +--- + +### 3.5 Destination chain → public stable (when deployer holds asset on that chain) + +| Chain | Deployer holds there | To public stable (same chain) | Route | Status | +|-------|----------------------|------------------------------|--------|--------| +| **1** | WETH (after CCIP), USDT, USDC, DAI | USDT, USDC, DAI | Native DEX (Uniswap, etc.) | ✅ Standard | +| **651940** | AUSDT, USDC, WETH, WALL | AUSDT, USDC | HYDX / Uniswap (env placeholders) | ✅ DEX present | +| **25** | USDW, EURW, … (D-WIN W) | USDW, EURW, etc. | Same-chain swap / DEX | ✅ If DEX exists | +| **56, 100, 137, 10, 42161, 8453, 43114** | cW* (design only; deployment-status empty) | USDT, USDC | cW*/USDC, cW*/USDT edge pools (pool-matrix) | ❌ Pools not deployed | +| **42220, 1111** | — | USDC, cEUR / USDT, USDC | Acquire then DEX | ✅ Standard (acquire + DEX) | + +--- + +## 4. Summary: deployer → public stablecoin route matrix + +| Source chain | Deployer source token | Destination chain | Destination public stable | Route | Live? | +|--------------|------------------------|-------------------|---------------------------|--------|------| +| 138 | cUSDT | 138 | cUSDC | DODO PMM pool cUSDT/cUSDC | ✅ | +| 138 | cUSDC | 138 | cUSDT | Same pool | ✅ | +| 138 | WETH9 | 1 | USDT, USDC, DAI | CCIP WETH9 → Mainnet → DEX; **requires Mainnet WETH funding of CCIPRelayBridge first** | ✅ | +| 138 | WETH10 | 1 | USDT, USDC, DAI | Same; **CCIPRelayBridge must be funded with Mainnet WETH** | ✅ | +| 138 | WETH9/10 | 56, 137, 10, 42161, 43114, 25, 100, 42220 | WETH → USDT/USDC via DEX | CCIP → dest → DEX | ✅ | +| 138 | Any | 651940 | AUSDT, USDC | AlltraAdapter → 651940 DEX | ✅ | +| 138 | cUSDT, cUSDC | Any | USDT, USDC (any chain) | Swap to WETH on 138 (no c*→WETH pool in docs) + CCIP WETH → dest DEX | ⚠️ Bridge leg ✅; 138 swap leg not documented | +| Dest (1, 651940, 25, …) | Deployer-held token on that chain | Same | Public stable | Native DEX | ✅ | +| Dest (56, 100, 137, …) | cW* | Same | USDT, USDC | cW* edge pools | ❌ Not deployed | + +--- + +## 5. Reverse: public stablecoin → deployer (inbound) + +| From (chain, public stable) | To (deployer on 138) | Route | Status | +|------------------------------|----------------------|--------|--------| +| Mainnet (1) USDT, USDC, DAI | 138 | No direct bridge for stables; WETH via CCIP receiver on 138 | ✅ WETH only | +| 651940 AUSDT, USDC | 138 | AlltraAdapter 651940→138 | ✅ | +| Other chains WETH | 138 | CCIP receiver bridge on 138 → WETH9/WETH10 | ✅ | +| Any chain USDT/USDC | 138 cUSDT/cUSDC | No canonical bridge; would require lock-mint or third-party bridge | ❌ Not in docs | + +--- + +## 6. Related: routes without pre-funded bridge + +For routes where **pre-funding a destination bridge is not required** (same-chain, AlltraAdapter lock-mint, CCIP to chains other than Mainnet with mint-on-receive), see [ROUTES_NO_PREFUNDED_BRIDGE_REQUIRED](ROUTES_NO_PREFUNDED_BRIDGE_REQUIRED.md). + +--- + +## 7. References + +| Document | Use | +|----------|-----| +| [ROUTES_NO_PREFUNDED_BRIDGE_REQUIRED](ROUTES_NO_PREFUNDED_BRIDGE_REQUIRED.md) | Routes that do not require bridge pre-funding | +| [DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS](DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md) | Full routing map, bridges, DODO/Uniswap LPs | +| [EXPLORER_TOKEN_LIST_CROSSCHECK](EXPLORER_TOKEN_LIST_CROSSCHECK.md) | Canonical token addresses (§5), on-chain verification (§8) | +| [CONTRACT_ADDRESSES_REFERENCE](CONTRACT_ADDRESSES_REFERENCE.md) | Deployer, DODOPMMIntegration, CCIP bridges, relay | +| [TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER](TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER.md) | Mintable-to-deployer tokens (138, Cronos); acquire elsewhere | +| [DEPLOYER_WALLET_FUNDING_PLAN_PMM_POOLS](DEPLOYER_WALLET_FUNDING_PLAN_PMM_POOLS.md) | Deployer address, balances, tokens on all networks | +| [LIQUIDITY_POOLS_MASTER_MAP](LIQUIDITY_POOLS_MASTER_MAP.md) | Pool addresses (138, 651940) | +| [MASTER_INDEX](../MASTER_INDEX.md) | Master documentation entry point | diff --git a/docs/11-references/DEPLOYER_WALLET_FUNDING_PLAN_PMM_POOLS.md b/docs/11-references/DEPLOYER_WALLET_FUNDING_PLAN_PMM_POOLS.md index d36300a..3536f64 100644 --- a/docs/11-references/DEPLOYER_WALLET_FUNDING_PLAN_PMM_POOLS.md +++ b/docs/11-references/DEPLOYER_WALLET_FUNDING_PLAN_PMM_POOLS.md @@ -64,7 +64,7 @@ forge script script/dex/AddLiquidityPMMPoolsChain138.s.sol:AddLiquidityPMMPoolsC --rpc-url "$RPC_URL_138" --broadcast --private-key "$PRIVATE_KEY" ``` -See [LIQUIDITY_POOL_CONTROLS_RUNBOOK](../03-deployment/LIQUIDITY_POOL_CONTROLS_RUNBOOK.md) and [NEXT_STEPS_PMM_FULL_PARITY_AND_ALL_POOLS](../03-deployment/NEXT_STEPS_PMM_FULL_PARITY_AND_ALL_POOLS.md). +See [PMM_POOLS_FUNDING_PLAN](../03-deployment/PMM_POOLS_FUNDING_PLAN.md) (step-by-step plan), [LIQUIDITY_POOL_CONTROLS_RUNBOOK](../03-deployment/LIQUIDITY_POOL_CONTROLS_RUNBOOK.md) and [NEXT_STEPS_PMM_FULL_PARITY_AND_ALL_POOLS](../03-deployment/NEXT_STEPS_PMM_FULL_PARITY_AND_ALL_POOLS.md). --- diff --git a/docs/11-references/DEPLOYMENT_DATA_SOURCES_INDEX.md b/docs/11-references/DEPLOYMENT_DATA_SOURCES_INDEX.md new file mode 100644 index 0000000..7f2c85f --- /dev/null +++ b/docs/11-references/DEPLOYMENT_DATA_SOURCES_INDEX.md @@ -0,0 +1,60 @@ +# Deployment Data Sources Index — Dotenv and Config Files + +**Last Updated:** 2026-02-27 +**Purpose:** Index of files that contain or reference smart contract deployment addresses, RPC endpoints, or deployment configuration. + +**Deployer:** `0x4A666F96fC8764181194447A7dFdb7d471b301C8` +**Canonical contract list:** [DEPLOYER_CONTRACTS_INVENTORY_AND_VERIFICATION_STATUS.md](DEPLOYER_CONTRACTS_INVENTORY_AND_VERIFICATION_STATUS.md) | [CONTRACT_ADDRESSES_REFERENCE.md](CONTRACT_ADDRESSES_REFERENCE.md) + +--- + +## 1. Primary dotenv + +| File | Contains addresses? | Notes | +|------|--------------------|--------| +| **smom-dbis-138/.env** | Yes | Canonical for Chain 138: PRIVATE_KEY, RPC_URL_138, cUSDT/cUSDC/…, CCIP, DODO PMM, pools, TRANSACTION_MIRROR, vaults. Do not commit. | +| **.env** (repo root) | Partial | RPC_URL_138, PRIVATE_KEY, ETHEREUM_MAINNET_RPC, CHAIN_651940_RPC_URL, API keys. | + +--- + +## 2. Env examples (address reference) + +| File | Notes | +|------|--------| +| **smom-dbis-138/docs/deployment/ENV_EXAMPLE_CONTENT.md** | Full env var reference: RPC, Chain 138 c*, CCIP per chain, WETH9/WETH10, mainnet bridges, gas. | +| **smom-dbis-138/env.additions.example** | DODO_PMM_*, POOL_CUSDTCUSDC, POOL_CUSDTUSDT, POOL_CUSDCUSDC. | +| **smom-dbis-138/docs/deployment/ENV_CONFIG_READY_CHAINS.example** | CCIP routers/LINK/bridges for Gnosis, Celo, Wemix, Cronos. | +| **smom-dbis-138/terraform/phases/phase1/.env.chain138** | Chain 138 RPC, CCIP, LINK, WETH, bridges. Prefer smom-dbis-138/.env. | +| **smom-dbis-138/terraform/phases/phase1/config/env.chain138.example** | Example 138 env. | +| **smom-dbis-138/terraform/phases/phase1/config/env.mainnet.example** | Example mainnet env. | + +--- + +## 3. Config JSON + +| File | Notes | +|------|--------| +| **config/token-mapping-multichain.json** | 138↔651940 and multichain token mapping; addressFrom/addressTo per pair. | +| **cross-chain-pmm-lps/config/deployment-status.json** | Per-chain cwTokens, anchorAddresses, pmmPools, bridgeAvailable. | +| **ai-mcp-pmm-controller/config/allowlist-138.json** | Chain 138 DODO pool list for MCP. | +| **config/smart-contracts-master.json** | Referenced by load-contract-addresses.sh; may be optional or removed. | +| **config/contract-addresses.conf** | Legacy; sourced by load-contract-addresses.sh. | + +--- + +## 4. Script load order + +- **scripts/lib/load-project-env.sh** — loads root .env, ip-addresses.conf, smom-dbis-138/.env. +- **scripts/lib/load-contract-addresses.sh** — reads config/smart-contracts-master.json and contract-addresses.conf; .env overrides. + +--- + +## 5. Service env (may reference RPC/contracts) + +smom-dbis-138/services/relay/.env, smom-dbis-138/services/transaction-mirroring-service/.env, smom-dbis-138/services/state-anchoring-service/.env, explorer-monorepo/.env, alltra-lifi-settlement/.env, rpc-translator-138/.env. + +--- + +## 6. Docs with contract lists (no env) + +CONTRACT_ADDRESSES_REFERENCE.md, DEPLOYER_CONTRACTS_INVENTORY_AND_VERIFICATION_STATUS.md, ADDRESS_MATRIX_AND_STATUS.md, CHAIN138_TOKEN_ADDRESSES.md, DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md. diff --git a/docs/11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md b/docs/11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md new file mode 100644 index 0000000..e6edae6 --- /dev/null +++ b/docs/11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md @@ -0,0 +1,201 @@ +# Explorer Token List Cross-Check + +**Last Updated:** 2026-03-04 +**Purpose:** Cross-check the token list shown at [https://explorer.d-bis.org/tokens](https://explorer.d-bis.org/tokens) against repo token lists, canonical addresses, and CONTRACT_ADDRESSES_REFERENCE. + +--- + +## 1. Where the Explorer Gets Its Token List + +| Source | Used for | API / file | +|--------|----------|------------| +| **Blockscout API** | The **Tokens** tab on the Explorer (`/tokens`) | `GET https://explorer.d-bis.org/api/v2/tokens?page=1&page_size=100` | +| **Embedded token list (MetaMask)** | Wallet “token list” URL for Chain 138 / multi-chain | Explorer backend `GET /api/config/token-list` → `explorer-monorepo/backend/config/metamask/DUAL_CHAIN_TOKEN_LIST.tokenlist.json` | + +The **Tokens** page content is **not** from the repo’s static token list files. It is **live from Blockscout**: whatever Blockscout has indexed on-chain (ERC-20 contracts) for Chain 138. + +--- + +## 2. Blockscout Token List (Live as of 2026-02-27) + +Fetched from `https://explorer.d-bis.org/api/v2/tokens?page=1&page_size=100`: + +| Address | Symbol | Name | Decimals | Match to repo canonical? | +|---------|--------|------|----------|---------------------------| +| `0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2` | *(null)* | *(null)* | 0 | ✅ WETH9 — **metadata missing** (name/symbol/decimals not set in response; on-chain may differ) | +| `0xb7721dD53A8c629d9f1Ba31a5819AFe250002b03` | LINK | Chainlink Token | 18 | ✅ Canonical LINK | +| `0x93E66202A11B1772E55407B32B44e5Cd8eda7f22` | cUSDT | Tether USD (Compliant) | 6 | ✅ Canonical cUSDT | +| `0xf22258f57794CC8E06237084b353Ab30fFfa640b` | cUSDC | USD Coin (Compliant) | 6 | ✅ Canonical cUSDC | +| `0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9F` | WETH10 | Wrapped Ether v10 | 18 | ✅ Canonical WETH10 | +| `0x8085961F9cF02b4d800A3c6d386D31da4B34266a` | cEURC | Euro Coin (Compliant) | 6 | ✅ Canonical cEURC | +| `0xdf4b71c61E5912712C1Bdd451416B9aC26949d72` | cEURT | Tether EUR (Compliant) | 6 | ✅ Canonical cEURT | +| `0x003960f16D9d34F2e98d62723B6721Fb92074aD2` | cGBPC | Pound Sterling (Compliant) | 6 | ✅ Canonical cGBPC | +| `0x350f54e4D23795f86A9c03988c7135357CCaD97c` | cGBPT | Tether GBP (Compliant) | 6 | ✅ Canonical cGBPT | +| `0xD51482e567c03899eecE3CAe8a058161FD56069D` | cAUDC | Australian Dollar (Compliant) | 6 | ✅ Canonical cAUDC | +| `0xEe269e1226a334182aace90056EE4ee5Cc8A6770` | cJPYC | Japanese Yen (Compliant) | 6 | ✅ Canonical cJPYC | +| `0x873990849DDa5117d7C644f0aF24370797C03885` | cCHFC | Swiss Franc (Compliant) | 6 | ✅ Canonical cCHFC | +| `0x54dBd40cF05e15906A2C21f600937e96787f5679` | cCADC | Canadian Dollar (Compliant) | 6 | ✅ Canonical cCADC | +| `0x290E52a8819A4fbD0714E517225429aA2B70EC6b` | cXAUC | Gold (Compliant) | 6 | ✅ Canonical cXAUC | +| `0x94e408E26c6FD8F4ee00b54dF19082FDA07dC96E` | cXAUT | Tether XAU (Compliant) | 6 | ✅ Canonical cXAUT | + +**Additional contracts returned by Blockscout (same symbol, different addresses):** + +| Address | Symbol | Note | +|---------|--------|------| +| `0x362E9a45Ef6e554760f9671938235Cbc9b6E80Ed` | LINK | Non-canonical; likely test/deploy clone | +| `0xC158b6cD3A3088C52F797D41f5Aa02825361629e` | LINK | Non-canonical; likely test/deploy clone | +| `0x36927A5D9896CD6323cfEca1060A9aE932b05B05` | cUSDT | Non-canonical | +| `0xFe6023265F3893C4cc98CE5Fe7ACBd79DB9cbB2D` | cUSDT | Non-canonical | +| `0x044032f30393c60138445061c941e2FB15fb0af2` | cUSDC | Non-canonical | +| `0x98E6aF252C55020d99A32F46B541d9A95987Cd0e` | cUSDC | Non-canonical | + +These extra addresses are on-chain ERC-20 contracts that Blockscout indexes; they are **not** in the repo’s canonical token list and may be legacy/test deployments. + +### 2.1 WETH9 metadata quirk (confirmed live 2026-03) + +The Explorer’s Blockscout endpoint returns **WETH9 at `0xC02a…` with `name=null`, `symbol=null`, `decimals="0"`**, while other tokens (cUSDT, cUSDC, WETH10) return correct metadata. The **address is correct by design**: Chain 138’s WETH9 is deployed at the same canonical Ethereum mainnet address (genesis/pre-deploy). The only issue is **Blockscout’s metadata extraction** for that contract. + +**Minimal diff for WETH9:** + +| Address | Field | Blockscout `/api/v2/tokens` | Expected (tokenlist / override) | +| ------------- | ---------- | --------------------------- | ------------------------------- | +| `0xC02a…6Cc2` | `name` | `null` | "Wrapped Ether" | +| `0xC02a…6Cc2` | `symbol` | `null` | "WETH" | +| `0xC02a…6Cc2` | `decimals` | `"0"` | `18` | + +**Root cause (likely):** Either (1) the contract at `0xC02a…` on 138 does not expose `name()`/`symbol()`/`decimals()` in the way Blockscout expects (or proxy/etch/genesis quirks), or (2) Blockscout’s token metadata indexer failed to decode that address and cached null/0. + +**Actionable fixes (practical order):** + +1. **Confirm WETH9 on-chain** — Call `name()`, `symbol()`, `decimals()` against Chain 138 RPC for `0xC02a…`. If any revert or return empty → fix deployment/etching or add a metadata wrapper. +2. **Fix Blockscout** — Force re-index/rescan token metadata for that address (Blockscout admin/indexer), or add a token metadata override for `0xC02a…` if supported. +3. **Keep Explorer UI override** — The Explorer SPA already patches WETH9 via `knownTokens` in `explorer-spa.js`; keep as stopgap until Blockscout returns correct metadata. + +To regenerate a full diff (missing_in_blockscout, missing_in_tokenlist, metadata_mismatches), run: +`node token-lists/scripts/diff-blockscout-vs-tokenlist.js [--url URL] [--file path/to/blockscout-tokens.json]` +and use `dbis-138.tokenlist.json` as the curated source. See §9. + +--- + +## 3. Repo Token Lists vs Explorer (Blockscout) + +### 3.1 `token-lists/lists/dbis-138.tokenlist.json` (Chain 138 only) + +| In dbis-138.tokenlist.json | In Blockscout /v2/tokens? | Note | +|----------------------------|---------------------------|------| +| ETH-USD (0x3304… — Oracle) | No (not an ERC-20 supply token) | Expected; Oracle is a contract, not a supply token in Blockscout list | +| WETH (0xC02aa…) | Yes (name/symbol null, decimals 0) | **Explorer:** WETH9 metadata incomplete in API response | +| WETH10 (0xf4BB2e…) | Yes | Match | +| LINK (0xb7721d…) | Yes | Match | +| cUSDT (0x93E6…) | Yes | Match | +| cUSDC (0xf22258…) | Yes | Match | +| cEURC (0x808596…) | Yes | Match | + +**Missing from dbis-138.tokenlist.json but present on Explorer (Blockscout):** +cEURT, cGBPC, cGBPT, cAUDC, cJPYC, cCHFC, cCADC, cXAUC, cXAUT. +So the **curated token list is missing 9 compliant tokens** that exist on-chain and appear on the Explorer. + +### 3.2 `explorer-monorepo/backend/config/metamask/DUAL_CHAIN_TOKEN_LIST.tokenlist.json` + +Chain 138 entries: same 7 as dbis-138 (ETH-USD, WETH, WETH10, LINK, cUSDT, cUSDC, cEURC). So **same gap**: the 9 additional compliant tokens (cEURT, cGBP*, cAUDC, cJPYC, cCHFC, cCADC, cXAUC, cXAUT) are **not** in the MetaMask token list. + +### 3.3 `ADDRESS_MATRIX_AND_STATUS.md` / `CONTRACT_ADDRESSES_REFERENCE.md` + +All **canonical** Chain 138 token addresses (WETH, WETH10, LINK, cUSDT, cUSDC, cEURC, cEURT, cGBPC, cGBPT, cAUDC, cJPYC, cCHFC, cCADC, cXAUC, cXAUT) match the Blockscout “canonical” set above. The matrix marks cEURT as “not deployed” but Blockscout shows it at `0xdf4b71…` — **update doc:** cEURT is deployed. + +--- + +## 4. Summary of Gaps and Actions + +| Item | Status | Recommendation | +|------|--------|----------------| +| **Explorer token list source** | Confirmed: Blockscout `GET /api/v2/tokens` | No change; document only. | +| **WETH9 on Blockscout** | First token has `decimals: "0"`, `name`/`symbol`: null | Verify WETH9 contract metadata on-chain; fix in contract or in Blockscout indexing if needed. | +| **dbis-138.tokenlist.json** | Done (2026-02-28) | Added cEURT, cGBPC, cGBPT, cAUDC, cJPYC, cCHFC, cCADC, cXAUC, cXAUT. | +| **DUAL_CHAIN_TOKEN_LIST (MetaMask)** | Done (2026-02-28) | Added same 9 tokens to backend and api/rest copies. | +| **ADDRESS_MATRIX / docs** | Done | cEURT and all 16 tokens in §1.1; TransactionMirror 0x7131…; summary updated. | +| **Extra LINK/cUSDT/cUSDC on Blockscout** | 6 additional contracts | Non-canonical; use §5 canonical addresses only. | + +--- + +## 5. Reference: Canonical Chain 138 Token Addresses (Single Source) + +Use this table to align token lists and docs with the Explorer (Blockscout) and `canonical-tokens.ts`: + +| Symbol | Address | Decimals | +|--------|---------|----------| +| WETH (WETH9) | `0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2` | 18 | +| WETH10 | `0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9f` | 18 | +| LINK | `0xb7721dD53A8c629d9f1Ba31a5819AFe250002b03` | 18 | +| cUSDT | `0x93E66202A11B1772E55407B32B44e5Cd8eda7f22` | 6 | +| cUSDC | `0xf22258f57794CC8E06237084b353Ab30fFfa640b` | 6 | +| cEURC | `0x8085961F9cF02b4d800A3c6d386D31da4B34266a` | 6 | +| cEURT | `0xdf4b71c61E5912712C1Bdd451416B9aC26949d72` | 6 | +| cGBPC | `0x003960f16D9d34F2e98d62723B6721Fb92074aD2` | 6 | +| cGBPT | `0x350f54e4D23795f86A9c03988c7135357CCaD97c` | 6 | +| cAUDC | `0xD51482e567c03899eecE3CAe8a058161FD56069D` | 6 | +| cJPYC | `0xEe269e1226a334182aace90056EE4ee5Cc8A6770` | 6 | +| cCHFC | `0x873990849DDa5117d7C644f0aF24370797C03885` | 6 | +| cCADC | `0x54dBd40cF05e15906A2C21f600937e96787f5679` | 6 | +| cXAUC | `0x290E52a8819A4fbD0714E517225429aA2B70EC6b` | 6 | +| cXAUT | `0x94e408E26c6FD8F4ee00b54dF19082FDA07dC96E` | 6 | + +--- + +## 6. Related Files + +| File | Role | +|------|------| +| `explorer-monorepo/frontend/public/explorer-spa.js` | Calls `BLOCKSCOUT_API + '/v2/tokens?page=1&page_size=100'` for the Tokens view | +| `explorer-monorepo/backend/api/rest/config.go` | Serves embedded `DUAL_CHAIN_TOKEN_LIST.tokenlist.json` at `/api/config/token-list` | +| `explorer-monorepo/backend/config/metamask/DUAL_CHAIN_TOKEN_LIST.tokenlist.json` | Multi-chain token list (138, 1, 651940, 25) for MetaMask | +| `token-lists/lists/dbis-138.tokenlist.json` | Chain 138 curated token list (Uniswap-style) | +| `smom-dbis-138/services/token-aggregation/src/config/canonical-tokens.ts` | Canonical addresses and env overrides for indexing/reporting | +| `docs/11-references/ADDRESS_MATRIX_AND_STATUS.md` | Correlated address matrix; §1.1 includes all 16 tokens; TransactionMirror and summary updated | + +--- + +## 7. Pool / allowlist cross-check (Chain 138) + +| Source | cUSDT/cUSDC pool | cUSDT/USDT pool | cUSDC/USDC pool | +|--------|------------------|-----------------|----------------| +| **ai-mcp-pmm-controller/config/allowlist-138.json** | `0x9fcB06Aa1FD5215DC0E91Fd098aeff4B62fEa5C8` | `0xa3Ee6091696B28e5497b6F491fA1e99047250c59` | `0x90bd9Bf18Daa26Af3e814ea224032d015db58Ea5` | +| **LIQUIDITY_POOLS_MASTER_MAP.md** | Same | Same | Same | +| **DEPLOYER_CONTRACTS_INVENTORY / ADDRESS_MATRIX** | Same | Same | Same | + +**Result:** Pool addresses are consistent across allowlist, docs, and deployer inventory. `cross-chain-pmm-lps/config/deployment-status.json` does not list Chain 138 pools (it tracks cW* edge pools on other chains); Chain 138 PMM state is in allowlist and docs. + +--- + +## 8. On-chain verification: DODOPMMIntegration token addresses (2026-03-04) + +**Purpose:** Confirm the deployed PMM integration uses the same cUSDT/cUSDC as Explorer canonical and mint/add-liquidity scripts. + +| Check | Result | +|-------|--------| +| **Contract** | DODOPMMIntegration at `0x79cdbaFBaA0FdF9F55D26F360F54cddE5c743F7D` (Chain 138) | +| **Method** | `eth_call` to `compliantUSDT()` and `compliantUSDC()` (RPC: `http://192.168.11.211:8545`) | +| **compliantUSDT()** | `0x93e66202a11b1772e55407b32b44e5cd8eda7f22` — matches §5 canonical cUSDT | +| **compliantUSDC()** | `0xf22258f57794cc8e06237084b353ab30fffa640b` — matches §5 canonical cUSDC | + +**Result:** Explorer canonical tokens, `mint-for-liquidity.sh` (and `.env`), and the deployed DODOPMMIntegration are aligned. Mint and add-liquidity use the correct contracts. Use §5 canonical addresses only; avoid non-canonical Blockscout addresses (§2). + +--- + +## 9. Full diff script (Blockscout vs token list) + +To regenerate **missing_in_blockscout**, **missing_in_tokenlist**, and **metadata_mismatches** (and source-of-truth recommendations), run: + +```bash +# From repo root (or token-lists/) +node token-lists/scripts/diff-blockscout-vs-tokenlist.js +``` + +Optional: + +- **`--url URL`** — Blockscout tokens API base URL (default: `https://explorer.d-bis.org/api/v2/tokens`). The script paginates until `next_page_params` is null. +- **`--file path/to/blockscout-tokens.json`** — Use a saved snapshot instead of live fetch (e.g. when the Explorer is unreachable from the current host). + +Curated list used for comparison: **`token-lists/lists/dbis-138.tokenlist.json`** (Chain 138 only). ETH-USD (oracle) is expected to appear in `missing_in_blockscout` with note *Oracle; not ERC-20 supply token*. + +Output is JSON with: `missing_in_blockscout`, `missing_in_tokenlist`, `metadata_mismatches`, and `source_of_truth` (recommended source per field: address, symbol, name, decimals, logo). diff --git a/docs/11-references/HARDWARE_INVENTORY_MASTER.md b/docs/11-references/HARDWARE_INVENTORY_MASTER.md new file mode 100644 index 0000000..23e9a4e --- /dev/null +++ b/docs/11-references/HARDWARE_INVENTORY_MASTER.md @@ -0,0 +1,60 @@ +# Hardware inventory — master reference + +**Last updated:** 2026-03-03 +**Purpose:** Single source of truth for total server, workstation, switching, and gateway hardware. + +--- + +## Servers + +| Type | Count | Model / notes | Role | +|------|-------|----------------|------| +| **Dell PowerEdge R630** | **13** | 2-socket, ECC, 2.5" bays | Proxmox cluster nodes (r630-01 … r630-13); IP plan 192.168.11.11–23. Currently 2 active (r630-01, r630-02); r630-03/04 documented powered off. See [R630_13_NODE_DOD_HA_MASTER_PLAN.md](../02-architecture/R630_13_NODE_DOD_HA_MASTER_PLAN.md). | +| **Dell PowerEdge R750** | **3** | 2U, 2-socket, NVMe/SSD, GPU-capable | **GPU/AI tier** — assign IPs 192.168.11.24–.26; 2–4 PCIe GPUs per node (e.g. A6000, L40S) for ML/inference. *Alternative:* [2× XE9680](XE9680_VS_R750_DECISION.md) (16× A100 80GB) for heavy AI/training instead of 3× R750. | + +**R630 IP plan (13 nodes):** 192.168.11.11 – 192.168.11.23 (r630-01 … r630-13). +**R750 IP suggestion:** 192.168.11.24 – 192.168.11.26 (r750-01, r750-02, r750-03). Document in `config/ip-addresses.conf` as nodes are brought online. + +--- + +## Workstations + +| Type | Count | Model / notes | Role | +|------|-------|----------------|------| +| **Dell Precision 7920** | **2** | Tower workstation, multi-GPU capable | Admin, dev, or build workstations; assign IPs in 192.168.11.x (e.g. .30–.31); connect to management LAN and/or 10G if NICs support. | + +**7920 IP suggestion:** 192.168.11.30 – 192.168.11.31 (workstation-01, workstation-02). + +--- + +## Gateways / firewalls / WAN aggregation + +| Type | Count | Model / notes | Role | +|------|-------|----------------|------| +| **ML110 Gen9** | 1 | Dell PowerEdge ML110 Gen9, 8–12 GbE | **OPNsense/pfSense WAN aggregator** — between 6–10 Spectrum cable modems (WAN) and redundant UDM Pro gateways (LAN). Multi-WAN load balance/failover. See [ML110_OPNSENSE_PFSENSE_WAN_AGGREGATOR.md](ML110_OPNSENSE_PFSENSE_WAN_AGGREGATOR.md). *Prerequisite:* Migrate all Proxmox workloads off ML110 before repurpose. | +| **UniFi Dream Machine Pro (UDM Pro)** | **2** | UniFi UDM Pro | Primary: 192.168.11.1; second: 192.168.11.2 (HA/failover). WAN uplink from ML110 OPNsense/pfSense. Port forward 76.53.10.36 → NPMplus, etc. | + +--- + +## Switching + +| Type | Count | Model | Notes | +|------|-------|------|--------| +| **UniFi XG 10G 16-port** | **2** | UniFi Switch XG (10GbE, 16 ports) | 10 Gbps backbone for Proxmox inter-node and Ceph storage; dual-attach for HA. See [13_NODE_NETWORK_AND_CABLING_CHECKLIST.md](13_NODE_NETWORK_AND_CABLING_CHECKLIST.md). | + +**Use for 13-node cluster:** + +- **Ceph cluster network:** Dedicated VLAN or subnet across the 10G switches; connect all 13 R630s (and R750s if in Ceph) for backend traffic. +- **Management (1G):** UDM Pro(s) and existing 1G LAN; workstations and management IPs on same subnet or VLAN. +- **Redundancy:** Two XG switches allow dual-attach per node (one link per switch or LACP). + +--- + +## References + +- **13-node architecture:** [02-architecture/R630_13_NODE_DOD_HA_MASTER_PLAN.md](../02-architecture/R630_13_NODE_DOD_HA_MASTER_PLAN.md) +- **Network + cabling checklist:** [13_NODE_NETWORK_AND_CABLING_CHECKLIST.md](13_NODE_NETWORK_AND_CABLING_CHECKLIST.md) +- **Bring-online checklist:** [13_NODE_AND_ASSETS_BRING_ONLINE_CHECKLIST.md](13_NODE_AND_ASSETS_BRING_ONLINE_CHECKLIST.md) +- **Network master:** [NETWORK_CONFIGURATION_MASTER.md](NETWORK_CONFIGURATION_MASTER.md) +- **ML110 → OPNsense/pfSense:** [ML110_OPNSENSE_PFSENSE_WAN_AGGREGATOR.md](ML110_OPNSENSE_PFSENSE_WAN_AGGREGATOR.md) +- **r630-03/04 power-on and fixes:** [reports/R630_03_04_POWER_ON_ISSUES_AND_FIXES.md](../../reports/R630_03_04_POWER_ON_ISSUES_AND_FIXES.md) diff --git a/docs/11-references/LIQUIDITY_POOLS_MASTER_MAP.md b/docs/11-references/LIQUIDITY_POOLS_MASTER_MAP.md index 00590aa..4ba085c 100644 --- a/docs/11-references/LIQUIDITY_POOLS_MASTER_MAP.md +++ b/docs/11-references/LIQUIDITY_POOLS_MASTER_MAP.md @@ -65,11 +65,11 @@ This document maps all **private**, **public**, **reserve**, and **stabilization | cUSDC / USDC (official) | Public | DODO PMM | ✅ **Created** | Pool: `0x90bd9Bf18Daa26Af3e814ea224032d015db58Ea5`; script: `CreateCUSDCUSDCPool.s.sol` | | cUSDT / XAU | Public | DODO PMM | ❌ **Not deployed** | Requires XAU token (not on chain) | | cUSDC / XAU | Public | DODO PMM | ❌ **Not deployed** | Requires XAU token | -| cEURT / XAU | Public | DODO PMM | ❌ **Not deployed** | Requires cEURT + XAU (neither deployed) | +| cEURT / XAU | Public | DODO PMM | ❌ **Not deployed** | Requires XAU (not on chain); cEURT deployed | **Purpose:** User routing, price discovery, flash loan access. **Not** primary stabilization. -**Contracts:** `DODOPMMIntegration.sol` at `0x79cdbaFBaA0FdF9F55D26F360F54cddE5c743F7D` (Mock DVM); all three pools created. **DODOPMMProvider** deployed at `0x8EF6657D2a86c569F6ffc337EE6b4260Bd2e59d0`; pools registered via `RegisterDODOPools.s.sol`. **Add liquidity:** [ADD_LIQUIDITY_PMM_CHAIN138_RUNBOOK.md](../03-deployment/ADD_LIQUIDITY_PMM_CHAIN138_RUNBOOK.md). **Pre-deployment steps:** [PRE_DEPLOYMENT_CHECKLIST.md](../03-deployment/PRE_DEPLOYMENT_CHECKLIST.md). +**Contracts:** `DODOPMMIntegration.sol` at `0x79cdbaFBaA0FdF9F55D26F360F54cddE5c743F7D` (Mock DVM); all three pools created. **DODOPMMProvider** deployed at `0x8EF6657D2a86c569F6ffc337EE6b4260Bd2e59d0`; pools registered via `RegisterDODOPools.s.sol`. **Full mesh:** [PMM_FULL_MESH_AND_PUBLIC_SINGLE_SIDED_PLAN.md](../03-deployment/PMM_FULL_MESH_AND_PUBLIC_SINGLE_SIDED_PLAN.md) and `create-pmm-full-mesh-chain138.sh` (all c* vs c* + optional c* vs official). **Add liquidity:** [ADD_LIQUIDITY_PMM_CHAIN138_RUNBOOK.md](../03-deployment/ADD_LIQUIDITY_PMM_CHAIN138_RUNBOOK.md). **Pre-deployment steps:** [PRE_DEPLOYMENT_CHECKLIST.md](../03-deployment/PRE_DEPLOYMENT_CHECKLIST.md). **Config:** `CHAIN_138_DODO_PMM_INTEGRATION` set in .env; `CHAIN_138_DODO_POOL_MANAGER`, `CHAIN_138_DODO_VENDING_MACHINE` (optional). **Source:** [VAULT_SYSTEM_MASTER_TECHNICAL_PLAN.md](../VAULT_SYSTEM_MASTER_TECHNICAL_PLAN.md) §4, [DODO_PMM_INTEGRATION.md](../../smom-dbis-138/docs/integration/DODO_PMM_INTEGRATION.md) @@ -204,6 +204,7 @@ From [VAULT_SYSTEM_MASTER_TECHNICAL_PLAN.md](../VAULT_SYSTEM_MASTER_TECHNICAL_PL | Document | Purpose | |----------|---------| +| [DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md](DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md) | **Status + full route map:** deployed tokens/coins and bridges per network, DODO/Uniswap LPs, routing to and from all chains. | | [POOLS_AND_NETWORKS_FULL_DESIGN.md](POOLS_AND_NETWORKS_FULL_DESIGN.md) | **Full design:** every pool and network (61 pools, 6 networks). | | [POOL_ACCESS_DASHBOARD_API_MCP.md](POOL_ACCESS_DASHBOARD_API_MCP.md) | Whether pools are accessible via standard DODO dashboard, API, and MCP. | | [GAPS_FILLED_2026-02-27.md](GAPS_FILLED_2026-02-27.md) | Summary of gaps filled (API cW* chains, MCP mock_dvm, pool-matrix 11 chains, docs). | diff --git a/docs/11-references/MINT_C_AND_CW_ON_ALL_NETWORKS.md b/docs/11-references/MINT_C_AND_CW_ON_ALL_NETWORKS.md new file mode 100644 index 0000000..887cc15 --- /dev/null +++ b/docs/11-references/MINT_C_AND_CW_ON_ALL_NETWORKS.md @@ -0,0 +1,103 @@ +# Minting c* and cW* on Chain 138 and Other Networks + +**Purpose:** How to mint compliant tokens (c*) and compliant wrapped tokens (cW*) to the deployer on Chain 138 and on other networks where they are deployed. + +**Deployer:** `0x4A666F96fC8764181194447A7dFdb7d471b301C8` + +--- + +## Summary + +| Token type | Chain 138 | Other networks (1, 25, 56, 137, 100, 10, 42161, 8453, 43114) | +|------------|-----------|---------------------------------------------------------------| +| **c*** (cUSDT, cUSDC, cEURC, …) | Deployer is **owner** → can mint | Deploy first with `DeployCompliantFiatTokensForChain.s.sol` (owner = deployer), then mint same as 138 | +| **cW*** (cWUSDT, cWUSDC, …) | Not deployed on 138 (cW* are on destination chains only) | Deployer is **admin** and has **MINTER_ROLE** → can mint on any chain where cW* are deployed | + +--- + +## 1. c* on Chain 138 + +All 12 c* are already deployed; deployer is owner. Mint with cast or scripts. + +**Script (cUSDT/cUSDC only):** `smom-dbis-138/scripts/mint-for-liquidity.sh` +**Script (all 12 c*):** `smom-dbis-138/scripts/mint-all-c-star-138.sh [amount_human]` — mints cUSDT, cUSDC, cEURC, cEURT, cGBPC, cGBPT, cAUDC, cJPYC, cCHFC, cCADC, cXAUC, cXAUT to deployer (default 1M each). + +**Cast (per token):** +```bash +cd smom-dbis-138 && source .env +DEPLOYER=0x4A666F96fC8764181194447A7dFdb7d471b301C8 +# 1M tokens = 1000000000000 base units (6 decimals) +cast send "mint(address,uint256)" "$DEPLOYER" 1000000000000 \ + --rpc-url "$RPC_URL_138" --private-key "$PRIVATE_KEY" --legacy --gas-limit 100000 +``` + +Addresses: see [TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER.md](TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER.md) §1.1. + +--- + +## 2. c* on other networks + +### Step 1: Deploy c* to the target chain (if not already deployed) + +From `smom-dbis-138/`: + +```bash +source .env +# Example: Polygon (137). Set RPC and chain-id for the target chain. +export RPC_URL="$POLYGON_MAINNET_RPC" # or BSC_RPC_URL, etc. +# Deploy cUSDT + cUSDC (default). Add DEPLOY_CEURC=1 etc. for more. +forge script script/deploy/DeployCompliantFiatTokensForChain.s.sol:DeployCompliantFiatTokensForChain \ + --rpc-url "$RPC_URL" --broadcast --private-key "$PRIVATE_KEY" --chain-id 137 + +# Optional: deploy all 12 c* (set env flags) +DEPLOY_CEURC=1 DEPLOY_CEURT=1 DEPLOY_CGBPC=1 DEPLOY_CGBPT=1 \ +DEPLOY_CAUDC=1 DEPLOY_CJPYC=1 DEPLOY_CCHFC=1 DEPLOY_CCADC=1 \ +DEPLOY_CXAUC=1 DEPLOY_CXAUT=1 \ +forge script script/deploy/DeployCompliantFiatTokensForChain.s.sol:DeployCompliantFiatTokensForChain \ + --rpc-url "$RPC_URL" --broadcast --private-key "$PRIVATE_KEY" --chain-id 137 +``` + +Then set in `.env`: `CUSDT_137=`, `CUSDC_137=`, etc. + +### Step 2: Mint c* on that chain + +Same as 138: deployer is owner. Use cast with the chain’s RPC and token address: + +```bash +RPC="$POLYGON_MAINNET_RPC" +CUSDT_POLY="0x..." # from deploy output or .env CUSDT_137 +cast send "$CUSDT_POLY" "mint(address,uint256)" "$DEPLOYER" 1000000000000 \ + --rpc-url "$RPC" --private-key "$PRIVATE_KEY" --legacy --gas-limit 100000 +``` + +Use the same cast pattern with that chain's RPC and token addresses from .env (e.g. `CUSDT_POLYGON`, `CUSDC_POLYGON` for Polygon). + +--- + +## 3. cW* on other networks + +cW* are **CompliantWrappedToken**; the deploy script grants **MINTER_ROLE** to both the **bridge** and the **admin (deployer)**. So the deployer can mint cW* on any chain where cW* were deployed by this repo. + +**Per token, per chain (cast):** +```bash +cd smom-dbis-138 && source .env +# Example: mint 1M cWUSDT on Polygon (137) +CWUSDT_ADDR="$CWUSDT_137" # from .env after DeployCWTokens +RPC="$POLYGON_MAINNET_RPC" +DEPLOYER=0x4A666F96fC8764181194447A7dFdb7d471b301C8 +cast send "$CWUSDT_ADDR" "mint(address,uint256)" "$DEPLOYER" 1000000000000 \ + --rpc-url "$RPC" --private-key "$PRIVATE_KEY" --legacy --gas-limit 100000 +``` + +**Env vars for addresses (examples):** `CWUSDT_137`, `CWUSDC_137`, `CWUSDT_1`, `CWUSDC_1`, … (see [CW_TOKENS_AND_NETWORKS.md](CW_TOKENS_AND_NETWORKS.md) and `token-mapping-multichain.json`). + +Use `smom-dbis-138/scripts/mint-cw-on-chain.sh [amount]` to mint all cW* on a chain (e.g. `./scripts/mint-cw-on-chain.sh Polygon`). Requires `CWUSDT_`, `CWUSDC_`, etc. and chain RPC in .env. + +--- + +## 4. Reference: token addresses by chain + +- **Chain 138 c*:** [TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER.md](TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER.md) §1.1 +- **cW* and networks:** [CW_TOKENS_AND_NETWORKS.md](CW_TOKENS_AND_NETWORKS.md), `config/token-mapping-multichain.json` +- **Deploy c* on a chain:** `DeployCompliantFiatTokensForChain.s.sol` +- **Deploy cW* on a chain:** `DeployCWTokens.s.sol` (set `CW_BRIDGE_ADDRESS`) diff --git a/docs/11-references/ML110_OPNSENSE_PFSENSE_WAN_AGGREGATOR.md b/docs/11-references/ML110_OPNSENSE_PFSENSE_WAN_AGGREGATOR.md new file mode 100644 index 0000000..14223eb --- /dev/null +++ b/docs/11-references/ML110_OPNSENSE_PFSENSE_WAN_AGGREGATOR.md @@ -0,0 +1,76 @@ +# ML110 Gen9 → OPNsense/pfSense WAN aggregator + +**Last updated:** 2026-03-03 +**Purpose:** Repurpose the Dell ML110 Gen9 from a Proxmox host to a **firewall/WAN aggregator** running OPNsense or pfSense, with 8–12 GbE ports, sitting between 6–10 Spectrum cable modems and the redundant UDM Pro gateways. + +**Related:** [HARDWARE_INVENTORY_MASTER.md](HARDWARE_INVENTORY_MASTER.md) | [NETWORK_CONFIGURATION_MASTER.md](NETWORK_CONFIGURATION_MASTER.md) + +--- + +## Role + +| Aspect | Description | +|--------|-------------| +| **Hardware** | Dell PowerEdge ML110 Gen9 (repurposed from Proxmox) | +| **Software** | OPNsense or pfSense (firewall / router OS) | +| **Ports** | **8–12 Gigabit Ethernet** (onboard + add-in NICs as needed) | +| **Position** | **Between** 6–10 Spectrum cable modems (WAN) and the 2× UDM Pro gateways (LAN) | +| **Function** | Multi-WAN aggregation, load balancing or failover across modems; single or redundant uplink to UDM Pros; optional firewall/DPI before traffic reaches UniFi | + +--- + +## Topology + +``` + [6–10 × Spectrum cable modems] + │ + │ WAN (GbE) — 6–10 ports on ML110 + ▼ + ┌─────────────────────────────────────────┐ + │ ML110 Gen9 │ + │ OPNsense or pfSense │ + │ 8–12 GbE: 6–10 WAN, 1–2 LAN to UDM Pro │ + └─────────────────────────────────────────┘ + │ + │ LAN (1–2 GbE) — to UDM Pro WAN ports + ▼ + ┌────────────────────┬────────────────────┐ + │ UDM Pro #1 │ UDM Pro #2 │ + │ 192.168.11.1 │ 192.168.11.2 │ + │ (primary gateway) │ (HA / standby) │ + └────────────────────┴────────────────────┘ + │ + ▼ + 192.168.11.0/24 — LAN (Proxmox, LXC, workstations, etc.) +``` + +- **WAN side:** 6–10 GbE ports to Spectrum modems (multi-WAN in OPNsense/pfSense). +- **LAN side:** 1–2 GbE ports to UDM Pro(s); UDM Pros receive WAN from ML110 (or from ML110’s aggregated/failover uplink). +- **IP:** ML110’s LAN-facing interface can use a dedicated subnet (e.g. 192.168.10.0/24) between ML110 and UDM Pros, or a chosen IP (e.g. 192.168.11.10) if it’s on the same segment; document chosen scheme in [NETWORK_CONFIGURATION_MASTER.md](NETWORK_CONFIGURATION_MASTER.md). + +--- + +## Prerequisites (before repurpose) + +1. **Migrate all workloads off ML110:** ML110 is currently a Proxmox node (192.168.11.10) with containers/VMs (e.g. Besu validators, CCIP monitor, others). Move them to r630-01, r630-02, or other R630s **before** converting ML110 to OPNsense/pfSense. See [PROXMOX_LOAD_BALANCING_RUNBOOK.md](../04-configuration/PROXMOX_LOAD_BALANCING_RUNBOOK.md) and cluster migration/backup-restore. +2. **Remove ML110 from Proxmox cluster:** After migration, remove the node from the cluster (or reinstall the OS for a clean OPNsense/pfSense install). Cluster will then be 2 nodes (r630-01, r630-02) until r630-03 (and others) are joined. +3. **NIC count:** Ensure ML110 has **8–12 GbE** (onboard + PCIe NICs). Add Intel/Broadcom multi-port GbE cards if needed. + +--- + +## Implementation notes + +- **OS install:** Fresh install of OPNsense or pfSense on ML110 (replace Proxmox); no dual-boot required. +- **Multi-WAN:** Configure 6–10 WAN interfaces; use gateway groups for failover or load balancing. +- **LAN to UDM Pro:** Connect 1–2 LAN ports to UDM Pro WAN ports; configure UDM Pros to use ML110 as upstream (DHCP or static from ML110). +- **Redundant UDM Pro:** Both UDM Pros can receive WAN from the same ML110 (different ports or VLANs), or use ML110 HA/carp if you add a second firewall later. +- **Documentation:** After cutover, update [NETWORK_CONFIGURATION_MASTER.md](NETWORK_CONFIGURATION_MASTER.md) so 192.168.11.10 (if retained) or the new management IP is the OPNsense/pfSense appliance, not Proxmox. + +--- + +## References + +- [HARDWARE_INVENTORY_MASTER.md](HARDWARE_INVENTORY_MASTER.md) — ML110 listed as WAN aggregator (OPNsense/pfSense). +- [NETWORK_CONFIGURATION_MASTER.md](NETWORK_CONFIGURATION_MASTER.md) — Gateway and Proxmox host table (ml110 no longer Proxmox). +- [13_NODE_NETWORK_AND_CABLING_CHECKLIST.md](13_NODE_NETWORK_AND_CABLING_CHECKLIST.md) — Topology with ML110 between modems and UDM Pros. +- [PROXMOX_LOAD_BALANCING_RUNBOOK.md](../04-configuration/PROXMOX_LOAD_BALANCING_RUNBOOK.md) — Migrate workloads off ml110 before repurpose. diff --git a/docs/11-references/NETWORK_CONFIGURATION_MASTER.md b/docs/11-references/NETWORK_CONFIGURATION_MASTER.md index db18060..d6053e9 100644 --- a/docs/11-references/NETWORK_CONFIGURATION_MASTER.md +++ b/docs/11-references/NETWORK_CONFIGURATION_MASTER.md @@ -17,14 +17,15 @@ - **VLAN:** 11 (MGMT-LAN) - **DNS Servers:** 8.8.8.8, 8.8.4.4 -### Proxmox Hosts (192.168.11.10–12) +### Proxmox Hosts (192.168.11.11–12; ml110 repurposed) | Host | IP Address | Role | Status | |------|------------|------|--------| -| ml110 | 192.168.11.10 | Besu network nodes | ✅ Active | | r630-01 | 192.168.11.11 | Infrastructure, RPC, Services, **CCIP Relay** | ✅ Active | | r630-02 | 192.168.11.12 | Firefly, NPMplus secondary, MIM4U | ✅ Active | +**ML110 (192.168.11.10) repurposed:** ML110 Gen9 is being converted to **OPNsense/pfSense** with 8–12 GbE, acting as **WAN aggregator** between 6–10 Spectrum cable modems and the 2× UDM Pro gateways. After repurpose, .10 is the firewall appliance (not Proxmox). See [ML110_OPNSENSE_PFSENSE_WAN_AGGREGATOR.md](ML110_OPNSENSE_PFSENSE_WAN_AGGREGATOR.md). **Before repurpose:** Migrate all containers/VMs off ml110 to r630-01/r630-02 (or other R630s); cluster will be 2 nodes until r630-03+ join. + **CCIP Relay (r630-01):** Host service at `/opt/smom-dbis-138/services/relay`; relays Chain 138 → Mainnet; uses VMID 2201 (192.168.11.221) for RPC. See [07-ccip/CCIP_RELAY_DEPLOYMENT.md](../07-ccip/CCIP_RELAY_DEPLOYMENT.md). **Four NPMplus instances (one per public IP):** 76.53.10.36, 76.53.10.37, 76.53.10.38, 76.53.10.40. See [04-configuration/NPMPLUS_FOUR_INSTANCES_MASTER.md](../04-configuration/NPMPLUS_FOUR_INSTANCES_MASTER.md). @@ -33,7 +34,7 @@ **NPMplus #3 (76.53.10.38, LXC VMID 10235):** 192.168.11.169 (single NIC). Port forwarding: 76.53.10.38:80/81/443 → 192.168.11.169:80/81/443. **Nathan's core-2 RPC, All Mainnet (Alltra), and HYBX** nodes and services route here. Designated public IP: 76.53.10.42. See [04-configuration/NPMPLUS_ALLTRA_HYBX_MASTER_PLAN.md](../04-configuration/NPMPLUS_ALLTRA_HYBX_MASTER_PLAN.md). -**NPMplus #4 (76.53.10.40, LXC VMID 10236):** 192.168.11.170. Port forwarding: 76.53.10.40:80/81/443 → 192.168.11.170:80/81/443; optional 22 → 192.168.11.59 (dev VM). **Dev/Codespaces:** Gitea, Cursor Remote SSH, Proxmox admin panels (pve.ml110, pve.r630-01, pve.r630-02). Dedicated Cloudflare Tunnel. See [04-configuration/DEV_CODESPACES_76_53_10_40.md](../04-configuration/DEV_CODESPACES_76_53_10_40.md) and [04-configuration/DEV_CODESPACES_NEXT_STEPS_CHECKLIST.md](../04-configuration/DEV_CODESPACES_NEXT_STEPS_CHECKLIST.md). +**NPMplus #4 (76.53.10.40, LXC VMID 10236):** 192.168.11.170. Port forwarding: 76.53.10.40:80/81/443 → 192.168.11.170:80/81/443; optional 22 → 192.168.11.59 (dev VM). **Dev/Codespaces:** Gitea, Cursor Remote SSH, Proxmox admin panels (pve.r630-01, pve.r630-02). Dedicated Cloudflare Tunnel. *(ml110 repurposed to OPNsense/pfSense WAN aggregator; no longer Proxmox.)* See [04-configuration/DEV_CODESPACES_76_53_10_40.md](../04-configuration/DEV_CODESPACES_76_53_10_40.md) and [04-configuration/DEV_CODESPACES_NEXT_STEPS_CHECKLIST.md](../04-configuration/DEV_CODESPACES_NEXT_STEPS_CHECKLIST.md). **Dev VM (VMID 5700):** 192.168.11.59. Shared Cursor dev environment, four users, Gitea (private GitOps). See [04-configuration/DEV_VM_GITOPS_PLAN.md](../04-configuration/DEV_VM_GITOPS_PLAN.md). @@ -258,6 +259,9 @@ Direct to RPC Nodes (192.168.11.211-243:8545/8546) ## Related Documents - **[NETWORK_CONFIGURATION_MASTER.md](NETWORK_CONFIGURATION_MASTER.md)** (this doc) - IP matrix above +- **[HARDWARE_INVENTORY_MASTER.md](HARDWARE_INVENTORY_MASTER.md)** - 13× R630, 3× R750, 2× Dell 7920, 2× UDM Pro, 2× UniFi XG 10G, ml110 +- **[13_NODE_NETWORK_AND_CABLING_CHECKLIST.md](13_NODE_NETWORK_AND_CABLING_CHECKLIST.md)** - VLANs, topology, XG port mapping +- **[13_NODE_AND_ASSETS_BRING_ONLINE_CHECKLIST.md](13_NODE_AND_ASSETS_BRING_ONLINE_CHECKLIST.md)** - Bring-online order for R630/R750/7920/UDM Pro #2 - **[VMID_ALLOCATION_FINAL.md](../02-architecture/VMID_ALLOCATION_FINAL.md)** - VMID master inventory - **[VMID_IP_FIXED_REFERENCE.md](VMID_IP_FIXED_REFERENCE.md)** - Fixed VMID→IP (2101, 2201, 5000) - **[BLOCKSCOUT_FIX_RUNBOOK.md](../03-deployment/BLOCKSCOUT_FIX_RUNBOOK.md)** - Blockscout (VMID 5000) troubleshooting diff --git a/docs/11-references/POOL_ACCESS_DASHBOARD_API_MCP.md b/docs/11-references/POOL_ACCESS_DASHBOARD_API_MCP.md index 709fc1b..ff1c940 100644 --- a/docs/11-references/POOL_ACCESS_DASHBOARD_API_MCP.md +++ b/docs/11-references/POOL_ACCESS_DASHBOARD_API_MCP.md @@ -97,6 +97,8 @@ So: **all pools can be accessed via API and MCP** once the above config and code ## References +- [AI_AGENTS_57XX_MCP_ADDENDUM.md](../02-architecture/AI_AGENTS_57XX_MCP_ADDENDUM.md) — Multi-chain MCP, Uniswap profile, automation triggers +- [MCP_AI_POOL_MANAGEMENT_PLAN_UPGRADES.md](../03-deployment/MCP_AI_POOL_MANAGEMENT_PLAN_UPGRADES.md) — Plan upgrades and completed items (allowlist scripts, runbook steps) - [LIQUIDITY_POOLS_MASTER_MAP.md](LIQUIDITY_POOLS_MASTER_MAP.md) — Pool map 138 & 651940 - [POOLS_AND_NETWORKS_FULL_DESIGN.md](POOLS_AND_NETWORKS_FULL_DESIGN.md) — All 61 pools, 6 networks - [AI_AGENTS_57XX_MCP_CONTRACTS_AND_CHAINS.md](../02-architecture/AI_AGENTS_57XX_MCP_CONTRACTS_AND_CHAINS.md) — MCP allowlist and chains diff --git a/docs/11-references/ROUTES_NO_PREFUNDED_BRIDGE_REQUIRED.md b/docs/11-references/ROUTES_NO_PREFUNDED_BRIDGE_REQUIRED.md new file mode 100644 index 0000000..a3b68fa --- /dev/null +++ b/docs/11-references/ROUTES_NO_PREFUNDED_BRIDGE_REQUIRED.md @@ -0,0 +1,106 @@ +# Routes: No Pre-Funded Bridge Required + +**Last Updated:** 2026-03-04 +**Purpose:** Routes from the deployer wallet (or any user) to public-network stablecoins (or between tokens) where **pre-funding a destination bridge is not required**. These use **lock-mint** (source locks, destination mints), **same-chain** (no bridge), or **DEX-only** flows. For routes that *do* require bridge pre-funding (e.g. 138 → Mainnet WETH), see [DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES](DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md). + +**Deployer address:** `0x4A666F96fC8764181194447A7dFdb7d471b301C8` + +**Why this doc:** The 138 → Ethereum Mainnet WETH path uses a **relay + release** model: CCIPRelayBridge on Mainnet **releases** WETH from a pool and must be **funded with Mainnet WETH** before transfers can complete. Other paths (same-chain DODO, AlltraAdapter, CCIP to non-Mainnet chains with mint-on-receive) do not require pre-funding the destination bridge. + +**Sources:** [DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES](DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md), [DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS](DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md), [07-ccip/CW_BRIDGE_APPROACH](../07-ccip/CW_BRIDGE_APPROACH.md), [07-ccip/CCIP_BRIDGE_MAINNET_CONNECTION](../07-ccip/CCIP_BRIDGE_MAINNET_CONNECTION.md), [CONTRACT_ADDRESSES_REFERENCE](CONTRACT_ADDRESSES_REFERENCE.md). + +--- + +## 1. Excluded: routes that require a pre-funded bridge + +| Route | Reason | +|-------|--------| +| **138 WETH → Ethereum Mainnet (1)** | CCIPRelayBridge on chain 1 **releases** WETH (does not mint). Mainnet WETH must be sent to the bridge before 138→Mainnet transfers can complete. See [DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES](DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md) §3.2 and [CCIP_BRIDGE_MAINNET_CONNECTION](../07-ccip/CCIP_BRIDGE_MAINNET_CONNECTION.md). | + +All routes below **do not** require pre-funding the destination bridge. + +--- + +## 2. Same-chain (no bridge) + +No bridge is used; no pre-fund requirement. + +| From (chain) | To (same chain) | Mechanism | Status | +|--------------|-----------------|------------|--------| +| **138 cUSDT** | 138 cUSDC | DODOPMMIntegration / pool `0x9fcB06Aa1FD5215DC0E91Fd098aeff4B62fEa5C8` | ✅ Live | +| **138 cUSDC** | 138 cUSDT | Same pool | ✅ Live | +| **Any chain** | Same chain public stable | Native DEX (Uniswap, etc.) — deployer or user holds token on that chain, swaps on DEX | ✅ Standard | + +--- + +## 3. Cross-chain: lock-mint (destination mints) + +Destination bridge **mints** (or releases from lock) on receive; no need to pre-fund a liquidity pool on the destination. + +### 3.1 Chain 138 ↔ ALL Mainnet (651940) — AlltraAdapter + +Design: **lock on 138 → relayer mints on 651940** (and reverse). No destination bridge pre-fund. + +| From | To | Route | Status | +|------|-----|--------|--------| +| 138 (cUSDT, cUSDC, WETH, etc.) | 651940 AUSDT, USDC, WETH, WALL | AlltraAdapter `0x66FEBA2fC9a0B47F26DD4284DAd24F970436B8Dc` (138↔651940) → then DEX on 651940 if needed | ✅ Live | +| 651940 | 138 | AlltraAdapter 651940→138 | ✅ | + +**Source:** [DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS](DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md), [CROSS_CHAIN_ARBITRAGE_DESIGN](../07-ccip/CROSS_CHAIN_ARBITRAGE_DESIGN.md) (lock on 138, relayer mints on 651940). + +### 3.2 Chain 138 → CCIP destinations other than Mainnet (1) + +For **138 → BSC (56), Polygon (137), Arbitrum (42161), Optimism (10), Avalanche (43114), Cronos (25), Celo (42220), Gnosis (100), Wemix (1111)**, the destination receiver is **CCIPWETH9Bridge** / **CCIPWETH10Bridge** (same contract type as on 138). With **native CCIP**, the protocol **delivers** the token amounts to the receiver when the message is executed; the receiver then **forwards** to the recipient (`transfer(recipient, amount)`). So the receiver **does not mint** — it **receives from CCIP and forwards**. No pre-fund is required (tokens arrive with the message). + +| From (138) | To (chain) | Route | Status | +|------------|------------|--------|--------| +| WETH9 / WETH10 | 56, 100, 137, 10, 42161, 8453, 43114, 25, 42220, 1111 | CCIP WETH9/WETH10 → destination (receiver **receives from CCIP + forwards**); then DEX to USDT/USDC on that chain | ✅ (Celo, Gnosis 2026-03-04); Wemix ⏳ | + +**Per-chain, per-token confirmation:** See [CCIP_138_DESTINATION_RECEIVER_BY_CHAIN_AND_TOKEN](CCIP_138_DESTINATION_RECEIVER_BY_CHAIN_AND_TOKEN.md) for which tokens use **mint** vs **receive+forward** vs **release** (pre-fund) on each chain. + +### 3.3 cW* (c* → cW* on public chains) — when deployed + +Design: **lock cUSDT/cUSDC on 138, mint cWUSDT/cWUSDC on destination** in `ccipReceive`. No pre-funded pool; receiver has MINTER_ROLE and mints. + +| From (138) | To (destination chain) | Route | Status | +|------------|------------------------|--------|--------| +| cUSDT / cUSDC | cWUSDT / cWUSDC on chain (e.g. 56, 137, 1) | UniversalCCIPBridge or dedicated lock-and-send → destination TwoWayTokenBridgeL2 (or CCIPReceiverCW) → `ccipReceive` → `cW*.mint(recipient, amount)` | ⏳ Design / partial; deployment-status empty | + +**Source:** [CW_BRIDGE_APPROACH](../07-ccip/CW_BRIDGE_APPROACH.md) — “lock c* on 138, mint cW* on destination”; receiver implements `ccipReceive` → `cW*.mint(recipient, amount)`. + +--- + +## 4. Reverse: inbound to 138 (no pre-fund) + +| From (chain) | To (138) | Route | Pre-fund? | +|---------------|----------|--------|-----------| +| 651940 | 138 | AlltraAdapter 651940→138 | No (lock-mint / adapter design) | +| Other chains (56, 137, 10, etc.) WETH | 138 | CCIP receiver on 138 → WETH9/WETH10 | No (138 side mints or credits) | +| Mainnet (1) WETH | 138 | Via relay: Mainnet burns/locks, 138 receives. 138 side does not require a pre-funded pool for *inbound*; the relay’s **outbound** (138→1) is what requires Mainnet bridge pre-fund. | Inbound to 138: no pre-fund | + +--- + +## 5. Summary: no pre-fund required + +| Category | Routes | Pre-funded bridge required? | +|----------|--------|-----------------------------| +| Same-chain 138 (cUSDT↔cUSDC) | DODO PMM pool | No | +| Same-chain any (DEX swap) | User holds token on chain, swap on DEX | No | +| 138 ↔ 651940 | AlltraAdapter (lock / mint) | No | +| 138 → chains other than Mainnet (1) | CCIP WETH9/WETH10 (destination **receives from CCIP + forwards**; no mint) | No | +| 138 → Mainnet (1) WETH | CCIP relay → CCIPRelayBridge **releases** | **Yes** — excluded from this doc | +| cW* 138 → dest (when deployed) | Lock c* on 138, mint cW* on dest | No | +| Inbound to 138 | AlltraAdapter, CCIP receiver on 138 | No | + +--- + +## 6. References + +| Document | Use | +|----------|-----| +| [CCIP_138_DESTINATION_RECEIVER_BY_CHAIN_AND_TOKEN](CCIP_138_DESTINATION_RECEIVER_BY_CHAIN_AND_TOKEN.md) | **Per chain and token:** confirms receiver mints vs receive+forward vs release (pre-fund) | +| [DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES](DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md) | Full route list including routes that *do* require pre-funded bridge (138→Mainnet WETH) | +| [DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS](DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md) | Bridges and routing by chain | +| [07-ccip/CW_BRIDGE_APPROACH](../07-ccip/CW_BRIDGE_APPROACH.md) | cW* lock-mint flow (no pre-fund) | +| [07-ccip/CCIP_BRIDGE_MAINNET_CONNECTION](../07-ccip/CCIP_BRIDGE_MAINNET_CONNECTION.md) | Why Mainnet WETH requires bridge pre-fund (relay + release) | +| [CONTRACT_ADDRESSES_REFERENCE](CONTRACT_ADDRESSES_REFERENCE.md) | AlltraAdapter, CCIP bridges, CCIPRelayBridge | diff --git a/docs/11-references/TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER.md b/docs/11-references/TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER.md index 0e9f885..dcf4adb 100644 --- a/docs/11-references/TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER.md +++ b/docs/11-references/TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER.md @@ -1,10 +1,12 @@ # Tokens and Networks — Mintable to Deployer (Liquidity Pools & Bridges) -**Last Updated:** 2026-03-01 +**Last Updated:** 2026-03-02 **Purpose:** Single list of all tokens and networks where tokens **can be minted** (or otherwise credited) to the deployer address for funding PMM liquidity pools and bridges. Use this to fund all operator/LAN-only items (add liquidity, CCIP bridges, etc.). **Deployer address:** `0x4A666F96fC8764181194447A7dFdb7d471b301C8` +**Full mint runbook (c* and cW* on 138 + other networks):** [MINT_C_AND_CW_ON_ALL_NETWORKS.md](MINT_C_AND_CW_ON_ALL_NETWORKS.md) + --- ## Summary diff --git a/docs/11-references/XE9680_VS_R750_DECISION.md b/docs/11-references/XE9680_VS_R750_DECISION.md new file mode 100644 index 0000000..3558e3a --- /dev/null +++ b/docs/11-references/XE9680_VS_R750_DECISION.md @@ -0,0 +1,87 @@ +# 2× XE9680 vs 3× R750 — GPU/AI tier decision + +**Last updated:** 2026-03-03 +**Context:** The 3× R750 were planned for **GPU/AI** workloads. This doc compares that plan to using **2× Dell PowerEdge XE9680** (8× NVIDIA A100 80GB SXM4 per node) instead. + +**Reference:** [Dell PowerEdge XE9680 — 8× NVIDIA A100 80GB SXM4](https://www.theserverstore.com/dell-poweredge-xe9680-6u-gpu-rackmount-server-with-8x-nvidia-tensor-core-a100-80gb-sxm4-gpu) + +--- + +## Opinion summary + +- **For a dedicated GPU/AI tier:** **2× XE9680 is the stronger choice** than 3× R750 (GPU-equipped) if you need serious capacity: 16× A100 80GB, purpose-built cooling and power, NVLink, and optional 200G InfiniBand. Pricing (vendor example): **\$94,999** per node on sale (list \$179,000) → **\$189,998** for 2 nodes; vs ~\$30k–80k for 3× R750 with GPUs. +- **3× R750 (GPU) still makes sense** if you prefer lower cost, fewer GPUs (e.g. 6–12 total across 3 nodes), PCIe-based GPUs (e.g. A6000, L40S), and more flexibility to mix GPU and CPU workloads per node. +- **Recommendation:** Prefer **2× XE9680** for heavy AI/ML (training, large models, 80GB VRAM); prefer **3× R750 + GPUs** for cost-sensitive or lighter/mixed GPU workloads. + +--- + +## 3× R750 as GPU/AI nodes + +| Aspect | R750 (2U, GPU-equipped) | +|--------|---------------------------| +| Form factor | 2U per node; 6U total for 3 | +| GPU capacity | Typically 2–4 PCIe GPUs per node (e.g. NVIDIA A6000, L40S, A40) → 6–12 GPUs total; depends on TDP and slot layout | +| GPU memory | PCIe cards: often 24–48GB per GPU; no 80GB SXM4 in 2U | +| Interconnect | PCIe; no NVLink across GPUs; 10G/25G typical unless you add high-speed NICs | +| Use case | Lighter training, inference, mixed workloads; good for dev/staging GPU pools | +| Cost (approx) | ~\$10k–25k per node (server + GPUs) → ~\$30k–75k for 3 nodes | +| Power/cooling | Moderate; 2U-appropriate | + +R750 is a **general-purpose 2U** that can hold GPUs; it is not an 8-GPU dense AI chassis. + +--- + +## 2× XE9680 as GPU/AI nodes + +| Aspect | XE9680 (6U, 8× A100 SXM4) | +|--------|----------------------------| +| Form factor | 6U per node; 12U total for 2 | +| GPU capacity | **8× NVIDIA A100 80GB SXM4** per node → **16× A100 80GB** total | +| GPU memory | 80GB per A100; NVLink within node for fast multi-GPU training | +| Interconnect | 100GbE + 200GbE InfiniBand (Mellanox ConnectX-6); ideal for multi-node scaling | +| Use case | Large model training, HPC, generative AI, serious ML/DL workloads | +| Cost (approx) | \$94,999/node on sale (list \$179,000) → \$189,998 for 2 nodes | +| Power/cooling | High; 6U chassis and power designed for 8× A100 | + +XE9680 is **purpose-built** for dense GPU AI; no 2U server matches this density and memory per node. + +--- + +## Side-by-side (GPU/AI) + +| Factor | 3× R750 (GPU) | 2× XE9680 | +|--------|----------------|-----------| +| **Total GPUs** | 6–12 (PCIe, config-dependent) | **16× A100 80GB** | +| **VRAM per GPU** | Typically 24–48GB | **80GB** | +| **Multi-GPU** | PCIe only | **NVLink** within node | +| **Multi-node** | 10G/25G typical | **200G InfiniBand** (option) | +| **Rack space** | 6U | 12U | +| **Cost** | Lower (~\$30k–75k ballpark) | \$189,998 for 2× (2 × \$94,999 sale) | +| **Best for** | Lighter AI, mixed workloads, budget | Heavy training, large models, max throughput | + +--- + +## Recommendation (GPU/AI tier) + +| Goal | Recommendation | +|------|----------------| +| **Maximum GPU capacity and large-model training** | **2× XE9680** — 16× A100 80GB, NVLink, InfiniBand; accept higher cost and power. | +| **Lower cost, flexible GPU pool (dev/staging/inference)** | **3× R750 + GPUs** — 6–12 GPUs, PCIe-based; good value and spread across 3 nodes. | +| **Start small, expand later** | 3× R750 now; add XE9680 (or similar) later when workload justifies it. | + +If you **replace** the planned 3× R750 (GPU) with 2× XE9680: document the GPU tier as “2× XE9680” in the inventory and assign IPs (e.g. .24–.25 for the two nodes); the R750 IP block (.24–.26) can be repurposed or left for future use. + +--- + +## Inventory and docs + +- **[HARDWARE_INVENTORY_MASTER.md](HARDWARE_INVENTORY_MASTER.md)** — R750 row updated to “GPU/AI tier”; optional XE9680 alternative. +- **[13_NODE_NETWORK_AND_CABLING_CHECKLIST.md](13_NODE_NETWORK_AND_CABLING_CHECKLIST.md)** — If using XE9680, cable 200G/100G to your fabric (or 10G to existing XG backbone for management). +- **[13_NODE_AND_ASSETS_BRING_ONLINE_CHECKLIST.md](13_NODE_AND_ASSETS_BRING_ONLINE_CHECKLIST.md)** — Phase 3: treat as “GPU tier (R750 or XE9680)” and document which platform is chosen. + +--- + +## References + +- [HARDWARE_INVENTORY_MASTER.md](HARDWARE_INVENTORY_MASTER.md) — GPU/AI tier role and IP plan. +- [Dell XE9680 — 8× A100 80GB (The Server Store)](https://www.theserverstore.com/dell-poweredge-xe9680-6u-gpu-rackmount-server-with-8x-nvidia-tensor-core-a100-80gb-sxm4-gpu) — specs and pricing (refurb). diff --git a/docs/11-references/diagrams/README.md b/docs/11-references/diagrams/README.md new file mode 100644 index 0000000..2437734 --- /dev/null +++ b/docs/11-references/diagrams/README.md @@ -0,0 +1,6 @@ +# Diagrams + +## global-arbitrage-engine + +- **Source:** `global-arbitrage-engine.dot` — Graphviz digraph for the 13-chain global arbitrage engine (Anchor, Hub 138, Bridge, Edge chains). Spec: [real-robinhood/project_plans/repo_ready_graphviz_and_liquidity_heatmap_spec.md](../../smom-dbis-138/real-robinhood/project_plans/repo_ready_graphviz_and_liquidity_heatmap_spec.md). +- **Render:** From repo root: `./scripts/diagrams/render-global-arbitrage-engine.sh` (requires `graphviz`). Produces `global-arbitrage-engine.svg` and `global-arbitrage-engine.png` in this directory. diff --git a/docs/11-references/diagrams/global-arbitrage-engine.dot b/docs/11-references/diagrams/global-arbitrage-engine.dot new file mode 100644 index 0000000..4ae944f --- /dev/null +++ b/docs/11-references/diagrams/global-arbitrage-engine.dot @@ -0,0 +1,221 @@ +digraph GlobalArbitrageEngine { + rankdir=LR; + compound=true; + labelloc="t"; + fontsize=18; + fontname="Inter"; + + node [shape=box, style="rounded", fontsize=11, fontname="Inter"]; + edge [fontsize=10, fontname="Inter"]; + + // ========================= + // ANCHOR / NUMERAIRE LAYER + // ========================= + subgraph cluster_anchor { + label="Anchor / Numeraire"; + style="rounded"; + + XAU_ORACLE [label="XAU Oracle\n(ETH/XAU pricing)"]; + ORACLE_AGG [label="OracleAggregator"]; + ORACLE_PROXY [label="OracleProxy"]; + PRICE_KEEPER [label="PriceFeedKeeper"]; + MULTICALL [label="Multicall"]; + + LEDGER [label="Ledger\n(XAU-denominated accounting)"]; + VAULT_FACTORY [label="VaultFactory"]; + + XAU_ORACLE -> ORACLE_AGG; + ORACLE_PROXY -> ORACLE_AGG; + PRICE_KEEPER -> ORACLE_AGG; + MULTICALL -> ORACLE_AGG; + + ORACLE_AGG -> LEDGER; + VAULT_FACTORY -> LEDGER; + } + + // ========================= + // HUB: CHAIN 138 + // ========================= + subgraph cluster_hub { + label="Hub: Chain 138 (Liquidity + Settlement)"; + style="rounded"; + + C138 [shape=oval, label="Chain 138\n(DBIS / DeFi Oracle)"]; + + // Tokens + CUSDT [label="cUSDT"]; + CUSDC [label="cUSDC"]; + WETH [label="WETH / WETH10\n(Bridge Rail)"]; + + // Liquidity + DODO_INT [label="DODOPMMIntegration"]; + DODO_PROV [label="DODOPMMProvider"]; + POOL_CUSDT_CUSDC [label="DODO PMM Pool\ncUSDT/cUSDC"]; + POOL_CUSDT_USDT [label="DODO PMM Pool\ncUSDT/USDT (official addr)"]; + POOL_CUSDC_USDC [label="DODO PMM Pool\ncUSDC/USDC (official addr)"]; + + // Reserve / Vault / Settlement + RESERVE_SYS [label="ReserveSystem"]; + RESERVE_INT [label="ReserveTokenIntegration"]; + BRIDGE_VAULT [label="BridgeVault"]; + LIQUIDATION [label="Liquidation"]; + + // Registry / Compliance + TOKEN_FACTORY [label="TokenFactory"]; + TOKEN_IMPL [label="TokenImplementation"]; + TOKEN_REG [label="TokenRegistry"]; + COMPLIANCE_REG [label="ComplianceRegistry"]; + POLICY_MGR [label="PolicyManager"]; + DEBT_REG [label="DebtRegistry"]; + FEE_COL [label="FeeCollector"]; + + // Governance / Deterministic + GOV_CTRL [label="GovernanceController"]; + UAR [label="UniversalAssetRegistry\n(proxy + deterministic)"]; + CREATE2 [label="CREATE2Factory"]; + + // Channel / Mirror / Settlement + MIRROR_REG [label="MirrorRegistry"]; + MIRROR_MGR [label="MirrorManager"]; + TX_MIRROR [label="TransactionMirror"]; + ADDR_MAP [label="AddressMapper"]; + PAYMENT_CH [label="PaymentChannelManager"]; + STATE_CH [label="GenericStateChannelManager"]; + MERCH_SETTLE [label="MerchantSettlementRegistry"]; + WITHDRAW_ESC [label="WithdrawalEscrow"]; + LOCKBOX [label="Lockbox138"]; + + // Internal edges + TOKEN_FACTORY -> TOKEN_IMPL; + TOKEN_FACTORY -> TOKEN_REG; + TOKEN_REG -> COMPLIANCE_REG; + POLICY_MGR -> COMPLIANCE_REG; + + DEBT_REG -> LEDGER; + LIQUIDATION -> LEDGER; + + FEE_COL -> BRIDGE_VAULT; + + DODO_PROV -> DODO_INT; + DODO_INT -> POOL_CUSDT_CUSDC; + DODO_INT -> POOL_CUSDT_USDT; + DODO_INT -> POOL_CUSDC_USDC; + + CUSDT -> DODO_INT [label="swap"]; + CUSDC -> DODO_INT [label="swap"]; + + RESERVE_SYS -> RESERVE_INT; + RESERVE_INT -> CUSDT; + RESERVE_INT -> CUSDC; + + MIRROR_MGR -> MIRROR_REG; + TX_MIRROR -> MIRROR_MGR; + ADDR_MAP -> MIRROR_MGR; + + PAYMENT_CH -> MERCH_SETTLE; + STATE_CH -> MERCH_SETTLE; + WITHDRAW_ESC -> MERCH_SETTLE; + LOCKBOX -> WITHDRAW_ESC; + + GOV_CTRL -> UAR; + GOV_CTRL -> CREATE2; + + // Tie hub to anchor + LEDGER -> C138 [style=dashed, label="valuation"]; + } + + // ========================= + // BRIDGE LAYER + // ========================= + subgraph cluster_bridge { + label="Bridge Layer"; + style="rounded"; + + BRIDGE_ORCH [label="BridgeOrchestrator"]; + UCCIP [label="UniversalCCIPBridge"]; + + CCIP_ROUTER [label="CCIP Router"]; + CCIP_SENDER [label="CCIP Sender"]; + CCIP_RECEIVER [label="CCIP Receiver"]; + CCIP_WETH9 [label="CCIPWETH9Bridge"]; + CCIP_WETH10 [label="CCIPWETH10Bridge"]; + + ALLTRA_ADAPTER [label="AlltraAdapter\n(138 ↔ 651940)"]; + + BRIDGE_ORCH -> UCCIP; + UCCIP -> CCIP_ROUTER; + CCIP_SENDER -> CCIP_ROUTER; + CCIP_RECEIVER -> CCIP_ROUTER; + CCIP_WETH9 -> CCIP_ROUTER; + CCIP_WETH10 -> CCIP_ROUTER; + + BRIDGE_VAULT -> CCIP_WETH9; + BRIDGE_VAULT -> CCIP_WETH10; + + BRIDGE_ORCH -> ALLTRA_ADAPTER; + } + + // ========================= + // EDGE CHAINS (13 total) + // ========================= + subgraph cluster_edges { + label="Edge Chains (Liquidity Surfaces)"; + style="rounded"; + + ETH [shape=oval, label="Ethereum\n(chain 1)"]; + BSC [shape=oval, label="BSC\n(chain 56)"]; + POL [shape=oval, label="Polygon\n(chain 137)"]; + OPT [shape=oval, label="Optimism\n(chain 10)"]; + ARB [shape=oval, label="Arbitrum\n(chain 42161)"]; + AVAX [shape=oval, label="Avalanche\n(chain 43114)"]; + BASE [shape=oval, label="Base\n(chain 8453)"]; + GNO [shape=oval, label="Gnosis\n(chain 100)"]; + CRO [shape=oval, label="Cronos\n(chain 25)"]; + CELO [shape=oval, label="Celo\n(chain 42220)"]; + WEMIX [shape=oval, label="Wemix\n(chain 1111)"]; + ALLTRA [shape=oval, label="ALL Mainnet\n(chain 651940)"]; + + // Conceptual edge pools + EDGE_POOL_1 [label="Edge Pools\n(cW*/USDC, cW*/USDT)\n(design; deploy per chain)"]; + + ETH -> EDGE_POOL_1 [style=dashed]; + BSC -> EDGE_POOL_1 [style=dashed]; + POL -> EDGE_POOL_1 [style=dashed]; + OPT -> EDGE_POOL_1 [style=dashed]; + ARB -> EDGE_POOL_1 [style=dashed]; + AVAX -> EDGE_POOL_1 [style=dashed]; + BASE -> EDGE_POOL_1 [style=dashed]; + GNO -> EDGE_POOL_1 [style=dashed]; + CRO -> EDGE_POOL_1 [style=dashed]; + CELO -> EDGE_POOL_1 [style=dashed]; + WEMIX -> EDGE_POOL_1 [style=dashed]; + } + + // ========================= + // CROSS-CHAIN CONNECTIONS + // ========================= + + // Hub <-> bridge orchestrator + C138 -> BRIDGE_ORCH [lhead=cluster_bridge, label="route orchestration"]; + WETH -> CCIP_WETH9 [lhead=cluster_bridge, label="bridge rail"]; + WETH -> CCIP_WETH10 [lhead=cluster_bridge, label="bridge rail"]; + + // CCIP connectivity to edges (conceptual) + CCIP_ROUTER -> ETH [label="CCIP"]; + CCIP_ROUTER -> BSC [label="CCIP"]; + CCIP_ROUTER -> POL [label="CCIP"]; + CCIP_ROUTER -> OPT [label="CCIP"]; + CCIP_ROUTER -> ARB [label="CCIP"]; + CCIP_ROUTER -> AVAX [label="CCIP"]; + CCIP_ROUTER -> CRO [label="CCIP"]; + CCIP_ROUTER -> BASE [style=dashed, label="CCIP/Config"]; + CCIP_ROUTER -> GNO [style=dashed, label="CCIP/Config"]; + CCIP_ROUTER -> CELO [style=dashed, label="CCIP/Config"]; + CCIP_ROUTER -> WEMIX [style=dashed, label="CCIP/Config"]; + + // Alltra adapter connectivity + ALLTRA_ADAPTER -> ALLTRA [label="AlltraAdapter"]; + + // Anchor link + LEDGER -> XAU_ORACLE [style=dashed, label="XAU ref"]; +} diff --git a/docs/12-quick-reference/TROUBLESHOOTING_QUICK_REFERENCE.md b/docs/12-quick-reference/TROUBLESHOOTING_QUICK_REFERENCE.md index 2f0efee..9ec7573 100644 --- a/docs/12-quick-reference/TROUBLESHOOTING_QUICK_REFERENCE.md +++ b/docs/12-quick-reference/TROUBLESHOOTING_QUICK_REFERENCE.md @@ -1,6 +1,6 @@ # Troubleshooting Quick Reference -**Last Updated:** 2025-01-20 +**Last Updated:** 2026-03-04 **Document Version:** 1.0 **Status:** Active Documentation @@ -32,6 +32,15 @@ --- +### RPC / Chain 138 transaction errors + +| Issue | Quick Check | Quick Fix | +|-------|-------------|-----------| +| RPC -32001 (Nonce too low) | `cast nonce $DEPLOYER --rpc-url $RPC --block pending` | Use `NEXT_NONCE=$(cast nonce ...)` before forge script; or run [preflight](09-troubleshooting/RPC_ERRORS_32001_32602.md) and clear tx pool. | +| RPC -32602 (Invalid params) | Check `eth_chainId` and RPC URL | Use correct `RPC_URL_138`; use explicit `--gas-limit`; see [RPC_ERRORS_32001_32602.md](09-troubleshooting/RPC_ERRORS_32001_32602.md). | +| RPC -32xxx gas (deploy failed) | `cast balance $DEPLOYER --rpc-url $RPC` | Use `--gas-estimate-multiplier 150` (or 200) with `forge script ... --broadcast`; fund deployer; see [RPC_ERRORS_32001_32602.md](09-troubleshooting/RPC_ERRORS_32001_32602.md). | +| Wrong token address (Explorer / wallet) | Blockscout shows multiple contracts per symbol | Use **canonical** addresses only: [EXPLORER_TOKEN_LIST_CROSSCHECK.md](11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md) §5. Do not use non-canonical LINK/cUSDT/cUSDC. PMM token alignment verified on-chain 2026-03-04 — see §8. | + ### Service Issues | Issue | Quick Check | Quick Fix | diff --git a/docs/MASTER_INDEX.md b/docs/MASTER_INDEX.md index 4aa90ca..b973d2f 100644 --- a/docs/MASTER_INDEX.md +++ b/docs/MASTER_INDEX.md @@ -1,9 +1,11 @@ # Documentation — Master Index -**Last Updated:** 2026-03-02 +**Last Updated:** 2026-03-04 **Purpose:** Single entry point for all project documentation. Use this index to find canonical sources and avoid deprecated or duplicate content. -**Status:** Preflight and Chain 138 next steps completed 2026-03-02 (38/38 on-chain, 12 c* GRU-registered). **Remaining:** Full deployment order Phase 0–6, operator tasks, Gnosis/Celo/Wemix CCIP, LINK relay, repos and PRs, E2E waves — see [00-meta/NEXT_STEPS_AND_REMAINING_TODOS.md](00-meta/NEXT_STEPS_AND_REMAINING_TODOS.md) § Remaining tasks. +**Status:** Preflight and Chain 138 next steps completed (38/38 on-chain, 12 c* GRU-registered). **2026-03-04:** Celo CCIP bridges deployed; Phase A–D execution tracked in [03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md](03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md). Phase C runbook: [PHASE_C_CW_AND_EDGE_POOLS_RUNBOOK.md](03-deployment/PHASE_C_CW_AND_EDGE_POOLS_RUNBOOK.md); Phase D: [PHASE_D_OPTIONAL_CHECKLIST.md](03-deployment/PHASE_D_OPTIONAL_CHECKLIST.md). **On-chain verification 2026-03-04:** DODOPMMIntegration returns canonical cUSDT/cUSDC — [EXPLORER_TOKEN_LIST_CROSSCHECK](11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md) §8. **Explorer token alignment:** WETH9 metadata quirk and full diff script — [EXPLORER_TOKEN_LIST_CROSSCHECK](11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md) §2.1, §9. **Remaining:** Mint (A.1) retry, Wemix 0.4 WEMIX, LINK fund, cW* + edge pools — see [00-meta/TODOS_CONSOLIDATED.md](00-meta/TODOS_CONSOLIDATED.md). + +**Continue and complete (operator/LAN):** (1) `./scripts/run-completable-tasks-from-anywhere.sh` then (2) `./scripts/run-all-operator-tasks-from-lan.sh` (use `--skip-backup` if `NPM_PASSWORD` not set; add `--deploy` or `--create-vms` as needed). Operator scripts load dotenv from repo `.env` and `smom-dbis-138/.env` automatically. --- @@ -14,6 +16,7 @@ | **What to do next** | [00-meta/NEXT_STEPS_INDEX.md](00-meta/NEXT_STEPS_INDEX.md) — ordered actions, by audience, execution plan | | **Your personal checklist** | [00-meta/NEXT_STEPS_FOR_YOU.md](00-meta/NEXT_STEPS_FOR_YOU.md) | | **Operator runbook (LAN/creds)** | [00-meta/NEXT_STEPS_OPERATOR.md](00-meta/NEXT_STEPS_OPERATOR.md) | +| **Operator copy-paste commands** | [00-meta/OPERATOR_READY_CHECKLIST.md](00-meta/OPERATOR_READY_CHECKLIST.md) — exact commands for Blockscout, NPMplus, CCIP, 502 fix, backup, deploy | | **Required / optional / recommended (full plan)** | [00-meta/COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](00-meta/COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md) | | **Single task list** | [00-meta/TODOS_CONSOLIDATED.md](00-meta/TODOS_CONSOLIDATED.md) | | **Still not done (operator/external)** | [00-meta/STILL_NOT_DONE_EXECUTION_CHECKLIST.md](00-meta/STILL_NOT_DONE_EXECUTION_CHECKLIST.md) | @@ -31,7 +34,9 @@ | Recommendations (139+ items) | [00-meta/ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](00-meta/ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md) | [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](ALL_IMPROVEMENTS_AND_GAPS_INDEX.md) — superseded; redirect only | | Optional / recommendations index | [OPTIONAL_RECOMMENDATIONS_INDEX.md](OPTIONAL_RECOMMENDATIONS_INDEX.md) | — | | Task list | [00-meta/TODO_TASK_LIST_MASTER.md](00-meta/TODO_TASK_LIST_MASTER.md), [00-meta/TODOS_CONSOLIDATED.md](00-meta/TODOS_CONSOLIDATED.md) | — | -| Deployment order | [03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md](03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) | — | +| Deployment order | [03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md](03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md), [03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md](03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md) (Phases A–D) | — | +| Phase C (cW* + edge pools) | [03-deployment/PHASE_C_CW_AND_EDGE_POOLS_RUNBOOK.md](03-deployment/PHASE_C_CW_AND_EDGE_POOLS_RUNBOOK.md) | — | +| Phase D (optional XAU/vaults/trustless) | [03-deployment/PHASE_D_OPTIONAL_CHECKLIST.md](03-deployment/PHASE_D_OPTIONAL_CHECKLIST.md) | — | | Operational runbooks | [03-deployment/OPERATIONAL_RUNBOOKS.md](03-deployment/OPERATIONAL_RUNBOOKS.md) | RUNBOOKS_MASTER_INDEX.md — use OPERATIONAL_RUNBOOKS as single source | | Contract / address status | [11-references/ADDRESS_MATRIX_AND_STATUS.md](11-references/ADDRESS_MATRIX_AND_STATUS.md) | CONTRACT_INVENTORY_AND_VERIFICATION (deleted) | @@ -47,7 +52,8 @@ | **04-configuration** | [04-configuration/README.md](04-configuration/README.md) | | **06-besu** | [06-besu/MASTER_INDEX.md](06-besu/MASTER_INDEX.md) | | **07-ccip** | [07-ccip/](07-ccip/), [00-meta/CW_BRIDGE_TASK_LIST.md](00-meta/CW_BRIDGE_TASK_LIST.md) | -| **11-references** | [11-references/ADDRESS_MATRIX_AND_STATUS.md](11-references/ADDRESS_MATRIX_AND_STATUS.md), [11-references/CONTRACT_ADDRESSES_REFERENCE.md](11-references/CONTRACT_ADDRESSES_REFERENCE.md) | +| **11-references** | [11-references/ADDRESS_MATRIX_AND_STATUS.md](11-references/ADDRESS_MATRIX_AND_STATUS.md), [11-references/CONTRACT_ADDRESSES_REFERENCE.md](11-references/CONTRACT_ADDRESSES_REFERENCE.md), [11-references/DEPLOYER_CONTRACTS_INVENTORY_AND_VERIFICATION_STATUS.md](11-references/DEPLOYER_CONTRACTS_INVENTORY_AND_VERIFICATION_STATUS.md) (all contracts by deployer wallet, network, verified/not), [11-references/DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md](11-references/DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md) (tokens, bridges, DODO/Uniswap LPs, full route map), [11-references/DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md](11-references/DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md) (deployer→public stablecoin routes), [11-references/ROUTES_NO_PREFUNDED_BRIDGE_REQUIRED.md](11-references/ROUTES_NO_PREFUNDED_BRIDGE_REQUIRED.md) (routes where bridge pre-fund not required), [11-references/CCIP_138_DESTINATION_RECEIVER_BY_CHAIN_AND_TOKEN.md](11-references/CCIP_138_DESTINATION_RECEIVER_BY_CHAIN_AND_TOKEN.md) (per-chain per-token: mint vs receive+forward vs release), [11-references/DEPLOYMENT_DATA_SOURCES_INDEX.md](11-references/DEPLOYMENT_DATA_SOURCES_INDEX.md) (dotenv and config files with contract deployments), [11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md](11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md) (Explorer /tokens vs repo token lists), [11-references/HARDWARE_INVENTORY_MASTER.md](11-references/HARDWARE_INVENTORY_MASTER.md), [11-references/13_NODE_NETWORK_AND_CABLING_CHECKLIST.md](11-references/13_NODE_NETWORK_AND_CABLING_CHECKLIST.md), [11-references/13_NODE_AND_ASSETS_BRING_ONLINE_CHECKLIST.md](11-references/13_NODE_AND_ASSETS_BRING_ONLINE_CHECKLIST.md) | +| **Hardware / 13-node** | [11-references/HARDWARE_INVENTORY_MASTER.md](11-references/HARDWARE_INVENTORY_MASTER.md) (R630×13, R750×3, 7920×2, UDM Pro×2, XG×2), [02-architecture/R630_13_NODE_DOD_HA_MASTER_PLAN.md](02-architecture/R630_13_NODE_DOD_HA_MASTER_PLAN.md), [11-references/13_NODE_NETWORK_AND_CABLING_CHECKLIST.md](11-references/13_NODE_NETWORK_AND_CABLING_CHECKLIST.md), [11-references/13_NODE_AND_ASSETS_BRING_ONLINE_CHECKLIST.md](11-references/13_NODE_AND_ASSETS_BRING_ONLINE_CHECKLIST.md) | | **Runbooks** | [03-deployment/OPERATIONAL_RUNBOOKS.md](03-deployment/OPERATIONAL_RUNBOOKS.md) | --- diff --git a/docs/OPTIONAL_RECOMMENDATIONS_INDEX.md b/docs/OPTIONAL_RECOMMENDATIONS_INDEX.md index c6ffe0e..8530fdc 100644 --- a/docs/OPTIONAL_RECOMMENDATIONS_INDEX.md +++ b/docs/OPTIONAL_RECOMMENDATIONS_INDEX.md @@ -1,6 +1,6 @@ # Optional, Recommendations, and Suggestions — Master Index -**Last Updated:** 2026-03-01 +**Last Updated:** 2026-02-27 **Purpose:** Single entry point for all optional tasks, recommendations, and suggestions across the repo. --- @@ -10,6 +10,7 @@ | Document | Description | |----------|-------------| | **[00-meta/COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](00-meta/COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md)** | **Full plan — required, optional, recommended (Wave 0–3, execution order)** | +| **[00-meta/OPTIONAL_TASKS_CHECKLIST.md](00-meta/OPTIONAL_TASKS_CHECKLIST.md)** | **Consolidated optional tasks checklist (Done / Pending / Operator-only)** | | **[00-meta/ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](00-meta/ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md)** | **Canonical list — all recommendations/gaps 1–139 (20 sections)** | | **[00-meta/ALL_RECOMMENDATIONS_HIGH_PRIORITY.md](00-meta/ALL_RECOMMENDATIONS_HIGH_PRIORITY.md)** | High-priority only (filtered view) | | **[00-meta/ALL_RECOMMENDATIONS_OPERATOR_ONLY.md](00-meta/ALL_RECOMMENDATIONS_OPERATOR_ONLY.md)** | Operator-only checklist (LAN/Proxmox) | @@ -35,6 +36,7 @@ | Quick Wins (secure .env, backup, metrics, snapshots, health check) | IMPLEMENTATION_CHECKLIST | ✅ Marked complete | | TransactionMirror + DODO pool Chain 138 (nonce-fix deploy, .env, frontend config) | smom-dbis-138/.env, frontend-dapp contracts.ts, CONTRACT_DEPLOYMENT_RUNBOOK, RPC_2101_READONLY_FIX | ✅ Done — 0x7131F887DBEEb2e44c1Ed267D2A68b5b83285afc; chain138.TRANSACTION_MIRROR in contracts.ts | | Optional batch (2026-02-27 / 2026-03-01) | DeployCompliantFiatTokens (10 tokens); MCP allowlist-138; add-liquidity runbook; token-aggregation fallbacks; ENV_EXAMPLE; E2E routing verify; PMM/REQUIRED_FIXES docs; cCADT (commented) in script | ✅ Done — see TODOS_CONSOLIDATED, PMM_DEX_ROUTING_STATUS | +| MCP plan upgrades (all 8 additional recommendations) | ai-mcp-pmm-controller, docs/03-deployment/MCP_AI_POOL_MANAGEMENT_PLAN_UPGRADES.md | ✅ Done — multi-chain allowlist + RPC by chain; Uniswap get_pool_state; GET /bot_state + dodo.get_bot_state; POST /webhook/trigger; merge-mcp-allowlist-multichain.sh; rate limits/cooldown/gas caps; audit log; dodo.get_router_quote stub. See §5.1 Implementation status. | --- @@ -65,6 +67,7 @@ | `scripts/utils/retry_with_backoff.sh` | Retry command with exponential backoff (source or run) | | `scripts/utils/dry-run-example.sh` | Example `DRY_RUN` / `--dry-run` pattern for scripts | | `scripts/validation/validate-config-files.sh` | Validate required config files and optional env (set `VALIDATE_REQUIRED_FILES`) | +| `scripts/merge-mcp-allowlist-multichain.sh` | Merge Chain 138 + per-chain allowlists into one multi-chain allowlist for MCP | --- @@ -73,9 +76,10 @@ To add a Wallet link to the Blockscout/explorer navbar (e.g. on VMID 5000): 1. SSH to the explorer VM. -2. Edit the main HTML (e.g. `/var/www/html/index.html`). +2. Edit the main HTML or Blockscout nav (e.g. `/var/www/html/index.html`). 3. Add in the nav: `Wallet`. +**Runbook (step-by-step):** [EXPLORER_WALLET_LINK_QUICK_WIN.md](04-configuration/EXPLORER_WALLET_LINK_QUICK_WIN.md). **See:** [REMAINING_TASKS.md](REMAINING_TASKS.md) § Quick Wins. --- diff --git a/docs/README.md b/docs/README.md index c026bed..349930d 100644 --- a/docs/README.md +++ b/docs/README.md @@ -1,11 +1,12 @@ # Documentation -**Last Updated:** 2026-03-02 +**Last Updated:** 2026-03-04 This directory contains all project documentation. Start from the master index to avoid deprecated or duplicate content. -- **Master index (start here):** [MASTER_INDEX.md](MASTER_INDEX.md) — single entry point, canonical sources, deprecated list. +- **Master index (start here):** [MASTER_INDEX.md](MASTER_INDEX.md) — single entry point, canonical sources, deprecated list, and **continue-and-complete** flow (completable then operator script). - **What to do next:** [00-meta/NEXT_STEPS_INDEX.md](00-meta/NEXT_STEPS_INDEX.md). +- **Operator copy-paste:** [00-meta/OPERATOR_READY_CHECKLIST.md](00-meta/OPERATOR_READY_CHECKLIST.md) — exact commands for LAN/creds tasks (Blockscout, NPMplus, backup, deploy). - **Operational runbooks:** [03-deployment/OPERATIONAL_RUNBOOKS.md](03-deployment/OPERATIONAL_RUNBOOKS.md). See [MASTER_INDEX.md](MASTER_INDEX.md) for full navigation and for documents that are deprecated or superseded. diff --git a/docs/REMAINING_TASKS.md b/docs/REMAINING_TASKS.md index da3ea89..2f818e4 100644 --- a/docs/REMAINING_TASKS.md +++ b/docs/REMAINING_TASKS.md @@ -110,10 +110,8 @@ ## 🎯 Quick Wins (< 1 hour) 1. **Add Wallet link to explorer navbar** (15 min) - - SSH to explorer VM (e.g. VMID 5000). - - Edit the main page (e.g. `sudo nano /var/www/html/index.html` or the Blockscout nav template). - - In the navigation section add: `Wallet`. - - Save and reload https://explorer.d-bis.org — Wallet should appear in the nav. + - **Runbook:** [EXPLORER_WALLET_LINK_QUICK_WIN.md](04-configuration/EXPLORER_WALLET_LINK_QUICK_WIN.md) — options for Blockscout frontend, static HTML, and one-liner. + - SSH to explorer VM (e.g. VMID 5000). Edit the main page or Blockscout nav template; add `Wallet` in the nav. Save and reload https://explorer.d-bis.org. 2. **CoinGecko submission** (1 hour) - Follow guide: `docs/04-configuration/coingecko/COINGECKO_SUBMISSION_GUIDE.md` diff --git a/docs/dbis-rail/E2E_WHITEPAPER_SIMPLE.md b/docs/dbis-rail/E2E_WHITEPAPER_SIMPLE.md new file mode 100644 index 0000000..8202d18 --- /dev/null +++ b/docs/dbis-rail/E2E_WHITEPAPER_SIMPLE.md @@ -0,0 +1,158 @@ +# DBIS Rail — End-to-End White Paper (Simple Terms) + +**What is it?** +The DBIS Rail is a **settlement and minting system** that runs on a dedicated blockchain (Chain 138). It connects **traditional banking and ledger evidence** (ISO messages, double-entry bookkeeping) to **on-chain token creation (GRU)**. Only properly authorized, compliant instructions can record a settlement and mint tokens—and the chain never decides whether “real money” is final; that stays in the regulated world. + +--- + +## 1. The Problem It Solves + +**Banks and institutions** need to: + +- Move value in a way that is **auditable** and tied to **real ledger entries** and **compliance checks**. +- **Mint digital tokens (GRU)** only when a defined process has been completed: messages received, funds confirmed, accounting done, and a **group of authorized signers** has agreed. +- Avoid **single points of failure**: no one person or system can approve a mint alone. +- Keep **proof** that each on-chain settlement links back to a specific message, accounting batch, and evidence bundle. + +The DBIS Rail does this by: + +1. Taking **off-chain** evidence (ISO-20022 messages, ledger postings, compliance) and turning it into a **signed authorization**. +2. Running that authorization **on-chain** through contracts that check signers, replay, limits, and participant allowlists. +3. **Recording** the settlement and **minting** GRU only when every check passes. + +--- + +## 2. How It Works End-to-End (Settlement and Mint) + +### Step 1: Message and compliance (off-chain) + +- An **ISO Gateway** (off-chain system) receives banking messages (e.g. payment instructions, statements). +- It runs **compliance** (KYC, AML, sanctions, limits) per the Rulebook. No authorization is built for failed or unresolved cases. +- It posts the transaction in the **DBIS ledger** (double-entry, reserve accounts) and creates a **unique accounting reference** from that posting (journal, batch, timestamp, reserve account). That reference will be attached to the on-chain settlement forever. + +### Step 2: “Good funds” and finality (off-chain) + +- The Rulebook defines **when** funds are treated as final (e.g. wire posted, ACH return window passed, internal transfer completed). +- The Gateway sets a **funds status** (e.g. ON_LEDGER_FINAL or OFF_LEDGER_FINAL) only when the right conditions are met. **The chain does not decide finality**—the regulated process does. + +### Step 3: Building the Mint Authorization (off-chain) + +- The Gateway builds a **Mint Authorization**: a compact package that includes: + - A **unique message ID** (from the payment/instruction). + - **Evidence hash** (hash of the canonical evidence bundle). + - **Accounting reference** (tied to the ledger posting). + - **Recipients and amounts** (who gets GRU and how much). + - **Time window** (valid from/until). + - **Chain and contract** (Chain 138, Settlement Router address). +- This package is in a standard signing format (EIP-712) so signers sign **exactly this instruction**. + +### Step 4: Signers approve (off-chain) + +- A **quorum of authorized signers** (e.g. 3 of 5) must sign the Mint Authorization. One of them must be from a **Compliance** category. No single signer can approve alone. +- Signers are expected to sign only when the Rulebook and good-funds rules are satisfied. Their keys are kept secure (e.g. HSM). + +### Step 5: Relayer submits on-chain + +- A **relayer** (script or service) sends the **signed Mint Authorization + signatures** to the **Settlement Router** contract on Chain 138. + +### Step 6: Router validates and records (on-chain) + +- The **Settlement Router**: + - Checks **signatures** (correct hash, valid signers). + - Checks **quorum and categories** (enough signers, including Compliance). + - Ensures **message ID** has never been used (no replay). + - Checks **time window** and **chain/contract**. + - Checks **policy** (per-message caps, corridor limits). + - Confirms **recipients** are approved participant wallets. +- If anything fails, the transaction reverts. If all pass, the Router **records** the settlement and calls the **Mint Controller**. + +### Step 7: Mint (on-chain) + +- The **Mint Controller** is the **only** contract allowed to mint GRU. It accepts instructions **only** from the Settlement Router. +- It mints the agreed amounts to the recipient addresses. **SettlementRecorded** and **MintExecuted** events are emitted for audit and reporting. + +### Step 8: Audit trail + +- Every settlement is tied on-chain to: + - **Message ID** (links to the original instruction). + - **Accounting reference** (links to the ledger posting). + - **Evidence hash** (links to the off-chain evidence bundle). +- These anchors support regulatory and internal audit. + +--- + +## 3. The Main Pieces (Simple Map) + +| Piece | Where | Role in simple terms | +|-------|--------|------------------------| +| **ISO Gateway** | Off-chain | Receives messages, runs compliance, does ledger posting, builds the Mint Authorization, asks signers to sign. | +| **Signers** | Off-chain | Authorized people/systems that sign the Mint Authorization when the Rulebook and good-funds rules are met. | +| **Relayer** | Off-chain | Submits the signed authorization to the Settlement Router (pays gas; no custody of funds). | +| **Chain 138** | Blockchain | Runs the contracts and stores immutable settlement and mint events. | +| **Participant Registry** | On-chain | List of allowed institutions and their approved wallets (only those can receive GRU). | +| **Signer Registry** | On-chain | List of allowed signers and quorum rules (who can sign, how many, which category required). | +| **Settlement Router** | On-chain | Validates the signed Mint Authorization and policy; records settlement; calls Mint Controller. | +| **Mint Controller** | On-chain | Mints GRU only when called by the Settlement Router. | +| **Root Registry** | On-chain | Holds addresses of the other DBIS contracts (single place to find them). | + +--- + +## 4. Conversions (Swaps) in Short + +- The rail also supports **governed token conversions** (e.g. swap one token for another) via a **Conversion Router**. +- A **Swap Authorization** is built (with venue, quote, amounts, deadline), signed by the allowlisted signers (with rules for small vs large swaps), and submitted on-chain. +- The Conversion Router checks: chain, contract, deadline, **venue allowlist**, **quote-issuer allowlist**, **stablecoin status**, and **blocklist**. Only then is the conversion treated as authorized; execution (e.g. DEX swap) is done so that the outcome meets the signed minimum output. +- **Stablecoin policy** defines which tokens count as canonical stablecoins and how they are monitored; the Conversion Router can enforce that only active, compliant ones are used. + +--- + +## 5. Safety and Controls (Plain Language) + +- **No single point of approval** + Mint and swap authorizations need a **quorum** of signers, with **Compliance** required for mints (and for large swaps where configured). + +- **Replay protection** + Each message ID can be used **once**. Reusing it is rejected. + +- **Time-bound** + Every authorization has a validity window; expired or not-yet-valid submissions are rejected. + +- **Chain and contract binding** + Signatures are tied to Chain 138 and to the correct contract address. Wrong chain or wrong contract → invalid. + +- **Only the Router can trigger mint** + GRU is minted **only** via the Mint Controller when the Settlement Router calls it. Other mint paths (e.g. owner mint) are removed or revoked. + +- **Pause** + Authorized roles can **pause** the Settlement Router (and related components) to stop new settlements in an emergency. + +- **Participant and signer allowlists** + Only registered participants’ wallets can receive GRU; only registered signers’ signatures count. Signers can be revoked; procedures cover key compromise and in-flight authorizations. + +- **Caps and corridors** + The Router can enforce **per-message** and **per-corridor** limits so that no single instruction or corridor exceeds policy. + +- **Audit trail** + Settlement and mint (and conversion) produce **on-chain events** with message ID, accounting reference, evidence hash, and amounts—so every move can be traced and reported. + +--- + +## 6. Who It’s For and What You Get + +- **Banks and financial institutions** that need settlement and token minting tied to **real messages, ledger, and compliance**, with **multi-party sign-off** and a clear audit trail. +- **Operators** who run the ISO Gateway, signer set, and relayer—with a **Rulebook** and **runbooks** for good funds, finality, reversals, and incidents. +- **Regulators and auditors** who need to see **who can sign**, **how** finality is decided (off-chain), **how** the chain enforces authorization and policy, and **how** each settlement links to message, ledger, and evidence. + +**In one sentence:** +The DBIS Rail turns **compliant, ledger-anchored banking instructions** into **on-chain settlements and GRU mints** that are **multi-signer authorized, replay-proof, and fully auditable**, while leaving **finality of “real money”** in the regulated domain. + +--- + +## Document info + +| Field | Value | +|-------|--------| +| Title | DBIS Rail — End-to-End White Paper (Simple Terms) | +| Network | DBIS Mainnet (Chain 138) | +| Audience | General technical and business readers | +| Companion docs | Technical Spec v1, Rulebook v1, Regulator Brief v1, ISO Gateway & Relayer Spec | diff --git a/docs/dbis-rail/README.md b/docs/dbis-rail/README.md index 8cb55a7..4ae47d8 100644 --- a/docs/dbis-rail/README.md +++ b/docs/dbis-rail/README.md @@ -2,6 +2,7 @@ This folder holds the **DBIS Rail** technical specification and operational rulebook for Chain 138 (DBIS Mainnet): bank-rail settlement and GRU mint orchestration using ISO-20022–anchored authorizations. +- **E2E White Paper (simple terms):** [E2E_WHITEPAPER_SIMPLE.md](E2E_WHITEPAPER_SIMPLE.md) — end-to-end flow, components, and controls in plain language. - **Technical Spec:** [DBIS_RAIL_TECHNICAL_SPEC_V1.md](DBIS_RAIL_TECHNICAL_SPEC_V1.md) — contract set, MintAuth, signer quorum, replay protection, audit events. - **Rulebook:** [DBIS_RAIL_RULEBOOK_V1.md](DBIS_RAIL_RULEBOOK_V1.md) — good funds matrix, finality rules, accounting sequence, reversal handling, signer governance, incident controls, audit standards. - **Security Threat Model:** [DBIS_RAIL_SECURITY_THREAT_MODEL_V1.md](DBIS_RAIL_SECURITY_THREAT_MODEL_V1.md) — trust boundaries, authorization/ledger/router/mint/validator/off-chain threats, severity classification, residual risk, review cycle. diff --git a/explorer-monorepo b/explorer-monorepo index 041fae1..04bea35 160000 --- a/explorer-monorepo +++ b/explorer-monorepo @@ -1 +1 @@ -Subproject commit 041fae157425e4b595633708701670238aea7d0e +Subproject commit 04bea35e89a9029d18f5b13507d11fb29ad5d8b2 diff --git a/scripts/create-pmm-full-mesh-chain138.sh b/scripts/create-pmm-full-mesh-chain138.sh new file mode 100755 index 0000000..5bf51fe --- /dev/null +++ b/scripts/create-pmm-full-mesh-chain138.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash +# Wrapper: run smom-dbis-138/scripts/create-pmm-full-mesh-chain138.sh from repo root. +# Usage: ./scripts/create-pmm-full-mesh-chain138.sh +# MESH_ONLY_C_STAR=1 = only c* vs c* pairs (no official USDT/USDC) +# DRY_RUN=1 = print actions only + +REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" +SMOM="${REPO_ROOT}/smom-dbis-138" +[ -d "$SMOM" ] || { echo "Not found: $SMOM"; exit 1; } +exec bash "$SMOM/scripts/create-pmm-full-mesh-chain138.sh" "$@" diff --git a/scripts/deployment/deploy-transaction-mirror-and-pmm-pool-after-txpool-clear.sh b/scripts/deployment/deploy-transaction-mirror-and-pmm-pool-after-txpool-clear.sh index 4a37202..d95c259 100755 --- a/scripts/deployment/deploy-transaction-mirror-and-pmm-pool-after-txpool-clear.sh +++ b/scripts/deployment/deploy-transaction-mirror-and-pmm-pool-after-txpool-clear.sh @@ -118,7 +118,7 @@ fi if [[ -z "$SKIP_MIRROR" ]]; then echo "Deploying TransactionMirror (NEXT_NONCE=$NEXT_NONCE, gas $GAS_PRICE)..." if ! forge script script/DeployTransactionMirror.s.sol:DeployTransactionMirror \ - --rpc-url "$RPC" --broadcast --private-key "$PRIVATE_KEY" --with-gas-price "$GAS_PRICE"; then + --rpc-url "$RPC" --broadcast --private-key "$PRIVATE_KEY" --with-gas-price "$GAS_PRICE" --gas-estimate-multiplier 150; then echo "" echo "If the failure was CreateCollision (contract already at expected address), set in $SMOM/.env:" >&2 echo " TRANSACTION_MIRROR_ADDRESS=0xC7f2Cf4845C6db0e1a1e91ED41Bcd0FcC1b0E141" >&2 @@ -143,7 +143,7 @@ while true; do echo "" echo "Creating DODO cUSDT/cUSDC pool (NEXT_NONCE=$NEXT_NONCE, gas $POOL_GAS)..." POOL_OUTPUT=$(forge script script/dex/CreateCUSDTCUSDCPool.s.sol:CreateCUSDTCUSDCPool \ - --rpc-url "$RPC" --broadcast --private-key "$PRIVATE_KEY" --with-gas-price "$POOL_GAS" 2>&1) || true + --rpc-url "$RPC" --broadcast --private-key "$PRIVATE_KEY" --with-gas-price "$POOL_GAS" --gas-estimate-multiplier 150 2>&1) || true echo "$POOL_OUTPUT" if echo "$POOL_OUTPUT" | grep -q "Replacement transaction underpriced"; then POOL_RETRY=$((POOL_RETRY + 1)) diff --git a/scripts/diagrams/render-global-arbitrage-engine.sh b/scripts/diagrams/render-global-arbitrage-engine.sh new file mode 100755 index 0000000..aad75c2 --- /dev/null +++ b/scripts/diagrams/render-global-arbitrage-engine.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash +# Render global-arbitrage-engine.dot to SVG and PNG. +# Usage: from repo root: ./scripts/diagrams/render-global-arbitrage-engine.sh +# Requires: graphviz (dot) + +set -e +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +REPO_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)" +DIAGRAM_DIR="${DIAGRAM_DIR:-$REPO_ROOT/docs/11-references/diagrams}" +DOT_FILE="$DIAGRAM_DIR/global-arbitrage-engine.dot" + +if [[ ! -f "$DOT_FILE" ]]; then + echo "Error: $DOT_FILE not found." >&2 + exit 1 +fi + +cd "$DIAGRAM_DIR" +dot -Tsvg global-arbitrage-engine.dot -o global-arbitrage-engine.svg +dot -Tpng global-arbitrage-engine.dot -o global-arbitrage-engine.png +echo "Rendered: global-arbitrage-engine.svg, global-arbitrage-engine.png in $DIAGRAM_DIR" diff --git a/scripts/generate-mcp-allowlist-from-chain138.sh b/scripts/generate-mcp-allowlist-from-chain138.sh new file mode 100755 index 0000000..9d498e0 --- /dev/null +++ b/scripts/generate-mcp-allowlist-from-chain138.sh @@ -0,0 +1,89 @@ +#!/usr/bin/env bash +# Generate MCP allowlist for Chain 138 from DODOPMMIntegration. +# Reads getAllPools() and getPoolConfig(pool) via RPC and outputs allowlist JSON. +# +# Usage: +# ./scripts/generate-mcp-allowlist-from-chain138.sh # print to stdout +# ./scripts/generate-mcp-allowlist-from-chain138.sh -o allowlist.json # write file +# OUT_PATH=ai-mcp-pmm-controller/config/allowlist-138.json ./scripts/generate-mcp-allowlist-from-chain138.sh +# +# Requires: RPC_URL_138 (or RPC_URL), DODO_PMM_INTEGRATION_ADDRESS in env (or .env in smom-dbis-138). +# Optional: MAX_POOLS (default 200), PROFILE (default dodo_pmm_v2_like). + +set -euo pipefail + +REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" +cd "$REPO_ROOT" + +# Load env from smom-dbis-138 if present +if [[ -f "$REPO_ROOT/smom-dbis-138/.env" ]]; then + set -a + source "$REPO_ROOT/smom-dbis-138/.env" + set +a +fi + +RPC="${RPC_URL_138:-${RPC_URL:-http://192.168.11.211:8545}}" +INT="${DODO_PMM_INTEGRATION_ADDRESS:-${DODO_PMM_INTEGRATION:-}}" +OUT_PATH="" +PROFILE="${PROFILE:-dodo_pmm_v2_like}" +MAX_POOLS="${MAX_POOLS:-200}" + +while [[ $# -gt 0 ]]; do + case "$1" in + -o) OUT_PATH="$2"; shift 2 ;; + *) shift ;; + esac +done +[[ -z "${1:-}" ]] || true + +[[ -n "$INT" ]] || { echo "DODO_PMM_INTEGRATION_ADDRESS not set"; exit 1; } +command -v cast &>/dev/null || { echo "cast (foundry) required"; exit 1; } +command -v jq &>/dev/null || { echo "jq required"; exit 1; } + +# Fetch pool count: call allPools(length) by trying 0..MAX_POOLS (contract has allPools(uint256)) +pools=() +for ((i=0; i/dev/null | cast --to-addr 2>/dev/null || true) + [[ -n "$addr" && "$addr" != "0x0000000000000000000000000000000000000000" ]] || break + pools+=("$addr") +done + +echo "Found ${#pools[@]} pools on Chain 138" >&2 + +# Build JSON array of pool entries +entries="[]" +for pool in "${pools[@]}"; do + # poolConfigs(pool) -> (pool, baseToken, quoteToken, lpFeeRate, i, k, isOpenTWAP, createdAt) + config=$(cast call "$INT" "poolConfigs(address)(address,address,address,uint256,uint256,uint256,bool,uint256)" "$pool" --rpc-url "$RPC" 2>/dev/null || true) + if [[ -z "$config" ]]; then + echo " Skip $pool (poolConfigs failed)" >&2 + continue + fi + # cast may output "addr0 addr1 addr2 ..." or "( addr0 addr1 addr2 ..."; first=pool, second=base, third=quote + addrs=($(echo "$config" | grep -oE '0x[0-9a-fA-F]{40}' || true)) + base="${addrs[1]:-}" + quote="${addrs[2]:-}" + [[ -n "$base" && -n "$quote" ]] || continue + name="pool-${pool:2:8}" + entry=$(jq -n \ + --arg name "$name" \ + --arg pool "$pool" \ + --arg base "$base" \ + --arg quote "$quote" \ + --arg profile "$PROFILE" \ + '{name: $name, pool_address: $pool, base_token: $base, quote_token: $quote, profile: $profile, limits: {max_slippage_bps: 50, max_single_tx_notional_usd: 2500, max_daily_notional_usd: 10000, cooldown_seconds: 1800, max_oracle_deviation_bps: 75, gas_cap_gwei: 35}}') + entries=$(echo "$entries" | jq --argjson e "$entry" '. + [$e]') +done + +result=$(jq -n \ + --arg chain "138" \ + --argjson pools "$entries" \ + '{chain: $chain, description: "Chain 138 (DeFi Oracle) DODO PMM pools. Auto-generated from DODOPMMIntegration.getAllPools/getPoolConfig. Set ALLOWLIST_PATH and CHAIN=138 when running MCP.", pools: $pools}') + +if [[ -n "$OUT_PATH" ]]; then + mkdir -p "$(dirname "$OUT_PATH")" + echo "$result" | jq . > "$OUT_PATH" + echo "Wrote $OUT_PATH" >&2 +else + echo "$result" | jq . +fi diff --git a/scripts/generate-mcp-allowlist-from-deployment-status.sh b/scripts/generate-mcp-allowlist-from-deployment-status.sh new file mode 100755 index 0000000..cb509fd --- /dev/null +++ b/scripts/generate-mcp-allowlist-from-deployment-status.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +# Generate MCP allowlist fragment for a public chain from deployment-status.json. +# Reads cross-chain-pmm-lps/config/deployment-status.json and outputs pools for the given chainId. +# +# Usage: +# ./scripts/generate-mcp-allowlist-from-deployment-status.sh # e.g. 137 +# ./scripts/generate-mcp-allowlist-from-deployment-status.sh 137 -o fragment-137.json +# +# Output: JSON with "chain", "pools" (array of {name, pool_address, base_token, quote_token, profile}). +# pmmPools in deployment-status must have poolAddress (or pool_address), base, quote (or base_token, quote_token). + +set -euo pipefail + +REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" +STATUS="${REPO_ROOT}/cross-chain-pmm-lps/config/deployment-status.json" +OUT_PATH="" +CHAIN_ID="${1:-}" + +[[ -n "$CHAIN_ID" ]] || { echo "Usage: $0 [-o output.json]"; exit 1; } +shift || true +while [[ $# -gt 0 ]]; do + case "$1" in + -o) OUT_PATH="$2"; shift 2 ;; + *) shift ;; + esac +done + +[[ -f "$STATUS" ]] || { echo "Not found: $STATUS"; exit 1; } +command -v jq &>/dev/null || { echo "jq required"; exit 1; } + +# Read pmmPools for this chain; schema can be { "base", "quote", "poolAddress" } or { "base_token", "quote_token", "pool_address" } +pools_json=$(jq -c --arg c "$CHAIN_ID" ' + .chains[$c].pmmPools // [] | map( + { + name: ("pool-" + (.["poolAddress"] // .pool_address // "?")[0:10]), + pool_address: (.["poolAddress"] // .pool_address), + base_token: (.["base"] // .base_token), + quote_token: (.["quote"] // .quote_token), + profile: (.["profile"] // "dodo_pmm_v2_like") + } | select(.pool_address != null and .base_token != null and .quote_token != null) + ) +' "$STATUS" 2>/dev/null || echo "[]") + +# Add default limits to each pool +with_limits=$(echo "$pools_json" | jq ' + map(. + { + limits: { + max_slippage_bps: 50, + max_single_tx_notional_usd: 2500, + max_daily_notional_usd: 10000, + cooldown_seconds: 1800, + max_oracle_deviation_bps: 75, + gas_cap_gwei: 35 + } + }) +') + +chain_name=$(jq -r --arg c "$CHAIN_ID" '.chains[$c].name // "Unknown"' "$STATUS") +result=$(jq -n \ + --arg chain "$CHAIN_ID" \ + --arg name "$chain_name" \ + --argjson pools "$with_limits" \ + '{chain: $chain, description: ("MCP allowlist for chain " + $chain + " (" + $name + ") from deployment-status.json. Use with multi-chain MCP or per-chain allowlist."), pools: $pools}') + +if [[ -n "$OUT_PATH" ]]; then + mkdir -p "$(dirname "$OUT_PATH")" + echo "$result" | jq . > "$OUT_PATH" + echo "Wrote $OUT_PATH ($(echo "$pools_json" | jq 'length') pools)" >&2 +else + echo "$result" | jq . +fi diff --git a/scripts/list-single-sided-pools-by-chain.sh b/scripts/list-single-sided-pools-by-chain.sh new file mode 100755 index 0000000..0ba844f --- /dev/null +++ b/scripts/list-single-sided-pools-by-chain.sh @@ -0,0 +1,55 @@ +#!/usr/bin/env bash +# List single-sided PMM pools to create per public chain (for aggregator and DEX routing). +# Reads cross-chain-pmm-lps/config/pool-matrix.json and prints poolsFirst + poolsOptional per chain. +# Usage: ./scripts/list-single-sided-pools-by-chain.sh [chain_id] +# If chain_id is omitted, lists all chains. If provided, lists only that chain. + +set -euo pipefail + +REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" +MATRIX="${REPO_ROOT}/cross-chain-pmm-lps/config/pool-matrix.json" + +if [[ ! -f "$MATRIX" ]]; then + echo "Not found: $MATRIX" + exit 1 +fi + +if ! command -v jq &>/dev/null; then + echo "jq is required. Install with: apt-get install jq / brew install jq" + exit 1 +fi + +CHAIN="${1:-}" + +list_chain() { + local cid="$1" + local name name_hub first optional + name=$(jq -r --arg c "$cid" '.chains[$c].name // "Unknown"' "$MATRIX") + name_hub=$(jq -r --arg c "$cid" '.chains[$c].hubStable // "?"' "$MATRIX") + echo "Chain $cid — $name (hub: $name_hub)" + echo " poolsFirst (create these first):" + jq -r --arg c "$cid" '.chains[$c].poolsFirst[]?' "$MATRIX" 2>/dev/null | while read -r p; do + [[ -n "$p" ]] && echo " - $p" + done + echo " poolsOptional:" + jq -r --arg c "$cid" '.chains[$c].poolsOptional[]?' "$MATRIX" 2>/dev/null | while read -r p; do + [[ -n "$p" ]] && echo " - $p" + done + echo "" +} + +if [[ -n "$CHAIN" ]]; then + if ! jq -e --arg c "$CHAIN" '.chains[$c]' "$MATRIX" &>/dev/null; then + echo "Chain $CHAIN not found in pool-matrix.json" + exit 1 + fi + list_chain "$CHAIN" +else + for cid in $(jq -r '.chains | keys[]' "$MATRIX"); do + list_chain "$cid" + done +fi + +echo "---" +echo "Source: $MATRIX" +echo "Use SINGLE_SIDED_LPS_PUBLIC_NETWORKS_RUNBOOK.md for deployment steps." diff --git a/scripts/maintenance/ensure-core-rpc-config-2101-2102.sh b/scripts/maintenance/ensure-core-rpc-config-2101-2102.sh new file mode 100755 index 0000000..2bd218c --- /dev/null +++ b/scripts/maintenance/ensure-core-rpc-config-2101-2102.sh @@ -0,0 +1,80 @@ +#!/usr/bin/env bash +# Ensure Core RPC nodes 2101 and 2102 have TXPOOL and ADMIN (and DEBUG) in rpc-http-api and rpc-ws-api. +# Does NOT add txpool_besuClear/txpool_clear/admin_removeTransaction — Besu does not implement them. +# See: docs/04-configuration/CORE_RPC_2101_2102_TXPOOL_ADMIN_STATUS.md +# +# Usage: ./scripts/maintenance/ensure-core-rpc-config-2101-2102.sh [--dry-run] [--2101-only] [--2102-only] + +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)" +source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true + +# Canonical API list for Core RPC (max that Besu supports for txpool + admin) +RPC_HTTP_API='["ETH","NET","WEB3","TXPOOL","QBFT","ADMIN","DEBUG","TRACE"]' +RPC_WS_API='["ETH","NET","WEB3","TXPOOL","QBFT","ADMIN"]' + +VMID_2101=2101 +VMID_2102=2102 +HOST_2101="${PROXMOX_HOST_R630_01:-192.168.11.11}" +HOST_2102="${PROXMOX_HOST_ML110:-192.168.11.10}" +CONFIG_2101="/etc/besu/config-rpc-core.toml" +CONFIG_2102="/etc/besu/config-rpc.toml" + +DRY_RUN=false +ONLY_2101=false +ONLY_2102=false +for a in "$@"; do + [[ "$a" == "--dry-run" ]] && DRY_RUN=true + [[ "$a" == "--2101-only" ]] && ONLY_2101=true + [[ "$a" == "--2102-only" ]] && ONLY_2102=true +done + +run_ssh() { ssh -o ConnectTimeout=10 -o StrictHostKeyChecking=no root@"$1" "$2"; } +log_ok() { echo -e "\033[0;32m[✓]\033[0m $1"; } +log_info() { echo -e "\033[0;34m[INFO]\033[0m $1"; } +log_warn() { echo -e "\033[0;33m[⚠]\033[0m $1"; } + +ensure_apis() { + local vmid=$1 + local host=$2 + local config_path=$3 + log_info "VMID $vmid ($host): ensuring $config_path has TXPOOL, ADMIN, DEBUG..." + if $DRY_RUN; then + echo " Would set rpc-http-api and rpc-ws-api to include TXPOOL, ADMIN, DEBUG, QBFT, TRACE (2101/2102)" + return 0 + fi + # Pass API lists via env so quoting is safe; remote sed updates the config + run_ssh "$host" "pct exec $vmid -- env RPC_HTTP_API='$RPC_HTTP_API' RPC_WS_API='$RPC_WS_API' CFG='$config_path' bash -c ' + set -e + [ -f \"\$CFG\" ] || { echo \"Config \$CFG not found\"; exit 1; } + cp \"\$CFG\" \"\${CFG}.bak.\$(date +%Y%m%d%H%M%S)\" + grep -q \"rpc-http-api\" \"\$CFG\" && sed -i \"s|^rpc-http-api=.*|rpc-http-api=\$RPC_HTTP_API|\" \"\$CFG\" || echo \"rpc-http-api=\$RPC_HTTP_API\" >> \"\$CFG\" + grep -q \"rpc-ws-api\" \"\$CFG\" && sed -i \"s|^rpc-ws-api=.*|rpc-ws-api=\$RPC_WS_API|\" \"\$CFG\" || echo \"rpc-ws-api=\$RPC_WS_API\" >> \"\$CFG\" + chown besu:besu \"\$CFG\" 2>/dev/null || true + echo OK + '" 2>/dev/null || { log_warn "VMID $vmid: SSH or config update failed"; return 1; } + log_ok "VMID $vmid: config updated" + log_info "Restarting besu-rpc on $vmid..." + run_ssh "$host" "pct exec $vmid -- systemctl restart besu-rpc 2>/dev/null || pct exec $vmid -- systemctl restart besu-rpc.service 2>/dev/null" || { log_warn "Restart failed for $vmid"; return 1; } + log_ok "VMID $vmid: besu-rpc restarted" + return 0 +} + +echo "" +echo "=== Ensure Core RPC 2101 / 2102 — TXPOOL + ADMIN (max Besu supports) ===" +echo " dry-run=$DRY_RUN 2101-only=$ONLY_2101 2102-only=$ONLY_2102" +echo " Note: txpool_besuClear, txpool_clear, admin_removeTransaction are NOT in Besu; use clear-all-transaction-pools.sh to clear stuck txs." +echo "" + +if [[ "$ONLY_2102" != true ]]; then + ensure_apis "$VMID_2101" "$HOST_2101" "$CONFIG_2101" || true +fi +if [[ "$ONLY_2101" != true ]]; then + ensure_apis "$VMID_2102" "$HOST_2102" "$CONFIG_2102" || true +fi + +echo "" +echo "Done. Verify: ./scripts/maintenance/health-check-rpc-2101.sh and curl to 192.168.11.212:8545 for 2102." +echo "Ref: docs/04-configuration/CORE_RPC_2101_2102_TXPOOL_ADMIN_STATUS.md" diff --git a/scripts/maintenance/fix-block-production-staggered-restart.sh b/scripts/maintenance/fix-block-production-staggered-restart.sh new file mode 100755 index 0000000..4c47ce6 --- /dev/null +++ b/scripts/maintenance/fix-block-production-staggered-restart.sh @@ -0,0 +1,84 @@ +#!/usr/bin/env bash +# Staggered restart of Chain 138 validators to restore block production without losing quorum. +# When all 5 validators are restarted at once (e.g. clear-all-transaction-pools), they can all +# enter "full sync" and no node is at head to produce blocks. Restarting one at a time lets +# the rest stay at head so the restarted node syncs quickly and consensus can continue. +# +# Usage: ./scripts/maintenance/fix-block-production-staggered-restart.sh [--dry-run] +# Requires: SSH to Proxmox hosts (192.168.11.10 ML110, 192.168.11.11 R630-01, 192.168.11.12 R630-02) + +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)" +source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true + +DRY_RUN=false +[[ "${1:-}" == "--dry-run" ]] && DRY_RUN=true + +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' +log_info() { echo -e "${BLUE}[INFO]${NC} $1"; } +log_ok() { echo -e "${GREEN}[✓]${NC} $1"; } +log_warn() { echo -e "${YELLOW}[WARN]${NC} $1"; } + +# Order: restart one at a time; wait between so restarted node can sync from others +# VMID : host +VALIDATORS=( + "1004:${PROXMOX_HOST_ML110:-192.168.11.10}" + "1003:${PROXMOX_HOST_ML110:-192.168.11.10}" + "1002:${PROXMOX_HOST_R630_01:-192.168.11.11}" + "1001:${PROXMOX_HOST_R630_01:-192.168.11.11}" + "1000:${PROXMOX_HOST_R630_01:-192.168.11.11}" +) +WAIT_BETWEEN=90 +RPC="${RPC_URL_138:-http://192.168.11.211:8545}" + +get_block() { + curl -s -m 5 -X POST -H "Content-Type: application/json" \ + -d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}' "$RPC" 2>/dev/null | jq -r '.result // "0x0"' +} + +echo "=== Staggered validator restart (fix block production) ===" +echo " RPC: $RPC" +echo " Wait between restarts: ${WAIT_BETWEEN}s" +$DRY_RUN && echo " (DRY RUN - no restarts)" +echo "" + +BLOCK_BEFORE=$(get_block) +log_info "Block before: $BLOCK_BEFORE" + +for entry in "${VALIDATORS[@]}"; do + IFS=: read -r vmid host <<< "$entry" + log_info "Restarting validator $vmid on $host..." + if $DRY_RUN; then + echo " Would: ssh root@$host 'pct exec $vmid -- systemctl restart besu-validator'" + else + # Allow up to 120s for restart (Besu stop/start can take 1-2 min) + if timeout 120 ssh -o ConnectTimeout=10 -o StrictHostKeyChecking=no root@"$host" "pct exec $vmid -- systemctl restart besu-validator" 2>/dev/null; then + log_ok " $vmid restarted" + else + log_warn " $vmid restart timed out or failed (node may still be restarting)" + fi + fi + if ! $DRY_RUN && [[ "$vmid" != "1000" ]]; then + log_info " Waiting ${WAIT_BETWEEN}s for node to rejoin and sync..." + sleep "$WAIT_BETWEEN" + fi +done + +if ! $DRY_RUN; then + log_info "Waiting 30s then checking block production..." + sleep 30 + BLOCK_AFTER=$(get_block) + log_info "Block after: $BLOCK_AFTER" + echo "" + echo "Run monitor to confirm blocks are advancing:" + echo " ./scripts/monitoring/monitor-blockchain-health.sh" + echo " watch -n 5 'cast block-number --rpc-url $RPC'" +fi + +log_ok "Done." diff --git a/scripts/maintenance/proxmox-load-balance-suggest.sh b/scripts/maintenance/proxmox-load-balance-suggest.sh new file mode 100644 index 0000000..232bfa9 --- /dev/null +++ b/scripts/maintenance/proxmox-load-balance-suggest.sh @@ -0,0 +1,60 @@ +#!/usr/bin/env bash +# Suggest load-balancing migrations: show current load and example commands to move +# containers from r630-01 to r630-02 (or ml110). Run from project root. +# +# Usage: bash scripts/maintenance/proxmox-load-balance-suggest.sh + +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)" +[[ -f "${PROJECT_ROOT}/config/ip-addresses.conf" ]] && source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true + +R630_01="${PROXMOX_HOST_R630_01:-192.168.11.11}" +R630_02="${PROXMOX_HOST_R630_02:-192.168.11.12}" +ML110="${PROXMOX_HOST_ML110:-192.168.11.10}" +SSH_OPTS="-o ConnectTimeout=8 -o StrictHostKeyChecking=no" + +# Candidates safe to suggest (r630-01 -> r630-02). Excludes NPMplus main, core RPC, validators, sentries, DBIS core. +CANDIDATES="3500 3501 7804 8640 8642 10232 10235 10236" + +echo "" +echo "=== Proxmox load balance — suggestion ===" +echo "" + +# Current load and counts +for entry in "r630-01:$R630_01" "r630-02:$R630_02" "ml110:$ML110"; do + IFS=: read -r name ip <<< "$entry" + out=$(ssh $SSH_OPTS root@"$ip" " + echo \"LOAD|\$(cat /proc/loadavg 2>/dev/null | cut -d' ' -f1-3)\" + echo \"LXC|\$(pct list 2>/dev/null | tail -n +2 | wc -l)\" + " 2>/dev/null) || true + load=$(echo "$out" | awk -F'|' '$1=="LOAD"{print $2}') + lxc=$(echo "$out" | awk -F'|' '$1=="LXC"{print $2}') + printf " %-10s %s LXC: %s\n" "$name" "load: $load" "$lxc" +done + +echo "" +echo "--- Suggested migrations (r630-01 → r630-02) ---" +echo "Run from project root. Use --dry-run first. Target storage on r630-02: thin1, thin2, thin5, thin6." +echo "" + +for vmid in $CANDIDATES; do + # Check if CT exists on r630-01 + on_src=$(ssh $SSH_OPTS root@"$R630_01" "pct list 2>/dev/null | awk '\$1==$vmid{print \$1}'" 2>/dev/null) || true + if [[ -n "$on_src" ]]; then + name=$(ssh $SSH_OPTS root@"$R630_01" "pct config $vmid 2>/dev/null | grep -E '^hostname:|^name:' | head -1 | sed 's/^[^:]*:[[:space:]]*//'" 2>/dev/null) || echo "CT-$vmid" + echo " VMID $vmid ($name):" + echo " ./scripts/maintenance/migrate-ct-r630-01-to-r630-02.sh $vmid thin1 --dry-run" + echo " ./scripts/maintenance/migrate-ct-r630-01-to-r630-02.sh $vmid thin1 --destroy-source" + echo "" + fi +done + +echo "--- Cluster check (optional) ---" +echo "If nodes are in the same cluster, you can try live migrate from r630-01:" +echo " ssh root@$R630_01 \"pvecm status\"" +echo " ssh root@$R630_01 \"pct migrate r630-02 --storage thin1 --restart\"" +echo "" +echo "See: docs/04-configuration/PROXMOX_LOAD_BALANCING_RUNBOOK.md" +echo "" diff --git a/scripts/merge-mcp-allowlist-multichain.sh b/scripts/merge-mcp-allowlist-multichain.sh new file mode 100755 index 0000000..0c590fc --- /dev/null +++ b/scripts/merge-mcp-allowlist-multichain.sh @@ -0,0 +1,76 @@ +#!/usr/bin/env bash +# Merge single-chain allowlists into one multi-chain allowlist for the MCP server. +# Output format: { "description": "...", "chains": [ { "chainId": "138", "pools": [...] }, ... ] } +# +# Usage: +# ./scripts/merge-mcp-allowlist-multichain.sh -o ai-mcp-pmm-controller/config/allowlist-multichain.json +# ALLOWLIST_138=path/to/allowlist-138.json CHAIN_IDS="138 137 1" ./scripts/merge-mcp-allowlist-multichain.sh -o out.json +# +# If ALLOWLIST_138 is not set, runs generate-mcp-allowlist-from-chain138.sh to get Chain 138 pools. +# For other chain IDs, runs generate-mcp-allowlist-from-deployment-status.sh and merges. + +set -euo pipefail + +REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" +cd "$REPO_ROOT" + +OUT_PATH="" +ALLOWLIST_138="${ALLOWLIST_138:-}" +CHAIN_IDS="${CHAIN_IDS:-138}" +DEPLOYMENT_STATUS="${DEPLOYMENT_STATUS:-$REPO_ROOT/cross-chain-pmm-lps/config/deployment-status.json}" + +while [[ $# -gt 0 ]]; do + case "$1" in + -o) OUT_PATH="$2"; shift 2 ;; + *) shift ;; + esac +done + +command -v jq &>/dev/null || { echo "jq required"; exit 1; } + +TMP_DIR=$(mktemp -d) +trap 'rm -rf "$TMP_DIR"' EXIT + +# Build chains array +CHAIN_OBJS=() + +# Chain 138 +if [[ -n "$ALLOWLIST_138" && -f "$ALLOWLIST_138" ]]; then + jq -c '{ chainId: "138", pools: .pools }' "$ALLOWLIST_138" > "$TMP_DIR/138.json" + CHAIN_OBJS+=("$TMP_DIR/138.json") +else + GEN_138="$REPO_ROOT/scripts/generate-mcp-allowlist-from-chain138.sh" + if [[ -x "$GEN_138" ]]; then + "$GEN_138" 2>/dev/null | jq -c '{ chainId: "138", pools: .pools }' > "$TMP_DIR/138.json" || true + [[ -s "$TMP_DIR/138.json" ]] && CHAIN_OBJS+=("$TMP_DIR/138.json") + fi +fi + +# Other chains from deployment-status +for cid in $CHAIN_IDS; do + [[ "$cid" == "138" ]] && continue + FRAG="$TMP_DIR/$cid.json" + if "$REPO_ROOT/scripts/generate-mcp-allowlist-from-deployment-status.sh" "$cid" 2>/dev/null | jq -c --arg c "$cid" '{ chainId: $c, pools: .pools }' > "$FRAG" 2>/dev/null && [[ -s "$FRAG" ]]; then + CHAIN_OBJS+=("$FRAG") + fi +done + +# Merge: read all chain objects into a jq array +if [[ ${#CHAIN_OBJS[@]} -eq 0 ]]; then + CHAINS_JSON="[]" +else + CHAINS_JSON=$(jq -s '.' "${CHAIN_OBJS[@]}") +fi + +RESULT=$(jq -n --argjson chains "$CHAINS_JSON" '{ + description: "Multi-chain MCP allowlist. Set ALLOWLIST_PATH to this file; set RPC_138, RPC_137, etc. or RPC_BY_CHAIN_PATH.", + chains: $chains +}') + +if [[ -n "$OUT_PATH" ]]; then + mkdir -p "$(dirname "$OUT_PATH")" + echo "$RESULT" | jq . > "$OUT_PATH" + echo "Wrote $OUT_PATH (chains: $(echo "$CHAINS_JSON" | jq 'length'))" >&2 +else + echo "$RESULT" | jq . +fi diff --git a/scripts/mint-all-c-star-138.sh b/scripts/mint-all-c-star-138.sh new file mode 100755 index 0000000..18854ea --- /dev/null +++ b/scripts/mint-all-c-star-138.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash +# Wrapper: run smom-dbis-138/scripts/mint-all-c-star-138.sh from repo root. +# Usage: ./scripts/mint-all-c-star-138.sh [amount_human] +# Example: ./scripts/mint-all-c-star-138.sh 1000000 + +REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" +SMOM="${REPO_ROOT}/smom-dbis-138" +[ -d "$SMOM" ] || { echo "Not found: $SMOM"; exit 1; } +exec bash "$SMOM/scripts/mint-all-c-star-138.sh" "$@" diff --git a/scripts/mint-cw-on-chain.sh b/scripts/mint-cw-on-chain.sh new file mode 100755 index 0000000..40215bd --- /dev/null +++ b/scripts/mint-cw-on-chain.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash +# Wrapper: run smom-dbis-138 mint-cw script from repo root. +# Usage: ./scripts/mint-cw-on-chain.sh [amount_human] + +REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" +SMOM="${REPO_ROOT}/smom-dbis-138" +[ -d "$SMOM" ] || { echo "Not found: $SMOM"; exit 1; } +exec bash "$SMOM/scripts/mint-cw-on-chain.sh" "$@" diff --git a/scripts/mint-for-liquidity.sh b/scripts/mint-for-liquidity.sh new file mode 100755 index 0000000..26a8016 --- /dev/null +++ b/scripts/mint-for-liquidity.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash +# Wrapper: run smom-dbis-138/scripts/mint-for-liquidity.sh from repo root. +# Usage: ./scripts/mint-for-liquidity.sh [--add-liquidity] +# Example: ./scripts/mint-for-liquidity.sh --add-liquidity + +REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" +SMOM="${REPO_ROOT}/smom-dbis-138" +[ -d "$SMOM" ] || { echo "Not found: $SMOM"; exit 1; } +exec bash "$SMOM/scripts/mint-for-liquidity.sh" "$@" diff --git a/scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh b/scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh index 8b523ce..3261ff8 100755 --- a/scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh +++ b/scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh @@ -19,15 +19,22 @@ PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)" _orig_npm_url="${NPM_URL:-}" _orig_npm_email="${NPM_EMAIL:-}" _orig_npm_password="${NPM_PASSWORD:-}" +# Load dotenv: repo root .env then smom-dbis-138/.env (operator creds) if [ -f "$PROJECT_ROOT/.env" ]; then set +u # shellcheck source=/dev/null source "$PROJECT_ROOT/.env" set -u - [ -n "$_orig_npm_url" ] && NPM_URL="$_orig_npm_url" - [ -n "$_orig_npm_email" ] && NPM_EMAIL="$_orig_npm_email" - [ -n "$_orig_npm_password" ] && NPM_PASSWORD="$_orig_npm_password" fi +if [ -f "$PROJECT_ROOT/smom-dbis-138/.env" ]; then + set +u + # shellcheck source=/dev/null + source "$PROJECT_ROOT/smom-dbis-138/.env" + set -u +fi +[ -n "$_orig_npm_url" ] && NPM_URL="$_orig_npm_url" +[ -n "$_orig_npm_email" ] && NPM_EMAIL="$_orig_npm_email" +[ -n "$_orig_npm_password" ] && NPM_PASSWORD="$_orig_npm_password" [ -f "$PROJECT_ROOT/config/ip-addresses.conf" ] && source "$PROJECT_ROOT/config/ip-addresses.conf" 2>/dev/null || true # Default .167: NPMplus (VMID 10233) reachable on ${IP_NPMPLUS:-${IP_NPMPLUS:-192.168.11.167}}:81; set NPM_URL in .env to override diff --git a/scripts/omnl/README.md b/scripts/omnl/README.md index abc26ad..596dc70 100644 --- a/scripts/omnl/README.md +++ b/scripts/omnl/README.md @@ -19,6 +19,7 @@ Scripts for the **OMNL** tenancy ([omnl.hybxfinance.io](https://omnl.hybxfinance | **omnl-office2-access-security-test.sh** | Security test: office-2 user must not see other offices’ data or achieve path traversal/command injection. Set office-2 user and password (e.g. `OMNL_OFFICE2_TEST_USER`, `OMNL_OFFICE2_TEST_PASSWORD`). See [OMNL_OFFICE_2_ACCESS_SECURITY_TEST.md](../../docs/04-configuration/mifos-omnl-central-bank/OMNL_OFFICE_2_ACCESS_SECURITY_TEST.md). | | **omnl-office-create-samama.sh** | Create Office for Samama Group LLC (Azerbaijan) and post 5B USD M1 from Head Office (Phase C pattern: HO Dr 2100 Cr 2410; office Dr 1410 Cr 2100). Idempotent by externalId. `SKIP_TRANSFER=1` to create office only. See [SAMAMA_OFFICE_AND_5B_M1_TRANSFER.md](../../docs/04-configuration/mifos-omnl-central-bank/SAMAMA_OFFICE_AND_5B_M1_TRANSFER.md). | | **omnl-office-create-pelican.sh** | Create Office for Pelican Motors And Finance LLC (Chalmette, LA). Idempotent by externalId `PEL-MOTORS-CHALMETTE-LA`. Use with omnl.hybx.global by setting `OMNL_FINERACT_BASE_URL`. See [PELICAN_MOTORS_OFFICE_RUNBOOK.md](../../docs/04-configuration/mifos-omnl-central-bank/PELICAN_MOTORS_OFFICE_RUNBOOK.md). | +| **omnl-office-create-adf-singapore.sh** | Create Office for ADF ASIAN PACIFIC HOLDING SINGAPORE PTE LTD (child of OMNL Head Office). Idempotent by externalId `202328126M`. See [ADF_ASIAN_PACIFIC_SINGAPORE_OFFICE_RUNBOOK.md](../../docs/04-configuration/mifos-omnl-central-bank/ADF_ASIAN_PACIFIC_SINGAPORE_OFFICE_RUNBOOK.md). | | **resolve_ids.sh** | Resolve GL IDs (1410, 2100, 2410) and payment type; write `ids.env`. Run before closures/reconciliation/templates. See [OPERATING_RAILS.md](../../docs/04-configuration/mifos-omnl-central-bank/OPERATING_RAILS.md). | | **omnl-gl-closures-post.sh** | Post GL closures for Office 20 and HO (idempotent). `CLOSING_DATE=yyyy-MM-dd`, `DRY_RUN=1`. See [OPERATING_RAILS.md](../../docs/04-configuration/mifos-omnl-central-bank/OPERATING_RAILS.md). | | **omnl-reconciliation-office20.sh** | Snapshot Office 20 (offices + GL + trial balance), timestamp, sha256. `OUT_DIR=./reconciliation`. See [OPERATING_RAILS.md](../../docs/04-configuration/mifos-omnl-central-bank/OPERATING_RAILS.md). | @@ -107,6 +108,10 @@ bash scripts/omnl/omnl-office-create-samama.sh # Pelican Motors And Finance LLC — create office (omnl.hybx.global or omnl.hybxfinance.io) DRY_RUN=1 bash scripts/omnl/omnl-office-create-pelican.sh bash scripts/omnl/omnl-office-create-pelican.sh + +# ADF Asian Pacific Holding Singapore Pte Ltd — create office (child of OMNL Head Office, externalId 202328126M) +DRY_RUN=1 bash scripts/omnl/omnl-office-create-adf-singapore.sh +bash scripts/omnl/omnl-office-create-adf-singapore.sh ``` **Requirements:** `curl`, `jq` (for ledger posting and pretty-print in discovery). diff --git a/scripts/omnl/omnl-office-create-adf-singapore.sh b/scripts/omnl/omnl-office-create-adf-singapore.sh new file mode 100755 index 0000000..1e74c61 --- /dev/null +++ b/scripts/omnl/omnl-office-create-adf-singapore.sh @@ -0,0 +1,75 @@ +#!/usr/bin/env bash +# OMNL Fineract — Create one Office for ADF ASIAN PACIFIC HOLDING SINGAPORE PTE LTD (child of OMNL Head Office). +# Uses Fineract POST /offices (name, parentId, openingDate, externalId). +# See docs/04-configuration/mifos-omnl-central-bank/ADF_ASIAN_PACIFIC_SINGAPORE_OFFICE_RUNBOOK.md +# +# Usage: run from repo root. +# OPENING_DATE=2023-07-11 (default) +# DRY_RUN=1 to print payload only, do not POST. +# +# For omnl.hybx.global set in .env: +# OMNL_FINERACT_BASE_URL=https://omnl.hybx.global/fineract-provider/api/v1 +# +# Requires: curl, jq. + +set -euo pipefail +REPO_ROOT="${REPO_ROOT:-$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)}" +DRY_RUN="${DRY_RUN:-0}" +OPENING_DATE="${OPENING_DATE:-2023-07-11}" +ADF_SINGAPORE_EXTERNAL_ID="${ADF_SINGAPORE_EXTERNAL_ID:-202328126M}" +ADF_SINGAPORE_OFFICE_NAME="${ADF_SINGAPORE_OFFICE_NAME:-ADF ASIAN PACIFIC HOLDING SINGAPORE PTE LTD}" + +if [ -f "${REPO_ROOT}/omnl-fineract/.env" ]; then + set +u + source "${REPO_ROOT}/omnl-fineract/.env" 2>/dev/null || true + set -u +elif [ -f "${REPO_ROOT}/.env" ]; then + set +u + source "${REPO_ROOT}/.env" 2>/dev/null || true + set -u +fi + +BASE_URL="${OMNL_FINERACT_BASE_URL:-}" +TENANT="${OMNL_FINERACT_TENANT:-omnl}" +USER="${OMNL_FINERACT_USER:-app.omnl}" +PASS="${OMNL_FINERACT_PASSWORD:-}" + +if [ -z "$BASE_URL" ] || [ -z "$PASS" ]; then + echo "Set OMNL_FINERACT_BASE_URL and OMNL_FINERACT_PASSWORD (e.g. omnl-fineract/.env or .env)." >&2 + echo "For omnl.hybx.global use: OMNL_FINERACT_BASE_URL=https://omnl.hybx.global/fineract-provider/api/v1" >&2 + exit 1 +fi + +CURL_OPTS=(-s -S -H "Fineract-Platform-TenantId: ${TENANT}" -H "Content-Type: application/json" -u "${USER}:${PASS}") + +# Resolve existing office by externalId (idempotent) +offices_json=$(curl "${CURL_OPTS[@]}" "${BASE_URL}/offices" 2>/dev/null) +existing_id=$(echo "$offices_json" | jq -r --arg e "$ADF_SINGAPORE_EXTERNAL_ID" '.[] | select(.externalId == $e) | .id' 2>/dev/null | head -1) + +if [ -n "$existing_id" ] && [ "$existing_id" != "null" ]; then + echo "ADF Asian Pacific Singapore office already exists: officeId=$existing_id (externalId=$ADF_SINGAPORE_EXTERNAL_ID)" >&2 + echo "OFFICE_ID_ADF_SINGAPORE=$existing_id" + exit 0 +fi + +payload=$(jq -n \ + --arg name "$ADF_SINGAPORE_OFFICE_NAME" \ + --arg openingDate "$OPENING_DATE" \ + --arg externalId "$ADF_SINGAPORE_EXTERNAL_ID" \ + '{ name: $name, parentId: 1, openingDate: $openingDate, externalId: $externalId, dateFormat: "yyyy-MM-dd", locale: "en" }') + +if [ "$DRY_RUN" = "1" ]; then + echo "DRY_RUN: would POST /offices with name=$ADF_SINGAPORE_OFFICE_NAME externalId=$ADF_SINGAPORE_EXTERNAL_ID openingDate=$OPENING_DATE" >&2 + echo "Payload: $payload" >&2 + exit 0 +fi + +res=$(curl "${CURL_OPTS[@]}" -X POST -d "$payload" "${BASE_URL}/offices" 2>/dev/null) || true +if echo "$res" | jq -e '.resourceId // .officeId' >/dev/null 2>&1; then + ADF_OFFICE_ID=$(echo "$res" | jq -r '.resourceId // .officeId') + echo "Created ADF Asian Pacific Singapore office: officeId=$ADF_OFFICE_ID" >&2 + echo "OFFICE_ID_ADF_SINGAPORE=$ADF_OFFICE_ID" +else + echo "Failed to create office: $res" >&2 + exit 1 +fi diff --git a/scripts/resolve-stuck-transaction-besu-qbft.sh b/scripts/resolve-stuck-transaction-besu-qbft.sh index 05d9209..62148e5 100755 --- a/scripts/resolve-stuck-transaction-besu-qbft.sh +++ b/scripts/resolve-stuck-transaction-besu-qbft.sh @@ -12,7 +12,9 @@ source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" -SOURCE_PROJECT="/home/intlc/projects/smom-dbis-138" +PROJECT_ROOT_SCRIPT="$(cd "$SCRIPT_DIR/.." && pwd)" +SOURCE_PROJECT="${SOURCE_PROJECT:-${PROJECT_ROOT_SCRIPT}/smom-dbis-138}" +[[ -d "$SOURCE_PROJECT" ]] || SOURCE_PROJECT="/home/intlc/projects/smom-dbis-138" # Colors RED='\033[0;31m' diff --git a/scripts/run-all-operator-tasks-from-lan.sh b/scripts/run-all-operator-tasks-from-lan.sh index b44b17f..bcd2a67 100755 --- a/scripts/run-all-operator-tasks-from-lan.sh +++ b/scripts/run-all-operator-tasks-from-lan.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash -# Run operator tasks from a host on LAN with access to .env (PRIVATE_KEY, NPM_PASSWORD, etc.). +# Run operator tasks from a host on LAN. Always loads dotenv (PRIVATE_KEY, NPM_PASSWORD, etc.) from repo .env and smom-dbis-138/.env. # Optional: contract deploy, Blockscout verify, backup, Proxmox VM/container creation. # # Usage: @@ -17,6 +17,12 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)" cd "$PROJECT_ROOT" +# Always load dotenv so Operator/LAN has NPM_PASSWORD, PRIVATE_KEY, RPC, etc. +if [[ -f "$SCRIPT_DIR/lib/load-project-env.sh" ]]; then + # shellcheck source=scripts/lib/load-project-env.sh + source "$SCRIPT_DIR/lib/load-project-env.sh" +fi + DRY_RUN=false SKIP_BACKUP=false SKIP_VERIFY=false @@ -62,32 +68,27 @@ echo "" # 2) Blockscout verification if [[ "$SKIP_VERIFY" != true ]]; then if [[ "$DRY_RUN" == true ]]; then - echo "[DRY-RUN] Would run: source smom-dbis-138/.env; ./scripts/verify/run-contract-verification-with-proxy.sh" + echo "[DRY-RUN] Would run: ./scripts/verify/run-contract-verification-with-proxy.sh (dotenv already loaded)" else log_info "Blockscout source verification..." - ([[ -f smom-dbis-138/.env ]] && source smom-dbis-138/.env 2>/dev/null; bash "$SCRIPT_DIR/verify/run-contract-verification-with-proxy.sh") || log_warn "Blockscout verify skipped (env or script failed)" + (bash "$SCRIPT_DIR/verify/run-contract-verification-with-proxy.sh") || log_warn "Blockscout verify skipped (env or script failed)" fi echo "" fi -# 3) Optional: contract deployment +# 3) Optional: contract deployment (PRIVATE_KEY from dotenv already loaded above) if [[ "$DO_DEPLOY" == true ]]; then if [[ "$DRY_RUN" == true ]]; then echo "[DRY-RUN] Would run: smom-dbis-138 deploy-all-phases.sh (and deploy-transaction-mirror-chain138.sh if needed)" else - if [[ -f smom-dbis-138/.env ]]; then - source smom-dbis-138/.env 2>/dev/null || true - if [[ -n "${PRIVATE_KEY:-}" ]]; then + if [[ -n "${PRIVATE_KEY:-}" ]]; then log_info "Contract deployment (phased)..." (cd smom-dbis-138 && ./scripts/deployment/deploy-all-phases.sh) && log_ok "Phased deploy done" || log_warn "Phased deploy failed (may already be deployed)" log_info "TransactionMirror (if needed)..." bash "$SCRIPT_DIR/deployment/deploy-transaction-mirror-chain138.sh" 2>/dev/null && log_ok "TransactionMirror deployed" || log_warn "TransactionMirror skipped or failed (add TRANSACTION_MIRROR_ADDRESS to .env if deployed)" else - log_warn "PRIVATE_KEY not set; skipping deploy" + log_warn "PRIVATE_KEY not set; set in smom-dbis-138/.env or .env and re-run" fi - else - log_warn "smom-dbis-138/.env not found; skipping deploy" - fi fi echo "" fi diff --git a/scripts/run-fix-all-from-lan.sh b/scripts/run-fix-all-from-lan.sh new file mode 100644 index 0000000..05c26fe --- /dev/null +++ b/scripts/run-fix-all-from-lan.sh @@ -0,0 +1,70 @@ +#!/usr/bin/env bash +# Run fix-all steps that can be automated from the LAN operator machine. +# Manual steps (Windows hosts, UDM Pro hairpin, Alltra/HYBX) are printed at the end. +# Usage: bash scripts/run-fix-all-from-lan.sh [--verify] +# --verify also run full verification (can take several minutes) + +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)" +RUN_VERIFY=false +[[ "${1:-}" == "--verify" ]] && RUN_VERIFY=true + +cd "$PROJECT_ROOT" + +echo "=== Fix All From LAN ===" +echo "" + +# 1. Explorer hosts (this machine) +echo "--- 1. Explorer (explorer.d-bis.org) ---" +if grep -q "explorer.d-bis.org" /etc/hosts 2>/dev/null; then + echo "OK: /etc/hosts already has an entry for explorer.d-bis.org" + grep "explorer.d-bis.org" /etc/hosts +else + echo "Add to /etc/hosts (run with sudo):" + echo " echo '192.168.11.140 explorer.d-bis.org' | sudo tee -a /etc/hosts" +fi +if curl -sI -o /dev/null -w "%{http_code}" --connect-timeout 5 "https://explorer.d-bis.org/" 2>/dev/null | grep -q 200; then + echo "OK: https://explorer.d-bis.org/ returns 200 from this host" +else + echo "WARN: https://explorer.d-bis.org/ did not return 200; add hosts or check network" +fi +echo "" + +# 2. Env permissions +echo "--- 2. Env permissions ---" +if [ -f "scripts/security/secure-env-permissions.sh" ]; then + bash scripts/security/secure-env-permissions.sh +else + echo "SKIP: scripts/security/secure-env-permissions.sh not found" +fi +echo "" + +# 3. Optional: full verification +if [[ "$RUN_VERIFY" == true ]]; then + echo "--- 3. Full verification ---" + if [ -f "scripts/verify/run-full-verification.sh" ]; then + bash scripts/verify/run-full-verification.sh + else + echo "SKIP: scripts/verify/run-full-verification.sh not found" + fi +else + echo "--- 3. Full verification (skipped) ---" + echo "Run with --verify to run: bash scripts/verify/run-full-verification.sh" +fi +echo "" + +# 4. Manual steps +echo "=== Manual steps (see docs/05-network/FIX_ALL_ISSUES_RUNBOOK.md) ===" +echo "" +echo "• Windows browser: Add to C:\\Windows\\System32\\drivers\\etc\\hosts (as Admin):" +echo " 192.168.11.140 explorer.d-bis.org" +echo " Then: ipconfig /flushdns" +echo "" +echo "• UDM Pro: Enable NAT loopback (hairpin) so all LAN clients can use explorer.d-bis.org without hosts." +echo "" +echo "• UDM Pro port forward: 76.53.10.36:80/443 → 192.168.11.167 (for external access)." +echo "" +echo "• Alltra/HYBX: Port forward 76.53.10.38 → 192.168.11.169; fix 502s per docs/04-configuration/FIXES_PREPARED.md" +echo "" diff --git a/scripts/run-operator-tasks-from-lan.sh b/scripts/run-operator-tasks-from-lan.sh index 3ea4459..5aada62 100755 --- a/scripts/run-operator-tasks-from-lan.sh +++ b/scripts/run-operator-tasks-from-lan.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash # Run operator tasks that REQUIRE being on LAN and/or having NPM_PASSWORD, PRIVATE_KEY. -# Run from a host on the same LAN as NPMplus (192.168.11.x) with .env loaded. -# Usage: source .env 2>/dev/null; ./scripts/run-operator-tasks-from-lan.sh [--dry-run] [--skip-backup] [--skip-verify] +# Always loads dotenv from repo .env and smom-dbis-138/.env (no need to source before running). +# Usage: ./scripts/run-operator-tasks-from-lan.sh [--dry-run] [--skip-backup] [--skip-verify] set -euo pipefail @@ -9,6 +9,12 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)" cd "$PROJECT_ROOT" +# Always load dotenv so Operator/LAN has NPM_PASSWORD, PRIVATE_KEY, etc. +if [[ -f "$SCRIPT_DIR/lib/load-project-env.sh" ]]; then + # shellcheck source=scripts/lib/load-project-env.sh + source "$SCRIPT_DIR/lib/load-project-env.sh" +fi + DRY_RUN=false SKIP_BACKUP=false SKIP_VERIFY=false diff --git a/scripts/verify-all-systems.sh b/scripts/verify-all-systems.sh index 11ec0d5..533f439 100755 --- a/scripts/verify-all-systems.sh +++ b/scripts/verify-all-systems.sh @@ -2,6 +2,7 @@ # Comprehensive verification of all deployed systems # Tests: Explorer, APIs, Services, MetaMask integration # Runs all tests even if some fail; exits 1 only if any failed +# Note: 301/404/000 in other checks often expected (HTTPS redirect, wrong port, NPMplus). See docs/04-configuration/DETAILED_GAPS_AND_ISSUES_LIST.md §11a. set -uo pipefail @@ -25,10 +26,15 @@ test_endpoint() { local url="$2" local expected="$3" local timeout="${4:-10}" + local follow_redirects="${5:-false}" echo -n "Testing $name... " local body - body=$(curl -s --max-time "$timeout" "$url" 2>/dev/null) || true + if [[ "$follow_redirects" == "true" ]]; then + body=$(curl -sL --max-time "$timeout" "$url" 2>/dev/null) || true + else + body=$(curl -s --max-time "$timeout" "$url" 2>/dev/null) || true + fi if echo "$body" | grep -qE "$expected"; then echo -e "${GREEN}PASS${NC}" ((PASSED++)) || true @@ -44,7 +50,7 @@ echo "=========================================" echo "" echo "1. Explorer (Blockscout) - Public" -test_endpoint "Explorer homepage" "https://explorer.d-bis.org/" "SolaceScanScout|Blockscout|blockscout||/dev/null || true set -euo pipefail fi +if [ -f smom-dbis-138/.env ]; then + set +euo pipefail + source smom-dbis-138/.env 2>/dev/null || true + set -euo pipefail +fi # Load ip-addresses.conf for fallbacks (before cd) [ -f "${PROJECT_ROOT}/config/ip-addresses.conf" ] && source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true diff --git a/scripts/verify/verify-backend-vms.sh b/scripts/verify/verify-backend-vms.sh index dfe6ae5..6ddfaaa 100755 --- a/scripts/verify/verify-backend-vms.sh +++ b/scripts/verify/verify-backend-vms.sh @@ -192,6 +192,8 @@ verify_vm() { fi # Health check endpoints + # Note: 301 = HTTPS redirect (normal); 404 = wrong port/path or NPMplus; 000 = no connection (host/firewall/context). + # See docs/04-configuration/DETAILED_GAPS_AND_ISSUES_LIST.md §11a. HEALTH_ENDPOINTS=() if [ "$status" = "running" ] && [ -n "$actual_ip" ]; then # Test HTTP endpoints (nginx and web both use port 80) diff --git a/smom-dbis-138 b/smom-dbis-138 index 51b9b74..1511f33 160000 --- a/smom-dbis-138 +++ b/smom-dbis-138 @@ -1 +1 @@ -Subproject commit 51b9b7458b3fb1f8f038d75e3b6bbb081ebcd3e7 +Subproject commit 1511f33857829b762de5deeea135ce5af117997f diff --git a/token-lists/lists/dbis-138.tokenlist.json b/token-lists/lists/dbis-138.tokenlist.json index c663f04..b4c9bf0 100644 --- a/token-lists/lists/dbis-138.tokenlist.json +++ b/token-lists/lists/dbis-138.tokenlist.json @@ -1 +1 @@ -{"name":"DBIS Chain 138 Token List","version":{"major":1,"minor":5,"patch":0},"timestamp":"2026-02-28T00:00:00.000Z","keywords":["dbis","chain138","defi oracle meta"],"logoURI":"https://ipfs.io/ipfs/Qma3FKtLce9MjgJgWbtyCxBiPjJ6xi8jGWUSKNS5Jc2ong","tokens":[{"chainId":138,"address":"0x3304b747E565a97ec8AC220b0B6A1f6ffDB837e6","name":"ETH/USD Price Feed","symbol":"ETH-USD","decimals":8,"logoURI":"https://ipfs.io/ipfs/QmPZuycjyJEe2otREuQ5HirvPJ8X6Yc6MBtwz1VhdD79pY","tags":["oracle","pricefeed"]},{"chainId":138,"address":"0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2","name":"Wrapped Ether","symbol":"WETH","decimals":18,"logoURI":"https://ipfs.io/ipfs/Qma3FKtLce9MjgJgWbtyCxBiPjJ6xi8jGWUSKNS5Jc2ong","tags":["defi","wrapped"]},{"chainId":138,"address":"0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9F","name":"Wrapped Ether v10","symbol":"WETH10","decimals":18,"logoURI":"https://ipfs.io/ipfs/QmanDFPHxnbKd6SSNzzXHf9GbpL9dLXSphxDZSPPYE6ds4","tags":["defi","wrapped"]},{"chainId":138,"address":"0xb7721dD53A8c629d9f1Ba31a5819AFe250002b03","name":"Chainlink Token","symbol":"LINK","decimals":18,"logoURI":"https://ipfs.io/ipfs/QmenWcmfNGfssz4HXvrRV912eZDiKqLTt6z2brRYuTGz9A","tags":["defi","oracle","ccip"]},{"chainId":138,"address":"0x93E66202A11B1772E55407B32B44e5Cd8eda7f22","name":"Compliant Tether USD","symbol":"cUSDT","decimals":6,"logoURI":"https://ipfs.io/ipfs/QmRfhPs9DcyFPpGjKwF6CCoVDWUHSxkQR34n9NK7JSbPCP","tags":["stablecoin","defi","compliant"]},{"chainId":138,"address":"0xf22258f57794CC8E06237084b353Ab30fFfa640b","name":"Compliant USD Coin","symbol":"cUSDC","decimals":6,"logoURI":"https://ipfs.io/ipfs/QmNPq4D5JXzurmi9jAhogVMzhAQRk1PZ1r9H3qQUV9gjDm","tags":["stablecoin","defi","compliant"]},{"chainId":138,"address":"0x8085961F9cF02b4d800A3c6d386D31da4B34266a","name":"Euro Coin (Compliant)","symbol":"cEURC","decimals":6,"logoURI":"https://ipfs.io/ipfs/Qma3FKtLce9MjgJgWbtyCxBiPjJ6xi8jGWUSKNS5Jc2ong","tags":["stablecoin","defi","compliant"]}],"tags":{"defi":{"name":"DeFi","description":"Decentralized Finance tokens"},"wrapped":{"name":"Wrapped","description":"Wrapped tokens representing native assets"},"oracle":{"name":"Oracle","description":"Oracle price feed tokens"},"pricefeed":{"name":"Price Feed","description":"Price feed oracle contracts"},"stablecoin":{"name":"Stablecoin","description":"Stable value tokens pegged to fiat currencies"},"compliant":{"name":"Compliant","description":"Regulatory compliant tokens with compliance features"},"ccip":{"name":"CCIP","description":"Cross Chain Interoperability Protocol tokens"}}} \ No newline at end of file +{"name":"DBIS Chain 138 Token List","version":{"major":1,"minor":6,"patch":0},"timestamp":"2026-02-28T00:00:00.000Z","keywords":["dbis","chain138","defi oracle meta"],"logoURI":"https://ipfs.io/ipfs/Qma3FKtLce9MjgJgWbtyCxBiPjJ6xi8jGWUSKNS5Jc2ong","tokens":[{"chainId":138,"address":"0x3304b747E565a97ec8AC220b0B6A1f6ffDB837e6","name":"ETH/USD Price Feed","symbol":"ETH-USD","decimals":8,"logoURI":"https://ipfs.io/ipfs/QmPZuycjyJEe2otREuQ5HirvPJ8X6Yc6MBtwz1VhdD79pY","tags":["oracle","pricefeed"]},{"chainId":138,"address":"0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2","name":"Wrapped Ether","symbol":"WETH","decimals":18,"logoURI":"https://ipfs.io/ipfs/Qma3FKtLce9MjgJgWbtyCxBiPjJ6xi8jGWUSKNS5Jc2ong","tags":["defi","wrapped"]},{"chainId":138,"address":"0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9F","name":"Wrapped Ether v10","symbol":"WETH10","decimals":18,"logoURI":"https://ipfs.io/ipfs/QmanDFPHxnbKd6SSNzzXHf9GbpL9dLXSphxDZSPPYE6ds4","tags":["defi","wrapped"]},{"chainId":138,"address":"0xb7721dD53A8c629d9f1Ba31a5819AFe250002b03","name":"Chainlink Token","symbol":"LINK","decimals":18,"logoURI":"https://ipfs.io/ipfs/QmenWcmfNGfssz4HXvrRV912eZDiKqLTt6z2brRYuTGz9A","tags":["defi","oracle","ccip"]},{"chainId":138,"address":"0x93E66202A11B1772E55407B32B44e5Cd8eda7f22","name":"Compliant Tether USD","symbol":"cUSDT","decimals":6,"logoURI":"https://ipfs.io/ipfs/QmRfhPs9DcyFPpGjKwF6CCoVDWUHSxkQR34n9NK7JSbPCP","tags":["stablecoin","defi","compliant"]},{"chainId":138,"address":"0xf22258f57794CC8E06237084b353Ab30fFfa640b","name":"Compliant USD Coin","symbol":"cUSDC","decimals":6,"logoURI":"https://ipfs.io/ipfs/QmNPq4D5JXzurmi9jAhogVMzhAQRk1PZ1r9H3qQUV9gjDm","tags":["stablecoin","defi","compliant"]},{"chainId":138,"address":"0x8085961F9cF02b4d800A3c6d386D31da4B34266a","name":"Euro Coin (Compliant)","symbol":"cEURC","decimals":6,"logoURI":"https://ipfs.io/ipfs/Qma3FKtLce9MjgJgWbtyCxBiPjJ6xi8jGWUSKNS5Jc2ong","tags":["stablecoin","defi","compliant"]},{"chainId":138,"address":"0xdf4b71c61E5912712C1Bdd451416B9aC26949d72","name":"Tether EUR (Compliant)","symbol":"cEURT","decimals":6,"logoURI":"https://ipfs.io/ipfs/Qma3FKtLce9MjgJgWbtyCxBiPjJ6xi8jGWUSKNS5Jc2ong","tags":["stablecoin","defi","compliant"]},{"chainId":138,"address":"0x003960f16D9d34F2e98d62723B6721Fb92074aD2","name":"Pound Sterling (Compliant)","symbol":"cGBPC","decimals":6,"logoURI":"https://ipfs.io/ipfs/Qma3FKtLce9MjgJgWbtyCxBiPjJ6xi8jGWUSKNS5Jc2ong","tags":["stablecoin","defi","compliant"]},{"chainId":138,"address":"0x350f54e4D23795f86A9c03988c7135357CCaD97c","name":"Tether GBP (Compliant)","symbol":"cGBPT","decimals":6,"logoURI":"https://ipfs.io/ipfs/Qma3FKtLce9MjgJgWbtyCxBiPjJ6xi8jGWUSKNS5Jc2ong","tags":["stablecoin","defi","compliant"]},{"chainId":138,"address":"0xD51482e567c03899eecE3CAe8a058161FD56069D","name":"Australian Dollar (Compliant)","symbol":"cAUDC","decimals":6,"logoURI":"https://ipfs.io/ipfs/Qma3FKtLce9MjgJgWbtyCxBiPjJ6xi8jGWUSKNS5Jc2ong","tags":["stablecoin","defi","compliant"]},{"chainId":138,"address":"0xEe269e1226a334182aace90056EE4ee5Cc8A6770","name":"Japanese Yen (Compliant)","symbol":"cJPYC","decimals":6,"logoURI":"https://ipfs.io/ipfs/Qma3FKtLce9MjgJgWbtyCxBiPjJ6xi8jGWUSKNS5Jc2ong","tags":["stablecoin","defi","compliant"]},{"chainId":138,"address":"0x873990849DDa5117d7C644f0aF24370797C03885","name":"Swiss Franc (Compliant)","symbol":"cCHFC","decimals":6,"logoURI":"https://ipfs.io/ipfs/Qma3FKtLce9MjgJgWbtyCxBiPjJ6xi8jGWUSKNS5Jc2ong","tags":["stablecoin","defi","compliant"]},{"chainId":138,"address":"0x54dBd40cF05e15906A2C21f600937e96787f5679","name":"Canadian Dollar (Compliant)","symbol":"cCADC","decimals":6,"logoURI":"https://ipfs.io/ipfs/Qma3FKtLce9MjgJgWbtyCxBiPjJ6xi8jGWUSKNS5Jc2ong","tags":["stablecoin","defi","compliant"]},{"chainId":138,"address":"0x290E52a8819A4fbD0714E517225429aA2B70EC6b","name":"Gold (Compliant)","symbol":"cXAUC","decimals":6,"logoURI":"https://ipfs.io/ipfs/Qma3FKtLce9MjgJgWbtyCxBiPjJ6xi8jGWUSKNS5Jc2ong","tags":["defi","compliant"]},{"chainId":138,"address":"0x94e408E26c6FD8F4ee00b54dF19082FDA07dC96E","name":"Tether XAU (Compliant)","symbol":"cXAUT","decimals":6,"logoURI":"https://ipfs.io/ipfs/Qma3FKtLce9MjgJgWbtyCxBiPjJ6xi8jGWUSKNS5Jc2ong","tags":["defi","compliant"]}],"tags":{"defi":{"name":"DeFi","description":"Decentralized Finance tokens"},"wrapped":{"name":"Wrapped","description":"Wrapped tokens representing native assets"},"oracle":{"name":"Oracle","description":"Oracle price feed tokens"},"pricefeed":{"name":"Price Feed","description":"Price feed oracle contracts"},"stablecoin":{"name":"Stablecoin","description":"Stable value tokens pegged to fiat currencies"},"compliant":{"name":"Compliant","description":"Regulatory compliant tokens with compliance features"},"ccip":{"name":"CCIP","description":"Cross Chain Interoperability Protocol tokens"}}} \ No newline at end of file diff --git a/token-lists/scripts/diff-blockscout-vs-tokenlist.js b/token-lists/scripts/diff-blockscout-vs-tokenlist.js new file mode 100644 index 0000000..f2a6514 --- /dev/null +++ b/token-lists/scripts/diff-blockscout-vs-tokenlist.js @@ -0,0 +1,170 @@ +#!/usr/bin/env node +/** + * Full diff: Blockscout /api/v2/tokens vs curated token list (Chain 138). + * + * Outputs: + * - missing_in_blockscout: in tokenlist but not in Blockscout response + * - missing_in_tokenlist: in Blockscout but not in tokenlist + * - metadata_mismatches: same address, different name/symbol/decimals (or null/0) + * - source-of-truth recommendation per field + * + * Usage: + * node diff-blockscout-vs-tokenlist.js + * node diff-blockscout-vs-tokenlist.js --url "https://explorer.d-bis.org/api/v2/tokens" + * node diff-blockscout-vs-tokenlist.js --file /path/to/blockscout-tokens.json + * + * Curated list: token-lists/lists/dbis-138.tokenlist.json (Chain 138 tokens). + * ETH-USD (oracle) is not an ERC-20 supply token; it is expected to be missing from Blockscout. + */ + +import { readFileSync } from 'fs'; +import { dirname, resolve } from 'path'; +import { fileURLToPath } from 'url'; + +const __dirname = dirname(fileURLToPath(import.meta.url)); +const CHAIN_ID = 138; +const TOKENLIST_PATH = resolve(__dirname, '../lists/dbis-138.tokenlist.json'); + +function normAddr(addr) { + return (addr || '').toLowerCase(); +} + +function parseArgs() { + const args = process.argv.slice(2); + let url = null; + let file = null; + for (let i = 0; i < args.length; i++) { + if (args[i] === '--url' && args[i + 1]) { + url = args[i + 1]; + i++; + } else if (args[i] === '--file' && args[i + 1]) { + file = args[i + 1]; + i++; + } + } + return { url, file }; +} + +async function fetchAllBlockscoutTokens(baseUrl) { + const items = []; + let next = null; + const base = baseUrl.replace(/\?.*$/, ''); + while (true) { + const qs = next ? new URLSearchParams({ page_size: 100, ...next }) : new URLSearchParams({ page: 1, page_size: 100 }); + const res = await fetch(`${base}?${qs}`); + if (!res.ok) throw new Error(`Blockscout ${res.status}`); + const data = await res.json(); + const list = data.items ?? data.data ?? (Array.isArray(data) ? data : []); + items.push(...list); + next = data.next_page_params ?? null; + if (!next) break; + } + return items; +} + +function loadTokenList() { + const raw = readFileSync(TOKENLIST_PATH, 'utf8'); + const data = JSON.parse(raw); + const tokens = (data.tokens || []).filter((t) => t.chainId === CHAIN_ID); + return tokens.map((t) => ({ + address: normAddr(t.address), + name: t.name ?? null, + symbol: t.symbol ?? null, + decimals: t.decimals != null ? Number(t.decimals) : null, + logoURI: t.logoURI ?? null, + })); +} + +function loadBlockscoutFromFile(path) { + const raw = readFileSync(path, 'utf8'); + const data = JSON.parse(raw); + const list = data.items ?? data.data ?? (Array.isArray(data) ? data : []); + return list.map((t) => ({ + address: normAddr(t.address ?? t.hash), + name: t.name ?? null, + symbol: t.symbol ?? null, + decimals: t.decimals != null && t.decimals !== '' ? Number(t.decimals) : null, + })); +} + +function runDiff(tokenlist, blockscout) { + const byAddr = (arr) => Object.fromEntries(arr.map((t) => [t.address, t])); + const listMap = byAddr(tokenlist); + const scoutMap = byAddr(blockscout); + + const missing_in_blockscout = tokenlist + .filter((t) => !scoutMap[t.address]) + .map((t) => ({ address: t.address, symbol: t.symbol, name: t.name, note: t.symbol === 'ETH-USD' ? 'Oracle; not ERC-20 supply token' : null })); + + const missing_in_tokenlist = blockscout + .filter((t) => !listMap[t.address]) + .map((t) => ({ address: t.address, symbol: t.symbol, name: t.name, decimals: t.decimals })); + + const metadata_mismatches = []; + for (const addr of Object.keys(listMap)) { + const list = listMap[addr]; + const scout = scoutMap[addr]; + if (!scout) continue; + const mismatches = []; + if (list.name !== scout.name && (scout.name != null || list.name != null)) mismatches.push({ field: 'name', tokenlist: list.name, blockscout: scout.name }); + if (list.symbol !== scout.symbol && (scout.symbol != null || list.symbol != null)) mismatches.push({ field: 'symbol', tokenlist: list.symbol, blockscout: scout.symbol }); + if (list.decimals !== scout.decimals && (scout.decimals != null || list.decimals != null)) mismatches.push({ field: 'decimals', tokenlist: list.decimals, blockscout: scout.decimals }); + if (mismatches.length) metadata_mismatches.push({ address: addr, symbol: list.symbol ?? scout.symbol, mismatches }); + } + + return { missing_in_blockscout, missing_in_tokenlist, metadata_mismatches }; +} + +function sourceOfTruthRecommendation(diff) { + return { + address: 'Token list (dbis-138.tokenlist.json) and CONTRACT_ADDRESSES_REFERENCE; Blockscout is on-chain index.', + symbol: 'Token list; use Explorer UI override only when Blockscout returns null (e.g. WETH9).', + name: 'Token list; same as symbol.', + decimals: 'Token list; use override when Blockscout returns 0 or null.', + logo: 'Token list logoURI.', + }; +} + +function main() { + const { url, file } = parseArgs(); + const baseUrl = url || 'https://explorer.d-bis.org/api/v2/tokens'; + + (async () => { + let blockscout; + if (file) { + blockscout = loadBlockscoutFromFile(file); + console.error(`Loaded ${blockscout.length} tokens from file: ${file}`); + } else { + try { + blockscout = await fetchAllBlockscoutTokens(baseUrl); + console.error(`Fetched ${blockscout.length} tokens from ${baseUrl}`); + } catch (e) { + console.error('Fetch failed:', e.message); + console.error('Use --file path/to/blockscout-tokens.json with a saved snapshot.'); + process.exit(1); + } + } + + const tokenlist = loadTokenList(); + console.error(`Loaded ${tokenlist.length} Chain ${CHAIN_ID} tokens from ${TOKENLIST_PATH}`); + + const diff = runDiff(tokenlist, blockscout); + const recommendation = sourceOfTruthRecommendation(diff); + + const out = { + chainId: CHAIN_ID, + tokenlist_path: TOKENLIST_PATH, + blockscout_source: file || baseUrl, + missing_in_blockscout: diff.missing_in_blockscout, + missing_in_tokenlist: diff.missing_in_tokenlist, + metadata_mismatches: diff.metadata_mismatches, + source_of_truth: recommendation, + }; + console.log(JSON.stringify(out, null, 2)); + })().catch((e) => { + console.error(e); + process.exit(1); + }); +} + +main(); diff --git a/x402-api/.env.example b/x402-api/.env.example index c1e4f1a..1fcabbb 100644 --- a/x402-api/.env.example +++ b/x402-api/.env.example @@ -5,6 +5,9 @@ THIRDWEB_SECRET_KEY=your-thirdweb-secret-key # Server wallet that receives payments (must be a valid address) SERVER_WALLET_ADDRESS=0x0000000000000000000000000000000000000000 +# Optional: use ALL Mainnet (Alltra, 651940) for payments — Alltra-native x402 + USDC (recommended for production) +X402_USE_ALLTRA=false + # Optional: use Chain 138 for payments (default: false = use Arbitrum Sepolia + USDC for testing) # Set to true only after a Chain 138 token supports ERC-2612/ERC-3009. See docs/04-configuration/CHAIN138_X402_TOKEN_SUPPORT.md X402_USE_CHAIN_138=false @@ -12,5 +15,8 @@ X402_USE_CHAIN_138=false # Optional: Chain 138 RPC when X402_USE_CHAIN_138=true RPC_URL_138=https://rpc-http-pub.d-bis.org +# Optional: Chain 651940 (Alltra) RPC when X402_USE_ALLTRA=true +CHAIN_651940_RPC_URL=https://mainnet-rpc.alltra.global + # Optional: server port (default 4020) PORT=4020 diff --git a/x402-api/README.md b/x402-api/README.md index d08f133..4a1999c 100644 --- a/x402-api/README.md +++ b/x402-api/README.md @@ -30,12 +30,13 @@ npm run dev Clients must send payment authorization in the `PAYMENT-SIGNATURE` or `X-PAYMENT` header (e.g. using thirdweb’s `useFetchWithPayment` or equivalent). -## Chain 138 and token support +## Chain and token support -x402 requires the payment token to support **ERC-2612 permit** or **ERC-3009**. Currently, cUSDT and cUSDC on Chain 138 do **not** support these (see [CHAIN138_X402_TOKEN_SUPPORT.md](../docs/04-configuration/CHAIN138_X402_TOKEN_SUPPORT.md)). +x402 requires the payment token to support **ERC-2612 permit** or **ERC-3009** when using thirdweb facilitator. For **Alltra (651940)** we use **local verification** (no facilitator): server returns 402 + `PAYMENT-REQUIRED`, client pays USDC on 651940 and retries with `PAYMENT-SIGNATURE` + `txHash`; server verifies settlement on-chain. See [X402_ALLTRA_ENDPOINT_SPEC.md](../docs/04-configuration/X402_ALLTRA_ENDPOINT_SPEC.md). -- **Default:** The API uses **Arbitrum Sepolia** and default USDC (`price: "$0.01"`) so you can test end-to-end without Chain 138. -- **Chain 138:** Set `X402_USE_CHAIN_138=true` and optionally `RPC_URL_138` in `.env` once a Chain 138 token has permit/ERC-3009 (e.g. after adding ERC20Permit to compliant tokens and redeploying). The server then uses the custom Chain 138 definition and the configured token for settlement. +- **Default:** The API uses **Arbitrum Sepolia** and default USDC so you can test without custom chains. +- **Alltra (651940) + USDC:** Set `X402_USE_ALLTRA=true` and `SERVER_WALLET_ADDRESS` in `.env`. Optional: `CHAIN_651940_RPC_URL`. Local verification is used; `THIRDWEB_SECRET_KEY` is not required for the Alltra path. +- **Chain 138:** Set `X402_USE_CHAIN_138=true` and optionally `RPC_URL_138` once a Chain 138 token has permit/ERC-3009 (see [CHAIN138_X402_TOKEN_SUPPORT.md](../docs/04-configuration/CHAIN138_X402_TOKEN_SUPPORT.md)). Verification script for token support: @@ -49,8 +50,10 @@ Verification script for token support: |----------|----------|-------------| | `THIRDWEB_SECRET_KEY` | Yes | thirdweb API secret key | | `SERVER_WALLET_ADDRESS` | Yes | Address that receives x402 payments | +| `X402_USE_ALLTRA` | No | `true` for Alltra (651940) USDC + local verification (default `false`) | | `X402_USE_CHAIN_138` | No | `true` to use Chain 138 (default `false`) | | `RPC_URL_138` | No | Chain 138 RPC when using Chain 138 (default public RPC) | +| `CHAIN_651940_RPC_URL` | No | Alltra RPC when `X402_USE_ALLTRA=true` (default mainnet-rpc.alltra.global) | | `PORT` | No | Server port (default `4020`) | ## References diff --git a/x402-api/src/index.js b/x402-api/src/index.js index 05b6850..ac20847 100644 --- a/x402-api/src/index.js +++ b/x402-api/src/index.js @@ -1,13 +1,14 @@ /** * Minimal x402-enabled Express API using thirdweb settlePayment. - * Supports custom Chain 138; default payment chain is Arbitrum Sepolia (USDC) for testing - * until a Chain 138 token supports ERC-2612/ERC-3009. See docs/04-configuration/CHAIN138_X402_TOKEN_SUPPORT.md. + * Supports Chain 138, Alltra (651940) with USDC + local verification. + * See docs/04-configuration/X402_ALLTRA_ENDPOINT_SPEC.md and CHAIN138_X402_TOKEN_SUPPORT.md. */ import "dotenv/config"; import express from "express"; import { createThirdwebClient, defineChain } from "thirdweb"; import { facilitator, settlePayment } from "thirdweb/x402"; import { arbitrumSepolia } from "thirdweb/chains"; +import { randomUUID } from "crypto"; const app = express(); app.use(express.json()); @@ -16,7 +17,9 @@ const PORT = process.env.PORT || 4020; const secretKey = process.env.THIRDWEB_SECRET_KEY; const serverWalletAddress = process.env.SERVER_WALLET_ADDRESS; const useChain138 = process.env.X402_USE_CHAIN_138 === "true"; +const useAlltra = process.env.X402_USE_ALLTRA === "true"; const rpcUrl138 = process.env.RPC_URL_138 || "https://rpc-http-pub.d-bis.org"; +const rpcUrl651940 = process.env.CHAIN_651940_RPC_URL || process.env.RPC_URL_651940 || "https://mainnet-rpc.alltra.global"; /** Custom Chain 138 for thirdweb (DeFi Oracle Meta Mainnet) */ const chain138 = defineChain({ @@ -30,6 +33,21 @@ const chain138 = defineChain({ }, }); +/** Chain 651940 — ALL Mainnet (Alltra); default for Alltra-native x402 + USDC */ +const chain651940 = defineChain({ + id: 651940, + name: "ALL Mainnet", + rpc: rpcUrl651940, + nativeCurrency: { + name: "Ether", + symbol: "ETH", + decimals: 18, + }, + blockExplorers: [ + { name: "Alltra", url: "https://alltra.global" }, + ], +}); + const client = secretKey ? createThirdwebClient({ secretKey }) : null; @@ -41,18 +59,52 @@ const thirdwebFacilitator = }) : null; -/** Resolve network: Chain 138 if enabled and token supports permit, else Arbitrum Sepolia for USDC. */ +/** Resolve network: Alltra (651940) if enabled, else Chain 138 if enabled, else Arbitrum Sepolia for testing. */ function getNetwork() { + if (useAlltra && thirdwebFacilitator) { + return chain651940; + } if (useChain138 && thirdwebFacilitator) { return chain138; } return arbitrumSepolia; } -/** Price: USD string (default USDC on chain) or token object for Chain 138 when permit is available. */ +/** Alltra USDC (AUSDC) — docs/11-references/ADDRESS_MATRIX_AND_STATUS.md §2.3 */ +const ALLTRA_USDC_ADDRESS = "0xa95EeD79f84E6A0151eaEb9d441F9Ffd50e8e881"; + +/** Replay store: (payer:resourceId:nonce) -> expiresAt (ms). In production use Redis/DB. */ +const replayStore = new Map(); +const REPLAY_TTL_MS = 15 * 60 * 1000; // 15 min + +function replayKey(payer, resourceId, nonce) { + return `${payer.toLowerCase()}:${resourceId}:${nonce}`; +} + +function isReplayConsumed(payer, resourceId, nonce) { + const key = replayKey(payer, resourceId, nonce); + const exp = replayStore.get(key); + if (!exp) return false; + if (Date.now() > exp) { + replayStore.delete(key); + return false; + } + return true; +} + +function markReplayConsumed(payer, resourceId, nonce) { + replayStore.set(replayKey(payer, resourceId, nonce), Date.now() + REPLAY_TTL_MS); +} + +/** Price: Alltra USDC, Chain 138 cUSDC, or Arbitrum Sepolia default. */ function getPrice() { + if (useAlltra) { + return { + amount: "10000", + asset: { address: ALLTRA_USDC_ADDRESS, decimals: 6 }, + }; + } if (useChain138) { - // When a Chain 138 token has permit, use e.g. cUSDC: 0xf22258f57794CC8E06237084b353Ab30fFfa640b, 6 decimals const cusdc138 = "0xf22258f57794CC8E06237084b353Ab30fFfa640b"; return { amount: "10000", @@ -62,8 +114,104 @@ function getPrice() { return "$0.01"; } -/** Shared handler for paid routes (PAYMENT-SIGNATURE or X-PAYMENT header). */ +/** Build PaymentRequired for Alltra (651940) USDC — see X402_ALLTRA_ENDPOINT_SPEC.md */ +function buildPaymentRequired(resourceId) { + const expiresAt = new Date(Date.now() + 5 * 60 * 1000).toISOString(); + return { + network: "eip155:651940", + asset: ALLTRA_USDC_ADDRESS, + amount: "10000", + recipient: serverWalletAddress, + nonce: randomUUID(), + expiresAt, + resourceId, + }; +} + +/** Verify settlement on 651940 via eth_getTransactionReceipt */ +async function verifySettlementOnChain(txHash) { + const body = JSON.stringify({ + jsonrpc: "2.0", + id: 1, + method: "eth_getTransactionReceipt", + params: [txHash], + }); + const r = await fetch(rpcUrl651940, { + method: "POST", + headers: { "Content-Type": "application/json" }, + body, + }); + const data = await r.json(); + const receipt = data?.result; + return receipt && receipt.status === "0x1"; +} + +/** Alltra-native local verification: 402 + PAYMENT-REQUIRED when unpaid; verify PAYMENT-SIGNATURE and settlement. */ +async function handlePaidRouteAlltra(req, res) { + if (!serverWalletAddress) { + return res.status(503).json({ + error: "x402 not configured", + hint: "Set SERVER_WALLET_ADDRESS in .env", + }); + } + + const resourceId = `${req.method} ${req.originalUrl || req.url}`; + const paymentData = + req.headers["payment-signature"] || + req.headers["PAYMENT-SIGNATURE"] || + req.headers["x-payment"] || + req.headers["X-PAYMENT"]; + + if (!paymentData || paymentData.trim() === "") { + const paymentRequired = buildPaymentRequired(resourceId); + const headerValue = Buffer.from(JSON.stringify(paymentRequired), "utf8").toString("base64"); + return res + .status(402) + .set("PAYMENT-REQUIRED", headerValue) + .json({ error: "Payment required", paymentRequired: { ...paymentRequired, amount: paymentRequired.amount } }); + } + + let payload; + try { + payload = JSON.parse(Buffer.from(paymentData, "base64").toString("utf8")); + } catch { + return res.status(400).json({ error: "Invalid PAYMENT-SIGNATURE: not base64 JSON" }); + } + + const { payer, paymentRequired: pr, txHash } = payload; + if (!payer || !pr || !txHash) { + return res.status(400).json({ error: "PAYMENT-SIGNATURE must include payer, paymentRequired, txHash" }); + } + + if (pr.recipient?.toLowerCase() !== serverWalletAddress?.toLowerCase() || pr.asset?.toLowerCase() !== ALLTRA_USDC_ADDRESS.toLowerCase()) { + return res.status(400).json({ error: "Payment intent does not match (recipient or asset)" }); + } + if (new Date(pr.expiresAt) < new Date()) { + return res.status(400).json({ error: "Payment expired" }); + } + + if (isReplayConsumed(payer, resourceId, pr.nonce)) { + return res.status(400).json({ error: "Replay: payment already consumed" }); + } + + const ok = await verifySettlementOnChain(txHash); + if (!ok) { + return res.status(400).json({ error: "Settlement verification failed: invalid or failed tx on 651940" }); + } + + markReplayConsumed(payer, resourceId, pr.nonce); + return res.json({ + data: "paid content", + message: "Payment settled successfully (Alltra local verification)", + }); +} + +/** Shared handler for paid routes (PAYMENT-SIGNATURE or X-PAYMENT header) — thirdweb facilitator path. */ async function handlePaidRoute(req, res) { + if (useAlltra) { + return handlePaidRouteAlltra(req, res); + } + const paymentData = req.headers["payment-signature"] || req.headers["PAYMENT-SIGNATURE"] || @@ -114,10 +262,11 @@ app.get("/api/paid", handlePaidRoute); /** Health: no payment required. */ app.get("/health", (req, res) => { + const chainName = useAlltra ? "alltra-651940" : useChain138 ? "chain138" : "arbitrumSepolia"; res.json({ ok: true, x402: !!thirdwebFacilitator, - chain: useChain138 ? "chain138" : "arbitrumSepolia", + chain: chainName, }); }); @@ -126,6 +275,7 @@ app.listen(PORT, () => { if (!thirdwebFacilitator) { console.warn("THIRDWEB_SECRET_KEY or SERVER_WALLET_ADDRESS not set; /api/premium will return 503."); } else { - console.log(`Payment chain: ${useChain138 ? "Chain 138" : "Arbitrum Sepolia (default USDC)"}`); + const chainName = useAlltra ? "ALL Mainnet (651940) USDC" : useChain138 ? "Chain 138" : "Arbitrum Sepolia (default USDC)"; + console.log(`Payment chain: ${chainName}`); } });