d-bis/proxmox
4
0
Fork 0
Code Issues 2 Pull Requests 13 Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: d-bis:sync/currencicombo-phoenix-e2e
Branches Tags
d-bis:master d-bis:devin/1777471106-phase4b-v2-runbook d-bis:devin/1777459320-phase3-deployed-cbtc-wired d-bis:devin/1777435956-stack-a-canonicalization d-bis:devin/1777403009-phoenix-bootstrap d-bis:main d-bis:devin/1777249218-harden-branch-detection d-bis:chore/explorer-pricing-rollout-coordination d-bis:devin/1777157605-cromero-deploy-target d-bis:sync/currencicombo-phoenix-e2e d-bis:devin/coingecko-normalization-companion-20260419 d-bis:devin/explorer-verification-checklist-20260419 d-bis:devin/1776625819-chain138-listing-assets d-bis:devin/1776628206-rename-defi-to-capital-f d-bis:devin/1776625631-doc-reconcile-status-vocab d-bis:devin/phase5-ci-reconciliation-1776542837 d-bis:devin/phase1a-vault-consumer-prep-1776543363 d-bis:devin/phase4-drop-local-junk-1776542674 d-bis:devin/phase3-submodule-remotes-1776542381 d-bis:chore/ignore-local-runtime-artifacts d-bis:docs/mev-and-ops-runbook-refresh d-bis:docs/explorer-blockscout-and-verification-refresh d-bis:feat/canonical-token-and-list-refresh d-bis:feat/extraction-and-liquidity-improvement-pack d-bis:feat/mainnet-cw-liquidity-and-exit-ops d-bis:feat/gru-v2-full-mesh-ops-pack d-bis:feat/chain138-aave-gmx-rollout-scaffolding d-bis:feat/token-aggregation-aave-and-route-planning
d-bis:proxmox-clean-checkpoint-2026-04-24
...
pull from: d-bis:chore/explorer-pricing-rollout-coordination
Branches Tags
d-bis:devin/1777471106-phase4b-v2-runbook d-bis:master d-bis:devin/1777459320-phase3-deployed-cbtc-wired d-bis:devin/1777435956-stack-a-canonicalization d-bis:devin/1777403009-phoenix-bootstrap d-bis:main d-bis:devin/1777249218-harden-branch-detection d-bis:chore/explorer-pricing-rollout-coordination d-bis:devin/1777157605-cromero-deploy-target d-bis:sync/currencicombo-phoenix-e2e d-bis:devin/coingecko-normalization-companion-20260419 d-bis:devin/explorer-verification-checklist-20260419 d-bis:devin/1776625819-chain138-listing-assets d-bis:devin/1776628206-rename-defi-to-capital-f d-bis:devin/1776625631-doc-reconcile-status-vocab d-bis:devin/phase5-ci-reconciliation-1776542837 d-bis:devin/phase1a-vault-consumer-prep-1776543363 d-bis:devin/phase4-drop-local-junk-1776542674 d-bis:devin/phase3-submodule-remotes-1776542381 d-bis:chore/ignore-local-runtime-artifacts d-bis:docs/mev-and-ops-runbook-refresh d-bis:docs/explorer-blockscout-and-verification-refresh d-bis:feat/canonical-token-and-list-refresh d-bis:feat/extraction-and-liquidity-improvement-pack d-bis:feat/mainnet-cw-liquidity-and-exit-ops d-bis:feat/gru-v2-full-mesh-ops-pack d-bis:feat/chain138-aave-gmx-rollout-scaffolding d-bis:feat/token-aggregation-aave-and-route-planning
d-bis:proxmox-clean-checkpoint-2026-04-24

44 Commits
sync/curre ... chore/expl

Author SHA1 Message Date
defiQUG
207f088b39 docs(release): cross-link pricing rollout checklist and notes
Some checks failed
AI Code Review / claude-review (pull_request) Failing after 1m1s
Details
Validate (PR) / run-all-validation (pull_request) Failing after 25s
Details
2026-04-26 00:03:48 -07:00
defiQUG
240fec0c8e chore(release): record explorer pricing rollout and advance repo revisions
Some checks failed
AI Code Review / claude-review (pull_request) Failing after 1m5s
Details
Validate (PR) / run-all-validation (pull_request) Failing after 27s
Details
2026-04-25 23:45:28 -07:00
defiQUG
4b0512e66d repo: advance smom-dbis-138 for besu class templates 2026-04-25 12:42:36 -07:00
defiQUG
529f819b0f chore: add shared devin workspace tooling 2026-04-25 12:42:36 -07:00
defiQUG
2b5a039931 docs: harden canonical besu inventory references 2026-04-25 12:05:53 -07:00
defiQUG
0a0365f73d docs: wire dbis rail and gru specs into ura program 2026-04-25 11:37:15 -07:00
defiQUG
a894b1dd50 docs: add ura operational readiness and production gates 2026-04-25 11:37:05 -07:00
defiQUG
5688f474c3 docs: add dbis ecosystem umbrella master plan 2026-04-25 11:36:38 -07:00
defiQUG
4203f83e11 ops: align chain138 besu runtime audit and generated configs 2026-04-25 08:14:07 -07:00
defiQUG
566cecd8f9 feat: add universal resource activation policy profile flow 2026-04-24 22:06:26 -07:00
defiQUG
0035a787fe ops: align besu template audit and thirdweb sentry configs 2026-04-24 22:02:47 -07:00
defiQUG
fa4161cf58 docs: codify live public routing coverage and gaps 2026-04-24 21:52:49 -07:00
defiQUG
aba8ca5700 feat: add universal resource activation manifest wiring
Some checks failed
Deploy to Phoenix / validate (push) Failing after 28s
Details
Deploy to Phoenix / deploy (push) Has been skipped
Details
Deploy to Phoenix / deploy-atomic-swap-dapp (push) Has been skipped
Details
Deploy to Phoenix / cloudflare (push) Has been skipped
Details
2026-04-24 18:31:54 -07:00
defiQUG
60b8fb9ddc ops: schedule gitea tls expiry monitoring
Some checks failed
Deploy to Phoenix / validate (push) Failing after 30s
Details
Deploy to Phoenix / deploy (push) Has been skipped
Details
Deploy to Phoenix / deploy-atomic-swap-dapp (push) Has been skipped
Details
Deploy to Phoenix / cloudflare (push) Has been skipped
Details
2026-04-24 18:25:28 -07:00
defiQUG
01c36a5489 ops: add gitea tls handoff and expiry check
Some checks failed
Deploy to Phoenix / validate (push) Failing after 29s
Details
Deploy to Phoenix / deploy (push) Has been skipped
Details
Deploy to Phoenix / deploy-atomic-swap-dapp (push) Has been skipped
Details
Deploy to Phoenix / cloudflare (push) Has been skipped
Details
2026-04-24 16:30:18 -07:00
defiQUG
a4738c1376 Merge remote-tracking branch 'gitea/master'
Some checks failed
Deploy to Phoenix / validate (push) Has been cancelled
Details
Deploy to Phoenix / deploy (push) Has been cancelled
Details
Deploy to Phoenix / deploy-atomic-swap-dapp (push) Has been cancelled
Details
Deploy to Phoenix / cloudflare (push) Has been cancelled
Details 
# Conflicts:
#	docs/04-configuration/README.md
#	docs/MASTER_INDEX.md
#	phoenix-deploy-api/deploy-targets.json
#	scripts/deployment/phoenix-deploy-explorer-live-from-workspace.sh
 2026-04-24 16:12:08 -07:00
defiQUG
c23fdf4614 repo: align explorer submodule to remote master 2026-04-24 16:10:04 -07:00
defiQUG
7e2d9c58e3 repo: update the-order hook fix 2026-04-24 12:59:55 -07:00
defiQUG
64d2e550a1 repo: update cleaned nested repos 2026-04-24 12:56:52 -07:00
defiQUG
7572444b8f docs: index universal resource activation schema 2026-04-24 12:40:52 -07:00
defiQUG
83482d6d13 docs: add blocker cleanup runbook and resource activation pack 2026-04-24 12:40:35 -07:00
defiQUG
219247b872 ops: clear besu verifier gaps and health monitor noise 2026-04-24 12:36:26 -07:00
defiQUG
780648a2ee config: add thirdweb besu sentries to allowlists and template 2026-04-24 12:31:17 -07:00
defiQUG
1336253f8d docs: promote thirdweb besu sentries into canonical inventory 2026-04-24 12:27:10 -07:00
defiQUG
a1eacd3098 ops: destroy duplicate besu cts and add cluster inventory audit 2026-04-24 11:52:46 -07:00
defiQUG
91ba6f4f2f docs: finalize besu host placement reconciliation 2026-04-24 11:45:04 -07:00
defiQUG
21ad898c6b docs: reconcile besu rpc inventory after duplicate retirement 2026-04-24 11:30:46 -07:00
defiQUG
a14a683b9b verify: skip non-evm lane status when inventory inputs are missing 2026-04-24 11:02:26 -07:00
defiQUG
984900deba repo: ignore generated deployment and inventory report outputs 2026-04-24 10:58:54 -07:00
defiQUG
d8ff571c60 repo: ignore generated validation and inventory artifacts 2026-04-24 10:58:21 -07:00
defiQUG
e27ec30ab1 docs: add planning and terminology notes 2026-04-24 10:56:05 -07:00
defiQUG
1927058a95 feat: add inventory and validation builders 2026-04-24 10:56:01 -07:00
defiQUG
c65b896fad ops: add chain138 and rpc diagnostic tooling 2026-04-24 10:55:55 -07:00
defiQUG
454aeda9d5 ops: add new deployment and operator automation scripts 2026-04-24 10:55:50 -07:00
defiQUG
996d45d1ba feat: add phoenix deploy and x402 service updates 2026-04-24 10:55:45 -07:00
defiQUG
c5ec42d3d2 ci: update gitea workflows and contributor guidance 2026-04-24 10:55:42 -07:00
defiQUG
afde88ff9a config: refresh operational templates and network mappings 2026-04-24 10:55:39 -07:00
defiQUG
fc32d51ca7 docs: update operator, endpoint, and deployment references 2026-04-24 10:55:35 -07:00
defiQUG
9f60311ef1 docs: mark historical references to removed cleanup helpers 2026-04-24 10:47:02 -07:00
defiQUG
3743d20f49 repo: prune obsolete helpers and backup artifacts 2026-04-24 10:47:01 -07:00
defiQUG
58ca82bbe3 chain138: harden besu txpool recovery and runbooks 2026-04-24 10:46:40 -07:00
Codex
453ccc8d12 Add explorer-live deploy target and operator handoff
Some checks failed
Deploy to Phoenix / validate (push) Failing after 13s
Details
Deploy to Phoenix / deploy (push) Has been skipped
Details
Deploy to Phoenix / deploy-atomic-swap-dapp (push) Has been skipped
Details
Deploy to Phoenix / cloudflare (push) Has been skipped
Details
2026-04-23 09:53:49 -07:00
defiQUG
77d40201a3 ci: prefer gitea remote for workflow parity checks
Some checks failed
Deploy to Phoenix / validate (push) Failing after 12s
Details
Deploy to Phoenix / deploy (push) Has been skipped
Details
Deploy to Phoenix / deploy-atomic-swap-dapp (push) Has been skipped
Details
Deploy to Phoenix / cloudflare (push) Has been skipped
Details
2026-04-22 21:48:58 -07:00
defiQUG
0e7200f1b8 ci: lock deploy workflows across main and master
Some checks failed
Deploy to Phoenix / validate (push) Failing after 13s
Details
Deploy to Phoenix / deploy (push) Has been skipped
Details
Deploy to Phoenix / deploy-atomic-swap-dapp (push) Has been skipped
Details
Deploy to Phoenix / cloudflare (push) Has been skipped
Details
2026-04-22 21:47:57 -07:00
880 changed files with 16643 additions and 106436 deletions
Expand all files Collapse all files

18
.devin/README.md Normal file
View File

@@ -0,0 +1,18 @@
# Devin for Terminal in Cursor
This project is configured to use Devin for Terminal as a local CLI companion inside Cursor.
- Cursor config import is enabled through `.cursor/rules/` and `.cursor/mcp.json` if present.
- Windsurf config import is disabled for this project.
- `AGENTS.md` remains the canonical shared project guidance.
- Personal Devin overrides and secrets belong in `.devin/config.local.json`, which is gitignored.
- Run `devin auth login` interactively before first use.
Useful commands:
```bash
devin
devin -- "review this repo and suggest the next safe task"
devin auth status
devin mcp list
```

21
.devin/agents/reviewer/AGENT.md Normal file
View File

@@ -0,0 +1,21 @@
---
name: reviewer
description: Read-only reviewer for Cursor/Devin handoffs
allowed-tools:
- read
- grep
- glob
- exec
permissions:
allow:
- Exec(git status)
- Exec(git diff)
- Exec(git log)
deny:
- write
- edit
---
You are a read-only review subagent for this Cursor workspace.
Review changes for correctness, security, operational risk, and consistency with `AGENTS.md` and relevant `.cursor/rules/` guidance. Do not modify files. Report only actionable findings first, ordered by severity, with exact file paths.

38
.devin/config.json Normal file
View File

@@ -0,0 +1,38 @@
{
// Devin for Terminal project config optimized for Cursor as the primary IDE.
"read_config_from": {
"cursor": true,
"windsurf": false,
"claude": true
},
"permissions": {
"allow": [
"Read(**)",
"Exec(git status)",
"Exec(git diff)",
"Exec(git log)",
"Exec(pnpm run)",
"Exec(bash scripts/verify)",
"Exec(bash scripts/validation)"
],
"ask": [
"Write(**)",
"Exec(git commit)",
"Exec(git push)",
"Exec(docker)",
"Exec(docker compose)",
"mcp__*"
],
"deny": [
"Exec(rm)",
"Exec(sudo)",
"Exec(chmod -R)",
"Exec(chown -R)",
"Write(.env*)",
"Write(**/.env*)",
"Write(reports/secrets/**)",
"Write(config/production/*did-secrets.env)"
]
},
"mcpServers": {}
}

14
.devin/hooks.v1.json Normal file
View File

@@ -0,0 +1,14 @@
{
"PreToolUse": [
{
"matcher": "exec",
"hooks": [
{
"type": "command",
"command": "bash scripts/devin/block-dangerous-command.sh",
"timeout": 10
}
]
}
]
}

22
.devin/skills/cursor-handoff/SKILL.md Normal file
View File

@@ -0,0 +1,22 @@
---
name: cursor-handoff
description: Align Devin for Terminal work with this Cursor workspace and project rules
allowed-tools:
- read
- grep
- glob
- exec
triggers:
- user
- model
---
Use this skill when starting or resuming work in this repository from Devin for Terminal.
1. Treat Cursor as the primary IDE context and read `.cursor/rules/` when relevant.
2. Read `AGENTS.md` first for canonical project guidance.
3. Do not rely on Windsurf rules, skills, workflows, or MCP settings for this project.
4. Check `git status --short` before editing and preserve unrelated user changes.
5. Prefer dry-run flags for operator, deployment, DNS, Proxmox, and LAN-sensitive scripts.
6. Never write secrets or runtime credentials into tracked files.
7. When using MCP servers, assume Cursor and Devin maintain separate authentication sessions.

28
.devin/skills/review/SKILL.md Normal file
View File

@@ -0,0 +1,28 @@
---
name: review
description: Review code changes before commit or handoff
allowed-tools:
- read
- grep
- glob
- exec
permissions:
allow:
- Exec(git status)
- Exec(git diff)
- Exec(git log)
deny:
- write
- edit
triggers:
- user
- model
---
Review the current changes with a correctness-first stance.
1. Run `git status --short`.
2. Run `git diff` and, if staged changes exist, `git diff --staged`.
3. Focus on bugs, security regressions, deployment risk, missing validation, and secret exposure.
4. Cite exact file paths and keep findings ordered by severity.
5. If no issues are found, say so and call out any test or validation gaps.

8
.env.master.example
View File

@@ -104,6 +104,8 @@ DEPLOYER_ADDRESS=
RPC_URL_138=
RPC_URL_138_PUBLIC=
ETHEREUM_MAINNET_RPC=
# Clear scripts/verify/check-external-dependencies.sh — use real service URLs when split; example interim health target:
# DBIS_CORE_URL=https://dbis-api.d-bis.org/health
DBIS_CORE_URL=
CC_PAYMENT_ADAPTERS_URL=
CC_AUDIT_LEDGER_URL=
@@ -111,9 +113,15 @@ CC_SHARED_EVENTS_URL=
CC_SHARED_SCHEMAS_URL=
FIN_GATEWAY_URL=
ALLIANCE_ACCESS_URL=
# cast must be in PATH; use a runner-reachable Chain 138 RPC, e.g.:
# CHAIN138_CI_RPC_URL=https://rpc.public-0138.defi-oracle.io
CHAIN138_CI_RPC_URL=
ALL_MAINNET_RPC=
# Alltra / Wemix / Etherlink: set for production; for local read-only checks, deployer-gas-auto-route.sh falls back to public RPCs documented in scripts/deployment/deployer-gas-auto-route.sh
CHAIN_651940_RPC_URL=
# ALLTRA_MAINNET_RPC=https://mainnet-rpc.alltra.global
# WEMIX_RPC_URL=https://api.wemix.com
# ETHERLINK_RPC_URL=https://node.mainnet.etherlink.com
CHAIN_1_UNISWAP_V2_FACTORY=0x5C69bEe701ef814a2B6a3EDD4B1652CB9cc5aA6f
CHAIN_1_UNISWAP_V2_ROUTER=0x7a250d5630B4cF539739dF2C5dAcb4c659F2488D
CHAIN_1_UNISWAP_V2_START_BLOCK=0

4
.gitea/CONTRIBUTING.md
View File

@@ -6,6 +6,10 @@
2. Make changes, ensure tests pass
3. Open a pull request
Deploy workflow policy:
`main` and `master` are both deploy-triggering branches, so `.gitea/workflow-sources/deploy-to-phoenix.yml` and `.gitea/workflow-sources/validate-on-pr.yml` must stay identical across both branches.
Use `bash scripts/verify/sync-gitea-workflows.sh` after editing workflow-source files, and `bash scripts/verify/run-all-validation.sh --skip-genesis` to catch workflow drift before push.
## Pull Requests
- Use the PR template when opening a PR

81
.gitea/workflow-sources/deploy-to-phoenix.yml Normal file
View File

@@ -0,0 +1,81 @@
# Canonical deploy workflow. Keep source and checked-in workflow copies byte-identical.
# Validation checks both file sync and main/master parity.
name: Deploy to Phoenix
on:
push:
branches: [main, master]
workflow_dispatch:
jobs:
validate:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Fetch deploy branches for workflow parity check
run: |
REMOTE="${GITEA_WORKFLOW_REMOTE:-origin}"
if git remote | grep -qx gitea; then
REMOTE="${GITEA_WORKFLOW_REMOTE:-gitea}"
fi
git fetch --depth=1 "$REMOTE" main master
- name: Run repo validation gate
run: |
bash scripts/verify/run-all-validation.sh --skip-genesis
deploy:
needs: validate
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Trigger Phoenix deployment
run: |
SHA="$(git rev-parse HEAD)"
BRANCH="$(git rev-parse --abbrev-ref HEAD)"
curl -sSf -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \
-H "Authorization: Bearer ${{ secrets.PHOENIX_DEPLOY_TOKEN }}" \
-H "Content-Type: application/json" \
-d "{\"repo\":\"${{ gitea.repository }}\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"default\"}"
deploy-atomic-swap-dapp:
needs: validate
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Trigger Atomic Swap dApp deployment (Phoenix)
run: |
SHA="$(git rev-parse HEAD)"
BRANCH="$(git rev-parse --abbrev-ref HEAD)"
curl -sSf -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \
-H "Authorization: Bearer ${{ secrets.PHOENIX_DEPLOY_TOKEN }}" \
-H "Content-Type: application/json" \
-d "{\"repo\":\"${{ gitea.repository }}\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"atomic-swap-dapp-live\"}"
# After app deploy, ask Phoenix to run path-gated Cloudflare DNS sync on the host that has
# PHOENIX_REPO_ROOT + .env (not on this runner). Skips unless PHOENIX_CLOUDFLARE_SYNC=1 on that host.
# continue-on-error: first-time or missing opt-in should not block the main deploy.
cloudflare:
needs:
- deploy
- deploy-atomic-swap-dapp
runs-on: ubuntu-latest
continue-on-error: true
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Request Cloudflare DNS sync (Phoenix)
run: |
SHA="$(git rev-parse HEAD)"
BRANCH="$(git rev-parse --abbrev-ref HEAD)"
curl -sSf -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \
-H "Authorization: Bearer ${{ secrets.PHOENIX_DEPLOY_TOKEN }}" \
-H "Content-Type: application/json" \
-d "{\"repo\":\"${{ gitea.repository }}\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"cloudflare-sync\"}"

29
.gitea/workflow-sources/validate-on-pr.yml Normal file
View File

@@ -0,0 +1,29 @@
# Canonical PR validation workflow. Keep source and checked-in workflow copies byte-identical.
# Validation checks both file sync and main/master parity.
# PR-only: push validation already runs in deploy-to-phoenix.yml; this gives PRs the same
# no-LAN checks without the deploy job (and without deploy secrets).
name: Validate (PR)
on:
pull_request:
types: [opened, synchronize, reopened]
branches: [main, master]
workflow_dispatch:
jobs:
run-all-validation:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Fetch deploy branches for workflow parity check
run: |
REMOTE="${GITEA_WORKFLOW_REMOTE:-origin}"
if git remote | grep -qx gitea; then
REMOTE="${GITEA_WORKFLOW_REMOTE:-gitea}"
fi
git fetch --depth=1 "$REMOTE" main master
# Optional: set org/repo variable URA_STRICT_CLOSURE=1 to fail PRs while pilot placeholders
# remain in manifest (see scripts/ura/validate-manifest-closure.mjs). Not enabled by default.
- name: run-all-validation (no LAN, no genesis)
env:
URA_STRICT_CLOSURE: ${{ vars.URA_STRICT_CLOSURE }}
run: bash scripts/verify/run-all-validation.sh --skip-genesis

19
.gitea/workflows/deploy-to-phoenix.yml
View File

@@ -1,3 +1,5 @@
# Canonical deploy workflow. Keep source and checked-in workflow copies byte-identical.
# Validation checks both file sync and main/master parity.
name: Deploy to Phoenix
on:
@@ -12,20 +14,13 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4
# The cw* mesh matrix and deployment-status validators read
# cross-chain-pmm-lps/config/*.json. .gitmodules mixes Gitea HTTPS
# with git@github.com: SSH URLs, so `submodules: recursive` on the
# parent checkout isn't safe. Shallow-clone the public mirror of the
# pmm-lps repo directly (config-only, no secrets needed).
- name: Materialize cross-chain-pmm-lps (config only)
- name: Fetch deploy branches for workflow parity check
run: |
set -euo pipefail
if [ ! -f cross-chain-pmm-lps/config/deployment-status.json ]; then
rm -rf cross-chain-pmm-lps
git clone --depth=1 \
https://gitea.d-bis.org/d-bis/cross-chain-pmm-lps.git \
cross-chain-pmm-lps
REMOTE="${GITEA_WORKFLOW_REMOTE:-origin}"
if git remote | grep -qx gitea; then
REMOTE="${GITEA_WORKFLOW_REMOTE:-gitea}"
fi
git fetch --depth=1 "$REMOTE" main master
- name: Run repo validation gate
run: |

18
.gitea/workflows/validate-on-pr.yml
View File

@@ -1,3 +1,5 @@
# Canonical PR validation workflow. Keep source and checked-in workflow copies byte-identical.
# Validation checks both file sync and main/master parity.
# PR-only: push validation already runs in deploy-to-phoenix.yml; this gives PRs the same
# no-LAN checks without the deploy job (and without deploy secrets).
name: Validate (PR)
@@ -12,14 +14,16 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Materialize cross-chain-pmm-lps (config only)
- name: Fetch deploy branches for workflow parity check
run: |
set -euo pipefail
if [ ! -f cross-chain-pmm-lps/config/deployment-status.json ]; then
rm -rf cross-chain-pmm-lps
git clone --depth=1 \
https://gitea.d-bis.org/d-bis/cross-chain-pmm-lps.git \
cross-chain-pmm-lps
REMOTE="${GITEA_WORKFLOW_REMOTE:-origin}"
if git remote | grep -qx gitea; then
REMOTE="${GITEA_WORKFLOW_REMOTE:-gitea}"
fi
git fetch --depth=1 "$REMOTE" main master
# Optional: set org/repo variable URA_STRICT_CLOSURE=1 to fail PRs while pilot placeholders
# remain in manifest (see scripts/ura/validate-manifest-closure.mjs). Not enabled by default.
- name: run-all-validation (no LAN, no genesis)
env:
URA_STRICT_CLOSURE: ${{ vars.URA_STRICT_CLOSURE }}
run: bash scripts/verify/run-all-validation.sh --skip-genesis

37
.gitignore vendored
View File

@@ -26,6 +26,9 @@ Thumbs.db
# Local-only Cursor session / context (exclude from Gitea)
.cursor/local/
# Devin for Terminal personal overrides / secrets
.devin/config.local.json
# IDE files
.vscode/
.idea/
@@ -80,8 +83,13 @@ cross-chain-pmm-lps-publish/
# Local scratch (never commit)
.tmp-*.cjs
.codex
.codex/
.venv-checkjson/
.env.bak.pmg.*
# Teammate / third-party onboarding (API token handoffs; never commit)
reports/secrets/
# Operator / runtime env snapshots under reports/ (sensitive; regenerate from hosts)
reports/status/operator-*.env
@@ -98,6 +106,35 @@ output/omnl-e2e-*/
output/office22-*.zip
output/settlement-events/
output/transaction-package-*/
output/cw-assets-usd-quote-dump.json
output/jvmtm-evidence/
# Generated verification evidence snapshots (keep curated evidence, ignore rerunnable timestamped dumps)
docs/04-configuration/verification-evidence/e2e-verification-*/
# Generated deployment and inventory machine outputs
reports/deployment/*_20[0-9][0-9]-[0-9][0-9]-[0-9][0-9].md
reports/deployment/check-deployer-lp-balances-*.json
reports/inventory/container_inventory_*.csv
reports/inventory/contract-inventory-*.json
reports/inventory/DEPLOYED_CONTRACTS_*.md
reports/inventory/INCOMPLETE_DUPLICATE_ANALYSIS.md
reports/inventory/INVENTORY_COVERAGE_GAPS.md
reports/inventory/deployed-contracts-completion-matrix.json
reports/inventory/incomplete-duplicate-bytecode-analysis.json
# Generated status artifacts (rerunnable from wrappers/validation scripts)
reports/status/MULTI_NETWORK_DEPLOYMENT_AUDIT_*.md
reports/status/*-latest.json
reports/status/*-latest.md
reports/status/*-latest.csv
reports/status/hardware_poll_*.txt
reports/status/lxc_cluster_health_*.json
reports/status/lxc_cluster_health_*.txt
reports/status/mainnet-cwusdc-usdc-preflight-*.json
reports/status/mainnet-cwusdc-usdc-repeg-plan-*.json
reports/status/live_inventory_*.json
reports/status/drift_*.json
# Large optional vendor trees and local checkouts (keep out of main clone)
smom-dbis-138-publish/

6
AGENTS.md
View File

@@ -11,6 +11,9 @@ Orchestration for Proxmox VE, Chain 138 (`smom-dbis-138/`), explorers, NPMplus,
| Need | Location |
|------|-----------|
| Doc index | `docs/MASTER_INDEX.md` |
| Canonical ecosystem master plan | `docs/02-architecture/DBIS_ECOSYSTEM_TECHNICAL_MASTER_PLAN.md` — umbrella root; subordinate roots: `dbis_chain_138_technical_master_plan.md`, `docs/03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md`, `docs/04-configuration/universal-resource-activation/URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md` |
| Universal resource activation (manifest, CI, Phoenix) | `UNIVERSAL_RESOURCE_WIRING.md`, `URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md`, `URA_OPERATIONAL_READINESS_CHECKLIST.md` (under `docs/04-configuration/universal-resource-activation/`); `config/universal-resource-activation/{manifest.json,policy-profiles.json,integration/}`; `pnpm ura:ops-readiness` / `ura:ops-readiness:full`, `ura:production-ready` / `ura:production-ready:connectivity`, `ura:validate`, `ura:validate-profiles`, `ura:merge-manifest`, `ura:validate-ledger-mapping`, `ura:writer:ledger`, `ura:writer:settlement`, `ura:profile-hash`, `ura:validate-closure`, `ura:keccak`, `ura:smoke`; `URA_STRICT_CLOSURE` / Gitea `vars.URA_STRICT_CLOSURE`; `smom-dbis-138/contracts/universal-resource/PolicyProfileRegistry.sol` (scoped forge test); Phoenix `PUBLIC_V1_NO_PARTNER_KEY_PATHS` |
| Multi-jurisdiction compliance (matrices, onboarding) | `docs/04-configuration/compliance-matrices/README.md`, `INSTITUTION_ONBOARDING_CHARTER.md`, `INSTITUTION_ONBOARDING_PLAYBOOK.md`, `docs/04-configuration/jurisdictions/JURISDICTION_CATALOG.md`, `config/jurisdictions/catalog.v1.json`, `docs/dbis-rail/DBIS_RAIL_JURISDICTION_TRACEABILITY.md`, `docs/03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md` |
| cXAUC/cXAUT unit | 1 full token = 1 troy oz Au — `docs/11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md` (section 5.1) |
| PMM mesh 6s tick | `smom-dbis-138/scripts/reserve/pmm-mesh-6s-automation.sh``docs/integration/ORACLE_AND_KEEPER_CHAIN138.md` (PMM mesh automation) |
| VMID / IP / FQDN | `docs/04-configuration/ALL_VMIDS_ENDPOINTS.md` |
@@ -18,7 +21,7 @@ Orchestration for Proxmox VE, Chain 138 (`smom-dbis-138/`), explorers, NPMplus,
| Live vs template (read-only SSH) | `bash scripts/verify/audit-proxmox-operational-template.sh` |
| Config validation | `bash scripts/validation/validate-config-files.sh` |
| pnpm lockfile vs workspace (prevents `pnpm outdated` / importer bugs) | `bash scripts/verify/check-pnpm-workspace-lockfile.sh` — also run as **step 1b** in `run-all-validation.sh` |
| CI validation (no LAN) + cW* mesh matrix | `bash scripts/verify/run-all-validation.sh [--skip-genesis]` — same gate as **Gitea** push/PR: `run-all-validation` in `.gitea/workflows/deploy-to-phoenix.yml` (push) and `.gitea/workflows/validate-on-pr.yml` (PR only). Steps: dependencies, **pnpm workspace/lockfile check**, config, cW* mesh (when pair-discovery exists), **`node cross-chain-pmm-lps/scripts/validate-deployment-status.cjs`**, optional genesis. Manual only: `bash scripts/verify/build-cw-mesh-deployment-matrix.sh [--json-out …]` |
| CI validation (no LAN) + cW* mesh matrix | `bash scripts/verify/run-all-validation.sh [--skip-genesis]` — same gate as **Gitea** push/PR: `run-all-validation` in `.gitea/workflows/deploy-to-phoenix.yml` (push) and `.gitea/workflows/validate-on-pr.yml` (PR only). After deploy, optional **Cloudflare** `cloudflare-sync` (Phoenix + `PHOENIX_REPO_ROOT`; set `PHOENIX_CLOUDFLARE_SYNC=1` on that host) via `scripts/deployment/gitea-cloudflare-sync.sh`. Steps: dependencies, **pnpm workspace/lockfile check**, config, cW* mesh (when pair-discovery exists), **`node cross-chain-pmm-lps/scripts/validate-deployment-status.cjs`**, optional genesis. Manual only: `bash scripts/verify/build-cw-mesh-deployment-matrix.sh [--json-out …]` |
| FQDN / NPM E2E verifier | `bash scripts/verify/verify-end-to-end-routing.sh --profile=public` — inventory: `docs/04-configuration/E2E_ENDPOINTS_LIST.md`. Gitea Actions URLs (no API): `bash scripts/verify/print-gitea-actions-urls.sh` |
| Submodule trees clean (CI / post-merge) | `bash scripts/verify/submodules-clean.sh` |
| Submodule + explorer remotes | `docs/00-meta/SUBMODULE_HYGIENE.md``mcp-proxmox` uses **Gitea** `https://gitea.d-bis.org/d-bis/mcp-proxmox.git` (not the old GitHub-only URL). `cross-chain-pmm-lps-publish` is a **worktree** of `cross-chain-pmm-lps`, not a submodule. |
@@ -35,6 +38,7 @@ Orchestration for Proxmox VE, Chain 138 (`smom-dbis-138/`), explorers, NPMplus,
| Etherscan Value $0 for Mainnet `cW*` | Listing path (CoinGecko/CMC), not a contract toggle — `docs/04-configuration/coingecko/ETHERSCAN_USD_VALUE_MAINNET_TOKENS.md` |
| Verify contracts on explorers (all networks) | `cd smom-dbis-138 && ./scripts/deployment/verify-all-networks-explorers.sh` — Blockscout 138, Etherscan + multichain `cW*`, Avax/Arb bridges, optional Cronos/Wemix/CCIPLogger |
| Operator (LAN + secrets) | `./scripts/run-all-operator-tasks-from-lan.sh` (use `--skip-backup` if `NPM_PASSWORD` unset; backup also needs `NPM_EMAIL` in `.env`) |
| Remote SSH to dev VM (5700 / `192.168.11.59`) for runner & deploy API | [docs/04-configuration/DEV_VM_SSH_REMOTE_ACCESS.md](docs/04-configuration/DEV_VM_SSH_REMOTE_ACCESS.md) (Cloudflare Access + tunnel, or UDM allowlist) |
| Cloudflare bulk DNS → `PUBLIC_IP` | `./scripts/update-all-dns-to-public-ip.sh` — use **`--dry-run`** and **`--zone-only=sankofa.nexus`** (or `d-bis.org` / `mim4u.org` / `defi-oracle.io`) to limit scope; see script header. Prefer scoped **`CLOUDFLARE_API_TOKEN`** (see `.env.master.example`). |
## Git submodules

2
atomic-swap-dapp

Submodule atomic-swap-dapp updated: cf1da27545...44a731b606

4
config/aggregator-route-matrix.csv
View File

@@ -20,5 +20,5 @@ liveBridgeRoute,138-WETH-25-ccip,live,bridge,138,25,WETH,0xC02aaA39b223FE8D0A0e5
liveBridgeRoute,138-WETH-42220-ccip,live,bridge,138,42220,WETH,0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2,WETH,0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2,,CCIP,0xcacfd227A040002e49e2e01626363071324f820a,LiFi,,,,
liveBridgeRoute,138-WETH-651940-alltra,live,bridge,138,651940,WETH,0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2,WETH,0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2,,ALT,0x66FEBA2fC9a0B47F26DD4284DAd24F970436B8Dc,LiFi,,,,
liveBridgeRoute,138-WETH10-1-ccip,live,bridge,138,1,WETH10,0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9f,WETH10,0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9f,,CCIP,0xe0E93247376aa097dB308B92e6Ba36bA015535D0,LiFi,,,,
blockedOrPlannedRoute,651940-public-dex-routes,planned,swap,651940,651940,,,,,,,,,,,,Uniswap V2/V3 and DODO are env placeholders only; no pool addresses are documented in-repo.
blockedOrPlannedRoute,138-weth-1111-ccip,planned,bridge,138,1111,,,,,,,,,,,,"Wemix bridge contracts are deployed and destinations are wired, but the 1111 bridge contracts still hold zero LINK and the lane has not been proven by a successful test transfer."
blockedOrPlannedRoute,651940-public-dex-routes,planned,swap,651940,651940,,,,,,,,,,,,Alltra same-chain settlement remains documentation-only: no deployed PMM or Uniswap venue inventory is published in canonical deployment status, and HYDX/AlltraDEX router-factory-pool addresses are still not committed in-repo.
blockedOrPlannedRoute,138-weth-1111-ccip,planned,bridge,138,1111,,,,,,,,,,,,"Wemix bridge contracts are deployed and destinations are wired, but the current Chain 138 CCIP router still rejects the Wemix selector with `CCIPRouter: chain not supported`; the WEMIX-side LINK balances are also zero and no successful proof transfer has been recorded."
1 kind routeId status routeType fromChainId toChainId tokenInSymbol tokenInAddress tokenOutSymbol tokenOutAddress hopCount bridgeType bridgeAddress aggregatorFamilies tags intermediateSymbols legRefs notesOrReason
20 liveBridgeRoute 138-WETH-42220-ccip live bridge 138 42220 WETH 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2 WETH 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2 CCIP 0xcacfd227A040002e49e2e01626363071324f820a LiFi
21 liveBridgeRoute 138-WETH-651940-alltra live bridge 138 651940 WETH 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2 WETH 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2 ALT 0x66FEBA2fC9a0B47F26DD4284DAd24F970436B8Dc LiFi
22 liveBridgeRoute 138-WETH10-1-ccip live bridge 138 1 WETH10 0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9f WETH10 0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9f CCIP 0xe0E93247376aa097dB308B92e6Ba36bA015535D0 LiFi
23 blockedOrPlannedRoute 651940-public-dex-routes planned swap 651940 651940 Uniswap V2/V3 and DODO are env placeholders only; no pool addresses are documented in-repo. Alltra same-chain settlement remains documentation-only: no deployed PMM or Uniswap venue inventory is published in canonical deployment status
24 blockedOrPlannedRoute 138-weth-1111-ccip planned bridge 138 1111 Wemix bridge contracts are deployed and destinations are wired, but the 1111 bridge contracts still hold zero LINK and the lane has not been proven by a successful test transfer. Wemix bridge contracts are deployed and destinations are wired, but the current Chain 138 CCIP router still rejects the Wemix selector with `CCIPRouter: chain not supported`; the WEMIX-side LINK balances are also zero and no successful proof transfer has been recorded.

5
config/besu-node-lists/permissions-nodes.toml
View File

@@ -1,6 +1,6 @@
# Node Permissioning — SINGLE SOURCE OF TRUTH for all Besu nodes
# Must match config/besu-node-lists/static-nodes.json and be deployed to every node.
# Generated by scripts/besu/collect-enodes-from-all-besu-nodes.sh — 34 enodes (incl. Putu RPC 2307/2308 .237/.238).
# Generated by scripts/besu/collect-enodes-from-all-besu-nodes.sh — 37 enodes after live adds of 2103 (.217), 1509 (.219), and 1510 (.220).
nodes-allowlist=[
"enode://2221dd9fc65c9082d4a937832cba9f6759981888df6798407c390bd153f4332c152ea5d03dd9d9cda74d7990fb3479a5c4ba7166269322be9790eed9ebdcfe24@192.168.11.100:30303",
@@ -17,8 +17,11 @@ nodes-allowlist=[
"enode://5f048208071f2a3036128433e1e4a647a7683abd8bc0f27d063e2933ced983accdfc44998666f3be711e4eff27511142d9989775b86cdbe28c79b74409fc36bb@192.168.11.214:30303",
"enode://8da1b586e2e98f521f07148d3bb5d81fde151ce3d5738b51bc36e2c81de1aaa5404ce31e991b4393bbe471934f0a9a31f78d1d7c17c1899c3e2dde5e9f16eb24@192.168.11.244:30303",
"enode://acd46d31913b8379f075467cd88d2ea650d33474d2f9546426da4a414fe92233584c9d8c2e1ea9962fa4257c20b66c9434d0488e51c632f285205d6a379cfbd6@192.168.11.245:30303",
"enode://8a3337adcc2d177caf3aee26b3b6077d9adf126c580e12f352743ca07828f056ceb1d5fb1a06287e2dbbe19043fcc4b9bdd2ca9ae2a2c9142cf0cc3a549bfc68@192.168.11.219:30303",
"enode://09fe518689c54a34c3dac8aebf3c94bfc390f4bae143a80c57d92a502414df0689d12a2243ff9376c2f44a419894d934b4f47783ced31ea9668522078854e58f@192.168.11.220:30303",
"enode://6cdc892fa09afa2b05c21cc9a1193a86cf0d195ce81b02a270d8bb987f78ca98ad90d907670796c90fc6e4eaf3b4cae6c0c15871e2564de063beceb4bbfc6532@192.168.11.211:30303",
"enode://e53713bb77ad9f39e8a04b9c82aadddd3449220167f546bca8e9f36f6ebf60ae003e48ac293790e2bd7b0aca382777db9eca61d6f048c04f9dbe65eedb79d893@192.168.11.212:30303?discport=0",
"enode://e871ff3b1f58b9a87122e552b2404e1893bf92ae74d4fa6bc2bd002d0350c506ea452f4aefa1a3497ef32694c4beb48bf8a006d2b82f57649c90b22f59044aad@192.168.11.217:30303?discport=0",
"enode://07daf3d64079faa3982bc8be7aa86c24ef21eca4565aae4a7fd963c55c728de0639d80663834634edf113b9f047d690232ae23423c64979961db4b6449aa6dfd@192.168.11.221:30303",
"enode://868bd957d6d887944deac0190161a3db7d1316a022e40a2383d5c334aa3fb8bc7ca36f165b6fb377b77d202fec46f3840f2f659b6a47807b7ce9b944b8382f10@192.168.11.232:30303",
"enode://688f271d94c7995600ae36d25aa2fb92fea0c52e50e86c598be8966515458c1408b67fba76e1f771073e4774a6e399588443da63394ea25d56e6ca36f2288e00@192.168.11.233:30303",

3
config/besu-node-lists/static-nodes.json
View File

@@ -13,8 +13,11 @@
"enode://5f048208071f2a3036128433e1e4a647a7683abd8bc0f27d063e2933ced983accdfc44998666f3be711e4eff27511142d9989775b86cdbe28c79b74409fc36bb@192.168.11.214:30303",
"enode://8da1b586e2e98f521f07148d3bb5d81fde151ce3d5738b51bc36e2c81de1aaa5404ce31e991b4393bbe471934f0a9a31f78d1d7c17c1899c3e2dde5e9f16eb24@192.168.11.244:30303",
"enode://acd46d31913b8379f075467cd88d2ea650d33474d2f9546426da4a414fe92233584c9d8c2e1ea9962fa4257c20b66c9434d0488e51c632f285205d6a379cfbd6@192.168.11.245:30303",
"enode://8a3337adcc2d177caf3aee26b3b6077d9adf126c580e12f352743ca07828f056ceb1d5fb1a06287e2dbbe19043fcc4b9bdd2ca9ae2a2c9142cf0cc3a549bfc68@192.168.11.219:30303",
"enode://09fe518689c54a34c3dac8aebf3c94bfc390f4bae143a80c57d92a502414df0689d12a2243ff9376c2f44a419894d934b4f47783ced31ea9668522078854e58f@192.168.11.220:30303",
"enode://6cdc892fa09afa2b05c21cc9a1193a86cf0d195ce81b02a270d8bb987f78ca98ad90d907670796c90fc6e4eaf3b4cae6c0c15871e2564de063beceb4bbfc6532@192.168.11.211:30303",
"enode://e53713bb77ad9f39e8a04b9c82aadddd3449220167f546bca8e9f36f6ebf60ae003e48ac293790e2bd7b0aca382777db9eca61d6f048c04f9dbe65eedb79d893@192.168.11.212:30303?discport=0",
"enode://e871ff3b1f58b9a87122e552b2404e1893bf92ae74d4fa6bc2bd002d0350c506ea452f4aefa1a3497ef32694c4beb48bf8a006d2b82f57649c90b22f59044aad@192.168.11.217:30303?discport=0",
"enode://07daf3d64079faa3982bc8be7aa86c24ef21eca4565aae4a7fd963c55c728de0639d80663834634edf113b9f047d690232ae23423c64979961db4b6449aa6dfd@192.168.11.221:30303",
"enode://868bd957d6d887944deac0190161a3db7d1316a022e40a2383d5c334aa3fb8bc7ca36f165b6fb377b77d202fec46f3840f2f659b6a47807b7ce9b944b8382f10@192.168.11.232:30303",
"enode://688f271d94c7995600ae36d25aa2fb92fea0c52e50e86c598be8966515458c1408b67fba76e1f771073e4774a6e399588443da63394ea25d56e6ca36f2288e00@192.168.11.233:30303",

166
config/dbis-ecosystem-master-plan-tracker.json Normal file
View File

@@ -0,0 +1,166 @@
{
"schemaVersion": "1.0.0",
"updated": "2026-04-24",
"canonicalRootDoc": "docs/02-architecture/DBIS_ECOSYSTEM_TECHNICAL_MASTER_PLAN.md",
"workstreams": [
{
"id": "W1",
"title": "Besu / Chain 138 infrastructure and RPC topology",
"status": "live",
"horizon": "near_term",
"ownerClass": "mixed",
"dependsOn": [],
"sourceDocs": [
"docs/06-besu/BESU_NODE_CONFIGURATION_MAP_20260424.md",
"dbis_chain_138_technical_master_plan.md",
"docs/03-deployment/PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md"
],
"acceptanceGate": "Canonical Besu inventory reconciled across all active cluster hosts, block production healthy, and no unexplained canonical node gaps remain.",
"evidenceArtifact": "scripts/verify/check-cluster-besu-inventory.sh --json"
},
{
"id": "W2",
"title": "Liquidity, PMM, bridge, and public routing coverage",
"status": "partially live",
"horizon": "near_term",
"ownerClass": "mixed",
"dependsOn": [
"W1"
],
"sourceDocs": [
"docs/11-references/DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md",
"docs/11-references/DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md",
"reports/status/LIVE_ECOSYSTEM_FINANCIAL_INVENTORY_AND_ROUTING_GAPS_20260424.md"
],
"acceptanceGate": "Machine-readable route coverage is current and can distinguish live, partial, and blocked routing paths for stablecoins and top assets.",
"evidenceArtifact": "config/public-routing-coverage-matrix.json"
},
{
"id": "W3",
"title": "Phoenix deploy/control-plane integration",
"status": "partially live",
"horizon": "near_term",
"ownerClass": "mixed",
"dependsOn": [
"W1",
"W2",
"W4"
],
"sourceDocs": [
"docs/04-configuration/PHOENIX_SANKOFA_OPERATOR_HANDOFF.md",
"docs/02-architecture/DBIS_ECOSYSTEM_TECHNICAL_MASTER_PLAN.md"
],
"acceptanceGate": "Phoenix deploy/control APIs expose current canonical manifests and validated deploy targets without drifting from repo truth.",
"evidenceArtifact": "scripts/validation/validate-config-files.sh"
},
{
"id": "W4",
"title": "URA manifest, policy profiles, registry, and route confidence",
"status": "repo-implemented",
"horizon": "near_term",
"ownerClass": "repo",
"dependsOn": [
"W2",
"W3"
],
"sourceDocs": [
"docs/04-configuration/universal-resource-activation/URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md",
"docs/04-configuration/universal-resource-activation/README.md",
"config/universal-resource-activation/manifest.json"
],
"acceptanceGate": "URA manifest and policy profiles validate, registry references are coherent, and route-confidence can be produced as a first-class control-plane artifact.",
"evidenceArtifact": "scripts/validate/validate-universal-resource-activation.mjs"
},
{
"id": "W5",
"title": "DBIS RTGS / DBIS Rail / OMNL / settlement sidecars",
"status": "partially live",
"horizon": "near_term",
"ownerClass": "mixed",
"dependsOn": [
"W4",
"W6"
],
"sourceDocs": [
"docs/03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md",
"docs/dbis-rail/DBIS_RAIL_SETTLEMENT_EVENT_SOURCES.md",
"docs/03-deployment/DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md"
],
"acceptanceGate": "First-slice settlement boundaries, event sources, custody roles, and sidecar responsibilities are explicit enough for production gating.",
"evidenceArtifact": "docs/03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md"
},
{
"id": "W6",
"title": "Jurisdiction/compliance and onboarding matrices",
"status": "repo-implemented",
"horizon": "near_term",
"ownerClass": "repo",
"dependsOn": [
"W4"
],
"sourceDocs": [
"docs/04-configuration/compliance-matrices/README.md",
"docs/04-configuration/jurisdictions/JURISDICTION_CATALOG.md",
"docs/dbis-rail/DBIS_RAIL_JURISDICTION_TRACEABILITY.md"
],
"acceptanceGate": "Jurisdiction and onboarding matrices are machine-readable enough to gate policy profiles and institutional activation paths.",
"evidenceArtifact": "config/jurisdictions/catalog.v1.json"
},
{
"id": "W7",
"title": "Identity / Hyperledger / interoperability stack",
"status": "planned",
"horizon": "long_term",
"ownerClass": "external",
"dependsOn": [
"W5",
"W6"
],
"sourceDocs": [
"docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md",
"docs/03-deployment/DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md"
],
"acceptanceGate": "Identity and interoperability slices have explicit runtime ownership, promotion gates, and environment-specific deployment decisions.",
"evidenceArtifact": "docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md"
},
{
"id": "W8",
"title": "Observability, verification, evidence, and operator readiness",
"status": "live",
"horizon": "near_term",
"ownerClass": "mixed",
"dependsOn": [
"W1",
"W2",
"W3",
"W4",
"W5",
"W6"
],
"sourceDocs": [
"docs/00-meta/OPERATOR_HANDOFF_2026_04_24.md",
"docs/00-meta/OPERATOR_READY_CHECKLIST.md",
"docs/04-configuration/universal-resource-activation/URA_OPERATIONAL_READINESS_CHECKLIST.md"
],
"acceptanceGate": "Validation, health, and operator readiness outputs are current enough to act as production gates rather than ad hoc references.",
"evidenceArtifact": "scripts/verify/run-all-validation.sh"
}
],
"blockedBy": [
{
"id": "B1",
"class": "external",
"description": "Some institutional integrations, custody counterparties, and settlement-sidecar dependencies cannot be closed from repo-only work."
},
{
"id": "B2",
"class": "external",
"description": "Some public-network expansion lanes remain constrained by third-party bridge, exchange, or destination-liquidity realities."
},
{
"id": "B3",
"class": "operator",
"description": "Operator promotion of URA, sidecar, and policy-aware runtime slices still trails repo implementation in several areas."
}
]
}

52
config/generated-node-configs/config-1500.toml Normal file
View File

@@ -0,0 +1,52 @@
# Besu Configuration for besu-sentry-1 (VMID: 1500)
# Generated baseline sentry config promoted into first-class repo coverage.
data-path="/data/besu"
genesis-file=""
# Network
network-id=138
p2p-host="192.168.11.150"
p2p-port=30303
max-peers=32
discovery-enabled=true
# RPC
rpc-http-enabled=true
rpc-http-host="0.0.0.0"
rpc-http-port=8545
rpc-http-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
rpc-http-cors-origins=["*"]
rpc-http-api-enable-unsafe-txsigning=true
rpc-ws-enabled=true
rpc-ws-host="0.0.0.0"
rpc-ws-port=8546
rpc-ws-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
# GraphQL
graphql-http-enabled=true
graphql-http-host="0.0.0.0"
graphql-http-port=8547
# Metrics
metrics-enabled=true
metrics-host="0.0.0.0"
metrics-port=9545
# Logging
logging="INFO"
log-destination="CONSOLE"
# Sync
sync-mode="FULL"
fast-sync-min-peers=2
# Privacy
privacy-enabled=false
# Mining
miner-enabled=false
# QBFT
qbft-enabled=true

52
config/generated-node-configs/config-1501.toml Normal file
View File

@@ -0,0 +1,52 @@
# Besu Configuration for besu-sentry-2 (VMID: 1501)
# Generated baseline sentry config promoted into first-class repo coverage.
data-path="/data/besu"
genesis-file=""
# Network
network-id=138
p2p-host="192.168.11.151"
p2p-port=30303
max-peers=32
discovery-enabled=true
# RPC
rpc-http-enabled=true
rpc-http-host="0.0.0.0"
rpc-http-port=8545
rpc-http-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
rpc-http-cors-origins=["*"]
rpc-http-api-enable-unsafe-txsigning=true
rpc-ws-enabled=true
rpc-ws-host="0.0.0.0"
rpc-ws-port=8546
rpc-ws-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
# GraphQL
graphql-http-enabled=true
graphql-http-host="0.0.0.0"
graphql-http-port=8547
# Metrics
metrics-enabled=true
metrics-host="0.0.0.0"
metrics-port=9545
# Logging
logging="INFO"
log-destination="CONSOLE"
# Sync
sync-mode="FULL"
fast-sync-min-peers=2
# Privacy
privacy-enabled=false
# Mining
miner-enabled=false
# QBFT
qbft-enabled=true

52
config/generated-node-configs/config-1502.toml Normal file
View File

@@ -0,0 +1,52 @@
# Besu Configuration for besu-sentry-3 (VMID: 1502)
# Generated baseline sentry config promoted into first-class repo coverage.
data-path="/data/besu"
genesis-file=""
# Network
network-id=138
p2p-host="192.168.11.152"
p2p-port=30303
max-peers=32
discovery-enabled=true
# RPC
rpc-http-enabled=true
rpc-http-host="0.0.0.0"
rpc-http-port=8545
rpc-http-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
rpc-http-cors-origins=["*"]
rpc-http-api-enable-unsafe-txsigning=true
rpc-ws-enabled=true
rpc-ws-host="0.0.0.0"
rpc-ws-port=8546
rpc-ws-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
# GraphQL
graphql-http-enabled=true
graphql-http-host="0.0.0.0"
graphql-http-port=8547
# Metrics
metrics-enabled=true
metrics-host="0.0.0.0"
metrics-port=9545
# Logging
logging="INFO"
log-destination="CONSOLE"
# Sync
sync-mode="FULL"
fast-sync-min-peers=2
# Privacy
privacy-enabled=false
# Mining
miner-enabled=false
# QBFT
qbft-enabled=true

52
config/generated-node-configs/config-1503.toml Normal file
View File

@@ -0,0 +1,52 @@
# Besu Configuration for besu-sentry-4 (VMID: 1503)
# Generated baseline sentry config promoted into first-class repo coverage.
data-path="/data/besu"
genesis-file=""
# Network
network-id=138
p2p-host="192.168.11.153"
p2p-port=30303
max-peers=32
discovery-enabled=true
# RPC
rpc-http-enabled=true
rpc-http-host="0.0.0.0"
rpc-http-port=8545
rpc-http-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
rpc-http-cors-origins=["*"]
rpc-http-api-enable-unsafe-txsigning=true
rpc-ws-enabled=true
rpc-ws-host="0.0.0.0"
rpc-ws-port=8546
rpc-ws-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
# GraphQL
graphql-http-enabled=true
graphql-http-host="0.0.0.0"
graphql-http-port=8547
# Metrics
metrics-enabled=true
metrics-host="0.0.0.0"
metrics-port=9545
# Logging
logging="INFO"
log-destination="CONSOLE"
# Sync
sync-mode="FULL"
fast-sync-min-peers=2
# Privacy
privacy-enabled=false
# Mining
miner-enabled=false
# QBFT
qbft-enabled=true

52
config/generated-node-configs/config-1504.toml Normal file
View File

@@ -0,0 +1,52 @@
# Besu Configuration for besu-sentry-ali (VMID: 1504)
# Generated baseline sentry config promoted into first-class repo coverage.
data-path="/data/besu"
genesis-file=""
# Network
network-id=138
p2p-host="192.168.11.154"
p2p-port=30303
max-peers=32
discovery-enabled=true
# RPC
rpc-http-enabled=true
rpc-http-host="0.0.0.0"
rpc-http-port=8545
rpc-http-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
rpc-http-cors-origins=["*"]
rpc-http-api-enable-unsafe-txsigning=true
rpc-ws-enabled=true
rpc-ws-host="0.0.0.0"
rpc-ws-port=8546
rpc-ws-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
# GraphQL
graphql-http-enabled=true
graphql-http-host="0.0.0.0"
graphql-http-port=8547
# Metrics
metrics-enabled=true
metrics-host="0.0.0.0"
metrics-port=9545
# Logging
logging="INFO"
log-destination="CONSOLE"
# Sync
sync-mode="FULL"
fast-sync-min-peers=2
# Privacy
privacy-enabled=false
# Mining
miner-enabled=false
# QBFT
qbft-enabled=true

3
config/generated-node-configs/config-1507.toml
View File

@@ -8,7 +8,7 @@ genesis-file=""
network-id=138
p2p-host="192.168.11.244"
p2p-port=30303
max-peers=32
max-peers=40
discovery-enabled=true
# RPC
@@ -40,6 +40,7 @@ log-destination="CONSOLE"
# Sync
sync-mode="FULL"
tx-pool-max-future-by-sender=1
fast-sync-min-peers=2
# Privacy

3
config/generated-node-configs/config-1508.toml
View File

@@ -8,7 +8,7 @@ genesis-file=""
network-id=138
p2p-host="192.168.11.245"
p2p-port=30303
max-peers=32
max-peers=40
discovery-enabled=true
# RPC
@@ -40,6 +40,7 @@ log-destination="CONSOLE"
# Sync
sync-mode="FULL"
tx-pool-max-future-by-sender=1
fast-sync-min-peers=2
# Privacy

53
config/generated-node-configs/config-1509.toml Normal file
View File

@@ -0,0 +1,53 @@
# Besu Configuration for besu-sentry-thirdweb-01 (VMID: 1509)
# Generated canonical per-node config for promoted sentry inventory.
data-path="/data/besu"
genesis-file=""
# Network
network-id=138
p2p-host="192.168.11.219"
p2p-port=30303
max-peers=40
discovery-enabled=true
# RPC
rpc-http-enabled=true
rpc-http-host="0.0.0.0"
rpc-http-port=8545
rpc-http-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
rpc-http-cors-origins=["*"]
rpc-http-api-enable-unsafe-txsigning=true
rpc-ws-enabled=true
rpc-ws-host="0.0.0.0"
rpc-ws-port=8546
rpc-ws-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
# GraphQL
graphql-http-enabled=true
graphql-http-host="0.0.0.0"
graphql-http-port=8547
# Metrics
metrics-enabled=true
metrics-host="0.0.0.0"
metrics-port=9545
# Logging
logging="INFO"
log-destination="CONSOLE"
# Sync
sync-mode="FULL"
tx-pool-max-future-by-sender=1
fast-sync-min-peers=2
# Privacy
privacy-enabled=false
# Mining
miner-enabled=false
# QBFT
qbft-enabled=true

53
config/generated-node-configs/config-1510.toml Normal file
View File

@@ -0,0 +1,53 @@
# Besu Configuration for besu-sentry-thirdweb-02 (VMID: 1510)
# Generated canonical per-node config for promoted sentry inventory.
data-path="/data/besu"
genesis-file=""
# Network
network-id=138
p2p-host="192.168.11.220"
p2p-port=30303
max-peers=40
discovery-enabled=true
# RPC
rpc-http-enabled=true
rpc-http-host="0.0.0.0"
rpc-http-port=8545
rpc-http-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
rpc-http-cors-origins=["*"]
rpc-http-api-enable-unsafe-txsigning=true
rpc-ws-enabled=true
rpc-ws-host="0.0.0.0"
rpc-ws-port=8546
rpc-ws-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
# GraphQL
graphql-http-enabled=true
graphql-http-host="0.0.0.0"
graphql-http-port=8547
# Metrics
metrics-enabled=true
metrics-host="0.0.0.0"
metrics-port=9545
# Logging
logging="INFO"
log-destination="CONSOLE"
# Sync
sync-mode="FULL"
tx-pool-max-future-by-sender=1
fast-sync-min-peers=2
# Privacy
privacy-enabled=false
# Mining
miner-enabled=false
# QBFT
qbft-enabled=true

4
config/generated-node-configs/config-2500.toml
View File

@@ -9,8 +9,8 @@ genesis-file=""
network-id=138
p2p-host="192.168.11.172"
p2p-port=30303
max-peers=32
discovery-enabled=true
max-peers=40
discovery-enabled=false
# RPC - Full Function (can deploy contracts, execute writes)
rpc-http-enabled=true

4
config/generated-node-configs/config-2501.toml
View File

@@ -9,8 +9,8 @@ genesis-file=""
network-id=138
p2p-host="192.168.11.173"
p2p-port=30303
max-peers=32
discovery-enabled=true
max-peers=40
discovery-enabled=false
# RPC - Standard Base (read-only, no admin APIs)
rpc-http-enabled=true

4
config/generated-node-configs/config-2502.toml
View File

@@ -9,8 +9,8 @@ genesis-file=""
network-id=138
p2p-host="192.168.11.174"
p2p-port=30303
max-peers=32
discovery-enabled=true
max-peers=40
discovery-enabled=false
# RPC - Standard Base (read-only, no admin APIs)
rpc-http-enabled=true

4
config/generated-node-configs/config-2503.toml
View File

@@ -9,8 +9,8 @@ genesis-file=""
network-id=138
p2p-host="192.168.11.246"
p2p-port=30303
max-peers=32
discovery-enabled=true
max-peers=40
discovery-enabled=false
# RPC - Full Function (can deploy contracts, execute writes)
rpc-http-enabled=true

4
config/generated-node-configs/config-2504.toml
View File

@@ -9,8 +9,8 @@ genesis-file=""
network-id=138
p2p-host="192.168.11.247"
p2p-port=30303
max-peers=32
discovery-enabled=true
max-peers=40
discovery-enabled=false
# RPC - Standard Base (read-only, no admin APIs)
rpc-http-enabled=true

4
config/generated-node-configs/config-2505.toml
View File

@@ -9,8 +9,8 @@ genesis-file=""
network-id=138
p2p-host="192.168.11.248"
p2p-port=30303
max-peers=32
discovery-enabled=true
max-peers=40
discovery-enabled=false
# RPC - Standard Base (read-only, no admin APIs)
rpc-http-enabled=true

16
config/generated-node-configs/service-1500.service Normal file
View File

@@ -0,0 +1,16 @@
[Unit]
Description=Hyperledger Besu
After=network.target
[Service]
Type=simple
User=besu
Group=besu
ExecStart=/opt/besu/bin/besu --config-file=/etc/besu/config.toml
Restart=always
RestartSec=10
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target

16
config/generated-node-configs/service-1501.service Normal file
View File

@@ -0,0 +1,16 @@
[Unit]
Description=Hyperledger Besu
After=network.target
[Service]
Type=simple
User=besu
Group=besu
ExecStart=/opt/besu/bin/besu --config-file=/etc/besu/config.toml
Restart=always
RestartSec=10
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target

16
config/generated-node-configs/service-1502.service Normal file
View File

@@ -0,0 +1,16 @@
[Unit]
Description=Hyperledger Besu
After=network.target
[Service]
Type=simple
User=besu
Group=besu
ExecStart=/opt/besu/bin/besu --config-file=/etc/besu/config.toml
Restart=always
RestartSec=10
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target

16
config/generated-node-configs/service-1503.service Normal file
View File

@@ -0,0 +1,16 @@
[Unit]
Description=Hyperledger Besu
After=network.target
[Service]
Type=simple
User=besu
Group=besu
ExecStart=/opt/besu/bin/besu --config-file=/etc/besu/config.toml
Restart=always
RestartSec=10
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target

16
config/generated-node-configs/service-1504.service Normal file
View File

@@ -0,0 +1,16 @@
[Unit]
Description=Hyperledger Besu
After=network.target
[Service]
Type=simple
User=besu
Group=besu
ExecStart=/opt/besu/bin/besu --config-file=/etc/besu/config.toml
Restart=always
RestartSec=10
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target

16
config/generated-node-configs/service-1509.service Normal file
View File

@@ -0,0 +1,16 @@
[Unit]
Description=Hyperledger Besu
After=network.target
[Service]
Type=simple
User=besu
Group=besu
ExecStart=/opt/besu/bin/besu --config-file=/etc/besu/config.toml
Restart=always
RestartSec=10
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target

16
config/generated-node-configs/service-1510.service Normal file
View File

@@ -0,0 +1,16 @@
[Unit]
Description=Hyperledger Besu
After=network.target
[Service]
Type=simple
User=besu
Group=besu
ExecStart=/opt/besu/bin/besu --config-file=/etc/besu/config.toml
Restart=always
RestartSec=10
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target

6
config/ip-addresses.conf
View File

@@ -77,6 +77,8 @@ BLOCKSCOUT_API_URL="http://${IP_BLOCKSCOUT}:${BLOCKSCOUT_API_PORT}"
FORGE_VERIFIER_PROXY_PORT="${FORGE_VERIFIER_PROXY_PORT:-3080}"
IP_NPMPLUS="192.168.11.167"
IP_NPMPLUS_SECONDARY="192.168.11.168"
# Proxmox Mail Gateway (LXC 100, VMID 100) — PMG web UI; SMTP 25/587 on same host
IP_PMG="${IP_PMG:-192.168.11.32}"
IP_NGINX_LEGACY="192.168.11.26"
IP_ORDER_OPENSEARCH="192.168.11.48"
IP_ORDER_HAPROXY="192.168.11.39"
@@ -169,6 +171,10 @@ PUBLIC_IP_MIFOS="76.53.10.41"
# DApp LXC (VMID 5801) — frontend-dapp for Chain 138 bridge. See docs/03-deployment/DAPP_LXC_DEPLOYMENT.md; E2E: tunnel + NPMplus dapp.d-bis.org
IP_DAPP_LXC="192.168.11.58"
# CurrenciCombo Phoenix CT (VMID 8604) on r630-01 — internal Phoenix app deployment on VLAN 160
IP_CURRENCICOMBO_PHOENIX="${IP_CURRENCICOMBO_PHOENIX:-10.160.0.14}"
CURRENCICOMBO_PHOENIX_VMID="${CURRENCICOMBO_PHOENIX_VMID:-8604}"
# Phoenix / Sankofa public edge (NPMplus → CT 7800 API, 7801 portal). Legacy scripts use IP_SERVICE_50 / IP_SERVICE_51.
# SolaceScanScout / Blockscout is IP_BLOCKSCOUT:80 — do NOT point sankofa.nexus or phoenix.sankofa.nexus there.
IP_SERVICE_50="${IP_SERVICE_50:-192.168.11.50}"

44
config/jurisdictions/catalog.v1.json Normal file
View File

@@ -0,0 +1,44 @@
{
"schemaVersion": "1.0.0",
"updatedAt": "2026-04-25T18:00:00Z",
"description": "Canonical jurisdiction catalog for multi-institution onboarding. Add rows as jurisdictions are formally in-scope. Legal review required before marking status production_ready.",
"jurisdictions": [
{
"id": "ID",
"label": "Indonesia",
"governingLawNote": "Indonesian law; BI and sector regulators — detail in compliance matrix, not legal advice.",
"regulatorsNote": "Bank Indonesia (BI); OJK where applicable — confirm with counsel.",
"activitiesInScope": ["payments_omnl", "server_funds_treasury", "rtgs_sidecars", "chain138_settlement_evidence"],
"activitiesExcluded": ["generic_securities_issuance_unless_scoped"],
"complianceMatrixPath": "docs/04-configuration/compliance-matrices/ID-INDONESIA/banking_v1.md",
"status": "pilot_ready",
"policyProfileIdsReferenced": [
"institutional_custody_skr_v1",
"server_funds_treasury_v1",
"infra_capacity_ops_v1"
]
},
{
"id": "GENERIC-COMMON-LAW-STUB",
"label": "Generic common-law banking stub (template)",
"governingLawNote": "Illustrative only — replace with real jurisdiction before production.",
"regulatorsNote": "Placeholder — no regulator list.",
"activitiesInScope": ["template_process_only"],
"activitiesExcluded": ["all_production_until_replaced"],
"complianceMatrixPath": "docs/04-configuration/compliance-matrices/GENERIC-COMMON-LAW-STUB/banking_v1.md",
"status": "template_only",
"policyProfileIdsReferenced": []
},
{
"id": "US-DELAWARE-CORP-STUB",
"label": "US Delaware corporate stub (draft second jurisdiction)",
"governingLawNote": "Illustrative corporate/treasury stub — not legal advice; replace with real federal/state matrix.",
"regulatorsNote": "Placeholder.",
"activitiesInScope": ["draft_matrix_training_only"],
"activitiesExcluded": ["all_production_until_replaced"],
"complianceMatrixPath": "docs/04-configuration/compliance-matrices/US-DELAWARE-CORP-STUB/banking_v1.md",
"status": "draft",
"policyProfileIdsReferenced": []
}
]
}

2
config/master-permissioned-nodes.json
View File

@@ -18,6 +18,8 @@
"enode://17413a9ab0f570c72e9d7d511a856cd5b5abb58b70d0b9635524220a5354ee275429bf5d630025dbbb0d67c6ae24510e6560bf8b38a7e226e24a00cd181d6ae6@192.168.11.174:30303",
"enode://ab7f104acbcb254ced2653122f80b2c93b541467edc8f5b4bc90c4d3794cbbb1b2cbea69f9fe5e89f848e46a158e6ce45d76901e64801669321ce62172048eb8@192.168.11.244:30303",
"enode://237e27eb3a8738189e266615e7d613da18f86018a76080e18dbb9856baeab6454b1aebff889bc0790f2d791dd277121ee76a4fc0a0d1bc1001c2811b42518618@192.168.11.245:30303",
"enode://8a3337adcc2d177caf3aee26b3b6077d9adf126c580e12f352743ca07828f056ceb1d5fb1a06287e2dbbe19043fcc4b9bdd2ca9ae2a2c9142cf0cc3a549bfc68@192.168.11.219:30303",
"enode://09fe518689c54a34c3dac8aebf3c94bfc390f4bae143a80c57d92a502414df0689d12a2243ff9376c2f44a419894d934b4f47783ced31ea9668522078854e58f@192.168.11.220:30303",
"enode://89570ba8882ea1d383afb97d0d82eb3cf5d0c5fec7ae2acfe39487e5335ee91c36cd4b5e9aa05110d99b51a16b869f7531e6f89ec63476cba7f928356c437348@192.168.11.246:30303",
"enode://0fdbda7b6916973e598b7c9ff6e4e2da6f8bcce2ca46bb11c58368a9fbcfcb303a4955a563b2f71a51a813abeed3b44da220ad1488d19c9483f733548a7b7765@192.168.11.247:30303",
"enode://0c710ae1e4eaf7ee9d375c404798625c5165e1699a24aedadcfb69fa8fcde41c822d3576b1a180c3251aeba9782ceb43cb32c300c4e1a205905728d72b94cfe9@192.168.11.248:30303",

2
config/master-static-nodes.json
View File

@@ -18,6 +18,8 @@
"enode://17413a9ab0f570c72e9d7d511a856cd5b5abb58b70d0b9635524220a5354ee275429bf5d630025dbbb0d67c6ae24510e6560bf8b38a7e226e24a00cd181d6ae6@192.168.11.174:30303",
"enode://ab7f104acbcb254ced2653122f80b2c93b541467edc8f5b4bc90c4d3794cbbb1b2cbea69f9fe5e89f848e46a158e6ce45d76901e64801669321ce62172048eb8@192.168.11.244:30303",
"enode://237e27eb3a8738189e266615e7d613da18f86018a76080e18dbb9856baeab6454b1aebff889bc0790f2d791dd277121ee76a4fc0a0d1bc1001c2811b42518618@192.168.11.245:30303",
"enode://8a3337adcc2d177caf3aee26b3b6077d9adf126c580e12f352743ca07828f056ceb1d5fb1a06287e2dbbe19043fcc4b9bdd2ca9ae2a2c9142cf0cc3a549bfc68@192.168.11.219:30303",
"enode://09fe518689c54a34c3dac8aebf3c94bfc390f4bae143a80c57d92a502414df0689d12a2243ff9376c2f44a419894d934b4f47783ced31ea9668522078854e58f@192.168.11.220:30303",
"enode://89570ba8882ea1d383afb97d0d82eb3cf5d0c5fec7ae2acfe39487e5335ee91c36cd4b5e9aa05110d99b51a16b869f7531e6f89ec63476cba7f928356c437348@192.168.11.246:30303",
"enode://0fdbda7b6916973e598b7c9ff6e4e2da6f8bcce2ca46bb11c58368a9fbcfcb303a4955a563b2f71a51a813abeed3b44da220ad1488d19c9483f733548a7b7765@192.168.11.247:30303",
"enode://0c710ae1e4eaf7ee9d375c404798625c5165e1699a24aedadcfb69fa8fcde41c822d3576b1a180c3251aeba9782ceb43cb32c300c4e1a205905728d72b94cfe9@192.168.11.248:30303",

61
config/proxmox-operational-template.json
View File

@@ -47,6 +47,20 @@
"role": "firefly_npmplus_secondary_mim4u_mifos_support",
"ui_url": "https://192.168.11.12:8006",
"cluster_name": "h"
},
{
"hostname": "r630-03",
"mgmt_ipv4": "192.168.11.13",
"role": "besu_chain138_secondary_rpc_sentry_host",
"ui_url": "https://192.168.11.13:8006",
"cluster_name": "h"
},
{
"hostname": "r630-04",
"mgmt_ipv4": "192.168.11.14",
"role": "besu_chain138_additional_capacity_host",
"ui_url": "https://192.168.11.14:8006",
"cluster_name": "h"
}
],
"cluster_peering": {
@@ -65,7 +79,7 @@
},
"besu_chain138_peering_model": {
"chain_id": 138,
"summary": "Validators (1000\u20131004) \u2194 Sentries (1500\u20131506) \u2194 RPC tier (2101 core, 2201 public, 230x named, 240x thirdweb). Use canonical roles doc for allowed adjacencies and ops.",
"summary": "Validators (1000\u20131004) \u2194 Sentries (1500\u20131510) \u2194 RPC tier (2101,2102,2103 core/admin, 2201 public, 2301,2303\u20132308 named/private, 2400\u20132403 thirdweb, 2500\u20132505 alltra/hybx). Use canonical roles doc for allowed adjacencies and ops.",
"p2p_port_tcp_udp": 30303,
"doc_ref": "docs/02-architecture/CHAIN138_CANONICAL_NETWORK_ROLES_VALIDATORS_SENTRY_AND_RPC.md"
},
@@ -1250,7 +1264,10 @@
"port": 80
}
],
"fqdns": []
"fqdns": [
"tsunamiswap.com",
"app.tsunamiswap.com"
]
},
{
"vmid": 10070,
@@ -1459,7 +1476,41 @@
"vmid": 1508,
"hostname": "besu-sentry-hybx-2",
"ipv4": "192.168.11.245",
"preferred_node": "ml110",
"preferred_node": "r630-04",
"category": "besu_sentry",
"ports": [
{
"port": 30303
},
{
"port": 9545
}
],
"peering_layer": "sentry_boundary",
"fqdns": []
},
{
"vmid": 1509,
"hostname": "besu-sentry-thirdweb-01",
"ipv4": "192.168.11.219",
"preferred_node": "r630-03",
"category": "besu_sentry",
"ports": [
{
"port": 30303
},
{
"port": 9545
}
],
"peering_layer": "sentry_boundary",
"fqdns": []
},
{
"vmid": 1510,
"hostname": "besu-sentry-thirdweb-02",
"ipv4": "192.168.11.220",
"preferred_node": "r630-03",
"category": "besu_sentry",
"ports": [
{
@@ -1617,7 +1668,9 @@
"port": 80
}
],
"fqdns": []
"fqdns": [
"tsunamiswap.com"
]
},
{
"vmid": 5201,

116
config/public-routing-coverage-matrix.json Normal file
View File

@@ -0,0 +1,116 @@
{
"schemaVersion": "1.0.0",
"updated": "2026-04-24",
"scope": "Current live Chain 138 ecosystem coverage for public stablecoins, top public assets, and near-term integration priorities.",
"homeChain": {
"chainId": 138,
"network": "DeFi Oracle Meta Mainnet",
"publicExitPrimitive": "WETH",
"publicExitStatus": "live_via_pmm_and_ccip"
},
"supportedBridgeDestinations": [
{ "chainId": 1, "name": "Ethereum Mainnet", "status": "live" },
{ "chainId": 10, "name": "Optimism", "status": "live" },
{ "chainId": 25, "name": "Cronos", "status": "live" },
{ "chainId": 56, "name": "BSC", "status": "live" },
{ "chainId": 100, "name": "Gnosis", "status": "live" },
{ "chainId": 137, "name": "Polygon", "status": "live" },
{ "chainId": 8453, "name": "Base", "status": "live" },
{ "chainId": 42161, "name": "Arbitrum One", "status": "live" },
{ "chainId": 42220, "name": "Celo", "status": "live" },
{ "chainId": 43114, "name": "Avalanche C-Chain", "status": "live" },
{ "chainId": 651940, "name": "ALL Mainnet", "status": "bridge_live_swap_inventory_pending" },
{ "chainId": 1111, "name": "Wemix", "status": "blocked_selector_not_supported" }
],
"stablecoinCoverage": [
{ "symbol": "USDT", "reachability": "strong", "mode": "direct_mirror_and_public_evm" },
{ "symbol": "USDC", "reachability": "strong", "mode": "direct_mirror_and_public_evm" },
{ "symbol": "DAI", "reachability": "strong", "mode": "indirect_via_weth_to_ethereum" },
{ "symbol": "USDS", "reachability": "strong", "mode": "indirect_via_weth_to_ethereum" },
{ "symbol": "PYUSD", "reachability": "medium", "mode": "destination_dex_dependent" },
{ "symbol": "USDe", "reachability": "medium", "mode": "destination_dex_dependent" },
{ "symbol": "USD1", "reachability": "medium", "mode": "destination_dex_dependent" },
{ "symbol": "USDG", "reachability": "medium", "mode": "destination_dex_dependent" },
{ "symbol": "RLUSD", "reachability": "medium", "mode": "destination_dex_dependent" },
{ "symbol": "USDF", "reachability": "medium", "mode": "destination_dex_dependent" },
{ "symbol": "BUIDL", "reachability": "low", "mode": "institutional_non_dex" },
{ "symbol": "USYC", "reachability": "low", "mode": "institutional_non_dex" },
{ "symbol": "JTRSY", "reachability": "low", "mode": "institutional_non_dex" },
{ "symbol": "XAUT", "reachability": "strong", "mode": "native_gold_family_on_home_chain" },
{ "symbol": "PAXG", "reachability": "medium", "mode": "destination_dex_dependent" }
],
"topAssetCoverage": [
{ "symbol": "ETH", "reachability": "strong", "mode": "direct_evm" },
{ "symbol": "LINK", "reachability": "strong", "mode": "direct_evm" },
{ "symbol": "AAVE", "reachability": "strong", "mode": "destination_dex_dependent" },
{ "symbol": "UNI", "reachability": "strong", "mode": "destination_dex_dependent" },
{ "symbol": "AVAX", "reachability": "strong", "mode": "destination_dex_dependent" },
{ "symbol": "BNB", "reachability": "strong", "mode": "destination_dex_dependent" },
{ "symbol": "CRO", "reachability": "strong", "mode": "destination_dex_dependent" },
{ "symbol": "BTC", "reachability": "weak", "mode": "non_evm_expansion_required" },
{ "symbol": "SOL", "reachability": "weak", "mode": "non_evm_expansion_required" },
{ "symbol": "TRX", "reachability": "weak", "mode": "non_evm_expansion_required" },
{ "symbol": "XRP", "reachability": "weak", "mode": "non_evm_expansion_required" },
{ "symbol": "ADA", "reachability": "weak", "mode": "non_evm_expansion_required" },
{ "symbol": "XMR", "reachability": "weak", "mode": "non_evm_expansion_required" },
{ "symbol": "ZEC", "reachability": "weak", "mode": "non_evm_expansion_required" },
{ "symbol": "XLM", "reachability": "weak", "mode": "non_evm_expansion_required" },
{ "symbol": "HBAR", "reachability": "weak", "mode": "non_evm_expansion_required" },
{ "symbol": "SUI", "reachability": "weak", "mode": "non_evm_expansion_required" }
],
"shortIntegrationLeaps": [
{
"id": "doc-chain138-live-weth-exits",
"title": "Normalize docs around live Chain 138 c* -> WETH exits",
"status": "done_now",
"impact": "high"
},
{
"id": "publish-destination-route-registry",
"title": "Publish per-chain destination route registry for supported EVM stablecoins and cW* surfaces",
"status": "todo",
"impact": "high"
},
{
"id": "promote-additional-public-stables",
"title": "Promote PYUSD, USDe, RLUSD, USD1, and USDG into named route-target review",
"status": "todo",
"impact": "high"
},
{
"id": "canonicalize-allmainnet-swap-surface",
"title": "Commit canonical ALL Mainnet router/factory/pool inventory",
"status": "todo",
"impact": "high"
},
{
"id": "publish-top50-coverage-matrix",
"title": "Track top public assets by direct, indirect, wrapped-only, or unsupported status",
"status": "done_now",
"impact": "medium"
}
],
"additionalComponentsRequired": [
{
"id": "non-evm-bridge-expansion",
"title": "Bridge and swap adapters for BTC, SOL, XRP, ADA, XLM, HBAR, SUI classes",
"status": "future"
},
{
"id": "wemix-ccip-selector-support",
"title": "Enable Wemix lane by resolving Chain 138 CCIP selector support",
"status": "blocked_external"
},
{
"id": "route-confidence-api",
"title": "Expose live route confidence in quote/build systems",
"status": "future"
}
],
"references": {
"ecosystemReport": "reports/status/LIVE_ECOSYSTEM_FINANCIAL_INVENTORY_AND_ROUTING_GAPS_20260424.md",
"routingStatusDoc": "docs/11-references/DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md",
"stablecoinRoutesDoc": "docs/11-references/DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md",
"allMainnetSurfaceConfig": "config/allmainnet-non-dodo-protocol-surface.json"
}
}

224
config/token-mapping-multichain.json
View File

@@ -146,6 +146,118 @@
}
]
},
{
"fromChainId": 138,
"toChainId": 1,
"notes": "Chain 138 ↔ Ethereum Mainnet (CCIP); direct mapping; c*_cW = c* → cW* on destination",
"tokens": [
{
"key": "WETH9",
"name": "Wrapped Ether",
"addressFrom": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2",
"addressTo": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2",
"notes": "138 WETH9 → Mainnet WETH"
},
{
"key": "Compliant_USDT",
"name": "cUSDT",
"addressFrom": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
"addressTo": "0xdAC17F958D2ee523a2206206994597C13D831ec7",
"notes": "138 cUSDT → Mainnet USDT (native)"
},
{
"key": "Compliant_USDT_cW",
"name": "cUSDT→cWUSDT",
"addressFrom": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
"addressTo": "0xaF5017d0163ecb99D9B5D94e3b4D7b09Af44D8AE",
"notes": "138 cUSDT → Mainnet cWUSDT; set when deployed"
},
{
"key": "Compliant_USDC",
"name": "cUSDC",
"addressFrom": "0xf22258f57794CC8E06237084b353Ab30fFfa640b",
"addressTo": "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48",
"notes": "138 cUSDC → Mainnet USDC (native)"
},
{
"key": "Compliant_USDC_cW",
"name": "cUSDC→cWUSDC",
"addressFrom": "0xf22258f57794CC8E06237084b353Ab30fFfa640b",
"addressTo": "0x2de5F116bFcE3d0f922d9C8351e0c5Fc24b9284a",
"notes": "138 cUSDC → Mainnet cWUSDC; set when deployed"
},
{
"key": "Compliant_EURC_cW",
"name": "cEURC→cWEURC",
"addressFrom": "0x8085961F9cF02b4d800A3c6d386D31da4B34266a",
"addressTo": "0xD4aEAa8cD3fB41Dc8437FaC7639B6d91B60A5e8d",
"notes": "138 cEURC → Mainnet cWEURC"
},
{
"key": "Compliant_EURT_cW",
"name": "cEURT→cWEURT",
"addressFrom": "0xdf4b71c61E5912712C1Bdd451416B9aC26949d72",
"addressTo": "0x855d74FFB6CF75721a9bAbc8B2ed35c8119241dC",
"notes": "138 cEURT → Mainnet cWEURT"
},
{
"key": "Compliant_GBPC_cW",
"name": "cGBPC→cWGBPC",
"addressFrom": "0x003960f16D9d34F2e98d62723B6721Fb92074aD2",
"addressTo": "0xc074007dc0bfb384b1cf6426a56287ed23fe4d52",
"notes": "138 cGBPC → Mainnet cWGBPC"
},
{
"key": "Compliant_GBPT_cW",
"name": "cGBPT→cWGBPT",
"addressFrom": "0x350f54e4D23795f86A9c03988c7135357CCaD97c",
"addressTo": "0x1dDF9970F01c76A692Fdba2706203E6f16e0C46F",
"notes": "138 cGBPT → Mainnet cWGBPT"
},
{
"key": "Compliant_AUDC_cW",
"name": "cAUDC→cWAUDC",
"addressFrom": "0xD51482e567c03899eecE3CAe8a058161FD56069D",
"addressTo": "0x5020Db641B3Fc0dAbBc0c688C845bc4E3699f35F",
"notes": "138 cAUDC → Mainnet cWAUDC"
},
{
"key": "Compliant_JPYC_cW",
"name": "cJPYC→cWJPYC",
"addressFrom": "0xEe269e1226a334182aace90056EE4ee5Cc8A6770",
"addressTo": "0x07EEd0D7dD40984e47B9D3a3bdded1c536435582",
"notes": "138 cJPYC → Mainnet cWJPYC"
},
{
"key": "Compliant_CHFC_cW",
"name": "cCHFC→cWCHFC",
"addressFrom": "0x873990849DDa5117d7C644f0aF24370797C03885",
"addressTo": "0x0F91C5E6Ddd46403746aAC970D05d70FFe404780",
"notes": "138 cCHFC → Mainnet cWCHFC"
},
{
"key": "Compliant_CADC_cW",
"name": "cCADC→cWCADC",
"addressFrom": "0x54dBd40cF05e15906A2C21f600937e96787f5679",
"addressTo": "0x209FE32fe7B541751D190ae4e50cd005DcF8EDb4",
"notes": "138 cCADC → Mainnet cWCADC"
},
{
"key": "Compliant_XAUC_cW",
"name": "cXAUC→cWXAUC",
"addressFrom": "0x290E52a8819A4fbD0714E517225429aA2B70EC6b",
"addressTo": "0x572Be0fa8CA0534d642A567CEDb398B771D8a715",
"notes": "138 cXAUC → Mainnet cWXAUC"
},
{
"key": "Compliant_XAUT_cW",
"name": "cXAUT→cWXAUT",
"addressFrom": "0x94e408E26c6FD8F4ee00b54dF19082FDA07dC96E",
"addressTo": "0xACE1DBF857549a11aF1322e1f91F2F64b029c906",
"notes": "138 cXAUT → Mainnet cWXAUT"
}
]
},
{
"fromChainId": 651940,
"toChainId": 138,
@@ -1322,6 +1434,118 @@
}
]
},
{
"fromChainId": 138,
"toChainId": 42220,
"notes": "Chain 138 ↔ Celo (CCIP); direct mapping; c*_cW = c* → cW* on destination",
"tokens": [
{
"key": "WETH9",
"name": "Wrapped Ether",
"addressFrom": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2",
"addressTo": "0xD221812de1BD094f35587EE8E174B07B6167D9Af",
"notes": "138 WETH9 → Celo WETH"
},
{
"key": "Compliant_USDT",
"name": "cUSDT",
"addressFrom": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
"addressTo": "0x48065fbBE25f71C9282ddf5e1cD6D6A887483D5e",
"notes": "138 cUSDT → Celo USDT (native)"
},
{
"key": "Compliant_USDT_cW",
"name": "cUSDT→cWUSDT",
"addressFrom": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
"addressTo": "0x73376eB92c16977B126dB9112936A20Fa0De3442",
"notes": "138 cUSDT → Celo cWUSDT; set when deployed"
},
{
"key": "Compliant_USDC",
"name": "cUSDC",
"addressFrom": "0xf22258f57794CC8E06237084b353Ab30fFfa640b",
"addressTo": "0xcebA9300f2b948710d2653dD7B07f33A8B32118C",
"notes": "138 cUSDC → Celo USDC (native)"
},
{
"key": "Compliant_USDC_cW",
"name": "cUSDC→cWUSDC",
"addressFrom": "0xf22258f57794CC8E06237084b353Ab30fFfa640b",
"addressTo": "0x4C38F9A5ed68A04cd28a72E8c68C459Ec34576f3",
"notes": "138 cUSDC → Celo cWUSDC; set when deployed"
},
{
"key": "Compliant_EURC_cW",
"name": "cEURC→cWEURC",
"addressFrom": "0x8085961F9cF02b4d800A3c6d386D31da4B34266a",
"addressTo": "0xb6D2f38b9015F32ccE8818509c712264E7fceeD3",
"notes": "138 cEURC → Celo cWEURC"
},
{
"key": "Compliant_EURT_cW",
"name": "cEURT→cWEURT",
"addressFrom": "0xdf4b71c61E5912712C1Bdd451416B9aC26949d72",
"addressTo": "0x7e6fB8D80f81430e560F8232b2A4fd06249d74ce",
"notes": "138 cEURT → Celo cWEURT"
},
{
"key": "Compliant_GBPC_cW",
"name": "cGBPC→cWGBPC",
"addressFrom": "0x003960f16D9d34F2e98d62723B6721Fb92074aD2",
"addressTo": "0xE37c332a88f112F9e039C5d92D821402A89c7052",
"notes": "138 cGBPC → Celo cWGBPC"
},
{
"key": "Compliant_GBPT_cW",
"name": "cGBPT→cWGBPT",
"addressFrom": "0x350f54e4D23795f86A9c03988c7135357CCaD97c",
"addressTo": "0x1dBa81f91f1BeC47FFf60eC3e7DeD780ad9968E3",
"notes": "138 cGBPT → Celo cWGBPT"
},
{
"key": "Compliant_AUDC_cW",
"name": "cAUDC→cWAUDC",
"addressFrom": "0xD51482e567c03899eecE3CAe8a058161FD56069D",
"addressTo": "0x2d3a2ED4Ca4d69912d217c305EE921609F7906A8",
"notes": "138 cAUDC → Celo cWAUDC"
},
{
"key": "Compliant_JPYC_cW",
"name": "cJPYC→cWJPYC",
"addressFrom": "0xEe269e1226a334182aace90056EE4ee5Cc8A6770",
"addressTo": "0x0b39F47D2E68aB0eB18d4b637Bbd1dD8E97cFbB5",
"notes": "138 cJPYC → Celo cWJPYC"
},
{
"key": "Compliant_CHFC_cW",
"name": "cCHFC→cWCHFC",
"addressFrom": "0x873990849DDa5117d7C644f0aF24370797C03885",
"addressTo": "0x8142BA530B08f3950128601F00DaaA678213DFdf",
"notes": "138 cCHFC → Celo cWCHFC"
},
{
"key": "Compliant_CADC_cW",
"name": "cCADC→cWCADC",
"addressFrom": "0x54dBd40cF05e15906A2C21f600937e96787f5679",
"addressTo": "0x0C242b513008Cd49C89078F5aFb237A3112251EB",
"notes": "138 cCADC → Celo cWCADC"
},
{
"key": "Compliant_XAUC_cW",
"name": "cXAUC→cWXAUC",
"addressFrom": "0x290E52a8819A4fbD0714E517225429aA2B70EC6b",
"addressTo": "0x61D642979eD75c1325f35b9275C5A7FE97F22451",
"notes": "138 cXAUC → Celo cWXAUC"
},
{
"key": "Compliant_XAUT_cW",
"name": "cXAUT→cWXAUT",
"addressFrom": "0x94e408E26c6FD8F4ee00b54dF19082FDA07dC96E",
"addressTo": "0x30751782486eed825187C1EAe5DE4b4baD428AaE",
"notes": "138 cXAUT → Celo cWXAUT"
}
]
},
{
"fromChainId": 651940,
"toChainId": 42220,

64
config/universal-resource-activation.evidence-package.v1.schema.json Normal file
View File

@@ -0,0 +1,64 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/universal-resource-activation.evidence-package.v1.json",
"title": "EvidencePackage",
"type": "object",
"required": ["evidencePackageId", "resourceIds", "actionType", "reconciliationStatus"],
"properties": {
"evidencePackageId": { "type": "string", "minLength": 1 },
"resourceIds": {
"type": "array",
"minItems": 1,
"items": { "type": "string" }
},
"actionType": {
"type": "string",
"enum": [
"REGISTER",
"FUNDING_DRAW",
"CAP_RESERVE",
"MINT_AUTH",
"DEPLOY",
"ALLOCATE",
"REVERSAL"
]
},
"initiator": { "type": "string" },
"timestamp": { "type": "string" },
"jurisdiction": { "type": "string" },
"lawfulBasis": { "type": "string" },
"policyDecisions": {
"type": "array",
"items": {
"type": "object",
"properties": {
"profileId": { "type": "string" },
"version": { "type": "string" },
"result": { "type": "string" },
"reason": { "type": "string" }
}
}
},
"complianceResults": {
"type": "array",
"items": {
"type": "object",
"properties": {
"check": { "type": "string" },
"result": { "type": "string" },
"ref": { "type": "string" }
}
}
},
"custodyOrSourceEvidence": { "type": "string" },
"accountingRef": { "type": "string" },
"settlementOrChainRef": { "type": "string" },
"deploymentRef": { "type": "string" },
"reconciliationStatus": {
"type": "string",
"enum": ["open", "matched", "exception"]
},
"explanation": { "type": "string" }
},
"additionalProperties": true
}

29
config/universal-resource-activation.manifest.v1.schema.json Normal file
View File

@@ -0,0 +1,29 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/universal-resource-activation.manifest.v1.json",
"title": "UniversalResourceManifest",
"type": "object",
"required": ["schemaVersion", "resources", "evidencePackages"],
"properties": {
"schemaVersion": { "type": "string", "pattern": "^1\\." },
"updatedAt": { "type": "string" },
"resources": {
"type": "array"
},
"evidencePackages": {
"type": "array"
},
"policyProfileRefs": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": { "type": "string" },
"version": { "type": "string" }
},
"required": ["id"]
}
}
},
"additionalProperties": true
}

70
config/universal-resource-activation.policy-profile-registry.v1.schema.json Normal file
View File

@@ -0,0 +1,70 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/universal-resource-activation.policy-profile-registry.v1.json",
"title": "PolicyProfileRegistry",
"type": "object",
"required": ["schemaVersion", "profiles"],
"properties": {
"schemaVersion": { "type": "string", "minLength": 1 },
"updatedAt": { "type": "string" },
"description": { "type": "string" },
"profiles": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"required": [
"policyProfileId",
"version",
"jurisdictions",
"participantClasses",
"resourceFamilies",
"minimumGruGovernanceLevel"
],
"properties": {
"policyProfileId": { "type": "string", "minLength": 1 },
"version": { "type": "string", "minLength": 1 },
"effectiveFrom": { "type": "string" },
"effectiveTo": { "type": "string" },
"supersedes": { "type": "string" },
"jurisdictions": {
"type": "array",
"minItems": 1,
"items": { "type": "string" }
},
"participantClasses": {
"type": "array",
"minItems": 1,
"items": { "type": "string" }
},
"resourceFamilies": {
"type": "array",
"minItems": 1,
"items": { "type": "string" }
},
"tokenizationModesAllowed": {
"type": "array",
"items": { "type": "string" }
},
"ledgerModel": { "type": "string" },
"standards": {
"type": "array",
"items": { "type": "string" }
},
"minimumGruGovernanceLevel": {
"type": "integer",
"minimum": 0,
"maximum": 5
},
"complianceMatrixPaths": {
"type": "array",
"items": { "type": "string" }
},
"notes": { "type": "string" }
},
"additionalProperties": true
}
}
},
"additionalProperties": true
}

69
config/universal-resource-activation.resource.v1.schema.json Normal file
View File

@@ -0,0 +1,69 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/universal-resource-activation.resource.v1.json",
"title": "UniversalResource",
"type": "object",
"required": ["resourceId", "schemaVersion", "family", "lifecycleState", "deployabilityState"],
"properties": {
"resourceId": { "type": "string", "minLength": 1, "description": "bytes32 hex (0x...) or UUID" },
"schemaVersion": { "type": "integer", "minimum": 1 },
"displayName": { "type": "string" },
"description": { "type": "string" },
"family": {
"type": "string",
"enum": [
"SKR_SAFEKEEPING",
"STRATEGIC_RECORD",
"SERVER_FUNDS",
"FIAT_DIGITAL",
"CRYPTO",
"COMMODITY",
"SECURITY",
"RWA_GENERIC",
"INFRA_CAPACITY"
]
},
"subType": { "type": "string" },
"ownerParticipantId": { "type": "string" },
"jurisdiction": { "type": "string" },
"policyProfileId": { "type": "string" },
"tokenizationMode": {
"type": "string",
"enum": ["NONE", "CLAIM", "ENTITLEMENT", "TRANSFERABLE_ERC20", "RESTRICTED_SECURITY"]
},
"unitOfMeasure": { "type": "string" },
"quantity": { "type": "string" },
"valuationMethod": {
"type": "string",
"enum": ["MARK", "NAV", "AMORTIZED", "NOTIONAL", "NONE"]
},
"valuationRef": { "type": "string" },
"encumbranceState": {
"type": "string",
"enum": ["unencumbered", "held", "pledged", "lien", "disputed"]
},
"lifecycleState": {
"type": "string",
"enum": ["draft", "pending_validation", "active", "suspended", "closed", "void"]
},
"deployabilityState": {
"type": "string",
"enum": [
"informational_only",
"collateral_only",
"funding_eligible",
"settlement_linked",
"infra_allocatable",
"fully_deployable"
]
},
"evidenceRefs": { "type": "array", "items": { "type": "string" } },
"custodianId": { "type": "string" },
"infraHostId": { "type": "string" },
"infraBundleId": { "type": "string" },
"riskTier": { "type": "integer", "minimum": 1, "maximum": 5 },
"createdAt": { "type": "string" },
"updatedAt": { "type": "string" }
},
"additionalProperties": true
}

37
config/universal-resource-activation/MANIFEST_AUTOMATION_DESIGN.md Normal file
View File

@@ -0,0 +1,37 @@
# URA manifest — automation design
**Last updated:** 2026-04-25
**Status:** **Implemented in-repo:** fragment merge + strict closure gate + public Phoenix read for `policy-profiles.json` + ledger/settlement fragment CLIs + [`URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md`](../../docs/04-configuration/universal-resource-activation/URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md). Full OMNL ETL and GRU M00 diamond remain **operator/service** work; standalone `PolicyProfileRegistry` ships under `smom-dbis-138/contracts/universal-resource/`.
## Implemented
| Piece | Location |
|-------|----------|
| Merge fragments → validated manifest | `scripts/ura/merge-manifest-fragments.mjs` · `pnpm ura:merge-manifest` |
| Shared schema validation | `scripts/ura/lib/validate-ura-manifest.mjs` (used by `pnpm ura:validate` and merge) |
| Production placeholder gate | `scripts/ura/validate-manifest-closure.mjs` · `pnpm ura:validate-closure` (warn) / `pnpm ura:validate-closure:strict` (fail) · optional `URA_STRICT_CLOSURE=1` in `validate-config-files.sh` |
| Fragment drop zone | `manifest-fragments/README.md` |
| Public API: policy profiles | `GET /api/v1/universal-resource-activation/policy-profiles` on phoenix-deploy-api |
## Goals (remaining / service-bound)
- Generate fragments from **approved** ops forms, ledger exports, chain receipts (outside this repo or future ETL).
- Fail CI on **production** branches when closure rules violate (use `URA_STRICT_CLOSURE=1` on that pipeline).
## Pipeline (merge)
1. **Inputs:** JSON fragments under `manifest-fragments/*.json` (or another `--fragments-dir`).
2. **Merge:** Deterministic sort; `policyProfileRefs` union; resources/evidence by id with shallow merge.
3. **Validate:** Full JSON Schema + cross-checks (`validateUraManifestData`).
4. **Optional:** `--out path` to write; then review and replace `manifest.json` if intended.
## Non-goals
- Automatic legal classification of assets (human sign-off on matrices + profiles).
- Writing to chain or OMNL from this repo without separate deployment controls.
## Related
- [technical-specs/README.md](../../docs/04-configuration/universal-resource-activation/technical-specs/README.md) — normative **TS-*** specs for remaining operator work
- [`UNIVERSAL_RESOURCE_WIRING.md`](../../docs/04-configuration/universal-resource-activation/UNIVERSAL_RESOURCE_WIRING.md)
- [`scripts/validate/validate-ura-policy-profiles.mjs`](../../scripts/validate/validate-ura-policy-profiles.mjs)

23
config/universal-resource-activation/POLICY_PROFILES_REGISTRY.md Normal file
View File

@@ -0,0 +1,23 @@
# Policy profiles registry — doc control
**Last updated:** 2026-04-25
**Purpose:** Human-readable **change control** for rows in [`policy-profiles.json`](policy-profiles.json). Legal/risk owns interpretation; engineering owns schema conformance (`pnpm ura:validate-profiles`).
| `policyProfileId` | Version in registry | `effectiveFrom` | Legal / risk sign-off | Notes |
|-------------------|---------------------|-----------------|----------------------|-------|
| `institutional_custody_skr_v1` | 1 | 2026-04-25 | Pending — replace when signed | ID matrix: SKR / custody path |
| `server_funds_treasury_v1` | 1 | 2026-04-25 | Pending — replace when signed | ID matrix: server funds / OMNL |
| `infra_capacity_ops_v1` | 1 | 2026-04-25 | Pending — replace when signed | LAN internal capacity |
## Procedure
1. Add or bump `version` and `effectiveFrom` in `policy-profiles.json`; update this table with sign-off reference (ticket, memo id, or “N/A — internal only”).
2. Ensure [`manifest.json`](manifest.json) `policyProfileRefs` lists every profile used by a resource at the correct version.
3. Run `pnpm ura:validate && pnpm ura:validate-profiles`.
## Related
- [`UNIVERSAL_RESOURCE_POLICY_PROFILES.md`](../../docs/04-configuration/universal-resource-activation/UNIVERSAL_RESOURCE_POLICY_PROFILES.md)
- [`DBIS_RAIL_JURISDICTION_TRACEABILITY.md`](../../docs/dbis-rail/DBIS_RAIL_JURISDICTION_TRACEABILITY.md)
- **Public read:** `GET /api/v1/universal-resource-activation/policy-profiles` on phoenix-deploy-api (same auth rules as manifest; override via `UNIVERSAL_RESOURCE_POLICY_PROFILES_PATH`).
- **On-chain anchor (optional):** `smom-dbis-138/contracts/universal-resource/PolicyProfileRegistry.sol` — publish `contentHash` from `pnpm ura:profile-hash <policyProfileId>`; see [`GRU_REGISTRY_WIRING_CHECKLIST.md`](../../docs/runbooks/GRU_REGISTRY_WIRING_CHECKLIST.md) §6.

8
config/universal-resource-activation/integration/examples/ledger-snapshot.example.json Normal file
View File

@@ -0,0 +1,8 @@
{
"journalEntryId": "OMNL-JE-2026-00042",
"batchRef": "FINERACT-BATCH-88",
"postedAt": "2026-04-25T12:00:00Z",
"currency": "USD",
"amountMinor": "1000000",
"notes": "Illustrative export shape — replace with real OMNL/Fineract field names from your deployment."
}

10
config/universal-resource-activation/integration/omnl-ledger-mapping.v1.example.json Normal file
View File

@@ -0,0 +1,10 @@
{
"schemaVersion": "1.0.0",
"description": "Example mapping from Fineract/OMNL export fields to URA evidence package columns. Copy to omnl-ledger-mapping.v1.json when live.",
"evidencePackages": [
{
"evidencePackageId": "ura:pilot:evidence-register-bootstrap",
"accountingRefField": "journalEntryId"
}
]
}

48
config/universal-resource-activation/integration/omnl-ledger-mapping.v1.schema.json Normal file
View File

@@ -0,0 +1,48 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/omnl-ledger-mapping.v1.json",
"title": "OMNLLedgerMapping",
"type": "object",
"required": ["schemaVersion", "evidencePackages"],
"properties": {
"schemaVersion": { "type": "string", "const": "1.0.0" },
"description": { "type": "string" },
"resourceUpdates": {
"type": "array",
"items": {
"type": "object",
"required": ["resourceId", "quantityField"],
"properties": {
"resourceId": { "type": "string", "minLength": 1 },
"quantityField": { "type": "string", "description": "Dot path in ledger snapshot for quantity string" }
},
"additionalProperties": false
}
},
"evidencePackages": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"required": ["evidencePackageId"],
"properties": {
"evidencePackageId": { "type": "string", "minLength": 1 },
"accountingRefField": {
"type": "string",
"description": "Dot path into ledger snapshot JSON for accountingRef string (e.g. journalEntryId or omnl.batchRef)"
},
"quantityField": {
"type": "string",
"description": "Optional dot path for resource quantity string"
},
"resourceIdForQuantity": {
"type": "string",
"description": "If quantityField set, which resource row to patch"
}
},
"additionalProperties": false
}
}
},
"additionalProperties": false
}

38
config/universal-resource-activation/manifest-fragments/README.md Normal file
View File

@@ -0,0 +1,38 @@
# URA manifest fragments (optional)
**Purpose:** Drop partial JSON files here to **merge** onto the canonical [`../manifest.json`](../manifest.json) without hand-editing the full file. Used for ops overlays, environment-specific rows, or generated snippets.
## Fragment shape
Each `*.json` file (sorted by filename; skip `_prefix.json`) may contain any of:
| Key | Effect |
|-----|--------|
| `policyProfileRefs` | Union with manifest (same `id` + `version` deduped). |
| `resources` | Add or **shallow-merge** replace by `resourceId`. |
| `evidencePackages` | Add or **shallow-merge** replace by `evidencePackageId`. |
Top-level manifest fields (`schemaVersion`, `description`, …) come **only** from the `--base` file (default: `manifest.json`).
## Commands
```bash
pnpm ura:merge-manifest
# Validate merge and print counts (dry-run; does not write)
node scripts/ura/merge-manifest-fragments.mjs --out /tmp/merged.json
# Write merged JSON; inspect and copy into manifest.json if correct
```
After any manifest edit: `pnpm ura:validate && pnpm ura:validate-profiles`.
## Production gate
When pilots are closed, enforce no placeholders:
```bash
pnpm ura:validate-closure:strict
# Or: URA_STRICT_CLOSURE=1 bash scripts/validation/validate-config-files.sh
```
See [`MANIFEST_AUTOMATION_DESIGN.md`](../MANIFEST_AUTOMATION_DESIGN.md) and [`URA_PILOT_CLOSURE_RUNBOOK.md`](../../../docs/04-configuration/universal-resource-activation/URA_PILOT_CLOSURE_RUNBOOK.md).

87
config/universal-resource-activation/manifest.json Normal file
View File

@@ -0,0 +1,87 @@
{
"schemaVersion": "1.0.0",
"updatedAt": "2026-04-25T12:00:00Z",
"description": "Canonical in-repo store for universal resource activation (SKR, server funds, infra). Pilot-scoped resourceIds; jurisdiction ID for financial pilots per JURISDICTION_CATALOG and ID-INDONESIA matrix. Replace ura:participant:pilot-*-assign and evidence TBDs per URA_PILOT_CLOSURE_RUNBOOK.md. Run pnpm ura:validate && pnpm ura:validate-profiles in CI.",
"policyProfileRefs": [
{ "id": "institutional_custody_skr_v1", "version": "1" },
{ "id": "server_funds_treasury_v1", "version": "1" },
{ "id": "infra_capacity_ops_v1", "version": "1" }
],
"resources": [
{
"resourceId": "ura:pilot-1:skr-custody-record",
"schemaVersion": 1,
"displayName": "Pilot 1 — SKR / custody record",
"description": "PILOT-1 (Indonesia-scope): bind participant registry id, evidenceRefs, and custody evidence per URA_PILOT_CLOSURE_RUNBOOK.md and ID-INDONESIA compliance matrix.",
"family": "SKR_SAFEKEEPING",
"subType": "CUSTODY_STATEMENT",
"ownerParticipantId": "ura:participant:pilot-1-assign",
"jurisdiction": "ID",
"policyProfileId": "institutional_custody_skr_v1",
"tokenizationMode": "NONE",
"quantity": "0",
"unitOfMeasure": "USD",
"valuationMethod": "NOTIONAL",
"encumbranceState": "unencumbered",
"lifecycleState": "draft",
"deployabilityState": "informational_only",
"evidenceRefs": ["ura:evidence:pending-pilot-1-custody-package"]
},
{
"resourceId": "ura:pilot-2:server-funds-treasury-pool",
"schemaVersion": 1,
"displayName": "Pilot 2 — Server funds treasury pool",
"description": "PILOT-2 (Indonesia-scope): OMNL + server-funds-sidecar SoR; replace accountingRef in evidence when ledger posts per runbook.",
"family": "SERVER_FUNDS",
"subType": "TREASURY_POOL",
"ownerParticipantId": "ura:participant:pilot-2-assign",
"jurisdiction": "ID",
"policyProfileId": "server_funds_treasury_v1",
"tokenizationMode": "NONE",
"quantity": "0",
"unitOfMeasure": "USD",
"valuationMethod": "NOTIONAL",
"encumbranceState": "unencumbered",
"lifecycleState": "draft",
"deployabilityState": "funding_eligible",
"evidenceRefs": ["ura:evidence:pending-pilot-2-ledger-link"]
},
{
"resourceId": "ura:pilot-3:infra-r630-01-api-small",
"schemaVersion": 1,
"displayName": "Pilot 3 — Infra capacity (R630-01, api_small)",
"description": "PILOT-3: LAN ops capacity; link deploymentRef in evidence after non-prod deploy per runbook.",
"family": "INFRA_CAPACITY",
"subType": "BUNDLE",
"ownerParticipantId": "ura:participant:pilot-3-assign",
"jurisdiction": "LAN",
"policyProfileId": "infra_capacity_ops_v1",
"tokenizationMode": "NONE",
"infraHostId": "r630-01",
"infraBundleId": "api_small",
"encumbranceState": "unencumbered",
"lifecycleState": "active",
"deployabilityState": "infra_allocatable",
"evidenceRefs": ["ura:evidence:pending-pilot-3-capacity-verify"]
}
],
"evidencePackages": [
{
"evidencePackageId": "ura:pilot:evidence-register-bootstrap",
"resourceIds": [
"ura:pilot-1:skr-custody-record",
"ura:pilot-2:server-funds-treasury-pool",
"ura:pilot-3:infra-r630-01-api-small"
],
"actionType": "REGISTER",
"initiator": "pilot_bootstrap",
"timestamp": "2026-04-25T12:00:00Z",
"reconciliationStatus": "open",
"custodyOrSourceEvidence": "PILOT-1: TBD — custodian statement or attestation hash per UNIVERSAL_RESOURCE_EVIDENCE_PACKAGE.md; remove when real ref linked.",
"accountingRef": "PILOT-2: TBD — OMNL/Fineract journal or batch id when server-funds path posts (see URA_PILOT_CLOSURE_RUNBOOK.md).",
"settlementOrChainRef": "PILOT-2/3: TBD — MintAuth messageId / tx hash / rail ref per DBIS_RAIL_TECHNICAL_SPEC_V1.md when settlement leg exists.",
"deploymentRef": "PILOT-3: TBD — VMID, FQDN, health URL after deploy per UNIVERSAL_RESOURCE_PILOT_PLAN.md.",
"explanation": "REGISTER package binding three pilots. Set reconciliationStatus to matched only after mandatory joins per UNIVERSAL_RESOURCE_EVIDENCE_PACKAGE.md and jurisdiction matrix rows."
}
]
}

53
config/universal-resource-activation/policy-profiles.json Normal file
View File

@@ -0,0 +1,53 @@
{
"schemaVersion": "1.0.0",
"updatedAt": "2026-04-25T00:00:00Z",
"description": "Machine-readable URA policy profile registry. Manifest policyProfileRefs must reference ids listed here. See UNIVERSAL_RESOURCE_POLICY_PROFILES.md and compliance-matrices/.",
"profiles": [
{
"policyProfileId": "institutional_custody_skr_v1",
"version": "1",
"effectiveFrom": "2026-04-25",
"jurisdictions": ["*", "ID"],
"participantClasses": ["institutional", "sovereign"],
"resourceFamilies": ["SKR_SAFEKEEPING", "STRATEGIC_RECORD"],
"tokenizationModesAllowed": ["NONE", "CLAIM", "ENTITLEMENT"],
"ledgerModel": "off_chain_omnl",
"standards": ["ISO20022_LOGGING"],
"minimumGruGovernanceLevel": 2,
"complianceMatrixPaths": [
"docs/04-configuration/compliance-matrices/ID-INDONESIA/banking_v1.md"
],
"notes": "SKR / custody evidence-backed; conservative transfer defaults per policy doc."
},
{
"policyProfileId": "server_funds_treasury_v1",
"version": "1",
"effectiveFrom": "2026-04-25",
"jurisdictions": ["*", "ID"],
"participantClasses": ["institutional", "sovereign"],
"resourceFamilies": ["SERVER_FUNDS"],
"tokenizationModesAllowed": ["NONE"],
"ledgerModel": "hybrid",
"standards": ["ISO20022_LOGGING", "TRAVEL_RULE"],
"minimumGruGovernanceLevel": 3,
"complianceMatrixPaths": [
"docs/04-configuration/compliance-matrices/ID-INDONESIA/banking_v1.md"
],
"notes": "Good-funds, GL mapping, holds/releases; Rail settlement when on-chain leg used."
},
{
"policyProfileId": "infra_capacity_ops_v1",
"version": "1",
"effectiveFrom": "2026-04-25",
"jurisdictions": ["*", "LAN"],
"participantClasses": ["institutional", "internal_ops"],
"resourceFamilies": ["INFRA_CAPACITY"],
"tokenizationModesAllowed": ["NONE", "ENTITLEMENT"],
"ledgerModel": "off_chain_omnl",
"standards": ["IPSAS"],
"minimumGruGovernanceLevel": 1,
"complianceMatrixPaths": [],
"notes": "Internal capacity; not a traded security by default."
}
]
}

20
config/universal-resource-activation/ura-production-ready.env.example Normal file
View File

@@ -0,0 +1,20 @@
# Copy to a path outside VCS (or set inline) and:
# export URA_PRODUCTION_ENV_FILE=/path/to/ura-production-ready.env
# pnpm ura:production-ready
# # or (staging: skips manifest strict closure; does NOT claim production evidence closure)
# URA_PRODUCTION_MODE=connectivity pnpm ura:production-ready
#
# shellcheck disable=SC2034
export PHOENIX_BASE_URL="https://phoenix.example.invalid"
export SERVER_FUNDS_SIDECAR_URL="https://server-funds-sidecar.example.invalid"
export POLICY_PROFILE_REGISTRY_ADDRESS="0x0000000000000000000000000000000000000000"
# export GRU_REQUIRED=1
# export GRU_M00_DIAMOND_ADDRESS="0x0000000000000000000000000000000000000000"
# export LEDGER_E2E_EVIDENCE_FILE="/path/to/ledger-ticket.md"
# export SETTLEMENT_E2E_EVIDENCE_FILE="/path/to/settlement-ticket.md"
# export REQUIRE_CUSTODY=1
# export CUSTODY_E2E_EVIDENCE_FILE="/path/to/custody-ticket.md"
# export COUNSEL_SIGNOFF_FILE="/path/to/counsel-signoff.pdf"

2
cross-chain-pmm-lps

Submodule cross-chain-pmm-lps updated: 68647ff4d4...1cf845cb3a

148
docs/00-meta/AAVE_CHAIN138_AND_MARIONETTE_TSUNAMISWAP_PLAN.md Normal file
View File

@@ -0,0 +1,148 @@
# AAVE Chain 138 and Marionette TsunamiSwap Plan
**Last Updated:** 2026-04-23
**Status:** Active planning / operator runbook
**Purpose:** Canonical repo-local reference for the TsunamiSwap DEX footprint in this workspace, including deployment target, current endpoint, and the operator flow to bring the VM online.
---
## Scope
This document covers the TsunamiSwap deployment target currently reserved in the Proxmox operational template:
- **VMID:** `5010`
- **Hostname:** `tsunamiswap`
- **IPv4:** `192.168.11.91`
- **Preferred node:** `r630-01`
- **Category:** `defi`
- **Published port in template:** `80`
Canonical sources:
- [docs/00-meta/OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md) section `5c`
- [docs/02-architecture/DBIS_NODE_ROLE_MATRIX.md](../02-architecture/DBIS_NODE_ROLE_MATRIX.md)
- [docs/04-configuration/ALL_VMIDS_ENDPOINTS.md](../04-configuration/ALL_VMIDS_ENDPOINTS.md)
- [`config/proxmox-operational-template.json`](../../config/proxmox-operational-template.json)
- [`scripts/deployment/tsunamiswap-vm-5010-provision.sh`](../../scripts/deployment/tsunamiswap-vm-5010-provision.sh)
---
## Current URLs
The canonical public TsunamiSwap URLs are:
- **Landing page:** `https://tsunamiswap.com`
- **Working application:** `https://app.tsunamiswap.com`
The VM service target on port `80` remains the backend origin:
- **Origin / backend target:** `http://192.168.11.91/`
Important notes:
- `https://tsunamiswap.com` is the canonical public landing page.
- `https://app.tsunamiswap.com` is the canonical working application URL.
- `http://192.168.11.91/` remains the internal service origin for VM `5010`.
- Both hostnames are currently recorded against VM `5010`; if the landing page and app split onto different upstreams later, update this document and the Proxmox operational template together.
---
## Deployment State
Current known state in this repo:
- VM `5010` exists in inventory and architecture docs.
- The helper script [`scripts/deployment/tsunamiswap-vm-5010-provision.sh`](../../scripts/deployment/tsunamiswap-vm-5010-provision.sh) is **inventory only** and explicitly says provisioning is still informational.
- The operator checklist expects follow-up scripts such as `create-tsunamiswap-vm.sh`, `setup-tsunamiswap-vm-5010.sh`, and `deploy-tsunamiswap-to-5010.sh`, but those scripts are **not present in this workspace** today.
- Because of that, TsunamiSwap should currently be treated as **planned / partially documented infrastructure**, not a fully repo-automated deployment.
---
## Operator Flow
### 1. Check VM inventory status
```bash
./scripts/deployment/tsunamiswap-vm-5010-provision.sh
```
Expected behavior:
- Confirms whether VMID `5010` exists on the target Proxmox host.
- If missing, prints the intended sizing and placement.
### 2. Target VM profile
From the operator checklist, the intended baseline is:
- `8` vCPU
- `16 GB` RAM
- `~160 GB` disk
- default host `r630-01`
- default IP `192.168.11.91`
### 3. Planned post-create steps
The checklist indicates this intended flow:
```bash
./scripts/create-tsunamiswap-vm.sh --dry-run
./scripts/create-tsunamiswap-vm.sh
./scripts/setup-tsunamiswap-vm-5010.sh --dry-run
./scripts/setup-tsunamiswap-vm-5010.sh
./scripts/deploy-tsunamiswap-to-5010.sh --dry-run
./scripts/deploy-tsunamiswap-to-5010.sh
```
Current repo reality:
- These commands are referenced operationally.
- The underlying scripts are not present in this workspace right now.
- If automation is needed, those scripts should be added in a future pass and then linked back here.
---
## Publish Checklist
Before calling TsunamiSwap publicly live, complete all of the following:
1. Confirm VM `5010` exists and serves HTTP on `192.168.11.91:80`.
2. Confirm `tsunamiswap.com` and `app.tsunamiswap.com` are present under VM `5010` `fqdns` in `config/proxmox-operational-template.json`.
3. Add both hostnames to the canonical endpoint inventory docs.
4. Publish the NPMplus proxy mappings:
`tsunamiswap.com` for the landing page and `app.tsunamiswap.com` for the working application, both currently targeting `192.168.11.91:80`.
5. Verify end-to-end routing with the standard E2E verifier.
Suggested canonical follow-up files to update once a public hostname exists:
- [docs/04-configuration/ALL_VMIDS_ENDPOINTS.md](../04-configuration/ALL_VMIDS_ENDPOINTS.md)
- [docs/04-configuration/FQDN_EXPECTED_CONTENT.md](../04-configuration/FQDN_EXPECTED_CONTENT.md)
- [docs/03-deployment/OPERATIONAL_RUNBOOKS.md](../03-deployment/OPERATIONAL_RUNBOOKS.md)
- [`config/proxmox-operational-template.json`](../../config/proxmox-operational-template.json)
---
## AAVE / Marionette Relationship
This workspace currently contains the TsunamiSwap infrastructure reservation and operator references, but it does **not** yet contain a fuller in-repo specification for:
- AAVE-specific market wiring
- Marionette-specific orchestration details
- TsunamiSwap backend architecture
- TsunamiSwap contract inventory
- TsunamiSwap public domain / branding decision
So this document should be read as the canonical **deployment placeholder + operator reference**, not a complete product architecture spec.
---
## Decision
The canonical public URLs for TsunamiSwap in this repo are:
- `https://tsunamiswap.com`
- `https://app.tsunamiswap.com`
The corresponding internal service origin is:
- `http://192.168.11.91/`

20
docs/00-meta/NEXT_STEPS_FOR_YOU.md
View File

@@ -1,17 +1,19 @@
# Your next steps — one place
**Last Updated:** 2026-03-02
**Last Updated:** 2026-04-23
**Purpose:** Single list of what **you** need to do next (no infra/automation). Everything else the repo can do has been completed or documented.
**Completed (next steps run):** `run-completable-tasks-from-anywhere.sh` — config OK, on-chain 59/59, validation OK, reconcile-env. `preflight-chain138-deploy.sh` — passed. `run-all-next-steps-chain138.sh` — preflight passed; TransactionMirror and cUSDT/cUSDC pool already present; all 12 c* already GRU-registered; verification 59/59. `validate-config-files.sh` — passed. `run-e2e-flow-tasks-full-parallel.sh --dry-run` — waves E0E7 listed.
**Completed (latest repo-local pass, 2026-04-23):** `run-completable-tasks-from-anywhere.sh --dry-run --json-out reports/status/run-completable-tasks-latest.json` now emits machine-readable step summaries. `run-all-validation.sh --skip-genesis --json-out reports/status/run-all-validation-latest.json` passed and refreshed advisory non-EVM status (Solana, Tron, XRPL). `run-e2e-flow-tasks-full-parallel.sh`, `run-all-next-steps-chain138.sh`, and `run-all-operator-tasks-from-lan.sh` also now support optional `--json-out` summaries. Canonical docs were synchronized to the current 61-address on-chain check and five-step no-LAN runner flow.
**Continue and complete (2026-02-27):** Re-ran `run-completable-tasks-from-anywhere.sh`all 4 steps passed (config, on-chain 59/59, validation, reconcile-env). Re-ran `run-all-operator-tasks-from-lan.sh --skip-backup` — dotenv loaded automatically; Blockscout verification completed (W0-1 NPMplus failed off-LAN as expected). Docs: REMAINING_SUMMARY "Continue and complete" section added; TODOS_CONSOLIDATED and NEXT_STEPS_FOR_YOU updated for operator script loading dotenv.
**Completed (next steps run):** `run-completable-tasks-from-anywhere.sh` — config OK, on-chain 61/61, validation OK, non-EVM status refresh, reconcile-env. `preflight-chain138-deploy.sh` — passed. `run-all-next-steps-chain138.sh` — preflight passed; TransactionMirror and cUSDT/cUSDC pool already present; all 12 c* already GRU-registered; verification 61/61. `validate-config-files.sh` — passed. `run-e2e-flow-tasks-full-parallel.sh --dry-run` — waves E0E7 listed.
**Completed 2026-03-02:** Documentation consolidation: [MASTER_INDEX.md](../MASTER_INDEX.md), [README.md](../README.md), [RUNBOOKS_MASTER_INDEX.md](../RUNBOOKS_MASTER_INDEX.md) created; deprecated content (ALL_IMPROVEMENTS_AND_GAPS_INDEX) marked redirect-only. `run-completable-tasks-from-anywhere.sh` run: config OK, on-chain 59/59, validation OK, reconcile-env. **Preflight** and **run-all-next-steps-chain138.sh** run: preflight passed; mirror/pool already deployed; all 12 c* already registered as GRU; verification 59/59. Next steps index and TODOS_CONSOLIDATED updated.
**Continue and complete (2026-02-27):** Re-ran `run-completable-tasks-from-anywhere.sh` — the runner has since expanded to the current five-step flow (config, on-chain, validation, non-EVM status, reconcile-env). Re-ran `run-all-operator-tasks-from-lan.sh --skip-backup` — dotenv loaded automatically; Blockscout verification completed (W0-1 NPMplus failed off-LAN as expected). Docs: REMAINING_SUMMARY "Continue and complete" section added; TODOS_CONSOLIDATED and NEXT_STEPS_FOR_YOU updated for operator script loading dotenv.
**Completed 2026-03-02:** Documentation consolidation: [MASTER_INDEX.md](../MASTER_INDEX.md), [README.md](../README.md), [RUNBOOKS_MASTER_INDEX.md](../RUNBOOKS_MASTER_INDEX.md) created; deprecated content (ALL_IMPROVEMENTS_AND_GAPS_INDEX) marked redirect-only. `run-completable-tasks-from-anywhere.sh` run: config OK, on-chain 59/59 at the time, validation OK, reconcile-env. **Preflight** and **run-all-next-steps-chain138.sh** run: preflight passed; mirror/pool already deployed; all 12 c* already registered as GRU; verification 59/59 at the time. Next steps index and TODOS_CONSOLIDATED updated.
**Completed 2026-02-27:** Chain 138 "run all next steps" script added: `./scripts/deployment/run-all-next-steps-chain138.sh` (preflight → mirror+pool → register c* as GRU → verify). Docs updated: NEXT_STEPS_INDEX, DEPLOYMENT_ORDER_OF_OPERATIONS, TODOS_CONSOLIDATED, CONTRACT_NEXT_STEPS_LIST.
**Completed 2026-03-01:** Recommended next steps: `run-completable-tasks-from-anywhere.sh` (config OK, on-chain 59/59, validation OK, reconcile-env). Progress indicators added (Step 1/44/4). E2E flow tasks script: `./scripts/run-e2e-flow-tasks-full-parallel.sh [--dry-run] [--wave E1]`. CONTRACT_ADDRESSES_REFERENCE and RECOMMENDATIONS_OPERATOR_CHECKLIST updated to use ADDRESS_MATRIX_AND_STATUS for correlated address matrix.
**Completed 2026-03-01:** Recommended next steps: `run-completable-tasks-from-anywhere.sh` (config OK, on-chain 59/59 at the time, validation OK, reconcile-env). Progress indicators added, later expanded to the current five-step runner flow with elapsed-time summaries. E2E flow tasks script: `./scripts/run-e2e-flow-tasks-full-parallel.sh [--dry-run] [--wave E1]`. CONTRACT_ADDRESSES_REFERENCE and RECOMMENDATIONS_OPERATOR_CHECKLIST updated to use ADDRESS_MATRIX_AND_STATUS for correlated address matrix.
**Completed 2026-02-23:** Optional and next steps: `run-completable-tasks-from-anywhere.sh` run (config OK, on-chain 36/36, run-all-validation --skip-genesis OK, reconcile-env). Shellcheck with `--optional` now non-fatal (CI and validate pass). Validate via Proxmox SSH: `bash scripts/run-via-proxmox-ssh.sh validate [--host IP]` runs full shellcheck + genesis validation; jq/shellcheck installed on host when missing. TODOS_CONSOLIDATED and OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST updated.
@@ -39,9 +41,9 @@ These can be run from your current machine (dev, WSL, CI) without Proxmox or Led
| Step | Command / action |
|------|------------------|
| **Run all “from anywhere” checks** | `./scripts/run-completable-tasks-from-anywhere.sh` — config validation, on-chain check (SKIP_EXIT=1 if RPC unreachable), run-all-validation --skip-genesis, reconcile-env --print |
| **Chain 138 next steps (all in one)** | `./scripts/deployment/run-all-next-steps-chain138.sh` — preflight → mirror+pool (or `--skip-mirror`) → register c* as GRU → verify. Use `--dry-run`; set `TRANSACTION_MIRROR_ADDRESS` if mirror exists. See [TRANSACTION_MIRROR_CHAIN138_COLLISION_FIX](../03-deployment/TRANSACTION_MIRROR_CHAIN138_COLLISION_FIX.md) if CreateCollision. |
| **E2E flows (full parallel)** | `./scripts/run-e2e-flow-tasks-full-parallel.sh [--dry-run] [--wave E1]` — run E2E flow tasks by wave; see [TASKS_TO_INCREASE_ALL_E2E_FLOWS](TASKS_TO_INCREASE_ALL_E2E_FLOWS.md). |
| **Run all “from anywhere” checks** | `./scripts/run-completable-tasks-from-anywhere.sh [--json-out reports/status/run-completable-tasks-latest.json]` — config validation, on-chain check (SKIP_EXIT=1 if RPC unreachable), run-all-validation --skip-genesis, non-EVM status refresh, reconcile-env --print |
| **Chain 138 next steps (all in one)** | `./scripts/deployment/run-all-next-steps-chain138.sh [--json-out reports/status/run-all-next-steps-chain138-latest.json]` — preflight → mirror+pool (or `--skip-mirror`) → register c* as GRU → verify. Use `--dry-run`; set `TRANSACTION_MIRROR_ADDRESS` if mirror exists. See [TRANSACTION_MIRROR_CHAIN138_COLLISION_FIX](../03-deployment/TRANSACTION_MIRROR_CHAIN138_COLLISION_FIX.md) if CreateCollision. |
| **E2E flows (full parallel)** | `./scripts/run-e2e-flow-tasks-full-parallel.sh [--dry-run] [--wave E1] [--json-out reports/status/run-e2e-flow-tasks-latest.json]` — run E2E flow tasks by wave; see [TASKS_TO_INCREASE_ALL_E2E_FLOWS](TASKS_TO_INCREASE_ALL_E2E_FLOWS.md). |
| **On-chain address list (no RPC)** | `./scripts/verify/check-contracts-on-chain-138.sh --dry-run` — lists addresses only (no RPC) |
| **Config validation** | `./scripts/validation/validate-config-files.sh` or `... --dry-run` (print only) |
| **Bridge deploy dry-run** | `./scripts/deploy-and-configure-weth9-bridge-chain138.sh --dry-run` (no keys/network) |
@@ -49,7 +51,7 @@ These can be run from your current machine (dev, WSL, CI) without Proxmox or Led
| **Validate via Proxmox SSH** | `bash scripts/run-via-proxmox-ssh.sh validate [--host 192.168.11.10]` — full shellcheck + genesis validation on host; installs jq/shellcheck if missing |
| **CCIP checklist (dry)** | `bash scripts/ccip/ccip-deploy-checklist.sh` — validates env and prints deploy order (no deploy) |
| **Tests** | `cd smom-dbis-138 && forge test` (e2e/integration subset if full suite slow); `cd alltra-lifi-settlement && forge test && npm run test:e2e -- --forceExit` |
| **Quick wins (code)** | Add progress indicators to scripts; add `--dry-run` to scripts that lack it; extend config validation (see [IMPLEMENTATION_CHECKLIST](../10-best-practices/IMPLEMENTATION_CHECKLIST.md)) |
| **Quick wins (code)** | Canonical wrapper-script quick wins are complete in this workspace: progress/timing, `--json-out` summaries, and stricter arg validation are in place on the main runners. Use [REPO_LOCAL_RECOMMENDATIONS_STATUS.md](REPO_LOCAL_RECOMMENDATIONS_STATUS.md) to distinguish remaining operator/external work from future maintenance. |
| **Placeholders (code)** | All done or documented — see [REQUIRED_FIXES_UPDATES_GAPS](../REQUIRED_FIXES_UPDATES_GAPS.md) §4 (canonical addresses, AlltraAdapter setBridgeFee, smart accounts env, quote FABRIC_CHAIN_ID, .bak BAK_FILES_DEPRECATION). |
| **API keys** | Sign up at URLs in [reports/API_KEYS_REQUIRED.md](../../reports/API_KEYS_REQUIRED.md); add any new keys to `.env` |

7
docs/00-meta/NEXT_STEPS_INDEX.md
View File

@@ -1,11 +1,12 @@
# Next Steps — Index
**Last Updated:** 2026-03-28
**Last Updated:** 2026-04-23
**Purpose:** Single entry point for "what to do next." Pick by audience and granularity.
**Latest automation run (2026-03-28):** `./scripts/run-completable-tasks-from-anywhere.sh` completed (config validation, 61/61 on-chain, validation, reconcile print). `./scripts/run-all-operator-tasks-from-lan.sh --skip-backup` completed (NPMplus 40 hosts updated, Blockscout verification batch submitted). **Besu node lists:** push canonical `config/besu-node-lists/*` with `bash scripts/deploy-besu-node-lists-to-all.sh`; reload with `bash scripts/besu/restart-besu-reload-node-lists.sh` during a maintenance window if peers do not pick up static nodes without restart.
**Latest automation run (2026-04-23):** `./scripts/run-completable-tasks-from-anywhere.sh --dry-run --json-out reports/status/run-completable-tasks-latest.json` completed and `bash scripts/verify/run-all-validation.sh --skip-genesis --json-out reports/status/run-all-validation-latest.json` passed, refreshing the current 61/61 on-chain-aware no-LAN flow plus advisory Solana/Tron/XRPL status. `./scripts/run-all-operator-tasks-from-lan.sh --skip-backup` remains the LAN/operator follow-on when secrets and host access are available. **Besu node lists:** push canonical `config/besu-node-lists/*` with `bash scripts/deploy-besu-node-lists-to-all.sh`; reload with `bash scripts/besu/restart-besu-reload-node-lists.sh` during a maintenance window if peers do not pick up static nodes without restart.
**Documentation index:** [../MASTER_INDEX.md](../MASTER_INDEX.md) — canonical docs, deprecated list, and navigation.
**Repo-local recommendation tracker:** [REPO_LOCAL_RECOMMENDATIONS_STATUS.md](REPO_LOCAL_RECOMMENDATIONS_STATUS.md) — current slice of recommendations that can be advanced directly in this workspace.
**Continue and complete (operator/LAN):** (1) `./scripts/run-completable-tasks-from-anywhere.sh` then (2) `./scripts/run-all-operator-tasks-from-lan.sh` (use `--skip-backup` if `NPM_PASSWORD` not set). Operator scripts load dotenv automatically.
@@ -15,7 +16,7 @@
| # | Action | Command / doc | Status |
|---|--------|----------------|--------|
| 1 | From anywhere: config + on-chain + validation | `./scripts/run-completable-tasks-from-anywhere.sh` | Done 2026-03-02 |
| 1 | From anywhere: config + on-chain + validation | `./scripts/run-completable-tasks-from-anywhere.sh [--json-out reports/status/run-completable-tasks-latest.json]` | Done 2026-04-23 |
| 2 | Before Chain 138 deploy: preflight (RPC, dotenv, nonce, cost) | `./scripts/deployment/preflight-chain138-deploy.sh [--cost]` | Done 2026-03-02 |
| 3 | **Chain 138 next steps (all in one):** preflight → mirror+pool → register c* as GRU → verify | `./scripts/deployment/run-all-next-steps-chain138.sh [--dry-run] [--skip-mirror] [--skip-register-gru] [--skip-verify]` | Done 2026-03-02 |
| 4 | Full deployment order (Phase 06) | [DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) | Remaining (Operator) |

2
docs/00-meta/NEXT_STEPS_OPERATOR.md
View File

@@ -243,7 +243,7 @@ From **LAN** (SSH to Proxmox + reach NPMplus):
## After running "complete all next steps"
1. **Automated (workspace):** `bash scripts/run-all-next-steps.sh` — report in `docs/04-configuration/verification-evidence/NEXT_STEPS_RUN_*.md`.
2. **Validators + tx-pool:** `bash scripts/fix-all-validators-and-txpool.sh` (requires SSH to .10, .11).
2. **Validators + tx-pool:** `bash scripts/fix-all-validators-and-txpool.sh` then `bash scripts/maintenance/apply-chain138-strict-future-tx-pool.sh` then `bash scripts/clear-all-transaction-pools.sh` (requires SSH to .11, .12, .13, .14).
3. **Flush stuck tx (if any):** `bash scripts/flush-stuck-tx-rpc-and-validators.sh --full` (clears RPC 2101 + validators 10001004).
4. **Verify from LAN:** From a host on 192.168.11.x run `bash scripts/monitoring/monitor-blockchain-health.sh` and `bash scripts/skip-stuck-transactions.sh`. See [NEXT_STEPS_COMPLETION_RUN_20260208.md](../04-configuration/verification-evidence/NEXT_STEPS_COMPLETION_RUN_20260208.md) § Verify from LAN.

1
docs/00-meta/OPERATOR_CREDENTIALS_CHECKLIST.md
View File

@@ -19,6 +19,7 @@
| **RPC_URL_138** (Chain 138 Core) | Deploy, verify, on-chain check | e.g. `http://192.168.11.211:8545` in `.env` |
| **NPM_PASSWORD** | NPMplus backup, proxy host updates (502 fix) | `smom-dbis-138/.env` or root `.env`; from NPMplus UI |
| **SSH to Proxmox** (e.g. root@192.168.11.10) | run-all-maintenance-via-proxmox-ssh, VM/CT creation, token-aggregation fix | SSH key or password to Proxmox host |
| **SSH to dev VM** (CT 5700, `192.168.11.59`) | Gitea runner, `phoenix-deploy-api`, remote operator / automation (e.g. Devin) | LAN, VPN, UDM `76.53.10.40:22` allowlist, or [Cloudflare Tunnel + Access](../04-configuration/DEV_VM_SSH_REMOTE_ACCESS.md) |
| **LINK** (on Chain 138 for bridge) | sendCrossChain (real); CCIP fees | Deployer wallet must hold LINK and approve bridge |
| **Native gas (ETH/138)** | All Chain 138 deploys and txs | Deployer `0x4A66...` funded on 138 |
| **Per-chain RPC + gas (Celo, Wemix, Gnosis)** | CCIP bridges deploy | CELO ~0.1, WEMIX ~0.4; RPC URLs in .env |

80
docs/00-meta/OPERATOR_HANDOFF_2026_04_24.md Normal file
View File

@@ -0,0 +1,80 @@
# Operator Handoff — 2026-04-24
Purpose: concise handoff for the Chain 138 Besu hardening, repo cleanup, and Git/Gitea recovery work completed on 2026-04-24.
## What changed
- Chain 138 block production and validator peer health were restored and hardened.
- Strict future-txpool handling is now part of the standard incident path.
- Duplicate legacy Besu RPC CTs were first retired, then destroyed after the canonical fleet was verified healthy.
- Besu inventory was reconciled across all 5 Proxmox nodes, including `r630-03` and `r630-04`.
- `1509` and `1510` were promoted into the canonical Besu inventory and checked-in allowlists/templates.
- A cluster-wide Besu inventory audit was added so host-placement ambiguity is caught mechanically.
- Surgical repo cleanup was completed, nested repos were cleaned and pushed, and the parent repo was reconciled across Gitea and GitHub.
- `gitea.d-bis.org` TLS was repaired after an expired certificate blocked HTTPS pushes.
## Current live status
As of the final 2026-04-24 checks:
- `bash scripts/monitoring/monitor-blockchain-health.sh`
- block production active
- all 5 validators active
- RPC peer count healthy
- global txpool empty
- overall status `HEALTHY`
- `bash scripts/verify/check-cluster-besu-inventory.sh --json`
- all 5 Proxmox nodes online
- `missing_canonical_vmids = []`
- `unexpected_besu_resources = []`
## Canonical Chain 138 incident sequence
Use this exact sequence when block production stalls, pending hashes keep reappearing, or future-nonce residue survives a normal txpool clear:
```bash
bash scripts/fix-all-validators-and-txpool.sh
bash scripts/maintenance/apply-chain138-strict-future-tx-pool.sh
bash scripts/clear-all-transaction-pools.sh
bash scripts/monitoring/monitor-blockchain-health.sh
```
## Gitea TLS follow-up
The immediate HTTPS push blocker was an expired certificate on `gitea.d-bis.org`. The certificate was renewed and reattached through NPMplus #4, and the endpoint now verifies cleanly again.
Root cause of the short warning window: the live NPMplus certbot renewal config for `npm-7` included `required_profile = shortlived`, which forced a 7-day Let's Encrypt certificate instead of the normal 90-day issuance.
That live config was corrected on 2026-04-24 and `gitea.d-bis.org` was reissued successfully. The current live certificate now expires on `2026-07-24`.
Use this to check expiry before it becomes an outage:
```bash
bash scripts/verify/check-gitea-certificate-expiry.sh
WARN_DAYS=30 bash scripts/verify/check-gitea-certificate-expiry.sh
bash scripts/maintenance/schedule-gitea-cert-check-cron.sh --install
```
## Checkpoint commits
Key parent-repo commits in the final reconciliation chain:
- `a4738c1` merge of `gitea/master` into cleaned local `master`
- `c23fdf4` explorer submodule alignment to a remote-backed commit
- `7e2d9c5` the-order hook fix pointer update
- `a1eacd3` duplicate Besu CT destruction + cluster inventory audit
- `780648a` thirdweb sentries added to checked-in allowlists/templates
- `219247b` Besu verifier gaps and monitor noise cleanup
Key nested-repo commits:
- `cross-chain-pmm-lps` `1cf845c`
- `explorer-monorepo` remote already contained the equivalent live deploy workflow
- `smom-dbis-138` `f3d2961`
- `the-order` `702a836`
## Recommended operator habits
- Run `bash scripts/verify/check-cluster-besu-inventory.sh --json` after major topology or host-placement changes.
- Run `bash scripts/verify/check-gitea-certificate-expiry.sh` periodically or wire it into a cron/monitoring path.
- Keep parent-repo submodule pointer pushes behind successful child-repo pushes so no local-only hashes leak into the parent history.

4
docs/00-meta/OPERATOR_READY_CHECKLIST.md
View File

@@ -15,6 +15,10 @@
**Current live execution path:** [LIVE_SESSION_CRONOS_AND_TIER1_PHASE_C.md](../03-deployment/LIVE_SESSION_CRONOS_AND_TIER1_PHASE_C.md) — close Cronos config + LINK, then activate Tier 1 Phase C on Gnosis, Polygon, and BSC. **Current priority docs:** [FULLY_OPERATIONAL_EXECUTION_CHECKLIST.md](FULLY_OPERATIONAL_EXECUTION_CHECKLIST.md), [PHASE_C_PROFIT_FIRST_PRIORITY.md](../03-deployment/PHASE_C_PROFIT_FIRST_PRIORITY.md), [PHASE_C_TIER1_EXECUTION_TASK_SHEET.md](../03-deployment/PHASE_C_TIER1_EXECUTION_TASK_SHEET.md).
**Chain 138 txpool incident standard path:** `bash scripts/fix-all-validators-and-txpool.sh` then `bash scripts/maintenance/apply-chain138-strict-future-tx-pool.sh` then `bash scripts/clear-all-transaction-pools.sh` then `bash scripts/monitoring/monitor-blockchain-health.sh`. Use this sequence when block production stalls, pending hashes keep reappearing, or future-nonce residue survives a normal txpool clear.
**Gitea HTTPS push safeguard:** `bash scripts/verify/check-gitea-certificate-expiry.sh` (optional: `WARN_DAYS=30 bash scripts/verify/check-gitea-certificate-expiry.sh`). Use this when Git over HTTPS starts failing, or run it proactively before major push/deploy windows. To keep it checked automatically: `bash scripts/maintenance/schedule-gitea-cert-check-cron.sh --install`.
---
## Completed in this session (2026-03-26)

70
docs/00-meta/REPO_LOCAL_RECOMMENDATIONS_STATUS.md Normal file
View File

@@ -0,0 +1,70 @@
# Repo-Local Recommendations Status
**Purpose:** Track the recommendations that can be advanced directly in this repo without requiring LAN-only access, private credentials, or third-party approvals.
**Canonical sources:** [ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md), [ADDITIONAL_RECOMMENDATIONS_TABLE.md](ADDITIONAL_RECOMMENDATIONS_TABLE.md), [RECOMMENDATIONS_AND_SUGGESTIONS.md](../10-best-practices/RECOMMENDATIONS_AND_SUGGESTIONS.md).
**Interpretation rule:** This page is only for **repo-local execution**. Operator/LAN tasks and external/vendor tasks stay in their own runbooks and checklists.
---
## Recently advanced in this workspace
| Area | Recommendation thread | Repo-local progress |
|---|---|---|
| Script UX | Progress indicators / execution visibility | `scripts/run-completable-tasks-from-anywhere.sh` and `scripts/verify/run-all-validation.sh` now print start time, per-step timing, and total elapsed time. |
| Metrics collection | Machine-readable run summaries | `scripts/lib/run-summary.sh` now backs optional `--json-out` summaries for the two main no-LAN runners, writing per-step status/timing JSON under `reports/status/` when requested. |
| Wrapper consistency | Shared summary coverage on orchestration entry points | The E2E, Chain 138 next-steps, and LAN operator wrappers now also expose optional `--json-out` summaries using the same shared helper. |
| Monitoring / health checks | Public non-EVM reachability + lane status | Added `scripts/verify/check-non-evm-network-health.sh`, `scripts/verify/build-non-evm-lane-status.py`, and generated outputs under `reports/status/`. |
| Documentation accuracy | Keep docs aligned with current runner behavior | Stale `Step 1/44/4` references were refreshed to the current five-step runner behavior. |
| Documentation discoverability | Cross-links from canonical entry points | Added non-EVM health/lane references to `MASTER_INDEX.md`, `NEXT_STEPS_INDEX.md`, and `scripts/verify/README.md`. |
---
## Repo-local recommendation buckets
### 1. In progress now
| Recommendation | Status | Current repo state |
|---|---|---|
| Progress indicators in scripts | Completed for canonical high-use wrappers | Main no-LAN runners plus the E2E, Chain 138 orchestration, and LAN operator wrappers now show clear execution progress and timing. |
| Improve troubleshooting and quick-reference discoverability | Advanced | Existing quick-reference and troubleshooting docs are present; index coverage is being improved incrementally instead of creating duplicates. |
| Script header consistency | Partially addressed | New scripts follow the header pattern; older scripts still vary. Use [SCRIPT_HEADER_TEMPLATE.md](../10-best-practices/SCRIPT_HEADER_TEMPLATE.md) when touching them. |
| Documentation accuracy review | Ongoing | Current pass fixed runner-step drift and added new reference links; broader stale-status review remains ongoing. |
### 2. Ready for more repo-local work
| Recommendation | Why it is still repo-local | Suggested next move |
|---|---|---|
| Script header/template normalization | Completed for touched canonical wrappers | High-use wrapper scripts edited in this pass now follow the current header/help/argument-validation pattern. |
| Input validation in scripts | Completed for touched canonical wrappers | The main wrapper scripts now reject unknown args and validate `--wave` / `--json-out` input rather than silently accepting drift. |
| Structured logging for scripts | Advanced | Shared timing/summary behavior is centralized in `scripts/lib/run-summary.sh`; deeper log-level normalization outside the canonical wrappers is no longer part of the active repo-local backlog. |
| Developer documentation / standards | Completed for current canonical flows | Canonical docs now reflect current five-step/no-LAN flow, current 61-address on-chain checks, and summary JSON support. |
| Metrics collection for script execution | Completed for canonical wrappers | Main no-LAN, E2E, Chain 138, and LAN operator wrappers now support optional `--json-out` summaries with per-step status/timing. |
### 3. Not repo-local in this workspace
| Recommendation | Reason |
|---|---|
| Blockscout verification settlement, Proxmox firewall changes, SSH hardening, validator key permissions | Requires LAN/host access and sometimes secrets. |
| CoinGecko / CMC / Ledger / Trust Wallet / Consensys / Chainlist submissions | Requires external accounts, outreach, or third-party review. |
| Real bridge sends, operator backups, Proxmox VM provisioning | Requires private keys, LAN, or live infrastructure changes. |
---
## Current repo-local completion state
The currently identified **repo-local** recommendation backlog in the canonical trackers has been advanced to completion for the main wrapper scripts, validation runners, and index docs. What remains is either:
1. operator/LAN execution,
2. secrets-required live actions,
3. third-party/vendor follow-through,
4. or future maintenance when script behavior changes again.
---
## Pointers
- For **all** recommendations: [ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md)
- For **operator / LAN** actions: [RECOMMENDATIONS_OPERATOR_CHECKLIST.md](RECOMMENDATIONS_OPERATOR_CHECKLIST.md)
- For **next-step routing**: [NEXT_STEPS_INDEX.md](NEXT_STEPS_INDEX.md)

12
docs/00-meta/TODOS_CONSOLIDATED.md
View File

@@ -1,16 +1,18 @@
# TODOs — Consolidated Task List
**Last Updated:** 2026-03-28
**Last Updated:** 2026-04-23
**Last verification run:** 2026-03-28 — completable ✅ (61/61 on-chain), operator `--skip-backup` ✅ (NPMplus 40 hosts updated, Blockscout verify batch). Prior 2026-03-06 run: validate-config ✅, check-contracts, PMM pool balances ✅ (Pool 1: 2M/2M), preflight ✅, token-aggregation build ✅, E2E routing ✅ (37 domains, 0 failed). **Mint + add-liquidity** 2026-03-06: 1M each minted, 500k each added. **Next-steps check:** [NEXT_STEPS_LIST.md](NEXT_STEPS_LIST.md); B.1/B.2/B.3 partially blocked (WEMIX tabled; LINK relay runbook pending).
**Purpose:** Single checklist of all next steps and remaining tasks. **Indonesia / HYBX-BATCH-001 zip (4.995 ship-ready):** [HYBX-BATCH-001 — transaction package ship-ready](#hybx-batch-001--transaction-package-ship-ready-4995) below. **Full execution order (multiple routes + liquidity):** [EXECUTION_CHECKLIST_MULTIPLE_ROUTES_AND_LIQUIDITY.md](EXECUTION_CHECKLIST_MULTIPLE_ROUTES_AND_LIQUIDITY.md). **Additional paths (registry, LiFi/Jumper, Etherlink, 13×13):** [ADDITIONAL_PATHS_AND_EXTENSIONS.md](../04-configuration/ADDITIONAL_PATHS_AND_EXTENSIONS.md). **Dotenv/markdown audit (required info, gaps, recommendations):** [DOTENV_AND_MARKDOWN_AUDIT_GAPS_AND_RECOMMENDATIONS.md](DOTENV_AND_MARKDOWN_AUDIT_GAPS_AND_RECOMMENDATIONS.md). Source of truth for the full list: [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md). **Token deployments remaining:** [TOKEN_CONTRACT_DEPLOYMENTS_REMAINING.md](../11-references/TOKEN_CONTRACT_DEPLOYMENTS_REMAINING.md). **Routing / swap / cross-chain:** [TASKS_ROUTING_SWAP_CROSSCHAIN.md](TASKS_ROUTING_SWAP_CROSSCHAIN.md) (A1A5, B1B8, C1C8, D1D3, E1E2). **Verified list (LAN/Operator):** [REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md](REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md) — run bash/curl to confirm; doc updated 2026-03-03.
**Quick run:** From anywhere (no LAN): `./scripts/run-completable-tasks-from-anywhere.sh`. Before Chain 138 deploy: `./scripts/deployment/preflight-chain138-deploy.sh [--cost]`. **Chain 138 next steps (all in one):** `./scripts/deployment/run-all-next-steps-chain138.sh [--dry-run] [--skip-mirror] [--skip-register-gru] [--skip-verify]` — preflight → mirror+pool → register c* as GRU → verify. From LAN with secrets: `./scripts/run-all-operator-tasks-from-lan.sh [--deploy] [--create-vms]`. **E2E flows (full parallel):** `./scripts/run-e2e-flow-tasks-full-parallel.sh [--dry-run]` — [TASKS_TO_INCREASE_ALL_E2E_FLOWS](TASKS_TO_INCREASE_ALL_E2E_FLOWS.md).
**Quick run:** From anywhere (no LAN): `./scripts/run-completable-tasks-from-anywhere.sh [--json-out reports/status/run-completable-tasks-latest.json]`. Before Chain 138 deploy: `./scripts/deployment/preflight-chain138-deploy.sh [--cost]`. **Chain 138 next steps (all in one):** `./scripts/deployment/run-all-next-steps-chain138.sh [--dry-run] [--skip-mirror] [--skip-register-gru] [--skip-verify] [--json-out reports/status/run-all-next-steps-chain138-latest.json]` — preflight → mirror+pool → register c* as GRU → verify. From LAN with secrets: `./scripts/run-all-operator-tasks-from-lan.sh [--deploy] [--create-vms] [--json-out reports/status/run-all-operator-tasks-latest.json]`. **E2E flows (full parallel):** `./scripts/run-e2e-flow-tasks-full-parallel.sh [--dry-run] [--json-out reports/status/run-e2e-flow-tasks-latest.json]` — [TASKS_TO_INCREASE_ALL_E2E_FLOWS](TASKS_TO_INCREASE_ALL_E2E_FLOWS.md).
**Full deployment order:** [DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) — Phase 06. **Remaining for full network coverage:** [REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md](../03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md) — A: mint + add liquidity (138) → BD. **Status to continue (before Phase A mint):** [REMAINING_DEPLOYMENTS § Status to continue](../03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md) and [CORE_RPC_2101_2102_TXPOOL_ADMIN_STATUS §7](../04-configuration/CORE_RPC_2101_2102_TXPOOL_ADMIN_STATUS.md) — restart validator 1004, clear tx pool, then mint. **Phase execution 2026-03-04:** A.1 attempted (tx timeout); A.2 pending; B.1 Celo ✅; B.2 Wemix blocked; B.3 fund-ccip ready; Phase C/D runbooks. **Full plan:** [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md).
**Last completable run (2026-03-02):** Config validation OK; on-chain 59/59; run-all-validation --skip-genesis OK; reconcile-env. **Preflight** and **run-all-next-steps-chain138.sh** run: preflight passed; mirror/pool present; 12 c* already GRU-registered; verification 59/59. Documentation: MASTER_INDEX, README, RUNBOOKS_MASTER_INDEX created; deprecated list and consolidation plan updated. Progress indicators (Step 1/44/4) in run-completable-tasks-from-anywhere.sh. E2E flow tasks script and doc updates (ADDRESS_MATRIX_AND_STATUS, RECOMMENDATIONS R2, NEXT_STEPS_FOR_YOU) completed. **Optional completed (2026-02-27 / 2026-03-01):** DeployCompliantFiatTokens (10 tokens); Blockscout verification; MCP allowlist-138; add-liquidity runbook; token-aggregation fallbacks + ENV_EXAMPLE_CONTENT; E2E routing verification; PMM_DEX_ROUTING_STATUS + REQUIRED_FIXES_AND_DEPLOYMENTS_STATUS updated; cCADT line (commented) in DeployCompliantFiatTokens.s.sol. **Within-scope list (2026-02-27):** CompliantWrappedToken.sol; DeployCompliantFiatTokensForChain.s.sol (c* any chain); DeployCWTokens.s.sol (cWUSDT/cWUSDC); deploy-tokens-and-weth-all-chains-skip-canonical.sh extended with --deploy-c, --deploy-cw, 651940 env validation; TOKENS_DEPLOYER_DEPLOYED_ON_OTHER_CHAINS §6 implemented; ENV_EXAMPLE_CONTENT c*/cW*/651940 vars. **2026-02-27:** Deployment order doc, preflight script, deployment safety added; todos synced.
**Latest repo-local automation refresh (2026-04-23):** `run-all-validation.sh --skip-genesis --json-out reports/status/run-all-validation-latest.json` passed; advisory non-EVM reachability refreshed (Solana slot 415173228, Tron block 82099136 / chain id 728126428, XRPL validated ledger 103760578). The canonical wrapper scripts now support optional machine-readable run summaries via `--json-out`: `run-completable-tasks-from-anywhere.sh`, `run-e2e-flow-tasks-full-parallel.sh`, `run-all-next-steps-chain138.sh`, and `run-all-operator-tasks-from-lan.sh`.
**Verified (LAN/Operator) 2026-03-06:** Preflight ✅; Core RPC 192.168.11.211:8545 ✅; deployer balance script ✅ (native ETH OK; WETH/cUSDT/cUSDC = 0 → add liquidity blocked); on-chain 59/59 ✅; config validation ✅; token-aggregation build ✅; E2E 502s fixed (address-all-remaining-502s + NPM; E2E 37 domains 0 failed); operator script run ✅ (NPMplus RPC fix, Blockscout verify). **Earlier:** 2026-03-0304 deployer balance, on-chain, DODOPMMIntegration canonical cUSDT/cUSDC — [EXPLORER_TOKEN_LIST_CROSSCHECK](../11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md) §8.
**Last completable run (current canonical flow):** Config validation OK; on-chain 61/61; run-all-validation --skip-genesis OK; non-EVM status refresh OK; reconcile-env. **Preflight** and **run-all-next-steps-chain138.sh** run: preflight passed; mirror/pool present; 12 c* already GRU-registered; verification 61/61. Documentation: MASTER_INDEX, README, RUNBOOKS_MASTER_INDEX created; deprecated list and consolidation plan updated. Progress indicators and summary JSON support were added across the canonical wrapper scripts. **Optional completed (2026-02-27 / 2026-03-01):** DeployCompliantFiatTokens (10 tokens); Blockscout verification; MCP allowlist-138; add-liquidity runbook; token-aggregation fallbacks + ENV_EXAMPLE_CONTENT; E2E routing verification; PMM_DEX_ROUTING_STATUS + REQUIRED_FIXES_AND_DEPLOYMENTS_STATUS updated; cCADT line (commented) in DeployCompliantFiatTokens.s.sol. **Within-scope list (2026-02-27):** CompliantWrappedToken.sol; DeployCompliantFiatTokensForChain.s.sol (c* any chain); DeployCWTokens.s.sol (cWUSDT/cWUSDC); deploy-tokens-and-weth-all-chains-skip-canonical.sh extended with --deploy-c, --deploy-cw, 651940 env validation; TOKENS_DEPLOYER_DEPLOYED_ON_OTHER_CHAINS §6 implemented; ENV_EXAMPLE_CONTENT c*/cW*/651940 vars. **2026-02-27:** Deployment order doc, preflight script, deployment safety added; todos synced.
**Verified (LAN/Operator) 2026-03-06:** Preflight ✅; Core RPC 192.168.11.211:8545 ✅; deployer balance script ✅ (native ETH OK; WETH/cUSDT/cUSDC = 0 → add liquidity blocked); on-chain 59/59 at the time ✅; config validation ✅; token-aggregation build ✅; E2E 502s fixed (address-all-remaining-502s + NPM; E2E 37 domains 0 failed); operator script run ✅ (NPMplus RPC fix, Blockscout verify). **Current canonical on-chain check:** 61/61. **Earlier:** 2026-03-0304 deployer balance, on-chain, DODOPMMIntegration canonical cUSDT/cUSDC — [EXPLORER_TOKEN_LIST_CROSSCHECK](../11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md) §8.
**Operator copy-paste commands:** [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md) — one page with exact commands for every pending todo.
@@ -65,7 +67,7 @@
## First (before any Chain 138 deploy)
Verified 2026-03-06: preflight ✅, 0a balance check ✅ (script runs; WETH/cUSDT/cUSDC = 0), config validation ✅, on-chain 59/59 . Re-run 0a/0/0c before each deploy.
Verified 2026-03-06: preflight ✅, 0a balance check ✅ (script runs; WETH/cUSDT/cUSDC = 0), config validation ✅, on-chain 59/59 at the time ✅. Current canonical on-chain check: 61/61. Re-run 0a/0/0c before each deploy.
| # | Task | Owner | Ref |
|---|------|--------|-----|

147
docs/02-architecture/CLIENT_DIVISION_TERMINOLOGY.md Normal file
View File

@@ -0,0 +1,147 @@
# Client And Division Terminology
**Last Updated:** 2026-04-22
**Status:** Canonical terminology baseline for Phoenix, Sankofa, and Gitea alignment
**Related:** [PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md](PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md), [EXPECTED_WEB_CONTENT.md](EXPECTED_WEB_CONTENT.md), [SERVICE_DESCRIPTIONS.md](SERVICE_DESCRIPTIONS.md), [../04-configuration/PHOENIX_DEPLOY_API_GITEA_INTEGRATION.md](../04-configuration/PHOENIX_DEPLOY_API_GITEA_INTEGRATION.md)
---
## Purpose
Define the canonical vocabulary for the **commercial / governance layer** and keep it distinct from:
- **technical tenancy**
- **identity provider terminology**
- **network / infrastructure placement terminology**
- **Mifos / Fineract business-model terminology**
Use these terms consistently in docs, APIs, config, and UI copy unless a client requires a more specific business label.
---
## Canonical mappings
| Canonical term | Equivalent / current implementation | Use |
|----------------|--------------------------------------|-----|
| **Client** | GitHub **Enterprise**; Azure **billing profile**; current Gitea **Organization** | Top-level commercial / governance account |
| **Division** | Client-specific subdivision | Generic umbrella term below Client |
| **Division type** | `realm`, `nexus`, `department`, `program`, `legal_entity`, `region`, `office`, `workspace`, etc. | Technical normalization of how a client structures divisions |
| **Tenant** | Phoenix / Kubernetes / app isolation unit | Technical tenancy only |
| **Site** | Proxmox / network / physical location | Infrastructure placement only |
**Rule:** when the repo needs a neutral term, prefer **Client** and **Division**.
---
## Current clients
These are the canonical Phoenix client records and should be treated as the top governance / commercial layer:
- `DBIS`
- `ICCC`
- `OMNL`
- `XOM`
- `AR`
- `EI`
- `PANDA`
- `SAID`
In current Gitea implementation, each of these maps to an **Organization**.
In Phoenix product language, each of these maps to a **Client**.
---
## Division model
Each client may implement subdivisions differently. Phoenix must remain flexible enough to support:
- business labels that are client-specific
- multiple subdivision types under one client
- optional mapping from business divisions to technical tenants
Recommended normalized model:
```text
Client
Division
Repository / App / Service / Workspace / Environment
```
Examples:
- `AR`
- divisions labeled **Realms**
- divisions labeled **Nexus**
- `OMNL`
- divisions labeled **legal entities**
- divisions labeled **programs**
- divisions labeled **regional offices**
- `DBIS`
- divisions labeled **departments**
- divisions labeled **member institutions**
- divisions labeled **programs**
---
## Reserved words and collision policy
The following words already carry specific meanings in the repo and should **not** be used as the global neutral replacement for Division.
| Term | Reserved meaning | Why it is not the generic business term |
|------|------------------|------------------------------------------|
| **Realm** | Keycloak / OIDC identity boundary; also AR-specific business label | Would collide with both identity and AR business language |
| **Tenant** | Technical isolation boundary in Phoenix / Kubernetes / app models | Already used for namespaces, RBAC, and multi-tenant platform semantics |
| **Site** | Physical / infrastructure placement (Proxmox, network, datacenter) | Already means location / topology |
| **Office** | Org-chart / Fineract / institutional office structure | Too domain-specific for use as the global subdivision primitive |
| **Nexus** | Sankofa / Phoenix branding and AR-specific division label | Strong branding meaning; not stable as a generic structural term |
---
## Implementation guidance
### Docs
- Use **Client** for the top account layer.
- Use **Division** when discussing subdivisions generically.
- Use the client-native label only when the business context needs it.
- Example: “AR division type: `realm`
- Example: “Keycloak realm”
### UI
- Internal platform/admin UI may display:
- `Client`
- `Division`
- Client-facing UI may replace `Division` with the clients native label.
- Example: `Realm`
- Example: `Program Office`
- Example: `Legal Entity`
### API / config
- Prefer normalized fields such as:
- `clientId`
- `divisionId`
- `divisionType`
- `tenantId`
- `siteId`
- Avoid overloading:
- `realm`
- `tenant`
- `site`
unless that exact platform-specific meaning is intended.
---
## Interpretation guide
When reading older docs in this repo:
- “organization” in Gitea context usually means **Client**
- “tenant” in Phoenix platform context usually means **technical tenant**, not client
- “realm” in identity docs means **Keycloak realm**
- “site” means **infrastructure location**
If a document mixes these layers, update it toward this terminology baseline.

273
docs/02-architecture/DBIS_ECOSYSTEM_TECHNICAL_MASTER_PLAN.md Normal file
View File

@@ -0,0 +1,273 @@
# DBIS Ecosystem Technical Master Plan
**Last Updated:** 2026-04-24
**Audience:** Engineering, operators, architecture owners, and program owners
**Mode:** Execution-oriented umbrella root for the live and planned DBIS ecosystem
## 1. Purpose And Decision Rules
This document is the canonical ecosystem root for the DBIS stack across the main repo and materially relevant submodules. It does not replace the narrower plans. It sits above them, normalizes status and terminology, and defines which source wins when specialized documents disagree.
### Canonical source priority
When two documents disagree, use this order:
1. machine-readable config and trackers
2. implementation and validation scripts
3. specialized canonical docs and runbooks
4. older narrative plans
### Status vocabulary
- `live`: repo, operator runtime, and current evidence all support production use
- `partially live`: some production components are live, but important slices are still missing or constrained
- `repo-implemented`: implemented in repo or submodule, but not yet fully promoted operator-live
- `operator-only`: present or recoverable in runtime, but not fully codified in repo truth yet
- `planned`: intentionally designed, but not yet implemented enough to rely on
- `blocked external`: progress depends on vendor, network, institutional, or third-party inputs
- `retired`: no longer part of the target system except as history or compatibility residue
### Subordinate source plans
This umbrella root governs these narrower artifacts:
- [dbis_chain_138_technical_master_plan.md](/home/intlc/projects/proxmox/dbis_chain_138_technical_master_plan.md): Chain 138 infrastructure and runtime sub-plan
- [DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md](/home/intlc/projects/proxmox/docs/03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md): institutional settlement execution tracker
- [URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md](/home/intlc/projects/proxmox/docs/04-configuration/universal-resource-activation/URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md): policy and activation control-plane tracker
## 2. Current Live Ecosystem Baseline
### Baseline status map
| Subsystem | Current state | Status | Primary workstream | Canonical references |
|---|---|---:|---:|---|
| Besu / Chain 138 topology | 5 validators, canonical sentries and RPC tiers reconciled, duplicate legacy RPC CTs retired, cluster-wide inventory audit added | `live` | `W1` | [BESU_NODE_CONFIGURATION_MAP_20260424.md](/home/intlc/projects/proxmox/docs/06-besu/BESU_NODE_CONFIGURATION_MAP_20260424.md), [check-cluster-besu-inventory.sh](/home/intlc/projects/proxmox/scripts/verify/check-cluster-besu-inventory.sh) |
| DODO PMM / routing / public bridge surface | Chain 138 PMM core live; public routing surface codified; stablecoin and top-asset coverage documented, but route confidence is not yet first-class in quote APIs | `partially live` | `W2` | [DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md](/home/intlc/projects/proxmox/docs/11-references/DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md), [public-routing-coverage-matrix.json](/home/intlc/projects/proxmox/config/public-routing-coverage-matrix.json) |
| Explorer / RPC / public ingress | Explorer, RPC, and public ingress surfaces exist and are operator-usable; current runtime is healthy | `live` | `W1` | [RPC_ENDPOINTS_MASTER.md](/home/intlc/projects/proxmox/docs/04-configuration/RPC_ENDPOINTS_MASTER.md), [verify-end-to-end-routing.sh](/home/intlc/projects/proxmox/scripts/verify/verify-end-to-end-routing.sh) |
| Phoenix deploy API / deployment control | Phoenix deploy API, deploy targets, and repo validation are codified; broader control-plane integration is still being expanded | `partially live` | `W3` | [phoenix-deploy-api/server.js](/home/intlc/projects/proxmox/phoenix-deploy-api/server.js), [deploy-targets.json](/home/intlc/projects/proxmox/phoenix-deploy-api/deploy-targets.json) |
| URA manifest / policy profile flow | Manifest, policy profiles, registry hooks, merge/validate/smoke scripts, and ops-readiness surfaces exist in repo | `repo-implemented` | `W4` | [README.md](/home/intlc/projects/proxmox/docs/04-configuration/universal-resource-activation/README.md), [manifest.json](/home/intlc/projects/proxmox/config/universal-resource-activation/manifest.json), [policy-profiles.json](/home/intlc/projects/proxmox/config/universal-resource-activation/policy-profiles.json) |
| RTGS / DBIS Rail / OMNL / sidecars | execution trackers, catalogs, and first-slice architecture are substantial; some sidecar and institutional paths remain gated by operator work and external parties | `partially live` | `W5` | [DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md](/home/intlc/projects/proxmox/docs/03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md), [DBIS_RAIL_SETTLEMENT_EVENT_SOURCES.md](/home/intlc/projects/proxmox/docs/dbis-rail/DBIS_RAIL_SETTLEMENT_EVENT_SOURCES.md) |
| Hyperledger / identity / workflow stack | runtime status, identity decisions, and interoperability docs exist, but this is not yet a fully operator-live sovereign stack | `planned` | `W7` | [DBIS_HYPERLEDGER_RUNTIME_STATUS.md](/home/intlc/projects/proxmox/docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md), [DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md](/home/intlc/projects/proxmox/docs/03-deployment/DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md) |
| Proxmox / NPMplus / operator automation | Proxmox topology, audits, NPMplus/Gitea TLS checks, operator wrappers, and evidence scripts are live and actively used | `live` | `W8` | [PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md](/home/intlc/projects/proxmox/docs/03-deployment/PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md), [proxmox-operational-template.json](/home/intlc/projects/proxmox/config/proxmox-operational-template.json), [monitor-blockchain-health.sh](/home/intlc/projects/proxmox/scripts/monitoring/monitor-blockchain-health.sh) |
### Baseline summary by subsystem
#### Besu / Chain 138 topology and role model
The canonical Besu fleet now spans all current Proxmox cluster hosts, with reconciled validators, sentries, RPC classes, and an explicit cluster inventory audit. The current baseline supports healthy block production, empty txpool checks, and host-placement reconciliation as operator truth.
#### DODO PMM / routing / public-network bridge surface
Chain 138 has live PMM infrastructure, stablecoin and compliant asset inventory, and a documented path from Chain 138 assets through `WETH` to supported public EVM surfaces. Public coverage is now documented, but route selection still lacks a native confidence and policy gate.
#### Explorer / RPC / public ingress
Public ingress, explorer surfaces, and RPC endpoint classes are live enough for current operator use. The topology is healthier and more explicit than before, but still benefits from further control-plane normalization.
#### Phoenix deploy API / deployment control surfaces
Phoenix has codified deploy targets, API routes, and validation gates. It is already a real deployment surface, but not yet the full policy-aware orchestration layer for route, institution, and activation decisions.
#### URA manifest and policy-profile flow
URA now has repo-native manifests, policy profiles, validation scripts, smoke tests, and a growing ops-readiness surface. The on-chain `PolicyProfileRegistry` in `smom-dbis-138` gives this stack a credible path from docs/config into enforceable control-plane state.
#### RTGS / DBIS Rail / OMNL / settlement sidecar baseline
The institutional settlement stack has real architecture, trackers, and execution references, including sidecar and OMNL evidence structures. It is substantial and strategically important, but still mixed between repo-implemented, operator-only, and blocked-external slices.
#### Hyperledger / identity / workflow runtime status
Identity and workflow architecture is clearly represented, but it remains more of a governed design direction than a fully promoted live runtime slice today.
#### Proxmox / NPMplus / operator automation baseline
The operator layer is one of the strongest current pieces: Proxmox inventory, Besu fleet audits, cert checks, validation wrappers, and deployment scripts now create a meaningful operational backbone for the ecosystem.
## 3. Target-State Architecture
### Sovereign compute and network topology
The target state is a multi-host sovereign Proxmox fabric with explicit node-class ownership, reconciled cluster inventory, deterministic Besu topology, and auditable ingress/control paths. Live runtime and checked-in template truth should converge, with cluster-resource discovery replacing host-blind assumptions.
### Settlement and routing plane
The routing plane should unify Chain 138 PMM liquidity, public EVM bridge exits, ALL Mainnet venue surface, and destination-chain liquidity into one evidence-backed routing layer. The target is not merely “can bridge” or “can swap,” but “can produce a policy-permitted route with current evidence and measurable confidence.”
### Policy and activation control plane
The canonical next-generation control plane is:
`URA manifest + policy profiles + PolicyProfileRegistry + route confidence`
This pattern should govern what is activated, where it is allowed, how it is quoted, and what evidence is required. It should integrate Phoenix deploy/control APIs, jurisdiction matrices, DBIS Rail gating, and on-chain publication where needed.
### Institutional RTGS / DBIS Rail / custody plane
The target institutional layer is a composable RTGS and DBIS Rail stack with explicit custody models, sidecar boundaries, settlement event sources, and compliance traceability. It should be capable of supporting first-slice operator reality while leaving room for more sovereign custody and settlement controls over time.
### Deployment and orchestration plane
Phoenix, operator wrappers, deploy manifests, and machine-readable trackers should converge into a single orchestration layer that knows what can be deployed, under what policy profile, and with what acceptance evidence.
### Identity / workflow / interoperability plane
Hyperledger, workflow, and identity systems should evolve from strategic design documents into explicitly gated environment slices with clear runtime ownership, integration boundaries, and promotion criteria.
### Observability / evidence / audit plane
The ecosystem should continuously produce validation outputs, cluster inventory, route coverage, and operator readiness evidence. The goal is for production gates to consume machine-readable proof, not just narrative claims.
## 4. Execution Workstreams
### W1. Besu / Chain 138 infrastructure and RPC topology
| Field | Value |
|---|---|
| Objective | Keep Chain 138 and the Besu fleet healthy, reconciled, and template-aligned across all cluster hosts |
| In-scope components | validators, sentries, RPC tiers, allowlists, generated node configs, Proxmox/Besu inventory and audits |
| Dependencies | Proxmox inventory truth, host placement, generated Besu configs, operator runbooks |
| Production gate | healthy block production, empty txpool or explained pending state, no canonical Besu inventory gaps |
| Evidence / output artifact | [check-cluster-besu-inventory.sh](/home/intlc/projects/proxmox/scripts/verify/check-cluster-besu-inventory.sh), [monitor-blockchain-health.sh](/home/intlc/projects/proxmox/scripts/monitoring/monitor-blockchain-health.sh) |
| Owner class | `mixed` |
### W2. Liquidity, PMM, bridge, and public routing coverage
| Field | Value |
|---|---|
| Objective | Turn current PMM and bridge capability into explicit, evidence-backed public routing coverage |
| In-scope components | DODO PMM, wrapped/public inventory, bridge receiver mapping, public routing matrix, destination DEX coverage |
| Dependencies | Chain 138 liquidity, bridge configs, destination-chain liquidity discovery, routing docs |
| Production gate | route coverage matrix current, bridge destination support explicit, stablecoin and top-asset tiers documented |
| Evidence / output artifact | [public-routing-coverage-matrix.json](/home/intlc/projects/proxmox/config/public-routing-coverage-matrix.json), [LIVE_ECOSYSTEM_FINANCIAL_INVENTORY_AND_ROUTING_GAPS_20260424.md](/home/intlc/projects/proxmox/reports/status/LIVE_ECOSYSTEM_FINANCIAL_INVENTORY_AND_ROUTING_GAPS_20260424.md) |
| Owner class | `mixed` |
### W3. Phoenix deploy/control-plane integration
| Field | Value |
|---|---|
| Objective | Make Phoenix the reliable orchestration and exposure surface for deployable ecosystem services |
| In-scope components | `phoenix-deploy-api`, deploy targets, deploy validation, public-sector and URA API surfaces |
| Dependencies | deploy-target accuracy, validation scripts, environment readiness, Gitea/Cloudflare/NPMplus stability |
| Production gate | deploy targets validate, Phoenix routes expose canonical manifests and control-plane surfaces, operator handoff remains current |
| Evidence / output artifact | [validate-config-files.sh](/home/intlc/projects/proxmox/scripts/validation/validate-config-files.sh), [phoenix-deploy-api/openapi.yaml](/home/intlc/projects/proxmox/phoenix-deploy-api/openapi.yaml) |
| Owner class | `mixed` |
### W4. URA manifest, policy profiles, registry, and route confidence
| Field | Value |
|---|---|
| Objective | Promote URA and policy profiles into the canonical activation and routing control plane |
| In-scope components | URA manifest, profile registry, merge/validate tooling, `PolicyProfileRegistry.sol`, route-confidence scoring, policy-aware quote/build interfaces |
| Dependencies | URA schemas, profile validation, Phoenix integration, DBIS Rail policy mapping, route evidence |
| Production gate | manifest and profiles validate, registry paths are coherent, route-confidence schema exists, quote/build surfaces can consume policy state |
| Evidence / output artifact | [URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md](/home/intlc/projects/proxmox/docs/04-configuration/universal-resource-activation/URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md), [PolicyProfileRegistry.sol](/home/intlc/projects/proxmox/smom-dbis-138/contracts/universal-resource/PolicyProfileRegistry.sol) |
| Owner class | `repo` |
### W5. DBIS RTGS / DBIS Rail / OMNL / settlement sidecars
| Field | Value |
|---|---|
| Objective | Convert the institutional settlement stack from fragmented plans into a staged production program |
| In-scope components | RTGS first slice, DBIS Rail, OMNL mappings, settlement event sources, custody and sidecar boundaries |
| Dependencies | policy profiles, jurisdiction traceability, institutional onboarding, external counterparties |
| Production gate | first-slice controls and sidecar boundaries explicit, evidence sources mapped, operator runbooks and checklists current |
| Evidence / output artifact | [DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md](/home/intlc/projects/proxmox/docs/03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md), [DBIS_RAIL_JURISDICTION_TRACEABILITY.md](/home/intlc/projects/proxmox/docs/dbis-rail/DBIS_RAIL_JURISDICTION_TRACEABILITY.md) |
| Owner class | `mixed` |
### W6. Jurisdiction / compliance and onboarding matrices
| Field | Value |
|---|---|
| Objective | Turn compliance and jurisdiction documentation into executable governance inputs for the ecosystem |
| In-scope components | jurisdiction catalog, compliance matrices, onboarding charter/playbook, DBIS Rail traceability links |
| Dependencies | policy profiles, RTGS/DBIS Rail architecture, institution onboarding references |
| Production gate | jurisdiction catalog current, matrix docs mapped to policy profiles, onboarding outputs traceable to control-plane requirements |
| Evidence / output artifact | [config/jurisdictions/catalog.v1.json](/home/intlc/projects/proxmox/config/jurisdictions/catalog.v1.json), [compliance-matrices/README.md](/home/intlc/projects/proxmox/docs/04-configuration/compliance-matrices/README.md) |
| Owner class | `repo` |
### W7. Identity / Hyperledger / interoperability stack
| Field | Value |
|---|---|
| Objective | Mature identity and interoperability architecture into a staged runtime program |
| In-scope components | Hyperledger runtime decisions, identity stack, workflow runtime, interoperability surfaces |
| Dependencies | sovereign compute readiness, institutional workstreams, policy controls, operator ownership |
| Production gate | runtime topology, ownership, and promotion criteria explicit enough to move from design into implementation slices |
| Evidence / output artifact | [DBIS_HYPERLEDGER_RUNTIME_STATUS.md](/home/intlc/projects/proxmox/docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md), [DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md](/home/intlc/projects/proxmox/docs/03-deployment/DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md) |
| Owner class | `planned` |
### W8. Observability, verification, evidence, and operator readiness
| Field | Value |
|---|---|
| Objective | Ensure the ecosystem can prove readiness and health through machine-readable evidence and operator workflows |
| In-scope components | validation wrappers, cluster audits, cert checks, route/readiness evidence, operator handoffs, deployment readiness artifacts |
| Dependencies | stable inventories, maintained runbooks, validation scripts, current indexes |
| Production gate | operator wrappers current, key cert/health checks automated, evidence docs indexed, validation gates passing |
| Evidence / output artifact | [run-all-validation.sh](/home/intlc/projects/proxmox/scripts/verify/run-all-validation.sh), [OPERATOR_HANDOFF_2026_04_24.md](/home/intlc/projects/proxmox/docs/00-meta/OPERATOR_HANDOFF_2026_04_24.md) |
| Owner class | `mixed` |
## 5. Near-Term Roadmap (012 Months)
### 03 months
- keep W1 healthy and template-aligned across all current cluster hosts
- finish promoting W4 from repo-implemented to operator-usable for manifest, policy profile, and registry paths
- wire route confidence into the same machine-readable family as URA and public routing coverage
- keep Phoenix deploy/control surfaces aligned with current manifests and deploy targets
### 36 months
- promote W2 from documented routing potential to policy-aware route coverage
- advance W5 first-slice institutional settlement and sidecar gates with evidence-backed operator readiness
- formalize W6 so jurisdiction and onboarding matrices act as real control inputs, not passive references
### 612 months
- integrate URA + policy profiles + route confidence into Phoenix/API quote/build surfaces
- make W8 evidence and operator readiness outputs sufficient for routine promotion gates
- move selected W7 identity/interoperability pieces from design status into repo-implemented slices where source-of-truth and ownership are explicit
## 6. Longer-Horizon Roadmap (1236 Months)
- deepen sovereignization of compute, control, and settlement dependencies
- expand beyond the current EVM-heavy bridge/routing surface into non-EVM lanes where evidence and policy can be enforced cleanly
- mature DBIS Rail, RTGS, and custody-sidecar systems into richer institutional operating models
- promote additional identity, workflow, and interoperability systems into governed runtime slices
- converge route-confidence, policy profiles, and settlement policy into one end-to-end institutional control plane
## 7. Open Blockers And External Dependencies
### Repo-solvable
- route-confidence schema and quote/build integration are not yet first-class
- Phoenix control-plane surfaces are not yet fully policy-aware
- some institutional and identity tracks remain split across multiple narrower docs without enough shared machine-readable state
### Operator-solvable
- some planned control-plane and settlement flows still depend on operator activation and deployment rather than fully codified automation
- runtime promotion for URA, sidecars, and some institutional slices still needs explicit environment rollout work
### External / vendor / network blockers
- counterparties, institutional integrations, and some network-specific dependencies remain outside repo control
- certain public-network and destination-liquidity expansions depend on third-party bridge, exchange, or ecosystem realities
- Wemix and other externally constrained paths remain subject to network or vendor-specific blockers
## Recommended Architectural Direction
The strongest near-term strategic recommendation is to adopt this as the canonical next-generation control-plane pattern:
`URA manifest + Policy Profile Registry + route confidence`
That pattern should be the bridge between:
- Phoenix deploy and control APIs
- jurisdiction and compliance matrices
- DBIS Rail and RTGS policy enforcement
- Besu/routing evidence and route selection
- on-chain publication of approved policy-profile state in `smom-dbis-138`
This is not distant speculation. It is the most important near-term architecture move because the repo already contains the beginnings of every major piece.

37
docs/02-architecture/PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md
View File

@@ -2,7 +2,7 @@
**Last Updated:** 2026-03-25
**Status:** Canonical baseline (reconciles assurance, Phoenix intent, and repo boundaries)
**Related:** [NON_GOALS.md](NON_GOALS.md), [EXPECTED_WEB_CONTENT.md](EXPECTED_WEB_CONTENT.md), [SERVICE_DESCRIPTIONS.md](SERVICE_DESCRIPTIONS.md), [BRAND_RELATIONSHIP.md](BRAND_RELATIONSHIP.md), [../11-references/COMPLETE_CREDENTIAL_EIDAS_PROGRAM_REPOS.md](../11-references/COMPLETE_CREDENTIAL_EIDAS_PROGRAM_REPOS.md), [config/public-sector-program-manifest.json](../../config/public-sector-program-manifest.json)
**Related:** [CLIENT_DIVISION_TERMINOLOGY.md](CLIENT_DIVISION_TERMINOLOGY.md), [NON_GOALS.md](NON_GOALS.md), [EXPECTED_WEB_CONTENT.md](EXPECTED_WEB_CONTENT.md), [SERVICE_DESCRIPTIONS.md](SERVICE_DESCRIPTIONS.md), [BRAND_RELATIONSHIP.md](BRAND_RELATIONSHIP.md), [../11-references/COMPLETE_CREDENTIAL_EIDAS_PROGRAM_REPOS.md](../11-references/COMPLETE_CREDENTIAL_EIDAS_PROGRAM_REPOS.md), [config/public-sector-program-manifest.json](../../config/public-sector-program-manifest.json)
---
@@ -30,6 +30,41 @@ It does **not** replace legal advice, DPIAs, or national eID supervision require
---
## Client and division terminology
For Phoenix and Sankofa architecture, the repo now uses the following canonical mapping:
| Canonical term | Equivalent |
|----------------|------------|
| **Client** | GitHub **Enterprise**; Azure **billing profile**; current Gitea **Organization** |
| **Division** | Flexible, client-specific subdivision under a Client |
| **Tenant** | Technical tenancy / isolation boundary only |
| **Site** | Physical or infrastructure placement only |
Current canonical clients:
- `DBIS`
- `ICCC`
- `OMNL`
- `XOM`
- `AR`
- `EI`
- `PANDA`
- `SAID`
Use **Division** as the neutral umbrella term below Client.
Reserve client-native labels such as **Realm** and **Nexus** for the specific client that uses them.
**Collision policy:**
- **Realm** is not the generic subdivision term because the repo already uses **Keycloak realm** semantics.
- **Tenant** is not the generic business term because Phoenix already uses it for technical isolation.
- **Site** is not the generic business term because Proxmox and network layers already use it for placement/topology.
See [CLIENT_DIVISION_TERMINOLOGY.md](CLIENT_DIVISION_TERMINOLOGY.md) for the full reserved-words policy and implementation guidance.
---
## Deployment profiles (flexibility bridge)
| Profile | Use when | Isolation |

8
docs/02-architecture/README.md
View File

@@ -10,6 +10,7 @@ This directory contains core architecture and design documents.
## Documents
- **[CLIENT_DIVISION_TERMINOLOGY.md](CLIENT_DIVISION_TERMINOLOGY.md)** ⭐⭐⭐ - Canonical Phoenix / Sankofa / Gitea client and division terminology; reserved-word policy for `realm`, `tenant`, and `site`
- **[NETWORK_ARCHITECTURE.md](NETWORK_ARCHITECTURE.md)** ⭐⭐⭐ - Complete network architecture with 6×/28 blocks, VLANs, NAT pools
- **[ORCHESTRATION_DEPLOYMENT_GUIDE.md](ORCHESTRATION_DEPLOYMENT_GUIDE.md)** ⭐⭐⭐ - Enterprise-grade deployment orchestration guide
- **[VMID_ALLOCATION_FINAL.md](VMID_ALLOCATION_FINAL.md)** ⭐⭐⭐ - Complete VMID allocation registry (11,000 VMIDs)
@@ -26,10 +27,15 @@ This directory contains core architecture and design documents.
- CCIP fleet deployment matrix (41-43 nodes)
- Proxmox cluster orchestration
**Client / Division Model:**
- `Client` = GitHub Enterprise = Azure billing profile = current Gitea Organization
- `Division` = generic subdivision below Client
- `Tenant` = technical isolation only
- `Site` = infrastructure location only
## Related Documentation
- **[../03-deployment/](../03-deployment/)** - Deployment guides
- **[../04-configuration/](../04-configuration/)** - Configuration guides
- **[../05-network/](../05-network/)** - Network infrastructure details
- **[../07-ccip/](../07-ccip/)** - CCIP deployment specification

25
docs/03-deployment/CHAIN_138_TO_WEMIX_1111_BRIDGE_COMPLETION_CHECKLIST.md
View File

@@ -21,6 +21,28 @@ The repo currently shows WEMIX as **not yet live**. Native WEMIX gas and bridge
- **inbound-only activation**: proof transfer plus machine-readable promotion
- **full bidirectional activation**: proof transfer, machine-readable promotion, and outbound fee coverage on the WEMIX-side bridges
### Current runtime blocker
As of `2026-04-21`, the source-side Chain 138 CCIP bridge still cannot quote the Wemix lane:
```bash
cast call "$CCIPWETH9_BRIDGE_CHAIN138" \
'calculateFee(uint64,uint256)(uint256)' \
5142893604156789321 1000000000000000 \
--rpc-url "$RPC_URL_138"
```
Current result:
- reverts with `CCIPRouter: chain not supported`
That means the blocker is stronger than “proof transfer not yet recorded”:
- the peer bridge wiring is present on both sides
- but the current Chain 138 CCIP router does not yet support the Wemix selector for source-side sends
Until that router-level support exists, `138 -> 1111` cannot be promoted from scaffold to live.
## 2. Exact Environment Surface
| Variable | Current Value |
@@ -93,6 +115,9 @@ cast call "$CCIPWETH10_BRIDGE_WEMIX" 'getDestinationChains()(uint64[])' --rpc-ur
Then run a small test transfer for `WETH9` or `WETH10` from `138 -> 1111` and confirm receipt.
Precondition:
- the Chain 138 CCIP router must stop reverting `calculateFee(...)` with `CCIPRouter: chain not supported`
Important note:
- the WEMIX-side bridges do **not** need LINK just to receive `138 -> 1111` messages
- CCIP fees are paid on the source-side `sendCrossChain(...)`, not on the destination-side `ccipReceive(...)`

31
docs/03-deployment/CURRENCICOMBO_PHOENIX_DEPLOYMENT.md Normal file
View File

@@ -0,0 +1,31 @@
# CurrenciCombo Phoenix Deployment
**Status:** Deployed on `2026-04-22`
**Target host:** `r630-01` (`192.168.11.11`)
**Container:** VMID `8604`
**CT hostname:** `currencicombo-phoenix-1`
**Network:** VLAN `160` / `10.160.0.14`
## Runtime
- Web: `http://10.160.0.14:3000/`
- API health: `http://10.160.0.14:8080/health`
- Public web: `https://curucombo.曼李.com/` (`curucombo.xn--vov0g.com`)
- systemd units:
- `currencicombo-webapp`
- `currencicombo-orchestrator`
## Deploy path
- Script: `scripts/deployment/deploy-currencicombo-8604.sh`
- Phoenix target file: `phoenix-deploy-api/deploy-targets.json`
- Repo target tuple:
- repo: `d-bis/CurrenciCombo`
- branch: `main`
- target: `default`
## Notes
- The deployment currently uses local PostgreSQL and Redis inside the same CT.
- The webapp build is temporarily configured to ignore TypeScript build errors in `webapp/next.config.ts` so deployment can proceed while the remaining Next 16 migration issues are cleaned up.
- Public ingress was wired through the primary NPMplus (`192.168.11.167`) with a proxied Cloudflare DNS record in the `曼李.com` zone and TLS enabled in NPMplus.

1
docs/03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md
View File

@@ -65,6 +65,7 @@
## Related artifacts
- [DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md](DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md) — workstreams and exit criteria aligned to this matrix (multi-jurisdiction master plan execution).
- [dbis_chain_138_technical_master_plan.md](../../dbis_chain_138_technical_master_plan.md)
- [docs/00-meta/TODO_TASK_LIST_MASTER.md](../00-meta/TODO_TASK_LIST_MASTER.md)
- [docs/03-deployment/DBIS_PHASES_1_TO_3_PRODUCTION_GATE.md](DBIS_PHASES_1_TO_3_PRODUCTION_GATE.md)

90
docs/03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md Normal file
View File

@@ -0,0 +1,90 @@
# DBIS RTGS — master plan implementation tracker
**Last updated:** 2026-04-25
**Purpose:** Executable tracker mapping the **multi-jurisdiction institutional onboarding master plan** to [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md) rows and slice-1 scope ([SLICE1_SCOPE_FREEZE.md](../04-configuration/jurisdictions/SLICE1_SCOPE_FREEZE.md)). **Status here is documentation of intent;** the canonical component status remains the E2E matrix until rows are updated there.
## How to use
1. Pick a **workstream** below.
2. Execute engineering / ops tasks until **exit criteria** match the matrix rows **Production gate** column.
3. Update **DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md** `Current state` to `Complete` (or `Retired` with rationale).
4. Link evidence to URA packages per [ID-INDONESIA/banking_v1.md](../04-configuration/compliance-matrices/ID-INDONESIA/banking_v1.md) where applicable.
---
## Workstream W1 — Canonical OMNL / Fineract rail
| Matrix rows (indicative) | OMNL / Fineract API rail; Mifos X frontend / tenant |
|--------------------------|-----------------------------------------------------|
| **Exit criteria** | Tenant and operator rail **frozen**; reproducible posting, office/GL mapping, reconciliation package path. |
| **Owner** | OMNL / banking ops |
| **URA link** | `SERVER_FUNDS` resources get real `accountingRef`; [URA_PILOT_CLOSURE_RUNBOOK.md](../04-configuration/universal-resource-activation/URA_PILOT_CLOSURE_RUNBOOK.md) pilot 2. |
## Workstream W2 — `server-funds-sidecar`
| Matrix rows | `server-funds-sidecar` (VMID 5803) |
|-------------|-------------------------------------|
| **Exit criteria** | Treasury SoR boundaries frozen; **draw / hold / release** validated with auth; Phoenix `SERVER_FUNDS_SIDECAR_URL` set in prod. |
| **Owner** | HYBX integration lead |
| **URA link** | Pilot 2; [UNIVERSAL_RESOURCE_WIRING.md](../04-configuration/universal-resource-activation/UNIVERSAL_RESOURCE_WIRING.md) probe returns 200. |
## Workstream W3 — `off-ledger-2-on-ledger-sidecar`
| Matrix rows | Off-ledger → Chain 138 settlement |
|-------------|-----------------------------------|
| **Exit criteria** | Canonical event → settlement **end-to-end** with durable evidence; finality handling closed. |
| **Owner** | HYBX + Chain 138 settlement lead |
| **URA link** | `settlementOrChainRef` in evidence packages. |
## Workstream W4 — ISO 20022 + institutional 4.995 package
| Matrix rows | ISO evidence and vault path; Institutional 4.995 package path |
|-------------|---------------------------------------------------------------|
| **Exit criteria** | `--strict` or institution-agreed readiness; reproducible archive/hash path. |
| **Owner** | Regulatory / compliance + eng |
| **Compliance link** | [INDONESIA_PACKAGE_4_995_EVIDENCE_STANDARD.md](../04-configuration/mifos-omnl-central-bank/INDONESIA_PACKAGE_4_995_EVIDENCE_STANDARD.md) |
## Workstream W5 — Indonesia BNI domestic path
| Matrix rows | Indonesia / BNI domestic banking path |
|-------------|----------------------------------------|
| **Exit criteria** | Live endpoint/auth/message contract **or** explicit deferral documented in matrix + jurisdiction matrix. |
| **Owner** | Indonesia banking integration lead |
| **Compliance link** | [DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md](DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md) |
## Workstream W6 — Global correspondent path
| Matrix rows | Global correspondent / liquidity bank path |
|-------------|---------------------------------------------|
| **Exit criteria** | Same as matrix production gate; cross-border flow validated **or** out of slice 1. |
| **Owner** | Cross-border banking integration lead |
## Workstream W7 — Identity stack (Fabric / Indy / Aries)
| Matrix rows | Fabric, Indy, Aries, AnonCreds, etc. |
|-------------|--------------------------------------|
| **Exit criteria** | **Scope decision** in/out slice 1; if out, matrix shows Planned/Retired without production claims. |
| **Owner** | Identity architecture lead |
## Workstream W8 — Depository / custody / securities
| Matrix rows | Depository, global custodian, securities-sidecar, custody flow |
|-------------|----------------------------------------------------------------|
| **Exit criteria** | Canonical lifecycle documented + one path validated **or** deferred with rationale. |
| **Owner** | Custody / securities architecture leads |
| **URA link** | Pilot 1 SKR; policy profile `institutional_custody_skr_v1`. |
## Workstream W9 — RTGS production gate
| Matrix rows | RTGS production gate row |
|-------------|--------------------------|
| **Exit criteria** | All **mandatory** rows for **chosen architecture** = `Complete`. |
| **Owner** | DBIS program owner |
---
## Related
- [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md)
- [DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md](DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md)
- [INSTITUTION_ONBOARDING_CHARTER.md](../04-configuration/compliance-matrices/INSTITUTION_ONBOARDING_CHARTER.md)

2
docs/03-deployment/EXTERNAL_DEPENDENCY_BLOCKERS.md
View File

@@ -2,6 +2,8 @@
**Purpose:** Canonical list of delivery items that cannot be resolved by repo-only changes and must be satisfied by external implementation, deployment, or infrastructure provisioning.
**Action checklist to clear every blocker:** [REMOVE_ALL_BLOCKERS_CHECKLIST.md](REMOVE_ALL_BLOCKERS_CHECKLIST.md)
## Current blockers
| Blocker ID | External dependency | Pass condition | Repo-side signal |

10
docs/03-deployment/OPERATIONAL_RUNBOOKS.md
View File

@@ -14,6 +14,8 @@ This document provides a master index of all operational runbooks and procedures
**Proxmox VE hosts, peering, FQDN/NPMplus summary, deployment gates (human + JSON):** [PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md](PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md).
**Chain 138 txpool incident standard recovery:** `bash scripts/fix-all-validators-and-txpool.sh` then `bash scripts/maintenance/apply-chain138-strict-future-tx-pool.sh` then `bash scripts/clear-all-transaction-pools.sh` then `bash scripts/monitoring/monitor-blockchain-health.sh`. This is the default path when pending hashes keep reappearing, future-nonce junk survives a clear, or block production is affected by txpool residue.
---
## Quick Reference
@@ -202,6 +204,7 @@ If an RPC node returns wrong chain ID or block 0 / no block: use the dedicated r
- **[QBFT_TROUBLESHOOTING.md](../09-troubleshooting/QBFT_TROUBLESHOOTING.md)** - QBFT consensus troubleshooting
- **Block Production Issues** - [BLOCK_PRODUCTION_FIX_RUNBOOK.md](../08-monitoring/BLOCK_PRODUCTION_FIX_RUNBOOK.md) — restore block production (permissioning TOML, tx-pool, restart validators 10001004)
- **Validator Recognition** - Validator not being recognized
- **Chain 138 txpool incidents** - Run `bash scripts/fix-all-validators-and-txpool.sh`, then `bash scripts/maintenance/apply-chain138-strict-future-tx-pool.sh`, then `bash scripts/clear-all-transaction-pools.sh`, then `bash scripts/monitoring/monitor-blockchain-health.sh`. The strict future-queue step normalizes `tx-pool-max-future-by-sender=1` fleet-wide so far-future thirdweb or automation residue does not repopulate the mesh after restart.
---
@@ -213,6 +216,13 @@ If an RPC node returns wrong chain ID or block 0 / no block: use the dedicated r
---
## TsunamiSwap
- **[../00-meta/AAVE_CHAIN138_AND_MARIONETTE_TSUNAMISWAP_PLAN.md](../00-meta/AAVE_CHAIN138_AND_MARIONETTE_TSUNAMISWAP_PLAN.md)** — Canonical TsunamiSwap VM `5010` plan, current repo-authoritative DEX link, and publish checklist.
- **Inventory helper:** [`../../scripts/deployment/tsunamiswap-vm-5010-provision.sh`](../../scripts/deployment/tsunamiswap-vm-5010-provision.sh)
---
## GRU M1 Listing Operations
### GRU M1 Listing Dry-Run

14
docs/03-deployment/PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md
View File

@@ -1,6 +1,6 @@
# Proxmox VE — Operational deployment template
**Last Updated:** 2026-03-25
**Last Updated:** 2026-04-25
**Status:** Active — ties hypervisors, LAN/WAN, cluster peering, Chain 138 Besu tiers, NPMplus ingress, FQDNs, and deployment gates into one place.
**Machine-readable:** [`config/proxmox-operational-template.json`](../../config/proxmox-operational-template.json) (sync when you change VMIDs/IPs/FQDNs).
@@ -21,6 +21,8 @@
| ml110 | 192.168.11.10 | https://192.168.11.10:8006 | h (legacy) | Planned WAN aggregator (OPNsense/pfSense); **migrate CT/VM off before repurpose** |
| r630-01 | 192.168.11.11 | https://192.168.11.11:8006 | h | Primary: Chain 138 RPC/CCIP-adjacent workloads, Sankofa Phoenix stack, much of DBIS |
| r630-02 | 192.168.11.12 | https://192.168.11.12:8006 | h | Firefly, MIM4U, Mifos LXC, extra NPMplus instances, supporting infra |
| r630-03 | 192.168.11.13 | https://192.168.11.13:8006 | h | Additional Chain 138 sentry and RPC capacity; private, thirdweb, and named RPC placements |
| r630-04 | 192.168.11.14 | https://192.168.11.14:8006 | h | Additional Chain 138 sentry capacity |
**LAN:** 192.168.11.0/24, gateway **192.168.11.1** (UDM Pro), VLAN 11. Extended node IP plan (r630-03 …): `config/ip-addresses.conf` comments.
@@ -44,12 +46,12 @@ Cluster and UDM: [`docs/04-configuration/UDM_PRO_PROXMOX_CLUSTER.md`](../04-conf
| Layer | VMID range (typical) | IPv4 pattern | P2P |
|--------|----------------------|--------------|-----|
| Validators | 10001004 | 192.168.11.100104 | 30303 — **to sentries**, not raw public |
| Sentries | 15001506 | .150.154, .213.214 | Boundary / fan-out |
| Core RPC (deploy) | 2101 | **192.168.11.211** | 8545/8546 + 30303 |
| Core RPC (Nathan core-2) | 2102 | **192.168.11.212** | NPMplus **10235** / tunnel |
| Sentries | 15001510 | .150.154, .213.214, .219.220, .244.245 | Boundary / fan-out |
| Core/admin RPC | 21012103 | .211, .212, .217 | Deploy, admin, and thirdweb admin core |
| Public RPC | 2201 | **192.168.11.221** | Frontends / bridge / read-mostly |
| Named RPC | 23032308 | .233.238 | Partner-dedicated |
| Named/private RPC | 2301, 23032308 | .232.238 | Fireblocks and partner-dedicated |
| ThirdWeb stack | 24002403 | .240.243 | Includes translator/nginx on 2400 |
| ALLTRA/HYBX internal RPC | 25002505 | .172.174, .246.248 | Internal settlement / routing tier |
Canonical roles and adjacency rules: [`docs/02-architecture/CHAIN138_CANONICAL_NETWORK_ROLES_VALIDATORS_SENTRY_AND_RPC.md`](../02-architecture/CHAIN138_CANONICAL_NETWORK_ROLES_VALIDATORS_SENTRY_AND_RPC.md).
@@ -129,7 +131,7 @@ Use the full table in **ALL_VMIDS_ENDPOINTS** (“NPMplus Endpoint Configuration
1. Change **ALL_VMIDS_ENDPOINTS** and/or **ip-addresses.conf** first (operator truth).
2. Update **`config/proxmox-operational-template.json`** so automation (future CMDB, checks) stays aligned.
3. Run **`./scripts/validation/validate-config-files.sh`** (includes JSON shape check for the template).
4. **Live diff (read-only, SSH):** from repo root on a host with SSH to Proxmox nodes: **`bash scripts/verify/audit-proxmox-operational-template.sh`**. Compares template VMIDs to `pct`/`qm` lists on ML110 + R630s (override **`PROXMOX_HOSTS`** if needed).
4. **Live diff (read-only, SSH):** from repo root on a host with SSH to Proxmox nodes: **`bash scripts/verify/audit-proxmox-operational-template.sh`**. The preferred path is cluster-wide inventory via `pvesh get /cluster/resources`; only use per-host `pct`/`qm` fallback when cluster inventory is unavailable.
---

79
docs/03-deployment/REMOVE_ALL_BLOCKERS_CHECKLIST.md Normal file
View File

@@ -0,0 +1,79 @@
# Checklist — remove all validation / delivery blockers
**Purpose:** Actionable list to clear every item currently surfaced as **BLOCKED** by `scripts/verify/check-external-dependencies.sh`, the **non-EVM lane** inventory chain, and related CI gates. **Set variables in repo root `.env`** (or as documented in [DOTENV_FILES_REFERENCE.md](../04-configuration/DOTENV_FILES_REFERENCE.md)); do not commit secrets.
**Interim (2026-04-24, LAN/operator):** To satisfy `curl` in `check-external-dependencies.sh` only, the five `CC_*` and `FIN_GATEWAY` vars may all point at the same **HTTP 200** health URL (e.g. `https://dbis-api.d-bis.org/health`) until each microservice has its own host. **`DBIS_CORE_URL`** should still reflect the real dbis API base when possible. Re-point `CC_*` / `FIN_*` to dedicated URLs when those services are deployed.
**Verify everything:**
```bash
bash scripts/verify/check-external-dependencies.sh
bash scripts/verify/run-all-validation.sh --skip-genesis
```
`check-external-dependencies.sh` **exits 1** if any blocker is unresolved (unless you use `--advisory` for a soft report only).
---
## A. External URL blockers (6)
Do **each** row: deploy or point at a real service, set the env var, then **curl** must return **200** (or the scripts `http_ok` must succeed for that URL).
| # | ID | Set in `.env` (or process env) | Action to clear |
|---|-----|--------------------------------|------------------|
| 1 | `EXT-DBIS-CORE` | `DBIS_CORE_URL=https://...` | Deploy or attach a **reachable** `dbis_core` instance; `curl -fsS -m8 -o /dev/null "$DBIS_CORE_URL"`. |
| 2 | `EXT-CC-PAYMENT-ADAPTERS` | `CC_PAYMENT_ADAPTERS_URL=https://...` | Host `cc-payment-adapters`; set URL; verify HTTP OK. |
| 3 | `EXT-CC-AUDIT-LEDGER` | `CC_AUDIT_LEDGER_URL=https://...` | Host `cc-audit-ledger`; set URL; verify HTTP OK. |
| 4 | `EXT-CC-SHARED-EVENTS` | `CC_SHARED_EVENTS_URL=https://...` | Host `cc-shared-events`; set URL; verify HTTP OK. |
| 5 | `EXT-CC-SHARED-SCHEMAS` | `CC_SHARED_SCHEMAS_URL=https://...` | Host `cc-shared-schemas`; set URL; verify HTTP OK. |
| 6 | `EXT-FIN-GATEWAY` | `FIN_GATEWAY_URL=https://...` **or** `ALLIANCE_ACCESS_URL=https://...` | Provision FIN / Alliance Access; set one URL; verify HTTP OK. |
**Note:** having source in the monorepo does **not** clear `EXT-DBIS-CORE` — a **live** `DBIS_CORE_URL` is required. See [EXTERNAL_DEPENDENCY_BLOCKERS.md](EXTERNAL_DEPENDENCY_BLOCKERS.md).
---
## B. Chain 138 CI RPC (`EXT-CHAIN138-CI-RPC`)
| Step | Action |
|------|--------|
| 1 | Set **one of:** `CHAIN138_CI_RPC_URL` (preferred), or `RPC_URL_138_PUBLIC`, or `CHAIN138_PUBLIC_RPC_URL` in `.env` to a **runner-reachable** RPC. |
| 2 | Install **Foundry `cast`** on the host that runs `check-external-dependencies.sh` (`cast block-number --rpc-url "$url"` is used to verify). |
| 3 | Re-run: `bash scripts/verify/check-external-dependencies.sh` — expect **\[OK\]** for Chain 138 CI RPC with a **block number**. |
---
## C. Non-EVM lane report (removes `SKIP` + restores full `non-evm-lane-status` output)
These are **not** the same as §A/§B (different script), but they remove the “missing inventory” skip in `build-non-evm-lane-status.py` and repopulate `reports/status/non-evm-lane-status-latest.*`.
| Step | Action |
|------|--------|
| 1 | Ensure `reports/inventory/DEPLOYED_CONTRACTS_UNIFIED_EXTENDED.md` exists in the repo and is the canonical extended inventory. |
| 2 | `python3 scripts/verify/build-deduped-onchain-inventory.py` (uses `DEPLOYED_CONTRACTS_UNIFIED_EXTENDED.md`; may need Etherscan/RPC **API keys** in env — see script headers). |
| 3 | `python3 scripts/verify/build-inventory-completion-matrix.py` → writes `deployed-contracts-completion-matrix.json`. |
| 4 | Re-run: `python3 scripts/verify/build-non-evm-lane-status.py` (no “SKIP” on stderr; writes `non-evm-lane-status-latest.json` / `.md`). |
| 5 | `bash scripts/verify/run-all-validation.sh --skip-genesis` — should pass with **non-EVM lane** section fully generated. |
---
## D. Optional: advisory-only external check
If you must not fail CI while services are still rolling out:
```bash
bash scripts/verify/check-external-dependencies.sh --advisory
```
That does **not** “remove” blockers; it only prints them and **exits 0**.
---
## E. Cross-references
| Resource | Use |
|----------|-----|
| [EXTERNAL_DEPENDENCY_BLOCKERS.md](EXTERNAL_DEPENDENCY_BLOCKERS.md) | Blocker ID ↔ env mapping |
| [OPERATOR_CREDENTIALS_CHECKLIST.md](../00-meta/OPERATOR_CREDENTIALS_CHECKLIST.md) | LAN / secrets for operator work |
| [docs/04-configuration/DEV_VM_SSH_REMOTE_ACCESS.md](../04-configuration/DEV_VM_SSH_REMOTE_ACCESS.md) | Remote SSH to dev VM 5700 |
**Last updated:** 2026-04-24

64
docs/03-deployment/URA_MANIFEST_WRITER_OPS.md Normal file
View File

@@ -0,0 +1,64 @@
# URA manifest writer — operations
**Last updated:** 2026-04-25
**Purpose:** Runbook for **ledger- and chain-driven** manifest updates: secrets, ETL, publish path, reconciliation, optional features, legal record, DR.
## 1. Components
| Piece | Role |
|-------|------|
| OMNL / Fineract | System of record for `accountingRef` (journal / batch ids). |
| Server-funds sidecar | Operational draws/holds; must correlate to ledger lines. |
| [`build-ledger-fragment.mjs`](../../scripts/ura/manifest-writer/build-ledger-fragment.mjs) | Maps export JSON → manifest fragment. |
| [`merge-manifest-fragments.mjs`](../../scripts/ura/merge-manifest-fragments.mjs) | Merges fragments; validates. |
| Phoenix | Serves canonical [`manifest.json`](../../config/universal-resource-activation/manifest.json) read-only. |
## 2. Fineract / OMNL field inventory
**Operator task:** Document the **exact** REST or batch export fields your deployment uses (tenant, office, product). Map them in [`omnl-ledger-mapping.v1.example.json`](../../config/universal-resource-activation/integration/omnl-ledger-mapping.v1.example.json) (copy to `omnl-ledger-mapping.v1.json`).
Minimum: one stable string for `accountingRef` (journal id or composite `officeId:transactionId`).
## 3. Secrets and IAM
- Store Fineract credentials in vault / `.env` on the writer host (never in git).
- Use read-only Fineract user where possible.
- Rotate keys on the same cadence as OMNL operator policy.
## 4. Publish path (choose one)
| Mode | Pattern |
|------|---------|
| **Git PR** | Writer opens PR updating `manifest.json` or a fragment; CI runs `pnpm ura:validate`. |
| **Secured sync** | Writer writes to `PHOENIX_REPO_ROOT` on deploy host; reload Phoenix. |
| **Authenticated API** | Future: POST internal-only (not the public GET routes). |
## 5. Reconciliation
- Nightly (or per batch): compare latest Fineract journal id set to manifest `accountingRef`.
- On mismatch: page on-call; do **not** auto-overwrite without human ack for production.
## 6. Optional features
- **Real-time:** Webhook from Fineract vs **batch** cron — feature-flag in writer.
- **Multi-pool:** Multiple rows in `resourceUpdates` / evidence mapping file.
- **DLQ:** Failed merges land in a queue path for replay.
- **Audit log:** Append-only log of fragment bytes + git SHA + operator id.
## 7. Legal sign-off record
When automation goes live, archive:
- Compliance memo id or ticket referencing matrix rows satisfied by automated fields.
- Version of [`policy-profiles.json`](../../config/universal-resource-activation/policy-profiles.json) and [`ID-INDONESIA/banking_v1.md`](../04-configuration/compliance-matrices/ID-INDONESIA/banking_v1.md) (or relevant matrix).
## 8. DR and rollback
- **Backup:** Git history of `manifest.json` + weekly object-store copy if using direct sync.
- **Rollback:** Revert commit or restore file; re-run `pnpm ura:validate && pnpm ura:validate-profiles`.
- **Incident:** Disable writer cron/systemd; serve last known-good manifest from Phoenix override path.
## Related
- [TS-OMNL-SIDECAR-MANIFEST-SYNC-V1.md](../04-configuration/universal-resource-activation/technical-specs/TS-OMNL-SIDECAR-MANIFEST-SYNC-V1.md) — normative ledger/sidecar → manifest requirements
- [`URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md`](../04-configuration/universal-resource-activation/URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md)

91
docs/04-configuration/ALL_VMIDS_ENDPOINTS.md
View File

@@ -1,17 +1,17 @@
# Complete VMID and Endpoints Reference
**Last Updated:** 2026-03-26
**Document Version:** 1.2
**Status:** Active Documentation — **Master (source of truth)** for VMID, IP, port, and domain mapping. See [MASTER_DOCUMENTATION_INDEX.md](../00-meta/MASTER_DOCUMENTATION_INDEX.md).
**Last Updated:** 2026-04-25
**Document Version:** 1.3
**Status:** Active Documentation — **Master (source of truth)** for VMID, IP, port, and domain mapping. Use this with the live Besu fleet map in [../06-besu/BESU_NODE_CONFIGURATION_MAP_20260424.md](../06-besu/BESU_NODE_CONFIGURATION_MAP_20260424.md) and the cluster audit in [`../../scripts/verify/check-cluster-besu-inventory.sh`](../../scripts/verify/check-cluster-besu-inventory.sh).
**Operational template (hosts, peering, deployment gates, JSON):** [../03-deployment/PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md](../03-deployment/PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md) · [`config/proxmox-operational-template.json`](../../config/proxmox-operational-template.json)
---
**Date**: 2026-01-20
**Status**: Current Active Configuration (Verified)
**Last Updated**: 2026-01-20
**Verification Status**: ✅ Complete - All VMIDs verified across 3 hosts
**Date**: 2026-04-25
**Status**: Current Active Configuration (Reconciled)
**Last Updated**: 2026-04-25
**Verification Status**: ✅ Complete - Canonical Besu fleet reconciled across all 5 Proxmox nodes via direct host audit plus cluster-wide inventory
---
@@ -21,9 +21,16 @@
- **Running**: 45+
- **Stopped**: 5
- **Infrastructure Services**: 10
- **Blockchain Nodes**: 22 (Validators: 5, Sentries: 4, RPC: 13)
- **Blockchain Nodes**: 37 canonical Besu nodes (Validators: 5, Sentries: 11, RPC: 21)
- **Application Services**: 22
## Canonical-use guardrails
- Use this document for the **current** VMID/IP/FQDN inventory.
- Use [../06-besu/BESU_NODE_CONFIGURATION_MAP_20260424.md](../06-besu/BESU_NODE_CONFIGURATION_MAP_20260424.md) for Besu role, class, and config-policy detail.
- Use [`../../scripts/verify/check-cluster-besu-inventory.sh`](../../scripts/verify/check-cluster-besu-inventory.sh) for live cluster truth.
- Historical migration and destroyed-node sections in this file are retained for audit context only. They must **not** be used as the source of truth for new automation, provisioning, or runbooks.
---
## Infrastructure Services
@@ -85,8 +92,13 @@
| 1504 | 192.168.11.154 | besu-sentry-ali | ✅ Running | P2P: 30303, Metrics: 9545 | Sentry node (Ali) |
| 1505 | 192.168.11.213 | besu-sentry-alltra-1 | ✅ Running | P2P: 30303, Metrics: 9545 | Sentry (Alltra 1) |
| 1506 | 192.168.11.214 | besu-sentry-alltra-2 | ✅ Running | P2P: 30303, Metrics: 9545 | Sentry (Alltra 2) |
| 1507 | 192.168.11.244 | besu-sentry-hybx-1 | ✅ Running | P2P: 30303, Metrics: 9545 | Sentry (HYBX 1) |
| 1508 | 192.168.11.245 | besu-sentry-hybx-2 | ✅ Running | P2P: 30303, Metrics: 9545 | Sentry (HYBX 2) |
| 1509 | 192.168.11.219 | besu-sentry-thirdweb-01 | ✅ Running | P2P: 30303, Metrics: 9545 | Sentry (Thirdweb 1) |
| 1510 | 192.168.11.220 | besu-sentry-thirdweb-02 | ✅ Running | P2P: 30303, Metrics: 9545 | Sentry (Thirdweb 2) |
**Note:** 1505-1506 moved from .170/.171 to .213/.214 (2026-02-01) to free CCIP Ops interim range.
**Live SSH / cluster note (2026-04-24):** `1500-1506` were found during the initial 3-host pass. Cluster-wide reconciliation then confirmed `1507`, `1509`, and `1510` on `r630-03` (`192.168.11.13`), plus `1508` on `r630-04` (`192.168.11.14`).
---
@@ -98,18 +110,25 @@ All RPC nodes have been migrated to a new VMID structure for better organization
### Core RPC Nodes
**Live reconciliation note (2026-04-24):**
- Initial direct host pass confirmed `2101`, `2103`, `2201`
- Cluster-wide reconciliation then confirmed:
- `2102` on `r630-03`
- `2301` on `r630-03`
| VMID | IP Address | Hostname | Status | Block | Peers | Endpoints | Purpose |
|------|------------|----------|--------|-------|-------|-----------|---------|
| 2101 | 192.168.11.211 | besu-rpc-core-1 | ✅ Running | 1,145,367 | 7 | Besu: 8545/8546, P2P: 30303, Metrics: 9545 | Core RPC node |
| 2103 | 192.168.11.217 | besu-rpc-core-thirdweb | ✅ Running | Live SSH verified 2026-04-24 | Live SSH verified 2026-04-24 | Besu: 8545/8546, P2P: 30303, Metrics: 9545 | Core Thirdweb admin RPC node |
| **2201** | **192.168.11.221** | besu-rpc-public-1 | ✅ Running | 1,145,367 | 7 | Besu: 8545/8546, P2P: 30303, Metrics: 9545 | Public RPC node **(FIXED PERMANENT)** |
| 2301 | 192.168.11.232 | besu-rpc-private-1 | ⏸️ Stopped | - | - | Besu: 8545/8546, P2P: 30303, Metrics: 9545 | Private RPC node (startup error) |
| 2301 | 192.168.11.232 | besu-rpc-private-1 | ✅ Running | Cluster CT confirmed on `r630-03` | - | Besu: 8545/8546, P2P: 30303, Metrics: 9545 | Fireblocks-dedicated RPC on `r630-03` |
### Named RPC Nodes (Ali/Luis/Putu)
| VMID | IP Address | Hostname | Status | Block | Peers | Endpoints | Purpose |
|------|------------|----------|--------|-------|-------|-----------|---------|
| 2303 | 192.168.11.233 | besu-rpc-ali-0x8a | ✅ Running | 1,145,367 | 7 | Besu: 8545/8546, P2P: 30303, Metrics: 9545 | Ali RPC (0x8a identity) |
| 2304 | 192.168.11.234 | besu-rpc-ali-0x1 | ✅ Running | 1,145,367 | 7 | Besu: 8545/8546, P2P: 30303, Metrics: 9545 | Ali RPC (0x1 identity) |
| 2304 | 192.168.11.234 | besu-rpc-ali-0x1 | ✅ Running | Cluster CT confirmed on `r630-03` | - | Besu: 8545/8546, P2P: 30303, Metrics: 9545 | Ali RPC (0x1 identity) on `r630-03` |
| 2305 | 192.168.11.235 | besu-rpc-luis-0x8a | ✅ Running | 1,145,367 | 7 | Besu: 8545/8546, P2P: 30303, Metrics: 9545 | Luis RPC (0x8a identity) |
| 2306 | 192.168.11.236 | besu-rpc-luis-0x1 | ✅ Running | 1,145,367 | 7 | Besu: 8545/8546, P2P: 30303, Metrics: 9545 | Luis RPC (0x1 identity) |
| 2307 | 192.168.11.237 | besu-rpc-putu-0x8a | ✅ Running | 1,145,367 | 7 | Besu: 8545/8546, P2P: 30303, Metrics: 9545 | Putu RPC (0x8a identity) |
@@ -119,20 +138,46 @@ All RPC nodes have been migrated to a new VMID structure for better organization
| VMID | IP Address | Hostname | Status | Block | Peers | Endpoints | Purpose |
|------|------------|----------|--------|-------|-------|-----------|---------|
| 2400 | 192.168.11.240 | thirdweb-rpc-1 | ✅ Running | 1,149,992 | 2 | **Nginx: 443**, Besu: 8545/8546, P2P: 30303, Metrics: 9545, Translator: 9645/9646 | ThirdWeb RPC with translator (primary) |
| 2400 | 192.168.11.240 | thirdweb-rpc-1 | ✅ Running | Cluster CT confirmed on `r630-03` | - | **Nginx: 443**, Besu: 8545/8546, P2P: 30303, Metrics: 9545, Translator: 9645/9646 | ThirdWeb RPC with translator (primary) on `r630-03` |
| 2401 | 192.168.11.241 | besu-rpc-thirdweb-0x8a-1 | ✅ Running | 1,149,992 | 2 | Besu: 8545/8546, P2P: 30303, Metrics: 9545 | ThirdWeb RPC instance 1 |
| 2402 | 192.168.11.242 | besu-rpc-thirdweb-0x8a-2 | ✅ Running | 1,149,992 | 2 | Besu: 8545/8546, P2P: 30303, Metrics: 9545 | ThirdWeb RPC instance 2 |
| 2403 | 192.168.11.243 | besu-rpc-thirdweb-0x8a-3 | ✅ Running | 600,172 | 0 | Besu: 8545/8546, P2P: 30303 | ThirdWeb RPC instance 3 (syncing) |
| 2402 | 192.168.11.242 | besu-rpc-thirdweb-0x8a-2 | ✅ Running | Cluster CT confirmed on `r630-03` | - | Besu: 8545/8546, P2P: 30303, Metrics: 9545 | ThirdWeb RPC instance 2 on `r630-03` |
| 2403 | 192.168.11.243 | besu-rpc-thirdweb-0x8a-3 | ✅ Running | Cluster CT confirmed on `r630-03` | - | Besu: 8545/8546, P2P: 30303 | ThirdWeb RPC instance 3 on `r630-03` |
**Note**: VMID 2400 is the primary ThirdWeb RPC with Nginx and RPC Translator. VMID 2403 metrics disabled due to port conflict, node is syncing.
**Public Domain**: `rpc.public-0138.defi-oracle.io` → Routes to VMID 2400:443
### Additional Live Internal ALLTRA / HYBX RPC Nodes (SSH-verified 2026-04-24)
These are live Besu RPC containers and should not be confused with the older decommissioned migration rows below that used different IPs and hostnames.
| VMID | IP Address | Hostname | Status | Endpoints | Purpose |
|------|------------|----------|--------|-----------|---------|
| 2500 | 192.168.11.172 | besu-rpc-alltra-1 | ✅ Running | Besu: 8545/8546, P2P: 30303, Metrics: 9545 | Internal ALLTRA RPC 1 |
| 2501 | 192.168.11.173 | besu-rpc-alltra-2 | ✅ Running | Besu: 8545/8546, P2P: 30303, Metrics: 9545 | Internal ALLTRA RPC 2 |
| 2502 | 192.168.11.174 | besu-rpc-alltra-3 | ✅ Running | Besu: 8545/8546, P2P: 30303, Metrics: 9545 | Internal ALLTRA RPC 3 |
| 2503 | 192.168.11.246 | besu-rpc-hybx-1 | ✅ Running | Besu: 8545/8546, P2P: 30303, Metrics: 9545 | Internal HYBX RPC 1 |
| 2504 | 192.168.11.247 | besu-rpc-hybx-2 | ✅ Running | Besu: 8545/8546, P2P: 30303, Metrics: 9545 | Internal HYBX RPC 2 |
| 2505 | 192.168.11.248 | besu-rpc-hybx-3 | ✅ Running | Besu: 8545/8546, P2P: 30303, Metrics: 9545 | Internal HYBX RPC 3 |
### Destroyed Legacy Duplicate ALLTRA / HYBX RPC Containers (Not Canonical Fleet)
These were found live on `r630-01` during the same SSH pass, but they do not exist in `config/proxmox-operational-template.json`. They were first retired, then permanently destroyed on `2026-04-24`. Use the `2500-2505` rows above as the canonical intended fleet.
| VMID | IP Address | Hostname | Status | Endpoints | Purpose |
|------|------------|----------|--------|-----------|---------|
| 2420 | 192.168.11.172 | besu-rpc-alltra-1 | 🗑 Destroyed | `pct destroy --purge 1` completed | Legacy duplicate of canonical VMID 2500 |
| 2430 | 192.168.11.173 | besu-rpc-alltra-2 | 🗑 Destroyed | `pct destroy --purge 1` completed | Legacy duplicate of canonical VMID 2501 |
| 2440 | 192.168.11.174 | besu-rpc-alltra-3 | 🗑 Destroyed | `pct destroy --purge 1` completed | Legacy duplicate of canonical VMID 2502 |
| 2460 | 192.168.11.246 | besu-rpc-hybx-1 | 🗑 Destroyed | `pct destroy --purge 1` completed | Legacy duplicate of canonical VMID 2503 |
| 2470 | 192.168.11.247 | besu-rpc-hybx-2 | 🗑 Destroyed | `pct destroy --purge 1` completed | Legacy duplicate of canonical VMID 2504 |
| 2480 | 192.168.11.248 | besu-rpc-hybx-3 | 🗑 Destroyed | `pct destroy --purge 1` completed | Legacy duplicate of canonical VMID 2505 |
---
## OLD RPC Nodes (Decommissioned)
**Status**: **DECOMMISSIONED** (2026-01-18)
**Status**: Historical migration reference only. The rows below refer to the old `.250-.255/.201-.204` plan, not the live `.172-.174/.246-.248` ALLTRA/HYBX RPCs found during the 2026-04-24 SSH pass.
The following VMIDs have been permanently removed:
@@ -261,12 +306,15 @@ The following VMIDs have been permanently removed:
| 7803 | 192.168.11.53 | sankofa-postgres-1 | ✅ Running | PostgreSQL: 5432 | Database Service |
| 7804 | 192.168.11.54 | (Gov Portals dev) | ✅ Running | Web: 80 | Gov Portals — DBIS, ICCC, OMNL, XOM (*.xom-dev.phoenix.sankofa.nexus) |
| 7805 | 192.168.11.72 | sankofa-studio | — | API: 8000 | Sankofa Studio (FusionAI Creator) — studio.sankofa.nexus (IP .72; .55 = VMID 10230 order-vault) |
| 5010 | 192.168.11.91 | tsunamiswap | planned / documented target | Web: 80 | TsunamiSwap origin — landing page `https://tsunamiswap.com`, working app `https://app.tsunamiswap.com` via NPMplus/Cloudflare |
**Public Domains** (NPMplus routing):
- `sankofa.nexus` → Routes to `http://192.168.11.51:3000` (Sankofa Portal/VMID 7801) ✅
- `www.sankofa.nexus` → Same upstream as apex; NPM **`advanced_config`** issues **301** to **`https://sankofa.nexus`** (preserve path/query via `$request_uri`). ✅
- `phoenix.sankofa.nexus` → Routes to `http://192.168.11.50:4000` (Phoenix API/VMID 7800) ✅
- `www.phoenix.sankofa.nexus` → Same upstream; **301** to **`https://phoenix.sankofa.nexus`**. ✅
- `tsunamiswap.com` → Intended landing page route to `http://192.168.11.91:80` (TsunamiSwap / VMID 5010)
- `app.tsunamiswap.com` → Intended working application route to `http://192.168.11.91:80` (TsunamiSwap / VMID 5010)
- `the-order.sankofa.nexus` / `www.the-order.sankofa.nexus` → OSJ management portal (secure auth). App source: **the_order** at `~/projects/the_order`. NPMplus default upstream: **order-haproxy** `http://192.168.11.39:80` (VMID **10210**), which proxies to Sankofa portal `http://192.168.11.51:3000` (7801). Fallback: set `THE_ORDER_UPSTREAM_IP` / `THE_ORDER_UPSTREAM_PORT` to `.51` / `3000` if HAProxy is offline. **`www.the-order.sankofa.nexus`** → **301** **`https://the-order.sankofa.nexus`** (same as `www.sankofa` / `www.phoenix`).
- `studio.sankofa.nexus` → Routes to `http://192.168.11.72:8000` (Sankofa Studio / VMID 7805)
@@ -314,6 +362,17 @@ The following VMIDs have been permanently removed:
**Note:** 8641 moved from .201 to .215 (2026-02-01) to free CCIP Execute interim range. See [IP_CONFLICTS_CCIP_RANGE_RESOLVED_20260201.md](../../reports/status/IP_CONFLICTS_CCIP_RANGE_RESOLVED_20260201.md).
### Phoenix Core Application Extensions
| VMID | IP Address | Hostname | Status | Endpoints | Purpose |
|------|------------|----------|--------|-----------|---------|
| 8604 | 10.160.0.14 | currencicombo-phoenix-1 | ✅ Running | Web: 3000, API: 8080 | CurrenciCombo webapp + orchestrator |
**Operational note (2026-04-22):**
- Deployed on `r630-01` through `scripts/deployment/deploy-currencicombo-8604.sh`.
- Internal-only at present; no NPMplus / public hostname assigned yet.
- Local PostgreSQL + Redis run inside the same CT for this first Phoenix deployment.
---
### Other Services
@@ -441,8 +500,8 @@ Direct to RPC Nodes:
### NPMplus Routing Issues
1. **`rpc.public-0138.defi-oracle.io`**: Currently routes to wrong VMID
- **Current**: `https://192.168.11.252:443` (VMID 2502 - decommissioned)
- **Should be**: `https://192.168.11.240:443` (VMID 2400)
- **Stale historical target**: `https://192.168.11.252:443` (old VMID 2502 migration row, decommissioned)
- **Current intended target**: `https://192.168.11.240:443` (VMID 2400)
- **Fix**: Update NPMplus proxy host configuration
---

26
docs/04-configuration/DEVIN_GITEA_PROXMOX_CICD.md
View File

@@ -3,6 +3,8 @@
**Status:** Working baseline for this repo
**Last Updated:** 2026-04-20
**Operator handoff:** [PHOENIX_SANKOFA_OPERATOR_HANDOFF.md](PHOENIX_SANKOFA_OPERATOR_HANDOFF.md)
## Goal
Create a repeatable path where:
@@ -17,6 +19,7 @@ Create a repeatable path where:
The path now exists for **`d-bis/proxmox`** on **`main`** and **`master`**:
- Canonical workflow sources: [.gitea/workflow-sources/deploy-to-phoenix.yml](/home/intlc/projects/proxmox/.gitea/workflow-sources/deploy-to-phoenix.yml) and [.gitea/workflow-sources/validate-on-pr.yml](/home/intlc/projects/proxmox/.gitea/workflow-sources/validate-on-pr.yml)
- Workflow: [deploy-to-phoenix.yml](/home/intlc/projects/proxmox/.gitea/workflows/deploy-to-phoenix.yml)
- Manual app workflow: [deploy-portal-live.yml](/home/intlc/projects/proxmox/.gitea/workflows/deploy-portal-live.yml)
- Deploy service: [server.js](/home/intlc/projects/proxmox/phoenix-deploy-api/server.js)
@@ -32,6 +35,29 @@ A second target is now available:
- `portal-live` → runs [sync-sankofa-portal-7801.sh](/home/intlc/projects/proxmox/scripts/deployment/sync-sankofa-portal-7801.sh) and then checks `http://192.168.11.51:3000/`
An additional live app target is now available:
- `explorer-live` for `d-bis/explorer-monorepo` → redeploys the live explorer stack on VMID `5000`
## Workflow lockstep
Because both `main` and `master` can trigger deploys, deploy behavior is now defined from canonical source files and checked for branch parity.
- Edit only the source files under [.gitea/workflow-sources](/home/intlc/projects/proxmox/.gitea/workflow-sources:1)
- Sync the checked-in workflow copies with:
```bash
bash scripts/verify/sync-gitea-workflows.sh
```
- Validate source sync plus `main`/`master` parity with:
```bash
bash scripts/verify/run-all-validation.sh --skip-genesis
```
The deploy and PR workflows both fetch `origin/main` and `origin/master` before validation, so branch drift now fails CI instead of silently changing deploy behavior.
## Flow
```text

6
docs/04-configuration/DEV_CODESPACES_76_53_10_40.md
View File

@@ -22,7 +22,7 @@ Access flow:
- **HTTPS (hostnames):** User → Cloudflare (DNS CNAME to tunnel) → Tunnel connector → **Fourth NPMplus** (192.168.11.170:443) → NPMplus proxy hosts → Dev VM (Gitea, etc.) or Proxmox (8006).
- **Direct via 76.53.10.40:** UDM Pro port forward 76.53.10.40:80/81/443 → 192.168.11.170; optional 76.53.10.40:22 → 192.168.11.59 (SSH to dev VM).
- **SSH (Cursor):** Either `ssh dev1@76.53.10.40` (if port 22 forwarded to dev VM) or via Zero Trust TCP route, or LAN-only `ssh dev1@192.168.11.59`.
- **SSH (Cursor / remote operators):** `ssh dev1@76.53.10.40` (if UDM port 22 is forwarded; see [§5](#5-udm-pro-port-forward-76531040)), **or** SSH via **Cloudflare Access + `cloudflared` tunnel** ([DEV_VM_SSH_REMOTE_ACCESS.md](DEV_VM_SSH_REMOTE_ACCESS.md)), or LAN `ssh dev1@192.168.11.59` / `ssh root@192.168.11.59` for service work.
---
@@ -89,9 +89,9 @@ Add in **UniFi Network** → **Settings** → **Firewall & Security** (Port Forw
| NPMplus Fourth HTTP | 76.53.10.40 | 80 | 192.168.11.170 | 80 | TCP |
| NPMplus Fourth HTTPS | 76.53.10.40 | 443 | 192.168.11.170 | 443 | TCP |
| NPMplus Fourth Admin | 76.53.10.40 | 81 | 192.168.11.170 | 81 | TCP |
| Dev VM SSH (optional) | 76.53.10.40 | 22 | 192.168.11.60 | 22 | TCP |
| Dev VM SSH (optional) | 76.53.10.40 | 22 | 192.168.11.59 | 22 | TCP |
**Note:** 76.53.10.40 must be assigned/available on the UDM Pro (or the interface that receives this traffic). Restrict admin port 81 to VPN or IP allowlist.
**Note:** 76.53.10.40 must be assigned/available on the UDM Pro (or the interface that receives this traffic). Restrict admin port 81 to VPN or IP allowlist. **Forward target must be VMID 5700 (dev VM) at `192.168.11.59`** — an older draft listed `.60`; that was incorrect. See [DEV_VM_SSH_REMOTE_ACCESS.md](DEV_VM_SSH_REMOTE_ACCESS.md) for tunnel-based SSH (no public `:22` required).
See also: [UDM_PRO_DEV_CODESPACES_PORT_FORWARD.md](UDM_PRO_DEV_CODESPACES_PORT_FORWARD.md).

18
docs/04-configuration/DEV_CODESPACES_NEXT_STEPS_CHECKLIST.md
View File

@@ -22,7 +22,7 @@
---
## Phase 2 — Dev VM (192.168.11.60, VMID 5700)
## Phase 2 — Dev VM (192.168.11.59, VMID 5700)
- [ ] **2.1** From repo root, create the dev VM LXC:
@@ -50,7 +50,7 @@
pct exec 5700 -- chown dev1:dev1 /home/dev1/.ssh/authorized_keys
```
- [ ] **2.4** Open Gitea first-run in browser: **http://192.168.11.60:3000** — complete installer, create admin user, then create repositories as needed (or do this after tunnel is up at https://gitea.d-bis.org).
- [ ] **2.4** Open Gitea first-run in browser: **http://192.168.11.59:3000** — complete installer, create admin user, then create repositories as needed (or do this after tunnel is up at https://gitea.d-bis.org).
---
@@ -63,7 +63,7 @@
| NPMplus Fourth HTTP | 76.53.10.40 | 80 | 192.168.11.170 | 80 | TCP |
| NPMplus Fourth HTTPS | 76.53.10.40 | 443 | 192.168.11.170 | 443 | TCP |
| NPMplus Fourth Admin | 76.53.10.40 | 81 | 192.168.11.170 | 81 | TCP |
| Dev VM SSH (optional) | 76.53.10.40 | 22 | 192.168.11.60 | 22 | TCP |
| Dev VM SSH (optional) | 76.53.10.40 | 22 | 192.168.11.59 | 22 | TCP |
- [ ] **3.2** Ensure **76.53.10.40** is assigned/available on the UDM Pro (or the interface that receives this traffic). Restrict port 81 (admin) to VPN or IP allowlist if possible.
@@ -105,7 +105,7 @@
bash scripts/nginx-proxy-manager/update-npmplus-fourth-proxy-hosts.sh
```
This adds: dev.d-bis.org, gitea.d-bis.org, codespaces.d-bis.org → 192.168.11.60:3000; pve.ml110.d-bis.org → 192.168.11.10:8006; pve.r630-01.d-bis.org → 192.168.11.11:8006; pve.r630-02.d-bis.org → 192.168.11.12:8006.
This adds: dev.d-bis.org, gitea.d-bis.org, codespaces.d-bis.org → 192.168.11.59:3000; pve.ml110.d-bis.org → 192.168.11.10:8006; pve.r630-01.d-bis.org → 192.168.11.11:8006; pve.r630-02.d-bis.org → 192.168.11.12:8006.
- [ ] **5.2** In NPMplus admin UI (https://192.168.11.170:81 or https://76.53.10.40:81): for each proxy host, request **Lets Encrypt** certificate for:
- dev.d-bis.org
@@ -125,7 +125,7 @@
```bash
rsync -avz --exclude='.git' --exclude='node_modules' \
/home/intlc/projects/ dev1@192.168.11.60:/srv/projects/
/home/intlc/projects/ dev1@192.168.11.59:/srv/projects/
```
(If using 76.53.10.40 with port 22 forwarded: `dev1@76.53.10.40`.)
@@ -168,9 +168,9 @@
- https://76.53.10.40:81 — NPMplus admin (restrict access).
- [ ] **7.3** **SSH (Cursor):**
- From LAN: `ssh dev1@192.168.11.60` (with your key).
- From LAN: `ssh dev1@192.168.11.59` (with your key).
- If port 22 is forwarded: `ssh dev1@76.53.10.40`.
In Cursor: **Remote-SSH** → connect to `dev1@192.168.11.60` (or 76.53.10.40); open folder `/srv/projects/proxmox` (or any project).
In Cursor: **Remote-SSH** → connect to `dev1@192.168.11.59` (or 76.53.10.40); open folder `/srv/projects/proxmox` (or any project).
- [ ] **7.4** **Proxmox admin:** Confirm you can open each hosts UI and that the noVNC/console (websocket) works:
- https://pve.ml110.d-bis.org
@@ -184,8 +184,8 @@
| Phase | What |
|-------|------|
| 1 | Fourth NPMplus LXC at 192.168.11.170 (VMID 10236), install NPMplus + cloudflared |
| 2 | Dev VM 5700 at 192.168.11.60, users + Gitea, SSH keys |
| 3 | UDM Pro: 76.53.10.40 → 192.168.11.170 (80/81/443), optional 22 → 192.168.11.60 |
| 2 | Dev VM 5700 at 192.168.11.59, users + Gitea, SSH keys |
| 3 | UDM Pro: 76.53.10.40 → 192.168.11.170 (80/81/443), optional 22 → 192.168.11.59 |
| 4 | Cloudflare tunnel (dev-codespaces), connector on fourth NPMplus, tunnel ID in .env, run configure-dev-codespaces-tunnel-and-dns.sh |
| 5 | NPMplus fourth: add proxy hosts (script), request Lets Encrypt for all six hostnames |
| 6 | Rsync projects to dev VM, dotenv files in place, Gitea repos created/pushed |

133
docs/04-configuration/DEV_VM_SSH_REMOTE_ACCESS.md Normal file
View File

@@ -0,0 +1,133 @@
# Dev VM (5700) — remote SSH (operators / automation)
**Purpose:** Let remote operators (e.g. Gitea/CI, automation hosts) open **SSH to CT `5700` (`192.168.11.59`)** without relying on a shared LAN. **Canonical for service work:** `root@192.168.11.59` (or `dev1``dev4` for interactive dev accounts). This doc is the infrastructure checklist; application runbooks (Phase 1 CTs, etc.) live in other repos.
**Last updated:** 2026-04-24
---
## 1) Preconditions on the dev VM (5700)
- `sshd` listening on `22` inside the guest.
- The remote principals public key in `~/.ssh/authorized_keys` for the user you use (`root` and/or `dev1``dev4`).
- From a **Proxmox host** on the same LAN, verify: `nc -zw2 192.168.11.59 22` and `ssh -o BatchMode=yes root@192.168.11.59 true`.
### 1.1 Append a remote operator pubkey on `root` (one-time, ~10s) — *cannot* be done via Cloudflare API
**Cloudflare Access** only secures the tunnel; **`sshd` still needs a line in** `/root/.ssh/authorized_keys` (unless you have configured **SSH with Access CA** / `TrustedUserCAKeys` on the guest — a larger change).
**Approved public key (Devin remote operator — 2026-04-24):** idempotent if you re-run; checks for the key comment to avoid dupes.
```text
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMX/Etk+KC6cgID1Sd7E/YTaSsxvPygQnBmKFG3Wz6TD devin-pve-20260424
```
**A — From a workstation that can already `ssh root@192.168.11.59` (LAN or VPN):**
```bash
ssh root@192.168.11.59 "grep -qF 'devin-pve-20260424' /root/.ssh/authorized_keys 2>/dev/null || { umask 077; mkdir -p /root/.ssh; chmod 700 /root/.ssh; echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMX/Etk+KC6cgID1Sd7E/YTaSsxvPygQnBmKFG3Wz6TD devin-pve-20260424' >> /root/.ssh/authorized_keys; chmod 600 /root/.ssh/authorized_keys; }"
```
**B — No `ssh` to the guest yet** (first-time key install): on the **Proxmox node that runs 5700** (cluster truth: [scripts/lib/load-project-env.sh](../../scripts/lib/load-project-env.sh) maps `5700`**`r630-04` / `192.168.11.14`**, not r630-01/02; always confirm with `ssh root@<PVE> 'pct list | grep 5700'` if nodes move). Use an interactive or `pct` shell:
```bash
ssh root@<PVE_HOST> # node where 5700 is defined
pct exec 5700 -- bash
```
Then inside 5700:
```bash
umask 077; mkdir -p /root/.ssh; chmod 700 /root/.ssh; touch /root/.ssh/authorized_keys; chmod 600 /root/.ssh/authorized_keys
grep -qF 'devin-pve-20260424' /root/.ssh/authorized_keys || \
echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMX/Etk+KC6cgID1Sd7E/YTaSsxvPygQnBmKFG3Wz6TD devin-pve-20260424' >> /root/.ssh/authorized_keys
```
Re-test: `ssh -o BatchMode=yes -o ConnectTimeout=5 root@192.168.11.59 true` (or `cloudflared access ssh` to `ssh.dev.d-bis.org` when CF is live).
---
## 2) Option A — Cloudflare Tunnel + Zero Trust (recommended for “no WAN :22”)
**Connector** must be able to reach `192.168.11.59:22` (run `cloudflared` on a host that can route to that IP).
### 2.1 `config.yaml` ingress (example)
Add a hostname in the **same tunnel** you use for other d-bis / Proxmox surfaces (or a dedicated tunnel):
```yaml
ingress:
- hostname: ssh.dev.d-bis.org
service: ssh://192.168.11.59:22
# ... existing hostnames ...
- service: http_status:404
```
Reload/restart the tunnel service after changing config.
### 2.2 DNS
From a host with `cloudflared` logged in to the right account:
```bash
cloudflared tunnel route dns <tunnel-name> ssh.dev.d-bis.org
```
(or create a **CNAME** in Cloudflare to `<tunnel-uuid>.cfargotunnel.com` for that hostname)
Confirm public resolution: `dig +short ssh.dev.d-bis.org` (should be Cloudflare / tunnel targets, not empty once published).
### 2.3 Cloudflare Access (application)
**Zero Trust → Access → Applications → Add application**
| Field | Suggestion |
|--------|------------|
| Type | Self-hosted |
| Application domain | `ssh.dev.d-bis.org` |
| Policy | **Include** a **Service token** (and/or your org IdPs) so automation can authenticate without a browser. Match the same client id used in env as `CF_ACCESS_CLIENT_ID` (and secret) when using service auth. |
Without a policy that your client can satisfy, SSH will fail at the Access layer even if DNS and `sshd` are correct.
### 2.4 Client: `cloudflared access ssh`
Set (typical for service tokens / headless clients):
- `TUNNEL_TOKEN` / Access credentials as required by your org, **or**
- `CF_ACCESS_CLIENT_ID` and `CF_ACCESS_CLIENT_SECRET` when using a **service token** allowed by the Access policy.
Example (adjust to your `cloudflared` version; hostname must match the Access app):
```bash
ssh -o ProxyCommand="cloudflared access ssh --hostname %h" \
-o ServerAliveInterval=30 \
root@ssh.dev.d-bis.org
```
**Triage:** (1) DNS returns answers → (2) Access allows the token/identity → (3) connector reaches `192.168.11.59:22` → (4) `sshd` accepts the key. Failures at (3) look like **timeout**; at (2) like **Access / 302**-style issues in logs; at (4) like **Permission denied (publickey)**.
---
## 3) Option B — UDM Pro port forward + optional allowlist
If you expose **`76.53.10.40:22``192.168.11.59:22`**, restrict **WAN** access with a **source IP allowlist** (or Geo/IP group) in UniFi, not the whole internet. This is a **break-glass / session** path; **Option A** is better long term.
**Reference:** [UDM_PRO_DEV_CODESPACES_PORT_FORWARD.md](UDM_PRO_DEV_CODESPACES_PORT_FORWARD.md)
---
## 4) Option C — Cloudflare WARP / private network
WARP (or a site-to-site VPN) to reach **`192.168.11.0/24`**, then plain `ssh root@192.168.11.59` as if on LAN. See [CLOUDFLARE_ZERO_TRUST_GUIDE.md](cloudflare/CLOUDFLARE_ZERO_TRUST_GUIDE.md) and operator VPN docs.
---
## 5) Related in this repo
- Gitea/Phoenix CICD (push → runner on 5700): [DEVIN_GITEA_PROXMOX_CICD.md](DEVIN_GITEA_PROXMOX_CICD.md)
- Operator secrets checklist: [../00-meta/OPERATOR_CREDENTIALS_CHECKLIST.md](../00-meta/OPERATOR_CREDENTIALS_CHECKLIST.md)
- Dev/Codespaces stack: [DEV_CODESPACES_76_53_10_40.md](DEV_CODESPACES_76_53_10_40.md) (note: SSH forward target is **`192.168.11.59`**, not `.60`)
---
**Status (external):** If `dig +short ssh.dev.d-bis.org` is empty, **DNS** is not published. If it resolves but SSH hangs or fails, split-debug **Access policy vs tunnel vs `sshd`** as in §2.4.

4
docs/04-configuration/E2E_ENDPOINTS_LIST.md
View File

@@ -9,7 +9,7 @@
**What each hostname should present (operator narrative):** [FQDN_EXPECTED_CONTENT.md](FQDN_EXPECTED_CONTENT.md).
**Latest verified public pass:** `2026-03-27` via `bash scripts/verify/verify-end-to-end-routing.sh --profile=public` with report at [verification_report.md](verification-evidence/e2e-verification-20260327_134032/verification_report.md). Result: exit `0`, `DNS passed: 38`, `Failed: 0`, `HTTPS passed: 19`, `Skipped / optional: 1` (after `run-all-operator-tasks-from-lan.sh` NPM sync; `rpc.defi-oracle.io` may log HTTP 405 on the verifier probe but stays non-failing for the profile).
**Latest verified public pass:** `2026-04-22` via `bash scripts/verify/verify-end-to-end-routing.sh --profile=public` with report at [verification_report.md](verification-evidence/e2e-verification-20260422_012550/verification_report.md). Result: exit `0`, `DNS passed: 45`, `Failed: 0`, `HTTPS passed: 29`, `Skipped / optional: 0` (includes **mail.d-bis.org**: HTTPS probe uses **GET** in the script—PMG returns **501** to **HEAD** on `/`). `E2E_DIG_RESOLVERS` avoids single-resolver stale NXDOMAIN. Prior: [2026-03-27](verification-evidence/e2e-verification-20260327_134032/verification_report.md) (`Skipped / optional: 1` before mail was on the public list).
**Latest verified private/admin pass:** `2026-03-27` via `bash scripts/verify/verify-end-to-end-routing.sh --profile=private` with report at [verification_report.md](verification-evidence/e2e-verification-20260327_134137/verification_report.md). Result: exit `0`, `DNS passed: 4`, `Failed: 0`.
**Evidence folders:** Each run creates `verification-evidence/e2e-verification-YYYYMMDD_HHMMSS/`. Commit the runs you want on record; older dirs can be removed locally to reduce noise (`scripts/maintenance/prune-e2e-verification-evidence.sh --dry-run` lists candidates). Routing truth is **not** inferred from old reports—use [ALL_VMIDS_ENDPOINTS.md](ALL_VMIDS_ENDPOINTS.md).
@@ -49,6 +49,7 @@
| cacti-hybx.d-bis.org | web | https://cacti-hybx.d-bis.org | Cacti monitoring UI for HYBX. |
| mifos.d-bis.org | web | https://mifos.d-bis.org | Mifos X / Fineract banking and microfinance platform (VMID 5800). |
| dapp.d-bis.org | web | https://dapp.d-bis.org | DApp frontend for Chain 138 bridge (VMID 5801). |
| mail.d-bis.org | web | https://mail.d-bis.org | Proxmox Mail Gateway (PMG) web UI; NPM → PMG (e.g. `IP_PMG:8006`). Create **A** + proxy: `scripts/cloudflare/provision-d-bis-mail-dns-and-npmplus.sh` (needs Cloudflare token with **Zone.DNS:Edit**; default **skips** apex MX/SPF so Zoho or other providers are not overwritten). **E2E** public: `mail` in the main list; DNS uses `E2E_DIG_RESOLVERS`. HTTPS: verifier uses **GET** for this host (PMG often **501** on **HEAD**). **TLS:** `CERT_DOMAINS_FILTER='mail\.d-bis\.org' bash scripts/request-npmplus-certificates.sh` (LE HTTP-01) or Origin CA + upload. |
| gitea.d-bis.org | web | https://gitea.d-bis.org | Gitea git repository and CI (Dev VM 5700). |
| dev.d-bis.org | web | https://dev.d-bis.org | Dev VM web / Codespaces entry. |
| codespaces.d-bis.org | web | https://codespaces.d-bis.org | Codespaces / dev environment entry. |
@@ -102,6 +103,7 @@
| cacti-hybx.d-bis.org | https://cacti-hybx.d-bis.org |
| mifos.d-bis.org | https://mifos.d-bis.org |
| dapp.d-bis.org | https://dapp.d-bis.org |
| mail.d-bis.org | https://mail.d-bis.org |
| gitea.d-bis.org | https://gitea.d-bis.org |
| dev.d-bis.org | https://dev.d-bis.org |
| codespaces.d-bis.org | https://codespaces.d-bis.org |

147
docs/04-configuration/FIREBLOCKS_WEB3_INTEGRATION.md.bak
View File

@@ -1,147 +0,0 @@
# Fireblocks Web3 Integration — Chain 138
**Last Updated:** 2026-02-21
**Status:** Active
**RPC Node:** VMID 2301 (192.168.11.232) — dedicated for Fireblocks
---
## Overview
One RPC node is **dedicated for Fireblocks** Web3 integrations: VMID **2301** (`besu-rpc-private-1`, IP **192.168.11.232**). Use it for Fireblocks Console custom network, API, and SDK so Fireblocks traffic is isolated from public and other tenant RPCs.
**Canonical URLs (source: [RPC_ENDPOINTS_MASTER.md](RPC_ENDPOINTS_MASTER.md)):**
| Use | URL |
|-----|-----|
| **HTTP RPC (public)** | `https://rpc-fireblocks.d-bis.org` |
| **WebSocket RPC (public)** | `wss://ws.rpc-fireblocks.d-bis.org` |
| **HTTP RPC (LAN)** | `http://192.168.11.232:8545` |
| **WebSocket RPC (LAN)** | `ws://192.168.11.232:8546` |
**Env vars** (from `config/ip-addresses.conf`):
- `RPC_URL_138_FIREBLOCKS` = `http://192.168.11.232:8545`
- `WS_URL_138_FIREBLOCKS` = `ws://192.168.11.232:8546`
---
## 1. Fireblocks Console — Add Chain 138 (Custom Network)
1. In **Fireblocks Console** go to **Settings → Network Connections → Web3** (or **API** → custom networks).
2. **Add custom network** (or “Add chain” / “Custom RPC” depending on UI).
3. Use:
- **Network name:** e.g. `Chain 138` or `D-BIS 138`
- **RPC URL:** `https://rpc-fireblocks.d-bis.org`
- **Chain ID:** `138`
- **WebSocket URL (optional):** `wss://ws.rpc-fireblocks.d-bis.org`
4. Save. Fireblocks will use this RPC for Chain 138 for API and (where supported) Web3 provider.
---
## 2. Fireblocks Web3 Provider (SDK) — Custom RPC
Use the dedicated RPC URL when instantiating the Fireblocks Web3 provider so all Chain 138 traffic goes to the Fireblocks-dedicated node.
**Example (Node.js / ethers):**
```js
import { FireblocksWeb3Provider } from "@fireblocks/fireblocks-web3-provider";
const eip1193Provider = new FireblocksWeb3Provider({
privateKey: process.env.FIREBLOCKS_API_PRIVATE_KEY_PATH,
apiKey: process.env.FIREBLOCKS_API_KEY,
vaultAccountIds: process.env.FIREBLOCKS_VAULT_ACCOUNT_IDS,
rpcUrl: "https://rpc-fireblocks.d-bis.org", // Chain 138 dedicated
});
// Chain ID is inferred from RPC (138). Use with ethers.js / web3.js.
```
**Environment variable (recommended):**
```bash
# .env
RPC_URL_138_FIREBLOCKS=https://rpc-fireblocks.d-bis.org
WS_URL_138_FIREBLOCKS=wss://ws.rpc-fireblocks.d-bis.org
```
Then in code:
```js
rpcUrl: process.env.RPC_URL_138_FIREBLOCKS || "https://rpc-fireblocks.d-bis.org"
```
---
## 3. Fireblocks REST API — Custom Chain
For **Create Transaction** and other REST calls that require a chain/network, use Chain ID **138** and ensure the Fireblocks backend is configured to use the custom RPC for 138 (via Console custom network above). No extra code change is needed once the custom network is set in the Console.
---
## 4. Hosting and NPMplus (Operator)
The Fireblocks-dedicated RPC is exposed via NPMplus (VMID 10233) with WebSocket support:
| NPMplus Proxy Host | Forward To | WebSocket |
|--------------------|------------|-----------|
| `rpc-fireblocks.d-bis.org` | `http://192.168.11.232:8545` | Yes |
| `ws.rpc-fireblocks.d-bis.org` | `http://192.168.11.232:8546` | Yes |
**Operator steps:**
1. **NPMplus proxy hosts:** Already added by `scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh` (run via SSH to r630-01). To re-run: `REMOTE_SSH_USER=root bash scripts/run-via-proxmox-ssh.sh npmplus --host 192.168.11.11` (or run the script from a host on LAN with `NPM_PASSWORD` in `.env`).
2. **SSL:** In NPMplus UI (https://192.168.11.167:81), open each proxy host for `rpc-fireblocks.d-bis.org` and `ws.rpc-fireblocks.d-bis.org`, then request **SSL Certificate** (Let's Encrypt) and enable **Force SSL** so HTTPS/WSS work.
3. **DNS:** Add A records (or CNAME if using tunnel) for:
- `rpc-fireblocks.d-bis.org` → your edge IP (e.g. `76.53.10.36`) or tunnel.
- `ws.rpc-fireblocks.d-bis.org` → same.
2. **NPMplus:** Add two Proxy Hosts:
- Domain: `rpc-fireblocks.d-bis.org`, scheme **http**, forward to `192.168.11.232:8545`, enable **WebSocket Support**.
- Domain: `ws.rpc-fireblocks.d-bis.org`, scheme **http**, forward to `192.168.11.232:8546`, enable **WebSocket Support**.
3. **SSL:** Use NPMplus SSL (e.g. Lets Encrypt) for both.
4. **Firewall:** Ensure NPMplus host can reach `192.168.11.232` on 8545 and 8546 (same LAN).
See [RPC_ENDPOINTS_MASTER.md](RPC_ENDPOINTS_MASTER.md) for the full NPMplus list and [05-network/RPC_NODE_TYPES_ARCHITECTURE.md](../05-network/RPC_NODE_TYPES_ARCHITECTURE.md) for RPC node types.
---
## 5. Verify RPC and Chain ID
From LAN or a host that can reach the node:
```bash
# HTTP
curl -s -X POST https://rpc-fireblocks.d-bis.org \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'
# Expected: {"jsonrpc":"2.0","id":1,"result":"0x8a"}
# Block number
curl -s -X POST https://rpc-fireblocks.d-bis.org \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
```
From project root (using config):
```bash
source config/ip-addresses.conf
curl -s -X POST "$RPC_URL_138_FIREBLOCKS" \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'
```
---
## 6. Optional: IP Allowlisting (Fireblocks → Your RPC)
If you use **Fireblocks Network Link / Provider Connectivity** and need to allowlist Fireblocks egress IPs, restrict access to the **Fireblocks-dedicated** node (2301) only, not the public RPC. Fireblocks publishes fixed egress IPs by region; see [Fireblocks Network Link Integration](https://developers.fireblocks.com/docs/network-link-integration-guide-for-provider-connectivity). For standard Web3 Provider + custom RPC, allowlisting is usually not required.
---
## Related Docs
- [RPC_ENDPOINTS_MASTER.md](RPC_ENDPOINTS_MASTER.md) — All RPC URLs and NPMplus
- [RPC_NODE_TYPES_ARCHITECTURE.md](../05-network/RPC_NODE_TYPES_ARCHITECTURE.md) — Type 3 Fireblocks node
- [Fireblocks Web3 Provider](https://www.npmjs.com/package/@fireblocks/fireblocks-web3-provider) — npm
- [Fireblocks Create Web3 Connection](https://developers.fireblocks.com/reference/create) — API

11
docs/04-configuration/FQDN_EXPECTED_CONTENT.md
View File

@@ -108,6 +108,17 @@
---
## tsunamiswap.com
| FQDN | Kind | What should be displayed or returned |
|------|------|--------------------------------------|
| `tsunamiswap.com` | Web | **TsunamiSwap** public landing page / marketing surface. |
| `app.tsunamiswap.com` | Web | **TsunamiSwap DEX** working application / SPA for the Chain 138-related deployment. |
**Typical upstream:** VMID **5010**`http://192.168.11.91:80` via NPMplus / Cloudflare DNS for both hostnames until or unless the landing page and app are split onto different upstreams.
---
## xom-dev.phoenix.sankofa.nexus (gov portals dev)
| FQDN | Kind | What should be displayed or returned |

20
docs/04-configuration/NPMPLUS_BACKUP_RESTORE.md
View File

@@ -32,8 +32,8 @@ This guide provides backup and restore procedures for NPMplus (VMID 10233) confi
| **Internal IP (eth0)** | 192.168.11.166 |
| **Internal IP (eth1)** | 192.168.11.167 |
| **Management UI** | `https://192.168.11.166:81` |
| **Database Location** | `/data/database.sqlite` (inside container) |
| **Certificate Location** | `/data/tls/certbot/live/` (inside container) |
| **Database Location** | On LXC: `/opt/npmplus/npmplus/database.sqlite` (host mount for `npmplus` image; in-Docker: `/data/npmplus/database.sqlite`) — *not* `/data/database.sqlite` (often empty) |
| **Certificate Location (PEMs)** | On LXC: `/opt/npmplus/tls/certbot/live/<id>/` (e.g. `npm-144`). Lets Encrypt may also list `/etc/letsencrypt/live` (e.g. `README` is not a cert; script skips it) |
| **Docker Container** | `npmplus` |
---
@@ -57,22 +57,20 @@ BACKUP_DIR="/tmp/npmplus-backup-$(date +%Y%m%d_%H%M%S)"
mkdir -p "$BACKUP_DIR"
# Export database
ssh root@"$NPMPLUS_HOST" "pct exec $NPMPLUS_VMID -- bash -c '
cd /app
if [ -f /data/database.sqlite ]; then
sqlite3 /data/database.sqlite \".dump\" > /tmp/npm-database.sql 2>/dev/null || echo \"Database export may have issues\"
fi
'"
# Prefer: real DB at /opt/npmplus/npmplus/database.sqlite (zoeyvid NPMplus); on-host sqlite3 is optional, Python3 can .dump
ssh root@"$NPMPLUS_HOST" "pct exec $NPMPLUS_VMID -- python3 -c \"
import sqlite3, sys
[print(x) for x in sqlite3.connect('/opt/npmplus/npmplus/database.sqlite').iterdump()]
\" 2>/dev/null" > "$BACKUP_DIR/database.sql"
# Copy database export
ssh root@"$NPMPLUS_HOST" "pct exec $NPMPLUS_VMID -- cat /tmp/npm-database.sql" > "$BACKUP_DIR/database.sql"
# Or, if sqlite3 is installed in the LXC: sqlite3 /opt/npmplus/npmplus/database.sqlite .dump
```
**Method 2: Copy Database File**:
```bash
# Copy entire database file
ssh root@"$NPMPLUS_HOST" "pct exec $NPMPLUS_VMID -- cat /data/database.sqlite" > "$BACKUP_DIR/database.sqlite"
ssh root@"$NPMPLUS_HOST" "pct exec $NPMPLUS_VMID -- cat /opt/npmplus/npmplus/database.sqlite" > "$BACKUP_DIR/database.sqlite"
```
#### 2. Proxy Host Configuration Export (JSON via API)

37
docs/04-configuration/PHOENIX_DEPLOY_API_GITEA_INTEGRATION.md
View File

@@ -1,10 +1,12 @@
# Phoenix Deploy API — Gitea Integration
**Last Updated:** 2026-04-20
**Last Updated:** 2026-04-22
**Status:** Active Documentation
---
**Operator handoff:** [PHOENIX_SANKOFA_OPERATOR_HANDOFF.md](PHOENIX_SANKOFA_OPERATOR_HANDOFF.md) — live CT locations, secrets split, rotate/reload/verify commands, and current verified scope.
## Overview
The Phoenix Deploy API ([phoenix-deploy-api/](../../phoenix-deploy-api/)) receives Gitea webhooks and provides a deploy endpoint for triggering Phoenix deployments from Gitea Actions or external tools.
@@ -64,6 +66,38 @@ Set `PHOENIX_WEBHOOK_DEPLOY_ENABLED=1` on the deploy service host if you want we
Create a token at https://gitea.d-bis.org/user/settings/applications with scope `repo` (or `repo:status`) for commit status updates.
### 4. Deploy token (`PHOENIX_DEPLOY_TOKEN`)
Repo and CI use **`PHOENIX_DEPLOY_TOKEN`** in `.env` for `Authorization: Bearer` on `POST /api/deploy`. That value must match **`PHOENIX_DEPLOY_SECRET`** in the service env on the Phoenix Deploy API host (e.g. dev VM `192.168.11.59` / VMID `5700`).
On a machine that can **SSH to root** on the API host, read the secret from the same file `phoenix-deploy-api.service` loads (default below):
```bash
ssh root@192.168.11.59 "awk -F= '/^PHOENIX_DEPLOY_SECRET=/{sub(/^[^=]*=/,\"\"); gsub(/^[\"'\'']+|[\"'\'']+$/,\"\"); print; exit}' /opt/phoenix-deploy-api/.env"
```
Confirm the env file path in the unit first (optional):
```bash
ssh root@192.168.11.59 "systemctl cat phoenix-deploy-api | rg EnvironmentFile"
```
If you have **Proxmox root** on the node that runs CT `5700` but **not** the guests root password, use `pct exec` instead of SSH to `.59` — see `scripts/lib/load-project-env.sh` (`get_host_for_vmid``5700``r630-04` by default). Example:
```bash
pct exec 5700 -- sh -c "awk -F= '/^PHOENIX_DEPLOY_SECRET=/{sub(/^[^=]*=/,\"\"); gsub(/^[\"'\'']+|[\"'\'']+$/,\"\"); print; exit}' /opt/phoenix-deploy-api/.env"
```
#### Rotate an empty (or new) `PHOENIX_DEPLOY_SECRET` on the dev VM
If `PHOENIX_DEPLOY_SECRET=` is empty, deploy API auth and webhooks that expect a shared secret will not work. From **Proxmox `r630-04`** (default: `root@192.168.11.14``PROXMOX_HOST_R630_04` in [`config/ip-addresses.conf`](../../config/ip-addresses.conf)), with CT **5700** on this node, run **one line** (backs up `/opt/phoenix-deploy-api/.env` first, prints the new token, restarts the service):
```bash
SECRET=$(openssl rand -hex 32) && echo "PHOENIX_DEPLOY_TOKEN: $SECRET" && pct exec 5700 -- sh -c 'f=/opt/phoenix-deploy-api/.env; test -f "$f" && cp -a "$f" "$f.bak.$(date +%s)"' && pct exec 5700 -- env "SECRET=$SECRET" sh -c 'grep -v ^PHOENIX_DEPLOY_SECRET= /opt/phoenix-deploy-api/.env > /tmp/pde.env && echo PHOENIX_DEPLOY_SECRET=$SECRET >> /tmp/pde.env && mv /tmp/pde.env /opt/phoenix-deploy-api/.env' && pct exec 5700 -- systemctl restart phoenix-deploy-api
```
If you are not on `r630-04` yet: `ssh root@192.168.11.14` (or the host that actually runs 5700), then paste the line above. Copy **`PHOENIX_DEPLOY_TOKEN: …`** into repo/CI `PHOENIX_DEPLOY_TOKEN` and any Gitea webhook or tool that was using the same secret. Optional: `pct exec 5700 -- sh -c 'set -a; . /opt/phoenix-deploy-api/.env; echo "len=${#PHOENIX_DEPLOY_SECRET}"'` (expect `64` for a `openssl rand -hex 32` value).
## Deploy Endpoint
`POST /api/deploy`
@@ -92,6 +126,7 @@ Current repo-shipped targets include:
- `default` for `d-bis/proxmox` → publish `phoenix-deploy-api` to VMID `5700`
- `portal-live` for `d-bis/proxmox` → run `scripts/deployment/sync-sankofa-portal-7801.sh` and verify `http://192.168.11.51:3000/`
- `explorer-live` for `d-bis/explorer-monorepo` → sync staged workspace and redeploy the live explorer stack on VMID `5000`
## Public-sector program manifest (runtime)

272
docs/04-configuration/PHOENIX_SANKOFA_OPERATOR_HANDOFF.md Normal file
View File

@@ -0,0 +1,272 @@
# Phoenix / Sankofa Operator Handoff
**Last Updated:** 2026-04-23
**Status:** Live wiring confirmed for Gitea Actions -> Phoenix Deploy API -> Sankofa server-to-server health/railing path
## Purpose
This is the operator handoff for the live Phoenix deploy path and the Sankofa-side server-to-server integration.
It records:
- where the live services and env files are
- which secret lives on which host
- how to rotate and reload safely
- how to verify the current production path
This document is about the live deploy/control-plane plumbing. It is not a full app-auth runbook for the public `phoenix.sankofa.nexus` user flow.
## Live topology
### CT 5700 — Phoenix Deploy API / Gitea runner host
- **Role:** Phoenix Deploy API, Gitea Actions execution support, deploy target resolver
- **CT / IP:** `5700` / `192.168.11.59`
- **Primary service:** `phoenix-deploy-api`
- **Primary env file:** `/opt/phoenix-deploy-api/.env`
- **Key live vars:**
- `PHOENIX_DEPLOY_SECRET`
- `PHOENIX_PARTNER_KEYS`
- `PHOENIX_REPO_ROOT`
- `GITEA_TOKEN`
### CT 7800 — Sankofa API
- **Role:** Sankofa API server-side caller into Phoenix Deploy API / Phoenix railing
- **CT / node:** `7800` on `r630-01` (`192.168.11.11`)
- **Primary service:** `sankofa-api`
- **Primary env file:** `/opt/sankofa-api/.env`
- **Key live vars:**
- `PHOENIX_RAILING_URL=http://192.168.11.59:4001`
- `PHOENIX_RAILING_API_KEY=<live operator key>`
### Gitea repo secrets
For repos that trigger deploys through Actions, configure:
- `PHOENIX_DEPLOY_URL`
- `PHOENIX_DEPLOY_TOKEN`
Confirmed present in:
- `d-bis/proxmox`
Explorer live redeploy now also expects the same secret pair in the repo that owns the workflow:
- `d-bis/explorer-monorepo`
## Current proven chain
The following live path is confirmed as of **2026-04-23**:
1. Gitea Actions can call Phoenix Deploy API with repo secret pair.
2. Phoenix Deploy API on CT `5700` has:
- `PHOENIX_DEPLOY_SECRET`
- `PHOENIX_PARTNER_KEYS`
- deploy target map including `explorer-live`
3. Sankofa API on CT `7800` has:
- `PHOENIX_RAILING_URL=http://192.168.11.59:4001`
- `PHOENIX_RAILING_API_KEY=<live operator key>`
4. Sankofa API can reach Phoenix Deploy API from inside CT `7800`.
5. Phoenix Deploy API `GET /api/v1/health/summary` returns healthy JSON when called with the Sankofa-side API key.
## Not yet proven
The following is **not** covered by the server-to-server verification above:
- authenticated end-user Phoenix app flow through `https://phoenix.sankofa.nexus`
- browser/session/auth behavior above the raw API-key integration
Treat that as a separate application/auth verification task.
## Explorer live redeploy target
Phoenix Deploy API now includes:
- repo: `d-bis/explorer-monorepo`
- target: `explorer-live`
The target runs the wrapper:
- [scripts/deployment/phoenix-deploy-explorer-live-from-workspace.sh](/home/intlc/projects/proxmox/scripts/deployment/phoenix-deploy-explorer-live-from-workspace.sh:1)
That wrapper syncs the staged Gitea checkout into:
- `${PHOENIX_REPO_ROOT}/explorer-monorepo`
Then runs the canonical deploy order:
1. `bash scripts/deploy-explorer-config-to-vmid5000.sh`
2. `bash scripts/deploy-explorer-ai-to-vmid5000.sh`
3. `bash scripts/deploy-next-frontend-to-vmid5000.sh`
The Gitea workflow in the explorer repo is:
- [deploy-live.yml](/home/intlc/projects/proxmox/explorer-monorepo/.gitea/workflows/deploy-live.yml:1)
## Rotate / reload / verify
### A. Rotate `PHOENIX_DEPLOY_SECRET` on CT 5700
Run from a host with guest or `pct exec` access:
```bash
pct exec 5700 -- sh -c 'cp -a /opt/phoenix-deploy-api/.env /opt/phoenix-deploy-api/.env.bak.$(date +%Y%m%d_%H%M%S)'
NEW_SECRET="$(openssl rand -hex 32)"
echo "NEW PHOENIX_DEPLOY_TOKEN=$NEW_SECRET"
pct exec 5700 -- env NEW_SECRET="$NEW_SECRET" sh -c '
awk '"'"'!/^PHOENIX_DEPLOY_SECRET=/'"'"' /opt/phoenix-deploy-api/.env > /tmp/phoenix-deploy-api.env &&
printf "PHOENIX_DEPLOY_SECRET=%s\n" "$NEW_SECRET" >> /tmp/phoenix-deploy-api.env &&
mv /tmp/phoenix-deploy-api.env /opt/phoenix-deploy-api/.env
'
pct exec 5700 -- systemctl restart phoenix-deploy-api
pct exec 5700 -- systemctl is-active phoenix-deploy-api
```
Then update every caller that uses the bearer deploy token:
- Gitea repo secret `PHOENIX_DEPLOY_TOKEN`
- any local operator `.env`
- any direct deploy trigger scripts or webhooks still using the old value
### B. Rotate Sankofa -> Phoenix server key on CT 7800
This is the key stored as:
- `PHOENIX_RAILING_API_KEY` in `/opt/sankofa-api/.env`
It must also remain present in Phoenix Deploy API partner-key configuration:
- `PHOENIX_PARTNER_KEYS` in `/opt/phoenix-deploy-api/.env`
Safe sequence:
1. Add the new key to `PHOENIX_PARTNER_KEYS` on CT `5700` without removing the old one yet.
2. Restart `phoenix-deploy-api`.
3. Update `PHOENIX_RAILING_API_KEY` on CT `7800`.
4. Restart `sankofa-api`.
5. Verify from CT `7800`.
6. Remove the old key from `PHOENIX_PARTNER_KEYS` only after success.
Example:
```bash
NEW_KEY="$(openssl rand -hex 32)"
echo "NEW PHOENIX_RAILING_API_KEY=$NEW_KEY"
```
Update CT `5700`:
```bash
pct exec 5700 -- sh -c 'cp -a /opt/phoenix-deploy-api/.env /opt/phoenix-deploy-api/.env.bak.$(date +%Y%m%d_%H%M%S)'
# edit PHOENIX_PARTNER_KEYS to include the new key, then:
pct exec 5700 -- systemctl restart phoenix-deploy-api
pct exec 5700 -- systemctl is-active phoenix-deploy-api
```
Update CT `7800`:
```bash
pct exec 7800 -- sh -c 'cp -a /opt/sankofa-api/.env /opt/sankofa-api/.env.bak.$(date +%Y%m%d_%H%M%S)'
# edit /opt/sankofa-api/.env and set PHOENIX_RAILING_API_KEY=<new key>, then:
pct exec 7800 -- systemctl restart sankofa-api
pct exec 7800 -- systemctl is-active sankofa-api
```
### C. Reload after deploy-target changes on CT 5700
When `phoenix-deploy-api/deploy-targets.json` changes in the repo, redeploy or reinstall the Phoenix Deploy API bundle to CT `5700` so the live service gets the updated file.
Quick path from the proxmox repo root:
```bash
bash phoenix-deploy-api/scripts/install-systemd.sh
systemctl restart phoenix-deploy-api
systemctl is-active phoenix-deploy-api
```
If running from the Proxmox host into CT `5700`, use the local service path installed there instead of assuming the repo checkout is on the guest.
## Verification commands
### 1. Phoenix Deploy API health on CT 5700
```bash
curl -fsS http://192.168.11.59:4001/health
```
### 2. Phoenix partner-key health summary from CT 7800
```bash
RAIL_KEY="$(pct exec 7800 -- sh -lc "awk -F= '/^PHOENIX_RAILING_API_KEY=/{print \$2; exit}' /opt/sankofa-api/.env")"
curl -fsS http://192.168.11.59:4001/api/v1/health/summary \
-H "X-API-Key: ${RAIL_KEY}"
```
### 3. Sankofa API local health on CT 7800
```bash
pct exec 7800 -- curl -fsS http://127.0.0.1:4000/health
```
### 4. Inspect deploy targets on CT 5700
```bash
curl -fsS http://192.168.11.59:4001/api/deploy-targets | jq .
```
To confirm `explorer-live` specifically:
```bash
curl -fsS http://192.168.11.59:4001/api/deploy-targets | jq '.targets[] | select(.repo=="d-bis/explorer-monorepo")'
```
### 5. Trigger explorer live deploy manually
Using the shared deploy token:
```bash
curl -sSf -X POST http://192.168.11.59:4001/api/deploy \
-H "Authorization: Bearer ${PHOENIX_DEPLOY_TOKEN}" \
-H "Content-Type: application/json" \
-d '{"repo":"d-bis/explorer-monorepo","branch":"master","target":"explorer-live"}'
```
### 6. Post-deploy explorer health
```bash
curl -fsS https://blockscout.defi-oracle.io/api/config/capabilities
```
Optional public smoke:
```bash
bash scripts/verify/check-explorer-e2e.sh https://blockscout.defi-oracle.io
```
## Files and commands to remember
### Live files
- CT `5700`: `/opt/phoenix-deploy-api/.env`
- CT `7800`: `/opt/sankofa-api/.env`
- Repo target map: [phoenix-deploy-api/deploy-targets.json](/home/intlc/projects/proxmox/phoenix-deploy-api/deploy-targets.json:127)
- Explorer workflow: [explorer-monorepo/.gitea/workflows/deploy-live.yml](/home/intlc/projects/proxmox/explorer-monorepo/.gitea/workflows/deploy-live.yml:1)
### Core systemd services
- CT `5700`: `phoenix-deploy-api`
- CT `7800`: `sankofa-api`
### Useful status commands
```bash
pct exec 5700 -- systemctl status phoenix-deploy-api --no-pager
pct exec 7800 -- systemctl status sankofa-api --no-pager
pct exec 5700 -- journalctl -u phoenix-deploy-api -n 100 --no-pager
pct exec 7800 -- journalctl -u sankofa-api -n 100 --no-pager
```
## Operator note
The live deploy/control plane is now wired end to end. The remaining open validation item is the authenticated app-facing Phoenix flow through `phoenix.sankofa.nexus`, which should be tested separately as an application/auth scenario rather than a secret-wiring scenario.

14
docs/04-configuration/README.md
View File

@@ -26,6 +26,8 @@ This directory contains setup and configuration guides.
- **[NPMPLUS_UI_APIERROR_400_RUNBOOK.md](NPMPLUS_UI_APIERROR_400_RUNBOOK.md)** - NPMplus UI ApiError 400 on dashboard load: find failing request, test API with curl, logs, fixes
- **[E2E_DNS_FROM_LAN_RUNBOOK.md](E2E_DNS_FROM_LAN_RUNBOOK.md)** - Run E2E domain sweep from LAN when public DNS is unavailable: /etc/hosts option, DNS path, or bastion
- **[E2E_ENDPOINTS_LIST.md](E2E_ENDPOINTS_LIST.md)** - All E2E verification endpoints (domain, type, URL); list from CLI: `./scripts/verify/verify-end-to-end-routing.sh --list-endpoints --profile=public`
- **[DEV_VM_SSH_REMOTE_ACCESS.md](DEV_VM_SSH_REMOTE_ACCESS.md)** ⭐ - Dev VM (5700) remote SSH: Cloudflare Tunnel + Access (`ssh.dev.d-bis.org`), UDM allowlist, WARP; triage when DNS/Access/sshd fail
- **[PHOENIX_SANKOFA_OPERATOR_HANDOFF.md](PHOENIX_SANKOFA_OPERATOR_HANDOFF.md)** ⭐⭐⭐ - Live Phoenix Deploy API / Sankofa operator handoff: CT `5700`, CT `7800`, Gitea secret pair, `explorer-live`, and rotate/reload/verify commands
- **[PROXMOX_LOAD_BALANCING_RUNBOOK.md](PROXMOX_LOAD_BALANCING_RUNBOOK.md)** - Balance Proxmox load: migrate containers from r630-01 to r630-02/ml110; candidates, script, cluster vs backup/restore
- **[PROXMOX_ADD_THIRD_FOURTH_R630_DECISION.md](PROXMOX_ADD_THIRD_FOURTH_R630_DECISION.md)** - Add 3rd/4th R630 before migration? r630-03/04 status, HA/Ceph (34 nodes), order of operations
- **[ER605_ROUTER_CONFIGURATION.md](ER605_ROUTER_CONFIGURATION.md)** ⭐⭐ - ER605 router configuration
@@ -90,6 +92,18 @@ This directory contains setup and configuration guides.
- **[DBIS Rail Audit Readiness Results v1](../dbis-rail/DBIS_RAIL_AUDIT_READINESS_RESULTS_V1.md)** ⭐⭐ - Baseline checklist run: status per section, gaps, and prioritized remediation (rail contracts, mint path lock, tests, ops).
- **[DBIS Rail Control Mapping v1](../dbis-rail/DBIS_RAIL_CONTROL_MAPPING_V1.md)** ⭐⭐ - Control IDs mapped to checklist, Spec, Rulebook, and Threat Model for audit and SOC 2 / ISO 27001 alignment.
- **[DBIS Rail and Project Completion Master v1](../dbis-rail/DBIS_RAIL_AND_PROJECT_COMPLETION_MASTER_V1.md)** ⭐⭐ - Project and deployment status; full task list (required and optional) for DBIS Rail and project completion.
**Multi-jurisdiction institutional onboarding (master plan artifacts):**
- **[compliance-matrices/README.md](compliance-matrices/README.md)** — Per-jurisdiction matrices, template, Indonesia + generic stub.
- **[compliance-matrices/INSTITUTION_ONBOARDING_CHARTER.md](compliance-matrices/INSTITUTION_ONBOARDING_CHARTER.md)** — RACI and definition of Complete.
- **[compliance-matrices/INSTITUTION_ONBOARDING_PLAYBOOK.md](compliance-matrices/INSTITUTION_ONBOARDING_PLAYBOOK.md)** — Repeatable onboarding steps.
- **[jurisdictions/JURISDICTION_CATALOG.md](jurisdictions/JURISDICTION_CATALOG.md)**, **[jurisdictions/SLICE1_SCOPE_FREEZE.md](jurisdictions/SLICE1_SCOPE_FREEZE.md)** — Catalog + slice-1 scope; machine: [`config/jurisdictions/catalog.v1.json`](../../config/jurisdictions/catalog.v1.json).
- **[../dbis-rail/DBIS_RAIL_JURISDICTION_TRACEABILITY.md](../dbis-rail/DBIS_RAIL_JURISDICTION_TRACEABILITY.md)** — Rail controls ↔ jurisdiction matrices ↔ profiles.
**Universal resource activation (SKR, server funds, infra capacity):**
- **[universal-resource-activation/README.md](universal-resource-activation/README.md)** ⭐⭐ — Ontology, policy profiles, lanes, pilots, [`manifest.json`](../../config/universal-resource-activation/manifest.json), [`policy-profiles.json`](../../config/universal-resource-activation/policy-profiles.json); `pnpm ura:validate`, `pnpm ura:validate-profiles`, `pnpm ura:keccak`, `pnpm ura:smoke` (`--http` + `PHOENIX_BASE_URL`). Phoenix: `GET /api/v1/universal-resource-activation/manifest`, `GET /api/v1/universal-resource-activation/server-funds-sidecar-probe`. [MASTER_INDEX.md](../MASTER_INDEX.md) §04-configuration.
- **[universal-resource-activation/UNIVERSAL_RESOURCE_WIRING.md](universal-resource-activation/UNIVERSAL_RESOURCE_WIRING.md)** — Operator wiring: `UNIVERSAL_RESOURCE_MANIFEST_PATH`, `SERVER_FUNDS_SIDECAR_URL`, CI, testing checklist.
- **RTGS execution tracker:** [../03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md](../03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md).
- **[Implementation coordination (transcript 540ae663)](../dbis-rail/IMPLEMENTATION_COORDINATION_WITH_TRANSCRIPT_540AE663.md)** ⭐⭐ - Coordinate implementations with PMM/DEX, tokens, GRU, cW*, deployments; maps Completion Master tasks to done/partial/open.
- **[DBIS Rail Ledger Attestation Add-On v1.5](../dbis-rail/DBIS_RAIL_LEDGER_ATTESTATION_ADDON_V1_5.md)** ⭐⭐ - LPA state machine, reversal matrix, signer effectiveFromBlock/revokedAtBlock mandatory.
- **[DBIS Rail Conversion Router Spec v1.5](../dbis-rail/DBIS_RAIL_CONVERSION_ROUTER_SPEC_V1_5.md)** ⭐⭐ - SwapAuth, best execution/MEV, quote provenance, venue allowlist, sanctions/AML for swaps.

72
docs/04-configuration/RPC_ENDPOINTS_MASTER.md
View File

@@ -1,14 +1,14 @@
# RPC Endpoints Master Reference
**Last Updated:** 2026-02-12
**Document Version:** 1.3
**Status:** Active Documentation
**Last Updated:** 2026-04-25
**Document Version:** 1.4
**Status:** Active Documentation — canonical RPC endpoint inventory for live operators. Pair with [ALL_VMIDS_ENDPOINTS.md](ALL_VMIDS_ENDPOINTS.md) and [../06-besu/BESU_NODE_CONFIGURATION_MAP_20260424.md](../06-besu/BESU_NODE_CONFIGURATION_MAP_20260424.md).
---
**Date**: 2026-01-18
**Date**: 2026-04-25
**Status**: ✅ Active
**Last Updated**: 2026-02-05
**Last Updated**: 2026-04-25
**Changelog:** Proxy hosts (sankofa/phoenix/mim4u/explorer) corrected; RPC 405 fix via update-npmplus-proxy-hosts-api.sh (block_exploits false for RPC). Exchange Registry path; Crypto.com OTC API path.
---
@@ -17,7 +17,12 @@
This is the **authoritative source** for all RPC endpoint configurations. All other documentation and scripts should reference this document. **Master documentation (source of truth):** [MASTER_DOCUMENTATION_INDEX.md](../00-meta/MASTER_DOCUMENTATION_INDEX.md) lists this doc and [ALL_VMIDS_ENDPOINTS.md](ALL_VMIDS_ENDPOINTS.md) as the Bible for domain → VMID:port; only `explorer.d-bis.org` should point to 192.168.11.140.
**Edge & port forwarding:** UDM Pro (76.53.10.34, replaced ER605). Proxmox hosts: 192.168.11.10 (ml110), 192.168.11.11 (r630-01), 192.168.11.12 (r630-02). NPMplus LXC (VMID 10233) has 192.168.11.166 and 192.168.11.167; **only 192.168.11.167** is used in UDM Pro. Port forward: **76.53.10.36:80****192.168.11.167:80**, **76.53.10.36:443****192.168.11.167:443**. See [NETWORK_CONFIGURATION_MASTER.md](../11-references/NETWORK_CONFIGURATION_MASTER.md).
Historical migration tables remain below for audit traceability, but they are explicitly non-canonical. For current runtime truth, prefer:
- [ALL_VMIDS_ENDPOINTS.md](ALL_VMIDS_ENDPOINTS.md)
- [../06-besu/BESU_NODE_CONFIGURATION_MAP_20260424.md](../06-besu/BESU_NODE_CONFIGURATION_MAP_20260424.md)
- `bash scripts/verify/check-cluster-besu-inventory.sh --json`
**Edge & port forwarding:** UDM Pro (76.53.10.34, replaced ER605). Proxmox cluster hosts: 192.168.11.10 (ml110), 192.168.11.11 (r630-01), 192.168.11.12 (r630-02), 192.168.11.13 (r630-03), 192.168.11.14 (r630-04). NPMplus LXC (VMID 10233) has 192.168.11.166 and 192.168.11.167; **only 192.168.11.167** is used in UDM Pro. Port forward: **76.53.10.36:80****192.168.11.167:80**, **76.53.10.36:443****192.168.11.167:443**. See [NETWORK_CONFIGURATION_MASTER.md](../11-references/NETWORK_CONFIGURATION_MASTER.md).
### Canonical RPC URLs (use when setting missing .env / scripts)
@@ -77,26 +82,67 @@ For **Ethereum mainnet and other public chains**, you can use:
---
## Active RPC Nodes (12/13 Running)
## Active RPC Nodes
**Live reconciliation note (2026-04-24):**
- Direct host pass plus cluster-wide reconciliation confirmed:
- `2102`, `2301`, `2304`, `2400`, `2402`, `2403` are on `r630-03` (`192.168.11.13`)
- `1507` is on `r630-03`
- `1508` is on `r630-04` (`192.168.11.14`)
- Confirmed live as Proxmox CTs:
- `2101`, `2102`, `2103`, `2201`, `2301`, `2303`, `2304`, `2305`, `2306`, `2307`, `2308`, `2400`, `2401`, `2402`, `2403`
- `2500-2505` are the canonical ALLTRA/HYBX tier on `r630-01`.
- The legacy duplicate `2420/2430/2440/2460/2470/2480` set was first retired, then destroyed, and is historical only.
| VMID | IP Address | Hostname | HTTP RPC | WebSocket RPC | Status |
|------|------------|----------|----------|---------------|--------|
| 2101 | 192.168.11.211 | besu-rpc-core-1 | `http://192.168.11.211:8545` | `ws://192.168.11.211:8546` | ✅ Running |
| 2103 | 192.168.11.217 | besu-rpc-core-thirdweb | `http://192.168.11.217:8545` | `ws://192.168.11.217:8546` | ✅ Running (Thirdweb admin / NPM `rpc.tw-core.d-bis.org`) |
| **2201** | **192.168.11.221** | besu-rpc-public-1 | `http://192.168.11.221:8545` | `ws://192.168.11.221:8546` | ✅ Running |
| 2301 | 192.168.11.232 | besu-rpc-private-1 | `http://192.168.11.232:8545` | `ws://192.168.11.232:8546` | ✅ Running (Fireblocks) |
| 2301 | 192.168.11.232 | besu-rpc-private-1 | `http://192.168.11.232:8545` | `ws://192.168.11.232:8546` | ✅ Running (`r630-03`) |
| 2303 | 192.168.11.233 | besu-rpc-ali-0x8a | `http://192.168.11.233:8545` | `ws://192.168.11.233:8546` | ✅ Running |
| 2304 | 192.168.11.234 | besu-rpc-ali-0x1 | `http://192.168.11.234:8545` | `ws://192.168.11.234:8546` | ✅ Running |
| 2304 | 192.168.11.234 | besu-rpc-ali-0x1 | `http://192.168.11.234:8545` | `ws://192.168.11.234:8546` | ✅ Running (`r630-03`) |
| 2305 | 192.168.11.235 | besu-rpc-luis-0x8a | `http://192.168.11.235:8545` | `ws://192.168.11.235:8546` | ✅ Running |
| 2306 | 192.168.11.236 | besu-rpc-luis-0x1 | `http://192.168.11.236:8545` | `ws://192.168.11.236:8546` | ✅ Running |
| 2307 | 192.168.11.237 | besu-rpc-putu-0x8a | `http://192.168.11.237:8545` | `ws://192.168.11.237:8546` | ✅ Running |
| 2308 | 192.168.11.238 | besu-rpc-putu-0x1 | `http://192.168.11.238:8545` | `ws://192.168.11.238:8546` | ✅ Running |
| 2400 | 192.168.11.240 | thirdweb-rpc-1 | `http://192.168.11.240:8545` | `ws://192.168.11.240:8546` | ✅ Running |
| 2400 | 192.168.11.240 | thirdweb-rpc-1 | `http://192.168.11.240:8545` | `ws://192.168.11.240:8546` | ✅ Running (`r630-03`) |
| 2401 | 192.168.11.241 | besu-rpc-thirdweb-0x8a-1 | `http://192.168.11.241:8545` | `ws://192.168.11.241:8546` | ✅ Running |
| 2402 | 192.168.11.242 | besu-rpc-thirdweb-0x8a-2 | `http://192.168.11.242:8545` | `ws://192.168.11.242:8546` | ✅ Running |
| 2403 | 192.168.11.243 | besu-rpc-thirdweb-0x8a-3 | `http://192.168.11.243:8545` | `ws://192.168.11.243:8546` | ✅ Running |
| 2402 | 192.168.11.242 | besu-rpc-thirdweb-0x8a-2 | `http://192.168.11.242:8545` | `ws://192.168.11.242:8546` | ✅ Running (`r630-03`) |
| 2403 | 192.168.11.243 | besu-rpc-thirdweb-0x8a-3 | `http://192.168.11.243:8545` | `ws://192.168.11.243:8546` | ✅ Running (`r630-03`) |
### Additional Live Internal RPC Nodes (SSH-verified 2026-04-24)
These are live Besu RPC containers on `r630-01` and should not be confused with the old destroyed `.250-.255/.201-.204` migration rows later in this document.
| VMID | IP Address | Hostname | Status | Notes |
|------|------------|----------|--------|-------|
| 2500 | 192.168.11.172 | besu-rpc-alltra-1 | ✅ Running | Internal ALLTRA RPC |
| 2501 | 192.168.11.173 | besu-rpc-alltra-2 | ✅ Running | Internal ALLTRA RPC |
| 2502 | 192.168.11.174 | besu-rpc-alltra-3 | ✅ Running | Internal ALLTRA RPC |
| 2503 | 192.168.11.246 | besu-rpc-hybx-1 | ✅ Running | Internal HYBX RPC |
| 2504 | 192.168.11.247 | besu-rpc-hybx-2 | ✅ Running | Internal HYBX RPC |
| 2505 | 192.168.11.248 | besu-rpc-hybx-3 | ✅ Running | Internal HYBX RPC |
### Destroyed Legacy Duplicate RPC Containers On `r630-01`
These CTs were found live during the 2026-04-24 SSH reconciliation, but they are not part of the intended fleet in `config/proxmox-operational-template.json`. After the controlled shutdown pass, they were permanently destroyed with `pct destroy --purge 1`.
| VMID | IP Address | Hostname | Final state | Canonical counterpart | Notes |
|------|------------|----------|---------|---------------|-----------------------|-------|
| 2420 | 192.168.11.172 | besu-rpc-alltra-1 | destroyed | 2500 | `2500` fully resynced after duplicate retirement, then the duplicate CT was removed |
| 2430 | 192.168.11.173 | besu-rpc-alltra-2 | destroyed | 2501 | Destroyed cleanly |
| 2440 | 192.168.11.174 | besu-rpc-alltra-3 | destroyed | 2502 | Destroyed cleanly |
| 2460 | 192.168.11.246 | besu-rpc-hybx-1 | destroyed | 2503 | Destroyed cleanly |
| 2470 | 192.168.11.247 | besu-rpc-hybx-2 | destroyed | 2504 | Destroyed cleanly |
| 2480 | 192.168.11.248 | besu-rpc-hybx-3 | destroyed | 2505 | Destroyed cleanly |
These duplicate VMIDs should be treated as historical legacy residue only. They should not be used as the canonical fleet inventory for new automation or runbooks.
**Fixed Permanent:** VMID 2201 = 192.168.11.221 (besu-rpc-public-1). Do not change. Source: `config/ip-addresses.conf`.
**Thirdweb / CREATE2 deployer (operational):** Wallet `0xB2dEA0e264ddfFf91057A3415112e57A1a5Eac14` submits **all** such contract deployments to **VMID 2103** JSON-RPC (`http://192.168.11.217:8545`), not to the public 2201 tier. On-chain, each deploy is **CREATE2** through the **EIP-2470 singleton deployer** at `0x4e59b44847b379578588920ca78fbf26c0b4956c` (transaction `data` is **large**; a truncated log may show a leading `0x00000000`—use the full calldata in Blockscout for the real function input). **Only on 2103**, Besu is tuned with a **low** `tx-pool-max-future-by-sender` (typically `1`, not `0`) so the node does not retain a deep queue of gap nonces; see `config-rpc-thirdweb-admin-core.toml` and `scripts/maintenance/apply-2103-thirdweb-strict-tx-pool.sh`. Wallets must use the nonce from `eth_getTransactionCount` for the deployer; a far-future nonce (e.g. 15) is **rejected** with `NONCE_TOO_FAR_IN_FUTURE_FOR_SENDER` until the chains next executable nonce is used.
---
## Public Domain Mappings (NPMplus)
@@ -220,6 +266,8 @@ www.the-order.sankofa.nexus → the-order.sankofa.nexus
## VMID Migration Reference (2026-01-18)
This section is historical migration context only. It does **not** describe the full live 2026-04-24 fleet, because live SSH shows separate active `2500-2505` ALLTRA/HYBX Besu RPC containers on different IPs.
The following old VMIDs have been **destroyed** and replaced:
| Old VMID | Old IP | New VMID | New IP | Purpose |

450
docs/04-configuration/X402_INFRASTRUCTURE_GAP_ANALYSIS_AND_ROADMAP.md Normal file
View File

@@ -0,0 +1,450 @@
# x402 Infrastructure Gap Analysis and Roadmap
**Purpose:** Convert the current x402 status in this workspace into a concrete implementation roadmap for a production-grade x402 stack across Chain 138 GRU v2 and Alltra 651940.
**Current anchors:**
- Express reference server: [x402-api/src/index.js](../../x402-api/src/index.js)
- Next.js App Router example: [the-order/apps/portal-public/src/app/api/premium-content/route.ts](../../the-order/apps/portal-public/src/app/api/premium-content/route.ts)
- Canonical token metadata: [smom-dbis-138/services/token-aggregation/src/config/canonical-tokens.ts](../../smom-dbis-138/services/token-aggregation/src/config/canonical-tokens.ts)
- Alltra local-settlement spec: [X402_ALLTRA_ENDPOINT_SPEC.md](./X402_ALLTRA_ENDPOINT_SPEC.md)
- Chain 138 token support note: [CHAIN138_X402_TOKEN_SUPPORT.md](./CHAIN138_X402_TOKEN_SUPPORT.md)
---
## 1. Current State Summary
### Implemented
- Minimal x402 facilitator flow exists in `x402-api` using `thirdweb/x402`.
- Minimal paid route exists in `portal-public` for `GET /api/premium-content`.
- Canonical token metadata marks `cUSDC_V2` and `cUSDT_V2` on Chain 138 as `preferredForX402`.
- Alltra 651940 has a documented local-verification pattern with `402` + `PAYMENT-REQUIRED`.
### Not yet production-ready
- No persistent replay store or payment database.
- No strict on-chain decoding and verification for local-settlement payments.
- No reusable middleware/shared package for paid routes across apps.
- No client-side payment flow.
- No x402-specific metrics, alerting, reconciliation, or operator runbooks for Chain 138 GRU v2.
- Documentation is inconsistent between legacy V1 token support notes and GRU v2 canonical metadata.
---
## 2. Highest-Priority Gaps
### P0. Canonical truth mismatch
The repo currently has two different truths:
- `canonical-tokens.ts` says `cUSDC_V2` and `cUSDT_V2` are the preferred x402 surfaces.
- `CHAIN138_X402_TOKEN_SUPPORT.md` still documents only legacy `cUSDC` / `cUSDT` checks.
This must be reconciled before broader rollout.
### P0. Payment persistence
`x402-api` uses an in-memory replay map. That is not safe across restarts, scale-out, or failover.
### P0. Settlement verification depth
The Alltra local-verification path currently checks transaction receipt success only. It does not fully verify:
- token transfer logs
- payer
- recipient
- amount
- signature ownership
- challenge-to-settlement linkage
### P0. Productized route protection
The repo has examples, not a reusable paid-route guard that services can adopt uniformly.
---
## 3. Missing Components by Layer
### A. Token and chain readiness
Missing:
- Re-run and extend token capability verification for `cUSDC_V2` and `cUSDT_V2`.
- Record ERC-2612 and ERC-3009 support in one authoritative document.
- Define the canonical x402 payment token selection policy:
- default token
- fallback token
- price decimals
- chain-by-chain behavior
- Publish the canonical addresses in one x402-specific env/runbook reference.
Suggested repo targets:
- [docs/04-configuration/CHAIN138_X402_TOKEN_SUPPORT.md](./CHAIN138_X402_TOKEN_SUPPORT.md)
- [smom-dbis-138/services/token-aggregation/src/config/canonical-tokens.ts](../../smom-dbis-138/services/token-aggregation/src/config/canonical-tokens.ts)
- `scripts/verify/check-chain138-token-permit-support.sh`
### B. Server-side payment core
Missing:
- Persistent replay protection in Redis or DB.
- Durable payment record storage:
- challenge issued
- payment received
- payment verified
- payment consumed
- resource served
- Shared payment state machine and idempotency keys.
- Shared config for:
- chain
- token
- amount
- route metadata
- settlement mode
Suggested repo targets:
- [x402-api/src/index.js](../../x402-api/src/index.js)
- New shared package, e.g. `the-order/packages/payment-gateway` or a new `packages/x402`
### C. Verification and settlement integrity
Missing:
- Full event-log verification for ERC-20 transfers on local-settlement paths.
- Signature recovery and signer verification for locally verified flows.
- Explicit binding between `resourceId`, `nonce`, `payer`, `amount`, `asset`, `recipient`, and `txHash`.
- Re-org/finality policy:
- minimum confirmations
- timeout handling
- retry policy
- Double-spend and duplicate-consumption protections across replicas.
Suggested repo targets:
- [x402-api/src/index.js](../../x402-api/src/index.js)
- [docs/04-configuration/X402_ALLTRA_ENDPOINT_SPEC.md](./X402_ALLTRA_ENDPOINT_SPEC.md)
### D. Application integration
Missing:
- Reusable Next middleware/helper for x402-protected routes.
- Integration into real product surfaces beyond `/api/premium-content`.
- Entitlement mapping after payment:
- one-shot access
- time-window access
- usage-limited access
- API key unlock
- Multi-resource pricing registry.
Suggested repo targets:
- [the-order/apps/portal-public/src/app/api/premium-content/route.ts](../../the-order/apps/portal-public/src/app/api/premium-content/route.ts)
- `the-order/packages/payment-gateway`
### E. Client integration
Missing:
- Browser/client example that performs x402 payment and retries automatically.
- Docs for clients on header semantics:
- `x-payment`
- `PAYMENT-SIGNATURE`
- `PAYMENT-REQUIRED`
- `PAYMENT-RESPONSE`
- Wallet UX guidance for Chain 138 GRU v2 and Alltra.
Suggested repo targets:
- `the-order/apps/portal-public/src/app/...`
- [the-order/apps/portal-public/README.md](../../the-order/apps/portal-public/README.md)
### F. Operations and treasury
Missing:
- Reconciliation job that compares:
- issued challenges
- verified settlements
- served resources
- treasury receipts
- Admin console or operator CLI for:
- searching payments
- replaying verification
- marking disputes
- approving refunds
- Refund workflow and policy.
- Daily/periodic treasury exports.
Suggested repo targets:
- `scripts/verify/`
- `scripts/monitoring/`
- `the-order/apps/portal-internal`
### G. Observability and security
Missing:
- x402-specific Prometheus counters and logs.
- Alerting for:
- verification failures
- malformed payment headers
- replay attempts
- RPC degradation
- facilitator failures
- Rate limiting for challenge spam and retry abuse.
- Secret-management runbook for `THIRDWEB_SECRET_KEY` and treasury wallet policies.
Suggested repo targets:
- `x402-api`
- `smom-dbis-138/monitoring/`
- `docs/04-configuration/`
### H. Testing and release readiness
Missing:
- Unit tests for header parsing, replay logic, and resource URL construction.
- Integration tests for:
- 402 challenge
- successful payment
- replay rejection
- expired challenge
- wrong recipient/token/amount
- End-to-end tests across:
- Chain 138 GRU v2
- Alltra local settlement
- Deployment and rollback runbooks.
Suggested repo targets:
- `x402-api/test/`
- `the-order/apps/portal-public`
- `docs/03-deployment/`
---
## 4. Recommended Build Order
### Phase 1. Reconcile source of truth
Deliverables:
- Update `CHAIN138_X402_TOKEN_SUPPORT.md` to include GRU v2 verification results.
- Add an explicit x402 token policy note:
- default `cUSDC_V2`
- optional `cUSDT_V2`
- exact addresses
- amount units
- Ensure route examples and docs all point to the same assets.
Success criteria:
- No repo doc claims V1 is the active x402 path when V2 is intended.
### Phase 2. Extract shared x402 core
Deliverables:
- Create shared payment helpers/package for:
- route config
- resource URL building
- payment parsing
- network/token config
- settlement result normalization
- Refactor `x402-api` and `portal-public` to consume the shared core.
Success criteria:
- One implementation path for x402 config and payment parsing.
### Phase 3. Add persistence and idempotency
Deliverables:
- Introduce Redis or DB-backed stores for:
- issued challenges
- consumed nonces
- payment records
- Add restart-safe idempotency semantics.
Success criteria:
- Replay protection survives process restart and scale-out.
### Phase 4. Harden verification
Deliverables:
- Decode and verify ERC-20 transfer logs for local-settlement flows.
- Add finality thresholds and retry rules.
- Add signature verification for locally verified payloads.
Success criteria:
- Payment acceptance depends on verified transfer semantics, not receipt success alone.
### Phase 5. Add client and real-product adoption
Deliverables:
- Add a client example that performs paid fetch automatically.
- Protect one real product endpoint beyond demo content.
- Add entitlement/policy hooks.
Success criteria:
- A real app path depends on x402 and can be exercised end-to-end.
### Phase 6. Add ops, metrics, and runbooks
Deliverables:
- Prometheus counters, structured logs, and alerts.
- Reconciliation script/CLI.
- Operator runbooks for:
- normal operation
- degraded RPC
- stuck payment
- refund/dispute
- secret rotation
Success criteria:
- Operators can monitor and manage x402 without reading source code.
---
## 5. Priority Matrix
### P0. Must do before production
- Reconcile Chain 138 GRU v2 token support docs.
- Add persistent replay/payment storage.
- Add strict local-settlement verification.
- Add integration tests for challenge/settlement/replay.
- Add basic metrics and alerts.
### P1. Should do for launch quality
- Extract shared x402 middleware/core.
- Add client payment example.
- Add treasury reconciliation and operator CLI.
- Add route-level pricing registry.
- Add rate limiting and abuse controls.
### P2. Nice to have after first launch
- Admin dashboard for payment operations.
- Refund workflow automation.
- Multi-tenant resource pricing and entitlement windows.
- Broader app adoption across additional services.
---
## 6. Concrete Next Tasks
### Task 1. Update Chain 138 token support doc
Add:
- `cUSDC_V2`
- `cUSDT_V2`
- exact addresses
- permit / ERC-3009 verification result
- active default token policy
### Task 2. Create shared x402 config module
Move these concerns out of route files:
- chain definition
- token address selection
- amount selection
- resource URL selection
### Task 3. Replace in-memory replay store
Implement:
- Redis-backed nonce store
- payment record schema
- TTL strategy based on challenge expiry
### Task 4. Harden Alltra verification
Implement:
- receipt log decoding
- token transfer matching
- payer/recipient/amount validation
- minimum confirmation policy
### Task 5. Add x402 test suite
Cover:
- unpaid request returns `402`
- valid payment succeeds
- expired nonce fails
- replay fails
- wrong token/recipient/amount fails
### Task 6. Add metrics
Counters:
- `x402_challenges_issued_total`
- `x402_payments_verified_total`
- `x402_payments_rejected_total`
- `x402_replay_rejections_total`
- `x402_rpc_verification_failures_total`
---
## 7. Suggested Ownership Split
### Docs and policy
- `docs/04-configuration/CHAIN138_X402_TOKEN_SUPPORT.md`
- `docs/04-configuration/X402_ALLTRA_ENDPOINT_SPEC.md`
- new operator runbooks
### Shared implementation
- new shared package under `the-order/packages/`
### Express reference server
- `x402-api`
### Product integration
- `the-order/apps/portal-public`
- later `portal-internal` or other product APIs
### Monitoring and reconciliation
- `scripts/verify/`
- `scripts/monitoring/`
- `smom-dbis-138/monitoring/`
---
## 8. Definition of Done
The x402 infrastructure should be considered complete when:
- Chain 138 GRU v2 token support is verified and documented consistently.
- Paid endpoints share one reusable x402 core.
- Replay protection and payment records are durable.
- Local verification paths perform full semantic settlement checks.
- Real client flows can pay and retry automatically.
- Operators have metrics, alerts, reconciliation, and runbooks.
- End-to-end tests pass for both Chain 138 GRU v2 and Alltra 651940.

9
docs/04-configuration/compliance-matrices/GENERIC-COMMON-LAW-STUB/README.md Normal file
View File

@@ -0,0 +1,9 @@
# GENERIC-COMMON-LAW-STUB — template only
**Status:** template_only — **not** for production institutions.
Use this folder to practice matrix structure before copying [_TEMPLATE/COMPLIANCE_MATRIX_TEMPLATE.md](../_TEMPLATE/COMPLIANCE_MATRIX_TEMPLATE.md) to a real jurisdiction code.
| File | Purpose |
|------|---------|
| [banking_v1.md](banking_v1.md) | Illustrative obligation rows |

36
docs/04-configuration/compliance-matrices/GENERIC-COMMON-LAW-STUB/banking_v1.md Normal file
View File

@@ -0,0 +1,36 @@
# Compliance matrix — GENERIC-COMMON-LAW-STUB — banking_v1 (ILLUSTRATIVE ONLY)
**Last updated:** 2026-04-25
**Status:** **template_only** — do **not** use for production institutions. Copy [../_TEMPLATE/COMPLIANCE_MATRIX_TEMPLATE.md](../_TEMPLATE/COMPLIANCE_MATRIX_TEMPLATE.md) and replace with a real jurisdiction.
**Purpose:** Train the onboarding process: obligation rows, control linkage, evidence columns.
---
## 1. Law / regulation inventory (fictional placeholders)
| Ref id | Short title | Scope | Notes |
|--------|-------------|-------|-------|
| STUB-BANK-001 | Illustrative banking supervision act | banking | Fictional — replace with real citations. |
| STUB-AML-001 | Illustrative AML law | AML | Fictional. |
---
## 2. Requirement and control mapping (illustrative rows)
| Matrix row id | Obligation summary | Participant classes | URA family | Enforcement | Control ids | Evidence expectation |
|---------------|-------------------|---------------------|------------|-------------|-------------|----------------------|
| STUB-001 | Illustrative: know your customer for institutional treasury | institutional | `SERVER_FUNDS` | off-chain | C7, STUB-KYB-001 | Onboarding file + audit log reference |
| STUB-002 | Illustrative: sanctions screening before funding draw | institutional | `SERVER_FUNDS` | hybrid | C7, STUB-SAN-001 | Screening vendor ref + timestamp in evidence package |
| STUB-003 | Illustrative: safekeeping evidence for custody record | institutional | `SKR_SAFEKEEPING` | off-chain | C9, STUB-CUST-001 | Custodian statement hash in `custodyOrSourceEvidence` |
---
## 3. Residual risk
All rows are **non-binding** examples. Production matrices require **counsel-approved** law inventory and signed control mapping.
## Related
- [JURISDICTION_CATALOG.md](../../jurisdictions/JURISDICTION_CATALOG.md)
- [ID-INDONESIA/banking_v1.md](../ID-INDONESIA/banking_v1.md) — real pilot jurisdiction example in this repo.

Some files were not shown because too many files have changed in this diff Show More