d-bis/proxmox
4
0
Fork 0
Code Issues 2 Pull Requests 13 Actions Packages Projects Releases Wiki Activity

Compare commits

base: d-bis:master
Branches Tags
d-bis:master d-bis:devin/1777471106-phase4b-v2-runbook d-bis:devin/1777459320-phase3-deployed-cbtc-wired d-bis:devin/1777435956-stack-a-canonicalization d-bis:devin/1777403009-phoenix-bootstrap d-bis:main d-bis:devin/1777249218-harden-branch-detection d-bis:chore/explorer-pricing-rollout-coordination d-bis:devin/1777157605-cromero-deploy-target d-bis:sync/currencicombo-phoenix-e2e d-bis:devin/coingecko-normalization-companion-20260419 d-bis:devin/explorer-verification-checklist-20260419 d-bis:devin/1776625819-chain138-listing-assets d-bis:devin/1776628206-rename-defi-to-capital-f d-bis:devin/1776625631-doc-reconcile-status-vocab d-bis:devin/phase5-ci-reconciliation-1776542837 d-bis:devin/phase1a-vault-consumer-prep-1776543363 d-bis:devin/phase4-drop-local-junk-1776542674 d-bis:devin/phase3-submodule-remotes-1776542381 d-bis:chore/ignore-local-runtime-artifacts d-bis:docs/mev-and-ops-runbook-refresh d-bis:docs/explorer-blockscout-and-verification-refresh d-bis:feat/canonical-token-and-list-refresh d-bis:feat/extraction-and-liquidity-improvement-pack d-bis:feat/mainnet-cw-liquidity-and-exit-ops d-bis:feat/gru-v2-full-mesh-ops-pack d-bis:feat/chain138-aave-gmx-rollout-scaffolding d-bis:feat/token-aggregation-aave-and-route-planning
d-bis:proxmox-clean-checkpoint-2026-04-24
..
compare: d-bis:devin/1777249218-harden-branch-detection
Branches Tags
d-bis:devin/1777471106-phase4b-v2-runbook d-bis:master d-bis:devin/1777459320-phase3-deployed-cbtc-wired d-bis:devin/1777435956-stack-a-canonicalization d-bis:devin/1777403009-phoenix-bootstrap d-bis:main d-bis:devin/1777249218-harden-branch-detection d-bis:chore/explorer-pricing-rollout-coordination d-bis:devin/1777157605-cromero-deploy-target d-bis:sync/currencicombo-phoenix-e2e d-bis:devin/coingecko-normalization-companion-20260419 d-bis:devin/explorer-verification-checklist-20260419 d-bis:devin/1776625819-chain138-listing-assets d-bis:devin/1776628206-rename-defi-to-capital-f d-bis:devin/1776625631-doc-reconcile-status-vocab d-bis:devin/phase5-ci-reconciliation-1776542837 d-bis:devin/phase1a-vault-consumer-prep-1776543363 d-bis:devin/phase4-drop-local-junk-1776542674 d-bis:devin/phase3-submodule-remotes-1776542381 d-bis:chore/ignore-local-runtime-artifacts d-bis:docs/mev-and-ops-runbook-refresh d-bis:docs/explorer-blockscout-and-verification-refresh d-bis:feat/canonical-token-and-list-refresh d-bis:feat/extraction-and-liquidity-improvement-pack d-bis:feat/mainnet-cw-liquidity-and-exit-ops d-bis:feat/gru-v2-full-mesh-ops-pack d-bis:feat/chain138-aave-gmx-rollout-scaffolding d-bis:feat/token-aggregation-aave-and-route-planning
d-bis:proxmox-clean-checkpoint-2026-04-24

1 Commits
master ... devin/1777

Author SHA1 Message Date
Devin AI
2d4413ae97 fix(ci): harden branch detection in Phoenix deploy workflows
Some checks failed
AI Code Review / claude-review (pull_request) Failing after 1m7s
Details
Validate (PR) / run-all-validation (pull_request) Failing after 26s
Details 
actions/checkout@v4 checks out a detached HEAD, so
`git rev-parse --abbrev-ref HEAD` can return 'HEAD' instead of
the actual branch name, causing the Phoenix deploy target lookup
to miss the main/master match.

Use GITHUB_REF_NAME (set by Gitea Actions) with a git fallback,
matching the pattern already used in explorer-monorepo's
deploy-live.yml.

Affected workflows:
- deploy-to-phoenix.yml (deploy, deploy-atomic-swap-dapp, cloudflare)
- deploy-portal-live.yml (deploy)
- workflow-sources/deploy-to-phoenix.yml (kept byte-identical)

Co-Authored-By: Nakamoto, S <defi@defi-oracle.io>
 2026-04-27 00:21:34 +00:00
185 changed files with 494 additions and 19754 deletions
Expand all files Collapse all files

18
.cursor/rules/chain138-tokens-and-pmm.mdc
View File

@@ -10,23 +10,9 @@ alwaysApply: true
- **cUSDT:** `0x93E66202A11B1772E55407B32B44e5Cd8eda7f22` (6 decimals)
- **cUSDC:** `0xf22258f57794CC8E06237084b353Ab30fFfa640b` (6 decimals)
**DODOPMMIntegration (live, traded):** `0x86ADA6Ef91A3B450F89f2b751e93B1b7A3218895` — confirmed live via on-chain probe (2026-04-22): `compliantUSDT()` / `compliantUSDC()` return the canonical cUSDT/cUSDC above; `pools[][]` mapping resolves to the live funded pool set below; `isRegisteredPool` is TRUE for all 8 pools listed under "PMM pools (live, traded)". `0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d` is a parallel deployment of the same source with different immutables and seeded but un-traded pools — do not wire dApps or routers to it.
**DODOPMMIntegration:** `0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d` — reconciled with `docs/11-references/ADDRESS_MATRIX_AND_STATUS.md` (on-chain verification 2026-03-26); `compliantUSDT()` / `compliantUSDC()` return the canonical cUSDT/cUSDC above.
**DODOPMMProvider (ILiquidityProvider, live):** `0x3f729632E9553EBacCdE2e9b4c8F2B285b014F2e` — `dodoIntegration() == 0x86ADA6Ef…`, `providerName() == "DODO PMM"`, `isKnownPool` TRUE for all 8 live pools. Use this address as `dodoLiquidityProvider` when deploying `EnhancedSwapRouter`; see `docs/11-references/PMM_DEX_ROUTING_STATUS.md`.
**PMM pools (live, traded — 2026-04-22 on-chain probe):**
- cUSDT/cUSDC `0x9e89bAe009adf128782E19e8341996c596ac40dC` (~983k cUSDT / ~1.016M cUSDC, asymmetric — actively traded)
- cUSDT/USDT `0x866Cb44b59303d8dc5f4F9E3E7A8e8b0bf238d66` (~1M / ~1M)
- cUSDC/USDC `0xc39B7D0F40838cbFb54649d327f49a6DAC964062` (~1M / ~1M)
- cBTC/cUSDT `0x67049e7333481e2cac91af61403ac7bddfab7bcd` (10k cBTC base / 9M cUSDT quote)
- cBTC/cUSDC `0x72f1a0794153c3b8a1e8a731f1d8e1a52cb10dc5` (10k cBTC base / 9M cUSDC quote)
- WETH/USDC `0xb53a0508940b1ff90f1aad4f6cb50a7012fe5593` (~10.1M USDC quote)
- WETH/USDT `0xe227f6c0520c0c6e8786fe56fa76c4914f861533` (~10.1M USDT quote)
- cBTC/cXAUC `0xf3e8a07d419b61f002114e64d79f7cf8f7989433` (10k cBTC base / 1.7k cXAUC quote)
The earlier rule's pool addresses (`0xff8d3b8f…`, `0x6fc60D…`, `0x9f74Be…`) belong to the **parallel** integration `0x5BDc62f1…` (Stack B) and are seeded 10M/10M flat or 0/0 — they are not the live PMM trading set. Source-of-truth corrections to follow in `ADDRESS_MATRIX_AND_STATUS.md` and `PMM_DEX_ROUTING_STATUS.md`.
**cBTC:** `0xe94260c555ac1d9d3cc9e1632883452ebdf0082e` (8 decimals) — base token of the three cBTC pools above.
**PMM pools (live funded public):** cUSDT/cUSDC `0xff8d3b8fDF7B112759F076B69f4271D4209C0849` | cUSDT/USDT `0x6fc60DEDc92a2047062294488539992710b99D71` | cUSDC/USDC `0x9f74Be42725f2Aa072a9E0CdCce0E7203C510263` — see `docs/11-references/ADDRESS_MATRIX_AND_STATUS.md` / `PMM_DEX_ROUTING_STATUS.md`.
**cXAUC / cXAUT (XAU):** `0x290E52a8819A4fbD0714E517225429aA2B70EC6b`, `0x94e408E26c6FD8F4ee00b54dF19082FDA07dC96E` (6 decimals). **1 full token = 1 troy ounce Au** — not USD face value; see `EXPLORER_TOKEN_LIST_CROSSCHECK.md` section 5.1.

18
.devin/README.md
View File

@@ -1,18 +0,0 @@
# Devin for Terminal in Cursor
This project is configured to use Devin for Terminal as a local CLI companion inside Cursor.
- Cursor config import is enabled through `.cursor/rules/` and `.cursor/mcp.json` if present.
- Windsurf config import is disabled for this project.
- `AGENTS.md` remains the canonical shared project guidance.
- Personal Devin overrides and secrets belong in `.devin/config.local.json`, which is gitignored.
- Run `devin auth login` interactively before first use.
Useful commands:
```bash
devin
devin -- "review this repo and suggest the next safe task"
devin auth status
devin mcp list
```

21
.devin/agents/reviewer/AGENT.md
View File

@@ -1,21 +0,0 @@
---
name: reviewer
description: Read-only reviewer for Cursor/Devin handoffs
allowed-tools:
- read
- grep
- glob
- exec
permissions:
allow:
- Exec(git status)
- Exec(git diff)
- Exec(git log)
deny:
- write
- edit
---
You are a read-only review subagent for this Cursor workspace.
Review changes for correctness, security, operational risk, and consistency with `AGENTS.md` and relevant `.cursor/rules/` guidance. Do not modify files. Report only actionable findings first, ordered by severity, with exact file paths.

38
.devin/config.json
View File

@@ -1,38 +0,0 @@
{
// Devin for Terminal project config optimized for Cursor as the primary IDE.
"read_config_from": {
"cursor": true,
"windsurf": false,
"claude": true
},
"permissions": {
"allow": [
"Read(**)",
"Exec(git status)",
"Exec(git diff)",
"Exec(git log)",
"Exec(pnpm run)",
"Exec(bash scripts/verify)",
"Exec(bash scripts/validation)"
],
"ask": [
"Write(**)",
"Exec(git commit)",
"Exec(git push)",
"Exec(docker)",
"Exec(docker compose)",
"mcp__*"
],
"deny": [
"Exec(rm)",
"Exec(sudo)",
"Exec(chmod -R)",
"Exec(chown -R)",
"Write(.env*)",
"Write(**/.env*)",
"Write(reports/secrets/**)",
"Write(config/production/*did-secrets.env)"
]
},
"mcpServers": {}
}

14
.devin/hooks.v1.json
View File

@@ -1,14 +0,0 @@
{
"PreToolUse": [
{
"matcher": "exec",
"hooks": [
{
"type": "command",
"command": "bash scripts/devin/block-dangerous-command.sh",
"timeout": 10
}
]
}
]
}

22
.devin/skills/cursor-handoff/SKILL.md
View File

@@ -1,22 +0,0 @@
---
name: cursor-handoff
description: Align Devin for Terminal work with this Cursor workspace and project rules
allowed-tools:
- read
- grep
- glob
- exec
triggers:
- user
- model
---
Use this skill when starting or resuming work in this repository from Devin for Terminal.
1. Treat Cursor as the primary IDE context and read `.cursor/rules/` when relevant.
2. Read `AGENTS.md` first for canonical project guidance.
3. Do not rely on Windsurf rules, skills, workflows, or MCP settings for this project.
4. Check `git status --short` before editing and preserve unrelated user changes.
5. Prefer dry-run flags for operator, deployment, DNS, Proxmox, and LAN-sensitive scripts.
6. Never write secrets or runtime credentials into tracked files.
7. When using MCP servers, assume Cursor and Devin maintain separate authentication sessions.

28
.devin/skills/review/SKILL.md
View File

@@ -1,28 +0,0 @@
---
name: review
description: Review code changes before commit or handoff
allowed-tools:
- read
- grep
- glob
- exec
permissions:
allow:
- Exec(git status)
- Exec(git diff)
- Exec(git log)
deny:
- write
- edit
triggers:
- user
- model
---
Review the current changes with a correctness-first stance.
1. Run `git status --short`.
2. Run `git diff` and, if staged changes exist, `git diff --staged`.
3. Focus on bugs, security regressions, deployment risk, missing validation, and secret exposure.
4. Cite exact file paths and keep findings ordered by severity.
5. If no issues are found, say so and call out any test or validation gaps.

10
.env.master.example
View File

@@ -77,16 +77,6 @@ GITEA_URL=
GITEA_TOKEN=
GITEA_ORG=
# --- Phoenix deploy API (Gitea Actions secrets on EACH repo that triggers deploy) ---
# PHOENIX_DEPLOY_URL= # full POST URL e.g. http://192.168.11.59:4001/api/deploy — same variable name as repo Secrets in Gitea
# PHOENIX_DEPLOY_TOKEN= # bearer for Phoenix deploy API — set per-repo Secret on Gitea, not necessarily in this root .env
# --- CyberSecur Global (Gov portal static site; optional Web3Forms intake) ---
# CYBERSECUR_WEB3FORMS_ACCESS_KEY= # web3forms.com — used by CyberSecur-Global/deploy/render-intake.sh (key is public in browser HTML per provider)
# After rotating the key in the Web3Forms dashboard, update this line and redeploy:
# CYBERSECUR_REPO=/path/to/CyberSecur-Global ./scripts/deployment/sync-cybersecur-global-to-ct7810.sh
# CYBERSECUR_INTAKE_REDIRECT_URL= # optional; default https://cybersecur.d-bis.org/intake-thanks.html
# --- Database & app auth ---
DATABASE_URL=
JWT_SECRET=

2
.gitea/CONTRIBUTING.md
View File

@@ -6,8 +6,6 @@
2. Make changes, ensure tests pass
3. Open a pull request
Repo ↔ VM CI/CD mapping and templates for **other** Gitea repos: [docs/04-configuration/GITEA_REPO_VM_CD_CI_MATRIX.md](../docs/04-configuration/GITEA_REPO_VM_CD_CI_MATRIX.md), [config/gitea-workflow-templates/README.md](../config/gitea-workflow-templates/README.md).
Deploy workflow policy:
`main` and `master` are both deploy-triggering branches, so `.gitea/workflow-sources/deploy-to-phoenix.yml` and `.gitea/workflow-sources/validate-on-pr.yml` must stay identical across both branches.
Use `bash scripts/verify/sync-gitea-workflows.sh` after editing workflow-source files, and `bash scripts/verify/run-all-validation.sh --skip-genesis` to catch workflow drift before push.

69
.gitea/workflow-sources/deploy-to-phoenix.yml
View File

@@ -22,25 +22,6 @@ jobs:
fi
git fetch --depth=1 "$REMOTE" main master
- name: Install validation dependencies
run: |
corepack enable
pnpm install --frozen-lockfile
# The cW* mesh matrix and deployment-status validators read
# cross-chain-pmm-lps/config/*.json. The parent checkout does not
# materialize submodules by default, and .gitmodules mixes public HTTPS
# with SSH URLs, so clone only the required public validation dependency.
- name: Materialize cross-chain-pmm-lps
run: |
set -euo pipefail
if [ ! -f cross-chain-pmm-lps/config/deployment-status.json ]; then
rm -rf cross-chain-pmm-lps
git clone --depth=1 \
https://gitea.d-bis.org/d-bis/cross-chain-pmm-lps.git \
cross-chain-pmm-lps
fi
- name: Run repo validation gate
run: |
bash scripts/verify/run-all-validation.sh --skip-genesis
@@ -54,33 +35,18 @@ jobs:
- name: Trigger Phoenix deployment
run: |
set -euo pipefail
SHA="$(git rev-parse HEAD)"
BRANCH="$(git rev-parse --abbrev-ref HEAD)"
set +e
curl -sSf --retry 3 --retry-connrefused --retry-delay 10 --retry-max-time 180 \
--connect-timeout 10 --max-time 120 \
-X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \
BRANCH="${GITHUB_REF_NAME:-}"
if [ -z "$BRANCH" ] || [ "$BRANCH" = "HEAD" ]; then
BRANCH="$(git rev-parse --abbrev-ref HEAD)"
fi
curl -sSf -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \
-H "Authorization: Bearer ${{ secrets.PHOENIX_DEPLOY_TOKEN }}" \
-H "Content-Type: application/json" \
-d "{\"repo\":\"${{ gitea.repository }}\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"default\"}"
rc="$?"
set -e
if [ "$rc" -eq 52 ]; then
HEALTH_URL="${{ secrets.PHOENIX_DEPLOY_URL }}"
HEALTH_URL="${HEALTH_URL%/api/deploy}/health"
echo "Phoenix deploy API restarted during self-deploy; verifying ${HEALTH_URL}"
for i in $(seq 1 12); do
if curl -fsS --max-time 5 "$HEALTH_URL"; then
exit 0
fi
sleep 5
done
fi
exit "$rc"
deploy-atomic-swap-dapp:
needs: deploy
needs: validate
runs-on: ubuntu-latest
steps:
- name: Checkout code
@@ -88,12 +54,12 @@ jobs:
- name: Trigger Atomic Swap dApp deployment (Phoenix)
run: |
set -euo pipefail
SHA="$(git rev-parse HEAD)"
BRANCH="$(git rev-parse --abbrev-ref HEAD)"
curl -sSf \
--connect-timeout 10 --max-time 900 \
-X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \
BRANCH="${GITHUB_REF_NAME:-}"
if [ -z "$BRANCH" ] || [ "$BRANCH" = "HEAD" ]; then
BRANCH="$(git rev-parse --abbrev-ref HEAD)"
fi
curl -sSf -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \
-H "Authorization: Bearer ${{ secrets.PHOENIX_DEPLOY_TOKEN }}" \
-H "Content-Type: application/json" \
-d "{\"repo\":\"${{ gitea.repository }}\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"atomic-swap-dapp-live\"}"
@@ -113,13 +79,12 @@ jobs:
- name: Request Cloudflare DNS sync (Phoenix)
run: |
set -euo pipefail
SHA="$(git rev-parse HEAD)"
BRANCH="$(git rev-parse --abbrev-ref HEAD)"
curl -sSf --retry 5 --retry-all-errors --retry-connrefused --retry-delay 10 --retry-max-time 300 \
--connect-timeout 10 --max-time 120 \
-X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \
BRANCH="${GITHUB_REF_NAME:-}"
if [ -z "$BRANCH" ] || [ "$BRANCH" = "HEAD" ]; then
BRANCH="$(git rev-parse --abbrev-ref HEAD)"
fi
curl -sSf -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \
-H "Authorization: Bearer ${{ secrets.PHOENIX_DEPLOY_TOKEN }}" \
-H "Content-Type: application/json" \
-d "{\"repo\":\"${{ gitea.repository }}\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"cloudflare-sync\"}" \
|| { echo "Cloudflare DNS sync request failed; optional sync is non-blocking."; exit 0; }
-d "{\"repo\":\"${{ gitea.repository }}\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"cloudflare-sync\"}"

8
.gitea/workflow-sources/validate-on-pr.yml
View File

@@ -21,13 +21,5 @@ jobs:
REMOTE="${GITEA_WORKFLOW_REMOTE:-gitea}"
fi
git fetch --depth=1 "$REMOTE" main master
- name: Install validation dependencies
run: |
corepack enable
pnpm install --frozen-lockfile
# Optional: set org/repo variable URA_STRICT_CLOSURE=1 to fail PRs while pilot placeholders
# remain in manifest (see scripts/ura/validate-manifest-closure.mjs). Not enabled by default.
- name: run-all-validation (no LAN, no genesis)
env:
URA_STRICT_CLOSURE: ${{ vars.URA_STRICT_CLOSURE }}
run: bash scripts/verify/run-all-validation.sh --skip-genesis

210
.gitea/workflows/bootstrap-phoenix-deploy-api.yml
View File

@@ -1,210 +0,0 @@
name: Bootstrap Phoenix Deploy API
# Reinstalls phoenix-deploy-api on the dev VM (CT 5700) with the latest server.js
# from master. This is the missing link between "code on master is the real
# implementation" and "running service on CT 5700 still has the stub". Run this
# workflow_dispatch job whenever phoenix-deploy-api/server.js, deploy-targets.json
# or related scripts change and you need the running service to pick up the change
# without a manual LAN visit.
#
# Required Gitea repo secrets (Settings -> Secrets):
# PHOENIX_PVE_HOST PVE node IP that hosts CT 5700 (e.g. 192.168.11.12)
# PHOENIX_PVE_USER SSH user on the PVE node (default: root)
# PHOENIX_PVE_SSH_KEY Private SSH key (PEM, OpenSSH format) authorised on the PVE node
# PHOENIX_PVE_KNOWN_HOSTS Pre-populated known_hosts entry for the PVE node (avoids strict-host prompt)
# PHOENIX_DEV_VM_VMID Container VMID (default: 5700)
# PHOENIX_DEPLOY_DEV_VM_IP IP of the dev VM for the post-install health check (default: 192.168.11.59)
# PHOENIX_DEPLOY_URL Phoenix deploy webhook URL (already used by deploy job)
# PHOENIX_DEPLOY_TOKEN Bearer token for the webhook (already used by deploy job)
#
# Trigger only via Gitea UI (Actions tab -> "Bootstrap Phoenix Deploy API" -> Run
# workflow). NOT triggered on push: reinstalling the deploy service is sensitive
# enough that we want it gated behind a manual click.
on:
workflow_dispatch:
inputs:
verify_only:
description: "If true, only run the post-install /health + auth probe and skip the reinstall step."
type: boolean
required: false
default: false
jobs:
bootstrap:
runs-on: ubuntu-latest
steps:
- name: Checkout proxmox repo
uses: actions/checkout@v4
- name: Validate repo layout
run: |
set -euo pipefail
test -d phoenix-deploy-api || { echo "phoenix-deploy-api/ missing" >&2; exit 1; }
test -f phoenix-deploy-api/server.js
test -f phoenix-deploy-api/scripts/install-systemd.sh
test -f phoenix-deploy-api/deploy-targets.json
# Manifest is optional; warn if missing but do not fail.
if [ ! -f config/public-sector-program-manifest.json ]; then
echo "::warning::config/public-sector-program-manifest.json missing — install will warn on CT"
fi
# Make sure the running master implementation is NOT the stub message
# that triggered this whole bootstrap thread.
if grep -q "Deploy request queued (stub)" phoenix-deploy-api/server.js; then
echo "phoenix-deploy-api/server.js still contains the stub string — refusing to bootstrap." >&2
exit 1
fi
- name: Install SSH key for PVE access
if: ${{ github.event.inputs.verify_only != 'true' }}
run: |
set -euo pipefail
mkdir -p "$HOME/.ssh"
chmod 700 "$HOME/.ssh"
umask 077
printf '%s\n' "${{ secrets.PHOENIX_PVE_SSH_KEY }}" > "$HOME/.ssh/id_pve"
chmod 600 "$HOME/.ssh/id_pve"
if [ -n "${{ secrets.PHOENIX_PVE_KNOWN_HOSTS }}" ]; then
printf '%s\n' "${{ secrets.PHOENIX_PVE_KNOWN_HOSTS }}" > "$HOME/.ssh/known_hosts"
chmod 644 "$HOME/.ssh/known_hosts"
else
# Fall back to accept-new on first connect; subsequent connects pin.
touch "$HOME/.ssh/known_hosts"
chmod 644 "$HOME/.ssh/known_hosts"
fi
- name: Build deploy bundle
if: ${{ github.event.inputs.verify_only != 'true' }}
run: |
set -euo pipefail
mkdir -p .out
if [ -f config/public-sector-program-manifest.json ]; then
tar czf .out/pda-deploy-bundle.tar.gz \
phoenix-deploy-api \
config/public-sector-program-manifest.json
else
tar czf .out/pda-deploy-bundle.tar.gz phoenix-deploy-api
fi
ls -lh .out/pda-deploy-bundle.tar.gz
- name: scp bundle to PVE host
if: ${{ github.event.inputs.verify_only != 'true' }}
env:
PVE_HOST: ${{ secrets.PHOENIX_PVE_HOST }}
PVE_USER: ${{ secrets.PHOENIX_PVE_USER }}
run: |
set -euo pipefail
: "${PVE_HOST:?PHOENIX_PVE_HOST not set in repo secrets}"
PVE_USER_VAL="${PVE_USER:-root}"
KNOWN_HOSTS_OPT="-o UserKnownHostsFile=$HOME/.ssh/known_hosts"
if [ ! -s "$HOME/.ssh/known_hosts" ]; then
KNOWN_HOSTS_OPT="$KNOWN_HOSTS_OPT -o StrictHostKeyChecking=accept-new"
else
KNOWN_HOSTS_OPT="$KNOWN_HOSTS_OPT -o StrictHostKeyChecking=yes"
fi
scp -i "$HOME/.ssh/id_pve" $KNOWN_HOSTS_OPT \
-o ConnectTimeout=20 \
.out/pda-deploy-bundle.tar.gz \
"${PVE_USER_VAL}@${PVE_HOST}:/tmp/pda-deploy-bundle.tar.gz"
- name: pct push + install-systemd on CT
if: ${{ github.event.inputs.verify_only != 'true' }}
env:
PVE_HOST: ${{ secrets.PHOENIX_PVE_HOST }}
PVE_USER: ${{ secrets.PHOENIX_PVE_USER }}
VMID: ${{ secrets.PHOENIX_DEV_VM_VMID }}
run: |
set -euo pipefail
: "${PVE_HOST:?PHOENIX_PVE_HOST not set in repo secrets}"
PVE_USER_VAL="${PVE_USER:-root}"
VMID_VAL="${VMID:-5700}"
KNOWN_HOSTS_OPT="-o UserKnownHostsFile=$HOME/.ssh/known_hosts"
if [ ! -s "$HOME/.ssh/known_hosts" ]; then
KNOWN_HOSTS_OPT="$KNOWN_HOSTS_OPT -o StrictHostKeyChecking=accept-new"
else
KNOWN_HOSTS_OPT="$KNOWN_HOSTS_OPT -o StrictHostKeyChecking=yes"
fi
ssh -i "$HOME/.ssh/id_pve" $KNOWN_HOSTS_OPT \
-o ConnectTimeout=20 \
"${PVE_USER_VAL}@${PVE_HOST}" "VMID=${VMID_VAL} bash -s" <<'REMOTE_EOF'
set -euo pipefail
: "${VMID:?}"
# Verify CT exists and is running.
if ! pct status "${VMID}" >/dev/null 2>&1; then
echo "CT ${VMID} not found on this PVE node." >&2
exit 1
fi
if ! pct exec "${VMID}" -- true 2>/dev/null; then
echo "CT ${VMID} not running. Start it first: pct start ${VMID}" >&2
exit 1
fi
STAGE="/tmp/proxmox-pda-stage"
pct push "${VMID}" /tmp/pda-deploy-bundle.tar.gz /root/pda-deploy.tar.gz
pct exec "${VMID}" -- bash -c "
set -euo pipefail
rm -rf '${STAGE}'
mkdir -p '${STAGE}'
tar xzf /root/pda-deploy.tar.gz -C '${STAGE}'
cd '${STAGE}'
bash phoenix-deploy-api/scripts/install-systemd.sh
rm -f /root/pda-deploy.tar.gz
"
rm -f /tmp/pda-deploy-bundle.tar.gz
REMOTE_EOF
- name: Health check (no auth)
env:
DEV_VM_IP: ${{ secrets.PHOENIX_DEPLOY_DEV_VM_IP }}
run: |
set -euo pipefail
IP="${DEV_VM_IP:-192.168.11.59}"
# Service may take a moment to come up after install; retry briefly.
for i in 1 2 3 4 5 6; do
if curl -sSf -m 5 "http://${IP}:4001/health" -o /tmp/health.json; then
echo "Health check OK on attempt ${i}"
cat /tmp/health.json || true
echo
break
fi
echo "Health check attempt ${i}/6 failed; sleeping 3s"
sleep 3
if [ "${i}" = "6" ]; then
echo "Phoenix Deploy API /health unreachable after install." >&2
exit 1
fi
done
- name: Auth + non-stub probe (POST with bogus target)
env:
PHOENIX_DEPLOY_URL: ${{ secrets.PHOENIX_DEPLOY_URL }}
PHOENIX_DEPLOY_TOKEN: ${{ secrets.PHOENIX_DEPLOY_TOKEN }}
run: |
set -euo pipefail
: "${PHOENIX_DEPLOY_URL:?}"
: "${PHOENIX_DEPLOY_TOKEN:?}"
# POST a bogus target. The post-bootstrap server should:
# - accept the bearer token (NOT 401)
# - reject the unknown target with a non-stub error
# The pre-bootstrap stub returned 202 with "Deploy request queued (stub)"
# for ANY target. So we explicitly check the response body does NOT
# contain that stub phrase.
BODY="$(curl -sS -m 10 -X POST "${PHOENIX_DEPLOY_URL}" \
-H "Authorization: Bearer ${PHOENIX_DEPLOY_TOKEN}" \
-H "Content-Type: application/json" \
-d '{"repo":"d-bis/proxmox","sha":"HEAD","branch":"master","target":"__bootstrap_probe__"}' || true)"
echo "Response body:"
echo "${BODY}"
if echo "${BODY}" | grep -q 'Deploy request queued (stub)'; then
echo "::error::Phoenix Deploy API still returning stub response — bootstrap did not take effect."
exit 1
fi
if echo "${BODY}" | grep -qi 'unauthorized\|invalid token\|401'; then
echo "::error::Phoenix Deploy API rejected the bearer token. PHOENIX_DEPLOY_TOKEN is out of sync with PHOENIX_DEPLOY_SECRET on the CT."
exit 1
fi
echo "Phoenix Deploy API is post-stub and authenticating correctly."
- name: Cleanup secrets
if: always()
run: |
rm -f "$HOME/.ssh/id_pve" "$HOME/.ssh/known_hosts" || true

5
.gitea/workflows/deploy-portal-live.yml
View File

@@ -24,7 +24,10 @@ jobs:
- name: Trigger portal-live deployment
run: |
SHA="$(git rev-parse HEAD)"
BRANCH="$(git rev-parse --abbrev-ref HEAD)"
BRANCH="${GITHUB_REF_NAME:-}"
if [ -z "$BRANCH" ] || [ "$BRANCH" = "HEAD" ]; then
BRANCH="$(git rev-parse --abbrev-ref HEAD)"
fi
curl -sSf -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \
-H "Authorization: Bearer ${{ secrets.PHOENIX_DEPLOY_TOKEN }}" \
-H "Content-Type: application/json" \

69
.gitea/workflows/deploy-to-phoenix.yml
View File

@@ -22,25 +22,6 @@ jobs:
fi
git fetch --depth=1 "$REMOTE" main master
- name: Install validation dependencies
run: |
corepack enable
pnpm install --frozen-lockfile
# The cW* mesh matrix and deployment-status validators read
# cross-chain-pmm-lps/config/*.json. The parent checkout does not
# materialize submodules by default, and .gitmodules mixes public HTTPS
# with SSH URLs, so clone only the required public validation dependency.
- name: Materialize cross-chain-pmm-lps
run: |
set -euo pipefail
if [ ! -f cross-chain-pmm-lps/config/deployment-status.json ]; then
rm -rf cross-chain-pmm-lps
git clone --depth=1 \
https://gitea.d-bis.org/d-bis/cross-chain-pmm-lps.git \
cross-chain-pmm-lps
fi
- name: Run repo validation gate
run: |
bash scripts/verify/run-all-validation.sh --skip-genesis
@@ -54,33 +35,18 @@ jobs:
- name: Trigger Phoenix deployment
run: |
set -euo pipefail
SHA="$(git rev-parse HEAD)"
BRANCH="$(git rev-parse --abbrev-ref HEAD)"
set +e
curl -sSf --retry 3 --retry-connrefused --retry-delay 10 --retry-max-time 180 \
--connect-timeout 10 --max-time 120 \
-X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \
BRANCH="${GITHUB_REF_NAME:-}"
if [ -z "$BRANCH" ] || [ "$BRANCH" = "HEAD" ]; then
BRANCH="$(git rev-parse --abbrev-ref HEAD)"
fi
curl -sSf -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \
-H "Authorization: Bearer ${{ secrets.PHOENIX_DEPLOY_TOKEN }}" \
-H "Content-Type: application/json" \
-d "{\"repo\":\"${{ gitea.repository }}\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"default\"}"
rc="$?"
set -e
if [ "$rc" -eq 52 ]; then
HEALTH_URL="${{ secrets.PHOENIX_DEPLOY_URL }}"
HEALTH_URL="${HEALTH_URL%/api/deploy}/health"
echo "Phoenix deploy API restarted during self-deploy; verifying ${HEALTH_URL}"
for i in $(seq 1 12); do
if curl -fsS --max-time 5 "$HEALTH_URL"; then
exit 0
fi
sleep 5
done
fi
exit "$rc"
deploy-atomic-swap-dapp:
needs: deploy
needs: validate
runs-on: ubuntu-latest
steps:
- name: Checkout code
@@ -88,12 +54,12 @@ jobs:
- name: Trigger Atomic Swap dApp deployment (Phoenix)
run: |
set -euo pipefail
SHA="$(git rev-parse HEAD)"
BRANCH="$(git rev-parse --abbrev-ref HEAD)"
curl -sSf \
--connect-timeout 10 --max-time 900 \
-X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \
BRANCH="${GITHUB_REF_NAME:-}"
if [ -z "$BRANCH" ] || [ "$BRANCH" = "HEAD" ]; then
BRANCH="$(git rev-parse --abbrev-ref HEAD)"
fi
curl -sSf -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \
-H "Authorization: Bearer ${{ secrets.PHOENIX_DEPLOY_TOKEN }}" \
-H "Content-Type: application/json" \
-d "{\"repo\":\"${{ gitea.repository }}\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"atomic-swap-dapp-live\"}"
@@ -113,13 +79,12 @@ jobs:
- name: Request Cloudflare DNS sync (Phoenix)
run: |
set -euo pipefail
SHA="$(git rev-parse HEAD)"
BRANCH="$(git rev-parse --abbrev-ref HEAD)"
curl -sSf --retry 5 --retry-all-errors --retry-connrefused --retry-delay 10 --retry-max-time 300 \
--connect-timeout 10 --max-time 120 \
-X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \
BRANCH="${GITHUB_REF_NAME:-}"
if [ -z "$BRANCH" ] || [ "$BRANCH" = "HEAD" ]; then
BRANCH="$(git rev-parse --abbrev-ref HEAD)"
fi
curl -sSf -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \
-H "Authorization: Bearer ${{ secrets.PHOENIX_DEPLOY_TOKEN }}" \
-H "Content-Type: application/json" \
-d "{\"repo\":\"${{ gitea.repository }}\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"cloudflare-sync\"}" \
|| { echo "Cloudflare DNS sync request failed; optional sync is non-blocking."; exit 0; }
-d "{\"repo\":\"${{ gitea.repository }}\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"cloudflare-sync\"}"

8
.gitea/workflows/validate-on-pr.yml
View File

@@ -21,13 +21,5 @@ jobs:
REMOTE="${GITEA_WORKFLOW_REMOTE:-gitea}"
fi
git fetch --depth=1 "$REMOTE" main master
- name: Install validation dependencies
run: |
corepack enable
pnpm install --frozen-lockfile
# Optional: set org/repo variable URA_STRICT_CLOSURE=1 to fail PRs while pilot placeholders
# remain in manifest (see scripts/ura/validate-manifest-closure.mjs). Not enabled by default.
- name: run-all-validation (no LAN, no genesis)
env:
URA_STRICT_CLOSURE: ${{ vars.URA_STRICT_CLOSURE }}
run: bash scripts/verify/run-all-validation.sh --skip-genesis

17
.gitignore vendored
View File

@@ -26,9 +26,6 @@ Thumbs.db
# Local-only Cursor session / context (exclude from Gitea)
.cursor/local/
# Devin for Terminal personal overrides / secrets
.devin/config.local.json
# IDE files
.vscode/
.idea/
@@ -136,20 +133,6 @@ reports/status/mainnet-cwusdc-usdc-repeg-plan-*.json
reports/status/live_inventory_*.json
reports/status/drift_*.json
# Ephemeral e2e dry-run outputs (local re-runs; not canonical reports)
reports/e2e-dry-runs/
# Local relay / thirdweb scaffold trees (subtree or vendor experiments — git add -f if promoted)
relay/
relay-api/
relay-docs/
relay-web/
thirdweb-contracts/
# One-off liquidity staging helpers (operator-generated; use committed runbooks as source of truth)
scripts/verify/stage-250m-eth-to-cwusdc-dry-run.sh
scripts/verify/stage-427m-cusdc-weth-liquidity-funding.sh
# Large optional vendor trees and local checkouts (keep out of main clone)
smom-dbis-138-publish/
third-party/

5
AGENTS.md
View File

@@ -11,10 +11,7 @@ Orchestration for Proxmox VE, Chain 138 (`smom-dbis-138/`), explorers, NPMplus,
| Need | Location |
|------|-----------|
| Doc index | `docs/MASTER_INDEX.md` |
| Canonical ecosystem master plan | `docs/02-architecture/DBIS_ECOSYSTEM_TECHNICAL_MASTER_PLAN.md` — umbrella root; subordinate roots: `dbis_chain_138_technical_master_plan.md`, `docs/03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md`, `docs/04-configuration/universal-resource-activation/URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md` |
| Treasury / EMI / wallet / VA master plan | `docs/02-architecture/GOVERNMENT_TREASURY_EMI_WALLET_MASTER_PLAN.md` — government treasury, EMIs, digital wallets, virtual accounts (incl. Tatum-style), Rail vs RTGS gates |
| Universal resource activation (manifest, CI, Phoenix) | `UNIVERSAL_RESOURCE_WIRING.md`, `URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md`, `URA_OPERATIONAL_READINESS_CHECKLIST.md` (under `docs/04-configuration/universal-resource-activation/`); `config/universal-resource-activation/{manifest.json,policy-profiles.json,integration/}`; `pnpm ura:ops-readiness` / `ura:ops-readiness:full`, `ura:production-ready` / `ura:production-ready:connectivity`, `ura:validate`, `ura:validate-profiles`, `ura:merge-manifest`, `ura:validate-ledger-mapping`, `ura:writer:ledger`, `ura:writer:settlement`, `ura:profile-hash`, `ura:validate-closure`, `ura:keccak`, `ura:smoke`; `URA_STRICT_CLOSURE` / Gitea `vars.URA_STRICT_CLOSURE`; `smom-dbis-138/contracts/universal-resource/PolicyProfileRegistry.sol` (scoped forge test); Phoenix `PUBLIC_V1_NO_PARTNER_KEY_PATHS` |
| Multi-jurisdiction compliance (matrices, onboarding) | `docs/04-configuration/compliance-matrices/README.md`, `INSTITUTION_ONBOARDING_CHARTER.md`, `INSTITUTION_ONBOARDING_PLAYBOOK.md`, `docs/04-configuration/jurisdictions/JURISDICTION_CATALOG.md`, `config/jurisdictions/catalog.v1.json`, `docs/dbis-rail/DBIS_RAIL_JURISDICTION_TRACEABILITY.md`, `docs/03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md` |
| Universal resource activation (manifest, CI, Phoenix) | `docs/04-configuration/universal-resource-activation/UNIVERSAL_RESOURCE_WIRING.md`, `config/universal-resource-activation/manifest.json`, `node scripts/validate/validate-universal-resource-activation.mjs`, `bash scripts/verify/smoke-universal-resource-activation.sh` (add `--http` or `PHOENIX_BASE_URL=…` for live API), `GET` `/api/v1/universal-resource-activation/manifest` on `phoenix-deploy-api` |
| cXAUC/cXAUT unit | 1 full token = 1 troy oz Au — `docs/11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md` (section 5.1) |
| PMM mesh 6s tick | `smom-dbis-138/scripts/reserve/pmm-mesh-6s-automation.sh``docs/integration/ORACLE_AND_KEEPER_CHAIN138.md` (PMM mesh automation) |
| VMID / IP / FQDN | `docs/04-configuration/ALL_VMIDS_ENDPOINTS.md` |

2
alltra-lifi-settlement

Submodule alltra-lifi-settlement updated: a218b53de7...5e3b9db91a

23
config/all-mainnet-canary-evidence.example.json
View File

@@ -1,23 +0,0 @@
{
"description": "Copy to config/all-mainnet-canary-evidence.json after live canary swaps. Each row needs real transaction hashes and observed balance deltas.",
"evidence": [
{
"poolId": "651940-uniswap_v2-wall-ausdc",
"status": "canary_passed",
"generatedAt": "2026-04-29T00:00:00.000Z",
"canaryTransactions": [
{
"amountLabel": "seed",
"txHash": "0x0000000000000000000000000000000000000000000000000000000000000000",
"sourceToken": "WALL",
"destinationToken": "AUSDC",
"observedInputRaw": "0",
"observedOutputRaw": "0"
}
],
"notes": [
"Replace with real canary transaction evidence before applying."
]
}
]
}

77
config/all-mainnet-canary-evidence.json
View File

@@ -1,77 +0,0 @@
{
"description": "ALL Mainnet canary evidence recorded from live canary transactions executed with deployer wallet 0x4A666F96fC8764181194447A7dFdb7d471b301C8.",
"evidence": [
{
"poolId": "651940-dodo_pmm-wall-ausdc",
"generatedAt": "2026-04-29T04:41:13.993Z",
"canaryTransactions": [
{
"direction": "base_to_quote",
"txHash": "0x727cea66f601b514b0d82c4bc93c29fbc09047e8185c146a05564dce7916829c",
"fundingTransferTxHash": "0x65f8d2e15556c26b46dd7323a90cb174279fc6bd0e7002a868553dc990bfa656",
"amountInRaw": "1000000",
"tokenIn": "WALL",
"tokenOut": "AUSDC",
"executor": "DODO_DVM.transfer_then_sellBase"
}
],
"notes": [
"Tiny live canary swap executed on ALL Mainnet DODO PMM WALL/AUSDC."
]
},
{
"poolId": "651940-uniswap_v2-wall-ausdc",
"generatedAt": "2026-04-29T04:41:13.993Z",
"canaryTransactions": [
{
"direction": "base_to_quote",
"txHash": "0x0b76149f25e36919637fbeab10056e45d8ab7757454174966842c3f52f53dd5c",
"approvalTxHash": "0xc33d872d15628cfe521552ccc9a4b908f31df59189764468775b4557826514b6",
"amountInRaw": "1000000",
"tokenIn": "WALL",
"tokenOut": "AUSDC",
"executor": "UniswapV2Router.swapExactTokensForTokens"
}
],
"notes": [
"Tiny live canary swap executed on ALL Mainnet Uniswap V2 WALL/AUSDC."
]
},
{
"poolId": "137-dodo_pmm-cwusdc-usdc",
"generatedAt": "2026-04-29T04:41:13.993Z",
"canaryTransactions": [
{
"direction": "base_to_quote",
"txHash": "0x4f68cdb0502b0fd50602013e54cbf898556a5c1181d8009f9b0c166dfccf5ce7",
"fundingTransferTxHash": "0x2b2721dd505f82488b05f32810f7e94b3a712e9b459b638be9b8ea34c20925d9",
"amountInRaw": "1",
"tokenIn": "cWUSDC",
"tokenOut": "USDC",
"executor": "DODO_DVM.transfer_then_sellBase"
}
],
"notes": [
"Tiny live canary swap executed on Polygon DODO PMM cWUSDC/USDC."
]
},
{
"poolId": "137-dodo_pmm-cwusdt-usdt",
"generatedAt": "2026-04-29T04:41:13.993Z",
"canaryTransactions": [
{
"direction": "base_to_quote",
"txHash": "0x9c946c7c912e2eabe960c752041b533948e85e2a1603c80de80c5b0ee447908d",
"fundingTransferTxHash": "0xcac8b9187325869f164f6b7cd5464fcf46dce6be83ef04d760e7ecc21de7d40d",
"amountInRaw": "1",
"tokenIn": "cWUSDT",
"tokenOut": "USDT",
"executor": "DODO_DVM.transfer_then_sellBase"
}
],
"notes": [
"Tiny live canary swap executed on Polygon DODO PMM cWUSDT/USDT."
]
}
]
}

147
config/all-mainnet-enhanced-router-deployment.json
View File

@@ -1,147 +0,0 @@
{
"name": "ALL Mainnet Enhanced Router Deployment Evidence",
"version": "0.1.0",
"generatedAt": "2026-04-29T05:52:00Z",
"chainId": 651940,
"network": "ALL Mainnet (Alltra)",
"evmVersion": "paris",
"reason": "ALL Mainnet RPC/runtime rejected Cancun bytecode with BadInstruction; Paris bytecode was used for live deployment.",
"deployer": "0x4A666F96fC8764181194447A7dFdb7d471b301C8",
"contracts": {
"dodoPmmProvider": {
"address": "0x36F65027D21e151F0b7810bae1E94b225AC7Ba9e",
"transactionHash": "0xd2e69b556e84786338fd526ba149d1f88488a07190d081f935d7fffbe9d1b2e0",
"constructorArgs": {
"dodoPmmIntegration": "0x8528E268F3b8C94208d09D131ACa3Ea93Bad57c7",
"admin": "0x4A666F96fC8764181194447A7dFdb7d471b301C8"
}
},
"enhancedSwapRouterV2": {
"address": "0xb905fEfA56b028221E2Bc248Bbcd41141dc7aeD3",
"transactionHash": "0x2c5d409b6e06cbfb69d8e251240d830d624625a4d505cc963edb65b55623bc79",
"constructorArgs": {
"weth": "0x798F6762BB40d6801A593459d08F890603D3979C",
"usdt": "0x66D8Efa0AF63B0e84eb1Dd72bf00f00cd1e2234e",
"usdc": "0xa95EeD79f84E6A0151eaEb9d441F9Ffd50e8e881",
"daiSlot": "0x015B1897Ed5279930bC2Be46F661894d219292A6",
"daiSlotNote": "AUSDT is used as the third stablecoin slot for ALL Mainnet; no canonical ALL DAI token is committed."
}
},
"intentBridgeCoordinatorV2": {
"address": "0x9276ae27d9c624B43dbE43494f34A9c5F0233a0B",
"transactionHash": "0x5695b3f9ec59e09d5e4f8569ea8af31578ced0a56aba885a7c475a5187aadd3d"
},
"adapters": {
"dodo": {
"address": "0x391D192BED6188c4DaB4C93c078bD18432687474",
"transactionHash": "0xc4a036a6fff5eb9886e797559017cf8709505d13f39f5feddf055967cf9b4648",
"enabled": true
},
"dodoV3": {
"address": "0x97Ce874142625134aEEBDF42B5E7bB806e731D25",
"transactionHash": "0x5ad21f59b823adbc2cebc1e9c45ab3f8f0f1286e46a290c09c0667f499577136",
"enabled": false
},
"uniswapV3": {
"address": "0xBF75F3401de20bebBB1CBb678499941807E3E040",
"transactionHash": "0x081b86cc99306e694ef9daa3d3f9dc7f35ce91dce08c57ddaedcdd4b9a00008d",
"enabled": false
},
"balancer": {
"address": "0xDE7F15AF1D84e3694f7E966293d20e64Fc04d9fF",
"transactionHash": "0xa4f30c029fa062ae1b481786950ab0243541ce5b0b859fc534b55f7b444ba83c",
"enabled": false
},
"curve": {
"address": "0x753D2b0a723992D7B174D6e19F7b7Cb74be8D61a",
"transactionHash": "0xcdf0ff9723aedab96aeaa0b8f57f25ad6075f9467e0d19f3b842fb17c0bb6a79",
"enabled": false
},
"oneInch": {
"address": "0x487090bbb7d17875281692d582a11B445b3A7AC7",
"transactionHash": "0x4d0dd682b8e22812a258fee497c07e5cecfbc1228f413e67d9fe7b24f327a926",
"enabled": false
}
}
},
"routes": [
{
"poolId": "651940-dodo_pmm-wall-ausdc",
"provider": "dodo",
"tokenA": {
"symbol": "WALL",
"address": "0x2da2b8f961F161ab6320acB3377e2e844a3C3ce4"
},
"tokenB": {
"symbol": "AUSDC",
"address": "0xa95EeD79f84E6A0151eaEb9d441F9Ffd50e8e881"
},
"poolAddress": "0x7b81Dad382BBB57e91a80389bA48e41Abd10794F",
"status": "quoteable",
"verification": {
"amountInRaw": "1000000",
"amountOutRaw": "1999999",
"slippageBps": 30,
"routerQuoteExecutable": true
}
},
{
"poolId": "651940-dodo_pmm-wall-ausdt",
"provider": "dodo",
"tokenA": {
"symbol": "WALL",
"address": "0x2da2b8f961F161ab6320acB3377e2e844a3C3ce4"
},
"tokenB": {
"symbol": "AUSDT",
"address": "0x015B1897Ed5279930bC2Be46F661894d219292A6"
},
"poolAddress": "0x8D9bB238B6a76a438B116Ff22F5F7535191D49b4",
"status": "quoteable",
"verification": {
"amountInRaw": "1000000",
"amountOutRaw": "1999999",
"slippageBps": 30,
"routerQuoteExecutable": true
}
}
],
"providerStatus": {
"enabled": [
"dodo"
],
"disabled": [
"dodoV3",
"uniswapV3",
"balancer",
"curve",
"oneInch",
"partner"
]
},
"remainingOptionalBlockers": [
"HYDX-native router/factory is not deployed or not committed in inventory.",
"Uniswap V3 factory/router/quoter/pool stack is not deployed or not committed in inventory."
],
"disabledRoutes": [
{
"poolId": "651940-dodo_pmm-wall-usdt",
"provider": "dodo",
"tokenA": {
"symbol": "WALL",
"address": "0x2da2b8f961F161ab6320acB3377e2e844a3C3ce4"
},
"tokenB": {
"symbol": "USDT",
"address": "0x66D8Efa0AF63B0e84eb1Dd72bf00f00cd1e2234e"
},
"poolAddress": "0x261D7e1447EE88398B2b5a274D49454F5B86800E",
"status": "disabled_wrong_quote_asset",
"reason": "AUSDT is the canonical ALL Mainnet cUSDT surface for this routing set.",
"disabledTransactions": [
"0x79f171ddc9977e99bb894bf7ff7a11a430441cc1285e7ecd747907ef3f23a0c4",
"0xec74f92e287cf1e193e791462f66b35cf9487ece8e343108fbdd3de760dc5c55"
]
}
]
}

8759
config/all-mainnet-pool-creation-matrix.json
View File

File diff suppressed because it is too large Load Diff

68
config/all-mainnet-uniswap-v3-deployment.json
View File

@@ -1,68 +0,0 @@
{
"generatedAt": "2026-04-29T06:18:00Z",
"chainId": 651940,
"deployer": "0x4A666F96fC8764181194447A7dFdb7d471b301C8",
"fee": 3000,
"tokens": {
"WETH": "0x798F6762BB40d6801A593459d08F890603D3979C",
"WALL": "0x2da2b8f961F161ab6320acB3377e2e844a3C3ce4",
"AUSDT": "0x015B1897Ed5279930bC2Be46F661894d219292A6",
"token0": "0x015B1897Ed5279930bC2Be46F661894d219292A6",
"token1": "0x2da2b8f961F161ab6320acB3377e2e844a3C3ce4"
},
"contracts": {
"nftDescriptorLibrary": "0xb53E8A0A19fB381537c6f28D37b7C2f7DC29EF02",
"nonfungibleTokenPositionDescriptor": "0x2a76C73458A0C11df4e0E43004598480d6D1E768",
"factory": "0xF1a334465C5DD628492780B39Be68D561A9AecA2",
"swapRouter": "0xe9Ea1B70803c18C4CEb8839D5D68681c7903511B",
"quoter": "0x0ecC56077325863c80cbe516D63e0afAFf7EA579",
"quoterV2": "0x024Ff178BaB7e6fa1794c3A216D2B299C3F295d2",
"nonfungiblePositionManager": "0xD29422211e1f2C1015FBb5dC2004657Dd8318aF6",
"pool": "0x9e0FC06BA367b51a0aBc5c0924306088DBB0e9c4"
},
"transactions": {
"nftDescriptorLibrary": "0x774202382ec2d29cced671b34c2b951682f60d3e60afd7fe64c13488cb341e32",
"nonfungibleTokenPositionDescriptor": "0xc6b98fc36e4c3b1d4d2e80efd4acacc31e2af2ff45de04f9fb066dcfffd380d3",
"factory": "0xb6e46b6d145cc707f12f4cf8980bf81d7b5b8d3bea9416737a7465c186b0fefd",
"swapRouter": "0x5fd7d021e8ac1bad918a1eb470a116f9dc6e750c102a5512e05391858296cc53",
"quoter": "0x0d5c14d3264c5abd70990349911a6eb3076f41feb2db93ccf74b2de022cd087f",
"quoterV2": "0x774327c7e7a7650fbfd9d28a8becbd88f86eb8f942a825980052bc50484aa54c",
"nonfungiblePositionManager": "0xe5be3fa83bd676051e2cc5ff990768d3de87e49a387d94be77352eaf1c38545f"
},
"poolState": {
"sqrtPriceX96": "79228162514264337593543950336",
"tick": 0,
"liquidity": "1000000000000000000"
},
"name": "ALL Mainnet Uniswap V3 Deployment Evidence",
"version": "0.1.0",
"network": "ALL Mainnet (Alltra)",
"evmVersion": "upstream-uniswap-artifacts-solc-0.7.x",
"packageSources": {
"v3Core": "@uniswap/v3-core@1.0.1",
"v3Periphery": "@uniswap/v3-periphery@1.4.4",
"swapRouterContracts": "@uniswap/swap-router-contracts@1.3.1"
},
"poolStateAfterRouterSwap": {
"testedAt": "2026-04-29T06:17:00Z",
"swapRouter": "0xe9Ea1B70803c18C4CEb8839D5D68681c7903511B",
"direction": "WALL_TO_AUSDT",
"amountInRaw": "1000000",
"amountOutRaw": "996999",
"approveTxHash": "0x572d1c6b2d0cdf6248913cd995e80196fbe0717017411c2251637afbfa825e1f",
"swapTxHash": "0xddf85aed18a6d872ac72d4f57b241e44946881e404f4f17cb7271180c8caa183",
"gasUsed": "119111"
},
"enhancedRouterIntegration": {
"enhancedSwapRouterV2": "0xb905fEfA56b028221E2Bc248Bbcd41141dc7aeD3",
"routeConfigured": true,
"providerEnabled": false,
"providerDisabledReason": "Existing UniswapV3RouteExecutorAdapter uses staticcall into the official Uniswap Quoter; the upstream Quoter is callable directly but does not return through that adapter staticcall path. Standalone SwapRouter/Quoter/Pool stack is live; enhanced-router V3 provider remains disabled until adapter quote compatibility is fixed.",
"routeSetTransactions": [
"0xa40b24889ab3ad985936562ee3690dafd14bfb1676ff49806a6fcb45c7704ef5",
"0x848fd6c7cedaebe7787c2f15a931b73afde709dac100cb745eab2d9eaa6da86c"
],
"providerEnableTxHash": "0x4b430081582e1f2db5fedc904b8e90e137480dcae2f1e0a41dd25490f05394c7",
"providerDisableTxHash": "0x78b8ce4fdc296585ace36dd8c8318731cc5526115e712b14d1ad630c4f63aba6"
}
}

27
config/all-mainnet-vault-assignments.example.json
View File

@@ -1,27 +0,0 @@
{
"description": "Copy to config/all-mainnet-vault-assignments.json and replace placeholder addresses with approved per-role vaults/multisigs. The apply script refuses placeholders.",
"defaultByRole": {
"treasury_reserve": "0x0000000000000000000000000000000000000000",
"bridge_liquidity": "0x0000000000000000000000000000000000000000",
"protocol_adapter": "0x0000000000000000000000000000000000000000",
"emergency_withdraw": "0x0000000000000000000000000000000000000000",
"single_sided_inventory": "0x0000000000000000000000000000000000000000"
},
"byChain": {
"651940": {
"treasury_reserve": "0x0000000000000000000000000000000000000000",
"bridge_liquidity": "0x0000000000000000000000000000000000000000",
"protocol_adapter": "0x0000000000000000000000000000000000000000",
"emergency_withdraw": "0x0000000000000000000000000000000000000000",
"single_sided_inventory": "0x0000000000000000000000000000000000000000"
}
},
"byPoolId": {
"651940-uniswap_v2-wall-ausdc": {
"treasury_reserve": "0x0000000000000000000000000000000000000000",
"bridge_liquidity": "0x0000000000000000000000000000000000000000",
"protocol_adapter": "0x0000000000000000000000000000000000000000",
"emergency_withdraw": "0x0000000000000000000000000000000000000000"
}
}
}

20
config/all-mainnet-vault-assignments.json
View File

@@ -1,20 +0,0 @@
{
"description": "Operational vault assignments generated from smom-dbis-138/.env public addresses. No private material is stored here.",
"defaultByRole": {
"treasury_reserve": "0x74eccf9affb0e0938c2168ebdf7ef63a26964483",
"bridge_liquidity": "0x31884f84555210FFB36a19D2471b8eBc7372d0A8",
"protocol_adapter": "0xb9E29cFa1f89d369671E640d0BB3aD94Cab43965",
"emergency_withdraw": "0xb9E29cFa1f89d369671E640d0BB3aD94Cab43965",
"single_sided_inventory": "0x31884f84555210FFB36a19D2471b8eBc7372d0A8"
},
"byChain": {
"651940": {
"treasury_reserve": "0x74eccf9affb0e0938c2168ebdf7ef63a26964483",
"bridge_liquidity": "0x31884f84555210FFB36a19D2471b8eBc7372d0A8",
"protocol_adapter": "0xb9E29cFa1f89d369671E640d0BB3aD94Cab43965",
"emergency_withdraw": "0xb9E29cFa1f89d369671E640d0BB3aD94Cab43965",
"single_sided_inventory": "0x31884f84555210FFB36a19D2471b8eBc7372d0A8"
}
},
"byPoolId": {}
}

876
config/allmainnet-non-dodo-protocol-surface.json
View File

@@ -1,69 +1,17 @@
{
"name": "ALL Mainnet Non-DODO Protocol Surface",
"version": "0.1.0",
"updated": "2026-04-29",
"updated": "2026-04-21",
"chainId": 651940,
"network": "ALL Mainnet (Alltra)",
"status": "bridge_live_enhanced_router_partial_swap_inventory_published",
"status": "bridge_live_swap_inventory_pending",
"summary": {
"bridgeOnlyLive": false,
"sameChainSwapInventoryPublished": true,
"bridgeOnlyLive": true,
"sameChainSwapInventoryPublished": false,
"notes": [
"The Chain 138 <-> 651940 AlltraAdapter bridge is live.",
"This file documents the known non-DODO Alltra protocol and token surface plus the committed same-chain inventory fragments that have real factory/router/pool addresses in config/all-mainnet-pool-creation-matrix.json.",
"Same-chain inventory publication is partial: production routing remains gated by required vault assignments, funding, live reserve reads, and canary evidence.",
"ALL Mainnet EnhancedSwapRouterV2 is deployed and DODO-backed routes are wired for the committed WALL/AUSDC and WALL/AUSDT DODO PMM pools; the earlier WALL/USDT route is disabled because AUSDT is the canonical ALL Mainnet cUSDT surface."
]
},
"classificationFramework": {
"category": [
"tokenized-fiat",
"stablecoin",
"wrapped-native",
"dex-token",
"defi-token",
"governance-token",
"utility-token",
"rwa-token",
"commodity-token",
"other"
],
"instrumentType": [
"emoney",
"deposit-token",
"fiat-backed-stablecoin",
"wrapped-native",
"protocol-token",
"governance-token",
"utility-token",
"other"
],
"backingAssets": [
"cash",
"cash-equivalents",
"bank-deposits",
"treasuries",
"commodity-reserves",
"protocol-utility",
"native-gas-asset",
"unknown"
],
"metadataDomains": [
"backingMetadata",
"bridgeMetadata",
"cashMetadata",
"commodityMetadata",
"reserveMetadata",
"securityMetadata",
"settlementMetadata"
],
"notes": [
"Use category for the broad asset bucket.",
"Use instrumentType, issuerType, claimType, backingAssets, capabilities, and tags for legal, reserve, and integration semantics.",
"Use cash only as a backing, redemption, or settlement asset descriptor; do not use cash as the token category unless the instrument is literally cash-equivalent legal tender.",
"Use commodityMetadata only when the token directly references or is backed by a commodity reserve.",
"Use securityMetadata for pause/admin/monitoring controls; unknown means not yet committed in this inventory, not absent on-chain.",
"GRU tags use lowercase namespace:value strings and include the version, for example gru:v2."
"This file documents the known non-DODO Alltra protocol and token surface without asserting live routable pool inventory.",
"Promote protocols here into canonical route inventory only after real factory/router/pool addresses are committed and verified."
]
},
"documentedTokens": [
@@ -71,284 +19,21 @@
"symbol": "AUSDT",
"address": "0x015B1897Ed5279930bC2Be46F661894d219292A6",
"decimals": 18,
"category": "tokenized-fiat",
"instrumentType": "fiat-backed-stablecoin",
"issuerType": "token-issuer-unverified",
"currencyCode": "USD",
"claimType": "claim-on-issuer-unverified",
"settlementAssetClass": "fiat",
"backingAssets": [
"cash",
"cash-equivalents"
],
"gruVersion": "v2",
"gruFamilySymbol": "cAUSDT",
"gruTransportRole": "all-mainnet-primary-surface",
"tags": [
"tokenized-fiat",
"fiat:usd",
"backing:cash",
"backing:cash-equivalents",
"gru:v2",
"gru:m1",
"gru:transport",
"gru:all-mainnet",
"gru:causdt-family"
],
"backingMetadata": {
"backingModel": "fiat-reserve-backed",
"backingAssetClasses": [
"cash",
"cash-equivalents"
],
"backingVerificationStatus": "reserve-disclosure-not-committed",
"overcollateralizationRequired": false
},
"bridgeMetadata": {
"bridgeStatus": "live-canonical-target",
"bridgeKind": "AlltraAdapter",
"sourceChainId": 138,
"destinationChainId": 651940,
"sourceSymbol": "cUSDT",
"sourceAddress": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
"destinationSymbol": "AUSDT",
"destinationAddress": "0x015B1897Ed5279930bC2Be46F661894d219292A6",
"adapterAddress": "0x66FEBA2fC9a0B47F26DD4284DAd24F970436B8Dc",
"bridgeCanonicalAssetVersion": "gru-v2",
"bridgeMirroredAssetVersion": "all-mainnet-surface"
},
"cashMetadata": {
"cashRole": "reserve-and-redemption-asset-class",
"currency": "USD",
"cashBackingAssertedByRepo": false,
"cashBackingEvidenceRef": null
},
"commodityMetadata": {
"commodityBacked": false,
"commodityType": null,
"commodityUnit": null,
"reserveLocationRef": null
},
"reserveMetadata": {
"reserveModel": "issuer-or-bridge-reserve-unverified",
"reserveDisclosureRef": null,
"reserveAccountRef": null,
"proofOfReserveRef": null,
"reserveVerificationStatus": "pending-disclosure",
"riskTier": "policy-review-required",
"registryStatus": "documented-surface-not-stablecoin-registry-entry"
},
"securityMetadata": {
"pauseAuthority": "unknown",
"adminAuthority": "unknown",
"upgradeability": "unknown",
"keyManagement": "unknown",
"emergencyHalt": "corridor-halt-required-for-issuer-bridge-or-peg-risk",
"monitoring": [
"peg-deviation",
"bridge-health",
"liquidity-depth",
"contract-admin-changes"
]
},
"settlementMetadata": {
"settlementAssetClass": "fiat",
"settlementCurrency": "USD",
"settlementFinalityDomain": "off-chain-regulated-ledger-or-issuer-domain",
"onChainFinality": "token-transfer-final-on-chain-651940-after-confirmation",
"accountingEvidenceRequired": true,
"redemptionPath": "issuer-or-bridge-redemption-unverified",
"parRedemption": "unverified"
},
"category": "stablecoin",
"status": "verified"
},
{
"symbol": "USDT",
"address": "0x66D8Efa0AF63B0e84eb1Dd72bf00f00cd1e2234e",
"decimals": 18,
"category": "tokenized-fiat",
"instrumentType": "fiat-backed-stablecoin",
"issuerType": "token-issuer-unverified",
"currencyCode": "USD",
"claimType": "claim-on-issuer-unverified",
"settlementAssetClass": "fiat",
"backingAssets": [
"cash",
"cash-equivalents"
],
"gruVersion": "v2",
"gruFamilySymbol": "cUSDT",
"gruTransportRole": "all-mainnet-usdt-surface",
"tags": [
"tokenized-fiat",
"fiat:usd",
"backing:cash",
"backing:cash-equivalents",
"gru:v2",
"gru:m1",
"gru:transport",
"gru:all-mainnet",
"gru:cusdt-family"
],
"backingMetadata": {
"backingModel": "fiat-reserve-backed",
"backingAssetClasses": [
"cash",
"cash-equivalents"
],
"backingVerificationStatus": "reserve-disclosure-not-committed",
"overcollateralizationRequired": false
},
"bridgeMetadata": {
"bridgeStatus": "documented-token-not-canonical-138-to-651940-target",
"bridgeKind": "unknown-or-noncanonical",
"sourceChainId": null,
"destinationChainId": 651940,
"sourceSymbol": null,
"sourceAddress": null,
"destinationSymbol": "USDT",
"destinationAddress": "0x66D8Efa0AF63B0e84eb1Dd72bf00f00cd1e2234e",
"adapterAddress": null,
"bridgeCanonicalAssetVersion": null,
"bridgeMirroredAssetVersion": "all-mainnet-surface"
},
"cashMetadata": {
"cashRole": "reserve-and-redemption-asset-class",
"currency": "USD",
"cashBackingAssertedByRepo": false,
"cashBackingEvidenceRef": null
},
"commodityMetadata": {
"commodityBacked": false,
"commodityType": null,
"commodityUnit": null,
"reserveLocationRef": null
},
"reserveMetadata": {
"reserveModel": "issuer-reserve-unverified",
"reserveDisclosureRef": null,
"reserveAccountRef": null,
"proofOfReserveRef": null,
"reserveVerificationStatus": "pending-disclosure",
"riskTier": "policy-review-required",
"registryStatus": "documented-surface-not-stablecoin-registry-entry"
},
"securityMetadata": {
"pauseAuthority": "unknown",
"adminAuthority": "unknown",
"upgradeability": "unknown",
"keyManagement": "unknown",
"emergencyHalt": "corridor-halt-required-for-issuer-or-peg-risk",
"monitoring": [
"peg-deviation",
"liquidity-depth",
"contract-admin-changes"
]
},
"settlementMetadata": {
"settlementAssetClass": "fiat",
"settlementCurrency": "USD",
"settlementFinalityDomain": "off-chain-issuer-domain",
"onChainFinality": "token-transfer-final-on-chain-651940-after-confirmation",
"accountingEvidenceRequired": true,
"redemptionPath": "issuer-redemption-unverified",
"parRedemption": "unverified"
},
"category": "stablecoin",
"status": "verified"
},
{
"symbol": "USDC",
"address": "0xa95EeD79f84E6A0151eaEb9d441F9Ffd50e8e881",
"decimals": 18,
"category": "tokenized-fiat",
"instrumentType": "fiat-backed-stablecoin",
"issuerType": "token-issuer-unverified",
"currencyCode": "USD",
"claimType": "claim-on-issuer-unverified",
"settlementAssetClass": "fiat",
"backingAssets": [
"cash",
"cash-equivalents"
],
"gruVersion": "v2",
"gruFamilySymbol": "cUSDC",
"gruTransportRole": "all-mainnet-usdc-surface",
"tags": [
"tokenized-fiat",
"fiat:usd",
"backing:cash",
"backing:cash-equivalents",
"gru:v2",
"gru:m1",
"gru:transport",
"gru:all-mainnet",
"gru:cusdc-family"
],
"backingMetadata": {
"backingModel": "fiat-reserve-backed",
"backingAssetClasses": [
"cash",
"cash-equivalents"
],
"backingVerificationStatus": "reserve-disclosure-not-committed",
"overcollateralizationRequired": false
},
"bridgeMetadata": {
"bridgeStatus": "live-canonical-target",
"bridgeKind": "AlltraAdapter",
"sourceChainId": 138,
"destinationChainId": 651940,
"sourceSymbol": "cUSDC",
"sourceAddress": "0xf22258f57794CC8E06237084b353Ab30fFfa640b",
"destinationSymbol": "USDC",
"destinationAddress": "0xa95EeD79f84E6A0151eaEb9d441F9Ffd50e8e881",
"adapterAddress": "0x66FEBA2fC9a0B47F26DD4284DAd24F970436B8Dc",
"bridgeCanonicalAssetVersion": "gru-v2",
"bridgeMirroredAssetVersion": "all-mainnet-surface"
},
"cashMetadata": {
"cashRole": "reserve-and-redemption-asset-class",
"currency": "USD",
"cashBackingAssertedByRepo": false,
"cashBackingEvidenceRef": null
},
"commodityMetadata": {
"commodityBacked": false,
"commodityType": null,
"commodityUnit": null,
"reserveLocationRef": null
},
"reserveMetadata": {
"reserveModel": "issuer-or-bridge-reserve-unverified",
"reserveDisclosureRef": null,
"reserveAccountRef": null,
"proofOfReserveRef": null,
"reserveVerificationStatus": "pending-disclosure",
"riskTier": "policy-review-required",
"registryStatus": "documented-surface-not-stablecoin-registry-entry"
},
"securityMetadata": {
"pauseAuthority": "unknown",
"adminAuthority": "unknown",
"upgradeability": "unknown",
"keyManagement": "unknown",
"emergencyHalt": "corridor-halt-required-for-issuer-bridge-or-peg-risk",
"monitoring": [
"peg-deviation",
"bridge-health",
"liquidity-depth",
"contract-admin-changes"
]
},
"settlementMetadata": {
"settlementAssetClass": "fiat",
"settlementCurrency": "USD",
"settlementFinalityDomain": "off-chain-regulated-ledger-or-issuer-domain",
"onChainFinality": "token-transfer-final-on-chain-651940-after-confirmation",
"accountingEvidenceRequired": true,
"redemptionPath": "issuer-or-bridge-redemption-unverified",
"parRedemption": "unverified"
},
"category": "stablecoin",
"status": "verified"
},
{
@@ -356,80 +41,6 @@
"address": "0x798F6762BB40d6801A593459d08F890603D3979C",
"decimals": 18,
"category": "wrapped-native",
"instrumentType": "wrapped-native",
"issuerType": "wrapper-contract",
"settlementAssetClass": "crypto-native",
"backingAssets": [
"native-gas-asset"
],
"gruVersion": null,
"tags": [
"wrapped-native",
"gas:eth",
"all-mainnet"
],
"backingMetadata": {
"backingModel": "wrapped-native-escrow",
"backingAssetClasses": [
"native-gas-asset"
],
"backingVerificationStatus": "wrapper-contract-address-verified",
"overcollateralizationRequired": false
},
"bridgeMetadata": {
"bridgeStatus": "mapped-138-to-651940",
"bridgeKind": "AlltraAdapter",
"sourceChainId": 138,
"destinationChainId": 651940,
"sourceSymbol": "WETH9",
"sourceAddress": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2",
"destinationSymbol": "WETH",
"destinationAddress": "0x798F6762BB40d6801A593459d08F890603D3979C",
"adapterAddress": "0x66FEBA2fC9a0B47F26DD4284DAd24F970436B8Dc"
},
"cashMetadata": {
"cashRole": "none",
"currency": null,
"cashBackingAssertedByRepo": false,
"cashBackingEvidenceRef": null
},
"commodityMetadata": {
"commodityBacked": false,
"commodityType": null,
"commodityUnit": null,
"reserveLocationRef": null
},
"reserveMetadata": {
"reserveModel": "native-asset-wrapper-escrow",
"reserveDisclosureRef": null,
"reserveAccountRef": "wrapper-contract-balance",
"proofOfReserveRef": null,
"reserveVerificationStatus": "contract-balance-verifiable-on-chain",
"riskTier": "bridge-and-wrapper-risk",
"registryStatus": "documented-token-surface"
},
"securityMetadata": {
"pauseAuthority": "unknown",
"adminAuthority": "unknown",
"upgradeability": "unknown",
"keyManagement": "unknown",
"emergencyHalt": "corridor-halt-required-for-bridge-or-wrapper-risk",
"monitoring": [
"bridge-health",
"wrapper-contract-balance",
"liquidity-depth",
"contract-admin-changes"
]
},
"settlementMetadata": {
"settlementAssetClass": "crypto-native",
"settlementCurrency": "ETH",
"settlementFinalityDomain": "chain-finality",
"onChainFinality": "token-transfer-final-on-chain-651940-after-confirmation",
"accountingEvidenceRequired": false,
"redemptionPath": "unwrap-or-bridge-withdrawal",
"parRedemption": "one-to-one-native-asset-when-wrapper-solvent"
},
"status": "verified"
},
{
@@ -437,79 +48,6 @@
"address": "0x2da2b8f961F161ab6320acB3377e2e844a3C3ce4",
"decimals": 18,
"category": "wrapped-native",
"instrumentType": "wrapped-native",
"issuerType": "wrapper-contract",
"settlementAssetClass": "crypto-native",
"backingAssets": [
"native-gas-asset"
],
"gruVersion": null,
"tags": [
"wrapped-native",
"gas:all",
"all-mainnet"
],
"backingMetadata": {
"backingModel": "wrapped-native-escrow",
"backingAssetClasses": [
"native-gas-asset"
],
"backingVerificationStatus": "wrapper-contract-address-verified",
"overcollateralizationRequired": false
},
"bridgeMetadata": {
"bridgeStatus": "documented-all-mainnet-native-wrapper",
"bridgeKind": "native-wrapper",
"sourceChainId": 651940,
"destinationChainId": 651940,
"sourceSymbol": "ALL",
"sourceAddress": null,
"destinationSymbol": "WALL",
"destinationAddress": "0x2da2b8f961F161ab6320acB3377e2e844a3C3ce4",
"adapterAddress": null
},
"cashMetadata": {
"cashRole": "none",
"currency": null,
"cashBackingAssertedByRepo": false,
"cashBackingEvidenceRef": null
},
"commodityMetadata": {
"commodityBacked": false,
"commodityType": null,
"commodityUnit": null,
"reserveLocationRef": null
},
"reserveMetadata": {
"reserveModel": "native-asset-wrapper-escrow",
"reserveDisclosureRef": null,
"reserveAccountRef": "wrapper-contract-balance",
"proofOfReserveRef": null,
"reserveVerificationStatus": "contract-balance-verifiable-on-chain",
"riskTier": "wrapper-risk",
"registryStatus": "documented-token-surface"
},
"securityMetadata": {
"pauseAuthority": "unknown",
"adminAuthority": "unknown",
"upgradeability": "unknown",
"keyManagement": "unknown",
"emergencyHalt": "corridor-halt-required-for-wrapper-risk",
"monitoring": [
"wrapper-contract-balance",
"liquidity-depth",
"contract-admin-changes"
]
},
"settlementMetadata": {
"settlementAssetClass": "crypto-native",
"settlementCurrency": "ALL",
"settlementFinalityDomain": "chain-finality",
"onChainFinality": "token-transfer-final-on-chain-651940-after-confirmation",
"accountingEvidenceRequired": false,
"redemptionPath": "unwrap-to-native-all",
"parRedemption": "one-to-one-native-asset-when-wrapper-solvent"
},
"status": "verified"
},
{
@@ -517,79 +55,6 @@
"address": "0x0d9793861AEB9244AD1B34375a83A6730F6AdD38",
"decimals": 18,
"category": "dex-token",
"instrumentType": "protocol-token",
"issuerType": "protocol",
"settlementAssetClass": "crypto-native",
"backingAssets": [
"protocol-utility"
],
"gruVersion": null,
"tags": [
"dex-token",
"protocol:hydx",
"all-mainnet"
],
"backingMetadata": {
"backingModel": "protocol-utility",
"backingAssetClasses": [
"protocol-utility"
],
"backingVerificationStatus": "not-reserve-backed",
"overcollateralizationRequired": false
},
"bridgeMetadata": {
"bridgeStatus": "not-bridge-canonical-in-this-inventory",
"bridgeKind": null,
"sourceChainId": null,
"destinationChainId": 651940,
"sourceSymbol": null,
"sourceAddress": null,
"destinationSymbol": "HYDX",
"destinationAddress": "0x0d9793861AEB9244AD1B34375a83A6730F6AdD38",
"adapterAddress": null
},
"cashMetadata": {
"cashRole": "none",
"currency": null,
"cashBackingAssertedByRepo": false,
"cashBackingEvidenceRef": null
},
"commodityMetadata": {
"commodityBacked": false,
"commodityType": null,
"commodityUnit": null,
"reserveLocationRef": null
},
"reserveMetadata": {
"reserveModel": "none-protocol-token",
"reserveDisclosureRef": null,
"reserveAccountRef": null,
"proofOfReserveRef": null,
"reserveVerificationStatus": "not-applicable",
"riskTier": "protocol-token-risk",
"registryStatus": "documented-token-surface"
},
"securityMetadata": {
"pauseAuthority": "unknown",
"adminAuthority": "unknown",
"upgradeability": "unknown",
"keyManagement": "unknown",
"emergencyHalt": "routing-halt-required-for-protocol-or-contract-risk",
"monitoring": [
"liquidity-depth",
"contract-admin-changes",
"protocol-surface-confirmation"
]
},
"settlementMetadata": {
"settlementAssetClass": "crypto-native",
"settlementCurrency": "HYDX",
"settlementFinalityDomain": "chain-finality",
"onChainFinality": "token-transfer-final-on-chain-651940-after-confirmation",
"accountingEvidenceRequired": false,
"redemptionPath": "not-applicable",
"parRedemption": "not-applicable"
},
"status": "verified"
},
{
@@ -597,78 +62,6 @@
"address": "0x1839f77eBed7F388c7035f7061B4B8Ef0E72317a",
"decimals": 8,
"category": "defi-token",
"instrumentType": "protocol-token",
"issuerType": "protocol",
"settlementAssetClass": "crypto-native",
"backingAssets": [
"protocol-utility"
],
"gruVersion": null,
"tags": [
"defi-token",
"protocol:hybx",
"all-mainnet"
],
"backingMetadata": {
"backingModel": "protocol-utility",
"backingAssetClasses": [
"protocol-utility"
],
"backingVerificationStatus": "not-reserve-backed",
"overcollateralizationRequired": false
},
"bridgeMetadata": {
"bridgeStatus": "not-bridge-canonical-in-this-inventory",
"bridgeKind": null,
"sourceChainId": null,
"destinationChainId": 651940,
"sourceSymbol": null,
"sourceAddress": null,
"destinationSymbol": "HYBX",
"destinationAddress": "0x1839f77eBed7F388c7035f7061B4B8Ef0E72317a",
"adapterAddress": null
},
"cashMetadata": {
"cashRole": "none",
"currency": null,
"cashBackingAssertedByRepo": false,
"cashBackingEvidenceRef": null
},
"commodityMetadata": {
"commodityBacked": false,
"commodityType": null,
"commodityUnit": null,
"reserveLocationRef": null
},
"reserveMetadata": {
"reserveModel": "none-protocol-token",
"reserveDisclosureRef": null,
"reserveAccountRef": null,
"proofOfReserveRef": null,
"reserveVerificationStatus": "not-applicable",
"riskTier": "protocol-token-risk",
"registryStatus": "documented-token-surface"
},
"securityMetadata": {
"pauseAuthority": "unknown",
"adminAuthority": "unknown",
"upgradeability": "unknown",
"keyManagement": "unknown",
"emergencyHalt": "routing-halt-required-for-protocol-or-contract-risk",
"monitoring": [
"liquidity-depth",
"contract-admin-changes"
]
},
"settlementMetadata": {
"settlementAssetClass": "crypto-native",
"settlementCurrency": "HYBX",
"settlementFinalityDomain": "chain-finality",
"onChainFinality": "token-transfer-final-on-chain-651940-after-confirmation",
"accountingEvidenceRequired": false,
"redemptionPath": "not-applicable",
"parRedemption": "not-applicable"
},
"status": "verified"
},
{
@@ -676,79 +69,6 @@
"address": "0xE59Bb804F4884FcEA183a4A67B1bb04f4a4567bc",
"decimals": 8,
"category": "defi-token",
"instrumentType": "utility-token",
"issuerType": "protocol",
"settlementAssetClass": "crypto-native",
"backingAssets": [
"protocol-utility"
],
"gruVersion": null,
"tags": [
"defi-token",
"utility-token",
"protocol:cht",
"all-mainnet"
],
"backingMetadata": {
"backingModel": "protocol-utility",
"backingAssetClasses": [
"protocol-utility"
],
"backingVerificationStatus": "not-reserve-backed",
"overcollateralizationRequired": false
},
"bridgeMetadata": {
"bridgeStatus": "not-bridge-canonical-in-this-inventory",
"bridgeKind": null,
"sourceChainId": null,
"destinationChainId": 651940,
"sourceSymbol": null,
"sourceAddress": null,
"destinationSymbol": "CHT",
"destinationAddress": "0xE59Bb804F4884FcEA183a4A67B1bb04f4a4567bc",
"adapterAddress": null
},
"cashMetadata": {
"cashRole": "none",
"currency": null,
"cashBackingAssertedByRepo": false,
"cashBackingEvidenceRef": null
},
"commodityMetadata": {
"commodityBacked": false,
"commodityType": null,
"commodityUnit": null,
"reserveLocationRef": null
},
"reserveMetadata": {
"reserveModel": "none-utility-token",
"reserveDisclosureRef": null,
"reserveAccountRef": null,
"proofOfReserveRef": null,
"reserveVerificationStatus": "not-applicable",
"riskTier": "utility-token-risk",
"registryStatus": "documented-token-surface"
},
"securityMetadata": {
"pauseAuthority": "unknown",
"adminAuthority": "unknown",
"upgradeability": "unknown",
"keyManagement": "unknown",
"emergencyHalt": "routing-halt-required-for-protocol-or-contract-risk",
"monitoring": [
"liquidity-depth",
"contract-admin-changes"
]
},
"settlementMetadata": {
"settlementAssetClass": "crypto-native",
"settlementCurrency": "CHT",
"settlementFinalityDomain": "chain-finality",
"onChainFinality": "token-transfer-final-on-chain-651940-after-confirmation",
"accountingEvidenceRequired": false,
"redemptionPath": "not-applicable",
"parRedemption": "not-applicable"
},
"status": "verified"
},
{
@@ -756,78 +76,6 @@
"address": "0x690740f055A41FA7669f5a379Bf71B0cDF353073",
"decimals": 18,
"category": "defi-token",
"instrumentType": "protocol-token",
"issuerType": "protocol",
"settlementAssetClass": "crypto-native",
"backingAssets": [
"protocol-utility"
],
"gruVersion": null,
"tags": [
"defi-token",
"protocol:auda",
"all-mainnet"
],
"backingMetadata": {
"backingModel": "protocol-utility",
"backingAssetClasses": [
"protocol-utility"
],
"backingVerificationStatus": "not-reserve-backed",
"overcollateralizationRequired": false
},
"bridgeMetadata": {
"bridgeStatus": "not-bridge-canonical-in-this-inventory",
"bridgeKind": null,
"sourceChainId": null,
"destinationChainId": 651940,
"sourceSymbol": null,
"sourceAddress": null,
"destinationSymbol": "AUDA",
"destinationAddress": "0x690740f055A41FA7669f5a379Bf71B0cDF353073",
"adapterAddress": null
},
"cashMetadata": {
"cashRole": "none",
"currency": null,
"cashBackingAssertedByRepo": false,
"cashBackingEvidenceRef": null
},
"commodityMetadata": {
"commodityBacked": false,
"commodityType": null,
"commodityUnit": null,
"reserveLocationRef": null
},
"reserveMetadata": {
"reserveModel": "none-protocol-token",
"reserveDisclosureRef": null,
"reserveAccountRef": null,
"proofOfReserveRef": null,
"reserveVerificationStatus": "not-applicable",
"riskTier": "protocol-token-risk",
"registryStatus": "documented-token-surface"
},
"securityMetadata": {
"pauseAuthority": "unknown",
"adminAuthority": "unknown",
"upgradeability": "unknown",
"keyManagement": "unknown",
"emergencyHalt": "routing-halt-required-for-protocol-or-contract-risk",
"monitoring": [
"liquidity-depth",
"contract-admin-changes"
]
},
"settlementMetadata": {
"settlementAssetClass": "crypto-native",
"settlementCurrency": "AUDA",
"settlementFinalityDomain": "chain-finality",
"onChainFinality": "token-transfer-final-on-chain-651940-after-confirmation",
"accountingEvidenceRequired": false,
"redemptionPath": "not-applicable",
"parRedemption": "not-applicable"
},
"status": "verified"
}
],
@@ -835,43 +83,12 @@
{
"name": "AlltraDEX / EnhancedSwapRouter",
"family": "custom_router",
"status": "partial_live_dodo_backed_router_deployed",
"status": "documented_inventory_pending",
"factoryAddress": null,
"routerAddress": "0xb905fEfA56b028221E2Bc248Bbcd41141dc7aeD3",
"coordinatorAddress": "0x9276ae27d9c624B43dbE43494f34A9c5F0233a0B",
"providerAddress": "0x36F65027D21e151F0b7810bae1E94b225AC7Ba9e",
"adapters": {
"dodo": "0x391D192BED6188c4DaB4C93c078bD18432687474",
"dodoV3": "0x97Ce874142625134aEEBDF42B5E7bB806e731D25",
"uniswapV3": "0xBF75F3401de20bebBB1CBb678499941807E3E040",
"balancer": "0xDE7F15AF1D84e3694f7E966293d20e64Fc04d9fF",
"curve": "0x753D2b0a723992D7B174D6e19F7b7Cb74be8D61a",
"oneInch": "0x487090bbb7d17875281692d582a11B445b3A7AC7"
},
"enabledProviders": [
"dodo"
],
"disabledProviders": [
"dodoV3",
"uniswapV3",
"balancer",
"curve",
"oneInch",
"partner"
],
"publishedRoutePoolIds": [
"651940-dodo_pmm-wall-ausdc",
"651940-dodo_pmm-wall-ausdt"
],
"deploymentEvidenceRef": "config/all-mainnet-enhanced-router-deployment.json",
"routerAddress": null,
"notes": [
"Documented in docs/11-references/ALL_MAINNET_ROUTING_ENGINE.md as the intended same-chain swap surface.",
"EnhancedSwapRouterV2 is deployed on ALL Mainnet with DODO as the only enabled provider.",
"Optional adapters were deployed for future wiring but are disabled until canonical provider targets and pools are committed.",
"WALL/AUSDC and WALL/AUSDT are funded and quoteable through the router provider path; the earlier WALL/USDT route is disabled because AUSDT is the canonical quote asset."
],
"disabledRoutePoolIds": [
"651940-dodo_pmm-wall-usdt"
"No committed canonical factory/router/pool inventory is currently published in-repo."
]
},
{
@@ -888,68 +105,40 @@
],
"notes": [
"The HYDX token is documented and verified on ALL Mainnet.",
"The repo expects factory/router discovery via env, but no canonical HYDX-native router inventory is currently committed.",
"HYDX currently has committed same-chain exposure through the ALL Mainnet Uniswap V2 HYDX/WALL pool, not through a dedicated HYDX-native router surface."
"The repo expects factory/router discovery via env, but no canonical pool inventory is currently committed."
]
},
{
"name": "Uniswap V2",
"family": "uniswap_v2",
"status": "partial_live_inventory_published",
"factoryAddress": "0x3C3ED514691C06c89Bf6626B05D22991E8924c93",
"routerAddress": "0xED04Ee8307C0656207AF5aFE3926AE2380052940",
"inventoryRef": "config/all-mainnet-pool-creation-matrix.json",
"publishedPoolIds": [
"651940-uniswap_v2-wall-ausdc",
"651940-uniswap_v2-wall-usdt",
"651940-uniswap_v2-usdt-ausdc",
"651940-uniswap_v2-hydx-wall"
],
"status": "env_placeholder_only",
"factoryAddress": null,
"routerAddress": null,
"notes": [
"Factory/router and multiple pair addresses are committed in config/all-mainnet-pool-creation-matrix.json.",
"Required spend rows remain gated until vault assignments and canary evidence are recorded."
"Referenced in token-aggregation dex-factory config and docs as an env-driven surface.",
"Do not treat as routable until real factory/router/pair addresses are committed."
]
},
{
"name": "Uniswap V3",
"family": "uniswap_v3",
"status": "standalone_live_router_quoter_pool_deployed",
"factoryAddress": "0xF1a334465C5DD628492780B39Be68D561A9AecA2",
"routerAddress": "0xe9Ea1B70803c18C4CEb8839D5D68681c7903511B",
"status": "env_placeholder_only",
"factoryAddress": null,
"routerAddress": null,
"notes": [
"Official Uniswap V3 factory, legacy SwapRouter, Quoter, QuoterV2, NonfungiblePositionManager, and AUSDT/WALL 0.30% pool are deployed on ALL Mainnet.",
"The standalone SwapRouter path was tested with a tiny WALL -> AUSDT canary swap.",
"EnhancedSwapRouterV2 route config was written, but provider 1 remains disabled because the current UniswapV3RouteExecutorAdapter staticcall quote path is incompatible with the upstream Quoter behavior."
],
"quoterAddress": "0x0ecC56077325863c80cbe516D63e0afAFf7EA579",
"quoterV2Address": "0x024Ff178BaB7e6fa1794c3A216D2B299C3F295d2",
"positionManagerAddress": "0xD29422211e1f2C1015FBb5dC2004657Dd8318aF6",
"descriptorAddress": "0x2a76C73458A0C11df4e0E43004598480d6D1E768",
"poolAddress": "0x9e0FC06BA367b51a0aBc5c0924306088DBB0e9c4",
"inventoryRef": "config/all-mainnet-pool-creation-matrix.json",
"deploymentEvidenceRef": "config/all-mainnet-uniswap-v3-deployment.json",
"publishedPoolIds": [
"651940-uniswap_v3-wall-ausdt"
],
"enhancedRouterProviderStatus": "disabled_adapter_quote_compatibility_pending"
"Referenced in token-aggregation dex-factory config and docs as an env-driven surface.",
"Do not treat as routable until real factory/router/pool addresses are committed."
]
},
{
"name": "DODO PMM",
"family": "dodo_pmm",
"status": "partial_live_inventory_published",
"factoryAddress": "0x8a3403aef8d40c0F4AfaF6Dc2000A537EbC863c2",
"routerAddress": "0x8528E268F3b8C94208d09D131ACa3Ea93Bad57c7",
"inventoryRef": "config/all-mainnet-pool-creation-matrix.json",
"publishedPoolIds": [
"651940-dodo_pmm-wall-ausdc",
"651940-dodo_pmm-wall-ausdt"
],
"status": "env_placeholder_only",
"factoryAddress": null,
"routerAddress": null,
"notes": [
"DVM factory, DVM factory adapter, integration/router, and DODO PMM pool addresses are committed in config/all-mainnet-pool-creation-matrix.json; WALL/AUSDT supersedes the earlier WALL/USDT row for canonical spend routing.",
"Required spend rows remain gated until vault assignments, funding, live reserve reads, and canary evidence are recorded."
],
"disabledPoolIds": [
"651940-dodo_pmm-wall-usdt"
"Mentioned in docs as placeholder-only for ALL Mainnet.",
"No committed DODO PMM pool inventory is currently published for chain 651940."
]
}
],
@@ -965,9 +154,8 @@
]
},
"nextTasks": [
"Keep the disabled WALL/USDT row historical-only unless explicitly re-approved for USDT routing.",
"Commit canonical factory/router metadata once a HYDX-native routing address is confirmed.",
"Deploy or import canonical Uniswap V3 factory/router/quoter/pool inventory before enabling the ALL Mainnet Uniswap V3 adapter.",
"Add pool-level addresses and verification artifacts before enabling public route generation from disabled optional protocol providers."
"Publish real same-chain pool inventory before promoting ALL Mainnet beyond bridge-live inventory.",
"Commit canonical factory/router metadata once HYDX or AlltraDEX routing addresses are confirmed.",
"Add pool-level addresses and verification artifacts before enabling public route generation from this protocol surface."
]
}

166
config/dbis-ecosystem-master-plan-tracker.json
View File

@@ -1,166 +0,0 @@
{
"schemaVersion": "1.0.0",
"updated": "2026-04-24",
"canonicalRootDoc": "docs/02-architecture/DBIS_ECOSYSTEM_TECHNICAL_MASTER_PLAN.md",
"workstreams": [
{
"id": "W1",
"title": "Besu / Chain 138 infrastructure and RPC topology",
"status": "live",
"horizon": "near_term",
"ownerClass": "mixed",
"dependsOn": [],
"sourceDocs": [
"docs/06-besu/BESU_NODE_CONFIGURATION_MAP_20260424.md",
"dbis_chain_138_technical_master_plan.md",
"docs/03-deployment/PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md"
],
"acceptanceGate": "Canonical Besu inventory reconciled across all active cluster hosts, block production healthy, and no unexplained canonical node gaps remain.",
"evidenceArtifact": "scripts/verify/check-cluster-besu-inventory.sh --json"
},
{
"id": "W2",
"title": "Liquidity, PMM, bridge, and public routing coverage",
"status": "partially live",
"horizon": "near_term",
"ownerClass": "mixed",
"dependsOn": [
"W1"
],
"sourceDocs": [
"docs/11-references/DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md",
"docs/11-references/DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md",
"reports/status/LIVE_ECOSYSTEM_FINANCIAL_INVENTORY_AND_ROUTING_GAPS_20260424.md"
],
"acceptanceGate": "Machine-readable route coverage is current and can distinguish live, partial, and blocked routing paths for stablecoins and top assets.",
"evidenceArtifact": "config/public-routing-coverage-matrix.json"
},
{
"id": "W3",
"title": "Phoenix deploy/control-plane integration",
"status": "partially live",
"horizon": "near_term",
"ownerClass": "mixed",
"dependsOn": [
"W1",
"W2",
"W4"
],
"sourceDocs": [
"docs/04-configuration/PHOENIX_SANKOFA_OPERATOR_HANDOFF.md",
"docs/02-architecture/DBIS_ECOSYSTEM_TECHNICAL_MASTER_PLAN.md"
],
"acceptanceGate": "Phoenix deploy/control APIs expose current canonical manifests and validated deploy targets without drifting from repo truth.",
"evidenceArtifact": "scripts/validation/validate-config-files.sh"
},
{
"id": "W4",
"title": "URA manifest, policy profiles, registry, and route confidence",
"status": "repo-implemented",
"horizon": "near_term",
"ownerClass": "repo",
"dependsOn": [
"W2",
"W3"
],
"sourceDocs": [
"docs/04-configuration/universal-resource-activation/URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md",
"docs/04-configuration/universal-resource-activation/README.md",
"config/universal-resource-activation/manifest.json"
],
"acceptanceGate": "URA manifest and policy profiles validate, registry references are coherent, and route-confidence can be produced as a first-class control-plane artifact.",
"evidenceArtifact": "scripts/validate/validate-universal-resource-activation.mjs"
},
{
"id": "W5",
"title": "DBIS RTGS / DBIS Rail / OMNL / settlement sidecars",
"status": "partially live",
"horizon": "near_term",
"ownerClass": "mixed",
"dependsOn": [
"W4",
"W6"
],
"sourceDocs": [
"docs/03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md",
"docs/dbis-rail/DBIS_RAIL_SETTLEMENT_EVENT_SOURCES.md",
"docs/03-deployment/DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md"
],
"acceptanceGate": "First-slice settlement boundaries, event sources, custody roles, and sidecar responsibilities are explicit enough for production gating.",
"evidenceArtifact": "docs/03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md"
},
{
"id": "W6",
"title": "Jurisdiction/compliance and onboarding matrices",
"status": "repo-implemented",
"horizon": "near_term",
"ownerClass": "repo",
"dependsOn": [
"W4"
],
"sourceDocs": [
"docs/04-configuration/compliance-matrices/README.md",
"docs/04-configuration/jurisdictions/JURISDICTION_CATALOG.md",
"docs/dbis-rail/DBIS_RAIL_JURISDICTION_TRACEABILITY.md"
],
"acceptanceGate": "Jurisdiction and onboarding matrices are machine-readable enough to gate policy profiles and institutional activation paths.",
"evidenceArtifact": "config/jurisdictions/catalog.v1.json"
},
{
"id": "W7",
"title": "Identity / Hyperledger / interoperability stack",
"status": "planned",
"horizon": "long_term",
"ownerClass": "external",
"dependsOn": [
"W5",
"W6"
],
"sourceDocs": [
"docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md",
"docs/03-deployment/DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md"
],
"acceptanceGate": "Identity and interoperability slices have explicit runtime ownership, promotion gates, and environment-specific deployment decisions.",
"evidenceArtifact": "docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md"
},
{
"id": "W8",
"title": "Observability, verification, evidence, and operator readiness",
"status": "live",
"horizon": "near_term",
"ownerClass": "mixed",
"dependsOn": [
"W1",
"W2",
"W3",
"W4",
"W5",
"W6"
],
"sourceDocs": [
"docs/00-meta/OPERATOR_HANDOFF_2026_04_24.md",
"docs/00-meta/OPERATOR_READY_CHECKLIST.md",
"docs/04-configuration/universal-resource-activation/URA_OPERATIONAL_READINESS_CHECKLIST.md"
],
"acceptanceGate": "Validation, health, and operator readiness outputs are current enough to act as production gates rather than ad hoc references.",
"evidenceArtifact": "scripts/verify/run-all-validation.sh"
}
],
"blockedBy": [
{
"id": "B1",
"class": "external",
"description": "Some institutional integrations, custody counterparties, and settlement-sidecar dependencies cannot be closed from repo-only work."
},
{
"id": "B2",
"class": "external",
"description": "Some public-network expansion lanes remain constrained by third-party bridge, exchange, or destination-liquidity realities."
},
{
"id": "B3",
"class": "operator",
"description": "Operator promotion of URA, sidecar, and policy-aware runtime slices still trails repo implementation in several areas."
}
]
}

52
config/generated-node-configs/config-1500.toml
View File

@@ -1,52 +0,0 @@
# Besu Configuration for besu-sentry-1 (VMID: 1500)
# Generated baseline sentry config promoted into first-class repo coverage.
data-path="/data/besu"
genesis-file=""
# Network
network-id=138
p2p-host="192.168.11.150"
p2p-port=30303
max-peers=32
discovery-enabled=true
# RPC
rpc-http-enabled=true
rpc-http-host="0.0.0.0"
rpc-http-port=8545
rpc-http-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
rpc-http-cors-origins=["*"]
rpc-http-api-enable-unsafe-txsigning=true
rpc-ws-enabled=true
rpc-ws-host="0.0.0.0"
rpc-ws-port=8546
rpc-ws-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
# GraphQL
graphql-http-enabled=true
graphql-http-host="0.0.0.0"
graphql-http-port=8547
# Metrics
metrics-enabled=true
metrics-host="0.0.0.0"
metrics-port=9545
# Logging
logging="INFO"
log-destination="CONSOLE"
# Sync
sync-mode="FULL"
fast-sync-min-peers=2
# Privacy
privacy-enabled=false
# Mining
miner-enabled=false
# QBFT
qbft-enabled=true

52
config/generated-node-configs/config-1501.toml
View File

@@ -1,52 +0,0 @@
# Besu Configuration for besu-sentry-2 (VMID: 1501)
# Generated baseline sentry config promoted into first-class repo coverage.
data-path="/data/besu"
genesis-file=""
# Network
network-id=138
p2p-host="192.168.11.151"
p2p-port=30303
max-peers=32
discovery-enabled=true
# RPC
rpc-http-enabled=true
rpc-http-host="0.0.0.0"
rpc-http-port=8545
rpc-http-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
rpc-http-cors-origins=["*"]
rpc-http-api-enable-unsafe-txsigning=true
rpc-ws-enabled=true
rpc-ws-host="0.0.0.0"
rpc-ws-port=8546
rpc-ws-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
# GraphQL
graphql-http-enabled=true
graphql-http-host="0.0.0.0"
graphql-http-port=8547
# Metrics
metrics-enabled=true
metrics-host="0.0.0.0"
metrics-port=9545
# Logging
logging="INFO"
log-destination="CONSOLE"
# Sync
sync-mode="FULL"
fast-sync-min-peers=2
# Privacy
privacy-enabled=false
# Mining
miner-enabled=false
# QBFT
qbft-enabled=true

52
config/generated-node-configs/config-1502.toml
View File

@@ -1,52 +0,0 @@
# Besu Configuration for besu-sentry-3 (VMID: 1502)
# Generated baseline sentry config promoted into first-class repo coverage.
data-path="/data/besu"
genesis-file=""
# Network
network-id=138
p2p-host="192.168.11.152"
p2p-port=30303
max-peers=32
discovery-enabled=true
# RPC
rpc-http-enabled=true
rpc-http-host="0.0.0.0"
rpc-http-port=8545
rpc-http-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
rpc-http-cors-origins=["*"]
rpc-http-api-enable-unsafe-txsigning=true
rpc-ws-enabled=true
rpc-ws-host="0.0.0.0"
rpc-ws-port=8546
rpc-ws-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
# GraphQL
graphql-http-enabled=true
graphql-http-host="0.0.0.0"
graphql-http-port=8547
# Metrics
metrics-enabled=true
metrics-host="0.0.0.0"
metrics-port=9545
# Logging
logging="INFO"
log-destination="CONSOLE"
# Sync
sync-mode="FULL"
fast-sync-min-peers=2
# Privacy
privacy-enabled=false
# Mining
miner-enabled=false
# QBFT
qbft-enabled=true

52
config/generated-node-configs/config-1503.toml
View File

@@ -1,52 +0,0 @@
# Besu Configuration for besu-sentry-4 (VMID: 1503)
# Generated baseline sentry config promoted into first-class repo coverage.
data-path="/data/besu"
genesis-file=""
# Network
network-id=138
p2p-host="192.168.11.153"
p2p-port=30303
max-peers=32
discovery-enabled=true
# RPC
rpc-http-enabled=true
rpc-http-host="0.0.0.0"
rpc-http-port=8545
rpc-http-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
rpc-http-cors-origins=["*"]
rpc-http-api-enable-unsafe-txsigning=true
rpc-ws-enabled=true
rpc-ws-host="0.0.0.0"
rpc-ws-port=8546
rpc-ws-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
# GraphQL
graphql-http-enabled=true
graphql-http-host="0.0.0.0"
graphql-http-port=8547
# Metrics
metrics-enabled=true
metrics-host="0.0.0.0"
metrics-port=9545
# Logging
logging="INFO"
log-destination="CONSOLE"
# Sync
sync-mode="FULL"
fast-sync-min-peers=2
# Privacy
privacy-enabled=false
# Mining
miner-enabled=false
# QBFT
qbft-enabled=true

52
config/generated-node-configs/config-1504.toml
View File

@@ -1,52 +0,0 @@
# Besu Configuration for besu-sentry-ali (VMID: 1504)
# Generated baseline sentry config promoted into first-class repo coverage.
data-path="/data/besu"
genesis-file=""
# Network
network-id=138
p2p-host="192.168.11.154"
p2p-port=30303
max-peers=32
discovery-enabled=true
# RPC
rpc-http-enabled=true
rpc-http-host="0.0.0.0"
rpc-http-port=8545
rpc-http-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
rpc-http-cors-origins=["*"]
rpc-http-api-enable-unsafe-txsigning=true
rpc-ws-enabled=true
rpc-ws-host="0.0.0.0"
rpc-ws-port=8546
rpc-ws-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
# GraphQL
graphql-http-enabled=true
graphql-http-host="0.0.0.0"
graphql-http-port=8547
# Metrics
metrics-enabled=true
metrics-host="0.0.0.0"
metrics-port=9545
# Logging
logging="INFO"
log-destination="CONSOLE"
# Sync
sync-mode="FULL"
fast-sync-min-peers=2
# Privacy
privacy-enabled=false
# Mining
miner-enabled=false
# QBFT
qbft-enabled=true

3
config/generated-node-configs/config-1507.toml
View File

@@ -8,7 +8,7 @@ genesis-file=""
network-id=138
p2p-host="192.168.11.244"
p2p-port=30303
max-peers=40
max-peers=32
discovery-enabled=true
# RPC
@@ -40,7 +40,6 @@ log-destination="CONSOLE"
# Sync
sync-mode="FULL"
tx-pool-max-future-by-sender=1
fast-sync-min-peers=2
# Privacy

3
config/generated-node-configs/config-1508.toml
View File

@@ -8,7 +8,7 @@ genesis-file=""
network-id=138
p2p-host="192.168.11.245"
p2p-port=30303
max-peers=40
max-peers=32
discovery-enabled=true
# RPC
@@ -40,7 +40,6 @@ log-destination="CONSOLE"
# Sync
sync-mode="FULL"
tx-pool-max-future-by-sender=1
fast-sync-min-peers=2
# Privacy

53
config/generated-node-configs/config-1509.toml
View File

@@ -1,53 +0,0 @@
# Besu Configuration for besu-sentry-thirdweb-01 (VMID: 1509)
# Generated canonical per-node config for promoted sentry inventory.
data-path="/data/besu"
genesis-file=""
# Network
network-id=138
p2p-host="192.168.11.219"
p2p-port=30303
max-peers=40
discovery-enabled=true
# RPC
rpc-http-enabled=true
rpc-http-host="0.0.0.0"
rpc-http-port=8545
rpc-http-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
rpc-http-cors-origins=["*"]
rpc-http-api-enable-unsafe-txsigning=true
rpc-ws-enabled=true
rpc-ws-host="0.0.0.0"
rpc-ws-port=8546
rpc-ws-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
# GraphQL
graphql-http-enabled=true
graphql-http-host="0.0.0.0"
graphql-http-port=8547
# Metrics
metrics-enabled=true
metrics-host="0.0.0.0"
metrics-port=9545
# Logging
logging="INFO"
log-destination="CONSOLE"
# Sync
sync-mode="FULL"
tx-pool-max-future-by-sender=1
fast-sync-min-peers=2
# Privacy
privacy-enabled=false
# Mining
miner-enabled=false
# QBFT
qbft-enabled=true

53
config/generated-node-configs/config-1510.toml
View File

@@ -1,53 +0,0 @@
# Besu Configuration for besu-sentry-thirdweb-02 (VMID: 1510)
# Generated canonical per-node config for promoted sentry inventory.
data-path="/data/besu"
genesis-file=""
# Network
network-id=138
p2p-host="192.168.11.220"
p2p-port=30303
max-peers=40
discovery-enabled=true
# RPC
rpc-http-enabled=true
rpc-http-host="0.0.0.0"
rpc-http-port=8545
rpc-http-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
rpc-http-cors-origins=["*"]
rpc-http-api-enable-unsafe-txsigning=true
rpc-ws-enabled=true
rpc-ws-host="0.0.0.0"
rpc-ws-port=8546
rpc-ws-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
# GraphQL
graphql-http-enabled=true
graphql-http-host="0.0.0.0"
graphql-http-port=8547
# Metrics
metrics-enabled=true
metrics-host="0.0.0.0"
metrics-port=9545
# Logging
logging="INFO"
log-destination="CONSOLE"
# Sync
sync-mode="FULL"
tx-pool-max-future-by-sender=1
fast-sync-min-peers=2
# Privacy
privacy-enabled=false
# Mining
miner-enabled=false
# QBFT
qbft-enabled=true

4
config/generated-node-configs/config-2500.toml
View File

@@ -9,8 +9,8 @@ genesis-file=""
network-id=138
p2p-host="192.168.11.172"
p2p-port=30303
max-peers=40
discovery-enabled=false
max-peers=32
discovery-enabled=true
# RPC - Full Function (can deploy contracts, execute writes)
rpc-http-enabled=true

4
config/generated-node-configs/config-2501.toml
View File

@@ -9,8 +9,8 @@ genesis-file=""
network-id=138
p2p-host="192.168.11.173"
p2p-port=30303
max-peers=40
discovery-enabled=false
max-peers=32
discovery-enabled=true
# RPC - Standard Base (read-only, no admin APIs)
rpc-http-enabled=true

4
config/generated-node-configs/config-2502.toml
View File

@@ -9,8 +9,8 @@ genesis-file=""
network-id=138
p2p-host="192.168.11.174"
p2p-port=30303
max-peers=40
discovery-enabled=false
max-peers=32
discovery-enabled=true
# RPC - Standard Base (read-only, no admin APIs)
rpc-http-enabled=true

4
config/generated-node-configs/config-2503.toml
View File

@@ -9,8 +9,8 @@ genesis-file=""
network-id=138
p2p-host="192.168.11.246"
p2p-port=30303
max-peers=40
discovery-enabled=false
max-peers=32
discovery-enabled=true
# RPC - Full Function (can deploy contracts, execute writes)
rpc-http-enabled=true

4
config/generated-node-configs/config-2504.toml
View File

@@ -9,8 +9,8 @@ genesis-file=""
network-id=138
p2p-host="192.168.11.247"
p2p-port=30303
max-peers=40
discovery-enabled=false
max-peers=32
discovery-enabled=true
# RPC - Standard Base (read-only, no admin APIs)
rpc-http-enabled=true

4
config/generated-node-configs/config-2505.toml
View File

@@ -9,8 +9,8 @@ genesis-file=""
network-id=138
p2p-host="192.168.11.248"
p2p-port=30303
max-peers=40
discovery-enabled=false
max-peers=32
discovery-enabled=true
# RPC - Standard Base (read-only, no admin APIs)
rpc-http-enabled=true

16
config/generated-node-configs/service-1500.service
View File

@@ -1,16 +0,0 @@
[Unit]
Description=Hyperledger Besu
After=network.target
[Service]
Type=simple
User=besu
Group=besu
ExecStart=/opt/besu/bin/besu --config-file=/etc/besu/config.toml
Restart=always
RestartSec=10
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target

16
config/generated-node-configs/service-1501.service
View File

@@ -1,16 +0,0 @@
[Unit]
Description=Hyperledger Besu
After=network.target
[Service]
Type=simple
User=besu
Group=besu
ExecStart=/opt/besu/bin/besu --config-file=/etc/besu/config.toml
Restart=always
RestartSec=10
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target

16
config/generated-node-configs/service-1502.service
View File

@@ -1,16 +0,0 @@
[Unit]
Description=Hyperledger Besu
After=network.target
[Service]
Type=simple
User=besu
Group=besu
ExecStart=/opt/besu/bin/besu --config-file=/etc/besu/config.toml
Restart=always
RestartSec=10
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target

16
config/generated-node-configs/service-1503.service
View File

@@ -1,16 +0,0 @@
[Unit]
Description=Hyperledger Besu
After=network.target
[Service]
Type=simple
User=besu
Group=besu
ExecStart=/opt/besu/bin/besu --config-file=/etc/besu/config.toml
Restart=always
RestartSec=10
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target

16
config/generated-node-configs/service-1504.service
View File

@@ -1,16 +0,0 @@
[Unit]
Description=Hyperledger Besu
After=network.target
[Service]
Type=simple
User=besu
Group=besu
ExecStart=/opt/besu/bin/besu --config-file=/etc/besu/config.toml
Restart=always
RestartSec=10
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target

16
config/generated-node-configs/service-1509.service
View File

@@ -1,16 +0,0 @@
[Unit]
Description=Hyperledger Besu
After=network.target
[Service]
Type=simple
User=besu
Group=besu
ExecStart=/opt/besu/bin/besu --config-file=/etc/besu/config.toml
Restart=always
RestartSec=10
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target

16
config/generated-node-configs/service-1510.service
View File

@@ -1,16 +0,0 @@
[Unit]
Description=Hyperledger Besu
After=network.target
[Service]
Type=simple
User=besu
Group=besu
ExecStart=/opt/besu/bin/besu --config-file=/etc/besu/config.toml
Restart=always
RestartSec=10
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target

13
config/gitea-workflow-templates/README.md
View File

@@ -1,13 +0,0 @@
# Gitea Actions workflow templates
Copy one of these into **your repo** as `.gitea/workflows/<workflow-name>.yml`, then set repo **Secrets** in Gitea (`PHOENIX_DEPLOY_URL`, `PHOENIX_DEPLOY_TOKEN`).
| Template | Use when |
|----------|----------|
| [`deploy-via-phoenix-api.yml`](deploy-via-phoenix-api.yml) | App/service with a row in `phoenix-deploy-api/deploy-targets.json` |
| [`validate-only.yml`](validate-only.yml) | Libraries/docs — CI gate only, no VM deploy |
| **[`repos/`](repos/README.md)** | **Concrete YAML** for DBIS, CROMERO, CurrenciCombo — copy into those Gitea repos |
See [docs/04-configuration/GITEA_REPO_VM_CD_CI_MATRIX.md](../../docs/04-configuration/GITEA_REPO_VM_CD_CI_MATRIX.md) for repo ↔ VM mapping.
**Operator checklist:** [docs/00-meta/GITEA_CD_OPERATOR_CHECKLIST.md](../../docs/00-meta/GITEA_CD_OPERATOR_CHECKLIST.md).

30
config/gitea-workflow-templates/deploy-via-phoenix-api.yml
View File

@@ -1,30 +0,0 @@
# Template — copy to YOUR_REPO/.gitea/workflows/<name>.yml and replace placeholders.
# Secrets (repo settings): PHOENIX_DEPLOY_URL, PHOENIX_DEPLOY_TOKEN
name: Deploy via Phoenix API
on:
push:
branches: [main, master]
workflow_dispatch:
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Trigger Phoenix deployment
env:
PHOENIX_DEPLOY_URL: ${{ secrets.PHOENIX_DEPLOY_URL }}
PHOENIX_DEPLOY_TOKEN: ${{ secrets.PHOENIX_DEPLOY_TOKEN }}
TARGET: default
run: |
set -euo pipefail
SHA="$(git rev-parse HEAD)"
BRANCH="$(git rev-parse --abbrev-ref HEAD)"
REPO="${{ gitea.repository }}"
curl -sSf -X POST "${PHOENIX_DEPLOY_URL}" \
-H "Authorization: Bearer ${PHOENIX_DEPLOY_TOKEN}" \
-H "Content-Type: application/json" \
-d "{\"repo\":\"${REPO}\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"${TARGET}\"}"

14
config/gitea-workflow-templates/repos/README.md
View File

@@ -1,14 +0,0 @@
# Ready-to-copy workflows (repo-specific)
Copy the matching file into **that** Gitea repo as `.gitea/workflows/<name>.yml`, then set secrets **`PHOENIX_DEPLOY_URL`**, **`PHOENIX_DEPLOY_TOKEN`**.
| File | Gitea `repo` | `target` | Notes |
|------|----------------|----------|--------|
| [`dbis-portal-live.yml`](dbis-portal-live.yml) | `Gov_Web_Portals/DBIS` | `dbis-portal-live` | CT 7804 portal |
| [`cromero-default.yml`](cromero-default.yml) | `d-bis/CROMERO` | `default` | NPM ecosystem build |
| [`currencicombo-default.yml`](currencicombo-default.yml) | `d-bis/CurrenciCombo` | `default` | Phoenix CT 8604 |
| — | `d-bis/explorer-monorepo` | `explorer-live` | Already in **explorer-monorepo** submodule: `.gitea/workflows/deploy-live.yml` |
| — | `Gov_Web_Portals/CyberSecur-Global` | `default` | In **CyberSecur-Global** repo: `.gitea/workflows/deploy-to-ct7810.yml` |
| — | `d-bis/cross-chain-pmm-lps` | _(validate only)_ | `.gitea/workflows/validate-capital-efficiency.yml` |
`d-bis/proxmox` uses monorepo workflows in-repo (no copy from here).

23
config/gitea-workflow-templates/repos/cromero-default.yml
View File

@@ -1,23 +0,0 @@
# Copy to d-bis/CROMERO → .gitea/workflows/deploy-via-phoenix.yml
# Secrets: PHOENIX_DEPLOY_URL, PHOENIX_DEPLOY_TOKEN
name: Deploy CROMERO (Phoenix)
on:
push:
branches: [main, master]
workflow_dispatch:
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Trigger Phoenix deployment
run: |
SHA="$(git rev-parse HEAD)"
BRANCH="$(git rev-parse --abbrev-ref HEAD)"
curl -sSf -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \
-H "Authorization: Bearer ${{ secrets.PHOENIX_DEPLOY_TOKEN }}" \
-H "Content-Type: application/json" \
-d "{\"repo\":\"d-bis/CROMERO\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"default\"}"

23
config/gitea-workflow-templates/repos/currencicombo-default.yml
View File

@@ -1,23 +0,0 @@
# Copy to d-bis/CurrenciCombo → .gitea/workflows/deploy-via-phoenix.yml
# Secrets: PHOENIX_DEPLOY_URL, PHOENIX_DEPLOY_TOKEN
name: Deploy CurrenciCombo (Phoenix)
on:
push:
branches: [main, master]
workflow_dispatch:
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Trigger Phoenix deployment
run: |
SHA="$(git rev-parse HEAD)"
BRANCH="$(git rev-parse --abbrev-ref HEAD)"
curl -sSf -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \
-H "Authorization: Bearer ${{ secrets.PHOENIX_DEPLOY_TOKEN }}" \
-H "Content-Type: application/json" \
-d "{\"repo\":\"d-bis/CurrenciCombo\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"default\"}"

23
config/gitea-workflow-templates/repos/dbis-portal-live.yml
View File

@@ -1,23 +0,0 @@
# Copy to Gov_Web_Portals/DBIS → .gitea/workflows/deploy-portal-live.yml
# Secrets: PHOENIX_DEPLOY_URL, PHOENIX_DEPLOY_TOKEN
name: Deploy DBIS portal (Phoenix)
on:
push:
branches: [main]
workflow_dispatch:
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Trigger Phoenix deployment
run: |
SHA="$(git rev-parse HEAD)"
BRANCH="$(git rev-parse --abbrev-ref HEAD)"
curl -sSf -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \
-H "Authorization: Bearer ${{ secrets.PHOENIX_DEPLOY_TOKEN }}" \
-H "Content-Type: application/json" \
-d "{\"repo\":\"Gov_Web_Portals/DBIS\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"dbis-portal-live\"}"

18
config/gitea-workflow-templates/validate-only.yml
View File

@@ -1,18 +0,0 @@
# Template — copy to YOUR_REPO/.gitea/workflows/validate.yml — adjust run steps.
name: Validate
on:
push:
branches: [main, master]
pull_request:
jobs:
validate:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Placeholder validation
run: |
echo "Replace this step with repo-specific checks (e.g. npm test, forge test)."

44
config/jurisdictions/catalog.v1.json
View File

@@ -1,44 +0,0 @@
{
"schemaVersion": "1.0.0",
"updatedAt": "2026-04-25T18:00:00Z",
"description": "Canonical jurisdiction catalog for multi-institution onboarding. Add rows as jurisdictions are formally in-scope. Legal review required before marking status production_ready.",
"jurisdictions": [
{
"id": "ID",
"label": "Indonesia",
"governingLawNote": "Indonesian law; BI and sector regulators — detail in compliance matrix, not legal advice.",
"regulatorsNote": "Bank Indonesia (BI); OJK where applicable — confirm with counsel.",
"activitiesInScope": ["payments_omnl", "server_funds_treasury", "rtgs_sidecars", "chain138_settlement_evidence"],
"activitiesExcluded": ["generic_securities_issuance_unless_scoped"],
"complianceMatrixPath": "docs/04-configuration/compliance-matrices/ID-INDONESIA/banking_v1.md",
"status": "pilot_ready",
"policyProfileIdsReferenced": [
"institutional_custody_skr_v1",
"server_funds_treasury_v1",
"infra_capacity_ops_v1"
]
},
{
"id": "GENERIC-COMMON-LAW-STUB",
"label": "Generic common-law banking stub (template)",
"governingLawNote": "Illustrative only — replace with real jurisdiction before production.",
"regulatorsNote": "Placeholder — no regulator list.",
"activitiesInScope": ["template_process_only"],
"activitiesExcluded": ["all_production_until_replaced"],
"complianceMatrixPath": "docs/04-configuration/compliance-matrices/GENERIC-COMMON-LAW-STUB/banking_v1.md",
"status": "template_only",
"policyProfileIdsReferenced": []
},
{
"id": "US-DELAWARE-CORP-STUB",
"label": "US Delaware corporate stub (draft second jurisdiction)",
"governingLawNote": "Illustrative corporate/treasury stub — not legal advice; replace with real federal/state matrix.",
"regulatorsNote": "Placeholder.",
"activitiesInScope": ["draft_matrix_training_only"],
"activitiesExcluded": ["all_production_until_replaced"],
"complianceMatrixPath": "docs/04-configuration/compliance-matrices/US-DELAWARE-CORP-STUB/banking_v1.md",
"status": "draft",
"policyProfileIdsReferenced": []
}
]
}

16
config/proxmox-operational-template.json
View File

@@ -47,20 +47,6 @@
"role": "firefly_npmplus_secondary_mim4u_mifos_support",
"ui_url": "https://192.168.11.12:8006",
"cluster_name": "h"
},
{
"hostname": "r630-03",
"mgmt_ipv4": "192.168.11.13",
"role": "besu_chain138_secondary_rpc_sentry_host",
"ui_url": "https://192.168.11.13:8006",
"cluster_name": "h"
},
{
"hostname": "r630-04",
"mgmt_ipv4": "192.168.11.14",
"role": "besu_chain138_additional_capacity_host",
"ui_url": "https://192.168.11.14:8006",
"cluster_name": "h"
}
],
"cluster_peering": {
@@ -79,7 +65,7 @@
},
"besu_chain138_peering_model": {
"chain_id": 138,
"summary": "Validators (1000\u20131004) \u2194 Sentries (1500\u20131510) \u2194 RPC tier (2101,2102,2103 core/admin, 2201 public, 2301,2303\u20132308 named/private, 2400\u20132403 thirdweb, 2500\u20132505 alltra/hybx). Use canonical roles doc for allowed adjacencies and ops.",
"summary": "Validators (1000\u20131004) \u2194 Sentries (1500\u20131506) \u2194 RPC tier (2101 core, 2201 public, 230x named, 240x thirdweb). Use canonical roles doc for allowed adjacencies and ops.",
"p2p_port_tcp_udp": 30303,
"doc_ref": "docs/02-architecture/CHAIN138_CANONICAL_NETWORK_ROLES_VALIDATORS_SENTRY_AND_RPC.md"
},

116
config/public-routing-coverage-matrix.json
View File

@@ -1,116 +0,0 @@
{
"schemaVersion": "1.0.0",
"updated": "2026-04-24",
"scope": "Current live Chain 138 ecosystem coverage for public stablecoins, top public assets, and near-term integration priorities.",
"homeChain": {
"chainId": 138,
"network": "DeFi Oracle Meta Mainnet",
"publicExitPrimitive": "WETH",
"publicExitStatus": "live_via_pmm_and_ccip"
},
"supportedBridgeDestinations": [
{ "chainId": 1, "name": "Ethereum Mainnet", "status": "live" },
{ "chainId": 10, "name": "Optimism", "status": "live" },
{ "chainId": 25, "name": "Cronos", "status": "live" },
{ "chainId": 56, "name": "BSC", "status": "live" },
{ "chainId": 100, "name": "Gnosis", "status": "live" },
{ "chainId": 137, "name": "Polygon", "status": "live" },
{ "chainId": 8453, "name": "Base", "status": "live" },
{ "chainId": 42161, "name": "Arbitrum One", "status": "live" },
{ "chainId": 42220, "name": "Celo", "status": "live" },
{ "chainId": 43114, "name": "Avalanche C-Chain", "status": "live" },
{ "chainId": 651940, "name": "ALL Mainnet", "status": "bridge_live_swap_inventory_pending" },
{ "chainId": 1111, "name": "Wemix", "status": "blocked_selector_not_supported" }
],
"stablecoinCoverage": [
{ "symbol": "USDT", "reachability": "strong", "mode": "direct_mirror_and_public_evm" },
{ "symbol": "USDC", "reachability": "strong", "mode": "direct_mirror_and_public_evm" },
{ "symbol": "DAI", "reachability": "strong", "mode": "indirect_via_weth_to_ethereum" },
{ "symbol": "USDS", "reachability": "strong", "mode": "indirect_via_weth_to_ethereum" },
{ "symbol": "PYUSD", "reachability": "medium", "mode": "destination_dex_dependent" },
{ "symbol": "USDe", "reachability": "medium", "mode": "destination_dex_dependent" },
{ "symbol": "USD1", "reachability": "medium", "mode": "destination_dex_dependent" },
{ "symbol": "USDG", "reachability": "medium", "mode": "destination_dex_dependent" },
{ "symbol": "RLUSD", "reachability": "medium", "mode": "destination_dex_dependent" },
{ "symbol": "USDF", "reachability": "medium", "mode": "destination_dex_dependent" },
{ "symbol": "BUIDL", "reachability": "low", "mode": "institutional_non_dex" },
{ "symbol": "USYC", "reachability": "low", "mode": "institutional_non_dex" },
{ "symbol": "JTRSY", "reachability": "low", "mode": "institutional_non_dex" },
{ "symbol": "XAUT", "reachability": "strong", "mode": "native_gold_family_on_home_chain" },
{ "symbol": "PAXG", "reachability": "medium", "mode": "destination_dex_dependent" }
],
"topAssetCoverage": [
{ "symbol": "ETH", "reachability": "strong", "mode": "direct_evm" },
{ "symbol": "LINK", "reachability": "strong", "mode": "direct_evm" },
{ "symbol": "AAVE", "reachability": "strong", "mode": "destination_dex_dependent" },
{ "symbol": "UNI", "reachability": "strong", "mode": "destination_dex_dependent" },
{ "symbol": "AVAX", "reachability": "strong", "mode": "destination_dex_dependent" },
{ "symbol": "BNB", "reachability": "strong", "mode": "destination_dex_dependent" },
{ "symbol": "CRO", "reachability": "strong", "mode": "destination_dex_dependent" },
{ "symbol": "BTC", "reachability": "weak", "mode": "non_evm_expansion_required" },
{ "symbol": "SOL", "reachability": "weak", "mode": "non_evm_expansion_required" },
{ "symbol": "TRX", "reachability": "weak", "mode": "non_evm_expansion_required" },
{ "symbol": "XRP", "reachability": "weak", "mode": "non_evm_expansion_required" },
{ "symbol": "ADA", "reachability": "weak", "mode": "non_evm_expansion_required" },
{ "symbol": "XMR", "reachability": "weak", "mode": "non_evm_expansion_required" },
{ "symbol": "ZEC", "reachability": "weak", "mode": "non_evm_expansion_required" },
{ "symbol": "XLM", "reachability": "weak", "mode": "non_evm_expansion_required" },
{ "symbol": "HBAR", "reachability": "weak", "mode": "non_evm_expansion_required" },
{ "symbol": "SUI", "reachability": "weak", "mode": "non_evm_expansion_required" }
],
"shortIntegrationLeaps": [
{
"id": "doc-chain138-live-weth-exits",
"title": "Normalize docs around live Chain 138 c* -> WETH exits",
"status": "done_now",
"impact": "high"
},
{
"id": "publish-destination-route-registry",
"title": "Publish per-chain destination route registry for supported EVM stablecoins and cW* surfaces",
"status": "todo",
"impact": "high"
},
{
"id": "promote-additional-public-stables",
"title": "Promote PYUSD, USDe, RLUSD, USD1, and USDG into named route-target review",
"status": "todo",
"impact": "high"
},
{
"id": "canonicalize-allmainnet-swap-surface",
"title": "Commit canonical ALL Mainnet router/factory/pool inventory",
"status": "todo",
"impact": "high"
},
{
"id": "publish-top50-coverage-matrix",
"title": "Track top public assets by direct, indirect, wrapped-only, or unsupported status",
"status": "done_now",
"impact": "medium"
}
],
"additionalComponentsRequired": [
{
"id": "non-evm-bridge-expansion",
"title": "Bridge and swap adapters for BTC, SOL, XRP, ADA, XLM, HBAR, SUI classes",
"status": "future"
},
{
"id": "wemix-ccip-selector-support",
"title": "Enable Wemix lane by resolving Chain 138 CCIP selector support",
"status": "blocked_external"
},
{
"id": "route-confidence-api",
"title": "Expose live route confidence in quote/build systems",
"status": "future"
}
],
"references": {
"ecosystemReport": "reports/status/LIVE_ECOSYSTEM_FINANCIAL_INVENTORY_AND_ROUTING_GAPS_20260424.md",
"routingStatusDoc": "docs/11-references/DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md",
"stablecoinRoutesDoc": "docs/11-references/DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md",
"allMainnetSurfaceConfig": "config/allmainnet-non-dodo-protocol-surface.json"
}
}

70
config/universal-resource-activation.policy-profile-registry.v1.schema.json
View File

@@ -1,70 +0,0 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/universal-resource-activation.policy-profile-registry.v1.json",
"title": "PolicyProfileRegistry",
"type": "object",
"required": ["schemaVersion", "profiles"],
"properties": {
"schemaVersion": { "type": "string", "minLength": 1 },
"updatedAt": { "type": "string" },
"description": { "type": "string" },
"profiles": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"required": [
"policyProfileId",
"version",
"jurisdictions",
"participantClasses",
"resourceFamilies",
"minimumGruGovernanceLevel"
],
"properties": {
"policyProfileId": { "type": "string", "minLength": 1 },
"version": { "type": "string", "minLength": 1 },
"effectiveFrom": { "type": "string" },
"effectiveTo": { "type": "string" },
"supersedes": { "type": "string" },
"jurisdictions": {
"type": "array",
"minItems": 1,
"items": { "type": "string" }
},
"participantClasses": {
"type": "array",
"minItems": 1,
"items": { "type": "string" }
},
"resourceFamilies": {
"type": "array",
"minItems": 1,
"items": { "type": "string" }
},
"tokenizationModesAllowed": {
"type": "array",
"items": { "type": "string" }
},
"ledgerModel": { "type": "string" },
"standards": {
"type": "array",
"items": { "type": "string" }
},
"minimumGruGovernanceLevel": {
"type": "integer",
"minimum": 0,
"maximum": 5
},
"complianceMatrixPaths": {
"type": "array",
"items": { "type": "string" }
},
"notes": { "type": "string" }
},
"additionalProperties": true
}
}
},
"additionalProperties": true
}

37
config/universal-resource-activation/MANIFEST_AUTOMATION_DESIGN.md
View File

@@ -1,37 +0,0 @@
# URA manifest — automation design
**Last updated:** 2026-04-25
**Status:** **Implemented in-repo:** fragment merge + strict closure gate + public Phoenix read for `policy-profiles.json` + ledger/settlement fragment CLIs + [`URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md`](../../docs/04-configuration/universal-resource-activation/URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md). Full OMNL ETL and GRU M00 diamond remain **operator/service** work; standalone `PolicyProfileRegistry` ships under `smom-dbis-138/contracts/universal-resource/`.
## Implemented
| Piece | Location |
|-------|----------|
| Merge fragments → validated manifest | `scripts/ura/merge-manifest-fragments.mjs` · `pnpm ura:merge-manifest` |
| Shared schema validation | `scripts/ura/lib/validate-ura-manifest.mjs` (used by `pnpm ura:validate` and merge) |
| Production placeholder gate | `scripts/ura/validate-manifest-closure.mjs` · `pnpm ura:validate-closure` (warn) / `pnpm ura:validate-closure:strict` (fail) · optional `URA_STRICT_CLOSURE=1` in `validate-config-files.sh` |
| Fragment drop zone | `manifest-fragments/README.md` |
| Public API: policy profiles | `GET /api/v1/universal-resource-activation/policy-profiles` on phoenix-deploy-api |
## Goals (remaining / service-bound)
- Generate fragments from **approved** ops forms, ledger exports, chain receipts (outside this repo or future ETL).
- Fail CI on **production** branches when closure rules violate (use `URA_STRICT_CLOSURE=1` on that pipeline).
## Pipeline (merge)
1. **Inputs:** JSON fragments under `manifest-fragments/*.json` (or another `--fragments-dir`).
2. **Merge:** Deterministic sort; `policyProfileRefs` union; resources/evidence by id with shallow merge.
3. **Validate:** Full JSON Schema + cross-checks (`validateUraManifestData`).
4. **Optional:** `--out path` to write; then review and replace `manifest.json` if intended.
## Non-goals
- Automatic legal classification of assets (human sign-off on matrices + profiles).
- Writing to chain or OMNL from this repo without separate deployment controls.
## Related
- [technical-specs/README.md](../../docs/04-configuration/universal-resource-activation/technical-specs/README.md) — normative **TS-*** specs for remaining operator work
- [`UNIVERSAL_RESOURCE_WIRING.md`](../../docs/04-configuration/universal-resource-activation/UNIVERSAL_RESOURCE_WIRING.md)
- [`scripts/validate/validate-ura-policy-profiles.mjs`](../../scripts/validate/validate-ura-policy-profiles.mjs)

23
config/universal-resource-activation/POLICY_PROFILES_REGISTRY.md
View File

@@ -1,23 +0,0 @@
# Policy profiles registry — doc control
**Last updated:** 2026-04-25
**Purpose:** Human-readable **change control** for rows in [`policy-profiles.json`](policy-profiles.json). Legal/risk owns interpretation; engineering owns schema conformance (`pnpm ura:validate-profiles`).
| `policyProfileId` | Version in registry | `effectiveFrom` | Legal / risk sign-off | Notes |
|-------------------|---------------------|-----------------|----------------------|-------|
| `institutional_custody_skr_v1` | 1 | 2026-04-25 | Pending — replace when signed | ID matrix: SKR / custody path |
| `server_funds_treasury_v1` | 1 | 2026-04-25 | Pending — replace when signed | ID matrix: server funds / OMNL |
| `infra_capacity_ops_v1` | 1 | 2026-04-25 | Pending — replace when signed | LAN internal capacity |
## Procedure
1. Add or bump `version` and `effectiveFrom` in `policy-profiles.json`; update this table with sign-off reference (ticket, memo id, or “N/A — internal only”).
2. Ensure [`manifest.json`](manifest.json) `policyProfileRefs` lists every profile used by a resource at the correct version.
3. Run `pnpm ura:validate && pnpm ura:validate-profiles`.
## Related
- [`UNIVERSAL_RESOURCE_POLICY_PROFILES.md`](../../docs/04-configuration/universal-resource-activation/UNIVERSAL_RESOURCE_POLICY_PROFILES.md)
- [`DBIS_RAIL_JURISDICTION_TRACEABILITY.md`](../../docs/dbis-rail/DBIS_RAIL_JURISDICTION_TRACEABILITY.md)
- **Public read:** `GET /api/v1/universal-resource-activation/policy-profiles` on phoenix-deploy-api (same auth rules as manifest; override via `UNIVERSAL_RESOURCE_POLICY_PROFILES_PATH`).
- **On-chain anchor (optional):** `smom-dbis-138/contracts/universal-resource/PolicyProfileRegistry.sol` — publish `contentHash` from `pnpm ura:profile-hash <policyProfileId>`; see [`GRU_REGISTRY_WIRING_CHECKLIST.md`](../../docs/runbooks/GRU_REGISTRY_WIRING_CHECKLIST.md) §6.

8
config/universal-resource-activation/integration/examples/ledger-snapshot.example.json
View File

@@ -1,8 +0,0 @@
{
"journalEntryId": "OMNL-JE-2026-00042",
"batchRef": "FINERACT-BATCH-88",
"postedAt": "2026-04-25T12:00:00Z",
"currency": "USD",
"amountMinor": "1000000",
"notes": "Illustrative export shape — replace with real OMNL/Fineract field names from your deployment."
}

10
config/universal-resource-activation/integration/omnl-ledger-mapping.v1.example.json
View File

@@ -1,10 +0,0 @@
{
"schemaVersion": "1.0.0",
"description": "Example mapping from Fineract/OMNL export fields to URA evidence package columns. Copy to omnl-ledger-mapping.v1.json when live.",
"evidencePackages": [
{
"evidencePackageId": "ura:pilot:evidence-register-bootstrap",
"accountingRefField": "journalEntryId"
}
]
}

48
config/universal-resource-activation/integration/omnl-ledger-mapping.v1.schema.json
View File

@@ -1,48 +0,0 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/omnl-ledger-mapping.v1.json",
"title": "OMNLLedgerMapping",
"type": "object",
"required": ["schemaVersion", "evidencePackages"],
"properties": {
"schemaVersion": { "type": "string", "const": "1.0.0" },
"description": { "type": "string" },
"resourceUpdates": {
"type": "array",
"items": {
"type": "object",
"required": ["resourceId", "quantityField"],
"properties": {
"resourceId": { "type": "string", "minLength": 1 },
"quantityField": { "type": "string", "description": "Dot path in ledger snapshot for quantity string" }
},
"additionalProperties": false
}
},
"evidencePackages": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"required": ["evidencePackageId"],
"properties": {
"evidencePackageId": { "type": "string", "minLength": 1 },
"accountingRefField": {
"type": "string",
"description": "Dot path into ledger snapshot JSON for accountingRef string (e.g. journalEntryId or omnl.batchRef)"
},
"quantityField": {
"type": "string",
"description": "Optional dot path for resource quantity string"
},
"resourceIdForQuantity": {
"type": "string",
"description": "If quantityField set, which resource row to patch"
}
},
"additionalProperties": false
}
}
},
"additionalProperties": false
}

38
config/universal-resource-activation/manifest-fragments/README.md
View File

@@ -1,38 +0,0 @@
# URA manifest fragments (optional)
**Purpose:** Drop partial JSON files here to **merge** onto the canonical [`../manifest.json`](../manifest.json) without hand-editing the full file. Used for ops overlays, environment-specific rows, or generated snippets.
## Fragment shape
Each `*.json` file (sorted by filename; skip `_prefix.json`) may contain any of:
| Key | Effect |
|-----|--------|
| `policyProfileRefs` | Union with manifest (same `id` + `version` deduped). |
| `resources` | Add or **shallow-merge** replace by `resourceId`. |
| `evidencePackages` | Add or **shallow-merge** replace by `evidencePackageId`. |
Top-level manifest fields (`schemaVersion`, `description`, …) come **only** from the `--base` file (default: `manifest.json`).
## Commands
```bash
pnpm ura:merge-manifest
# Validate merge and print counts (dry-run; does not write)
node scripts/ura/merge-manifest-fragments.mjs --out /tmp/merged.json
# Write merged JSON; inspect and copy into manifest.json if correct
```
After any manifest edit: `pnpm ura:validate && pnpm ura:validate-profiles`.
## Production gate
When pilots are closed, enforce no placeholders:
```bash
pnpm ura:validate-closure:strict
# Or: URA_STRICT_CLOSURE=1 bash scripts/validation/validate-config-files.sh
```
See [`MANIFEST_AUTOMATION_DESIGN.md`](../MANIFEST_AUTOMATION_DESIGN.md) and [`URA_PILOT_CLOSURE_RUNBOOK.md`](../../../docs/04-configuration/universal-resource-activation/URA_PILOT_CLOSURE_RUNBOOK.md).

58
config/universal-resource-activation/manifest.json
View File

@@ -1,7 +1,7 @@
{
"schemaVersion": "1.0.0",
"updatedAt": "2026-04-25T12:00:00Z",
"description": "Canonical in-repo store for universal resource activation (SKR, server funds, infra). Pilot-scoped resourceIds; jurisdiction ID for financial pilots per JURISDICTION_CATALOG and ID-INDONESIA matrix. Replace ura:participant:pilot-*-assign and evidence TBDs per URA_PILOT_CLOSURE_RUNBOOK.md. Run pnpm ura:validate && pnpm ura:validate-profiles in CI.",
"updatedAt": "2026-04-24T00:00:00Z",
"description": "Canonical in-repo store for universal resource activation (SKR, server funds, infra). Replace example-* rows in production; keep valid JSON and run scripts/validate/validate-universal-resource-activation.mjs in CI.",
"policyProfileRefs": [
{ "id": "institutional_custody_skr_v1", "version": "1" },
{ "id": "server_funds_treasury_v1", "version": "1" },
@@ -9,14 +9,14 @@
],
"resources": [
{
"resourceId": "ura:pilot-1:skr-custody-record",
"resourceId": "ura:example:skr-pilot-placeholder",
"schemaVersion": 1,
"displayName": "Pilot 1 — SKR / custody record",
"description": "PILOT-1 (Indonesia-scope): bind participant registry id, evidenceRefs, and custody evidence per URA_PILOT_CLOSURE_RUNBOOK.md and ID-INDONESIA compliance matrix.",
"displayName": "Example SKR / custody position (pilot template)",
"description": "Replace with a real safekeeping or strategic evidence-backed record. Not production.",
"family": "SKR_SAFEKEEPING",
"subType": "CUSTODY_STATEMENT",
"ownerParticipantId": "ura:participant:pilot-1-assign",
"jurisdiction": "ID",
"ownerParticipantId": "0x0000000000000000000000000000000000000000000000000000000000000000",
"jurisdiction": "TBD",
"policyProfileId": "institutional_custody_skr_v1",
"tokenizationMode": "NONE",
"quantity": "0",
@@ -25,17 +25,17 @@
"encumbranceState": "unencumbered",
"lifecycleState": "draft",
"deployabilityState": "informational_only",
"evidenceRefs": ["ura:evidence:pending-pilot-1-custody-package"]
"evidenceRefs": []
},
{
"resourceId": "ura:pilot-2:server-funds-treasury-pool",
"resourceId": "ura:example:server-funds-pilot",
"schemaVersion": 1,
"displayName": "Pilot 2 — Server funds treasury pool",
"description": "PILOT-2 (Indonesia-scope): OMNL + server-funds-sidecar SoR; replace accountingRef in evidence when ledger posts per runbook.",
"displayName": "Example server funds pool (pilot template)",
"description": "Logical funding resource; bind to OMNL/Fineract and server-funds-sidecar when SoR is frozen. Not a wallet balance.",
"family": "SERVER_FUNDS",
"subType": "TREASURY_POOL",
"ownerParticipantId": "ura:participant:pilot-2-assign",
"jurisdiction": "ID",
"ownerParticipantId": "0x0000000000000000000000000000000000000000000000000000000000000000",
"jurisdiction": "TBD",
"policyProfileId": "server_funds_treasury_v1",
"tokenizationMode": "NONE",
"quantity": "0",
@@ -44,16 +44,16 @@
"encumbranceState": "unencumbered",
"lifecycleState": "draft",
"deployabilityState": "funding_eligible",
"evidenceRefs": ["ura:evidence:pending-pilot-2-ledger-link"]
"evidenceRefs": []
},
{
"resourceId": "ura:pilot-3:infra-r630-01-api-small",
"resourceId": "ura:example:infra-r630-01-capacity",
"schemaVersion": 1,
"displayName": "Pilot 3 — Infra capacity (R630-01, api_small)",
"description": "PILOT-3: LAN ops capacity; link deploymentRef in evidence after non-prod deploy per runbook.",
"displayName": "Example R630-01 capacity slice (pilot template)",
"description": "Operational capacity record; not a tradable security. See reports/storage and ALL_VMIDS_ENDPOINTS for live inventory.",
"family": "INFRA_CAPACITY",
"subType": "BUNDLE",
"ownerParticipantId": "ura:participant:pilot-3-assign",
"ownerParticipantId": "0x0000000000000000000000000000000000000000000000000000000000000000",
"jurisdiction": "LAN",
"policyProfileId": "infra_capacity_ops_v1",
"tokenizationMode": "NONE",
@@ -62,26 +62,22 @@
"encumbranceState": "unencumbered",
"lifecycleState": "active",
"deployabilityState": "infra_allocatable",
"evidenceRefs": ["ura:evidence:pending-pilot-3-capacity-verify"]
"evidenceRefs": []
}
],
"evidencePackages": [
{
"evidencePackageId": "ura:pilot:evidence-register-bootstrap",
"evidencePackageId": "ura:example:evidence-ura-bootstrap",
"resourceIds": [
"ura:pilot-1:skr-custody-record",
"ura:pilot-2:server-funds-treasury-pool",
"ura:pilot-3:infra-r630-01-api-small"
"ura:example:skr-pilot-placeholder",
"ura:example:server-funds-pilot",
"ura:example:infra-r630-01-capacity"
],
"actionType": "REGISTER",
"initiator": "pilot_bootstrap",
"timestamp": "2026-04-25T12:00:00Z",
"reconciliationStatus": "open",
"custodyOrSourceEvidence": "PILOT-1: TBD — custodian statement or attestation hash per UNIVERSAL_RESOURCE_EVIDENCE_PACKAGE.md; remove when real ref linked.",
"accountingRef": "PILOT-2: TBD — OMNL/Fineract journal or batch id when server-funds path posts (see URA_PILOT_CLOSURE_RUNBOOK.md).",
"settlementOrChainRef": "PILOT-2/3: TBD — MintAuth messageId / tx hash / rail ref per DBIS_RAIL_TECHNICAL_SPEC_V1.md when settlement leg exists.",
"deploymentRef": "PILOT-3: TBD — VMID, FQDN, health URL after deploy per UNIVERSAL_RESOURCE_PILOT_PLAN.md.",
"explanation": "REGISTER package binding three pilots. Set reconciliationStatus to matched only after mandatory joins per UNIVERSAL_RESOURCE_EVIDENCE_PACKAGE.md and jurisdiction matrix rows."
"initiator": "repo_bootstrap",
"timestamp": "2026-04-24T00:00:00Z",
"reconciliationStatus": "matched",
"explanation": "Bootstrap example package linking the three template resources; replace with real packages per UNIVERSAL_RESOURCE_PILOT_PLAN.md"
}
]
}

53
config/universal-resource-activation/policy-profiles.json
View File

@@ -1,53 +0,0 @@
{
"schemaVersion": "1.0.0",
"updatedAt": "2026-04-25T00:00:00Z",
"description": "Machine-readable URA policy profile registry. Manifest policyProfileRefs must reference ids listed here. See UNIVERSAL_RESOURCE_POLICY_PROFILES.md and compliance-matrices/.",
"profiles": [
{
"policyProfileId": "institutional_custody_skr_v1",
"version": "1",
"effectiveFrom": "2026-04-25",
"jurisdictions": ["*", "ID"],
"participantClasses": ["institutional", "sovereign"],
"resourceFamilies": ["SKR_SAFEKEEPING", "STRATEGIC_RECORD"],
"tokenizationModesAllowed": ["NONE", "CLAIM", "ENTITLEMENT"],
"ledgerModel": "off_chain_omnl",
"standards": ["ISO20022_LOGGING"],
"minimumGruGovernanceLevel": 2,
"complianceMatrixPaths": [
"docs/04-configuration/compliance-matrices/ID-INDONESIA/banking_v1.md"
],
"notes": "SKR / custody evidence-backed; conservative transfer defaults per policy doc."
},
{
"policyProfileId": "server_funds_treasury_v1",
"version": "1",
"effectiveFrom": "2026-04-25",
"jurisdictions": ["*", "ID"],
"participantClasses": ["institutional", "sovereign"],
"resourceFamilies": ["SERVER_FUNDS"],
"tokenizationModesAllowed": ["NONE"],
"ledgerModel": "hybrid",
"standards": ["ISO20022_LOGGING", "TRAVEL_RULE"],
"minimumGruGovernanceLevel": 3,
"complianceMatrixPaths": [
"docs/04-configuration/compliance-matrices/ID-INDONESIA/banking_v1.md"
],
"notes": "Good-funds, GL mapping, holds/releases; Rail settlement when on-chain leg used."
},
{
"policyProfileId": "infra_capacity_ops_v1",
"version": "1",
"effectiveFrom": "2026-04-25",
"jurisdictions": ["*", "LAN"],
"participantClasses": ["institutional", "internal_ops"],
"resourceFamilies": ["INFRA_CAPACITY"],
"tokenizationModesAllowed": ["NONE", "ENTITLEMENT"],
"ledgerModel": "off_chain_omnl",
"standards": ["IPSAS"],
"minimumGruGovernanceLevel": 1,
"complianceMatrixPaths": [],
"notes": "Internal capacity; not a traded security by default."
}
]
}

20
config/universal-resource-activation/ura-production-ready.env.example
View File

@@ -1,20 +0,0 @@
# Copy to a path outside VCS (or set inline) and:
# export URA_PRODUCTION_ENV_FILE=/path/to/ura-production-ready.env
# pnpm ura:production-ready
# # or (staging: skips manifest strict closure; does NOT claim production evidence closure)
# URA_PRODUCTION_MODE=connectivity pnpm ura:production-ready
#
# shellcheck disable=SC2034
export PHOENIX_BASE_URL="https://phoenix.example.invalid"
export SERVER_FUNDS_SIDECAR_URL="https://server-funds-sidecar.example.invalid"
export POLICY_PROFILE_REGISTRY_ADDRESS="0x0000000000000000000000000000000000000000"
# export GRU_REQUIRED=1
# export GRU_M00_DIAMOND_ADDRESS="0x0000000000000000000000000000000000000000"
# export LEDGER_E2E_EVIDENCE_FILE="/path/to/ledger-ticket.md"
# export SETTLEMENT_E2E_EVIDENCE_FILE="/path/to/settlement-ticket.md"
# export REQUIRE_CUSTODY=1
# export CUSTODY_E2E_EVIDENCE_FILE="/path/to/custody-ticket.md"
# export COUNSEL_SIGNOFF_FILE="/path/to/counsel-signoff.pdf"

2
cross-chain-pmm-lps

Submodule cross-chain-pmm-lps updated: f8593b905f...1cf845cb3a

29
docs/00-meta/GITEA_CD_OPERATOR_CHECKLIST.md
View File

@@ -1,29 +0,0 @@
# Gitea CD/CI — operator checklist
Use this after changing **`phoenix-deploy-api/deploy-targets.json`** or adding workflows under **`config/gitea-workflow-templates/`**.
## One-time per application repo (on Gitea)
1. **Actions enabled** for the org/repo (Gitea settings).
2. **Secrets** on **that repo** (not only global):
- **`PHOENIX_DEPLOY_URL`** — full URL for `POST` (same shape as **`d-bis/proxmox`** workflows use), typically `http://<dev-vm>:4001/api/deploy` or HTTPS equivalent.
- **`PHOENIX_DEPLOY_TOKEN`** — bearer token accepted by Phoenix deploy API.
3. **Workflow file** in the repo: copy from [`config/gitea-workflow-templates/repos/README.md`](../config/gitea-workflow-templates/repos/README.md) or use the repos existing `.gitea/workflows/*.yml`.
## Phoenix deploy host (LAN)
1. **`git pull`** **proxmox** so **`deploy-targets.json`** and **`scripts/deployment/phoenix-deploy-*.sh`** match Gitea **`d-bis/proxmox`** `master` / `main`.
2. Restart or reinstall **phoenix-deploy-api** if you manage it via systemd (see **`phoenix-deploy-api/scripts/install-systemd.sh`**).
3. **`GITEA_TOKEN`** on that host must allow archive fetch for repos you deploy.
## Verify locally (proxmox clone)
```bash
bash scripts/validation/validate-phoenix-deploy-targets.sh phoenix-deploy-api/deploy-targets.json
bash scripts/verify/report-gitea-cd-parity.sh
```
## Canonical references
- [GITEA_REPO_VM_CD_CI_MATRIX.md](../04-configuration/GITEA_REPO_VM_CD_CI_MATRIX.md)
- [config/gitea-workflow-templates/README.md](../../config/gitea-workflow-templates/README.md)

6
docs/00-meta/NEXT_STEPS_INDEX.md
View File

@@ -1,9 +1,9 @@
# Next Steps — Index
**Last Updated:** 2026-04-29
**Last Updated:** 2026-04-23
**Purpose:** Single entry point for "what to do next." Pick by audience and granularity.
**Latest automation run (2026-04-29):** `./scripts/run-completable-tasks-from-anywhere.sh --json-out reports/status/run-completable-tasks-latest.json` (config + 61/61 on-chain + validation + non-EVM + reconcile-env). **`./scripts/run-all-operator-tasks-from-lan.sh --skip-backup --json-out reports/status/run-all-operator-tasks-latest.json`** (NPMplus + Blockscout verify). **`./scripts/deployment/run-all-next-steps-chain138.sh --skip-mirror --skip-mesh --skip-register-gru --json-out reports/status/run-all-next-steps-chain138-latest.json`** (preflight + 61/61 verify). **`./scripts/deployment/run-cw-remaining-steps.sh --verify`** (cW* MINTER/BURNER vs CW_BRIDGE_* on configured chains). **`./scripts/run-e2e-flow-tasks-full-parallel.sh --dry-run --json-out reports/status/run-e2e-flow-tasks-latest.json`**. Wrapper scripts are `chmod +x` for `run-completable-tasks-from-anywhere.sh` and `run-all-operator-tasks-from-lan.sh`. **Still external / capital-gated:** Trust/Ledger PRs, CRO/WEMIX CCIP, deep mainnet UniV2 cWUSDC/USDC TVL, HYBX 4.995 zip, NPMplus backup when `NPM_PASSWORD` unset. **Besu node lists:** push canonical `config/besu-node-lists/*` with `bash scripts/deploy-besu-node-lists-to-all.sh`; reload with `bash scripts/besu/restart-besu-reload-node-lists.sh` during a maintenance window if peers do not pick up static nodes without restart.
**Latest automation run (2026-04-23):** `./scripts/run-completable-tasks-from-anywhere.sh --dry-run --json-out reports/status/run-completable-tasks-latest.json` completed and `bash scripts/verify/run-all-validation.sh --skip-genesis --json-out reports/status/run-all-validation-latest.json` passed, refreshing the current 61/61 on-chain-aware no-LAN flow plus advisory Solana/Tron/XRPL status. `./scripts/run-all-operator-tasks-from-lan.sh --skip-backup` remains the LAN/operator follow-on when secrets and host access are available. **Besu node lists:** push canonical `config/besu-node-lists/*` with `bash scripts/deploy-besu-node-lists-to-all.sh`; reload with `bash scripts/besu/restart-besu-reload-node-lists.sh` during a maintenance window if peers do not pick up static nodes without restart.
**Documentation index:** [../MASTER_INDEX.md](../MASTER_INDEX.md) — canonical docs, deprecated list, and navigation.
**Repo-local recommendation tracker:** [REPO_LOCAL_RECOMMENDATIONS_STATUS.md](REPO_LOCAL_RECOMMENDATIONS_STATUS.md) — current slice of recommendations that can be advanced directly in this workspace.
@@ -16,7 +16,7 @@
| # | Action | Command / doc | Status |
|---|--------|----------------|--------|
| 1 | From anywhere: config + on-chain + validation | `./scripts/run-completable-tasks-from-anywhere.sh [--json-out reports/status/run-completable-tasks-latest.json]` | Done 2026-04-28 |
| 1 | From anywhere: config + on-chain + validation | `./scripts/run-completable-tasks-from-anywhere.sh [--json-out reports/status/run-completable-tasks-latest.json]` | Done 2026-04-23 |
| 2 | Before Chain 138 deploy: preflight (RPC, dotenv, nonce, cost) | `./scripts/deployment/preflight-chain138-deploy.sh [--cost]` | Done 2026-03-02 |
| 3 | **Chain 138 next steps (all in one):** preflight → mirror+pool → register c* as GRU → verify | `./scripts/deployment/run-all-next-steps-chain138.sh [--dry-run] [--skip-mirror] [--skip-register-gru] [--skip-verify]` | Done 2026-03-02 |
| 4 | Full deployment order (Phase 06) | [DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) | Remaining (Operator) |

4
docs/00-meta/TODOS_CONSOLIDATED.md
View File

@@ -1,7 +1,7 @@
# TODOs — Consolidated Task List
**Last Updated:** 2026-04-29
**Last verification run:** 2026-04-29 — completable ✅ (61/61 on-chain, ALL Mainnet CI gates), operator `--skip-backup` ✅ (NPMplus + Blockscout verify), **`run-all-next-steps-chain138.sh`** ✅ (preflight + verify; mirror/mesh/GRU skipped as already applied), **`run-cw-remaining-steps.sh --verify`** ✅, **E2E full-parallel** ✅ (dry-run + JSON). Prior 2026-04-28 snapshot remains for historical detail. Prior 2026-03-06 run: validate-config ✅, check-contracts, PMM pool balances ✅ (Pool 1: 2M/2M), preflight ✅, token-aggregation build ✅, E2E routing ✅ (37 domains, 0 failed). **Mint + add-liquidity** 2026-03-06: 1M each minted, 500k each added. **Next-steps check:** [NEXT_STEPS_LIST.md](NEXT_STEPS_LIST.md); B.1/B.2/B.3 partially blocked (WEMIX tabled; LINK relay runbook pending).
**Last Updated:** 2026-04-23
**Last verification run:** 2026-03-28 — completable ✅ (61/61 on-chain), operator `--skip-backup` ✅ (NPMplus 40 hosts updated, Blockscout verify batch). Prior 2026-03-06 run: validate-config ✅, check-contracts, PMM pool balances ✅ (Pool 1: 2M/2M), preflight ✅, token-aggregation build ✅, E2E routing ✅ (37 domains, 0 failed). **Mint + add-liquidity** 2026-03-06: 1M each minted, 500k each added. **Next-steps check:** [NEXT_STEPS_LIST.md](NEXT_STEPS_LIST.md); B.1/B.2/B.3 partially blocked (WEMIX tabled; LINK relay runbook pending).
**Purpose:** Single checklist of all next steps and remaining tasks. **Indonesia / HYBX-BATCH-001 zip (4.995 ship-ready):** [HYBX-BATCH-001 — transaction package ship-ready](#hybx-batch-001--transaction-package-ship-ready-4995) below. **Full execution order (multiple routes + liquidity):** [EXECUTION_CHECKLIST_MULTIPLE_ROUTES_AND_LIQUIDITY.md](EXECUTION_CHECKLIST_MULTIPLE_ROUTES_AND_LIQUIDITY.md). **Additional paths (registry, LiFi/Jumper, Etherlink, 13×13):** [ADDITIONAL_PATHS_AND_EXTENSIONS.md](../04-configuration/ADDITIONAL_PATHS_AND_EXTENSIONS.md). **Dotenv/markdown audit (required info, gaps, recommendations):** [DOTENV_AND_MARKDOWN_AUDIT_GAPS_AND_RECOMMENDATIONS.md](DOTENV_AND_MARKDOWN_AUDIT_GAPS_AND_RECOMMENDATIONS.md). Source of truth for the full list: [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md). **Token deployments remaining:** [TOKEN_CONTRACT_DEPLOYMENTS_REMAINING.md](../11-references/TOKEN_CONTRACT_DEPLOYMENTS_REMAINING.md). **Routing / swap / cross-chain:** [TASKS_ROUTING_SWAP_CROSSCHAIN.md](TASKS_ROUTING_SWAP_CROSSCHAIN.md) (A1A5, B1B8, C1C8, D1D3, E1E2). **Verified list (LAN/Operator):** [REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md](REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md) — run bash/curl to confirm; doc updated 2026-03-03.
**Quick run:** From anywhere (no LAN): `./scripts/run-completable-tasks-from-anywhere.sh [--json-out reports/status/run-completable-tasks-latest.json]`. Before Chain 138 deploy: `./scripts/deployment/preflight-chain138-deploy.sh [--cost]`. **Chain 138 next steps (all in one):** `./scripts/deployment/run-all-next-steps-chain138.sh [--dry-run] [--skip-mirror] [--skip-register-gru] [--skip-verify] [--json-out reports/status/run-all-next-steps-chain138-latest.json]` — preflight → mirror+pool → register c* as GRU → verify. From LAN with secrets: `./scripts/run-all-operator-tasks-from-lan.sh [--deploy] [--create-vms] [--json-out reports/status/run-all-operator-tasks-latest.json]`. **E2E flows (full parallel):** `./scripts/run-e2e-flow-tasks-full-parallel.sh [--dry-run] [--json-out reports/status/run-e2e-flow-tasks-latest.json]` — [TASKS_TO_INCREASE_ALL_E2E_FLOWS](TASKS_TO_INCREASE_ALL_E2E_FLOWS.md).

273
docs/02-architecture/DBIS_ECOSYSTEM_TECHNICAL_MASTER_PLAN.md
View File

@@ -1,273 +0,0 @@
# DBIS Ecosystem Technical Master Plan
**Last Updated:** 2026-04-24
**Audience:** Engineering, operators, architecture owners, and program owners
**Mode:** Execution-oriented umbrella root for the live and planned DBIS ecosystem
## 1. Purpose And Decision Rules
This document is the canonical ecosystem root for the DBIS stack across the main repo and materially relevant submodules. It does not replace the narrower plans. It sits above them, normalizes status and terminology, and defines which source wins when specialized documents disagree.
### Canonical source priority
When two documents disagree, use this order:
1. machine-readable config and trackers
2. implementation and validation scripts
3. specialized canonical docs and runbooks
4. older narrative plans
### Status vocabulary
- `live`: repo, operator runtime, and current evidence all support production use
- `partially live`: some production components are live, but important slices are still missing or constrained
- `repo-implemented`: implemented in repo or submodule, but not yet fully promoted operator-live
- `operator-only`: present or recoverable in runtime, but not fully codified in repo truth yet
- `planned`: intentionally designed, but not yet implemented enough to rely on
- `blocked external`: progress depends on vendor, network, institutional, or third-party inputs
- `retired`: no longer part of the target system except as history or compatibility residue
### Subordinate source plans
This umbrella root governs these narrower artifacts:
- [dbis_chain_138_technical_master_plan.md](/home/intlc/projects/proxmox/dbis_chain_138_technical_master_plan.md): Chain 138 infrastructure and runtime sub-plan
- [DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md](/home/intlc/projects/proxmox/docs/03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md): institutional settlement execution tracker
- [URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md](/home/intlc/projects/proxmox/docs/04-configuration/universal-resource-activation/URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md): policy and activation control-plane tracker
## 2. Current Live Ecosystem Baseline
### Baseline status map
| Subsystem | Current state | Status | Primary workstream | Canonical references |
|---|---|---:|---:|---|
| Besu / Chain 138 topology | 5 validators, canonical sentries and RPC tiers reconciled, duplicate legacy RPC CTs retired, cluster-wide inventory audit added | `live` | `W1` | [BESU_NODE_CONFIGURATION_MAP_20260424.md](/home/intlc/projects/proxmox/docs/06-besu/BESU_NODE_CONFIGURATION_MAP_20260424.md), [check-cluster-besu-inventory.sh](/home/intlc/projects/proxmox/scripts/verify/check-cluster-besu-inventory.sh) |
| DODO PMM / routing / public bridge surface | Chain 138 PMM core live; public routing surface codified; stablecoin and top-asset coverage documented, but route confidence is not yet first-class in quote APIs | `partially live` | `W2` | [DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md](/home/intlc/projects/proxmox/docs/11-references/DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md), [public-routing-coverage-matrix.json](/home/intlc/projects/proxmox/config/public-routing-coverage-matrix.json) |
| Explorer / RPC / public ingress | Explorer, RPC, and public ingress surfaces exist and are operator-usable; current runtime is healthy | `live` | `W1` | [RPC_ENDPOINTS_MASTER.md](/home/intlc/projects/proxmox/docs/04-configuration/RPC_ENDPOINTS_MASTER.md), [verify-end-to-end-routing.sh](/home/intlc/projects/proxmox/scripts/verify/verify-end-to-end-routing.sh) |
| Phoenix deploy API / deployment control | Phoenix deploy API, deploy targets, and repo validation are codified; broader control-plane integration is still being expanded | `partially live` | `W3` | [phoenix-deploy-api/server.js](/home/intlc/projects/proxmox/phoenix-deploy-api/server.js), [deploy-targets.json](/home/intlc/projects/proxmox/phoenix-deploy-api/deploy-targets.json) |
| URA manifest / policy profile flow | Manifest, policy profiles, registry hooks, merge/validate/smoke scripts, and ops-readiness surfaces exist in repo | `repo-implemented` | `W4` | [README.md](/home/intlc/projects/proxmox/docs/04-configuration/universal-resource-activation/README.md), [manifest.json](/home/intlc/projects/proxmox/config/universal-resource-activation/manifest.json), [policy-profiles.json](/home/intlc/projects/proxmox/config/universal-resource-activation/policy-profiles.json) |
| RTGS / DBIS Rail / OMNL / sidecars | execution trackers, catalogs, and first-slice architecture are substantial; some sidecar and institutional paths remain gated by operator work and external parties | `partially live` | `W5` | [DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md](/home/intlc/projects/proxmox/docs/03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md), [DBIS_RAIL_SETTLEMENT_EVENT_SOURCES.md](/home/intlc/projects/proxmox/docs/dbis-rail/DBIS_RAIL_SETTLEMENT_EVENT_SOURCES.md) |
| Hyperledger / identity / workflow stack | runtime status, identity decisions, and interoperability docs exist, but this is not yet a fully operator-live sovereign stack | `planned` | `W7` | [DBIS_HYPERLEDGER_RUNTIME_STATUS.md](/home/intlc/projects/proxmox/docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md), [DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md](/home/intlc/projects/proxmox/docs/03-deployment/DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md) |
| Proxmox / NPMplus / operator automation | Proxmox topology, audits, NPMplus/Gitea TLS checks, operator wrappers, and evidence scripts are live and actively used | `live` | `W8` | [PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md](/home/intlc/projects/proxmox/docs/03-deployment/PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md), [proxmox-operational-template.json](/home/intlc/projects/proxmox/config/proxmox-operational-template.json), [monitor-blockchain-health.sh](/home/intlc/projects/proxmox/scripts/monitoring/monitor-blockchain-health.sh) |
### Baseline summary by subsystem
#### Besu / Chain 138 topology and role model
The canonical Besu fleet now spans all current Proxmox cluster hosts, with reconciled validators, sentries, RPC classes, and an explicit cluster inventory audit. The current baseline supports healthy block production, empty txpool checks, and host-placement reconciliation as operator truth.
#### DODO PMM / routing / public-network bridge surface
Chain 138 has live PMM infrastructure, stablecoin and compliant asset inventory, and a documented path from Chain 138 assets through `WETH` to supported public EVM surfaces. Public coverage is now documented, but route selection still lacks a native confidence and policy gate.
#### Explorer / RPC / public ingress
Public ingress, explorer surfaces, and RPC endpoint classes are live enough for current operator use. The topology is healthier and more explicit than before, but still benefits from further control-plane normalization.
#### Phoenix deploy API / deployment control surfaces
Phoenix has codified deploy targets, API routes, and validation gates. It is already a real deployment surface, but not yet the full policy-aware orchestration layer for route, institution, and activation decisions.
#### URA manifest and policy-profile flow
URA now has repo-native manifests, policy profiles, validation scripts, smoke tests, and a growing ops-readiness surface. The on-chain `PolicyProfileRegistry` in `smom-dbis-138` gives this stack a credible path from docs/config into enforceable control-plane state.
#### RTGS / DBIS Rail / OMNL / settlement sidecar baseline
The institutional settlement stack has real architecture, trackers, and execution references, including sidecar and OMNL evidence structures. It is substantial and strategically important, but still mixed between repo-implemented, operator-only, and blocked-external slices.
#### Hyperledger / identity / workflow runtime status
Identity and workflow architecture is clearly represented, but it remains more of a governed design direction than a fully promoted live runtime slice today.
#### Proxmox / NPMplus / operator automation baseline
The operator layer is one of the strongest current pieces: Proxmox inventory, Besu fleet audits, cert checks, validation wrappers, and deployment scripts now create a meaningful operational backbone for the ecosystem.
## 3. Target-State Architecture
### Sovereign compute and network topology
The target state is a multi-host sovereign Proxmox fabric with explicit node-class ownership, reconciled cluster inventory, deterministic Besu topology, and auditable ingress/control paths. Live runtime and checked-in template truth should converge, with cluster-resource discovery replacing host-blind assumptions.
### Settlement and routing plane
The routing plane should unify Chain 138 PMM liquidity, public EVM bridge exits, ALL Mainnet venue surface, and destination-chain liquidity into one evidence-backed routing layer. The target is not merely “can bridge” or “can swap,” but “can produce a policy-permitted route with current evidence and measurable confidence.”
### Policy and activation control plane
The canonical next-generation control plane is:
`URA manifest + policy profiles + PolicyProfileRegistry + route confidence`
This pattern should govern what is activated, where it is allowed, how it is quoted, and what evidence is required. It should integrate Phoenix deploy/control APIs, jurisdiction matrices, DBIS Rail gating, and on-chain publication where needed.
### Institutional RTGS / DBIS Rail / custody plane
The target institutional layer is a composable RTGS and DBIS Rail stack with explicit custody models, sidecar boundaries, settlement event sources, and compliance traceability. It should be capable of supporting first-slice operator reality while leaving room for more sovereign custody and settlement controls over time.
### Deployment and orchestration plane
Phoenix, operator wrappers, deploy manifests, and machine-readable trackers should converge into a single orchestration layer that knows what can be deployed, under what policy profile, and with what acceptance evidence.
### Identity / workflow / interoperability plane
Hyperledger, workflow, and identity systems should evolve from strategic design documents into explicitly gated environment slices with clear runtime ownership, integration boundaries, and promotion criteria.
### Observability / evidence / audit plane
The ecosystem should continuously produce validation outputs, cluster inventory, route coverage, and operator readiness evidence. The goal is for production gates to consume machine-readable proof, not just narrative claims.
## 4. Execution Workstreams
### W1. Besu / Chain 138 infrastructure and RPC topology
| Field | Value |
|---|---|
| Objective | Keep Chain 138 and the Besu fleet healthy, reconciled, and template-aligned across all cluster hosts |
| In-scope components | validators, sentries, RPC tiers, allowlists, generated node configs, Proxmox/Besu inventory and audits |
| Dependencies | Proxmox inventory truth, host placement, generated Besu configs, operator runbooks |
| Production gate | healthy block production, empty txpool or explained pending state, no canonical Besu inventory gaps |
| Evidence / output artifact | [check-cluster-besu-inventory.sh](/home/intlc/projects/proxmox/scripts/verify/check-cluster-besu-inventory.sh), [monitor-blockchain-health.sh](/home/intlc/projects/proxmox/scripts/monitoring/monitor-blockchain-health.sh) |
| Owner class | `mixed` |
### W2. Liquidity, PMM, bridge, and public routing coverage
| Field | Value |
|---|---|
| Objective | Turn current PMM and bridge capability into explicit, evidence-backed public routing coverage |
| In-scope components | DODO PMM, wrapped/public inventory, bridge receiver mapping, public routing matrix, destination DEX coverage |
| Dependencies | Chain 138 liquidity, bridge configs, destination-chain liquidity discovery, routing docs |
| Production gate | route coverage matrix current, bridge destination support explicit, stablecoin and top-asset tiers documented |
| Evidence / output artifact | [public-routing-coverage-matrix.json](/home/intlc/projects/proxmox/config/public-routing-coverage-matrix.json), [LIVE_ECOSYSTEM_FINANCIAL_INVENTORY_AND_ROUTING_GAPS_20260424.md](/home/intlc/projects/proxmox/reports/status/LIVE_ECOSYSTEM_FINANCIAL_INVENTORY_AND_ROUTING_GAPS_20260424.md) |
| Owner class | `mixed` |
### W3. Phoenix deploy/control-plane integration
| Field | Value |
|---|---|
| Objective | Make Phoenix the reliable orchestration and exposure surface for deployable ecosystem services |
| In-scope components | `phoenix-deploy-api`, deploy targets, deploy validation, public-sector and URA API surfaces |
| Dependencies | deploy-target accuracy, validation scripts, environment readiness, Gitea/Cloudflare/NPMplus stability |
| Production gate | deploy targets validate, Phoenix routes expose canonical manifests and control-plane surfaces, operator handoff remains current |
| Evidence / output artifact | [validate-config-files.sh](/home/intlc/projects/proxmox/scripts/validation/validate-config-files.sh), [phoenix-deploy-api/openapi.yaml](/home/intlc/projects/proxmox/phoenix-deploy-api/openapi.yaml) |
| Owner class | `mixed` |
### W4. URA manifest, policy profiles, registry, and route confidence
| Field | Value |
|---|---|
| Objective | Promote URA and policy profiles into the canonical activation and routing control plane |
| In-scope components | URA manifest, profile registry, merge/validate tooling, `PolicyProfileRegistry.sol`, route-confidence scoring, policy-aware quote/build interfaces |
| Dependencies | URA schemas, profile validation, Phoenix integration, DBIS Rail policy mapping, route evidence |
| Production gate | manifest and profiles validate, registry paths are coherent, route-confidence schema exists, quote/build surfaces can consume policy state |
| Evidence / output artifact | [URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md](/home/intlc/projects/proxmox/docs/04-configuration/universal-resource-activation/URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md), [PolicyProfileRegistry.sol](/home/intlc/projects/proxmox/smom-dbis-138/contracts/universal-resource/PolicyProfileRegistry.sol) |
| Owner class | `repo` |
### W5. DBIS RTGS / DBIS Rail / OMNL / settlement sidecars
| Field | Value |
|---|---|
| Objective | Convert the institutional settlement stack from fragmented plans into a staged production program |
| In-scope components | RTGS first slice, DBIS Rail, OMNL mappings, settlement event sources, custody and sidecar boundaries |
| Dependencies | policy profiles, jurisdiction traceability, institutional onboarding, external counterparties |
| Production gate | first-slice controls and sidecar boundaries explicit, evidence sources mapped, operator runbooks and checklists current |
| Evidence / output artifact | [DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md](/home/intlc/projects/proxmox/docs/03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md), [DBIS_RAIL_JURISDICTION_TRACEABILITY.md](/home/intlc/projects/proxmox/docs/dbis-rail/DBIS_RAIL_JURISDICTION_TRACEABILITY.md) |
| Owner class | `mixed` |
### W6. Jurisdiction / compliance and onboarding matrices
| Field | Value |
|---|---|
| Objective | Turn compliance and jurisdiction documentation into executable governance inputs for the ecosystem |
| In-scope components | jurisdiction catalog, compliance matrices, onboarding charter/playbook, DBIS Rail traceability links |
| Dependencies | policy profiles, RTGS/DBIS Rail architecture, institution onboarding references |
| Production gate | jurisdiction catalog current, matrix docs mapped to policy profiles, onboarding outputs traceable to control-plane requirements |
| Evidence / output artifact | [config/jurisdictions/catalog.v1.json](/home/intlc/projects/proxmox/config/jurisdictions/catalog.v1.json), [compliance-matrices/README.md](/home/intlc/projects/proxmox/docs/04-configuration/compliance-matrices/README.md) |
| Owner class | `repo` |
### W7. Identity / Hyperledger / interoperability stack
| Field | Value |
|---|---|
| Objective | Mature identity and interoperability architecture into a staged runtime program |
| In-scope components | Hyperledger runtime decisions, identity stack, workflow runtime, interoperability surfaces |
| Dependencies | sovereign compute readiness, institutional workstreams, policy controls, operator ownership |
| Production gate | runtime topology, ownership, and promotion criteria explicit enough to move from design into implementation slices |
| Evidence / output artifact | [DBIS_HYPERLEDGER_RUNTIME_STATUS.md](/home/intlc/projects/proxmox/docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md), [DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md](/home/intlc/projects/proxmox/docs/03-deployment/DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md) |
| Owner class | `planned` |
### W8. Observability, verification, evidence, and operator readiness
| Field | Value |
|---|---|
| Objective | Ensure the ecosystem can prove readiness and health through machine-readable evidence and operator workflows |
| In-scope components | validation wrappers, cluster audits, cert checks, route/readiness evidence, operator handoffs, deployment readiness artifacts |
| Dependencies | stable inventories, maintained runbooks, validation scripts, current indexes |
| Production gate | operator wrappers current, key cert/health checks automated, evidence docs indexed, validation gates passing |
| Evidence / output artifact | [run-all-validation.sh](/home/intlc/projects/proxmox/scripts/verify/run-all-validation.sh), [OPERATOR_HANDOFF_2026_04_24.md](/home/intlc/projects/proxmox/docs/00-meta/OPERATOR_HANDOFF_2026_04_24.md) |
| Owner class | `mixed` |
## 5. Near-Term Roadmap (012 Months)
### 03 months
- keep W1 healthy and template-aligned across all current cluster hosts
- finish promoting W4 from repo-implemented to operator-usable for manifest, policy profile, and registry paths
- wire route confidence into the same machine-readable family as URA and public routing coverage
- keep Phoenix deploy/control surfaces aligned with current manifests and deploy targets
### 36 months
- promote W2 from documented routing potential to policy-aware route coverage
- advance W5 first-slice institutional settlement and sidecar gates with evidence-backed operator readiness
- formalize W6 so jurisdiction and onboarding matrices act as real control inputs, not passive references
### 612 months
- integrate URA + policy profiles + route confidence into Phoenix/API quote/build surfaces
- make W8 evidence and operator readiness outputs sufficient for routine promotion gates
- move selected W7 identity/interoperability pieces from design status into repo-implemented slices where source-of-truth and ownership are explicit
## 6. Longer-Horizon Roadmap (1236 Months)
- deepen sovereignization of compute, control, and settlement dependencies
- expand beyond the current EVM-heavy bridge/routing surface into non-EVM lanes where evidence and policy can be enforced cleanly
- mature DBIS Rail, RTGS, and custody-sidecar systems into richer institutional operating models
- promote additional identity, workflow, and interoperability systems into governed runtime slices
- converge route-confidence, policy profiles, and settlement policy into one end-to-end institutional control plane
## 7. Open Blockers And External Dependencies
### Repo-solvable
- route-confidence schema and quote/build integration are not yet first-class
- Phoenix control-plane surfaces are not yet fully policy-aware
- some institutional and identity tracks remain split across multiple narrower docs without enough shared machine-readable state
### Operator-solvable
- some planned control-plane and settlement flows still depend on operator activation and deployment rather than fully codified automation
- runtime promotion for URA, sidecars, and some institutional slices still needs explicit environment rollout work
### External / vendor / network blockers
- counterparties, institutional integrations, and some network-specific dependencies remain outside repo control
- certain public-network and destination-liquidity expansions depend on third-party bridge, exchange, or ecosystem realities
- Wemix and other externally constrained paths remain subject to network or vendor-specific blockers
## Recommended Architectural Direction
The strongest near-term strategic recommendation is to adopt this as the canonical next-generation control-plane pattern:
`URA manifest + Policy Profile Registry + route confidence`
That pattern should be the bridge between:
- Phoenix deploy and control APIs
- jurisdiction and compliance matrices
- DBIS Rail and RTGS policy enforcement
- Besu/routing evidence and route selection
- on-chain publication of approved policy-profile state in `smom-dbis-138`
This is not distant speculation. It is the most important near-term architecture move because the repo already contains the beginnings of every major piece.

282
docs/02-architecture/GOVERNMENT_TREASURY_EMI_WALLET_MASTER_PLAN.md
View File

@@ -1,282 +0,0 @@
# Government Treasury, EMI, Digital Wallet and Regulated Settlement Master Plan
**Last updated:** 2026-04-28
**Audience:** Program owners, legal/compliance, treasury and banking ops, architecture, engineering
**Purpose:** Single umbrella plan for integrating **Electronic Money Institutions (EMIs)**, **digital wallets**, **virtual accounts** (including vendor patterns such as Tatum Virtual Accounts), **government treasuries**, **central banks / RTGS**, **fully licensed participants**, and **DBIS on-chain settlement and liquidity**—without conflating regulated fiat finality with blockchain authorization or DeFi-style liquidity.
**Non-goal:** This document is not legal advice. Counsel owns statute interpretation; this frames **artifacts**, **roles**, **system boundaries**, and **implementation gates**.
---
## 1. Executive Summary
DBIS already separates concerns correctly at the architectural core:
- **Regulated domain:** Fiat/e-money finality, accounting, sanctions/AML, institutional onboarding, evidence vaults, OMNL/Fineract postings, ISO-20022 evidence bundles.
- **Chain 138 domain:** Authorization integrity, participant/signer policy, replay protection, immutable settlement references, GRU mint gating—**not** “bank decides finality on-chain.”
See [DBIS_RAIL_TECHNICAL_SPEC_V1.md](../dbis-rail/DBIS_RAIL_TECHNICAL_SPEC_V1.md) §0§5 (design principle: *the chain never decides fiat finality*).
This master plan:
1. Places **EMIs**, **virtual accounts**, and **wallet APIs** in the regulated + ledger layers, with explicit mapping to URA families and policy profiles.
2. Treats **Tatum-style virtual accounts** as an **optional vendor pattern** for off-chain crypto/fiat ledgers parallel to public chains; **Chain 138** remains **custom-RPC / self-hosted** per [smom-dbis-138/docs/api/TATUM_SDK.md](../../smom-dbis-138/docs/api/TATUM_SDK.md).
3. Aligns **government treasury** and **central-bank-grade** narratives with [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](../03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md) truth: many institutional rows are **Partial** or **Planned**—the master plan labels gaps by owner type (counsel, implementation, operator, vendor).
4. Preserves **liquidity honesty**: [config/allmainnet-non-dodo-protocol-surface.json](../../config/allmainnet-non-dodo-protocol-surface.json) explicitly distinguishes bridge-live status from **same-chain swap inventory**—regulated claims must not treat pending DEX inventory as institutional liquidity.
---
## 2. Source-of-Truth Hierarchy
Per [DBIS_ECOSYSTEM_TECHNICAL_MASTER_PLAN.md](DBIS_ECOSYSTEM_TECHNICAL_MASTER_PLAN.md) §1, when artifacts disagree:
| Priority | Kind | Examples |
|----------|------|----------|
| 1 | Machine-readable config + trackers | `config/universal-resource-activation/manifest.json`, `config/jurisdictions/catalog.v1.json`, pool matrices, deployment-status JSON |
| 2 | Validation / implementation scripts | `scripts/verify/*`, `pnpm ura:*`, forge scoped tests |
| 3 | Specialized canonical docs | DBIS Rail specs, RTGS matrix, onboarding charter |
| 4 | Older narrative | Historical plans; use only if reconciled |
**Regulatory vs technical claims:** A statement may be “true in policy design” (Rail rulebook) but **not yet Complete** in [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](../03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md). External communications must distinguish **intent** from **production gate**.
---
## 3. Participant and Legal Taxonomy
Use consistent labels across onboarding, URA `ownerParticipantId`, DBIS Rail participant registry, and compliance matrices.
| Role | Typical licenses / regimes | DBIS alignment |
|------|----------------------------|----------------|
| **Government treasury** | Sovereign issuer / fiscal agent rules | Institution + jurisdiction-specific matrix rows; OMNL/treasury accounts |
| **Central bank / RTGS** | Central banking law, RTGS participation | Off-chain finality + ISO evidence; not “RTGS on Chain 138” unless contractually true |
| **Commercial bank** | Banking license, deposit-taking | FI participant; nostro/vostro; safeguarding vs deposits per jurisdiction |
| **EMI / E-money issuer** | EU EMI, UK EMI, analogous | `FIAT_DIGITAL`, safeguarding ledger, virtual IBAN patterns |
| **Payment institution** | PSD2-style, MSB-adjacent | Payment initiation / execution; evidence for good funds |
| **MSB / money transmitter** | FinCEN state overlays | MSB participant class in Rail spec |
| **CASP / VASP** | MiCA, national crypto regimes | Policy profiles for transferable vs restricted tokens |
| **Custodian / CSD** | Custody, CSD regulation | `SKR_SAFEKEEPING`, depository model in RTGS docs |
| **Wallet / tech provider** | Contractual + outsourcing | Not issuer of money unless licensed; keys + API custody boundaries |
| **Liquidity provider / PMM** | Market conduct, licensing per venue | PMM inventory **outside** customer e-money perimeter unless proven |
Definitions for **institution**, **jurisdiction**, **policy profile**, **complete**: [INSTITUTION_ONBOARDING_CHARTER.md](../04-configuration/compliance-matrices/INSTITUTION_ONBOARDING_CHARTER.md).
---
## 4. Money Model
### 4.1 Layers of money (conceptual)
| Layer | Examples | System-of-record |
|-------|----------|-------------------|
| Sovereign | CBDC, reserves at central bank | RTGS / CBDC operator |
| Bank money | Deposits, settlement balances | Bank core / correspondent |
| E-money | EMI-issued redeemable electronic money | EMI safeguarding + ledger |
| Ledger balances | Virtual accounts, app wallets | Operator ledger + reconciliation |
| Tokenized claims | Deposit tokens, fiat-backed stablecoins, GRU tiers | Issuer + attestation + chain contracts |
| PMM / DEX inventory | LP positions, pool reserves | **Market-making inventory**—not customer deposits unless segregated |
URA families anchor this: [UNIVERSAL_RESOURCE_ONTOLOGY.md](../04-configuration/universal-resource-activation/UNIVERSAL_RESOURCE_ONTOLOGY.md) (`FIAT_DIGITAL`, `SERVER_FUNDS`, `SKR_SAFEKEEPING`, etc.).
### 4.2 Non-confusion rule
**Customer safeguarded e-money** must never be silently modeled as **AMM inventory**. Treasury execution using PMM must pass **policy**, **limits**, and **segregation** controls documented under Rail + RTGS liquidity sections.
---
## 5. Ledger, Virtual Account, and Wallet Hierarchy
### 5.1 Regulated-domain ledger (target)
- **Omnibus / safeguarding** bank accounts (where jurisdiction requires).
- **Virtual accounts** (customer sub-ledgers): references mapped to OMNL/Fineract **accounts**, deterministic **`accountingRef`**, optional **vIBAN/UETR** correlation—pattern only until frozen with banking partners.
- **ISO-20022** message IDs feeding **MintAuth** (`messageId`, `isoHash`, `accountingRef`) per [DBIS_RAIL_TECHNICAL_SPEC_V1.md](../dbis-rail/DBIS_RAIL_TECHNICAL_SPEC_V1.md).
### 5.2 Virtual account integration (functional requirements)
| Requirement | Notes |
|-------------|--------|
| Single currency per logical pocket | Align with vendor patterns (e.g. Tatum VA: one currency per VA); multi-currency UX via customer grouping |
| Internal transfers | Instant ledger moves; no chain fee; full audit trail |
| Deposit mapping | Blockchain deposit address ↔ VA balance updates where custodial **public** chains use vendor indexing; **Chain 138** requires **self-hosted** indexer or gateway-fed events |
| Withdrawal | Ledger debit → chain payout from **treasury/pooled** on-chain inventory; operator-visible vs customer-visible segregation documented |
| Reconciliation | Daily tie-out: VA sum ↔ omnibus ↔ Chain 138 treasury wallets |
### 5.3 Chain-domain (Chain 138)
- **Operational wallets** for participants (allowlisted where Rail requires).
- **SettlementRouter / GRU** paths—authorization only after off-chain gates.
- **No fiat finality on-chain**—see Rail spec design principle.
### 5.4 Tatum and similar vendors
- **Tatum SDK + custom RPC** on Chain 138: raw JSON-RPC only; cloud Notifications/Data **do not** apply to unsupported/private chains—[TATUM_SDK.md](../../smom-dbis-138/docs/api/TATUM_SDK.md).
- **Tatum Virtual Accounts** (product pattern): off-chain ledger + deposit addresses + periodic sync to chain—see vendor docs (`docs.tatum.io/docs/virtual-accounts`). Access/pricing constraints are vendor-imposed; treat as **integration option** for **supported public chains**, not as Chain 138s regulated ledger.
- **Alternative:** Self-hosted VA ledger + OMNL as SoR + DBIS Rail MintAuth for token legs.
### 5.5 Wallet API custody tiers
| Tier | Typical stack | Regulatory touch |
|------|----------------|-------------------|
| Non-custodial | User keys | Gateway still does Travel Rule / sanctions as required |
| Custodial hot | Server/HSM | EMI client-money rules, safeguarding |
| MPC / institutional | Fireblocks-class | Custody agreements + attestations |
| Embedded / AA | thirdweb Engine etc. | Policy profiles + sponsor gas + limits |
Refs: [CHAIN138_WALLET_ECOSYSTEM_AND_RATIONALE.md](../04-configuration/CHAIN138_WALLET_ECOSYSTEM_AND_RATIONALE.md), [THIRDWEB_WALLETS_INTEGRATION.md](../04-configuration/THIRDWEB_WALLETS_INTEGRATION.md), [THIRDWEB_ENGINE_CHAIN_OVERRIDES.md](../04-configuration/THIRDWEB_ENGINE_CHAIN_OVERRIDES.md).
---
## 6. ISO, Evidence, and Mint Authorization Flow
End-to-end intent (see Rail technical spec §5):
1. ISO Gateway ingests messages → canonical bundle → `isoHash`, `messageId`.
2. Funds status: `ON_LEDGER_FINAL` vs `OFF_LEDGER_FINAL`.
3. Double-entry accounting → **`accountingRef`**.
4. Compliance gates → threshold signatures → **MintAuth** → SettlementRouter → GRU mint.
Evidence vault, 4.995-style packages, Indonesia pilot: [INDONESIA_PACKAGE_4_995_EVIDENCE_STANDARD.md](../04-configuration/mifos-omnl-central-bank/INDONESIA_PACKAGE_4_995_EVIDENCE_STANDARD.md), [DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md](../03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md).
---
## 7. Compliance and Licensing Model (EU / UK / US Anchors)
### 7.1 Repository anchors
| Mechanism | Path |
|-----------|------|
| Institution onboarding | [INSTITUTION_ONBOARDING_CHARTER.md](../04-configuration/compliance-matrices/INSTITUTION_ONBOARDING_CHARTER.md), [INSTITUTION_ONBOARDING_PLAYBOOK.md](../04-configuration/compliance-matrices/INSTITUTION_ONBOARDING_PLAYBOOK.md) |
| Jurisdiction catalog | [JURISDICTION_CATALOG.md](../04-configuration/jurisdictions/JURISDICTION_CATALOG.md), [config/jurisdictions/catalog.v1.json](../../config/jurisdictions/catalog.v1.json) |
| Policy profiles | [UNIVERSAL_RESOURCE_POLICY_PROFILES.md](../04-configuration/universal-resource-activation/UNIVERSAL_RESOURCE_POLICY_PROFILES.md), [policy-profiles.json](../../config/universal-resource-activation/policy-profiles.json) |
| Rail controls | [DBIS_RAIL_JURISDICTION_TRACEABILITY.md](../dbis-rail/DBIS_RAIL_JURISDICTION_TRACEABILITY.md), [DBIS_RAIL_CONTROL_MAPPING_V1.md](../dbis-rail/DBIS_RAIL_CONTROL_MAPPING_V1.md) |
| Stablecoin / conversion policy | [DBIS_RAIL_STABLECOIN_POLICY_V1_5.md](../dbis-rail/DBIS_RAIL_STABLECOIN_POLICY_V1_5.md), [DBIS_RAIL_CONVERSION_ROUTER_SPEC_V1_5.md](../dbis-rail/DBIS_RAIL_CONVERSION_ROUTER_SPEC_V1_5.md) |
### 7.2 Jurisdiction expansion (gap)
Slice-1 charter expects **Indonesia** pilot matrix + stubs; **EU/UK/US** banking matrices must be extended beyond stubs for anchor claims—implementation task for compliance + counsel ([INSTITUTION_ONBOARDING_CHARTER.md](../04-configuration/compliance-matrices/INSTITUTION_ONBOARDING_CHARTER.md) exit criteria).
### 7.3 External regime pointers (non-canonical; counsel verifies)
- **EU:** MiCA (ART/EMT), PSD2/e-money frameworks for payment vs issuance—map obligations into compliance matrices.
- **UK:** FCA/BoE stablecoin and payments agenda—monitor regulator publications (e.g. sandbox cohorts for issuance experiments).
- **US:** Money transmission, BSA/AML, sponsor-bank models, federal/state stablecoin developments—matrix rows per activity.
### 7.4 Counsel sign-off points
- First marketing claim implying **national RTGS participation**, **CBDC**, or **government guarantee**.
- Any **Travel Rule** / **data residency** cross-border flow.
- Token taxonomy for **retail** vs **wholesale** and **security-like** instruments (`RESTRICTED_SECURITY` in ontology).
---
## 8. Liquidity, PMM, Bridges, and Market Integrity
- **Chain 138 PMM / routing:** [PMM_DEX_ROUTING_STATUS.md](../11-references/PMM_DEX_ROUTING_STATUS.md), [DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md](../11-references/DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md).
- **Route confidence / policy-aware quoting:** Not yet first-class in public quote APIs—see baseline status in [DBIS_ECOSYSTEM_TECHNICAL_MASTER_PLAN.md](DBIS_ECOSYSTEM_TECHNICAL_MASTER_PLAN.md) (DODO PMM / routing workstream). Do not imply regulator-grade route selection from wallet or aggregator UX alone.
- **Cross-chain PMM graph:** `cross-chain-pmm-lps/config/deployment-status.json` (home chain 138).
- **ALL Mainnet:** [allmainnet-non-dodo-protocol-surface.json](../../config/allmainnet-non-dodo-protocol-surface.json)—**bridge live** does not imply **swap inventory published** (`sameChainSwapInventoryPublished` remains **`false`** until promoted); submodule doc [smom-dbis-138/docs/deployment/ALL_MAINNET_CONFIGURATION.md](../../smom-dbis-138/docs/deployment/ALL_MAINNET_CONFIGURATION.md) must stay aligned with this file.
- **Pool lifecycle:** [all-mainnet-pool-creation-matrix.json](../../config/all-mainnet-pool-creation-matrix.json)—operational gates vs regulated settlement.
**Rule:** PMM LP inventory is **treasury/market** risk unless explicitly structured as **customer-segregated** with legal and operational proof.
---
## 9. Artifact Mapping (Master Plan Section → Canonical Repo Files)
| Master plan topic | Primary artifacts |
|-------------------|-------------------|
| Fiat finality vs chain | [DBIS_RAIL_TECHNICAL_SPEC_V1.md](../dbis-rail/DBIS_RAIL_TECHNICAL_SPEC_V1.md), [DBIS_RAIL_RULEBOOK_V1.md](../dbis-rail/DBIS_RAIL_RULEBOOK_V1.md), [DBIS_RAIL_REGULATOR_BRIEF_V1.md](../dbis-rail/DBIS_RAIL_REGULATOR_BRIEF_V1.md) |
| RTGS / OMNL / sidecars | [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](../03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md), [DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md](../03-deployment/DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md), [DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md](../03-deployment/DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md) |
| Institution onboarding | [INSTITUTION_ONBOARDING_CHARTER.md](../04-configuration/compliance-matrices/INSTITUTION_ONBOARDING_CHARTER.md), [INSTITUTION_ONBOARDING_PLAYBOOK.md](../04-configuration/compliance-matrices/INSTITUTION_ONBOARDING_PLAYBOOK.md) |
| URA / ontology | [UNIVERSAL_RESOURCE_ONTOLOGY.md](../04-configuration/universal-resource-activation/UNIVERSAL_RESOURCE_ONTOLOGY.md), [UNIVERSAL_RESOURCE_SERVER_FUNDS_LANE.md](../04-configuration/universal-resource-activation/UNIVERSAL_RESOURCE_SERVER_FUNDS_LANE.md), [manifest.json](../../config/universal-resource-activation/manifest.json) |
| Chain 138 wallets / APIs | [TATUM_SDK.md](../../smom-dbis-138/docs/api/TATUM_SDK.md), [CHAIN138_WALLET_ECOSYSTEM_AND_RATIONALE.md](../04-configuration/CHAIN138_WALLET_ECOSYSTEM_AND_RATIONALE.md), [THIRDWEB_ENGINE_CHAIN_OVERRIDES.md](../04-configuration/THIRDWEB_ENGINE_CHAIN_OVERRIDES.md) |
| Token / explorer truth | [EXPLORER_TOKEN_LIST_CROSSCHECK.md](../11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md), [ADDRESS_MATRIX_AND_STATUS.md](../11-references/ADDRESS_MATRIX_AND_STATUS.md) |
| E-money / ISO execution hooks (contracts + runbook) | [MULTI_CHAIN_EXECUTION_ISO20022_EMONEY.md](../runbooks/MULTI_CHAIN_EXECUTION_ISO20022_EMONEY.md) |
| GRU M1 instruments, listings, disclosure framing | [GRU_M1_MASTER_IMPLEMENTATION_PLAN.md](../gru-m1/GRU_M1_MASTER_IMPLEMENTATION_PLAN.md), [GRU_M1_LISTING_VALIDATION.md](../compliance/GRU_M1_LISTING_VALIDATION.md) |
| Identity stack vs RTGS / Travel Rule scale | [DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md](../03-deployment/DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md), [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](../03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md) (Aries / AnonCreds rows) |
| Explorer UI legal templates (non-canonical vs Rail) | [LEGAL_COMPLIANCE_REQUIREMENTS.md](../../explorer-monorepo/docs/LEGAL_COMPLIANCE_REQUIREMENTS.md) — harmonize marketing/legal copy with [DBIS_RAIL_RULEBOOK_V1.md](../dbis-rail/DBIS_RAIL_RULEBOOK_V1.md) / counsel; not a substitute for Rail regulator brief |
| Public sector / credentials | [PUBLIC_SECTOR_LIVE_DEPLOYMENT_CHECKLIST.md](../03-deployment/PUBLIC_SECTOR_LIVE_DEPLOYMENT_CHECKLIST.md), [COMPLETE_CREDENTIAL_EIDAS_PROGRAM_REPOS.md](../11-references/COMPLETE_CREDENTIAL_EIDAS_PROGRAM_REPOS.md) |
| ALL Mainnet CI (surface JSON + chains flags) | [check-allmainnet-protocol-surface.sh](../../scripts/verify/check-allmainnet-protocol-surface.sh), [check-allmainnet-chains-flags.sh](../../scripts/verify/check-allmainnet-chains-flags.sh), [validate-config-files.sh](../../scripts/validation/validate-config-files.sh) |
| Umbrella ecosystem | [DBIS_ECOSYSTEM_TECHNICAL_MASTER_PLAN.md](DBIS_ECOSYSTEM_TECHNICAL_MASTER_PLAN.md), [MASTER_INDEX.md](../MASTER_INDEX.md) |
---
## 10. Gap Register (by Owner Type)
| Gap | Owner | Notes |
|-----|--------|------|
| EU/UK/US compliance matrices beyond stubs | Counsel + Compliance | Charter slice-1 exit criteria |
| HYBX treasury / participant model frozen | Banking architecture + Ops | RTGS matrix: HYBX participant/treasury **Planned** |
| Virtual account ↔ OMNL chart of accounts | Implementation | Deterministic `accountingRef` |
| Tatum VA on public chains vs Chain 138 split | Architecture | RPC-only on 138 per TATUM_SDK |
| Identity stack (Aries/AnonCreds) for Travel Rule scale | Identity lead | RTGS matrix **Planned** |
| Correspondent / BNI live contracts | Operator + external bank | Matrix rows Partial/Planned |
| ALL Mainnet swap inventory | Ops + validation | `sameChainSwapInventoryPublished: false` until promoted; CI: [`scripts/verify/check-allmainnet-protocol-surface.sh`](../../scripts/verify/check-allmainnet-protocol-surface.sh) + [`check-allmainnet-chains-flags.sh`](../../scripts/verify/check-allmainnet-chains-flags.sh) via [`validate-config-files.sh`](../../scripts/validation/validate-config-files.sh) |
---
## 11. Phased Roadmap Gates
### Slice 1 — Government treasury & licensed participant (foundation)
**Goal:** End-to-end **regulated** path: ISO evidence → accounting → MintAuth → Chain 138 settlement record → audit package.
**Gates:**
- [ ] OMNL tenant/auth **frozen** for canonical rail ([DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](../03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md) priorities).
- [ ] At least one **Complete** jurisdiction matrix + institution onboarding **Complete** per charter.
- [ ] DBIS Rail MintAuth path exercised with evidence vault reproducibility.
- [ ] No external claim of “RTGS production parity” until checklist rows are **Complete**.
### Slice 2 — EMI / virtual account / digital wallet
**Goal:** Customer **VA ledger** + safeguarding reconciliation + wallet UX; optional Tatum VA for **supported** public chains; Chain 138 via **gateway + self-hosted** signing.
**Gates:**
- [ ] Customer ledger ↔ omnibus reconciliation **daily** with exception queue.
- [ ] Policy profiles for retail vs institutional wallets (`policyProfileId` on URA rows).
- [ ] Withdrawal path: ledger debit → treasury wallet → chain tx with limits and sanctions.
### Slice 3 — Cross-border correspondent & FX
**Goal:** Nostro/vostro, correspondent messaging, FX booking per [DBIS_RTGS_FX_AND_LIQUIDITY_OPERATING_MODEL.md](../03-deployment/DBIS_RTGS_FX_AND_LIQUIDITY_OPERATING_MODEL.md).
**Gates:**
- [ ] FX pricing/dealing engine contract **frozen** (matrix: currently **Planned**).
- [ ] SWIFT/ISO endpoint contracts documented for at least one corridor.
### Slice 4 — Tokenized reserves & policy-aware liquidity
**Goal:** GRU/reserve attestations + **explicit** use of PMM/bridge for **treasury** execution—not commingled with customer e-money.
**Gates:**
- [ ] ReserveOracle / attestation cadence aligned with [DBIS_RAIL_STABLECOIN_POLICY_V1_5.md](../dbis-rail/DBIS_RAIL_STABLECOIN_POLICY_V1_5.md).
- [ ] PMM inventory labeled **non-customer** in ops runbooks.
- [ ] ALL Mainnet: promote protocols in [allmainnet-non-dodo-protocol-surface.json](../../config/allmainnet-non-dodo-protocol-surface.json) only after committed addresses + verification.
---
## 12. Related Documents
- [DBIS_ECOSYSTEM_TECHNICAL_MASTER_PLAN.md](DBIS_ECOSYSTEM_TECHNICAL_MASTER_PLAN.md)
- [DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md](../03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md)
- [DBIS_RAIL_TECHNICAL_SPEC_V1.md](../dbis-rail/DBIS_RAIL_TECHNICAL_SPEC_V1.md)
- [INSTITUTION_ONBOARDING_CHARTER.md](../04-configuration/compliance-matrices/INSTITUTION_ONBOARDING_CHARTER.md)
- [UNIVERSAL_RESOURCE_ONTOLOGY.md](../04-configuration/universal-resource-activation/UNIVERSAL_RESOURCE_ONTOLOGY.md)
- [MULTI_CHAIN_EXECUTION_ISO20022_EMONEY.md](../runbooks/MULTI_CHAIN_EXECUTION_ISO20022_EMONEY.md)
- [GRU_M1_MASTER_IMPLEMENTATION_PLAN.md](../gru-m1/GRU_M1_MASTER_IMPLEMENTATION_PLAN.md)
- [DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md](../03-deployment/DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md)
- [ALL_MAINNET_CONFIGURATION.md](../../smom-dbis-138/docs/deployment/ALL_MAINNET_CONFIGURATION.md) — must stay aligned with [allmainnet-non-dodo-protocol-surface.json](../../config/allmainnet-non-dodo-protocol-surface.json)
---
## Document history
| Date | Change |
|------|--------|
| 2026-04-28 | Initial publication: regulated treasury wallet master plan integrating EMI, wallets, VA patterns, Rail, RTGS, URA, liquidity boundaries. |
| 2026-04-28 | ALL Mainnet doc drift note + artifact links: ISO20022 e-money runbook, GRU M1, identity decision, explorer legal caveat, ecosystem route-confidence baseline; Related Documents expanded. |
| 2026-04-28 | ALL Mainnet verification scripts committed (`check-allmainnet-protocol-surface.sh`, `check-allmainnet-chains-flags.sh`); integrated into `validate-config-files.sh`; `run-all-validation.sh` duplicate 1c/1d block removed; `ALL_MAINNET_VERIFICATION_COMPLETE.md` addendum for swap inventory vs bridge verification. |

1
docs/03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md
View File

@@ -65,7 +65,6 @@
## Related artifacts
- [DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md](DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md) — workstreams and exit criteria aligned to this matrix (multi-jurisdiction master plan execution).
- [dbis_chain_138_technical_master_plan.md](../../dbis_chain_138_technical_master_plan.md)
- [docs/00-meta/TODO_TASK_LIST_MASTER.md](../00-meta/TODO_TASK_LIST_MASTER.md)
- [docs/03-deployment/DBIS_PHASES_1_TO_3_PRODUCTION_GATE.md](DBIS_PHASES_1_TO_3_PRODUCTION_GATE.md)

90
docs/03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md
View File

@@ -1,90 +0,0 @@
# DBIS RTGS — master plan implementation tracker
**Last updated:** 2026-04-25
**Purpose:** Executable tracker mapping the **multi-jurisdiction institutional onboarding master plan** to [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md) rows and slice-1 scope ([SLICE1_SCOPE_FREEZE.md](../04-configuration/jurisdictions/SLICE1_SCOPE_FREEZE.md)). **Status here is documentation of intent;** the canonical component status remains the E2E matrix until rows are updated there.
## How to use
1. Pick a **workstream** below.
2. Execute engineering / ops tasks until **exit criteria** match the matrix rows **Production gate** column.
3. Update **DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md** `Current state` to `Complete` (or `Retired` with rationale).
4. Link evidence to URA packages per [ID-INDONESIA/banking_v1.md](../04-configuration/compliance-matrices/ID-INDONESIA/banking_v1.md) where applicable.
---
## Workstream W1 — Canonical OMNL / Fineract rail
| Matrix rows (indicative) | OMNL / Fineract API rail; Mifos X frontend / tenant |
|--------------------------|-----------------------------------------------------|
| **Exit criteria** | Tenant and operator rail **frozen**; reproducible posting, office/GL mapping, reconciliation package path. |
| **Owner** | OMNL / banking ops |
| **URA link** | `SERVER_FUNDS` resources get real `accountingRef`; [URA_PILOT_CLOSURE_RUNBOOK.md](../04-configuration/universal-resource-activation/URA_PILOT_CLOSURE_RUNBOOK.md) pilot 2. |
## Workstream W2 — `server-funds-sidecar`
| Matrix rows | `server-funds-sidecar` (VMID 5803) |
|-------------|-------------------------------------|
| **Exit criteria** | Treasury SoR boundaries frozen; **draw / hold / release** validated with auth; Phoenix `SERVER_FUNDS_SIDECAR_URL` set in prod. |
| **Owner** | HYBX integration lead |
| **URA link** | Pilot 2; [UNIVERSAL_RESOURCE_WIRING.md](../04-configuration/universal-resource-activation/UNIVERSAL_RESOURCE_WIRING.md) probe returns 200. |
## Workstream W3 — `off-ledger-2-on-ledger-sidecar`
| Matrix rows | Off-ledger → Chain 138 settlement |
|-------------|-----------------------------------|
| **Exit criteria** | Canonical event → settlement **end-to-end** with durable evidence; finality handling closed. |
| **Owner** | HYBX + Chain 138 settlement lead |
| **URA link** | `settlementOrChainRef` in evidence packages. |
## Workstream W4 — ISO 20022 + institutional 4.995 package
| Matrix rows | ISO evidence and vault path; Institutional 4.995 package path |
|-------------|---------------------------------------------------------------|
| **Exit criteria** | `--strict` or institution-agreed readiness; reproducible archive/hash path. |
| **Owner** | Regulatory / compliance + eng |
| **Compliance link** | [INDONESIA_PACKAGE_4_995_EVIDENCE_STANDARD.md](../04-configuration/mifos-omnl-central-bank/INDONESIA_PACKAGE_4_995_EVIDENCE_STANDARD.md) |
## Workstream W5 — Indonesia BNI domestic path
| Matrix rows | Indonesia / BNI domestic banking path |
|-------------|----------------------------------------|
| **Exit criteria** | Live endpoint/auth/message contract **or** explicit deferral documented in matrix + jurisdiction matrix. |
| **Owner** | Indonesia banking integration lead |
| **Compliance link** | [DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md](DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md) |
## Workstream W6 — Global correspondent path
| Matrix rows | Global correspondent / liquidity bank path |
|-------------|---------------------------------------------|
| **Exit criteria** | Same as matrix production gate; cross-border flow validated **or** out of slice 1. |
| **Owner** | Cross-border banking integration lead |
## Workstream W7 — Identity stack (Fabric / Indy / Aries)
| Matrix rows | Fabric, Indy, Aries, AnonCreds, etc. |
|-------------|--------------------------------------|
| **Exit criteria** | **Scope decision** in/out slice 1; if out, matrix shows Planned/Retired without production claims. |
| **Owner** | Identity architecture lead |
## Workstream W8 — Depository / custody / securities
| Matrix rows | Depository, global custodian, securities-sidecar, custody flow |
|-------------|----------------------------------------------------------------|
| **Exit criteria** | Canonical lifecycle documented + one path validated **or** deferred with rationale. |
| **Owner** | Custody / securities architecture leads |
| **URA link** | Pilot 1 SKR; policy profile `institutional_custody_skr_v1`. |
## Workstream W9 — RTGS production gate
| Matrix rows | RTGS production gate row |
|-------------|--------------------------|
| **Exit criteria** | All **mandatory** rows for **chosen architecture** = `Complete`. |
| **Owner** | DBIS program owner |
---
## Related
- [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md)
- [DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md](DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md)
- [INSTITUTION_ONBOARDING_CHARTER.md](../04-configuration/compliance-matrices/INSTITUTION_ONBOARDING_CHARTER.md)

14
docs/03-deployment/PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md
View File

@@ -1,6 +1,6 @@
# Proxmox VE — Operational deployment template
**Last Updated:** 2026-04-25
**Last Updated:** 2026-03-25
**Status:** Active — ties hypervisors, LAN/WAN, cluster peering, Chain 138 Besu tiers, NPMplus ingress, FQDNs, and deployment gates into one place.
**Machine-readable:** [`config/proxmox-operational-template.json`](../../config/proxmox-operational-template.json) (sync when you change VMIDs/IPs/FQDNs).
@@ -21,8 +21,6 @@
| ml110 | 192.168.11.10 | https://192.168.11.10:8006 | h (legacy) | Planned WAN aggregator (OPNsense/pfSense); **migrate CT/VM off before repurpose** |
| r630-01 | 192.168.11.11 | https://192.168.11.11:8006 | h | Primary: Chain 138 RPC/CCIP-adjacent workloads, Sankofa Phoenix stack, much of DBIS |
| r630-02 | 192.168.11.12 | https://192.168.11.12:8006 | h | Firefly, MIM4U, Mifos LXC, extra NPMplus instances, supporting infra |
| r630-03 | 192.168.11.13 | https://192.168.11.13:8006 | h | Additional Chain 138 sentry and RPC capacity; private, thirdweb, and named RPC placements |
| r630-04 | 192.168.11.14 | https://192.168.11.14:8006 | h | Additional Chain 138 sentry capacity |
**LAN:** 192.168.11.0/24, gateway **192.168.11.1** (UDM Pro), VLAN 11. Extended node IP plan (r630-03 …): `config/ip-addresses.conf` comments.
@@ -46,12 +44,12 @@ Cluster and UDM: [`docs/04-configuration/UDM_PRO_PROXMOX_CLUSTER.md`](../04-conf
| Layer | VMID range (typical) | IPv4 pattern | P2P |
|--------|----------------------|--------------|-----|
| Validators | 10001004 | 192.168.11.100104 | 30303 — **to sentries**, not raw public |
| Sentries | 15001510 | .150.154, .213.214, .219.220, .244.245 | Boundary / fan-out |
| Core/admin RPC | 21012103 | .211, .212, .217 | Deploy, admin, and thirdweb admin core |
| Sentries | 15001506 | .150.154, .213.214 | Boundary / fan-out |
| Core RPC (deploy) | 2101 | **192.168.11.211** | 8545/8546 + 30303 |
| Core RPC (Nathan core-2) | 2102 | **192.168.11.212** | NPMplus **10235** / tunnel |
| Public RPC | 2201 | **192.168.11.221** | Frontends / bridge / read-mostly |
| Named/private RPC | 2301, 23032308 | .232.238 | Fireblocks and partner-dedicated |
| Named RPC | 23032308 | .233.238 | Partner-dedicated |
| ThirdWeb stack | 24002403 | .240.243 | Includes translator/nginx on 2400 |
| ALLTRA/HYBX internal RPC | 25002505 | .172.174, .246.248 | Internal settlement / routing tier |
Canonical roles and adjacency rules: [`docs/02-architecture/CHAIN138_CANONICAL_NETWORK_ROLES_VALIDATORS_SENTRY_AND_RPC.md`](../02-architecture/CHAIN138_CANONICAL_NETWORK_ROLES_VALIDATORS_SENTRY_AND_RPC.md).
@@ -131,7 +129,7 @@ Use the full table in **ALL_VMIDS_ENDPOINTS** (“NPMplus Endpoint Configuration
1. Change **ALL_VMIDS_ENDPOINTS** and/or **ip-addresses.conf** first (operator truth).
2. Update **`config/proxmox-operational-template.json`** so automation (future CMDB, checks) stays aligned.
3. Run **`./scripts/validation/validate-config-files.sh`** (includes JSON shape check for the template).
4. **Live diff (read-only, SSH):** from repo root on a host with SSH to Proxmox nodes: **`bash scripts/verify/audit-proxmox-operational-template.sh`**. The preferred path is cluster-wide inventory via `pvesh get /cluster/resources`; only use per-host `pct`/`qm` fallback when cluster inventory is unavailable.
4. **Live diff (read-only, SSH):** from repo root on a host with SSH to Proxmox nodes: **`bash scripts/verify/audit-proxmox-operational-template.sh`**. Compares template VMIDs to `pct`/`qm` lists on ML110 + R630s (override **`PROXMOX_HOSTS`** if needed).
---

64
docs/03-deployment/URA_MANIFEST_WRITER_OPS.md
View File

@@ -1,64 +0,0 @@
# URA manifest writer — operations
**Last updated:** 2026-04-25
**Purpose:** Runbook for **ledger- and chain-driven** manifest updates: secrets, ETL, publish path, reconciliation, optional features, legal record, DR.
## 1. Components
| Piece | Role |
|-------|------|
| OMNL / Fineract | System of record for `accountingRef` (journal / batch ids). |
| Server-funds sidecar | Operational draws/holds; must correlate to ledger lines. |
| [`build-ledger-fragment.mjs`](../../scripts/ura/manifest-writer/build-ledger-fragment.mjs) | Maps export JSON → manifest fragment. |
| [`merge-manifest-fragments.mjs`](../../scripts/ura/merge-manifest-fragments.mjs) | Merges fragments; validates. |
| Phoenix | Serves canonical [`manifest.json`](../../config/universal-resource-activation/manifest.json) read-only. |
## 2. Fineract / OMNL field inventory
**Operator task:** Document the **exact** REST or batch export fields your deployment uses (tenant, office, product). Map them in [`omnl-ledger-mapping.v1.example.json`](../../config/universal-resource-activation/integration/omnl-ledger-mapping.v1.example.json) (copy to `omnl-ledger-mapping.v1.json`).
Minimum: one stable string for `accountingRef` (journal id or composite `officeId:transactionId`).
## 3. Secrets and IAM
- Store Fineract credentials in vault / `.env` on the writer host (never in git).
- Use read-only Fineract user where possible.
- Rotate keys on the same cadence as OMNL operator policy.
## 4. Publish path (choose one)
| Mode | Pattern |
|------|---------|
| **Git PR** | Writer opens PR updating `manifest.json` or a fragment; CI runs `pnpm ura:validate`. |
| **Secured sync** | Writer writes to `PHOENIX_REPO_ROOT` on deploy host; reload Phoenix. |
| **Authenticated API** | Future: POST internal-only (not the public GET routes). |
## 5. Reconciliation
- Nightly (or per batch): compare latest Fineract journal id set to manifest `accountingRef`.
- On mismatch: page on-call; do **not** auto-overwrite without human ack for production.
## 6. Optional features
- **Real-time:** Webhook from Fineract vs **batch** cron — feature-flag in writer.
- **Multi-pool:** Multiple rows in `resourceUpdates` / evidence mapping file.
- **DLQ:** Failed merges land in a queue path for replay.
- **Audit log:** Append-only log of fragment bytes + git SHA + operator id.
## 7. Legal sign-off record
When automation goes live, archive:
- Compliance memo id or ticket referencing matrix rows satisfied by automated fields.
- Version of [`policy-profiles.json`](../../config/universal-resource-activation/policy-profiles.json) and [`ID-INDONESIA/banking_v1.md`](../04-configuration/compliance-matrices/ID-INDONESIA/banking_v1.md) (or relevant matrix).
## 8. DR and rollback
- **Backup:** Git history of `manifest.json` + weekly object-store copy if using direct sync.
- **Rollback:** Revert commit or restore file; re-run `pnpm ura:validate && pnpm ura:validate-profiles`.
- **Incident:** Disable writer cron/systemd; serve last known-good manifest from Phoenix override path.
## Related
- [TS-OMNL-SIDECAR-MANIFEST-SYNC-V1.md](../04-configuration/universal-resource-activation/technical-specs/TS-OMNL-SIDECAR-MANIFEST-SYNC-V1.md) — normative ledger/sidecar → manifest requirements
- [`URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md`](../04-configuration/universal-resource-activation/URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md)

23
docs/04-configuration/ALL_VMIDS_ENDPOINTS.md
View File

@@ -1,17 +1,17 @@
# Complete VMID and Endpoints Reference
**Last Updated:** 2026-04-25
**Document Version:** 1.3
**Status:** Active Documentation — **Master (source of truth)** for VMID, IP, port, and domain mapping. Use this with the live Besu fleet map in [../06-besu/BESU_NODE_CONFIGURATION_MAP_20260424.md](../06-besu/BESU_NODE_CONFIGURATION_MAP_20260424.md) and the cluster audit in [`../../scripts/verify/check-cluster-besu-inventory.sh`](../../scripts/verify/check-cluster-besu-inventory.sh).
**Last Updated:** 2026-03-26
**Document Version:** 1.2
**Status:** Active Documentation — **Master (source of truth)** for VMID, IP, port, and domain mapping. See [MASTER_DOCUMENTATION_INDEX.md](../00-meta/MASTER_DOCUMENTATION_INDEX.md).
**Operational template (hosts, peering, deployment gates, JSON):** [../03-deployment/PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md](../03-deployment/PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md) · [`config/proxmox-operational-template.json`](../../config/proxmox-operational-template.json)
---
**Date**: 2026-04-25
**Status**: Current Active Configuration (Reconciled)
**Last Updated**: 2026-04-25
**Verification Status**: ✅ Complete - Canonical Besu fleet reconciled across all 5 Proxmox nodes via direct host audit plus cluster-wide inventory
**Date**: 2026-01-20
**Status**: Current Active Configuration (Verified)
**Last Updated**: 2026-01-20
**Verification Status**: ✅ Complete - All VMIDs verified across 3 hosts
---
@@ -21,16 +21,9 @@
- **Running**: 45+
- **Stopped**: 5
- **Infrastructure Services**: 10
- **Blockchain Nodes**: 37 canonical Besu nodes (Validators: 5, Sentries: 11, RPC: 21)
- **Blockchain Nodes**: 22 (Validators: 5, Sentries: 4, RPC: 13)
- **Application Services**: 22
## Canonical-use guardrails
- Use this document for the **current** VMID/IP/FQDN inventory.
- Use [../06-besu/BESU_NODE_CONFIGURATION_MAP_20260424.md](../06-besu/BESU_NODE_CONFIGURATION_MAP_20260424.md) for Besu role, class, and config-policy detail.
- Use [`../../scripts/verify/check-cluster-besu-inventory.sh`](../../scripts/verify/check-cluster-besu-inventory.sh) for live cluster truth.
- Historical migration and destroyed-node sections in this file are retained for audit context only. They must **not** be used as the source of truth for new automation, provisioning, or runbooks.
---
## Infrastructure Services

34
docs/04-configuration/DEVIN_GITEA_PROXMOX_CICD.md
View File

@@ -145,40 +145,6 @@ For webhook signing, the bootstrap/helper path also expects:
Do not enable both repo Actions deploys and webhook deploys for the same repo unless you intentionally want duplicate deploy attempts.
### 3a. Bootstrap workflow secrets (one-time per CT)
The reinstall workflow `.gitea/workflows/bootstrap-phoenix-deploy-api.yml`
ships the latest `phoenix-deploy-api/` from `master` to CT 5700 via
scp + `pct push` and re-runs `install-systemd.sh`. This is the path you
take when the running service on the CT is older than the code on
`master` (e.g. it still returns the "Deploy request queued (stub)"
message). Trigger via the Gitea Actions UI → "Bootstrap Phoenix Deploy
API" → Run workflow.
Required secrets (in addition to the deploy secrets above):
- `PHOENIX_PVE_HOST` — PVE node IP that hosts CT 5700 (e.g.
`192.168.11.12` for `r630-02`).
- `PHOENIX_PVE_USER` — SSH user on the PVE node (default `root`).
- `PHOENIX_PVE_SSH_KEY` — Private SSH key (OpenSSH format) authorised
on the PVE node. Use a dedicated deploy key, not your personal key.
- `PHOENIX_PVE_KNOWN_HOSTS` — Pre-populated `known_hosts` line for the
PVE host (skip strict-host-key prompt). Optional; if absent the
workflow uses `accept-new` on first connect.
- `PHOENIX_DEV_VM_VMID` — Container VMID (default `5700`).
- `PHOENIX_DEPLOY_DEV_VM_IP` — IP of the dev VM for the post-install
health check (default `192.168.11.59`).
After a successful run the workflow performs a non-stub probe: it POSTs
`{ "target": "__bootstrap_probe__" }` with the deploy bearer token and
fails the workflow if the response body still contains
`Deploy request queued (stub)` or any auth-rejection signal. That gives
you an unambiguous "the running service on CT 5700 is now post-stub"
signal in CI logs.
The workflow only triggers on `workflow_dispatch` (never on push) so
deploy-service reinstalls remain a deliberate manual step.
## Adding more repos or VM targets
Extend [deploy-targets.json](/home/intlc/projects/proxmox/phoenix-deploy-api/deploy-targets.json) with another entry.

47
docs/04-configuration/GITEA_REPO_VM_CD_CI_MATRIX.md
View File

@@ -1,47 +0,0 @@
# Gitea repo → VM hosting → CI/CD matrix
Each **application repo** should carry **its own** `.gitea/workflows/*.yml` so pushes trigger the right pipeline for **that** codebase. Deploy execution typically happens on the **designated LAN VM** (via **Phoenix deploy API** on the dev workspace host), not on the public Gitea runner alone.
**Canonical integration:** [Phoenix deploy API](../../phoenix-deploy-api/server.js) + [`deploy-targets.json`](../../phoenix-deploy-api/deploy-targets.json).
**Operator checklist:** [docs/00-meta/GITEA_CD_OPERATOR_CHECKLIST.md](../00-meta/GITEA_CD_OPERATOR_CHECKLIST.md)
**Parity report (local clone):** `bash scripts/verify/report-gitea-cd-parity.sh`
## Pattern A — Repo workflow triggers Phoenix (recommended)
1. Repo workflow `on: push` runs on Gitea Actions (checkout only + `curl` POST).
2. Body includes `repo` (Gitea `owner/name`), `branch`, `sha`, `target` (matches `deploy-targets.json`).
3. Phoenix syncs the repo archive from Gitea, sets `PHOENIX_DEPLOY_WORKSPACE`, runs the target `command` with LAN access (SSH `pct`, rsync, etc.).
**Secrets (per repo in Gitea):** `PHOENIX_DEPLOY_URL`, `PHOENIX_DEPLOY_TOKEN` (same pattern as `d-bis/proxmox` workflows).
## Pattern B — Monorepo-only (`d-bis/proxmox`)
Multiple deploy jobs in one workflow ([`.gitea/workflows/deploy-to-phoenix.yml`](../../.gitea/workflows/deploy-to-phoenix.yml)); targets selected by JSON body `target`. Still one workflow file in **this** repo (not copied to every submodule).
## Matrix (maintain when repos or VMs change)
| Gitea repo | Branch(es) | Hosting / VM | `deploy-targets` `target` | Workflow |
|------------|------------|--------------|-----------------------------|----------|
| `d-bis/proxmox` | `main`, `master` | Phoenix deploy host + varies by job | `default`, `atomic-swap-dapp-live`, `portal-live`, `cloudflare-sync`, … | `.gitea/workflows/deploy-to-phoenix.yml`, `validate-on-pr.yml` |
| `Gov_Web_Portals/CyberSecur-Global` | `main` | CT **7810** | `default` | In **CyberSecur-Global** repo: `.gitea/workflows/deploy-to-ct7810.yml` |
| `Gov_Web_Portals/DBIS` | `main` | CT **7804** | `dbis-portal-live` | Copy [`repos/dbis-portal-live.yml`](../../config/gitea-workflow-templates/repos/dbis-portal-live.yml) → DBIS repo |
| `d-bis/explorer-monorepo` | `main`, `master` | VMID **5000** | `explorer-live` | Submodule: `.gitea/workflows/deploy-live.yml` |
| `d-bis/CROMERO` | `main`, `master` | NPM ecosystem path | `default` | Copy [`repos/cromero-default.yml`](../../config/gitea-workflow-templates/repos/cromero-default.yml) → CROMERO repo |
| `d-bis/CurrenciCombo` | `main`, `master` | Phoenix CT **8604** | `default` | Copy [`repos/currencicombo-default.yml`](../../config/gitea-workflow-templates/repos/currencicombo-default.yml) → CurrenciCombo repo |
| `d-bis/cross-chain-pmm-lps` | `main` | _(simulation/docs — no VM)_ | — | `.gitea/workflows/validate-capital-efficiency.yml` |
## Adding a new repo
1. Add rows to [`deploy-targets.json`](../../phoenix-deploy-api/deploy-targets.json) with `repo`, `branch`, `target`, `command`, `healthcheck`.
2. Implement or reuse a `scripts/deployment/phoenix-deploy-*-from-workspace.sh` wrapper if the deploy needs `PHOENIX_DEPLOY_WORKSPACE`.
3. Copy a template from [`config/gitea-workflow-templates/`](../../config/gitea-workflow-templates/README.md) into **that repo** as `.gitea/workflows/<name>.yml`.
4. In Gitea → Repo → **Secrets**: `PHOENIX_DEPLOY_URL`, `PHOENIX_DEPLOY_TOKEN`.
5. Document the VM / URL here.
## References
- [GITEA_ORG_STRUCTURE.md](./GITEA_ORG_STRUCTURE.md)
- [DEV_VM_GITOPS_PLAN.md](./DEV_VM_GITOPS_PLAN.md)
- [README-gitea-proxmox-sync.md](../../scripts/git/README-gitea-proxmox-sync.md)

12
docs/04-configuration/README.md
View File

@@ -93,17 +93,9 @@ This directory contains setup and configuration guides.
- **[DBIS Rail Control Mapping v1](../dbis-rail/DBIS_RAIL_CONTROL_MAPPING_V1.md)** ⭐⭐ - Control IDs mapped to checklist, Spec, Rulebook, and Threat Model for audit and SOC 2 / ISO 27001 alignment.
- **[DBIS Rail and Project Completion Master v1](../dbis-rail/DBIS_RAIL_AND_PROJECT_COMPLETION_MASTER_V1.md)** ⭐⭐ - Project and deployment status; full task list (required and optional) for DBIS Rail and project completion.
**Multi-jurisdiction institutional onboarding (master plan artifacts):**
- **[compliance-matrices/README.md](compliance-matrices/README.md)** — Per-jurisdiction matrices, template, Indonesia + generic stub.
- **[compliance-matrices/INSTITUTION_ONBOARDING_CHARTER.md](compliance-matrices/INSTITUTION_ONBOARDING_CHARTER.md)** — RACI and definition of Complete.
- **[compliance-matrices/INSTITUTION_ONBOARDING_PLAYBOOK.md](compliance-matrices/INSTITUTION_ONBOARDING_PLAYBOOK.md)** — Repeatable onboarding steps.
- **[jurisdictions/JURISDICTION_CATALOG.md](jurisdictions/JURISDICTION_CATALOG.md)**, **[jurisdictions/SLICE1_SCOPE_FREEZE.md](jurisdictions/SLICE1_SCOPE_FREEZE.md)** — Catalog + slice-1 scope; machine: [`config/jurisdictions/catalog.v1.json`](../../config/jurisdictions/catalog.v1.json).
- **[../dbis-rail/DBIS_RAIL_JURISDICTION_TRACEABILITY.md](../dbis-rail/DBIS_RAIL_JURISDICTION_TRACEABILITY.md)** — Rail controls ↔ jurisdiction matrices ↔ profiles.
**Universal resource activation (SKR, server funds, infra capacity):**
- **[universal-resource-activation/README.md](universal-resource-activation/README.md)** ⭐⭐ — Ontology, policy profiles, lanes, pilots, [`manifest.json`](../../config/universal-resource-activation/manifest.json), [`policy-profiles.json`](../../config/universal-resource-activation/policy-profiles.json); `pnpm ura:validate`, `pnpm ura:validate-profiles`, `pnpm ura:keccak`, `pnpm ura:smoke` (`--http` + `PHOENIX_BASE_URL`). Phoenix: `GET /api/v1/universal-resource-activation/manifest`, `GET /api/v1/universal-resource-activation/server-funds-sidecar-probe`. [MASTER_INDEX.md](../MASTER_INDEX.md) §04-configuration.
- **[universal-resource-activation/UNIVERSAL_RESOURCE_WIRING.md](universal-resource-activation/UNIVERSAL_RESOURCE_WIRING.md)** — Operator wiring: `UNIVERSAL_RESOURCE_MANIFEST_PATH`, `SERVER_FUNDS_SIDECAR_URL`, CI, testing checklist.
- **RTGS execution tracker:** [../03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md](../03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md).
- **[universal-resource-activation/README.md](universal-resource-activation/README.md)** ⭐⭐ — Ontology, policy profiles, lanes, pilots, JSON Schemas, in-repo [`manifest.json`](../../config/universal-resource-activation/manifest.json), `node scripts/validate/validate-universal-resource-activation.mjs`, Phoenix `GET /api/v1/universal-resource-activation/manifest`.
- **[universal-resource-activation/UNIVERSAL_RESOURCE_WIRING.md](universal-resource-activation/UNIVERSAL_RESOURCE_WIRING.md)** — Operator wiring: env (`UNIVERSAL_RESOURCE_MANIFEST_PATH`), CI, API resolution order.
- **[Implementation coordination (transcript 540ae663)](../dbis-rail/IMPLEMENTATION_COORDINATION_WITH_TRANSCRIPT_540AE663.md)** ⭐⭐ - Coordinate implementations with PMM/DEX, tokens, GRU, cW*, deployments; maps Completion Master tasks to done/partial/open.
- **[DBIS Rail Ledger Attestation Add-On v1.5](../dbis-rail/DBIS_RAIL_LEDGER_ATTESTATION_ADDON_V1_5.md)** ⭐⭐ - LPA state machine, reversal matrix, signer effectiveFromBlock/revokedAtBlock mandatory.
- **[DBIS Rail Conversion Router Spec v1.5](../dbis-rail/DBIS_RAIL_CONVERSION_ROUTER_SPEC_V1_5.md)** ⭐⭐ - SwapAuth, best execution/MEV, quote provenance, venue allowlist, sanctions/AML for swaps.

25
docs/04-configuration/RPC_ENDPOINTS_MASTER.md
View File

@@ -1,14 +1,14 @@
# RPC Endpoints Master Reference
**Last Updated:** 2026-04-25
**Document Version:** 1.4
**Status:** Active Documentation — canonical RPC endpoint inventory for live operators. Pair with [ALL_VMIDS_ENDPOINTS.md](ALL_VMIDS_ENDPOINTS.md) and [../06-besu/BESU_NODE_CONFIGURATION_MAP_20260424.md](../06-besu/BESU_NODE_CONFIGURATION_MAP_20260424.md).
**Last Updated:** 2026-04-22
**Document Version:** 1.3
**Status:** Active Documentation
---
**Date**: 2026-04-25
**Date**: 2026-01-18
**Status**: ✅ Active
**Last Updated**: 2026-04-25
**Last Updated**: 2026-02-05
**Changelog:** Proxy hosts (sankofa/phoenix/mim4u/explorer) corrected; RPC 405 fix via update-npmplus-proxy-hosts-api.sh (block_exploits false for RPC). Exchange Registry path; Crypto.com OTC API path.
---
@@ -17,12 +17,7 @@
This is the **authoritative source** for all RPC endpoint configurations. All other documentation and scripts should reference this document. **Master documentation (source of truth):** [MASTER_DOCUMENTATION_INDEX.md](../00-meta/MASTER_DOCUMENTATION_INDEX.md) lists this doc and [ALL_VMIDS_ENDPOINTS.md](ALL_VMIDS_ENDPOINTS.md) as the Bible for domain → VMID:port; only `explorer.d-bis.org` should point to 192.168.11.140.
Historical migration tables remain below for audit traceability, but they are explicitly non-canonical. For current runtime truth, prefer:
- [ALL_VMIDS_ENDPOINTS.md](ALL_VMIDS_ENDPOINTS.md)
- [../06-besu/BESU_NODE_CONFIGURATION_MAP_20260424.md](../06-besu/BESU_NODE_CONFIGURATION_MAP_20260424.md)
- `bash scripts/verify/check-cluster-besu-inventory.sh --json`
**Edge & port forwarding:** UDM Pro (76.53.10.34, replaced ER605). Proxmox cluster hosts: 192.168.11.10 (ml110), 192.168.11.11 (r630-01), 192.168.11.12 (r630-02), 192.168.11.13 (r630-03), 192.168.11.14 (r630-04). NPMplus LXC (VMID 10233) has 192.168.11.166 and 192.168.11.167; **only 192.168.11.167** is used in UDM Pro. Port forward: **76.53.10.36:80****192.168.11.167:80**, **76.53.10.36:443****192.168.11.167:443**. See [NETWORK_CONFIGURATION_MASTER.md](../11-references/NETWORK_CONFIGURATION_MASTER.md).
**Edge & port forwarding:** UDM Pro (76.53.10.34, replaced ER605). Proxmox hosts: 192.168.11.10 (ml110), 192.168.11.11 (r630-01), 192.168.11.12 (r630-02). NPMplus LXC (VMID 10233) has 192.168.11.166 and 192.168.11.167; **only 192.168.11.167** is used in UDM Pro. Port forward: **76.53.10.36:80****192.168.11.167:80**, **76.53.10.36:443****192.168.11.167:443**. See [NETWORK_CONFIGURATION_MASTER.md](../11-references/NETWORK_CONFIGURATION_MASTER.md).
### Canonical RPC URLs (use when setting missing .env / scripts)
@@ -91,8 +86,12 @@ For **Ethereum mainnet and other public chains**, you can use:
- `1508` is on `r630-04` (`192.168.11.14`)
- Confirmed live as Proxmox CTs:
- `2101`, `2102`, `2103`, `2201`, `2301`, `2303`, `2304`, `2305`, `2306`, `2307`, `2308`, `2400`, `2401`, `2402`, `2403`
- `2500-2505` are the canonical ALLTRA/HYBX tier on `r630-01`.
- The legacy duplicate `2420/2430/2440/2460/2470/2480` set was first retired, then destroyed, and is historical only.
- The older `2500-2505` migration story is not the whole picture anymore: separate live ALLTRA/HYBX Besu RPC containers with those VMIDs are running on `r630-01` at `.172-.174` and `.246-.248`.
- Live duplicate legacy Besu RPC containers were also found on `r630-01`:
- `2420`, `2430`, `2440`, `2460`, `2470`, `2480`
- they use the same hostnames and IP roles as the intended `2500-2505` ALLTRA/HYBX tier
- a controlled shutdown pass then retired the `24x0` set by stopping the CTs and setting `onboot: 0`
- this doc treats `2500-2505` as canonical because they match the operational template and allowlists
| VMID | IP Address | Hostname | HTTP RPC | WebSocket RPC | Status |
|------|------------|----------|----------|---------------|--------|

9
docs/04-configuration/compliance-matrices/GENERIC-COMMON-LAW-STUB/README.md
View File

@@ -1,9 +0,0 @@
# GENERIC-COMMON-LAW-STUB — template only
**Status:** template_only — **not** for production institutions.
Use this folder to practice matrix structure before copying [_TEMPLATE/COMPLIANCE_MATRIX_TEMPLATE.md](../_TEMPLATE/COMPLIANCE_MATRIX_TEMPLATE.md) to a real jurisdiction code.
| File | Purpose |
|------|---------|
| [banking_v1.md](banking_v1.md) | Illustrative obligation rows |

36
docs/04-configuration/compliance-matrices/GENERIC-COMMON-LAW-STUB/banking_v1.md
View File

@@ -1,36 +0,0 @@
# Compliance matrix — GENERIC-COMMON-LAW-STUB — banking_v1 (ILLUSTRATIVE ONLY)
**Last updated:** 2026-04-25
**Status:** **template_only** — do **not** use for production institutions. Copy [../_TEMPLATE/COMPLIANCE_MATRIX_TEMPLATE.md](../_TEMPLATE/COMPLIANCE_MATRIX_TEMPLATE.md) and replace with a real jurisdiction.
**Purpose:** Train the onboarding process: obligation rows, control linkage, evidence columns.
---
## 1. Law / regulation inventory (fictional placeholders)
| Ref id | Short title | Scope | Notes |
|--------|-------------|-------|-------|
| STUB-BANK-001 | Illustrative banking supervision act | banking | Fictional — replace with real citations. |
| STUB-AML-001 | Illustrative AML law | AML | Fictional. |
---
## 2. Requirement and control mapping (illustrative rows)
| Matrix row id | Obligation summary | Participant classes | URA family | Enforcement | Control ids | Evidence expectation |
|---------------|-------------------|---------------------|------------|-------------|-------------|----------------------|
| STUB-001 | Illustrative: know your customer for institutional treasury | institutional | `SERVER_FUNDS` | off-chain | C7, STUB-KYB-001 | Onboarding file + audit log reference |
| STUB-002 | Illustrative: sanctions screening before funding draw | institutional | `SERVER_FUNDS` | hybrid | C7, STUB-SAN-001 | Screening vendor ref + timestamp in evidence package |
| STUB-003 | Illustrative: safekeeping evidence for custody record | institutional | `SKR_SAFEKEEPING` | off-chain | C9, STUB-CUST-001 | Custodian statement hash in `custodyOrSourceEvidence` |
---
## 3. Residual risk
All rows are **non-binding** examples. Production matrices require **counsel-approved** law inventory and signed control mapping.
## Related
- [JURISDICTION_CATALOG.md](../../jurisdictions/JURISDICTION_CATALOG.md)
- [ID-INDONESIA/banking_v1.md](../ID-INDONESIA/banking_v1.md) — real pilot jurisdiction example in this repo.

11
docs/04-configuration/compliance-matrices/ID-INDONESIA/README.md
View File

@@ -1,11 +0,0 @@
# Indonesia (ID) — compliance matrices
**Status:** pilot_ready (counsel must validate legal inventory in `banking_v1.md`)
| File | Regime / topic |
|------|----------------|
| [banking_v1.md](banking_v1.md) | Banking, OMNL, sidecars, Rail, ISO / 4.995, BNI path |
**Catalog:** [`config/jurisdictions/catalog.v1.json`](../../../config/jurisdictions/catalog.v1.json) — `id: "ID"`
**Related:** [INSTITUTION_ONBOARDING_PLAYBOOK.md](../INSTITUTION_ONBOARDING_PLAYBOOK.md), [DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md](../../../03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md)

59
docs/04-configuration/compliance-matrices/ID-INDONESIA/banking_v1.md
View File

@@ -1,59 +0,0 @@
# Compliance matrix — Indonesia (ID) — banking_v1
**Last updated:** 2026-04-25
**Jurisdiction id:** ID
**Status:** **pilot_ready** — consolidate scattered repo guidance; **counsel must validate** all legal citations and obligation text before production claims.
**Machine-readable catalog:** [`config/jurisdictions/catalog.v1.json`](../../../config/jurisdictions/catalog.v1.json)
---
## 1. Law / regulation inventory (outline — verify with counsel)
| Ref id | Short title | Scope | Repo anchor (non-legal) |
|--------|-------------|-------|-------------------------|
| ID-BI-PAYMENT | BI payment system / RTGS-related rules (confirm scope) | banking, payments | [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](../../../03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md), Indonesia rows |
| ID-OJK-SEC | OJK capital markets rules (if securities path in scope) | securities | Depository / securities sidecar rows in same matrix |
| ID-AML-CTF | AML / CTF obligations (confirm statutes) | AML | [DBIS_RAIL_RULEBOOK_V1.md](../../../dbis-rail/DBIS_RAIL_RULEBOOK_V1.md) good-funds / compliance alignment |
| ID-DP | Data protection (confirm PDP / sector rules) | data | Evidence vault / ISO path |
*Replace summaries with counsel-approved citations and effective dates.*
---
## 2. Requirement and control mapping (starter rows)
| Matrix row id | Obligation summary | Participant classes | URA family | Enforcement | Control ids | Evidence expectation |
|---------------|-------------------|---------------------|------------|-------------|-------------|----------------------|
| ID-OMNL-001 | Institutional ledger / OMNL posting path for RTGS slice | institutional | `SERVER_FUNDS` | off-chain | C8, C9, C17 | Deterministic `accountingRef`; JE / package per [OMNL_JOURNAL_LEDGER_MATRIX.md](../../mifos-omnl-central-bank/OMNL_JOURNAL_LEDGER_MATRIX.md) |
| ID-SIDECAR-001 | Server-funds treasury orchestration aligned with good-funds policy | institutional | `SERVER_FUNDS` | hybrid | C17, C12 | Sidecar draw/hold/release + evidence package; Phoenix probe [UNIVERSAL_RESOURCE_WIRING.md](../../universal-resource-activation/UNIVERSAL_RESOURCE_WIRING.md) |
| ID-RAIL-001 | On-chain settlement evidence (MintAuth / messageId) when rail used | institutional | `SERVER_FUNDS`, `FIAT_DIGITAL` (if applicable) | on-chain | C1C6, C10 | `settlementOrChainRef` per [DBIS_RAIL_TECHNICAL_SPEC_V1.md](../../../dbis-rail/DBIS_RAIL_TECHNICAL_SPEC_V1.md) |
| ID-ISO-001 | ISO 20022 / institutional evidence packaging | institutional | all lanes | off-chain | C9 | [INDONESIA_PACKAGE_4_995_EVIDENCE_STANDARD.md](../../mifos-omnl-central-bank/INDONESIA_PACKAGE_4_995_EVIDENCE_STANDARD.md), matrix ISO row |
| ID-BNI-001 | Domestic bank partner connectivity (when BNI path in scope) | institutional | payments | off-chain | — | [DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md](../../../03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md); freeze endpoint/auth |
| ID-SKR-001 | Custody / safekeeping evidence for SKR pilot | institutional | `SKR_SAFEKEEPING` | off-chain | C9 | `custodyOrSourceEvidence`, `evidenceRefs` on resource |
---
## 3. Deep links (implementation)
- HYBX operator: [HYBX_BATCH_001_OPERATOR_CHECKLIST.md](../../mifos-omnl-central-bank/HYBX_BATCH_001_OPERATOR_CHECKLIST.md)
- RTGS checklist: [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](../../../03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md)
- Rail controls: [DBIS_RAIL_CONTROL_MAPPING_V1.md](../../../dbis-rail/DBIS_RAIL_CONTROL_MAPPING_V1.md)
- Traceability: [DBIS_RAIL_JURISDICTION_TRACEABILITY.md](../../../dbis-rail/DBIS_RAIL_JURISDICTION_TRACEABILITY.md)
---
## 4. Residual risk / exceptions
| Topic | Decision | Owner |
|-------|----------|-------|
| BNI live contract | Planned until live endpoint/auth evidenced — see RTGS matrix | Indonesia banking integration lead |
| Securities / CSD | Planned unless explicitly in slice 1 | Securities architecture lead |
---
## Document control
| Version | Date | Change |
|---------|------|--------|
| 0.1 | 2026-04-25 | Initial Indonesia banking_v1 matrix from master plan |

47
docs/04-configuration/compliance-matrices/INSTITUTION_ONBOARDING_CHARTER.md
View File

@@ -1,47 +0,0 @@
# Institution onboarding charter — multi-jurisdiction compliance program
**Last updated:** 2026-04-25
**Purpose:** Governance for onboarding **institutions** under explicit **jurisdictions**, aligned with the multi-jurisdiction master plan (policy profiles, per-jurisdiction compliance matrices, RTGS/Rail evidence, URA).
**Do not treat this document as legal advice.** Counsel owns interpretation of statutes and regulations; this charter defines **roles, artifacts, and “complete”** for program execution.
---
## Definitions
| Term | Meaning |
|------|---------|
| **Institution** | Licensed or contracted participant (bank, CSD, treasury entity, program operator) using DBIS RTGS / Rail / URA artifacts. |
| **Jurisdiction** | Legal regime under which the institution operates for a given activity (may be multiple per institution). |
| **Policy profile** | Versioned ruleset referenced by `policyProfileId` on URA resources — see [UNIVERSAL_RESOURCE_POLICY_PROFILES.md](../universal-resource-activation/UNIVERSAL_RESOURCE_POLICY_PROFILES.md) and [policy-profiles.json](../../../config/universal-resource-activation/policy-profiles.json). |
| **Compliance matrix** | Per-jurisdiction mapping: law / obligation → control id → evidence / system behavior — see [compliance-matrices/README.md](README.md). |
| **Complete (institution)** | All **in-scope** matrix rows for that institutions jurisdictions are **implemented or explicitly waived** with sign-off; URA pilots or production resources carry **non-placeholder** evidence where policy requires; RTGS matrix rows for the **chosen architecture** are `Complete` or **excluded with rationale** (see [DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md](../../03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md)). |
---
## RACI (summary)
| Activity | Responsible | Accountable | Consulted | Informed |
|----------|-------------|-------------|-----------|----------|
| Jurisdiction / law inventory | Compliance | Legal | Local counsel | Program, Eng |
| Compliance matrix draft | Compliance | Legal | Risk, Product | Eng |
| Policy profile version & registry | Product / Arch | Legal + Risk | Compliance | Eng |
| URA manifest & evidence packages | Ops | Compliance | Audit | Eng |
| RTGS / sidecar / OMNL integration | Eng | Program | Banking ops | Compliance |
| Rail / on-chain controls | Eng | Risk | Audit | Legal |
| Production gate sign-off | Program | Executive sponsor | Legal, Risk | All |
---
## Exit criteria (program slice 1)
1. [JURISDICTION_CATALOG.md](../jurisdictions/JURISDICTION_CATALOG.md) and [config/jurisdictions/catalog.v1.json](../../../config/jurisdictions/catalog.v1.json) list **in-scope** jurisdictions and activities.
2. [SLICE1_SCOPE_FREEZE.md](../jurisdictions/SLICE1_SCOPE_FREEZE.md) is agreed and references [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](../../03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md) immediate priorities.
3. At least one **full** jurisdiction matrix exists (see [ID-INDONESIA/banking_v1.md](ID-INDONESIA/banking_v1.md)) plus [GENERIC-COMMON-LAW-STUB](GENERIC-COMMON-LAW-STUB/banking_v1.md) for process training and a **draft second jurisdiction** ([US-DELAWARE-CORP-STUB](US-DELAWARE-CORP-STUB/README.md)) for multi-matrix workflow rehearsal.
4. Policy profiles registered and validated in CI (`pnpm ura:validate-profiles`).
5. Traceability doc links controls to matrices — [DBIS_RAIL_JURISDICTION_TRACEABILITY.md](../../dbis-rail/DBIS_RAIL_JURISDICTION_TRACEABILITY.md).
## Related
- [INSTITUTION_ONBOARDING_PLAYBOOK.md](INSTITUTION_ONBOARDING_PLAYBOOK.md) — step-by-step onboarding.
- [UNIVERSAL_RESOURCE_WIRING.md](../universal-resource-activation/UNIVERSAL_RESOURCE_WIRING.md) — URA ops.

67
docs/04-configuration/compliance-matrices/INSTITUTION_ONBOARDING_PLAYBOOK.md
View File

@@ -1,67 +0,0 @@
# Institution onboarding playbook — jurisdictions and compliance matrices
**Last updated:** 2026-04-25
**Purpose:** Repeatable steps to onboard an **institution** under one or more **jurisdictions**, producing signed compliance matrices, registered policy profiles, and URA/RTGS artifacts.
## Prerequisites
- [INSTITUTION_ONBOARDING_CHARTER.md](INSTITUTION_ONBOARDING_CHARTER.md) acknowledged (RACI).
- [JURISDICTION_CATALOG.md](../jurisdictions/JURISDICTION_CATALOG.md) and [`config/jurisdictions/catalog.v1.json`](../../config/jurisdictions/catalog.v1.json) updated for new jurisdictions.
- [SLICE1_SCOPE_FREEZE.md](../jurisdictions/SLICE1_SCOPE_FREEZE.md) or successor scope doc current.
---
## Steps
### 1. Legal and compliance intake
1. Institution name, regulator(s), licensed activities.
2. Build **law / regulation inventory** (counsel-owned citations).
3. Confirm **in-scope** vs **excluded** activities; align with RTGS matrix architecture choice.
### 2. Compliance matrix
1. Copy [_TEMPLATE/COMPLIANCE_MATRIX_TEMPLATE.md](_TEMPLATE/COMPLIANCE_MATRIX_TEMPLATE.md) to `docs/04-configuration/compliance-matrices/<JURISDICTION_CODE>/`.
2. Fill obligation rows; map **Control ids** to [DBIS_RAIL_CONTROL_MAPPING_V1.md](../../dbis-rail/DBIS_RAIL_CONTROL_MAPPING_V1.md) and add `<JUR>-*` ids as needed.
3. Link evidence expectations to ISO / 4.995 / institution package standards where applicable.
4. Update [DBIS_RAIL_JURISDICTION_TRACEABILITY.md](../../dbis-rail/DBIS_RAIL_JURISDICTION_TRACEABILITY.md) when new obligation ↔ control links are stable.
### 3. Policy profiles
1. Add or extend entries in [`config/universal-resource-activation/policy-profiles.json`](../../config/universal-resource-activation/policy-profiles.json) (`jurisdictions[]`, `minimumGruGovernanceLevel`, `complianceMatrixPaths`).
2. Run `pnpm ura:validate-profiles`.
3. Update [UNIVERSAL_RESOURCE_POLICY_PROFILES.md](../universal-resource-activation/UNIVERSAL_RESOURCE_POLICY_PROFILES.md) if new profile semantics are introduced.
### 4. URA resources
1. Add or update rows in [`config/universal-resource-activation/manifest.json`](../../config/universal-resource-activation/manifest.json) with correct `policyProfileId`, `jurisdiction`, `ownerParticipantId`.
2. Follow [URA_PILOT_CLOSURE_RUNBOOK.md](../universal-resource-activation/URA_PILOT_CLOSURE_RUNBOOK.md) for evidence packages.
3. Run `pnpm ura:validate`.
### 5. RTGS / technical closure
1. Use [DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md](../../03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md) to assign workstreams.
2. Update [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](../../03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md) when components reach **Complete**.
### 6. Automation (recommended)
| Action | Command / artifact |
|--------|-------------------|
| URA manifest + schemas | `pnpm ura:validate` |
| Policy registry + manifest refs | `pnpm ura:validate-profiles` |
| Merge manifest fragments (optional) | `pnpm ura:merge-manifest` · [`manifest-fragments/README.md`](../../../config/universal-resource-activation/manifest-fragments/README.md) |
| Production closure gate (no pilot/TBD) | `pnpm ura:validate-closure:strict` · or `URA_STRICT_CLOSURE=1` with `validate-config-files.sh` |
| Phoenix HTTP smoke (staging) | `pnpm ura:smoke -- --http` with `PHOENIX_BASE_URL` (manifest + policy-profiles + sidecar-probe) |
| On-chain id hashes | `pnpm ura:keccak` |
**Service-bound next steps:** manifest/ledger writers fed by OMNL/sidecar events — out of repo until those APIs are stable; use merge + manual `manifest.json` until then.
### 7. Exit
Institution **Complete** per charter when: matrix rows implemented or waived with sign-off, mandatory RTGS rows green for chosen architecture, URA evidence **matched** where policy requires.
## Related
- [compliance-matrices/README.md](README.md)
- [UNIVERSAL_RESOURCE_WIRING.md](../universal-resource-activation/UNIVERSAL_RESOURCE_WIRING.md)
- [URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md](../universal-resource-activation/URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md)

24
docs/04-configuration/compliance-matrices/README.md
View File

@@ -1,24 +0,0 @@
# Per-jurisdiction compliance matrices
**Last updated:** 2026-04-25
**Purpose:** One **separate** matrix (or split by regime) per **onboarded jurisdiction**, mapping **local obligations****control IDs** (Rail + jurisdiction-specific) → **evidence / system behavior**.
## Index
| Jurisdiction code | Folder | Status |
|-------------------|--------|--------|
| _TEMPLATE | [_TEMPLATE/](_TEMPLATE/COMPLIANCE_MATRIX_TEMPLATE.md) | Use for new jurisdictions |
| GENERIC-COMMON-LAW-STUB | [GENERIC-COMMON-LAW-STUB/](GENERIC-COMMON-LAW-STUB/README.md) | Template only |
| ID (Indonesia) | [ID-INDONESIA/](ID-INDONESIA/README.md) | Pilot-ready |
| US-DELAWARE-CORP-STUB | [US-DELAWARE-CORP-STUB/](US-DELAWARE-CORP-STUB/README.md) | Draft (second jurisdiction exercise) |
## Governance
- [INSTITUTION_ONBOARDING_CHARTER.md](INSTITUTION_ONBOARDING_CHARTER.md) — RACI and definition of **Complete**.
- [JURISDICTION_CATALOG.md](../jurisdictions/JURISDICTION_CATALOG.md) — catalog index.
- [INSTITUTION_ONBOARDING_PLAYBOOK.md](INSTITUTION_ONBOARDING_PLAYBOOK.md) — onboarding steps (Phase 6).
## Related
- [DBIS_RAIL_CONTROL_MAPPING_V1.md](../../dbis-rail/DBIS_RAIL_CONTROL_MAPPING_V1.md)
- [DBIS_RAIL_JURISDICTION_TRACEABILITY.md](../../dbis-rail/DBIS_RAIL_JURISDICTION_TRACEABILITY.md)

9
docs/04-configuration/compliance-matrices/US-DELAWARE-CORP-STUB/README.md
View File

@@ -1,9 +0,0 @@
# US-DELAWARE-CORP-STUB — draft (second jurisdiction template)
**Status:** **draft** — placeholder for a second jurisdiction onboarding exercise. **Not** production-ready; no counsel review recorded.
Replace this stub with a real US state / federal matrix when an institution requires it, or delete if out of scope.
| File | Regime / topic |
|------|----------------|
| [banking_v1.md](banking_v1.md) | Draft starter rows (fictional placeholders) |

25
docs/04-configuration/compliance-matrices/US-DELAWARE-CORP-STUB/banking_v1.md
View File

@@ -1,25 +0,0 @@
# Compliance matrix — US-DELAWARE-CORP-STUB — banking_v1 (DRAFT)
**Last updated:** 2026-04-25
**Status:** **draft** — second-jurisdiction process training only. **Do not** use for compliance claims.
## 1. Law / regulation inventory (placeholders — replace with counsel research)
| Ref id | Short title | Scope | Notes |
|--------|-------------|-------|-------|
| US-D-STUB-001 | Illustrative: corporate treasury governance | corporate | Fictional row for template practice. |
| US-D-STUB-002 | Illustrative: AML program expectations | AML | Fictional. |
## 2. Requirement mapping (starter)
| Matrix row id | Obligation summary | URA family | Control ids | Evidence |
|---------------|-------------------|------------|-------------|----------|
| US-STUB-001 | Illustrative: treasury policy for server funds | `SERVER_FUNDS` | C8, C17 | OMNL refs + policy attestation |
| US-STUB-002 | Illustrative: custody evidence for SKR | `SKR_SAFEKEEPING` | C9 | Custodian hash / WORM id |
## 3. Next steps
1. Rename jurisdiction folder to the agreed code (e.g. state + program).
2. Replace inventory with **real** citations.
3. Register profiles in [`policy-profiles.json`](../../../config/universal-resource-activation/policy-profiles.json) if new `policyProfileId`s are needed.
4. Add row to [`config/jurisdictions/catalog.v1.json`](../../../config/jurisdictions/catalog.v1.json) with `status: pilot_ready` when reviewed.

45
docs/04-configuration/compliance-matrices/_TEMPLATE/COMPLIANCE_MATRIX_TEMPLATE.md
View File

@@ -1,45 +0,0 @@
# Compliance matrix — `<JURISDICTION_CODE>` — `<REGIME_OR_TOPIC>_v1`
**Last updated:** YYYY-MM-DD
**Jurisdiction id:** `<ISO or program code, e.g. ID, US-NY>`
**Owning counsel / compliance:** `<Name or role — not legal advice in this file>`
**Effective from / to:** `<dates or “until superseded”>`
**Related `policyProfileId`(s):** `<list>`
**Related URA families:** `SKR_SAFEKEEPING` | `SERVER_FUNDS` | `INFRA_CAPACITY` | …
---
## 1. Law / regulation inventory
| Ref id | Short title | Scope (banking, securities, AML, DP, FX, digital assets) | Notes |
|--------|-------------|---------------------------------------------------------------|-------|
| LAW-001 | `<Statute or reg>` | `<scope>` | `<counsel summary>` |
---
## 2. Requirement and control mapping
| Matrix row id | Obligation summary (non-legal) | Participant classes | URA family | Enforcement (on-chain / off-chain / hybrid) | Control ids | Evidence expectation |
|---------------|--------------------------------|---------------------|------------|---------------------------------------------|-------------|----------------------|
| `<JUR>-001` | `<e.g. KYC for treasury operators>` | `<institutional>` | `SERVER_FUNDS` | off-chain | `C7` [Rail mapping](../../dbis-rail/DBIS_RAIL_CONTROL_MAPPING_V1.md), `<JUR>-AML-001` | `<ISO package / audit artifact>` |
**Control id conventions**
- **C1C18:** [DBIS_RAIL_CONTROL_MAPPING_V1.md](../../dbis-rail/DBIS_RAIL_CONTROL_MAPPING_V1.md) where applicable.
- **`<JUR>-*`** jurisdiction-specific controls not covered by Rail mapping.
---
## 3. Residual risk / exceptions
| Topic | Decision | Owner |
|-------|----------|-------|
| Manual vs automated control | `<>` | `<>` |
---
## 4. Document control
| Version | Date | Author | Change |
|---------|------|--------|--------|
| 0.1 | YYYY-MM-DD | `<>` | Draft |

22
docs/04-configuration/jurisdictions/JURISDICTION_CATALOG.md
View File

@@ -1,22 +0,0 @@
# Jurisdiction catalog (human index)
**Last updated:** 2026-04-25
**Machine-readable source:** [`config/jurisdictions/catalog.v1.json`](../../config/jurisdictions/catalog.v1.json)
| ID | Label | Compliance matrix | Status | Notes |
|----|-------|-------------------|--------|--------|
| ID | Indonesia | [ID-INDONESIA/banking_v1.md](../compliance-matrices/ID-INDONESIA/banking_v1.md) | pilot_ready | Align with BNI / OMNL / 4.995 evidence paths. |
| GENERIC-COMMON-LAW-STUB | Template stub | [GENERIC-COMMON-LAW-STUB/README.md](../compliance-matrices/GENERIC-COMMON-LAW-STUB/README.md) | template_only | Train process only; not for production. |
| US-DELAWARE-CORP-STUB | US draft stub | [US-DELAWARE-CORP-STUB/README.md](../compliance-matrices/US-DELAWARE-CORP-STUB/README.md) | draft | Second-jurisdiction placeholder; replace or remove. |
## Adding a jurisdiction
1. Add an object to `catalog.v1.json` with `id`, `label`, paths, `status`.
2. Create `docs/04-configuration/compliance-matrices/<id>/` using [_TEMPLATE/COMPLIANCE_MATRIX_TEMPLATE.md](../compliance-matrices/_TEMPLATE/COMPLIANCE_MATRIX_TEMPLATE.md).
3. Register or extend [policy-profiles.json](../../config/universal-resource-activation/policy-profiles.json) entries with `jurisdictions[]`.
4. Update [DBIS_RAIL_JURISDICTION_TRACEABILITY.md](../../dbis-rail/DBIS_RAIL_JURISDICTION_TRACEABILITY.md) when controls are mapped.
## Related
- [INSTITUTION_ONBOARDING_CHARTER.md](../compliance-matrices/INSTITUTION_ONBOARDING_CHARTER.md)
- [SLICE1_SCOPE_FREEZE.md](SLICE1_SCOPE_FREEZE.md)

36
docs/04-configuration/jurisdictions/SLICE1_SCOPE_FREEZE.md
View File

@@ -1,36 +0,0 @@
# Slice 1 scope freeze (RTGS + URA alignment)
**Last updated:** 2026-04-25
**Purpose:** Operational **scope freeze** for production slice 1, aligned with [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](../../03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md) **Immediate execution priority** and URA pilots.
## Frozen priorities (from RTGS matrix)
1. **Freeze the canonical banking rail** on the proven OMNL / Fineract tenant and authenticated posting path.
2. **Freeze participant / treasury / GL model** (and dependent depository, custody, FX, liquidity layers as in-scope for slice 1).
3. **Complete the canonical settlement path** from HYBX sidecars into Chain 138 with durable evidence.
## In-scope for slice 1 (default)
- OMNL / Fineract operator rail and officeGL mapping (as documented in matrix rows).
- HYBX first-slice sidecars: **`mifos-fineract-sidecar`**, **`server-funds-sidecar`**, **`off-ledger-2-on-ledger-sidecar`** — business flows and evidence, not only health.
- ISO 20022 / institutional evidence packaging toward **submission-grade** where matrix requires.
- Indonesia domestic path **when** institution is Indonesia-facing — see [ID-INDONESIA compliance matrix](../compliance-matrices/ID-INDONESIA/banking_v1.md).
- URA [pilot plan](../universal-resource-activation/UNIVERSAL_RESOURCE_PILOT_PLAN.md) closure per [URA_PILOT_CLOSURE_RUNBOOK.md](../universal-resource-activation/URA_PILOT_CLOSURE_RUNBOOK.md).
## Explicitly out of scope for slice 1 (unless program re-opens)
- Fabric / Indy / Aries **production** until matrix rows move from Planned/Reserved to Complete with validation.
- Mojaloop, card networks, flash-loan XAU, etc., unless a **written scope addendum** promotes them.
- **Template-only** jurisdiction [GENERIC-COMMON-LAW-STUB](../compliance-matrices/GENERIC-COMMON-LAW-STUB/banking_v1.md) — never production.
## Change control
Any change to this freeze requires: Program owner + Legal/Compliance acknowledgment and update to this files **Last updated** and a short **revision note** block (append below).
---
## Revision history
| Date | Change |
|------|--------|
| 2026-04-25 | Initial slice 1 freeze document created from master plan. |

10
docs/04-configuration/universal-resource-activation/README.md
View File

@@ -15,19 +15,11 @@
| [UNIVERSAL_RESOURCE_INFRA_CAPACITY_LANE.md](UNIVERSAL_RESOURCE_INFRA_CAPACITY_LANE.md) | Infrastructure capacity lane: inventory, bundles, broker, metering |
| [UNIVERSAL_RESOURCE_EVIDENCE_PACKAGE.md](UNIVERSAL_RESOURCE_EVIDENCE_PACKAGE.md) | Shared evidence and reconciliation package |
| [UNIVERSAL_RESOURCE_PILOT_PLAN.md](UNIVERSAL_RESOURCE_PILOT_PLAN.md) | First three pilots (SKR, server funds, infra) |
| [URA_PILOT_CLOSURE_RUNBOOK.md](URA_PILOT_CLOSURE_RUNBOOK.md) | Replace manifest placeholders; close pilots and evidence |
| [URA_OPERATIONAL_READINESS_CHECKLIST.md](URA_OPERATIONAL_READINESS_CHECKLIST.md) | Phased checklist from preconditions to production acceptance; run `pnpm ura:ops-readiness` (fast) or `pnpm ura:ops-readiness:full` (adds forge + full config gate) in-repo for validation |
| [technical-specs/README.md](technical-specs/README.md) | **TS-*** normative specs for remaining automation (OMNL/sidecar, settlement indexer, SKR ETL, GRU program, compliance sign-off) |
| [policy-profiles.json (registry)](../../config/universal-resource-activation/policy-profiles.json) | Machine-readable profiles + GRU governance level |
| [POLICY_PROFILES_REGISTRY.md](../../config/universal-resource-activation/POLICY_PROFILES_REGISTRY.md) | Doc control / sign-off table per profile version |
| [MANIFEST_AUTOMATION_DESIGN.md](../../config/universal-resource-activation/MANIFEST_AUTOMATION_DESIGN.md) | Future manifest merge/CI design (not implemented) |
| [Compliance matrices / onboarding](../compliance-matrices/README.md) | Per-jurisdiction matrices, charter, playbook |
| [Jurisdiction catalog](../jurisdictions/JURISDICTION_CATALOG.md) | Catalog index + `config/jurisdictions/catalog.v1.json` |
| [JSON Schema v1](../../../config/universal-resource-activation.resource.v1.schema.json) | Machine-readable resource body (`UniversalResource` subset) |
| [URAWiring / ops](UNIVERSAL_RESOURCE_WIRING.md) | **Manifest, CI validation, Phoenix `GET` route, env overrides** |
| [manifest.json (live store)](../../../config/universal-resource-activation/manifest.json) | In-repo `resources[]` and `evidencePackages[]` |
**Validate:** `pnpm ura:ops-readiness` / `pnpm ura:ops-readiness:full` (aggregate repo gate) · `pnpm ura:production-ready` / `pnpm ura:production-ready:connectivity` (target host: strict vs staging) · `pnpm ura:validate` · `pnpm ura:validate-profiles` · **merge fragments:** `pnpm ura:merge-manifest` · **ledger mapping:** `pnpm ura:validate-ledger-mapping` · **writers:** `pnpm ura:writer:ledger` / `pnpm ura:writer:settlement` · **profile hash (on-chain anchor):** `pnpm ura:profile-hash` · **closure gate:** `pnpm ura:validate-closure` / `pnpm ura:validate-closure:strict` · **smoke:** `pnpm ura:smoke` (add `--http` for Phoenix: manifest + policy-profiles + sidecar-probe) · **on-chain id hashes:** `pnpm ura:keccak` — [wiring §2.1](UNIVERSAL_RESOURCE_WIRING.md#21-testing-checklist) · **full automation tracker:** [URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md](URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md)
**Validate:** `node scripts/validate/validate-universal-resource-activation.mjs` (from repo root) · **smoke (schema ± HTTP):** `bash scripts/verify/smoke-universal-resource-activation.sh` — [wiring §2.1](UNIVERSAL_RESOURCE_WIRING.md#21-testing-checklist)
## Upstream anchors

28
docs/04-configuration/universal-resource-activation/SKR_CUSTODY_AUTOMATION_NOTES.md
View File

@@ -1,28 +0,0 @@
# SKR / custody — automation notes for `evidenceRefs`
**Last updated:** 2026-04-25
**Purpose:** Guide for **Pilot 1** automation: populating [`manifest.json`](../../../config/universal-resource-activation/manifest.json) `evidenceRefs` and evidence package `custodyOrSourceEvidence` from custodian or internal systems.
## 1. Typical sources
| Source | Pattern |
|--------|---------|
| **Custodian API** | Poll or webhook for statement id / secure URL; store hash in manifest. |
| **Signed PDF / ISO package** | Landing zone (S3, SFTP); writer computes SHA-256; `evidenceRefs` = `sha256:…` or object URL + hash. |
| **Internal attestation** | HSM-signed payload; reference id in manifest. |
## 2. Jurisdiction
Obligations live in the per-jurisdiction matrix (e.g. [ID-INDONESIA/banking_v1.md](../compliance-matrices/ID-INDONESIA/banking_v1.md)). Automation must not change **meaning** of evidence without counsel review.
## 3. Implementation sketch
1. Custody ETL outputs JSON `{ "statementId", "hash", "effectiveDate" }`.
2. Extend [`build-ledger-fragment.mjs`](../../../scripts/ura/manifest-writer/build-ledger-fragment.mjs) pattern with a **custody fragment** script (future) or reuse merge fragments manually.
3. Run `pnpm ura:validate` and `pnpm ura:validate-closure:strict` before production CI enables strict mode.
## Related
- [TS-SKR-CUSTODY-ETL-MANIFEST-V1.md](technical-specs/TS-SKR-CUSTODY-ETL-MANIFEST-V1.md) — normative custody ETL requirements
- [`URA_PILOT_CLOSURE_RUNBOOK.md`](URA_PILOT_CLOSURE_RUNBOOK.md) §2
- [`URA_MANIFEST_WRITER_OPS.md`](../../03-deployment/URA_MANIFEST_WRITER_OPS.md)

4
docs/04-configuration/universal-resource-activation/UNIVERSAL_RESOURCE_EVIDENCE_PACKAGE.md
View File

@@ -1,6 +1,6 @@
# Shared Evidence and Reconciliation Package
**Last updated:** 2026-04-25
**Last updated:** 2026-04-24
**Purpose:** A single **reproducible evidence package** for every **resource activation** and cross-lane action (SKR, server funds, infra, settlement). Aligns with ISO-20022 and institutional audit patterns referenced in [DBIS Rail technical spec](../../dbis-rail/DBIS_RAIL_TECHNICAL_SPEC_V1.md) and the custody operating model in [DBIS_RTGS_DEPOSITORY_AND_CUSTODY_OPERATING_MODEL.md](../../03-deployment/DBIS_RTGS_DEPOSITORY_AND_CUSTODY_OPERATING_MODEL.md).
## Design principles
@@ -30,8 +30,6 @@
| `reconciliationStatus` | `open`, `matched`, `exception` |
| `explanation` | Human-readable for auditors |
Use **`reconciliationStatus = open`** when mandatory joins (e.g. a real `accountingRef` or `settlementOrChainRef` where policy requires them) are not yet present or verified; set **`matched`** only after those joins succeed in the same reconciliation window. Bootstrap packages with TBD text placeholders should stay **`open`**.
## Minimum object set by lane
| Lane | Must include |

4
docs/04-configuration/universal-resource-activation/UNIVERSAL_RESOURCE_ONTOLOGY.md
View File

@@ -1,6 +1,6 @@
# Universal Resource Ontology
**Last updated:** 2026-04-25
**Last updated:** 2026-04-24
**Purpose:** Define the canonical **resource** model used across financial and infrastructure lanes. This is the schema contract for registries, APIs, and (when applicable) on-chain mirrors.
## Design principles
@@ -19,8 +19,6 @@
| `createdAt` | RFC3339 / epoch | Audit. |
| `updatedAt` | RFC3339 / epoch | Audit. |
**In-repo manifest (human-readable URNs):** The [URA `manifest.json`](../../config/universal-resource-activation/manifest.json) may use stable string IDs such as `ura:pilot-1:…` for reviewability. For optional EVM anchoring, derive **`keccak256(utf8(resourceId))`** (same as `node scripts/ura/keccak-resource-ids.mjs`); the manifest string remains the canonical off-chain id unless you later standardize on bytes32 at rest.
## Resource families
`family` discriminates top-level behavior and which lane adapters apply.

Some files were not shown because too many files have changed in this diff Show More